@fourt/sdk 1.6.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +48 -49
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +40 -33
- package/dist/index.d.ts +40 -33
- package/dist/index.js +48 -49
- package/dist/index.js.map +1 -1
- package/package.json +5 -5
package/dist/index.cjs
CHANGED
|
@@ -138,7 +138,7 @@ var GoogleModule = class {
|
|
|
138
138
|
const state = new jose.UnsecuredJWT({
|
|
139
139
|
apiKey: this._webSignerClient.configuration.apiKey,
|
|
140
140
|
redirectUrl: this._webSignerClient.oauthConfiguration.common.redirectUrl,
|
|
141
|
-
|
|
141
|
+
publicKey,
|
|
142
142
|
internalUrl,
|
|
143
143
|
origin: window.location.origin
|
|
144
144
|
}).encode();
|
|
@@ -171,7 +171,7 @@ var FacebookModule = class {
|
|
|
171
171
|
const jwt = new jose2.UnsecuredJWT({
|
|
172
172
|
apiKey: this._webSignerClient.configuration.apiKey,
|
|
173
173
|
redirectUrl: this._webSignerClient.oauthConfiguration.common.redirectUrl,
|
|
174
|
-
|
|
174
|
+
publicKey,
|
|
175
175
|
internalUrl,
|
|
176
176
|
origin: window.location.origin
|
|
177
177
|
}).encode();
|
|
@@ -216,7 +216,7 @@ var AppleModule = class {
|
|
|
216
216
|
const state = new jose3.UnsecuredJWT({
|
|
217
217
|
apiKey: this._webSignerClient.configuration.apiKey,
|
|
218
218
|
redirectUrl: this._webSignerClient.oauthConfiguration.common.redirectUrl,
|
|
219
|
-
|
|
219
|
+
publicKey,
|
|
220
220
|
internalUrl,
|
|
221
221
|
origin: window.location.origin
|
|
222
222
|
}).encode();
|
|
@@ -245,7 +245,14 @@ var OAuthModule = class {
|
|
|
245
245
|
get apple() {
|
|
246
246
|
return this._appleModule;
|
|
247
247
|
}
|
|
248
|
-
|
|
248
|
+
/**
|
|
249
|
+
* Completes oauth authentication.
|
|
250
|
+
*
|
|
251
|
+
* @param params {CompleteOAuthParams} params needed for oauth completion
|
|
252
|
+
* @returns {Promise<void>} promise that completes the oauth authentication process.
|
|
253
|
+
*/
|
|
254
|
+
async complete(params) {
|
|
255
|
+
await this._webSignerClient.completeOAuth(params);
|
|
249
256
|
}
|
|
250
257
|
};
|
|
251
258
|
|
|
@@ -378,7 +385,6 @@ var SessionStore = class {
|
|
|
378
385
|
storage: (0, import_middleware.createJSONStorage)(() => localStorage),
|
|
379
386
|
// persist only these in localStorage
|
|
380
387
|
partialize: (state) => ({
|
|
381
|
-
bundle: state.bundle,
|
|
382
388
|
type: state.type,
|
|
383
389
|
otpId: state.otpId
|
|
384
390
|
})
|
|
@@ -397,12 +403,6 @@ var SessionStore = class {
|
|
|
397
403
|
set token(token) {
|
|
398
404
|
this._store.setState({ token });
|
|
399
405
|
}
|
|
400
|
-
get bundle() {
|
|
401
|
-
return this._store.getState().bundle;
|
|
402
|
-
}
|
|
403
|
-
set bundle(bundle) {
|
|
404
|
-
this._store.setState({ bundle });
|
|
405
|
-
}
|
|
406
406
|
get user() {
|
|
407
407
|
return this._store.getState().user;
|
|
408
408
|
}
|
|
@@ -418,9 +418,6 @@ var SessionStore = class {
|
|
|
418
418
|
clearUser() {
|
|
419
419
|
this._store.setState({ ...this._store.getState(), user: void 0 });
|
|
420
420
|
}
|
|
421
|
-
clearBundle() {
|
|
422
|
-
this._store.setState({ ...this._store.getState(), bundle: void 0 });
|
|
423
|
-
}
|
|
424
421
|
clearType() {
|
|
425
422
|
this._store.setState({ ...this._store.getState(), type: void 0 });
|
|
426
423
|
}
|
|
@@ -433,7 +430,6 @@ var SessionStore = class {
|
|
|
433
430
|
clearAll() {
|
|
434
431
|
this.clearToken();
|
|
435
432
|
this.clearUser();
|
|
436
|
-
this.clearBundle();
|
|
437
433
|
this.clearType();
|
|
438
434
|
this.clearOtpId();
|
|
439
435
|
}
|
|
@@ -441,7 +437,6 @@ var SessionStore = class {
|
|
|
441
437
|
return {
|
|
442
438
|
type: void 0,
|
|
443
439
|
user: void 0,
|
|
444
|
-
bundle: void 0,
|
|
445
440
|
token: void 0,
|
|
446
441
|
otpId: void 0
|
|
447
442
|
};
|
|
@@ -564,10 +559,15 @@ var SignerClient = class {
|
|
|
564
559
|
return true;
|
|
565
560
|
}
|
|
566
561
|
}
|
|
567
|
-
async logout(
|
|
562
|
+
async logout() {
|
|
568
563
|
if (this._refreshTimer) clearTimeout(this._refreshTimer);
|
|
569
564
|
this._refreshTimer = void 0;
|
|
570
|
-
|
|
565
|
+
const logoutPayload = JSON.stringify({
|
|
566
|
+
timestamp: Date.now(),
|
|
567
|
+
type: "logout_request"
|
|
568
|
+
});
|
|
569
|
+
const stamp = await this._turnkeyClient.stamper.stamp(logoutPayload);
|
|
570
|
+
await this.request("/v1/logout", "POST", { payload: logoutPayload, stamp });
|
|
571
571
|
this._sessionStore.clearAll();
|
|
572
572
|
}
|
|
573
573
|
async signRawMessage(msg) {
|
|
@@ -617,7 +617,7 @@ var SignerClient = class {
|
|
|
617
617
|
});
|
|
618
618
|
const credentialId = (() => {
|
|
619
619
|
try {
|
|
620
|
-
return JSON.parse(stampedRequest
|
|
620
|
+
return JSON.parse(stampedRequest.stamp.stampHeaderValue).credentialId;
|
|
621
621
|
} catch (e) {
|
|
622
622
|
return void 0;
|
|
623
623
|
}
|
|
@@ -787,8 +787,8 @@ var WebSignerClient = class extends SignerClient {
|
|
|
787
787
|
return super.isLoggedIn();
|
|
788
788
|
}
|
|
789
789
|
async logout() {
|
|
790
|
-
|
|
791
|
-
super.logout(
|
|
790
|
+
await this._initIndexedDbStamper();
|
|
791
|
+
super.logout();
|
|
792
792
|
this.indexedDbStamper.clear();
|
|
793
793
|
}
|
|
794
794
|
async signRawMessage(msg) {
|
|
@@ -812,13 +812,25 @@ var WebSignerClient = class extends SignerClient {
|
|
|
812
812
|
* @param {WebAuthnSignInParams} params params for the sign in
|
|
813
813
|
*/
|
|
814
814
|
async webAuthnSignIn({ email }) {
|
|
815
|
+
const publicKey = await this.getPublicKey();
|
|
815
816
|
const existingUserSubOrgId = await this.lookUpUser(email);
|
|
817
|
+
this._sessionStore.type = "passkeys" /* Passkeys */;
|
|
818
|
+
this.stamper = this.webauthnStamper;
|
|
816
819
|
if (!existingUserSubOrgId) {
|
|
817
|
-
await this.
|
|
820
|
+
const { challenge, attestation } = await this._webAuthnGenerateAttestation(email);
|
|
821
|
+
const { user, token } = await this.request("/v1/passkey/init", "POST", {
|
|
822
|
+
email,
|
|
823
|
+
challenge: LibBase64.fromBuffer(challenge),
|
|
824
|
+
attestation,
|
|
825
|
+
publicKey
|
|
826
|
+
});
|
|
827
|
+
this._sessionStore.user = {
|
|
828
|
+
...user,
|
|
829
|
+
credentialId: attestation.credentialId
|
|
830
|
+
};
|
|
831
|
+
this._sessionStore.token = token;
|
|
818
832
|
} else {
|
|
819
|
-
this.
|
|
820
|
-
await this.signIn(existingUserSubOrgId);
|
|
821
|
-
this._sessionStore.type = "passkeys" /* Passkeys */;
|
|
833
|
+
await this.signIn(existingUserSubOrgId, publicKey);
|
|
822
834
|
if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {
|
|
823
835
|
return;
|
|
824
836
|
}
|
|
@@ -856,7 +868,6 @@ var WebSignerClient = class extends SignerClient {
|
|
|
856
868
|
* @param {CompleteEmailAuthParams} params params needed for otp code verification
|
|
857
869
|
*/
|
|
858
870
|
async completeEmailAuth(params) {
|
|
859
|
-
await this._initIndexedDbStamper();
|
|
860
871
|
if (!this._sessionStore.otpId)
|
|
861
872
|
throw new NotFoundError("No OTP ID found in session store.");
|
|
862
873
|
const publicKey = await this.getPublicKey();
|
|
@@ -871,6 +882,16 @@ var WebSignerClient = class extends SignerClient {
|
|
|
871
882
|
this._sessionStore.type = "email" /* Email */;
|
|
872
883
|
this._sessionStore.clearOtpId();
|
|
873
884
|
}
|
|
885
|
+
/**
|
|
886
|
+
* Completes oauth authentication.
|
|
887
|
+
*
|
|
888
|
+
* @param {CompleteOAuthParams} params params needed for oauth completion
|
|
889
|
+
*/
|
|
890
|
+
async completeOAuth(params) {
|
|
891
|
+
const publicKey = await this.getPublicKey();
|
|
892
|
+
await this.signIn(params.subOrgId, publicKey);
|
|
893
|
+
this._sessionStore.type = "oauth" /* OAuth */;
|
|
894
|
+
}
|
|
874
895
|
/**
|
|
875
896
|
* Gets the email authentication method of the app.
|
|
876
897
|
*/
|
|
@@ -890,28 +911,6 @@ var WebSignerClient = class extends SignerClient {
|
|
|
890
911
|
this.stamper = this.indexedDbStamper;
|
|
891
912
|
}
|
|
892
913
|
}
|
|
893
|
-
/**
|
|
894
|
-
* Creates a passkey account using the webauthn stamper.
