@tangle-network/sandbox 0.9.2 → 0.9.3

package/dist/auth/index.js

@@ -1 +1,273 @@
-const a0_0x31689d=a0_0xadc5;(function(_0x48e67a,_0x2a338a){const _0x592395=a0_0xadc5,_0x2b9537=_0x48e67a();while(!![]){try{const _0x47b9d5=parseInt(_0x592395(0x1e2))/0x1*(-parseInt(_0x592395(0x1e9))/0x2)+parseInt(_0x592395(0x1fb))/0x3*(-parseInt(_0x592395(0x1ea))/0x4)+-parseInt(_0x592395(0x1ff))/0x5*(-parseInt(_0x592395(0x1ee))/0x6)+parseInt(_0x592395(0x1dd))/0x7+parseInt(_0x592395(0x1d4))/0x8*(-parseInt(_0x592395(0x1d5))/0x9)+-parseInt(_0x592395(0x1e6))/0xa+parseInt(_0x592395(0x1fd))/0xb*(parseInt(_0x592395(0x1e0))/0xc);if(_0x47b9d5===_0x2a338a)break;else _0x2b9537['push'](_0x2b9537['shift']());}catch(_0x4d1f54){_0x2b9537['push'](_0x2b9537['shift']());}}}(a0_0x1221,0x75142));import{createHmac,timingSafeEqual}from'\x6e\x6f\x64\x65\x3a\x63\x72\x79\x70\x74\x6f';function base64UrlEncode(_0x41b49e){const _0x10b439=a0_0xadc5,_0x1642df={'\x49\x65\x58\x58\x57':function(_0x301dbc,_0x4738de){return _0x301dbc===_0x4738de;},'\x4d\x6b\x48\x4e\x4b':'\x73\x74\x72\x69\x6e\x67'};return(_0x1642df[_0x10b439(0x1c9)](typeof _0x41b49e,_0x1642df[_0x10b439(0x1df)])?Buffer['\x66\x72\x6f\x6d'](_0x41b49e):_0x41b49e)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](_0x10b439(0x1c8))[_0x10b439(0x1de)](/\+/g,'\x2d')[_0x10b439(0x1de)](/\//g,'\x5f')[_0x10b439(0x1de)](/=+$/,'');}function decodeBase64UrlToBuffer(_0x521cea){const _0x6a190c=a0_0xadc5,_0x4b8a51={'\x49\x46\x62\x43\x68':function(_0x1e9b0f,_0x584b33){return _0x1e9b0f-_0x584b33;}};if(!/^[A-Za-z0-9_-]*$/[_0x6a190c(0x1fa)](_0x521cea))return null;const _0x47ba14=_0x521cea+'\x3d'[_0x6a190c(0x202)](_0x4b8a51[_0x6a190c(0x1cb)](0x4,_0x521cea[_0x6a190c(0x1d0)]%0x4)%0x4);return Buffer[_0x6a190c(0x1f2)](_0x47ba14[_0x6a190c(0x1de)](/-/g,'\x2b')[_0x6a190c(0x1de)](/_/g,'\x2f'),'\x62\x61\x73\x65\x36\x34');}function createSignature(_0x505298,_0x28591d){const _0x5cf5aa=a0_0xadc5;return base64UrlEncode(createHmac('\x73\x68\x61\x32\x35\x36',_0x28591d)[_0x5cf5aa(0x1ef)](_0x505298)[_0x5cf5aa(0x1e1)]());}const JWT_HEADER=base64UrlEncode(JSON['\x73\x74\x72\x69\x6e\x67\x69\x66\x79']({'\x61\x6c\x67':'\x48\x53\x32\x35\x36','\x74\x79\x70':a0_0x31689d(0x1c7)}));function issueToken(_0x57be56,_0x117a95,_0x469286){const _0x4e83e5=a0_0x31689d,_0x1bdbf6=Math[_0x4e83e5(0x1d3)](Date[_0x4e83e5(0x1d6)]()/0x3e8),_0x1e8ae6={..._0x117a95,'\x69\x61\x74':_0x1bdbf6,'\x65\x78\x70':_0x1bdbf6+_0x469286*0x3c},_0x33d172=JWT_HEADER+'\x2e'+base64UrlEncode(JSON['\x73\x74\x72\x69\x6e\x67\x69\x66\x79'](_0x1e8ae6));return _0x33d172+'\x2e'+createSignature(_0x33d172,_0x57be56);}function issueReadToken(_0x4fb2c0,_0x3c566e,_0x2d2647){const _0x1d9878=a0_0x31689d,_0x73bec1={'\x43\x41\x62\x70\x47':_0x1d9878(0x1e3)};return issueToken(_0x4fb2c0,{..._0x3c566e,'\x74\x79\x70':_0x73bec1['\x43\x41\x62\x70\x47']},_0x2d2647);}function issueSessionScopedToken(_0x399e89,_0x433bfb,_0x3d3a92){const _0x13e303=a0_0x31689d,_0x324dbb={'\x6a\x52\x63\x62\x4c':function(_0x5e977b,_0x2eec72,_0x26c1ac,_0x315419){return _0x5e977b(_0x2eec72,_0x26c1ac,_0x315419);}};return _0x324dbb[_0x13e303(0x1f6)](issueReadToken,_0x399e89,_0x433bfb,_0x3d3a92);}function issueProjectScopedToken(_0x53bf66,_0x4248c9,_0x364654){return issueReadToken(_0x53bf66,_0x4248c9,_0x364654);}function issueBatchScopedToken(_0x71293f,_0x44afa8,_0x4b8057){return issueReadToken(_0x71293f,_0x44afa8,_0x4b8057);}function issueCollaborationToken(_0x465c84,_0x23b16d,_0x2e613b){const _0x1b5595=a0_0x31689d,_0x2ddfda={'\x50\x63\x41\x44\x66':function(_0x2f2a00,_0x2bc12e,_0x4b6368,_0x6dfe29){return _0x2f2a00(_0x2bc12e,_0x4b6368,_0x6dfe29);},'\x6c\x4b\x79\x63\x57':_0x1b5595(0x1f8)};return _0x2ddfda[_0x1b5595(0x1cd)](issueToken,_0x465c84,{'\x73\x75\x62':_0x23b16d[_0x1b5595(0x1fe)],'\x73\x69\x64':_0x23b16d['\x73\x65\x73\x73\x69\x6f\x6e\x49\x64'],'\x70\x69\x64':_0x23b16d[_0x1b5595(0x1eb)],'\x63\x69\x64':_0x23b16d['\x73\x61\x6e\x64\x62\x6f\x78\x49\x64'],'\x74\x79\x70':_0x2ddfda[_0x1b5595(0x1f3)],'\x70\x72\x6f\x6a\x65\x63\x74\x49\x64':_0x23b16d[_0x1b5595(0x207)],'\x64\x6f\x63\x75\x6d\x65\x6e\x74\x49\x64':_0x23b16d[_0x1b5595(0x1d7)],'\x61\x63\x63\x65\x73\x73':_0x23b16d['\x61\x63\x63\x65\x73\x73']},_0x2e613b);}function a0_0x1221(){const _0x3b25ee=['\x71\x4d\x35\x63\x45\x66\x6d','\x7a\x32\x76\x30\x76\x68\x72\x53\x74\x77\x4c\x55\x44\x78\x72\x4c\x43\x57','\x6d\x4b\x54\x59\x72\x33\x62\x4d\x71\x57','\x6f\x74\x6a\x59\x71\x76\x76\x53\x43\x4b\x57','\x43\x68\x6a\x56\x7a\x68\x76\x4a\x44\x65\x4c\x4b','\x76\x67\x48\x33\x76\x4c\x4f','\x71\x77\x35\x6d\x73\x32\x71','\x6e\x4e\x48\x6f\x7a\x68\x7a\x72\x7a\x71','\x44\x78\x62\x4b\x79\x78\x72\x4c','\x43\x33\x62\x53\x41\x78\x71','\x42\x76\x48\x63\x75\x65\x30','\x7a\x4e\x6a\x56\x42\x71','\x42\x65\x54\x35\x79\x31\x43','\x7a\x4e\x6a\x4c\x7a\x71','\x43\x4d\x6e\x33\x41\x32\x69','\x41\x4c\x6a\x4a\x79\x4b\x57','\x79\x77\x6e\x4a\x7a\x78\x6e\x5a','\x79\x32\x39\x53\x42\x67\x66\x49\x42\x33\x6a\x48\x44\x67\x4c\x56\x42\x47','\x41\x78\x6e\x5a\x44\x77\x75','\x44\x67\x76\x5a\x44\x61','\x6d\x74\x75\x33\x6f\x64\x6e\x7a\x43\x4e\x66\x56\x72\x31\x6d','\x43\x68\x6a\x56','\x6d\x74\x66\x34\x72\x65\x7a\x4b\x75\x4e\x65','\x44\x78\x6e\x4c\x43\x4b\x4c\x4b','\x6e\x64\x79\x5a\x6d\x5a\x65\x31\x6d\x67\x44\x57\x72\x76\x50\x55\x76\x57','\x42\x4d\x58\x6f\x79\x4d\x69','\x44\x67\x4c\x4c\x43\x47','\x43\x4d\x76\x57\x7a\x77\x66\x30','\x75\x67\x50\x52\x41\x78\x47','\x43\x32\x66\x55\x7a\x67\x6a\x56\x45