npm - @smsdora/otp - Versions diffs - 0.1.0 - Mend

@smsdora/otp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 SmsDora
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,138 @@
+# @smsdora/otp
+Official **SmsDora OTP** authentication SDK for Node.js. Send and verify one-time
+passcodes over SMS through your SmsDora device fleet — with built-in retries,
+idempotent sends, typed errors, and local verification-token validation.
+- Zero runtime dependencies (uses built-in `fetch` + `node:crypto`)
+- ESM **and** CommonJS, with full TypeScript types
+- Node.js ≥ 18
+> Server-side only. This SDK holds your **secret** API key — never ship it to a
+> browser or mobile app. For client apps, use a SmsDora **publishable** key with
+> the mobile SDKs.
+## Install
+```bash
+npm install @smsdora/otp
+```
+## Quick start
+```ts
+import { SmsdoraOtp } from '@smsdora/otp';
+const otp = new SmsdoraOtp({
+  apiKey: process.env.SMSDORA_SECRET_KEY!,   // smsgw_... with otp:send + otp:verify
+  baseUrl: 'https://api.your-smsdora.com',
+  tokenSecret: process.env.OTP_TOKEN_SECRET, // optional — enables local verifyToken()
+});
+// 1. Send a code
+const challenge = await otp.send({
+  recipient: '+14155550100',
+  purpose: 'login',
+});
+// challenge.id, challenge.expiresAt, challenge.recipient (masked)
+// 2. Verify what the user typed
+const result = await otp.verify({ challengeId: challenge.id, code: '123456' });
+if (result.verified) {
+  // 3. Trust the verification locally (no extra network call)
+  const claims = otp.verifyToken(result.verificationToken!);
+  console.log('verified phone:', claims.sub, 'for', claims.purpose);
+}
+```
+## API
+### `new SmsdoraOtp(options)`
+| Option | Type | Default | Notes |
+|---|---|---|---|
+| `apiKey` | `string` | — | **Required.** Secret key with `otp:send` / `otp:verify`. |
+| `baseUrl` | `string` | — | **Required.** Your SmsDora backend URL. |
+| `tokenSecret` | `string` | — | Shared `OTP_TOKEN_SECRET`; needed for `verifyToken()`. |
+| `timeoutMs` | `number` | `10000` | Per-request timeout. |
+| `maxRetries` | `number` | `2` | Retries on network / 5xx / 429. |
+| `fetch` | `typeof fetch` | global | Custom fetch implementation. |
+### `send(params) → Promise<OtpChallenge>`
+```ts
+await otp.send({
+  recipient: '+14155550100',
+  purpose: 'login',          // optional tag
+  codeLength: 6,             // optional, 4–8
+  ttlSeconds: 300,           // optional, 60–900
+  templateOverride: 'Your code is {{code}} ({{ttl}} min)', // optional, must contain {{code}}
+  metadata: { userId: 'u_123' },                            // optional
+  idempotencyKey: 'order-42', // optional; auto-generated per call otherwise
+});
+```
+### `verify(params) → Promise<VerifyResult>`
+Returns `{ verified, status, attemptsRemaining, verificationToken? }`. A wrong
+code resolves with `verified: false` (it does **not** throw); transport/auth
+problems do throw.
+### `resend({ challengeId }) → Promise<OtpChallenge>`
+Re-delivers a fresh code for a pending challenge. Respects the server's resend
+cooldown and cap (throws `RateLimitError` when too soon / exhausted).
+### `getStatus(challengeId) → Promise<OtpChallenge>`
+### `verifyToken(token) → VerificationTokenPayload`
+Validates a verification token **locally** (HS256, no network). Requires
+`tokenSecret`. Throws `TokenVerificationError` if invalid/expired.
+### `verifyTokenRemote(token) → Promise<TokenCheckResult>`
+Validates on the server with **single-use** enforcement (the token can't be
+replayed). Use this when you need a hard one-time guarantee.
+## Error handling
+Every thrown error extends `SmsdoraOtpError` and carries a stable `.code`:
+```ts
+import { RateLimitError, DeliveryError, AuthError } from '@smsdora/otp';
+try {
+  await otp.send({ recipient });
+} catch (err) {
+  if (err instanceof RateLimitError) {
+    // err.retryAfterSeconds
+  } else if (err instanceof DeliveryError) {
+    // no online device / FCM failure — fall back to another channel
+  } else if (err instanceof AuthError) {
+    // bad key / missing scope
+  }
+}
+```
+| Class | `code` | When |
+|---|---|---|
+| `ConfigError` | `config_error` | Missing apiKey/baseUrl/tokenSecret. |
+| `ValidationError` | `validation_error` | 400 — bad params. |
+| `AuthError` | `auth_error` | 401/403. |
+| `NotFoundError` | `not_found` | 404. |
+| `RateLimitError` | `rate_limited` | 429 — has `retryAfterSeconds`. |
+| `DeliveryError` | `delivery_failed` | 502 — could not deliver. |
+| `ServerError` | `server_error` | 5xx. |
+| `NetworkError` | `network_error` | Timeout / connection failure. |
+| `TokenVerificationError` | `token_invalid` | Bad/expired verification token. |
+## Express example
+See [`examples/express-passwordless.ts`](./examples/express-passwordless.ts)
+for a complete phone-login flow.
