npm - @unidy.io/sdk - Versions diffs - 1.1.2 → 1.1.4 - Mend

@unidy.io/sdk 1.1.2 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (653) hide show

package/dist/components/auth.js ADDED Viewed

@@ -0,0 +1,580 @@
+import { a as authStore, s as state } from './auth-store.js';
+import { t } from './i18n.js';
+import { c as createLogger } from './logger.js';
+import { s as state$1 } from './profile-store.js';
+import { c as clearUrlParam } from './component-utils.js';
+import { F as Flash } from './flash-store.js';
+import { w as waitForConfig } from './unidy-store.js';
+import { g as getUnidyClient } from './index2.js';
+import { Y as captureException } from './exports.js';
+class InvalidTokenError extends Error {
+}
+InvalidTokenError.prototype.name = "InvalidTokenError";
+function b64DecodeUnicode(str) {
+    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
+        let code = p.charCodeAt(0).toString(16).toUpperCase();
+        if (code.length < 2) {
+            code = "0" + code;
+        }
+        return "%" + code;
+    }));
+}
+function base64UrlDecode(str) {
+    let output = str.replace(/-/g, "+").replace(/_/g, "/");
+    switch (output.length % 4) {
+        case 0:
+            break;
+        case 2:
+            output += "==";
+            break;
+        case 3:
+            output += "=";
+            break;
+        default:
+            throw new Error("base64 string is not of the correct length");
+    }
+    try {
+        return b64DecodeUnicode(output);
+    }
+    catch (err) {
+        return atob(output);
+    }
+}
+function jwtDecode(token, options) {
+    if (typeof token !== "string") {
+        throw new InvalidTokenError("Invalid token specified: must be a string");
+    }
+    options || (options = {});
+    const pos = options.header === true ? 0 : 1;
+    const part = token.split(".")[pos];
+    if (typeof part !== "string") {
+        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
+    }
+    let decoded;
+    try {
+        decoded = base64UrlDecode(part);
+    }
+    catch (e) {
+        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
+    }
+    try {
+        return JSON.parse(decoded);
+    }
+    catch (e) {
+        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
+    }
+}
+const logger = createLogger("PasskeyAuth");
+const PASSKEY_ERRORS = {
+    NotSupportedError: "passkey_not_supported",
+    NotAllowedError: "passkey_cancelled",
+    SecurityError: "passkey_security_error",
+    InvalidStateError: "passkey_invalid_state",
+};
+function decodeBase64Url(base64url) {
+    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64 + "=".repeat((4 - (base64.length % 4)) % 4);
+    return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));
+}
+function buildPublicKeyOptions(options) {
+    return {
+        challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),
+        timeout: options.timeout || 60000,
+        rpId: options.rpId,
+        userVerification: options.userVerification || "required",
+        allowCredentials: options.allowCredentials?.map((cred) => ({
+            ...cred,
+            id: decodeBase64Url(cred.id),
+        })),
+    };
+}
+function formatCredentialForServer(credential) {
+    const response = credential.response;
+    return {
+        id: credential.id,
+        rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+        response: {
+            authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),
+            clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),
+            signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),
+        },
+        type: credential.type,
+    };
+}
+function extractAndSetSignInId(tokenResponse) {
+    if (tokenResponse.sid) {
+        authStore.setSignInId(tokenResponse.sid);
+        return;
+    }
+    // Fallback: extract sid from JWT token payload
+    try {
+        const decoded = jwtDecode(tokenResponse.jwt);
+        if (decoded.sid) {
+            authStore.setSignInId(decoded.sid);
+        }
+    }
+    catch {
+        // Failed to decode JWT token to extract sid, continue without it
+    }
+}
+function handlePasskeyError(error) {
+    logger.error("Passkey error:", error);
