@privy-io/node 0.1.0-alpha.3 → 0.1.0

package/lib/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/lib/auth.ts"],"names":[],"mappings":";;;AAmFA,0CAkBC;AAsBD,kDAgBC;AA2CD,gDA2BC;AAjND,+BAQc;AACd,4CAA8C;AAC9C,wDAAqE;AAGrE,MAAM,aAAa,GAAG,OAAO,CAAC;AAC9B,MAAM,UAAU,GAAG,UAAU,CAAC;AA+B9B;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,KAAa,EACb,eAA4C;IAE5C,qEAAqE;IACrE,IAAI,aAA8B,CAAC;IACnC,IAAI,OAAO,eAAe,KAAK,UAAU,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,IAAA,gBAAS,EAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,MAAM,IAAA,gBAAS,EAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,eAAe,CAAC,EACpC,UAAU,EAAE,SAAS,EACrB,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GACpB;IACrB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO;QACL,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,SAAS,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACtD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACvD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;KACrD,CAAC;AACJ,CAAC;AAgBD;;;;;GAKG;AACI,KAAK,UAAU,mBAAmB,CAAC,EACxC,cAAc,EAAE,aAAa,EAC7B,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GAChB;IACzB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAExF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,qBAAqB,CAAC,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,IAAA,kDAAiC,EAAC,aAAa,CAAC,OAAO,CAAC,CAAC;AAClE,CAAC;AAED,MAAa,qBAAsB,SAAQ,qBAAa;CAAG;AAA3D,sDAA2D;AAE3D,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,KAAK,YAAY,aAAU,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,YAAY,aAAU,CAAC,wBAAwB,IAAI,KAAK,YAAY,aAAU,CAAC,UAAU,EAAE,CAAC;QAC1G,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAWD,SAAgB,kBAAkB,CAAC,EACjC,KAAK,EACL,MAAM,EACN,OAAO,EACP,uBAAuB,GACC;IACxB,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAC1C,4DAA4D;QAC5D,IAAI,eAA0B,CAAC;QAC/B,OAAO,KAAK,IAAI,EAAE;YAChB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,eAAe,GAAG,MAAM,IAAA,iBAAU,EAAC,uBAAuB,EAAE,aAAa,CAAC,CAAC;gBAC7E,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;gBAC7F,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,YAAY,KAAK,YAAY,CAAC,CAAC;IAC5D,OAAO,IAAA,yBAAkB,EAAC,GAAG,EAAE;QAC7B,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC1C,gBAAgB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC/C,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}