+## License
+MIT

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,361 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthError: () => AuthError,
+  ConfigError: () => ConfigError,
+  DeliveryError: () => DeliveryError,
+  NetworkError: () => NetworkError,
+  NotFoundError: () => NotFoundError,
+  RateLimitError: () => RateLimitError,
+  ServerError: () => ServerError,
+  SmsdoraOtp: () => SmsdoraOtp,
+  SmsdoraOtpError: () => SmsdoraOtpError,
+  TokenVerificationError: () => TokenVerificationError,
+  ValidationError: () => ValidationError,
+  verifyVerificationToken: () => verifyVerificationToken
+});
+module.exports = __toCommonJS(index_exports);
+// src/client.ts
+var import_node_crypto2 = require("crypto");
+// src/errors.ts
+var SmsdoraOtpError = class extends Error {
+  code;
+  status;
+  requestId;
+  constructor(message, ctx) {
+    super(message, ctx.cause !== void 0 ? { cause: ctx.cause } : void 0);
+    this.name = new.target.name;
+    this.code = ctx.code;
+    this.status = ctx.status;
+    this.requestId = ctx.requestId;
+  }
+};
+var ConfigError = class extends SmsdoraOtpError {
+  constructor(message) {
+    super(message, { code: "config_error" });
+  }
+};
+var AuthError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "auth_error" });
+  }
+};
+var ValidationError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "validation_error" });
+  }
+};
+var NotFoundError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "not_found" });
+  }
+};
+var RateLimitError = class extends SmsdoraOtpError {
+  retryAfterSeconds;
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "rate_limited" });
+    this.retryAfterSeconds = ctx.retryAfterSeconds;
+  }
+};
+var DeliveryError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "delivery_failed" });
+  }
+};
+var ServerError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "server_error" });
+  }
+};
+var NetworkError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "network_error" });
+  }
+};
+var TokenVerificationError = class extends SmsdoraOtpError {
+  constructor(message, ctx = {}) {
+    super(message, { ...ctx, code: "token_invalid" });
+  }
+};
+// src/http.ts
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 500, 502, 503, 504]);
+var HttpClient = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  async request(method, path, options = {}) {
+    const url = `${this.config.baseUrl.replace(/\/+$/, "")}${path}`;
+    const headers = {
+      "x-api-key": this.config.apiKey,
+      accept: "application/json"
+    };
+    let bodyStr;
+    if (options.body !== void 0) {
+      headers["content-type"] = "application/json";
+      bodyStr = JSON.stringify(options.body);
+    }
+    if (options.idempotencyKey) {
+      headers["idempotency-key"] = options.idempotencyKey;
+    }
+    let lastError;
+    for (let attempt = 0; attempt <= this.config.maxRetries; attempt += 1) {
+      if (attempt > 0) {
+        await delay(this.backoffMs(attempt, lastError));
+      }
+      let response;
+      try {
+        response = await this.fetchWithTimeout(url, method, headers, bodyStr);
+      } catch (err) {
+        lastError = new NetworkError(
+          err instanceof Error && err.name === "AbortError" ? `Request timed out after ${this.config.timeoutMs}ms` : `Network request failed: ${err instanceof Error ? err.message : String(err)}`,
+          { cause: err }
+        );
+        if (attempt < this.config.maxRetries) continue;
+        throw lastError;
+      }
+      const envelope = await this.parseBody(response);
+      if (response.ok) {
+        return envelope?.data ?? envelope;
+      }
+      const error = this.toError(response, envelope);
+      if (RETRYABLE_STATUSES.has(response.status) && attempt < this.config.maxRetries) {
+        lastError = error;
+        continue;
+      }
+      throw error;
+    }
+    throw lastError ?? new NetworkError("Request failed");
+  }
+  async fetchWithTimeout(url, method, headers, body) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.config.timeoutMs);
+    try {
+      return await this.config.fetchImpl(url, {
+        method,
+        headers,
+        body,
+        signal: controller.signal
+      });
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async parseBody(response) {
+    const text = await response.text();
+    if (!text) return null;
+    try {
+      return JSON.parse(text);
+    } catch {
+      return { message: text };
+    }
+  }
+  toError(response, envelope) {
+    const message = normalizeMessage(envelope) ?? `HTTP ${response.status}`;
+    const ctx = {
+      status: response.status,
+      requestId: response.headers.get("x-request-id") ?? void 0
+    };
+    switch (response.status) {
+      case 400:
+        return new ValidationError(message, ctx);
+      case 401:
+      case 403:
+        return new AuthError(message, ctx);
+      case 404:
+        return new NotFoundError(message, ctx);
+      case 429:
+        return new RateLimitError(message, {
+          ...ctx,