|
|
895
|
-
*
|
|
896
|
-
* @param {WebAuthnSignInParams} params params for the creation of the account
|
|
897
|
-
*/
|
|
898
|
-
async _createWebAuthnAccount(params) {
|
|
899
|
-
const { challenge, attestation } = await this._webauthnGenerateAttestation(
|
|
900
|
-
params.email
|
|
901
|
-
);
|
|
902
|
-
const { user, token } = await this.request("/v1/signup", "POST", {
|
|
903
|
-
email: params.email,
|
|
904
|
-
challenge: LibBase64.fromBuffer(challenge),
|
|
905
|
-
attestation
|
|
906
|
-
});
|
|
907
|
-
this._sessionStore.user = {
|
|
908
|
-
...user,
|
|
909
|
-
credentialId: attestation.credentialId
|
|
910
|
-
};
|
|
911
|
-
this._sessionStore.type = "passkeys" /* Passkeys */;
|
|
912
|
-
this._sessionStore.token = token;
|
|
913
|
-
this._scheduleRefresh(token);
|
|
914
|
-
}
|
|
915
914
|
/**
|
|
916
915
|
* Init account creation with email.
|
|
917
916
|
*
|
|
@@ -924,7 +923,7 @@ var WebSignerClient = class extends SignerClient {
|
|
|
924
923
|
});
|
|
925
924
|
return response;
|
|
926
925
|
}
|
|
927
|
-
async
|
|
926
|
+
async _webAuthnGenerateAttestation(email) {
|
|
928
927
|
const challenge = LibBytes.generateRandomBuffer();
|
|
929
928
|
const authenticatorUserId = LibBytes.generateRandomBuffer();
|
|
930
929
|
const attestation = await (0, import_http2.getWebAuthnAttestation)({
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n */\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /**\n * Completes email authentication with OTP code.\n *\n * @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /**\n * Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n *\n * @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.\n */\n async getAuthMethod(): Promise<'otp' | 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebAuthnSignInParams} params for the sign-in process.\n */\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /**\n * Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n */\n static async sha256Hex(\n input: string | ArrayBuffer | Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n targetPublicKey: publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import { SessionType } from '../../session/index.js'\nimport type { WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\ntype CompleteParams = {\n bundle: string\n subOrgId: string\n}\n\n/**\n * A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n */\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n async complete({ subOrgId }: CompleteParams) {\n /* await this._webSignerClient.completeAuth({\n subOrgId,\n sessionType: SessionType.OAuth,\n }) */\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /**\n * Checks if a user is currently logged in to the fourt.io SDK.\n */\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /**\n * Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n */\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\n\ntype WebAuthnSignInParams = {\n email: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteAuthParams = {\n subOrgId: string\n sessionType: SessionType\n isNewUser?: boolean\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype GoogleOAuthSignInParams = {\n credential: string\n clientId: string\n}\n\nexport type OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async isLoggedIn() {\n await this.getPublicKey()\n return super.isLoggedIn()\n }\n\n public override async logout() {\n const publicKey = await this.getPublicKey()\n super.logout(publicKey)\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebAuthnSignInParams} params params for the sign in\n */\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const existingUserSubOrgId = await this.lookUpUser(email)\n\n if (!existingUserSubOrgId) {\n await this._createWebAuthnAccount({ email })\n } else {\n this.stamper = this.webauthnStamper\n await this.signIn(existingUserSubOrgId)\n\n this._sessionStore.type = SessionType.Passkeys\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handles auth user process with email according to the method of the used app.\n *\n * @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n */\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /**\n * Verifies the provided otp code.\n *\n * @param {CompleteEmailAuthParams} params params needed for otp code verification\n */\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n await this._initIndexedDbStamper()\n\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const publicKey = await this.getPublicKey()\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey,\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId, publicKey)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /**\n * Gets the email authentication method of the app.\n */\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n */\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /**\n * Creates a passkey account using the webauthn stamper.\n *\n * @param {WebAuthnSignInParams} params params for the creation of the account\n */\n private async _createWebAuthnAccount(params: WebAuthnSignInParams) {\n const { challenge, attestation } = await this._webauthnGenerateAttestation(\n params.email,\n )\n\n const { user, token } = await this.request('/v1/signup', 'POST', {\n email: params.email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n })\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.type = SessionType.Passkeys\n // Tokens are always returned on passkey signup\n this._sessionStore.token = token!\n this._scheduleRefresh(token!)\n }\n\n /**\n * Init account creation with email.\n *\n * @param {InitEmailAuthParams} params params for the creation of the account\n */\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webauthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteAuthParams,\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n GoogleOAuthSignInParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n}\n","/**\n * Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n */\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n bundle?: string\n token?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n bundle: state.bundle,\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get bundle(): string | undefined {\n return this._store.getState().bundle\n }\n\n set bundle(bundle: string) {\n this._store.setState({ bundle })\n }\n\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string | undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearBundle() {\n this._store.setState({ ...this._store.getState(), bundle: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearBundle()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n bundle: undefined,\n token: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout(publicKey: string) {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n await this.request('/v1/logout', 'POST', { publicKey })\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token || !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId: string, publicKey?: string) {\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: subOrgId,\n })\n\n const { user, token } = await this.request('/v1/signin', 'POST', {\n stampedRequest,\n publicKey,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId: credentialId,\n }\n this._sessionStore.token = token\n this._scheduleRefresh(token)\n return { user, token }\n }\n\n protected async stampAndRefresh() {\n const refreshPayload = JSON.stringify({\n timestamp: Date.now(),\n type: 'refresh_token_request',\n })\n const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload)\n const { token } = await this.request('/v1/refresh', 'POST', {\n payload: refreshPayload,\n stamp,\n })\n this._sessionStore.token = token\n return { token }\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this._sessionStore.token\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /**\n * Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n */\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds * 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.stampAndRefresh()\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data || !data.token) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._scheduleRefresh(data.token)\n } catch (error) {\n console.error('Token refresh failed:', error)\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n this._sessionStore.clearToken()\n this._sessionStore.clearUser()\n\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 ** (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain | undefined,\n JsonRpcAccount | LocalAccount | undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,WAAsB;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,QAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,IAAAC,QAAsB;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D,iBAAiB;AAAA,MACjB;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;ACpBA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,SAAS,EAAE,SAAS,GAAmB;AAAA,EAK7C;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,IAAAC,eAAuC;AACvC,8BAAgC;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,qBAA2C;AAC3C,wBAA2C;AAiB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,QAAQ,MAAM;AAAA,UACd,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,OAAO,QAAgB;AACzB,SAAK,OAAO,SAAS,EAAE,OAAO,CAAC;AAAA,EACjC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,cAAc;AACZ,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,QAAQ,OAAU,CAAC;AAAA,EACvE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,YAAY;AACjB,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClHA,kBAA8B;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,kBAA0B;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,OAAO,WAAmB;AACrC,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,UAAU,CAAC;AACtD,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAkB,WAAoB;AAC3D,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,gBAAgB,MAAM,gBAAgB,EACrD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAK;AAC3B,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,iBAAiB,KAAK,UAAU;AAAA,MACpC,WAAW,KAAK,IAAI;AAAA,MACpB,MAAM;AAAA,IACR,CAAC;AACD,UAAM,QAAQ,MAAM,KAAK,eAAe,QAAQ,MAAM,cAAc;AACpE,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,eAAe,QAAQ;AAAA,MAC1D,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,SAAK,cAAc,QAAQ;AAC3B,WAAO,EAAE,MAAM;AAAA,EACjB;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,cAAc;AAEjC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,cAAM,iBAAiB,KAAK,gBAAgB;AAC5C,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,OAAO;AAExB,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AACd,gBAAQ,MAAM,yBAAyB,KAAK;AAE5C,YAAI,iBAAiB,mBAAmB;AACtC,eAAK,cAAc,WAAW;AAC9B,eAAK,cAAc,UAAU;AAE7B,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJvXA,gCAAiC;AA2CjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,2CAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,aAAa;AACjC,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,WAAW;AAAA,EAC1B;AAAA,EAEA,MAAsB,SAAS;AAC7B,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,OAAO,SAAS;AACtB,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AAExD,QAAI,CAAC,sBAAsB;AACzB,YAAM,KAAK,uBAAuB,EAAE,MAAM,CAAC;AAAA,IAC7C,OAAO;AACL,WAAK,UAAU,KAAK;AACpB,YAAM,KAAK,OAAO,oBAAoB;AAEtC,WAAK,cAAc;AAGnB,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,UAAM,KAAK,sBAAsB;AAEjC,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB;AAAA,IACF,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,UAAU,SAAS;AACrC,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,uBAAuB,QAA8B;AACjE,UAAM,EAAE,WAAW,YAAY,IAAI,MAAM,KAAK;AAAA,MAC5C,OAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D,OAAO,OAAO;AAAA,MACd,WAAW,UAAU,WAAW,SAAS;AAAA,MACzC;AAAA,IACF,CAAC;AAED,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH,cAAc,YAAY;AAAA,IAC5B;AACA,SAAK,cAAc;AAEnB,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAM;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQ9SA,kBAqBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AnBlIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_http","error","import_accounts"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/modules/auth/email.ts","../src/modules/auth/passkeys.ts","../src/modules/auth/oauth/google.ts","../src/lib/sha256.ts","../src/errors/BadRequestError.ts","../src/modules/auth/oauth/facebook.ts","../src/modules/auth/oauth/apple.ts","../src/modules/auth/oauth.ts","../src/modules/auth/index.ts","../src/modules/user/index.ts","../src/signer/web.ts","../src/lib/base64.ts","../src/lib/bytes.ts","../src/session/index.ts","../src/signer/index.ts","../src/errors/UnauthorizedError.ts","../src/errors/NotFoundError.ts","../src/errors/UnauthenticatedError.ts","../src/third-party/viem.ts"],"sourcesContent":["import { AuthModule, UserModule } from './modules/index.js'\nimport { SignerClientConstructorParams } from './signer/index.js'\nimport {\n WebSignerClient,\n WebSignerClientConstructorParams,\n} from './signer/web.js'\nimport { ViemModule } from './third-party/viem.js'\n\ntype FourtWebSignerConstructorParams = {\n configuration: SignerClientConstructorParams['configuration']\n auth: Pick<WebSignerClientConstructorParams, 'webauthn' | 'oauth'>\n}\n\n/**\n * A client for interacting with the Fourt Web Signer.\n */\nclass FourtWebSigner {\n private readonly _webSignerClient: WebSignerClient\n private readonly _modules: {\n viem: ViemModule\n auth: AuthModule\n user: UserModule\n }\n\n /**\n * Initializes a new instance of the `FourtWebSigner` class.\n * Sets up the underlying modules.\n *\n *\n * @example\n * ```ts\n * const fourtWebSigner = new FourtWebSigner({\n * auth: {\n * webauthn: {\n * rpId: 'localhost',\n * },\n * },\n * configuration: {\n * apiKey: '927d603c-6775-4210-8e13-8904ca985e78',\n * },\n * })\n * ```\n *\n * @param {FourtWebSignerConstructorParams} params the required parameters to initialize the client\n */\n constructor({\n configuration,\n auth: { webauthn, oauth },\n }: FourtWebSignerConstructorParams) {\n this._webSignerClient = new WebSignerClient({\n configuration,\n webauthn,\n oauth,\n })\n\n this._modules = {\n viem: new ViemModule(this._webSignerClient),\n auth: new AuthModule(this._webSignerClient),\n user: new UserModule(this._webSignerClient),\n }\n }\n\n /**\n * A module for interacting with the Viem library.\n */\n get viem() {\n return this._modules.viem\n }\n\n /**\n * A module for interacting with the authentication methods.\n */\n get auth() {\n return this._modules.auth\n }\n\n /**\n * A module for interacting with the user methods.\n */\n get user() {\n return this._modules.user\n }\n}\n\nexport { FourtWebSigner }\n","import type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClient,\n} from '../../signer/web.js'\n\n/**\n * A module for interacting with the Email authentication methods.\n * Available through the `auth.email` property on a `FourtWebSigner` instance.\n */\nclass EmailModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Initialize user authentication process using email.\n *\n * @param params {InitEmailAuthParams} params to initialize the user authentication process.\n * @returns {Promise<void>} promise that resolves when the initialization is complete.\n */\n async initialize(params: InitEmailAuthParams): Promise<void> {\n return this._webSignerClient.initEmailAuth(params)\n }\n\n /**\n * Completes email authentication with OTP code.\n *\n * @param params {CompleteEmailAuthParams} params to complete the authentication process.\n * @returns {Promise<void>} promise that completes the authentication process.\n */\n async complete(params: CompleteEmailAuthParams): Promise<void> {\n await this._webSignerClient.completeEmailAuth(params)\n }\n\n /**\n * Get the email authentication method of the app, that was chosen in fourt.io dashboard.\n * It can be either `magiclink` or `otp`.\n *\n * @returns {Promise<'otp' | 'magiclink'>} promise that resolves to the email authentication method.\n */\n async getAuthMethod(): Promise<'otp' | 'magiclink'> {\n return this._webSignerClient.getEmailAuthMethod()\n }\n}\n\nexport { EmailModule }\n","import type { WebSignerClient, WebAuthnSignInParams } from '../../signer/web.js'\n\n/**\n * A module for interacting with the Passkeys authentication methods.\n * Available through the `auth.passkeys` property on a `FourtWebSigner` instance.\n */\nclass PasskeysModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Signs in a user using Passkeys.\n *\n * @param params {WebAuthnSignInParams} params for the sign-in process.\n */\n async signIn(params: WebAuthnSignInParams) {\n return this._webSignerClient.webAuthnSignIn(params)\n }\n}\n\nexport { PasskeysModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass GoogleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('google')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/google',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { GoogleModule }\n","class LibSha256 {\n /**\n * Compute SHA-256 and return hex string using Web Crypto when available.\n * Falls back to Node's crypto.createHash when running in Node.\n */\n static async sha256Hex(\n input: string | ArrayBuffer | Uint8Array,\n ): Promise<string> {\n // normalize input to Uint8Array\n let data: Uint8Array\n if (typeof input === 'string') {\n data = new TextEncoder().encode(input)\n } else if (input instanceof Uint8Array) {\n data = input\n } else {\n data = new Uint8Array(input)\n }\n\n // Prefer Web Crypto Subtle API\n const subtle =\n typeof globalThis !== 'undefined' && (globalThis as any).crypto?.subtle\n ? (globalThis as any).crypto.subtle\n : undefined\n\n if (subtle) {\n const hash = await subtle.digest('SHA-256', data)\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('')\n }\n\n // Fallback for Node (synchronous)\n try {\n const nodeCrypto = require('crypto')\n const hash = nodeCrypto.createHash('sha256').update(data).digest('hex')\n return hash\n } catch {\n throw new Error(\n 'No crypto provider available. Provide a global crypto.subtle or run in Node 18+.',\n )\n }\n }\n}\n\nexport { LibSha256 }\n","class BadRequestError extends Error {\n constructor(message: string) {\n super(message)\n this.name = BadRequestError.name\n }\n}\n\nexport { BadRequestError }\n","import { BadRequestError } from '../../../errors/BadRequestError.js'\nimport { WebSignerClient } from '../../../signer/web.js'\nimport * as jose from 'jose'\n\nclass FacebookModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const publicKey = await this._webSignerClient.getPublicKey()\n const internalUrl = new URL(\n 'v1/oauth/facebook',\n this._webSignerClient.configuration.apiUrl,\n ).href\n\n const jwt = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n\n const response = await fetch(internalUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n state: jwt,\n }),\n })\n\n if (!response.ok) {\n throw new BadRequestError(\n `Failed to create OAuth state. Error: ${response.statusText}`,\n )\n }\n\n const { authUrl } = await response.json()\n if (!authUrl) {\n throw new BadRequestError(response.statusText)\n }\n\n return authUrl\n }\n}\n\nexport { FacebookModule }\n","import * as jose from 'jose'\nimport type { WebSignerClient } from '../../../signer/web.js'\nimport { LibSha256 } from '../../../lib/sha256.js'\n\nclass AppleModule {\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n async init(): Promise<string> {\n await this._webSignerClient.resetKeyPair()\n const initUrl = await this._webSignerClient.getOAuthInitUrl('apple')\n\n const url = new URL(initUrl)\n\n const internalUrl = new URL(\n 'v1/oauth/apple',\n this._webSignerClient.configuration.apiUrl,\n ).href\n url.searchParams.set('redirect_uri', internalUrl)\n\n const publicKey = await this._webSignerClient.getPublicKey()\n\n const nonce = await LibSha256.sha256Hex(publicKey)\n url.searchParams.set('nonce', nonce)\n\n const state = new jose.UnsecuredJWT({\n apiKey: this._webSignerClient.configuration.apiKey,\n redirectUrl: this._webSignerClient.oauthConfiguration!.common.redirectUrl,\n publicKey,\n internalUrl: internalUrl,\n origin: window.location.origin,\n }).encode()\n url.searchParams.set('state', state)\n\n return url.toString()\n }\n}\n\nexport { AppleModule }\n","import type { CompleteOAuthParams, WebSignerClient } from '../../signer/web.js'\nimport { GoogleModule } from './oauth/google.js'\nimport { FacebookModule } from './oauth/facebook.js'\nimport { AppleModule } from './oauth/apple.js'\n\n/**\n * A module for interacting with the OAuth authentication methods.