\x65\x4c\x4b','\x43\x32\x4c\x4e\x42\x4d\x4c\x55\x7a\x31\x6e\x4c\x79\x33\x6a\x4c\x44\x61','\x44\x67\x39\x74\x44\x68\x6a\x50\x42\x4d\x43','\x43\x68\x6a\x56\x41\x4d\x76\x4a\x44\x65\x4c\x4b','\x79\x4b\x72\x58\x42\x68\x71','\x42\x4e\x76\x54\x79\x4d\x76\x59','\x73\x4c\x44\x75','\x79\x4d\x66\x5a\x7a\x74\x79\x30','\x73\x77\x76\x79\x77\x66\x43','\x79\x77\x58\x4e','\x73\x75\x7a\x49\x71\x32\x47','\x71\x75\x72\x30\x76\x31\x79','\x75\x67\x6e\x62\x72\x67\x79','\x44\x68\x72\x53\x74\x77\x4c\x55\x44\x78\x72\x4c\x43\x57','\x73\x66\x6d\x59\x6e\x74\x79','\x42\x67\x76\x55\x7a\x33\x72\x4f','\x7a\x77\x35\x30\x7a\x78\x6a\x57\x43\x4d\x4c\x5a\x7a\x71','\x43\x32\x76\x5a\x43\x32\x4c\x56\x42\x4b\x4c\x4b','\x7a\x4d\x58\x56\x42\x33\x69','\x6e\x64\x71\x5a\x6d\x4a\x47\x34\x45\x65\x31\x34\x41\x31\x6a\x77','\x6f\x75\x72\x66\x7a\x4c\x76\x48\x72\x47','\x42\x4d\x39\x33','\x7a\x67\x39\x4a\x44\x77\x31\x4c\x42\x4e\x72\x6a\x7a\x61','\x42\x4e\x4c\x6d\x45\x77\x53','\x45\x65\x6e\x4a\x73\x4d\x69','\x79\x30\x44\x50\x44\x67\x4f','\x43\x68\x50\x4d\x72\x67\x69','\x43\x67\x66\x59\x43\x32\x75','\x6d\x4a\x4b\x30\x6d\x4a\x75\x59\x74\x30\x54\x33\x44\x31\x66\x67','\x43\x4d\x76\x57\x42\x67\x66\x4a\x7a\x71','\x74\x77\x54\x69\x74\x4b\x53','\x6e\x64\x75\x57\x6d\x5a\x6d\x58\x6d\x4c\x76\x73\x74\x32\x7a\x6e\x43\x61','\x7a\x67\x4c\x4e\x7a\x78\x6e\x30','\x6d\x74\x71\x33\x6d\x4a\x4b\x35\x44\x4c\x72\x5a\x44\x4c\x6e\x31','\x43\x4d\x76\x48\x7a\x61','\x7a\x78\x48\x57','\x79\x31\x6e\x5a\x44\x4e\x75','\x6e\x74\x71\x57\x6e\x4a\x43\x31\x6d\x67\x76\x6a\x43\x32\x76\x6d\x75\x57'];a0_0x1221=function(){return _0x3b25ee;};return a0_0x1221();}function unsafeDecodeToken(_0x3bf551){const _0x1b68f3=a0_0x31689d,_0x328b15={'\x76\x58\x61\x6f\x4a':function(_0x369696,_0x264d76){return _0x369696!==_0x264d76;}};try{const _0x30f415=_0x3bf551[_0x1b68f3(0x1f0)]('\x2e');if(_0x328b15['\x76\x58\x61\x6f\x4a'](_0x30f415[_0x1b68f3(0x1d0)],0x3))return null;const _0x1d2397=_0x30f415[0x1];if(_0x1d2397===void 0x0)return null;const _0x429536=_0x1d2397+'\x3d'[_0x1b68f3(0x202)]((0x4-_0x1d2397[_0x1b68f3(0x1d0)]%0x4)%0x4),_0x5188ac=Buffer['\x66\x72\x6f\x6d'](_0x429536[_0x1b68f3(0x1de)](/-/g,'\x2b')[_0x1b68f3(0x1de)](/_/g,'\x2f'),'\x62\x61\x73\x65\x36\x34')[_0x1b68f3(0x206)]();return JSON[_0x1b68f3(0x1dc)](_0x5188ac);}catch{return null;}}function verifyToken(_0x78c786,_0x37048d,_0x3798e6={}){const _0x4a0885=a0_0x31689d,_0x1a9dd9={'\x74\x43\x55\x46\x51':function(_0x13d333,_0x5a83a7){return _0x13d333||_0x5a83a7;},'\x50\x6a\x6b\x69\x78':function(_0x2c7c60,_0x2efb5d){return _0x2c7c60+_0x2efb5d;},'\x72\x63\x77\x6b\x62':function(_0x52df17,_0x31ee47){return _0x52df17%_0x31ee47;},'\x65\x59\x44\x52\x77':function(_0x4ede75,_0x443321){return _0x4ede75%_0x443321;},'\x42\x6e\x42\x78\x53':function(_0x2ab0eb,_0xe426ea){return _0x2ab0eb!