+          retryAfterSeconds: envelope?.retryAfterSeconds ?? parseRetryAfter(response.headers.get("retry-after"))
+        });
+      case 502:
+        return new DeliveryError(message, ctx);
+      default:
+        return new ServerError(message, ctx);
+    }
+  }
+  backoffMs(attempt, lastError) {
+    if (lastError instanceof RateLimitError && lastError.retryAfterSeconds) {
+      return Math.min(lastError.retryAfterSeconds * 1e3, 1e4);
+    }
+    const base = 200 * 2 ** (attempt - 1);
+    return Math.round(base * (0.5 + Math.random() * 0.5));
+  }
+};
+function normalizeMessage(envelope) {
+  if (!envelope?.message) return void 0;
+  return Array.isArray(envelope.message) ? envelope.message.join("; ") : envelope.message;
+}
+function parseRetryAfter(header) {
+  if (!header) return void 0;
+  const seconds = Number(header);
+  return Number.isFinite(seconds) ? seconds : void 0;
+}
+function delay(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+// src/token.ts
+var import_node_crypto = require("crypto");
+function base64UrlToBuffer(input) {
+  const padded = input.replace(/-/g, "+").replace(/_/g, "/");
+  const pad = padded.length % 4 === 0 ? "" : "=".repeat(4 - padded.length % 4);
+  return Buffer.from(padded + pad, "base64");
+}
+function verifyVerificationToken(token, secret) {
+  const parts = token.split(".");
+  if (parts.length !== 3) {
+    throw new TokenVerificationError("Malformed token");
+  }
+  const [headerB64, payloadB64, signatureB64] = parts;
+  let header;
+  try {
+    header = JSON.parse(base64UrlToBuffer(headerB64).toString("utf8"));
+  } catch {
+    throw new TokenVerificationError("Malformed token header");
+  }
+  if (header.alg !== "HS256") {
+    throw new TokenVerificationError(
+      `Unsupported token algorithm: ${header.alg ?? "unknown"}`
+    );
+  }
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(`${headerB64}.${payloadB64}`).digest();
+  const actual = base64UrlToBuffer(signatureB64);
+  if (expected.length !== actual.length || !(0, import_node_crypto.timingSafeEqual)(expected, actual)) {
+    throw new TokenVerificationError("Invalid token signature");
+  }
+  let payload;
+  try {
+    payload = JSON.parse(base64UrlToBuffer(payloadB64).toString("utf8"));
+  } catch {
+    throw new TokenVerificationError("Malformed token payload");
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (typeof payload.exp === "number" && now >= payload.exp) {
+    throw new TokenVerificationError("Token has expired");
+  }
+  const nbf = payload.nbf;
+  if (typeof nbf === "number" && now < nbf) {
+    throw new TokenVerificationError("Token is not yet valid");
+  }
+  return payload;
+}
+// src/client.ts
+var SmsdoraOtp = class {
+  http;
+  tokenSecret;
+  constructor(options) {
+    if (!options?.apiKey) {
+      throw new ConfigError("`apiKey` is required");
+    }
+    if (!options.baseUrl) {
+      throw new ConfigError("`baseUrl` is required");
+    }
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    if (typeof fetchImpl !== "function") {
+      throw new ConfigError(
+        "No global `fetch` available. Use Node >= 18, or pass a `fetch` implementation."
+      );
+    }
+    this.tokenSecret = options.tokenSecret;
+    this.http = new HttpClient({
+      apiKey: options.apiKey,
+      baseUrl: options.baseUrl,
+      timeoutMs: options.timeoutMs ?? 1e4,
+      maxRetries: options.maxRetries ?? 2,
+      fetchImpl
+    });
+  }
+  /** Send a one-time passcode to a phone number. */
+  async send(params) {
+    const { idempotencyKey, ...rest } = params;
+    return this.http.request("POST", "/otp/send", {
+      body: rest,
+      idempotencyKey: idempotencyKey ?? (0, import_node_crypto2.randomUUID)()
+    });
+  }
+  /** Re-deliver the code for an existing challenge (subject to cooldown/cap). */
+  async resend(params) {
+    return this.http.request("POST", "/otp/resend", {
+      body: params
+    });
+  }
+  /** Verify a code. Returns a result; does NOT throw on a wrong code. */
+  async verify(params) {
+    return this.http.request("POST", "/otp/verify", {
+      body: params
+    });
+  }
+  /** Fetch the current status of a challenge. */
+  async getStatus(challengeId) {
+    return this.http.request(
+      "GET",
+      `/otp/${encodeURIComponent(challengeId)}`
+    );
+  }
+  /**
+   * Validate a verification token locally (no network). Requires `tokenSecret`
+   * in the client options. Use this in your auth flow to trust a verification
+   * without an extra round-trip.
+   *
+   * @throws {ConfigError} if no `tokenSecret` was configured.
+   * @throws {TokenVerificationError} if the token is invalid/expired.
+   */
+  verifyToken(token) {
+    if (!this.tokenSecret) {
+      throw new ConfigError(
+        "`tokenSecret` must be set to verify tokens locally. Pass it in the client options, or use verifyTokenRemote()."
+      );
+    }
+    return verifyVerificationToken(token, this.tokenSecret);
+  }
+  /**
+   * Validate a verification token on the server with single-use enforcement.
+   * Marks the token consumed so it cannot be replayed.
