@fourt/sdk 1.1.7 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +259 -120
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +81 -40
  4. package/dist/index.d.ts +81 -40
  5. package/dist/index.js +261 -122
  6. package/dist/index.js.map +1 -1
  7. package/package.json +18 -19
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/session/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/errors/SDKError.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/GenericError.ts","../src/errors/UnauthenticatedError.ts","../src/types/Routes.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'iframe' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, iframe, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n iframe,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import { createStore, type StoreApi } from 'zustand'\nimport { createJSONStorage, persist } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\n/**\n * The state of the session.\n */\ntype SessionState = {\n type?: SessionType\n user?: User\n expirationDate?: Date\n bundle?: string\n token?: string\n}\n\n/**\n * A store for the session state.\n */\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n /**\n * Initializes a new instance of the `SessionStore` class by creating a new `zustand`store with the initial state.\n */\n constructor() {\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt.io-signer-session',\n storage: createJSONStorage<SessionState>(() => localStorage),\n }),\n )\n }\n\n /**\n * Gets the type from the session state.\n *\n * @returns {SessionType | undefined} the type.\n */\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n /**\n * Sets the type in the session state.\n *\n * @param {SessionType} type the type to set.\n */\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n /**\n * Gets the token from the session state.\n *\n * @returns {string | undefined} the token.\n */\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n /**\n * Sets the token in the session state.\n *\n * @param {string} token the token to set.\n */\n set token(token: string) {\n this._store.setState({ token })\n }\n\n /**\n * Gets the bundle from the session state.\n *\n * @returns {string | undefined} the bundle.\n */\n get bundle(): string | undefined {\n return this._store.getState().bundle\n }\n\n /**\n * Sets the bundle in the session state.\n *\n * @param {string} bundle the bundle to set.\n */\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n /**\n * Gets the user from the session state.\n *\n * @returns {User | undefined} the user.\n */\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n /**\n * Sets the user in the session state.\n *\n * @param {User} user the user to set.\n */\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n /**\n * Clears the user from the session state.\n */\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n /**\n * Clears the bundle from the session state.\n */\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n /**\n * Clears the type from the session state.\n */\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n /**\n * Clears the token from the session state.\n */\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n /**\n * Clears the token and user from the session state.\n */\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { SessionType } from '../../session/index.js'\nimport type {\n WebSignerClient,\n EmailInitializeAuthParams,\n CompleteAuthWithBundleParams,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {EmailInitializeAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves to the result of the authentication process.\n */\n async initialize(params: EmailInitializeAuthParams): Promise<void> {\n return this._webSignerClient.emailAuth(params)\n }\n\n /**\n * Completes authentication with bundle after user receives the bundle and subOrgId as URL params.\n *\n * @param params {CompleteAuthWithBundleParams} params received as URL params necessary to complete authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(\n params: Pick<CompleteAuthWithBundleParams, 'subOrgId' | 'bundle'>,\n ): Promise<void> {\n return this._webSignerClient.completeAuthWithBundle({\n ...params,\n sessionType: SessionType.Email,\n })\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebauthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebauthnSignInParams} params for the sign-in process.\n * @returns {Promise<void>} promise that resolves to the result of the sign-in process.\n */\n async signIn(params: WebauthnSignInParams) {\n return this._webSignerClient.webauthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport { sha256 } from 'sha.js'\nimport type { WebSignerClient } from '../../../signer/web.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n *\n * @returns\n */\n async init(): Promise<string> {\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getIframePublicKey()\n\n const nonce = new sha256().update(publicKey).digest('hex')\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","type SDKErrorProps = {\n message: string\n}\n\nabstract class SDKError extends Error {\n private readonly _props: SDKErrorProps\n\n constructor(message: string, props: SDKErrorProps) {\n super(message)\n this._props = props\n }\n\n get message() {\n return this._props.message\n }\n}\n\nexport { SDKError }\nexport type { SDKErrorProps }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass BadRequestError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(BadRequestError.name, props)\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n const publicKey = await this._webSignerClient.getIframePublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError({\n message: `Failed to create OAuth state. Error: ${response.statusText}`,\n })\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError({\n message: response.statusText,\n })\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport { sha256 } from 'sha.js'\nimport type { WebSignerClient } from '../../../signer/web.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n *\n * @returns\n */\n async init(): Promise<string> {\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getIframePublicKey()\n\n const nonce = new sha256().update(publicKey).digest('hex')\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ bundle, subOrgId }: CompleteParams) {\n await this._webSignerClient.completeAuthWithBundle({\n bundle,\n subOrgId,\n sessionType: SessionType.OAuth,\n })\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Gets the user information.\n *\n * @returns {User | undefined} user information.\n */\n get info() {\n return this._webSignerClient.user\n }\n\n /** Gets the user token.\n *\n * @returns {string | undefined} user token.\n */\n get token() {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n *\n * @returns {void}\n */\n logout() {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { IframeStamper } from '@turnkey/iframe-stamper'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\n\ntype WebauthnSignInParams = {\n email: string\n}\n\n// * When user starts auth with email - can be either a signup or a signin\ntype EmailInitializeAuthParams = {\n email: string\n redirectUrl: string\n expirationSeconds?: number // Defaults to 15 minutes by Turnkey\n}\n\n// * When user completes auth with bundle\ntype CompleteAuthWithBundleParams = {\n bundle: string\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n iframe?: {\n iframeElementId?: string\n iframeContainerId?: string\n }\n oauth?: OAuthConfiguration\n}>\n\ntype CreateAccountParams =\n | ({\n method: 'webauthn'\n } & WebauthnSignInParams)\n | ({\n method: 'email'\n } & EmailInitializeAuthParams)\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private iframeStamper: IframeStamper\n private webauthnStamper: WebauthnStamper\n iframeConfig: {\n iframeElementId: string\n iframeContainerId: string\n }\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n iframe,\n oauth,\n }: WebSignerClientConstructorParams) {\n const iframeConfig = {\n iframeElementId: iframe?.iframeElementId ?? 'turnkey-iframe',\n iframeContainerId: iframe?.iframeContainerId ?? 'signer-iframe-container',\n }\n\n const iframeContainer = document.createElement('div')\n iframeContainer.id = iframeConfig.iframeContainerId\n iframeContainer.style.display = 'none'\n document.body.appendChild(iframeContainer)\n\n const iframeStamper = new IframeStamper({\n iframeUrl: 'https://auth.turnkey.com',\n iframeElementId: iframeConfig.iframeElementId,\n iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n })\n\n super({\n stamper: iframeStamper, // Initialized to iframeStamper; can be either webauthnStamper or iframeStamper\n configuration: configuration,\n })\n\n this.iframeStamper = iframeStamper\n this.iframeConfig = iframeConfig\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this.updateStamper()\n return super.signRawMessage(msg)\n }\n\n public override async logout() {\n super.logout()\n this.iframeStamper.clear()\n\n // In the latest TK iframe-stamper version, an IframeStamper\n // instance becomes unusable after being cleared, so a new\n // instance must be created.