npm - @fourt/sdk - Versions diffs - 1.5.1 → 1.6.0 - Mend

@fourt/sdk 1.5.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -18,8 +18,6 @@ declare class SessionStore {
     set type(type: SessionType);
     get token(): string | undefined;
     set token(token: string);
-    get csrfToken(): string | undefined;
-    set csrfToken(csrfToken: string);
     get bundle(): string | undefined;
     set bundle(bundle: string);
     get user(): User | undefined;
@@ -30,7 +28,6 @@ declare class SessionStore {
     clearBundle(): void;
     clearType(): void;
     clearToken(): void;
-    clearCsrfToken(): void;
     clearOtpId(): void;
     clearAll(): void;
     private _getInitialState;
@@ -82,8 +79,7 @@ type AuthenticationServiceEndpoints = [
         };
         Response: {
             user: User;
-            token?: string;
-            csrfToken?: string;
+            token: string;
         };
     },
     {
@@ -99,11 +95,11 @@ type AuthenticationServiceEndpoints = [
         Route: '/v1/signin';
         Body: {
             stampedRequest: TSignedRequest;
+            publicKey?: string;
         };
         Response: {
             user: User;
             token: string;
-            csrfToken: string;
         };
     },
     {
@@ -126,22 +122,22 @@ type AuthenticationServiceEndpoints = [
     },
     {
         Route: '/v1/refresh';
-        Body: {};
-        Response: {
-            token: string;
-            csrfToken: string;
+        Body: {
+            payload: string;
+            stamp: {
+                stampHeaderName: string;
+                stampHeaderValue: string;
+            };
         };
-    },
-    {
-        Route: '/v1/csrf-token';
-        Body: {};
         Response: {
-            csrfToken: string;
+            token: string;
         };
     },
     {
         Route: '/v1/logout';
-        Body: {};
+        Body: {
+            publicKey: string;
+        };
         Response: {};
     },
     {
@@ -150,7 +146,7 @@ type AuthenticationServiceEndpoints = [
         Response: User;
     }
 ];
-declare const ROUTE_METHOD_LIST: readonly [readonly ["/v1/signup", "POST"], readonly ["/v1/email/init", "POST"], readonly ["/v1/email/method", "GET"], readonly ["/v1/email/complete", "POST"], readonly ["/v1/lookup", "POST"], readonly ["/v1/signin", "POST"], readonly ["/v1/sign", "POST"], readonly ["/v1/oauth/init", "POST"], readonly ["/v1/refresh", "POST"], readonly ["/v1/csrf-token", "GET"], readonly ["/v1/logout", "POST"], readonly ["/v1/me", "GET"]];
+declare const ROUTE_METHOD_LIST: readonly [readonly ["/v1/signup", "POST"], readonly ["/v1/email/init", "POST"], readonly ["/v1/email/method", "GET"], readonly ["/v1/email/complete", "POST"], readonly ["/v1/lookup", "POST"], readonly ["/v1/signin", "POST"], readonly ["/v1/sign", "POST"], readonly ["/v1/oauth/init", "POST"], readonly ["/v1/refresh", "POST"], readonly ["/v1/logout", "POST"], readonly ["/v1/me", "GET"]];
 type RouteMethod = (typeof ROUTE_METHOD_LIST)[number];
 type Route = RouteMethod[0];
 type Method = RouteMethod[1];
@@ -177,12 +173,18 @@ declare abstract class SignerClient {
     isLoggedIn(): Promise<boolean>;
     getToken(): Promise<string>;
     private _isTokenExpired;
-    logout(): Promise<void>;
+    logout(publicKey: string): Promise<void>;
     signRawMessage<Into extends string>(msg: string): Promise<Into>;
     protected set stamper(stamper: TurnkeyClient['stamper']);
     protected get stamper(): TurnkeyClient['stamper'];
     protected lookUpUser(email: string): Promise<string | null>;
-    protected signIn(subOrgId?: string): Promise<void>;
+    protected signIn(subOrgId: string, publicKey?: string): Promise<{
+        user: User;
+        token: string;
+    }>;
+    protected stampAndRefresh(): Promise<{
+        token: string;
+    }>;
     protected request<R extends Route, M extends Method>(route: R, method: M, body?: AuthenticationServiceBody<R>): Promise<AuthenticationServiceResponse<R>>;
     /**
      * Compute milliseconds until refresh time.
