npm - @omen.foundation/game-sdk - Versions diffs - 1.0.0 - Mend

@omen.foundation/game-sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,463 @@
+// src/pkce.ts
+async function generatePKCE() {
+  const codeVerifier = generateRandomString(128);
+  const hash = await sha256(codeVerifier);
+  const codeChallenge = base64URLEncode(hash);
+  return { codeVerifier, codeChallenge };
+}
+function generateRandomString(length) {
+  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+  const array = new Uint8Array(length);
+  crypto.getRandomValues(array);
+  return Array.from(array, (byte) => charset[byte % charset.length]).join("");
+}
+function base64URLEncode(buffer) {
+  const base64 = btoa(String.fromCharCode(...new Uint8Array(buffer)));
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+async function sha256(message) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(message);
+  return crypto.subtle.digest("SHA-256", data);
+}
+// src/oauth.ts
+var OAuthFlow = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Authenticate user via OAuth popup
+   */
+  async authenticate(options) {
+    const state = options.state || this.generateState();
+    let codeChallenge;
+    let codeVerifier;
+    if (options.enablePKCE !== false) {
+      const pkce = await generatePKCE();
+      codeChallenge = pkce.codeChallenge;
+      codeVerifier = pkce.codeVerifier;
+      sessionStorage.setItem(`omenx_pkce_${state}`, codeVerifier);
+    }
+    return new Promise((resolve, reject) => {
+      const params = new URLSearchParams({
+        client_id: this.config.gameId,
+        redirect_uri: options.redirectUri,
+        response_type: "code",
+        state
+      });
+      if (codeChallenge) {
+        params.append("code_challenge", codeChallenge);
+        params.append("code_challenge_method", "S256");
+      }
+      const authUrl = `${this.config.oauthAuthorizeUrl}?${params.toString()}`;
+      const popup = window.open(
+        authUrl,
+        "OmenX Authentication",
+        "width=500,height=600,left=" + (window.screen.width / 2 - 250) + ",top=" + (window.screen.height / 2 - 300)
+      );
+      if (!popup) {
+        const error = new Error("Failed to open popup window. Please allow popups for this site.");
+        this.config.onError?.(error);
+        reject(error);
+        return;
+      }
+      const messageListener = async (event) => {
+        try {
+          const url = new URL(this.config.oauthAuthorizeUrl);
+          if (event.origin !== url.origin) {
+            return;
+          }
+        } catch {
+        }
+        if (event.data?.type === "OMENX_OAUTH_CODE") {
+          window.removeEventListener("message", messageListener);
+          popup.close();
+          const { code, state: returnedState } = event.data;
+          if (returnedState !== state) {
+            const error = new Error("Invalid state parameter. Possible CSRF attack.");
+            this.config.onError?.(error);
+            reject(error);
+            return;
+          }
+          const storedCodeVerifier = sessionStorage.getItem(`omenx_pkce_${state}`);
+          if (storedCodeVerifier) {
+            sessionStorage.removeItem(`omenx_pkce_${state}`);
+            codeVerifier = storedCodeVerifier;
+          }
+          try {
+            const tokenResponse = await this.exchangeCodeForToken(code, options.redirectUri, codeVerifier);
+            await this.config.onTokenReceived(tokenResponse);
+            resolve(tokenResponse);
+          } catch (error) {
+            this.config.onError?.(error);
+            reject(error);
+          }
+        }
+      };
+      window.addEventListener("message", messageListener);
+      const checkClosed = setInterval(() => {
+        if (popup.closed) {
+          clearInterval(checkClosed);
+          window.removeEventListener("message", messageListener);
+          const error = new Error("Authentication was cancelled.");
+          this.config.onError?.(error);
+          reject(error);
+        }
+      }, 1e3);
+    });
+  }
+  /**
+   * Exchange authorization code for access token
+   */
+  async exchangeCodeForToken(code, redirectUri, codeVerifier) {
+    const body = {
+      code,
+      redirect_uri: redirectUri,
+      grant_type: "authorization_code"
+    };
+    if (codeVerifier) {
+      body.code_verifier = codeVerifier;
+    }
+    const response = await fetch(this.config.oauthTokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+        // Note: API key should be included via Authorization header
+        // This should be set by the game's backend, not the SDK
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ message: "Failed to exchange code for token" }));
+      throw new Error(error.message || "Failed to exchange code for token");
+    }
+    return response.json();
+  }
+  /**
+   * Generate random state for CSRF protection
+   */
+  generateState() {
+    const array = new Uint8Array(32);
+    crypto.getRandomValues(array);
+    return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
+  }
+};
+// src/iframe-auth.ts
+var IframeAuth = class {
+  constructor(config) {
+    this.messageListener = null;
+    this.config = config;
+  }
+  /**
+   * Initialize iframe authentication listener
+   */
+  init() {
+    this.requestAuth();
+    this.messageListener = (event) => {
+      if (this.config.parentOrigin) {
+        try {
+          const parentUrl = new URL(this.config.parentOrigin);
+          if (event.origin !== parentUrl.origin) {
+            return;
+          }
+        } catch {
+        }
+      }
+      if (event.data?.type === "OMENX_AUTH") {
+        const authData = event.data.payload;
+        if (authData.gameId !== this.config.gameId) {
+          this.config.onError?.(new Error(`Game ID mismatch. Expected ${this.config.gameId}, got ${authData.gameId}`));
+          return;
+        }
+        const fiveMinutesAgo = Date.now() - 5 * 60 * 1e3;
+        if (authData.timestamp < fiveMinutesAgo) {
