@fourt/sdk 1.5.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +43 -58
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +22 -19
  4. package/dist/index.d.ts +22 -19
  5. package/dist/index.js +43 -58
  6. package/dist/index.js.map +1 -1
  7. package/package.json +2 -2
package/dist/index.cjs CHANGED
@@ -397,12 +397,6 @@ var SessionStore = class {
397
397
  set token(token) {
398
398
  this._store.setState({ token });
399
399
  }
400
- get csrfToken() {
401
- return this._store.getState().csrfToken;
402
- }
403
- set csrfToken(csrfToken) {
404
- this._store.setState({ csrfToken });
405
- }
406
400
  get bundle() {
407
401
  return this._store.getState().bundle;
408
402
  }
@@ -433,9 +427,6 @@ var SessionStore = class {
433
427
  clearToken() {
434
428
  this._store.setState({ ...this._store.getState(), token: void 0 });
435
429
  }
436
- clearCsrfToken() {
437
- this._store.setState({ ...this._store.getState(), csrfToken: void 0 });
438
- }
439
430
  clearOtpId() {
440
431
  this._store.setState({ ...this._store.getState(), otpId: void 0 });
441
432
  }
@@ -452,7 +443,6 @@ var SessionStore = class {
452
443
  user: void 0,
453
444
  bundle: void 0,
454
445
  token: void 0,
455
- csrfToken: void 0,
456
446
  otpId: void 0
457
447
  };
458
448
  }
@@ -574,10 +564,10 @@ var SignerClient = class {
574
564
  return true;
575
565
  }
576
566
  }
577
- async logout() {
567
+ async logout(publicKey) {
578
568
  if (this._refreshTimer) clearTimeout(this._refreshTimer);
579
569
  this._refreshTimer = void 0;
580
- await this.request("/v1/logout", "POST");
570
+ await this.request("/v1/logout", "POST", { publicKey });
581
571
  this._sessionStore.clearAll();
582
572
  }
583
573
  async signRawMessage(msg) {
@@ -617,19 +607,14 @@ var SignerClient = class {
617
607
  throw error;
618
608
  }
619
609
  }
620
- async signIn(subOrgId) {
621
- const orgId = subOrgId || this._sessionStore.user?.subOrgId;
622
- if (!orgId) throw new BadRequestError("No orgId provided");
610
+ async signIn(subOrgId, publicKey) {
623
611
  const stampedRequest = await this._turnkeyClient.stampGetWhoami({
624
- organizationId: orgId
612
+ organizationId: subOrgId
613
+ });
614
+ const { user, token } = await this.request("/v1/signin", "POST", {
615
+ stampedRequest,
616
+ publicKey
625
617
  });
626
- const { user, token, csrfToken } = await this.request(
627
- "/v1/signin",
628
- "POST",
629
- {
630
- stampedRequest
631
- }
632
- );
633
618
  const credentialId = (() => {
634
619
  try {
635
620
  return JSON.parse(stampedRequest?.stamp.stampHeaderValue).credentialId;
@@ -642,14 +627,25 @@ var SignerClient = class {
642
627
  credentialId
643
628
  };
644
629
  this._sessionStore.token = token;
645
- this._sessionStore.csrfToken = csrfToken;
646
630
  this._scheduleRefresh(token);
631
+ return { user, token };
632
+ }
633
+ async stampAndRefresh() {
634
+ const refreshPayload = JSON.stringify({
635
+ timestamp: Date.now(),
636
+ type: "refresh_token_request"
637
+ });
638
+ const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload);
639
+ const { token } = await this.request("/v1/refresh", "POST", {
640
+ payload: refreshPayload,
641
+ stamp
642
+ });
643
+ this._sessionStore.token = token;
644
+ return { token };
647
645
  }
648
646
  async request(route, method, body) {
649
- const url = new URL(this._configuration.apiUrl);
650
- url.pathname = url.pathname + route;
647
+ const url = new URL(`${route}`, this._configuration.apiUrl);
651
648
  const token = this._sessionStore.token;
652
- const csrfToken = this._sessionStore.csrfToken;
653
649
  const headers = {
654
650
  "Content-Type": "application/json",
655
651
  "X-FOURT-KEY": this._configuration.apiKey
@@ -657,14 +653,10 @@ var SignerClient = class {
657
653
  if (token) {
658
654
  headers["Authorization"] = `Bearer ${token}`;
659
655
  }
660
- if (csrfToken) {
661
- headers["X-CSRF-Token"] = csrfToken;
662
- }
663
656
  const response = await fetch(url, {
664
657
  method,
665
658
  body: method === "POST" ? JSON.stringify(body) : void 0,
666
- headers,
667
- credentials: "include"
659
+ headers
668
660
  });
669
661
  const { data, error } = await response.json();
670
662
  if (error) {
@@ -717,31 +709,23 @@ var SignerClient = class {
717
709
  const TIMEOUT_MS = 1e4;
718
710
  const RETRY_DELAY_MS = 5e3;
719
711
  try {
720
- if (!this._sessionStore.csrfToken) {
721
- const { csrfToken } = await this.request("/v1/csrf-token", "GET");
722
- this._sessionStore.csrfToken = csrfToken;
723
- }
724
- const refreshPromise = this.request("/v1/refresh", "POST");
712
+ const refreshPromise = this.stampAndRefresh();
725
713
  const data = await Promise.race([
726
714
  refreshPromise,
727
715
  new Promise(
728
716
  (_, reject) => setTimeout(() => reject(new Error("Refresh timeout")), TIMEOUT_MS)
729
717
  )
730
718
  ]);
731
- if (!data || !data.token || !data.csrfToken) {
719
+ if (!data || !data.token) {
732
720
  throw new UnauthorizedError("Refresh did not return tokens");
733
721
  }
734
722
  this._sessionStore.token = data.token;
735
