@neetru/sdk 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/CHANGELOG.md +94 -1
  2. package/dist/auth.cjs +156 -7
  3. package/dist/auth.cjs.map +1 -1
  4. package/dist/auth.d.cts +5 -3
  5. package/dist/auth.d.ts +5 -3
  6. package/dist/auth.mjs +156 -8
  7. package/dist/auth.mjs.map +1 -1
  8. package/dist/catalog.cjs.map +1 -1
  9. package/dist/catalog.d.cts +2 -2
  10. package/dist/catalog.d.ts +2 -2
  11. package/dist/catalog.mjs.map +1 -1
  12. package/dist/checkout.cjs.map +1 -1
  13. package/dist/checkout.d.cts +2 -2
  14. package/dist/checkout.d.ts +2 -2
  15. package/dist/checkout.mjs.map +1 -1
  16. package/dist/{collection-ref-BBvTTXoG.d.cts → collection-ref-DqAAhuhX.d.cts} +56 -7
  17. package/dist/{collection-ref-BBvTTXoG.d.ts → collection-ref-DqAAhuhX.d.ts} +56 -7
  18. package/dist/db-react.d.cts +1 -1
  19. package/dist/db-react.d.ts +1 -1
  20. package/dist/db.cjs +29 -7
  21. package/dist/db.cjs.map +1 -1
  22. package/dist/db.d.cts +2 -2
  23. package/dist/db.d.ts +2 -2
  24. package/dist/db.mjs +29 -7
  25. package/dist/db.mjs.map +1 -1
  26. package/dist/entitlements.cjs.map +1 -1
  27. package/dist/entitlements.d.cts +2 -2
  28. package/dist/entitlements.d.ts +2 -2
  29. package/dist/entitlements.mjs.map +1 -1
  30. package/dist/errors.cjs.map +1 -1
  31. package/dist/errors.d.cts +1 -1
  32. package/dist/errors.d.ts +1 -1
  33. package/dist/errors.mjs.map +1 -1
  34. package/dist/index.cjs +172 -21
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.d.cts +3 -3
  37. package/dist/index.d.ts +3 -3
  38. package/dist/index.mjs +172 -21
  39. package/dist/index.mjs.map +1 -1
  40. package/dist/mocks.cjs +75 -14
  41. package/dist/mocks.cjs.map +1 -1
  42. package/dist/mocks.d.cts +22 -2
  43. package/dist/mocks.d.ts +22 -2
  44. package/dist/mocks.mjs +75 -14
  45. package/dist/mocks.mjs.map +1 -1
  46. package/dist/notifications.cjs.map +1 -1
  47. package/dist/notifications.d.cts +2 -2
  48. package/dist/notifications.d.ts +2 -2
  49. package/dist/notifications.mjs.map +1 -1
  50. package/dist/react.d.cts +2 -2
  51. package/dist/react.d.ts +2 -2
  52. package/dist/support.cjs.map +1 -1
  53. package/dist/support.d.cts +2 -2
  54. package/dist/support.d.ts +2 -2
  55. package/dist/support.mjs.map +1 -1
  56. package/dist/telemetry.cjs.map +1 -1
  57. package/dist/telemetry.d.cts +2 -2
  58. package/dist/telemetry.d.ts +2 -2
  59. package/dist/telemetry.mjs.map +1 -1
  60. package/dist/{types-B1jylbMC.d.ts → types-CvTje138.d.ts} +46 -2
  61. package/dist/{types-Kmt4y1FQ.d.cts → types-DlDxttiG.d.cts} +46 -2
  62. package/dist/usage.cjs.map +1 -1
  63. package/dist/usage.d.cts +2 -2
  64. package/dist/usage.d.ts +2 -2
  65. package/dist/usage.mjs.map +1 -1
  66. package/dist/webhooks.cjs.map +1 -1
  67. package/dist/webhooks.d.cts +2 -2
  68. package/dist/webhooks.d.ts +2 -2
  69. package/dist/webhooks.mjs.map +1 -1
  70. package/package.json +3 -2
package/dist/index.d.cts CHANGED
@@ -1,8 +1,8 @@
1
- import { o as NeetruClientConfig, N as NeetruClient } from './types-Kmt4y1FQ.cjs';
2
