@omni2fa/core 0.6.1 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/index.cjs +1 -1
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +29 -29
  4. package/dist/index.js.map +1 -1
  5. package/dist/machines/challenge/ChallengeContext.d.ts +2 -0
  6. package/dist/machines/challenge/ChallengeContext.d.ts.map +1 -1
  7. package/dist/machines/challenge/challengeMachine.d.ts +12 -0
  8. package/dist/machines/challenge/challengeMachine.d.ts.map +1 -1
  9. package/dist/machines/emailEnrollment/EmailEnrollmentEvent.d.ts +1 -1
  10. package/dist/machines/emailEnrollment/EmailEnrollmentEvent.d.ts.map +1 -1
  11. package/dist/machines/emailEnrollment/emailEnrollmentMachine.d.ts +2 -2
  12. package/dist/machines/emailEnrollment/emailEnrollmentMachine.d.ts.map +1 -1
  13. package/dist/types/api.d.ts +17 -6
  14. package/dist/types/api.d.ts.map +1 -1
  15. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1,2 +1,2 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const F=require("openapi-fetch"),s=require("xstate");class T{map=new Map;get(e){return this.map.get(e)??null}set(e,r){this.map.set(e,r)}remove(e){this.map.delete(e)}}const a={InvalidCode:"INVALID_CODE",PreAuthExpired:"PREAUTH_EXPIRED",PreAuthInvalid:"PREAUTH_INVALID",ChallengeNotFound:"CHALLENGE_NOT_FOUND",ChallengeConsumed:"CHALLENGE_CONSUMED",TooManyAttempts:"TOO_MANY_ATTEMPTS",MethodNotFound:"METHOD_NOT_FOUND",TypeAlreadyEnrolled:"TYPE_ALREADY_ENROLLED",MaxMethodsReached:"MAX_METHODS_REACHED",LastMethodProtected:"LAST_METHOD_PROTECTED",RecoveryCodeInvalid:"RECOVERY_CODE_INVALID",RecoveryCodeUsed:"RECOVERY_CODE_USED",WebAuthnVerificationFailed:"WEBAUTHN_VERIFICATION_FAILED",ValidationFailed:"VALIDATION_FAILED",NetworkError:"NETWORK_ERROR",Unknown:"UNKNOWN"},C={[a.InvalidCode]:"The code you entered is invalid.",[a.PreAuthExpired]:"Your session has expired. Please sign in again.",[a.PreAuthInvalid]:"Your session is invalid. Please sign in again.",[a.ChallengeNotFound]:"No active verification step. Please restart.",[a.ChallengeConsumed]:"This verification step was already used. Please sign in again.",[a.TooManyAttempts]:"Too many attempts. Please wait before trying again.",[a.MethodNotFound]:"The selected 2FA method was not found.",[a.TypeAlreadyEnrolled]:"You already have this type of 2FA enabled.",[a.MaxMethodsReached]:"You have reached the maximum number of 2FA methods.",[a.LastMethodProtected]:"You cannot remove your last 2FA method.",[a.RecoveryCodeInvalid]:"The recovery code is invalid.",[a.RecoveryCodeUsed]:"This recovery code has already been used.",[a.WebAuthnVerificationFailed]:"Security key verification failed.",[a.ValidationFailed]:"The request was malformed.",[a.NetworkError]:"Network error. Please check your connection.",[a.Unknown]:"An unexpected error occurred."};function E(t){return C[t]??C[a.Unknown]}const J="omni2fa:preauth",L="omni2fa:session",w="http://omni2fa.local";class S{storage;preAuthKey;sessionKey;basePath;inner;constructor(e){this.storage=e.storage??new T,this.preAuthKey=e.preAuthStorageKey??J,this.sessionKey=e.sessionStorageKey??L,this.basePath=new URL(e.baseUrl,w).pathname.replace(/\/$/,""),this.inner=F({baseUrl:e.baseUrl,fetch:e.fetch??globalThis.fetch.bind(globalThis),...e.credentials?{credentials:e.credentials}:{}}),this.inner.use({onRequest:({request:r})=>{if(r.headers.has("Authorization"))return r;const n=this.isPreAuthEndpoint(r.url)?this.getPreAuthToken():this.getSessionToken();return n&&r.headers.set("Authorization",`Bearer ${n}`),r}})}isPreAuthEndpoint(e){const r=new URL(e,w).pathname;return(r.startsWith(this.basePath)?r.slice(this.basePath.length):r).startsWith("/challenge/")}setPreAuthToken(e){this.setToken(this.preAuthKey,e)}getPreAuthToken(){return this.storage.get(this.preAuthKey)}setSessionToken(e){this.setToken(this.sessionKey,e)}getSessionToken(){return this.storage.get(this.sessionKey)}setToken(e,r){r===null||r.length===0?this.storage.remove(e):this.storage.set(e,r)}async listMethods(){const{data:e,error:r,response:n}=await this.inner.GET("/methods");return this.toCall(e,r,n)}async removeMethod(e){const{error:r,response:n}=await this.inner.DELETE("/methods/{methodId}",{params:{path:{methodId:e}}});return r?this.errorCall(r,n):{ok:!0,value:void 0}}async startTotpEnrollment(){const{data:e,error:r,response:n}=await this.inner.POST("/enroll/totp/start");return this.toCall(e,r,n)}async confirmTotpEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/totp/confirm",{body:e});return this.toCall(r,n,o)}async startEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/start",{body:e});return this.toCall(r,n,o)}async confirmEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/confirm",{body:e});return this.toCall(r,n,o)}async resendEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/resend",{body:e});return this.toCall(r,n,o)}async startWebAuthnEnrollment(){const{data:e,error:r,response:n}=await this.inner.POST("/enroll/webauthn/start");return this.toCall(e,r,n)}async confirmWebAuthnEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/webauthn/confirm",{body:e});return this.toCall(r,n,o)}async startChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/start",{body:e});return this.toCall(r,n,o)}async resendChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/resend",{body:e});return this.toCall(r,n,o)}async verifyChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/verify",{body:e});return this.toCall(r,n,o)}async verifyRecoveryCode(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/recovery-code",{body:e});return this.toCall(r,n,o)}async regenerateRecoveryCodes(){const{data:e,error:r,response:n}=await this.inner.POST("/recovery-codes/regenerate");return this.toCall(e,r,n)}toCall(e,r,n){return r!==void 0?this.errorCall(r,n):e===void 0?{ok:!1,code:a.NetworkError,message:E(a.NetworkError),httpStatus:n.status}:{ok:!0,value:e}}errorCall(e,r){const n=e.code||a.Unknown;return{ok:!1,code:n,message:e.message||E(n),httpStatus:r.status,details:e.details??null}}}class K{get(e){return globalThis.sessionStorage?.getItem(e)??null}set(e,r){globalThis.sessionStorage?.setItem(e,r)}remove(e){globalThis.sessionStorage?.removeItem(e)}}class W{get(e){return globalThis.localStorage?.getItem(e)??null}set(e,r){globalThis.localStorage?.setItem(e,r)}remove(e){globalThis.localStorage?.removeItem(e)}}class l extends Error{code;httpStatus;details;constructor(e,r,n,o=null){super(r),this.name="Omni2FaApiError",this.code=e,this.httpStatus=n,this.details=o}}const $={enrollmentId:null,otpAuthUri:null,secret:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function O(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startTotpEnrollment();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmTotpEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"totpEnrollment",initial:"idle",context:$,states:{idle:{on:{start:{target:"starting"}}},starting:{invoke:{src:"startEnrollment",onDone:{target:"awaitingCode",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.otpAuthUri=r.output.otpAuthUri,e.secret=r.output.secret,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>v(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},reset:{target:"idle",actions:h}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>v(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:h}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:h}}}}})}function h({context:t}){t.enrollmentId=null,t.otpAuthUri=null,t.secret=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function v(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const H={enrollmentId:null,email:null,expiresAt:null,resendAvailableAt:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function P(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async({input:e})=>{const r=await t.startEmailEnrollment({email:e.email});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendEnrollment:s.fromPromise(async({input:e})=>{const r=await t.resendEmailEnrollment({enrollmentId:e.enrollmentId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmEmailEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"emailEnrollment",initial:"idle",context:H,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.email=r.email)},invoke:{src:"startEnrollment",input:({context:e})=>{if(!e.email)throw new Error("no email");return{email:e.email}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>I(e,r.output)},onError:{target:"failed",actions:({context:e,event:r})=>p(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},resend:{target:"resending"},reset:{target:"idle",actions:g}}},resending:{invoke:{src:"resendEnrollment",input:({context:e})=>{if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>I(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>p(e,r.error)}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>p(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:g}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:g}}}}})}function I(t,e){t.enrollmentId=e.enrollmentId,t.expiresAt=e.expiresAt,t.resendAvailableAt=e.resendAvailableAt,t.errorCode=null,t.errorMessage=null}function g({context:t}){t.enrollmentId=null,t.email=null,t.expiresAt=null,t.resendAvailableAt=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function p(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function c(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.padEnd(Math.ceil(e.length/4)*4,"="),n=atob(r),o=new Uint8Array(n.length);for(let i=0;i<n.length;i++)o[i]=n.charCodeAt(i);return o.buffer}function d(t){const e=new Uint8Array(t);let r="";for(const n of e)r+=String.fromCharCode(n);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function N(t){return(t??[]).map(e=>({...e,id:c(e.id)}))}async function k(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),user:{...e.user,id:c(e.user.id)},excludeCredentials:N(e.excludeCredentials)},n=await navigator.credentials.create({publicKey:r});if(n===null)throw new Error("WebAuthn registration produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{attestationObject:d(o.attestationObject),clientDataJSON:d(o.clientDataJSON)}})}async function R(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),allowCredentials:N(e.allowCredentials)},n=await navigator.credentials.get({publicKey:r});if(n===null)throw new Error("WebAuthn authentication produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{authenticatorData:d(o.authenticatorData),clientDataJSON:d(o.clientDataJSON),signature:d(o.signature),userHandle:o.userHandle?d(o.userHandle):null}})}const Y={enrollmentId:null,optionsJson:null,name:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function D(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startWebAuthnEnrollment();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),registerAndConfirm:s.fromPromise(async({input:e})=>{const r=await k(e.optionsJson),n=await t.confirmWebAuthnEnrollment({enrollmentId:e.enrollmentId,attestationResponseJson:r,name:e.name});if(!n.ok)throw new l(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"webauthnEnrollment",initial:"idle",context:Y,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.name=r.name??null)},invoke:{src:"startEnrollment",onDone:{target:"registering",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.optionsJson=r.output.optionsJson,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>b(e,r.error)}}},registering:{invoke:{src:"registerAndConfirm",input:({context:e})=>{if(!e.enrollmentId||!e.optionsJson)throw new Error("no pending enrollment");return{enrollmentId:e.enrollmentId,optionsJson:e.optionsJson,name:e.name}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>b(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:A}}},failed:{on:{retry:{target:"starting"},reset:{target:"idle",actions:A}}}}})}function A({context:t}){t.enrollmentId=null,t.optionsJson=null,t.name=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function b(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const V={methodId:null,methodType:null,userId:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function U(t){return s.setup({types:{context:{},events:{}},actors:{startChallenge:s.fromPromise(async({input:e})=>{const r=await t.startChallenge({methodId:e.methodId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendChallenge:s.fromPromise(async({input:e})=>{const r=await t.resendChallenge({methodId:e.methodId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyChallenge:s.fromPromise(async({input:e})=>{const r=await t.verifyChallenge({methodId:e.methodId,code:e.code});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertChallenge:s.fromPromise(async({input:e})=>{const r=await R(e.optionsJson),n=await t.verifyChallenge({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new l(n.code,n.message,n.httpStatus,n.details??null);return n.value}),verifyRecoveryCode:s.fromPromise(async({input:e})=>{const r=await t.verifyRecoveryCode({recoveryCode:e.code});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"challenge",initial:"idle",context:V,states:{idle:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>f(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>f(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},asserting:{invoke:{src:"assertChallenge",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:y}}},verifyingRecovery:{invoke:{src:"verifyRecoveryCode",input:({event:e})=>{if(e.type!=="useRecoveryCode")throw new Error("verifyingRecovery requires useRecoveryCode event");return{code:e.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},resending:{invoke:{src:"resendChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>f(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verifying:{invoke:{src:"verifyChallenge",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:y}}},failed:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:y}}}}})}function f(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function y({context:t}){t.methodId=null,t.methodType=null,t.userId=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function u(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const q={items:[],errorCode:null,errorMessage:null};function _(t){return s.setup({types:{context:{},events:{}},actors:{load:s.fromPromise(async()=>{const e=await t.listMethods();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),remove:s.fromPromise(async({input:e})=>{const r=await t.removeMethod(e.methodId);if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return e.methodId})}}).createMachine({id:"methods",initial:"idle",context:q,states:{idle:{on:{load:{target:"loading"}}},loading:{invoke:{src:"load",onDone:{target:"ready",actions:({context:e,event:r})=>{e.items=r.output,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>M(e,r.error)}}},ready:{on:{load:{target:"loading"},remove:{target:"removing"}}},removing:{invoke:{src:"remove",input:({event:e})=>{if(e.type!=="remove")throw new Error("removing requires remove event");return{methodId:e.methodId}},onDone:{target:"ready",actions:({context:e,event:r})=>{const n=r.output;e.items=e.items.filter(o=>o.id!==n),e.errorCode=null,e.errorMessage=null}},onError:{target:"ready",actions:({context:e,event:r})=>M(e,r.error)}}},failed:{on:{load:{target:"loading"},reset:{target:"idle",actions:B}}}}})}function B({context:t}){t.items=[],t.errorCode=null,t.errorMessage=null}function M(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function G(t){const e=new S(t),r=s.createActor(O(e)),n=s.createActor(P(e)),o=s.createActor(D(e)),i=s.createActor(U(e)),m=s.createActor(_(e));return r.start(),n.start(),o.start(),i.start(),m.start(),{client:e,totpEnrollment:r,emailEnrollment:n,webauthnEnrollment:o,challenge:i,methods:m,dispose(){r.stop(),n.stop(),o.stop(),i.stop(),m.stop()}}}exports.LocalStorageStorage=W;exports.MemoryStorage=T;exports.Omni2FaApiError=l;exports.Omni2FaClient=S;exports.Omni2FaErrorCodes=a;exports.SessionStorageStorage=K;exports.createChallengeMachine=U;exports.createEmailEnrollmentMachine=P;exports.createMethodsMachine=_;exports.createOmni2Fa=G;exports.createTotpEnrollmentMachine=O;exports.createWebAuthnEnrollmentMachine=D;exports.getDefaultMessage=E;exports.startAuthentication=R;exports.startRegistration=k;
1
