@eventuras/fides-auth 0.3.0

package/dist/decode_jwt-1J26fl4I.js

@@ -0,0 +1,25 @@
+import { S as e, T as t, l as n, x as r } from "./deflate-koSuX7FB.js";
+//#region ../../node_modules/.pnpm/jose@6.2.2/node_modules/jose/dist/webapi/util/decode_jwt.js
+function i(i) {
+	if (typeof i != "string") throw new r("JWTs must use Compact JWS serialization, JWT must be a string");
+	let { 1: a, length: o } = i.split(".");
+	if (o === 5) throw new r("Only JWTs using Compact JWS serialization can be decoded");
+	if (o !== 3) throw new r("Invalid JWT");
+	if (!a) throw new r("JWTs must contain a payload");
+	let s;
+	try {
+		s = e(a);
+	} catch {
+		throw new r("Failed to base64url decode the payload");
+	}
+	let c;
+	try {
+		c = JSON.parse(t.decode(s));
+	} catch {
+		throw new r("Failed to parse the decoded payload as JSON");
+	}
+	if (!n(c)) throw new r("Invalid JWT Claims Set");
+	return c;
+}
+//#endregion
+export { i as t };

package/dist/decrypt-Cahlu_6Y.js

@@ -0,0 +1,92 @@
+import { E as e, S as t, T as n, _ as r, a as i, c as a, d as o, g as s, h as c, i as l, l as u, n as d, p as f, r as p, s as m, v as h, w as g } from "./deflate-koSuX7FB.js";
+//#region ../../node_modules/.pnpm/jose@6.2.2/node_modules/jose/dist/webapi/lib/validate_algorithms.js
+function _(e, t) {
+	if (t !== void 0 && (!Array.isArray(t) || t.some((e) => typeof e != "string"))) throw TypeError(`"${e}" option must be an array of strings`);
+	if (t) return new Set(t);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.2/node_modules/jose/dist/webapi/jwe/flattened/decrypt.js
+async function v(v, y, b) {
+	if (!u(v)) throw new h("Flattened JWE must be an object");
+	if (v.protected === void 0 && v.header === void 0 && v.unprotected === void 0) throw new h("JOSE Header missing");
+	if (v.iv !== void 0 && typeof v.iv != "string") throw new h("JWE Initialization Vector incorrect type");
+	if (typeof v.ciphertext != "string") throw new h("JWE Ciphertext missing or incorrect type");
+	if (v.tag !== void 0 && typeof v.tag != "string") throw new h("JWE Authentication Tag incorrect type");
+	if (v.protected !== void 0 && typeof v.protected != "string") throw new h("JWE Protected Header incorrect type");
+	if (v.encrypted_key !== void 0 && typeof v.encrypted_key != "string") throw new h("JWE Encrypted Key incorrect type");
+	if (v.aad !== void 0 && typeof v.aad != "string") throw new h("JWE AAD incorrect type");
+	if (v.header !== void 0 && !u(v.header)) throw new h("JWE Shared Unprotected Header incorrect type");
+	if (v.unprotected !== void 0 && !u(v.unprotected)) throw new h("JWE Per-Recipient Unprotected Header incorrect type");
+	let x;
+	if (v.protected) try {
+		let e = t(v.protected);
+		x = JSON.parse(n.decode(e));
+	} catch {
+		throw new h("JWE Protected Header is invalid");
+	}
+	if (!a(x, v.header, v.unprotected)) throw new h("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");
+	let S = {
+		...x,
+		...v.header,
+		...v.unprotected
+	};
+	if (l(h, /* @__PURE__ */ new Map(), b?.crit, x, S), S.zip !== void 0 && S.zip !== "DEF") throw new r("Unsupported JWE \"zip\" (Compression Algorithm) Header Parameter value.");
+	if (S.zip !== void 0 && !x?.zip) throw new h("JWE \"zip\" (Compression Algorithm) Header Parameter MUST be in a protected header.");
+	let { alg: C, enc: w } = S;
+	if (typeof C != "string" || !C) throw new h("missing JWE Algorithm (alg) in JWE Header");
+	if (typeof w != "string" || !w) throw new h("missing JWE Encryption Algorithm (enc) in JWE Header");
+	let T = b && _("keyManagementAlgorithms", b.keyManagementAlgorithms), E = b && _("contentEncryptionAlgorithms", b.contentEncryptionAlgorithms);
+	if (T && !T.has(C) || !T && C.startsWith("PBES2")) throw new s("\"alg\" (Algorithm) Header Parameter value not allowed");
+	if (E && !E.has(w)) throw new s("\"enc\" (Encryption Algorithm) Header Parameter value not allowed");
+	let D;
+	v.encrypted_key !== void 0 && (D = o(v.encrypted_key, "encrypted_key", h));
+	let O = !1;
+	typeof y == "function" && (y = await y(x, v), O = !0), p(C === "dir" ? w : C, y, "decrypt");
+	let k = await m(y, C), A;
+	try {
+		A = await i(C, k, D, S, b);
+	} catch (e) {
+		if (e instanceof TypeError || e instanceof h || e instanceof r) throw e;
+		A = c(w);
+	}
+	let j, M;
+	v.iv !== void 0 && (j = o(v.iv, "iv", h)), v.tag !== void 0 && (M = o(v.tag, "tag", h));
+	let N = v.protected === void 0 ? new Uint8Array() : e(v.protected), P;
+	P = v.aad === void 0 ? N : g(N, e("."), e(v.aad));
+	let F = o(v.ciphertext, "ciphertext", h), I = await f(w, A, F, j, M, P), L = { plaintext: I };
+	if (S.zip === "DEF") {
+		let e = b?.maxDecompressedLength ?? 25e4;
+		if (e === 0) throw new r("JWE \"zip\" (Compression Algorithm) Header Parameter is not supported.");
+		if (e !== Infinity && (!Number.isSafeInteger(e) || e < 1)) throw TypeError("maxDecompressedLength must be 0, a positive safe integer, or Infinity");
+		L.plaintext = await d(I, e).catch((e) => {
+			throw e instanceof h ? e : new h("Failed to decompress plaintext", { cause: e });
+		});
+	}
+	return v.protected !== void 0 && (L.protectedHeader = x), v.aad !== void 0 && (L.additionalAuthenticatedData = o(v.aad, "aad", h)), v.unprotected !== void 0 && (L.sharedUnprotectedHeader = v.unprotected), v.header !== void 0 && (L.unprotectedHeader = v.header), O ? {
+		...L,
+		key: k
+	} : L;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.2.2/node_modules/jose/dist/webapi/jwe/compact/decrypt.js
+async function y(e, t, r) {
+	if (e instanceof Uint8Array && (e = n.decode(e)), typeof e != "string") throw new h("Compact JWE must be a string or Uint8Array");
+	let { 0: i, 1: a, 2: o, 3: s, 4: c, length: l } = e.split(".");
+	if (l !== 5) throw new h("Invalid Compact JWE");
+	let u = await v({
+		ciphertext: s,
+		iv: o || void 0,
+		protected: i,
+		tag: c || void 0,
+		encrypted_key: a || void 0
+	}, t, r), d = {
+		plaintext: u.plaintext,
+		protectedHeader: u.protectedHeader
+	};
+	return typeof t == "function" ? {
+		...d,
+		key: u.key
+	} : d;
+}
+//#endregion
+export { y as t };