\n const stamper = new IframeStamper({\n iframeUrl: 'https://auth.turnkey.com',\n iframeElementId: this.iframeConfig.iframeElementId,\n iframeContainer: document.getElementById(\n this.iframeConfig.iframeContainerId,\n ),\n })\n this.iframeStamper = stamper\n await this._initIframeStamper()\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n *\n */\n private async updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n (this._sessionStore.bundle === undefined ||\n this._sessionStore.token === undefined)\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.iframeStamper\n // We need to inject to inject the credential bundle\n // Otherwise the user will not be able to sign\n await this.completeAuthWithBundle({\n bundle: this._sessionStore.bundle!,\n subOrgId: this.user?.subOrgId!,\n sessionType: this._sessionStore.type!,\n })\n }\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebauthnSignInParams} params params for the sign in\n */\n async webauthnSignIn({ email }: WebauthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createAccount({ method: 'webauthn', email })\n } else {\n this.stamper = this.webauthnStamper\n await this.whoAmI(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this.user || !this.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handle auth user process with email.\n *\n * @param {EmailInitializeAuthParams} params Params needed for the initialization of the auth process\n */\n async emailAuth(params: EmailInitializeAuthParams) {\n const existingUserSubOrgId = await this.lookUpUser(params.email)\n\n if (!existingUserSubOrgId) {\n await this._createAccount({ method: 'email', ...params })\n } else {\n await this._signInWithEmail(params)\n }\n }\n\n async getIframePublicKey() {\n return await this._initIframeStamper()\n }\n\n /**\n * Signs in a user with email.\n *\n * @param {EmailInitializeAuthParams} params params for the sign in\n */\n private async _signInWithEmail({\n email,\n expirationSeconds,\n redirectUrl,\n }: EmailInitializeAuthParams) {\n return this.request('/v1/email-auth', {\n email,\n targetPublicKey: await this.getIframePublicKey(),\n expirationSeconds,\n redirectUrl: redirectUrl.toString(),\n })\n }\n\n /**\n * Completes the authentication process with a credential bundle.\n *\n * @param {CompleteAuthWithBundleParams} params params for the completion of the auth process\n */\n public async completeAuthWithBundle({\n bundle,\n subOrgId,\n sessionType,\n }: CompleteAuthWithBundleParams): Promise<void> {\n await this._initIframeStamper()\n\n const result = await this.iframeStamper.injectCredentialBundle(bundle)\n\n if (!result) {\n throw new Error('Failed to inject credential bundle')\n }\n\n await this.whoAmI(subOrgId)\n\n this._sessionStore.type = sessionType\n this._sessionStore.bundle = bundle\n }\n\n /**\n * Creates a passkey account using the webauthn stamper.\n *\n * @param {Extract<CreateAccountParams, { method: 'webauthn' }>} params params for the creation of the account\n */\n private async _createWebauthnAccount(\n params: Extract<CreateAccountParams, { method: 'webauthn' }>,\n ) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const {\n token,\n user: { id, email, subOrgId, walletAddress, salt, smartAccountAddress },\n } = await this.request('/v1/signup', {\n passkey: {\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n },\n email: params.email,\n })\n\n this.user = {\n id,\n email,\n subOrgId,\n walletAddress,\n salt,\n smartAccountAddress,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.user = this.user\n this._sessionStore.type = SessionType.Passkeys\n this._sessionStore.token = token\n }\n\n /**\n * Creates an email account using the iframe stamper.\n *\n * @param {Extract<CreateAccountParams, { method: 'email' }>} params params for the creation of the account\n */\n private async _createEmailAccount(\n params: Extract<CreateAccountParams, { method: 'email' }>,\n ) {\n const { email, expirationSeconds, redirectUrl } =\n params as EmailInitializeAuthParams\n\n const response = await this.request('/v1/signup', {\n email,\n iframe: {\n targetPublicKey: await this.getIframePublicKey(),\n expirationSeconds,\n redirectUrl: redirectUrl.toString(),\n },\n })\n\n return response\n }\n\n /**\n * Handle the account creation process.\n *\n * @param {CreateAccountParams} params params to create an account\n */\n private async _createAccount(params: CreateAccountParams) {\n switch (params.method) {\n case 'webauthn': {\n await this._createWebauthnAccount(params)\n break\n }\n case 'email': {\n await this._createEmailAccount(params)\n break\n }\n }\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIframeStamper() {\n if (!this.iframeStamper.publicKey()) {\n await this.iframeStamper.init()\n }\n\n this.stamper = this.iframeStamper\n\n return this.iframeStamper.publicKey()!\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('v1/oauth/init', {\n provider,\n })\n\n return url\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthWithBundleParams,\n CreateAccountParams,\n EmailInitializeAuthParams,\n GoogleOAuthSignInParams,\n WebauthnSignInParams,\n WebSignerClientConstructorParams,\n}\n","import { Buffer } from 'buffer'\n\nclass LibBase64 {\n static fromBuffer(buffer: ArrayBuffer): string {\n return Buffer.from(buffer)\n .toString('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '')\n }\n\n static toBuffer(base64: string): ArrayBuffer {\n return Buffer.from(base64, 'base64').buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n GenericError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SDKError } from '../errors/SDKError.js'\nimport { SessionStore } from '../session/index.js'\nimport { User } from '../types/entities.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n AuthenticationServiceRoutes,\n ROUTE_METHOD_MAP,\n} from '../types/Routes.js'\nimport { jwtDecode, JwtPayload } from 'jwt-decode'\nimport { isPast, secondsToMilliseconds } from 'date-fns'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _user?: User\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n logout() {\n this._user = undefined\n this.sessionStore.clearAll()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n get user(): User | undefined {\n if (this._user) return this._user\n\n // Check if there's a token\n if (!this.sessionStore.token) {\n this.sessionStore.clearAll()\n return undefined\n }\n\n const decodedToken = jwtDecode<JwtPayload>(this.sessionStore.token)\n // Check if the token has expired\n if (\n decodedToken.exp &&\n isPast(new Date(secondsToMilliseconds(decodedToken.exp)))\n ) {\n this.sessionStore.clearAll()\n return undefined\n }\n\n if (this.sessionStore.user) this._user = this.sessionStore.user\n\n return this._user\n }\n\n protected set user(value: User | undefined) {\n this._user = value\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected get sessionStore(): SessionStore {\n return this._sessionStore\n }\n\n async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._user) {\n throw new UnauthorizedError({\n message: 'SignerClient must be authenticated to sign a message',\n })\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n getToken(): string | undefined {\n return this._sessionStore.token\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', { email })\n return subOrgId\n } catch (error) {\n if (!(error instanceof SDKError)) throw error\n\n const sdkError: SDKError = error\n\n switch (sdkError.constructor.name) {\n case NotFoundError.name: {\n return null\n }\n default: {\n throw sdkError\n }\n }\n }\n }\n\n protected async whoAmI(subOrgId?: string) {\n const orgId = subOrgId || this._user?.subOrgId\n\n if (!orgId) throw new BadRequestError({ message: 'No orgId provided' })\n\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n })\n\n const { user, token } = await this.request('/v1/signin', {\n stampedRequest,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._user = {\n ...user,\n credentialId: credentialId,\n }\n\n this.sessionStore.user = this.user!