+    let errorMessage = "passkey_error";
+    if (error instanceof DOMException) {
+        errorMessage = PASSKEY_ERRORS[error.name] || "passkey_error";
+    }
+    authStore.setFieldError("passkey", errorMessage);
+    authStore.setLoading(false);
+}
+async function authenticateWithPasskey(client, onSuccess) {
+    authStore.setLoading(true);
+    authStore.clearErrors();
+    if (!window.PublicKeyCredential) {
+        authStore.setFieldError("passkey", "passkey_not_supported");
+        authStore.setLoading(false);
+        return;
+    }
+    try {
+        const [optionsError, options] = await client.auth.getPasskeyOptions(state.sid || undefined);
+        if (optionsError || !options) {
+            authStore.setFieldError("passkey", optionsError || "bad_request");
+            authStore.setLoading(false);
+            return;
+        }
+        const publicKeyOptions = buildPublicKeyOptions(options);
+        const credential = (await navigator.credentials.get({
+            publicKey: publicKeyOptions,
+        }));
+        if (!credential) {
+            authStore.setFieldError("passkey", "passkey_cancelled");
+            authStore.setLoading(false);
+            return;
+        }
+        const formattedCredential = formatCredentialForServer(credential);
+        const [verifyError, tkResponse] = await client.auth.authenticateWithPasskey(formattedCredential);
+        const tokenResponse = tkResponse;
+        if (verifyError || !tokenResponse) {
+            authStore.setGlobalError("auth", verifyError || "authentication_failed");
+            authStore.setLoading(false);
+            return;
+        }
+        authStore.setToken(tokenResponse.jwt);
+        extractAndSetSignInId(tokenResponse);
+        onSuccess(tokenResponse);
+    }
+    catch (error) {
+        handlePasskeyError(error);
+    }
+}
+class AuthHelpers {
+    client;
+    logger = createLogger("AuthHelpers");
+    static PASSWORD_ERROR_IDENTIFIERS = [
+        "invalid_password",
+        "password_required",
+        "password_not_set",
+        "passwords_do_not_match",
+    ];
+    constructor(client) {
+        this.client = client;
+    }
+    async createSignIn(email, password, sendMagicCode) {
+        if (!email) {
+            throw new Error(t("errors.required_field", { field: "Email" }));
+        }
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        const [error, response] = await this.client.auth.createSignIn(email, password, sendMagicCode);
+        if (error) {
+            this.handleAuthError(error, response);
+            return;
+        }
+        if (password) {
+            const token = jwtDecode(response.jwt);
+            authStore.setSignInId(token.sid);
+            authStore.setToken(response.jwt);
+            authStore.setLoading(false);
+            authStore.getRootComponentRef()?.onAuth(response);
+            return;
+        }
+        if (sendMagicCode) {
+            authStore.setSignInId(response.sid);
+            authStore.setMagicCodeStep("sent");
+            authStore.setStep("magic-code");
+            authStore.setLoading(false);
+            return [error, response];
+        }
+        const signInResponse = response;
+        authStore.setStep("verification");
+        authStore.setEmail(email);
+        authStore.setSignInId(signInResponse.sid);
+        authStore.setLoginOptions(signInResponse.login_options);
+        authStore.setLoading(false);
+    }
+    async authenticateWithPassword(password) {
+        if (!state.sid) {
+            throw new Error(t("errors.no_sign_in_id"));
+        }
+        if (!password) {
+            throw new Error(t("errors.required_field", { field: "Password" }));
+        }
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        const [error, response] = await this.client.auth.authenticateWithPassword(state.sid, password);
+        if (error) {
+            this.handleAuthError(error, response);
+        }
+        else {
+            authStore.setLoading(false);
+            this.handleAuthSuccess(response);
+            return;
+        }
+    }
+    handleAuthError(error, response) {
+        switch (error) {
+            case "account_not_found":