+ "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const F=require("openapi-fetch"),s=require("xstate");class M{map=new Map;get(e){return this.map.get(e)??null}set(e,r){this.map.set(e,r)}remove(e){this.map.delete(e)}}const a={InvalidCode:"INVALID_CODE",PreAuthExpired:"PREAUTH_EXPIRED",PreAuthInvalid:"PREAUTH_INVALID",ChallengeNotFound:"CHALLENGE_NOT_FOUND",ChallengeConsumed:"CHALLENGE_CONSUMED",TooManyAttempts:"TOO_MANY_ATTEMPTS",MethodNotFound:"METHOD_NOT_FOUND",TypeAlreadyEnrolled:"TYPE_ALREADY_ENROLLED",MaxMethodsReached:"MAX_METHODS_REACHED",LastMethodProtected:"LAST_METHOD_PROTECTED",RecoveryCodeInvalid:"RECOVERY_CODE_INVALID",RecoveryCodeUsed:"RECOVERY_CODE_USED",WebAuthnVerificationFailed:"WEBAUTHN_VERIFICATION_FAILED",ValidationFailed:"VALIDATION_FAILED",NetworkError:"NETWORK_ERROR",Unknown:"UNKNOWN"},C={[a.InvalidCode]:"The code you entered is invalid.",[a.PreAuthExpired]:"Your session has expired. Please sign in again.",[a.PreAuthInvalid]:"Your session is invalid. Please sign in again.",[a.ChallengeNotFound]:"No active verification step. Please restart.",[a.ChallengeConsumed]:"This verification step was already used. Please sign in again.",[a.TooManyAttempts]:"Too many attempts. Please wait before trying again.",[a.MethodNotFound]:"The selected 2FA method was not found.",[a.TypeAlreadyEnrolled]:"You already have this type of 2FA enabled.",[a.MaxMethodsReached]:"You have reached the maximum number of 2FA methods.",[a.LastMethodProtected]:"You cannot remove your last 2FA method.",[a.RecoveryCodeInvalid]:"The recovery code is invalid.",[a.RecoveryCodeUsed]:"This recovery code has already been used.",[a.WebAuthnVerificationFailed]:"Security key verification failed.",[a.ValidationFailed]:"The request was malformed.",[a.NetworkError]:"Network error. Please check your connection.",[a.Unknown]:"An unexpected error occurred."};function E(t){return C[t]??C[a.Unknown]}const J="omni2fa:preauth",L="omni2fa:session",v="http://omni2fa.local";class S{storage;preAuthKey;sessionKey;basePath;inner;constructor(e){this.storage=e.storage??new M,this.preAuthKey=e.preAuthStorageKey??J,this.sessionKey=e.sessionStorageKey??L,this.basePath=new URL(e.baseUrl,v).pathname.replace(/\/$/,""),this.inner=F({baseUrl:e.baseUrl,fetch:e.fetch??globalThis.fetch.bind(globalThis),...e.credentials?{credentials:e.credentials}:{}}),this.inner.use({onRequest:({request:r})=>{if(r.headers.has("Authorization"))return r;const n=this.isPreAuthEndpoint(r.url)?this.getPreAuthToken():this.getSessionToken();return n&&r.headers.set("Authorization",`Bearer ${n}`),r}})}isPreAuthEndpoint(e){const r=new URL(e,v).pathname;return(r.startsWith(this.basePath)?r.slice(this.basePath.length):r).startsWith("/challenge/")}setPreAuthToken(e){this.setToken(this.preAuthKey,e)}getPreAuthToken(){return this.storage.get(this.preAuthKey)}setSessionToken(e){this.setToken(this.sessionKey,e)}getSessionToken(){return this.storage.get(this.sessionKey)}setToken(e,r){r===null||r.length===0?this.storage.remove(e):this.storage.set(e,r)}async listMethods(){const{data:e,error:r,response:n}=await this.inner.GET("/methods");return this.toCall(e,r,n)}async removeMethod(e){const{error:r,response:n}=await this.inner.DELETE("/methods/{methodId}",{params:{path:{methodId:e}}});return r?this.errorCall(r,n):{ok:!0,value:void 0}}async startTotpEnrollment(){const{data:e,error:r,response:n}=await this.inner.POST("/enroll/totp/start");return this.toCall(e,r,n)}async confirmTotpEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/totp/confirm",{body:e});return this.toCall(r,n,o)}async startEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/start",{body:e});return this.toCall(r,n,o)}async confirmEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/confirm",{body:e});return this.toCall(r,n,o)}async resendEmailEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/email/resend",{body:e});return this.toCall(r,n,o)}async startWebAuthnEnrollment(){const{data:e,error:r,response:n}=await this.inner.POST("/enroll/webauthn/start");return this.toCall(e,r,n)}async confirmWebAuthnEnrollment(e){const{data:r,error:n,response:o}=await this.inner.POST("/enroll/webauthn/confirm",{body:e});return this.toCall(r,n,o)}async startChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/start",{body:e});return this.toCall(r,n,o)}async resendChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/resend",{body:e});return this.toCall(r,n,o)}async verifyChallenge(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/verify",{body:e});return this.toCall(r,n,o)}async verifyRecoveryCode(e){const{data:r,error:n,response:o}=await this.inner.POST("/challenge/recovery-code",{body:e});return this.toCall(r,n,o)}async regenerateRecoveryCodes(){const{data:e,error:r,response:n}=await this.inner.POST("/recovery-codes/regenerate");return this.toCall(e,r,n)}toCall(e,r,n){return r!==void 0?this.errorCall(r,n):e===void 0?{ok:!1,code:a.NetworkError,message:E(a.NetworkError),httpStatus:n.status}:{ok:!0,value:e}}errorCall(e,r){const n=e.code||a.Unknown;return{ok:!1,code:n,message:e.message||E(n),httpStatus:r.status,details:e.details??null}}}class K{get(e){return globalThis.sessionStorage?.getItem(e)??null}set(e,r){globalThis.sessionStorage?.setItem(e,r)}remove(e){globalThis.sessionStorage?.removeItem(e)}}class W{get(e){return globalThis.localStorage?.getItem(e)??null}set(e,r){globalThis.localStorage?.setItem(e,r)}remove(e){globalThis.localStorage?.removeItem(e)}}class l extends Error{code;httpStatus;details;constructor(e,r,n,o=null){super(r),this.name="Omni2FaApiError",this.code=e,this.httpStatus=n,this.details=o}}const $={enrollmentId:null,otpAuthUri:null,secret:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function O(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startTotpEnrollment();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmTotpEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"totpEnrollment",initial:"idle",context:$,states:{idle:{on:{start:{target:"starting"}}},starting:{invoke:{src:"startEnrollment",onDone:{target:"awaitingCode",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.otpAuthUri=r.output.otpAuthUri,e.secret=r.output.secret,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>w(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},reset:{target:"idle",actions:h}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>w(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:h}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:h}}}}})}function h({context:t}){t.enrollmentId=null,t.otpAuthUri=null,t.secret=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function w(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const H={enrollmentId:null,email:null,expiresAt:null,resendAvailableAt:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function k(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async({input:e})=>{const r=await t.startEmailEnrollment(e.email!==void 0?{email:e.email}:{});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendEnrollment:s.fromPromise(async({input:e})=>{const r=await t.resendEmailEnrollment({enrollmentId:e.enrollmentId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),confirmEnrollment:s.fromPromise(async({input:e})=>{const r=await t.confirmEmailEnrollment({enrollmentId:e.enrollmentId,code:e.code,name:e.name});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"emailEnrollment",initial:"idle",context:H,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.email=r.email??null)},invoke:{src:"startEnrollment",input:({context:e})=>({email:e.email??void 0}),onDone:{target:"awaitingCode",actions:({context:e,event:r})=>I(e,r.output)},onError:{target:"failed",actions:({context:e,event:r})=>p(e,r.error)}}},awaitingCode:{on:{submit:{target:"confirming"},resend:{target:"resending"},reset:{target:"idle",actions:g}}},resending:{invoke:{src:"resendEnrollment",input:({context:e})=>{if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>I(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>p(e,r.error)}}},confirming:{invoke:{src:"confirmEnrollment",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("confirming requires submit event");if(!e.enrollmentId)throw new Error("no enrollmentId");return{enrollmentId:e.enrollmentId,code:r.code,name:r.name??null}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>p(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:g}}},failed:{on:{start:{target:"starting"},reset:{target:"idle",actions:g}}}}})}function I(t,e){t.enrollmentId=e.enrollmentId,t.expiresAt=e.expiresAt,t.resendAvailableAt=e.resendAvailableAt,t.errorCode=null,t.errorMessage=null}function g({context:t}){t.enrollmentId=null,t.email=null,t.expiresAt=null,t.resendAvailableAt=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function p(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function c(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),r=e.padEnd(Math.ceil(e.length/4)*4,"="),n=atob(r),o=new Uint8Array(n.length);for(let i=0;i<n.length;i++)o[i]=n.charCodeAt(i);return o.buffer}function d(t){const e=new Uint8Array(t);let r="";for(const n of e)r+=String.fromCharCode(n);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function P(t){return(t??[]).map(e=>({...e,id:c(e.id)}))}async function N(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),user:{...e.user,id:c(e.user.id)},excludeCredentials:P(e.excludeCredentials)},n=await navigator.credentials.create({publicKey:r});if(n===null)throw new Error("WebAuthn registration produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{attestationObject:d(o.attestationObject),clientDataJSON:d(o.clientDataJSON)}})}async function R(t){const e=JSON.parse(t),r={...e,challenge:c(e.challenge),allowCredentials:P(e.allowCredentials)},n=await navigator.credentials.get({publicKey:r});if(n===null)throw new Error("WebAuthn authentication produced no credential.");const o=n.response;return JSON.stringify({id:n.id,rawId:d(n.rawId),type:n.type,extensions:n.getClientExtensionResults(),response:{authenticatorData:d(o.authenticatorData),clientDataJSON:d(o.clientDataJSON),signature:d(o.signature),userHandle:o.userHandle?d(o.userHandle):null}})}const Y={enrollmentId:null,optionsJson:null,name:null,methodId:null,recoveryCodes:null,errorCode:null,errorMessage:null};function D(t){return s.setup({types:{context:{},events:{}},actors:{startEnrollment:s.fromPromise(async()=>{const e=await t.startWebAuthnEnrollment();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),registerAndConfirm:s.fromPromise(async({input:e})=>{const r=await N(e.optionsJson),n=await t.confirmWebAuthnEnrollment({enrollmentId:e.enrollmentId,attestationResponseJson:r,name:e.name});if(!n.ok)throw new l(n.code,n.message,n.httpStatus,n.details??null);return n.value})}}).createMachine({id:"webauthnEnrollment",initial:"idle",context:Y,states:{idle:{on:{start:{target:"starting"}}},starting:{entry:({context:e,event:r})=>{r.type==="start"&&(e.name=r.name??null)},invoke:{src:"startEnrollment",onDone:{target:"registering",actions:({context:e,event:r})=>{e.enrollmentId=r.output.enrollmentId,e.optionsJson=r.output.optionsJson,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>T(e,r.error)}}},registering:{invoke:{src:"registerAndConfirm",input:({context:e})=>{if(!e.enrollmentId||!e.optionsJson)throw new Error("no pending enrollment");return{enrollmentId:e.enrollmentId,optionsJson:e.optionsJson,name:e.name}},onDone:{target:"enrolled",actions:({context:e,event:r})=>{e.methodId=r.output.methodId,e.recoveryCodes=r.output.recoveryCodes??null,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>T(e,r.error)}}},enrolled:{on:{reset:{target:"idle",actions:A}}},failed:{on:{retry:{target:"starting"},reset:{target:"idle",actions:A}}}}})}function A({context:t}){t.enrollmentId=null,t.optionsJson=null,t.name=null,t.methodId=null,t.recoveryCodes=null,t.errorCode=null,t.errorMessage=null}function T(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const V={methodId:null,methodType:null,userId:null,verifiedToken:null,expiresAt:null,resendAvailableAt:null,optionsJson:null,errorCode:null,errorMessage:null};function U(t){return s.setup({types:{context:{},events:{}},actors:{startChallenge:s.fromPromise(async({input:e})=>{const r=await t.startChallenge({methodId:e.methodId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),resendChallenge:s.fromPromise(async({input:e})=>{const r=await t.resendChallenge({methodId:e.methodId});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),verifyChallenge:s.fromPromise(async({input:e})=>{const r=await t.verifyChallenge({methodId:e.methodId,code:e.code});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value}),assertChallenge:s.fromPromise(async({input:e})=>{const r=await R(e.optionsJson),n=await t.verifyChallenge({methodId:e.methodId,assertionResponseJson:r});if(!n.ok)throw new l(n.code,n.message,n.httpStatus,n.details??null);return n.value}),verifyRecoveryCode:s.fromPromise(async({input:e})=>{const r=await t.verifyRecoveryCode({recoveryCode:e.code});if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return r.value})}}).createMachine({id:"challenge",initial:"idle",context:V,states:{idle:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"}}},starting:{entry:({context:e,event:r})=>{r.type==="pick"&&(e.methodId=r.methodId)},invoke:{src:"startChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:[{guard:({event:e})=>e.output.type==="WebAuthn",target:"asserting",actions:({context:e,event:r})=>f(e,r.output)},{target:"awaitingCode",actions:({context:e,event:r})=>f(e,r.output)}],onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},asserting:{invoke:{src:"assertChallenge",input:({context:e})=>{if(!e.methodId||!e.optionsJson)throw new Error("no assertion options");return{methodId:e.methodId,optionsJson:e.optionsJson}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},awaitingCode:{on:{submit:{target:"verifying"},resend:{target:"resending"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:y}}},verifyingRecovery:{invoke:{src:"verifyRecoveryCode",input:({event:e})=>{if(e.type!=="useRecoveryCode")throw new Error("verifyingRecovery requires useRecoveryCode event");return{code:e.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>u(e,r.error)}}},resending:{invoke:{src:"resendChallenge",input:({context:e})=>{if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId}},onDone:{target:"awaitingCode",actions:({context:e,event:r})=>f(e,r.output)},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verifying:{invoke:{src:"verifyChallenge",input:({context:e,event:r})=>{if(r.type!=="submit")throw new Error("verifying requires submit event");if(!e.methodId)throw new Error("no methodId");return{methodId:e.methodId,code:r.code}},onDone:{target:"verified",actions:({context:e,event:r})=>{e.userId=r.output.userId,e.verifiedToken=r.output.verifiedToken,e.errorCode=null,e.errorMessage=null}},onError:{target:"awaitingCode",actions:({context:e,event:r})=>u(e,r.error)}}},verified:{on:{reset:{target:"idle",actions:y}}},failed:{on:{pick:{target:"starting"},useRecoveryCode:{target:"verifyingRecovery"},reset:{target:"idle",actions:y}}}}})}function f(t,e){t.methodType=e.type,t.expiresAt=e.expiresAt??null,t.resendAvailableAt=e.resendAvailableAt??null,t.optionsJson=e.optionsJson??null,t.errorCode=null,t.errorMessage=null}function y({context:t}){t.methodId=null,t.methodType=null,t.userId=null,t.verifiedToken=null,t.expiresAt=null,t.resendAvailableAt=null,t.optionsJson=null,t.errorCode=null,t.errorMessage=null}function u(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}const q={items:[],errorCode:null,errorMessage:null};function _(t){return s.setup({types:{context:{},events:{}},actors:{load:s.fromPromise(async()=>{const e=await t.listMethods();if(!e.ok)throw new l(e.code,e.message,e.httpStatus,e.details??null);return e.value}),remove:s.fromPromise(async({input:e})=>{const r=await t.removeMethod(e.methodId);if(!r.ok)throw new l(r.code,r.message,r.httpStatus,r.details??null);return e.methodId})}}).createMachine({id:"methods",initial:"idle",context:q,states:{idle:{on:{load:{target:"loading"}}},loading:{invoke:{src:"load",onDone:{target:"ready",actions:({context:e,event:r})=>{e.items=r.output,e.errorCode=null,e.errorMessage=null}},onError:{target:"failed",actions:({context:e,event:r})=>b(e,r.error)}}},ready:{on:{load:{target:"loading"},remove:{target:"removing"}}},removing:{invoke:{src:"remove",input:({event:e})=>{if(e.type!=="remove")throw new Error("removing requires remove event");return{methodId:e.methodId}},onDone:{target:"ready",actions:({context:e,event:r})=>{const n=r.output;e.items=e.items.filter(o=>o.id!==n),e.errorCode=null,e.errorMessage=null}},onError:{target:"ready",actions:({context:e,event:r})=>b(e,r.error)}}},failed:{on:{load:{target:"loading"},reset:{target:"idle",actions:B}}}}})}function B({context:t}){t.items=[],t.errorCode=null,t.errorMessage=null}function b(t,e){e instanceof l?(t.errorCode=e.code,t.errorMessage=e.message):(t.errorCode="UNKNOWN",t.errorMessage=e instanceof Error?e.message:null)}function G(t){const e=new S(t),r=s.createActor(O(e)),n=s.createActor(k(e)),o=s.createActor(D(e)),i=s.createActor(U(e)),m=s.createActor(_(e));return r.start(),n.start(),o.start(),i.start(),m.start(),{client:e,totpEnrollment:r,emailEnrollment:n,webauthnEnrollment:o,challenge:i,methods:m,dispose(){r.stop(),n.stop(),o.stop(),i.stop(),m.stop()}}}exports.LocalStorageStorage=W;exports.MemoryStorage=M;exports.Omni2FaApiError=l;exports.Omni2FaClient=S;exports.Omni2FaErrorCodes=a;exports.SessionStorageStorage=K;exports.createChallengeMachine=U;exports.createEmailEnrollmentMachine=k;exports.createMethodsMachine=_;exports.createOmni2Fa=G;exports.createTotpEnrollmentMachine=O;exports.createWebAuthnEnrollmentMachine=D;exports.getDefaultMessage=E;exports.startAuthentication=R;exports.startRegistration=N;
2
2
