@trymellon/js 2.2.1 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/angular.cjs +1 -1
- package/dist/angular.cjs.map +1 -1
- package/dist/angular.d.cts +3 -1
- package/dist/angular.d.ts +3 -1
- package/dist/angular.js +1 -1
- package/dist/angular.js.map +1 -1
- package/dist/index.cjs +2 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +160 -5
- package/dist/index.d.ts +160 -5
- package/dist/index.global.js +2 -2
- package/dist/index.global.js.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/react.cjs +1 -1
- package/dist/react.cjs.map +1 -1
- package/dist/react.d.cts +10 -2
- package/dist/react.d.ts +10 -2
- package/dist/react.js +1 -1
- package/dist/react.js.map +1 -1
- package/dist/{trymellon-P7BPxIry.d.cts → trymellon-DItEFTiv.d.cts} +158 -5
- package/dist/{trymellon-P7BPxIry.d.ts → trymellon-DItEFTiv.d.ts} +158 -5
- package/dist/ui/index.d.ts +39 -4
- package/dist/ui/index.js +5 -5
- package/dist/ui/index.js.map +1 -1
- package/dist/vue.cjs +1 -1
- package/dist/vue.cjs.map +1 -1
- package/dist/vue.d.cts +10 -2
- package/dist/vue.d.ts +10 -2
- package/dist/vue.js +1 -1
- package/dist/vue.js.map +1 -1
- package/package.json +1 -1
package/dist/angular.cjs
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
"use client";
|
|
2
|
-
"use strict";var mr=Object.create;var N=Object.defineProperty;var Ue=Object.getOwnPropertyDescriptor;var gr=Object.getOwnPropertyNames;var fr=Object.prototype.hasOwnProperty;var Fe=(e,r)=>(r=Symbol[e])?r:Symbol.for("Symbol."+e),V=e=>{throw TypeError(e)};var Rr=(e,r,t)=>r in e?N(e,r,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[r]=t;var De=(e,r)=>N(e,"name",{value:r,configurable:!0});var yr=(e,r)=>{for(var t in r)N(e,t,{get:r[t],enumerable:!0})},vr=(e,r,t,n)=>{if(r&&typeof r=="object"||typeof r=="function")for(let s of gr(r))!fr.call(e,s)&&s!==t&&N(e,s,{get:()=>r[s],enumerable:!(n=Ue(r,s))||n.enumerable});return e};var hr=e=>vr(N({},"__esModule",{value:!0}),e);var Le=e=>[,,,mr(e?.[Fe("metadata")]??null)],Ke=["class","method","getter","setter","accessor","field","value","get","set"],q=e=>e!==void 0&&typeof e!="function"?V("Function expected"):e,Er=(e,r,t,n,s)=>({kind:Ke[e],name:r,metadata:n,addInitializer:i=>t._?V("Already initialized"):s.push(q(i||null))}),br=(e,r)=>Rr(r,Fe("metadata"),e[3]),je=(e,r,t,n)=>{for(var s=0,i=e[r>>1],a=i&&i.length;s<a;s++)r&1?i[s].call(t):n=i[s].call(t,n);return n},qe=(e,r,t,n,s,i)=>{var a,l,m,v,R,g=r&7,h=!!(r&8),b=!!(r&16),I=g>3?e.length+1:g?h?1:2:0,O=Ke[g+5],j=g>3&&(e[I-1]=[]),C=e[I]||(e[I]=[]),T=g&&(!b&&!h&&(s=s.prototype),g<5&&(g>3||!b)&&Ue(g<4?s:{get[t](){return we(this,i)},set[t](A){return Ne(this,i,A)}},t));g?b&&g<4&&De(i,(g>2?"set ":g>1?"get ":"")+t):De(s,t);for(var ae=n.length-1;ae>=0;ae--)v=Er(g,t,m={},e[3],C),g&&(v.static=h,v.private=b,R=v.access={has:b?A=>_r(s,A):A=>t in A},g^3&&(R.get=b?A=>(g^1?we:Tr)(A,s,g^4?i:T.get):A=>A[t]),g>2&&(R.set=b?(A,le)=>Ne(A,s,le,g^4?i:T.set):(A,le)=>A[t]=le)),l=(0,n[ae])(g?g<4?b?i:T[O]:g>4?void 0:{get:T.get,set:T.set}:s,v),m._=1,g^4||l===void 0?q(l)&&(g>4?j.unshift(l):g?b?i=l:T[O]=l:s=l):typeof l!="object"||l===null?V("Object expected"):(q(a=l.get)&&(T.get=a),q(a=l.set)&&(T.set=a),q(a=l.init)&&j.unshift(a));return g||br(e,s),T&&N(s,t,T),b?g^4?i:T:s};var ue=(e,r,t)=>r.has(e)||V("Cannot "+t),_r=(e,r)=>Object(r)!==r?V('Cannot use the "in" operator on this value'):e.has(r),we=(e,r,t)=>(ue(e,r,"read from private field"),t?t.call(e):r.get(e));var Ne=(e,r,t,n)=>(ue(e,r,"write to private field"),n?n.call(e,t):r.set(e,t),t),Tr=(e,r,t)=>(ue(e,r,"access private method"),t);var Br={};yr(Br,{TRYMELLON_CONFIG:()=>H,TryMellonService:()=>w,provideTryMellonConfig:()=>Wr});module.exports=hr(Br);var K=require("@angular/core");var d=e=>({ok:!0,value:e}),c=e=>({ok:!1,error:e});var G=class e extends Error{code;details;isTryMellonError=!0;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e)}},Ar={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",UNKNOWN_ERROR:"An unknown error occurred"};function y(e,r,t){return new G(e,r??Ar[e],t)}function ce(e){return e instanceof G||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===!0}function Ve(){return y("NOT_SUPPORTED")}function E(e,r){return y("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function We(e){return y("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function pe(e){return y("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function de(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw E(r,"must use http or https protocol")}catch(t){throw ce(t)?t:E(r,"must be a valid URL")}}function P(e,r,t,n){if(!Number.isFinite(e))throw E(r,"must be a finite number");if(e<t||e>n)throw E(r,`must be between ${t} and ${n}`)}function X(e,r){if(typeof e!="string"||e.length===0)throw E(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw E(r,"must be a valid base64url string")}var Ir={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function W(e){if(typeof e!="string")return"UNKNOWN_ERROR";let r=e.toLowerCase().trim();return{challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND"}[r]??"UNKNOWN_ERROR"}function _(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=Ir[r]??"UNKNOWN_ERROR";return y(n,t,{originalError:e})}return e instanceof Error?y("UNKNOWN_ERROR",e.message,{originalError:e}):y("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function f(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function u(e){return typeof e=="string"}function S(e){return typeof e=="number"&&Number.isFinite(e)}function Y(e){return typeof e=="boolean"}function U(e){return Array.isArray(e)}function o(e,r){return c(y("UNKNOWN_ERROR",e,{...r,originalData:r?.originalData}))}function p(e,r){return e[r]}function Be(e,r){return!f(e)||!u(e.name)||!u(e.id)?o("Invalid API response: challenge.rp must have name and id strings",{originalData:r}):d(!0)}function He(e,r){return!f(e)||!u(e.id)||!u(e.name)||!u(e.displayName)?o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:r}):d(!0)}function Ge(e,r){if(!U(e))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:r});for(let t of e)if(!f(t)||t.type!=="public-key"||!S(t.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:r});return d(!0)}function me(e,r){if(!f(e))return o("Invalid API response: user must be object",{field:"user",originalData:r});let t=p(e,"user_id"),n=p(e,"external_user_id");if(!u(t)||!u(n))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:r});let s=e.email,i=e.metadata;return s!==void 0&&!u(s)?o("Invalid API response: user.email must be string",{originalData:r}):i!==void 0&&(typeof i!="object"||i===null)?o("Invalid API response: user.metadata must be object",{originalData:r}):d({user_id:t,external_user_id:n,...s!==void 0&&{email:s},...i!==void 0&&{metadata:i}})}function ge(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=p(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=Be(p(t,"rp"),e);if(!n.ok)return n;let s=He(p(t,"user"),e);if(!s.ok)return s;let i=p(t,"challenge");if(!u(i))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let a=Ge(p(t,"pubKeyCredParams"),e);if(!a.ok)return a;let l=t.timeout;if(l!==void 0&&!S(l))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let m=t.excludeCredentials;if(m!==void 0){if(!U(m))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let R of m)if(!f(R)||R.type!=="public-key"||!u(R.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let v=t.authenticatorSelection;return v!==void 0&&!f(v)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):d({session_id:r,challenge:{rp:t.rp,user:t.user,challenge:i,pubKeyCredParams:t.pubKeyCredParams,...l!==void 0&&{timeout:l},...m!==void 0&&{excludeCredentials:m},...v!==void 0&&{authenticatorSelection:v}}})}function fe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=p(e,"challenge");if(!f(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=p(t,"challenge"),s=p(t,"rpId"),i=t.allowCredentials;if(!u(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!u(s))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(i!==void 0&&!U(i))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(i){for(let m of i)if(!f(m)||m.type!=="public-key"||!u(m.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let a=t.timeout;if(a!==void 0&&!S(a))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let l=t.userVerification;return l!==void 0&&!["required","preferred","discouraged"].includes(String(l))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):d({session_id:r,challenge:{challenge:n,rpId:s,allowCredentials:i??[],...a!==void 0&&{timeout:a},...l!==void 0&&{userVerification:l}}})}function Re(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"credential_id"),t=p(e,"status"),n=p(e,"session_token"),s=p(e,"user");if(!u(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!u(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!u(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=me(s,e);if(!i.ok)return o(i.error.message,{originalData:e});let a=e.redirect_url;return a!==void 0&&!u(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({credential_id:r,status:t,session_token:n,user:i.value,...a!==void 0&&{redirect_url:a}})}function ye(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"authenticated"),t=p(e,"session_token"),n=p(e,"user"),s=p(e,"signals");if(!Y(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!u(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=me(n,e);if(!i.ok)return o(i.error.message,{originalData:e});if(s!==void 0&&!f(s))return o("Invalid API response: signals must be object",{originalData:e});let a=e.redirect_url;return a!==void 0&&!u(a)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({authenticated:r,session_token:t,user:i.value,signals:s,...a!==void 0&&{redirect_url:a}})}function ve(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"valid"),t=p(e,"user_id"),n=p(e,"external_user_id"),s=p(e,"tenant_id"),i=p(e,"app_id");return Y(r)?u(t)?u(n)?u(s)?u(i)?d({valid:r,user_id:t,external_user_id:n,tenant_id:s,app_id:i}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function he(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=e.session_token??e.sessionToken;if(!u(r))return o("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:e});let t=e.redirect_url;return t!==void 0&&!u(t)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({sessionToken:r,...t!==void 0&&{redirectUrl:t}})}var Cr=["pending_passkey","pending_data","completed"],Or=["pending_data","completed"];function Ee(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"onboarding_url"),n=p(e,"expires_in");return u(r)?u(t)?S(n)?d({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function be(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"status"),t=p(e,"onboarding_url"),n=p(e,"expires_in");return!u(r)||!Cr.