+                authStore.setFieldError("email", error);
+                break;
+            case "missing_required_fields": {
+                authStore.setMissingFields(response.fields);
+                state$1.data = response.fields;
+                if (response.sid) {
+                    authStore.setSignInId(response.sid);
+                }
+                authStore.setStep("missing-fields");
+                break;
+            }
+            default:
+                if (AuthHelpers.PASSWORD_ERROR_IDENTIFIERS.includes(error)) {
+                    authStore.setFieldError("password", error);
+                }
+                else {
+                    // e.g. "account_locked", "internal_server_error"
+                    authStore.setGlobalError("auth", error);
+                }
+                break;
+        }
+        authStore.setLoading(false);
+    }
+    async logout() {
+        const [error, _] = await this.client.auth.signOut(state.sid);
+        if (error) {
+            authStore.setGlobalError("auth", error);
+        }
+        return [error, _];
+    }
+    async refreshToken() {
+        if (state.step === "missing-fields") {
+            return;
+        }
+        this.extractSignInIdFromQuery();
+        if (!state.sid) {
+            this.logger.warn("No sign-in ID in the session");
+            return;
+        }
+        const [error, response] = await this.client.auth.refreshToken(state.sid);
+        if (error) {
+            authStore.reset();
+            authStore.setGlobalError("auth", error);
+        }
+        else {
+            authStore.setToken(response.jwt);
+        }
+    }
+    handleSocialAuthRedirect() {
+        // missing required fields flow
+        const url = new URL(window.location.href);
+        const params = url.searchParams;
+        const error = params.get("error");
+        if (error !== "missing_required_fields") {
+            return;
+        }
+        const fieldsFromUrl = params.get("fields");
+        if (!fieldsFromUrl) {
+            return;
+        }
+        const signInId = params.get("sid");
+        if (signInId) {
+            authStore.setSignInId(signInId);
+        }
+        else {
+            return;
+        }
+        try {
+            const fields = JSON.parse(fieldsFromUrl);
+            authStore.setMissingFields(fields);
+            state$1.data = fields;
+            authStore.setStep("missing-fields");
+            params.delete("error");
+            params.delete("fields");
+            const cleanUrl = `${url.origin}${url.pathname}${url.hash}`;
+            window.history.replaceState(null, "", cleanUrl);
+        }
+        catch (e) {
+            this.logger.error("Failed to parse missing fields payload:", e);
+            authStore.setGlobalError("auth", "invalid_required_fields_payload");
+        }
+    }
+    async sendMagicCode() {
+        if (!state.sid && state.step !== "single-login") {
+            throw new Error(t("errors.no_sign_in_id"));
+        }
+        authStore.setMagicCodeStep("requested");
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        if (state.step === "single-login") {
+            const [error, response] = await this.createSignIn(state.email, undefined, true);
+            authStore.setLoading(false);
+            return [error, response];
+        }
+        const [error, response] = await this.client.auth.sendMagicCode(state.sid);
+        authStore.setLoading(false);
+        authStore.setStep("magic-code");
+        if (!error) {
+            authStore.setMagicCodeStep("sent");
+            return [null, response];
+        }
+        authStore.setFieldError("magicCode", error);
+        if (error === "magic_code_recently_created") {
+            authStore.setMagicCodeStep("sent");
+        }
+        return [error, response];
+    }
+    async authenticateWithMagicCode(code) {
+        if (!state.sid) {
+            throw new Error(t("errors.no_sign_in_id"));
+        }
+        if (!code) {
+            throw new Error(t("errors.magic_code_is_missing"));
+        }
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        const [error, response] = await this.client.auth.authenticateWithMagicCode(state.sid, code);