- export { A as AuthNamespace, a as AuthStateListener, C as CatalogListOptions, b as CatalogListResponse, c as CheckoutIntentInfo, d as CheckoutIntentStatus, e as CheckoutNamespace, f as CheckoutStartInput, g as CheckoutStartResult, h as CheckoutTenantType, i as CreateTicketInput, D as DEFAULT_BASE_URL, j as DbNamespace, k as DbSqlLease, l as DbWhereFilter, E as EntitlementCheck, L as ListNotificationsOptions, M as MockCheckout, m as MockNotifications, n as MockWebhooks, p as NeetruDb, q as NeetruDbEngine, r as NeetruDbError, s as NeetruDbErrorCode, t as NeetruDbOptions, u as NeetruEnv, v as NeetruSqlClient, w as NeetruUser, x as NotificationsNamespace, P as Product, y as ProductNotification, z as ProductNotificationSeverity, B as ProductPlan, F as ProductStatus, R as RegisterWebhookInput, G as ResolvedConfig, S as SendNotificationInput, H as SignInOptions, J as SupportNamespace, K as SupportSeverity, O as SupportStatus, Q as SupportTicket, T as TelemetryEventAck, U as TelemetryEventInput, X as UsageEventInput, Y as UsageNamespace, Z as UsageQuota, _ as WebhookEndpoint, $ as WebhookEvent, a0 as WebhookTestResult, a1 as WebhooksNamespace, a2 as createCheckoutNamespace, a3 as createNeetruDb, a4 as createNotificationsNamespace, a6 as createWebhooksNamespace } from './types-Kmt4y1FQ.cjs';
1
+ import { o as NeetruClientConfig, N as NeetruClient } from './types-DlDxttiG.cjs';
2
+ export { A as AuthNamespace, a as AuthStateListener, C as CatalogListOptions, b as CatalogListResponse, c as CheckoutIntentInfo, d as CheckoutIntentStatus, e as CheckoutNamespace, f as CheckoutStartInput, g as CheckoutStartResult, h as CheckoutTenantType, i as CreateTicketInput, D as DEFAULT_BASE_URL, j as DbNamespace, k as DbSqlLease, l as DbWhereFilter, E as EntitlementCheck, L as ListNotificationsOptions, M as MockCheckout, m as MockNotifications, n as MockWebhooks, p as NeetruDb, q as NeetruDbEngine, r as NeetruDbError, s as NeetruDbErrorCode, t as NeetruDbOptions, u as NeetruEnv, v as NeetruSqlClient, w as NeetruUser, x as NotificationsNamespace, P as Product, y as ProductNotification, z as ProductNotificationSeverity, B as ProductPlan, F as ProductStatus, R as RegisterWebhookInput, G as ResolvedConfig, S as SendNotificationInput, H as SignInOptions, J as SupportNamespace, K as SupportSeverity, O as SupportStatus, Q as SupportTicket, T as TelemetryEventAck, U as TelemetryEventInput, X as UsageEventInput, Y as UsageNamespace, Z as UsageQuota, _ as VerifyTokenOptions, $ as WebhookEndpoint, a0 as WebhookEvent, a1 as WebhookTestResult, a2 as WebhooksNamespace, a3 as createCheckoutNamespace, a4 as createNeetruDb, a5 as createNotificationsNamespace, a7 as createWebhooksNamespace } from './types-DlDxttiG.cjs';
3
3
  export { createNeetruClient } from './auth.cjs';
4
4
  export { NeetruError, NeetruErrorCode } from './errors.cjs';
5
- export { D as DbBatchOp, b as DbChangeType, c as DbCollectionRef, d as DbDoc, e as DbDocRef, f as DbGetResult, g as DbListResult, h as DbQuery } from './collection-ref-BBvTTXoG.cjs';
5
+ export { D as DbBatchOp, b as DbChangeType, c as DbCollectionRef, d as DbDoc, e as DbDocRef, f as DbGetResult, g as DbListResult, h as DbQuery } from './collection-ref-DqAAhuhX.cjs';
6
6
  export { DEV_FIXTURE_USER, MockAuth, MockDb, MockEntitlements, MockSupport, MockUsage } from './mocks.cjs';
7
7
  import '@neetru/realtime-protocol';
8
8
  import 'drizzle-orm/node-postgres';
package/dist/index.d.ts CHANGED
@@ -1,8 +1,8 @@
1
- import { o as NeetruClientConfig, N as NeetruClient } from './types-B1jylbMC.js';
2
