@tangle-network/sandbox 0.2.1 → 0.4.0

package/dist/auth/index.d.ts

@@ -1,2 +1,2 @@
-import { _ as ReadTokenPayload, a as issueCollaborationToken, c as issueSessionScopedToken, d as AnyTokenPayload, f as BatchScopedTokenPayload, g as ProjectScopedTokenPayload, h as IssueCollaborationTokenOptions, i as issueBatchScopedToken, l as unsafeDecodeToken, m as CollaborationTokenPayload, n as getTokenTTL, o as issueProjectScopedToken, p as CollaborationAccess, r as isTokenExpiringSoon, s as issueReadToken, t as ProductTokenIssuer, u as verifyToken, v as SessionScopedTokenPayload, y as TokenScope } from "../index-Dpj1oB5i.js";
+import { _ as ReadTokenPayload, a as issueCollaborationToken, c as issueSessionScopedToken, d as AnyTokenPayload, f as BatchScopedTokenPayload, g as ProjectScopedTokenPayload, h as IssueCollaborationTokenOptions, i as issueBatchScopedToken, l as unsafeDecodeToken, m as CollaborationTokenPayload, n as getTokenTTL, o as issueProjectScopedToken, p as CollaborationAccess, r as isTokenExpiringSoon, s as issueReadToken, t as ProductTokenIssuer, u as verifyToken, v as SessionScopedTokenPayload, y as TokenScope } from "../index-D-2pH_70.js";
 export { AnyTokenPayload, BatchScopedTokenPayload, CollaborationAccess, CollaborationTokenPayload, IssueCollaborationTokenOptions, ProductTokenIssuer, ProjectScopedTokenPayload, ReadTokenPayload, SessionScopedTokenPayload, TokenScope, getTokenTTL, isTokenExpiringSoon, issueBatchScopedToken, issueCollaborationToken, issueProjectScopedToken, issueReadToken, issueSessionScopedToken, unsafeDecodeToken, verifyToken };

package/dist/auth/index.js

@@ -1,271 +1 @@
-import { createHmac, timingSafeEqual } from "node:crypto";
-//#region src/auth/tokens.ts
-/**
-* JWT Token Utilities
-*
-* Token generation and verification using HMAC-SHA256. Server-only
-* (uses Node.js `crypto`).
-*/
-/**
-* Base64URL encode (RFC 7515).
-*/
-function base64UrlEncode(data) {
-	return (typeof data === "string" ? Buffer.from(data) : data).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-/**
-* Base64URL decode (RFC 7515) to raw bytes. Returns `null` if the
-* input contains characters outside the base64url alphabet.
-*/
-function decodeBase64UrlToBuffer(input) {
-	if (!/^[A-Za-z0-9_-]*$/.test(input)) return null;
-	const padded = input + "=".repeat((4 - input.length % 4) % 4);
-	return Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64");
-}
-/**
-* Create HMAC-SHA256 signature.
-*/
-function createSignature(data, secret) {
-	return base64UrlEncode(createHmac("sha256", secret).update(data).digest());
-}
-/**
-* JWT header (always the same for our use case).
-*/
-const JWT_HEADER = base64UrlEncode(JSON.stringify({
-	alg: "HS256",
-	typ: "JWT"
-}));
-function issueToken(signingSecret, payload, ttlMinutes) {
-	const now = Math.floor(Date.now() / 1e3);
-	const fullPayload = {
-		...payload,
-		iat: now,
-		exp: now + ttlMinutes * 60
-	};
-	const data = `${JWT_HEADER}.${base64UrlEncode(JSON.stringify(fullPayload))}`;
-	return `${data}.${createSignature(data, signingSecret)}`;
-}
-/**
-* Issue a read token (JWT) for WebSocket authentication.
-*
-* @param signingSecret - The product's signing secret
-* @param payload - Token payload (without iat/exp/typ, those are added)
-* @param ttlMinutes - Token TTL in minutes
-*/
-function issueReadToken(signingSecret, payload, ttlMinutes) {
-	return issueToken(signingSecret, {
-		...payload,
-		typ: "read"
-	}, ttlMinutes);
-}
-/**
-* Issue a session-scoped token (JWT) for WebSocket authentication.
-* Grants access to a single session's events.
-*/
-function issueSessionScopedToken(signingSecret, payload, ttlMinutes) {
-	return issueReadToken(signingSecret, payload, ttlMinutes);
-}
-/**
-* Issue a project-scoped token (JWT) for WebSocket authentication.
-* Grants access to all sessions within a single project.
-*/
-function issueProjectScopedToken(signingSecret, payload, ttlMinutes) {
-	return issueReadToken(signingSecret, payload, ttlMinutes);
-}
-/**
-* Issue a batch-scoped token (JWT) for WebSocket authentication.
-* Grants access to multiple projects (organization-level access).