  //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","sources":["../src/storage/MemoryStorage.ts","../src/errors/codes.ts","../src/errors/messages.ts","../src/client/Omni2FaClient.ts","../src/storage/SessionStorageStorage.ts","../src/storage/LocalStorageStorage.ts","../src/errors/Omni2FaApiError.ts","../src/machines/totpEnrollment/totpEnrollmentMachine.ts","../src/machines/emailEnrollment/emailEnrollmentMachine.ts","../src/webauthn/base64url.ts","../src/webauthn/ceremony.ts","../src/machines/webauthnEnrollment/webauthnEnrollmentMachine.ts","../src/machines/challenge/challengeMachine.ts","../src/machines/methods/methodsMachine.ts","../src/createOmni2Fa.ts"],"sourcesContent":["import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** In-process storage. Default. Values vanish on page reload — safest default. */\r\nexport class MemoryStorage implements IStorage {\r\n private readonly map = new Map<string, string>();\r\n\r\n get(key: string): string | null {\r\n return this.map.get(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n this.map.set(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n this.map.delete(key);\r\n }\r\n}\r\n","export const Omni2FaErrorCodes = {\r\n InvalidCode: 'INVALID_CODE',\r\n PreAuthExpired: 'PREAUTH_EXPIRED',\r\n PreAuthInvalid: 'PREAUTH_INVALID',\r\n ChallengeNotFound: 'CHALLENGE_NOT_FOUND',\r\n ChallengeConsumed: 'CHALLENGE_CONSUMED',\r\n TooManyAttempts: 'TOO_MANY_ATTEMPTS',\r\n MethodNotFound: 'METHOD_NOT_FOUND',\r\n TypeAlreadyEnrolled: 'TYPE_ALREADY_ENROLLED',\r\n MaxMethodsReached: 'MAX_METHODS_REACHED',\r\n LastMethodProtected: 'LAST_METHOD_PROTECTED',\r\n RecoveryCodeInvalid: 'RECOVERY_CODE_INVALID',\r\n RecoveryCodeUsed: 'RECOVERY_CODE_USED',\r\n WebAuthnVerificationFailed: 'WEBAUTHN_VERIFICATION_FAILED',\r\n ValidationFailed: 'VALIDATION_FAILED',\r\n NetworkError: 'NETWORK_ERROR',\r\n Unknown: 'UNKNOWN',\r\n} as const;\r\n\r\nexport type Omni2FaErrorCode = (typeof Omni2FaErrorCodes)[keyof typeof Omni2FaErrorCodes];\r\n","import { Omni2FaErrorCodes, type Omni2FaErrorCode } from './codes';\r\n\r\nconst defaults: Record<Omni2FaErrorCode, string> = {\r\n [Omni2FaErrorCodes.InvalidCode]: 'The code you entered is invalid.',\r\n [Omni2FaErrorCodes.PreAuthExpired]: 'Your session has expired. Please sign in again.',\r\n [Omni2FaErrorCodes.PreAuthInvalid]: 'Your session is invalid. Please sign in again.',\r\n [Omni2FaErrorCodes.ChallengeNotFound]: 'No active verification step. Please restart.',\r\n [Omni2FaErrorCodes.ChallengeConsumed]: 'This verification step was already used. Please sign in again.',\r\n [Omni2FaErrorCodes.TooManyAttempts]: 'Too many attempts. Please wait before trying again.',\r\n [Omni2FaErrorCodes.MethodNotFound]: 'The selected 2FA method was not found.',\r\n [Omni2FaErrorCodes.TypeAlreadyEnrolled]: 'You already have this type of 2FA enabled.',\r\n [Omni2FaErrorCodes.MaxMethodsReached]: 'You have reached the maximum number of 2FA methods.',\r\n [Omni2FaErrorCodes.LastMethodProtected]: 'You cannot remove your last 2FA method.',\r\n [Omni2FaErrorCodes.RecoveryCodeInvalid]: 'The recovery code is invalid.',\r\n [Omni2FaErrorCodes.RecoveryCodeUsed]: 'This recovery code has already been used.',\r\n [Omni2FaErrorCodes.WebAuthnVerificationFailed]: 'Security key verification failed.',\r\n [Omni2FaErrorCodes.ValidationFailed]: 'The request was malformed.',\r\n [Omni2FaErrorCodes.NetworkError]: 'Network error. Please check your connection.',\r\n [Omni2FaErrorCodes.Unknown]: 'An unexpected error occurred.',\r\n};\r\n\r\nexport function getDefaultMessage(code: string): string {\r\n return defaults[code as Omni2FaErrorCode] ?? defaults[Omni2FaErrorCodes.Unknown];\r\n}\r\n","import createClient from 'openapi-fetch';\r\nimport type { paths } from '../types/api';\r\nimport type { IStorage } from '../storage/Interfaces/IStorage';\r\nimport { MemoryStorage } from '../storage/MemoryStorage';\r\nimport { Omni2FaErrorCodes } from '../errors/codes';\r\nimport { getDefaultMessage } from '../errors/messages';\r\nimport type {\r\n ChallengeResendRequest,\r\n ChallengeStartRequest,\r\n ChallengeStartResponse,\r\n ChallengeVerifyRequest,\r\n EmailEnrollConfirmRequest,\r\n EmailEnrollResendRequest,\r\n EmailEnrollStartRequest,\r\n EmailEnrollStartResponse,\r\n ErrorResponse,\r\n MethodCreatedResponse,\r\n RecoveryCodesResponse,\r\n RecoveryCodeVerifyRequest,\r\n TotpEnrollConfirmRequest,\r\n TotpEnrollStartResponse,\r\n TwoFactorMethodDto,\r\n VerifySuccessResponse,\r\n WebAuthnEnrollConfirmRequest,\r\n WebAuthnEnrollStartResponse,\r\n} from '../types/dtos';\r\nimport type { ClientCall } from './Interfaces/ClientCall';\r\nimport type { IOmni2FaClient } from './Interfaces/IOmni2FaClient';\r\nimport type { Omni2FaClientConfig } from './Omni2FaClientConfig';\r\n\r\nconst DEFAULT_PREAUTH_KEY = 'omni2fa:preauth';\r\nconst DEFAULT_SESSION_KEY = 'omni2fa:session';\r\n// Only used to resolve a relative baseUrl/request URL so we can read its pathname; the origin is irrelevant.\r\nconst FALLBACK_ORIGIN = 'http://omni2fa.local';\r\n\r\ntype FetchClient = ReturnType<typeof createClient<paths>>;\r\n\r\nexport class Omni2FaClient implements IOmni2FaClient {\r\n private readonly storage: IStorage;\r\n private readonly preAuthKey: string;\r\n private readonly sessionKey: string;\r\n private readonly basePath: string;\r\n private readonly inner: FetchClient;\r\n\r\n constructor(config: Omni2FaClientConfig) {\r\n this.storage = config.storage ?? new MemoryStorage();\r\n this.preAuthKey = config.preAuthStorageKey ?? DEFAULT_PREAUTH_KEY;\r\n this.sessionKey = config.sessionStorageKey ?? DEFAULT_SESSION_KEY;\r\n // Mount path of the API, e.g. \"/api/2fa\" — used to classify endpoints by their path under it.\r\n this.basePath = new URL(config.baseUrl, FALLBACK_ORIGIN).pathname.replace(/\\/$/, '');\r\n this.inner = createClient<paths>({\r\n baseUrl: config.baseUrl,\r\n fetch: config.fetch ?? globalThis.fetch.bind(globalThis),\r\n ...(config.credentials ? { credentials: config.credentials } : {}),\r\n });\r\n this.inner.use({\r\n onRequest: ({ request }) => {\r\n // A custom fetch / host-set header always wins.\r\n if (request.headers.has('Authorization')) {\r\n return request;\r\n }\r\n // Pre-auth token guards the 2FA ceremony; everything else uses the host session token.\r\n const token = this.isPreAuthEndpoint(request.url) ? this.getPreAuthToken() : this.getSessionToken();\r\n if (token) {\r\n request.headers.set('Authorization', `Bearer ${token}`);\r\n }\r\n return request;\r\n },\r\n });\r\n }\r\n\r\n /** Pre-auth endpoints are exactly the ones mounted under <c>{basePath}/challenge/</c>. */\r\n private isPreAuthEndpoint(url: string): boolean {\r\n const path = new URL(url, FALLBACK_ORIGIN).pathname;\r\n const relative = path.startsWith(this.basePath) ? path.slice(this.basePath.length) : path;\r\n return relative.startsWith('/challenge/');\r\n }\r\n\r\n setPreAuthToken(token: string | null): void {\r\n this.setToken(this.preAuthKey, token);\r\n }\r\n\r\n getPreAuthToken(): string | null {\r\n return this.storage.get(this.preAuthKey);\r\n }\r\n\r\n setSessionToken(token: string | null): void {\r\n this.setToken(this.sessionKey, token);\r\n }\r\n\r\n getSessionToken(): string | null {\r\n return this.storage.get(this.sessionKey);\r\n }\r\n\r\n private setToken(key: string, token: string | null): void {\r\n if (token === null || token.length === 0) {\r\n this.storage.remove(key);\r\n } else {\r\n this.storage.set(key, token);\r\n }\r\n }\r\n\r\n async listMethods(): Promise<ClientCall<TwoFactorMethodDto[]>> {\r\n const { data, error, response } = await this.inner.GET('/methods');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async removeMethod(methodId: string): Promise<ClientCall<void>> {\r\n const { error, response } = await this.inner.DELETE('/methods/{methodId}', { params: { path: { methodId } } });\r\n if (error) {\r\n return this.errorCall(error, response);\r\n }\r\n return { ok: true, value: undefined };\r\n }\r\n\r\n async startTotpEnrollment(): Promise<ClientCall<TotpEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/totp/start');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmTotpEnrollment(request: TotpEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/totp/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startEmailEnrollment(request: EmailEnrollStartRequest): Promise<ClientCall<EmailEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/start', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmEmailEnrollment(request: EmailEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async resendEmailEnrollment(request: EmailEnrollResendRequest): Promise<ClientCall<EmailEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/resend', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startWebAuthnEnrollment(): Promise<ClientCall<WebAuthnEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/webauthn/start');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmWebAuthnEnrollment(request: WebAuthnEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/webauthn/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startChallenge(request: ChallengeStartRequest): Promise<ClientCall<ChallengeStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/start', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async resendChallenge(request: ChallengeResendRequest): Promise<ClientCall<ChallengeStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/resend', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async verifyChallenge(request: ChallengeVerifyRequest): Promise<ClientCall<VerifySuccessResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/verify', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async verifyRecoveryCode(request: RecoveryCodeVerifyRequest): Promise<ClientCall<VerifySuccessResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/recovery-code', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async regenerateRecoveryCodes(): Promise<ClientCall<RecoveryCodesResponse>> {\r\n const { data, error, response } = await this.inner.POST('/recovery-codes/regenerate');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n private toCall<T>(data: T | undefined, error: ErrorResponse | undefined, response: Response): ClientCall<T> {\r\n if (error !== undefined) {\r\n return this.errorCall(error, response);\r\n }\r\n if (data === undefined) {\r\n return {\r\n ok: false,\r\n code: Omni2FaErrorCodes.NetworkError,\r\n message: getDefaultMessage(Omni2FaErrorCodes.NetworkError),\r\n httpStatus: response.status,\r\n };\r\n }\r\n return { ok: true, value: data };\r\n }\r\n\r\n private errorCall(error: ErrorResponse, response: Response): ClientCall<never> {\r\n const code = error.code || Omni2FaErrorCodes.Unknown;\r\n return {\r\n ok: false,\r\n code,\r\n message: error.message || getDefaultMessage(code),\r\n httpStatus: response.status,\r\n details: error.details ?? null,\r\n };\r\n }\r\n}\r\n","import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** Browser <c>sessionStorage</c>. Values persist across page reloads in the same tab, gone when tab closes. */\r\nexport class SessionStorageStorage implements IStorage {\r\n get(key: string): string | null {\r\n return globalThis.sessionStorage?.getItem(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n globalThis.sessionStorage?.setItem(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n globalThis.sessionStorage?.removeItem(key);\r\n }\r\n}\r\n","import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** Browser <c>localStorage</c>. Values persist indefinitely across sessions. Use with caution for sensitive data. */\r\nexport class LocalStorageStorage implements IStorage {\r\n get(key: string): string | null {\r\n return globalThis.localStorage?.getItem(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n globalThis.localStorage?.setItem(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n globalThis.localStorage?.removeItem(key);\r\n }\r\n}\r\n","/**\r\n * Error thrown by core machines when an HTTP call fails. Carries the stable error code,\r\n * HTTP status, and optional structured details. Adapters read it from xstate's <c>onError</c>\r\n * <c>event.error</c>.\r\n */\r\nexport class Omni2FaApiError extends Error {\r\n readonly code: string;\r\n readonly httpStatus: number;\r\n readonly details: Record<string, unknown> | null;\r\n\r\n constructor(code: string, message: string, httpStatus: number, details: Record<string, unknown> | null = null) {\r\n super(message);\r\n this.name = 'Omni2FaApiError';\r\n this.code = code;\r\n this.httpStatus = httpStatus;\r\n this.details = details;\r\n }\r\n}\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport type { TotpEnrollmentContext } from './TotpEnrollmentContext';\r\nimport type { TotpEnrollmentEvent } from './TotpEnrollmentEvent';\r\n\r\nconst initialContext: TotpEnrollmentContext = {\r\n enrollmentId: null,\r\n otpAuthUri: null,\r\n secret: null,\r\n methodId: null,\r\n recoveryCodes: null,\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createTotpEnrollmentMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as TotpEnrollmentContext,\r\n events: {} as TotpEnrollmentEvent,\r\n },\r\n actors: {\r\n startEnrollment: fromPromise(async () => {\r\n const result = await client.startTotpEnrollment();\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n confirmEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string; code: string; name: string | null } }) => {\r\n const result = await client.confirmTotpEnrollment({\r\n enrollmentId: input.enrollmentId,\r\n code: input.code,\r\n name: input.name,\r\n });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'totpEnrollment',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n start: { target: 'starting' },\r\n },\r\n },\r\n starting: {\r\n invoke: {\r\n src: 'startEnrollment',\r\n onDone: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => {\r\n context.enrollmentId = event.output.enrollmentId;\r\n context.otpAuthUri = event.output.otpAuthUri;\r\n context.secret = event.output.secret;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n awaitingCode: {\r\n on: {\r\n submit: { target: 'confirming' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n confirming: {\r\n invoke: {\r\n src: 'confirmEnrollment',\r\n input: ({ context, event }) => {\r\n if (event.type !== 'submit') throw new Error('confirming requires submit event');\r\n if (!context.enrollmentId) throw new Error('no enrollmentId');\r\n return { enrollmentId: context.enrollmentId, code: event.code, name: event.name ?? null };\r\n },\r\n onDone: {\r\n target: 'enrolled',\r\n actions: ({ context, event }) => {\r\n context.methodId = event.output.methodId;\r\n context.recoveryCodes = event.output.recoveryCodes ?? null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n enrolled: {\r\n on: {\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n start: { target: 'starting' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignInitial({ context }: { context: TotpEnrollmentContext }) {\r\n context.enrollmentId = null;\r\n context.otpAuthUri = null;\r\n context.secret = null;\r\n context.methodId = null;\r\n context.recoveryCodes = null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: TotpEnrollmentContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type TotpEnrollmentMachine = ReturnType<typeof createTotpEnrollmentMachine>;\r\nexport type TotpEnrollmentActor = ActorRefFrom<TotpEnrollmentMachine>;\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\nimport type { EmailEnrollmentContext } from './EmailEnrollmentContext';\nimport type { EmailEnrollmentEvent } from './EmailEnrollmentEvent';\n\nconst initialContext: EmailEnrollmentContext = {\n enrollmentId: null,\n email: null,\n expiresAt: null,\n resendAvailableAt: null,\n methodId: null,\n recoveryCodes: null,\n errorCode: null,\n errorMessage: null,\n};\n\nexport function createEmailEnrollmentMachine(client: IOmni2FaClient) {\n return setup({\n types: {\n context: {} as EmailEnrollmentContext,\n events: {} as EmailEnrollmentEvent,\n },\n actors: {\n startEnrollment: fromPromise(async ({ input }: { input: { email: string } }) => {\n const result = await client.startEmailEnrollment({ email: input.email });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n resendEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string } }) => {\n const result = await client.resendEmailEnrollment({ enrollmentId: input.enrollmentId });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n confirmEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string; code: string; name: string | null } }) => {\n const result = await client.confirmEmailEnrollment({\n enrollmentId: input.enrollmentId,\n code: input.code,\n name: input.name,\n });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n },\n }).createMachine({\n id: 'emailEnrollment',\n initial: 'idle',\n context: initialContext,\n states: {\n idle: {\n on: {\n start: { target: 'starting' },\n },\n },\n starting: {\n entry: ({ context, event }) => {\n if (event.type === 'start') {\n context.email = event.email;\n }\n },\n invoke: {\n src: 'startEnrollment',\n input: ({ context }) => {\n if (!context.email) throw new Error('no email');\n return { email: context.email };\n },\n onDone: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignStartOutput(context, event.output),\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n awaitingCode: {\n on: {\n submit: { target: 'confirming' },\n resend: { target: 'resending' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n resending: {\n invoke: {\n src: 'resendEnrollment',\n input: ({ context }) => {\n if (!context.enrollmentId) throw new Error('no enrollmentId');\n return { enrollmentId: context.enrollmentId };\n },\n onDone: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignStartOutput(context, event.output),\n },\n onError: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n confirming: {\n invoke: {\n src: 'confirmEnrollment',\n input: ({ context, event }) => {\n if (event.type !== 'submit') throw new Error('confirming requires submit event');\n if (!context.enrollmentId) throw new Error('no enrollmentId');\n return { enrollmentId: context.enrollmentId, code: event.code, name: event.name ?? null };\n },\n onDone: {\n target: 'enrolled',\n actions: ({ context, event }) => {\n context.methodId = event.output.methodId;\n context.recoveryCodes = event.output.recoveryCodes ?? null;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n enrolled: {\n on: {\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n failed: {\n on: {\n start: { target: 'starting' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n },\n });\n}\n\nfunction assignStartOutput(context: EmailEnrollmentContext, output: { enrollmentId: string; expiresAt: string; resendAvailableAt: string }) {\n context.enrollmentId = output.enrollmentId;\n context.expiresAt = output.expiresAt;\n context.resendAvailableAt = output.resendAvailableAt;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignInitial({ context }: { context: EmailEnrollmentContext }) {\n context.enrollmentId = null;\n context.email = null;\n context.expiresAt = null;\n context.resendAvailableAt = null;\n context.methodId = null;\n context.recoveryCodes = null;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignApiError(context: EmailEnrollmentContext, error: unknown) {\n if (error instanceof Omni2FaApiError) {\n context.errorCode = error.code;\n context.errorMessage = error.message;\n } else {\n context.errorCode = 'UNKNOWN';\n context.errorMessage = error instanceof Error ? error.message : null;\n }\n}\n\nexport type EmailEnrollmentMachine = ReturnType<typeof createEmailEnrollmentMachine>;\nexport type EmailEnrollmentActor = ActorRefFrom<EmailEnrollmentMachine>;\n","/** base64url ↔ ArrayBuffer conversions for WebAuthn binary fields. Tolerates standard base64 input too. */\n\nexport function base64urlToBuffer(value: string): ArrayBuffer {\n const base64 = value.replace(/-/g, '+').replace(/_/g, '/');\n const padded = base64.padEnd(Math.ceil(base64.length / 4) * 4, '=');\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes.buffer;\n}\n\nexport function bufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n","import { base64urlToBuffer, bufferToBase64url } from './base64url';\n\n/**\n * Browser-side WebAuthn marshaling. Parses the server's options JSON (Fido2NetLib format — binary\n * fields base64url-encoded) into the `ArrayBuffer` shape the browser API needs, runs the ceremony,\n * and serializes the credential back to JSON for the server. Browser-only.