==_0xe426ea;},'\x6d\x58\x42\x50\x4d':_0x4a0885(0x1cf),'\x4d\x4d\x6a\x7a\x77':function(_0x48446b,_0x3390f2,_0x3e086b){return _0x48446b(_0x3390f2,_0x3e086b);},'\x74\x59\x54\x4f\x66':function(_0x56445b,_0x3e9097){return _0x56445b(_0x3e9097);},'\x54\x68\x77\x56\x5a':function(_0x4abff8,_0x1b468b){return _0x4abff8||_0x1b468b;},'\x62\x44\x71\x6c\x74':function(_0x22b74e,_0x18494d){return _0x22b74e!==_0x18494d;},'\x6e\x6c\x4e\x62\x62':function(_0x3d38d9,_0x187e89){return _0x3d38d9/_0x187e89;},'\x63\x47\x69\x74\x6a':function(_0x2f3d06,_0x503105){return _0x2f3d06<_0x503105;}};try{const _0x81b12a=_0x78c786[_0x4a0885(0x1f0)]('\x2e');if(_0x81b12a[_0x4a0885(0x1d0)]!==0x3)return null;const [_0x1f342c,_0x229a30,_0xf2dbd6]=_0x81b12a;if(_0x1a9dd9['\x74\x43\x55\x46\x51'](!_0x1f342c,!_0x229a30)||!_0xf2dbd6)return null;let _0x38f6e0;try{const _0x354d3c=_0x1a9dd9[_0x4a0885(0x203)](_0x1f342c,'\x3d'[_0x4a0885(0x202)](_0x1a9dd9[_0x4a0885(0x1f5)](0x4-_0x1a9dd9['\x65\x59\x44\x52\x77'](_0x1f342c['\x6c\x65\x6e\x67\x74\x68'],0x4),0x4))),_0x4a95ec=Buffer['\x66\x72\x6f\x6d'](_0x354d3c[_0x4a0885(0x1de)](/-/g,'\x2b')[_0x4a0885(0x1de)](/_/g,'\x2f'),_0x4a0885(0x1c8))['\x74\x6f\x53\x74\x72\x69\x6e\x67']();_0x38f6e0=JSON[_0x4a0885(0x1dc)](_0x4a95ec);}catch{return null;}if(_0x1a9dd9[_0x4a0885(0x1e7)](_0x38f6e0[_0x4a0885(0x1ca)],_0x1a9dd9[_0x4a0885(0x1f1)]))return null;const _0x5504b6=_0x1a9dd9['\x4d\x4d\x6a\x7a\x77'](createSignature,_0x1f342c+'\x2e'+_0x229a30,_0x37048d),_0xda8e91=_0x1a9dd9['\x74\x59\x54\x4f\x66'](decodeBase64UrlToBuffer,_0xf2dbd6),_0x13e11a=decodeBase64UrlToBuffer(_0x5504b6);if(_0x1a9dd9[_0x4a0885(0x1ec)](!_0xda8e91,!_0x13e11a))return null;if(_0x1a9dd9[_0x4a0885(0x208)](_0xda8e91[_0x4a0885(0x1d0)],_0x13e11a[_0x4a0885(0x1d0)]))return null;if(!timingSafeEqual(_0xda8e91,_0x13e11a))return null;const _0xd20df2=unsafeDecodeToken(_0x78c786);if(!_0xd20df2)return null;const _0x4f2494=Math[_0x4a0885(0x1d3)](_0x1a9dd9[_0x4a0885(0x200)](Date[_0x4a0885(0x1d6)](),0x3e8)),_0x207b5e=Math['\x6d\x61\x78'](0x0,_0x3798e6['\x63\x6c\x6f\x63\x6b\x53\x6b\x65\x77\x53\x65\x63\x6f\x6e\x64\x73']??0x0);if(_0x1a9dd9[_0x4a0885(0x1e7)](typeof _0xd20df2['\x65\x78\x70'],_0x4a0885(0x1c6))||_0x1a9dd9[_0x4a0885(0x1da)](_0xd20df2[_0x4a0885(0x1e4)]+_0x207b5e,_0x4f2494))return null;return _0xd20df2;}catch{return null;}}function getTokenTTL(_0x560c59){const _0x170c87=a0_0x31689d,_0x3e4fe0={'\x6e\x79\x4c\x79\x6b':function(_0x255d00,_0x11fef7){return _0x255d00-_0x11fef7;}},_0x3bddbd=Math[_0x170c87(0x1d3)](Date[_0x170c87(0x1d6)]()/0x3e8);return _0x3e4fe0[_0x170c87(0x1d8)](_0x560c59[_0x170c87(0x1e4)],_0x3bddbd);}function