-*/
-function issueBatchScopedToken(signingSecret, payload, ttlMinutes) {
-	return issueReadToken(signingSecret, payload, ttlMinutes);
-}
-/**
-* Issue a collaboration-scoped token (JWT) for collaborative document access.
-* Grants read or write access to a single document in one project.
-*/
-function issueCollaborationToken(signingSecret, payload, ttlMinutes) {
-	return issueToken(signingSecret, {
-		sub: payload.userId,
-		sid: payload.sessionId,
-		pid: payload.productId,
-		cid: payload.sandboxId,
-		typ: "collaboration",
-		projectId: payload.projectId,
-		documentId: payload.documentId,
-		access: payload.access
-	}, ttlMinutes);
-}
-/**
-* Decode a JWT **without verifying its signature**.
-*
-* The deliberately scary name is the API contract: an HMAC-signed token
-* whose signature has not been verified is a self-asserted blob of JSON,
-* not an authenticated claim. Treating its fields as authoritative
-* (e.g. `if (unsafeDecodeToken(t).sub === userId) grantAccess()`) is a
-* straightforward authorization bypass — an attacker can mint any
-* payload they like.
-*
-* Use this only when the signature has already been validated upstream
-* (e.g. by an API gateway that strips the token after verification),
-* for client-side `exp` peeking to decide whether to refresh, or for
-* routing/logging keyed off non-security-sensitive claims.
-*
-* For any access-control decision, use {@link verifyToken} instead.
-*
-* Returns `null` if the token is malformed.
-*/
-function unsafeDecodeToken(token) {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return null;
-		const padded = parts[1] + "=".repeat((4 - parts[1].length % 4) % 4);
-		const decoded = Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString();
-		return JSON.parse(decoded);
-	} catch {
-		return null;
-	}
-}
-/**
-* Verify a JWT's HMAC-SHA256 signature against `signingSecret` and
-* check that it has not expired. Returns the decoded payload on
-* success, or `null` on any failure (malformed token, bad signature,
-* expired, or unexpected algorithm).
-*
-* Signature comparison is constant-time. Callers must use this — not
-* {@link unsafeDecodeToken} — for any authorization decision.
-*
-* @param token - The JWT to verify
-* @param signingSecret - The same secret used to issue the token
-* @param options.clockSkewSeconds - Tolerance for `exp` checks; default `0`
-*/
-function verifyToken(token, signingSecret, options = {}) {
-	try {
-		const parts = token.split(".");
-		if (parts.length !== 3) return null;
-		const [headerB64, payloadB64, signatureB64] = parts;
-		if (!headerB64 || !payloadB64 || !signatureB64) return null;
-		let header;
-		try {
-			const headerPadded = headerB64 + "=".repeat((4 - headerB64.length % 4) % 4);
-			const headerJson = Buffer.from(headerPadded.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString();
-			header = JSON.parse(headerJson);
-		} catch {
-			return null;
-		}
-		if (header.alg !== "HS256") return null;
-		const expectedSig = createSignature(`${headerB64}.${payloadB64}`, signingSecret);
-		const providedRaw = decodeBase64UrlToBuffer(signatureB64);
-		const expectedRaw = decodeBase64UrlToBuffer(expectedSig);
-		if (!providedRaw || !expectedRaw) return null;
-		if (providedRaw.length !== expectedRaw.length) return null;
-		if (!timingSafeEqual(providedRaw, expectedRaw)) return null;
-		const payload = unsafeDecodeToken(token);
-		if (!payload) return null;
-		const now = Math.floor(Date.now() / 1e3);
-		const skew = Math.max(0, options.clockSkewSeconds ?? 0);
-		if (typeof payload.exp !== "number" || payload.exp + skew < now) return null;
-		return payload;
-	} catch {
-		return null;
-	}
-}
-/**
-* Get time until token expires (in seconds).
-* Returns negative if expired.
-*/
-function getTokenTTL(payload) {
-	const now = Math.floor(Date.now() / 1e3);
-	return payload.exp - now;
-}
-/**
-* Check if token is expiring soon (within buffer seconds).
-*/
-function isTokenExpiringSoon(payload, bufferSeconds = 60) {
-	return getTokenTTL(payload) <= bufferSeconds;
-}
-//#endregion
-//#region src/auth/index.ts
-/**
-* Authentication Utilities
-*
-* Token issuance for application backends. Server-only (uses Node.js crypto).
-*
-* @example
-* ```typescript
-* import { ProductTokenIssuer } from "@tangle-network/sandbox/auth";
-*
-* const issuer = new ProductTokenIssuer({
-*   productId: "my-product",
-*   signingSecret: process.env.SANDBOX_SIGNING_SECRET!,
-* });
-*
-* const { token, expiresAt } = issuer.issue({
-*   userId: "user_123",
-*   sessionId: "sess_abc",
-*   tier: "pro",
-* });
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Token issuer for application backend services.