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):u(t)?S(n)?d({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function _e(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"onboarding_url");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!u(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let s=e.challenge,i;if(s!==void 0){let a=kr(s);if(!a.ok)return a;i=a.value}return d({session_id:r,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function kr(e){if(!f(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=p(e,"rp"),t=p(e,"user"),n=p(e,"challenge"),s=p(e,"pubKeyCredParams");if(!f(r)||!u(r.name)||!u(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!f(t)||!u(t.id)||!u(t.name)||!u(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!u(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!U(s))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let i of s)if(!f(i)||i.type!=="public-key"||!S(i.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return d({rp:r,user:t,challenge:n,pubKeyCredParams:s})}function Te(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"user_id"),s=p(e,"tenant_id");return u(r)?!u(t)||!Or.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):u(n)?u(s)?d({session_id:r,status:t,user_id:n,tenant_id:s}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function Ae(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"user_id"),s=p(e,"tenant_id"),i=p(e,"session_token");return u(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!u(n)||!u(s)||!u(i)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):d({session_id:r,status:"completed",user_id:n,tenant_id:s,session_token:i}):o("Invalid API response: session_id must be string",{originalData:e})}function z(e){return e==null?d(void 0):f(e)&&Object.keys(e).length===0?d(void 0):o("Invalid API response: expected empty body (204)",{originalData:e})}function Sr(e){if(!e||typeof e!="object")return!1;let r=e;return typeof r.challenge=="string"&&r.rp!=null&&typeof r.rp=="object"&&r.user!=null&&typeof r.user=="object"&&Array.isArray(r.pubKeyCredParams)}function xr(e){if(!e||typeof e!="object")return!1;let r=e;return typeof r.challenge=="string"&&typeof r.rpId=="string"}function $(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&f(e.resultado)?e.resultado:e,t=r.session_id,n=r.qr_url,s=r.expires_at,i=r.polling_token;if(!u(t)||!u(n)||!u(s)||!u(i))return o("Invalid API response: missing required fields",{originalData:e});let a={session_id:t,qr_url:n,expires_at:s,polling_token:i};return r.external_user_id!==void 0&&u(r.external_user_id)&&(a.external_user_id=r.external_user_id),d(a)}function Ie(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&f(e.resultado)?e.resultado:e,t=r.status;if(!u(t)||!["pending","authenticated","completed"].includes(t))return o("Invalid API response: invalid status",{originalData:e});let n=r.user_id,s=r.session_token,i=r.redirect_url;return n!==void 0&&!u(n)?o("Invalid API response: user_id must be a string when present",{originalData:e}):s!==void 0&&!u(s)?o("Invalid API response: session_token must be a string when present",{originalData:e}):i!==void 0&&!u(i)?o("Invalid API response: redirect_url must be a string when present",{originalData:e}):d({status:t,user_id:n,session_token:s,redirect_url:i})}function Ce(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=e.type,t=r==="registration"?"registration":"auth",n=e.options;if(!f(n))return o("Invalid API response: options are required",{originalData:e});let s=200,i=Xe(e.approval_context,s),a=Xe(e.application_name,s);if(i===!1||a===!1)return o("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:e});let l={};return typeof i=="string"&&(l.approval_context=i),typeof a=="string"&&(l.application_name=a),t==="registration"?Sr(n)?d({type:"registration",options:n,...l}):o("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:e}):xr(n)?d({type:"auth",options:n,...l}):o("Invalid API response: auth options must have challenge and rpId",{originalData:e})}function Xe(e,r){if(e!=null)return typeof e!="string"||e.length>r?!1:e}function Oe(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"challenge"),t=p(e,"recovery_session_id");return f(r)?u(t)?d({challenge:r,recovery_session_id:t}):o("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:e}):o("Invalid API response: challenge must be object",{field:"challenge",originalData:e})}function ke(e){if(!f(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"status"),t=p(e,"session_token"),n=p(e,"user"),s=p(e,"credential_id");if(!u(r))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!u(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!u(s))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!f(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=p(n,"user_id");if(!u(i))return o("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:e});let l=e.redirect_url;if(l!==void 0&&!u(l))return o("Invalid API response: redirect_url must be string",{field:"redirect_url",originalData:e});let m=n;return d({status:r,session_token:t,credential_id:s,user:{user_id:i,external_user_id:u(m.external_user_id)?m.external_user_id:void 0,email:u(m.email)?m.email:void 0,metadata:f(m.metadata)?m.metadata:void 0},...l!==void 0&&{redirect_url:l}})}var J=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n}mergeHeaders(r){return{...this.defaultHeaders,...r}}async post(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.post(s,t,this.mergeHeaders());return i.ok?n(i.value):c(i.error)}async get(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.get(s,this.mergeHeaders(n));return i.ok?t(i.value):c(i.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,ge)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,fe)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,Re)}async finishAuthentication(r){return this.post("/v1/passkeys/auth/finish",r,ye)}async validateSession(r){return this.get("/v1/sessions/validate",ve,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r.userId,email:r.email},this.mergeHeaders());return n.ok?d(void 0):c(n.error)}async verifyEmailCode(r){let t={userId:r.userId,code:r.code};return r.successUrl&&(t.success_url=r.successUrl),this.post("/v1/fallback/email/verify",t,he)}async startOnboarding(r){return this.post("/v1/onboarding/start",r,Ee)}async getOnboardingStatus(r){return this.get(`/v1/onboarding/${r}/status`,be)}async getOnboardingRegister(r){return this.get(`/v1/onboarding/${r}/register`,_e)}async registerOnboardingPasskey(r,t){return this.post(`/v1/onboarding/${r}/register-passkey`,t,Te)}async completeOnboarding(r,t){return this.post(`/v1/onboarding/${r}/complete`,t,Ae)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},$)}async initCrossDeviceRegistration(r){let t=typeof r?.externalUserId=="string"?r.externalUserId.trim():"",n=t.length>0?{external_user_id:t}:{};return this.post("/v1/auth/cross-device/init-registration",n,$)}async getCrossDeviceStatus(r,t){let n={};return typeof t=="string"&&t.length>0&&(n["X-Polling-Token"]=t),this.get(`/v1/auth/cross-device/status/${r}`,Ie,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(r){return this.get(`/v1/auth/cross-device/context/${r}`,Ce)}async verifyCrossDeviceAuth(r){return this.post("/v1/auth/cross-device/verify",r,z)}async verifyCrossDeviceRegistration(r){return this.post("/v1/auth/cross-device/verify-registration",r,z)}async verifyAccountRecoveryOtp(r,t){return this.post("/v1/users/recovery/verify",{external_id:r,otp:t},Oe)}async completeAccountRecovery(r,t){return this.post("/v1/users/recovery/complete",{recovery_session_id:r,credential:t},ke)}};function Pr(e){return typeof e=="object"&&e!==null&&e.ok===!0&&"resultado"in e}function $e(e){if(typeof e!="object"||e===null)return!1;let r=e;if(r.ok!==!1||!r.error||typeof r.error!="object")return!1;let t=r.error;return typeof t.code=="string"&&typeof t.message=="string"}function Ye(e,r){if($e(e))return{message:e.error.message,code:W(e.error.code)};let t=e,n=t?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return{message:n.message??t?.message??r,code:W(n.code)};let s=t?.message??r,i=t?.error,a=typeof i=="string"?W(i):i===void 0?"NETWORK_FAILURE":W(String(i));return{message:s,code:a}}var Mr=3e4;function Dr(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function ze(e,r){let t=r*Math.pow(2,e);return Math.min(t,Mr)}function wr(e,r){return e!=="GET"?!1:r>=500||r===429}var Z=class{constructor(r,t=0,n=1e3,s){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=s}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),s=Dr(),i=new Headers(t.headers);i.set("X-Request-Id",s),this.logger&&this.logger.debug("request",{requestId:s,url:r,method:n});let a;for(let l=0;l<=this.maxRetries;l++)try{let m=new AbortController,v=setTimeout(()=>m.abort(),this.timeoutMs);try{let R=await fetch(r,{...t,headers:i,signal:m.signal});if(!R.ok){let I;try{I=await R.json()}catch{}let{message:O,code:j}=Ye(I,R.statusText),C=y(j,O,{requestId:s,status:R.status,statusText:R.statusText,data:I});if(wr(n,R.status)&&l<this.maxRetries){a=C,clearTimeout(v),await new Promise(T=>setTimeout(T,ze(l,this.retryDelayMs)));continue}return c(C)}if(R.status===204)return d(void 0);if(R.headers.get("content-length")==="0")return d(void 0);let h=await R.json();if(Pr(h))return d(h.resultado);let b=h;if(typeof h=="object"&&h!==null&&b.ok===!0&&!("resultado"in b))return d(void 0);if($e(h)){let{message:I,code:O}=Ye(h,R.statusText);return c(y(O,I,{requestId:s,status:R.status,statusText:R.statusText,data:h}))}return d(h)}finally{clearTimeout(v)}}catch(m){if(a=m,n==="GET"&&l<this.maxRetries)await new Promise(R=>setTimeout(R,ze(l,this.retryDelayMs)));else break}return a instanceof Error&&a.name==="AbortError"?c(y("TIMEOUT","Request timed out",{requestId:s})):c(y("NETWORK_FAILURE",a instanceof Error?a.message:"Request failed",{requestId:s,cause:a}))}};function k(e){let r=new Uint8Array(e),t=Array.from(r,s=>String.fromCharCode(s)).join("");if(typeof globalThis.btoa>"u")throw pe("encode");return globalThis.btoa(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function Nr(e){if(typeof globalThis.atob>"u")throw pe("decode");let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4,n=t===0?r:r+"=".repeat(4-t),s=globalThis.atob(n);return Uint8Array.from(s,i=>i.charCodeAt(0))}function F(e){let r=Nr(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function Je(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function x(e){if(!e.response)throw y("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Je(r))throw y("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw y("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return{id:e.id,rawId:k(e.rawId),response:{clientDataJSON:k(t),attestationObject:k(n)},type:"public-key"}}function Q(e){if(!e.response)throw y("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!Je(r))throw y("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw y("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,s=r.signature,i=r.userHandle;return{id:e.id,rawId:k(e.rawId),response:{authenticatorData:k(n),clientDataJSON:k(t),signature:k(s),...i&&{userHandle:k(i)}},type:"public-key"}}function