\n this.sessionStore.token = token\n }\n\n protected async request<Route extends AuthenticationServiceRoutes>(\n route: Route,\n body?: AuthenticationServiceBody<Route>,\n ): Promise<AuthenticationServiceResponse<Route>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this.sessionStore.token\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n // Add Authorization header if token exists\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n const response = await fetch(url, {\n method: ROUTE_METHOD_MAP[route],\n body: JSON.stringify(body),\n headers,\n credentials: 'include',\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<Route>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n // TODO: workaround! this need to be cleaned up and moved into the web signer\n this.logout()\n throw new UnauthorizedError({ message: error.message })\n }\n case 'NotFoundError': {\n throw new NotFoundError({ message: error.message })\n }\n case 'BadRequestError': {\n throw new BadRequestError({ message: error.message })\n }\n default: {\n throw new GenericError({ message: error.message })\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<Route>\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass UnauthorizedError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(UnauthorizedError.name, props)\n }\n}\n\nexport { UnauthorizedError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass NotFoundError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(NotFoundError.name, props)\n }\n}\n\nexport { NotFoundError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass GenericError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(GenericError.name, props)\n }\n}\n\nexport { GenericError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass UnauthenticatedError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(UnauthenticatedError.name, props)\n }\n}\n\nexport { UnauthenticatedError }\n","import { getWebAuthnAttestation, TSignedRequest } from '@turnkey/http'\nimport { User } from './entities.js'\nimport { AtLeastOne } from './string.js'\n\ntype AuthenticationServiceRoutes =\n AuthenticationServiceEndpoints[number]['Route']\n\ntype AuthenticationServiceBody<Route extends AuthenticationServiceRoutes> =\n Extract<AuthenticationServiceEndpoints[number], { Route: Route }>['Body']\n\ntype AuthenticationServiceResponse<Route extends AuthenticationServiceRoutes> =\n Extract<AuthenticationServiceEndpoints[number], { Route: Route }>['Response']\n\ntype AuthenticationServiceEndpoints = [\n {\n Route: '/v1/email-auth'\n Body: {\n email: string\n targetPublicKey: string\n redirectUrl: string\n expirationSeconds?: number\n }\n Response: {\n subOrgId: string\n }\n },\n {\n Route: '/v1/signup'\n Body: AtLeastOne<{\n passkey: {\n challenge: string\n attestation: Awaited<ReturnType<typeof getWebAuthnAttestation>>\n }\n iframe: {\n targetPublicKey: string\n redirectUrl: string\n expirationSeconds?: number\n }\n }> & { email: string }\n Response: {\n user: User\n token: string\n }\n },\n {\n Route: '/v1/lookup'\n Body: {\n email: string\n }\n Response: {\n subOrgId: string\n }\n },\n {\n Route: '/v1/signin'\n Body: {\n stampedRequest: TSignedRequest\n }\n Response: {\n user: User\n token: string\n }\n },\n {\n Route: '/v1/sign'\n Body: {\n stampedRequest: TSignedRequest\n }\n Response: {\n signature: string\n }\n },\n {\n Route: 'v1/oauth/init'\n Body: {\n provider: string\n }\n Response: {\n url: string\n }\n },\n]\n\nconst ROUTE_METHOD_MAP = {\n '/v1/signup': 'POST',\n '/v1/email-auth': 'POST',\n '/v1/lookup': 'POST',\n '/v1/signin': 'POST',\n '/v1/sign': 'POST',\n 'v1/oauth/init': 'POST',\n} satisfies Record<AuthenticationServiceRoutes, 'POST' | 'GET'>\n\nexport type {\n AuthenticationServiceEndpoints,\n AuthenticationServiceResponse,\n AuthenticationServiceBody,\n AuthenticationServiceRoutes,\n}\n\nexport { ROUTE_METHOD_MAP }\n","import {\n LocalAccount,\n TypedData,\n TypedDataDefinition,\n SignableMessage,\n Hex,\n hashMessage,\n hashTypedData,\n SerializeTransactionFn,\n TransactionSerializable,\n IsNarrowable,\n TransactionSerialized,\n GetTransactionType,\n serializeTransaction,\n keccak256,\n Client,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype ViemModuleConstructorParams = {\n refs: {\n signerClient: SignerClient\n }\n}\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = this._signerClient.user\n\n if (!user) {\n throw new UnauthenticatedError({ message: 'Signer not authenticated' })\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: (msg) => this.signMessage(msg.message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = this._signerClient.user\n\n if (!user) {\n throw new UnauthenticatedError({ message: 'Signer not authenticated' })\n }\n\n return toLightSmartAccount({\n client: client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,qBAA2C;AAC3C,wBAA2C;AAuB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAKjB,cAAc;AACZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAgC,MAAM,YAAY;AAAA,MAC7D,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClJA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAAkD;AACjE,WAAO,KAAK,iBAAiB,UAAU,MAAM;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SACJ,QACe;AACf,WAAO,KAAK,iBAAiB,uBAAuB;AAAA,MAClD,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AChCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;AClBA,WAAsB;AACtB,iBAAuB;AAGvB,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,OAAwB;AAC5B,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AAEjE,UAAM,QAAQ,IAAI,kBAAO,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AACzD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AClCA,IAAe,WAAf,cAAgC,MAAM;AAAA,EACnB;AAAA,EAEjB,YAAY,SAAiB,OAAsB;AACjD,UAAM,OAAO;AACb,SAAK,SAAS;AAAA,EAChB;AAAA,EAEA,IAAI,UAAU;AACZ,WAAO,KAAK,OAAO;AAAA,EACrB;AACF;;;ACbA,IAAM,kBAAN,MAAM,yBAAwB,SAAS;AAAA,EACrC,YAAY,OAAsB;AAChC,UAAM,iBAAgB,MAAM,KAAK;AAAA,EACnC;AACF;;;ACJA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AACjE,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,gBAAgB;AAAA,QACxB,SAAS,wCAAwC,SAAS,UAAU;AAAA,MACtE,CAAC;AAAA,IACH;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB;AAAA,QACxB,SAAS,SAAS;AAAA,MACpB,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AACF;;;AC7CA,IAAAC,QAAsB;AACtB,IAAAC,cAAuB;AAGvB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,OAAwB;AAC5B,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AAEjE,UAAM,QAAQ,IAAI,mBAAO,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AACzD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AC3BA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,QAAQ,SAAS,GAAmB;AACnD,UAAM,KAAK,iBAAiB,uBAAuB;AAAA,MACjD;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AChCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,IAAI,OAAO;AACT,WAAO,KAAK,iBAAiB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,QAAQ;AACV,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAS;AACP,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;ACxCA,IAAAC,eAAuC;AACvC,4BAA8B;AAC9B,8BAAgC;;;ACFhC,oBAAuB;AAEvB,IAAM,YAAN,MAAgB;AAAA,EACd,OAAO,WAAW,QAA6B;AAC7C,WAAO,qBAAO,KAAK,MAAM,EACtB,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,MAAM,EAAE;AAAA,EACrB;AAAA,EAEA,OAAO,SAAS,QAA6B;AAC3C,WAAO,qBAAO,KAAK,QAAQ,QAAQ,EAAE;AAAA,EACvC;AACF;;;ACPA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,kBAA8B;;;ACE9B,IAAM,oBAAN,MAAM,2BAA0B,SAAS;AAAA,EACvC,YAAY,OAAsB;AAChC,UAAM,mBAAkB,MAAM,KAAK;AAAA,EACrC;AACF;;;ACJA,IAAM,gBAAN,MAAM,uBAAsB,SAAS;AAAA,EACnC,YAAY,OAAsB;AAChC,UAAM,eAAc,MAAM,KAAK;AAAA,EACjC;AACF;;;ACJA,IAAM,eAAN,MAAM,sBAAqB,SAAS;AAAA,EAClC,YAAY,OAAsB;AAChC,UAAM,cAAa,MAAM,KAAK;AAAA,EAChC;AACF;;;ACJA,IAAM,uBAAN,MAAM,8BAA6B,SAAS;AAAA,EAC1C,YAAY,OAAsB;AAChC,UAAM,sBAAqB,MAAM,KAAK;AAAA,EACxC;AACF;;;AC6EA,IAAM,mBAAmB;AAAA,EACvB,cAAc;AAAA,EACd,kBAAkB;AAAA,EAClB,cAAc;AAAA,EACd,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,iBAAiB;AACnB;;;ALzEA,wBAAsC;AACtC,sBAA8C;AAiB9C,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,SAAS;AACP,SAAK,QAAQ;AACb,SAAK,aAAa,SAAS;AAAA,EAC7B;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,OAAyB;AAC3B,QAAI,KAAK,MAAO,QAAO,KAAK;AAG5B,QAAI,CAAC,KAAK,aAAa,OAAO;AAC5B,WAAK,aAAa,SAAS;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,mBAAe,6BAAsB,KAAK,aAAa,KAAK;AAElE,QACE,aAAa,WACb,wBAAO,IAAI,SAAK,uCAAsB,aAAa,GAAG,CAAC,CAAC,GACxD;AACA,WAAK,aAAa,SAAS;AAC3B,aAAO;AAAA,IACT;AAEA,QAAI,KAAK,aAAa,KAAM,MAAK,QAAQ,KAAK,aAAa;AAE3D,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAc,KAAK,OAAyB;AAC1C,SAAK,QAAQ;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,IAAc,eAA6B;AACzC,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,eAAoC,KAA4B;AACpE,QAAI,CAAC,KAAK,OAAO;AACf,YAAM,IAAI,kBAAkB;AAAA,QAC1B,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,MAAM;AAAA,MAC3B,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,MAAM;AAAA,MACvB;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY;AAAA,MACnD;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,WAA+B;AAC7B,WAAO,KAAK,cAAc;AAAA,EAC5B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,EAAE,MAAM,CAAC;AAC/D,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,EAAE,iBAAiB,UAAW,OAAM;AAExC,YAAM,WAAqB;AAE3B,cAAQ,SAAS,YAAY,MAAM;AAAA,QACjC,KAAK,cAAc,MAAM;AACvB,iBAAO;AAAA,QACT;AAAA,QACA,SAAS;AACP,gBAAM;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAmB;AACxC,UAAM,QAAQ,YAAY,KAAK,OAAO;AAEtC,QAAI,CAAC,MAAO,OAAM,IAAI,gBAAgB,EAAE,SAAS,oBAAoB,CAAC;AAEtE,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc;AAAA,MACvD;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,QAAQ;AAAA,MACX,GAAG;AAAA,MACH;AAAA,IACF;AAEA,SAAK,aAAa,OAAO,KAAK;AAC9B,SAAK,aAAa,QAAQ;AAAA,EAC5B;AAAA,EAEA,MAAgB,QACd,OACA,MAC+C;AAC/C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,aAAa;AAEhC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAGA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC,QAAQ,iBAAiB,KAAK;AAAA,MAC9B,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AAExB,eAAK,OAAO;AACZ,gBAAM,IAAI,kBAAkB,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACxD;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACpD;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACtD;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,aAAa,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACnD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AACF;;;AHlLA,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EACR;AAAA,EAKS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,eAAe;AAAA,MACnB,iBAAiB,QAAQ,mBAAmB;AAAA,MAC5C,mBAAmB,QAAQ,qBAAqB;AAAA,IAClD;AAEA,UAAM,kBAAkB,SAAS,cAAc,KAAK;AACpD,oBAAgB,KAAK,aAAa;AAClC,oBAAgB,MAAM,UAAU;AAChC,aAAS,KAAK,YAAY,eAAe;AAEzC,UAAM,gBAAgB,IAAI,oCAAc;AAAA,MACtC,WAAW;AAAA,MACX,iBAAiB,aAAa;AAAA,MAC9B,iBAAiB,SAAS,eAAe,aAAa,iBAAiB;AAAA,IACzE,CAAC;AAED,UAAM;AAAA,MACJ,SAAS;AAAA;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,gBAAgB;AACrB,SAAK,eAAe;AACpB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,cAAc;AACzB,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,OAAO;AACb,SAAK,cAAc,MAAM;AAKzB,UAAM,UAAU,IAAI,oCAAc;AAAA,MAChC,WAAW;AAAA,MACX,iBAAiB,KAAK,aAAa;AAAA,MACnC,iBAAiB,SAAS;AAAA,QACxB,KAAK,aAAa;AAAA,MACpB;AAAA,IACF,CAAC;AACD,SAAK,gBAAgB;AACrB,UAAM,KAAK,mBAAmB;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,gBAAgB;AAE5B,QACE,KAAK,cAAc,SAAS,WAC3B,KAAK,cAAc,WAAW,UAC7B,KAAK,cAAc,UAAU;AAE/B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAGpB,YAAM,KAAK,uBAAuB;AAAA,QAChC,QAAQ,KAAK,cAAc;AAAA,QAC3B,UAAU,KAAK,MAAM;AAAA,QACrB,aAAa,KAAK,cAAc;AAAA,MAClC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,EAAE,MAAM,GAAyB;AACpD,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,eAAe,EAAE,QAAQ,YAAY,MAAM,CAAC;AAAA,IACzD,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,QAAQ,CAAC,KAAK,KAAK,cAAc;AACzC;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,KAAK,YAAY;AAAA,UAC7C,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,UAAU,QAAmC;AACjD,UAAM,uBAAuB,MAAM,KAAK,WAAW,OAAO,KAAK;AAE/D,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,eAAe,EAAE,QAAQ,SAAS,GAAG,OAAO,CAAC;AAAA,IAC1D,OAAO;AACL,YAAM,KAAK,iBAAiB,MAAM;AAAA,IACpC;AAAA,EACF;AAAA,EAEA,MAAM,qBAAqB;AACzB,WAAO,MAAM,KAAK,mBAAmB;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,iBAAiB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAA8B;AAC5B,WAAO,KAAK,QAAQ,kBAAkB;AAAA,MACpC;AAAA,MACA,iBAAiB,MAAM,KAAK,mBAAmB;AAAA,MAC/C;AAAA,MACA,aAAa,YAAY,SAAS;AAAA,IACpC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,uBAAuB;AAAA,IAClC;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,KAAK,mBAAmB;AAE9B,UAAM,SAAS,MAAM,KAAK,cAAc,uBAAuB,MAAM;AAErE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AAEA,UAAM,KAAK,OAAO,QAAQ;AAE1B,SAAK,cAAc,OAAO;AAC1B,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBACZ,QACA;AACA,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM;AAAA,MACJ;AAAA,MACA,MAAM,EAAE,IAAI,OAAO,UAAU,eAAe,MAAM,oBAAoB;AAAA,IACxE,IAAI,MAAM,KAAK,QAAQ,cAAc;AAAA,MACnC,SAAS;AAAA,QACP,WAAW,UAAU,WAAW,SAAS;AAAA,QACzC;AAAA,MACF;AAAA,MACA,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,OAAO;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc,OAAO,KAAK;AAC/B,SAAK,cAAc;AACnB,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,oBACZ,QACA;AACA,UAAM,EAAE,OAAO,mBAAmB,YAAY,IAC5C;AAEF,UAAM,WAAW,MAAM,KAAK,QAAQ,cAAc;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,QACN,iBAAiB,MAAM,KAAK,mBAAmB;AAAA,QAC/C;AAAA,QACA,aAAa,YAAY,SAAS;AAAA,MACpC;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,YAAQ,OAAO,QAAQ;AAAA,MACrB,KAAK,YAAY;AACf,cAAM,KAAK,uBAAuB,MAAM;AACxC;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,KAAK,oBAAoB,MAAM;AACrC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,qBAAqB;AACjC,QAAI,CAAC,KAAK,cAAc,UAAU,GAAG;AACnC,YAAM,KAAK,cAAc,KAAK;AAAA,IAChC;AAEA,SAAK,UAAU,KAAK;AAEpB,WAAO,KAAK,cAAc,UAAU;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,iBAAiB;AAAA,MAClD;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AACF;;;ASxYA,kBAkBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAcP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,KAAK,cAAc;AAEhC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,EAAE,SAAS,2BAA2B,CAAC;AAAA,IACxE;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,QAAQ,KAAK,YAAY,IAAI,OAAO;AAAA,MAClD,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,KAAK,cAAc;AAEhC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,EAAE,SAAS,2BAA2B,CAAC;AAAA,IACxE;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,YAAY,WAAW;AAC5C,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;ArBhIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,QAAQ,MAAM;AAAA,EAClC,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_sha","import_http","import_accounts"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/session/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/errors/SDKError.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/GenericError.ts","../src/errors/UnauthenticatedError.ts","../src/types/routes.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'iframe' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, iframe, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n iframe,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\n/**\n * The state of the session.\n */\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n csrfToken?: string\n}\n\n/**\n * A store for the session state.\n */\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // Persist only `bundle` and `type` to localStorage.\n // `user` and `token` stay in memory (not persisted).\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // keep only these keys in persisted storage\n partialize: (state) => ({ bundle: state.bundle, type: state.type }),\n }),\n )\n }\n\n /**\n * Gets the type from the session state.\n *\n * @returns {SessionType | undefined} the type.\n */\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n /**\n * Sets the type in the session state.\n *\n * @param {SessionType} type the type to set.\n */\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n /**\n * Gets the token from the session state.\n *\n * @returns {string | undefined} the token.\n */\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n /**\n * Sets the token in the session state.\n *\n * @param {string} token the token to set.\n */\n set token(token: string) {\n this._store.setState({ token })\n }\n\n /**\n * Gets the CSRF token from the session state.\n *\n * @returns {string | undefined} the CSRF token.\n */\n get csrfToken(): string | undefined {\n return this._store.getState().csrfToken\n }\n\n /**\n * Sets the CSRF token in the session state.\n *\n * @param {string} csrfToken the CSRF token to set.\n */\n set csrfToken(csrfToken: string) {\n this._store.setState({ csrfToken })\n }\n\n /**\n * Gets the bundle from the session state.\n *\n * @returns {string | undefined} the bundle.\n */\n get bundle(): string | undefined {\n return this._store.getState().bundle\n }\n\n /**\n * Sets the bundle in the session state.\n *\n * @param {string} bundle the bundle to set.\n */\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n /**\n * Gets the user from the session state.\n *\n * @returns {User | undefined} the user.\n */\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n /**\n * Sets the user in the session state.\n *\n * @param {User} user the user to set.\n */\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n /**\n * Clears the user from the session state.\n */\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n /**\n * Clears the bundle from the session state.\n */\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n /**\n * Clears the type from the session state.\n */\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n /**\n * Clears the token from the session state.\n */\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n /**\n * Clears the token and user from the session state.\n */\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { SessionType } from '../../session/index.js'\nimport type {\n WebSignerClient,\n EmailInitializeAuthParams,\n CompleteAuthWithBundleParams,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {EmailInitializeAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves to the result of the authentication process.\n */\n async initialize(params: EmailInitializeAuthParams): Promise<void> {\n return this._webSignerClient.emailAuth(params)\n }\n\n /**\n * Completes authentication with bundle after user receives the bundle and subOrgId as URL params.\n *\n * @param params {CompleteAuthWithBundleParams} params received as URL params necessary to complete authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(\n params: Pick<CompleteAuthWithBundleParams, 'subOrgId' | 'bundle'>,\n ): Promise<void> {\n return this._webSignerClient.completeAuthWithBundle({\n ...params,\n sessionType: SessionType.Email,\n })\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebauthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebauthnSignInParams} params for the sign-in process.\n * @returns {Promise<void>} promise that resolves to the result of the sign-in process.\n */\n async signIn(params: WebauthnSignInParams) {\n return this._webSignerClient.webauthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport { sha256 } from 'sha.js'\nimport type { WebSignerClient } from '../../../signer/web.