-*
-* Use this in your backend to issue read tokens for WebSocket connections.
-*/
-var ProductTokenIssuer = class {
-	productId;
-	signingSecret;
-	ttlMinutes;
-	constructor(config) {
-		this.productId = config.productId;
-		this.signingSecret = config.signingSecret;
-		this.ttlMinutes = {
-			free: config.ttlMinutes?.free ?? 15,
-			pro: config.ttlMinutes?.pro ?? 240,
-			enterprise: config.ttlMinutes?.enterprise ?? 480
-		};
-	}
-	/**
-	* Issue a read token for a user session.
-	*/
-	issue(params) {
-		const tier = params.tier ?? "free";
-		const ttl = this.ttlMinutes[tier] ?? this.ttlMinutes.free;
-		return {
-			token: issueReadToken(this.signingSecret, {
-				sub: params.userId,
-				sid: params.sessionId,
-				pid: this.productId,
-				cid: params.sandboxId
-			}, ttl),
-			expiresAt: Math.floor(Date.now() / 1e3) + ttl * 60
-		};
-	}
-	/**
-	* Issue a collaboration token for a single document.
-	*/
-	issueCollaboration(params) {
-		const tier = params.tier ?? "free";
-		const ttl = this.ttlMinutes[tier] ?? this.ttlMinutes.free;
-		return {
-			token: issueCollaborationToken(this.signingSecret, {
-				userId: params.userId,
-				sessionId: params.sessionId,
-				productId: this.productId,
-				projectId: params.projectId,
-				documentId: params.documentId,
-				access: params.access,
-				sandboxId: params.sandboxId
-			}, ttl),
-			expiresAt: Math.floor(Date.now() / 1e3) + ttl * 60
-		};
-	}
-	/**
-	* Get the TTL in minutes for a tier.
-	*/
-	getTtlMinutes(tier = "free") {
-		return this.ttlMinutes[tier] ?? this.ttlMinutes.free;
-	}
-};
-//#endregion
-export { ProductTokenIssuer, getTokenTTL, isTokenExpiringSoon, issueBatchScopedToken, issueCollaborationToken, issueProjectScopedToken, issueReadToken, issueSessionScopedToken, unsafeDecodeToken, verifyToken };
+const a0_0x92b952=a0_0x228a;(function(_0x13bf54,_0x547fa1){const _0x153508=a0_0x228a,_0x513a2b=_0x13bf54();while(!![]){try{const _0x14eded=-parseInt(_0x153508(0x152))/0x1+-parseInt(_0x153508(0x12a))/0x2+parseInt(_0x153508(0x156))/0x3+parseInt(_0x153508(0x15b))/0x4+parseInt(_0x153508(0x14e))/0x5*(-parseInt(_0x153508(0x130))/0x6)+-parseInt(_0x153508(0x14c))/0x7+parseInt(_0x153508(0x15d))/0x8*(parseInt(_0x153508(0x165))/0x9);if(_0x14eded===_0x547fa1)break;else _0x513a2b['push'](_0x513a2b['shift']());}catch(_0x2a8f67){_0x513a2b['push'](_0x513a2b['shift']());}}}(a0_0x47dc,0xa806b));import{createHmac,timingSafeEqual}from'\x6e\x6f\x64\x65\x3a\x63\x72\x79\x70\x74\x6f';function a0_0x228a(_0x457f9e,_0x32c315){_0x457f9e=_0x457f9e-0x12a;const _0x47dc48=a0_0x47dc();let _0x228a9c=_0x47dc48[_0x457f9e];if(a0_0x228a['\x61\x6f\x6f\x75\x74\x5a']===undefined){var _0xe81cde=function(_0x52b874){const _0x4a8cf8='\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2b\x2f\x3d';let _0x6567b6='',_0x273880='';for(let _0x197648=0x0,_0x30e86b,_0x9b8350,_0x31796f=0x0;_0x9b8350=_0x52b874['\x63\x68\x61\x72\x41\x74'](_0x31796f++);~_0x9b8350&&(_0x30e86b=_0x197648%0x4?