+   */
+  async verifyTokenRemote(token) {
+    return this.http.request("POST", "/otp/verify-token", {
+      body: { token }
+    });
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthError,
+  ConfigError,
+  DeliveryError,
+  NetworkError,
+  NotFoundError,
+  RateLimitError,
+  ServerError,
+  SmsdoraOtp,
+  SmsdoraOtpError,
+  TokenVerificationError,
+  ValidationError,
+  verifyVerificationToken
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/client.ts","../src/errors.ts","../src/http.ts","../src/token.ts"],"sourcesContent":["export { SmsdoraOtp } from './client.js';\nexport { verifyVerificationToken } from './token.js';\n\nexport {\n SmsdoraOtpError,\n ConfigError,\n AuthError,\n ValidationError,\n NotFoundError,\n RateLimitError,\n DeliveryError,\n ServerError,\n NetworkError,\n TokenVerificationError,\n type SmsdoraOtpErrorCode,\n} from './errors.js';\n\nexport type {\n SmsdoraOtpOptions,\n SendOtpParams,\n ResendOtpParams,\n VerifyOtpParams,\n OtpChallenge,\n OtpChannel,\n OtpStatus,\n VerifyResult,\n VerificationTokenPayload,\n TokenCheckResult,\n} from './types.js';\n","import { randomUUID } from 'node:crypto';\nimport { HttpClient } from './http.js';\nimport { ConfigError } from './errors.js';\nimport { verifyVerificationToken } from './token.js';\nimport type {\n OtpChallenge,\n ResendOtpParams,\n SendOtpParams,\n SmsdoraOtpOptions,\n TokenCheckResult,\n VerificationTokenPayload,\n VerifyOtpParams,\n VerifyResult,\n} from './types.js';\n\n/**\n * Client for the SmsDora OTP API.\n *\n * ```ts\n * const otp = new SmsdoraOtp({ apiKey: process.env.SMSDORA_KEY!, baseUrl });\n * const challenge = await otp.send({ recipient: '+14155550100', purpose: 'login' });\n * const result = await otp.verify({ challengeId: challenge.id, code });\n * if (result.verified) { ... }\n * ```\n */\nexport class SmsdoraOtp {\n private readonly http: HttpClient;\n private readonly tokenSecret?: string;\n\n constructor(options: SmsdoraOtpOptions) {\n if (!options?.apiKey) {\n throw new ConfigError('`apiKey` is required');\n }\n if (!options.baseUrl) {\n throw new ConfigError('`baseUrl` is required');\n }\n\n const fetchImpl = options.fetch ?? globalThis.fetch;\n if (typeof fetchImpl !== 'function') {\n throw new ConfigError(\n 'No global `fetch` available. Use Node >= 18, or pass a `fetch` implementation.',\n );\n }\n\n this.tokenSecret = options.tokenSecret;\n this.http = new HttpClient({\n apiKey: options.apiKey,\n baseUrl: options.baseUrl,\n timeoutMs: options.timeoutMs ?? 10_000,\n maxRetries: options.maxRetries ?? 2,\n fetchImpl,\n });\n }\n\n /** Send a one-time passcode to a phone number. */\n async send(params: SendOtpParams): Promise<OtpChallenge> {\n const { idempotencyKey, ...rest } = params;\n return this.http.request<OtpChallenge>('POST', '/otp/send', {\n body: rest,\n idempotencyKey: idempotencyKey ?? randomUUID(),\n });\n }\n\n /** Re-deliver the code for an existing challenge (subject to cooldown/cap). */\n async resend(params: ResendOtpParams): Promise<OtpChallenge> {\n return this.http.request<OtpChallenge>('POST', '/otp/resend', {\n body: params,\n });\n }\n\n /** Verify a code. Returns a result; does NOT throw on a wrong code. */\n async verify(params: VerifyOtpParams): Promise<VerifyResult> {\n return this.http.request<VerifyResult>('POST', '/otp/verify', {\n body: params,\n });\n }\n\n /** Fetch the current status of a challenge. */\n async getStatus(challengeId: string): Promise<OtpChallenge> {\n return this.http.request<OtpChallenge>(\n 'GET',\n `/otp/${encodeURIComponent(challengeId)}`,\n );\n }\n\n /**\n * Validate a verification token locally (no network). Requires `tokenSecret`\n * in the client options. Use this in your auth flow to trust a verification\n * without an extra round-trip.\n *\n * @throws {ConfigError} if no `tokenSecret` was configured.\n * @throws {TokenVerificationError} if the token is invalid/expired.\n */\n verifyToken(token: string): VerificationTokenPayload {\n if (!this.tokenSecret) {\n throw new ConfigError(\n '`tokenSecret` must be set to verify tokens locally. ' +\n 'Pass it in the client options, or use verifyTokenRemote().',\n );\n }\n return verifyVerificationToken(token, this.tokenSecret);\n }\n\n /**\n * Validate a verification token on the server with single-use enforcement.