@lumiapassport/core 1.16.0 → 1.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/auth/index.cjs +33 -17
  2. package/dist/auth/index.cjs.map +1 -1
  3. package/dist/auth/index.d.cts +4 -1
  4. package/dist/auth/index.d.ts +4 -1
  5. package/dist/auth/index.js +33 -17
  6. package/dist/auth/index.js.map +1 -1
  7. package/dist/index.cjs +33 -17
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.js +33 -17
  10. package/dist/index.js.map +1 -1
  11. package/dist/internal/error-tracking.cjs +1 -1
  12. package/dist/internal/error-tracking.js +1 -1
  13. package/package.json +1 -1
package/dist/auth/index.cjs CHANGED
@@ -319,17 +319,18 @@ var JwtTokenManager = class {
319
319
  }
320
320
  const refreshToken = this.getRefreshToken();
321
321
  if (!refreshToken) {
322
- console.warn("[JWT] No refresh token available for refresh");
323
- return false;
322
+ console.log("[JWT] No refresh token in storage, attempting cookie-based refresh...");
323
+ } else {
324
+ console.log("[JWT] Starting new token refresh operation with stored refresh token...");
324
325
  }
325
- console.log("[JWT] Starting new token refresh operation...");
326
326
  this.refreshPromise = (async () => {
327
327
  try {
328
+ const requestBody = refreshToken ? JSON.stringify({ refreshToken }) : JSON.stringify({});
328
329
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {
329
330
  method: "POST",
330
331
  headers: { "Content-Type": "application/json" },
331
332
  credentials: "include",
332
- body: JSON.stringify({ refreshToken })
333
+ body: requestBody
333
334
  });
334
335
  if (!response.ok) {
335
336
  console.log("[JWT] Token refresh failed with status:", response.status);
@@ -360,17 +361,32 @@ var JwtTokenManager = class {
360
361
  }
361
362
  const refreshResponse = await response.json();
362
363
  console.log("[JWT] Token refresh successful, new expiry in:", refreshResponse.expiresIn, "seconds");
363
- if (this.tokens) {
364
+ if (!this.tokens) {
365
+ this.tokens = {
366
+ accessToken: refreshResponse.accessToken,
367
+ refreshToken: refreshResponse.refreshToken || "",
368
+ // May be empty if staying in cookies
369
+ expiresIn: refreshResponse.expiresIn,
370
+ expiresAt: Date.now() + refreshResponse.expiresIn * 1e3,
371
+ userId: refreshResponse.userId,
372
+ displayName: null,
373
+ avatar: null,
374
+ providers: refreshResponse.providers || [],
375
+ hasKeyshare: false
376
+ };
377
+ } else {
364
378
  this.tokens.accessToken = refreshResponse.accessToken;
365
- this.tokens.refreshToken = refreshResponse.refreshToken;
379
+ if (refreshResponse.refreshToken) {
380
+ this.tokens.refreshToken = refreshResponse.refreshToken;
381
+ }
366
382
  this.tokens.expiresIn = refreshResponse.expiresIn;
367
383
  this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1e3;
368
- await this.saveTokensToStorage();
369
- console.log("[JWT] Refreshed tokens saved to storage");
370
- return true;
384
+ this.tokens.userId = refreshResponse.userId;
385
+ this.tokens.providers = refreshResponse.providers || this.tokens.providers;
371
386
  }
372
- console.error("[JWT] No existing tokens to update");
373
- return false;
387
+ await this.saveTokensToStorage();
388
+ console.log("[JWT] Refreshed tokens saved to storage");
389
+ return true;
374
390
  } catch (error) {
375
391
  console.error("[JWT] Token refresh network error:", error);
376
392
  return false;
@@ -484,13 +500,13 @@ async function ensureValidToken(manager = jwtTokenManager) {
484
500
  console.log("[JWT] Access token expired or missing, attempting refresh...");
485
501
  const refreshToken = manager.getRefreshToken();
486
502
  if (refreshToken) {
487
- console.log("[JWT] Refresh token available, attempting to refresh access token");
488
- const refreshSuccess = await manager.refreshAccessToken();
489
- console.log("[JWT] Refresh attempt result:", refreshSuccess);
490
- return refreshSuccess;
503
+ console.log("[JWT] Refresh token available in storage, attempting refresh");
504
+ } else {
505
+ console.log("[JWT] No refresh token in storage, attempting cookie-based refresh...");
491
506
  }
492
- console.log("[JWT] No refresh token available, user needs to re-authenticate");
493
- return false;
507
+ const refreshSuccess = await manager.refreshAccessToken();
508
+ console.log("[JWT] Refresh attempt result:", refreshSuccess);
509
+ return refreshSuccess;
494
510
  }
495
511
  async function getValidTokens(manager = jwtTokenManager) {
496
512
  const hasValidToken = await ensureValidToken(manager);
package/dist/auth/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/auth/base64url.ts","../../src/auth/storage.ts","../../src/utils/project-id.ts","../../src/auth/jwt.ts"],"names":[],"mappings":";;;AAUO,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChF;AAOO,SAAS,sBAAsB,SAAA,EAA+B;AACnE,EAAA,MAAM,MAAA,GAAS,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC7D,EAAA,MAAM,MAAM,MAAA,CAAO,MAAA,GAAS,IAAI,CAAA,GAAK,MAAA,CAAO,SAAS,CAAA,GAAK,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA;AACtC,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,oBAAoB,MAAA,EAA6B;AAC/D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;;;ACbO,IAAM,gBAAN,MAA4C;AAAA,EACzC,OAAA,uBAAc,GAAA,EAAoB;AAAA,EAE1C,QAAQ,GAAA,EAA4B;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAClC;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC7B;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,OAAA,CAAQ,IAAA;AAAA,EACtB;AACF;AAMO,IAAM,sBAAN,MAAkD;AAAA,EAC/C,QAAA,GAAiC,IAAA;AAAA,EAEzC,WAAA,GAAc;AAEZ,IAAA,IAAI,CAAC,IAAA,CAAK,uBAAA,EAAwB,EAAG;AACnC,MAAA,OAAA,CAAQ,KAAK,sEAAsE,CAAA;AACnF,MAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAAA,IACpC;AAAA,EACF;AAAA,EAEQ,uBAAA,GAAmC;AACzC,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,OAAA,GAAU,GAAA,GAAM,GAAA,CAAI,YAAA,GAAe,KAAA,CAAA;AACzC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,OAAA,GAAU,wBAAA;AAChB,MAAA,OAAA,CAAQ,OAAA,CAAQ,SAAS,MAAM,CAAA;AAC/B,MAAA,OAAA,CAAQ,WAAW,OAAO,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,QAAQ,GAAA,EAA4B;AAClC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AAAA,IAClC;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,KAAA,GAAQ,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAG,CAAA,IAAK,IAAA;AACjD,MAAA,OAAO,KAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8CAA8C,KAAK,CAAA;AACjE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAChC,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,IACvC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAE/D,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAClC,QAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,WAAW,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,WAAW,GAAG,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,+CAA+C,KAAK,CAAA;AAAA,IACpE;AAAA,EACF;AACF;AAWA,eAAsB,UAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,OAAO,MAAA,YAAkB,OAAA,GAAU,MAAM,MAAA,GAAS,MAAA;AACpD;AAKA,eAAsB,UAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AACzC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;AAKA,eAAsB,aAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA;AACrC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;ACjLO,SAAS,YAAA,GAAmC;AAOjD,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,OAAS,WAAmB,MAAA,CAAe,oBAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,iBAAA,CAAkB,KAAa,SAAA,EAA4B;AACzE,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,aAAa,YAAA,EAAa;AACtC,IAAA,IAAI,GAAA,EAAK;AACP,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,QAAA,CAAS,GAAG,IAAI,GAAA,GAAM,GAAA;AAC5C,MAAA,OAAO,GAAG,GAAG,CAAA,EAAG,SAAS,CAAA,UAAA,EAAa,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA;AAAA,IAC/D;AAAA,EACF,SAAS,KAAA,EAAO;AAAA,EAEhB;AACA,EAAA,OAAO,GAAA;AACT;;;ACtCA,IAAM,iBAAA,GAAoB,2BAAA;AAC1B,IAAM,WAAA,GAAc,gCAAA;AAQpB,IAAI,cAAA;AAMG,SAAS,mBAAmB,MAAA,EAGhC;AACD,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,cAAA,GAAiB,MAAM,MAAA,CAAO,MAAA;AAAA,EAChC;AAGF;AAGA,IAAM,aAAA,GAA6D,mCAAA;AAEnE,SAAS,SAAA,GAAoB;AAI3B,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA,EAAe;AAAA,EACxB;AAGA,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,MAAM,QAAA,GAAa,WAAmB,MAAA,CAAe,kBAAA;AACrD,IAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,MAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IAClB;AAAA,EACF;AAGA,EAAmB;AACjB,IAAA,OAAO,aAAA;AAAA,EACT;AAIF;AAmDO,IAAM,kBAAN,MAAsB;AAAA,EACnB,MAAA,GAA2B,IAAA;AAAA,EAC3B,OAAA;AAAA,EACA,cAAA,GAA0C,IAAA;AAAA;AAAA,EAElD,YAAY,OAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,IAAW,IAAI,mBAAA,EAAoB;AAClD,IAAA,OAAA,CAAQ,IAAI,uCAAuC,CAAA;AACnD,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,EAC7B;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAQ,iBAAiB,CAAA;AAC3D,MAAA,OAAA,CAAQ,GAAA,CAAI,oCAAA,EAAsC,CAAC,CAAC,MAAM,CAAA;AAE1D,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAC/B,QAAA,OAAA,CAAQ,IAAI,sBAAA,EAAwB;AAAA,UAClC,cAAA,EAAgB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,WAAA;AAAA,UAC/B,eAAA,EAAiB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,YAAA;AAAA,UAChC,MAAA,EAAQ,KAAK,MAAA,EAAQ,MAAA;AAAA,UACrB,SAAA,EAAW,KAAK,MAAA,EAAQ,SAAA;AAAA,UACxB,WAAA,EAAa,KAAK,GAAA,EAAI;AAAA,UACtB,YAAA,EAAc,IAAA,CAAK,MAAA,EAAQ,SAAA,GAAA,CAAa,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,IAAK,GAAA,GAAO;AAAA,SACtF,CAAA;AAED,QAAA,IAAI,IAAA,CAAK,MAAA,IAAU,IAAA,CAAK,cAAA,EAAe,EAAG;AACxC,UAAA,OAAA,CAAQ,IAAI,+BAA+B,CAAA;AAG3C,UAAA,IAAI,IAAA,CAAK,OAAO,YAAA,EAAc;AAC5B,YAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAAA,UAE/E,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,YAAA,MAAM,KAAK,WAAA,EAAY;AAAA,UACzB;AAAA,QACF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,QAC3D;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAAA,MAChD;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,MAAA,MAAM,KAAK,WAAA,EAAY;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,mBAAA,GAAqC;AACjD,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,MAAA,EAAQ;AACf,QAAA,MAAM,WAAA,GAAc,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAC9C,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,WAAW,CAAA;AACzD,QAAA,MAAM,KAAK,OAAA,CAAQ,OAAA,CAAQ,WAAA,EAAa,IAAA,CAAK,OAAO,MAAM,CAAA;AAAA,MAC5D;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAAA,IAChE;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,QAAA,EAAwC;AACtD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,SAAA,GAAY,GAAA;AACpD,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,cAAc,QAAA,CAAS,YAAA;AAAA,MACvB,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,SAAA;AAAA,MACA,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,WAAA,EAAa,SAAS,WAAA,IAAe,IAAA;AAAA,MACrC,SAAA,EAAW,QAAA,CAAS,SAAA,IAAa;AAAC,KACpC;AAEA,IAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,EACjC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AAEzB,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,IAAA;AAAA,EACtC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,YAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAAA,EACpC;AAAA,EAEA,SAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,MAAM,qBAAqB,WAAA,EAAqC;AAC9D,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAM,kBAAkB,WAAA,EAA2C;AACjE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,cAAA,GAA0B;AACxB,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAS,EAAA,GAAK,GAAA;AACpB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,SAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAO,SAAA,GAAY,MAAA;AAErC,IAAA,OAAO,SAAA;AAAA,EACT;AAAA,EAEA,eAAA,GAA2B;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,cAAA,EAAe,EAAG;AAC1B,MAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,IACvB;AAGA,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,YAAA;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,iBAAiB,CAAA;AAC/C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,kBAAA,GAAuC;AAE3C,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,IAAI,sEAAsE,CAAA;AAClF,MAAA,OAAO,IAAA,CAAK,cAAA;AAAA,IACd;AAEA,IAAA,MAAM,YAAA,GAAe,KAAK,eAAA,EAAgB;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAA,CAAQ,KAAK,8CAA8C,CAAA;AAC3D,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,OAAA,CAAQ,IAAI,+CAA+C,CAAA;AAG3D,IAAA,IAAA,CAAK,kBAAkB,YAAY;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,mBAAmB,CAAA,EAAG;AAAA,UACjF,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,UAC9C,WAAA,EAAa,SAAA;AAAA,UACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,cAAc;AAAA,SACtC,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,OAAA,CAAQ,GAAA,CAAI,yCAAA,EAA2C,QAAA,CAAS,MAAM,CAAA;AAEtE,UAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,YAAA,IAAI;AACF,cAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,cAAA,OAAA,CAAQ,GAAA,CAAI,oCAAoC,SAAS,CAAA;AAGzD,cAAA,QAAQ,UAAU,UAAA;AAAY,gBAC5B,KAAK,mBAAA;AACH,kBAAA,OAAA,CAAQ,IAAI,wDAAwD,CAAA;AACpE,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA,gBAET,KAAK,eAAA;AAAA,gBACL;AACE,kBAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA;AACX,YACF,SAAS,UAAA,EAAY;AACnB,cAAA,OAAA,CAAQ,IAAA,CAAK,qDAAqD,UAAU,CAAA;AAC5E,cAAA,MAAM,KAAK,WAAA,EAAY;AACvB,cAAA,OAAO,KAAA;AAAA,YACT;AAAA,UACF,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,6EAA6E,CAAA;AACzF,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,GAAkB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC5C,QAAA,OAAA,CAAQ,GAAA,CAAI,gDAAA,EAAkD,eAAA,CAAgB,SAAA,EAAW,SAAS,CAAA;AAElG,QAAA,IAAI,KAAK,MAAA,EAAQ;AAEf,UAAA,IAAA,CAAK,MAAA,CAAO,cAAc,eAAA,CAAgB,WAAA;AAC1C,UAAA,IAAA,CAAK,MAAA,CAAO,eAAe,eAAA,CAAgB,YAAA;AAC3C,UAAA,IAAA,CAAK,MAAA,CAAO,YAAY,eAAA,CAAgB,SAAA;AACxC,UAAA,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,gBAAgB,SAAA,GAAY,GAAA;AACjE,UAAA,MAAM,KAAK,mBAAA,EAAoB;AAC/B,UAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,OAAA,CAAQ,MAAM,oCAAoC,CAAA;AAClD,QAAA,OAAO,KAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AAEzD,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,SAAE;AAEA,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AACtB,QAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAAA,MAChE;AAAA,IACF,CAAA,GAAG;AAEH,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,aAAA,GAA+B;AAC7B,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAClC,IAAA,OAAO,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,EACrC;AACF;AAGO,IAAM,eAAA,GAAkB,IAAI,eAAA;AAK5B,SAAS,sBAAsB,OAAA,EAAwC;AAC5E,EAAA,OAAO,IAAI,gBAAgB,OAAO,CAAA;AACpC;AAIA,eAAsB,MAAA,CAAO,UAA2B,eAAA,EAAgC;AACtF,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAM,iBAAA,CAAkB,CAAA,EAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,QAC/D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAA;AAAA,UACf,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,uBAAuB,KAAK,CAAA;AAAA,EAC5C,CAAA,SAAE;AACA,IAAA,MAAM,QAAQ,WAAA,EAAY;AAAA,EAC5B;AACF;AAEA,eAAsB,WAAA,CAAY,UAA2B,eAAA,EAAiD;AAC5G,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAA,CAAQ,IAAI,iDAAiD,CAAA;AAC7D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,MAChF,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,EAAE,aAAA,EAAe,UAAA,EAAW;AAAA,MACrC,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,OAAA,CAAQ,GAAA,CAAI,kCAAA,EAAoC,QAAA,CAAS,MAAM,CAAA;AAE/D,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,UAAA,OAAA,CAAQ,GAAA,CAAI,4BAA4B,SAAS,CAAA;AAGjD,UAAA,QAAQ,UAAU,UAAA;AAAY,YAC5B,KAAK,eAAA;AACH,cAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,cAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,cAAA,IAAI,cAAA,EAAgB;AAClB,gBAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AACvE,gBAAA,OAAO,MAAM,YAAY,OAAO,CAAA;AAAA,cAClC,CAAA,MAAO;AACL,gBAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AACzD,gBAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,gBAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,cACxB;AAAA,YAEF,KAAK,mBAAA;AACH,cAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,YAExB,KAAK,eAAA;AAAA,YACL;AACE,cAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAClD,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA;AAC1B,QACF,SAAS,UAAA,EAAY;AACnB,UAAA,OAAA,CAAQ,IAAA,CAAK,6CAA6C,UAAU,CAAA;AACpE,UAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,UAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,yDAAyD,CAAA;AACrE,QAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,MACxB;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,IAAA,OAAA,CAAQ,GAAA,CAAI,wCAAwC,cAAc,CAAA;AAElE,IAAA,IAAI,eAAe,KAAA,EAAO;AACxB,MAAA,IAAI,OAAO,cAAA,CAAe,WAAA,KAAgB,SAAA,EAAW;AACnD,QAAA,MAAM,OAAA,CAAQ,oBAAA,CAAqB,cAAA,CAAe,WAAW,CAAA;AAAA,MAC/D;AAEA,MAAA,IAAI,OAAA,CAAQ,WAAU,EAAG;AACvB,QAAA,IAAI,cAAA,CAAe,gBAAgB,KAAA,CAAA,EAAW;AAC5C,UAAA,MAAM,OAAA,CAAQ,iBAAA,CAAkB,cAAA,CAAe,WAAW,CAAA;AAAA,QAC5D;AAAA,MAEF;AAAA,IACF;AAEA,IAAA,OAAO,cAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAC9D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AACF;AAEA,eAAsB,gBAAA,CAAiB,UAA2B,eAAA,EAAmC;AAEnG,EAAA,IAAI,QAAQ,eAAA,EAAgB,IAAK,CAAC,OAAA,CAAQ,gBAAe,EAAG;AAC1D,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,8DAA8D,CAAA;AAG1E,EAAA,MAAM,YAAA,GAAe,QAAQ,eAAA,EAAgB;AAC7C,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,IAAI,mEAAmE,CAAA;AAC/E,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,OAAA,CAAQ,GAAA,CAAI,iCAAiC,cAAc,CAAA;AAC3D,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAC7E,EAAA,OAAO,KAAA;AACT;AAqBA,eAAsB,cAAA,CAAe,UAA2B,eAAA,EAA4C;AAC1G,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAQ,SAAA,EAAU;AAC3B;AAEA,eAAsB,mBACpB,GAAA,EACA,OAAA,GAAuB,EAAC,EACxB,UAA2B,eAAA,EACR;AACnB,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,gBAAA,GAAmB,kBAAkB,GAAG,CAAA;AAC9C,EAAA,MAAM,cAAA,GAA8B;AAAA,IAClC,GAAG,OAAA;AAAA,IACH,OAAA,EAAS;AAAA,MACP,GAAG,OAAA,CAAQ,OAAA;AAAA,MACX,aAAA,EAAe,UAAA;AAAA,MACf,cAAA,EAAgB;AAAA;AAClB,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,gBAAA,EAAkB,cAAc,CAAA;AAG7D,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,EAAc;AAC5C,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,cAAA,CAAe,OAAA,GAAU;AAAA,UACvB,GAAG,cAAA,CAAe,OAAA;AAAA,UAClB,aAAA,EAAe;AAAA,SACjB;AACA,QAAA,OAAO,KAAA,CAAM,kBAAkB,cAAc,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAIA,eAAsB,eAAA,CAAgB,QAAgB,OAAA,EAA+D;AACnH,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,iBAAiB,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,QAAQ;AAAA,GAChC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,cAAc,CAAA;AAClE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,cAAA,CAAe,KAAA,EAAe,IAAA,EAAc,OAAA,EAA+D;AAC/H,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,6BAA6B,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,MAAM;AAAA,GACrC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,2BAA2B,CAAA;AAC/E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,iBAAA,CAAkB,cAQrC,OAAA,EAA+D;AAChE,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,0BAA0B,CAAA,EAAG;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,YAAY;AAAA,GAClC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,uBAAuB,CAAA;AAC3E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,kBAAA,CAAmB,UAA2B,eAAA,EAAmC;AACrG,EAAA,IAAI;AACF,IAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,OAAO,CAAA;AAC9C,IAAA,IAAI,YAAA,EAAc,KAAA,IAAS,OAAO,YAAA,CAAa,gBAAgB,SAAA,EAAW;AACxE,MAAA,OAAO,YAAA,CAAa,WAAA;AAAA,IACtB;AACA,IAAA,OAAO,KAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Base64URL encoding/decoding utilities\n * Used for WebAuthn and JWT operations\n */\n\n/**\n * Convert ArrayBuffer to Base64URL string\n * @param buffer - ArrayBuffer to convert\n * @returns Base64URL encoded string\n */\nexport function arrayBufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '');\n}\n\n/**\n * Convert Base64URL string to Uint8Array\n * @param base64url - Base64URL string to convert\n * @returns Uint8Array\n */\nexport function base64urlToUint8Array(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');\n const pad = base64.length % 4 ? 4 - (base64.length % 4) : 0;\n const padded = base64 + '='.repeat(pad);\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n/**\n * Convert ArrayBuffer to standard Base64 string (not URL-safe)\n * @param buffer - ArrayBuffer to convert\n * @returns Base64 encoded string\n */\nexport function arrayBufferToBase64(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n}\n","/**\n * Storage abstraction layer for tokens and keyshares\n * Allows the core package to work in both browser and Node.js environments\n */\n\n/**\n * Storage interface for storing key-value pairs\n * Can be implemented for different storage backends (localStorage, Redis, memory, etc.)