L(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function Ur(){try{return!L()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function Ze(){let e=L(),r=await Ur();return{isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}function M(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw We(r)}async function B(e){let{operation:r,eventEmitter:t,start:n,createOptions:s,invoke:i,finish:a}=e;try{if(t.emit("start",{type:"start",operation:r}),!L()){let g=Ve();return t.emit("error",{type:"error",error:g}),c(g)}let l=await n();if(!l.ok)return t.emit("error",{type:"error",error:l.error}),c(l.error);let m=s(l.value);if(!m.ok)return t.emit("error",{type:"error",error:m.error}),c(m.error);let v=await i(m.value);if(!v){let g=E("credential",`${r==="register"?"creation":"retrieval"} failed`);return t.emit("error",{type:"error",error:g}),c(g)}try{M(v)}catch(g){let h=_(g);return t.emit("error",{type:"error",error:h}),c(h)}let R=await a(l.value,v);return R.ok?d(R.value):(t.emit("error",{type:"error",error:R.error}),c(R.error))}catch(l){let m=_(l);return t.emit("error",{type:"error",error:m}),c(m)}}function D(e,r){try{X(e.challenge,"challenge"),X(e.user.id,"user.id");let t=F(e.challenge),n=F(e.user.id),s={userVerification:"preferred"};e.authenticatorSelection&&(s={...e.authenticatorSelection}),r&&(s={...s,authenticatorAttachment:r});let i={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:s,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(a=>({id:F(a.id),type:a.type,...a.transports&&{transports:a.transports}}))}};return d({publicKey:i})}catch(t){return c(_(t))}}function Se(e,r){try{X(e.challenge,"challenge");let t=F(e.challenge);return d({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:F(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return c(_(t))}}async function Qe(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=E("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:i}),c(i)}let s=await B({operation:"register",eventEmitter:t,start:()=>r.startRegister({external_user_id:n}),createOptions:i=>D(i.challenge,e.authenticatorType),invoke:async i=>{let a={...i,...e.signal&&{signal:e.signal}};return navigator.credentials.create(a)},finish:async(i,a)=>{let l=await r.finishRegister({session_id:i.session_id,credential:x(a),...e.successUrl&&{success_url:e.successUrl}});return l.ok?d({success:!0,credentialId:l.value.credential_id,credential_id:l.value.credential_id,status:l.value.status,sessionToken:l.value.session_token,user:{userId:l.value.user.user_id,externalUserId:l.value.user.external_user_id,email:l.value.user.email,metadata:l.value.user.metadata},...l.value.redirect_url&&{redirectUrl:l.value.redirect_url}}):c(l.error)}});return s.ok&&t.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}async function er(e,r,t){let n=e.externalUserId??e.external_user_id,s=n!==void 0&&typeof n=="string"&&n.trim()!=="",i=await B({operation:"authenticate",eventEmitter:t,start:()=>r.startAuth(s?{external_user_id:n.trim()}:{}),createOptions:a=>Se(a.challenge,e.mediation),invoke:async a=>{let l={...a,...e.signal&&{signal:e.signal}};return navigator.credentials.get(l)},finish:async(a,l)=>{let m=await r.finishAuthentication({session_id:a.session_id,credential:Q(l),...e.successUrl&&{success_url:e.successUrl}});return m.ok?d({authenticated:m.value.authenticated,sessionToken:m.value.session_token,user:{userId:m.value.user.user_id,externalUserId:m.value.user.external_user_id,email:m.value.user.email,metadata:m.value.user.metadata},signals:m.value.signals,...m.value.redirect_url&&{redirectUrl:m.value.redirect_url}}):c(m.error)}});return i.ok&&t.emit("success",{type:"success",operation:"authenticate",token:i.value.sessionToken,user:i.value.user}),i}async function ee(e,r){return r?r.aborted?"aborted":new Promise(t=>{let n=()=>{s(),t("aborted")},s=()=>{clearTimeout(i),r.removeEventListener("abort",n)},i=setTimeout(()=>{s(),t("completed")},e);r.addEventListener("abort",n)}):(await new Promise(t=>setTimeout(t,e)),"completed")}var Fr=2e3,Lr=60,re=class{constructor(r){this.apiClient=r}async startFlow(r,t){let n=await this.apiClient.startOnboarding({user_role:r.user_role});if(!n.ok)return c(n.error);let{session_id:s}=n.value;for(let i=0;i<Lr;i++){if(t?.aborted)return c(y("ABORT_ERROR","Operation aborted by user or timeout"));if(await ee(Fr,t)==="aborted")return c(y("ABORT_ERROR","Operation aborted by user or timeout"));let l=await this.apiClient.getOnboardingStatus(s);if(!l.ok)return c(l.error);let m=l.value.status,v=l.value.onboarding_url;if(m==="pending_passkey"){let R=await this.apiClient.getOnboardingRegister(s);if(!R.ok)return c(R.error);let g=R.value;if(!g.challenge)return c(y("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:v}));let h=D(g.challenge);if(!h.ok)return c(h.error);let b;try{b=await navigator.credentials.create(h.value)}catch(C){return c(_(C))}try{M(b,"create")}catch(C){return c(_(C))}let I;try{I=x(b)}catch(C){return c(_(C))}let O=await this.apiClient.registerOnboardingPasskey(s,{credential:I,challenge:g.challenge.challenge});return O.ok?await this.apiClient.completeOnboarding(s,{company_name:r.company_name}):c(O.error)}if(m==="completed")return await this.apiClient.completeOnboarding(s,{company_name:r.company_name})}return c(y("TIMEOUT","Onboarding timed out"))}};var Kr=2e3,jr=60,te=class{constructor(r){this.apiClient=r}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(r){return this.apiClient.initCrossDeviceRegistration(r)}async waitForSession(r,t,n){if(t?.aborted)return c(y("ABORT_ERROR","Operation aborted by user or timeout"));for(let s=0;s<jr;s++){let i=await this.apiClient.getCrossDeviceStatus(r,n);if(!i.ok)return c(i.error);if(i.value.status==="completed"){if(!i.value.session_token||!i.value.user_id)return c(y("UNKNOWN_ERROR","Missing data in completed session"));let l=i.value.redirect_url!=null&&i.value.redirect_url!==""?i.value.redirect_url:void 0;return d({session_token:i.value.session_token,user_id:i.value.user_id,...l!==void 0&&{redirectUrl:l}})}if(await ee(Kr,t)==="aborted")return c(y("ABORT_ERROR","Operation aborted by user or timeout"))}return c(y("TIMEOUT","Cross-device authentication timed out"))}async approve(r){let t=await this.apiClient.getCrossDeviceContext(r);if(!t.ok)return c(t.error);let n=t.value;return n.type==="registration"?this.executeRegistrationApproval(r,n):this.executeAuthApproval(r,n)}async executeRegistrationApproval(r,t){let n=D(t.options);if(!n.ok)return c(n.error);let s;try{s=await navigator.credentials.create(n.value)}catch(a){return c(_(a))}try{M(s,"create")}catch(a){return c(_(a))}let i;try{i=x(s)}catch(a){return c(_(a))}return this.apiClient.verifyCrossDeviceRegistration({session_id:r,credential:i})}async executeAuthApproval(r,t){let n=Se(t.options);if(!n.ok)return c(n.error);let s;try{s=await navigator.credentials.get(n.value)}catch(a){return c(_(a))}try{M(s,"get")}catch(a){return c(_(a))}let i;try{i=Q(s)}catch(a){return c(_(a))}return this.apiClient.verifyCrossDeviceAuth({session_id:r,credential:i})}};var ne=class{handlers;constructor(){this.handlers=new Map}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t)}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r))}emit(r,t){let n=this.handlers.get(r);if(n)for(let s of n)try{s(t)}catch{}}removeAllListeners(){this.handlers.clear()}};var xe="https://api.trymellonauth.com",rr="https://api.trymellonauth.com/v1/telemetry";var tr="trymellon_sandbox_session_token_v1";function nr(e){return{async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function Pe(e,r){return{event:e,latencyMs:r,ok:!0}}var se=class{constructor(r,t,n,s,i){this.apiClient=r;this.eventEmitter=t;this.sandbox=n;this.sandboxToken=s;this.telemetrySender=i}async sandboxAuthResult(r,t){let n="externalUserId"in t?t.externalUserId??t.external_user_id??"sandbox":t.external_user_id??t.externalUserId??"sandbox",s=typeof n=="string"?n:"sandbox";return r==="register"?Promise.resolve(d({success:!0,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}})):Promise.resolve(d({authenticated:!0,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}}))}async register(r){if(this.sandbox){let s=await this.sandboxAuthResult("register",r);return s.ok&&this.eventEmitter.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}let t=Date.now(),n=await Qe(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Pe("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){if(this.sandbox){let s=await this.sandboxAuthResult("authenticate",r);return s.ok&&this.eventEmitter.emit("success",{type:"success",operation:"authenticate",token:s.value.sessionToken,user:s.value.user}),s}let t=Date.now(),n=await er(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Pe("authenticate",Date.now()-t)).catch(()=>{}),n}};async function sr(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=E("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:i}),c(i)}if(!e.otp||typeof e.otp!="string"||e.otp.trim().length!==6){let i=E("otp","must be a 6-digit string");return t.emit("error",{type:"error",error:i}),c(i)}let s=await B({operation:"register",eventEmitter:t,start:()=>r.verifyAccountRecoveryOtp(n,e.otp),createOptions:i=>D(i.challenge),invoke:async i=>navigator.credentials.create(i),finish:async(i,a)=>{let l=await r.completeAccountRecovery(i.recovery_session_id,x(a));if(!l.ok)return c(l.error);let{credential_id:m,status:v,session_token:R,user:g,redirect_url:h}=l.value;return d({success:!0,credentialId:m,status:v,sessionToken:R,user:{userId:g.user_id,externalUserId:g.external_user_id,email:g.email,metadata:g.metadata},...h!==void 0&&{redirectUrl:h}})}});return s.ok&&t.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}var ie=class{constructor(r,t){this.apiClient=r;this.eventEmitter=t}recover(r){return sr(r,this.apiClient,this.eventEmitter)}};var oe=class e{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;authService;recoveryService;onboarding;static create(r){try{let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")return c(E("appId","must be a non-empty string"));if(!n||typeof n!="string"||n.trim()==="")return c(E("publishableKey","must be a non-empty string"));let s=r.apiBaseUrl??xe;de(s,"apiBaseUrl");let i=r.timeoutMs??3e4;return P(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&P(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&P(r.retryDelayMs,"retryDelayMs",100,1e4),d(new e(r))}catch(t){return ce(t)?c(t):c(E("config",t.message))}}constructor(r){this.sandbox=r.sandbox===!0,this.sandboxToken=this.sandbox&&r.sandboxToken!=null&&r.sandboxToken!==""?r.sandboxToken:tr;let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw E("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw E("publishableKey","must be a non-empty string");let s=r.apiBaseUrl??xe;de(s,"apiBaseUrl");let i=r.timeoutMs??3e4;P(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&P(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&P(r.retryDelayMs,"retryDelayMs",100,1e4);let a=r.maxRetries??3,l=r.retryDelayMs??1e3,m=new Z(i,a,l,r.logger),v=r.