- this._sessionStore.csrfToken = data.csrfToken;
736
723
  this._scheduleRefresh(data.token);
737
724
  } catch (error) {
725
+ console.error("Token refresh failed:", error);
738
726
  if (error instanceof UnauthorizedError) {
739
- try {
740
- this._sessionStore.clearToken();
741
- this._sessionStore.clearCsrfToken();
742
- this._sessionStore.clearUser();
743
- } catch {
744
- }
727
+ this._sessionStore.clearToken();
728
+ this._sessionStore.clearUser();
745
729
  throw error;
746
730
  }
747
731
  if (this._refreshTimer) clearTimeout(this._refreshTimer);
@@ -798,8 +782,13 @@ var WebSignerClient = class extends SignerClient {
798
782
  this.webauthnStamper = new import_webauthn_stamper.WebauthnStamper({ rpId: webauthn.rpId });
799
783
  this.oauthConfiguration = oauth;
800
784
  }
785
+ async isLoggedIn() {
786
+ await this.getPublicKey();
787
+ return super.isLoggedIn();
788
+ }
801
789
  async logout() {
802
- super.logout();
790
+ const publicKey = await this.getPublicKey();
791
+ super.logout(publicKey);
803
792
  this.indexedDbStamper.clear();
804
793
  }
805
794
  async signRawMessage(msg) {
@@ -870,14 +859,15 @@ var WebSignerClient = class extends SignerClient {
870
859
  await this._initIndexedDbStamper();
871
860
  if (!this._sessionStore.otpId)
872
861
  throw new NotFoundError("No OTP ID found in session store.");
862
+ const publicKey = await this.getPublicKey();
873
863
  const { subOrgId } = await this.request("/v1/email/complete", "POST", {
874
864
  otpId: this._sessionStore.otpId,
875
865
  otpCode: params.otpCode,
876
- publicKey: await this.getPublicKey()
866
+ publicKey
877
867
  });
878
868
  if (!subOrgId)
879
869
  throw new NotFoundError("No OTP authentication response returned.");
880
- await this.signIn(subOrgId);
870
+ await this.signIn(subOrgId, publicKey);
881
871
  this._sessionStore.type = "email" /* Email */;
882
872
  this._sessionStore.clearOtpId();
883
873
  }
@@ -909,22 +899,17 @@ var WebSignerClient = class extends SignerClient {
909
899
  const { challenge, attestation } = await this._webauthnGenerateAttestation(
910
900
  params.email
911
901
  );
912
- const { user, token, csrfToken } = await this.request(
913
- "/v1/signup",
914
- "POST",
915
- {
916
- email: params.email,
917
- challenge: LibBase64.fromBuffer(challenge),
918
- attestation
919
- }
920
- );
902
+ const { user, token } = await this.request("/v1/signup", "POST", {
903
+ email: params.email,
904
+ challenge: LibBase64.fromBuffer(challenge),
905
+ attestation
906
+ });
921
907
  this._sessionStore.user = {
922
908
  ...user,
923
909
  credentialId: attestation.credentialId
924
910
  };
925
911
  this._sessionStore.type = "passkeys" /* Passkeys */;
926
912
  this._sessionStore.token = token;
927
- this._sessionStore.csrfToken = csrfToken;
928
913
  this._scheduleRefresh(token);
929
914
  }
930
915
  /**
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n */\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /**\n * Completes email authentication with OTP code.\n *\n * @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /**\n * Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n *\n * @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.\n */\n async getAuthMethod(): Promise<'otp' | 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebAuthnSignInParams} params for the sign-in process.\n */\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /**\n * Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n */\n static async sha256Hex(\n input: string | ArrayBuffer | Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\n/**\n * A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n */\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ subOrgId }: CompleteParams) {\n /* await this._webSignerClient.completeAuth({\n subOrgId,\n sessionType: SessionType.OAuth,\n }) */\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /**\n * Checks if a user is currently logged in to the fourt.io SDK.\n */\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /**\n * Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n */\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\n\ntype WebAuthnSignInParams = {\n email: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteAuthParams = {\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async logout() {\n super.logout()\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebAuthnSignInParams} params params for the sign in\n */\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createWebAuthnAccount({ email })\n } else {\n this.stamper = this.webauthnStamper\n await this.signIn(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handles auth user process with email according to the method of the used app.\n *\n * @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n */\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /**\n * Verifies the provided otp code.