@@ -230,6 +232,7 @@ declare class WebSignerClient extends SignerClient {
      * @param {WebSignerClientConstructorParams} params params for the constructor
      */
     constructor({ configuration, webauthn, oauth, }: WebSignerClientConstructorParams);
+    isLoggedIn(): Promise<boolean>;
     logout(): Promise<void>;
     signRawMessage<Into extends string>(msg: string): Promise<Into>;
     /**

package/dist/index.js CHANGED Viewed

@@ -368,12 +368,6 @@ var SessionStore = class {
   set token(token) {
     this._store.setState({ token });
   }
-  get csrfToken() {
-    return this._store.getState().csrfToken;
-  }
-  set csrfToken(csrfToken) {
-    this._store.setState({ csrfToken });
-  }
   get bundle() {
     return this._store.getState().bundle;
   }
@@ -404,9 +398,6 @@ var SessionStore = class {
   clearToken() {
     this._store.setState({ ...this._store.getState(), token: void 0 });
   }
-  clearCsrfToken() {
-    this._store.setState({ ...this._store.getState(), csrfToken: void 0 });
-  }
   clearOtpId() {
     this._store.setState({ ...this._store.getState(), otpId: void 0 });
   }
@@ -423,7 +414,6 @@ var SessionStore = class {
       user: void 0,
       bundle: void 0,
       token: void 0,
-      csrfToken: void 0,
       otpId: void 0
     };
   }
@@ -545,10 +535,10 @@ var SignerClient = class {
       return true;
     }
   }
-  async logout() {
+  async logout(publicKey) {
     if (this._refreshTimer) clearTimeout(this._refreshTimer);
     this._refreshTimer = void 0;
-    await this.request("/v1/logout", "POST");
+    await this.request("/v1/logout", "POST", { publicKey });
     this._sessionStore.clearAll();
   }
   async signRawMessage(msg) {
@@ -588,19 +578,14 @@ var SignerClient = class {
       throw error;
     }
   }
-  async signIn(subOrgId) {
-    const orgId = subOrgId || this._sessionStore.user?.subOrgId;
-    if (!orgId) throw new BadRequestError("No orgId provided");
+  async signIn(subOrgId, publicKey) {
     const stampedRequest = await this._turnkeyClient.stampGetWhoami({
-      organizationId: orgId
+      organizationId: subOrgId
+    });
+    const { user, token } = await this.request("/v1/signin", "POST", {
+      stampedRequest,
+      publicKey
     });
-    const { user, token, csrfToken } = await this.request(
-      "/v1/signin",
-      "POST",
-      {
-        stampedRequest
-      }
-    );
     const credentialId = (() => {
       try {
         return JSON.parse(stampedRequest?.stamp.stampHeaderValue).credentialId;
@@ -613,14 +598,25 @@ var SignerClient = class {
       credentialId
     };
     this._sessionStore.token = token;
-    this._sessionStore.csrfToken = csrfToken;
     this._scheduleRefresh(token);
+    return { user, token };
+  }
+  async stampAndRefresh() {
+    const refreshPayload = JSON.stringify({
+      timestamp: Date.now(),
+      type: "refresh_token_request"
+    });
+    const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload);
+    const { token } = await this.request("/v1/refresh", "POST", {
+      payload: refreshPayload,
+      stamp
+    });
+    this._sessionStore.token = token;
+    return { token };
   }
   async request(route, method, body) {
-    const url = new URL(this._configuration.apiUrl);
-    url.pathname = url.pathname + route;
+    const url = new URL(`${route}`, this._configuration.apiUrl);
     const token = this._sessionStore.token;
-    const csrfToken = this._sessionStore.csrfToken;
     const headers = {
       "Content-Type": "application/json",
       "X-FOURT-KEY": this._configuration.apiKey
@@ -628,14 +624,10 @@ var SignerClient = class {
     if (token) {
       headers["Authorization"] = `Bearer ${token}`;
     }
-    if (csrfToken) {
-      headers["X-CSRF-Token"] = csrfToken;
-    }
     const response = await fetch(url, {
       method,
       body: method === "POST" ? JSON.stringify(body) : void 0,
-      headers,
-      credentials: "include"
+      headers
     });
     const { data, error } = await response.json();
     if (error) {
@@ -688,31 +680,23 @@ var SignerClient = class {
       const TIMEOUT_MS = 1e4;
       const RETRY_DELAY_MS = 5e3;
       try {
-        if (!this._sessionStore.csrfToken) {
-          const { csrfToken } = await this.request("/v1/csrf-token", "GET");
-          this._sessionStore.csrfToken = csrfToken;
-        }
-        const refreshPromise = this.request("/v1/refresh", "POST");
+        const refreshPromise = this.stampAndRefresh();
         const data = await Promise.race([
           refreshPromise,
           new Promise(
             (_, reject) => setTimeout(() => reject(new Error("Refresh timeout")), TIMEOUT_MS)
           )
         ]);
-        if (!data || !data.token || !data.csrfToken) {
+        if (!data || !data.token) {
           throw new UnauthorizedError("Refresh did not return tokens");
         }
         this._sessionStore.token = data.token;
-        this._sessionStore.csrfToken = data.csrfToken;
         this._scheduleRefresh(data.token);
       } catch (error) {
+        console.error("Token refresh failed:", error);
         if (error instanceof UnauthorizedError) {
-          try {
-            this._sessionStore.clearToken();
-            this._sessionStore.clearCsrfToken();
-            this._sessionStore.clearUser();
-          } catch {
-          }
+          this._sessionStore.clearToken();
+          this._sessionStore.clearUser();
           throw error;
         }
         if (this._refreshTimer) clearTimeout(this._refreshTimer);
@@ -769,8 +753,13 @@ var WebSignerClient = class extends SignerClient {
     this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId });
     this.oauthConfiguration = oauth;
   }
+  async isLoggedIn() {
+    await this.getPublicKey();
+    return super.isLoggedIn();
+  }
   async logout() {