\n * Marks the token consumed so it cannot be replayed.\n */\n async verifyTokenRemote(token: string): Promise<TokenCheckResult> {\n return this.http.request<TokenCheckResult>('POST', '/otp/verify-token', {\n body: { token },\n });\n }\n}\n","/** Stable error codes — safe to branch on across SDK versions. */\nexport type SmsdoraOtpErrorCode =\n | 'config_error'\n | 'auth_error'\n | 'validation_error'\n | 'not_found'\n | 'rate_limited'\n | 'delivery_failed'\n | 'server_error'\n | 'network_error'\n | 'token_invalid';\n\nexport interface SmsdoraOtpErrorContext {\n code: SmsdoraOtpErrorCode;\n /** HTTP status, when the error originated from a response. */\n status?: number;\n /** Server request id, if provided. */\n requestId?: string;\n /** Underlying cause (e.g. a fetch error). */\n cause?: unknown;\n}\n\n/** Base class for every error the SDK throws. */\nexport class SmsdoraOtpError extends Error {\n readonly code: SmsdoraOtpErrorCode;\n readonly status?: number;\n readonly requestId?: string;\n\n constructor(message: string, ctx: SmsdoraOtpErrorContext) {\n super(message, ctx.cause !== undefined ? { cause: ctx.cause } : undefined);\n this.name = new.target.name;\n this.code = ctx.code;\n this.status = ctx.status;\n this.requestId = ctx.requestId;\n }\n}\n\n/** Missing/invalid client configuration (no apiKey, no tokenSecret, …). */\nexport class ConfigError extends SmsdoraOtpError {\n constructor(message: string) {\n super(message, { code: 'config_error' });\n }\n}\n\n/** 401 / 403 — bad or unauthorized API key, scope, or publishable restriction. */\nexport class AuthError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'auth_error' });\n }\n}\n\n/** 400 — invalid request parameters. */\nexport class ValidationError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'validation_error' });\n }\n}\n\n/** 404 — challenge/key not found. */\nexport class NotFoundError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'not_found' });\n }\n}\n\n/** 429 — a rate/abuse cap was hit. Inspect {@link retryAfterSeconds}. */\nexport class RateLimitError extends SmsdoraOtpError {\n readonly retryAfterSeconds?: number;\n constructor(\n message: string,\n ctx: Omit<SmsdoraOtpErrorContext, 'code'> & { retryAfterSeconds?: number } = {},\n ) {\n super(message, { ...ctx, code: 'rate_limited' });\n this.retryAfterSeconds = ctx.retryAfterSeconds;\n }\n}\n\n/** 502 — the code could not be delivered (no online device / FCM failure). */\nexport class DeliveryError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'delivery_failed' });\n }\n}\n\n/** 5xx — an unexpected server error. */\nexport class ServerError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'server_error' });\n }\n}\n\n/** Transport failure — connection refused, DNS, timeout, aborted. */\nexport class NetworkError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'network_error' });\n }\n}\n\n/** A verification token failed local or remote validation. */\nexport class TokenVerificationError extends SmsdoraOtpError {\n constructor(message: string, ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {}) {\n super(message, { ...ctx, code: 'token_invalid' });\n }\n}\n","import {\n AuthError,\n DeliveryError,\n NetworkError,\n NotFoundError,\n RateLimitError,\n ServerError,\n ValidationError,\n type SmsdoraOtpErrorContext,\n} from './errors.js';\n\nexport interface HttpClientConfig {\n apiKey: string;\n baseUrl: string;\n timeoutMs: number;\n maxRetries: number;\n fetchImpl: typeof fetch;\n}\n\ninterface RequestOptions {\n body?: unknown;\n idempotencyKey?: string;\n}\n\ninterface ApiEnvelope<T> {\n statusCode?: number;\n message?: string | string[];\n data?: T;\n retryAfterSeconds?: number;\n error?: string;\n}\n\nconst RETRYABLE_STATUSES = new Set([429, 500, 502, 503, 504]);\n\n/** Thin fetch wrapper: auth headers, timeout, retry with backoff, error mapping. */\nexport class HttpClient {\n constructor(private readonly config: HttpClientConfig) {}\n\n async request<T>(\n method: string,\n path: string,\n options: RequestOptions = {},\n ): Promise<T> {\n const url = `${this.config.baseUrl.replace(/\\/+$/, '')}${path}`;\n const headers: Record<string, string> = {\n 'x-api-key': this.config.apiKey,\n accept: 'application/json',\n };\n let bodyStr: string | undefined;\n if (options.body !