a0_0xadc5(_0x5ba505,_0x3bea4c){_0x5ba505=_0x5ba505-0x1c6;const _0x1221d0=a0_0x1221();let _0xadc5bd=_0x1221d0[_0x5ba505];if(a0_0xadc5['\x58\x58\x58\x57\x58\x54']===undefined){var _0x109f8e=function(_0x886ac6){const _0x1ef66a='\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2b\x2f\x3d';let _0x23157e='',_0x352078='';for(let _0x4f3a05=0x0,_0x56b81e,_0x108c2f,_0x46e0b9=0x0;_0x108c2f=_0x886ac6['\x63\x68\x61\x72\x41\x74'](_0x46e0b9++);~_0x108c2f&&(_0x56b81e=_0x4f3a05%0x4?_0x56b81e*0x40+_0x108c2f:_0x108c2f,_0x4f3a05++%0x4)?_0x23157e+=String['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](0xff&_0x56b81e>>(-0x2*_0x4f3a05&0x6)):0x0){_0x108c2f=_0x1ef66a['\x69\x6e\x64\x65\x78\x4f\x66'](_0x108c2f);}for(let _0x58e963=0x0,_0xaae211=_0x23157e['\x6c\x65\x6e\x67\x74\x68'];_0x58e963<_0xaae211;_0x58e963++){_0x352078+='\x25'+('\x30\x30'+_0x23157e['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x58e963)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x10))['\x73\x6c\x69\x63\x65'](-0x2);}return decodeURIComponent(_0x352078);};a0_0xadc5['\x4a\x4c\x45\x5a\x50\x72']=_0x109f8e,a0_0xadc5['\x4b\x4b\x66\x4b\x62\x68']={},a0_0xadc5['\x58\x58\x58\x57\x58\x54']=!![];}const _0x4aa08c=_0x1221d0[0x0],_0x1456ef=_0x5ba505+_0x4aa08c,_0x14ce89=a0_0xadc5['\x4b\x4b\x66\x4b\x62\x68'][_0x1456ef];return!_0x14ce89?(_0xadc5bd=a0_0xadc5['\x4a\x4c\x45\x5a\x50\x72'](_0xadc5bd),a0_0xadc5['\x4b\x4b\x66\x4b\x62\x68'][_0x1456ef]=_0xadc5bd):_0xadc5bd=_0x14ce89,_0xadc5bd;}function isTokenExpiringSoon(_0x239024,_0x1a76ea=0x3c){const _0x48069a=a0_0x31689d,_0x408f90={'\x78\x43\x63\x4a\x62':function(_0x55d103,_0x1db966){return _0x55d103<=_0x1db966;}};return _0x408f90[_0x48069a(0x1d9)](getTokenTTL(_0x239024),_0x1a76ea);}var ProductTokenIssuer=class{[a0_0x31689d(0x1eb)];[a0_0x31689d(0x205)];[a0_0x31689d(0x1ce)];constructor(_0x537138){const _0x245aaa=a0_0x31689d;this[_0x245aaa(0x1eb)]=_0x537138[_0x245aaa(0x1eb)],this[_0x245aaa(0x205)]=_0x537138[_0x245aaa(0x205)],this[_0x245aaa(0x1ce)]={'\x66\x72\x65\x65':_0x537138[_0x245aaa(0x1ce)]?.[_0x245aaa(0x1f4)]??0xf,'\x70\x72\x6f':_0x537138['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73']?.[_0x245aaa(0x1fc)]??0xf0,'\x65\x6e\x74\x65\x72\x70\x72\x69\x73\x65':_0x537138['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73']?.[_0x245aaa(0x1d1)]??0x1e0};}[a0_0x31689d(0x1f9)](_0xd668c2){const _0x2cea25=a0_0x31689d,_0x478543={'\x41\x44\x74\x57\x56':'\x66\x72\x65\x65','\x41\x6e\x4c\x4b\x64':function(_0x14638c,_0x1285e2,_0x16236b,_0x32b52f){return _0x14638c(_0x1285e2,_0x16236b,_0x32b52f);},'\x49\x50\x53\x54\x63':function(_0x13a3fd,_0x1bfd5d){return _0x13a3fd+_0x1bfd5d;},'\x63\x53\x73\x76\x75':function(_0x47b394,_0x11885f){return _0x47b394/_0x11885f;}},_0x308dd2=_0xd668c2[_0x2cea25(0x201)]??