+          this.config.onError?.(new Error("Auth data expired"));
+          return;
+        }
+        this.config.onAuth(authData);
+      }
+    };
+    window.addEventListener("message", this.messageListener);
+  }
+  /**
+   * Request authentication data from parent window
+   */
+  requestAuth() {
+    if (window.parent === window) {
+      return;
+    }
+    const parentOrigin = this.config.parentOrigin || "*";
+    window.parent.postMessage(
+      {
+        type: "OMENX_AUTH_REQUEST",
+        gameId: this.config.gameId
+      },
+      parentOrigin
+    );
+  }
+  /**
+   * Cleanup
+   */
+  destroy() {
+    if (this.messageListener) {
+      window.removeEventListener("message", this.messageListener);
+      this.messageListener = null;
+    }
+  }
+};
+// src/token-manager.ts
+var TokenManager = class {
+  constructor(storageKeyPrefix = "omenx_game_") {
+    this.storageKeyPrefix = storageKeyPrefix;
+  }
+  /**
+   * Store authentication data
+   */
+  storeAuth(authData, refreshToken, expiresIn) {
+    try {
+      localStorage.setItem(`${this.storageKeyPrefix}auth`, JSON.stringify(authData));
+      localStorage.setItem(`${this.storageKeyPrefix}refresh_token`, refreshToken);
+      localStorage.setItem(`${this.storageKeyPrefix}expires_at`, String(Date.now() + expiresIn * 1e3));
+    } catch (error) {
+      console.warn("[TokenManager] Failed to store auth data:", error);
+    }
+  }
+  /**
+   * Get stored authentication data
+   */
+  getStoredAuth() {
+    try {
+      const stored = localStorage.getItem(`${this.storageKeyPrefix}auth`);
+      if (!stored) {
+        return null;
+      }
+      return JSON.parse(stored);
+    } catch (error) {
+      console.warn("[TokenManager] Failed to retrieve auth data:", error);
+      return null;
+    }
+  }
+  /**
+   * Get stored refresh token
+   */
+  getRefreshToken() {
+    try {
+      return localStorage.getItem(`${this.storageKeyPrefix}refresh_token`);
+    } catch (error) {
+      console.warn("[TokenManager] Failed to retrieve refresh token:", error);
+      return null;
+    }
+  }
+  /**
+   * Clear all stored authentication data
+   */
+  clearStorage() {
+    try {
+      localStorage.removeItem(`${this.storageKeyPrefix}auth`);
+      localStorage.removeItem(`${this.storageKeyPrefix}refresh_token`);
+      localStorage.removeItem(`${this.storageKeyPrefix}expires_at`);
+    } catch (error) {
+      console.warn("[TokenManager] Failed to clear storage:", error);
+    }
+  }
+};
+// src/sdk.ts
+var OmenXGameSDK = class {
+  constructor(config) {
+    this.iframeAuth = null;
+    this.currentAuthData = null;
+    const apiBaseUrl = config.apiBaseUrl || "https://api.omen.foundation";
+    this.config = {
+      gameId: config.gameId,
+      apiBaseUrl,
+      oauthAuthorizeUrl: config.oauthAuthorizeUrl || `${apiBaseUrl}/v1/oauth/authorize`,
+      oauthTokenUrl: config.oauthTokenUrl || `${apiBaseUrl}/v1/oauth/token`,
+      onAuth: config.onAuth || (() => {
+      }),
+      onAuthError: config.onAuthError || ((error) => console.error("[OmenX SDK] Auth error:", error)),
+      onLogout: config.onLogout || (() => {
+      }),
+      enableIframeAuth: config.enableIframeAuth !== false,
+      parentOrigin: config.parentOrigin ?? "",
+      storageKeyPrefix: config.storageKeyPrefix || "omenx_game_"
+    };
+    this.tokenManager = new TokenManager(this.config.storageKeyPrefix);
+    this.oauthFlow = new OAuthFlow({
+      gameId: this.config.gameId,
+      oauthAuthorizeUrl: this.config.oauthAuthorizeUrl,
+      oauthTokenUrl: this.config.oauthTokenUrl,
+      apiBaseUrl: this.config.apiBaseUrl,
+      onTokenReceived: this.handleTokenReceived.bind(this),
+      onError: this.config.onAuthError
+    });
+    if (this.config.enableIframeAuth) {
+      this.iframeAuth = new IframeAuth({
+        gameId: this.config.gameId,
+        parentOrigin: this.config.parentOrigin || void 0,
+        onAuth: this.handleAuthData.bind(this),
+        onError: this.config.onAuthError
+      });
+    }
+  }
+  /**
+   * Initialize the SDK
+   * Call this after creating an instance
+   */
+  async init() {
+    const storedAuth = this.tokenManager.getStoredAuth();
+    if (storedAuth) {
+      const expiresAt = storedAuth.timestamp + 3600 * 1e3;
+      if (Date.now() < expiresAt) {
+        this.currentAuthData = storedAuth;
+        this.config.onAuth(storedAuth);
+        return;
+      } else {
+        const refreshToken = this.tokenManager.getRefreshToken();
+        if (refreshToken) {
+          try {
+            await this.refreshAccessToken(refreshToken);
+            return;
+          } catch (error) {
+            this.tokenManager.clearStorage();
+          }
+        }
+      }
+    }
+    if (this.config.enableIframeAuth && this.iframeAuth !== null) {
+      this.iframeAuth.init();
+    }
+  }
+  /**
+   * Authenticate user via OAuth popup
+   */
+  async authenticate(options) {
+    return this.oauthFlow.authenticate(options);
+  }
+  /**
+   * Get current authentication data
+   */
+  getAuthData() {
+    return this.currentAuthData;
+  }
+  /**
+   * Check if user is authenticated
+   */
+  isAuthenticated() {
+    return this.currentAuthData !== null;
+  }
+  /**
+   * Logout user
+   */
+  async logout() {
+    if (this.currentAuthData?.accessToken) {
+      try {
+        await this.apiCall("/v1/oauth/revoke", {
+          method: "POST",
+          body: { token: this.currentAuthData.accessToken },
+          includeAuth: false
+          // Don't include auth header for revoke
+        });
+      } catch (error) {
+        console.warn("[OmenX SDK] Failed to revoke token:", error);
+      }
+    }
+    this.currentAuthData = null;
+    this.tokenManager.clearStorage();
+    this.config.onLogout();
+  }
+  /**
+   * Make an authenticated API call
+   */
+  async apiCall(endpoint, options = {}) {
+    const url = endpoint.startsWith("http") ? endpoint : `${this.config.apiBaseUrl}${endpoint.startsWith("/") ? endpoint : `/${endpoint}`}`;
+    const headers = {