== undefined) {\n headers['content-type'] = 'application/json';\n bodyStr = JSON.stringify(options.body);\n }\n if (options.idempotencyKey) {\n headers['idempotency-key'] = options.idempotencyKey;\n }\n\n let lastError: unknown;\n for (let attempt = 0; attempt <= this.config.maxRetries; attempt += 1) {\n if (attempt > 0) {\n await delay(this.backoffMs(attempt, lastError));\n }\n\n let response: Response;\n try {\n response = await this.fetchWithTimeout(url, method, headers, bodyStr);\n } catch (err) {\n lastError = new NetworkError(\n err instanceof Error && err.name === 'AbortError'\n ? `Request timed out after ${this.config.timeoutMs}ms`\n : `Network request failed: ${\n err instanceof Error ? err.message : String(err)\n }`,\n { cause: err },\n );\n if (attempt < this.config.maxRetries) continue;\n throw lastError;\n }\n\n const envelope = await this.parseBody<T>(response);\n\n if (response.ok) {\n return (envelope?.data ?? (envelope as unknown as T)) as T;\n }\n\n const error = this.toError(response, envelope);\n if (RETRYABLE_STATUSES.has(response.status) && attempt < this.config.maxRetries) {\n lastError = error;\n continue;\n }\n throw error;\n }\n\n // Unreachable in practice — the loop always returns or throws.\n throw lastError ?? new NetworkError('Request failed');\n }\n\n private async fetchWithTimeout(\n url: string,\n method: string,\n headers: Record<string, string>,\n body: string | undefined,\n ): Promise<Response> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), this.config.timeoutMs);\n try {\n return await this.config.fetchImpl(url, {\n method,\n headers,\n body,\n signal: controller.signal,\n });\n } finally {\n clearTimeout(timer);\n }\n }\n\n private async parseBody<T>(response: Response): Promise<ApiEnvelope<T> | null> {\n const text = await response.text();\n if (!text) return null;\n try {\n return JSON.parse(text) as ApiEnvelope<T>;\n } catch {\n return { message: text };\n }\n }\n\n private toError<T>(response: Response, envelope: ApiEnvelope<T> | null) {\n const message = normalizeMessage(envelope) ?? `HTTP ${response.status}`;\n const ctx: Omit<SmsdoraOtpErrorContext, 'code'> = {\n status: response.status,\n requestId: response.headers.get('x-request-id') ?? undefined,\n };\n\n switch (response.status) {\n case 400:\n return new ValidationError(message, ctx);\n case 401:\n case 403:\n return new AuthError(message, ctx);\n case 404:\n return new NotFoundError(message, ctx);\n case 429:\n return new RateLimitError(message, {\n ...ctx,\n retryAfterSeconds:\n envelope?.retryAfterSeconds ??\n parseRetryAfter(response.headers.get('retry-after')),\n });\n case 502:\n return new DeliveryError(message, ctx);\n default:\n return new ServerError(message, ctx);\n }\n }\n\n private backoffMs(attempt: number, lastError: unknown): number {\n // Honor an explicit retry-after on rate limits (capped at 10s).\n if (lastError instanceof RateLimitError && lastError.retryAfterSeconds) {\n return Math.min(lastError.retryAfterSeconds * 1000, 10_000);\n }\n // Exponential backoff with full jitter: ~200ms, 400ms, 800ms…\n const base = 200 * 2 ** (attempt - 1);\n return Math.round(base * (0.5 + Math.random() * 0.5));\n }\n}\n\nfunction normalizeMessage<T>(envelope: ApiEnvelope<T> | null): string | undefined {\n if (!envelope?.message) return undefined;\n return Array.isArray(envelope.message)\n ? envelope.message.join('; ')\n : envelope.message;\n}\n\nfunction parseRetryAfter(header: string | null): number | undefined {\n if (!header) return undefined;\n const seconds = Number(header);\n return Number.isFinite(seconds) ? seconds : undefined;\n}\n\nfunction delay(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n","import { createHmac, timingSafeEqual } from 'node:crypto';\nimport { TokenVerificationError } from './errors.js';\nimport type { VerificationTokenPayload } from './types.js';\n\nfunction base64UrlToBuffer(input: string): Buffer {\n const padded = input.replace(/-/g, '+').replace(/_/g, '/');\n const pad = padded.length % 4 === 0 ? '' : '='.repeat(4 - (padded.length % 4));\n return Buffer.from(padded + pad, 'base64');\n}\n\n/**\n * Verify a SmsDora verification token (HS256 JWT) locally — no network call.