\n * Available through the `auth.oauth` property on a `FourtWebSigner` instance.\n */\nclass OAuthModule {\n private readonly _googleModule: GoogleModule\n private readonly _facebookModule: FacebookModule\n private readonly _appleModule: AppleModule\n\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._googleModule = new GoogleModule(this._webSignerClient)\n this._facebookModule = new FacebookModule(this._webSignerClient)\n this._appleModule = new AppleModule(this._webSignerClient)\n }\n\n get google() {\n return this._googleModule\n }\n\n get facebook() {\n return this._facebookModule\n }\n\n get apple() {\n return this._appleModule\n }\n\n /**\n * Completes oauth authentication.\n *\n * @param params {CompleteOAuthParams} params needed for oauth completion\n * @returns {Promise<void>} promise that completes the oauth authentication process.\n */\n async complete(params: CompleteOAuthParams): Promise<void> {\n await this._webSignerClient.completeOAuth(params)\n }\n}\n\nexport { OAuthModule }\n","import type { WebSignerClient } from '../../signer/web.js'\nimport { EmailModule } from './email.js'\nimport { PasskeysModule } from './passkeys.js'\nimport { OAuthModule } from './oauth.js'\n\n/**\n * A module for interacting with the authentication methods.\n * Available through the `auth` property on a `FourtWebSigner` instance.\n */\nclass AuthModule {\n private readonly _passkeys: PasskeysModule\n private readonly _email: EmailModule\n private readonly _oauth: OAuthModule\n\n /**\n * Initializes a new instance of the `AuthModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {\n this._passkeys = new PasskeysModule(this._webSignerClient)\n this._email = new EmailModule(this._webSignerClient)\n this._oauth = new OAuthModule(this._webSignerClient)\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get passkeys() {\n return this._passkeys\n }\n\n /**\n * A module for interacting with the Passkeys authentication methods.\n */\n get email() {\n return this._email\n }\n\n get oauth() {\n return this._oauth\n }\n}\n\nexport { AuthModule }\nexport { PasskeysModule } from './passkeys.js'\nexport { EmailModule } from './email.js'\n","import { WebSignerClient } from '../../signer/web.js'\nimport { User } from '../../types/entities.js'\n\n/**\n * A module for interacting with the user methods.\n * Available through the `user` property on a `FourtWebSigner` instance.\n */\nclass UserModule {\n /**\n * Initializes a new instance of the `UserModule` class.\n *\n * @param {WebSignerClient} _webSignerClient underlying WebSigner client instance.\n */\n constructor(private readonly _webSignerClient: WebSignerClient) {}\n\n /**\n * Retrieves information for the authenticated user.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getInfo(): Promise<User> {\n return this._webSignerClient.getUser()\n }\n\n /**\n * Checks if a user is currently logged in to the fourt.io SDK.\n */\n async isLoggedIn(): Promise<boolean> {\n return this._webSignerClient.isLoggedIn()\n }\n\n /**\n * Generates an access token with a lifespan of 15 minutes.\n * Assumes a user is already logged in, otherwise it will throw an error.\n */\n async getToken(): Promise<string> {\n return this._webSignerClient.getToken()\n }\n\n /**\n * Logs out the user.\n */\n async logout(): Promise<void> {\n return this._webSignerClient.logout()\n }\n}\n\nexport { UserModule }\n","import { getWebAuthnAttestation } from '@turnkey/http'\nimport { WebauthnStamper } from '@turnkey/webauthn-stamper'\nimport { LibBase64 } from '../lib/base64.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { SessionType } from '../session/index.js'\nimport {\n type SignerClientInheritedConstructorParams,\n SignerClient,\n} from './index.js'\nimport { NotFoundError } from '../errors/NotFoundError.js'\nimport { IndexedDbStamper } from '@turnkey/indexed-db-stamper'\nimport { decodeJwt } from 'jose'\n\ntype WebAuthnSignInParams = {\n email: string\n publicKey: string\n}\n\ntype InitEmailAuthParams = {\n email: string\n redirectUrl?: string\n}\n\ntype CompleteEmailAuthParams = {\n email: string\n otpCode: string\n}\n\ntype CompleteOAuthParams = {\n subOrgId: string\n}\n\ntype OAuthConfiguration = {\n common: {\n redirectUrl: string\n }\n}\n\ntype WebSignerClientConstructorParams = SignerClientInheritedConstructorParams<{\n webauthn: {\n rpId: string\n }\n oauth?: OAuthConfiguration\n}>\n\n/**\n * A signer client for web applications.\n */\nclass WebSignerClient extends SignerClient {\n private indexedDbStamper: IndexedDbStamper\n private webauthnStamper: WebauthnStamper\n\n readonly oauthConfiguration: WebSignerClientConstructorParams['oauth']\n\n /**\n * Initializes a new instance of the `WebSignerClient` class.\n *\n * @param {WebSignerClientConstructorParams} params params for the constructor\n */\n constructor({\n configuration,\n webauthn,\n oauth,\n }: WebSignerClientConstructorParams) {\n const indexedDbStamper = new IndexedDbStamper()\n\n super({\n stamper: indexedDbStamper,\n configuration: configuration,\n })\n\n this.indexedDbStamper = indexedDbStamper\n this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId })\n\n this.oauthConfiguration = oauth\n }\n\n public override async isLoggedIn() {\n await this.getPublicKey()\n return super.isLoggedIn()\n }\n\n public override async logout() {\n // Init indexedDb stamper in order to sign logout request\n await this._initIndexedDbStamper()\n super.logout()\n this.indexedDbStamper.clear()\n }\n\n public override async signRawMessage<Into extends string>(\n msg: string,\n ): Promise<Into> {\n await this._updateStamper()\n return super.signRawMessage(msg)\n }\n\n /**\n * Get the pre-filled URL for initiating oauth with a specific provider.\n *\n * @param {string} provider provider for which we are getting the URL, currently google or apple\n */\n public async getOAuthInitUrl(provider: string) {\n const { url } = await this.request('/v1/oauth/init', 'POST', {\n provider,\n })\n\n return url\n }\n\n /**\n * Signs in a user with webauthn.\n *\n * @param {WebAuthnSignInParams} params params for the sign in\n */\n public async webAuthnSignIn({ email }: WebAuthnSignInParams) {\n const publicKey = await this.getPublicKey()\n const existingUserSubOrgId = await this.lookUpUser(email)\n this._sessionStore.type = SessionType.Passkeys\n this.stamper = this.webauthnStamper\n\n if (!existingUserSubOrgId) {\n const { challenge, attestation } =\n await this._webAuthnGenerateAttestation(email)\n\n const { user, token } = await this.request('/v1/passkey/init', 'POST', {\n email,\n challenge: LibBase64.fromBuffer(challenge),\n attestation,\n publicKey,\n })\n\n this._sessionStore.user = {\n ...user,\n credentialId: attestation.credentialId,\n }\n this._sessionStore.token = token\n } else {\n await this.signIn(existingUserSubOrgId, publicKey)\n\n // We should assure that the user and its credentialId are set\n if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {\n return\n }\n\n this.webauthnStamper.allowCredentials = [\n {\n id: LibBase64.toBuffer(this._sessionStore.user.credentialId),\n type: 'public-key',\n transports: ['internal', 'usb'],\n },\n ]\n }\n }\n\n /**\n * Handles auth user process with email according to the method of the used app.\n *\n * @param {InitEmailAuthParams} params params needed for the initialization of the auth process\n */\n public async initEmailAuth(params: InitEmailAuthParams) {\n await this.indexedDbStamper.resetKeyPair()\n const { otpId } = await this._initEmailAuth(params)\n if (!otpId) throw new NotFoundError('No OTP init response returned.')\n this._sessionStore.otpId = otpId\n }\n\n public async getPublicKey() {\n await this._initIndexedDbStamper()\n return this.indexedDbStamper.getPublicKey()!\n }\n\n public async resetKeyPair() {\n await this._initIndexedDbStamper()\n await this.indexedDbStamper.resetKeyPair()\n }\n\n /**\n * Verifies the provided otp code.\n *\n * @param {CompleteEmailAuthParams} params params needed for otp code verification\n */\n public async completeEmailAuth(params: CompleteEmailAuthParams) {\n if (!this._sessionStore.otpId)\n throw new NotFoundError('No OTP ID found in session store.')\n\n const publicKey = await this.getPublicKey()\n const { subOrgId } = await this.request('/v1/email/complete', 'POST', {\n otpId: this._sessionStore.otpId,\n otpCode: params.otpCode,\n publicKey,\n })\n\n if (!subOrgId)\n throw new NotFoundError('No OTP authentication response returned.')\n\n await this.signIn(subOrgId, publicKey)\n this._sessionStore.type = SessionType.Email\n this._sessionStore.clearOtpId()\n }\n\n /**\n * Completes oauth authentication.\n *\n * @param {CompleteOAuthParams} params params needed for oauth completion\n */\n public async completeOAuth(params: CompleteOAuthParams) {\n const publicKey = await this.getPublicKey()\n await this.signIn(params.subOrgId, publicKey)\n this._sessionStore.type = SessionType.OAuth\n }\n\n /**\n * Gets the email authentication method of the app.\n */\n public async getEmailAuthMethod() {\n const { method } = await this.request('/v1/email/method', 'GET')\n return method\n }\n\n /**\n * Checks for an existing session and if exists, updates the stamper accordingly.