+      "Content-Type": "application/json",
+      ...options.headers
+    };
+    if (options.includeAuth !== false && this.currentAuthData?.accessToken) {
+      headers["Authorization"] = `Bearer ${this.currentAuthData.accessToken}`;
+    }
+    const fetchOptions = {
+      method: options.method || "GET",
+      headers
+    };
+    if (options.body && options.method !== "GET") {
+      fetchOptions.body = JSON.stringify(options.body);
+    }
+    const response = await fetch(url, fetchOptions);
+    if (response.status === 401 && this.currentAuthData) {
+      const refreshToken = this.tokenManager.getRefreshToken();
+      if (refreshToken) {
+        try {
+          await this.refreshAccessToken(refreshToken);
+          if (this.currentAuthData?.accessToken) {
+            headers["Authorization"] = `Bearer ${this.currentAuthData.accessToken}`;
+            return fetch(url, { ...fetchOptions, headers });
+          }
+        } catch (error) {
+          await this.logout();
+          throw new Error("Authentication expired. Please login again.");
+        }
+      }
+    }
+    return response;
+  }
+  /**
+   * Handle token received from OAuth flow
+   */
+  async handleTokenReceived(tokenResponse) {
+    const authData = {
+      accessToken: tokenResponse.access_token,
+      walletAddress: tokenResponse.user.walletAddress,
+      userId: tokenResponse.user.userId,
+      profileName: tokenResponse.user.profileName,
+      profilePicture: tokenResponse.user.profilePicture,
+      email: tokenResponse.user.email,
+      gameId: this.config.gameId,
+      timestamp: Date.now()
+    };
+    this.tokenManager.storeAuth(authData, tokenResponse.refresh_token, tokenResponse.expires_in);
+    this.currentAuthData = authData;
+    this.config.onAuth(authData);
+  }
+  /**
+   * Handle auth data from iframe
+   */
+  handleAuthData(authData) {
+    const fiveMinutesAgo = Date.now() - 5 * 60 * 1e3;
+    if (authData.timestamp < fiveMinutesAgo) {
+      this.config.onAuthError(new Error("Auth data expired"));
+      return;
+    }
+    this.currentAuthData = authData;
+    this.config.onAuth(authData);
+  }
+  /**
+   * Refresh access token using refresh token
+   */
+  async refreshAccessToken(refreshToken) {
+    const response = await fetch(this.config.oauthTokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken
+      })
+    });
+    if (!response.ok) {
+      throw new Error("Failed to refresh token");
+    }
+    const tokenResponse = await response.json();
+    await this.handleTokenReceived(tokenResponse);
+  }
+};
+export { OmenXGameSDK };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/pkce.ts","../src/oauth.ts","../src/iframe-auth.ts","../src/token-manager.ts","../src/sdk.ts"],"names":[],"mappings":";AAGA,eAAsB,YAAA,GAAyE;AAE7F,EAAA,MAAM,YAAA,GAAe,qBAAqB,GAAG,CAAA;AAG7C,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,YAAY,CAAA;AACtC,EAAA,MAAM,aAAA,GAAgB,gBAAgB,IAAI,CAAA;AAE1C,EAAA,OAAO,EAAE,cAAc,aAAA,EAAc;AACvC;AAKA,SAAS,qBAAqB,MAAA,EAAwB;AACpD,EAAA,MAAM,OAAA,GAAU,oEAAA;AAChB,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAA,IAAA,KAAQ,OAAA,CAAQ,IAAA,GAAO,OAAA,CAAQ,MAAM,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AAC1E;AAKA,SAAS,gBAAgB,MAAA,EAA6B;AACpD,EAAA,MAAM,MAAA,GAAS,KAAK,MAAA,CAAO,YAAA,CAAa,GAAG,IAAI,UAAA,CAAW,MAAM,CAAC,CAAC,CAAA;AAClE,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,IAAA,EAAM,EAAE,CAAA;AACxE;AAKA,eAAe,OAAO,OAAA,EAAuC;AAC3D,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,OAAO,CAAA;AACnC,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,IAAI,CAAA;AAC7C;;;ACxBO,IAAM,YAAN,MAAgB;AAAA,EAGrB,YAAY,MAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,OAAA,EAAqC;AAEtD,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,IAAA,CAAK,aAAA,EAAc;AAGlD,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,YAAA;AACJ,IAAA,IAAI,OAAA,CAAQ,eAAe,KAAA,EAAO;AAChC,MAAA,MAAM,IAAA,GAAO,MAAM,YAAA,EAAa;AAChC,MAAA,aAAA,GAAgB,IAAA,CAAK,aAAA;AACrB,MAAA,YAAA,GAAe,IAAA,CAAK,YAAA;AAEpB,MAAA,cAAA,CAAe,OAAA,CAAQ,CAAA,WAAA,EAAc,KAAK,CAAA,CAAA,EAAI,YAAY,CAAA;AAAA,IAC5D;AAEA,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AAEtC,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QACjC,SAAA,EAAW,KAAK,MAAA,CAAO,MAAA;AAAA,QACvB,cAAc,OAAA,CAAQ,WAAA;AAAA,QACtB,aAAA,EAAe,MAAA;AAAA,QACf;AAAA,OACD,CAAA;AAED,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,MAAA,CAAO,MAAA,CAAO,kBAAkB,aAAa,CAAA;AAC7C,QAAA,MAAA,CAAO,MAAA,CAAO,yBAAyB,MAAM,CAAA;AAAA,MAC/C;AAEA,MAAA,MAAM,OAAA,GAAU,GAAG,IAAA,CAAK,MAAA,CAAO,iBAAiB,CAAA,CAAA,EAAI,MAAA,CAAO,UAAU,CAAA,CAAA;AAGrE,MAAA,MAAM,QAAQ,MAAA,CAAO,IAAA;AAAA,QACnB,OAAA;AAAA,QACA,sBAAA;AAAA,QACA,4BAAA,IAAgC,MAAA,CAAO,MAAA,CAAO,KAAA,GAAQ,CAAA,GAAI,OAAO,OAAA,IAAW,MAAA,CAAO,MAAA,CAAO,MAAA,GAAS,CAAA,GAAI,GAAA;AAAA,OACzG;AAEA,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,iEAAiE,CAAA;AACzF,QAAA,IAAA,CAAK,MAAA,CAAO,UAAU,KAAK,CAAA;AAC3B,QAAA,MAAA,CAAO,KAAK,CAAA;AACZ,QAAA;AAAA,MACF;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAO,KAAA,KAAwB;AAErD,QAAA,IAAI;AACF,UAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,iBAAiB,CAAA;AACjD,UAAA,IAAI,KAAA,CAAM,MAAA,KAAW,GAAA,CAAI,MAAA,EAAQ;AAC/B,YAAA;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAEA,QAAA,IAAI,KAAA,CAAM,IAAA,EAAM,IAAA,KAAS,kBAAA,EAAoB;AAC3C,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,eAAe,CAAA;AACrD,UAAA,KAAA,CAAM,KAAA,EAAM;AAEZ,UAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAO,aAAA,KAAkB,KAAA,CAAM,IAAA;AAG7C,UAAA,IAAI,kBAAkB,KAAA,EAAO;AAC3B,YAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,gDAAgD,CAAA;AACxE,YAAA,IAAA,CAAK,MAAA,CAAO,UAAU,KAAK,CAAA;AAC3B,YAAA,MAAA,CAAO,KAAK,CAAA;AACZ,YAAA;AAAA,UACF;AAGA,UAAA,MAAM,kBAAA,GAAqB,cAAA,CAAe,OAAA,CAAQ,CAAA,WAAA,EAAc,KAAK,CAAA,CAAE,CAAA;AACvE,UAAA,IAAI,kBAAA,EAAoB;AACtB,YAAA,cAAA,CAAe,UAAA,CAAW,CAAA,WAAA,EAAc,KAAK,CAAA,CAAE,CAAA;AAC/C,YAAA,YAAA,GAAe,kBAAA;AAAA,UACjB;AAEA,UAAA,IAAI;AAEF,YAAA,MAAM,gBAAgB,MAAM,IAAA,CAAK,qBAAqB,IAAA,EAAM,OAAA,CAAQ,aAAa,YAAY,CAAA;AAC7F,YAAA,MAAM,IAAA,CAAK,MAAA,CAAO,eAAA,CAAgB,aAAa