\n * Checks the signature against `secret` and enforces `exp` / `nbf`.\n *\n * @throws {TokenVerificationError} if malformed, wrong algorithm, bad\n * signature, or expired.\n */\nexport function verifyVerificationToken(\n token: string,\n secret: string,\n): VerificationTokenPayload {\n const parts = token.split('.');\n if (parts.length !== 3) {\n throw new TokenVerificationError('Malformed token');\n }\n const [headerB64, payloadB64, signatureB64] = parts as [\n string,\n string,\n string,\n ];\n\n let header: { alg?: string; typ?: string };\n try {\n header = JSON.parse(base64UrlToBuffer(headerB64).toString('utf8'));\n } catch {\n throw new TokenVerificationError('Malformed token header');\n }\n\n if (header.alg !== 'HS256') {\n throw new TokenVerificationError(\n `Unsupported token algorithm: ${header.alg ?? 'unknown'}`,\n );\n }\n\n const expected = createHmac('sha256', secret)\n .update(`${headerB64}.${payloadB64}`)\n .digest();\n const actual = base64UrlToBuffer(signatureB64);\n\n if (\n expected.length !== actual.length ||\n !timingSafeEqual(expected, actual)\n ) {\n throw new TokenVerificationError('Invalid token signature');\n }\n\n let payload: VerificationTokenPayload;\n try {\n payload = JSON.parse(base64UrlToBuffer(payloadB64).toString('utf8'));\n } catch {\n throw new TokenVerificationError('Malformed token payload');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload.exp === 'number' && now >= payload.exp) {\n throw new TokenVerificationError('Token has expired');\n }\n const nbf = (payload as { nbf?: number }).nbf;\n if (typeof nbf === 'number' && now < nbf) {\n throw new TokenVerificationError('Token is not yet valid');\n }\n\n return payload;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,sBAA2B;;;ACuBpB,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,KAA6B;AACxD,UAAM,SAAS,IAAI,UAAU,SAAY,EAAE,OAAO,IAAI,MAAM,IAAI,MAAS;AACzE,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO,IAAI;AAChB,SAAK,SAAS,IAAI;AAClB,SAAK,YAAY,IAAI;AAAA,EACvB;AACF;AAGO,IAAM,cAAN,cAA0B,gBAAgB;AAAA,EAC/C,YAAY,SAAiB;AAC3B,UAAM,SAAS,EAAE,MAAM,eAAe,CAAC;AAAA,EACzC;AACF;AAGO,IAAM,YAAN,cAAwB,gBAAgB;AAAA,EAC7C,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,aAAa,CAAC;AAAA,EAC/C;AACF;AAGO,IAAM,kBAAN,cAA8B,gBAAgB;AAAA,EACnD,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,mBAAmB,CAAC;AAAA,EACrD;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,YAAY,CAAC;AAAA,EAC9C;AACF;AAGO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA,EACzC;AAAA,EACT,YACE,SACA,MAA6E,CAAC,GAC9E;AACA,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,eAAe,CAAC;AAC/C,SAAK,oBAAoB,IAAI;AAAA,EAC/B;AACF;AAGO,IAAM,gBAAN,cAA4B,gBAAgB;AAAA,EACjD,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,kBAAkB,CAAC;AAAA,EACpD;AACF;AAGO,IAAM,cAAN,cAA0B,gBAAgB;AAAA,EAC/C,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,eAAe,CAAC;AAAA,EACjD;AACF;AAGO,IAAM,eAAN,cAA2B,gBAAgB;AAAA,EAChD,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,gBAAgB,CAAC;AAAA,EAClD;AACF;AAGO,IAAM,yBAAN,cAAqC,gBAAgB;AAAA,EAC1D,YAAY,SAAiB,MAA4C,CAAC,GAAG;AAC3E,UAAM,SAAS,EAAE,GAAG,KAAK,MAAM,gBAAgB,CAAC;AAAA,EAClD;AACF;;;ACvEA,IAAM,qBAAqB,oBAAI,IAAI,CAAC,KAAK,KAAK,KAAK,KAAK,GAAG,CAAC;AAGrD,IAAM,aAAN,MAAiB;AAAA,EACtB,YAA6B,QAA0B;AAA1B;AAAA,EAA2B;AAAA,EAA3B;AAAA,EAE7B,MAAM,QACJ,QACA,MACA,UAA0B,CAAC,GACf;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,QAAQ,QAAQ,QAAQ,EAAE,CAAC,GAAG,IAAI;AAC7D,UAAM,UAAkC;AAAA,MACtC,aAAa,KAAK,OAAO;AAAA,MACzB,QAAQ;AAAA,IACV;AACA,QAAI;AACJ,QAAI,QAAQ,SAAS,QAAW;AAC9B,cAAQ,cAAc,IAAI;AAC1B,gBAAU,KAAK,UAAU,QAAQ,IAAI;AAAA,IACvC;AACA,QAAI,QAAQ,gBAAgB;AAC1B,cAAQ,iBAAiB,IAAI,QAAQ;AAAA,IACvC;AAEA,QAAI;AACJ,aAAS,UAAU,GAAG,WAAW,KAAK,OAAO,YAAY,WAAW,GAAG;AACrE,UAAI,UAAU,GAAG;AACf,cAAM,MAAM,KAAK,UAAU,SAAS,SAAS,CAAC;AAAA,MAChD;AAEA,UAAI;AACJ,UAAI;AACF,mBAAW,MAAM,KAAK,iBAAiB,KAAK,QAAQ,SAAS,OAAO;AAAA,MACtE,SAAS,KAAK;AACZ,oBAAY,IAAI;AAAA,UACd,eAAe,SAAS,IAAI,SAAS,eACjC,2BAA2B,KAAK,OAAO,SAAS,OAChD,2BACE,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CACjD;AAAA,UACJ,EAAE,OAAO,IAAI;AAAA,QACf;AACA,YAAI,UAAU,KAAK,OAAO,WAAY;AACtC,cAAM;AAAA,MACR;AAEA,YAAM,WAAW,MAAM,KAAK,UAAa,QAAQ;AAEjD,UAAI,SAAS,IAAI;AACf,eAAQ,UAAU,QAAS;AAAA,MAC7B;AAEA,YAAM,QAAQ,KAAK,QAAQ,UAAU,QAAQ;AAC7C,UAAI,mBAAmB,IAAI,SAAS,MAAM,KAAK,UAAU,KAAK,OAAO,