\n */\nexport interface TokenStorage {\n /**\n * Get item from storage\n * @param key - Storage key\n * @returns Value or null if not found\n */\n getItem(key: string): Promise<string | null> | string | null;\n\n /**\n * Set item in storage\n * @param key - Storage key\n * @param value - Value to store\n */\n setItem(key: string, value: string): Promise<void> | void;\n\n /**\n * Remove item from storage\n * @param key - Storage key\n */\n removeItem(key: string): Promise<void> | void;\n}\n\n/**\n * In-memory storage adapter\n * Useful for server-side usage where persistence is not required\n */\nexport class MemoryStorage implements TokenStorage {\n private storage = new Map<string, string>();\n\n getItem(key: string): string | null {\n return this.storage.get(key) || null;\n }\n\n setItem(key: string, value: string): void {\n this.storage.set(key, value);\n }\n\n removeItem(key: string): void {\n this.storage.delete(key);\n }\n\n /**\n * Clear all items from memory storage\n */\n clear(): void {\n this.storage.clear();\n }\n\n /**\n * Get all keys in storage\n */\n keys(): string[] {\n return Array.from(this.storage.keys());\n }\n\n /**\n * Get number of items in storage\n */\n get size(): number {\n return this.storage.size;\n }\n}\n\n/**\n * LocalStorage adapter for browser environments\n * Falls back to memory storage if localStorage is not available\n */\nexport class LocalStorageAdapter implements TokenStorage {\n private fallback: MemoryStorage | null = null;\n\n constructor() {\n // Check if localStorage is available\n if (!this.isLocalStorageAvailable()) {\n console.warn('[Storage] localStorage not available, falling back to memory storage');\n this.fallback = new MemoryStorage();\n }\n }\n\n private isLocalStorageAvailable(): boolean {\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const storage = win ? win.localStorage : undefined;\n if (!storage) {\n return false;\n }\n // Test if we can actually use localStorage (some browsers block it in private mode)\n const testKey = '__lumia_storage_test__';\n storage.setItem(testKey, 'test');\n storage.removeItem(testKey);\n return true;\n } catch {\n return false;\n }\n }\n\n getItem(key: string): string | null {\n if (this.fallback) {\n return this.fallback.getItem(key);\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const value = win?.localStorage?.getItem(key) || null;\n return value;\n } catch (error) {\n console.error('[Storage] Error reading from localStorage:', error);\n return null;\n }\n }\n\n setItem(key: string, value: string): void {\n if (this.fallback) {\n this.fallback.setItem(key, value);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.setItem(key, value);\n } catch (error) {\n console.error('[Storage] Error writing to localStorage:', error);\n // Initialize fallback if localStorage fails\n if (!this.fallback) {\n this.fallback = new MemoryStorage();\n this.fallback.setItem(key, value);\n }\n }\n }\n\n removeItem(key: string): void {\n if (this.fallback) {\n this.fallback.removeItem(key);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.removeItem(key);\n } catch (error) {\n console.error('[Storage] Error removing from localStorage:', error);\n }\n }\n}\n\n/**\n * Keyshare storage interface (same as TokenStorage but with a different name for clarity)\n */\nexport interface KeyshareStorage extends TokenStorage {}\n\n/**\n * Helper to normalize storage operations to always be async\n * This allows mixing sync and async storage implementations\n */\nexport async function storageGet(\n storage: TokenStorage,\n key: string\n): Promise<string | null> {\n const result = storage.getItem(key);\n return result instanceof Promise ? await result : result;\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageSet(\n storage: TokenStorage,\n key: string,\n value: string\n): Promise<void> {\n const result = storage.setItem(key, value);\n if (result instanceof Promise) {\n await result;\n }\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageRemove(\n storage: TokenStorage,\n key: string\n): Promise<void> {\n const result = storage.removeItem(key);\n if (result instanceof Promise) {\n await result;\n }\n}\n","/**\n * Project ID management for Lumia Passport Core\n * Adapted to work in both browser and Node.js environments\n */\n\nlet globalProjectId: string | undefined;\n\n/**\n * Set the global project ID\n * @param projectId - The project ID to set\n */\nexport function setProjectId(projectId: string): void {\n globalProjectId = projectId;\n}\n\n/**\n * Get the current project ID\n * Priority: 1. Explicitly set via setProjectId(), 2. window.__LUMIA_PROJECT_ID__ (browser only)\n */\nexport function getProjectId(): string | undefined {\n // First check explicitly set projectId\n if (globalProjectId) {\n return globalProjectId;\n }\n\n // Fallback to window global (browser only)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n return ((globalThis as any).window as any).__LUMIA_PROJECT_ID__;\n }\n\n return undefined;\n}\n\n/**\n * Add projectId to URL query parameters\n * @param url - The URL to add projectId to\n * @param projectId - Optional explicit projectId (uses getProjectId() if not provided)\n */\nexport function addProjectIdToUrl(url: string, projectId?: string): string {\n try {\n const pid = projectId || getProjectId();\n if (pid) {\n const separator = url.includes('?') ? '&' : '?';\n return `${url}${separator}projectId=${encodeURIComponent(pid)}`;\n }\n } catch (error) {\n // Silently fail and return original URL\n }\n return url;\n}\n\n/**\n * Clear the globally set project ID\n */\nexport function clearProjectId(): void {\n globalProjectId = undefined;\n}\n","/**\n * JWT Token Management\n * Adapted from lumia-passport-ui-kit/src/internal/auth/jwt.ts\n * Browser-specific features (passkey auth) remain in UI kit\n */\n\nimport type { TokenStorage } from './storage';\nimport { LocalStorageAdapter } from './storage';\nimport { addProjectIdToUrl } from '../utils/project-id';\n\n// Token storage keys\nconst TOKEN_STORAGE_KEY = 'lumia-passport-jwt-tokens';\nconst USER_ID_KEY = 'lumia-passport-current-user-id';\n\n// Build-time injected URLs (tsup.define)\ndeclare const __LUMIA_TSS_URL__: string;\ndeclare const __LUMIA_BUNDLER_URL__: string;\ndeclare const __LUMIA_SHARE_VAULT_URL__: string;\n\n// Service URL provider - will be set by config\nlet tssUrlProvider: (() => string) | undefined;\n\n/**\n * Configure JWT module with service URLs\n * Call this from createLumiaPassportCore (backend usage)\n */\nexport function configureJwtModule(config: {\n tssUrl?: string;\n projectId?: string;\n}) {\n if (config.tssUrl) {\n tssUrlProvider = () => config.tssUrl!;\n }\n // Note: projectId is now handled via addProjectIdToUrl from utils/project-id\n // which reads from window.__LUMIA_PROJECT_ID__ or can be set via setProjectId()\n}\n\n// Build-time default from .env (will be replaced by tsup define)\nconst BUILD_TSS_URL = (typeof __LUMIA_TSS_URL__ !== 'undefined' && __LUMIA_TSS_URL__) || '';\n\nfunction getTssUrl(): string {\n // Priority: runtime config > window.__LUMIA_SERVICES__ > build-time default > hardcoded fallback\n\n // 1. Runtime config (backend usage via configureJwtModule)\n if (tssUrlProvider) {\n return tssUrlProvider();\n }\n\n // 2. Browser runtime config from LumiaPassportProvider (window.__LUMIA_SERVICES__)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n const services = ((globalThis as any).window as any).__LUMIA_SERVICES__;\n if (services?.tssUrl) {\n return services.tssUrl;\n }\n }\n\n // 3. Build-time injected default (from .env during pnpm build)\n if (BUILD_TSS_URL) {\n return BUILD_TSS_URL;\n }\n\n // 4. Hardcoded fallback\n return 'http://localhost:9256';\n}\n\n// addProjectIdToUrl is imported from '../utils/project-id'\n// It automatically reads from window.__LUMIA_PROJECT_ID__ or global setProjectId()\n\n// Types\nexport interface JwtTokens {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n expiresAt: number;\n hasKeyshare?: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface LoginResponse {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n hasKeyshare: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface RefreshResponse {\n accessToken: string;\n refreshToken: string;\n expiresIn: number;\n}\n\nexport interface VerifyResponse {\n valid: boolean;\n userId?: string;\n sessionId?: string;\n exp?: number;\n hasKeyshare?: boolean;\n displayName?: string | null;\n avatar?: string | null;\n}\n\n/**\n * JWT Token Manager\n * Handles token storage, refresh, and validation\n */\nexport class JwtTokenManager {\n private tokens: JwtTokens | null = null;\n private storage: TokenStorage;\n private refreshPromise: Promise<boolean> | null = null; // Mutex for refresh operations\n\n constructor(storage?: TokenStorage) {\n this.storage = storage || new LocalStorageAdapter();\n console.log('[JWT] JwtTokenManager initializing...');\n this.loadTokensFromStorage();\n }\n\n private async loadTokensFromStorage(): Promise<void> {\n try {\n const stored = await this.storage.getItem(TOKEN_STORAGE_KEY);\n console.log('[JWT] Loading tokens from storage:', !!stored);\n\n if (stored) {\n this.tokens = JSON.parse(stored);\n console.log('[JWT] Parsed tokens:', {\n hasAccessToken: !!this.tokens?.accessToken,\n hasRefreshToken: !!this.tokens?.refreshToken,\n userId: this.tokens?.userId,\n expiresAt: this.tokens?.expiresAt,\n currentTime: Date.now(),\n timeToExpiry: this.tokens?.expiresAt ? (this.tokens.expiresAt - Date.now()) / 1000 : 'N/A'\n });\n\n if (this.tokens && this.isTokenExpired()) {\n console.log('[JWT] Access token is expired');\n\n // Check if we have a refresh token to attempt renewal\n if (this.tokens.refreshToken) {\n console.log('[JWT] Refresh token available, will attempt renewal when needed');\n // Keep tokens - they will be refreshed on the first API call via ensureValidToken()\n } else {\n console.log('[JWT] No refresh token available, clearing tokens');\n await this.clearTokens();\n }\n } else {\n console.log('[JWT] Access token is valid, keeping tokens');\n }\n } else {\n console.log('[JWT] No tokens found in storage');\n }\n } catch (error) {\n console.error('[JWT] Error loading tokens from storage:', error);\n await this.clearTokens();\n }\n }\n\n private async saveTokensToStorage(): Promise<void> {\n try {\n if (this.tokens) {\n const tokenString = JSON.stringify(this.tokens);\n await this.storage.setItem(TOKEN_STORAGE_KEY, tokenString);\n await this.storage.setItem(USER_ID_KEY, this.tokens.userId);\n }\n } catch (error) {\n console.error('[JWT] Failed to save tokens to storage:', error);\n }\n }\n\n async setTokens(response: LoginResponse): Promise<void> {\n const expiresAt = Date.now() + response.expiresIn * 1000;\n this.tokens = {\n accessToken: response.accessToken,\n refreshToken: response.refreshToken,\n userId: response.userId,\n expiresIn: response.expiresIn,\n expiresAt,\n hasKeyshare: response.hasKeyshare,\n isNewUser: response.isNewUser,\n avatar: response.avatar ?? null,\n displayName: response.displayName ?? null,\n providers: response.providers ?? []\n };\n\n await this.saveTokensToStorage();\n }\n\n getAccessToken(): string | null {\n if (!this.tokens) return null;\n // Return access token even if expired - ensureValidToken() will handle refresh\n return this.tokens.accessToken;\n }\n\n getRefreshToken(): string | null {\n return this.tokens?.refreshToken || null;\n }\n\n getUserId(): string | null {\n return this.tokens?.userId || null;\n }\n\n getHasKeyshare(): boolean | null {\n return this.tokens?.hasKeyshare ?? null;\n }\n\n getAvatar(): string | null {\n return this.tokens?.avatar || null;\n }\n\n getDisplayName(): string | null {\n return this.tokens?.displayName || null;\n }\n\n getProviders(): string[] {\n return this.tokens?.providers ?? [];\n }\n\n getTokens(): JwtTokens | null {\n return this.tokens;\n }\n\n async updateKeyshareStatus(hasKeyshare: boolean): Promise<void> {\n if (this.tokens) {\n this.tokens.hasKeyshare = hasKeyshare;\n await this.saveTokensToStorage();\n }\n }\n\n async updateDisplayName(displayName: string | null): Promise<void> {\n if (this.tokens) {\n this.tokens.displayName = displayName;\n await this.saveTokensToStorage();\n }\n }\n\n isTokenExpired(): boolean {\n if (!this.tokens) {\n return true;\n }\n\n const buffer = 30 * 1000; // 30 seconds buffer\n const now = Date.now();\n const expiresAt = this.tokens.expiresAt;\n const isExpired = now > (expiresAt - buffer);\n\n return isExpired;\n }\n\n isAuthenticated(): boolean {\n // Consider authenticated if we have either valid access token OR refresh token\n if (!this.tokens) return false;\n\n if (!this.isTokenExpired()) {\n return !!this.tokens.accessToken;\n }\n\n // If access token is expired but we have refresh token, we're still authenticated\n return !!this.tokens.refreshToken;\n }\n\n async clearTokens(): Promise<void> {\n this.tokens = null;\n await this.storage.removeItem(TOKEN_STORAGE_KEY);\n await this.storage.removeItem(USER_ID_KEY);\n }\n\n async refreshAccessToken(): Promise<boolean> {\n // If refresh is already in progress, wait for it to complete\n if (this.refreshPromise) {\n console.log('[JWT] Refresh already in progress, waiting for existing operation...');\n return this.refreshPromise;\n }\n\n const refreshToken = this.getRefreshToken();\n if (!refreshToken) {\n console.warn('[JWT] No refresh token available for refresh');\n return false;\n }\n\n console.log('[JWT] Starting new token refresh operation...');\n\n // Create and store the refresh promise (mutex pattern)\n this.refreshPromise = (async () => {\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ refreshToken })\n });\n\n if (!response.ok) {\n console.log('[JWT] Token refresh failed with status:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] Refresh 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Refresh token session not found, clearing tokens');\n await this.clearTokens();\n return false;\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid refresh token, clearing tokens');\n await this.clearTokens();\n return false;\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse refresh 401 error response:', parseError);\n await this.clearTokens();\n return false;\n }\n } else {\n console.log('[JWT] Non-401 error during refresh, keeping tokens (might be network error)');\n return false;\n }\n }\n\n const refreshResponse = await response.json() as RefreshResponse;\n console.log('[JWT] Token refresh successful, new expiry in:', refreshResponse.expiresIn, 'seconds');\n\n if (this.tokens) {\n // Update both access and refresh tokens (token rotation)\n this.tokens.accessToken = refreshResponse.accessToken;\n this.tokens.refreshToken = refreshResponse.refreshToken;\n this.tokens.expiresIn = refreshResponse.expiresIn;\n this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1000;\n await this.saveTokensToStorage();\n console.log('[JWT] Refreshed tokens saved to storage');\n return true;\n }\n\n console.error('[JWT] No existing tokens to update');\n return false;\n } catch (error) {\n console.error('[JWT] Token refresh network error:', error);\n // Don't clear tokens on network errors - might be temporary\n return false;\n } finally {\n // Clear the mutex when operation completes (success or failure)\n this.refreshPromise = null;\n console.log('[JWT] Refresh operation completed, mutex cleared');\n }\n })();\n\n return this.refreshPromise;\n }\n\n getAuthHeader(): string | null {\n const token = this.getAccessToken();\n return token ? `Bearer ${token}` : null;\n }\n}\n\n// Default instance with LocalStorage\nexport const jwtTokenManager = new JwtTokenManager();\n\n/**\n * Create a custom JWT token manager with specific storage\n */\nexport function createJwtTokenManager(storage: TokenStorage): JwtTokenManager {\n return new JwtTokenManager(storage);\n}\n\n// Authentication functions\n\nexport async function logout(manager: JwtTokenManager = jwtTokenManager): Promise<void> {\n try {\n const authHeader = manager.getAuthHeader();\n if (authHeader) {\n await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/logout`), {\n method: 'POST',\n headers: {\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n },\n credentials: 'include'\n });\n }\n } catch (error) {\n console.error('[JWT] Logout error:', error);\n } finally {\n await manager.clearTokens();\n }\n}\n\nexport async function verifyToken(manager: JwtTokenManager = jwtTokenManager): Promise<VerifyResponse | null> {\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n console.log('[JWT] No auth header available for verification');\n return { valid: false };\n }\n\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {\n method: 'GET',\n headers: { Authorization: authHeader },\n credentials: 'include'\n });\n\n if (!response.ok) {\n console.log('[JWT] Token verification failed:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'TOKEN_EXPIRED':\n console.log('[JWT] Access token expired, attempting refresh...');\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n console.log('[JWT] Token refreshed successfully, retrying verification');\n return await verifyToken(manager);\n } else {\n console.log('[JWT] Token refresh failed, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Session not found or revoked, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid token, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse 401 error response:', parseError);\n await manager.clearTokens();\n return { valid: false };\n }\n } else {\n console.log('[JWT] Non-401 error during verification, keeping tokens');\n return { valid: false };\n }\n }\n\n const verifyResponse = await response.json() as VerifyResponse;\n console.log('[JWT] Token verification successful:', verifyResponse);\n\n if (verifyResponse.valid) {\n if (typeof verifyResponse.hasKeyshare === 'boolean') {\n await manager.updateKeyshareStatus(verifyResponse.hasKeyshare);\n }\n // Update displayName and avatar if present\n if (manager.getTokens()) {\n if (verifyResponse.displayName !== undefined) {\n await manager.updateDisplayName(verifyResponse.displayName);\n }\n // Avatar update would need similar method\n }\n }\n\n return verifyResponse;\n } catch (error) {\n console.error('[JWT] Token verification network error:', error);\n return { valid: false };\n }\n}\n\nexport async function ensureValidToken(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n // Check if current access token is valid (not expired)\n if (manager.isAuthenticated() && !manager.isTokenExpired()) {\n return true;\n }\n\n console.log('[JWT] Access token expired or missing, attempting refresh...');\n\n // Try to refresh using refresh token\n const refreshToken = manager.getRefreshToken();\n if (refreshToken) {\n console.log('[JWT] Refresh token available, attempting to refresh access token');\n const refreshSuccess = await manager.refreshAccessToken();\n console.log('[JWT] Refresh attempt result:', refreshSuccess);\n return refreshSuccess;\n }\n\n console.log('[JWT] No refresh token available, user needs to re-authenticate');\n return false;\n}\n\n/**\n * Get current tokens, automatically refreshing them if expired\n * Recommended for integrators who need fresh tokens for backend validation via JWK\n *\n * @returns Current tokens if valid or successfully refreshed, null if refresh failed\n * @example\n * ```ts\n * // Get fresh tokens for backend validation\n * const tokens = await getValidTokens();\n * if (tokens) {\n * // Send accessToken to your backend for JWK signature verification\n * console.log('Access Token:', tokens.accessToken);\n * console.log('User ID:', tokens.userId);\n * } else {\n * // Token refresh failed, user needs to re-authenticate\n * console.log('Please login again');\n * }\n * ```\n */\nexport async function getValidTokens(manager: JwtTokenManager = jwtTokenManager): Promise<JwtTokens | null> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n return null;\n }\n return manager.getTokens();\n}\n\nexport async function authenticatedFetch(\n url: string,\n options: RequestInit = {},\n manager: JwtTokenManager = jwtTokenManager\n): Promise<Response> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n throw new Error('No valid authentication token available');\n }\n\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n throw new Error('Failed to get authentication header');\n }\n\n const urlWithProjectId = addProjectIdToUrl(url);\n const requestOptions: RequestInit = {\n ...options,\n headers: {\n ...options.headers,\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n }\n };\n\n const response = await fetch(urlWithProjectId, requestOptions);\n\n // Handle 401 by attempting token refresh\n if (response.status === 401) {\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n const newAuthHeader = manager.getAuthHeader();\n if (newAuthHeader) {\n requestOptions.headers = {\n ...requestOptions.headers,\n Authorization: newAuthHeader\n };\n return fetch(urlWithProjectId, requestOptions);\n }\n }\n }\n\n return response;\n}\n\n// Login functions (non-passkey)\n\nexport async function loginWithUserId(userId: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ userId })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Login failed');\n throw new Error(`Login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithEmail(email: string, code: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ email, code })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Email verification failed');\n throw new Error(`Email verification failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithTelegram(telegramData: {\n id: number;\n first_name: string;\n last_name?: string;\n username?: string;\n photo_url?: string;\n auth_date: number;\n hash: string;\n}, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify(telegramData)\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Telegram login failed');\n throw new Error(`Telegram login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function syncKeyshareStatus(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n try {\n const verification = await verifyToken(manager);\n if (verification?.valid && typeof verification.hasKeyshare === 'boolean') {\n return verification.hasKeyshare;\n }\n return false;\n } catch {\n return false;\n }\n}\n"]}
1