\n */\n\ninterface CredentialDescriptorJson {\n type: PublicKeyCredentialType;\n id: string;\n transports?: AuthenticatorTransport[];\n}\n\ninterface CreationOptionsJson {\n challenge: string;\n user: { id: string; name: string; displayName: string };\n excludeCredentials?: CredentialDescriptorJson[];\n [key: string]: unknown;\n}\n\ninterface RequestOptionsJson {\n challenge: string;\n allowCredentials?: CredentialDescriptorJson[];\n [key: string]: unknown;\n}\n\nfunction mapDescriptors(list: CredentialDescriptorJson[] | undefined): PublicKeyCredentialDescriptor[] {\n return (list ?? []).map((c) => ({ ...c, id: base64urlToBuffer(c.id) }));\n}\n\n/** Run a registration ceremony and return the attestation JSON for `/enroll/webauthn/confirm`. */\nexport async function startRegistration(optionsJson: string): Promise<string> {\n const parsed = JSON.parse(optionsJson) as CreationOptionsJson;\n const publicKey = {\n ...parsed,\n challenge: base64urlToBuffer(parsed.challenge),\n user: { ...parsed.user, id: base64urlToBuffer(parsed.user.id) },\n excludeCredentials: mapDescriptors(parsed.excludeCredentials),\n // Cast through unknown: the spread carries Fido2's index-signature fields the DOM type omits.\n } as unknown as PublicKeyCredentialCreationOptions;\n\n const credential = (await navigator.credentials.create({ publicKey })) as PublicKeyCredential | null;\n if (credential === null) {\n throw new Error('WebAuthn registration produced no credential.');\n }\n const response = credential.response as AuthenticatorAttestationResponse;\n return JSON.stringify({\n id: credential.id,\n rawId: bufferToBase64url(credential.rawId),\n type: credential.type,\n extensions: credential.getClientExtensionResults(),\n response: {\n attestationObject: bufferToBase64url(response.attestationObject),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n },\n });\n}\n\n/** Run an assertion ceremony and return the assertion JSON for `/challenge/verify`. */\nexport async function startAuthentication(optionsJson: string): Promise<string> {\n const parsed = JSON.parse(optionsJson) as RequestOptionsJson;\n const publicKey = {\n ...parsed,\n challenge: base64urlToBuffer(parsed.challenge),\n allowCredentials: mapDescriptors(parsed.allowCredentials),\n } as unknown as PublicKeyCredentialRequestOptions;\n\n const credential = (await navigator.credentials.get({ publicKey })) as PublicKeyCredential | null;\n if (credential === null) {\n throw new Error('WebAuthn authentication produced no credential.');\n }\n const response = credential.response as AuthenticatorAssertionResponse;\n return JSON.stringify({\n id: credential.id,\n rawId: bufferToBase64url(credential.rawId),\n type: credential.type,\n extensions: credential.getClientExtensionResults(),\n response: {\n authenticatorData: bufferToBase64url(response.authenticatorData),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n signature: bufferToBase64url(response.signature),\n userHandle: response.userHandle ? bufferToBase64url(response.userHandle) : null,\n },\n });\n}\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\nimport { startRegistration } from '../../webauthn/ceremony';\nimport type { WebAuthnEnrollmentContext } from './WebAuthnEnrollmentContext';\nimport type { WebAuthnEnrollmentEvent } from './WebAuthnEnrollmentEvent';\n\nconst initialContext: WebAuthnEnrollmentContext = {\n enrollmentId: null,\n optionsJson: null,\n name: null,\n methodId: null,\n recoveryCodes: null,\n errorCode: null,\n errorMessage: null,\n};\n\nexport function createWebAuthnEnrollmentMachine(client: IOmni2FaClient) {\n return setup({\n types: {\n context: {} as WebAuthnEnrollmentContext,\n events: {} as WebAuthnEnrollmentEvent,\n },\n actors: {\n startEnrollment: fromPromise(async () => {\n const result = await client.startWebAuthnEnrollment();\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n registerAndConfirm: fromPromise(async ({ input }: { input: { enrollmentId: string; optionsJson: string; name: string | null } }) => {\n const attestationResponseJson = await startRegistration(input.optionsJson);\n const result = await client.confirmWebAuthnEnrollment({\n enrollmentId: input.enrollmentId,\n attestationResponseJson,\n name: input.name,\n });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n },\n }).createMachine({\n id: 'webauthnEnrollment',\n initial: 'idle',\n context: initialContext,\n states: {\n idle: {\n on: {\n start: { target: 'starting' },\n },\n },\n starting: {\n entry: ({ context, event }) => {\n if (event.type === 'start') {\n context.name = event.name ?? null;\n }\n },\n invoke: {\n src: 'startEnrollment',\n onDone: {\n target: 'registering',\n actions: ({ context, event }) => {\n context.enrollmentId = event.output.enrollmentId;\n context.optionsJson = event.output.optionsJson;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n registering: {\n invoke: {\n src: 'registerAndConfirm',\n input: ({ context }) => {\n if (!context.enrollmentId || !context.optionsJson) throw new Error('no pending enrollment');\n return { enrollmentId: context.enrollmentId, optionsJson: context.optionsJson, name: context.name };\n },\n onDone: {\n target: 'enrolled',\n actions: ({ context, event }) => {\n context.methodId = event.output.methodId;\n context.recoveryCodes = event.output.recoveryCodes ?? null;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n enrolled: {\n on: {\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n failed: {\n on: {\n retry: { target: 'starting' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n },\n });\n}\n\nfunction assignInitial({ context }: { context: WebAuthnEnrollmentContext }) {\n context.enrollmentId = null;\n context.optionsJson = null;\n context.name = null;\n context.methodId = null;\n context.recoveryCodes = null;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignApiError(context: WebAuthnEnrollmentContext, error: unknown) {\n if (error instanceof Omni2FaApiError) {\n context.errorCode = error.code;\n context.errorMessage = error.message;\n } else {\n context.errorCode = 'UNKNOWN';\n context.errorMessage = error instanceof Error ? error.message : null;\n }\n}\n\nexport type WebAuthnEnrollmentMachine = ReturnType<typeof createWebAuthnEnrollmentMachine>;\nexport type WebAuthnEnrollmentActor = ActorRefFrom<WebAuthnEnrollmentMachine>;\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport { startAuthentication } from '../../webauthn/ceremony';\r\nimport type { ChallengeContext } from './ChallengeContext';\r\nimport type { ChallengeEvent } from './ChallengeEvent';\r\n\r\nconst initialContext: ChallengeContext = {\r\n methodId: null,\r\n methodType: null,\r\n userId: null,\r\n expiresAt: null,\r\n resendAvailableAt: null,\r\n optionsJson: null,\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createChallengeMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as ChallengeContext,\r\n events: {} as ChallengeEvent,\r\n },\r\n actors: {\r\n startChallenge: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.startChallenge({ methodId: input.methodId });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n resendChallenge: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.resendChallenge({ methodId: input.methodId });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n verifyChallenge: fromPromise(async ({ input }: { input: { methodId: string; code: string } }) => {\r\n const result = await client.verifyChallenge({ methodId: input.methodId, code: input.code });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n assertChallenge: fromPromise(async ({ input }: { input: { methodId: string; optionsJson: string } }) => {\r\n const assertionResponseJson = await startAuthentication(input.optionsJson);\r\n const result = await client.verifyChallenge({ methodId: input.methodId, assertionResponseJson });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n verifyRecoveryCode: fromPromise(async ({ input }: { input: { code: string } }) => {\r\n const result = await client.verifyRecoveryCode({ recoveryCode: input.code });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'challenge',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n pick: { target: 'starting' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n },\r\n },\r\n starting: {\r\n entry: ({ context, event }) => {\r\n if (event.type === 'pick') {\r\n context.methodId = event.methodId;\r\n }\r\n },\r\n invoke: {\r\n src: 'startChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId };\r\n },\r\n onDone: [\r\n {\r\n guard: ({ event }) => event.output.type === 'WebAuthn',\r\n target: 'asserting',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n ],\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n asserting: {\r\n invoke: {\r\n src: 'assertChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId || !context.optionsJson) throw new Error('no assertion options');\r\n return { methodId: context.methodId, optionsJson: context.optionsJson };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n awaitingCode: {\r\n on: {\r\n submit: { target: 'verifying' },\r\n resend: { target: 'resending' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n verifyingRecovery: {\r\n invoke: {\r\n src: 'verifyRecoveryCode',\r\n input: ({ event }) => {\r\n if (event.type !== 'useRecoveryCode') throw new Error('verifyingRecovery requires useRecoveryCode event');\r\n return { code: event.code };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n resending: {\r\n invoke: {\r\n src: 'resendChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId };\r\n },\r\n onDone: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n verifying: {\r\n invoke: {\r\n src: 'verifyChallenge',\r\n input: ({ context, event }) => {\r\n if (event.type !== 'submit') throw new Error('verifying requires submit event');\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId, code: event.code };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n verified: {\r\n on: {\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n pick: { target: 'starting' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignStartOutput(context: ChallengeContext, output: { type: ChallengeContext['methodType']; expiresAt?: string | null; resendAvailableAt?: string | null; optionsJson?: string | null }) {\r\n context.methodType = output.type;\r\n context.expiresAt = output.expiresAt ?? null;\r\n context.resendAvailableAt = output.resendAvailableAt ?? null;\r\n context.optionsJson = output.optionsJson ?? null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignInitial({ context }: { context: ChallengeContext }) {\r\n context.methodId = null;\r\n context.methodType = null;\r\n context.userId = null;\r\n context.expiresAt = null;\r\n context.resendAvailableAt = null;\r\n context.optionsJson = null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: ChallengeContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type ChallengeMachine = ReturnType<typeof createChallengeMachine>;\r\nexport type ChallengeActor = ActorRefFrom<ChallengeMachine>;\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport type { MethodsContext } from './MethodsContext';\r\nimport type { MethodsEvent } from './MethodsEvent';\r\n\r\nconst initialContext: MethodsContext = {\r\n items: [],\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createMethodsMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as MethodsContext,\r\n events: {} as MethodsEvent,\r\n },\r\n actors: {\r\n load: fromPromise(async () => {\r\n const result = await client.listMethods();\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n remove: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.removeMethod(input.methodId);\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return input.methodId;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'methods',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n load: { target: 'loading' },\r\n },\r\n },\r\n loading: {\r\n invoke: {\r\n src: 'load',\r\n onDone: {\r\n target: 'ready',\r\n actions: ({ context, event }) => {\r\n context.items = event.output;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n ready: {\r\n on: {\r\n load: { target: 'loading' },\r\n remove: { target: 'removing' },\r\n },\r\n },\r\n removing: {\r\n invoke: {\r\n src: 'remove',\r\n input: ({ event }) => {\r\n if (event.type !== 'remove') throw new Error('removing requires remove event');\r\n return { methodId: event.methodId };\r\n },\r\n onDone: {\r\n target: 'ready',\r\n actions: ({ context, event }) => {\r\n const removedId = event.output;\r\n context.items = context.items.filter((m) => m.id !== removedId);\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'ready',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n load: { target: 'loading' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignInitial({ context }: { context: MethodsContext }) {\r\n context.items = [];\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: MethodsContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type MethodsMachine = ReturnType<typeof createMethodsMachine>;\r\nexport type MethodsActor = ActorRefFrom<MethodsMachine>;\r\n","import { createActor } from 'xstate';\r\nimport { Omni2FaClient } from './client/Omni2FaClient';\r\nimport type { Omni2FaClientConfig } from './client/Omni2FaClientConfig';\r\nimport type { IOmni2Fa } from './Interfaces/IOmni2Fa';\r\nimport { createTotpEnrollmentMachine } from './machines/totpEnrollment/totpEnrollmentMachine';\r\nimport { createEmailEnrollmentMachine } from './machines/emailEnrollment/emailEnrollmentMachine';\r\nimport { createWebAuthnEnrollmentMachine } from './machines/webauthnEnrollment/webauthnEnrollmentMachine';\r\nimport { createChallengeMachine } from './machines/challenge/challengeMachine';\r\nimport { createMethodsMachine } from './machines/methods/methodsMachine';\r\n\r\n/**\r\n * One-call assembly of the Omni2FA core: client + three actors (TOTP enrollment, login challenge, methods list).\r\n * Actors are <c>start()</c>ed and ready to receive events. Pass the returned instance to your UI adapter.\r\n */\r\nexport function createOmni2Fa(config: Omni2FaClientConfig): IOmni2Fa {\r\n const client = new Omni2FaClient(config);\r\n\r\n const totpEnrollment = createActor(createTotpEnrollmentMachine(client));\r\n const emailEnrollment = createActor(createEmailEnrollmentMachine(client));\r\n const webauthnEnrollment = createActor(createWebAuthnEnrollmentMachine(client));\r\n const challenge = createActor(createChallengeMachine(client));\r\n const methods = createActor(createMethodsMachine(client));\r\n\r\n totpEnrollment.start();\r\n emailEnrollment.start();\r\n webauthnEnrollment.start();\r\n challenge.start();\r\n methods.start();\r\n\r\n return {\r\n client,\r\n totpEnrollment,\r\n emailEnrollment,\r\n webauthnEnrollment,\r\n challenge,\r\n methods,\r\n dispose() {\r\n totpEnrollment.stop();\r\n emailEnrollment.stop();\r\n webauthnEnrollment.stop();\r\n challenge.stop();\r\n methods.stop();\r\n },\r\n };\r\n}\r\n"],"names":["MemoryStorage","key","value","Omni2FaErrorCodes","defaults","getDefaultMessage","code","DEFAULT_PREAUTH_KEY","DEFAULT_SESSION_KEY","FALLBACK_ORIGIN","Omni2FaClient","config","createClient","request","token","url","path","data","error","response","methodId","SessionStorageStorage","LocalStorageStorage","Omni2FaApiError","message","httpStatus","details","initialContext","createTotpEnrollmentMachine","client","setup","fromPromise","result","input","context","event","assignApiError","assignInitial","createEmailEnrollmentMachine","assignStartOutput","output","base64urlToBuffer","base64","padded","binary","bytes","bufferToBase64url","buffer","byte","mapDescriptors","list","c","startRegistration","optionsJson","parsed","publicKey","credential","startAuthentication","createWebAuthnEnrollmentMachine","attestationResponseJson","createChallengeMachine","assertionResponseJson","createMethodsMachine","removedId","m","createOmni2Fa","totpEnrollment","createActor","emailEnrollment","webauthnEnrollment","challenge","methods"],"mappings":"qIAGO,MAAMA,CAAkC,CAC1B,QAAU,IAE3B,IAAIC,EAA4B,CAC5B,OAAO,KAAK,IAAI,IAAIA,CAAG,GAAK,IAChC,CAEA,IAAIA,EAAaC,EAAqB,CAClC,KAAK,IAAI,IAAID,EAAKC,CAAK,CAC3B,CAEA,OAAOD,EAAmB,CACtB,KAAK,IAAI,OAAOA,CAAG,CACvB,CACJ,CCjBO,MAAME,EAAoB,CAC7B,YAAa,eACb,eAAgB,kBAChB,eAAgB,kBAChB,kBAAmB,sBACnB,kBAAmB,qBACnB,gBAAiB,oBACjB,eAAgB,mBAChB,oBAAqB,wBACrB,kBAAmB,sBACnB,oBAAqB,wBACrB,oBAAqB,wBACrB,iBAAkB,qBAClB,2BAA4B,+BAC5B,iBAAkB,oBAClB,aAAc,gBACd,QAAS,SACb,ECfMC,EAA6C,CAC/C,CAACD,EAAkB,WAAW,EAAG,mCACjC,CAACA,EAAkB,cAAc,EAAG,kDACpC,CAACA,EAAkB,cAAc,EAAG,iDACpC,CAACA,EAAkB,iBAAiB,EAAG,+CACvC,CAACA,EAAkB,iBAAiB,EAAG,iEACvC,CAACA,EAAkB,eAAe,EAAG,sDACrC,CAACA,EAAkB,cAAc,EAAG,yCACpC,CAACA,EAAkB,mBAAmB,EAAG,6CACzC,CAACA,EAAkB,iBAAiB,EAAG,sDACvC,CAACA,EAAkB,mBAAmB,EAAG,0CACzC,CAACA,EAAkB,mBAAmB,EAAG,gCACzC,CAACA,EAAkB,gBAAgB,EAAG,4CACtC,CAACA,EAAkB,0BAA0B,EAAG,oCAChD,CAACA,EAAkB,gBAAgB,EAAG,6BACtC,CAACA,EAAkB,YAAY,EAAG,+CAClC,CAACA,EAAkB,OAAO,EAAG,+BACjC,EAEO,SAASE,EAAkBC,EAAsB,CACpD,OAAOF,EAASE,CAAwB,GAAKF,EAASD,EAAkB,OAAO,CACnF,CCOA,MAAMI,EAAsB,kBACtBC,EAAsB,kBAEtBC,EAAkB,uBAIjB,MAAMC,CAAwC,CAChC,QACA,WACA,WACA,SACA,MAEjB,YAAYC,EAA6B,CACrC,KAAK,QAAUA,EAAO,SAAW,IAAIX,EACrC,KAAK,WAAaW,EAAO,mBAAqBJ,EAC9C,KAAK,WAAaI,EAAO,mBAAqBH,EAE9C,KAAK,SAAW,IAAI,IAAIG,EAAO,QAASF,CAAe,EAAE,SAAS,QAAQ,MAAO,EAAE,EACnF,KAAK,MAAQG,EAAoB,CAC7B,QAASD,EAAO,QAChB,MAAOA,EAAO,OAAS,WAAW,MAAM,KAAK,UAAU,EACvD,GAAIA,EAAO,YAAc,CAAE,YAAaA,EAAO,WAAA,EAAgB,CAAA,CAAC,CACnE,EACD,KAAK,MAAM,IAAI,CACX,UAAW,CAAC,CAAE,QAAAE,KAAc,CAExB,GAAIA,EAAQ,QAAQ,IAAI,eAAe,EACnC,OAAOA,EAGX,MAAMC,EAAQ,KAAK,kBAAkBD,EAAQ,GAAG,EAAI,KAAK,gBAAA,EAAoB,KAAK,gBAAA,EAClF,OAAIC,GACAD,EAAQ,QAAQ,IAAI,gBAAiB,UAAUC,CAAK,EAAE,EAEnDD,CACX,CAAA,CACH,CACL,CAGQ,kBAAkBE,EAAsB,CAC5C,MAAMC,EAAO,IAAI,IAAID,EAAKN,CAAe,EAAE,SAE3C,OADiBO,EAAK,WAAW,KAAK,QAAQ,EAAIA,EAAK,MAAM,KAAK,SAAS,MAAM,EAAIA,GACrE,WAAW,aAAa,CAC5C,CAEA,gBAAgBF,EAA4B,CACxC,KAAK,SAAS,KAAK,WAAYA,CAAK,CACxC,CAEA,iBAAiC,CAC7B,OAAO,KAAK,QAAQ,IAAI,KAAK,UAAU,CAC3C,CAEA,gBAAgBA,EAA4B,CACxC,KAAK,SAAS,KAAK,WAAYA,CAAK,CACxC,CAEA,iBAAiC,CAC7B,OAAO,KAAK,QAAQ,IAAI,KAAK,UAAU,CAC3C,CAEQ,SAASb,EAAaa,EAA4B,CAClDA,IAAU,MAAQA,EAAM,SAAW,EACnC,KAAK,QAAQ,OAAOb,CAAG,EAEvB,KAAK,QAAQ,IAAIA,EAAKa,CAAK,CAEnC,CAEA,MAAM,aAAyD,CAC3D,KAAM,CAAE,KAAAG,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,IAAI,UAAU,EACjE,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,aAAaC,EAA6C,CAC5D,KAAM,CAAE,MAAAF,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,OAAO,sBAAuB,CAAE,OAAQ,CAAE,KAAM,CAAE,SAAAC,CAAA,CAAS,EAAK,EAC7G,OAAIF,EACO,KAAK,UAAUA,EAAOC,CAAQ,EAElC,CAAE,GAAI,GAAM,MAAO,MAAA,CAC9B,CAEA,MAAM,qBAAoE,CACtE,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAoB,EAC5E,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,sBAAsBN,EAA+E,CACvG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,uBAAwB,CAAE,KAAMN,EAAS,EACjG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,qBAAqBN,EAAiF,CACxG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,sBAAuB,CAAE,KAAMN,EAAS,EAChG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,uBAAuBN,EAAgF,CACzG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,wBAAyB,CAAE,KAAMN,EAAS,EAClG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,sBAAsBN,EAAkF,CAC1G,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,uBAAwB,CAAE,KAAMN,EAAS,EACjG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,yBAA4E,CAC9E,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,wBAAwB,EAChF,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,0BAA0BN,EAAmF,CAC/G,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,2BAA4B,CAAE,KAAMN,EAAS,EACrG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,eAAeN,EAA6E,CAC9F,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,mBAAoB,CAAE,KAAMN,EAAS,EAC7F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,gBAAgBN,EAA8E,CAChG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAqB,CAAE,KAAMN,EAAS,EAC9F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,gBAAgBN,EAA6E,CAC/F,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAqB,CAAE,KAAMN,EAAS,EAC9F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,mBAAmBN,EAAgF,CACrG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,2BAA4B,CAAE,KAAMN,EAAS,EACrG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,yBAAsE,CACxE,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,4BAA4B,EACpF,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEQ,OAAUF,EAAqBC,EAAkCC,EAAmC,CACxG,OAAID,IAAU,OACH,KAAK,UAAUA,EAAOC,CAAQ,EAErCF,IAAS,OACF,CACH,GAAI,GACJ,KAAMd,EAAkB,aACxB,QAASE,EAAkBF,EAAkB,YAAY,EACzD,WAAYgB,EAAS,MAAA,EAGtB,CAAE,GAAI,GAAM,MAAOF,CAAA,CAC9B,CAEQ,UAAUC,EAAsBC,EAAuC,CAC3E,MAAMb,EAAOY,EAAM,MAAQf,EAAkB,QAC7C,MAAO,CACH,GAAI,GACJ,KAAAG,EACA,QAASY,EAAM,SAAWb,EAAkBC,CAAI,EAChD,WAAYa,EAAS,OACrB,QAASD,EAAM,SAAW,IAAA,CAElC,CACJ,CCrMO,MAAMG,CAA0C,CACnD,IAAIpB,EAA4B,CAC5B,OAAO,WAAW,gBAAgB,QAAQA,CAAG,GAAK,IACtD,CAEA,IAAIA,EAAaC,EAAqB,CAClC,WAAW,gBAAgB,QAAQD,EAAKC,CAAK,CACjD,CAEA,OAAOD,EAAmB,CACtB,WAAW,gBAAgB,WAAWA,CAAG,CAC7C,CACJ,CCZO,MAAMqB,CAAwC,CACjD,IAAIrB,EAA4B,CAC5B,OAAO,WAAW,cAAc,QAAQA,CAAG,GAAK,IACpD,CAEA,IAAIA,EAAaC,EAAqB,CAClC,WAAW,cAAc,QAAQD,EAAKC,CAAK,CAC/C,CAEA,OAAOD,EAAmB,CACtB,WAAW,cAAc,WAAWA,CAAG,CAC3C,CACJ,CCVO,MAAMsB,UAAwB,KAAM,CAC9B,KACA,WACA,QAET,YAAYjB,EAAckB,EAAiBC,EAAoBC,EAA0C,KAAM,CAC3G,MAAMF,CAAO,EACb,KAAK,KAAO,kBACZ,KAAK,KAAOlB,EACZ,KAAK,WAAamB,EAClB,KAAK,QAAUC,CACnB,CACJ,CCXA,MAAMC,EAAwC,CAC1C,aAAc,KACd,WAAY,KACZ,OAAQ,KACR,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAASC,EAA4BC,EAAwB,CAChE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,SAAY,CACrC,MAAMC,EAAS,MAAMH,EAAO,oBAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,kBAAmBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAoF,CACxH,MAAMD,EAAS,MAAMH,EAAO,sBAAsB,CAC9C,aAAcI,EAAM,aACpB,KAAMA,EAAM,KACZ,KAAMA,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,iBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,OAAQ,CACJ,IAAK,kBACL,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,aAAeC,EAAM,OAAO,aACpCD,EAAQ,WAAaC,EAAM,OAAO,WAClCD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,YAAA,EAClB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,WAAY,CACR,OAAQ,CACJ,IAAK,oBACL,MAAO,CAAC,CAAE,QAAAH,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,kCAAkC,EAC/E,GAAI,CAACD,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,aAAc,KAAMC,EAAM,KAAM,KAAMA,EAAM,MAAQ,IAAA,CACvF,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAA+C,CACpEA,EAAQ,aAAe,KACvBA,EAAQ,WAAa,KACrBA,EAAQ,OAAS,KACjBA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAgChB,EAAgB,CAChEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CC/HA,MAAMS,EAAyC,CAC3C,aAAc,KACd,MAAO,KACP,UAAW,KACX,kBAAmB,KACnB,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAASW,EAA6BT,EAAwB,CACjE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA0C,CAC5E,MAAMD,EAAS,MAAMH,EAAO,qBAAqB,CAAE,MAAOI,EAAM,MAAO,EACvE,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,iBAAkBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAiD,CACpF,MAAMD,EAAS,MAAMH,EAAO,sBAAsB,CAAE,aAAcI,EAAM,aAAc,EACtF,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,kBAAmBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAoF,CACxH,MAAMD,EAAS,MAAMH,EAAO,uBAAuB,CAC/C,aAAcI,EAAM,aACpB,KAAMA,EAAM,KACZ,KAAMA,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,kBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,UACfD,EAAQ,MAAQC,EAAM,MAE9B,EACA,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,MAAO,MAAM,IAAI,MAAM,UAAU,EAC9C,MAAO,CAAE,MAAOA,EAAQ,KAAA,CAC5B,EACA,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,YAAA,EAClB,OAAQ,CAAE,OAAQ,WAAA,EAClB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,mBACL,MAAO,CAAC,CAAE,QAAAH,KAAc,CACpB,GAAI,CAACA,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,YAAA,CACnC,EACA,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,WAAY,CACR,OAAQ,CACJ,IAAK,oBACL,MAAO,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,kCAAkC,EAC/E,GAAI,CAACD,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,aAAc,KAAMC,EAAM,KAAM,KAAMA,EAAM,MAAQ,IAAA,CACvF,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASE,EAAkBL,EAAiCM,EAAgF,CACxIN,EAAQ,aAAeM,EAAO,aAC9BN,EAAQ,UAAYM,EAAO,UAC3BN,EAAQ,kBAAoBM,EAAO,kBACnCN,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASG,EAAc,CAAE,QAAAH,GAAgD,CACrEA,EAAQ,aAAe,KACvBA,EAAQ,MAAQ,KAChBA,EAAQ,UAAY,KACpBA,EAAQ,kBAAoB,KAC5BA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAiChB,EAAgB,CACjEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CCzKO,SAASuB,EAAkBvC,EAA4B,CAC1D,MAAMwC,EAASxC,EAAM,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACnDyC,EAASD,EAAO,OAAO,KAAK,KAAKA,EAAO,OAAS,CAAC,EAAI,EAAG,GAAG,EAC5DE,EAAS,KAAKD,CAAM,EACpBE,EAAQ,IAAI,WAAWD,EAAO,MAAM,EAC1C,QAAS,EAAI,EAAG,EAAIA,EAAO,OAAQ,IAC/BC,EAAM,CAAC,EAAID,EAAO,WAAW,CAAC,EAElC,OAAOC,EAAM,MACjB,CAEO,SAASC,EAAkBC,EAA6B,CAC3D,MAAMF,EAAQ,IAAI,WAAWE,CAAM,EACnC,IAAIH,EAAS,GACb,UAAWI,KAAQH,EACfD,GAAU,OAAO,aAAaI,CAAI,EAEtC,OAAO,KAAKJ,CAAM,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,CACjF,CCOA,SAASK,EAAeC,EAA+E,CACnG,OAAQA,GAAQ,CAAA,GAAI,IAAKC,IAAO,CAAE,GAAGA,EAAG,GAAIV,EAAkBU,EAAE,EAAE,GAAI,CAC1E,CAGA,eAAsBC,EAAkBC,EAAsC,CAC1E,MAAMC,EAAS,KAAK,MAAMD,CAAW,EAC/BE,EAAY,CACd,GAAGD,EACH,UAAWb,EAAkBa,EAAO,SAAS,EAC7C,KAAM,CAAE,GAAGA,EAAO,KAAM,GAAIb,EAAkBa,EAAO,KAAK,EAAE,CAAA,EAC5D,mBAAoBL,EAAeK,EAAO,kBAAkB,CAAA,EAI1DE,EAAc,MAAM,UAAU,YAAY,OAAO,CAAE,UAAAD,EAAW,EACpE,GAAIC,IAAe,KACf,MAAM,IAAI,MAAM,+CAA+C,EAEnE,MAAMrC,EAAWqC,EAAW,SAC5B,OAAO,KAAK,UAAU,CAClB,GAAIA,EAAW,GACf,MAAOV,EAAkBU,EAAW,KAAK,EACzC,KAAMA,EAAW,KACjB,WAAYA,EAAW,0BAAA,EACvB,SAAU,CACN,kBAAmBV,EAAkB3B,EAAS,iBAAiB,EAC/D,eAAgB2B,EAAkB3B,EAAS,cAAc,CAAA,CAC7D,CACH,CACL,CAGA,eAAsBsC,EAAoBJ,EAAsC,CAC5E,MAAMC,EAAS,KAAK,MAAMD,CAAW,EAC/BE,EAAY,CACd,GAAGD,EACH,UAAWb,EAAkBa,EAAO,SAAS,EAC7C,iBAAkBL,EAAeK,EAAO,gBAAgB,CAAA,EAGtDE,EAAc,MAAM,UAAU,YAAY,IAAI,CAAE,UAAAD,EAAW,EACjE,GAAIC,IAAe,KACf,MAAM,IAAI,MAAM,iDAAiD,EAErE,MAAMrC,EAAWqC,EAAW,SAC5B,OAAO,KAAK,UAAU,CAClB,GAAIA,EAAW,GACf,MAAOV,EAAkBU,EAAW,KAAK,EACzC,KAAMA,EAAW,KACjB,WAAYA,EAAW,0BAAA,EACvB,SAAU,CACN,kBAAmBV,EAAkB3B,EAAS,iBAAiB,EAC/D,eAAgB2B,EAAkB3B,EAAS,cAAc,EACzD,UAAW2B,EAAkB3B,EAAS,SAAS,EAC/C,WAAYA,EAAS,WAAa2B,EAAkB3B,EAAS,UAAU,EAAI,IAAA,CAC/E,CACH,CACL,CC9EA,MAAMQ,EAA4C,CAC9C,aAAc,KACd,YAAa,KACb,KAAM,KACN,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAAS+B,EAAgC7B,EAAwB,CACpE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,SAAY,CACrC,MAAMC,EAAS,MAAMH,EAAO,wBAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,mBAAoBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA2F,CAChI,MAAM0B,EAA0B,MAAMP,EAAkBnB,EAAM,WAAW,EACnED,EAAS,MAAMH,EAAO,0BAA0B,CAClD,aAAcI,EAAM,aACpB,wBAAA0B,EACA,KAAM1B,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,qBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,UACfD,EAAQ,KAAOC,EAAM,MAAQ,KAErC,EACA,OAAQ,CACJ,IAAK,kBACL,OAAQ,CACJ,OAAQ,cACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,aAAeC,EAAM,OAAO,aACpCD,EAAQ,YAAcC,EAAM,OAAO,YACnCD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,YAAa,CACT,OAAQ,CACJ,IAAK,qBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,cAAgB,CAACA,EAAQ,YAAa,MAAM,IAAI,MAAM,uBAAuB,EAC1F,MAAO,CAAE,aAAcA,EAAQ,aAAc,YAAaA,EAAQ,YAAa,KAAMA,EAAQ,IAAA,CACjG,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAAmD,CACxEA,EAAQ,aAAe,KACvBA,EAAQ,YAAc,KACtBA,EAAQ,KAAO,KACfA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAoChB,EAAgB,CACpEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CC7HA,MAAMS,EAAmC,CACrC,SAAU,KACV,WAAY,KACZ,OAAQ,KACR,UAAW,KACX,kBAAmB,KACnB,YAAa,KACb,UAAW,KACX,aAAc,IAClB,EAEO,SAASiC,EAAuB/B,EAAwB,CAC3D,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,eAAgBC,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CAC9E,MAAMD,EAAS,MAAMH,EAAO,eAAe,CAAE,SAAUI,EAAM,SAAU,EACvE,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CAC/E,MAAMD,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,EACxE,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA2D,CAC7F,MAAMD,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,KAAMA,EAAM,IAAA,CAAM,EAC1F,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAkE,CACpG,MAAM4B,EAAwB,MAAMJ,EAAoBxB,EAAM,WAAW,EACnED,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,sBAAA4B,EAAuB,EAC/F,GAAI,CAAC7B,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,mBAAoBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAyC,CAC9E,MAAMD,EAAS,MAAMH,EAAO,mBAAmB,CAAE,aAAcI,EAAM,KAAM,EAC3E,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,YACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,KAAM,CAAE,OAAQ,UAAA,EAChB,gBAAiB,CAAE,OAAQ,mBAAA,CAAoB,CACnD,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,SACfD,EAAQ,SAAWC,EAAM,SAEjC,EACA,OAAQ,CACJ,IAAK,iBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,QAAA,CAC/B,EACA,OAAQ,CACJ,CACI,MAAO,CAAC,CAAE,MAAAC,KAAYA,EAAM,OAAO,OAAS,WAC5C,OAAQ,YACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,CACI,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,CAC5E,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,UAAY,CAACA,EAAQ,YAAa,MAAM,IAAI,MAAM,sBAAsB,EACrF,MAAO,CAAE,SAAUA,EAAQ,SAAU,YAAaA,EAAQ,WAAA,CAC9D,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,WAAA,EAClB,OAAQ,CAAE,OAAQ,WAAA,EAClB,gBAAiB,CAAE,OAAQ,mBAAA,EAC3B,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,kBAAmB,CACf,OAAQ,CACJ,IAAK,qBACL,MAAO,CAAC,CAAE,MAAAF,KAAY,CAClB,GAAIA,EAAM,OAAS,kBAAmB,MAAM,IAAI,MAAM,kDAAkD,EACxG,MAAO,CAAE,KAAMA,EAAM,IAAA,CACzB,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,QAAA,CAC/B,EACA,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,iCAAiC,EAC9E,GAAI,CAACD,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,SAAU,KAAMC,EAAM,IAAA,CACrD,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,KAAM,CAAE,OAAQ,UAAA,EAChB,gBAAiB,CAAE,OAAQ,mBAAA,EAC3B,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASE,EAAkBL,EAA2BM,EAA6I,CAC/LN,EAAQ,WAAaM,EAAO,KAC5BN,EAAQ,UAAYM,EAAO,WAAa,KACxCN,EAAQ,kBAAoBM,EAAO,mBAAqB,KACxDN,EAAQ,YAAcM,EAAO,aAAe,KAC5CN,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASG,EAAc,CAAE,QAAAH,GAA0C,CAC/DA,EAAQ,SAAW,KACnBA,EAAQ,WAAa,KACrBA,EAAQ,OAAS,KACjBA,EAAQ,UAAY,KACpBA,EAAQ,kBAAoB,KAC5BA,EAAQ,YAAc,KACtBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAA2BhB,EAAgB,CAC3DA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CCrOA,MAAMS,EAAiC,CACnC,MAAO,CAAA,EACP,UAAW,KACX,aAAc,IAClB,EAEO,SAASmC,EAAqBjC,EAAwB,CACzD,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,KAAMC,EAAAA,YAAY,SAAY,CAC1B,MAAMC,EAAS,MAAMH,EAAO,YAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,OAAQD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CACtE,MAAMD,EAAS,MAAMH,EAAO,aAAaI,EAAM,QAAQ,EACvD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOC,EAAM,QACjB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,UACJ,QAAS,OACT,QAASN,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,CAAU,CAC9B,EAEJ,QAAS,CACL,OAAQ,CACJ,IAAK,OACL,OAAQ,CACJ,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,MAAQC,EAAM,OACtBD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,MAAO,CACH,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,EAChB,OAAQ,CAAE,OAAQ,UAAA,CAAW,CACjC,EAEJ,SAAU,CACN,OAAQ,CACJ,IAAK,SACL,MAAO,CAAC,CAAE,MAAAA,KAAY,CAClB,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,gCAAgC,EAC7E,MAAO,CAAE,SAAUA,EAAM,QAAA,CAC7B,EACA,OAAQ,CACJ,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7B,MAAM4B,EAAY5B,EAAM,OACxBD,EAAQ,MAAQA,EAAQ,MAAM,OAAQ8B,GAAMA,EAAE,KAAOD,CAAS,EAC9D7B,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,OAAQ,CACJ,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,EAChB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAAwC,CAC7DA,EAAQ,MAAQ,CAAA,EAChBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAyBhB,EAAgB,CACzDA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CCnGO,SAAS+C,EAActD,EAAuC,CACjE,MAAMkB,EAAS,IAAInB,EAAcC,CAAM,EAEjCuD,EAAiBC,EAAAA,YAAYvC,EAA4BC,CAAM,CAAC,EAChEuC,EAAkBD,EAAAA,YAAY7B,EAA6BT,CAAM,CAAC,EAClEwC,EAAqBF,EAAAA,YAAYT,EAAgC7B,CAAM,CAAC,EACxEyC,EAAYH,EAAAA,YAAYP,EAAuB/B,CAAM,CAAC,EACtD0C,EAAUJ,EAAAA,YAAYL,EAAqBjC,CAAM,CAAC,EAExD,OAAAqC,EAAe,MAAA,EACfE,EAAgB,MAAA,EAChBC,EAAmB,MAAA,EACnBC,EAAU,MAAA,EACVC,EAAQ,MAAA,EAED,CACH,OAAA1C,EACA,eAAAqC,EACA,gBAAAE,EACA,mBAAAC,EACA,UAAAC,EACA,QAAAC,EACA,SAAU,CACNL,EAAe,KAAA,EACfE,EAAgB,KAAA,EAChBC,EAAmB,KAAA,EACnBC,EAAU,KAAA,EACVC,EAAQ,KAAA,CACZ,CAAA,CAER"}
1
+ {"version":3,"file":"index.cjs","sources":["../src/storage/MemoryStorage.ts","../src/errors/codes.ts","../src/errors/messages.ts","../src/client/Omni2FaClient.ts","../src/storage/SessionStorageStorage.ts","../src/storage/LocalStorageStorage.ts","../src/errors/Omni2FaApiError.ts","../src/machines/totpEnrollment/totpEnrollmentMachine.ts","../src/machines/emailEnrollment/emailEnrollmentMachine.ts","../src/webauthn/base64url.ts","../src/webauthn/ceremony.ts","../src/machines/webauthnEnrollment/webauthnEnrollmentMachine.ts","../src/machines/challenge/challengeMachine.ts","../src/machines/methods/methodsMachine.ts","../src/createOmni2Fa.ts"],"sourcesContent":["import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** In-process storage. Default. Values vanish on page reload — safest default. */\r\nexport class MemoryStorage implements IStorage {\r\n private readonly map = new Map<string, string>();\r\n\r\n get(key: string): string | null {\r\n return this.map.get(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n this.map.set(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n this.map.delete(key);\r\n }\r\n}\r\n","export const Omni2FaErrorCodes = {\r\n InvalidCode: 'INVALID_CODE',\r\n PreAuthExpired: 'PREAUTH_EXPIRED',\r\n PreAuthInvalid: 'PREAUTH_INVALID',\r\n ChallengeNotFound: 'CHALLENGE_NOT_FOUND',\r\n ChallengeConsumed: 'CHALLENGE_CONSUMED',\r\n TooManyAttempts: 'TOO_MANY_ATTEMPTS',\r\n MethodNotFound: 'METHOD_NOT_FOUND',\r\n TypeAlreadyEnrolled: 'TYPE_ALREADY_ENROLLED',\r\n MaxMethodsReached: 'MAX_METHODS_REACHED',\r\n LastMethodProtected: 'LAST_METHOD_PROTECTED',\r\n RecoveryCodeInvalid: 'RECOVERY_CODE_INVALID',\r\n RecoveryCodeUsed: 'RECOVERY_CODE_USED',\r\n WebAuthnVerificationFailed: 'WEBAUTHN_VERIFICATION_FAILED',\r\n ValidationFailed: 'VALIDATION_FAILED',\r\n NetworkError: 'NETWORK_ERROR',\r\n Unknown: 'UNKNOWN',\r\n} as const;\r\n\r\nexport type Omni2FaErrorCode = (typeof Omni2FaErrorCodes)[keyof typeof Omni2FaErrorCodes];\r\n","import { Omni2FaErrorCodes, type Omni2FaErrorCode } from './codes';\r\n\r\nconst defaults: Record<Omni2FaErrorCode, string> = {\r\n [Omni2FaErrorCodes.InvalidCode]: 'The code you entered is invalid.',\r\n [Omni2FaErrorCodes.PreAuthExpired]: 'Your session has expired. Please sign in again.',\r\n [Omni2FaErrorCodes.PreAuthInvalid]: 'Your session is invalid. Please sign in again.',\r\n [Omni2FaErrorCodes.ChallengeNotFound]: 'No active verification step. Please restart.',\r\n [Omni2FaErrorCodes.ChallengeConsumed]: 'This verification step was already used. Please sign in again.',\r\n [Omni2FaErrorCodes.TooManyAttempts]: 'Too many attempts. Please wait before trying again.',\r\n [Omni2FaErrorCodes.MethodNotFound]: 'The selected 2FA method was not found.',\r\n [Omni2FaErrorCodes.TypeAlreadyEnrolled]: 'You already have this type of 2FA enabled.',\r\n [Omni2FaErrorCodes.MaxMethodsReached]: 'You have reached the maximum number of 2FA methods.',\r\n [Omni2FaErrorCodes.LastMethodProtected]: 'You cannot remove your last 2FA method.',\r\n [Omni2FaErrorCodes.RecoveryCodeInvalid]: 'The recovery code is invalid.',\r\n [Omni2FaErrorCodes.RecoveryCodeUsed]: 'This recovery code has already been used.',\r\n [Omni2FaErrorCodes.WebAuthnVerificationFailed]: 'Security key verification failed.',\r\n [Omni2FaErrorCodes.ValidationFailed]: 'The request was malformed.',\r\n [Omni2FaErrorCodes.NetworkError]: 'Network error. Please check your connection.',\r\n [Omni2FaErrorCodes.Unknown]: 'An unexpected error occurred.',\r\n};\r\n\r\nexport function getDefaultMessage(code: string): string {\r\n return defaults[code as Omni2FaErrorCode] ?? defaults[Omni2FaErrorCodes.Unknown];\r\n}\r\n","import createClient from 'openapi-fetch';\r\nimport type { paths } from '../types/api';\r\nimport type { IStorage } from '../storage/Interfaces/IStorage';\r\nimport { MemoryStorage } from '../storage/MemoryStorage';\r\nimport { Omni2FaErrorCodes } from '../errors/codes';\r\nimport { getDefaultMessage } from '../errors/messages';\r\nimport type {\r\n ChallengeResendRequest,\r\n ChallengeStartRequest,\r\n ChallengeStartResponse,\r\n ChallengeVerifyRequest,\r\n EmailEnrollConfirmRequest,\r\n EmailEnrollResendRequest,\r\n EmailEnrollStartRequest,\r\n EmailEnrollStartResponse,\r\n ErrorResponse,\r\n MethodCreatedResponse,\r\n RecoveryCodesResponse,\r\n RecoveryCodeVerifyRequest,\r\n TotpEnrollConfirmRequest,\r\n TotpEnrollStartResponse,\r\n TwoFactorMethodDto,\r\n VerifySuccessResponse,\r\n WebAuthnEnrollConfirmRequest,\r\n WebAuthnEnrollStartResponse,\r\n} from '../types/dtos';\r\nimport type { ClientCall } from './Interfaces/ClientCall';\r\nimport type { IOmni2FaClient } from './Interfaces/IOmni2FaClient';\r\nimport type { Omni2FaClientConfig } from './Omni2FaClientConfig';\r\n\r\nconst DEFAULT_PREAUTH_KEY = 'omni2fa:preauth';\r\nconst DEFAULT_SESSION_KEY = 'omni2fa:session';\r\n// Only used to resolve a relative baseUrl/request URL so we can read its pathname; the origin is irrelevant.