\n *\n * @param {CompleteEmailAuthParams} params params needed for otp code verification\n */\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n await this._initIndexedDbStamper()\n\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey: await this.getPublicKey(),\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /**\n * Gets the email authentication method of the app.\n */\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n */\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /**\n * Creates a passkey account using the webauthn stamper.\n *\n * @param {WebAuthnSignInParams} params params for the creation of the account\n */\n private async _createWebAuthnAccount(params: WebAuthnSignInParams) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token, csrfToken } = await this.request(\n '/v1/signup',\n 'POST',\n {\n email: params.email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n },\n )\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._sessionStore.csrfToken = csrfToken!\n this._scheduleRefresh(token!)\n }\n\n /**\n * Init account creation with email.\n *\n * @param {InitEmailAuthParams} params params for the creation of the account\n */\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthParams,\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n GoogleOAuthSignInParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n}\n","/**\n * Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n */\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n csrfToken?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n bundle: state.bundle,\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get csrfToken(): string | undefined {\n return this._store.getState().csrfToken\n }\n\n set csrfToken(csrfToken: string) {\n this._store.setState({ csrfToken })\n }\n\n get bundle(): string | undefined {\n return this._store.getState().bundle\n }\n\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string | undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearCsrfToken() {\n this._store.setState({ ...this._store.getState(), csrfToken: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n csrfToken: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout() {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout', 'POST')\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token || !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId?: string) {\n const orgId = subOrgId || this._sessionStore.user?.subOrgId\n\n if (!orgId) throw new BadRequestError('No orgId provided')\n\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n })\n\n const { user, token, csrfToken } = await this.request(\n '/v1/signin',\n 'POST',\n {\n stampedRequest,\n },\n )\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._sessionStore.csrfToken = csrfToken\n this._scheduleRefresh(token)\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(this._configuration.apiUrl)\n // Ensures the route is appended correctly if client apiUrl has a path\n url.pathname = url.pathname + route\n\n const token = this._sessionStore.token\n const csrfToken = this._sessionStore.csrfToken\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n if (csrfToken) {\n headers['X-CSRF-Token'] = csrfToken\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n credentials: 'include',\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /**\n * Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n */\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds * 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Check if csrfToken is in memory, if not get a new one\n if (!this._sessionStore.csrfToken) {\n const { csrfToken } = await this.request('/v1/csrf-token', 'GET')\n this._sessionStore.csrfToken = csrfToken\n }\n\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.request('/v1/refresh', 'POST')\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data || !data.token || !data.csrfToken) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._sessionStore.csrfToken = data.csrfToken\n this._scheduleRefresh(data.token)\n } catch (error) {\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n try {\n this._sessionStore.clearToken()\n this._sessionStore.clearCsrfToken()\n this._sessionStore.clearUser()\n } catch {\n // ignore errors\n }\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 ** (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain | undefined,\n JsonRpcAccount | LocalAccount | undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,WAAsB;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,QAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,IAAAC,QAAsB;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;ACpBA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,SAAS,GAAmB;AAAA,EAK7C;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,IAAAC,eAAuC;AACvC,8BAAgC;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,qBAA2C;AAC3C,wBAA2C;AAkB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,YAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,UAAU,WAAmB;AAC/B,SAAK,OAAO,SAAS,EAAE,UAAU,CAAC;AAAA,EACpC;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,iBAAiB;AACf,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,WAAW,OAAU,CAAC;AAAA,EAC1E;