,CAAA;AAC/C,YAAA,OAAA,CAAQ,aAAa,CAAA;AAAA,UACvB,SAAS,KAAA,EAAO;AACd,YAAA,IAAA,CAAK,MAAA,CAAO,UAAU,KAAc,CAAA;AACpC,YAAA,MAAA,CAAO,KAAK,CAAA;AAAA,UACd;AAAA,QACF;AAAA,MACF,CAAA;AAEA,MAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,eAAe,CAAA;AAGlD,MAAA,MAAM,WAAA,GAAc,YAAY,MAAM;AACpC,QAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,UAAA,aAAA,CAAc,WAAW,CAAA;AACzB,UAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,eAAe,CAAA;AACrD,UAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,+BAA+B,CAAA;AACvD,UAAA,IAAA,CAAK,MAAA,CAAO,UAAU,KAAK,CAAA;AAC3B,UAAA,MAAA,CAAO,KAAK,CAAA;AAAA,QACd;AAAA,MACF,GAAG,GAAI,CAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,oBAAA,CACZ,IAAA,EACA,WAAA,EACA,YAAA,EAC6B;AAC7B,IAAA,MAAM,IAAA,GAAY;AAAA,MAChB,IAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd,UAAA,EAAY;AAAA,KACd;AAEA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAA,CAAK,aAAA,GAAgB,YAAA;AAAA,IACvB;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,IAAA,CAAK,OAAO,aAAA,EAAe;AAAA,MACtD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA;AAAA;AAAA,OAGlB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK,CAAE,MAAM,OAAO,EAAE,OAAA,EAAS,mCAAA,EAAoC,CAAE,CAAA;AAClG,MAAA,MAAM,IAAI,KAAA,CAAM,KAAA,CAAM,OAAA,IAAW,mCAAmC,CAAA;AAAA,IACtE;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKQ,aAAA,GAAwB;AAC9B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAA,IAAA,KAAQ,KAAK,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EAC9E;AACF,CAAA;;;AClKO,IAAM,aAAN,MAAiB;AAAA,EAItB,YAAY,MAAA,EAA0B;AAFtC,IAAA,IAAA,CAAQ,eAAA,GAA0D,IAAA;AAGhE,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAa;AAEX,IAAA,IAAA,CAAK,WAAA,EAAY;AAGjB,IAAA,IAAA,CAAK,eAAA,GAAkB,CAAC,KAAA,KAAwB;AAE9C,MAAA,IAAI,IAAA,CAAK,OAAO,YAAA,EAAc;AAC5B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,YAAY,CAAA;AAClD,UAAA,IAAI,KAAA,CAAM,MAAA,KAAW,SAAA,CAAU,MAAA,EAAQ;AACrC,YAAA;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAGA,MAAA,IAAI,KAAA,CAAM,IAAA,EAAM,IAAA,KAAS,YAAA,EAAc;AACrC,QAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA;AAG5B,QAAA,IAAI,QAAA,CAAS,MAAA,KAAW,IAAA,CAAK,MAAA,CAAO,MAAA,EAAQ;AAC1C,UAAA,IAAA,CAAK,MAAA,CAAO,OAAA,GAAU,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,MAAA,EAAS,QAAA,CAAS,MAAM,CAAA,CAAE,CAAC,CAAA;AAC3G,UAAA;AAAA,QACF;AAGA,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,GAAA,EAAI,GAAK,IAAI,EAAA,GAAK,GAAA;AAC9C,QAAA,IAAI,QAAA,CAAS,YAAY,cAAA,EAAgB;AACvC,UAAA,IAAA,CAAK,MAAA,CAAO,OAAA,GAAU,IAAI,KAAA,CAAM,mBAAmB,CAAC,CAAA;AACpD,UAAA;AAAA,QACF;AAEA,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,QAAQ,CAAA;AAAA,MAC7B;AAAA,IACF,CAAA;AAEA,IAAA,MAAA,CAAO,gBAAA,CAAiB,SAAA,EAAW,IAAA,CAAK,eAAe,CAAA;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA,EAKQ,WAAA,GAAoB;AAC1B,IAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAQ;AAE5B,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,MAAA,CAAO,YAAA,IAAgB,GAAA;AACjD,IAAA,MAAA,CAAO,MAAA,CAAO,WAAA;AAAA,MACZ;AAAA,QACE,IAAA,EAAM,oBAAA;AAAA,QACN,MAAA,EAAQ,KAAK,MAAA,CAAO;AAAA,OACtB;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,GAAgB;AACd,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,MAAA,CAAO,mBAAA,CAAoB,SAAA,EAAW,IAAA,CAAK,eAAe,CAAA;AAC1D,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAAA,IACzB;AAAA,EACF;AACF,CAAA;;;ACzFO,IAAM,eAAN,MAAmB;AAAA,EAGxB,WAAA,CAAY,mBAA2B,aAAA,EAAe;AACpD,IAAA,IAAA,CAAK,gBAAA,GAAmB,gBAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,CAAU,QAAA,EAAoB,YAAA,EAAsB,SAAA,EAAyB;AAC3E,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,OAAA,CAAQ,GAAG,IAAA,CAAK,gBAAgB,QAAQ,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAC7E,MAAA,YAAA,CAAa,OAAA,CAAQ,CAAA,EAAG,IAAA,CAAK,gBAAgB,iBAAiB,YAAY,CAAA;AAC1E,MAAA,YAAA,CAAa,OAAA,CAAQ,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,UAAA,CAAA,EAAc,MAAA,CAAO,IAAA,CAAK,GAAA,EAAI,GAAK,SAAA,GAAY,GAAK,CAAC,CAAA;AAAA,IACpG,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,IAAA,CAAK,6CAA6C,KAAK,CAAA;AAAA,IACjE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAiC;AAC/B,IAAA,IAAI;AACF,MAAA,MAAM,SAAS,YAAA,CAAa,OAAA,CAAQ,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,IAAA,CAAM,CAAA;AAClE,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,OAAO,IAAA,CAAK,MAAM,MAAM,CAAA;AAAA,IAC1B,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,IAAA,CAAK,gDAAgD,KAAK,CAAA;AAClE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAA,GAAiC;AAC/B,IAAA,IAAI;AACF,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,aAAA,CAAe,CAAA;AAAA,IACrE,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,IAAA,CAAK,oDAAoD,KAAK,CAAA;AACtE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA,GAAqB;AACnB,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,UAAA,CAAW,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,IAAA,CAAM,CAAA;AACtD,MAAA,YAAA,CAAa,UAAA,CAAW,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,aAAA,CAAe,CAAA;AAC/D,MAAA,YAAA,CAAa,UAAA,CAAW,CAAA,EAAG,IAAA,CAAK,gBAAgB,CAAA,UAAA,CAAY,CAAA;AAAA,IAC9D,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,IAAA,CAAK,2CAA2C,KAAK,CAAA;AAAA,IAC/D;AAAA,EACF;AACF,CAAA;;;AChDO,IAAM,eAAN,MAAmB;AAAA,EAOxB,YAAY,MAAA,EAA4B;AAJxC,IAAA,IAAA,CAAQ,UAAA,GAAgC,IAAA;AAExC,IAAA,IAAA,CAAQ,eAAA,GAAmC,IAAA;AAIzC,IAAA,MAAM,UAAA,GAAa,OAAO,UAAA,IAAc,6BAAA;AACxC,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,UAAA;AAAA,MACA,iBAAA,EAAmB,MAAA,CAAO,iBAAA,IAAqB,CAAA,EAAG,UAAU,CAAA,mBAAA,CAAA;AAAA,MAC5D,aAAA,EAAe,MAAA,CAAO,aAAA,IAAiB,CAAA,EAAG,UAAU,CAAA,eAAA,CAAA;AAAA,MACpD,MAAA,EAAQ,MAAA,CAAO,MAAA,KAAW,MAAM;AAAA,MAAC,CAAA,CAAA;AAAA,MACjC,WAAA,EAAa,OAAO,WAAA,KAAgB,CAAC,UAAU,OAAA,CAAQ,KAAA,CAAM,2BAA2B,KAAK,CAAA,CAAA;AAAA,MAC7F,QAAA,EAAU,MAAA,CAAO,QAAA,KAAa,MAAM;AAAA,MAAC,CAAA,CAAA;AAAA,MACrC,gBAAA,EAAkB,OAAO,gBAAA,KAAqB,KAAA;AAAA,MAC9C,YAAA,EAAc,OAAO,YAAA,IAAgB,EAAA;AAAA,MACrC,gBAAA,EAAkB,OAAO,gBAAA,IAAoB;AAAA,KAC/C;AAGA,IAAA,IAAA,CAAK,YAAA,GAAe,IAAI,YAAA,CAAa,IAAA,CAAK,OAAO,gBAAgB,CAAA;AACjE,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,SAAA,CAAU;AAAA,MAC7B,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,MACpB,iBAAA,EAAmB