-    super.logout();
+    const publicKey = await this.getPublicKey();
+    super.logout(publicKey);
     this.indexedDbStamper.clear();
   }
   async signRawMessage(msg) {
@@ -841,14 +830,15 @@ var WebSignerClient = class extends SignerClient {
     await this._initIndexedDbStamper();
     if (!this._sessionStore.otpId)
       throw new NotFoundError("No OTP ID found in session store.");
+    const publicKey = await this.getPublicKey();
     const { subOrgId } = await this.request("/v1/email/complete", "POST", {
       otpId: this._sessionStore.otpId,
       otpCode: params.otpCode,
-      publicKey: await this.getPublicKey()
+      publicKey
     });
     if (!subOrgId)
       throw new NotFoundError("No OTP authentication response returned.");
-    await this.signIn(subOrgId);
+    await this.signIn(subOrgId, publicKey);
     this._sessionStore.type = "email" /* Email */;
     this._sessionStore.clearOtpId();
   }
@@ -880,22 +870,17 @@ var WebSignerClient = class extends SignerClient {
     const { challenge, attestation } = await this._webauthnGenerateAttestation(
       params.email
     );
-    const { user, token, csrfToken } = await this.request(
-      "/v1/signup",
-      "POST",
-      {
-        email: params.email,
-        challenge: LibBase64.fromBuffer(challenge),
-        attestation
-      }
-    );
+    const { user, token } = await this.request("/v1/signup", "POST", {
+      email: params.email,
+      challenge: LibBase64.fromBuffer(challenge),
+      attestation
+    });
     this._sessionStore.user = {
       ...user,
       credentialId: attestation.credentialId
     };
     this._sessionStore.type = "passkeys" /* Passkeys */;
     this._sessionStore.token = token;
-    this._sessionStore.csrfToken = csrfToken;
     this._scheduleRefresh(token);
   }
   /**

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts","../src/index.ts"],"sourcesContent":["import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/*\n A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n /\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Initialize user authentication process using email.\n \n @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n /\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /\n Completes email authentication with OTP code.\n \n @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n /\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /\n Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n \n @returns {Promise<'otp' \| 'magiclink'>} promise that resolves to the email authentication method.\n /\n async getAuthMethod(): Promise<'otp' \| 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/\n A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n /\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Signs in a user using Passkeys.\n \n @param params {WebAuthnSignInParams} params for the sign-in process.\n /\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /*\n Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n /\n static async sha256Hex(\n input: string \| ArrayBuffer \| Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\n/*\n A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n /\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ subOrgId }: CompleteParams) {\n / await this._webSignerClient.completeAuth({\n subOrgId,\n sessionType: SessionType.OAuth,\n }) /\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/\n A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n /\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /\n Initializes a new instance of the `AuthModule` class.\n \n @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n /\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /\n A module for interacting with the Passkeys authentication methods.\n /\n get passkeys() {\n return this._passkeys\n }\n\n /\n A module for interacting with the Passkeys authentication methods.\n /\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/\n A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n /\nclass UserModule {\n /\n Initializes a new instance of the `UserModule` class.\n \n @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n /\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n /\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /\n Checks if a user is currently logged in to the fourt.io SDK.\n /\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /\n Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n /\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /\n Logs out the user.\n /\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\n\ntype WebAuthnSignInParams = {\n email: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteAuthParams = {\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/\n A signer client for web applications.\n /\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /\n Initializes a new instance of the `WebSignerClient` class.\n \n @param {WebSignerClientConstructorParams} params params for the constructor\n /\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async logout() {\n super.logout()\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /\n Get the pre-filled URL for initiating oauth with a specific provider.\n \n @param {string} provider provider for which we are getting the URL, currently google or apple\n /\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /\n Signs in a user with webauthn.\n \n @param {WebAuthnSignInParams} params params for the sign in\n /\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createWebAuthnAccount({ email })\n } else {\n this.stamper = this.webauthnStamper\n await this.signIn(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user \|\| !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /\n Handles auth user process with email according to the method of the used app.