_0x478543[_0x2cea25(0x1cc)],_0x3b328f=this[_0x2cea25(0x1ce)][_0x308dd2]??this['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73'][_0x2cea25(0x1f4)];return{'\x74\x6f\x6b\x65\x6e':_0x478543[_0x2cea25(0x1ed)](issueReadToken,this[_0x2cea25(0x205)],{'\x73\x75\x62':_0xd668c2[_0x2cea25(0x1fe)],'\x73\x69\x64':_0xd668c2[_0x2cea25(0x1d2)],'\x70\x69\x64':this[_0x2cea25(0x1eb)],'\x63\x69\x64':_0xd668c2[_0x2cea25(0x204)]},_0x3b328f),'\x65\x78\x70\x69\x72\x65\x73\x41\x74':_0x478543['\x49\x50\x53\x54\x63'](Math[_0x2cea25(0x1d3)](_0x478543[_0x2cea25(0x1e5)](Date[_0x2cea25(0x1d6)](),0x3e8)),_0x3b328f*0x3c)};}['\x69\x73\x73\x75\x65\x43\x6f\x6c\x6c\x61\x62\x6f\x72\x61\x74\x69\x6f\x6e'](_0x5c02ea){const _0x21a4ec=a0_0x31689d,_0x43dbcf={'\x70\x7a\x66\x44\x62':function(_0x13b0ed,_0x16c3b7,_0x2c4eb8,_0xfc9fb0){return _0x13b0ed(_0x16c3b7,_0x2c4eb8,_0xfc9fb0);}},_0x335e11=_0x5c02ea[_0x21a4ec(0x201)]??_0x21a4ec(0x1f4),_0x15dcc3=this[_0x21a4ec(0x1ce)][_0x335e11]??this['\x74\x74\x6c\x4d\x69\x6e\x75\x74\x65\x73'][_0x21a4ec(0x1f4)];return{'\x74\x6f\x6b\x65\x6e':_0x43dbcf[_0x21a4ec(0x1db)](issueCollaborationToken,this[_0x21a4ec(0x205)],{'\x75\x73\x65\x72\x49\x64':_0x5c02ea[_0x21a4ec(0x1fe)],'\x73\x65\x73\x73\x69\x6f\x6e\x49\x64':_0x5c02ea[_0x21a4ec(0x1d2)],'\x70\x72\x6f\x64\x75\x63\x74\x49\x64':this['\x70\x72\x6f\x64\x75\x63\x74\x49\x64'],'\x70\x72\x6f\x6a\x65\x63\x74\x49\x64':_0x5c02ea[_0x21a4ec(0x207)],'\x64\x6f\x63\x75\x6d\x65\x6e\x74\x49\x64':_0x5c02ea[_0x21a4ec(0x1d7)],'\x61\x63\x63\x65\x73\x73':_0x5c02ea[_0x21a4ec(0x1f7)],'\x73\x61\x6e\x64\x62\x6f\x78\x49\x64':_0x5c02ea[_0x21a4ec(0x204)]},_0x15dcc3),'\x65\x78\x70\x69\x72\x65\x73\x41\x74':Math[_0x21a4ec(0x1d3)](Date[_0x21a4ec(0x1d6)]()/0x3e8)+_0x15dcc3*0x3c};}[a0_0x31689d(0x1e8)](_0x2d3e6f=a0_0x31689d(0x1f4)){const _0x47794b=a0_0x31689d;return this[_0x47794b(0x1ce)][_0x2d3e6f]??this[_0x47794b(0x1ce)][_0x47794b(0x1f4)];}};export{ProductTokenIssuer,getTokenTTL,isTokenExpiringSoon,issueBatchScopedToken,issueCollaborationToken,issueProjectScopedToken,issueReadToken,issueSessionScopedToken,unsafeDecodeToken,verifyToken};
+import { createHmac, timingSafeEqual } from "node:crypto";
+//#region src/auth/tokens.ts
+/**
+* JWT Token Utilities
+*
+* Token generation and verification using HMAC-SHA256. Server-only
+* (uses Node.js `crypto`).
+*/
+/**
+* Base64URL encode (RFC 7515).
+*/
+function base64UrlEncode(data) {
+	return (typeof data === "string" ? Buffer.from(data) : data).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+/**
+* Base64URL decode (RFC 7515) to raw bytes. Returns `null` if the
+* input contains characters outside the base64url alphabet.