\n */\n private async _updateStamper() {\n // User is not signed in\n if (\n this._sessionStore.type === undefined &&\n this._sessionStore.token === undefined\n )\n return\n if (this._sessionStore.type === SessionType.Passkeys) {\n this.stamper = this.webauthnStamper\n } else {\n this.stamper = this.indexedDbStamper\n }\n }\n\n /**\n * Init account creation with email.\n *\n * @param {InitEmailAuthParams} params params for the creation of the account\n */\n private async _initEmailAuth(params: InitEmailAuthParams) {\n const response = await this.request('/v1/email/init', 'POST', {\n email: params.email,\n redirectUrl: params.redirectUrl\n ? params.redirectUrl.toString()\n : undefined,\n })\n\n return response\n }\n\n private async _webAuthnGenerateAttestation(email: string) {\n const challenge = LibBytes.generateRandomBuffer()\n const authenticatorUserId = LibBytes.generateRandomBuffer()\n\n const attestation = await getWebAuthnAttestation({\n publicKey: {\n authenticatorSelection: {\n residentKey: 'preferred',\n requireResidentKey: false,\n userVerification: 'preferred',\n },\n challenge,\n rp: {\n id: window.location.hostname,\n name: window.location.hostname,\n },\n pubKeyCredParams: [\n {\n type: 'public-key',\n alg: -7,\n },\n {\n type: 'public-key',\n alg: -257,\n },\n ],\n user: {\n id: authenticatorUserId,\n name: email,\n displayName: email,\n },\n },\n })\n\n return { challenge, attestation, authenticatorUserId }\n }\n\n private async _initIndexedDbStamper() {\n if (!this.indexedDbStamper.getPublicKey()) {\n await this.indexedDbStamper.init()\n }\n this.stamper = this.indexedDbStamper\n }\n}\n\nexport { WebSignerClient }\nexport type {\n CompleteEmailAuthParams,\n InitEmailAuthParams,\n WebSignerClientConstructorParams,\n WebAuthnSignInParams,\n OAuthConfiguration,\n CompleteOAuthParams,\n}\n","/**\n * Browser-friendly base64url helpers.\n * - Uses btoa/atob and Uint8Array, no Node Buffer polyfill.\n * - Chunks when converting large ArrayBuffers to avoid call-stack issues.\n */\nclass LibBase64 {\n // Convert an ArrayBuffer to base64url (no padding)\n static fromBuffer(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n const CHUNK_SIZE = 0x8000\n let binary = ''\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n const chunk = bytes.subarray(i, i + CHUNK_SIZE)\n // spread on TypedArray can be large; cast to any to satisfy TS\n binary += String.fromCharCode(...(chunk as any))\n }\n const base64 =\n typeof btoa === 'function'\n ? btoa(binary)\n : Buffer.from(bytes).toString('base64')\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n }\n\n // Convert base64url (no padding) to ArrayBuffer\n static toBuffer(base64url: string): ArrayBuffer {\n let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/')\n const pad = base64.length % 4\n if (pad) base64 += '='.repeat(4 - pad)\n\n const binary =\n typeof atob === 'function'\n ? atob(base64)\n : Buffer.from(base64, 'base64').toString('binary')\n const len = binary.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i)\n return bytes.buffer\n }\n}\n\nexport { LibBase64 }\n","type TakeBytesParams = Partial<{\n count: number\n offset: number\n}>\n\ntype ByteString = `0x${string}`\n\nclass LibBytes {\n static generateRandomBuffer = (): ArrayBuffer => {\n const arr = new Uint8Array(32)\n crypto.getRandomValues(arr)\n return arr.buffer\n }\n\n static takeBytes = (\n bytes: ByteString,\n params: TakeBytesParams = {},\n ): ByteString => {\n const { offset, count } = params\n const start = (offset ? offset * 2 : 0) + 2 // add 2 to skip the 0x prefix\n const end = count ? start + count * 2 : undefined\n\n return `0x${bytes.slice(start, end)}`\n }\n}\n\nexport { LibBytes }\n","import { createStore, type StoreApi } from 'zustand'\nimport { persist, createJSONStorage } from 'zustand/middleware'\nimport { User } from '../types/entities.js'\n\nenum SessionType {\n Email = 'email',\n Passkeys = 'passkeys',\n OAuth = 'oauth',\n}\n\ntype SessionState = {\n type?: SessionType\n user?: User\n token?: string\n otpId?: string\n}\n\nclass SessionStore {\n private readonly _store: StoreApi<SessionState>\n\n constructor() {\n // `user` and `token` stay in memory (not persisted)\n this._store = createStore<SessionState>()(\n persist(this._getInitialState, {\n name: 'fourt-session',\n storage: createJSONStorage(() => localStorage),\n // persist only these in localStorage\n partialize: (state) => ({\n type: state.type,\n otpId: state.otpId,\n }),\n }),\n )\n }\n\n get type(): SessionType | undefined {\n return this._store.getState().type\n }\n\n set type(type: SessionType) {\n this._store.setState({ type })\n }\n\n get token(): string | undefined {\n return this._store.getState().token\n }\n\n set token(token: string) {\n this._store.setState({ token })\n }\n\n get user(): User | undefined {\n return this._store.getState().user\n }\n\n set user(user: User) {\n this._store.setState({ ...this._store.getState(), user })\n }\n\n get otpId(): string | undefined {\n return this._store.getState().otpId\n }\n\n set otpId(otpId: string) {\n this._store.setState({ otpId })\n }\n\n clearUser() {\n this._store.setState({ ...this._store.getState(), user: undefined })\n }\n\n clearType() {\n this._store.setState({ ...this._store.getState(), type: undefined })\n }\n\n clearToken() {\n this._store.setState({ ...this._store.getState(), token: undefined })\n }\n\n clearOtpId() {\n this._store.setState({ ...this._store.getState(), otpId: undefined })\n }\n\n clearAll() {\n this.clearToken()\n this.clearUser()\n this.clearType()\n this.clearOtpId()\n }\n\n private _getInitialState(): SessionState {\n return {\n type: undefined,\n user: undefined,\n token: undefined,\n otpId: undefined,\n }\n }\n}\n\nexport { SessionType, SessionStore }\nexport type { SessionState }\n","import { TurnkeyClient } from '@turnkey/http'\nimport {\n BadRequestError,\n NotFoundError,\n UnauthorizedError,\n} from '../errors/index.js'\nimport { SessionStore } from '../session/index.js'\nimport { APIResponse } from '../types/rest.js'\nimport {\n AuthenticationServiceBody,\n AuthenticationServiceResponse,\n Method,\n Route,\n} from '../types/routes.js'\nimport { decodeJwt } from 'jose'\n\ntype SignerClientConfiguration = {\n apiKey: string\n apiUrl?: string\n paymasterRpcUrl?: string\n}\n\ntype SignerClientConstructorParams = {\n stamper: TurnkeyClient['stamper']\n configuration: SignerClientConfiguration\n}\n\ntype SignerClientInheritedConstructorParams<\n Extended extends Record<string, unknown>,\n> = Pick<SignerClientConstructorParams, 'configuration'> & Extended\n\nabstract class SignerClient {\n protected readonly _turnkeyClient: TurnkeyClient\n protected readonly _configuration: Required<\n SignerClientConstructorParams['configuration']\n >\n protected readonly _sessionStore: SessionStore\n\n private _refreshPromise?: Promise<void>\n private _refreshTimer?: ReturnType<typeof setTimeout>\n\n constructor({\n stamper,\n configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration },\n }: SignerClientConstructorParams) {\n this._turnkeyClient = new TurnkeyClient(\n { baseUrl: 'https://api.turnkey.com' },\n stamper,\n )\n\n this._configuration = {\n ...requiredConfiguration,\n apiUrl: apiUrl ?? 'https://auth.api.fourt.io/',\n paymasterRpcUrl: paymasterRpcUrl ?? 'https://management.api.fourt.io/',\n }\n\n this._sessionStore = new SessionStore()\n }\n\n get configuration(): Required<SignerClientConfiguration> {\n return this._configuration\n }\n\n public async getUser() {\n if (this._sessionStore.user) return this._sessionStore.user\n\n try {\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n // If unauthorized, try to refresh token and retry once\n if (error instanceof UnauthorizedError) {\n try {\n await this._refreshToken()\n const user = await this.request('/v1/me', 'GET')\n this._sessionStore.user = user\n return user\n } catch (error) {\n throw error\n }\n }\n throw error\n }\n }\n\n public async isLoggedIn() {\n const token = this._sessionStore.token\n\n // If we have a token and it's still valid, we're logged in\n if (token && !this._isTokenExpired(token)) return true\n\n // Otherwise try to refresh (covers no token and expired token)\n try {\n await this._refreshToken()\n return !!this._sessionStore.token\n } catch {\n return false\n }\n }\n\n public async getToken(): Promise<string> {\n // Try to use existing token\n if (!this._sessionStore.token) {\n // No token: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError(\n 'No token found, user might not be logged in',\n )\n }\n } else if (this._isTokenExpired(this._sessionStore.token)) {\n // Token expired: attempt refresh (may throw)\n try {\n await this._refreshToken()\n } catch {\n throw new UnauthorizedError('Token expired and refresh failed')\n }\n }\n\n const token = this._sessionStore.token\n if (!token) {\n throw new UnauthorizedError('No token found, user might not be logged in')\n }\n return token\n }\n\n private _isTokenExpired(token: string): boolean {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (typeof decoded.exp === 'number') {\n return decoded.exp * 1000 <= Date.now()\n }\n return true // If no exp claim, consider it expired\n } catch {\n return true // If token is malformed, consider it expired\n }\n }\n\n public async logout() {\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n this._refreshTimer = undefined\n const logoutPayload = JSON.stringify({\n timestamp: Date.now(),\n type: 'logout_request',\n })\n const stamp = await this._turnkeyClient.stamper.stamp(logoutPayload)\n await this.request('/v1/logout', 'POST', { payload: logoutPayload, stamp })\n this._sessionStore.clearAll()\n }\n\n public async signRawMessage<Into extends string>(msg: string): Promise<Into> {\n if (!this._sessionStore.token || !this._sessionStore.user) {\n throw new UnauthorizedError(\n 'SignerClient must be authenticated to sign a message',\n )\n }\n\n const stampedRequest = await this._turnkeyClient.stampSignRawPayload({\n organizationId: this._sessionStore.user.subOrgId,\n type: 'ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2',\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',\n hashFunction: 'HASH_FUNCTION_NO_OP',\n payload: msg,\n signWith: this._sessionStore.user.walletAddress,\n },\n })\n\n const { signature } = await this.request('/v1/sign', 'POST', {\n stampedRequest,\n })\n\n return <Into>signature\n }\n\n protected set stamper(stamper: TurnkeyClient['stamper']) {\n this._turnkeyClient.stamper = stamper\n }\n\n protected get stamper(): TurnkeyClient['stamper'] {\n return this._turnkeyClient.stamper\n }\n\n protected async lookUpUser(email: string): Promise<string | null> {\n try {\n const { subOrgId } = await this.request('/v1/lookup', 'POST', { email })\n return subOrgId\n } catch (error) {\n if (error instanceof NotFoundError) return null\n throw error\n }\n }\n\n protected async signIn(subOrgId: string, publicKey: string) {\n const stampedRequest = await this._turnkeyClient.stampGetWhoami({\n organizationId: subOrgId,\n })\n\n const { user, token } = await this.request('/v1/signin', 'POST', {\n stampedRequest,\n publicKey,\n })\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest.stamp.stampHeaderValue)\n .credentialId as string\n } catch (e) {\n return undefined\n }\n })()\n\n this._sessionStore.user = {\n ...user,\n credentialId,\n }\n this._sessionStore.token = token\n this._scheduleRefresh(token)\n return { user, token }\n }\n\n protected async stampAndRefresh() {\n const refreshPayload = JSON.stringify({\n timestamp: Date.now(),\n type: 'refresh_token_request',\n })\n const stamp = await this._turnkeyClient.stamper.stamp(refreshPayload)\n const { token } = await this.request('/v1/refresh', 'POST', {\n payload: refreshPayload,\n stamp,\n })\n this._sessionStore.token = token\n return { token }\n }\n\n protected async request<R extends Route, M extends Method>(\n route: R,\n method: M,\n body?: AuthenticationServiceBody<R>,\n ): Promise<AuthenticationServiceResponse<R>> {\n const url = new URL(`${route}`, this._configuration.apiUrl)\n const token = this._sessionStore.token\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-FOURT-KEY': this._configuration.apiKey,\n }\n\n if (token) {\n headers['Authorization'] = `Bearer ${token}`\n }\n\n const response = await fetch(url, {\n method,\n body: method === 'POST' ? JSON.stringify(body) : undefined,\n headers,\n })\n\n const { data, error } = (await response.json()) as APIResponse<\n AuthenticationServiceResponse<R>\n >\n\n if (error) {\n switch (error.kind) {\n case 'UnauthorizedError': {\n throw new UnauthorizedError(error.message)\n }\n case 'NotFoundError': {\n throw new NotFoundError(error.message)\n }\n case 'BadRequestError': {\n throw new BadRequestError(error.message)\n }\n default: {\n throw new Error(error.message)\n }\n }\n }\n\n return { ...data } as AuthenticationServiceResponse<R>\n }\n\n /**\n * Compute milliseconds until refresh time.\n * - expSeconds is the JWT exp claim (seconds).\n * - earlyMinutes is how many minutes before exp to refresh (default 2).\n * Returns 0 if refresh time is already past.\n */\n private _computeRefreshDelayMs(expSeconds: number, earlyMinutes = 2): number {\n const expiryMs = expSeconds * 1000\n const refreshMs = expiryMs - earlyMinutes * 60 * 1000\n const now = Date.now()\n const delay = refreshMs - now\n return delay <= 0 ? 0 : delay\n }\n\n protected _scheduleRefresh(token: string) {\n try {\n const decoded = decodeJwt(token) as { exp?: number }\n if (!decoded.exp) return\n\n const delay = this._computeRefreshDelayMs(decoded.exp, 2)\n\n // Clear previous timer to avoid duplicates\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n\n // Schedule refresh\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n this._refreshToken()\n }, delay)\n } catch {\n // ignore errors\n }\n }\n\n private async _refreshToken(): Promise<void> {\n if (this._refreshPromise) return this._refreshPromise\n\n // Keep a reference so callers can await the same promise\n this._refreshPromise = (async () => {\n const TIMEOUT_MS = 10_000\n const RETRY_DELAY_MS = 5_000\n\n try {\n // Avoid hanging indefinitely by racing the request with a timeout\n const refreshPromise = this.stampAndRefresh()\n const data = await Promise.race([\n refreshPromise,\n new Promise<never>((_, reject) =>\n setTimeout(() => reject(new Error('Refresh timeout')), TIMEOUT_MS),\n ),\n ])\n\n if (!data || !data.token) {\n // Treat missing tokens as auth failure\n throw new UnauthorizedError('Refresh did not return tokens')\n }\n\n this._sessionStore.token = data.token\n this._scheduleRefresh(data.token)\n } catch (error) {\n console.error('Token refresh failed:', error)\n // On auth errors, clear session to avoid repeated failing retries\n if (error instanceof UnauthorizedError) {\n this._sessionStore.clearToken()\n this._sessionStore.clearUser()\n\n throw error\n }\n\n // Transient error: schedule a retry (non-blocking) and rethrow so callers know it failed\n if (this._refreshTimer) clearTimeout(this._refreshTimer)\n const MAX_RETRIES = 5\n let retryCount = 0\n\n // We schedule a background retry after RETRY_DELAY_MS using setTimeout\n this._refreshTimer = setTimeout(() => {\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {\n // Increments retryCount and, if still under MAX_RETRIES, schedules\n // another retry using exponential backoff (capped at 60s)\n retryCount++\n if (retryCount <= MAX_RETRIES) {\n const nextDelay = Math.min(\n RETRY_DELAY_MS * 2 ** (retryCount - 1),\n 60_000,\n )\n this._refreshTimer = setTimeout(() => {\n // When the timer fires we clear the stored id and call _refreshToken() in a\n // fire-and-forget manner (void ... .catch(...)) so the retry runs asynchronously\n // and doesn't block or change the control flow of the original caller.\n this._refreshTimer = undefined\n void this._refreshToken().catch(() => {})\n }, nextDelay)\n }\n })\n }, RETRY_DELAY_MS)\n\n throw error\n } finally {\n this._refreshPromise = undefined\n }\n })()\n\n return this._refreshPromise\n }\n}\n\nexport { SignerClient }\nexport type {\n SignerClientConstructorParams,\n SignerClientInheritedConstructorParams,\n}\n","class UnauthorizedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthorizedError.name\n }\n}\n\nexport { UnauthorizedError }\n","class NotFoundError extends Error {\n constructor(message: string) {\n super(message)\n this.name = NotFoundError.name\n }\n}\n\nexport { NotFoundError }\n","class UnauthenticatedError extends Error {\n constructor(message: string) {\n super(message)\n this.name = UnauthenticatedError.name\n }\n}\n\nexport { UnauthenticatedError }\n","import {\n type Chain,\n type Client,\n type GetTransactionType,\n type Hex,\n type IsNarrowable,\n type JsonRpcAccount,\n type LocalAccount,\n type TypedData,\n type TypedDataDefinition,\n type SignableMessage,\n type SerializeTransactionFn,\n type TransactionSerializable,\n type TransactionSerialized,\n type Transport,\n hashMessage,\n hashTypedData,\n serializeTransaction,\n keccak256,\n hexToBigInt,\n http,\n} from 'viem'\nimport { toAccount } from 'viem/accounts'\nimport { SignerClient } from '../signer/index.js'\nimport { LibBytes } from '../lib/bytes.js'\nimport { toLightSmartAccount } from 'permissionless/accounts'\nimport {\n createPaymasterClient,\n entryPoint07Address,\n} from 'viem/account-abstraction'\nimport { UnauthenticatedError } from '../errors/UnauthenticatedError.js'\n\ntype CurrentUserToLightSmartAccountParams = {\n owner: LocalAccount\n client: Client<\n Transport,\n Chain | undefined,\n JsonRpcAccount | LocalAccount | undefined\n >\n}\n\nclass ViemModule {\n constructor(private readonly _signerClient: SignerClient) {}\n\n async toLocalAccount(): Promise<LocalAccount> {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toAccount({\n address: user.walletAddress,\n signMessage: ({ message }: { message: SignableMessage }) =>\n this.signMessage(message),\n signTypedData: <\n const typedData extends TypedData | Record<string, unknown>,\n primaryType extends keyof typedData | 'EIP712Domain' = keyof typedData,\n >(\n typedDataDefinition: TypedDataDefinition<typedData, primaryType>,\n ) => this.signTypedData<typedData, primaryType>(typedDataDefinition),\n signTransaction: this.signTransaction,\n })\n }\n\n async toSmartAccount({\n client,\n owner,\n }: CurrentUserToLightSmartAccountParams): ReturnType<\n typeof toLightSmartAccount<'0.7'>\n > {\n const user = await this._signerClient.getUser()\n\n if (!user) {\n throw new UnauthenticatedError('Signer not authenticated')\n }\n\n return toLightSmartAccount({\n client,\n owner,\n version: '2.0.0',\n entryPoint: {\n address: entryPoint07Address,\n version: '0.7',\n },\n address: user.smartAccountAddress,\n index: hexToBigInt(user.salt),\n })\n }\n\n async getPaymasterClient() {\n const url = new URL(\n `v1/rpc?apiKey=${this._signerClient.configuration.apiKey}`,\n this._signerClient.configuration.paymasterRpcUrl,\n )\n return createPaymasterClient({\n transport: http(url.toString()),\n })\n }\n\n async signMessage(msg: SignableMessage): Promise<Hex> {\n const messageHash = hashMessage(msg)\n const result = await this._signerClient.signRawMessage<Hex>(messageHash)\n return result\n }\n\n async signTypedData<\n TTypedData extends TypedData | Record<string, unknown>,\n TPrimaryType extends keyof TTypedData | 'EIP712Domain' = keyof TTypedData,\n >(params: TypedDataDefinition<TTypedData, TPrimaryType>): Promise<Hex> {\n const messageHash = hashTypedData(params)\n return this._signerClient.signRawMessage(messageHash)\n }\n\n async signTransaction<\n serializer extends SerializeTransactionFn<TransactionSerializable> = SerializeTransactionFn<TransactionSerializable>,\n transaction extends Parameters<serializer>[0] = Parameters<serializer>[0],\n >(\n transaction: transaction,\n options?:\n | {\n serializer?: serializer | undefined\n }\n | undefined,\n ): Promise<\n IsNarrowable<\n TransactionSerialized<GetTransactionType<transaction>>,\n