+ {"version":3,"sources":["../../src/auth/base64url.ts","../../src/auth/storage.ts","../../src/utils/project-id.ts","../../src/auth/jwt.ts"],"names":[],"mappings":";;;AAUO,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChF;AAOO,SAAS,sBAAsB,SAAA,EAA+B;AACnE,EAAA,MAAM,MAAA,GAAS,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC7D,EAAA,MAAM,MAAM,MAAA,CAAO,MAAA,GAAS,IAAI,CAAA,GAAK,MAAA,CAAO,SAAS,CAAA,GAAK,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA;AACtC,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,oBAAoB,MAAA,EAA6B;AAC/D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;;;ACbO,IAAM,gBAAN,MAA4C;AAAA,EACzC,OAAA,uBAAc,GAAA,EAAoB;AAAA,EAE1C,QAAQ,GAAA,EAA4B;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAClC;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC7B;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,OAAA,CAAQ,IAAA;AAAA,EACtB;AACF;AAMO,IAAM,sBAAN,MAAkD;AAAA,EAC/C,QAAA,GAAiC,IAAA;AAAA,EAEzC,WAAA,GAAc;AAEZ,IAAA,IAAI,CAAC,IAAA,CAAK,uBAAA,EAAwB,EAAG;AACnC,MAAA,OAAA,CAAQ,KAAK,sEAAsE,CAAA;AACnF,MAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAAA,IACpC;AAAA,EACF;AAAA,EAEQ,uBAAA,GAAmC;AACzC,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,OAAA,GAAU,GAAA,GAAM,GAAA,CAAI,YAAA,GAAe,KAAA,CAAA;AACzC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,OAAA,GAAU,wBAAA;AAChB,MAAA,OAAA,CAAQ,OAAA,CAAQ,SAAS,MAAM,CAAA;AAC/B,MAAA,OAAA,CAAQ,WAAW,OAAO,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,QAAQ,GAAA,EAA4B;AAClC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AAAA,IAClC;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,KAAA,GAAQ,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAG,CAAA,IAAK,IAAA;AACjD,MAAA,OAAO,KAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8CAA8C,KAAK,CAAA;AACjE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAChC,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,IACvC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAE/D,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAClC,QAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,WAAW,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,WAAW,GAAG,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,+CAA+C,KAAK,CAAA;AAAA,IACpE;AAAA,EACF;AACF;AAWA,eAAsB,UAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,OAAO,MAAA,YAAkB,OAAA,GAAU,MAAM,MAAA,GAAS,MAAA;AACpD;AAKA,eAAsB,UAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AACzC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;AAKA,eAAsB,aAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA;AACrC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;ACjLO,SAAS,YAAA,GAAmC;AAOjD,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,OAAS,WAAmB,MAAA,CAAe,oBAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,iBAAA,CAAkB,KAAa,SAAA,EAA4B;AACzE,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,aAAa,YAAA,EAAa;AACtC,IAAA,IAAI,GAAA,EAAK;AACP,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,QAAA,CAAS,GAAG,IAAI,GAAA,GAAM,GAAA;AAC5C,MAAA,OAAO,GAAG,GAAG,CAAA,EAAG,SAAS,CAAA,UAAA,EAAa,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA;AAAA,IAC/D;AAAA,EACF,SAAS,KAAA,EAAO;AAAA,EAEhB;AACA,EAAA,OAAO,GAAA;AACT;;;ACtCA,IAAM,iBAAA,GAAoB,2BAAA;AAC1B,IAAM,WAAA,GAAc,gCAAA;AAQpB,IAAI,cAAA;AAMG,SAAS,mBAAmB,MAAA,EAGhC;AACD,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,cAAA,GAAiB,MAAM,MAAA,CAAO,MAAA;AAAA,EAChC;AAGF;AAGA,IAAM,aAAA,GAA6D,mCAAA;AAEnE,SAAS,SAAA,GAAoB;AAI3B,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA,EAAe;AAAA,EACxB;AAGA,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,MAAM,QAAA,GAAa,WAAmB,MAAA,CAAe,kBAAA;AACrD,IAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,MAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IAClB;AAAA,EACF;AAGA,EAAmB;AACjB,IAAA,OAAO,aAAA;AAAA,EACT;AAIF;AAsDO,IAAM,kBAAN,MAAsB;AAAA,EACnB,MAAA,GAA2B,IAAA;AAAA,EAC3B,OAAA;AAAA,EACA,cAAA,GAA0C,IAAA;AAAA;AAAA,EAElD,YAAY,OAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,IAAW,IAAI,mBAAA,EAAoB;AAClD,IAAA,OAAA,CAAQ,IAAI,uCAAuC,CAAA;AACnD,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,EAC7B;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAQ,iBAAiB,CAAA;AAC3D,MAAA,OAAA,CAAQ,GAAA,CAAI,oCAAA,EAAsC,CAAC,CAAC,MAAM,CAAA;AAE1D,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAC/B,QAAA,OAAA,CAAQ,IAAI,sBAAA,EAAwB;AAAA,UAClC,cAAA,EAAgB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,WAAA;AAAA,UAC/B,eAAA,EAAiB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,YAAA;AAAA,UAChC,MAAA,EAAQ,KAAK,MAAA,EAAQ,MAAA;AAAA,UACrB,SAAA,EAAW,KAAK,MAAA,EAAQ,SAAA;AAAA,UACxB,WAAA,EAAa,KAAK,GAAA,EAAI;AAAA,UACtB,YAAA,EAAc,IAAA,CAAK,MAAA,EAAQ,SAAA,GAAA,CAAa,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,IAAK,GAAA,GAAO;AAAA,SACtF,CAAA;AAED,QAAA,IAAI,IAAA,CAAK,MAAA,IAAU,IAAA,CAAK,cAAA,EAAe,EAAG;AACxC,UAAA,OAAA,CAAQ,IAAI,+BAA+B,CAAA;AAG3C,UAAA,IAAI,IAAA,CAAK,OAAO,YAAA,EAAc;AAC5B,YAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAAA,UAE/E,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,YAAA,MAAM,KAAK,WAAA,EAAY;AAAA,UACzB;AAAA,QACF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,QAC3D;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAAA,MAChD;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,MAAA,MAAM,KAAK,WAAA,EAAY;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,mBAAA,GAAqC;AACjD,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,MAAA,EAAQ;AACf,QAAA,MAAM,WAAA,GAAc,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAC9C,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,WAAW,CAAA;AACzD,QAAA,MAAM,KAAK,OAAA,CAAQ,OAAA,CAAQ,WAAA,EAAa,IAAA,CAAK,OAAO,MAAM,CAAA;AAAA,MAC5D;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAAA,IAChE;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,QAAA,EAAwC;AACtD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,SAAA,GAAY,GAAA;AACpD,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,cAAc,QAAA,CAAS,YAAA;AAAA,MACvB,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,SAAA;AAAA,MACA,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,WAAA,EAAa,SAAS,WAAA,IAAe,IAAA;AAAA,MACrC,SAAA,EAAW,QAAA,CAAS,SAAA,IAAa;AAAC,KACpC;AAEA,IAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,EACjC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AAEzB,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,IAAA;AAAA,EACtC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,YAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAAA,EACpC;AAAA,EAEA,SAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,MAAM,qBAAqB,WAAA,EAAqC;AAC9D,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAM,kBAAkB,WAAA,EAA2C;AACjE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,cAAA,GAA0B;AACxB,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAS,EAAA,GAAK,GAAA;AACpB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,SAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAO,SAAA,GAAY,MAAA;AAErC,IAAA,OAAO,SAAA;AAAA,EACT;AAAA,EAEA,eAAA,GAA2B;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,cAAA,EAAe,EAAG;AAC1B,MAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,IACvB;AAGA,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,YAAA;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,iBAAiB,CAAA;AAC/C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,kBAAA,GAAuC;AAE3C,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,IAAI,sEAAsE,CAAA;AAClF,MAAA,OAAO,IAAA,CAAK,cAAA;AAAA,IACd;AAEA,IAAA,MAAM,YAAA,GAAe,KAAK,eAAA,EAAgB;AAG1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAA,CAAQ,IAAI,uEAAuE,CAAA;AAAA,IACrF,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,IAAI,yEAAyE,CAAA;AAAA,IACvF;AAGA,IAAA,IAAA,CAAK,kBAAkB,YAAY;AACjC,MAAA,IAAI;AAGF,QAAA,MAAM,WAAA,GAAc,YAAA,GAChB,IAAA,CAAK,SAAA,CAAU,EAAE,YAAA,EAAc,CAAA,GAC/B,IAAA,CAAK,SAAA,CAAU,EAAE,CAAA;AAErB,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,mBAAmB,CAAA,EAAG;AAAA,UACjF,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,UAC9C,WAAA,EAAa,SAAA;AAAA,UACb,IAAA,EAAM;AAAA,SACP,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,OAAA,CAAQ,GAAA,CAAI,yCAAA,EAA2C,QAAA,CAAS,MAAM,CAAA;AAEtE,UAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,YAAA,IAAI;AACF,cAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,cAAA,OAAA,CAAQ,GAAA,CAAI,oCAAoC,SAAS,CAAA;AAGzD,cAAA,QAAQ,UAAU,UAAA;AAAY,gBAC5B,KAAK,mBAAA;AACH,kBAAA,OAAA,CAAQ,IAAI,wDAAwD,CAAA;AACpE,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA,gBAET,KAAK,eAAA;AAAA,gBACL;AACE,kBAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA;AACX,YACF,SAAS,UAAA,EAAY;AACnB,cAAA,OAAA,CAAQ,IAAA,CAAK,qDAAqD,UAAU,CAAA;AAC5E,cAAA,MAAM,KAAK,WAAA,EAAY;AACvB,cAAA,OAAO,KAAA;AAAA,YACT;AAAA,UACF,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,6EAA6E,CAAA;AACzF,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,GAAkB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC5C,QAAA,OAAA,CAAQ,GAAA,CAAI,gDAAA,EAAkD,eAAA,CAAgB,SAAA,EAAW,SAAS,CAAA;AAGlG,QAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,UAAA,IAAA,CAAK,MAAA,GAAS;AAAA,YACZ,aAAa,eAAA,CAAgB,WAAA;AAAA,YAC7B,YAAA,EAAc,gBAAgB,YAAA,IAAgB,EAAA;AAAA;AAAA,YAC9C,WAAW,eAAA,CAAgB,SAAA;AAAA,YAC3B,SAAA,EAAW,IAAA,CAAK,GAAA,EAAI,GAAI,gBAAgB,SAAA,GAAY,GAAA;AAAA,YACpD,QAAQ,eAAA,CAAgB,MAAA;AAAA,YACxB,WAAA,EAAa,IAAA;AAAA,YACb,MAAA,EAAQ,IAAA;AAAA,YACR,SAAA,EAAW,eAAA,CAAgB,SAAA,IAAa,EAAC;AAAA,YACzC,WAAA,EAAa;AAAA,WACf;AAAA,QACF,CAAA,MAAO;AAEL,UAAA,IAAA,CAAK,MAAA,CAAO,cAAc,eAAA,CAAgB,WAAA;AAC1C,UAAA,IAAI,gBAAgB,YAAA,EAAc;AAChC,YAAA,IAAA,CAAK,MAAA,CAAO,eAAe,eAAA,CAAgB,YAAA;AAAA,UAC7C;AACA,UAAA,IAAA,CAAK,MAAA,CAAO,YAAY,eAAA,CAAgB,SAAA;AACxC,UAAA,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,gBAAgB,SAAA,GAAY,GAAA;AAEjE,UAAA,IAAA,CAAK,MAAA,CAAO,SAAS,eAAA,CAAgB,MAAA;AACrC,UAAA,IAAA,CAAK,MAAA,CAAO,SAAA,GAAY,eAAA,CAAgB,SAAA,IAAa,KAAK,MAAA,CAAO,SAAA;AAAA,QACnE;AAEA,QAAA,MAAM,KAAK,mBAAA,EAAoB;AAC/B,QAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,QAAA,OAAO,IAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AAEzD,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,SAAE;AAEA,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AACtB,QAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAAA,MAChE;AAAA,IACF,CAAA,GAAG;AAEH,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,aAAA,GAA+B;AAC7B,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAClC,IAAA,OAAO,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,EACrC;AACF;AAGO,IAAM,eAAA,GAAkB,IAAI,eAAA;AAK5B,SAAS,sBAAsB,OAAA,EAAwC;AAC5E,EAAA,OAAO,IAAI,gBAAgB,OAAO,CAAA;AACpC;AAIA,eAAsB,MAAA,CAAO,UAA2B,eAAA,EAAgC;AACtF,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAM,iBAAA,CAAkB,CAAA,EAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,QAC/D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAA;AAAA,UACf,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,uBAAuB,KAAK,CAAA;AAAA,EAC5C,CAAA,SAAE;AACA,IAAA,MAAM,QAAQ,WAAA,EAAY;AAAA,EAC5B;AACF;AAEA,eAAsB,WAAA,CAAY,UAA2B,eAAA,EAAiD;AAC5G,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAA,CAAQ,IAAI,iDAAiD,CAAA;AAC7D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,MAChF,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,EAAE,aAAA,EAAe,UAAA,EAAW;AAAA,MACrC,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,OAAA,CAAQ,GAAA,CAAI,kCAAA,EAAoC,QAAA,CAAS,MAAM,CAAA;AAE/D,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,UAAA,OAAA,CAAQ,GAAA,CAAI,4BAA4B,SAAS,CAAA;AAGjD,UAAA,QAAQ,UAAU,UAAA;AAAY,YAC5B,KAAK,eAAA;AACH,cAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,cAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,cAAA,IAAI,cAAA,EAAgB;AAClB,gBAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AACvE,gBAAA,OAAO,MAAM,YAAY,OAAO,CAAA;AAAA,cAClC,CAAA,MAAO;AACL,gBAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AACzD,gBAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,gBAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,cACxB;AAAA,YAEF,KAAK,mBAAA;AACH,cAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,YAExB,KAAK,eAAA;AAAA,YACL;AACE,cAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAClD,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA;AAC1B,QACF,SAAS,UAAA,EAAY;AACnB,UAAA,OAAA,CAAQ,IAAA,CAAK,6CAA6C,UAAU,CAAA;AACpE,UAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,UAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,yDAAyD,CAAA;AACrE,QAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,MACxB;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,IAAA,OAAA,CAAQ,GAAA,CAAI,wCAAwC,cAAc,CAAA;AAElE,IAAA,IAAI,eAAe,KAAA,EAAO;AACxB,MAAA,IAAI,OAAO,cAAA,CAAe,WAAA,KAAgB,SAAA,EAAW;AACnD,QAAA,MAAM,OAAA,CAAQ,oBAAA,CAAqB,cAAA,CAAe,WAAW,CAAA;AAAA,MAC/D;AAEA,MAAA,IAAI,OAAA,CAAQ,WAAU,EAAG;AACvB,QAAA,IAAI,cAAA,CAAe,gBAAgB,KAAA,CAAA,EAAW;AAC5C,UAAA,MAAM,OAAA,CAAQ,iBAAA,CAAkB,cAAA,CAAe,WAAW,CAAA;AAAA,QAC5D;AAAA,MAEF;AAAA,IACF;AAEA,IAAA,OAAO,cAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAC9D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AACF;AAEA,eAAsB,gBAAA,CAAiB,UAA2B,eAAA,EAAmC;AAEnG,EAAA,IAAI,QAAQ,eAAA,EAAgB,IAAK,CAAC,OAAA,CAAQ,gBAAe,EAAG;AAC1D,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,8DAA8D,CAAA;AAK1E,EAAA,MAAM,YAAA,GAAe,QAAQ,eAAA,EAAgB;AAC7C,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,IAAI,8DAA8D,CAAA;AAAA,EAC5E,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,IAAI,uEAAuE,CAAA;AAAA,EACrF;AAEA,EAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,EAAA,OAAA,CAAQ,GAAA,CAAI,iCAAiC,cAAc,CAAA;AAC3D,EAAA,OAAO,cAAA;AACT;AAqBA,eAAsB,cAAA,CAAe,UAA2B,eAAA,EAA4C;AAC1G,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAQ,SAAA,EAAU;AAC3B;AAEA,eAAsB,mBACpB,GAAA,EACA,OAAA,GAAuB,EAAC,EACxB,UAA2B,eAAA,EACR;AACnB,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,gBAAA,GAAmB,kBAAkB,GAAG,CAAA;AAC9C,EAAA,MAAM,cAAA,GAA8B;AAAA,IAClC,GAAG,OAAA;AAAA,IACH,OAAA,EAAS;AAAA,MACP,GAAG,OAAA,CAAQ,OAAA;AAAA,MACX,aAAA,EAAe,UAAA;AAAA,MACf,cAAA,EAAgB;AAAA;AAClB,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,gBAAA,EAAkB,cAAc,CAAA;AAG7D,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,EAAc;AAC5C,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,cAAA,CAAe,OAAA,GAAU;AAAA,UACvB,GAAG,cAAA,CAAe,OAAA;AAAA,UAClB,aAAA,EAAe;AAAA,SACjB;AACA,QAAA,OAAO,KAAA,CAAM,kBAAkB,cAAc,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAIA,eAAsB,eAAA,CAAgB,QAAgB,OAAA,EAA+D;AACnH,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,iBAAiB,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,QAAQ;AAAA,GAChC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,cAAc,CAAA;AAClE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,cAAA,CAAe,KAAA,EAAe,IAAA,EAAc,OAAA,EAA+D;AAC/H,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,6BAA6B,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,MAAM;AAAA,GACrC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,2BAA2B,CAAA;AAC/E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,iBAAA,CAAkB,cAQrC,OAAA,EAA+D;AAChE,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,0BAA0B,CAAA,EAAG;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,YAAY;AAAA,GAClC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,uBAAuB,CAAA;AAC3E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,kBAAA,CAAmB,UAA2B,eAAA,EAAmC;AACrG,EAAA,IAAI;AACF,IAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,OAAO,CAAA;AAC9C,IAAA,IAAI,YAAA,EAAc,KAAA,IAAS,OAAO,YAAA,CAAa,gBAAgB,SAAA,EAAW;AACxE,MAAA,OAAO,YAAA,CAAa,WAAA;AAAA,IACtB;AACA,IAAA,OAAO,KAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Base64URL encoding/decoding utilities\n * Used for WebAuthn and JWT operations\n */\n\n/**\n * Convert ArrayBuffer to Base64URL string\n * @param buffer - ArrayBuffer to convert\n * @returns Base64URL encoded string\n */\nexport function arrayBufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '');\n}\n\n/**\n * Convert Base64URL string to Uint8Array\n * @param base64url - Base64URL string to convert\n * @returns Uint8Array\n */\nexport function base64urlToUint8Array(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');\n const pad = base64.length % 4 ? 4 - (base64.length % 4) : 0;\n const padded = base64 + '='.repeat(pad);\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n/**\n * Convert ArrayBuffer to standard Base64 string (not URL-safe)\n * @param buffer - ArrayBuffer to convert\n * @returns Base64 encoded string\n */\nexport function arrayBufferToBase64(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n}\n","/**\n * Storage abstraction layer for tokens and keyshares\n * Allows the core package to work in both browser and Node.js environments\n */\n\n/**\n * Storage interface for storing key-value pairs\n * Can be implemented for different storage backends (localStorage, Redis, memory, etc.)\n */\nexport interface TokenStorage {\n /**\n * Get item from storage\n * @param key - Storage key\n * @returns Value or null if not found\n */\n getItem(key: string): Promise<string | null> | string | null;\n\n /**\n * Set item in storage\n * @param key - Storage key\n * @param value - Value to store\n */\n setItem(key: string, value: string): Promise<void> | void;\n\n /**\n * Remove item from storage\n * @param key - Storage key\n */\n removeItem(key: string): Promise<void> | void;\n}\n\n/**\n * In-memory storage adapter\n * Useful for server-side usage where persistence is not required\n */\nexport class MemoryStorage implements TokenStorage {\n private storage = new Map<string, string>();\n\n getItem(key: string): string | null {\n return this.storage.get(key) || null;\n }\n\n setItem(key: string, value: string): void {\n this.storage.set(key, value);\n }\n\n removeItem(key: string): void {\n this.storage.delete(key);\n }\n\n /**\n * Clear all items from memory storage\n */\n clear(): void {\n this.storage.clear();\n }\n\n /**\n * Get all keys in storage\n */\n keys(): string[] {\n return Array.from(this.storage.keys());\n }\n\n /**\n * Get number of items in storage\n */\n get size(): number {\n return this.storage.size;\n }\n}\n\n/**\n * LocalStorage adapter for browser environments\n * Falls back to memory storage if localStorage is not available\n */\nexport class LocalStorageAdapter implements TokenStorage {\n private fallback: MemoryStorage | null = null;\n\n constructor() {\n // Check if localStorage is available\n if (!this.isLocalStorageAvailable()) {\n console.warn('[Storage] localStorage not available, falling back to memory storage');\n this.fallback = new MemoryStorage();\n }\n }\n\n private isLocalStorageAvailable(): boolean {\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const storage = win ? win.localStorage : undefined;\n if (!storage) {\n return false;\n }\n // Test if we can actually use localStorage (some browsers block it in private mode)\n const testKey = '__lumia_storage_test__';\n storage.setItem(testKey, 'test');\n storage.removeItem(testKey);\n return true;\n } catch {\n return false;\n }\n }\n\n getItem(key: string): string | null {\n if (this.fallback) {\n return this.fallback.getItem(key);\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const value = win?.localStorage?.getItem(key) || null;\n return value;\n } catch (error) {\n console.error('[Storage] Error reading from localStorage:', error);\n return null;\n }\n }\n\n setItem(key: string, value: string): void {\n if (this.fallback) {\n this.fallback.setItem(key, value);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.setItem(key, value);\n } catch (error) {\n console.error('[Storage] Error writing to localStorage:', error);\n // Initialize fallback if localStorage fails\n if (!this.fallback) {\n this.fallback = new MemoryStorage();\n this.fallback.setItem(key, value);\n }\n }\n }\n\n removeItem(key: string): void {\n if (this.fallback) {\n this.fallback.removeItem(key);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.removeItem(key);\n } catch (error) {\n console.error('[Storage] Error removing from localStorage:', error);\n }\n }\n}\n\n/**\n * Keyshare storage interface (same as TokenStorage but with a different name for clarity)\n */\nexport interface KeyshareStorage extends TokenStorage {}\n\n/**\n * Helper to normalize storage operations to always be async\n * This allows mixing sync and async storage implementations\n */\nexport async function storageGet(\n storage: TokenStorage,\n key: string\n): Promise<string | null> {\n const result = storage.getItem(key);\n return result instanceof Promise ? await result : result;\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageSet(\n storage: TokenStorage,\n key: string,\n value: string\n): Promise<void> {\n const result = storage.setItem(key, value);\n if (result instanceof Promise) {\n await result;\n }\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageRemove(\n storage: TokenStorage,\n key: string\n): Promise<void> {\n const result = storage.removeItem(key);\n if (result instanceof Promise) {\n await result;\n }\n}\n","/**\n * Project ID management for Lumia Passport Core\n * Adapted to work in both browser and Node.js environments\n */\n\nlet globalProjectId: string | undefined;\n\n/**\n * Set the global project ID\n * @param projectId - The project ID to set\n */\nexport function setProjectId(projectId: string): void {\n globalProjectId = projectId;\n}\n\n/**\n * Get the current project ID\n * Priority: 1. Explicitly set via setProjectId(), 2. window.__LUMIA_PROJECT_ID__ (browser only)\n */\nexport function getProjectId(): string | undefined {\n // First check explicitly set projectId\n if (globalProjectId) {\n return globalProjectId;\n }\n\n // Fallback to window global (browser only)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n return ((globalThis as any).window as any).__LUMIA_PROJECT_ID__;\n }\n\n return undefined;\n}\n\n/**\n * Add projectId to URL query parameters\n * @param url - The URL to add projectId to\n * @param projectId - Optional explicit projectId (uses getProjectId() if not provided)\n */\nexport function addProjectIdToUrl(url: string, projectId?: string): string {\n try {\n const pid = projectId || getProjectId();\n if (pid) {\n const separator = url.includes('?') ? '&' : '?';\n return `${url}${separator}projectId=${encodeURIComponent(pid)}`;\n }\n } catch (error) {\n // Silently fail and return original URL\n }\n return url;\n}\n\n/**\n * Clear the globally set project ID\n */\nexport function clearProjectId(): void {\n globalProjectId = undefined;\n}\n","/**\n * JWT Token Management\n * Adapted from lumia-passport-ui-kit/src/internal/auth/jwt.ts\n * Browser-specific features (passkey auth) remain in UI kit\n */\n\nimport type { TokenStorage } from './storage';\nimport { LocalStorageAdapter } from './storage';\nimport { addProjectIdToUrl } from '../utils/project-id';\n\n// Token storage keys\nconst TOKEN_STORAGE_KEY = 'lumia-passport-jwt-tokens';\nconst USER_ID_KEY = 'lumia-passport-current-user-id';\n\n// Build-time injected URLs (tsup.define)\ndeclare const __LUMIA_TSS_URL__: string;\ndeclare const __LUMIA_BUNDLER_URL__: string;\ndeclare const __LUMIA_SHARE_VAULT_URL__: string;\n\n// Service URL provider - will be set by config\nlet tssUrlProvider: (() => string) | undefined;\n\n/**\n * Configure JWT module with service URLs\n * Call this from createLumiaPassportCore (backend usage)\n */\nexport function configureJwtModule(config: {\n tssUrl?: string;\n projectId?: string;\n}) {\n if (config.tssUrl) {\n tssUrlProvider = () => config.tssUrl!;\n }\n // Note: projectId is now handled via addProjectIdToUrl from utils/project-id\n // which reads from window.