package/lib/auth.mjs

@@ -0,0 +1,123 @@
+import { createRemoteJWKSet, importSPKI, errors as joseErrors, jwtVerify, } from 'jose';
+import { PrivyAPIError } from "../core/error.mjs";
+import { parseUserFromIdentityTokenPayload } from "./identity-token.mjs";
+const JWT_ALGORITHM = 'ES256';
+const JWT_ISSUER = 'privy.io';
+/**
+ * Verifies a JWT issued by privy.io for the given app ID.
+ * This serves both auth tokens and identity tokens.
+ * @returns The verify result along with the token's payload.
+ * @throws If the token is invalid.
+ */
+async function verifyPrivyIssuedJwt(jwt, appId, verificationKey) {
+    // Because of a type difference, the calls cannot be merged into one.
+    let verifiedToken;
+    if (typeof verificationKey !== 'function') {
+        verifiedToken = await jwtVerify(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    else {
+        verifiedToken = await jwtVerify(jwt, verificationKey, {
+            typ: 'JWT',
+            algorithms: [JWT_ALGORITHM],
+            issuer: JWT_ISSUER,
+            audience: appId,
+        }).catch(mapAndThrowJoseErrors);
+    }
+    return verifiedToken;
+}
+/**
+ * Verifies a Privy-issued authentication token.
+ *
+ * @returns The payload of the token if it is valid.
+ * @throws If the token is invalid.
+ */
+export async function verifyAuthToken({ auth_token: authToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await importSPKI(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(authToken, appId, verificationKey);
+    return {
+        app_id: throwIfNotString(verifiedToken.payload.aud),
+        issuer: throwIfNotString(verifiedToken.payload.iss),
+        issued_at: throwIfNotNumber(verifiedToken.payload.iat),
+        expiration: throwIfNotNumber(verifiedToken.payload.exp),
+        session_id: throwIfNotString(verifiedToken.payload['sid']),
+        user_id: throwIfNotString(verifiedToken.payload.sub),
+    };
+}
+/**
+ * Verifies an identity token, parsing it into a `User` object if it is valid.
+ *
+ * @returns The user object parsed from the identity token.
+ * @throws If the token or its payload is invalid.
+ */
+export async function verifyIdentityToken({ identity_token: identityToken, app_id: appId, verification_key: verificationKeyOrString, }) {
+    const verificationKey = typeof verificationKeyOrString === 'string' ?
+        await importSPKI(verificationKeyOrString, JWT_ALGORITHM)
+        : verificationKeyOrString;
+    const verifiedToken = await verifyPrivyIssuedJwt(identityToken, appId, verificationKey);
+    if (!verifiedToken.payload) {
+        throw new InvalidAuthTokenError('Unable to parse identity token');
+    }
+    return parseUserFromIdentityTokenPayload(verifiedToken.payload);
+}
+export class InvalidAuthTokenError extends PrivyAPIError {
+}
+/** Used for asserting the values in the token payload are strings. */
+function throwIfNotString(value) {
+    if (!value || typeof value !== 'string') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/** Used for asserting the values in the token payload are numbers. */
+function throwIfNotNumber(value) {
+    if (!value || typeof value !== 'number') {
+        throw new InvalidAuthTokenError("Token's payload is invalid");
+    }
+    return value;
+}
+/**
+ * Used to catch errors thrown by async `jose` functions and map to our own error types.
+ * This method will **always** throw an error, so it's return type is `never`.
+ */
+function mapAndThrowJoseErrors(error) {
+    if (error instanceof joseErrors.JWTExpired) {
+        throw new InvalidAuthTokenError('Authentication token expired');
+    }
+    else if (error instanceof joseErrors.JWTClaimValidationFailed || error instanceof joseErrors.JWTInvalid) {
+        throw new InvalidAuthTokenError('Authentication token is invalid');
+    }
+    else {
+        throw new InvalidAuthTokenError('Failed to verify authentication token');
+    }
+}
+export function createPrivyAppJWKS({ appId, apiUrl, headers, verificationKeyOverride, }) {
+    if (verificationKeyOverride !== undefined) {
+        // Use a closure to cache the verification key once imported
+        let verificationKey;
+        return async () => {
+            if (verificationKey === undefined) {
+                try {
+                    verificationKey = await importSPKI(verificationKeyOverride, JWT_ALGORITHM);
+                }
+                catch (error) {
+                    throw new InvalidAuthTokenError('Failed to import the provided verification key override');
+                }
+            }
+            return verificationKey;
+        };
+    }
+    const url = new URL(`${apiUrl}/v1/apps/${appId}/jwks.json`);
+    return createRemoteJWKSet(url, {
+        cacheMaxAge: 60 * 60 * 1000, // 60 minutes
+        cooldownDuration: 10 * 60 * 1000, // 10 minutes
+        headers,
+    });
+}
+//# sourceMappingURL=auth.mjs.map

package/lib/auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.mjs","sourceRoot":"","sources":["../src/lib/auth.ts"],"names":[],"mappings":"OAAO,EACL,kBAAkB,EAElB,UAAU,EACV,MAAM,IAAI,UAAU,EACpB,SAAS,GAGV,MAAM,MAAM;OACN,EAAE,aAAa,EAAE;OACjB,EAAE,iCAAiC,EAAE;AAG5C,MAAM,aAAa,GAAG,OAAO,CAAC;AAC9B,MAAM,UAAU,GAAG,UAAU,CAAC;AA+B9B;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,KAAa,EACb,eAA4C;IAE5C,qEAAqE;IACrE,IAAI,aAA8B,CAAC;IACnC,IAAI,OAAO,eAAe,KAAK,UAAU,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE;YACpD,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EACpC,UAAU,EAAE,SAAS,EACrB,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GACpB;IACrB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,SAAS,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO;QACL,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,MAAM,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACnD,SAAS,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACtD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACvD,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;KACrD,CAAC;AACJ,CAAC;AAgBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,cAAc,EAAE,aAAa,EAC7B,MAAM,EAAE,KAAK,EACb,gBAAgB,EAAE,uBAAuB,GAChB;IACzB,MAAM,eAAe,GACnB,OAAO,uBAAuB,KAAK,QAAQ,CAAC,CAAC;QAC3C,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC;QAC1D,CAAC,CAAC,uBAAuB,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAExF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,qBAAqB,CAAC,gCAAgC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,iCAAiC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,OAAO,qBAAsB,SAAQ,aAAa;CAAG;AAE3D,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,KAAK,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,YAAY,UAAU,CAAC,wBAAwB,IAAI,KAAK,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1G,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAWD,MAAM,UAAU,kBAAkB,CAAC,EACjC,KAAK,EACL,MAAM,EACN,OAAO,EACP,uBAAuB,GACC;IACxB,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QAC1C,4DAA4D;QAC5D,IAAI,eAA0B,CAAC;QAC/B,OAAO,KAAK,IAAI,EAAE;YAChB,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,eAAe,GAAG,MAAM,UAAU,CAAC,uBAAuB,EAAE,aAAa,CAAC,CAAC;gBAC7E,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;gBAC7F,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,YAAY,KAAK,YAAY,CAAC,CAAC;IAC5D,OAAO,kBAAkB,CAAC,GAAG,EAAE;QAC7B,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC1C,gBAAgB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAC/C,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}