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,WAAW;AAAA,MACX,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AChIA,kBAA8B;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,kBAA0B;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,SAAS;AACpB,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,cAAc,MAAM;AACvC,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAmB;AACxC,UAAM,QAAQ,YAAY,KAAK,cAAc,MAAM;AAEnD,QAAI,CAAC,MAAO,OAAM,IAAI,gBAAgB,mBAAmB;AAEzD,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,QACE;AAAA,MACF;AAAA,IACF;AAEA,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAK;AAAA,EAC7B;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,KAAK,eAAe,MAAM;AAE9C,QAAI,WAAW,IAAI,WAAW;AAE9B,UAAM,QAAQ,KAAK,cAAc;AACjC,UAAM,YAAY,KAAK,cAAc;AAErC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,QAAI,WAAW;AACb,cAAQ,cAAc,IAAI;AAAA,IAC5B;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,YAAI,CAAC,KAAK,cAAc,WAAW;AACjC,gBAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,kBAAkB,KAAK;AAChE,eAAK,cAAc,YAAY;AAAA,QACjC;AAGA,cAAM,iBAAiB,KAAK,QAAQ,eAAe,MAAM;AACzD,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,SAAS,CAAC,KAAK,WAAW;AAE3C,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,cAAc,YAAY,KAAK;AACpC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AAEd,YAAI,iBAAiB,mBAAmB;AACtC,cAAI;AACF,iBAAK,cAAc,WAAW;AAC9B,iBAAK,cAAc,eAAe;AAClC,iBAAK,cAAc,UAAU;AAAA,UAC/B,QAAQ;AAAA,UAER;AACA,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJnYA,gCAAiC;AA2CjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,2CAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,OAAO;AACb,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,uBAAuB,EAAE,MAAM,CAAC;AAAA,IAC7C,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,UAAM,KAAK,sBAAsB;AAEjC,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB,WAAW,MAAM,KAAK,aAAa;AAAA,IACrC,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,QAAQ;AAC1B,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBAAuB,QAA8B;AACjE,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,QACE,OAAO,OAAO;AAAA,QACd,WAAW,UAAU,WAAW,SAAS;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAEA,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQ5SA,kBAqBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AnBlIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_http","error","import_accounts"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n */\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /**\n * Completes email authentication with OTP code.\n *\n * @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /**\n * Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n *\n * @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.\n */\n async getAuthMethod(): Promise<'otp' | 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebAuthnSignInParams} params for the sign-in process.\n */\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /**\n * Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n */\n static async sha256Hex(\n input: string | ArrayBuffer | Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\n/**\n * A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n */\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ subOrgId }: CompleteParams) {\n /* await this._webSignerClient.completeAuth({\n subOrgId,\n sessionType: SessionType.OAuth,\n }) */\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /**\n * Checks if a user is currently logged in to the fourt.io SDK.\n */\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /**\n * Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n */\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\n\ntype WebAuthnSignInParams = {\n email: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteAuthParams = {\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async isLoggedIn() {\n await this.getPublicKey()\n return super.isLoggedIn()\n }\n\n public override async logout() {\n const publicKey = await this.getPublicKey()\n super.logout(publicKey)\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebAuthnSignInParams} params params for the sign in\n */\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createWebAuthnAccount({ email })\n } else {\n this.stamper = this.webauthnStamper\n await this.signIn(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handles auth user process with email according to the method of the used app.\n *\n * @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n */\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /**\n * Verifies the provided otp code.\n *\n * @param {CompleteEmailAuthParams} params params needed for otp code verification\n */\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n await this._initIndexedDbStamper()\n\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const publicKey = await this.getPublicKey()\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey,\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId, publicKey)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /**\n * Gets the email authentication method of the app.