,KAAK,MAAA,CAAO,iBAAA;AAAA,MAC/B,aAAA,EAAe,KAAK,MAAA,CAAO,aAAA;AAAA,MAC3B,UAAA,EAAY,KAAK,MAAA,CAAO,UAAA;AAAA,MACxB,eAAA,EAAiB,IAAA,CAAK,mBAAA,CAAoB,IAAA,CAAK,IAAI,CAAA;AAAA,MACnD,OAAA,EAAS,KAAK,MAAA,CAAO;AAAA,KACtB,CAAA;AAED,IAAA,IAAI,IAAA,CAAK,OAAO,gBAAA,EAAkB;AAChC,MAAA,IAAA,CAAK,UAAA,GAAa,IAAI,UAAA,CAAW;AAAA,QAC/B,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,QACpB,YAAA,EAAc,IAAA,CAAK,MAAA,CAAO,YAAA,IAAgB,MAAA;AAAA,QAC1C,MAAA,EAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,IAAI,CAAA;AAAA,QACrC,OAAA,EAAS,KAAK,MAAA,CAAO;AAAA,OACtB,CAAA;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,IAAA,GAAsB;AAE1B,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,YAAA,CAAa,aAAA,EAAc;AACnD,IAAA,IAAI,UAAA,EAAY;AAEd,MAAA,MAAM,SAAA,GAAY,UAAA,CAAW,SAAA,GAAa,IAAA,GAAO,GAAA;AACjD,MAAA,IAAI,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,EAAW;AAC1B,QAAA,IAAA,CAAK,eAAA,GAAkB,UAAA;AACvB,QAAA,IAAA,CAAK,MAAA,CAAO,OAAO,UAAU,CAAA;AAC7B,QAAA;AAAA,MACF,CAAA,MAAO;AAEL,QAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,CAAa,eAAA,EAAgB;AACvD,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,IAAI;AACF,YAAA,MAAM,IAAA,CAAK,mBAAmB,YAAY,CAAA;AAC1C,YAAA;AAAA,UACF,SAAS,KAAA,EAAO;AAEd,YAAA,IAAA,CAAK,aAAa,YAAA,EAAa;AAAA,UACjC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,gBAAA,IAAoB,IAAA,CAAK,eAAe,IAAA,EAAM;AAC5D,MAAA,IAAA,CAAK,WAAW,IAAA,EAAK;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,OAAA,EAA0C;AAC3D,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,OAAO,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA,GAA+B;AAC7B,IAAA,OAAO,IAAA,CAAK,eAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,eAAA,GAA2B;AACzB,IAAA,OAAO,KAAK,eAAA,KAAoB,IAAA;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,GAAwB;AAE5B,IAAA,IAAI,IAAA,CAAK,iBAAiB,WAAA,EAAa;AACrC,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,QAAQ,kBAAA,EAAoB;AAAA,UACrC,MAAA,EAAQ,MAAA;AAAA,UACR,IAAA,EAAM,EAAE,KAAA,EAAO,IAAA,CAAK,gBAAgB,WAAA,EAAY;AAAA,UAChD,WAAA,EAAa;AAAA;AAAA,SACd,CAAA;AAAA,MACH,SAAS,KAAA,EAAO;AAEd,QAAA,OAAA,CAAQ,IAAA,CAAK,uCAAuC,KAAK,CAAA;AAAA,MAC3D;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AACvB,IAAA,IAAA,CAAK,aAAa,YAAA,EAAa;AAC/B,IAAA,IAAA,CAAK,OAAO,QAAA,EAAS;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,QAAA,EAAkB,OAAA,GAA0B,EAAC,EAAsB;AAC/E,IAAA,MAAM,MAAM,QAAA,CAAS,UAAA,CAAW,MAAM,CAAA,GAClC,QAAA,GACA,GAAG,IAAA,CAAK,MAAA,CAAO,UAAU,CAAA,EAAG,SAAS,UAAA,CAAW,GAAG,IAAI,QAAA,GAAW,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE,CAAA,CAAA;AAEpF,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAG,OAAA,CAAQ;AAAA,KACb;AAGA,IAAA,IAAI,OAAA,CAAQ,WAAA,KAAgB,KAAA,IAAS,IAAA,CAAK,iBAAiB,WAAA,EAAa;AACtE,MAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,gBAAgB,WAAW,CAAA,CAAA;AAAA,IACvE;AAEA,IAAA,MAAM,YAAA,GAA4B;AAAA,MAChC,MAAA,EAAQ,QAAQ,MAAA,IAAU,KAAA;AAAA,MAC1B;AAAA,KACF;AAEA,IAAA,IAAI,OAAA,CAAQ,IAAA,IAAQ,OAAA,CAAQ,MAAA,KAAW,KAAA,EAAO;AAC5C,MAAA,YAAA,CAAa,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AAAA,IACjD;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK,YAAY,CAAA;AAG9C,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,IAAA,CAAK,eAAA,EAAiB;AACnD,MAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,CAAa,eAAA,EAAgB;AACvD,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,CAAK,mBAAmB,YAAY,CAAA;AAE1C,UAAA,IAAI,IAAA,CAAK,iBAAiB,WAAA,EAAa;AACrC,YAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,gBAAgB,WAAW,CAAA,CAAA;AACrE,YAAA,OAAO,MAAM,GAAA,EAAK,EAAE,GAAG,YAAA,EAAc,SAAS,CAAA;AAAA,UAChD;AAAA,QACF,SAAS,KAAA,EAAO;AAEd,UAAA,MAAM,KAAK,MAAA,EAAO;AAClB,UAAA,MAAM,IAAI,MAAM,6CAA6C,CAAA;AAAA,QAC/D;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,oBAAoB,aAAA,EAAkD;AAClF,IAAA,MAAM,QAAA,GAAqB;AAAA,MACzB,aAAa,aAAA,CAAc,YAAA;AAAA,MAC3B,aAAA,EAAe,cAAc,IAAA,CAAK,aAAA;AAAA,MAClC,MAAA,EAAQ,cAAc,IAAA,CAAK,MAAA;AAAA,MAC3B,WAAA,EAAa,cAAc,IAAA,CAAK,WAAA;AAAA,MAChC,cAAA,EAAgB,cAAc,IAAA,CAAK,cAAA;AAAA,MACnC,KAAA,EAAO,cAAc,IAAA,CAAK,KAAA;AAAA,MAC1B,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,MACpB,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AAGA,IAAA,IAAA,CAAK,aAAa,SAAA,CAAU,QAAA,EAAU,aAAA,CAAc,aAAA,EAAe,cAAc,UAAU,CAAA;AAG3F,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAA;AACvB,IAAA,IAAA,CAAK,MAAA,CAAO,OAAO,QAAQ,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,QAAA,EAA0B;AAE/C,IAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,GAAA,EAAI,GAAK,IAAI,EAAA,GAAK,GAAA;AAC9C,IAAA,IAAI,QAAA,CAAS,YAAY,cAAA,EAAgB;AACvC,MAAA,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,IAAI,KAAA,CAAM,mBAAmB,CAAC,CAAA;AACtD,MAAA;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAA;AACvB,IAAA,IAAA,CAAK,MAAA,CAAO,OAAO,QAAQ,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,mBAAmB,YAAA,EAAqC;AACpE,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,IAAA,CAAK,OAAO,aAAA,EAAe;AAAA,MACtD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,UAAA,EAAY,eAAA;AAAA,QACZ,aAAA,EAAe;AAAA,OAChB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,aAAA,GAAoC,MAAM,QAAA,CAAS,IAAA,EAAK;AAC9D,IAAA,MAAM,IAAA,CAAK,oBAAoB,aAAa,CAAA;AAAA,EAC9C;AACF","file":"index.mjs","sourcesContent":["/**\r\n * Generate PKCE (Proof Key for Code Exchange) code challenge and verifier\r\n */\r\nexport async function generatePKCE(): Promise<{ codeVerifier: string; codeChallenge: string }> {\r\n // Generate code verifier (43-128 characters, URL-safe)\r\n const codeVerifier = generateRandomString(128);\r\n\r\n // Generate code challenge (SHA256 hash of code verifier, base64url encoded)\r\n const hash = await sha256(codeVerifier);\r\n const codeChallenge = base64URLEncode(hash);\r\n\r\n return { codeVerifier, codeChallenge };\r\n}\r\n\r\n/**\r\n * Generate random URL-safe string\r\n */\r\nfunction generateRandomString(length: number): string {\r\n const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\r\n const array = new Uint8Array(length);\r\n crypto.getRandomValues(array);\r\n return Array.from(array, byte => charset[byte % charset.length]).join('');\r\n}\r\n\r\n/**\r\n * Base64 URL encode (without