_0x30e86b*0x40+_0x9b8350:_0x9b8350,_0x197648++%0x4)?_0x6567b6+=String['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](0xff&_0x30e86b>>(-0x2*_0x197648&0x6)):0x0){_0x9b8350=_0x4a8cf8['\x69\x6e\x64\x65\x78\x4f\x66'](_0x9b8350);}for(let _0x3d626c=0x0,_0x56107=_0x6567b6['\x6c\x65\x6e\x67\x74\x68'];_0x3d626c<_0x56107;_0x3d626c++){_0x273880+='\x25'+('\x30\x30'+_0x6567b6['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x3d626c)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x10))['\x73\x6c\x69\x63\x65'](-0x2);}return decodeURIComponent(_0x273880);};a0_0x228a['\x62\x4b\x44\x72\x77\x55']=_0xe81cde,a0_0x228a['\x62\x45\x59\x61\x6d\x61']={},a0_0x228a['\x61\x6f\x6f\x75\x74\x5a']=!![];}const _0x20f278=_0x47dc48[0x0],_0x331c4f=_0x457f9e+_0x20f278,_0x22b950=a0_0x228a['\x62\x45\x59\x61\x6d\x61'][_0x331c4f];return!_0x22b950?(_0x228a9c=a0_0x228a['\x62\x4b\x44\x72\x77\x55'](_0x228a9c),a0_0x228a['\x62\x45\x59\x61\x6d\x61'][_0x331c4f]=_0x228a9c):_0x228a9c=_0x22b950,_0x228a9c;}function base64UrlEncode(_0x127375){const _0x2ab21b=a0_0x228a,_0xd4d11f={'\x67\x6f\x6a\x6f\x56':'\x73\x74\x72\x69\x6e\x67'};return(typeof _0x127375===_0xd4d11f[_0x2ab21b(0x132)]?Buffer[_0x2ab21b(0x160)](_0x127375):_0x127375)[_0x2ab21b(0x155)]('\x62\x61\x73\x65\x36\x34')[_0x2ab21b(0x12f)](/\+/g,'\x2d')[_0x2ab21b(0x12f)](/\//g,'\x5f')['\x72\x65\x70\x6c\x61\x63\x65'](/=+$/,'');}function decodeBase64UrlToBuffer(_0x5daab1){const _0x213fe7=a0_0x228a,_0x3e9b36={'\x48\x46\x54\x4d\x48':function(_0x57622a,_0x1d8b4e){return _0x57622a+_0x1d8b4e;},'\x46\x6e\x4b\x45\x49':function(_0x2f9de3,_0x1bc98c){return _0x2f9de3%_0x1bc98c;}};if(!/^[A-Za-z0-9_-]*$/['\x74\x65\x73\x74'](_0x5daab1))return null;const _0x30d6b0=_0x3e9b36[_0x213fe7(0x147)](_0x5daab1,'\x3d'['\x72\x65\x70\x65\x61\x74'](_0x3e9b36[_0x213fe7(0x15c)](0x4-_0x5daab1[_0x213fe7(0x138)]%0x4,0x4)));return Buffer[_0x213fe7(0x160)](_0x30d6b0[_0x213fe7(0x12f)](/-/g,'\x2b')[_0x213fe7(0x12f)](/_/g,'\x2f'),_0x213fe7(0x14d));}function createSignature(_0x37995d,_0x3ab0f9){const _0x300c4d=a0_0x228a,_0x4393c3={'\x65\x61\x51\x4b\x4f':_0x300c4d(0x149)};return base64UrlEncode(createHmac(_0x4393c3['\x65\x61\x51\x4b\x4f'],_0x3ab0f9)['\x75\x70\x64\x61\x74\x65'](_0x37995d)[_0x300c4d(0x16a)]());}const JWT_HEADER=base64UrlEncode(JSON['\x73\x74\x72\x69\x6e\x67\x69\x66\x79']({'\x61\x6c\x67':'\x48\x53\x32\x35\x36','\x74\x79\x70':a0_0x92b952(0x135)}));function issueToken(_0x1ad4cd,_0x1ddcae,_0x155c8d){const _0x550d24=a0_0x92b952,_0x5b38e7={'\x63\x76\x72\x5a\x4f':function(_0x229b26,_0x35af5a){return _0x229b26/_0x35af5a;},'\x50\x4b\x41\x47\x77':function(_0x4de5ff,_0x4716f7){return _0x4de5ff(_0x4716f7);},'\x67\x6b\x48\x53\x7a':function(_0x20aee3,_0x25400f,_0x74faf5){return _0x20aee3(_0x25400f,_0x74faf5);}},_0x5a4433=Math['\x66\x6c\x6f\x6f\x72'](_0x5b38e7[_0x550d24(0x150)](Date[_0x550d24(0x142)](),0x3e8)),_0x561c22={..._0x1ddcae,'\x69\x61\x74':_0x5a4433,'\x65\x78\x70':_0x5a4433+_0x155c8d*0x3c},_0x3ca86c=JWT_HEADER+'\x2e'+_0x5b38e7['\x50\x4b\x41\x47\x77'](base64UrlEncode,JSON[_0x550d24(0x12e)](_0x561c22));return _0x3ca86c+'\x2e'+_0x5b38e7[_0x550d24(0x13c)](createSignature,_0x3ca86c,_0x1ad4cd);}function issueReadToken(_0xa4a1aa,_0x262962,_0x3b0e76){const _0x40242c=a0_0x92b952,_0x2bdf1f={'\x55\x52\x70\x55\x6b':_0x40242c(0x148)};return issueToken(_0xa4a1aa,{..._0x262962,'\x74\x79\x70':_0x2bdf1f[_0x40242c(0x15a)]},_0x3b0e76);}function issueSessionScopedToken(_0x32eaf3,_0x405287,_0x146917){const _0x2f7436=a0_0x92b952,_0x586e58={'\x66\x68\x56\x4c\x76':function(_0x1d4130,_0x39eca3,_0x4e2eea,_0x437aa0){return _0x1d4130(_0x39eca3,_0x4e2eea,_0x437aa0);}};return _0x586e58[_0x2f7436(0x158)](issueReadToken,_0x32eaf3,_0x405287,_0x146917);}function issueProjectScopedToken(_0x38290c,_0x2a0678,_0x4ec8b3){return issueReadToken(_0x38290c,_0x2a0678,_0x4ec8b3);}function issueBatchScopedToken(_0x217d42,_0x23d3ab,_0x1a067c){return issueReadToken(_0x217d42,_0x23d3ab,_0x1a067c);}function issueCollaborationToken(_0xfebd3d,_0x50a228,_0x4c94ee){const _0x28d49e=a0_0x92b952,_0x5c9481={'\x76\x47\x65\x68\x43':function(_0x2d56ff,_0x481ec1,_0x511a66,_0x4f99fa){return _0x2d56ff(_0x481ec1,_0x511a66,_0x4f99fa);}};return _0x5c9481[_0x28d49e(0x162)](issueToken,_0xfebd3d,{'\x73\x75\x62':_0x50a228[_0x28d49e(0x13e)],'\x73\x69\x64':_0x50a228[_0x28d49e(0x169)],'\x70\x69\x64':_0x50a228['\x70\x72\x6f\x64\x75\x63\x74\x49\x64'],'\x63\x69\x64':_0x50a228['\x73\x61\x6e\x64\x62\x6f\x78\x49\x64'],'\x74\x79\x70':_0x28d49e(0x141),'\x70\x72\x6f\x6a\x65\x63\x74\x49\x64':_0x50a228[_0x28d49e(0x140)],'\x64\x6f\x63\x75\x6d\x65\x6e\x74\x49\x64':_0x50a228[_0x28d49e(0x145)],'\x61\x63\x63\x65\x73\x73':_0x50a228[_0x28d49e(0x14b)]},_0x4c94ee);}function unsafeDecodeToken(_0x112a69){const _0x334283=a0_0x92b952,_0x57e19e={'\x56\x44\x7a\x6c\x66':function(_0x9f1c10,_0x1b53f9){return _0x9f1c10%_0x1b53f9;},'\x6f\x6a\x61\x7a\x4f':function(_0x1d3e26,_0x3756e8){return _0x1d3e26-_0x3756e8;},'\x54\x41\x59\x57\x66':_0x334283(0x14d)};try{const _0x2d8010=_0x112a69[_0x334283(0x163)]('\x2e');if(_0x2d8010[_0x334283(0x138)]!==0x3)return null;const _0x58f12d=_0x2d8010[0x1]+'\x3d'[_0x334283(0x13d)](_0x57e19e[_0x334283(0x133)](_0x57e19e[_0x334283(0x12b)](0x4,_0x2d8010[0x1]['\x6c\x65\x6e\x67\x74\x68']%0x4),0x4)),_0x2c6d30=Buffer[_0x334283(0x160)](_0x58f12d[_0x334283(0x12f)](/-/g,'\x2b')[_0x334283(0x12f)](/_/g,'\x2f'),_0x57e19e[_0x334283(0x154)])[_0x334283(0x155)]();return JSON[_0x334283(0x137)](_0x2c6d30);}catch{return null;}}function verifyToken(_0x2e4336,_0x102f8f,_0x27f7c3={}){const _0x2f676b=a0_0x92b952,_0x2120d1={'\x71\x73\x70\x78\x4d':function(_0x29e668,_0x27955c){return _0x29e668!