\n */\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n */\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /**\n * Creates a passkey account using the webauthn stamper.\n *\n * @param {WebAuthnSignInParams} params params for the creation of the account\n */\n private async _createWebAuthnAccount(params: WebAuthnSignInParams) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token } = await this.request('/v1/signup', 'POST', {\n email: params.email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n })\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._scheduleRefresh(token!)\n }\n\n /**\n * Init account creation with email.\n *\n * @param {InitEmailAuthParams} params params for the creation of the account\n */\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthParams,\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n GoogleOAuthSignInParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n}\n","/**\n * Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n */\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n bundle: state.bundle,\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get bundle(): string | undefined {\n return this._store.getState().bundle\n }\n\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string | undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout(publicKey: string) {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout', 'POST', { publicKey })\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token || !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId: string, publicKey?: string) {\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: subOrgId,\n })\n\n const { user, token } = await this.request('/v1/signin', 'POST', {\n stampedRequest,\n publicKey,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._scheduleRefresh(token)\n return { user, token }\n }\n\n protected async stampAndRefresh() {\n const refreshPayload = JSON.stringify({\n timestamp: Date.now(),\n type: 'refresh_token_request',\n })\n const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload)\n const { token } = await this.request('/v1/refresh', 'POST', {\n payload: refreshPayload,\n stamp,\n })\n this._sessionStore.token = token\n return { token }\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this._sessionStore.token\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /**\n * Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n */\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds * 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.stampAndRefresh()\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data || !data.token) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._scheduleRefresh(data.token)\n } catch (error) {\n console.error('Token refresh failed:', error)\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n this._sessionStore.clearToken()\n this._sessionStore.clearUser()\n\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 ** (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain | undefined,\n JsonRpcAccount | LocalAccount | undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,WAAsB;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,QAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,IAAAC,QAAsB;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;ACpBA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,SAAS,GAAmB;AAAA,EAK7C;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,IAAAC,eAAuC;AACvC,8BAAgC;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,qBAA2C;AAC3C,wBAA2C;AAiB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClHA,kBAA8B;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,kBAA0B;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,OAAO,WAAmB;AACrC,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,UAAU,CAAC;AACtD,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAkB,WAAoB;AAC3D,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAK;AAC3B,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,iBAAiB,KAAK,UAAU;AAAA,MACpC,WAAW,KAAK,IAAI;AAAA,MACpB,MAAM;AAAA,IACR,CAAC;AACD,UAAM,QAAQ,MAAM,KAAK,eAAe,QAAQ,MAAM,cAAc;AACpE,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,eAAe,QAAQ;AAAA,MAC1D,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,SAAK,cAAc,QAAQ;AAC3B,WAAO,EAAE,MAAM;AAAA,EACjB;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,cAAc;AAEjC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,cAAM,iBAAiB,KAAK,gBAAgB;AAC5C,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,OAAO;AAExB,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AACd,gBAAQ,MAAM,yBAAyB,KAAK;AAE5C,YAAI,iBAAiB,mBAAmB;AACtC,eAAK,cAAc,WAAW;AAC9B,eAAK,cAAc,UAAU;AAE7B,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJvXA,gCAAiC;AA2CjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,2CAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,aAAa;AACjC,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,WAAW;AAAA,EAC1B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,OAAO,SAAS;AACtB,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,uBAAuB,EAAE,MAAM,CAAC;AAAA,IAC7C,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,UAAM,KAAK,sBAAsB;AAEjC,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB;AAAA,IACF,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,UAAU,SAAS;AACrC,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBAAuB,QAA8B;AACjE,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D,OAAO,OAAO;AAAA,MACd,WAAW,UAAU,WAAW,SAAS;AAAA,MACzC;AAAA,IACF,CAAC;AAED,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQ9SA,kBAqBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AnBlIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_http","error","import_accounts"]}