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),R={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`,...v&&{Origin:v}};this.apiClient=new J(m,s,R),this.eventEmitter=new ne,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??nr(r.telemetryEndpoint??rr)),this.authService=new se(this.apiClient,this.eventEmitter,this.sandbox,this.sandboxToken,this.telemetrySender),this.recoveryService=new ie(this.apiClient,this.eventEmitter),this.onboarding=new re(this.apiClient),this.crossDeviceManager=new te(this.apiClient)}static isSupported(){return L()}async register(r){return this.authService.register(r)}async authenticate(r){return this.authService.authenticate(r)}async validateSession(r){return this.sandbox&&r===this.sandboxToken?Promise.resolve(d({valid:!0,user_id:"sandbox-user",external_user_id:"sandbox",tenant_id:"sandbox-tenant",app_id:"sandbox-app"})):this.apiClient.validateSession(r)}async getStatus(){return Ze()}on(r,t){return this.eventEmitter.on(r,t)}version(){return"2.2.1"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r),verify:async r=>{let t=await this.apiClient.verifyEmailCode({userId:r.userId,code:r.code,...r.successUrl&&{successUrl:r.successUrl}});return t.ok?d({sessionToken:t.value.sessionToken,...t.value.redirectUrl&&{redirectUrl:t.value.redirectUrl}}):t}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:r=>this.crossDeviceManager.initRegistration(r??{}),waitForSession:(r,t,n)=>this.crossDeviceManager.waitForSession(r,t,n),getContext:r=>this.apiClient.getCrossDeviceContext(r),approve:r=>this.crossDeviceManager.approve(r)},recoverAccount:r=>this.recoveryService.recover(r)}};var H=new K.InjectionToken("TRYMELLON_CONFIG"),dr,Me;dr=[(0,K.Injectable)({providedIn:"root"})];var w=class{config=(0,K.inject)(H,{optional:!0});_client=null;get client(){if(this._client==null){if(this.config==null)throw new Error("TryMellonService: provide TRYMELLON_CONFIG (e.g. via provideTryMellonConfig(config))");this._client=new oe(this.config)}return this._client}};Me=Le(null),w=qe(Me,0,"TryMellonService",dr,w),je(Me,1,w);function Wr(e){return{provide:H,useValue:e}}
|
|
2
|
+
"use strict";var Mr=Object.create;var B=Object.defineProperty;var ze=Object.getOwnPropertyDescriptor;var Dr=Object.getOwnPropertyNames;var wr=Object.prototype.hasOwnProperty;var Je=(e,r)=>(r=Symbol[e])?r:Symbol.for("Symbol."+e),W=e=>{throw TypeError(e)};var Nr=(e,r,t)=>r in e?B(e,r,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[r]=t;var Xe=(e,r)=>B(e,"name",{value:r,configurable:!0});var Ur=(e,r)=>{for(var t in r)B(e,t,{get:r[t],enumerable:!0})},Br=(e,r,t,n)=>{if(r&&typeof r=="object"||typeof r=="function")for(let s of Dr(r))!wr.call(e,s)&&s!==t&&B(e,s,{get:()=>r[s],enumerable:!(n=ze(r,s))||n.enumerable});return e};var Lr=e=>Br(B({},"__esModule",{value:!0}),e);var Ze=e=>[,,,Mr(e?.[Je("metadata")]??null)],Qe=["class","method","getter","setter","accessor","field","value","get","set"],G=e=>e!==void 0&&typeof e!="function"?W("Function expected"):e,Fr=(e,r,t,n,s)=>({kind:Qe[e],name:r,metadata:n,addInitializer:i=>t._?W("Already initialized"):s.push(G(i||null))}),Kr=(e,r)=>Nr(r,Je("metadata"),e[3]),er=(e,r,t,n)=>{for(var s=0,i=e[r>>1],l=i&&i.length;s<l;s++)r&1?i[s].call(t):n=i[s].call(t,n);return n},rr=(e,r,t,n,s,i)=>{var l,c,g,h,R,f=r&7,v=!!(r&8),E=!!(r&16),I=f>3?e.length+1:f?v?1:2:0,T=Qe[f+5],S=f>3&&(e[I-1]=[]),C=e[I]||(e[I]=[]),k=f&&(!E&&!v&&(s=s.prototype),f<5&&(f>3||!E)&&ze(f<4?s:{get[t](){return Ye(this,i)},set[t](A){return $e(this,i,A)}},t));f?E&&f<4&&Xe(i,(f>2?"set ":f>1?"get ":"")+t):Xe(s,t);for(var w=n.length-1;w>=0;w--)h=Fr(f,t,g={},e[3],C),f&&(h.static=v,h.private=E,R=h.access={has:E?A=>jr(s,A):A=>t in A},f^3&&(R.get=E?A=>(f^1?Ye:Hr)(A,s,f^4?i:k.get):A=>A[t]),f>2&&(R.set=E?(A,q)=>$e(A,s,q,f^4?i:k.set):(A,q)=>A[t]=q)),c=(0,n[w])(f?f<4?E?i:k[T]:f>4?void 0:{get:k.get,set:k.set}:s,h),g._=1,f^4||c===void 0?G(c)&&(f>4?S.unshift(c):f?E?i=c:k[T]=c:s=c):typeof c!="object"||c===null?W("Object expected"):(G(l=c.get)&&(k.get=l),G(l=c.set)&&(k.set=l),G(l=c.init)&&S.unshift(l));return f||Kr(e,s),k&&B(s,t,k),E?f^4?i:k:s};var ye=(e,r,t)=>r.has(e)||W("Cannot "+t),jr=(e,r)=>Object(r)!==r?W('Cannot use the "in" operator on this value'):e.has(r),Ye=(e,r,t)=>(ye(e,r,"read from private field"),t?t.call(e):r.get(e));var $e=(e,r,t,n)=>(ye(e,r,"write to private field"),n?n.call(e,t):r.set(e,t),t),Hr=(e,r,t)=>(ye(e,r,"access private method"),t);var Tt={};Ur(Tt,{TRYMELLON_CONFIG:()=>z,TryMellonService:()=>U,provideTryMellonConfig:()=>bt});module.exports=Lr(Tt);var V=require("@angular/core");var he="https://api.trymellonauth.com",tr="https://api.trymellonauth.com/v1/telemetry";var nr="trymellon_sandbox_session_token_v1",sr="/v1/enrollment-bridge",ir="/v1/auth-bridge";var d=e=>({ok:!0,value:e}),a=e=>({ok:!1,error:e});var J=class e extends Error{code;details;isTryMellonError=!0;constructor(r,t,n){super(t),this.name="TryMellonError",this.code=r,this.details=n,Error.captureStackTrace&&Error.captureStackTrace(this,e)}},Vr={NOT_SUPPORTED:"WebAuthn is not supported in this environment",USER_CANCELLED:"User cancelled the operation",PASSKEY_NOT_FOUND:"Passkey not found",SESSION_EXPIRED:"Session has expired",NETWORK_FAILURE:"Network request failed",INVALID_ARGUMENT:"Invalid argument provided",TIMEOUT:"Operation timed out",ABORTED:"Operation was aborted",ABORT_ERROR:"Operation aborted by user or timeout",CHALLENGE_MISMATCH:"This link was already used or expired. Please try again from your computer.",TICKET_NOT_FOUND:"Enrollment ticket not found or invalid",TICKET_EXPIRED:"Enrollment ticket has expired",TICKET_ALREADY_USED:"Enrollment ticket was already used",PIN_MISMATCH:"PIN does not match",PIN_LOCKED:"PIN is locked due to too many failed attempts",BRIDGE_SESSION_EXPIRED:"Bridge session has expired",UNKNOWN_ERROR:"An unknown error occurred"};function y(e,r,t){return new J(e,r??Vr[e],t)}function ve(e){return e instanceof J||typeof e=="object"&&e!==null&&"isTryMellonError"in e&&e.isTryMellonError===!0}function or(){return y("NOT_SUPPORTED")}function b(e,r){return y("INVALID_ARGUMENT",`Invalid argument: ${e} - ${r}`,{field:e,reason:r})}function ar(e){return y("UNKNOWN_ERROR",`Failed to ${e} credential`,{operation:e})}function Ee(e){return y("NOT_SUPPORTED",`No base64 ${e==="encode"?"encoding":"decoding"} available`,{type:e})}function _e(e,r){try{let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw b(r,"must use http or https protocol")}catch(t){throw ve(t)?t:b(r,"must be a valid URL")}}function N(e,r,t,n){if(!Number.isFinite(e))throw b(r,"must be a finite number");if(e<t||e>n)throw b(r,`must be between ${t} and ${n}`)}function Z(e,r){if(typeof e!="string"||e.length===0)throw b(r,"must be a non-empty string");if(!/^[A-Za-z0-9_-]+$/.test(e))throw b(r,"must be a valid base64url string")}var qr={NotAllowedError:"USER_CANCELLED",AbortError:"ABORTED",NotSupportedError:"NOT_SUPPORTED",SecurityError:"NOT_SUPPORTED",InvalidStateError:"UNKNOWN_ERROR",UnknownError:"UNKNOWN_ERROR"};function X(e){if(typeof e!="string")return"UNKNOWN_ERROR";let r=e.toLowerCase().trim();return{challenge_mismatch:"CHALLENGE_MISMATCH",session_expired:"SESSION_EXPIRED",unauthorized:"SESSION_EXPIRED",validation_error:"INVALID_ARGUMENT",invalid_argument:"INVALID_ARGUMENT",user_not_found:"SESSION_EXPIRED",passkey_not_found:"PASSKEY_NOT_FOUND",ticket_not_found:"TICKET_NOT_FOUND",ticket_expired:"TICKET_EXPIRED",ticket_already_consumed:"TICKET_ALREADY_USED",not_found:"TICKET_NOT_FOUND",expired:"TICKET_EXPIRED",already_consumed:"TICKET_ALREADY_USED",context_mismatch:"CHALLENGE_MISMATCH",challenge_not_found:"CHALLENGE_MISMATCH",invalid_ticket_id:"INVALID_ARGUMENT",invalid_context_hash:"INVALID_ARGUMENT",invalid_ticket_status:"INVALID_ARGUMENT",invalid_config:"INVALID_ARGUMENT",enrollment_not_enabled:"INVALID_ARGUMENT",pin_mismatch:"PIN_MISMATCH",pin_locked:"PIN_LOCKED",bridge_not_enabled:"UNKNOWN_ERROR",bridge_session_expired:"BRIDGE_SESSION_EXPIRED",session_not_found:"BRIDGE_SESSION_EXPIRED"}[r]??"UNKNOWN_ERROR"}function _(e){if(e instanceof DOMException){let r=e.name,t=e.message||"WebAuthn operation failed",n=qr[r]??"UNKNOWN_ERROR";return y(n,t,{originalError:e})}return e instanceof Error?y("UNKNOWN_ERROR",e.message,{originalError:e}):y("UNKNOWN_ERROR","An unknown error occurred",{originalError:e})}function m(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}function u(e){return typeof e=="string"}function D(e){return typeof e=="number"&&Number.isFinite(e)}function Q(e){return typeof e=="boolean"}function L(e){return Array.isArray(e)}function o(e,r){return a(y("UNKNOWN_ERROR",e,{...r,originalData:r?.originalData}))}function p(e,r){return e[r]}function Gr(e,r){return!m(e)||!u(e.name)||!u(e.id)?o("Invalid API response: challenge.rp must have name and id strings",{originalData:r}):d(!0)}function Wr(e,r){return!m(e)||!u(e.id)||!u(e.name)||!u(e.displayName)?o("Invalid API response: challenge.user must have id, name, displayName strings",{originalData:r}):d(!0)}function Xr(e,r){if(!L(e))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:r});for(let t of e)if(!m(t)||t.type!=="public-key"||!D(t.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:r});return d(!0)}function ee(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=p(e,"challenge");if(!m(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=Gr(p(t,"rp"),e);if(!n.ok)return n;let s=Wr(p(t,"user"),e);if(!s.ok)return s;let i=p(t,"challenge");if(!u(i))return o("Invalid API response: challenge.challenge must be string",{originalData:e});let l=Xr(p(t,"pubKeyCredParams"),e);if(!l.ok)return l;let c=t.timeout;if(c!==void 0&&!D(c))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let g=t.excludeCredentials;if(g!==void 0){if(!L(g))return o("Invalid API response: excludeCredentials must be array",{originalData:e});for(let R of g)if(!m(R)||R.type!=="public-key"||!u(R.id))return o("Invalid API response: excludeCredentials items must have id and type",{originalData:e})}let h=t.authenticatorSelection;return h!==void 0&&!m(h)?o("Invalid API response: authenticatorSelection must be object",{originalData:e}):d({session_id:r,challenge:{rp:t.rp,user:t.user,challenge:i,pubKeyCredParams:t.pubKeyCredParams,...c!==void 0&&{timeout:c},...g!==void 0&&{excludeCredentials:g},...h!==void 0&&{authenticatorSelection:h}}})}function be(e,r){if(!m(e))return o("Invalid API response: user must be object",{field:"user",originalData:r});let t=p(e,"user_id"),n=p(e,"external_user_id");if(!u(t)||!u(n))return o("Invalid API response: user must have user_id and external_user_id strings",{originalData:r});let s=e.email,i=e.metadata;return s!==void 0&&!u(s)?o("Invalid API response: user.email must be string",{originalData:r}):i!==void 0&&(typeof i!