==_0x27955c;},'\x54\x72\x68\x55\x4a':function(_0x3c5ab0,_0x355744){return _0x3c5ab0||_0x355744;},'\x69\x67\x6e\x69\x4c':function(_0x556f30,_0x29c667){return _0x556f30+_0x29c667;},'\x59\x64\x4e\x45\x52':function(_0x3633ae,_0x401f82){return _0x3633ae%_0x401f82;},'\x54\x4e\x6d\x61\x4d':function(_0x1dbb1b,_0x113214){return _0x1dbb1b-_0x113214;},'\x55\x5a\x48\x50\x79':'\x48\x53\x32\x35\x36','\x73\x72\x79\x48\x6f':function(_0x36eb7a,_0x53293e){return _0x36eb7a(_0x53293e);},'\x57\x4f\x4f\x4f\x77':function(_0x49e239,_0x1e86d9){return _0x49e239||_0x1e86d9;},'\x49\x66\x4f\x78\x44':function(_0x3a17a3,_0xbefc5b){return _0x3a17a3(_0xbefc5b);},'\x77\x47\x67\x63\x69':function(_0xecabdc,_0xac69c1){return _0xecabdc/_0xac69c1;}};try{const _0x2e049b=_0x2e4336[_0x2f676b(0x163)]('\x2e');if(_0x2120d1[_0x2f676b(0x167)](_0x2e049b['\x6c\x65\x6e\x67\x74\x68'],0x3))return null;const [_0x4cb5c2,_0x3cba63,_0x3530d2]=_0x2e049b;if(_0x2120d1[_0x2f676b(0x146)](!_0x4cb5c2,!_0x3cba63)||!_0x3530d2)return null;let _0x53f6a2;try{const _0x1c8e28=_0x2120d1[_0x2f676b(0x136)](_0x4cb5c2,'\x3d'['\x72\x65\x70\x65\x61\x74'](_0x2120d1['\x59\x64\x4e\x45\x52'](_0x2120d1[_0x2f676b(0x12d)](0x4,_0x4cb5c2[_0x2f676b(0x138)]%0x4),0x4))),_0x4c1de7=Buffer[_0x2f676b(0x160)](_0x1c8e28[_0x2f676b(0x12f)](/-/g,'\x2b')[_0x2f676b(0x12f)](/_/g,'\x2f'),_0x2f676b(0x14d))[_0x2f676b(0x155)]();_0x53f6a2=JSON[_0x2f676b(0x137)](_0x4c1de7);}catch{return null;}if(_0x53f6a2[_0x2f676b(0x134)]!==_0x2120d1[_0x2f676b(0x14f)])return null;const _0x155495=createSignature(_0x4cb5c2+'\x2e'+_0x3cba63,_0x102f8f),_0x2e3962=decodeBase64UrlToBuffer(_0x3530d2),_0x57d1ab=_0x2120d1['\x73\x72\x79\x48\x6f'](decodeBase64UrlToBuffer,_0x155495);if(_0x2120d1[_0x2f676b(0x161)](!_0x2e3962,!_0x57d1ab))return null;if(_0x2120d1[_0x2f676b(0x167)](_0x2e3962['\x6c\x65\x6e\x67\x74\x68'],_0x57d1ab[_0x2f676b(0x138)]))return null;if(!timingSafeEqual(_0x2e3962,_0x57d1ab))return null;const _0x4fcb61=_0x2120d1['\x49\x66\x4f\x78\x44'](unsafeDecodeToken,_0x2e4336);if(!_0x4fcb61)return null;const _0x262333=Math[_0x2f676b(0x143)](_0x2120d1[_0x2f676b(0x159)](Date['\x6e\x6f\x77'](),0x3e8)),_0x786c5=Math[_0x2f676b(0x153)](0x0,_0x27f7c3[_0x2f676b(0x166)]??0x0);if(typeof _0x4fcb61[_0x2f676b(0x168)]!==_0x2f676b(0x15e)||_0x4fcb61[_0x2f676b(0x168)]+_0x786c5<_0x262333)return null;return _0x4fcb61;}catch{return null;}}function getTokenTTL(_0x3224ce){const _0x1adccd=a0_0x92b952,_0x2fb1a3=Math[_0x1adccd(0x143)](Date[_0x1adccd(0x142)]()/0x3e8);return _0x3224ce[_0x1adccd(0x168)]-_0x2fb1a3;}function isTokenExpiringSoon(_0x23811e,_0x1a5468=0x3c){const _0x37c72d={'\x71\x4d\x6f\x67\x52':function(_0x311d52,_0x73e6d){return _0x311d52(_0x73e6d);}};return _0x37c72d['\x71\x4d\x6f\x67\x52'](getTokenTTL,_0x23811e)<=_0x1a5468;}var ProductTokenIssuer=class{[a0_0x92b952(0x131)];['\x73\x69\x67\x6e\x69\x6e\x67\x53\x65\x63\x72\x65\x74'];['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73'];constructor(_0xb2f4f){const _0x1738b7=a0_0x92b952;this[_0x1738b7(0x131)]=_0xb2f4f[_0x1738b7(0x131)],this['\x73\x69\x67\x6e\x69\x6e\x67\x53\x65\x63\x72\x65\x74']=_0xb2f4f[_0x1738b7(0x12c)],this[_0x1738b7(0x13f)]={'\x66\x72\x65\x65':_0xb2f4f['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73']?.