padding)\r\n */\r\nfunction base64URLEncode(buffer: ArrayBuffer): string {\r\n const base64 = btoa(String.fromCharCode(...new Uint8Array(buffer)));\r\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\r\n}\r\n\r\n/**\r\n * SHA256 hash\r\n */\r\nasync function sha256(message: string): Promise<ArrayBuffer> {\r\n const encoder = new TextEncoder();\r\n const data = encoder.encode(message);\r\n return crypto.subtle.digest('SHA-256', data);\r\n}\r\n","import type { OAuthOptions, OAuthTokenResponse } from './types';\r\nimport { generatePKCE } from './pkce';\r\n\r\ninterface OAuthFlowConfig {\r\n gameId: string;\r\n oauthAuthorizeUrl: string;\r\n oauthTokenUrl: string;\r\n apiBaseUrl: string;\r\n onTokenReceived: (tokenResponse: OAuthTokenResponse) => Promise<void>;\r\n onError?: (error: Error) => void;\r\n}\r\n\r\n/**\r\n * Handles OAuth 2.0 Authorization Code Grant flow with PKCE\r\n */\r\nexport class OAuthFlow {\r\n private config: OAuthFlowConfig;\r\n\r\n constructor(config: OAuthFlowConfig) {\r\n this.config = config;\r\n }\r\n\r\n /**\r\n * Authenticate user via OAuth popup\r\n */\r\n async authenticate(options: OAuthOptions): Promise<any> {\r\n // Generate state for CSRF protection\r\n const state = options.state || this.generateState();\r\n \r\n // Generate PKCE if enabled\r\n let codeChallenge: string | undefined;\r\n let codeVerifier: string | undefined;\r\n if (options.enablePKCE !== false) {\r\n const pkce = await generatePKCE();\r\n codeChallenge = pkce.codeChallenge;\r\n codeVerifier = pkce.codeVerifier;\r\n // Store code verifier for later use\r\n sessionStorage.setItem(`omenx_pkce_${state}`, codeVerifier);\r\n }\r\n\r\n return new Promise((resolve, reject) => {\r\n // Build authorization URL\r\n const params = new URLSearchParams({\r\n client_id: this.config.gameId,\r\n redirect_uri: options.redirectUri,\r\n response_type: 'code',\r\n state: state,\r\n });\r\n\r\n if (codeChallenge) {\r\n params.append('code_challenge', codeChallenge);\r\n params.append('code_challenge_method', 'S256');\r\n }\r\n\r\n const authUrl = `${this.config.oauthAuthorizeUrl}?${params.toString()}`;\r\n\r\n // Open popup window\r\n const popup = window.open(\r\n authUrl,\r\n 'OmenX Authentication',\r\n 'width=500,height=600,left=' + (window.screen.width / 2 - 250) + ',top=' + (window.screen.height / 2 - 300)\r\n );\r\n\r\n if (!popup) {\r\n const error = new Error('Failed to open popup window. Please allow popups for this site.');\r\n this.config.onError?.(error);\r\n reject(error);\r\n return;\r\n }\r\n\r\n // Listen for authorization code\r\n const messageListener = async (event: MessageEvent) => {\r\n // Validate origin\r\n try {\r\n const url = new URL(this.config.oauthAuthorizeUrl);\r\n if (event.origin !== url.origin) {\r\n return;\r\n }\r\n } catch {\r\n // If we can't parse the URL, skip origin check (development)\r\n }\r\n\r\n if (event.data?.type === 'OMENX_OAUTH_CODE') {\r\n window.removeEventListener('message', messageListener);\r\n popup.close();\r\n\r\n const { code, state: returnedState } = event.data;\r\n\r\n // Validate state\r\n if (returnedState !== state) {\r\n const error = new Error('Invalid state parameter. Possible CSRF attack.');\r\n this.config.onError?.(error);\r\n reject(error);\r\n return;\r\n }\r\n\r\n // Get code verifier if PKCE was used\r\n const storedCodeVerifier = sessionStorage.getItem(`omenx_pkce_${state}`);\r\n if (storedCodeVerifier) {\r\n sessionStorage.removeItem(`omenx_pkce_${state}`);\r\n codeVerifier = storedCodeVerifier;\r\n }\r\n\r\n try {\r\n // Exchange code for token\r\n const tokenResponse = await this.exchangeCodeForToken(code, options.redirectUri, codeVerifier);\r\n await this.config.onTokenReceived(tokenResponse);\r\n resolve(tokenResponse);\r\n } catch (error) {\r\n this.config.onError?.(error as Error);\r\n reject(error);\r\n }\r\n }\r\n };\r\n\r\n window.addEventListener('message', messageListener);\r\n\r\n // Check if popup was closed\r\n const checkClosed = setInterval(() => {\r\n if (popup.closed) {\r\n clearInterval(checkClosed);\r\n window.removeEventListener('message', messageListener);\r\n const error = new Error('Authentication was cancelled.');\r\n this.config.onError?.(error);\r\n reject(error);\r\n }\r\n }, 1000);\r\n });\r\n }\r\n\r\n /**\r\n * Exchange authorization code for access token\r\n */\r\n private async exchangeCodeForToken(\r\n code: string,\r\n redirectUri: string,\r\n codeVerifier?: string\r\n ): Promise<OAuthTokenResponse> {\r\n const body: any = {\r\n code,\r\n redirect_uri: redirectUri,\r\n grant_type: 'authorization_code',\r\n };\r\n\r\n if (codeVerifier) {\r\n body.code_verifier = codeVerifier;\r\n }\r\n\r\n const response = await fetch(this.config.oauthTokenUrl, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n // Note: API key should be included via Authorization header\r\n // This should be set by the game's backend, not the SDK\r\n },\r\n body: JSON.stringify(body),\r\n });\r\n\r\n if (!response.ok) {\r\n const error = await response.json().catch(() => ({ message: 'Failed to exchange code for token' }));\r\n throw new Error(error.message || 'Failed to exchange code for token');\r\n }\r\n\r\n return response.json();\r\n }\r\n\r\n /**\r\n * Generate random state for CSRF protection\r\n */\r\n private generateState(): string {\r\n const array = new Uint8Array(32);\r\n crypto.getRandomValues(array);\r\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\r\n }\r\n}\r\n","import type { AuthData } from './types';\r\n\r\ninterface IframeAuthConfig {\r\n gameId: string;\r\n parentOrigin?: string;\r\n onAuth: (authData: AuthData) => void;\r\n onError?: (error: Error) => void;\r\n}\r\n\r\n/**\r\n * Handles authentication data passed from parent window via postMessage\r\n */\r\nexport class IframeAuth {\r\n private config: IframeAuthConfig;\r\n private messageListener: ((event: MessageEvent) => void) | null = null;\r\n\r\n constructor(config: IframeAuthConfig) {\r\n this.config = config;\r\n }\r\n\r\n /**\r\n * Initialize iframe authentication listener\r\n */\r\n init(): void {\r\n // Request auth data from parent\r\n this.requestAuth();\r\n\r\n // Listen for auth data from parent\r\n this.messageListener = (event: MessageEvent) => {\r\n // Validate origin if specified\r\n if (this.config.parentOrigin) {\r\n try {\r\n const parentUrl = new URL(this.config.parentOrigin);\r\n if (event.origin !