\r\nconst FALLBACK_ORIGIN = 'http://omni2fa.local';\r\n\r\ntype FetchClient = ReturnType<typeof createClient<paths>>;\r\n\r\nexport class Omni2FaClient implements IOmni2FaClient {\r\n private readonly storage: IStorage;\r\n private readonly preAuthKey: string;\r\n private readonly sessionKey: string;\r\n private readonly basePath: string;\r\n private readonly inner: FetchClient;\r\n\r\n constructor(config: Omni2FaClientConfig) {\r\n this.storage = config.storage ?? new MemoryStorage();\r\n this.preAuthKey = config.preAuthStorageKey ?? DEFAULT_PREAUTH_KEY;\r\n this.sessionKey = config.sessionStorageKey ?? DEFAULT_SESSION_KEY;\r\n // Mount path of the API, e.g. \"/api/2fa\" — used to classify endpoints by their path under it.\r\n this.basePath = new URL(config.baseUrl, FALLBACK_ORIGIN).pathname.replace(/\\/$/, '');\r\n this.inner = createClient<paths>({\r\n baseUrl: config.baseUrl,\r\n fetch: config.fetch ?? globalThis.fetch.bind(globalThis),\r\n ...(config.credentials ? { credentials: config.credentials } : {}),\r\n });\r\n this.inner.use({\r\n onRequest: ({ request }) => {\r\n // A custom fetch / host-set header always wins.\r\n if (request.headers.has('Authorization')) {\r\n return request;\r\n }\r\n // Pre-auth token guards the 2FA ceremony; everything else uses the host session token.\r\n const token = this.isPreAuthEndpoint(request.url) ? this.getPreAuthToken() : this.getSessionToken();\r\n if (token) {\r\n request.headers.set('Authorization', `Bearer ${token}`);\r\n }\r\n return request;\r\n },\r\n });\r\n }\r\n\r\n /** Pre-auth endpoints are exactly the ones mounted under <c>{basePath}/challenge/</c>. */\r\n private isPreAuthEndpoint(url: string): boolean {\r\n const path = new URL(url, FALLBACK_ORIGIN).pathname;\r\n const relative = path.startsWith(this.basePath) ? path.slice(this.basePath.length) : path;\r\n return relative.startsWith('/challenge/');\r\n }\r\n\r\n setPreAuthToken(token: string | null): void {\r\n this.setToken(this.preAuthKey, token);\r\n }\r\n\r\n getPreAuthToken(): string | null {\r\n return this.storage.get(this.preAuthKey);\r\n }\r\n\r\n setSessionToken(token: string | null): void {\r\n this.setToken(this.sessionKey, token);\r\n }\r\n\r\n getSessionToken(): string | null {\r\n return this.storage.get(this.sessionKey);\r\n }\r\n\r\n private setToken(key: string, token: string | null): void {\r\n if (token === null || token.length === 0) {\r\n this.storage.remove(key);\r\n } else {\r\n this.storage.set(key, token);\r\n }\r\n }\r\n\r\n async listMethods(): Promise<ClientCall<TwoFactorMethodDto[]>> {\r\n const { data, error, response } = await this.inner.GET('/methods');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async removeMethod(methodId: string): Promise<ClientCall<void>> {\r\n const { error, response } = await this.inner.DELETE('/methods/{methodId}', { params: { path: { methodId } } });\r\n if (error) {\r\n return this.errorCall(error, response);\r\n }\r\n return { ok: true, value: undefined };\r\n }\r\n\r\n async startTotpEnrollment(): Promise<ClientCall<TotpEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/totp/start');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmTotpEnrollment(request: TotpEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/totp/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startEmailEnrollment(request: EmailEnrollStartRequest): Promise<ClientCall<EmailEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/start', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmEmailEnrollment(request: EmailEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async resendEmailEnrollment(request: EmailEnrollResendRequest): Promise<ClientCall<EmailEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/email/resend', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startWebAuthnEnrollment(): Promise<ClientCall<WebAuthnEnrollStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/webauthn/start');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async confirmWebAuthnEnrollment(request: WebAuthnEnrollConfirmRequest): Promise<ClientCall<MethodCreatedResponse>> {\r\n const { data, error, response } = await this.inner.POST('/enroll/webauthn/confirm', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async startChallenge(request: ChallengeStartRequest): Promise<ClientCall<ChallengeStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/start', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async resendChallenge(request: ChallengeResendRequest): Promise<ClientCall<ChallengeStartResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/resend', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async verifyChallenge(request: ChallengeVerifyRequest): Promise<ClientCall<VerifySuccessResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/verify', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async verifyRecoveryCode(request: RecoveryCodeVerifyRequest): Promise<ClientCall<VerifySuccessResponse>> {\r\n const { data, error, response } = await this.inner.POST('/challenge/recovery-code', { body: request });\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n async regenerateRecoveryCodes(): Promise<ClientCall<RecoveryCodesResponse>> {\r\n const { data, error, response } = await this.inner.POST('/recovery-codes/regenerate');\r\n return this.toCall(data, error, response);\r\n }\r\n\r\n private toCall<T>(data: T | undefined, error: ErrorResponse | undefined, response: Response): ClientCall<T> {\r\n if (error !== undefined) {\r\n return this.errorCall(error, response);\r\n }\r\n if (data === undefined) {\r\n return {\r\n ok: false,\r\n code: Omni2FaErrorCodes.NetworkError,\r\n message: getDefaultMessage(Omni2FaErrorCodes.NetworkError),\r\n httpStatus: response.status,\r\n };\r\n }\r\n return { ok: true, value: data };\r\n }\r\n\r\n private errorCall(error: ErrorResponse, response: Response): ClientCall<never> {\r\n const code = error.code || Omni2FaErrorCodes.Unknown;\r\n return {\r\n ok: false,\r\n code,\r\n message: error.message || getDefaultMessage(code),\r\n httpStatus: response.status,\r\n details: error.details ?? null,\r\n };\r\n }\r\n}\r\n","import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** Browser <c>sessionStorage</c>. Values persist across page reloads in the same tab, gone when tab closes. */\r\nexport class SessionStorageStorage implements IStorage {\r\n get(key: string): string | null {\r\n return globalThis.sessionStorage?.getItem(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n globalThis.sessionStorage?.setItem(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n globalThis.sessionStorage?.removeItem(key);\r\n }\r\n}\r\n","import type { IStorage } from './Interfaces/IStorage';\r\n\r\n/** Browser <c>localStorage</c>. Values persist indefinitely across sessions. Use with caution for sensitive data. */\r\nexport class LocalStorageStorage implements IStorage {\r\n get(key: string): string | null {\r\n return globalThis.localStorage?.getItem(key) ?? null;\r\n }\r\n\r\n set(key: string, value: string): void {\r\n globalThis.localStorage?.setItem(key, value);\r\n }\r\n\r\n remove(key: string): void {\r\n globalThis.localStorage?.removeItem(key);\r\n }\r\n}\r\n","/**\r\n * Error thrown by core machines when an HTTP call fails. Carries the stable error code,\r\n * HTTP status, and optional structured details. Adapters read it from xstate's <c>onError</c>\r\n * <c>event.error</c>.\r\n */\r\nexport class Omni2FaApiError extends Error {\r\n readonly code: string;\r\n readonly httpStatus: number;\r\n readonly details: Record<string, unknown> | null;\r\n\r\n constructor(code: string, message: string, httpStatus: number, details: Record<string, unknown> | null = null) {\r\n super(message);\r\n this.name = 'Omni2FaApiError';\r\n this.code = code;\r\n this.httpStatus = httpStatus;\r\n this.details = details;\r\n }\r\n}\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport type { TotpEnrollmentContext } from './TotpEnrollmentContext';\r\nimport type { TotpEnrollmentEvent } from './TotpEnrollmentEvent';\r\n\r\nconst initialContext: TotpEnrollmentContext = {\r\n enrollmentId: null,\r\n otpAuthUri: null,\r\n secret: null,\r\n methodId: null,\r\n recoveryCodes: null,\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createTotpEnrollmentMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as TotpEnrollmentContext,\r\n events: {} as TotpEnrollmentEvent,\r\n },\r\n actors: {\r\n startEnrollment: fromPromise(async () => {\r\n const result = await client.startTotpEnrollment();\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n confirmEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string; code: string; name: string | null } }) => {\r\n const result = await client.confirmTotpEnrollment({\r\n enrollmentId: input.enrollmentId,\r\n code: input.code,\r\n name: input.name,\r\n });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'totpEnrollment',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n start: { target: 'starting' },\r\n },\r\n },\r\n starting: {\r\n invoke: {\r\n src: 'startEnrollment',\r\n onDone: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => {\r\n context.enrollmentId = event.output.enrollmentId;\r\n context.otpAuthUri = event.output.otpAuthUri;\r\n context.secret = event.output.secret;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n awaitingCode: {\r\n on: {\r\n submit: { target: 'confirming' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n confirming: {\r\n invoke: {\r\n src: 'confirmEnrollment',\r\n input: ({ context, event }) => {\r\n if (event.type !== 'submit') throw new Error('confirming requires submit event');\r\n if (!context.enrollmentId) throw new Error('no enrollmentId');\r\n return { enrollmentId: context.enrollmentId, code: event.code, name: event.name ?? null };\r\n },\r\n onDone: {\r\n target: 'enrolled',\r\n actions: ({ context, event }) => {\r\n context.methodId = event.output.methodId;\r\n context.recoveryCodes = event.output.recoveryCodes ?? null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n enrolled: {\r\n on: {\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n start: { target: 'starting' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignInitial({ context }: { context: TotpEnrollmentContext }) {\r\n context.enrollmentId = null;\r\n context.otpAuthUri = null;\r\n context.secret = null;\r\n context.methodId = null;\r\n context.recoveryCodes = null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: TotpEnrollmentContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type TotpEnrollmentMachine = ReturnType<typeof createTotpEnrollmentMachine>;\r\nexport type TotpEnrollmentActor = ActorRefFrom<TotpEnrollmentMachine>;\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\nimport type { EmailEnrollmentContext } from './EmailEnrollmentContext';\nimport type { EmailEnrollmentEvent } from './EmailEnrollmentEvent';\n\nconst initialContext: EmailEnrollmentContext = {\n enrollmentId: null,\n email: null,\n expiresAt: null,\n resendAvailableAt: null,\n methodId: null,\n recoveryCodes: null,\n errorCode: null,\n errorMessage: null,\n};\n\nexport function createEmailEnrollmentMachine(client: IOmni2FaClient) {\n return setup({\n types: {\n context: {} as EmailEnrollmentContext,\n events: {} as EmailEnrollmentEvent,\n },\n actors: {\n startEnrollment: fromPromise(async ({ input }: { input: { email?: string | undefined } }) => {\n const result = await client.startEmailEnrollment(input.email !== undefined ? { email: input.email } : {});\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n resendEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string } }) => {\n const result = await client.resendEmailEnrollment({ enrollmentId: input.enrollmentId });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n confirmEnrollment: fromPromise(async ({ input }: { input: { enrollmentId: string; code: string; name: string | null } }) => {\n const result = await client.confirmEmailEnrollment({\n enrollmentId: input.enrollmentId,\n code: input.code,\n name: input.name,\n });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n },\n }).createMachine({\n id: 'emailEnrollment',\n initial: 'idle',\n context: initialContext,\n states: {\n idle: {\n on: {\n start: { target: 'starting' },\n },\n },\n starting: {\n entry: ({ context, event }) => {\n if (event.type === 'start') {\n context.email = event.email ?? null;\n }\n },\n invoke: {\n src: 'startEnrollment',\n // Under the server's default ClaimOnly source the address is derived from the\n // session, so an absent email is valid; HostSupplied callers pass one through.\n input: ({ context }) => ({ email: context.email ?? undefined }),\n onDone: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignStartOutput(context, event.output),\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n awaitingCode: {\n on: {\n submit: { target: 'confirming' },\n resend: { target: 'resending' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n resending: {\n invoke: {\n src: 'resendEnrollment',\n input: ({ context }) => {\n if (!context.enrollmentId) throw new Error('no enrollmentId');\n return { enrollmentId: context.enrollmentId };\n },\n onDone: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignStartOutput(context, event.output),\n },\n onError: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n confirming: {\n invoke: {\n src: 'confirmEnrollment',\n input: ({ context, event }) => {\n if (event.type !== 'submit') throw new Error('confirming requires submit event');\n if (!context.enrollmentId) throw new Error('no enrollmentId');\n return { enrollmentId: context.enrollmentId, code: event.code, name: event.name ?? null };\n },\n onDone: {\n target: 'enrolled',\n actions: ({ context, event }) => {\n context.methodId = event.output.methodId;\n context.recoveryCodes = event.output.recoveryCodes ?? null;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'awaitingCode',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n enrolled: {\n on: {\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n failed: {\n on: {\n start: { target: 'starting' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n },\n });\n}\n\nfunction assignStartOutput(context: EmailEnrollmentContext, output: { enrollmentId: string; expiresAt: string; resendAvailableAt: string }) {\n context.enrollmentId = output.enrollmentId;\n context.expiresAt = output.expiresAt;\n context.resendAvailableAt = output.resendAvailableAt;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignInitial({ context }: { context: EmailEnrollmentContext }) {\n context.enrollmentId = null;\n context.email = null;\n context.expiresAt = null;\n context.resendAvailableAt = null;\n context.methodId = null;\n context.recoveryCodes = null;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignApiError(context: EmailEnrollmentContext, error: unknown) {\n if (error instanceof Omni2FaApiError) {\n context.errorCode = error.code;\n context.errorMessage = error.message;\n } else {\n context.errorCode = 'UNKNOWN';\n context.errorMessage = error instanceof Error ? error.message : null;\n }\n}\n\nexport type EmailEnrollmentMachine = ReturnType<typeof createEmailEnrollmentMachine>;\nexport type EmailEnrollmentActor = ActorRefFrom<EmailEnrollmentMachine>;\n","/** base64url ↔ ArrayBuffer conversions for WebAuthn binary fields. Tolerates standard base64 input too. */\n\nexport function base64urlToBuffer(value: string): ArrayBuffer {\n const base64 = value.replace(/-/g, '+').replace(/_/g, '/');\n const padded = base64.padEnd(Math.ceil(base64.length / 4) * 4, '=');\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes.buffer;\n}\n\nexport function bufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n","import { base64urlToBuffer, bufferToBase64url } from './base64url';\n\n/**\n * Browser-side WebAuthn marshaling. Parses the server's options JSON (Fido2NetLib format — binary\n * fields base64url-encoded) into the `ArrayBuffer` shape the browser API needs, runs the ceremony,\n * and serializes the credential back to JSON for the server. Browser-only.