- export { A as AuthNamespace, a as AuthStateListener, C as CatalogListOptions, b as CatalogListResponse, c as CheckoutIntentInfo, d as CheckoutIntentStatus, e as CheckoutNamespace, f as CheckoutStartInput, g as CheckoutStartResult, h as CheckoutTenantType, i as CreateTicketInput, D as DEFAULT_BASE_URL, j as DbNamespace, k as DbSqlLease, l as DbWhereFilter, E as EntitlementCheck, L as ListNotificationsOptions, M as MockCheckout, m as MockNotifications, n as MockWebhooks, p as NeetruDb, q as NeetruDbEngine, r as NeetruDbError, s as NeetruDbErrorCode, t as NeetruDbOptions, u as NeetruEnv, v as NeetruSqlClient, w as NeetruUser, x as NotificationsNamespace, P as Product, y as ProductNotification, z as ProductNotificationSeverity, B as ProductPlan, F as ProductStatus, R as RegisterWebhookInput, G as ResolvedConfig, S as SendNotificationInput, H as SignInOptions, J as SupportNamespace, K as SupportSeverity, O as SupportStatus, Q as SupportTicket, T as TelemetryEventAck, U as TelemetryEventInput, X as UsageEventInput, Y as UsageNamespace, Z as UsageQuota, _ as WebhookEndpoint, $ as WebhookEvent, a0 as WebhookTestResult, a1 as WebhooksNamespace, a2 as createCheckoutNamespace, a3 as createNeetruDb, a4 as createNotificationsNamespace, a6 as createWebhooksNamespace } from './types-B1jylbMC.js';
1
+ import { o as NeetruClientConfig, N as NeetruClient } from './types-CvTje138.js';
2
+ export { A as AuthNamespace, a as AuthStateListener, C as CatalogListOptions, b as CatalogListResponse, c as CheckoutIntentInfo, d as CheckoutIntentStatus, e as CheckoutNamespace, f as CheckoutStartInput, g as CheckoutStartResult, h as CheckoutTenantType, i as CreateTicketInput, D as DEFAULT_BASE_URL, j as DbNamespace, k as DbSqlLease, l as DbWhereFilter, E as EntitlementCheck, L as ListNotificationsOptions, M as MockCheckout, m as MockNotifications, n as MockWebhooks, p as NeetruDb, q as NeetruDbEngine, r as NeetruDbError, s as NeetruDbErrorCode, t as NeetruDbOptions, u as NeetruEnv, v as NeetruSqlClient, w as NeetruUser, x as NotificationsNamespace, P as Product, y as ProductNotification, z as ProductNotificationSeverity, B as ProductPlan, F as ProductStatus, R as RegisterWebhookInput, G as ResolvedConfig, S as SendNotificationInput, H as SignInOptions, J as SupportNamespace, K as SupportSeverity, O as SupportStatus, Q as SupportTicket, T as TelemetryEventAck, U as TelemetryEventInput, X as UsageEventInput, Y as UsageNamespace, Z as UsageQuota, _ as VerifyTokenOptions, $ as WebhookEndpoint, a0 as WebhookEvent, a1 as WebhookTestResult, a2 as WebhooksNamespace, a3 as createCheckoutNamespace, a4 as createNeetruDb, a5 as createNotificationsNamespace, a7 as createWebhooksNamespace } from './types-CvTje138.js';
3
3
  export { createNeetruClient } from './auth.js';
4
4
  export { NeetruError, NeetruErrorCode } from './errors.js';
5
- export { D as DbBatchOp, b as DbChangeType, c as DbCollectionRef, d as DbDoc, e as DbDocRef, f as DbGetResult, g as DbListResult, h as DbQuery } from './collection-ref-BBvTTXoG.js';
5
+ export { D as DbBatchOp, b as DbChangeType, c as DbCollectionRef, d as DbDoc, e as DbDocRef, f as DbGetResult, g as DbListResult, h as DbQuery } from './collection-ref-DqAAhuhX.js';
6
6
  export { DEV_FIXTURE_USER, MockAuth, MockDb, MockEntitlements, MockSupport, MockUsage } from './mocks.js';
7
7
  import '@neetru/realtime-protocol';
8
8
  import 'drizzle-orm/node-postgres';
package/dist/index.mjs CHANGED