+        if (!error) {
+            this.handleAuthSuccess(response);
+            return;
+        }
+        if (error === "missing_required_fields") {
+            this.handleMissingFields(response);
+            return;
+        }
+        authStore.setLoading(false);
+        authStore.setFieldError("magicCode", error);
+    }
+    async sendResetPasswordEmail() {
+        if (!state.sid) {
+            throw new Error(t("errors.no_sign_in_id"));
+        }
+        authStore.setLoading(true);
+        authStore.setResetPasswordStep("requested");
+        const [error, _] = await this.client.auth.sendResetPasswordEmail(state.sid, window.location.href);
+        if (error) {
+            authStore.setFieldError("resetPassword", error);
+        }
+        else {
+            authStore.setResetPasswordStep("sent");
+            authStore.clearErrors();
+        }
+        authStore.setLoading(false);
+    }
+    async handleResetPasswordRedirect() {
+        const url = new URL(window.location.href);
+        const params = url.searchParams;
+        const resetToken = params.get("reset_password_token");
+        if (!resetToken) {
+            return false;
+        }
+        if (state.sid) {
+            authStore.setLoading(true);
+            const [error] = await this.client.auth.validateResetPasswordToken(state.sid, resetToken);
+            if (error) {
+                authStore.setFieldError("resetPassword", error);
+                authStore.setStep("reset-password");
+                authStore.setLoading(false);
+                return false;
+            }
+        }
+        authStore.setResetToken(resetToken);
+        authStore.setStep("reset-password");
+        authStore.setLoading(false);
+        return true;
+    }
+    async resetPassword() {
+        if (!state.resetPassword.token) {
+            throw new Error("No reset token available");
+        }
+        if (!state.resetPassword.newPassword) {
+            authStore.setFieldError("resetPassword", "password_required");
+            return;
+        }
+        if (state.resetPassword.passwordConfirmation &&
+            state.resetPassword.newPassword !== state.resetPassword.passwordConfirmation) {
+            authStore.setFieldError("resetPassword", "passwords_do_not_match");
+            return;
+        }
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        const [error, response] = await this.client.auth.resetPassword(state.sid, state.resetPassword.token, state.resetPassword.newPassword, state.resetPassword.passwordConfirmation);
+        if (error) {
+            authStore.setFieldError("resetPassword", error);
+            // TODO: add proper password requirements handling --> for now this is fine
+            if (error === "invalid_password") {
+                authStore.setFieldError("password", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join("\n"));
+            }
+        }
+        else {
+            authStore.setStep("email");
+            authStore.updateResetPassword({
+                step: "completed",
+                token: null,
+                newPassword: "",
+                passwordConfirmation: "",
+            });
+            clearUrlParam("reset_password_token");
+            Flash.success.addMessage("Password reset successfully");
+        }
+        authStore.setLoading(false);
+    }
+    authenticateWithPasskey() {
+        return authenticateWithPasskey(this.client, (response) => this.handleAuthSuccess(response));
+    }
+    extractSignInIdFromQuery() {
+        const sid = clearUrlParam("sid");
+        if (sid) {
+            authStore.setSignInId(sid);
+        }
+    }
+    handleMissingFields(response) {
+        authStore.setMissingFields(response.fields);
+        state$1.data = response.fields;
+        authStore.setStep("missing-fields");
+        authStore.setLoading(false);
+    }
+    handleAuthSuccess(response) {
+        authStore.setToken(response.jwt);
+        authStore.setLoading(false);
+        authStore.getRootComponentRef()?.onAuth(response);
+    }
+}
+class Auth {
+    static instance;
+    helpers;
+    constructor(client) {
+        this.helpers = new AuthHelpers(client);