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n *\n * @returns\n */\n async init(): Promise<string> {\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getIframePublicKey()\n\n const nonce = new sha256().update(publicKey).digest('hex')\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","type SDKErrorProps = {\n message: string\n}\n\nabstract class SDKError extends Error {\n private readonly _props: SDKErrorProps\n\n constructor(message: string, props: SDKErrorProps) {\n super(message)\n this._props = props\n }\n\n get message() {\n return this._props.message\n }\n}\n\nexport { SDKError }\nexport type { SDKErrorProps }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass BadRequestError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(BadRequestError.name, props)\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n const publicKey = await this._webSignerClient.getIframePublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError({\n message: `Failed to create OAuth state. Error: ${response.statusText}`,\n })\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError({\n message: response.statusText,\n })\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport { sha256 } from 'sha.js'\nimport type { WebSignerClient } from '../../../signer/web.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n *\n * @returns\n */\n async init(): Promise<string> {\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getIframePublicKey()\n\n const nonce = new sha256().update(publicKey).digest('hex')\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ bundle, subOrgId }: CompleteParams) {\n await this._webSignerClient.completeAuthWithBundle({\n bundle,\n subOrgId,\n sessionType: SessionType.OAuth,\n })\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /**\n * Checks if a user is currently logged in to the fourt.io SDK.\n */\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /**\n * Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n */\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { IframeStamper } from '@turnkey/iframe-stamper'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\n\ntype WebauthnSignInParams = {\n email: string\n}\n\n// * When user starts auth with email - can be either a signup or a signin\ntype EmailInitializeAuthParams = {\n email: string\n redirectUrl: string\n expirationSeconds?: number // Defaults to 15 minutes by Turnkey\n}\n\n// * When user completes auth with bundle\ntype CompleteAuthWithBundleParams = {\n bundle: string\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n iframe?: {\n iframeElementId?: string\n iframeContainerId?: string\n }\n oauth?: OAuthConfiguration\n}>\n\ntype CreateAccountParams =\n | ({\n method: 'webauthn'\n } & WebauthnSignInParams)\n | ({\n method: 'email'\n } & EmailInitializeAuthParams)\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private iframeStamper: IframeStamper\n private webauthnStamper: WebauthnStamper\n iframeConfig: {\n iframeElementId: string\n iframeContainerId: string\n }\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n iframe,\n oauth,\n }: WebSignerClientConstructorParams) {\n const iframeConfig = {\n iframeElementId: iframe?.iframeElementId ?? 'turnkey-iframe',\n iframeContainerId: iframe?.iframeContainerId ?? 'signer-iframe-container',\n }\n\n const iframeContainer = document.createElement('div')\n iframeContainer.id = iframeConfig.iframeContainerId\n iframeContainer.style.display = 'none'\n document.body.appendChild(iframeContainer)\n\n const iframeStamper = new IframeStamper({\n iframeUrl: 'https://auth.turnkey.com',\n iframeElementId: iframeConfig.iframeElementId,\n iframeContainer: document.getElementById(iframeConfig.iframeContainerId),\n })\n\n super({\n stamper: iframeStamper, // Initialized to iframeStamper; can be either webauthnStamper or iframeStamper\n configuration: configuration,\n })\n\n this.iframeStamper = iframeStamper\n this.iframeConfig = iframeConfig\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async logout() {\n super.logout()\n\n this.iframeStamper.clear()\n\n // In the latest TK iframe-stamper version, an IframeStamper\n // instance becomes unusable after being cleared, so a new\n // instance must be created.\n const stamper = new IframeStamper({\n iframeUrl: 'https://auth.turnkey.com',\n iframeElementId: this.iframeConfig.iframeElementId,\n iframeContainer: document.getElementById(\n this.iframeConfig.iframeContainerId,\n ),\n })\n this.iframeStamper = stamper\n await this._initIframeStamper()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', {\n provider,\n })\n\n return url\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebauthnSignInParams} params params for the sign in\n */\n public async webauthnSignIn({ email }: WebauthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createAccount({ method: 'webauthn', email })\n } else {\n this.stamper = this.webauthnStamper\n await this.whoAmI(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handle auth user process with email.\n *\n * @param {EmailInitializeAuthParams} params Params needed for the initialization of the auth process\n */\n public async emailAuth(params: EmailInitializeAuthParams) {\n const existingUserSubOrgId = await this.lookUpUser(params.email)\n\n if (!existingUserSubOrgId) {\n await this._createAccount({ method: 'email', ...params })\n } else {\n await this._signInWithEmail(params)\n }\n }\n\n public async getIframePublicKey() {\n return await this._initIframeStamper()\n }\n\n /**\n * Completes the authentication process with a credential bundle.\n *\n * @param {CompleteAuthWithBundleParams} params params for the completion of the auth process\n */\n public async completeAuthWithBundle({\n bundle,\n subOrgId,\n sessionType,\n }: CompleteAuthWithBundleParams): Promise<void> {\n await this._initIframeStamper()\n\n const result = await this.iframeStamper.injectCredentialBundle(bundle)\n\n if (!result) {\n throw new Error('Failed to inject credential bundle')\n }\n\n await this.whoAmI(subOrgId)\n\n this._sessionStore.type = sessionType\n this._sessionStore.bundle = bundle\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n */\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n (this._sessionStore.bundle === undefined ||\n this._sessionStore.token === undefined)\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.iframeStamper\n // We need to inject the credential bundle\n // Otherwise the user will not be able to sign\n await this.completeAuthWithBundle({\n bundle: this._sessionStore.bundle!,\n subOrgId: this._sessionStore.user?.subOrgId!,\n sessionType: this._sessionStore.type!,\n })\n }\n }\n\n /**\n * Signs in a user with email.\n *\n * @param {EmailInitializeAuthParams} params params for the sign in\n */\n private async _signInWithEmail({\n email,\n expirationSeconds,\n redirectUrl,\n }: EmailInitializeAuthParams) {\n return this.request('/v1/email-auth', {\n email,\n targetPublicKey: await this.getIframePublicKey(),\n expirationSeconds,\n redirectUrl: redirectUrl.toString(),\n })\n }\n\n /**\n * Creates a passkey account using the webauthn stamper.\n *\n * @param {Extract<CreateAccountParams, { method: 'webauthn' }>} params params for the creation of the account\n */\n private async _createWebauthnAccount(\n params: Extract<CreateAccountParams, { method: 'webauthn' }>,\n ) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token, csrfToken } = await this.request('/v1/signup', {\n passkey: {\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n },\n email: params.email,\n })\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._sessionStore.csrfToken = csrfToken!\n this._scheduleRefresh(token!)\n }\n\n /**\n * Creates an email account using the iframe stamper.\n *\n * @param {Extract<CreateAccountParams, { method: 'email' }>} params params for the creation of the account\n */\n private async _createEmailAccount(\n params: Extract<CreateAccountParams, { method: 'email' }>,\n ) {\n const { email, expirationSeconds, redirectUrl } =\n params as EmailInitializeAuthParams\n\n const response = await this.request('/v1/signup', {\n email,\n iframe: {\n targetPublicKey: await this.getIframePublicKey(),\n expirationSeconds,\n redirectUrl: redirectUrl.toString(),\n },\n })\n\n return response\n }\n\n /**\n * Handle the account creation process.\n *\n * @param {CreateAccountParams} params params to create an account\n */\n private async _createAccount(params: CreateAccountParams) {\n switch (params.method) {\n case 'webauthn': {\n await this._createWebauthnAccount(params)\n break\n }\n case 'email': {\n await this._createEmailAccount(params)\n break\n }\n }\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIframeStamper() {\n if (!this.iframeStamper.publicKey()) {\n await this.iframeStamper.init()\n }\n\n this.stamper = this.iframeStamper\n\n return this.iframeStamper.publicKey()!\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthWithBundleParams,\n CreateAccountParams,\n EmailInitializeAuthParams,\n GoogleOAuthSignInParams,\n WebauthnSignInParams,\n WebSignerClientConstructorParams,\n}\n","import { Buffer } from 'buffer'\n\nclass LibBase64 {\n static fromBuffer(buffer: ArrayBuffer): string {\n return Buffer.from(buffer)\n .toString('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '')\n }\n\n static toBuffer(base64: string): ArrayBuffer {\n return Buffer.from(base64, 'base64').buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n GenericError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SDKError } from '../errors/SDKError.