="object"||i===null)?o("Invalid API response: user.metadata must be object",{originalData:r}):d({user_id:t,external_user_id:n,...s!==void 0&&{email:s},...i!==void 0&&{metadata:i}})}function Te(e){let r=ee(e);return r.ok?d({session_id:r.value.session_id,challenge:r.value.challenge}):r}function Ie(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});let t=p(e,"challenge");if(!m(t))return o("Invalid API response: challenge must be object",{field:"challenge",originalData:e});let n=p(t,"challenge"),s=p(t,"rpId"),i=t.allowCredentials;if(!u(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!u(s))return o("Invalid API response: challenge.rpId must be string",{originalData:e});if(i!==void 0&&!L(i))return o("Invalid API response: allowCredentials must be array",{originalData:e});if(i){for(let g of i)if(!m(g)||g.type!=="public-key"||!u(g.id))return o("Invalid API response: allowCredentials items must have id and type",{originalData:e})}let l=t.timeout;if(l!==void 0&&!D(l))return o("Invalid API response: challenge.timeout must be number",{originalData:e});let c=t.userVerification;return c!==void 0&&!["required","preferred","discouraged"].includes(String(c))?o("Invalid API response: userVerification must be required|preferred|discouraged",{originalData:e}):d({session_id:r,challenge:{challenge:n,rpId:s,allowCredentials:i??[],...l!==void 0&&{timeout:l},...c!==void 0&&{userVerification:c}}})}function Ae(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"credential_id"),t=p(e,"status"),n=p(e,"session_token"),s=p(e,"user");if(!u(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!u(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!u(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=be(s,e);if(!i.ok)return a(i.error);let l=e.redirect_url;return l!==void 0&&!u(l)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({credential_id:r,status:t,session_token:n,user:i.value,...l!==void 0&&{redirect_url:l}})}function Ce(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"authenticated"),t=p(e,"session_token"),n=p(e,"user"),s=p(e,"signals");if(!Q(r))return o("Invalid API response: authenticated must be boolean",{field:"authenticated",originalData:e});if(!u(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=be(n,e);if(!i.ok)return a(i.error);if(s!==void 0&&!m(s))return o("Invalid API response: signals must be object",{originalData:e});let l=e.redirect_url;return l!==void 0&&!u(l)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({authenticated:r,session_token:t,user:i.value,signals:s,...l!==void 0&&{redirect_url:l}})}function Se(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"valid"),t=p(e,"user_id"),n=p(e,"external_user_id"),s=p(e,"tenant_id"),i=p(e,"app_id");return Q(r)?u(t)?u(n)?u(s)?u(i)?d({valid:r,user_id:t,external_user_id:n,tenant_id:s,app_id:i}):o("Invalid API response: app_id must be string",{field:"app_id",originalData:e}):o("Invalid API response: tenant_id must be string",{field:"tenant_id",originalData:e}):o("Invalid API response: external_user_id must be string",{field:"external_user_id",originalData:e}):o("Invalid API response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid API response: valid must be boolean",{field:"valid",originalData:e})}function ke(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=e.session_token??e.sessionToken;if(!u(r))return o("Invalid API response: session_token/sessionToken must be string",{field:"session_token",originalData:e});let t=e.redirect_url;return t!==void 0&&!u(t)?o("Invalid API response: redirect_url must be string",{originalData:e}):d({sessionToken:r,...t!==void 0&&{redirectUrl:t}})}var Yr=["pending_passkey","pending_data","completed"],$r=["pending_data","completed"];function xe(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"onboarding_url"),n=p(e,"expires_in");return u(r)?u(t)?D(n)?d({session_id:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{field:"expires_in",originalData:e}):o("Invalid API response: onboarding_url must be string",{field:"onboarding_url",originalData:e}):o("Invalid API response: session_id must be string",{field:"session_id",originalData:e})}function Oe(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"status"),t=p(e,"onboarding_url"),n=p(e,"expires_in");return!u(r)||!Yr.includes(r)?o("Invalid API response: status must be pending_passkey|pending_data|completed",{field:"status",originalData:e}):u(t)?D(n)?d({status:r,onboarding_url:t,expires_in:n}):o("Invalid API response: expires_in must be number",{originalData:e}):o("Invalid API response: onboarding_url must be string",{originalData:e})}function Pe(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"onboarding_url");if(!u(r))return o("Invalid API response: session_id must be string",{field:"session_id",originalData:e});if(t!=="pending_passkey")return o("Invalid API response: status must be pending_passkey",{field:"status",originalData:e});if(!u(n))return o("Invalid API response: onboarding_url must be string",{originalData:e});let s=e.challenge,i;if(s!==void 0){let l=zr(s);if(!l.ok)return l;i=l.value}return d({session_id:r,status:"pending_passkey",onboarding_url:n,...i!==void 0&&{challenge:i}})}function zr(e){if(!m(e))return o("Invalid API response: challenge must be object",{originalData:e});let r=p(e,"rp"),t=p(e,"user"),n=p(e,"challenge"),s=p(e,"pubKeyCredParams");if(!m(r)||!u(r.name)||!u(r.id))return o("Invalid API response: challenge.rp must have name and id",{originalData:e});if(!m(t)||!u(t.id)||!u(t.name)||!u(t.displayName))return o("Invalid API response: challenge.user must have id, name, displayName",{originalData:e});if(!u(n))return o("Invalid API response: challenge.challenge must be string",{originalData:e});if(!L(s))return o("Invalid API response: challenge.pubKeyCredParams must be array",{originalData:e});for(let i of s)if(!m(i)||i.type!=="public-key"||!D(i.alg))return o("Invalid API response: pubKeyCredParams items must have type and alg",{originalData:e});return d({rp:r,user:t,challenge:n,pubKeyCredParams:s})}function Me(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"user_id"),s=p(e,"tenant_id");return u(r)?!u(t)||!$r.includes(t)?o("Invalid API response: status must be pending_data|completed",{originalData:e}):u(n)?u(s)?d({session_id:r,status:t,user_id:n,tenant_id:s}):o("Invalid API response: tenant_id must be string",{originalData:e}):o("Invalid API response: user_id must be string",{originalData:e}):o("Invalid API response: session_id must be string",{originalData:e})}function De(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"session_id"),t=p(e,"status"),n=p(e,"user_id"),s=p(e,"tenant_id"),i=p(e,"session_token");return u(r)?t!=="completed"?o("Invalid API response: status must be completed",{originalData:e}):!u(n)||!u(s)||!u(i)?o("Invalid API response: user_id, tenant_id, session_token must be strings",{originalData:e}):d({session_id:r,status:"completed",user_id:n,tenant_id:s,session_token:i}):o("Invalid API response: session_id must be string",{originalData:e})}function re(e){return e==null?d(void 0):m(e)&&Object.keys(e).length===0?d(void 0):o("Invalid API response: expected empty body (204)",{originalData:e})}function Jr(e){if(!e||typeof e!="object")return!1;let r=e;return typeof r.challenge=="string"&&r.rp!=null&&typeof r.rp=="object"&&r.user!=null&&typeof r.user=="object"&&Array.isArray(r.pubKeyCredParams)}function Zr(e){if(!e||typeof e!="object")return!1;let r=e;return typeof r.challenge=="string"&&typeof r.rpId=="string"}function te(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&m(e.resultado)?e.resultado:e,t=r.session_id,n=r.qr_url,s=r.expires_at,i=r.polling_token;if(!u(t)||!u(n)||!u(s)||!u(i))return o("Invalid API response: missing required fields",{originalData:e});let l={session_id:t,qr_url:n,expires_at:s,polling_token:i};return r.external_user_id!==void 0&&u(r.external_user_id)&&(l.external_user_id=r.external_user_id),d(l)}function we(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r="resultado"in e&&m(e.resultado)?e.resultado:e,t=r.status;if(!u(t)||!["pending","authenticated","completed"].includes(t))return o("Invalid API response: invalid status",{originalData:e});let n=r.user_id,s=r.session_token,i=r.redirect_url;return n!==void 0&&!u(n)?o("Invalid API response: user_id must be a string when present",{originalData:e}):s!==void 0&&!u(s)?o("Invalid API response: session_token must be a string when present",{originalData:e}):i!==void 0&&!u(i)?o("Invalid API response: redirect_url must be a string when present",{originalData:e}):d({status:t,user_id:n,session_token:s,redirect_url:i})}function Ne(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=e.type,t=r==="registration"?"registration":"auth",n=e.options;if(!m(n))return o("Invalid API response: options are required",{originalData:e});let s=200,i=lr(e.approval_context,s),l=lr(e.application_name,s);if(i===!1||l===!1)return o("Invalid API response: approval_context/application_name must be string max 200 chars",{originalData:e});let c={};return typeof i=="string"&&(c.approval_context=i),typeof l=="string"&&(c.application_name=l),t==="registration"?Jr(n)?d({type:"registration",options:n,...c}):o("Invalid API response: registration options must have challenge, rp, user, pubKeyCredParams",{originalData:e}):Zr(n)?d({type:"auth",options:n,...c}):o("Invalid API response: auth options must have challenge and rpId",{originalData:e})}function lr(e,r){if(e!=null)return typeof e!="string"||e.length>r?!1:e}function Ue(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"challenge"),t=p(e,"recovery_session_id");return m(r)?u(t)?d({challenge:r,recovery_session_id:t}):o("Invalid API response: recovery_session_id must be string",{field:"recovery_session_id",originalData:e}):o("Invalid API response: challenge must be object",{field:"challenge",originalData:e})}function Be(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"status"),t=p(e,"session_token"),n=p(e,"user"),s=p(e,"credential_id");if(!u(r))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!u(t))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});if(!u(s))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!m(n))return o("Invalid API response: user must be object",{field:"user",originalData:e});let i=p(n,"user_id");if(!u(i))return o("Invalid API response: user.user_id must be string",{field:"user.user_id",originalData:e});let c=e.redirect_url;if(c!==void 0&&!u(c))return o("Invalid API response: redirect_url must be string",{field:"redirect_url",originalData:e});let g=n;return d({status:r,session_token:t,credential_id:s,user:{user_id:i,external_user_id:u(g.external_user_id)?g.external_user_id:void 0,email:u(g.email)?g.email:void 0,metadata:m(g.metadata)?g.metadata:void 0},...c!==void 0&&{redirect_url:c}})}function Le(e){let r=ee(e);return r.ok?d({session_id:r.value.session_id,challenge:r.value.challenge}):r}function Qr(e,r){if(!m(e))return o("Invalid API response: user must be object",{field:"user",originalData:r});let t=p(e,"user_id");if(!u(t))return o("Invalid API response: user.user_id must be string",{originalData:r});let n=e.external_user_id;if(n!