[_0x1738b7(0x164)]??0xf,'\x70\x72\x6f':_0xb2f4f[_0x1738b7(0x13f)]?.[_0x1738b7(0x15f)]??0xf0,'\x65\x6e\x74\x65\x72\x70\x72\x69\x73\x65':_0xb2f4f[_0x1738b7(0x13f)]?.[_0x1738b7(0x151)]??0x1e0};}[a0_0x92b952(0x14a)](_0x47ca81){const _0x323ec2=a0_0x92b952,_0x531268={'\x77\x70\x44\x52\x59':function(_0xc74826,_0x126466){return _0xc74826*_0x126466;}},_0x5a3ba5=_0x47ca81['\x74\x69\x65\x72']??_0x323ec2(0x164),_0x10a3f7=this['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73'][_0x5a3ba5]??this[_0x323ec2(0x13f)][_0x323ec2(0x164)];return{'\x74\x6f\x6b\x65\x6e':issueReadToken(this[_0x323ec2(0x12c)],{'\x73\x75\x62':_0x47ca81[_0x323ec2(0x13e)],'\x73\x69\x64':_0x47ca81[_0x323ec2(0x169)],'\x70\x69\x64':this[_0x323ec2(0x131)],'\x63\x69\x64':_0x47ca81[_0x323ec2(0x13a)]},_0x10a3f7),'\x65\x78\x70\x69\x72\x65\x73\x41\x74':Math[_0x323ec2(0x143)](Date[_0x323ec2(0x142)]()/0x3e8)+_0x531268[_0x323ec2(0x139)](_0x10a3f7,0x3c)};}['\x69\x73\x73\x75\x65\x43\x6f\x6c\x6c\x61\x62\x6f\x72\x61\x74\x69\x6f\x6e'](_0x53695e){const _0x55b62d=a0_0x92b952,_0x3d972b={'\x4d\x53\x44\x4f\x52':'\x66\x72\x65\x65','\x75\x42\x4e\x6f\x6b':function(_0xca2384,_0x45f290,_0x286517,_0x57084a){return _0xca2384(_0x45f290,_0x286517,_0x57084a);},'\x51\x71\x6e\x7a\x48':function(_0x17d17b,_0x563eeb){return _0x17d17b/_0x563eeb;}},_0x58637d=_0x53695e['\x74\x69\x65\x72']??_0x3d972b[_0x55b62d(0x144)],_0x3fbf6c=this[_0x55b62d(0x13f)][_0x58637d]??this[_0x55b62d(0x13f)][_0x55b62d(0x164)];return{'\x74\x6f\x6b\x65\x6e':_0x3d972b['\x75\x42\x4e\x6f\x6b'](issueCollaborationToken,this[_0x55b62d(0x12c)],{'\x75\x73\x65\x72\x49\x64':_0x53695e[_0x55b62d(0x13e)],'\x73\x65\x73\x73\x69\x6f\x6e\x49\x64':_0x53695e[_0x55b62d(0x169)],'\x70\x72\x6f\x64\x75\x63\x74\x49\x64':this[_0x55b62d(0x131)],'\x70\x72\x6f\x6a\x65\x63\x74\x49\x64':_0x53695e['\x70\x72\x6f\x6a\x65\x63\x74\x49\x64'],'\x64\x6f\x63\x75\x6d\x65\x6e\x74\x49\x64':_0x53695e[_0x55b62d(0x145)],'\x61\x63\x63\x65\x73\x73':_0x53695e['\x61\x63\x63\x65\x73\x73'],'\x73\x61\x6e\x64\x62\x6f\x78\x49\x64':_0x53695e[_0x55b62d(0x13a)]},_0x3fbf6c),'\x65\x78\x70\x69\x72\x65\x73\x41\x74':Math[_0x55b62d(0x143)](_0x3d972b[_0x55b62d(0x13b)](Date[_0x55b62d(0x142)](),0x3e8))+_0x3fbf6c*0x3c};}[a0_0x92b952(0x157)](_0x41d19e='\x66\x72\x65\x65'){const _0x2b547e=a0_0x92b952;return this[_0x2b547e(0x13f)][_0x41d19e]??this[_0x2b547e(0x13f)]['\x66\x72\x65\x65'];}};export{ProductTokenIssuer,getTokenTTL,isTokenExpiringSoon,issueBatchScopedToken,issueCollaborationToken,issueProjectScopedToken,issueReadToken,issueSessionScopedToken,unsafeDecodeToken,verifyToken};function