package/lib/identity-token.d.mts

@@ -0,0 +1,15 @@
+import { JWTPayload } from 'jose';
+import { User } from "../resources.mjs";
+import { PrivyAPIError } from "../error.mjs";
+/**
+ * Parses the payload of an identity token (JWT) into a `User` object.
+ * Note that the user object may be incomplete due to the size constraints of the identity token.
+ *
+ * @param payload The payload of the identity token.
+ * @returns The user object parsed from the identity token.
+ * @throws If the payload is invalid.
+ */
+export declare function parseUserFromIdentityTokenPayload(payload: JWTPayload): User;
+export declare class InvalidIdentityTokenError extends PrivyAPIError {
+}
+//# sourceMappingURL=identity-token.d.mts.map

package/lib/identity-token.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-token.d.mts","sourceRoot":"","sources":["../src/lib/identity-token.ts"],"names":[],"mappings":"OAAO,EAAE,UAAU,EAAE,MAAM,MAAM;OAC1B,EAAE,IAAI,EAAE;OACR,EAAE,aAAa,EAAE;AAGxB;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAY3E;AA8PD,qBAAa,yBAA0B,SAAQ,aAAa;CAAG"}

package/lib/identity-token.d.ts

@@ -0,0 +1,15 @@
+import { JWTPayload } from 'jose';
+import { User } from "../resources.js";
+import { PrivyAPIError } from "../error.js";
+/**
+ * Parses the payload of an identity token (JWT) into a `User` object.
+ * Note that the user object may be incomplete due to the size constraints of the identity token.
+ *
+ * @param payload The payload of the identity token.
+ * @returns The user object parsed from the identity token.
+ * @throws If the payload is invalid.
+ */
+export declare function parseUserFromIdentityTokenPayload(payload: JWTPayload): User;
+export declare class InvalidIdentityTokenError extends PrivyAPIError {
+}
+//# sourceMappingURL=identity-token.d.ts.map

package/lib/identity-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-token.d.ts","sourceRoot":"","sources":["../src/lib/identity-token.ts"],"names":[],"mappings":"OAAO,EAAE,UAAU,EAAE,MAAM,MAAM;OAC1B,EAAE,IAAI,EAAE;OACR,EAAE,aAAa,EAAE;AAGxB;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAY3E;AA8PD,qBAAa,yBAA0B,SAAQ,aAAa;CAAG"}