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n AuthenticationServiceRoutes,\n ROUTE_METHOD_MAP,\n} from '../types/routes.js'\nimport { jwtDecode, JwtPayload } from 'jwt-decode'\nimport { differenceInMilliseconds, isBefore, subMinutes } from 'date-fns'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError({\n message: 'No token found, user might not be logged in',\n })\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError({\n message: 'Token expired and refresh failed',\n })\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError({\n message: 'No token found, user might not be logged in',\n })\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = jwtDecode<JwtPayload>(token)\n if (decoded.exp) {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout() {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout')\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token || !this._sessionStore.user) {\n throw new UnauthorizedError({\n message: 'SignerClient must be authenticated to sign a message',\n })\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', { email })\n return subOrgId\n } catch (error) {\n if (!(error instanceof SDKError)) throw error\n\n const sdkError: SDKError = error\n\n switch (sdkError.constructor.name) {\n case NotFoundError.name: {\n return null\n }\n default: {\n throw sdkError\n }\n }\n }\n }\n\n protected async whoAmI(subOrgId?: string) {\n const orgId = subOrgId || this._sessionStore.user?.subOrgId\n\n if (!orgId) throw new BadRequestError({ message: 'No orgId provided' })\n\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n })\n\n const { user, token, csrfToken } = await this.request('/v1/signin', {\n stampedRequest,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._sessionStore.csrfToken = csrfToken\n this._scheduleRefresh(token)\n }\n\n protected async request<Route extends AuthenticationServiceRoutes>(\n route: Route,\n body?: AuthenticationServiceBody<Route>,\n ): Promise<AuthenticationServiceResponse<Route>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this._sessionStore.token\n const csrfToken = this._sessionStore.csrfToken\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n if (csrfToken) {\n headers['X-CSRF-Token'] = csrfToken\n }\n\n const response = await fetch(url, {\n method: ROUTE_METHOD_MAP[route],\n body: JSON.stringify(body),\n headers,\n credentials: 'include',\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<Route>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError({ message: error.message })\n }\n case 'NotFoundError': {\n throw new NotFoundError({ message: error.message })\n }\n case 'BadRequestError': {\n throw new BadRequestError({ message: error.message })\n }\n default: {\n throw new GenericError({ message: error.message })\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<Route>\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = jwtDecode<JwtPayload>(token)\n if (!decoded.exp) return\n\n const expiryDate = new Date(decoded.exp * 1000)\n const refreshDate = subMinutes(expiryDate, 2) // refresh 2min early\n\n // If the refresh time is already past, run immediately\n const delay = isBefore(refreshDate, new Date())\n ? 0\n : differenceInMilliseconds(refreshDate, new Date())\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Check if csrfToken is in memory, if not get a new one\n if (!this._sessionStore.csrfToken) {\n const { csrfToken } = await this.request('/v1/csrf-token')\n this._sessionStore.csrfToken = csrfToken\n }\n\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.request('/v1/refresh')\n const data = (await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])) as { token?: string }\n\n if (!data || !data.token) {\n // Treat missing token as auth failure\n throw new UnauthorizedError({\n message: 'Refresh did not return a token',\n })\n }\n\n this._sessionStore.token = data.token\n this._scheduleRefresh(data.token)\n } catch (error) {\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n try {\n this._sessionStore.clearAll()\n } catch {\n // ignore errors\n }\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 ** (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass UnauthorizedError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(UnauthorizedError.name, props)\n }\n}\n\nexport { UnauthorizedError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass NotFoundError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(NotFoundError.name, props)\n }\n}\n\nexport { NotFoundError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass GenericError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(GenericError.name, props)\n }\n}\n\nexport { GenericError }\n","import { SDKErrorProps, SDKError } from './SDKError.js'\n\nclass UnauthenticatedError extends SDKError {\n constructor(props: SDKErrorProps) {\n super(UnauthenticatedError.name, props)\n }\n}\n\nexport { UnauthenticatedError }\n","import { getWebAuthnAttestation, TSignedRequest } from '@turnkey/http'\nimport { User } from './entities.js'\nimport { AtLeastOne } from './string.js'\n\ntype AuthenticationServiceRoutes =\n AuthenticationServiceEndpoints[number]['Route']\n\ntype AuthenticationServiceBody<Route extends AuthenticationServiceRoutes> =\n Extract<AuthenticationServiceEndpoints[number], { Route: Route }>['Body']\n\ntype AuthenticationServiceResponse<Route extends AuthenticationServiceRoutes> =\n Extract<AuthenticationServiceEndpoints[number], { Route: Route }>['Response']\n\ntype AuthenticationServiceEndpoints = [\n {\n Route: '/v1/email-auth'\n Body: {\n email: string\n targetPublicKey: string\n redirectUrl: string\n expirationSeconds?: number\n }\n Response: {\n subOrgId: string\n }\n },\n {\n Route: '/v1/signup'\n Body: AtLeastOne<{\n passkey: {\n challenge: string\n attestation: Awaited<ReturnType<typeof getWebAuthnAttestation>>\n }\n iframe: {\n targetPublicKey: string\n redirectUrl: string\n expirationSeconds?: number\n }\n }> & { email: string }\n Response: {\n user: User\n token?: string\n csrfToken?: string\n }\n },\n {\n Route: '/v1/lookup'\n Body: {\n email: string\n }\n Response: {\n subOrgId: string\n }\n },\n {\n Route: '/v1/signin'\n Body: {\n stampedRequest: TSignedRequest\n }\n Response: {\n user: User\n token: string\n csrfToken: string\n }\n },\n {\n Route: '/v1/sign'\n Body: {\n stampedRequest: TSignedRequest\n }\n Response: {\n signature: string\n }\n },\n {\n Route: '/v1/oauth/init'\n Body: {\n provider: string\n }\n Response: {\n url: string\n }\n },\n {\n Route: '/v1/refresh'\n Body: {}\n Response: {\n token: string\n csrfToken: string\n }\n },\n {\n Route: '/v1/csrf-token'\n Body: {}\n Response: {\n csrfToken: string\n }\n },\n {\n Route: '/v1/logout'\n Body: {}\n Response: {}\n },\n {\n Route: '/v1/me'\n Body: {}\n Response: User\n },\n]\n\nconst ROUTE_METHOD_MAP = {\n '/v1/signup': 'POST',\n '/v1/email-auth': 'POST',\n '/v1/lookup': 'POST',\n '/v1/signin': 'POST',\n '/v1/sign': 'POST',\n '/v1/oauth/init': 'POST',\n '/v1/refresh': 'POST',\n '/v1/csrf-token': 'GET',\n '/v1/logout': 'POST',\n '/v1/me': 'GET',\n} satisfies Record<AuthenticationServiceRoutes, 'POST' | 'GET'>\n\nexport type {\n AuthenticationServiceEndpoints,\n AuthenticationServiceResponse,\n AuthenticationServiceBody,\n AuthenticationServiceRoutes,\n}\n\nexport { ROUTE_METHOD_MAP }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain | undefined,\n JsonRpcAccount | LocalAccount | undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError({ message: 'Signer not authenticated' })\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }) => this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError({ message: 'Signer not authenticated' })\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,qBAA2C;AAC3C,wBAA2C;AAuB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAGZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW,EAAE,QAAQ,MAAM,QAAQ,MAAM,MAAM,KAAK;AAAA,MACnE,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,YAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,UAAU,WAAmB;AAC/B,SAAK,OAAO,SAAS,EAAE,UAAU,CAAC;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrKA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAAkD;AACjE,WAAO,KAAK,iBAAiB,UAAU,MAAM;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SACJ,QACe;AACf,WAAO,KAAK,iBAAiB,uBAAuB;AAAA,MAClD,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AChCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;AClBA,WAAsB;AACtB,iBAAuB;AAGvB,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,OAAwB;AAC5B,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AAEjE,UAAM,QAAQ,IAAI,kBAAO,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AACzD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AClCA,IAAe,WAAf,cAAgC,MAAM;AAAA,EACnB;AAAA,EAEjB,YAAY,SAAiB,OAAsB;AACjD,UAAM,OAAO;AACb,SAAK,SAAS;AAAA,EAChB;AAAA,EAEA,IAAI,UAAU;AACZ,WAAO,KAAK,OAAO;AAAA,EACrB;AACF;;;ACbA,IAAM,kBAAN,MAAM,yBAAwB,SAAS;AAAA,EACrC,YAAY,OAAsB;AAChC,UAAM,iBAAgB,MAAM,KAAK;AAAA,EACnC;AACF;;;ACJA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AACjE,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,gBAAgB;AAAA,QACxB,SAAS,wCAAwC,SAAS,UAAU;AAAA,MACtE,CAAC;AAAA,IACH;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB;AAAA,QACxB,SAAS,SAAS;AAAA,MACpB,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AACF;;;AC7CA,IAAAC,QAAsB;AACtB,IAAAC,cAAuB;AAGvB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,OAAwB;AAC5B,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,mBAAmB;AAEjE,UAAM,QAAQ,IAAI,mBAAO,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AACzD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AC3BA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,QAAQ,SAAS,GAAmB;AACnD,UAAM,KAAK,iBAAiB,uBAAuB;AAAA,MACjD;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AChCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,IAAAC,eAAuC;AACvC,4BAA8B;AAC9B,8BAAgC;;;ACFhC,oBAAuB;AAEvB,IAAM,YAAN,MAAgB;AAAA,EACd,OAAO,WAAW,QAA6B;AAC7C,WAAO,qBAAO,KAAK,MAAM,EACtB,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,MAAM,EAAE;AAAA,EACrB;AAAA,EAEA,OAAO,SAAS,QAA6B;AAC3C,WAAO,qBAAO,KAAK,QAAQ,QAAQ,EAAE;AAAA,EACvC;AACF;;;ACPA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,kBAA8B;;;ACE9B,IAAM,oBAAN,MAAM,2BAA0B,SAAS;AAAA,EACvC,YAAY,OAAsB;AAChC,UAAM,mBAAkB,MAAM,KAAK;AAAA,EACrC;AACF;;;ACJA,IAAM,gBAAN,MAAM,uBAAsB,SAAS;AAAA,EACnC,YAAY,OAAsB;AAChC,UAAM,eAAc,MAAM,KAAK;AAAA,EACjC;AACF;;;ACJA,IAAM,eAAN,MAAM,sBAAqB,SAAS;AAAA,EAClC,YAAY,OAAsB;AAChC,UAAM,cAAa,MAAM,KAAK;AAAA,EAChC;AACF;;;ACJA,IAAM,uBAAN,MAAM,8BAA6B,SAAS;AAAA,EAC1C,YAAY,OAAsB;AAChC,UAAM,sBAAqB,MAAM,KAAK;AAAA,EACxC;AACF;;;ACwGA,IAAM,mBAAmB;AAAA,EACvB,cAAc;AAAA,EACd,kBAAkB;AAAA,EAClB,cAAc;AAAA,EACd,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,kBAAkB;AAAA,EAClB,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,cAAc;AAAA,EACd,UAAU;AACZ;;;ALzGA,wBAAsC;AACtC,sBAA+D;AAiB/D,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,QAAQ;AACxC,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,QAAQ;AACxC,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB;AAAA,UAC1B,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB;AAAA,UAC1B,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB;AAAA,QAC1B,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,cAAU,6BAAsB,KAAK;AAC3C,UAAI,QAAQ,KAAK;AACf,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,SAAS;AACpB,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,YAAY;AAC/B,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI,kBAAkB;AAAA,QAC1B,SAAS;AAAA,MACX,CAAC;AAAA,IACH;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY;AAAA,MACnD;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,EAAE,MAAM,CAAC;AAC/D,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,EAAE,iBAAiB,UAAW,OAAM;AAExC,YAAM,WAAqB;AAE3B,cAAQ,SAAS,YAAY,MAAM;AAAA,QACjC,KAAK,cAAc,MAAM;AACvB,iBAAO;AAAA,QACT;AAAA,QACA,SAAS;AACP,gBAAM;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAmB;AACxC,UAAM,QAAQ,YAAY,KAAK,cAAc,MAAM;AAEnD,QAAI,CAAC,MAAO,OAAM,IAAI,gBAAgB,EAAE,SAAS,oBAAoB,CAAC;AAEtE,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK,QAAQ,cAAc;AAAA,MAClE;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAK;AAAA,EAC7B;AAAA,EAEA,MAAgB,QACd,OACA,MAC+C;AAC/C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,cAAc;AACjC,UAAM,YAAY,KAAK,cAAc;AAErC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,QAAI,WAAW;AACb,cAAQ,cAAc,IAAI;AAAA,IAC5B;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC,QAAQ,iBAAiB,KAAK;AAAA,MAC9B,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACxD;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACpD;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACtD;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,aAAa,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA,QACnD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,cAAU,6BAAsB,KAAK;AAC3C,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,aAAa,IAAI,KAAK,QAAQ,MAAM,GAAI;AAC9C,YAAM,kBAAc,4BAAW,YAAY,CAAC;AAG5C,YAAM,YAAQ,0BAAS,aAAa,oBAAI,KAAK,CAAC,IAC1C,QACA,0CAAyB,aAAa,oBAAI,KAAK,CAAC;AAGpD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,YAAI,CAAC,KAAK,cAAc,WAAW;AACjC,gBAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,gBAAgB;AACzD,eAAK,cAAc,YAAY;AAAA,QACjC;AAGA,cAAM,iBAAiB,KAAK,QAAQ,aAAa;AACjD,cAAM,OAAQ,MAAM,QAAQ,KAAK;AAAA,UAC/B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,OAAO;AAExB,gBAAM,IAAI,kBAAkB;AAAA,YAC1B,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AAEd,YAAI,iBAAiB,mBAAmB;AACtC,cAAI;AACF,iBAAK,cAAc,SAAS;AAAA,UAC9B,QAAQ;AAAA,UAER;AACA,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AH9UA,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EACR;AAAA,EAKS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,eAAe;AAAA,MACnB,iBAAiB,QAAQ,mBAAmB;AAAA,MAC5C,mBAAmB,QAAQ,qBAAqB;AAAA,IAClD;AAEA,UAAM,kBAAkB,SAAS,cAAc,KAAK;AACpD,oBAAgB,KAAK,aAAa;AAClC,oBAAgB,MAAM,UAAU;AAChC,aAAS,KAAK,YAAY,eAAe;AAEzC,UAAM,gBAAgB,IAAI,oCAAc;AAAA,MACtC,WAAW;AAAA,MACX,iBAAiB,aAAa;AAAA,MAC9B,iBAAiB,SAAS,eAAe,aAAa,iBAAiB;AAAA,IACzE,CAAC;AAED,UAAM;AAAA,MACJ,SAAS;AAAA;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,gBAAgB;AACrB,SAAK,eAAe;AACpB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,OAAO;AAEb,SAAK,cAAc,MAAM;AAKzB,UAAM,UAAU,IAAI,oCAAc;AAAA,MAChC,WAAW;AAAA,MACX,iBAAiB,KAAK,aAAa;AAAA,MACnC,iBAAiB,SAAS;AAAA,QACxB,KAAK,aAAa;AAAA,MACpB;AAAA,IACF,CAAC;AACD,SAAK,gBAAgB;AACrB,UAAM,KAAK,mBAAmB;AAAA,EAChC;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB;AAAA,MACnD;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,eAAe,EAAE,QAAQ,YAAY,MAAM,CAAC;AAAA,IACzD,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,UAAU,QAAmC;AACxD,UAAM,uBAAuB,MAAM,KAAK,WAAW,OAAO,KAAK;AAE/D,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,eAAe,EAAE,QAAQ,SAAS,GAAG,OAAO,CAAC;AAAA,IAC1D,OAAO;AACL,YAAM,KAAK,iBAAiB,MAAM;AAAA,IACpC;AAAA,EACF;AAAA,EAEA,MAAa,qBAAqB;AAChC,WAAO,MAAM,KAAK,mBAAmB;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,uBAAuB;AAAA,IAClC;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAgD;AAC9C,UAAM,KAAK,mBAAmB;AAE9B,UAAM,SAAS,MAAM,KAAK,cAAc,uBAAuB,MAAM;AAErE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AAEA,UAAM,KAAK,OAAO,QAAQ;AAE1B,SAAK,cAAc,OAAO;AAC1B,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,WAC3B,KAAK,cAAc,WAAW,UAC7B,KAAK,cAAc,UAAU;AAE/B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAGpB,YAAM,KAAK,uBAAuB;AAAA,QAChC,QAAQ,KAAK,cAAc;AAAA,QAC3B,UAAU,KAAK,cAAc,MAAM;AAAA,QACnC,aAAa,KAAK,cAAc;AAAA,MAClC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,iBAAiB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAA8B;AAC5B,WAAO,KAAK,QAAQ,kBAAkB;AAAA,MACpC;AAAA,MACA,iBAAiB,MAAM,KAAK,mBAAmB;AAAA,MAC/C;AAAA,MACA,aAAa,YAAY,SAAS;AAAA,IACpC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBACZ,QACA;AACA,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK,QAAQ,cAAc;AAAA,MAClE,SAAS;AAAA,QACP,WAAW,UAAU,WAAW,SAAS;AAAA,QACzC;AAAA,MACF;AAAA,MACA,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,oBACZ,QACA;AACA,UAAM,EAAE,OAAO,mBAAmB,YAAY,IAC5C;AAEF,UAAM,WAAW,MAAM,KAAK,QAAQ,cAAc;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,QACN,iBAAiB,MAAM,KAAK,mBAAmB;AAAA,QAC/C;AAAA,QACA,aAAa,YAAY,SAAS;AAAA,MACpC;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,YAAQ,OAAO,QAAQ;AAAA,MACrB,KAAK,YAAY;AACf,cAAM,KAAK,uBAAuB,MAAM;AACxC;AAAA,MACF;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,KAAK,oBAAoB,MAAM;AACrC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,qBAAqB;AACjC,QAAI,CAAC,KAAK,cAAc,UAAU,GAAG;AACnC,YAAM,KAAK,cAAc,KAAK;AAAA,IAChC;AAEA,SAAK,UAAU,KAAK;AAEpB,WAAO,KAAK,cAAc,UAAU;AAAA,EACtC;AACF;;;ASlYA,kBAqBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,EAAE,SAAS,2BAA2B,CAAC;AAAA,IACxE;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MAAM,KAAK,YAAY,OAAO;AAAA,MACtD,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,EAAE,SAAS,2BAA2B,CAAC;AAAA,IACxE;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;ArBjIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,QAAQ,MAAM;AAAA,EAClC,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_sha","import_http","error","import_accounts"]}
package/dist/index.d.cts CHANGED
@@ -3,7 +3,7 @@ import { getWebAuthnAttestation, TSignedRequest, TurnkeyClient } from '@turnkey/
3
3
  import * as viem_account_abstraction from 'viem/account-abstraction';
4
4
  import { Hex } from '../types/misc.js';
5
5
  import * as viem from 'viem';
6
- import { LocalAccount, Client, SignableMessage, Hex as Hex$1, TypedData, TypedDataDefinition, SerializeTransactionFn, TransactionSerializable, IsNarrowable, TransactionSerialized, GetTransactionType } from 'viem';
6
+ import { LocalAccount, Client, Transport, Chain, JsonRpcAccount, SignableMessage, Hex as Hex$1, TypedData, TypedDataDefinition, SerializeTransactionFn, TransactionSerializable, IsNarrowable, TransactionSerialized, GetTransactionType } from 'viem';
7
7
  import { toLightSmartAccount } from 'permissionless/accounts';
8
8
 
9
9
  declare enum SessionType {
@@ -16,9 +16,6 @@ declare enum SessionType {
16
16
  */
17
17
  declare class SessionStore {
18
18
  private readonly _store;
19
- /**
20
- * Initializes a new instance of the `SessionStore` class by creating a new `zustand`store with the initial state.
21
- */
22
19
  constructor();
23
20
  /**
24
21
  * Gets the type from the session state.
@@ -44,6 +41,18 @@ declare class SessionStore {
44
41
  * @param {string} token the token to set.
45
42
  */
46
43
  set token(token: string);
44
+ /**
45
+ * Gets the CSRF token from the session state.
46
+ *
47
+ * @returns {string | undefined} the CSRF token.
48
+ */
49
+ get csrfToken(): string | undefined;
50
+ /**
51
+ * Sets the CSRF token in the session state.
52
+ *
53
+ * @param {string} csrfToken the CSRF token to set.
54
+ */
55
+ set csrfToken(csrfToken: string);
47
56
  /**
48
57
  * Gets the bundle from the session state.