+        this.helpers.handleSocialAuthRedirect();
+        this.helpers.handleResetPasswordRedirect();
+    }
+    static Errors = {
+        email: {
+            NOT_FOUND: "account_not_found",
+        },
+        magicCode: {
+            RECENTLY_CREATED: "magic_code_recently_created",
+            NOT_VALID: "magic_code_not_valid",
+            EXPIRED: "magic_code_expired",
+            USED: "magic_code_used",
+        },
+        password: {
+            INVALID: "invalid_password",
+            NOT_SET: "password_not_set",
+            RESET_PASSWORD_ALREADY_SENT: "reset_password_already_sent",
+        },
+        general: {
+            ACCOUNT_LOCKED: "account_locked",
+            SIGN_IN_EXPIRED: "sign_in_expired",
+        },
+    };
+    static async getInstance() {
+        if (!Auth.isInitialized()) {
+            await waitForConfig();
+            return Auth.initialize(getUnidyClient());
+        }
+        return Auth.instance;
+    }
+    static initialize(client) {
+        Auth.instance = new Auth(client);
+        if (Auth.instance.isTokenValid(state.token)) {
+            authStore.setAuthenticated(true);
+        }
+        return Auth.instance;
+    }
+    static isInitialized() {
+        return !!Auth.instance;
+    }
+    isTokenValid(token) {
+        try {
+            let decoded;
+            if (typeof token === "string") {
+                decoded = jwtDecode(token);
+            }
+            else {
+                decoded = token;
+            }
+            if (!decoded)
+                return false;
+            const currentTime = Date.now() / 1000;
+            return decoded.exp > currentTime;
+        }
+        catch (error) {
+            captureException(error);
+            return false;
+        }
+    }
+    async isAuthenticated() {
+        const token = await this.getToken();
+        return typeof token === "string";
+    }
+    async getToken() {
+        const currentToken = state.token;
+        if (currentToken && this.isTokenValid(currentToken)) {
+            return currentToken;
+        }
+        await this.helpers.refreshToken();
+        if (state.globalErrors.auth || !state.token) {
+            return this.createAuthError(t("errors.refresh_failed"), "REFRESH_FAILED", true);
+        }
+        return state.token;
+    }
+    async userData() {
+        const token = await this.getToken();
+        if (typeof token !== "string") {
+            return null;
+        }
+        if (!token) {
+            return null;
+        }
+        try {
+            return jwtDecode(token);
+        }
+        catch (error) {
+            captureException(error);
+            return null;
+        }
+    }
+    async logout() {
+        const [error, _] = await this.helpers.logout();
+        if (error) {
+            return this.createAuthError(t("errors.sign_out_failed", { reason: error }), "SIGN_OUT_FAILED", false);
+        }
+        authStore.reset();
+        return true;
+    }
+    getEmail() {
+        return state.email;
+    }
+    createAuthError(message, code, requiresReauth = false) {
+        const error = new Error(message);
+        error.code = code;
+        error.requiresReauth = requiresReauth;
+        return error;
+    }
+}
+export { Auth as A };
+//# sourceMappingURL=auth.js.map
+//# sourceMappingURL=auth.js.map

package/dist/components/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"file":"auth.js","mappings":";;;;;;;;;;AAAO,MAAM,iBAAiB,SAAS,KAAK,CAAC;AAC7C;AACA,iBAAiB,CAAC,SAAS,CAAC,IAAI,GAAG,mBAAmB;AACtD,SAAS,gBAAgB,CAAC,GAAG,EAAE;AAC/B,IAAI,OAAO,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK;AAClE,QAAQ,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;AAC7D,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7B,YAAY,IAAI,GAAG,GAAG,GAAG,IAAI;AAC7B;AACA,QAAQ,OAAO,GAAG,GAAG,IAAI;AACzB,KAAK,CAAC,CAAC;AACP;AACA,SAAS,eAAe,CAAC,GAAG,EAAE;AAC9B,IAAI,IAAI,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;AAC1D,IAAI,QAAQ,MAAM,CAAC,MAAM,GAAG,CAAC;AAC7B,QAAQ,KAAK,CAAC;AACd,YAAY;AACZ,QAAQ,KAAK,CAAC;AACd,YAAY,MAAM,IAAI,IAAI;AAC1B,YAAY;AACZ,QAAQ,KAAK,CAAC;AACd,YAAY,MAAM,IAAI,GAAG;AACzB,YAAY;AACZ,QAAQ;AACR,YAAY,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC;AACzE;AACA,IAAI,IAAI;AACR,QAAQ,OAAO,gBAAgB,CAAC,MAAM,CAAC;AACvC;AACA,IAAI,OAAO,GAAG,EAAE;AAChB,QAAQ,OAAO,IAAI,CAAC,MAAM,CAAC;AAC3B;AACA;AACO,SAAS,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE;AAC1C,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AACnC,QAAQ,MAAM,IAAI,iBAAiB,CAAC,2CAA2C,CAAC;AAChF;AACA,IAAI,OAAO,KAAK,OAAO,GAAG,EAAE,CAAC;AAC7B,IAAI,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC;AAC/C,IAAI,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;AACtC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;AAClC,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,uCAAuC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACxF;AACA,IAAI,IAAI,OAAO;AACf,IAAI,IAAI;AACR,QAAQ,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC;AACvC;AACA,IAAI,OAAO,CAAC,EAAE;AACd,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,kDAAkD,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClH;AACA,IAAI,IAAI;AACR,QAAQ,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;AAClC;AACA,IAAI,OAAO,CAAC,EAAE;AACd,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,gDAAgD,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAChH;AACA;;AClDA,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC;AAE1C,MAAM,cAAc,GAA2B;AAC7C,IAAA,iBAAiB,EAAE,uBAAuB;AAC1C,IAAA,eAAe,EAAE,mBAAmB;AACpC,IAAA,aAAa,EAAE,wBAAwB;AACvC,IAAA,iBAAiB,EAAE,uBAAuB;CAC3C;AAED,SAAS,eAAe,CAAC,SAAiB,EAAA;AACxC,IAAA,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;IAC9D,MAAM,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC9D;AAEA,SAAS,qBAAqB,CAAC,OAA+B,EAAA;IAC5D,OAAO;QACL,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC3E,QAAA,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK;QACjC,IAAI,EAAE,OAAO,CAAC,IAAI;AAClB,QAAA,gBAAgB,EAAG,OAAO,CAAC,gBAAgD,IAAI,UAAU;AACzF,QAAA,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC,IAAI,MAAM;AACzD,YAAA,GAAG,IAAI;AACP,YAAA,EAAE,EAAE,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;AAC7B,SAAA,CAAC,CAAC;KACJ;AACH;AAEA,SAAS,yBAAyB,CAAC,UAA+B,EAAA;AAChE,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA0C;IACtE,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,EAAE;AACjB,QAAA,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AACrE,QAAA,QAAQ,EAAE;AACR,YAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;AAC3F,YAAA,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;AACrF,YAAA,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AAC5E,SAAA;QACD,IAAI,EAAE,UAAU,CAAC,IAAI;KACtB;AACH;AAEA,SAAS,qBAAqB,CAAC,aAA4B,EAAA;AACzD,IAAA,IAAI,aAAa,CAAC,GAAG,EAAE;AACrB,QAAA,SAAS,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,CAAC;QACxC;;;AAIF,IAAA,IAAI;QACF,MAAM,OAAO,GAAG,SAAS,CAAe,aAAa,CAAC,GAAG,CAAC;AAC1D,QAAA,IAAI,OAAO,CAAC,GAAG,EAAE;AACf,YAAA,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;;;AAEpC,IAAA,MAAM;;;AAGV;AAEA,SAAS,kBAAkB,CAAC,KAAc,EAAA;AACxC,IAAA,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC;IAErC,IAAI,YAAY,GAAG,eAAe;AAClC,IAAA,IAAI,KAAK,YAAY,YAAY,EAAE;QACjC,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,eAAe;;AAG9D,IAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,YAAY,CAAC;AAChD,IAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC7B;AAEO,eAAe,uBAAuB,CAAC,MAAmB,EAAE,SAA4C,EAAA;AAC7G,IAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;IAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,IAAA,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE;AAC/B,QAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,uBAAuB,CAAC;AAC3D,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;QAC3B;;AAGF,IAAA,IAAI;AACF,QAAA,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAACA,KAAS,CAAC,GAAG,IAAI,SAAS,CAAC;AAE/F,QAAA,IAAI,YAAY,IAAI,CAAC,OAAO,EAAE;YAC5B,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,YAAY,IAAI,aAAa,CAAC;AACjE,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,OAAiC,CAAC;QAEjF,MAAM,UAAU,IAAI,MAAM,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;AAClD,YAAA,SAAS,EAAE,gBAAgB;AAC5B,SAAA,CAAC,CAA+B;QAEjC,IAAI,CAAC,UAAU,EAAE;AACf,YAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,mBAAmB,CAAC;AACvD,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,UAAU,CAAC;AAEjE,QAAA,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