Hex\n > extends true\n ? TransactionSerialized<GetTransactionType<transaction>>\n : Hex\n > {\n const serializeFn = options?.serializer ?? serializeTransaction\n const serializedTx = await serializeFn(transaction)\n const signatureHex = await this._signerClient.signRawMessage<Hex>(\n keccak256(serializedTx),\n )\n\n const signature = {\n r: LibBytes.takeBytes(signatureHex, { count: 32 }),\n s: LibBytes.takeBytes(signatureHex, { count: 32, offset: 32 }),\n v: BigInt(LibBytes.takeBytes(signatureHex, { count: 1, offset: 64 })),\n }\n\n return serializeFn(transaction, signature)\n }\n}\n\nexport { ViemModule }\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACUA,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjE,MAAM,WAAW,QAA4C;AAC3D,WAAO,KAAK,iBAAiB,cAAc,MAAM;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAAgD;AAC7D,UAAM,KAAK,iBAAiB,kBAAkB,MAAM;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,gBAA8C;AAClD,WAAO,KAAK,iBAAiB,mBAAmB;AAAA,EAClD;AACF;;;ACpCA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjE,MAAM,OAAO,QAA8B;AACzC,WAAO,KAAK,iBAAiB,eAAe,MAAM;AAAA,EACpD;AACF;;;ACjBA,WAAsB;;;ACAtB,IAAM,YAAN,MAAgB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKd,aAAa,UACX,OACiB;AAEjB,QAAI;AACJ,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,IACvC,WAAW,iBAAiB,YAAY;AACtC,aAAO;AAAA,IACT,OAAO;AACL,aAAO,IAAI,WAAW,KAAK;AAAA,IAC7B;AAGA,UAAM,SACJ,OAAO,eAAe,eAAgB,WAAmB,QAAQ,SAC5D,WAAmB,OAAO,SAC3B;AAEN,QAAI,QAAQ;AACV,YAAM,OAAO,MAAM,OAAO,OAAO,WAAW,IAAI;AAChD,aAAO,MAAM,KAAK,IAAI,WAAW,IAAI,CAAC,EACnC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AAAA,IACZ;AAGA,QAAI;AACF,YAAM,aAAa,QAAQ,QAAQ;AACnC,YAAM,OAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACtE,aAAO;AAAA,IACT,QAAQ;AACN,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ADtCA,IAAM,eAAN,MAAmB;AAAA,EACjB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,QAAQ;AAEpE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,kBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D;AAAA,MACA;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AEnCA,IAAM,kBAAN,MAAM,yBAAwB,MAAM;AAAA,EAClC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,iBAAgB;AAAA,EAC9B;AACF;;;ACHA,IAAAA,QAAsB;AAEtB,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAC3D,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AAEF,UAAM,MAAM,IAAS,mBAAa;AAAA,MAChC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D;AAAA,MACA;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AAEV,UAAM,WAAW,MAAM,MAAM,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO;AAAA,MACT,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,wCAAwC,SAAS,UAAU;AAAA,MAC7D;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,MAAM,SAAS,KAAK;AACxC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,gBAAgB,SAAS,UAAU;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT;AACF;;;AC5CA,IAAAC,QAAsB;AAItB,IAAM,cAAN,MAAkB;AAAA,EAChB,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA,EAEjE,MAAM,OAAwB;AAC5B,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,UAAU,MAAM,KAAK,iBAAiB,gBAAgB,OAAO;AAEnE,UAAM,MAAM,IAAI,IAAI,OAAO;AAE3B,UAAM,cAAc,IAAI;AAAA,MACtB;AAAA,MACA,KAAK,iBAAiB,cAAc;AAAA,IACtC,EAAE;AACF,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAEhD,UAAM,YAAY,MAAM,KAAK,iBAAiB,aAAa;AAE3D,UAAM,QAAQ,MAAM,UAAU,UAAU,SAAS;AACjD,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,UAAM,QAAQ,IAAS,mBAAa;AAAA,MAClC,QAAQ,KAAK,iBAAiB,cAAc;AAAA,MAC5C,aAAa,KAAK,iBAAiB,mBAAoB,OAAO;AAAA,MAC9D;AAAA,MACA;AAAA,MACA,QAAQ,OAAO,SAAS;AAAA,IAC1B,CAAC,EAAE,OAAO;AACV,QAAI,aAAa,IAAI,SAAS,KAAK;AAEnC,WAAO,IAAI,SAAS;AAAA,EACtB;AACF;;;AC1BA,IAAM,cAAN,MAAkB;AAAA,EAKhB,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;AAC3D,SAAK,kBAAkB,IAAI,eAAe,KAAK,gBAAgB;AAC/D,SAAK,eAAe,IAAI,YAAY,KAAK,gBAAgB;AAAA,EAC3D;AAAA,EARiB;AAAA,EACA;AAAA,EACA;AAAA,EAQjB,IAAI,SAAS;AACX,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,SAAS,QAA4C;AACzD,UAAM,KAAK,iBAAiB,cAAc,MAAM;AAAA,EAClD;AACF;;;AChCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUf,YAA6B,kBAAmC;AAAnC;AAC3B,SAAK,YAAY,IAAI,eAAe,KAAK,gBAAgB;AACzD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AACnD,SAAK,SAAS,IAAI,YAAY,KAAK,gBAAgB;AAAA,EACrD;AAAA,EAbiB;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAgBjB,IAAI,WAAW;AACb,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,QAAQ;AACV,WAAO,KAAK;AAAA,EACd;AACF;;;ACnCA,IAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMf,YAA6B,kBAAmC;AAAnC;AAAA,EAAoC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjE,MAAM,UAAyB;AAC7B,WAAO,KAAK,iBAAiB,QAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA+B;AACnC,WAAO,KAAK,iBAAiB,WAAW;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA4B;AAChC,WAAO,KAAK,iBAAiB,SAAS;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAwB;AAC5B,WAAO,KAAK,iBAAiB,OAAO;AAAA,EACtC;AACF;;;AC5CA,IAAAC,eAAuC;AACvC,8BAAgC;;;ACIhC,IAAM,YAAN,MAAgB;AAAA;AAAA,EAEd,OAAO,WAAW,QAA6B;AAC7C,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,UAAM,aAAa;AACnB,QAAI,SAAS;AACb,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,YAAY;AACjD,YAAM,QAAQ,MAAM,SAAS,GAAG,IAAI,UAAU;AAE9C,gBAAU,OAAO,aAAa,GAAI,KAAa;AAAA,IACjD;AACA,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC1C,WAAO,OAAO,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,EACzE;AAAA;AAAA,EAGA,OAAO,SAAS,WAAgC;AAC9C,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAC3D,UAAM,MAAM,OAAO,SAAS;AAC5B,QAAI,IAAK,WAAU,IAAI,OAAO,IAAI,GAAG;AAErC,UAAM,SACJ,OAAO,SAAS,aACZ,KAAK,MAAM,IACX,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,QAAQ;AACrD,UAAM,MAAM,OAAO;AACnB,UAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,aAAS,IAAI,GAAG,IAAI,KAAK,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAC5D,WAAO,MAAM;AAAA,EACf;AACF;;;AC/BA,IAAM,WAAN,MAAe;AAAA,EACb,OAAO,uBAAuB,MAAmB;AAC/C,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,IAAI;AAAA,EACb;AAAA,EAEA,OAAO,YAAY,CACjB,OACA,SAA0B,CAAC,MACZ;AACf,UAAM,EAAE,QAAQ,MAAM,IAAI;AAC1B,UAAM,SAAS,SAAS,SAAS,IAAI,KAAK;AAC1C,UAAM,MAAM,QAAQ,QAAQ,QAAQ,IAAI;AAExC,WAAO,KAAK,MAAM,MAAM,OAAO,GAAG,CAAC;AAAA,EACrC;AACF;;;ACxBA,qBAA2C;AAC3C,wBAA2C;AAgB3C,IAAM,eAAN,MAAmB;AAAA,EACA;AAAA,EAEjB,cAAc;AAEZ,SAAK,aAAS,4BAA0B;AAAA,UACtC,2BAAQ,KAAK,kBAAkB;AAAA,QAC7B,MAAM;AAAA,QACN,aAAS,qCAAkB,MAAM,YAAY;AAAA;AAAA,QAE7C,YAAY,CAAC,WAAW;AAAA,UACtB,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,QACf;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,IAAI,OAAgC;AAClC,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAmB;AAC1B,SAAK,OAAO,SAAS,EAAE,KAAK,CAAC;AAAA,EAC/B;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,IAAI,OAAyB;AAC3B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,KAAK,MAAY;AACnB,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,KAAK,CAAC;AAAA,EAC1D;AAAA,EAEA,IAAI,QAA4B;AAC9B,WAAO,KAAK,OAAO,SAAS,EAAE;AAAA,EAChC;AAAA,EAEA,IAAI,MAAM,OAAe;AACvB,SAAK,OAAO,SAAS,EAAE,MAAM,CAAC;AAAA,EAChC;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,YAAY;AACV,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,MAAM,OAAU,CAAC;AAAA,EACrE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,aAAa;AACX,SAAK,OAAO,SAAS,EAAE,GAAG,KAAK,OAAO,SAAS,GAAG,OAAO,OAAU,CAAC;AAAA,EACtE;AAAA,EAEA,WAAW;AACT,SAAK,WAAW;AAChB,SAAK,UAAU;AACf,SAAK,UAAU;AACf,SAAK,WAAW;AAAA,EAClB;AAAA,EAEQ,mBAAiC;AACvC,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM;AAAA,MACN,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AClGA,kBAA8B;;;ACA9B,IAAM,oBAAN,MAAM,2BAA0B,MAAM;AAAA,EACpC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,mBAAkB;AAAA,EAChC;AACF;;;ACLA,IAAM,gBAAN,MAAM,uBAAsB,MAAM;AAAA,EAChC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,eAAc;AAAA,EAC5B;AACF;;;ACLA,IAAM,uBAAN,MAAM,8BAA6B,MAAM;AAAA,EACvC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO,sBAAqB;AAAA,EACnC;AACF;;;AHSA,kBAA0B;AAiB1B,IAAe,eAAf,MAA4B;AAAA,EACP;AAAA,EACA;AAAA,EAGA;AAAA,EAEX;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV;AAAA,IACA,eAAe,EAAE,QAAQ,iBAAiB,GAAG,sBAAsB;AAAA,EACrE,GAAkC;AAChC,SAAK,iBAAiB,IAAI;AAAA,MACxB,EAAE,SAAS,0BAA0B;AAAA,MACrC;AAAA,IACF;AAEA,SAAK,iBAAiB;AAAA,MACpB,GAAG;AAAA,MACH,QAAQ,UAAU;AAAA,MAClB,iBAAiB,mBAAmB;AAAA,IACtC;AAEA,SAAK,gBAAgB,IAAI,aAAa;AAAA,EACxC;AAAA,EAEA,IAAI,gBAAqD;AACvD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,UAAU;AACrB,QAAI,KAAK,cAAc,KAAM,QAAO,KAAK,cAAc;AAEvD,QAAI;AACF,YAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,WAAK,cAAc,OAAO;AAC1B,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,UAAI,iBAAiB,mBAAmB;AACtC,YAAI;AACF,gBAAM,KAAK,cAAc;AACzB,gBAAM,OAAO,MAAM,KAAK,QAAQ,UAAU,KAAK;AAC/C,eAAK,cAAc,OAAO;AAC1B,iBAAO;AAAA,QACT,SAASC,QAAO;AACd,gBAAMA;AAAA,QACR;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAa,aAAa;AACxB,UAAM,QAAQ,KAAK,cAAc;AAGjC,QAAI,SAAS,CAAC,KAAK,gBAAgB,KAAK,EAAG,QAAO;AAGlD,QAAI;AACF,YAAM,KAAK,cAAc;AACzB,aAAO,CAAC,CAAC,KAAK,cAAc;AAAA,IAC9B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,WAA4B;AAEvC,QAAI,CAAC,KAAK,cAAc,OAAO;AAE7B,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF,WAAW,KAAK,gBAAgB,KAAK,cAAc,KAAK,GAAG;AAEzD,UAAI;AACF,cAAM,KAAK,cAAc;AAAA,MAC3B,QAAQ;AACN,cAAM,IAAI,kBAAkB,kCAAkC;AAAA,MAChE;AAAA,IACF;AAEA,UAAM,QAAQ,KAAK,cAAc;AACjC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,kBAAkB,6CAA6C;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,gBAAgB,OAAwB;AAC9C,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,OAAO,QAAQ,QAAQ,UAAU;AACnC,eAAO,QAAQ,MAAM,OAAQ,KAAK,IAAI;AAAA,MACxC;AACA,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,SAAS;AACpB,QAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,SAAK,gBAAgB;AACrB,UAAM,gBAAgB,KAAK,UAAU;AAAA,MACnC,WAAW,KAAK,IAAI;AAAA,MACpB,MAAM;AAAA,IACR,CAAC;AACD,UAAM,QAAQ,MAAM,KAAK,eAAe,QAAQ,MAAM,aAAa;AACnE,UAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,SAAS,eAAe,MAAM,CAAC;AAC1E,SAAK,cAAc,SAAS;AAAA,EAC9B;AAAA,EAEA,MAAa,eAAoC,KAA4B;AAC3E,QAAI,CAAC,KAAK,cAAc,SAAS,CAAC,KAAK,cAAc,MAAM;AACzD,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,iBAAiB,MAAM,KAAK,eAAe,oBAAoB;AAAA,MACnE,gBAAgB,KAAK,