@@ -1,3 +1,4 @@
1
+ import { jwtVerify, createRemoteJWKSet } from 'jose';
1
2
  import { openDB } from 'idb';
2
3
 
3
4
  var __defProp = Object.defineProperty;
@@ -2954,10 +2955,9 @@ var DbCollectionRefImpl = class {
2954
2955
  const batchId = `batch-${Date.now()}-${Math.random().toString(36).slice(2)}`;
2955
2956
  const busChanges = [];
2956
2957
  for (const op of ops) {
2957
- const id = op.id ?? `${Date.now()}-${Math.random().toString(36).slice(2)}`;
2958
- const data = op.data ?? {};
2959
- const collection = op.collection;
2960
- if (op.op === "add") {
2958
+ const collection = this._collection;
2959
+ if (op.kind === "add") {
2960
+ const data = op.data;
2961
2961
  const mutation = await this._queue.enqueue({
2962
2962
  collection,
2963
2963
  op: "add",
@@ -2981,7 +2981,9 @@ var DbCollectionRefImpl = class {
2981
2981
  }
2982
2982
  });
2983
2983
  busChanges.push({ type: "added", collection, doc: { id: docId, data } });
2984
- } else if (op.op === "set") {
2984
+ } else if (op.kind === "set") {
2985
+ const id = op.id;
2986
+ const data = op.data;
2985
2987
  const existing = await this._store.getDoc(collection, id);
2986
2988
  const mutation = await this._queue.enqueue({
2987
2989
  collection,
@@ -3010,7 +3012,9 @@ var DbCollectionRefImpl = class {
3010
3012
  collection,
3011
3013
  doc: { id, data }
3012
3014
  });
3013
- } else if (op.op === "update") {
3015
+ } else if (op.kind === "update") {
3016
+ const id = op.id;
3017
+ const data = op.data;
3014
3018
  const existing = await this._store.getDoc(collection, id);
3015
3019
  const merged = { ...existing?.data ?? {}, ...data };
3016
3020
  const mutation = await this._queue.enqueue({
@@ -3039,7 +3043,8 @@ var DbCollectionRefImpl = class {
3039
3043
  }
3040
3044
  });
3041
3045
  busChanges.push({ type: "modified", collection, doc: { id, data: merged } });
3042
- } else if (op.op === "remove") {
3046
+ } else if (op.kind === "remove") {
3047
+ const id = op.id;
3043
3048
  const existing = await this._store.getDoc(collection, id);
3044
3049
  await this._queue.enqueue({
3045
3050
  collection,
@@ -3148,6 +3153,15 @@ var DbCollectionRefImpl = class {
3148
3153
  assertValidId(id);
3149
3154
  const self = this;
3150
3155
  return {
3156
+ get id() {
3157
+ return id;
3158
+ },
3159
+ get path() {
3160
+ return `${self._collection}/${id}`;
3161
+ },
3162
+ get collection() {
3163
+ return self._collection;
3164
+ },
3151
3165
  async get() {
3152
3166
  return self._buildGetResult(id);
3153
3167
  },
@@ -4281,6 +4295,15 @@ function createLazyCollectionRef(name, getDocsPromise) {
4281
4295
  },
4282
4296
  doc(id) {
4283
4297
  return {
4298
+ get id() {
4299
+ return id;
4300
+ },
4301
+ get path() {
4302
+ return `${name}/${id}`;
4303
+ },
4304
+ get collection() {
4305
+ return name;
4306
+ },
4284
4307
  async get() {
4285
4308
  return (await getRef()).doc(id).get();
4286
4309
  },
@@ -4821,6 +4844,61 @@ var MockAuth = class {
4821
4844
  this._listeners.delete(listener);
4822
4845
  };
4823
4846
  }
4847
+ /**
4848
+ * Mock de `verifyToken` — decodifica o JWT sem verificar assinatura (pra testes).
4849
+ * Em dev, retorna o user atual do mock se já estiver logado. Aceita qualquer token
4850
+ * não-vazio sem chamar rede.
4851
+ *
4852
+ * Para simular falhas em testes, use `MockAuth.__mockVerifyToken(fn)`.