\n */\n\ninterface CredentialDescriptorJson {\n type: PublicKeyCredentialType;\n id: string;\n transports?: AuthenticatorTransport[];\n}\n\ninterface CreationOptionsJson {\n challenge: string;\n user: { id: string; name: string; displayName: string };\n excludeCredentials?: CredentialDescriptorJson[];\n [key: string]: unknown;\n}\n\ninterface RequestOptionsJson {\n challenge: string;\n allowCredentials?: CredentialDescriptorJson[];\n [key: string]: unknown;\n}\n\nfunction mapDescriptors(list: CredentialDescriptorJson[] | undefined): PublicKeyCredentialDescriptor[] {\n return (list ?? []).map((c) => ({ ...c, id: base64urlToBuffer(c.id) }));\n}\n\n/** Run a registration ceremony and return the attestation JSON for `/enroll/webauthn/confirm`. */\nexport async function startRegistration(optionsJson: string): Promise<string> {\n const parsed = JSON.parse(optionsJson) as CreationOptionsJson;\n const publicKey = {\n ...parsed,\n challenge: base64urlToBuffer(parsed.challenge),\n user: { ...parsed.user, id: base64urlToBuffer(parsed.user.id) },\n excludeCredentials: mapDescriptors(parsed.excludeCredentials),\n // Cast through unknown: the spread carries Fido2's index-signature fields the DOM type omits.\n } as unknown as PublicKeyCredentialCreationOptions;\n\n const credential = (await navigator.credentials.create({ publicKey })) as PublicKeyCredential | null;\n if (credential === null) {\n throw new Error('WebAuthn registration produced no credential.');\n }\n const response = credential.response as AuthenticatorAttestationResponse;\n return JSON.stringify({\n id: credential.id,\n rawId: bufferToBase64url(credential.rawId),\n type: credential.type,\n extensions: credential.getClientExtensionResults(),\n response: {\n attestationObject: bufferToBase64url(response.attestationObject),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n },\n });\n}\n\n/** Run an assertion ceremony and return the assertion JSON for `/challenge/verify`. */\nexport async function startAuthentication(optionsJson: string): Promise<string> {\n const parsed = JSON.parse(optionsJson) as RequestOptionsJson;\n const publicKey = {\n ...parsed,\n challenge: base64urlToBuffer(parsed.challenge),\n allowCredentials: mapDescriptors(parsed.allowCredentials),\n } as unknown as PublicKeyCredentialRequestOptions;\n\n const credential = (await navigator.credentials.get({ publicKey })) as PublicKeyCredential | null;\n if (credential === null) {\n throw new Error('WebAuthn authentication produced no credential.');\n }\n const response = credential.response as AuthenticatorAssertionResponse;\n return JSON.stringify({\n id: credential.id,\n rawId: bufferToBase64url(credential.rawId),\n type: credential.type,\n extensions: credential.getClientExtensionResults(),\n response: {\n authenticatorData: bufferToBase64url(response.authenticatorData),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n signature: bufferToBase64url(response.signature),\n userHandle: response.userHandle ? bufferToBase64url(response.userHandle) : null,\n },\n });\n}\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\nimport { startRegistration } from '../../webauthn/ceremony';\nimport type { WebAuthnEnrollmentContext } from './WebAuthnEnrollmentContext';\nimport type { WebAuthnEnrollmentEvent } from './WebAuthnEnrollmentEvent';\n\nconst initialContext: WebAuthnEnrollmentContext = {\n enrollmentId: null,\n optionsJson: null,\n name: null,\n methodId: null,\n recoveryCodes: null,\n errorCode: null,\n errorMessage: null,\n};\n\nexport function createWebAuthnEnrollmentMachine(client: IOmni2FaClient) {\n return setup({\n types: {\n context: {} as WebAuthnEnrollmentContext,\n events: {} as WebAuthnEnrollmentEvent,\n },\n actors: {\n startEnrollment: fromPromise(async () => {\n const result = await client.startWebAuthnEnrollment();\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n registerAndConfirm: fromPromise(async ({ input }: { input: { enrollmentId: string; optionsJson: string; name: string | null } }) => {\n const attestationResponseJson = await startRegistration(input.optionsJson);\n const result = await client.confirmWebAuthnEnrollment({\n enrollmentId: input.enrollmentId,\n attestationResponseJson,\n name: input.name,\n });\n if (!result.ok) {\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\n }\n return result.value;\n }),\n },\n }).createMachine({\n id: 'webauthnEnrollment',\n initial: 'idle',\n context: initialContext,\n states: {\n idle: {\n on: {\n start: { target: 'starting' },\n },\n },\n starting: {\n entry: ({ context, event }) => {\n if (event.type === 'start') {\n context.name = event.name ?? null;\n }\n },\n invoke: {\n src: 'startEnrollment',\n onDone: {\n target: 'registering',\n actions: ({ context, event }) => {\n context.enrollmentId = event.output.enrollmentId;\n context.optionsJson = event.output.optionsJson;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n registering: {\n invoke: {\n src: 'registerAndConfirm',\n input: ({ context }) => {\n if (!context.enrollmentId || !context.optionsJson) throw new Error('no pending enrollment');\n return { enrollmentId: context.enrollmentId, optionsJson: context.optionsJson, name: context.name };\n },\n onDone: {\n target: 'enrolled',\n actions: ({ context, event }) => {\n context.methodId = event.output.methodId;\n context.recoveryCodes = event.output.recoveryCodes ?? null;\n context.errorCode = null;\n context.errorMessage = null;\n },\n },\n onError: {\n target: 'failed',\n actions: ({ context, event }) => assignApiError(context, event.error),\n },\n },\n },\n enrolled: {\n on: {\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n failed: {\n on: {\n retry: { target: 'starting' },\n reset: { target: 'idle', actions: assignInitial },\n },\n },\n },\n });\n}\n\nfunction assignInitial({ context }: { context: WebAuthnEnrollmentContext }) {\n context.enrollmentId = null;\n context.optionsJson = null;\n context.name = null;\n context.methodId = null;\n context.recoveryCodes = null;\n context.errorCode = null;\n context.errorMessage = null;\n}\n\nfunction assignApiError(context: WebAuthnEnrollmentContext, error: unknown) {\n if (error instanceof Omni2FaApiError) {\n context.errorCode = error.code;\n context.errorMessage = error.message;\n } else {\n context.errorCode = 'UNKNOWN';\n context.errorMessage = error instanceof Error ? error.message : null;\n }\n}\n\nexport type WebAuthnEnrollmentMachine = ReturnType<typeof createWebAuthnEnrollmentMachine>;\nexport type WebAuthnEnrollmentActor = ActorRefFrom<WebAuthnEnrollmentMachine>;\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport { startAuthentication } from '../../webauthn/ceremony';\r\nimport type { ChallengeContext } from './ChallengeContext';\r\nimport type { ChallengeEvent } from './ChallengeEvent';\r\n\r\nconst initialContext: ChallengeContext = {\r\n methodId: null,\r\n methodType: null,\r\n userId: null,\r\n verifiedToken: null,\r\n expiresAt: null,\r\n resendAvailableAt: null,\r\n optionsJson: null,\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createChallengeMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as ChallengeContext,\r\n events: {} as ChallengeEvent,\r\n },\r\n actors: {\r\n startChallenge: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.startChallenge({ methodId: input.methodId });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n resendChallenge: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.resendChallenge({ methodId: input.methodId });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n verifyChallenge: fromPromise(async ({ input }: { input: { methodId: string; code: string } }) => {\r\n const result = await client.verifyChallenge({ methodId: input.methodId, code: input.code });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n assertChallenge: fromPromise(async ({ input }: { input: { methodId: string; optionsJson: string } }) => {\r\n const assertionResponseJson = await startAuthentication(input.optionsJson);\r\n const result = await client.verifyChallenge({ methodId: input.methodId, assertionResponseJson });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n verifyRecoveryCode: fromPromise(async ({ input }: { input: { code: string } }) => {\r\n const result = await client.verifyRecoveryCode({ recoveryCode: input.code });\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'challenge',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n pick: { target: 'starting' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n },\r\n },\r\n starting: {\r\n entry: ({ context, event }) => {\r\n if (event.type === 'pick') {\r\n context.methodId = event.methodId;\r\n }\r\n },\r\n invoke: {\r\n src: 'startChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId };\r\n },\r\n onDone: [\r\n {\r\n guard: ({ event }) => event.output.type === 'WebAuthn',\r\n target: 'asserting',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n ],\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n asserting: {\r\n invoke: {\r\n src: 'assertChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId || !context.optionsJson) throw new Error('no assertion options');\r\n return { methodId: context.methodId, optionsJson: context.optionsJson };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.verifiedToken = event.output.verifiedToken;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n awaitingCode: {\r\n on: {\r\n submit: { target: 'verifying' },\r\n resend: { target: 'resending' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n verifyingRecovery: {\r\n invoke: {\r\n src: 'verifyRecoveryCode',\r\n input: ({ event }) => {\r\n if (event.type !== 'useRecoveryCode') throw new Error('verifyingRecovery requires useRecoveryCode event');\r\n return { code: event.code };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.verifiedToken = event.output.verifiedToken;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n resending: {\r\n invoke: {\r\n src: 'resendChallenge',\r\n input: ({ context }) => {\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId };\r\n },\r\n onDone: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignStartOutput(context, event.output),\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n verifying: {\r\n invoke: {\r\n src: 'verifyChallenge',\r\n input: ({ context, event }) => {\r\n if (event.type !== 'submit') throw new Error('verifying requires submit event');\r\n if (!context.methodId) throw new Error('no methodId');\r\n return { methodId: context.methodId, code: event.code };\r\n },\r\n onDone: {\r\n target: 'verified',\r\n actions: ({ context, event }) => {\r\n context.userId = event.output.userId;\r\n context.verifiedToken = event.output.verifiedToken;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'awaitingCode',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n verified: {\r\n on: {\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n pick: { target: 'starting' },\r\n useRecoveryCode: { target: 'verifyingRecovery' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignStartOutput(context: ChallengeContext, output: { type: ChallengeContext['methodType']; expiresAt?: string | null; resendAvailableAt?: string | null; optionsJson?: string | null }) {\r\n context.methodType = output.type;\r\n context.expiresAt = output.expiresAt ?? null;\r\n context.resendAvailableAt = output.resendAvailableAt ?? null;\r\n context.optionsJson = output.optionsJson ?? null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignInitial({ context }: { context: ChallengeContext }) {\r\n context.methodId = null;\r\n context.methodType = null;\r\n context.userId = null;\r\n context.verifiedToken = null;\r\n context.expiresAt = null;\r\n context.resendAvailableAt = null;\r\n context.optionsJson = null;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: ChallengeContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type ChallengeMachine = ReturnType<typeof createChallengeMachine>;\r\nexport type ChallengeActor = ActorRefFrom<ChallengeMachine>;\r\n","import { fromPromise, setup, type ActorRefFrom } from 'xstate';\r\nimport type { IOmni2FaClient } from '../../client/Interfaces/IOmni2FaClient';\r\nimport { Omni2FaApiError } from '../../errors/Omni2FaApiError';\r\nimport type { MethodsContext } from './MethodsContext';\r\nimport type { MethodsEvent } from './MethodsEvent';\r\n\r\nconst initialContext: MethodsContext = {\r\n items: [],\r\n errorCode: null,\r\n errorMessage: null,\r\n};\r\n\r\nexport function createMethodsMachine(client: IOmni2FaClient) {\r\n return setup({\r\n types: {\r\n context: {} as MethodsContext,\r\n events: {} as MethodsEvent,\r\n },\r\n actors: {\r\n load: fromPromise(async () => {\r\n const result = await client.listMethods();\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return result.value;\r\n }),\r\n remove: fromPromise(async ({ input }: { input: { methodId: string } }) => {\r\n const result = await client.removeMethod(input.methodId);\r\n if (!result.ok) {\r\n throw new Omni2FaApiError(result.code, result.message, result.httpStatus, result.details ?? null);\r\n }\r\n return input.methodId;\r\n }),\r\n },\r\n }).createMachine({\r\n id: 'methods',\r\n initial: 'idle',\r\n context: initialContext,\r\n states: {\r\n idle: {\r\n on: {\r\n load: { target: 'loading' },\r\n },\r\n },\r\n loading: {\r\n invoke: {\r\n src: 'load',\r\n onDone: {\r\n target: 'ready',\r\n actions: ({ context, event }) => {\r\n context.items = event.output;\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'failed',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n ready: {\r\n on: {\r\n load: { target: 'loading' },\r\n remove: { target: 'removing' },\r\n },\r\n },\r\n removing: {\r\n invoke: {\r\n src: 'remove',\r\n input: ({ event }) => {\r\n if (event.type !== 'remove') throw new Error('removing requires remove event');\r\n return { methodId: event.methodId };\r\n },\r\n onDone: {\r\n target: 'ready',\r\n actions: ({ context, event }) => {\r\n const removedId = event.output;\r\n context.items = context.items.filter((m) => m.id !== removedId);\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n },\r\n },\r\n onError: {\r\n target: 'ready',\r\n actions: ({ context, event }) => assignApiError(context, event.error),\r\n },\r\n },\r\n },\r\n failed: {\r\n on: {\r\n load: { target: 'loading' },\r\n reset: { target: 'idle', actions: assignInitial },\r\n },\r\n },\r\n },\r\n });\r\n}\r\n\r\nfunction assignInitial({ context }: { context: MethodsContext }) {\r\n context.items = [];\r\n context.errorCode = null;\r\n context.errorMessage = null;\r\n}\r\n\r\nfunction assignApiError(context: MethodsContext, error: unknown) {\r\n if (error instanceof Omni2FaApiError) {\r\n context.errorCode = error.code;\r\n context.errorMessage = error.message;\r\n } else {\r\n context.errorCode = 'UNKNOWN';\r\n context.errorMessage = error instanceof Error ? error.message : null;\r\n }\r\n}\r\n\r\nexport type MethodsMachine = ReturnType<typeof createMethodsMachine>;\r\nexport type MethodsActor = ActorRefFrom<MethodsMachine>;\r\n","import { createActor } from 'xstate';\r\nimport { Omni2FaClient } from './client/Omni2FaClient';\r\nimport type { Omni2FaClientConfig } from './client/Omni2FaClientConfig';\r\nimport type { IOmni2Fa } from './Interfaces/IOmni2Fa';\r\nimport { createTotpEnrollmentMachine } from './machines/totpEnrollment/totpEnrollmentMachine';\r\nimport { createEmailEnrollmentMachine } from './machines/emailEnrollment/emailEnrollmentMachine';\r\nimport { createWebAuthnEnrollmentMachine } from './machines/webauthnEnrollment/webauthnEnrollmentMachine';\r\nimport { createChallengeMachine } from './machines/challenge/challengeMachine';\r\nimport { createMethodsMachine } from './machines/methods/methodsMachine';\r\n\r\n/**\r\n * One-call assembly of the Omni2FA core: client + three actors (TOTP enrollment, login challenge, methods list).\r\n * Actors are <c>start()</c>ed and ready to receive events. Pass the returned instance to your UI adapter.