49
58
  *
@@ -128,7 +137,8 @@ type AuthenticationServiceEndpoints = [
128
137
  };
129
138
  Response: {
130
139
  user: User;
131
- token: string;
140
+ token?: string;
141
+ csrfToken?: string;
132
142
  };
133
143
  },
134
144
  {
@@ -148,6 +158,7 @@ type AuthenticationServiceEndpoints = [
148
158
  Response: {
149
159
  user: User;
150
160
  token: string;
161
+ csrfToken: string;
151
162
  };
152
163
  },
153
164
  {
@@ -160,13 +171,38 @@ type AuthenticationServiceEndpoints = [
160
171
  };
161
172
  },
162
173
  {
163
- Route: 'v1/oauth/init';
174
+ Route: '/v1/oauth/init';
164
175
  Body: {
165
176
  provider: string;
166
177
  };
167
178
  Response: {
168
179
  url: string;
169
180
  };
181
+ },
182
+ {
183
+ Route: '/v1/refresh';
184
+ Body: {};
185
+ Response: {
186
+ token: string;
187
+ csrfToken: string;
188
+ };
189
+ },
190
+ {
191
+ Route: '/v1/csrf-token';
192
+ Body: {};
193
+ Response: {
194
+ csrfToken: string;
195
+ };
196
+ },
197
+ {
198
+ Route: '/v1/logout';
199
+ Body: {};
200
+ Response: {};
201
+ },
202
+ {
203
+ Route: '/v1/me';
204
+ Body: {};
205
+ Response: User;
170
206
  }
171
207
  ];
172
208
 
@@ -184,20 +220,23 @@ declare abstract class SignerClient {
184
220
  protected readonly _turnkeyClient: TurnkeyClient;
185
221
  protected readonly _configuration: Required<SignerClientConstructorParams['configuration']>;
186
222
  protected readonly _sessionStore: SessionStore;
187
- private _user?;
223
+ private _refreshPromise?;
224
+ private _refreshTimer?;
188
225
  constructor({ stamper, configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration }, }: SignerClientConstructorParams);
189
- logout(): void;
190
226
  get configuration(): Required<SignerClientConfiguration>;
191
- get user(): User | undefined;
192
- protected set user(value: User | undefined);
227
+ getUser(): Promise<User>;
228
+ isLoggedIn(): Promise<boolean>;
229
+ getToken(): Promise<string>;
230
+ private _isTokenExpired;
231
+ logout(): Promise<void>;
232
+ signRawMessage<Into extends string>(msg: string): Promise<Into>;
193
233
  protected set stamper(stamper: TurnkeyClient['stamper']);
194
234
  protected get stamper(): TurnkeyClient['stamper'];
195
- protected get sessionStore(): SessionStore;
196
- signRawMessage<Into extends string>(msg: string): Promise<Into>;
197
- getToken(): string | undefined;
198
235
  protected lookUpUser(email: string): Promise<string | null>;
199
236
  protected whoAmI(subOrgId?: string): Promise<void>;
200
237
  protected request<Route extends AuthenticationServiceRoutes>(route: Route, body?: AuthenticationServiceBody<Route>): Promise<AuthenticationServiceResponse<Route>>;
238
+ protected _scheduleRefresh(token: string): void;
239
+ private _refreshToken;
201
240
  }
202
241
 
203
242
  type WebauthnSignInParams = {
@@ -246,13 +285,14 @@ declare class WebSignerClient extends SignerClient {
246
285
  * @param {WebSignerClientConstructorParams} params params for the constructor
247
286
  */
248
287
  constructor({ configuration, webauthn, iframe, oauth, }: WebSignerClientConstructorParams);
249
- signRawMessage<Into extends string>(msg: string): Promise<Into>;
250
288
  logout(): Promise<void>;
289
+ signRawMessage<Into extends string>(msg: string): Promise<Into>;
251
290
  /**
252
- * Checks for an existing session and if exists, updates the stamper accordingly.
291
+ * Get the pre-filled URL for initiating oauth with a specific provider.
253
292
  *
293
+ * @param {string} provider provider for which we are getting the URL, currently google or apple
254
294
  */
255
- private updateStamper;
295
+ getOAuthInitUrl(provider: string): Promise<string>;
256
296
  /**
257
297
  * Signs in a user with webauthn.
258
298
  *
@@ -266,18 +306,22 @@ declare class WebSignerClient extends SignerClient {
266
306
  */
267
307
  emailAuth(params: EmailInitializeAuthParams): Promise<void>;
268
308
  getIframePublicKey(): Promise<string>;
269
- /**
270
- * Signs in a user with email.
271
- *
272
- * @param {EmailInitializeAuthParams} params params for the sign in
273
- */
274
- private _signInWithEmail;
275
309
  /**
276
310
  * Completes the authentication process with a credential bundle.
277
311
  *
278
312
  * @param {CompleteAuthWithBundleParams} params params for the completion of the auth process
279
313
  */
280
314
  completeAuthWithBundle({ bundle, subOrgId, sessionType, }: CompleteAuthWithBundleParams): Promise<void>;
315
+ /**
316
+ * Checks for an existing session and if exists, updates the stamper accordingly.
317
+ */
318
+ private _updateStamper;
319
+ /**
320
+ * Signs in a user with email.
321
+ *
322
+ * @param {EmailInitializeAuthParams} params params for the sign in
323
+ */
324
+ private _signInWithEmail;
281
325
  /**
282
326
  * Creates a passkey account using the webauthn stamper.
283
327
  *
@@ -298,12 +342,6 @@ declare class WebSignerClient extends SignerClient {
298
342
  private _createAccount;
299
343
  private _webauthnGenerateAttestation;
300
344
  private _initIframeStamper;
301
- /**
302
- * Get the pre-filled URL for initiating oauth with a specific provider.
303
- *
304
- * @param {string} provider provider for which we are getting the URL, currently google or apple
305
- */
306
- getOAuthInitUrl(provider: string): Promise<string>;
307
345
  }
308
346
 
309
347
  /**
@@ -426,20 +464,21 @@ declare class UserModule {
426
464
  */
427
465
  constructor(_webSignerClient: WebSignerClient);
428
466
  /**
429
- * Gets the user information.
430
- *
431
- * @returns {User | undefined} user information.
467
+ * Retrieves information for the authenticated user.
468
+ * Assumes a user is already logged in, otherwise it will throw an error.
432
469
  */
433
- get info(): User | undefined;
434
- /** Gets the user token.
435
- *
436
- * @returns {string | undefined} user token.
470
+ getInfo(): Promise<User>;
471
+ /**
472
+ * Checks if a user is currently logged in to the fourt.io SDK.
437
473
  */
438
- get token(): string | undefined;
474
+ isLoggedIn(): Promise<boolean>;
475
+ /**
476
+ * Generates an access token with a lifespan of 15 minutes.
477
+ * Assumes a user is already logged in, otherwise it will throw an error.
478
+ */
479
+ getToken(): Promise<string>;
439
480
  /**
440
481
  * Logs out the user.
441
- *
442
- * @returns {void}
443
482
  */
444
483
  logout(): Promise<void>;
445
484
  }
@@ -448,7 +487,7 @@ type CcipRequestReturnType = Hex;
448
487
 
449
488
  type CurrentUserToLightSmartAccountParams = {
450
489
  owner: LocalAccount;
451
- client: Client;
490
+ client: Client<Transport, Chain | undefined, JsonRpcAccount | LocalAccount | undefined>;
452
491
  };
453
492
  declare class ViemModule {
454
493
  private readonly _signerClient;
@@ -465,6 +504,7 @@ declare class ViemModule {
465
504
  request?: (parameters: viem.CcipRequestParameters) => Promise<CcipRequestReturnType>;
466
505
  } | undefined;
467
506
  chain: undefined;
507
+ experimental_blockTag?: viem.BlockTag | undefined;
468
508
  key: string;
469
509
  name: string;
470
510
  pollingInterval: number;
@@ -484,6 +524,7 @@ declare class ViemModule {
484
524
  cacheTime?: undefined;
485
525
  ccipRead?: undefined;
486
526
  chain?: undefined;
527
+ experimental_blockTag?: undefined;
487
528
  key?: undefined;
488
529
  name?: undefined;
489
530
  pollingInterval?: undefined;
@@ -491,7 +532,7 @@ declare class ViemModule {
491
532
  transport?: undefined;
492
533
  type?: undefined;
493
534
  uid?: undefined;
494
- } & viem.ExactPartial<Pick<viem.PublicActions<viem.HttpTransport, undefined, undefined>, "call" | "createContractEventFilter" | "createEventFilter" | "estimateContractGas" | "estimateGas" | "getBlock" | "getBlockNumber" | "getChainId" | "getContractEvents" | "getEnsText" | "getFilterChanges" | "getGasPrice" | "getLogs" | "getTransaction" | "getTransactionCount" | "getTransactionReceipt" | "prepareTransactionRequest" | "readContract" | "sendRawTransaction" | "simulateContract" | "uninstallFilter" | "watchBlockNumber" | "watchContractEvent"> & Pick<viem.WalletActions<undefined, undefined>, "sendTransaction" | "writeContract">>>(fn: (client: Client<viem.HttpTransport, undefined, undefined, viem.PaymasterRpcSchema, viem_account_abstraction.PaymasterActions>) => client) => Client<viem.HttpTransport, undefined, undefined, viem.PaymasterRpcSchema, { [K in keyof client]: client[K]; } & viem_account_abstraction.PaymasterActions>;
535
+ } & viem.ExactPartial<Pick<viem.PublicActions<viem.HttpTransport<undefined, false>, undefined, undefined>, "getChainId" | "prepareTransactionRequest" | "sendRawTransaction" | "call" | "createContractEventFilter" | "createEventFilter" | "estimateContractGas" | "estimateGas" | "getBlock" | "getBlockNumber" | "getContractEvents" | "getEnsText" | "getFilterChanges" | "getGasPrice" | "getLogs" | "getTransaction" | "getTransactionCount" | "getTransactionReceipt" | "readContract" | "simulateContract" | "uninstallFilter" | "watchBlockNumber" | "watchContractEvent"> & Pick<viem.WalletActions<undefined, undefined>, "sendTransaction" | "writeContract">>>(fn: (client: Client<viem.HttpTransport<undefined, false>, undefined, undefined, viem.PaymasterRpcSchema, viem_account_abstraction.PaymasterActions>) => client) => Client<viem.HttpTransport<undefined, false>, undefined, undefined, viem.PaymasterRpcSchema, { [K in keyof client]: client[K]; } & viem_account_abstraction.PaymasterActions>;
495
536
  }>;
496
537
  signMessage(msg: SignableMessage): Promise<Hex$1>;
497
538
  signTypedData<TTypedData extends TypedData | Record<string, unknown>, TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData>(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex$1>;