+*/
+function decodeBase64UrlToBuffer(input) {
+	if (!/^[A-Za-z0-9_-]*$/.test(input)) return null;
+	const padded = input + "=".repeat((4 - input.length % 4) % 4);
+	return Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64");
+}
+/**
+* Create HMAC-SHA256 signature.
+*/
+function createSignature(data, secret) {
+	return base64UrlEncode(createHmac("sha256", secret).update(data).digest());
+}
+/**
+* JWT header (always the same for our use case).
+*/
+const JWT_HEADER = base64UrlEncode(JSON.stringify({
+	alg: "HS256",
+	typ: "JWT"
+}));
+function issueToken(signingSecret, payload, ttlMinutes) {
+	const now = Math.floor(Date.now() / 1e3);
+	const fullPayload = {
+		...payload,
+		iat: now,
+		exp: now + ttlMinutes * 60
+	};
+	const data = `${JWT_HEADER}.${base64UrlEncode(JSON.stringify(fullPayload))}`;
+	return `${data}.${createSignature(data, signingSecret)}`;
+}
+/**
+* Issue a read token (JWT) for WebSocket authentication.
+*
+* @param signingSecret - The product's signing secret
+* @param payload - Token payload (without iat/exp/typ, those are added)
+* @param ttlMinutes - Token TTL in minutes
+*/
+function issueReadToken(signingSecret, payload, ttlMinutes) {
+	return issueToken(signingSecret, {
+		...payload,
+		typ: "read"
+	}, ttlMinutes);
+}
+/**
+* Issue a session-scoped token (JWT) for WebSocket authentication.
+* Grants access to a single session's events.
+*/
+function issueSessionScopedToken(signingSecret, payload, ttlMinutes) {
+	return issueReadToken(signingSecret, payload, ttlMinutes);
+}
+/**
+* Issue a project-scoped token (JWT) for WebSocket authentication.
+* Grants access to all sessions within a single project.
+*/
+function issueProjectScopedToken(signingSecret, payload, ttlMinutes) {
+	return issueReadToken(signingSecret, payload, ttlMinutes);
+}
+/**
+* Issue a batch-scoped token (JWT) for WebSocket authentication.
+* Grants access to multiple projects (organization-level access).
+*/
+function issueBatchScopedToken(signingSecret, payload, ttlMinutes) {
+	return issueReadToken(signingSecret, payload, ttlMinutes);
+}
+/**
+* Issue a collaboration-scoped token (JWT) for collaborative document access.
+* Grants read or write access to a single document in one project.
+*/
+function issueCollaborationToken(signingSecret, payload, ttlMinutes) {
+	return issueToken(signingSecret, {
+		sub: payload.userId,
+		sid: payload.sessionId,
+		pid: payload.productId,
+		cid: payload.sandboxId,
+		typ: "collaboration",
+		projectId: payload.projectId,
+		documentId: payload.documentId,
+		access: payload.access
+	}, ttlMinutes);
+}
+/**
+* Decode a JWT **without verifying its signature**.
+*
+* The deliberately scary name is the API contract: an HMAC-signed token
+* whose signature has not been verified is a self-asserted blob of JSON,
+* not an authenticated claim. Treating its fields as authoritative
+* (e.g. `if (unsafeDecodeToken(t).sub === userId) grantAccess()`) is a
+* straightforward authorization bypass — an attacker can mint any
+* payload they like.
+*
+* Use this only when the signature has already been validated upstream
+* (e.g. by an API gateway that strips the token after verification),
+* for client-side `exp` peeking to decide whether to refresh, or for
+* routing/logging keyed off non-security-sensitive claims.
+*
+* For any access-control decision, use {@link verifyToken} instead.
+*
+* Returns `null` if the token is malformed.
+*/
+function unsafeDecodeToken(token) {
+	try {
+		const parts = token.split(".");
+		if (parts.length !== 3) return null;
+		const payload = parts[1];
+		if (payload === void 0) return null;
+		const padded = payload + "=".repeat((4 - payload.length % 4) % 4);
+		const decoded = Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString();
+		return JSON.parse(decoded);
+	} catch {
+		return null;
+	}
+}
+/**
+* Verify a JWT's HMAC-SHA256 signature against `signingSecret` and
+* check that it has not expired. Returns the decoded payload on
+* success, or `null` on any failure (malformed token, bad signature,
+* expired, or unexpected algorithm).
+*
+* Signature comparison is constant-time. Callers must use this — not
+* {@link unsafeDecodeToken} — for any authorization decision.