\r\n */\r\nexport function createOmni2Fa(config: Omni2FaClientConfig): IOmni2Fa {\r\n const client = new Omni2FaClient(config);\r\n\r\n const totpEnrollment = createActor(createTotpEnrollmentMachine(client));\r\n const emailEnrollment = createActor(createEmailEnrollmentMachine(client));\r\n const webauthnEnrollment = createActor(createWebAuthnEnrollmentMachine(client));\r\n const challenge = createActor(createChallengeMachine(client));\r\n const methods = createActor(createMethodsMachine(client));\r\n\r\n totpEnrollment.start();\r\n emailEnrollment.start();\r\n webauthnEnrollment.start();\r\n challenge.start();\r\n methods.start();\r\n\r\n return {\r\n client,\r\n totpEnrollment,\r\n emailEnrollment,\r\n webauthnEnrollment,\r\n challenge,\r\n methods,\r\n dispose() {\r\n totpEnrollment.stop();\r\n emailEnrollment.stop();\r\n webauthnEnrollment.stop();\r\n challenge.stop();\r\n methods.stop();\r\n },\r\n };\r\n}\r\n"],"names":["MemoryStorage","key","value","Omni2FaErrorCodes","defaults","getDefaultMessage","code","DEFAULT_PREAUTH_KEY","DEFAULT_SESSION_KEY","FALLBACK_ORIGIN","Omni2FaClient","config","createClient","request","token","url","path","data","error","response","methodId","SessionStorageStorage","LocalStorageStorage","Omni2FaApiError","message","httpStatus","details","initialContext","createTotpEnrollmentMachine","client","setup","fromPromise","result","input","context","event","assignApiError","assignInitial","createEmailEnrollmentMachine","assignStartOutput","output","base64urlToBuffer","base64","padded","binary","bytes","bufferToBase64url","buffer","byte","mapDescriptors","list","c","startRegistration","optionsJson","parsed","publicKey","credential","startAuthentication","createWebAuthnEnrollmentMachine","attestationResponseJson","createChallengeMachine","assertionResponseJson","createMethodsMachine","removedId","m","createOmni2Fa","totpEnrollment","createActor","emailEnrollment","webauthnEnrollment","challenge","methods"],"mappings":"qIAGO,MAAMA,CAAkC,CAC1B,QAAU,IAE3B,IAAIC,EAA4B,CAC5B,OAAO,KAAK,IAAI,IAAIA,CAAG,GAAK,IAChC,CAEA,IAAIA,EAAaC,EAAqB,CAClC,KAAK,IAAI,IAAID,EAAKC,CAAK,CAC3B,CAEA,OAAOD,EAAmB,CACtB,KAAK,IAAI,OAAOA,CAAG,CACvB,CACJ,CCjBO,MAAME,EAAoB,CAC7B,YAAa,eACb,eAAgB,kBAChB,eAAgB,kBAChB,kBAAmB,sBACnB,kBAAmB,qBACnB,gBAAiB,oBACjB,eAAgB,mBAChB,oBAAqB,wBACrB,kBAAmB,sBACnB,oBAAqB,wBACrB,oBAAqB,wBACrB,iBAAkB,qBAClB,2BAA4B,+BAC5B,iBAAkB,oBAClB,aAAc,gBACd,QAAS,SACb,ECfMC,EAA6C,CAC/C,CAACD,EAAkB,WAAW,EAAG,mCACjC,CAACA,EAAkB,cAAc,EAAG,kDACpC,CAACA,EAAkB,cAAc,EAAG,iDACpC,CAACA,EAAkB,iBAAiB,EAAG,+CACvC,CAACA,EAAkB,iBAAiB,EAAG,iEACvC,CAACA,EAAkB,eAAe,EAAG,sDACrC,CAACA,EAAkB,cAAc,EAAG,yCACpC,CAACA,EAAkB,mBAAmB,EAAG,6CACzC,CAACA,EAAkB,iBAAiB,EAAG,sDACvC,CAACA,EAAkB,mBAAmB,EAAG,0CACzC,CAACA,EAAkB,mBAAmB,EAAG,gCACzC,CAACA,EAAkB,gBAAgB,EAAG,4CACtC,CAACA,EAAkB,0BAA0B,EAAG,oCAChD,CAACA,EAAkB,gBAAgB,EAAG,6BACtC,CAACA,EAAkB,YAAY,EAAG,+CAClC,CAACA,EAAkB,OAAO,EAAG,+BACjC,EAEO,SAASE,EAAkBC,EAAsB,CACpD,OAAOF,EAASE,CAAwB,GAAKF,EAASD,EAAkB,OAAO,CACnF,CCOA,MAAMI,EAAsB,kBACtBC,EAAsB,kBAEtBC,EAAkB,uBAIjB,MAAMC,CAAwC,CAChC,QACA,WACA,WACA,SACA,MAEjB,YAAYC,EAA6B,CACrC,KAAK,QAAUA,EAAO,SAAW,IAAIX,EACrC,KAAK,WAAaW,EAAO,mBAAqBJ,EAC9C,KAAK,WAAaI,EAAO,mBAAqBH,EAE9C,KAAK,SAAW,IAAI,IAAIG,EAAO,QAASF,CAAe,EAAE,SAAS,QAAQ,MAAO,EAAE,EACnF,KAAK,MAAQG,EAAoB,CAC7B,QAASD,EAAO,QAChB,MAAOA,EAAO,OAAS,WAAW,MAAM,KAAK,UAAU,EACvD,GAAIA,EAAO,YAAc,CAAE,YAAaA,EAAO,WAAA,EAAgB,CAAA,CAAC,CACnE,EACD,KAAK,MAAM,IAAI,CACX,UAAW,CAAC,CAAE,QAAAE,KAAc,CAExB,GAAIA,EAAQ,QAAQ,IAAI,eAAe,EACnC,OAAOA,EAGX,MAAMC,EAAQ,KAAK,kBAAkBD,EAAQ,GAAG,EAAI,KAAK,gBAAA,EAAoB,KAAK,gBAAA,EAClF,OAAIC,GACAD,EAAQ,QAAQ,IAAI,gBAAiB,UAAUC,CAAK,EAAE,EAEnDD,CACX,CAAA,CACH,CACL,CAGQ,kBAAkBE,EAAsB,CAC5C,MAAMC,EAAO,IAAI,IAAID,EAAKN,CAAe,EAAE,SAE3C,OADiBO,EAAK,WAAW,KAAK,QAAQ,EAAIA,EAAK,MAAM,KAAK,SAAS,MAAM,EAAIA,GACrE,WAAW,aAAa,CAC5C,CAEA,gBAAgBF,EAA4B,CACxC,KAAK,SAAS,KAAK,WAAYA,CAAK,CACxC,CAEA,iBAAiC,CAC7B,OAAO,KAAK,QAAQ,IAAI,KAAK,UAAU,CAC3C,CAEA,gBAAgBA,EAA4B,CACxC,KAAK,SAAS,KAAK,WAAYA,CAAK,CACxC,CAEA,iBAAiC,CAC7B,OAAO,KAAK,QAAQ,IAAI,KAAK,UAAU,CAC3C,CAEQ,SAASb,EAAaa,EAA4B,CAClDA,IAAU,MAAQA,EAAM,SAAW,EACnC,KAAK,QAAQ,OAAOb,CAAG,EAEvB,KAAK,QAAQ,IAAIA,EAAKa,CAAK,CAEnC,CAEA,MAAM,aAAyD,CAC3D,KAAM,CAAE,KAAAG,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,IAAI,UAAU,EACjE,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,aAAaC,EAA6C,CAC5D,KAAM,CAAE,MAAAF,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,OAAO,sBAAuB,CAAE,OAAQ,CAAE,KAAM,CAAE,SAAAC,CAAA,CAAS,EAAK,EAC7G,OAAIF,EACO,KAAK,UAAUA,EAAOC,CAAQ,EAElC,CAAE,GAAI,GAAM,MAAO,MAAA,CAC9B,CAEA,MAAM,qBAAoE,CACtE,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAoB,EAC5E,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,sBAAsBN,EAA+E,CACvG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,uBAAwB,CAAE,KAAMN,EAAS,EACjG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,qBAAqBN,EAAiF,CACxG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,sBAAuB,CAAE,KAAMN,EAAS,EAChG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,uBAAuBN,EAAgF,CACzG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,wBAAyB,CAAE,KAAMN,EAAS,EAClG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,sBAAsBN,EAAkF,CAC1G,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,uBAAwB,CAAE,KAAMN,EAAS,EACjG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,yBAA4E,CAC9E,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,wBAAwB,EAChF,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,0BAA0BN,EAAmF,CAC/G,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,2BAA4B,CAAE,KAAMN,EAAS,EACrG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,eAAeN,EAA6E,CAC9F,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,mBAAoB,CAAE,KAAMN,EAAS,EAC7F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,gBAAgBN,EAA8E,CAChG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAqB,CAAE,KAAMN,EAAS,EAC9F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,gBAAgBN,EAA6E,CAC/F,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,oBAAqB,CAAE,KAAMN,EAAS,EAC9F,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,mBAAmBN,EAAgF,CACrG,KAAM,CAAE,KAAAI,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,2BAA4B,CAAE,KAAMN,EAAS,EACrG,OAAO,KAAK,OAAOI,EAAMC,EAAOC,CAAQ,CAC5C,CAEA,MAAM,yBAAsE,CACxE,KAAM,CAAE,KAAAF,EAAM,MAAAC,EAAO,SAAAC,CAAA,EAAa,MAAM,KAAK,MAAM,KAAK,4BAA4B,EACpF,OAAO,KAAK,OAAOF,EAAMC,EAAOC,CAAQ,CAC5C,CAEQ,OAAUF,EAAqBC,EAAkCC,EAAmC,CACxG,OAAID,IAAU,OACH,KAAK,UAAUA,EAAOC,CAAQ,EAErCF,IAAS,OACF,CACH,GAAI,GACJ,KAAMd,EAAkB,aACxB,QAASE,EAAkBF,EAAkB,YAAY,EACzD,WAAYgB,EAAS,MAAA,EAGtB,CAAE,GAAI,GAAM,MAAOF,CAAA,CAC9B,CAEQ,UAAUC,EAAsBC,EAAuC,CAC3E,MAAMb,EAAOY,EAAM,MAAQf,EAAkB,QAC7C,MAAO,CACH,GAAI,GACJ,KAAAG,EACA,QAASY,EAAM,SAAWb,EAAkBC,CAAI,EAChD,WAAYa,EAAS,OACrB,QAASD,EAAM,SAAW,IAAA,CAElC,CACJ,CCrMO,MAAMG,CAA0C,CACnD,IAAIpB,EAA4B,CAC5B,OAAO,WAAW,gBAAgB,QAAQA,CAAG,GAAK,IACtD,CAEA,IAAIA,EAAaC,EAAqB,CAClC,WAAW,gBAAgB,QAAQD,EAAKC,CAAK,CACjD,CAEA,OAAOD,EAAmB,CACtB,WAAW,gBAAgB,WAAWA,CAAG,CAC7C,CACJ,CCZO,MAAMqB,CAAwC,CACjD,IAAIrB,EAA4B,CAC5B,OAAO,WAAW,cAAc,QAAQA,CAAG,GAAK,IACpD,CAEA,IAAIA,EAAaC,EAAqB,CAClC,WAAW,cAAc,QAAQD,EAAKC,CAAK,CAC/C,CAEA,OAAOD,EAAmB,CACtB,WAAW,cAAc,WAAWA,CAAG,CAC3C,CACJ,CCVO,MAAMsB,UAAwB,KAAM,CAC9B,KACA,WACA,QAET,YAAYjB,EAAckB,EAAiBC,EAAoBC,EAA0C,KAAM,CAC3G,MAAMF,CAAO,EACb,KAAK,KAAO,kBACZ,KAAK,KAAOlB,EACZ,KAAK,WAAamB,EAClB,KAAK,QAAUC,CACnB,CACJ,CCXA,MAAMC,EAAwC,CAC1C,aAAc,KACd,WAAY,KACZ,OAAQ,KACR,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAASC,EAA4BC,EAAwB,CAChE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,SAAY,CACrC,MAAMC,EAAS,MAAMH,EAAO,oBAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,kBAAmBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAoF,CACxH,MAAMD,EAAS,MAAMH,EAAO,sBAAsB,CAC9C,aAAcI,EAAM,aACpB,KAAMA,EAAM,KACZ,KAAMA,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,iBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,OAAQ,CACJ,IAAK,kBACL,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,aAAeC,EAAM,OAAO,aACpCD,EAAQ,WAAaC,EAAM,OAAO,WAClCD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,YAAA,EAClB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,WAAY,CACR,OAAQ,CACJ,IAAK,oBACL,MAAO,CAAC,CAAE,QAAAH,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,kCAAkC,EAC/E,GAAI,CAACD,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,aAAc,KAAMC,EAAM,KAAM,KAAMA,EAAM,MAAQ,IAAA,CACvF,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAA+C,CACpEA,EAAQ,aAAe,KACvBA,EAAQ,WAAa,KACrBA,EAAQ,OAAS,KACjBA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAgChB,EAAgB,CAChEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CC/HA,MAAMS,EAAyC,CAC3C,aAAc,KACd,MAAO,KACP,UAAW,KACX,kBAAmB,KACnB,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAASW,EAA6BT,EAAwB,CACjE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAuD,CACzF,MAAMD,EAAS,MAAMH,EAAO,qBAAqBI,EAAM,QAAU,OAAY,CAAE,MAAOA,EAAM,KAAA,EAAU,CAAA,CAAE,EACxG,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,iBAAkBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAiD,CACpF,MAAMD,EAAS,MAAMH,EAAO,sBAAsB,CAAE,aAAcI,EAAM,aAAc,EACtF,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,kBAAmBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAoF,CACxH,MAAMD,EAAS,MAAMH,EAAO,uBAAuB,CAC/C,aAAcI,EAAM,aACpB,KAAMA,EAAM,KACZ,KAAMA,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,kBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,UACfD,EAAQ,MAAQC,EAAM,OAAS,KAEvC,EACA,OAAQ,CACJ,IAAK,kBAGL,MAAO,CAAC,CAAE,QAAAD,MAAe,CAAE,MAAOA,EAAQ,OAAS,SACnD,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,YAAA,EAClB,OAAQ,CAAE,OAAQ,WAAA,EAClB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,mBACL,MAAO,CAAC,CAAE,QAAAH,KAAc,CACpB,GAAI,CAACA,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,YAAA,CACnC,EACA,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,WAAY,CACR,OAAQ,CACJ,IAAK,oBACL,MAAO,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,kCAAkC,EAC/E,GAAI,CAACD,EAAQ,aAAc,MAAM,IAAI,MAAM,iBAAiB,EAC5D,MAAO,CAAE,aAAcA,EAAQ,aAAc,KAAMC,EAAM,KAAM,KAAMA,EAAM,MAAQ,IAAA,CACvF,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASE,EAAkBL,EAAiCM,EAAgF,CACxIN,EAAQ,aAAeM,EAAO,aAC9BN,EAAQ,UAAYM,EAAO,UAC3BN,EAAQ,kBAAoBM,EAAO,kBACnCN,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASG,EAAc,CAAE,QAAAH,GAAgD,CACrEA,EAAQ,aAAe,KACvBA,EAAQ,MAAQ,KAChBA,EAAQ,UAAY,KACpBA,EAAQ,kBAAoB,KAC5BA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAiChB,EAAgB,CACjEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CCxKO,SAASuB,EAAkBvC,EAA4B,CAC1D,MAAMwC,EAASxC,EAAM,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACnDyC,EAASD,EAAO,OAAO,KAAK,KAAKA,EAAO,OAAS,CAAC,EAAI,EAAG,GAAG,EAC5DE,EAAS,KAAKD,CAAM,EACpBE,EAAQ,IAAI,WAAWD,EAAO,MAAM,EAC1C,QAAS,EAAI,EAAG,EAAIA,EAAO,OAAQ,IAC/BC,EAAM,CAAC,EAAID,EAAO,WAAW,CAAC,EAElC,OAAOC,EAAM,MACjB,CAEO,SAASC,EAAkBC,EAA6B,CAC3D,MAAMF,EAAQ,IAAI,WAAWE,CAAM,EACnC,IAAIH,EAAS,GACb,UAAWI,KAAQH,EACfD,GAAU,OAAO,aAAaI,CAAI,EAEtC,OAAO,KAAKJ,CAAM,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,CACjF,CCOA,SAASK,EAAeC,EAA+E,CACnG,OAAQA,GAAQ,CAAA,GAAI,IAAKC,IAAO,CAAE,GAAGA,EAAG,GAAIV,EAAkBU,EAAE,EAAE,GAAI,CAC1E,CAGA,eAAsBC,EAAkBC,EAAsC,CAC1E,MAAMC,EAAS,KAAK,MAAMD,CAAW,EAC/BE,EAAY,CACd,GAAGD,EACH,UAAWb,EAAkBa,EAAO,SAAS,EAC7C,KAAM,CAAE,GAAGA,EAAO,KAAM,GAAIb,EAAkBa,EAAO,KAAK,EAAE,CAAA,EAC5D,mBAAoBL,EAAeK,EAAO,kBAAkB,CAAA,EAI1DE,EAAc,MAAM,UAAU,YAAY,OAAO,CAAE,UAAAD,EAAW,EACpE,GAAIC,IAAe,KACf,MAAM,IAAI,MAAM,+CAA+C,EAEnE,MAAMrC,EAAWqC,EAAW,SAC5B,OAAO,KAAK,UAAU,CAClB,GAAIA,EAAW,GACf,MAAOV,EAAkBU,EAAW,KAAK,EACzC,KAAMA,EAAW,KACjB,WAAYA,EAAW,0BAAA,EACvB,SAAU,CACN,kBAAmBV,EAAkB3B,EAAS,iBAAiB,EAC/D,eAAgB2B,EAAkB3B,EAAS,cAAc,CAAA,CAC7D,CACH,CACL,CAGA,eAAsBsC,EAAoBJ,EAAsC,CAC5E,MAAMC,EAAS,KAAK,MAAMD,CAAW,EAC/BE,EAAY,CACd,GAAGD,EACH,UAAWb,EAAkBa,EAAO,SAAS,EAC7C,iBAAkBL,EAAeK,EAAO,gBAAgB,CAAA,EAGtDE,EAAc,MAAM,UAAU,YAAY,IAAI,CAAE,UAAAD,EAAW,EACjE,GAAIC,IAAe,KACf,MAAM,IAAI,MAAM,iDAAiD,EAErE,MAAMrC,EAAWqC,EAAW,SAC5B,OAAO,KAAK,UAAU,CAClB,GAAIA,EAAW,GACf,MAAOV,EAAkBU,EAAW,KAAK,EACzC,KAAMA,EAAW,KACjB,WAAYA,EAAW,0BAAA,EACvB,SAAU,CACN,kBAAmBV,EAAkB3B,EAAS,iBAAiB,EAC/D,eAAgB2B,EAAkB3B,EAAS,cAAc,EACzD,UAAW2B,EAAkB3B,EAAS,SAAS,EAC/C,WAAYA,EAAS,WAAa2B,EAAkB3B,EAAS,UAAU,EAAI,IAAA,CAC/E,CACH,CACL,CC9EA,MAAMQ,EAA4C,CAC9C,aAAc,KACd,YAAa,KACb,KAAM,KACN,SAAU,KACV,cAAe,KACf,UAAW,KACX,aAAc,IAClB,EAEO,SAAS+B,EAAgC7B,EAAwB,CACpE,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,gBAAiBC,EAAAA,YAAY,SAAY,CACrC,MAAMC,EAAS,MAAMH,EAAO,wBAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,mBAAoBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA2F,CAChI,MAAM0B,EAA0B,MAAMP,EAAkBnB,EAAM,WAAW,EACnED,EAAS,MAAMH,EAAO,0BAA0B,CAClD,aAAcI,EAAM,aACpB,wBAAA0B,EACA,KAAM1B,EAAM,IAAA,CACf,EACD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,qBACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,CAAW,CAChC,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,UACfD,EAAQ,KAAOC,EAAM,MAAQ,KAErC,EACA,OAAQ,CACJ,IAAK,kBACL,OAAQ,CACJ,OAAQ,cACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,aAAeC,EAAM,OAAO,aACpCD,EAAQ,YAAcC,EAAM,OAAO,YACnCD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,YAAa,CACT,OAAQ,CACJ,IAAK,qBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,cAAgB,CAACA,EAAQ,YAAa,MAAM,IAAI,MAAM,uBAAuB,EAC1F,MAAO,CAAE,aAAcA,EAAQ,aAAc,YAAaA,EAAQ,YAAa,KAAMA,EAAQ,IAAA,CACjG,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,SAAWC,EAAM,OAAO,SAChCD,EAAQ,cAAgBC,EAAM,OAAO,eAAiB,KACtDD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,MAAO,CAAE,OAAQ,UAAA,EACjB,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAAmD,CACxEA,EAAQ,aAAe,KACvBA,EAAQ,YAAc,KACtBA,EAAQ,KAAO,KACfA,EAAQ,SAAW,KACnBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAoChB,EAAgB,CACpEA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CC7HA,MAAMS,EAAmC,CACrC,SAAU,KACV,WAAY,KACZ,OAAQ,KACR,cAAe,KACf,UAAW,KACX,kBAAmB,KACnB,YAAa,KACb,UAAW,KACX,aAAc,IAClB,EAEO,SAASiC,EAAuB/B,EAAwB,CAC3D,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,eAAgBC,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CAC9E,MAAMD,EAAS,MAAMH,EAAO,eAAe,CAAE,SAAUI,EAAM,SAAU,EACvE,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CAC/E,MAAMD,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,EACxE,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA2D,CAC7F,MAAMD,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,KAAMA,EAAM,IAAA,CAAM,EAC1F,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,gBAAiBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAkE,CACpG,MAAM4B,EAAwB,MAAMJ,EAAoBxB,EAAM,WAAW,EACnED,EAAS,MAAMH,EAAO,gBAAgB,CAAE,SAAUI,EAAM,SAAU,sBAAA4B,EAAuB,EAC/F,GAAI,CAAC7B,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,mBAAoBD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAAyC,CAC9E,MAAMD,EAAS,MAAMH,EAAO,mBAAmB,CAAE,aAAcI,EAAM,KAAM,EAC3E,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,YACJ,QAAS,OACT,QAASL,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,KAAM,CAAE,OAAQ,UAAA,EAChB,gBAAiB,CAAE,OAAQ,mBAAA,CAAoB,CACnD,EAEJ,SAAU,CACN,MAAO,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CACvBA,EAAM,OAAS,SACfD,EAAQ,SAAWC,EAAM,SAEjC,EACA,OAAQ,CACJ,IAAK,iBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,QAAA,CAC/B,EACA,OAAQ,CACJ,CACI,MAAO,CAAC,CAAE,MAAAC,KAAYA,EAAM,OAAO,OAAS,WAC5C,OAAQ,YACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,CACI,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,CAC5E,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,UAAY,CAACA,EAAQ,YAAa,MAAM,IAAI,MAAM,sBAAsB,EACrF,MAAO,CAAE,SAAUA,EAAQ,SAAU,YAAaA,EAAQ,WAAA,CAC9D,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,cAAgBC,EAAM,OAAO,cACrCD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,aAAc,CACV,GAAI,CACA,OAAQ,CAAE,OAAQ,WAAA,EAClB,OAAQ,CAAE,OAAQ,WAAA,EAClB,gBAAiB,CAAE,OAAQ,mBAAA,EAC3B,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,kBAAmB,CACf,OAAQ,CACJ,IAAK,qBACL,MAAO,CAAC,CAAE,MAAAF,KAAY,CAClB,GAAIA,EAAM,OAAS,kBAAmB,MAAM,IAAI,MAAM,kDAAkD,EACxG,MAAO,CAAE,KAAMA,EAAM,IAAA,CACzB,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,cAAgBC,EAAM,OAAO,cACrCD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,KAAc,CACpB,GAAI,CAACA,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,QAAA,CAC/B,EACA,OAAQ,CACJ,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYI,EAAkBL,EAASC,EAAM,MAAM,CAAA,EAE5E,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,UAAW,CACP,OAAQ,CACJ,IAAK,kBACL,MAAO,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC3B,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,iCAAiC,EAC9E,GAAI,CAACD,EAAQ,SAAU,MAAM,IAAI,MAAM,aAAa,EACpD,MAAO,CAAE,SAAUA,EAAQ,SAAU,KAAMC,EAAM,IAAA,CACrD,EACA,OAAQ,CACJ,OAAQ,WACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,OAASC,EAAM,OAAO,OAC9BD,EAAQ,cAAgBC,EAAM,OAAO,cACrCD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,eACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,SAAU,CACN,GAAI,CACA,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,EAEJ,OAAQ,CACJ,GAAI,CACA,KAAM,CAAE,OAAQ,UAAA,EAChB,gBAAiB,CAAE,OAAQ,mBAAA,EAC3B,MAAO,CAAE,OAAQ,OAAQ,QAASA,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASE,EAAkBL,EAA2BM,EAA6I,CAC/LN,EAAQ,WAAaM,EAAO,KAC5BN,EAAQ,UAAYM,EAAO,WAAa,KACxCN,EAAQ,kBAAoBM,EAAO,mBAAqB,KACxDN,EAAQ,YAAcM,EAAO,aAAe,KAC5CN,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASG,EAAc,CAAE,QAAAH,GAA0C,CAC/DA,EAAQ,SAAW,KACnBA,EAAQ,WAAa,KACrBA,EAAQ,OAAS,KACjBA,EAAQ,cAAgB,KACxBA,EAAQ,UAAY,KACpBA,EAAQ,kBAAoB,KAC5BA,EAAQ,YAAc,KACtBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAA2BhB,EAAgB,CAC3DA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CC1OA,MAAMS,EAAiC,CACnC,MAAO,CAAA,EACP,UAAW,KACX,aAAc,IAClB,EAEO,SAASmC,EAAqBjC,EAAwB,CACzD,OAAOC,QAAM,CACT,MAAO,CACH,QAAS,CAAA,EACT,OAAQ,CAAA,CAAC,EAEb,OAAQ,CACJ,KAAMC,EAAAA,YAAY,SAAY,CAC1B,MAAMC,EAAS,MAAMH,EAAO,YAAA,EAC5B,GAAI,CAACG,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOA,EAAO,KAClB,CAAC,EACD,OAAQD,EAAAA,YAAY,MAAO,CAAE,MAAAE,KAA6C,CACtE,MAAMD,EAAS,MAAMH,EAAO,aAAaI,EAAM,QAAQ,EACvD,GAAI,CAACD,EAAO,GACR,MAAM,IAAIT,EAAgBS,EAAO,KAAMA,EAAO,QAASA,EAAO,WAAYA,EAAO,SAAW,IAAI,EAEpG,OAAOC,EAAM,QACjB,CAAC,CAAA,CACL,CACH,EAAE,cAAc,CACb,GAAI,UACJ,QAAS,OACT,QAASN,EACT,OAAQ,CACJ,KAAM,CACF,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,CAAU,CAC9B,EAEJ,QAAS,CACL,OAAQ,CACJ,IAAK,OACL,OAAQ,CACJ,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAO,EAAS,MAAAC,KAAY,CAC7BD,EAAQ,MAAQC,EAAM,OACtBD,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,SACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,MAAO,CACH,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,EAChB,OAAQ,CAAE,OAAQ,UAAA,CAAW,CACjC,EAEJ,SAAU,CACN,OAAQ,CACJ,IAAK,SACL,MAAO,CAAC,CAAE,MAAAA,KAAY,CAClB,GAAIA,EAAM,OAAS,SAAU,MAAM,IAAI,MAAM,gCAAgC,EAC7E,MAAO,CAAE,SAAUA,EAAM,QAAA,CAC7B,EACA,OAAQ,CACJ,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAD,EAAS,MAAAC,KAAY,CAC7B,MAAM4B,EAAY5B,EAAM,OACxBD,EAAQ,MAAQA,EAAQ,MAAM,OAAQ8B,GAAMA,EAAE,KAAOD,CAAS,EAC9D7B,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAAA,EAEJ,QAAS,CACL,OAAQ,QACR,QAAS,CAAC,CAAE,QAAAA,EAAS,MAAAC,KAAYC,EAAeF,EAASC,EAAM,KAAK,CAAA,CACxE,CACJ,EAEJ,OAAQ,CACJ,GAAI,CACA,KAAM,CAAE,OAAQ,SAAA,EAChB,MAAO,CAAE,OAAQ,OAAQ,QAASE,CAAA,CAAc,CACpD,CACJ,CACJ,CACH,CACL,CAEA,SAASA,EAAc,CAAE,QAAAH,GAAwC,CAC7DA,EAAQ,MAAQ,CAAA,EAChBA,EAAQ,UAAY,KACpBA,EAAQ,aAAe,IAC3B,CAEA,SAASE,EAAeF,EAAyBhB,EAAgB,CACzDA,aAAiBK,GACjBW,EAAQ,UAAYhB,EAAM,KAC1BgB,EAAQ,aAAehB,EAAM,UAE7BgB,EAAQ,UAAY,UACpBA,EAAQ,aAAehB,aAAiB,MAAQA,EAAM,QAAU,KAExE,CCnGO,SAAS+C,EAActD,EAAuC,CACjE,MAAMkB,EAAS,IAAInB,EAAcC,CAAM,EAEjCuD,EAAiBC,EAAAA,YAAYvC,EAA4BC,CAAM,CAAC,EAChEuC,EAAkBD,EAAAA,YAAY7B,EAA6BT,CAAM,CAAC,EAClEwC,EAAqBF,EAAAA,YAAYT,EAAgC7B,CAAM,CAAC,EACxEyC,EAAYH,EAAAA,YAAYP,EAAuB/B,CAAM,CAAC,EACtD0C,EAAUJ,EAAAA,YAAYL,EAAqBjC,CAAM,CAAC,EAExD,OAAAqC,EAAe,MAAA,EACfE,EAAgB,MAAA,EAChBC,EAAmB,MAAA,EACnBC,EAAU,MAAA,EACVC,EAAQ,MAAA,EAED,CACH,OAAA1C,EACA,eAAAqC,EACA,gBAAAE,EACA,mBAAAC,EACA,UAAAC,EACA,QAAAC,EACA,SAAU,CACNL,EAAe,KAAA,EACfE,EAAgB,KAAA,EAChBC,EAAmB,KAAA,EACnBC,EAAU,KAAA,EACVC,EAAQ,KAAA,CACZ,CAAA,CAER"}