\n \n @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n /\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /\n Verifies the provided otp code.\n \n @param {CompleteEmailAuthParams} params params needed for otp code verification\n /\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n await this._initIndexedDbStamper()\n\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey: await this.getPublicKey(),\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /\n Gets the email authentication method of the app.\n /\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /\n Checks for an existing session and if exists, updates the stamper accordingly.\n /\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /\n Creates a passkey account using the webauthn stamper.\n \n @param {WebAuthnSignInParams} params params for the creation of the account\n /\n private async _createWebAuthnAccount(params: WebAuthnSignInParams) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token, csrfToken } = await this.request(\n '/v1/signup',\n 'POST',\n {\n email: params.email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n },\n )\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._sessionStore.csrfToken = csrfToken!\n this._scheduleRefresh(token!)\n }\n\n /\n Init account creation with email.\n \n @param {InitEmailAuthParams} params params for the creation of the account\n /\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthParams,\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n GoogleOAuthSignInParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n}\n","/\n Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n /\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n csrfToken?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n bundle: state.bundle,\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType \| undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string \| undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get csrfToken(): string \| undefined {\n return this._store.getState().csrfToken\n }\n\n set csrfToken(csrfToken: string) {\n this._store.setState({ csrfToken })\n }\n\n get bundle(): string \| undefined {\n return this._store.getState().bundle\n }\n\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n get user(): User \| undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string \| undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearCsrfToken() {\n this._store.setState({ ...this._store.getState(), csrfToken: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n csrfToken: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout() {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout', 'POST')\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token \|\| !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string \| null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId?: string) {\n const orgId = subOrgId \|\| this._sessionStore.user?.subOrgId\n\n if (!orgId) throw new BadRequestError('No orgId provided')\n\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n })\n\n const { user, token, csrfToken } = await this.request(\n '/v1/signin',\n 'POST',\n {\n stampedRequest,\n },\n )\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._sessionStore.csrfToken = csrfToken\n this._scheduleRefresh(token)\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(this._configuration.apiUrl)\n // Ensures the route is appended correctly if client apiUrl has a path\n url.pathname = url.pathname + route\n\n const token = this._sessionStore.token\n const csrfToken = this._sessionStore.csrfToken\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n if (csrfToken) {\n headers['X-CSRF-Token'] = csrfToken\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n credentials: 'include',\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /*\n Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n /\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Check if csrfToken is in memory, if not get a new one\n if (!this._sessionStore.csrfToken) {\n const { csrfToken } = await this.request('/v1/csrf-token', 'GET')\n this._sessionStore.csrfToken = csrfToken\n }\n\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.request('/v1/refresh', 'POST')\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data \|\| !data.token \|\| !data.csrfToken) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._sessionStore.csrfToken = data.csrfToken\n this._scheduleRefresh(data.token)\n } catch (error) {\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n try {\n this._sessionStore.clearToken()\n this._sessionStore.clearCsrfToken()\n this._sessionStore.clearUser()\n } catch {\n // ignore errors\n }\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain \| undefined,\n JsonRpcAccount \| LocalAccount \| undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData \| Record<string, unknown>,\n primaryType extends keyof typedData \| 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData \| Record<string, unknown>,\n TPrimaryType extends keyof TTypedData \| 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n \| {\n serializer?: serializer \| undefined\n }\n \| undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n","import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' \| 'oauth'>\n}\n\n/\n * A client for interacting with the Fourt Web Signer.\n /\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /\n Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n \n \n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n \n @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n /\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /\n A module for interacting with the Viem library.