package/dist/index.d.cts CHANGED
@@ -18,8 +18,6 @@ declare class SessionStore {
18
18
  set type(type: SessionType);
19
19
  get token(): string | undefined;
20
20
  set token(token: string);
21
- get csrfToken(): string | undefined;
22
- set csrfToken(csrfToken: string);
23
21
  get bundle(): string | undefined;
24
22
  set bundle(bundle: string);
25
23
  get user(): User | undefined;
@@ -30,7 +28,6 @@ declare class SessionStore {
30
28
  clearBundle(): void;
31
29
  clearType(): void;
32
30
  clearToken(): void;
33
- clearCsrfToken(): void;
34
31
  clearOtpId(): void;
35
32
  clearAll(): void;
36
33
  private _getInitialState;
@@ -82,8 +79,7 @@ type AuthenticationServiceEndpoints = [
82
79
  };
83
80
  Response: {
84
81
  user: User;
85
- token?: string;
86
- csrfToken?: string;
82
+ token: string;
87
83
  };
88
84
  },
89
85
  {
@@ -99,11 +95,11 @@ type AuthenticationServiceEndpoints = [
99
95
  Route: '/v1/signin';
100
96
  Body: {
101
97
  stampedRequest: TSignedRequest;
98
+ publicKey?: string;
102
99
  };
103
100
  Response: {
104
101
  user: User;
105
102
  token: string;
106
- csrfToken: string;
107
103
  };
108
104
  },
109
105
  {
@@ -126,22 +122,22 @@ type AuthenticationServiceEndpoints = [
126
122
  },
127
123
  {
128
124
  Route: '/v1/refresh';
129
- Body: {};
130
- Response: {
131
- token: string;
132
- csrfToken: string;
125
+ Body: {
126
+ payload: string;
127
+ stamp: {
128
+ stampHeaderName: string;
129
+ stampHeaderValue: string;
130
+ };
133
131
  };
134
- },
135
- {
136
- Route: '/v1/csrf-token';
137
- Body: {};
138
132
  Response: {
139
- csrfToken: string;
133
+ token: string;
140
134
  };
141
135
  },
142
136
  {
143
137
  Route: '/v1/logout';
144
- Body: {};
138
+ Body: {
139
+ publicKey: string;
140
+ };
145
141
  Response: {};
146
142
  },
147
143
  {
@@ -150,7 +146,7 @@ type AuthenticationServiceEndpoints = [
150
146
  Response: User;
151
147
  }
152
148
  ];
153
- declare const ROUTE_METHOD_LIST: readonly [readonly ["/v1/signup", "POST"], readonly ["/v1/email/init", "POST"], readonly ["/v1/email/method", "GET"], readonly ["/v1/email/complete", "POST"], readonly ["/v1/lookup", "POST"], readonly ["/v1/signin", "POST"], readonly ["/v1/sign", "POST"], readonly ["/v1/oauth/init", "POST"], readonly ["/v1/refresh", "POST"], readonly ["/v1/csrf-token", "GET"], readonly ["/v1/logout", "POST"], readonly ["/v1/me", "GET"]];
149
+ declare const ROUTE_METHOD_LIST: readonly [readonly ["/v1/signup", "POST"], readonly ["/v1/email/init", "POST"], readonly ["/v1/email/method", "GET"], readonly ["/v1/email/complete", "POST"], readonly ["/v1/lookup", "POST"], readonly ["/v1/signin", "POST"], readonly ["/v1/sign", "POST"], readonly ["/v1/oauth/init", "POST"], readonly ["/v1/refresh", "POST"], readonly ["/v1/logout", "POST"], readonly ["/v1/me", "GET"]];
154
150
  type RouteMethod = (typeof ROUTE_METHOD_LIST)[number];
155
151
  type Route = RouteMethod[0];
156
152
  type Method = RouteMethod[1];
@@ -177,12 +173,18 @@ declare abstract class SignerClient {
177
173
  isLoggedIn(): Promise<boolean>;
178
174
  getToken(): Promise<string>;
179
175
  private _isTokenExpired;
180
- logout(): Promise<void>;
176
+ logout(publicKey: string): Promise<void>;
181
177
  signRawMessage<Into extends string>(msg: string): Promise<Into>;
182
178
  protected set stamper(stamper: TurnkeyClient['stamper']);
183
179
  protected get stamper(): TurnkeyClient['stamper'];
184
180
  protected lookUpUser(email: string): Promise<string | null>;
185
- protected signIn(subOrgId?: string): Promise<void>;
181
+ protected signIn(subOrgId: string, publicKey?: string): Promise<{
182
+ user: User;
183
+ token: string;
184
+ }>;
185
+ protected stampAndRefresh(): Promise<{
186
+ token: string;
187
+ }>;
186
188
  protected request<R extends Route, M extends Method>(route: R, method: M, body?: AuthenticationServiceBody<R>): Promise<AuthenticationServiceResponse<R>>;
187
189
  /**
188
190
  * Compute milliseconds until refresh time.
@@ -230,6 +232,7 @@ declare class WebSignerClient extends SignerClient {
230
232
  * @param {WebSignerClientConstructorParams} params params for the constructor
231
233
  */
232
234
  constructor({ configuration, webauthn, oauth, }: WebSignerClientConstructorParams);
235
+ isLoggedIn(): Promise<boolean>;
233
236
  logout(): Promise<void>;
234
237
  signRawMessage<Into extends string>(msg: string): Promise<Into>;
235
238
  /**