==void 0&&!u(n))return o("Invalid API response: user.external_user_id must be string",{originalData:r});let s=e.email;if(s!==void 0&&!u(s))return o("Invalid API response: user.email must be string",{originalData:r});let i=e.metadata;return i!==void 0&&(typeof i!="object"||i===null)?o("Invalid API response: user.metadata must be object",{originalData:r}):d({user_id:t,...n!==void 0&&{external_user_id:n},...s!==void 0&&{email:s},...i!==void 0&&{metadata:i}})}function Fe(e){if(!m(e))return o("Invalid API response: expected object",{originalData:e});let r=p(e,"credential_id"),t=p(e,"status"),n=p(e,"session_token"),s=p(e,"user");if(!u(r))return o("Invalid API response: credential_id must be string",{field:"credential_id",originalData:e});if(!u(t))return o("Invalid API response: status must be string",{field:"status",originalData:e});if(!u(n))return o("Invalid API response: session_token must be string",{field:"session_token",originalData:e});let i=Qr(s,e);return i.ok?d({credential_id:r,status:t,session_token:n,user:i.value}):i}var et=["pending","pin_verified","pin_locked","completed"];function Ke(e){if(!m(e))return o("Invalid bridge context response: expected object",{originalData:e});let r=p(e,"type");if(r!=="auth"&&r!=="registration")return o('Invalid bridge context response: type must be "auth" or "registration"',{field:"type",expected:"auth | registration",originalData:e});let t=p(e,"options");if(!m(t))return o("Invalid bridge context response: options must be object",{field:"options",originalData:e});let n=e.application_name;return n!==void 0&&!u(n)?o("Invalid bridge context response: application_name must be string",{field:"application_name",originalData:e}):d({type:r,options:t,...n!==void 0&&{application_name:n}})}function je(e){if(!m(e))return o("Invalid bridge verify response: expected object",{originalData:e});let r=p(e,"session_id");if(!u(r)||r.trim()==="")return o("Invalid bridge verify response: session_id must be non-empty string (UUID expected)",{field:"session_id",originalData:e});let t=e.challenge;if(t!==void 0&&!u(t))return o("Invalid bridge verify response: challenge must be string when present",{field:"challenge",originalData:e});let n=e.registration_options;if(n!==void 0&&!m(n))return o("Invalid bridge verify response: registration_options must be object when present",{field:"registration_options",originalData:e});let s=e.authentication_options;return s!==void 0&&!m(s)?o("Invalid bridge verify response: authentication_options must be object when present",{field:"authentication_options",originalData:e}):d({session_id:r,...t!==void 0&&{challenge:t},...n!==void 0&&{registration_options:n},...s!==void 0&&{authentication_options:s}})}function He(e){if(!m(e))return o("Invalid bridge complete enrollment response: expected object",{originalData:e});let r=p(e,"credential_id"),t=p(e,"entity_id"),n=p(e,"user_id"),s=p(e,"session_token");return u(r)?u(t)?u(n)?u(s)?d({credential_id:r,entity_id:t,user_id:n,session_token:s}):o("Invalid bridge complete enrollment response: session_token must be string",{field:"session_token",originalData:e}):o("Invalid bridge complete enrollment response: user_id must be string",{field:"user_id",originalData:e}):o("Invalid bridge complete enrollment response: entity_id must be string",{field:"entity_id",originalData:e}):o("Invalid bridge complete enrollment response: credential_id must be string",{field:"credential_id",originalData:e})}function Ve(e){if(!m(e))return o("Invalid bridge complete auth response: expected object",{originalData:e});let r=p(e,"session_token");return u(r)?d({session_token:r}):o("Invalid bridge complete auth response: session_token must be string",{field:"session_token",originalData:e})}function qe(e){if(!m(e))return o("Invalid bridge status response: expected object",{originalData:e});let r=p(e,"status");if(typeof r!="string"||!et.includes(r))return o("Invalid bridge status response: status must be one of pending, pin_verified, pin_locked, completed",{field:"status",originalData:e});let t=e.ts;return t!==void 0&&!u(t)?o("Invalid bridge status response: ts must be string when present",{field:"ts",originalData:e}):d({status:r,...t!==void 0&&{ts:t}})}var ne=class{constructor(r,t,n={}){this.httpClient=r;this.baseUrl=t;this.defaultHeaders=n}mergeHeaders(r){return{...this.defaultHeaders,...r}}async post(r,t,n,s){let i=`${this.baseUrl}${r}`,l=await this.httpClient.post(i,t,this.mergeHeaders(s));return l.ok?n(l.value):a(l.error)}async get(r,t,n){let s=`${this.baseUrl}${r}`,i=await this.httpClient.get(s,this.mergeHeaders(n));return i.ok?t(i.value):a(i.error)}async startRegister(r){return this.post("/v1/passkeys/register/start",r,Te)}async startAuth(r){return this.post("/v1/passkeys/auth/start",r,Ie)}async finishRegister(r){return this.post("/v1/passkeys/register/finish",r,Ae)}async finishAuthentication(r){return this.post("/v1/passkeys/auth/finish",r,Ce)}async validateSession(r){return this.get("/v1/sessions/validate",Se,{Authorization:`Bearer ${r}`})}async startEmailFallback(r){let t=`${this.baseUrl}/v1/fallback/email/start`,n=await this.httpClient.post(t,{userId:r.userId,email:r.email},this.mergeHeaders());return n.ok?d(void 0):a(n.error)}async verifyEmailCode(r){let t={userId:r.userId,code:r.code};return r.successUrl&&(t.success_url=r.successUrl),this.post("/v1/fallback/email/verify",t,ke)}async startOnboarding(r){return this.post("/v1/onboarding/start",r,xe)}async getOnboardingStatus(r){return this.get(`/v1/onboarding/${r}/status`,Oe)}async getOnboardingRegister(r){return this.get(`/v1/onboarding/${r}/register`,Pe)}async registerOnboardingPasskey(r,t){return this.post(`/v1/onboarding/${r}/register-passkey`,t,Me)}async completeOnboarding(r,t){return this.post(`/v1/onboarding/${r}/complete`,t,De)}async initCrossDeviceAuth(){return this.post("/v1/auth/cross-device/init",{},te)}async initCrossDeviceRegistration(r){let t=typeof r?.externalUserId=="string"?r.externalUserId.trim():"",n=t.length>0?{external_user_id:t}:{};return this.post("/v1/auth/cross-device/init-registration",n,te)}async getCrossDeviceStatus(r,t){let n={};return typeof t=="string"&&t.length>0&&(n["X-Polling-Token"]=t),this.get(`/v1/auth/cross-device/status/${r}`,we,Object.keys(n).length>0?n:void 0)}async getCrossDeviceContext(r){return this.get(`/v1/auth/cross-device/context/${r}`,Ne)}async verifyCrossDeviceAuth(r){return this.post("/v1/auth/cross-device/verify",r,re)}async verifyCrossDeviceRegistration(r){return this.post("/v1/auth/cross-device/verify-registration",r,re)}async verifyAccountRecoveryOtp(r,t){return this.post("/v1/users/recovery/verify",{external_id:r,otp:t},Ue)}async completeAccountRecovery(r,t){return this.post("/v1/users/recovery/complete",{recovery_session_id:r,credential:t},Be)}async startEnrollment(r,t,n){return this.post("/v1/enrollment/register/options",{ticket_id:r,context_hash:t},Le,n)}async finishEnrollment(r,t,n){return this.post("/v1/enrollment/register",{...t,ticket_id:r},Fe,n)}bridgePrefix(r){return r==="enrollment"?sr:ir}async getBridgeContext(r,t,n){return this.get(`${this.bridgePrefix(t)}/context/${r}`,Ke,n)}async verifyBridgePin(r,t,n,s){return this.post(`${this.bridgePrefix(n)}/verify/${r}`,{pin:t},je,s)}async completeBridgeEnrollment(r,t){return this.post(`${this.bridgePrefix("enrollment")}/complete`,r,He,t)}async completeBridgeAuth(r,t){return this.post(`${this.bridgePrefix("auth")}/complete`,r,Ve,t)}getBridgeStatusUrl(r,t){return`${this.baseUrl}${this.bridgePrefix(t)}/status/${r}`}async getBridgeStatus(r,t,n){return this.get(`${this.bridgePrefix(t)}/status/${r}`,qe,n)}};function rt(e){return typeof e=="object"&&e!==null&&e.ok===!0&&"resultado"in e}function dr(e){if(typeof e!="object"||e===null)return!1;let r=e;if(r.ok!==!1||!r.error||typeof r.error!="object")return!1;let t=r.error;return typeof t.code=="string"&&typeof t.message=="string"}function ur(e,r){if(dr(e))return{message:e.error.message,code:X(e.error.code)};let t=e,n=t?.error;if(typeof n=="object"&&n!==null&&"code"in n&&typeof n.code=="string")return{message:n.message??t?.message??r,code:X(n.code)};let s=t?.message??r,i=t?.error,l=typeof i=="string"?X(i):i===void 0?"NETWORK_FAILURE":X(String(i));return{message:s,code:l}}function tt(){if(typeof globalThis.crypto<"u"&&typeof globalThis.crypto.randomUUID=="function")return globalThis.crypto.randomUUID();throw new Error("Web Crypto API is required but not available.")}function cr(e,r){let t=r*Math.pow(2,e);return Math.min(t,3e4)}function nt(e,r){return e!=="GET"?!1:r>=500||r===429}var se=class{constructor(r,t=0,n=1e3,s){this.timeoutMs=r;this.maxRetries=t;this.retryDelayMs=n;this.logger=s}async get(r,t){return this.request(r,{method:"GET",headers:t})}async post(r,t,n){return this.request(r,{method:"POST",body:JSON.stringify(t),headers:{"Content-Type":"application/json",...n}})}async request(r,t){let n=(t.method??"GET").toUpperCase(),s=tt(),i=new Headers(t.headers);i.set("X-Request-Id",s),this.logger&&this.logger.debug("request",{requestId:s,url:r,method:n});let l;for(let c=0;c<=this.maxRetries;c++)try{let g=new AbortController,h=setTimeout(()=>g.abort(),this.timeoutMs);try{let R=await fetch(r,{...t,headers:i,signal:g.signal});if(!R.ok){let I;try{I=await R.json()}catch{}let{message:T,code:S}=ur(I,R.statusText),C=y(S,T,{requestId:s,status:R.status,statusText:R.statusText,data:I});if(nt(n,R.status)&&c<this.maxRetries){l=C,clearTimeout(h),await new Promise(k=>setTimeout(k,cr(c,this.retryDelayMs)));continue}return a(C)}if(R.status===204)return d(void 0);if(R.headers.get("content-length")==="0")return d(void 0);let v=await R.json();if(rt(v))return d(v.resultado);let E=v;if(typeof v=="object"&&v!==null&&E.ok===!0&&!("resultado"in E))return d(void 0);if(dr(v)){let{message:I,code:T}=ur(v,R.statusText);return a(y(T,I,{requestId:s,status:R.status,statusText:R.statusText,data:v}))}return d(v)}finally{clearTimeout(h)}}catch(g){if(l=g,n==="GET"&&c<this.maxRetries)await new Promise(R=>setTimeout(R,cr(c,this.retryDelayMs)));else break}return l instanceof Error&&l.name==="AbortError"?a(y("TIMEOUT","Request timed out",{requestId:s})):a(y("NETWORK_FAILURE",l instanceof Error?l.message:"Request failed",{requestId:s,cause:l}))}};function M(e){let r=new Uint8Array(e),t=Array.from(r,s=>String.fromCharCode(s)).join("");if(typeof globalThis.btoa>"u")throw Ee("encode");return globalThis.btoa(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function st(e){if(typeof globalThis.atob>"u")throw Ee("decode");let r=e.replace(/-/g,"+").replace(/_/g,"/"),t=r.length%4,n=t===0?r:r+"=".repeat(4-t),s=globalThis.atob(n);return Uint8Array.from(s,i=>i.charCodeAt(0))}function F(e){let r=st(e),t=new ArrayBuffer(r.length);return new Uint8Array(t).set(r),t}function pr(e){return e!