,mBAAmB,CAAC;QAEhG,MAAM,aAAa,GAAG,UAA2B;AACjD,QAAA,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE;YACjC,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,IAAI,uBAAuB,CAAC;AACxE,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC;QACrC,qBAAqB,CAAC,aAAa,CAAC;QACpC,SAAS,CAAC,aAAa,CAAC;;IACxB,OAAO,KAAK,EAAE;QACd,kBAAkB,CAAC,KAAK,CAAC;;AAE7B;;MCjHa,WAAW,CAAA;AACd,IAAA,MAAM;AACN,IAAA,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC;IAEpC,OAAgB,0BAA0B,GAAG;QACnD,kBAAkB;QAClB,mBAAmB;QACnB,kBAAkB;QAClB,wBAAwB;KACzB;AAED,IAAA,WAAA,CAAY,MAAmB,EAAA;AAC7B,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;;AAGtB,IAAA,MAAM,YAAY,CAAC,KAAa,EAAE,QAAiB,EAAE,aAAuB,EAAA;QAC1E,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;;AAGjE,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,aAAa,CAAC;QAE7F,IAAI,KAAK,EAAE;AACT,YAAA,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,CAAC;YACrC;;QAGF,IAAI,QAAQ,EAAE;YACZ,MAAM,KAAK,GAAG,SAAS,CAAgB,QAA0B,CAAC,GAAG,CAAC;AACtE,YAAA,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC;AAChC,YAAA,SAAS,CAAC,QAAQ,CAAE,QAA0B,CAAC,GAAG,CAAC;AACnD,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,CAAC,QAAyB,CAAC;YAClE;;QAGF,IAAI,aAAa,EAAE;AACjB,YAAA,SAAS,CAAC,WAAW,CAAE,QAAiC,CAAC,GAAG,CAAC;AAC7D,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAClC,YAAA,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC;AAC/B,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;QAEnC,MAAM,cAAc,GAAG,QAAgC;AACvD,QAAA,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC;AACjC,QAAA,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AACzB,QAAA,SAAS,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC;AACzC,QAAA,SAAS,CAAC,eAAe,CAAC,cAAc,CAAC,aAAa,CAAC;AACvD,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;IAG7B,MAAM,wBAAwB,CAAC,QAAgB,EAAA;AAC7C,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;QAG5C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;;AAGpE,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAACA,KAAS,CAAC,GAAG,EAAE,QAAQ,CAAC;QAElG,IAAI,KAAK,EAAE;AACT,YAAA,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,CAAC;;aAChC;AACL,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,IAAI,CAAC,iBAAiB,CAAC,QAAyB,CAAC;YACjD;;;IAII,eAAe,CAAC,KAAa,EAAE,QAAiB,EAAA;QACtD,QAAQ,KAAK;AACX,YAAA,KAAK,mBAAmB;AACtB,gBAAA,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC;gBACvC;YAEF,KAAK,yBAAyB,EAAE;AAC9B,gBAAA,SAAS,CAAC,gBAAgB,CAAE,QAAmC,CAAC,MAAM,CAAC;AACvE,gBAAAC,OAAY,CAAC,IAAI,GAAI,QAAmC,CAAC,MAAoB;AAE7E,gBAAA,IAAK,QAAmC,CAAC,GAAG,EAAE;AAC5C,oBAAA,SAAS,CAAC,WAAW,CAAE,QAAmC,CAAC,GAAa,CAAC;;AAG3E,gBAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBACnC;;AAGF,YAAA;gBACE,IAAI,WAAW,CAAC,0BAA0B,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;AAC1D,oBAAA,SAAS,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC;;qBACrC;;AAEL,oBAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;gBAEzC;;AAGJ,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAG7B,IAAA,MAAM,MAAM,GAAA;AACV,QAAA,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAACD,KAAS,CAAC,GAAa,CAAC;QAE1E,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;AAGzC,QAAA,OAAO,CAAC,KAAK,EAAE,CAAC,CAAU;;AAG5B,IAAA,MAAM,YAAY,GAAA;AAChB,QAAA,IAAIA,KAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE;YACvC;;QAEF,IAAI,CAAC,wBAAwB,EAAE;AAE/B,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;AAClB,YAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC;YAChD;;AAGF,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAACA,KAAS,CAAC,GAAG,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,SAAS,CAAC,KAAK,EAAE;AACjB,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;aAClC;AACL,YAAA,SAAS,CAAC,QAAQ,CAAE,QAA0B,CAAC,GAAG,CAAC;;;IAIvD,wBAAwB,GAAA;;QAEtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AACzC,QAAA,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;AAEjC,QAAA,IAAI,KAAK,KAAK,yBAAyB,EAAE;YACvC;;QAGF,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC1C,IAAI,CAAC,aAAa,EAAE;YAClB;;QAGF,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QAClC,IAAI,QAAQ,EAAE;AACZ,YAAA,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC;;aAC1B;YACL;;AAGF,QAAA,IAAI;YACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC;AAExC