package/lib/identity-token.js

@@ -0,0 +1,273 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidIdentityTokenError = void 0;
+exports.parseUserFromIdentityTokenPayload = parseUserFromIdentityTokenPayload;
+const error_1 = require("../error.js");
+/**
+ * Parses the payload of an identity token (JWT) into a `User` object.
+ * Note that the user object may be incomplete due to the size constraints of the identity token.
+ *
+ * @param payload The payload of the identity token.
+ * @returns The user object parsed from the identity token.
+ * @throws If the payload is invalid.
+ */
+function parseUserFromIdentityTokenPayload(payload) {
+    const customMetadata = parseCustomMetadataClaim(payload);
+    return {
+        id: payload.sub,
+        created_at: parseInt(payload['cr']),
+        is_guest: payload['guest'] === 't',
+        linked_accounts: parseLinkedAccountsClaim(payload),
+        ...(customMetadata ? { custom_metadata: customMetadata } : {}),
+        has_accepted_terms: false,
+        mfa_methods: [],
+    };
+}
+function parseLinkedAccountsClaim(payload) {
+    const linkedAccountsClaim = payload['linked_accounts'];
+    if (typeof linkedAccountsClaim !== 'string') {
+        throw new InvalidIdentityTokenError('Unable to parse identity token');
+    }
+    const parsedLinkedAccounts = JSON.parse(linkedAccountsClaim);
+    if (!Array.isArray(parsedLinkedAccounts)) {
+        throw new InvalidIdentityTokenError('Unable to parse identity token');
+    }
+    return parsedLinkedAccounts
+        .map(mapIdLinkedAccountToUserLinkedAccount)
+        .filter((account) => account !== null);
+}
+function mapIdLinkedAccountToUserLinkedAccount(account) {
+    if (account.type === 'email') {
+        return {
+            type: 'email',
+            address: account.address,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'phone') {
+        return {
+            type: 'phone',
+            phoneNumber: account.phone_number,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    // Parses all wallet types
+    if (account.type === 'wallet') {
+        if (account.wallet_client_type === 'privy') {
+            return {
+                type: 'wallet',
+                wallet_client_type: 'privy',
+                wallet_client: 'privy',
+                connector_type: 'embedded',
+                id: account.id,
+                address: account.address,
+                chain_type: account.chain_type,
+                first_verified_at: null,
+                verified_at: account.lv,
+                latest_verified_at: account.lv,
+                // The following fields are not present in the identity token,
+                // but are required. We set them to some safe defaults.
+                chain_id: '',
+                delegated: false,
+                imported: false,
+                public_key: '',
+                wallet_index: 0,
+                recovery_method: account.id ? 'privy-v2' : 'privy',
+            };
+        }
+        return {
+            type: 'wallet',
+            wallet_client: 'unknown',
+            address: account.address,
+            chain_type: account.chain_type,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'smart_wallet') {
+        return {
+            type: 'smart_wallet',
+            address: account.address,
+            smart_wallet_type: account.smart_wallet_type,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'farcaster') {
+        return {
+            type: 'farcaster',
+            fid: account.fid,
+            username: account.username,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+            owner_address: account.oa,
+        };
+    }
+    if (account.type === 'google_oauth') {
+        return {
+            type: 'google_oauth',
+            subject: account.subject,
+            email: account.email,
+            name: account.name,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'twitter_oauth') {
+        // We send along three potential URL shapes here based on possible profile picture URLs, all
+        // done to preserve size.
+        //   1. pfp begins with `default`, in which case we use the default profile picture URL structure
+        //   2. pfp does not start with https, in which case we assume the profile picture URL structure
+        //   3. Otherwise, we use the pfp URL as-is
+        let pfp = account.pfp ? account.pfp : null;
+        if (pfp?.startsWith('default')) {
+            pfp = `https://abs.twimg.com/sticky/default_profile_images/${pfp}`;
+        }
+        else if (!pfp?.startsWith('https://')) {
+            pfp = `https://pbs.twimg.com/profile_images/${pfp}`;
+        }
+        return {
+            type: 'twitter_oauth',
+            subject: account.subject,
+            username: account.username,
+            name: account.name ? account.name : null,
+            profile_picture_url: pfp,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'discord_oauth') {
+        return {
+            type: 'discord_oauth',
+            subject: account.subject,
+            username: account.username,
+            email: null, // not a part of the identity token
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'github_oauth') {
+        return {
+            type: 'github_oauth',
+            subject: account.subject,
+            username: account.username,
+            email: null, // not a part of the identity token
+            name: null, // not a part of the identity token
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'spotify_oauth') {
+        return {
+            type: 'spotify_oauth',
+            subject: account.subject,
+            email: null, // not a part of the identity token
+            name: null, // not a part of the identity token
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'instagram_oauth') {
+        return {
+            type: 'instagram_oauth',
+            subject: account.subject,
+            username: account.username,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'tiktok_oauth') {
+        return {
+            type: 'tiktok_oauth',
+            subject: account.subject,
+            username: account.username,
+            name: null, // not a part of the identity token
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'linkedin_oauth') {
+        return {
+            type: 'linkedin_oauth',
+            subject: account.subject,
+            email: account.email,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'apple_oauth') {
+        return {
+            type: 'apple_oauth',
+            subject: account.subject,
+            email: account.email,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'cross_app') {
+        return {
+            type: 'cross_app',
+            subject: account.subject,
+            provider_app_id: account.provider_app_id,
+            embedded_wallets: account.embedded_wallets,
+            smart_wallets: account.smart_wallets,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'custom_auth') {
+        return {
+            type: 'custom_auth',
+            custom_user_id: account.custom_user_id,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    if (account.type === 'telegram') {
+        return {
+            type: 'telegram',
+            telegram_user_id: account.telegram_user_id,
+            username: account.username,
+            first_verified_at: null,
+            verified_at: account.lv,
+            latest_verified_at: account.lv,
+        };
+    }
+    return null;
+}
+function parseCustomMetadataClaim(payload) {
+    const customMetadataClaim = payload['custom_metadata'];
+    if (customMetadataClaim === undefined) {
+        return undefined;
+    }
+    if (typeof customMetadataClaim !== 'string') {
+        throw new InvalidIdentityTokenError('Unable to parse identity token');
+    }
+    const parsedCustomMetadata = JSON.parse(customMetadataClaim);
+    if (!parsedCustomMetadata || typeof parsedCustomMetadata !== 'object') {
+        throw new InvalidIdentityTokenError('Unable to parse identity token');
+    }
+    return parsedCustomMetadata;
+}
+class InvalidIdentityTokenError extends error_1.PrivyAPIError {
+}
+exports.InvalidIdentityTokenError = InvalidIdentityTokenError;
+//# sourceMappingURL=identity-token.js.map