+*
+* @param token - The JWT to verify
+* @param signingSecret - The same secret used to issue the token
+* @param options.clockSkewSeconds - Tolerance for `exp` checks; default `0`
+*/
+function verifyToken(token, signingSecret, options = {}) {
+	try {
+		const parts = token.split(".");
+		if (parts.length !== 3) return null;
+		const [headerB64, payloadB64, signatureB64] = parts;
+		if (!headerB64 || !payloadB64 || !signatureB64) return null;
+		let header;
+		try {
+			const headerPadded = headerB64 + "=".repeat((4 - headerB64.length % 4) % 4);
+			const headerJson = Buffer.from(headerPadded.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString();
+			header = JSON.parse(headerJson);
+		} catch {
+			return null;
+		}
+		if (header.alg !== "HS256") return null;
+		const expectedSig = createSignature(`${headerB64}.${payloadB64}`, signingSecret);
+		const providedRaw = decodeBase64UrlToBuffer(signatureB64);
+		const expectedRaw = decodeBase64UrlToBuffer(expectedSig);
+		if (!providedRaw || !expectedRaw) return null;
+		if (providedRaw.length !== expectedRaw.length) return null;
+		if (!timingSafeEqual(providedRaw, expectedRaw)) return null;
+		const payload = unsafeDecodeToken(token);
+		if (!payload) return null;
+		const now = Math.floor(Date.now() / 1e3);
+		const skew = Math.max(0, options.clockSkewSeconds ?? 0);
+		if (typeof payload.exp !== "number" || payload.exp + skew < now) return null;
+		return payload;
+	} catch {
+		return null;
+	}
+}
+/**
+* Get time until token expires (in seconds).
+* Returns negative if expired.
+*/
+function getTokenTTL(payload) {
+	const now = Math.floor(Date.now() / 1e3);
+	return payload.exp - now;
+}
+/**
+* Check if token is expiring soon (within buffer seconds).
+*/
+function isTokenExpiringSoon(payload, bufferSeconds = 60) {
+	return getTokenTTL(payload) <= bufferSeconds;
+}
+//#endregion
+//#region src/auth/index.ts
+/**
+* Authentication Utilities
+*
+* Token issuance for application backends. Server-only (uses Node.js crypto).
+*
+* @example
+* ```typescript
+* import { ProductTokenIssuer } from "@tangle-network/sandbox/auth";
+*
+* const issuer = new ProductTokenIssuer({
+*   productId: "my-product",
+*   signingSecret: process.env.SANDBOX_SIGNING_SECRET!,
+* });
+*
+* const { token, expiresAt } = issuer.issue({
+*   userId: "user_123",
+*   sessionId: "sess_abc",
+*   tier: "pro",
+* });
+* ```
+*
+* @packageDocumentation
+*/
+/**
+* Token issuer for application backend services.
+*
+* Use this in your backend to issue read tokens for WebSocket connections.
+*/
+var ProductTokenIssuer = class {
+	productId;
+	signingSecret;
+	ttlMinutes;
+	constructor(config) {
+		this.productId = config.productId;
+		this.signingSecret = config.signingSecret;
+		this.ttlMinutes = {
+			free: config.ttlMinutes?.free ?? 15,
+			pro: config.ttlMinutes?.pro ?? 240,
+			enterprise: config.ttlMinutes?.enterprise ?? 480
+		};
+	}
+	/**
+	* Issue a read token for a user session.
+	*/
+	issue(params) {
+		const tier = params.tier ?? "free";
+		const ttl = this.ttlMinutes[tier] ?? this.ttlMinutes.free;
+		return {
+			token: issueReadToken(this.signingSecret, {
+				sub: params.userId,
+				sid: params.sessionId,
+				pid: this.productId,
+				cid: params.sandboxId
+			}, ttl),
+			expiresAt: Math.floor(Date.now() / 1e3) + ttl * 60
+		};
+	}
+	/**
+	* Issue a collaboration token for a single document.
+	*/
+	issueCollaboration(params) {
+		const tier = params.tier ?? "free";
+		const ttl = this.ttlMinutes[tier] ?? this.ttlMinutes.free;
+		return {
+			token: issueCollaborationToken(this.signingSecret, {
+				userId: params.userId,
+				sessionId: params.sessionId,
+				productId: this.productId,
+				projectId: params.projectId,
+				documentId: params.documentId,
+				access: params.access,
+				sandboxId: params.sandboxId
+			}, ttl),
+			expiresAt: Math.floor(Date.now() / 1e3) + ttl * 60
+		};
+	}
+	/**
+	* Get the TTL in minutes for a tier.
+	*/
+	getTtlMinutes(tier = "free") {
+		return this.ttlMinutes[tier] ?? this.ttlMinutes.free;
+	}
+};
+//#endregion
+export { ProductTokenIssuer, getTokenTTL, isTokenExpiringSoon, issueBatchScopedToken, issueCollaborationToken, issueProjectScopedToken, issueReadToken, issueSessionScopedToken, unsafeDecodeToken, verifyToken };