\n /\n get viem() {\n return this._modules.viem\n }\n\n /\n A module for interacting with the authentication methods.\n /\n get auth() {\n return this._modules.auth\n }\n\n /\n A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n"],"mappings":";;;;;;;;AAUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,YAAY,UAAU;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,UAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,YAAYA,WAAU;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,YAAYC,WAAU;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;ACpBA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,SAAS,GAAmB;AAAA,EAK7C;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,SAAS,8BAA8B;AACvC,SAAS,uBAAuB;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,SAAS,mBAAkC;AAC3C,SAAS,SAAS,yBAAyB;AAkB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,SAAS,YAA0B;AAAA,MACtC,QAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,SAAS,kBAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,YAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,UAAU,WAAmB;AAC/B,SAAK,OAAO,SAAS,EAAE,UAAU,CAAC;AAAA,EACpC;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,iBAAiB;AACf,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,WAAW,OAAU,CAAC;AAAA,EAC1E;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,WAAW;AAAA,MACX,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AChIA,SAAS,qBAAqB;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,SAAS,iBAAiB;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,UAAU,UAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,SAAS;AACpB,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,cAAc,MAAM;AACvC,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAmB;AACxC,UAAM,QAAQ,YAAY,KAAK,cAAc,MAAM;AAEnD,QAAI,CAAC,MAAO,OAAM,IAAI,gBAAgB,mBAAmB;AAEzD,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,QACE;AAAA,MACF;AAAA,IACF;AAEA,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAK;AAAA,EAC7B;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,KAAK,eAAe,MAAM;AAE9C,QAAI,WAAW,IAAI,WAAW;AAE9B,UAAM,QAAQ,KAAK,cAAc;AACjC,UAAM,YAAY,KAAK,cAAc;AAErC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,QAAI,WAAW;AACb,cAAQ,cAAc,IAAI;AAAA,IAC5B;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,UAAU,UAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,YAAI,CAAC,KAAK,cAAc,WAAW;AACjC,gBAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,kBAAkB,KAAK;AAChE,eAAK,cAAc,YAAY;AAAA,QACjC;AAGA,cAAM,iBAAiB,KAAK,QAAQ,eAAe,MAAM;AACzD,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,SAAS,CAAC,KAAK,WAAW;AAE3C,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,cAAc,YAAY,KAAK;AACpC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AAEd,YAAI,iBAAiB,mBAAmB;AACtC,cAAI;AACF,iBAAK,cAAc,WAAW;AAC9B,iBAAK,cAAc,eAAe;AAClC,iBAAK,cAAc,UAAU;AAAA,UAC/B,QAAQ;AAAA,UAER;AACA,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJnYA,SAAS,wBAAwB;AA2CjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,iBAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,gBAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,OAAO;AACb,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,uBAAuB,EAAE,MAAM,CAAC;AAAA,IAC7C,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,UAAM,KAAK,sBAAsB;AAEjC,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB,WAAW,MAAM,KAAK,aAAa;AAAA,IACrC,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,QAAQ;AAC1B,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBAAuB,QAA8B;AACjE,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,OAAO,UAAU,IAAI,MAAM,KAAK;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,QACE,OAAO,OAAO;AAAA,QACd,WAAW,UAAU,WAAW,SAAS;AAAA,QACzC;AAAA,MACF;AAAA,IACF;AAEA,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,MAAM,uBAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQ5SA;AAAA,EAeE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,iBAAiB;AAG1B,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,WAAO,UAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,WAAO,oBAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,OAAO,YAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,WAAO,sBAAsB;AAAA,MAC3B,WAAW,KAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,cAAc,YAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,cAAc,cAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,MAC5C,UAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AClIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","error"]}
1	+ {"version":3,"sources":["../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts","../src/index.ts"],"sourcesContent":["import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/*\n A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n /\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Initialize user authentication process using email.\n \n @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n /\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /\n Completes email authentication with OTP code.\n \n @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n /\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /\n Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n \n @returns {Promise<'otp' \| 'magiclink'>} promise that resolves to the email authentication method.\n /\n async getAuthMethod(): Promise<'otp' \| 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/\n A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n /\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Signs in a user using Passkeys.\n \n @param params {WebAuthnSignInParams} params for the sign-in process.