== parentUrl.origin) {\r\n return;\r\n }\r\n } catch {\r\n // If we can't parse parent origin, skip validation (development)\r\n }\r\n }\r\n\r\n // Handle auth data\r\n if (event.data?.type === 'OMENX_AUTH') {\r\n const authData = event.data.payload as AuthData;\r\n\r\n // Validate game ID\r\n if (authData.gameId !== this.config.gameId) {\r\n this.config.onError?.(new Error(`Game ID mismatch. Expected ${this.config.gameId}, got ${authData.gameId}`));\r\n return;\r\n }\r\n\r\n // Validate timestamp (5 minute expiry)\r\n const fiveMinutesAgo = Date.now() - (5 * 60 * 1000);\r\n if (authData.timestamp < fiveMinutesAgo) {\r\n this.config.onError?.(new Error('Auth data expired'));\r\n return;\r\n }\r\n\r\n this.config.onAuth(authData);\r\n }\r\n };\r\n\r\n window.addEventListener('message', this.messageListener);\r\n }\r\n\r\n /**\r\n * Request authentication data from parent window\r\n */\r\n private requestAuth(): void {\r\n if (window.parent === window) {\r\n // Not in an iframe\r\n return;\r\n }\r\n\r\n // Send request to parent\r\n const parentOrigin = this.config.parentOrigin || '*';\r\n window.parent.postMessage(\r\n {\r\n type: 'OMENX_AUTH_REQUEST',\r\n gameId: this.config.gameId,\r\n },\r\n parentOrigin\r\n );\r\n }\r\n\r\n /**\r\n * Cleanup\r\n */\r\n destroy(): void {\r\n if (this.messageListener) {\r\n window.removeEventListener('message', this.messageListener);\r\n this.messageListener = null;\r\n }\r\n }\r\n}\r\n","import type { AuthData } from './types';\r\n\r\n/**\r\n * Manages token storage and retrieval\r\n */\r\nexport class TokenManager {\r\n private storageKeyPrefix: string;\r\n\r\n constructor(storageKeyPrefix: string = 'omenx_game_') {\r\n this.storageKeyPrefix = storageKeyPrefix;\r\n }\r\n\r\n /**\r\n * Store authentication data\r\n */\r\n storeAuth(authData: AuthData, refreshToken: string, expiresIn: number): void {\r\n try {\r\n localStorage.setItem(`${this.storageKeyPrefix}auth`, JSON.stringify(authData));\r\n localStorage.setItem(`${this.storageKeyPrefix}refresh_token`, refreshToken);\r\n localStorage.setItem(`${this.storageKeyPrefix}expires_at`, String(Date.now() + (expiresIn * 1000)));\r\n } catch (error) {\r\n console.warn('[TokenManager] Failed to store auth data:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Get stored authentication data\r\n */\r\n getStoredAuth(): AuthData | null {\r\n try {\r\n const stored = localStorage.getItem(`${this.storageKeyPrefix}auth`);\r\n if (!stored) {\r\n return null;\r\n }\r\n return JSON.parse(stored) as AuthData;\r\n } catch (error) {\r\n console.warn('[TokenManager] Failed to retrieve auth data:', error);\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * Get stored refresh token\r\n */\r\n getRefreshToken(): string | null {\r\n try {\r\n return localStorage.getItem(`${this.storageKeyPrefix}refresh_token`);\r\n } catch (error) {\r\n console.warn('[TokenManager] Failed to retrieve refresh token:', error);\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * Clear all stored authentication data\r\n */\r\n clearStorage(): void {\r\n try {\r\n localStorage.removeItem(`${this.storageKeyPrefix}auth`);\r\n localStorage.removeItem(`${this.storageKeyPrefix}refresh_token`);\r\n localStorage.removeItem(`${this.storageKeyPrefix}expires_at`);\r\n } catch (error) {\r\n console.warn('[TokenManager] Failed to clear storage:', error);\r\n }\r\n }\r\n}\r\n","import type {\r\n OmenXGameSDKConfig,\r\n AuthData,\r\n OAuthOptions,\r\n OAuthTokenResponse,\r\n ApiCallOptions,\r\n} from './types';\r\nimport { OAuthFlow } from './oauth';\r\nimport { IframeAuth } from './iframe-auth';\r\nimport { TokenManager } from './token-manager';\r\n\r\n/**\r\n * OmenX Game SDK\r\n * \r\n * Provides authentication and API integration for games on the OmenX platform.\r\n * Supports both OAuth-style authentication and iframe authentication passing.\r\n */\r\nexport class OmenXGameSDK {\r\n private config: Required<OmenXGameSDKConfig>;\r\n private oauthFlow: OAuthFlow;\r\n private iframeAuth: IframeAuth | null = null;\r\n private tokenManager: TokenManager;\r\n private currentAuthData: AuthData | null = null;\r\n\r\n constructor(config: OmenXGameSDKConfig) {\r\n // Set defaults\r\n const apiBaseUrl = config.apiBaseUrl || 'https://api.omen.foundation';\r\n this.config = {\r\n gameId: config.gameId,\r\n apiBaseUrl: apiBaseUrl,\r\n oauthAuthorizeUrl: config.oauthAuthorizeUrl || `${apiBaseUrl}/v1/oauth/authorize`,\r\n oauthTokenUrl: config.oauthTokenUrl || `${apiBaseUrl}/v1/oauth/token`,\r\n onAuth: config.onAuth || (() => {}),\r\n onAuthError: config.onAuthError || ((error) => console.error('[OmenX SDK] Auth error:', error)),\r\n onLogout: config.onLogout || (() => {}),\r\n enableIframeAuth: config.enableIframeAuth !== false,\r\n parentOrigin: config.parentOrigin ?? '',\r\n storageKeyPrefix: config.storageKeyPrefix || 'omenx_game_',\r\n };\r\n\r\n // Initialize components\r\n this.tokenManager = new TokenManager(this.config.storageKeyPrefix);\r\n this.oauthFlow = new OAuthFlow({\r\n gameId: this.config.gameId,\r\n oauthAuthorizeUrl: this.config.oauthAuthorizeUrl,\r\n oauthTokenUrl: this.config.oauthTokenUrl,\r\n apiBaseUrl: this.config.apiBaseUrl,\r\n onTokenReceived: this.handleTokenReceived.bind(this),\r\n onError: this.config.onAuthError,\r\n });\r\n\r\n if (this.config.enableIframeAuth) {\r\n this.iframeAuth = new IframeAuth({\r\n gameId: this.config.gameId,\r\n parentOrigin: this.config.parentOrigin || undefined,\r\n onAuth: this.handleAuthData.bind(this),\r\n onError: this.config.onAuthError,\r\n });\r\n }\r\n }\r\n\r\n /**\r\n * Initialize the SDK\r\n * Call this after creating an instance\r\n */\r\n async init(): Promise<void> {\r\n // Try to restore from stored token\r\n const storedAuth = this.tokenManager.getStoredAuth();\r\n if (storedAuth) {\r\n // Check if token is still valid (not expired)\r\n const expiresAt = storedAuth.timestamp + (3600 * 1000); // 1 hour default\r\n if (Date.now() < expiresAt) {\r\n this.currentAuthData = storedAuth;\r\n this.config.onAuth(storedAuth);\r\n return;\r\n } else {\r\n // Token expired, try to refresh\r\n const refreshToken = this.tokenManager.getRefreshToken();\r\n if (refreshToken) {\r\n try {\r\n await this.refreshAccessToken(refreshToken);\r\n return;\r\n } catch (error) {\r\n // Refresh failed, clear storage\r\n this.tokenManager.clearStorage();\r\n }\r\n }\r\n }\r\n }\r\n\r\n // If iframe auth is enabled, try to get auth from parent\r\n if (this.config.enableIframeAuth && this.iframeAuth !