==null&&typeof e=="object"&&"clientDataJSON"in e&&e.clientDataJSON instanceof ArrayBuffer}function O(e){if(!e.response)throw y("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!pr(r))throw y("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("attestationObject"in r))throw y("UNKNOWN_ERROR","Invalid credential response structure for register: attestationObject is missing",{response:r});let t=r.clientDataJSON,n=r.attestationObject;return{id:e.id,rawId:M(e.rawId),response:{clientDataJSON:M(t),attestationObject:M(n)},type:"public-key"}}function K(e){if(!e.response)throw y("UNKNOWN_ERROR","Credential response is missing",{credential:e});let r=e.response;if(!pr(r))throw y("UNKNOWN_ERROR","Invalid credential response structure",{response:r});if(!("authenticatorData"in r)||!("signature"in r))throw y("UNKNOWN_ERROR","Invalid credential response structure for auth: authenticatorData or signature is missing",{response:r});let t=r.clientDataJSON,n=r.authenticatorData,s=r.signature,i=r.userHandle;return{id:e.id,rawId:M(e.rawId),response:{authenticatorData:M(n),clientDataJSON:M(t),signature:M(s),...i&&{userHandle:M(i)}},type:"public-key"}}function x(e,r="create"){if(!e||typeof e!="object"||!("id"in e)||!("rawId"in e)||!("response"in e))throw ar(r)}function j(){try{return!(typeof navigator>"u"||!navigator.credentials||typeof PublicKeyCredential>"u")}catch{return!1}}async function it(){try{return!j()||typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable!="function"?!1:await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()}catch{return!1}}async function gr(){let e=j(),r=await it();return{isPasskeySupported:e,platformAuthenticatorAvailable:r,recommendedFlow:e?"passkey":"fallback"}}async function Y(e){let{operation:r,eventEmitter:t,start:n,createOptions:s,invoke:i,finish:l}=e;try{if(t.emit("start",{type:"start",operation:r}),!j()){let f=or();return t.emit("error",{type:"error",error:f}),a(f)}let c=await n();if(!c.ok)return t.emit("error",{type:"error",error:c.error}),a(c.error);let g=s(c.value);if(!g.ok)return t.emit("error",{type:"error",error:g.error}),a(g.error);let h=await i(g.value);if(!h){let f=b("credential",`${r==="register"?"creation":"retrieval"} failed`);return t.emit("error",{type:"error",error:f}),a(f)}try{x(h)}catch(f){let v=_(f);return t.emit("error",{type:"error",error:v}),a(v)}let R=await l(c.value,h);return R.ok?d(R.value):(t.emit("error",{type:"error",error:R.error}),a(R.error))}catch(c){let g=_(c);return t.emit("error",{type:"error",error:g}),a(g)}}function P(e,r){try{Z(e.challenge,"challenge"),Z(e.user.id,"user.id");let t=F(e.challenge),n=F(e.user.id),s={userVerification:"preferred"};e.authenticatorSelection&&(s={...e.authenticatorSelection}),r&&(s={...s,authenticatorAttachment:r});let i={rp:{id:e.rp.id,name:e.rp.name},user:{id:n,name:e.user.name,displayName:e.user.displayName},challenge:t,pubKeyCredParams:e.pubKeyCredParams,...e.timeout!==void 0&&{timeout:e.timeout},attestation:"none",authenticatorSelection:s,...e.excludeCredentials&&{excludeCredentials:e.excludeCredentials.map(l=>({id:F(l.id),type:l.type,...l.transports&&{transports:l.transports}}))}};return d({publicKey:i})}catch(t){return a(_(t))}}async function mr(e,r){let t=P(e);if(!t.ok)return a(t.error);let n={...t.value,...r!==void 0&&{signal:r}},s;try{s=await navigator.credentials.create(n)}catch(i){return a(_(i))}try{x(s,"create")}catch(i){return a(_(i))}try{return d(O(s))}catch(i){return a(_(i))}}function $(e,r){try{Z(e.challenge,"challenge");let t=F(e.challenge);return d({publicKey:{challenge:t,rpId:e.rpId,...e.timeout!==void 0&&{timeout:e.timeout},userVerification:e.userVerification??"preferred",...e.allowCredentials&&{allowCredentials:e.allowCredentials.map(n=>({id:F(n.id),type:n.type,...n.transports&&{transports:n.transports}}))}},...r!==void 0&&{mediation:r}})}catch(t){return a(_(t))}}async function fr(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=b("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:i}),a(i)}let s=await Y({operation:"register",eventEmitter:t,start:()=>r.startRegister({external_user_id:n}),createOptions:i=>P(i.challenge,e.authenticatorType),invoke:async i=>{let l={...i,...e.signal&&{signal:e.signal}};return navigator.credentials.create(l)},finish:async(i,l)=>{let c=await r.finishRegister({session_id:i.session_id,credential:O(l),...e.successUrl&&{success_url:e.successUrl}});return c.ok?d({success:!0,credentialId:c.value.credential_id,credential_id:c.value.credential_id,status:c.value.status,sessionToken:c.value.session_token,user:{userId:c.value.user.user_id,externalUserId:c.value.user.external_user_id,email:c.value.user.email,metadata:c.value.user.metadata},...c.value.redirect_url&&{redirectUrl:c.value.redirect_url}}):a(c.error)}});return s.ok&&t.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}async function Rr(e,r,t){let n=e.externalUserId??e.external_user_id,s=n!==void 0&&typeof n=="string"&&n.trim()!=="",i=await Y({operation:"authenticate",eventEmitter:t,start:()=>r.startAuth(s?{external_user_id:n.trim()}:{}),createOptions:l=>$(l.challenge,e.mediation),invoke:async l=>{let c={...l,...e.signal&&{signal:e.signal}};return navigator.credentials.get(c)},finish:async(l,c)=>{let g=await r.finishAuthentication({session_id:l.session_id,credential:K(c),...e.successUrl&&{success_url:e.successUrl}});return g.ok?d({authenticated:g.value.authenticated,sessionToken:g.value.session_token,user:{userId:g.value.user.user_id,externalUserId:g.value.user.external_user_id,email:g.value.user.email,metadata:g.value.user.metadata},signals:g.value.signals,...g.value.redirect_url&&{redirectUrl:g.value.redirect_url}}):a(g.error)}});return i.ok&&t.emit("success",{type:"success",operation:"authenticate",token:i.value.sessionToken,user:i.value.user}),i}async function ie(e,r){return r?r.aborted?"aborted":new Promise(t=>{let n=()=>{s(),t("aborted")},s=()=>{clearTimeout(i),r.removeEventListener("abort",n)},i=setTimeout(()=>{s(),t("completed")},e);r.addEventListener("abort",n)}):(await new Promise(t=>setTimeout(t,e)),"completed")}var ot=2e3,at=60,oe=class{constructor(r){this.apiClient=r}async startFlow(r,t){let n=await this.apiClient.startOnboarding({user_role:r.user_role});if(!n.ok)return a(n.error);let{session_id:s}=n.value;for(let i=0;i<at;i++){if(t?.aborted)return a(y("ABORT_ERROR","Operation aborted by user or timeout"));if(await ie(ot,t)==="aborted")return a(y("ABORT_ERROR","Operation aborted by user or timeout"));let c=await this.apiClient.getOnboardingStatus(s);if(!c.ok)return a(c.error);let g=c.value.status,h=c.value.onboarding_url;if(g==="pending_passkey"){let R=await this.apiClient.getOnboardingRegister(s);if(!R.ok)return a(R.error);let f=R.value;if(!f.challenge)return a(y("NOT_SUPPORTED","Onboarding requires user action - complete passkey registration at the provided onboarding_url",{onboarding_url:h}));let v=P(f.challenge);if(!v.ok)return a(v.error);let E;try{E=await navigator.credentials.create(v.value)}catch(C){return a(_(C))}try{x(E,"create")}catch(C){return a(_(C))}let I;try{I=O(E)}catch(C){return a(_(C))}let T=await this.apiClient.registerOnboardingPasskey(s,{credential:I,challenge:f.challenge.challenge});return T.ok?await this.apiClient.completeOnboarding(s,{company_name:r.company_name}):a(T.error)}if(g==="completed")return await this.apiClient.completeOnboarding(s,{company_name:r.company_name})}return a(y("TIMEOUT","Onboarding timed out"))}};var yr="trymellon_context_hash";var lt=/^[a-f0-9]{64}$/;function ut(e){return typeof e=="string"&<.test(e)}function ct(){let e=new Uint8Array(32);if(typeof crypto<"u"&&crypto.getRandomValues)crypto.getRandomValues(e);else throw new Error("crypto.getRandomValues is not available");return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function dt(){let e=null;return{getItem(){return e},setItem(r,t){e=t}}}var hr=dt();function vr(e){let r=e.getItem(yr);if(r&&ut(r))return r;let t=ct();return e.setItem(yr,t),t}function H(e){let r=e??hr;try{return vr(r)}catch{return vr(hr)}}var ae=class{constructor(r,t){this.apiClient=r;this.storage=t}async enroll(r){if(r.signal?.aborted)return a(y("ABORT_ERROR","Operation aborted by user or timeout"));let t=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),n=H(t),s=await this.apiClient.startEnrollment(r.ticketId,n);if(!s.ok)return a(s.error);let i=await mr(s.value.challenge,r.signal);if(!i.ok)return a(i.error);let l=await this.apiClient.finishEnrollment(r.ticketId,{credential:i.value,context_hash:n});return l.ok?d({sessionToken:l.value.session_token}):a(l.error)}};var pt=2e3,gt=60,le=class{constructor(r){this.apiClient=r}async init(){return this.apiClient.initCrossDeviceAuth()}async initRegistration(r){return this.apiClient.initCrossDeviceRegistration(r)}async waitForSession(r,t,n){if(t?.aborted)return a(y("ABORT_ERROR","Operation aborted by user or timeout"));for(let s=0;s<gt;s++){let i=await this.apiClient.getCrossDeviceStatus(r,n);if(!i.ok)return a(i.error);if(i.value.status==="completed"){if(!i.value.session_token||!i.value.user_id)return a(y("UNKNOWN_ERROR","Missing data in completed session"));let c=i.value.redirect_url!=null&&i.value.redirect_url!==""?i.value.redirect_url:void 0;return d({session_token:i.value.session_token,user_id:i.value.user_id,...c!==void 0&&{redirectUrl:c}})}if(await ie(pt,t)==="aborted")return a(y("ABORT_ERROR","Operation aborted by user or timeout"))}return a(y("TIMEOUT","Cross-device authentication timed out"))}async approve(r){let t=await this.apiClient.getCrossDeviceContext(r);if(!t.ok)return a(t.error);let n=t.value;return n.type==="registration"?this.executeRegistrationApproval(r,n):this.executeAuthApproval(r,n)}async executeRegistrationApproval(r,t){let n=P(t.options);if(!n.ok)return a(n.error);let s;try{s=await navigator.credentials.create(n.value)}catch(l){return a(_(l))}try{x(s,"create")}catch(l){return a(_(l))}let i;try{i=O(s)}catch(l){return a(_(l))}return this.apiClient.verifyCrossDeviceRegistration({session_id:r,credential:i})}async executeAuthApproval(r,t){let n=$(t.options);if(!n.ok)return a(n.error);let s;try{s=await navigator.credentials.get(n.value)}catch(l){return a(_(l))}try{x(s,"get")}catch(l){return a(_(l))}let i;try{i=K(s)}catch(l){return a(_(l))}return this.apiClient.verifyCrossDeviceAuth({session_id:r,credential:i})}};var mt=new Set(["pin_verified","pin_locked","completed"]),ft=1500,Rt=3e5;function Er(e){return mt.has(e)}function ue(e){return e==null||typeof e!="string"||e.trim()===""?a(b("sessionId","must be a non-empty string")):d(e.trim())}function yt(e){return{sessionToken:e.session_token,credentialId:e.credential_id,userId:e.user_id,entityId:e.entity_id}}function ht(e){return{sessionToken:e.session_token}}async function vt(e,r,t,n){let i=(n.presencePin!=null&&n.presencePin!==""?n.presencePin:null)??