4853
+ */
4854
+ async verifyToken(token) {
4855
+ if (this._verifyTokenOverride) {
4856
+ return this._verifyTokenOverride(token);
4857
+ }
4858
+ if (!token) {
4859
+ throw Object.assign(new Error("Token inv\xE1lido"), { code: "token_invalid_signature" });
4860
+ }
4861
+ try {
4862
+ const parts = token.split(".");
4863
+ if (parts.length === 3) {
4864
+ const b64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
4865
+ const pad = "=".repeat((4 - b64.length % 4) % 4);
4866
+ const decoded = JSON.parse(
4867
+ typeof atob === "function" ? atob(b64 + pad) : Buffer.from(b64 + pad, "base64").toString("utf-8")
4868
+ );
4869
+ if (typeof decoded.sub === "string") {
4870
+ return {
4871
+ uid: decoded.sub,
4872
+ email: typeof decoded.email === "string" ? decoded.email : "",
4873
+ emailVerified: typeof decoded.email_verified === "boolean" ? decoded.email_verified : void 0,
4874
+ displayName: typeof decoded.name === "string" ? decoded.name : void 0,
4875
+ photoURL: typeof decoded.picture === "string" ? decoded.picture : void 0,
4876
+ isStaff: decoded.is_staff === true,
4877
+ isCustomer: decoded.is_customer === true,
4878
+ tenantId: typeof decoded.tenant_id === "string" ? decoded.tenant_id : void 0,
4879
+ ...decoded
4880
+ };
4881
+ }
4882
+ }
4883
+ } catch {
4884
+ }
4885
+ if (this._user) return this._user;
4886
+ throw Object.assign(new Error("Nenhum user mock dispon\xEDvel"), { code: "token_invalid_signature" });
4887
+ }
4888
+ _verifyTokenOverride = null;
4889
+ /**
4890
+ * Injeta override pra `verifyToken` em testes — permite simular expiração,
4891
+ * assinatura inválida etc sem precisar de JWT real.
4892
+ *
4893
+ * @example
4894
+ * ```ts
4895
+ * const mock = new MockAuth(null);
4896
+ * mock.__mockVerifyToken(async () => { throw new NeetruError('token_expired', '...'); });
4897
+ * ```
4898
+ */
4899
+ __mockVerifyToken(fn) {
4900
+ this._verifyTokenOverride = fn;
4901
+ }
4824
4902
  /** Helper de tests — força um user state arbitrário. */
4825
4903
  __setUser(user) {
4826
4904
  this._user = user;
@@ -5082,20 +5160,17 @@ var MockDb = class {
5082
5160
  },
5083
5161
  async batch(ops) {
5084
5162
  for (const op of ops) {
5085
- const collMap = (() => {
5086
- if (!_store.has(op.collection)) _store.set(op.collection, /* @__PURE__ */ new Map());
5087
- return _store.get(op.collection);
5088
- })();
5089
- const id = op.id ?? `mock-batch-${++autoSeq}`;
5090
- if (op.op === "add") {
5091
- collMap.set(id, { ...op.data ?? {}, id });
5092
- } else if (op.op === "set") {
5093
- collMap.set(id, { ...op.data ?? {}, id });
5094
- } else if (op.op === "update") {
5095
- const cur = collMap.get(id);
5096
- collMap.set(id, { ...cur ?? {}, ...op.data ?? {}, id });
5097
- } else if (op.op === "remove") {
5098
- collMap.delete(id);
5163
+ const collMap = coll;
5164
+ if (op.kind === "add") {
5165
+ const id = `mock-batch-${++autoSeq}`;
5166
+ collMap.set(id, { ...op.data, id });
5167
+ } else if (op.kind === "set") {
5168
+ collMap.set(op.id, { ...op.data, id: op.id });
5169
+ } else if (op.kind === "update") {
5170
+ const cur = collMap.get(op.id);
5171
+ collMap.set(op.id, { ...cur ?? {}, ...op.data, id: op.id });
5172
+ } else if (op.kind === "remove") {
5173
+ collMap.delete(op.id);
5099
5174
  }
5100
5175
  }
5101
5176
  return { ok: true };
@@ -5116,6 +5191,15 @@ var MockDb = class {
5116
5191
  },
5117
5192
  doc(id) {
5118
5193
  return {
5194
+ get id() {
5195
+ return id;
5196
+ },
5197
+ get path() {
5198
+ return `${name}/${id}`;
5199
+ },
5200
+ get collection() {
5201
+ return name;
5202
+ },
5119
5203
  async get() {
5120
5204
  const data = coll.get(id);
5121
5205
  if (!data) return null;
@@ -5212,6 +5296,34 @@ function resolveEnv(configEnv) {
5212
5296
  }
5213
5297
  return "prod";
5214
5298
  }
5299
+ var _jwksCache = /* @__PURE__ */ new Map();
5300
+ var DEFAULT_JWKS_TTL_MS = 60 * 60 * 1e3;
5301
+ function _getJwks(jwksUrl, cacheTtlMs) {
5302
+ const now = Date.now();
5303
+ const cached = _jwksCache.get(jwksUrl);
5304
+ if (cached && now - cached.createdAt < cacheTtlMs) {
5305
+ return cached.jwks;
5306
+ }
5307
+ const jwks = createRemoteJWKSet(new URL(jwksUrl));
5308
+ _jwksCache.set(jwksUrl, { jwks, createdAt: now });
5309
+ return jwks;
5310
+ }
5311
+ function _jwtPayloadToUser(payload) {
5312
+ const sub = payload.sub ?? "";
5313
+ const email = typeof payload.email === "string" ? payload.email : "";
5314
+ return {
5315
+ uid: sub,
5316
+ email,
5317
+ emailVerified: typeof payload.email_verified === "boolean" ? payload.email_verified : void 0,
5318
+ displayName: typeof payload.name === "string" ? payload.name : void 0,
5319
+ photoURL: typeof payload.picture === "string" ? payload.picture : void 0,
5320
+ isStaff: payload.is_staff === true,
5321
+ isCustomer: payload.is_customer === true,
5322
+ tenantId: typeof payload.tenant_id === "string" ? payload.tenant_id : void 0,
5323
+ // Spreads todos os claims originais (aud, iss, iat, exp, etc).