package/lib/identity-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-token.js","sourceRoot":"","sources":["../src/lib/identity-token.ts"],"names":[],"mappings":";;;AAaA,8EAYC;AAvBD,uCAAyC;AAGzC;;;;;;;GAOG;AACH,SAAgB,iCAAiC,CAAC,OAAmB;IACnE,MAAM,cAAc,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAEzD,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,GAAa;QACzB,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAW,CAAC;QAC7C,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG;QAClC,eAAe,EAAE,wBAAwB,CAAC,OAAO,CAAC;QAClD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,kBAAkB,EAAE,KAAK;QACzB,WAAW,EAAE,EAAE;KAChB,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAmB;IACnD,MAAM,mBAAmB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACvD,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAY,CAAC;IACxE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,oBAAoB;SACxB,GAAG,CAAC,qCAAqC,CAAC;SAC1C,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,qCAAqC,CAAC,OAAY;IACzD,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACG,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,OAAO,CAAC,YAAY;YACjC,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACG,CAAC;IACtC,CAAC;IAED,0BAA0B;IAC1B,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,kBAAkB,KAAK,OAAO,EAAE,CAAC;YAC3C,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,kBAAkB,EAAE,OAAO;gBAC3B,aAAa,EAAE,OAAO;gBACtB,cAAc,EAAE,UAAU;gBAC1B,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,iBAAiB,EAAE,IAAI;gBACvB,WAAW,EAAE,OAAO,CAAC,EAAE;gBACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;gBAC9B,8DAA8D;gBAC9D,uDAAuD;gBACvD,QAAQ,EAAE,EAAE;gBACZ,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,EAAE;gBACd,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO;aACb,CAAC;QAC1C,CAAC;QACD,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,aAAa,EAAE,SAAS;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACO,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACpC,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACS,CAAC;IAC5C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;YAC9B,aAAa,EAAE,OAAO,CAAC,EAAE;SACY,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACpC,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACS,CAAC;IAC5C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACrC,4FAA4F;QAC5F,yBAAyB;QACzB,iGAAiG;QACjG,gGAAgG;QAChG,2CAA2C;QAC3C,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QAC3C,IAAI,GAAG,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,uDAAuD,GAAG,EAAE,CAAC;QACrE,CAAC;aAAM,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACxC,GAAG,GAAG,wCAAwC,GAAG,EAAE,CAAC;QACtD,CAAC;QAED,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YACxC,mBAAmB,EAAE,GAAG;YACxB,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACU,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACrC,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,IAAI,EAAE,mCAAmC;YAChD,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACU,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACpC,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,IAAI,EAAE,mCAAmC;YAChD,IAAI,EAAE,IAAI,EAAE,mCAAmC;YAC/C,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACS,CAAC;IAC5C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACrC,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,IAAI,EAAE,mCAAmC;YAChD,IAAI,EAAE,IAAI,EAAE,mCAAmC;YAC/C,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACU,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACvC,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACY,CAAC;IAC/C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACpC,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,IAAI,EAAE,mCAAmC;YAC/C,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACS,CAAC;IAC5C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACtC,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACW,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnC,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACQ,CAAC;IAC3C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACM,CAAC;IACzC,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnC,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACO,CAAC;IAC1C,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,iBAAiB,EAAE,IAAI;YACvB,WAAW,EAAE,OAAO,CAAC,EAAE;YACvB,kBAAkB,EAAE,OAAO,CAAC,EAAE;SACM,CAAC;IACzC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAmB;IACnD,MAAM,mBAAmB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACvD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAY,CAAC;IACxE,IAAI,CAAC,oBAAoB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,yBAAyB,CAAC,gCAAgC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,oBAA+C,CAAC;AACzD,CAAC;AAED,MAAa,yBAA0B,SAAQ,qBAAa;CAAG;AAA/D,8DAA+D"}