__LUMIA_PROJECT_ID__ or can be set via setProjectId()\n}\n\n// Build-time default from .env (will be replaced by tsup define)\nconst BUILD_TSS_URL = (typeof __LUMIA_TSS_URL__ !== 'undefined' && __LUMIA_TSS_URL__) || '';\n\nfunction getTssUrl(): string {\n // Priority: runtime config > window.__LUMIA_SERVICES__ > build-time default > hardcoded fallback\n\n // 1. Runtime config (backend usage via configureJwtModule)\n if (tssUrlProvider) {\n return tssUrlProvider();\n }\n\n // 2. Browser runtime config from LumiaPassportProvider (window.__LUMIA_SERVICES__)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n const services = ((globalThis as any).window as any).__LUMIA_SERVICES__;\n if (services?.tssUrl) {\n return services.tssUrl;\n }\n }\n\n // 3. Build-time injected default (from .env during pnpm build)\n if (BUILD_TSS_URL) {\n return BUILD_TSS_URL;\n }\n\n // 4. Hardcoded fallback\n return 'http://localhost:9256';\n}\n\n// addProjectIdToUrl is imported from '../utils/project-id'\n// It automatically reads from window.__LUMIA_PROJECT_ID__ or global setProjectId()\n\n// Types\nexport interface JwtTokens {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n expiresAt: number;\n hasKeyshare?: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface LoginResponse {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n hasKeyshare: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface RefreshResponse {\n accessToken: string;\n refreshToken?: string; // Optional - may stay in cookies only\n expiresIn: number;\n userId: string;\n sessionId: string;\n providers: string[];\n}\n\nexport interface VerifyResponse {\n valid: boolean;\n userId?: string;\n sessionId?: string;\n exp?: number;\n hasKeyshare?: boolean;\n displayName?: string | null;\n avatar?: string | null;\n}\n\n/**\n * JWT Token Manager\n * Handles token storage, refresh, and validation\n */\nexport class JwtTokenManager {\n private tokens: JwtTokens | null = null;\n private storage: TokenStorage;\n private refreshPromise: Promise<boolean> | null = null; // Mutex for refresh operations\n\n constructor(storage?: TokenStorage) {\n this.storage = storage || new LocalStorageAdapter();\n console.log('[JWT] JwtTokenManager initializing...');\n this.loadTokensFromStorage();\n }\n\n private async loadTokensFromStorage(): Promise<void> {\n try {\n const stored = await this.storage.getItem(TOKEN_STORAGE_KEY);\n console.log('[JWT] Loading tokens from storage:', !!stored);\n\n if (stored) {\n this.tokens = JSON.parse(stored);\n console.log('[JWT] Parsed tokens:', {\n hasAccessToken: !!this.tokens?.accessToken,\n hasRefreshToken: !!this.tokens?.refreshToken,\n userId: this.tokens?.userId,\n expiresAt: this.tokens?.expiresAt,\n currentTime: Date.now(),\n timeToExpiry: this.tokens?.expiresAt ? (this.tokens.expiresAt - Date.now()) / 1000 : 'N/A'\n });\n\n if (this.tokens && this.isTokenExpired()) {\n console.log('[JWT] Access token is expired');\n\n // Check if we have a refresh token to attempt renewal\n if (this.tokens.refreshToken) {\n console.log('[JWT] Refresh token available, will attempt renewal when needed');\n // Keep tokens - they will be refreshed on the first API call via ensureValidToken()\n } else {\n console.log('[JWT] No refresh token available, clearing tokens');\n await this.clearTokens();\n }\n } else {\n console.log('[JWT] Access token is valid, keeping tokens');\n }\n } else {\n console.log('[JWT] No tokens found in storage');\n }\n } catch (error) {\n console.error('[JWT] Error loading tokens from storage:', error);\n await this.clearTokens();\n }\n }\n\n private async saveTokensToStorage(): Promise<void> {\n try {\n if (this.tokens) {\n const tokenString = JSON.stringify(this.tokens);\n await this.storage.setItem(TOKEN_STORAGE_KEY, tokenString);\n await this.storage.setItem(USER_ID_KEY, this.tokens.userId);\n }\n } catch (error) {\n console.error('[JWT] Failed to save tokens to storage:', error);\n }\n }\n\n async setTokens(response: LoginResponse): Promise<void> {\n const expiresAt = Date.now() + response.expiresIn * 1000;\n this.tokens = {\n accessToken: response.accessToken,\n refreshToken: response.refreshToken,\n userId: response.userId,\n expiresIn: response.expiresIn,\n expiresAt,\n hasKeyshare: response.hasKeyshare,\n isNewUser: response.isNewUser,\n avatar: response.avatar ?? null,\n displayName: response.displayName ?? null,\n providers: response.providers ?? []\n };\n\n await this.saveTokensToStorage();\n }\n\n getAccessToken(): string | null {\n if (!this.tokens) return null;\n // Return access token even if expired - ensureValidToken() will handle refresh\n return this.tokens.accessToken;\n }\n\n getRefreshToken(): string | null {\n return this.tokens?.refreshToken || null;\n }\n\n getUserId(): string | null {\n return this.tokens?.userId || null;\n }\n\n getHasKeyshare(): boolean | null {\n return this.tokens?.hasKeyshare ?? null;\n }\n\n getAvatar(): string | null {\n return this.tokens?.avatar || null;\n }\n\n getDisplayName(): string | null {\n return this.tokens?.displayName || null;\n }\n\n getProviders(): string[] {\n return this.tokens?.providers ?? [];\n }\n\n getTokens(): JwtTokens | null {\n return this.tokens;\n }\n\n async updateKeyshareStatus(hasKeyshare: boolean): Promise<void> {\n if (this.tokens) {\n this.tokens.hasKeyshare = hasKeyshare;\n await this.saveTokensToStorage();\n }\n }\n\n async updateDisplayName(displayName: string | null): Promise<void> {\n if (this.tokens) {\n this.tokens.displayName = displayName;\n await this.saveTokensToStorage();\n }\n }\n\n isTokenExpired(): boolean {\n if (!this.tokens) {\n return true;\n }\n\n const buffer = 30 * 1000; // 30 seconds buffer\n const now = Date.now();\n const expiresAt = this.tokens.expiresAt;\n const isExpired = now > (expiresAt - buffer);\n\n return isExpired;\n }\n\n isAuthenticated(): boolean {\n // Consider authenticated if we have either valid access token OR refresh token\n if (!this.tokens) return false;\n\n if (!this.isTokenExpired()) {\n return !!this.tokens.accessToken;\n }\n\n // If access token is expired but we have refresh token, we're still authenticated\n return !!this.tokens.refreshToken;\n }\n\n async clearTokens(): Promise<void> {\n this.tokens = null;\n await this.storage.removeItem(TOKEN_STORAGE_KEY);\n await this.storage.removeItem(USER_ID_KEY);\n }\n\n async refreshAccessToken(): Promise<boolean> {\n // If refresh is already in progress, wait for it to complete\n if (this.refreshPromise) {\n console.log('[JWT] Refresh already in progress, waiting for existing operation...');\n return this.refreshPromise;\n }\n\n const refreshToken = this.getRefreshToken();\n \n // If no refresh token in localStorage, try cookie-based refresh\n if (!refreshToken) {\n console.log('[JWT] No refresh token in storage, attempting cookie-based refresh...');\n } else {\n console.log('[JWT] Starting new token refresh operation with stored refresh token...');\n }\n\n // Create and store the refresh promise (mutex pattern)\n this.refreshPromise = (async () => {\n try {\n // If refresh token is in localStorage, send it in body\n // Otherwise, rely on cookies (refresh_token cookie set by backend)\n const requestBody = refreshToken \n ? JSON.stringify({ refreshToken })\n : JSON.stringify({});\n\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: requestBody\n });\n\n if (!response.ok) {\n console.log('[JWT] Token refresh failed with status:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] Refresh 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Refresh token session not found, clearing tokens');\n await this.clearTokens();\n return false;\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid refresh token, clearing tokens');\n await this.clearTokens();\n return false;\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse refresh 401 error response:', parseError);\n await this.clearTokens();\n return false;\n }\n } else {\n console.log('[JWT] Non-401 error during refresh, keeping tokens (might be network error)');\n return false;\n }\n }\n\n const refreshResponse = await response.json() as RefreshResponse;\n console.log('[JWT] Token refresh successful, new expiry in:', refreshResponse.expiresIn, 'seconds');\n\n // Initialize tokens if they don't exist (cookie-based auth case)\n if (!this.tokens) {\n this.tokens = {\n accessToken: refreshResponse.accessToken,\n refreshToken: refreshResponse.refreshToken || '', // May be empty if staying in cookies\n expiresIn: refreshResponse.expiresIn,\n expiresAt: Date.now() + refreshResponse.expiresIn * 1000,\n userId: refreshResponse.userId,\n displayName: null,\n avatar: null,\n providers: refreshResponse.providers || [],\n hasKeyshare: false\n };\n } else {\n // Update both access and refresh tokens (token rotation)\n this.tokens.accessToken = refreshResponse.accessToken;\n if (refreshResponse.refreshToken) {\n this.tokens.refreshToken = refreshResponse.refreshToken;\n }\n this.tokens.expiresIn = refreshResponse.expiresIn;\n this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1000;\n // Update userId and providers from refresh response\n this.tokens.userId = refreshResponse.userId;\n this.tokens.providers = refreshResponse.providers || this.tokens.providers;\n }\n \n await this.saveTokensToStorage();\n console.log('[JWT] Refreshed tokens saved to storage');\n return true;\n } catch (error) {\n console.error('[JWT] Token refresh network error:', error);\n // Don't clear tokens on network errors - might be temporary\n return false;\n } finally {\n // Clear the mutex when operation completes (success or failure)\n this.refreshPromise = null;\n console.log('[JWT] Refresh operation completed, mutex cleared');\n }\n })();\n\n return this.refreshPromise;\n }\n\n getAuthHeader(): string | null {\n const token = this.getAccessToken();\n return token ? `Bearer ${token}` : null;\n }\n}\n\n// Default instance with LocalStorage\nexport const jwtTokenManager = new JwtTokenManager();\n\n/**\n * Create a custom JWT token manager with specific storage\n */\nexport function createJwtTokenManager(storage: TokenStorage): JwtTokenManager {\n return new JwtTokenManager(storage);\n}\n\n// Authentication functions\n\nexport async function logout(manager: JwtTokenManager = jwtTokenManager): Promise<void> {\n try {\n const authHeader = manager.getAuthHeader();\n if (authHeader) {\n await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/logout`), {\n method: 'POST',\n headers: {\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n },\n credentials: 'include'\n });\n }\n } catch (error) {\n console.error('[JWT] Logout error:', error);\n } finally {\n await manager.clearTokens();\n }\n}\n\nexport async function verifyToken(manager: JwtTokenManager = jwtTokenManager): Promise<VerifyResponse | null> {\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n console.log('[JWT] No auth header available for verification');\n return { valid: false };\n }\n\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {\n method: 'GET',\n headers: { Authorization: authHeader },\n credentials: 'include'\n });\n\n if (!response.ok) {\n console.log('[JWT] Token verification failed:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'TOKEN_EXPIRED':\n console.log('[JWT] Access token expired, attempting refresh...');\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n console.log('[JWT] Token refreshed successfully, retrying verification');\n return await verifyToken(manager);\n } else {\n console.log('[JWT] Token refresh failed, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Session not found or revoked, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid token, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse 401 error response:', parseError);\n await manager.clearTokens();\n return { valid: false };\n }\n } else {\n console.log('[JWT] Non-401 error during verification, keeping tokens');\n return { valid: false };\n }\n }\n\n const verifyResponse = await response.json() as VerifyResponse;\n console.log('[JWT] Token verification successful:', verifyResponse);\n\n if (verifyResponse.valid) {\n if (typeof verifyResponse.hasKeyshare === 'boolean') {\n await manager.updateKeyshareStatus(verifyResponse.hasKeyshare);\n }\n // Update displayName and avatar if present\n if (manager.getTokens()) {\n if (verifyResponse.displayName !== undefined) {\n await manager.updateDisplayName(verifyResponse.displayName);\n }\n // Avatar update would need similar method\n }\n }\n\n return verifyResponse;\n } catch (error) {\n console.error('[JWT] Token verification network error:', error);\n return { valid: false };\n }\n}\n\nexport async function ensureValidToken(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n // Check if current access token is valid (not expired)\n if (manager.isAuthenticated() && !manager.isTokenExpired()) {\n return true;\n }\n\n console.log('[JWT] Access token expired or missing, attempting refresh...');\n\n // Always attempt refresh - refreshAccessToken() handles both:\n // 1. Refresh token from localStorage (body)\n // 2. Refresh token from cookies (cookie-based auth)\n const refreshToken = manager.getRefreshToken();\n if (refreshToken) {\n console.log('[JWT] Refresh token available in storage, attempting refresh');\n } else {\n console.log('[JWT] No refresh token in storage, attempting cookie-based refresh...');\n }\n\n const refreshSuccess = await manager.refreshAccessToken();\n console.log('[JWT] Refresh attempt result:', refreshSuccess);\n return refreshSuccess;\n}\n\n/**\n * Get current tokens, automatically refreshing them if expired\n * Recommended for integrators who need fresh tokens for backend validation via JWK\n *\n * @returns Current tokens if valid or successfully refreshed, null if refresh failed\n * @example\n * ```ts\n * // Get fresh tokens for backend validation\n * const tokens = await getValidTokens();\n * if (tokens) {\n * // Send accessToken to your backend for JWK signature verification\n * console.log('Access Token:', tokens.accessToken);\n * console.log('User ID:', tokens.userId);\n * } else {\n * // Token refresh failed, user needs to re-authenticate\n * console.log('Please login again');\n * }\n * ```\n */\nexport async function getValidTokens(manager: JwtTokenManager = jwtTokenManager): Promise<JwtTokens | null> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n return null;\n }\n return manager.getTokens();\n}\n\nexport async function authenticatedFetch(\n url: string,\n options: RequestInit = {},\n manager: JwtTokenManager = jwtTokenManager\n): Promise<Response> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n throw new Error('No valid authentication token available');\n }\n\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n throw new Error('Failed to get authentication header');\n }\n\n const urlWithProjectId = addProjectIdToUrl(url);\n const requestOptions: RequestInit = {\n ...options,\n headers: {\n ...options.headers,\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n }\n };\n\n const response = await fetch(urlWithProjectId, requestOptions);\n\n // Handle 401 by attempting token refresh\n if (response.status === 401) {\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n const newAuthHeader = manager.getAuthHeader();\n if (newAuthHeader) {\n requestOptions.headers = {\n ...requestOptions.headers,\n Authorization: newAuthHeader\n };\n return fetch(urlWithProjectId, requestOptions);\n }\n }\n }\n\n return response;\n}\n\n// Login functions (non-passkey)\n\nexport async function loginWithUserId(userId: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ userId })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Login failed');\n throw new Error(`Login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithEmail(email: string, code: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ email, code })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Email verification failed');\n throw new Error(`Email verification failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithTelegram(telegramData: {\n id: number;\n first_name: string;\n last_name?: string;\n username?: string;\n photo_url?: string;\n auth_date: number;\n hash: string;\n}, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify(telegramData)\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Telegram login failed');\n throw new Error(`Telegram login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function syncKeyshareStatus(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n try {\n const verification = await verifyToken(manager);\n if (verification?.valid && typeof verification.hasKeyshare === 'boolean') {\n return verification.hasKeyshare;\n }\n return false;\n } catch {\n return false;\n }\n}\n"]}
package/dist/auth/index.d.cts CHANGED
@@ -140,8 +140,11 @@ interface LoginResponse {
140
140
  }
141
141
  interface RefreshResponse {
142
142
  accessToken: string;
143
- refreshToken: string;
143
+ refreshToken?: string;
144
144
  expiresIn: number;
145
+ userId: string;
146
+ sessionId: string;
147
+ providers: string[];
145
148
  }
146
149
  interface VerifyResponse {
147
150
  valid: boolean;
package/dist/auth/index.d.ts CHANGED
@@ -140,8 +140,11 @@ interface LoginResponse {
140
140
  }
141
141
  interface RefreshResponse {
142
142
  accessToken: string;
143
- refreshToken: string;
143
+ refreshToken?: string;
144
144
  expiresIn: number;
145
+ userId: string;
146
+ sessionId: string;
147
+ providers: string[];
145
148
  }
146
149
  interface VerifyResponse {
147
150
  valid: boolean;
package/dist/auth/index.js CHANGED
@@ -317,17 +317,18 @@ var JwtTokenManager = class {
317
317
  }
318
318
  const refreshToken = this.getRefreshToken();
319
319
  if (!refreshToken) {
320
- console.warn("[JWT] No refresh token available for refresh");
321
- return false;
320
+ console.log("[JWT] No refresh token in storage, attempting cookie-based refresh...");
321
+ } else {
322
+ console.log("[JWT] Starting new token refresh operation with stored refresh token...");
322
323
  }
323
- console.log("[JWT] Starting new token refresh operation...");
324
324
  this.refreshPromise = (async () => {
325
325
  try {
326
+ const requestBody = refreshToken ? JSON.stringify({ refreshToken }) : JSON.stringify({});
326
327
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {
327
328
  method: "POST",
328
329
  headers: { "Content-Type": "application/json" },
329
330
  credentials: "include",
330
- body: JSON.stringify({ refreshToken })
331
+ body: requestBody
331
332
  });
332
333
  if (!response.ok) {
333
334
  console.log("[JWT] Token refresh failed with status:", response.status);
@@ -358,17 +359,32 @@ var JwtTokenManager = class {
358
359
  }
359
360
  const refreshResponse = await response.json();
360
361
  console.log("[JWT] Token refresh successful, new expiry in:", refreshResponse.expiresIn, "seconds");
361
- if (this.tokens) {
362
+ if (!this.tokens) {
363
+ this.tokens = {
364
+ accessToken: refreshResponse.accessToken,
365
+ refreshToken: refreshResponse.refreshToken || "",
366
+ // May be empty if staying in cookies
367
+ expiresIn: refreshResponse.expiresIn,
368
+ expiresAt: Date.now() + refreshResponse.expiresIn * 1e3,
369
+ userId: refreshResponse.userId,
370
+ displayName: null,
371
+ avatar: null,
372
+ providers: refreshResponse.providers || [],
373
+ hasKeyshare: false
374
+ };
375
+ } else {
362
376
  this.tokens.accessToken = refreshResponse.accessToken;
363
- this.tokens.refreshToken = refreshResponse.refreshToken;
377
+ if (refreshResponse.refreshToken) {
378
+ this.tokens.refreshToken = refreshResponse.refreshToken;
379
+ }
364
380
  this.tokens.expiresIn = refreshResponse.expiresIn;
365
381
  this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1e3;
366
- await this.saveTokensToStorage();
367
- console.log("[JWT] Refreshed tokens saved to storage");
368
- return true;
382
+ this.tokens.userId = refreshResponse.userId;
383
+ this.tokens.providers = refreshResponse.providers || this.tokens.providers;
369
384
  }
370
- console.error("[JWT] No existing tokens to update");
371
- return false;
385
+ await this.saveTokensToStorage();
386
+ console.log("[JWT] Refreshed tokens saved to storage");
387
+ return true;
372
388
  } catch (error) {
373
389
  console.error("[JWT] Token refresh network error:", error);
374
390
  return false;
@@ -482,13 +498,13 @@ async function ensureValidToken(manager = jwtTokenManager) {
482
498
  console.log("[JWT] Access token expired or missing, attempting refresh...");
483
499
  const refreshToken = manager.getRefreshToken();
484
500
  if (refreshToken) {
485
- console.log("[JWT] Refresh token available, attempting to refresh access token");
486
- const refreshSuccess = await manager.refreshAccessToken();
487
- console.log("[JWT] Refresh attempt result:", refreshSuccess);
488
- return refreshSuccess;
501
+ console.log("[JWT] Refresh token available in storage, attempting refresh");
502
+ } else {
503
+ console.log("[JWT] No refresh token in storage, attempting cookie-based refresh...");
489
504
  }
490
- console.log("[JWT] No refresh token available, user needs to re-authenticate");
491
- return false;
505
+ const refreshSuccess = await manager.refreshAccessToken();
506
+ console.log("[JWT] Refresh attempt result:", refreshSuccess);
507
+ return refreshSuccess;
492
508
  }
493
509
  async function getValidTokens(manager = jwtTokenManager) {
494
510
  const hasValidToken = await ensureValidToken(manager);