cAAc,KAAK;AAAA,MACxC,MAAM;AAAA,MACN,aAAa,KAAK,IAAI,EAAE,SAAS;AAAA,MACjC,YAAY;AAAA,QACV,UAAU;AAAA,QACV,cAAc;AAAA,QACd,SAAS;AAAA,QACT,UAAU,KAAK,cAAc,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAED,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK,QAAQ,YAAY,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAa;AAAA,EACf;AAAA,EAEA,IAAc,QAAQ,SAAmC;AACvD,SAAK,eAAe,UAAU;AAAA,EAChC;AAAA,EAEA,IAAc,UAAoC;AAChD,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA,EAEA,MAAgB,WAAW,OAAuC;AAChE,QAAI;AACF,YAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ,EAAE,MAAM,CAAC;AACvE,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,cAAe,QAAO;AAC3C,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAgB,OAAO,UAAkB,WAAmB;AAC1D,UAAM,iBAAiB,MAAM,KAAK,eAAe,eAAe;AAAA,MAC9D,gBAAgB;AAAA,IAClB,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,cAAc,QAAQ;AAAA,MAC/D;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,gBAAgB,MAAM;AAC1B,UAAI;AACF,eAAO,KAAK,MAAM,eAAe,MAAM,gBAAgB,EACpD;AAAA,MACL,SAAS,GAAG;AACV,eAAO;AAAA,MACT;AAAA,IACF,GAAG;AAEH,SAAK,cAAc,OAAO;AAAA,MACxB,GAAG;AAAA,MACH;AAAA,IACF;AACA,SAAK,cAAc,QAAQ;AAC3B,SAAK,iBAAiB,KAAK;AAC3B,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,iBAAiB,KAAK,UAAU;AAAA,MACpC,WAAW,KAAK,IAAI;AAAA,MACpB,MAAM;AAAA,IACR,CAAC;AACD,UAAM,QAAQ,MAAM,KAAK,eAAe,QAAQ,MAAM,cAAc;AACpE,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,eAAe,QAAQ;AAAA,MAC1D,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,SAAK,cAAc,QAAQ;AAC3B,WAAO,EAAE,MAAM;AAAA,EACjB;AAAA,EAEA,MAAgB,QACd,OACA,QACA,MAC2C;AAC3C,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,KAAK,eAAe,MAAM;AAC1D,UAAM,QAAQ,KAAK,cAAc;AAEjC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,KAAK,eAAe;AAAA,IACrC;AAEA,QAAI,OAAO;AACT,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC5C;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC;AAAA,MACA,MAAM,WAAW,SAAS,KAAK,UAAU,IAAI,IAAI;AAAA,MACjD;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,MAAM,IAAK,MAAM,SAAS,KAAK;AAI7C,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM;AAAA,QAClB,KAAK,qBAAqB;AACxB,gBAAM,IAAI,kBAAkB,MAAM,OAAO;AAAA,QAC3C;AAAA,QACA,KAAK,iBAAiB;AACpB,gBAAM,IAAI,cAAc,MAAM,OAAO;AAAA,QACvC;AAAA,QACA,KAAK,mBAAmB;AACtB,gBAAM,IAAI,gBAAgB,MAAM,OAAO;AAAA,QACzC;AAAA,QACA,SAAS;AACP,gBAAM,IAAI,MAAM,MAAM,OAAO;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,GAAG,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAuB,YAAoB,eAAe,GAAW;AAC3E,UAAM,WAAW,aAAa;AAC9B,UAAM,YAAY,WAAW,eAAe,KAAK;AACjD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,YAAY;AAC1B,WAAO,SAAS,IAAI,IAAI;AAAA,EAC1B;AAAA,EAEU,iBAAiB,OAAe;AACxC,QAAI;AACF,YAAM,cAAU,uBAAU,KAAK;AAC/B,UAAI,CAAC,QAAQ,IAAK;AAElB,YAAM,QAAQ,KAAK,uBAAuB,QAAQ,KAAK,CAAC;AAGxD,UAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AAGvD,WAAK,gBAAgB,WAAW,MAAM;AACpC,aAAK,gBAAgB;AACrB,aAAK,cAAc;AAAA,MACrB,GAAG,KAAK;AAAA,IACV,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAc,gBAA+B;AAC3C,QAAI,KAAK,gBAAiB,QAAO,KAAK;AAGtC,SAAK,mBAAmB,YAAY;AAClC,YAAM,aAAa;AACnB,YAAM,iBAAiB;AAEvB,UAAI;AAEF,cAAM,iBAAiB,KAAK,gBAAgB;AAC5C,cAAM,OAAO,MAAM,QAAQ,KAAK;AAAA,UAC9B;AAAA,UACA,IAAI;AAAA,YAAe,CAAC,GAAG,WACrB,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,UAAU;AAAA,UACnE;AAAA,QACF,CAAC;AAED,YAAI,CAAC,QAAQ,CAAC,KAAK,OAAO;AAExB,gBAAM,IAAI,kBAAkB,+BAA+B;AAAA,QAC7D;AAEA,aAAK,cAAc,QAAQ,KAAK;AAChC,aAAK,iBAAiB,KAAK,KAAK;AAAA,MAClC,SAAS,OAAO;AACd,gBAAQ,MAAM,yBAAyB,KAAK;AAE5C,YAAI,iBAAiB,mBAAmB;AACtC,eAAK,cAAc,WAAW;AAC9B,eAAK,cAAc,UAAU;AAE7B,gBAAM;AAAA,QACR;AAGA,YAAI,KAAK,cAAe,cAAa,KAAK,aAAa;AACvD,cAAM,cAAc;AACpB,YAAI,aAAa;AAGjB,aAAK,gBAAgB,WAAW,MAAM;AACpC,eAAK,gBAAgB;AACrB,eAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAGpC;AACA,gBAAI,cAAc,aAAa;AAC7B,oBAAM,YAAY,KAAK;AAAA,gBACrB,iBAAiB,MAAM,aAAa;AAAA,gBACpC;AAAA,cACF;AACA,mBAAK,gBAAgB,WAAW,MAAM;AAIpC,qBAAK,gBAAgB;AACrB,qBAAK,KAAK,cAAc,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AAAA,cAC1C,GAAG,SAAS;AAAA,YACd;AAAA,UACF,CAAC;AAAA,QACH,GAAG,cAAc;AAEjB,cAAM;AAAA,MACR,UAAE;AACA,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF,GAAG;AAEH,WAAO,KAAK;AAAA,EACd;AACF;;;AJ5XA,gCAAiC;AAsCjC,IAAM,kBAAN,cAA8B,aAAa;AAAA,EACjC;AAAA,EACA;AAAA,EAEC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOT,YAAY;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,GAAqC;AACnC,UAAM,mBAAmB,IAAI,2CAAiB;AAE9C,UAAM;AAAA,MACJ,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,SAAK,mBAAmB;AACxB,SAAK,kBAAkB,IAAI,wCAAgB,EAAE,MAAM,SAAS,KAAK,CAAC;AAElE,SAAK,qBAAqB;AAAA,EAC5B;AAAA,EAEA,MAAsB,aAAa;AACjC,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,WAAW;AAAA,EAC1B;AAAA,EAEA,MAAsB,SAAS;AAE7B,UAAM,KAAK,sBAAsB;AACjC,UAAM,OAAO;AACb,SAAK,iBAAiB,MAAM;AAAA,EAC9B;AAAA,EAEA,MAAsB,eACpB,KACe;AACf,UAAM,KAAK,eAAe;AAC1B,WAAO,MAAM,eAAe,GAAG;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,gBAAgB,UAAkB;AAC7C,UAAM,EAAE,IAAI,IAAI,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC3D;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,EAAE,MAAM,GAAyB;AAC3D,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,uBAAuB,MAAM,KAAK,WAAW,KAAK;AACxD,SAAK,cAAc;AACnB,SAAK,UAAU,KAAK;AAEpB,QAAI,CAAC,sBAAsB;AACzB,YAAM,EAAE,WAAW,YAAY,IAC7B,MAAM,KAAK,6BAA6B,KAAK;AAE/C,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,QAAQ,oBAAoB,QAAQ;AAAA,QACrE;AAAA,QACA,WAAW,UAAU,WAAW,SAAS;AAAA,QACzC;AAAA,QACA;AAAA,MACF,CAAC;AAED,WAAK,cAAc,OAAO;AAAA,QACxB,GAAG;AAAA,QACH,cAAc,YAAY;AAAA,MAC5B;AACA,WAAK,cAAc,QAAQ;AAAA,IAC7B,OAAO;AACL,YAAM,KAAK,OAAO,sBAAsB,SAAS;AAGjD,UAAI,CAAC,KAAK,cAAc,QAAQ,CAAC,KAAK,cAAc,KAAK,cAAc;AACrE;AAAA,MACF;AAEA,WAAK,gBAAgB,mBAAmB;AAAA,QACtC;AAAA,UACE,IAAI,UAAU,SAAS,KAAK,cAAc,KAAK,YAAY;AAAA,UAC3D,MAAM;AAAA,UACN,YAAY,CAAC,YAAY,KAAK;AAAA,QAChC;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,KAAK,iBAAiB,aAAa;AACzC,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,eAAe,MAAM;AAClD,QAAI,CAAC,MAAO,OAAM,IAAI,cAAc,gCAAgC;AACpE,SAAK,cAAc,QAAQ;AAAA,EAC7B;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,WAAO,KAAK,iBAAiB,aAAa;AAAA,EAC5C;AAAA,EAEA,MAAa,eAAe;AAC1B,UAAM,KAAK,sBAAsB;AACjC,UAAM,KAAK,iBAAiB,aAAa;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,kBAAkB,QAAiC;AAC9D,QAAI,CAAC,KAAK,cAAc;AACtB,YAAM,IAAI,cAAc,mCAAmC;AAE7D,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,sBAAsB,QAAQ;AAAA,MACpE,OAAO,KAAK,cAAc;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB;AAAA,IACF,CAAC;AAED,QAAI,CAAC;AACH,YAAM,IAAI,cAAc,0CAA0C;AAEpE,UAAM,KAAK,OAAO,UAAU,SAAS;AACrC,SAAK,cAAc;AACnB,SAAK,cAAc,WAAW;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cAAc,QAA6B;AACtD,UAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,UAAM,KAAK,OAAO,OAAO,UAAU,SAAS;AAC5C,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,qBAAqB;AAChC,UAAM,EAAE,OAAO,IAAI,MAAM,KAAK,QAAQ,oBAAoB,KAAK;AAC/D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,iBAAiB;AAE7B,QACE,KAAK,cAAc,SAAS,UAC5B,KAAK,cAAc,UAAU;AAE7B;AACF,QAAI,KAAK,cAAc,oCAA+B;AACpD,WAAK,UAAU,KAAK;AAAA,IACtB,OAAO;AACL,WAAK,UAAU,KAAK;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAe,QAA6B;AACxD,UAAM,WAAW,MAAM,KAAK,QAAQ,kBAAkB,QAAQ;AAAA,MAC5D,OAAO,OAAO;AAAA,MACd,aAAa,OAAO,cAChB,OAAO,YAAY,SAAS,IAC5B;AAAA,IACN,CAAC;AAED,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,6BAA6B,OAAe;AACxD,UAAM,YAAY,SAAS,qBAAqB;AAChD,UAAM,sBAAsB,SAAS,qBAAqB;AAE1D,UAAM,cAAc,UAAM,qCAAuB;AAAA,MAC/C,WAAW;AAAA,QACT,wBAAwB;AAAA,UACtB,aAAa;AAAA,UACb,oBAAoB;AAAA,UACpB,kBAAkB;AAAA,QACpB;AAAA,QACA;AAAA,QACA,IAAI;AAAA,UACF,IAAI,OAAO,SAAS;AAAA,UACpB,MAAM,OAAO,SAAS;AAAA,QACxB;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,UACA;AAAA,YACE,MAAM;AAAA,YACN,KAAK;AAAA,UACP;AAAA,QACF;AAAA,QACA,MAAM;AAAA,UACJ,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,EAAE,WAAW,aAAa,oBAAoB;AAAA,EACvD;AAAA,EAEA,MAAc,wBAAwB;AACpC,QAAI,CAAC,KAAK,iBAAiB,aAAa,GAAG;AACzC,YAAM,KAAK,iBAAiB,KAAK;AAAA,IACnC;AACA,SAAK,UAAU,KAAK;AAAA,EACtB;AACF;;;AQvSA,kBAqBO;AACP,sBAA0B;AAG1B,IAAAC,mBAAoC;AACpC,iCAGO;AAYP,IAAM,aAAN,MAAiB;AAAA,EACf,YAA6B,eAA6B;AAA7B;AAAA,EAA8B;AAAA,EAE3D,MAAM,iBAAwC;AAC5C,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,2BAAU;AAAA,MACf,SAAS,KAAK;AAAA,MACd,aAAa,CAAC,EAAE,QAAQ,MACtB,KAAK,YAAY,OAAO;AAAA,MAC1B,eAAe,CAIb,wBACG,KAAK,cAAsC,mBAAmB;AAAA,MACnE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,EACF,GAEE;AACA,UAAM,OAAO,MAAM,KAAK,cAAc,QAAQ;AAE9C,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,qBAAqB,0BAA0B;AAAA,IAC3D;AAEA,eAAO,sCAAoB;AAAA,MACzB;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,YAAY;AAAA,QACV,SAAS;AAAA,QACT,SAAS;AAAA,MACX;AAAA,MACA,SAAS,KAAK;AAAA,MACd,WAAO,yBAAY,KAAK,IAAI;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB;AACzB,UAAM,MAAM,IAAI;AAAA,MACd,iBAAiB,KAAK,cAAc,cAAc,MAAM;AAAA,MACxD,KAAK,cAAc,cAAc;AAAA,IACnC;AACA,eAAO,kDAAsB;AAAA,MAC3B,eAAW,kBAAK,IAAI,SAAS,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,YAAY,KAAoC;AACpD,UAAM,kBAAc,yBAAY,GAAG;AACnC,UAAM,SAAS,MAAM,KAAK,cAAc,eAAoB,WAAW;AACvE,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAGJ,QAAqE;AACrE,UAAM,kBAAc,2BAAc,MAAM;AACxC,WAAO,KAAK,cAAc,eAAe,WAAW;AAAA,EACtD;AAAA,EAEA,MAAM,gBAIJ,aACA,SAYA;AACA,UAAM,cAAc,SAAS,cAAc;AAC3C,UAAM,eAAe,MAAM,YAAY,WAAW;AAClD,UAAM,eAAe,MAAM,KAAK,cAAc;AAAA,UAC5C,uBAAU,YAAY;AAAA,IACxB;AAEA,UAAM,YAAY;AAAA,MAChB,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,CAAC;AAAA,MACjD,GAAG,SAAS,UAAU,cAAc,EAAE,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,MAC7D,GAAG,OAAO,SAAS,UAAU,cAAc,EAAE,OAAO,GAAG,QAAQ,GAAG,CAAC,CAAC;AAAA,IACtE;AAEA,WAAO,YAAY,aAAa,SAAS;AAAA,EAC3C;AACF;;;AnBlIA,IAAM,iBAAN,MAAqB;AAAA,EACF;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BjB,YAAY;AAAA,IACV;AAAA,IACA,MAAM,EAAE,UAAU,MAAM;AAAA,EAC1B,GAAoC;AAClC,SAAK,mBAAmB,IAAI,gBAAgB;AAAA,MAC1C;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAED,SAAK,WAAW;AAAA,MACd,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,MAC1C,MAAM,IAAI,WAAW,KAAK,gBAAgB;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,OAAO;AACT,WAAO,KAAK,SAAS;AAAA,EACvB;AACF;","names":["jose","jose","import_http","error","import_accounts"]}
|