YAAY;AAC/E,oBAAY;AACZ;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAGA,UAAM,aAAa,IAAI,aAAa,gBAAgB;AAAA,EACtD;AAAA,EAEA,MAAc,iBACZ,KACA,QACA,SACA,MACmB;AACnB,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO,SAAS;AACxE,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,UAAU,KAAK;AAAA,QACtC;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,UAAa,UAAoD;AAC7E,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAI,CAAC,KAAM,QAAO;AAClB,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAAA,EACF;AAAA,EAEQ,QAAW,UAAoB,UAAiC;AACtE,UAAM,UAAU,iBAAiB,QAAQ,KAAK,QAAQ,SAAS,MAAM;AACrE,UAAM,MAA4C;AAAA,MAChD,QAAQ,SAAS;AAAA,MACjB,WAAW,SAAS,QAAQ,IAAI,cAAc,KAAK;AAAA,IACrD;AAEA,YAAQ,SAAS,QAAQ;AAAA,MACvB,KAAK;AACH,eAAO,IAAI,gBAAgB,SAAS,GAAG;AAAA,MACzC,KAAK;AAAA,MACL,KAAK;AACH,eAAO,IAAI,UAAU,SAAS,GAAG;AAAA,MACnC,KAAK;AACH,eAAO,IAAI,cAAc,SAAS,GAAG;AAAA,MACvC,KAAK;AACH,eAAO,IAAI,eAAe,SAAS;AAAA,UACjC,GAAG;AAAA,UACH,mBACE,UAAU,qBACV,gBAAgB,SAAS,QAAQ,IAAI,aAAa,CAAC;AAAA,QACvD,CAAC;AAAA,MACH,KAAK;AACH,eAAO,IAAI,cAAc,SAAS,GAAG;AAAA,MACvC;AACE,eAAO,IAAI,YAAY,SAAS,GAAG;AAAA,IACvC;AAAA,EACF;AAAA,EAEQ,UAAU,SAAiB,WAA4B;AAE7D,QAAI,qBAAqB,kBAAkB,UAAU,mBAAmB;AACtE,aAAO,KAAK,IAAI,UAAU,oBAAoB,KAAM,GAAM;AAAA,IAC5D;AAEA,UAAM,OAAO,MAAM,MAAM,UAAU;AACnC,WAAO,KAAK,MAAM,QAAQ,MAAM,KAAK,OAAO,IAAI,IAAI;AAAA,EACtD;AACF;AAEA,SAAS,iBAAoB,UAAqD;AAChF,MAAI,CAAC,UAAU,QAAS,QAAO;AAC/B,SAAO,MAAM,QAAQ,SAAS,OAAO,IACjC,SAAS,QAAQ,KAAK,IAAI,IAC1B,SAAS;AACf;AAEA,SAAS,gBAAgB,QAA2C;AAClE,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,UAAU,OAAO,MAAM;AAC7B,SAAO,OAAO,SAAS,OAAO,IAAI,UAAU;AAC9C;AAEA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;ACtLA,yBAA4C;AAI5C,SAAS,kBAAkB,OAAuB;AAChD,QAAM,SAAS,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACzD,QAAM,MAAM,OAAO,SAAS,MAAM,IAAI,KAAK,IAAI,OAAO,IAAK,OAAO,SAAS,CAAE;AAC7E,SAAO,OAAO,KAAK,SAAS,KAAK,QAAQ;AAC3C;AASO,SAAS,wBACd,OACA,QAC0B;AAC1B,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,WAAW,GAAG;AACtB,UAAM,IAAI,uBAAuB,iBAAiB;AAAA,EACpD;AACA,QAAM,CAAC,WAAW,YAAY,YAAY,IAAI;AAM9C,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,kBAAkB,SAAS,EAAE,SAAS,MAAM,CAAC;AAAA,EACnE,QAAQ;AACN,UAAM,IAAI,uBAAuB,wBAAwB;AAAA,EAC3D;AAEA,MAAI,OAAO,QAAQ,SAAS;AAC1B,UAAM,IAAI;AAAA,MACR,gCAAgC,OAAO,OAAO,SAAS;AAAA,IACzD;AAAA,EACF;AAEA,QAAM,eAAW,+BAAW,UAAU,MAAM,EACzC,OAAO,GAAG,SAAS,IAAI,UAAU,EAAE,EACnC,OAAO;AACV,QAAM,SAAS,kBAAkB,YAAY;AAE7C,MACE,SAAS,WAAW,OAAO,UAC3B,KAAC,oCAAgB,UAAU,MAAM,GACjC;AACA,UAAM,IAAI,uBAAuB,yBAAyB;AAAA,EAC5D;AAEA,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,kBAAkB,UAAU,EAAE,SAAS,MAAM,CAAC;AAAA,EACrE,QAAQ;AACN,UAAM,IAAI,uBAAuB,yBAAyB;AAAA,EAC5D;AAEA,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,MAAI,OAAO,QAAQ,QAAQ,YAAY,OAAO,QAAQ,KAAK;AACzD,UAAM,IAAI,uBAAuB,mBAAmB;AAAA,EACtD;AACA,QAAM,MAAO,QAA6B;AAC1C,MAAI,OAAO,QAAQ,YAAY,MAAM,KAAK;AACxC,UAAM,IAAI,uBAAuB,wBAAwB;AAAA,EAC3D;AAEA,SAAO;AACT;;;AHhDO,IAAM,aAAN,MAAiB;AAAA,EACL;AAAA,EACA;AAAA,EAEjB,YAAY,SAA4B;AACtC,QAAI,CAAC,SAAS,QAAQ;AACpB,YAAM,IAAI,YAAY,sBAAsB;AAAA,IAC9C;AACA,QAAI,CAAC,QAAQ,SAAS;AACpB,YAAM,IAAI,YAAY,uBAAuB;AAAA,IAC/C;AAEA,UAAM,YAAY,QAAQ,SAAS,WAAW;AAC9C,QAAI,OAAO,cAAc,YAAY;AACnC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,cAAc,QAAQ;AAC3B,SAAK,OAAO,IAAI,WAAW;AAAA,MACzB,QAAQ,QAAQ;AAAA,MAChB,SAAS,QAAQ;AAAA,MACjB,WAAW,QAAQ,aAAa;AAAA,MAChC,YAAY,QAAQ,cAAc;AAAA,MAClC;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,KAAK,QAA8C;AACvD,UAAM,EAAE,gBAAgB,GAAG,KAAK,IAAI;AACpC,WAAO,KAAK,KAAK,QAAsB,QAAQ,aAAa;AAAA,MAC1D,MAAM;AAAA,MACN,gBAAgB,sBAAkB,gCAAW;AAAA,IAC/C,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,OAAO,QAAgD;AAC3D,WAAO,KAAK,KAAK,QAAsB,QAAQ,eAAe;AAAA,MAC5D,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,OAAO,QAAgD;AAC3D,WAAO,KAAK,KAAK,QAAsB,QAAQ,eAAe;AAAA,MAC5D,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAU,aAA4C;AAC1D,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA,QAAQ,mBAAmB,WAAW,CAAC;AAAA,IACzC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,YAAY,OAAyC;AACnD,QAAI,CAAC,KAAK,aAAa;AACrB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AACA,WAAO,wBAAwB,OAAO,KAAK,WAAW;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,OAA0C;AAChE,WAAO,KAAK,KAAK,QAA0B,QAAQ,qBAAqB;AAAA,MACtE,MAAM,EAAE,MAAM;AAAA,IAChB,CAAC;AAAA,EACH;AACF;","names":["import_node_crypto"]}