\n /\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /*\n Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n /\n static async sha256Hex(\n input: string \| ArrayBuffer \| Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\n/*\n A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n /\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ subOrgId }: CompleteParams) {\n / await this._webSignerClient.completeAuth({\n subOrgId,\n sessionType: SessionType.OAuth,\n }) /\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/\n A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n /\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /\n Initializes a new instance of the `AuthModule` class.\n \n @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n /\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /\n A module for interacting with the Passkeys authentication methods.\n /\n get passkeys() {\n return this._passkeys\n }\n\n /\n A module for interacting with the Passkeys authentication methods.\n /\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/\n A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n /\nclass UserModule {\n /\n Initializes a new instance of the `UserModule` class.\n \n @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n /\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /\n Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n /\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /\n Checks if a user is currently logged in to the fourt.io SDK.\n /\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /\n Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n /\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /\n Logs out the user.\n /\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\n\ntype WebAuthnSignInParams = {\n email: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteAuthParams = {\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/\n A signer client for web applications.\n /\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /\n Initializes a new instance of the `WebSignerClient` class.\n \n @param {WebSignerClientConstructorParams} params params for the constructor\n /\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async isLoggedIn() {\n await this.getPublicKey()\n return super.isLoggedIn()\n }\n\n public override async logout() {\n const publicKey = await this.getPublicKey()\n super.logout(publicKey)\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /\n Get the pre-filled URL for initiating oauth with a specific provider.\n \n @param {string} provider provider for which we are getting the URL, currently google or apple\n /\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /\n Signs in a user with webauthn.\n \n @param {WebAuthnSignInParams} params params for the sign in\n /\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createWebAuthnAccount({ email })\n } else {\n this.stamper = this.webauthnStamper\n await this.signIn(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user \|\| !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /\n Handles auth user process with email according to the method of the used app.\n \n @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n /\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /\n Verifies the provided otp code.\n \n @param {CompleteEmailAuthParams} params params needed for otp code verification\n /\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n await this._initIndexedDbStamper()\n\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const publicKey = await this.getPublicKey()\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey,\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId, publicKey)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /\n Gets the email authentication method of the app.\n /\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /\n Checks for an existing session and if exists, updates the stamper accordingly.\n /\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /\n Creates a passkey account using the webauthn stamper.\n \n @param {WebAuthnSignInParams} params params for the creation of the account\n /\n private async _createWebAuthnAccount(params: WebAuthnSignInParams) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token } = await this.request('/v1/signup', 'POST', {\n email: params.email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n })\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._scheduleRefresh(token!)\n }\n\n /\n Init account creation with email.\n \n @param {InitEmailAuthParams} params params for the creation of the account\n /\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthParams,\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n GoogleOAuthSignInParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n}\n","/\n Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n /\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n bundle: state.bundle,\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType \| undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string \| undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get bundle(): string \| undefined {\n return this._store.getState().bundle\n }\n\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n get user(): User \| undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string \| undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout(publicKey: string) {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout', 'POST', { publicKey })\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token \|\| !