5324
+ ...payload
5325
+ };
5326
+ }
5215
5327
  function createOidcAuthNamespace(config) {
5216
5328
  const STORAGE_KEY = "neetru_id_token";
5217
5329
  const listeners = /* @__PURE__ */ new Set();
@@ -5319,6 +5431,45 @@ function createOidcAuthNamespace(config) {
5319
5431
  return () => {
5320
5432
  listeners.delete(listener);
5321
5433
  };
5434
+ },
5435
+ async verifyToken(token, options) {
5436
+ if (!token || typeof token !== "string") {
5437
+ throw new NeetruError("token_invalid_signature", "token must be a non-empty string");
5438
+ }
5439
+ const overrideAuthUrl = typeof globalThis.NEETRU_AUTH_URL === "string" ? globalThis.NEETRU_AUTH_URL : null;
5440
+ const idpOrigin = overrideAuthUrl ?? config.baseUrl.replace(/^https?:\/\/api\./, "https://auth.");
5441
+ const issuer = idpOrigin;
5442
+ const jwksUrl = `${idpOrigin}/api/v1/oauth/.well-known/jwks.json`;
5443
+ const cacheTtlMs = options?.jwksCacheTtlMs ?? DEFAULT_JWKS_TTL_MS;
5444
+ const audience = config.apiKey ? config.apiKey.split("_")[1] ?? void 0 : void 0;
5445
+ const jwks = _getJwks(jwksUrl, cacheTtlMs);
5446
+ try {
5447
+ const { payload } = await jwtVerify(token, jwks, {
5448
+ issuer,
5449
+ ...audience ? { audience } : {},
5450
+ algorithms: ["RS256"]
5451
+ });
5452
+ return _jwtPayloadToUser(payload);
5453
+ } catch (err) {
5454
+ const errName = err?.code ?? err?.name ?? "";
5455
+ const errMsg = err?.message ?? String(err);
5456
+ if (errName === "ERR_JWT_EXPIRED") {
5457
+ throw new NeetruError("token_expired", `Token expired: ${errMsg}`);
5458
+ }
5459
+ if (errName === "ERR_JWS_SIGNATURE_VERIFICATION_FAILED") {
5460
+ throw new NeetruError("token_invalid_signature", `Token signature invalid: ${errMsg}`);
5461
+ }
5462
+ if (errName === "ERR_JWT_CLAIM_VALIDATION_FAILED") {
5463
+ if (errMsg.includes('"aud"') || errMsg.includes("audience")) {
5464
+ throw new NeetruError("token_invalid_audience", `Token audience mismatch: ${errMsg}`);
5465
+ }
5466
+ if (errMsg.includes('"iss"') || errMsg.includes("issuer")) {
5467
+ throw new NeetruError("token_invalid_issuer", `Token issuer mismatch: ${errMsg}`);
5468
+ }
5469
+ throw new NeetruError("token_invalid_signature", `Token claim validation failed: ${errMsg}`);
5470
+ }
5471
+ throw new NeetruError("token_invalid_signature", `Token verification failed: ${errMsg}`);
5472
+ }
5322
5473
  }
5323
5474
  };
5324
5475
  }