a0_0x47dc(){const _0x18b588=['\x76\x76\x6a\x57\x76\x77\x53','\x6d\x5a\x75\x32\x6d\x64\x75\x59\x6e\x68\x72\x54\x75\x66\x76\x31\x74\x71','\x72\x4d\x35\x6c\x72\x75\x4b','\x6e\x5a\x6d\x58\x6d\x74\x47\x57\x6d\x65\x7a\x77\x72\x77\x72\x73\x41\x61','\x42\x4e\x76\x54\x79\x4d\x76\x59','\x43\x68\x6a\x56','\x7a\x4e\x6a\x56\x42\x71','\x76\x30\x39\x70\x74\x33\x43','\x44\x4b\x44\x4c\x41\x65\x6d','\x43\x33\x62\x53\x41\x78\x71','\x7a\x4e\x6a\x4c\x7a\x71','\x6d\x4a\x44\x71\x79\x30\x35\x6d\x79\x75\x30','\x79\x32\x58\x56\x79\x32\x54\x74\x41\x32\x76\x33\x75\x32\x76\x4a\x42\x32\x35\x4b\x43\x57','\x43\x78\x6e\x57\x45\x65\x30','\x7a\x78\x48\x57','\x43\x32\x76\x5a\x43\x32\x4c\x56\x42\x4b\x4c\x4b','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x6d\x4a\x61\x30\x6e\x74\x43\x5a\x6d\x4e\x50\x73\x43\x76\x4c\x35\x42\x61','\x42\x32\x50\x48\x45\x4b\x38','\x43\x32\x4c\x4e\x42\x4d\x4c\x55\x7a\x31\x6e\x4c\x79\x33\x6a\x4c\x44\x61','\x76\x65\x35\x54\x79\x75\x30','\x43\x33\x72\x59\x41\x77\x35\x4e\x41\x77\x7a\x35','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x6d\x74\x61\x30\x6e\x64\x7a\x75\x72\x78\x50\x49\x41\x77\x53','\x43\x68\x6a\x56\x7a\x68\x76\x4a\x44\x65\x4c\x4b','\x7a\x32\x39\x51\x42\x31\x79','\x76\x4b\x72\x36\x42\x67\x79','\x79\x77\x58\x4e','\x73\x4c\x44\x75','\x41\x77\x44\x55\x41\x75\x57','\x43\x67\x66\x59\x43\x32\x75','\x42\x67\x76\x55\x7a\x33\x72\x4f','\x44\x33\x62\x65\x75\x4c\x4b','\x43\x32\x66\x55\x7a\x67\x6a\x56\x45\x65\x4c\x4b','\x75\x78\x66\x55\x45\x4b\x47','\x7a\x32\x54\x69\x75\x33\x4f','\x43\x4d\x76\x57\x7a\x77\x66\x30','\x44\x78\x6e\x4c\x43\x4b\x4c\x4b','\x44\x68\x72\x53\x74\x77\x4c\x55\x44\x78\x72\x4c\x43\x57','\x43\x68\x6a\x56\x41\x4d\x76\x4a\x44\x65\x4c\x4b','\x79\x32\x39\x53\x42\x67\x66\x49\x42\x33\x6a\x48\x44\x67\x4c\x56\x42\x47','\x42\x4d\x39\x33','\x7a\x4d\x58\x56\x42\x33\x69','\x74\x76\x6e\x65\x74\x31\x69','\x7a\x67\x39\x4a\x44\x77\x31\x4c\x42\x4e\x72\x6a\x7a\x61','\x76\x68\x6a\x4f\x76\x75\x4f','\x73\x65\x7a\x75\x74\x75\x47','\x43\x4d\x76\x48\x7a\x61','\x43\x32\x48\x48\x6d\x4a\x75\x32','\x41\x78\x6e\x5a\x44\x77\x75','\x79\x77\x6e\x4a\x7a\x78\x6e\x5a','\x6f\x74\x75\x5a\x6f\x64\x71\x31\x6d\x4b\x31\x75\x41\x75\x6e\x52\x74\x71','\x79\x4d\x66\x5a\x7a\x74\x79\x30','\x6d\x4a\x61\x33\x6d\x67\x44\x57\x75\x66\x48\x71\x77\x61','\x76\x76\x50\x69\x75\x68\x4b','\x79\x33\x7a\x59\x77\x4b\x38','\x7a\x77\x35\x30\x7a\x78\x6a\x57\x43\x4d\x4c\x5a\x7a\x71','\x6d\x74\x65\x59\x6e\x74\x6d\x30\x6d\x4b\x4c\x51\x44\x4b\x4c\x6f\x44\x47','\x42\x77\x66\x34','\x76\x65\x66\x7a\x76\x32\x79','\x44\x67\x39\x74\x44\x68\x6a\x50\x42\x4d\x43','\x6d\x5a\x47\x32\x6d\x5a\x6d\x35\x6d\x77\x6a\x4e\x76\x33\x6e\x4a\x45\x61','\x7a\x32\x76\x30\x76\x68\x72\x53\x74\x77\x4c\x55\x44\x78\x72\x4c\x43\x57','\x7a\x4d\x48\x77\x74\x68\x79','\x44\x30\x44\x4e\x79\x32\x4b'];a0_0x47dc=function(){return _0x18b588;};return a0_0x47dc();}