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string \| null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId: string, publicKey?: string) {\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: subOrgId,\n })\n\n const { user, token } = await this.request('/v1/signin', 'POST', {\n stampedRequest,\n publicKey,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._scheduleRefresh(token)\n return { user, token }\n }\n\n protected async stampAndRefresh() {\n const refreshPayload = JSON.stringify({\n timestamp: Date.now(),\n type: 'refresh_token_request',\n })\n const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload)\n const { token } = await this.request('/v1/refresh', 'POST', {\n payload: refreshPayload,\n stamp,\n })\n this._sessionStore.token = token\n return { token }\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this._sessionStore.token\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /*\n Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n /\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.stampAndRefresh()\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data \|\| !data.token) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._scheduleRefresh(data.token)\n } catch (error) {\n console.error('Token refresh failed:', error)\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n this._sessionStore.clearToken()\n this._sessionStore.clearUser()\n\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain \| undefined,\n JsonRpcAccount \| LocalAccount \| undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData \| Record<string, unknown>,\n primaryType extends keyof typedData \| 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData \| Record<string, unknown>,\n TPrimaryType extends keyof TTypedData \| 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n \| {\n serializer?: serializer \| undefined\n }\n \| undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n","import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' \| 'oauth'>\n}\n\n/\n * A client for interacting with the Fourt Web Signer.\n /\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /\n Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n \n \n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n \n @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n /\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /\n A module for interacting with the Viem library.\n /\n get viem() {\n return this._modules.viem\n }\n\n /\n A module for interacting with the authentication methods.\n /\n get auth() {\n return this._modules.auth\n }\n\n /\n A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n"],"mappings":";;;;;;;;AAUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,YAAY,UAAU;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,UAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,YAAYA,WAAU;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,YAAYC,WAAU;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;ACpBA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,SAAS,GAAmB;AAAA,EAK7C;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,SAAS,8BAA8B;AACvC,SAAS,uBAAuB;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,SAAS,mBAAkC;AAC3C,SAAS,SAAS,yBAAyB;AAiB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,SAAS,YAA0B;AAAA,MACtC,QAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,SAAS,kBAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClHA,SAAS,qBAAqB;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,SAAS,iBAAiB;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,UAAU,UAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,OAAO,WAAmB;AACrC,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,UAAU,CAAC;AACtD,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAkB,WAAoB;AAC3D,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAK;AAC3B,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,iBAAiB,KAAK,UAAU;AAAA,MACpC,WAAW,KAAK,IAAI;AAAA,MACpB,MAAM;AAAA,IACR,CAAC;AACD,UAAM,QAAQ,MAAM,KAAK,eAAe,QAAQ,MAAM,cAAc;AACpE,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,eAAe,QAAQ;AAAA,MAC1D,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,SAAK,cAAc,QAAQ;AAC3B,WAAO,EAAE,MAAM;AAAA,EACjB;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,cAAc;AAEjC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,UAAU,UAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,cAAM,iBAAiB,KAAK,gBAAgB;AAC5C,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,OAAO;AAExB,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AACd,gBAAQ,MAAM,yBAAyB,KAAK;AAE5C,YAAI,iBAAiB,mBAAmB;AACtC,eAAK,cAAc,WAAW;AAC9B,eAAK,cAAc,UAAU;AAE7B,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJvXA,SAAS,wBAAwB;AA2CjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,iBAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,gBAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,aAAa;AACjC,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,WAAW;AAAA,EAC1B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,OAAO,SAAS;AACtB,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,uBAAuB,EAAE,MAAM,CAAC;AAAA,IAC7C,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,UAAM,KAAK,sBAAsB;AAEjC,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB;AAAA,IACF,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,UAAU,SAAS;AACrC,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBAAuB,QAA8B;AACjE,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D,OAAO,OAAO;AAAA,MACd,WAAW,UAAU,WAAW,SAAS;AAAA,MACzC;AAAA,IACF,CAAC;AAED,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,MAAM,uBAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQ9SA;AAAA,EAeE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,iBAAiB;AAG1B,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,WAAO,UAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,WAAO,oBAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,OAAO,YAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,WAAO,sBAAsB;AAAA,MAC3B,WAAW,KAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,cAAc,YAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,cAAc,cAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,MAC5C,UAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AClIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","error"]}