(typeof n.onPinRequired=="function"?await n.onPinRequired():null);return i==null||i===""?a(y("INVALID_ARGUMENT","Bridge requires PIN: provide presencePin or onPinRequired in options")):e.verifyBridgePin(r,i,t)}var ce=class{constructor(r,t){this.apiClient=r;this.storage=t}async waitForResult(r,t){let n=ue(r);if(!n.ok)return a(n.error);let s=t?.kind??"enrollment",i=t?.useSse!==!1,l=t?.timeoutMs??Rt,c=async g=>{for(;;){let h=await this.apiClient.getBridgeStatus(n.value,s);if(!h.ok)return a(h.error);if(Er(h.value.status))return d(h.value);if(Date.now()-g>=l)return a(y("TIMEOUT","Bridge status wait timed out"));await new Promise(R=>setTimeout(R,ft))}};return i&&typeof EventSource<"u"?new Promise(g=>{let h=this.apiClient.getBridgeStatusUrl(n.value,s),R=!1,f=E=>{if(!R){R=!0;try{v.close()}catch{}g(E)}},v;try{v=new EventSource(h)}catch{c(Date.now()).then(f);return}v.onmessage=E=>{try{let I=typeof E.data=="string"?E.data:String(E.data),T=JSON.parse(I);if(T!==null&&typeof T=="object"&&"status"in T&&typeof T.status=="string"){let S=T.status;if(Er(S)){let C=T.ts;f(d({status:S,...typeof C=="string"&&{ts:C}}))}}}catch{}},v.onerror=()=>{if(!R){try{v.close()}catch{}c(Date.now()).then(f)}}}):c(Date.now())}async getContext(r,t){let n=ue(r);return n.ok?this.apiClient.getBridgeContext(n.value,t):a(n.error)}async verifyPin(r,t,n){let s=ue(r);return s.ok?t==null||typeof t!="string"||t===""?a(b("pin","must be a non-empty string")):this.apiClient.verifyBridgePin(s.value,t,n):a(s.error)}async complete(r,t){let n=ue(r);if(!n.ok)return a(n.error);let s=t?.kind??"enrollment",i=await this.apiClient.getBridgeContext(n.value,s);if(!i.ok)return a(i.error);let l=i.value,c=await vt(this.apiClient,n.value,s,t??{kind:s});if(!c.ok)return a(c.error);let g=c.value;if(t?.signal?.aborted)return a(y("ABORT_ERROR","Operation aborted by user or timeout"));let h=l.type==="registration"?"enrollment":"auth";if(s!==h)return a(y("INVALID_ARGUMENT",`Bridge context type "${l.type}" does not match kind "${s}"`));if(l.type==="registration"){if(!t?.ticketId?.trim()||!t?.entityId?.trim())return a(b("ticketId/entityId","required for enrollment bridge complete"));let S=g.registration_options;if(!S||typeof S!="object")return a(y("UNKNOWN_ERROR","Bridge verify response missing registration_options"));let C=P(S);if(!C.ok)return a(C.error);let k={...C.value,...t.signal!==void 0&&{signal:t.signal}},w;try{w=await navigator.credentials.create(k)}catch(Re){return a(_(Re))}try{x(w,"create")}catch(Re){return a(_(Re))}let A=O(w),q=this.storage??(typeof sessionStorage<"u"?sessionStorage:void 0),Pr=H(q),fe=await this.apiClient.completeBridgeEnrollment({session_id:n.value,ticket_id:t.ticketId,entity_id:t.entityId,context_hash:Pr,registration_response:{id:A.id,rawId:A.rawId,response:A.response,type:A.type}});return fe.ok?d(yt(fe.value)):a(fe.error)}let R=g.authentication_options;if(!R||typeof R!="object")return a(y("UNKNOWN_ERROR","Bridge verify response missing authentication_options"));let f=$(R);if(!f.ok)return a(f.error);let v={...f.value,...t?.signal!==void 0&&{signal:t.signal}},E;try{E=await navigator.credentials.get(v)}catch(S){return a(_(S))}try{x(E,"get")}catch(S){return a(_(S))}let I=K(E),T=await this.apiClient.completeBridgeAuth({session_id:n.value,credential:{id:I.id,rawId:I.rawId,response:I.response,type:I.type}});return T.ok?d(ht(T.value)):a(T.error)}};var de=class{handlers;constructor(){this.handlers=new Map}on(r,t){let n=this.handlers.get(r);return n||(n=new Set,this.handlers.set(r,n)),n.add(t),()=>{this.off(r,t)}}off(r,t){let n=this.handlers.get(r);n&&(n.delete(t),n.size===0&&this.handlers.delete(r))}emit(r,t){let n=this.handlers.get(r);if(n)for(let s of n)try{s(t)}catch{}}removeAllListeners(){this.handlers.clear()}};function _r(e){return{async send(r){let t=JSON.stringify(r);if(typeof navigator<"u"&&typeof navigator.sendBeacon=="function"){navigator.sendBeacon(e,t);return}typeof fetch<"u"&&await fetch(e,{method:"POST",body:t,headers:{"Content-Type":"application/json"},keepalive:!0})}}}function Ge(e,r){return{event:e,latencyMs:r,ok:!0}}var pe=class{constructor(r,t,n,s,i){this.apiClient=r;this.eventEmitter=t;this.sandbox=n;this.sandboxToken=s;this.telemetrySender=i}async sandboxAuthResult(r,t){let n="externalUserId"in t?t.externalUserId??t.external_user_id??"sandbox":t.external_user_id??t.externalUserId??"sandbox",s=typeof n=="string"?n:"sandbox";return r==="register"?Promise.resolve(d({success:!0,credentialId:"",status:"sandbox",sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}})):Promise.resolve(d({authenticated:!0,sessionToken:this.sandboxToken,user:{userId:"sandbox-user",externalUserId:s}}))}async register(r){if(this.sandbox){let s=await this.sandboxAuthResult("register",r);return s.ok&&this.eventEmitter.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}let t=Date.now(),n=await fr(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ge("register",Date.now()-t)).catch(()=>{}),n}async authenticate(r){if(this.sandbox){let s=await this.sandboxAuthResult("authenticate",r);return s.ok&&this.eventEmitter.emit("success",{type:"success",operation:"authenticate",token:s.value.sessionToken,user:s.value.user}),s}let t=Date.now(),n=await Rr(r,this.apiClient,this.eventEmitter);return n.ok&&this.telemetrySender&&this.telemetrySender.send(Ge("authenticate",Date.now()-t)).catch(()=>{}),n}};async function br(e,r,t){let n=e.externalUserId??e.external_user_id;if(!n||typeof n!="string"||n.trim()===""){let i=b("externalUserId","must be a non-empty string");return t.emit("error",{type:"error",error:i}),a(i)}if(!e.otp||typeof e.otp!="string"||e.otp.trim().length!==6){let i=b("otp","must be a 6-digit string");return t.emit("error",{type:"error",error:i}),a(i)}let s=await Y({operation:"register",eventEmitter:t,start:()=>r.verifyAccountRecoveryOtp(n,e.otp),createOptions:i=>P(i.challenge),invoke:async i=>navigator.credentials.create(i),finish:async(i,l)=>{let c=await r.completeAccountRecovery(i.recovery_session_id,O(l));if(!c.ok)return a(c.error);let{credential_id:g,status:h,session_token:R,user:f,redirect_url:v}=c.value;return d({success:!0,credentialId:g,status:h,sessionToken:R,user:{userId:f.user_id,externalUserId:f.external_user_id,email:f.email,metadata:f.metadata},...v!==void 0&&{redirectUrl:v}})}});return s.ok&&t.emit("success",{type:"success",operation:"register",token:s.value.sessionToken,user:s.value.user}),s}var ge=class{constructor(r,t){this.apiClient=r;this.eventEmitter=t}recover(r){return br(r,this.apiClient,this.eventEmitter)}};var me=class e{sandbox;sandboxToken;apiClient;eventEmitter;telemetrySender;crossDeviceManager;authService;recoveryService;onboarding;enrollmentManager;bridgeManager;contextHashStorage;static create(r){try{let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")return a(b("appId","must be a non-empty string"));if(!n||typeof n!="string"||n.trim()==="")return a(b("publishableKey","must be a non-empty string"));let s=r.apiBaseUrl??he;_e(s,"apiBaseUrl");let i=r.timeoutMs??3e4;return N(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&N(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&N(r.retryDelayMs,"retryDelayMs",100,1e4),d(new e(r))}catch(t){return ve(t)?a(t):a(b("config",t.message))}}constructor(r){this.sandbox=r.sandbox===!0,this.sandboxToken=this.sandbox&&r.sandboxToken!=null&&r.sandboxToken!==""?r.sandboxToken:nr;let t=r.appId,n=r.publishableKey;if(!t||typeof t!="string"||t.trim()==="")throw b("appId","must be a non-empty string");if(!n||typeof n!="string"||n.trim()==="")throw b("publishableKey","must be a non-empty string");let s=r.apiBaseUrl??he;_e(s,"apiBaseUrl");let i=r.timeoutMs??3e4;N(i,"timeoutMs",1e3,3e5),r.maxRetries!==void 0&&N(r.maxRetries,"maxRetries",0,10),r.retryDelayMs!==void 0&&N(r.retryDelayMs,"retryDelayMs",100,1e4);let l=r.maxRetries??3,c=r.retryDelayMs??1e3,g=new se(i,l,c,r.logger),h=r.origin??(typeof window<"u"&&window?.location?.origin?window.location.origin:void 0),R={"X-App-Id":t.trim(),Authorization:`Bearer ${n.trim()}`,...h&&{Origin:h}};this.apiClient=new ne(g,s,R),this.eventEmitter=new de,r.enableTelemetry&&(this.telemetrySender=r.telemetrySender??_r(r.telemetryEndpoint??tr)),this.authService=new pe(this.apiClient,this.eventEmitter,this.sandbox,this.sandboxToken,this.telemetrySender),this.recoveryService=new ge(this.apiClient,this.eventEmitter),this.contextHashStorage=r.contextHashStorage,this.onboarding=new oe(this.apiClient),this.enrollmentManager=new ae(this.apiClient,this.contextHashStorage),this.crossDeviceManager=new le(this.apiClient),this.bridgeManager=new ce(this.apiClient,this.contextHashStorage)}get bridge(){return{getContext:(r,t)=>this.bridgeManager.getContext(r,t),verifyPin:(r,t,n)=>this.bridgeManager.verifyPin(r,t,n),complete:(r,t)=>this.bridgeManager.complete(r,t),waitForResult:(r,t)=>this.bridgeManager.waitForResult(r,t)}}static isSupported(){return j()}async register(r){return this.authService.register(r)}async authenticate(r){return this.authService.authenticate(r)}async enroll(r){this.eventEmitter.emit("start",{type:"start",operation:"enroll"});let t=await this.enrollmentManager.enroll(r);return t.ok?this.eventEmitter.emit("success",{type:"success",operation:"enroll",token:t.value.sessionToken}):this.eventEmitter.emit("error",{type:"error",operation:"enroll",error:t.error}),t}getContextHash(){let r=this.contextHashStorage??(typeof sessionStorage<"u"?sessionStorage:void 0);return H(r)}async validateSession(r){return this.sandbox&&r===this.sandboxToken?Promise.resolve(d({valid:!0,user_id:"sandbox-user",external_user_id:"sandbox",tenant_id:"sandbox-tenant",app_id:"sandbox-app"})):this.apiClient.validateSession(r)}async getStatus(){return gr()}on(r,t){return this.eventEmitter.on(r,t)}version(){return"2.3.0"}fallback={email:{start:async r=>this.apiClient.startEmailFallback(r),verify:async r=>{let t=await this.apiClient.verifyEmailCode({userId:r.userId,code:r.code,...r.successUrl&&{successUrl:r.successUrl}});return t.ok?d({sessionToken:t.value.sessionToken,...t.value.redirectUrl&&{redirectUrl:t.value.redirectUrl}}):t}}};auth={crossDevice:{init:()=>this.crossDeviceManager.init(),initRegistration:r=>this.crossDeviceManager.initRegistration(r??{}),waitForSession:(r,t,n)=>this.crossDeviceManager.waitForSession(r,t,n),getContext:r=>this.apiClient.getCrossDeviceContext(r),approve:r=>this.crossDeviceManager.approve(r)},recoverAccount:r=>this.recoveryService.recover(r)}};var z=new V.InjectionToken("TRYMELLON_CONFIG"),Or,We;Or=[(0,V.Injectable)({providedIn:"root"})];var U=class{config=(0,V.inject)(z,{optional:!0});_client=null;get client(){if(this._client==null){if(this.config==null)throw new Error("TryMellonService: provide TRYMELLON_CONFIG (e.g. via provideTryMellonConfig(config))");this._client=new me(this.config)}return this._client}enroll(r){return this.client.enroll(r)}getContextHash(){return this.client.getContextHash()}};We=Ze(null),U=rr(We,0,"TryMellonService",Or,U),er(We,1,U);function bt(e){return{provide:z,useValue:e}}
|
|
3
3
|
//# sourceMappingURL=angular.cjs.map
|