== null) {\r\n this.iframeAuth.init();\r\n }\r\n }\r\n\r\n /**\r\n * Authenticate user via OAuth popup\r\n */\r\n async authenticate(options: OAuthOptions): Promise<AuthData> {\r\n return this.oauthFlow.authenticate(options);\r\n }\r\n\r\n /**\r\n * Get current authentication data\r\n */\r\n getAuthData(): AuthData | null {\r\n return this.currentAuthData;\r\n }\r\n\r\n /**\r\n * Check if user is authenticated\r\n */\r\n isAuthenticated(): boolean {\r\n return this.currentAuthData !== null;\r\n }\r\n\r\n /**\r\n * Logout user\r\n */\r\n async logout(): Promise<void> {\r\n // Revoke token if we have one\r\n if (this.currentAuthData?.accessToken) {\r\n try {\r\n await this.apiCall('/v1/oauth/revoke', {\r\n method: 'POST',\r\n body: { token: this.currentAuthData.accessToken },\r\n includeAuth: false, // Don't include auth header for revoke\r\n });\r\n } catch (error) {\r\n // Ignore errors on revoke\r\n console.warn('[OmenX SDK] Failed to revoke token:', error);\r\n }\r\n }\r\n\r\n // Clear local state\r\n this.currentAuthData = null;\r\n this.tokenManager.clearStorage();\r\n this.config.onLogout();\r\n }\r\n\r\n /**\r\n * Make an authenticated API call\r\n */\r\n async apiCall(endpoint: string, options: ApiCallOptions = {}): Promise<Response> {\r\n const url = endpoint.startsWith('http') \r\n ? endpoint \r\n : `${this.config.apiBaseUrl}${endpoint.startsWith('/') ? endpoint : `/${endpoint}`}`;\r\n\r\n const headers: Record<string, string> = {\r\n 'Content-Type': 'application/json',\r\n ...options.headers,\r\n };\r\n\r\n // Add authentication header if needed\r\n if (options.includeAuth !== false && this.currentAuthData?.accessToken) {\r\n headers['Authorization'] = `Bearer ${this.currentAuthData.accessToken}`;\r\n }\r\n\r\n const fetchOptions: RequestInit = {\r\n method: options.method || 'GET',\r\n headers,\r\n };\r\n\r\n if (options.body && options.method !== 'GET') {\r\n fetchOptions.body = JSON.stringify(options.body);\r\n }\r\n\r\n const response = await fetch(url, fetchOptions);\r\n\r\n // If unauthorized, try to refresh token\r\n if (response.status === 401 && this.currentAuthData) {\r\n const refreshToken = this.tokenManager.getRefreshToken();\r\n if (refreshToken) {\r\n try {\r\n await this.refreshAccessToken(refreshToken);\r\n // Retry the request with new token\r\n if (this.currentAuthData?.accessToken) {\r\n headers['Authorization'] = `Bearer ${this.currentAuthData.accessToken}`;\r\n return fetch(url, { ...fetchOptions, headers });\r\n }\r\n } catch (error) {\r\n // Refresh failed, logout\r\n await this.logout();\r\n throw new Error('Authentication expired. Please login again.');\r\n }\r\n }\r\n }\r\n\r\n return response;\r\n }\r\n\r\n /**\r\n * Handle token received from OAuth flow\r\n */\r\n private async handleTokenReceived(tokenResponse: OAuthTokenResponse): Promise<void> {\r\n const authData: AuthData = {\r\n accessToken: tokenResponse.access_token,\r\n walletAddress: tokenResponse.user.walletAddress,\r\n userId: tokenResponse.user.userId,\r\n profileName: tokenResponse.user.profileName,\r\n profilePicture: tokenResponse.user.profilePicture,\r\n email: tokenResponse.user.email,\r\n gameId: this.config.gameId,\r\n timestamp: Date.now(),\r\n };\r\n\r\n // Store tokens\r\n this.tokenManager.storeAuth(authData, tokenResponse.refresh_token, tokenResponse.expires_in);\r\n\r\n // Update current auth\r\n this.currentAuthData = authData;\r\n this.config.onAuth(authData);\r\n }\r\n\r\n /**\r\n * Handle auth data from iframe\r\n */\r\n private handleAuthData(authData: AuthData): void {\r\n // Validate timestamp (5 minute expiry)\r\n const fiveMinutesAgo = Date.now() - (5 * 60 * 1000);\r\n if (authData.timestamp < fiveMinutesAgo) {\r\n this.config.onAuthError(new Error('Auth data expired'));\r\n return;\r\n }\r\n\r\n // Update current auth\r\n this.currentAuthData = authData;\r\n this.config.onAuth(authData);\r\n }\r\n\r\n /**\r\n * Refresh access token using refresh token\r\n */\r\n private async refreshAccessToken(refreshToken: string): Promise<void> {\r\n const response = await fetch(this.config.oauthTokenUrl, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n },\r\n body: JSON.stringify({\r\n grant_type: 'refresh_token',\r\n refresh_token: refreshToken,\r\n }),\r\n });\r\n\r\n if (!response.ok) {\r\n throw new Error('Failed to refresh token');\r\n }\r\n\r\n const tokenResponse: OAuthTokenResponse = await response.json();\r\n await this.handleTokenReceived(tokenResponse);\r\n }\r\n}\r\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "name": "@omen.foundation/game-sdk",
+  "version": "1.0.0",
+  "description": "OmenX Game SDK for web applications - OAuth authentication and API integration",
+  "main": "dist/index.js",
+  "module": "dist/index.esm.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts",
+    "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "omenx",
+    "game",
+    "sdk",
+    "oauth",
+    "authentication",
+    "nft",
+    "blockchain"
+  ],
+  "author": "OmenX",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/omen-foundation/game-sdk"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0"
+  },
+  "peerDependencies": {},
+  "publishConfig": {
+    "access": "public"
+  }
+}