,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAClC,YAAAC,OAAY,CAAC,IAAI,GAAG,MAAoB;AACxC,YAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAEnC,YAAA,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;AACtB,YAAA,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;AACvB,YAAA,MAAM,QAAQ,GAAG,CAAG,EAAA,GAAG,CAAC,MAAM,CAAA,EAAG,GAAG,CAAC,QAAQ,CAAG,EAAA,GAAG,CAAC,IAAI,EAAE;YAC1D,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,CAAC;;QAC/C,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,CAAC,CAAC;AAC/D,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,iCAAiC,CAAC;;;AAIvE,IAAA,MAAM,aAAa,GAAA;QACjB,IAAI,CAACD,KAAS,CAAC,GAAG,IAAIA,KAAS,CAAC,IAAI,KAAK,cAAc,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;AAG5C,QAAA,SAAS,CAAC,gBAAgB,CAAC,WAAW,CAAC;AACvC,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,QAAA,IAAIA,KAAS,CAAC,IAAI,KAAK,cAAc,EAAE;AACrC,YAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,YAAY,CAACA,KAAS,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC;AACnF,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;AAGnC,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAACA,KAAS,CAAC,GAAG,CAAC;AAE7E,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAE3B,QAAA,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC;QAE/B,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAElC,YAAA,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAU;;AAGlC,QAAA,SAAS,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC;AAE3C,QAAA,IAAI,KAAK,KAAK,6BAA6B,EAAE;AAC3C,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;;AAGpC,QAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;IAGnC,MAAM,yBAAyB,CAAC,IAAY,EAAA;AAC1C,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;QAG5C,IAAI,CAAC,IAAI,EAAE;YACT,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC;;AAGpD,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAACA,KAAS,CAAC,GAAG,EAAE,IAAI,CAAC;QAE/F,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,IAAI,CAAC,iBAAiB,CAAC,QAAyB,CAAC;YACjD;;AAGF,QAAA,IAAI,KAAK,KAAK,yBAAyB,EAAE;AACvC,YAAA,IAAI,CAAC,mBAAmB,CAAC,QAAkC,CAAC;YAC5D;;AAGF,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,QAAA,SAAS,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC;;AAG7C,IAAA,MAAM,sBAAsB,GAAA;AAC1B,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;AAG5C,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;AAC1B,QAAA,SAAS,CAAC,oBAAoB,CAAC,WAAW,CAAC;QAE3C,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAACA,KAAS,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAErG,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;;aAC1C;AACL,YAAA,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC;YACtC,SAAS,CAAC,WAAW,EAAE;;AAGzB,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAG7B,IAAA,MAAM,2BAA2B,GAAA;QAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AACzC,QAAA,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAErD,IAAI,CAAC,UAAU,EAAE;AACf,YAAA,OAAO,KAAK;;AAGd,QAAA,IAAIA,KAAS,CAAC,GAAG,EAAE;AACjB,YAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;AAE1B,YAAA,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAACA,KAAS,CAAC,GAAG,EAAE,UAAU,CAAC;YAE5F,IAAI,KAAK,EAAE;AACT,gBAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;AAC/C,gBAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,gBAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,gBAAA,OAAO,KAAK;;;AAIhB,QAAA,SAAS,CAAC,aAAa,CAAC,UAAU,CAAC;AACnC,QAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAE3B,QAAA,OAAO,IAAI;;AAGb,IAAA,MAAM,aAAa,GAAA;AACjB,QAAA,IAAI,CAACA,KAAS,CAAC,aAAa,CAAC,KAAK,EAAE;AAClC,YAAA,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC;;AAG7C,QAAA,IAAI,CAACA,KAAS,CAAC,aAAa,CAAC,WAAW,EAAE;AACxC,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,mBAAmB,CAAC;YAC7D;;AAGF,QAAA,IACEA,KAAS,CAAC,aAAa,CAAC,oBAAoB;YAC5CA,KAAS,CAAC,aAAa,CAAC,WAAW,KAAKA,KAAS,CAAC,aAAa,CAAC,oBAAoB,EACpF;AACA,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,wBAAwB,CAAC;YAClE;;AAGF,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAC5DA,KAAS,CAAC,GAAa,EACvBA,KAAS,CAAC,aAAa,CAAC,KAAK,EAC7BA,KAAS,CAAC,aAAa,CAAC,WAAW,EACnCA,KAAS,CAAC,aAAa,CAAC,oBAAoB,CAC7C;QAED,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;;AAG/C,YAAA,IAAI,KAAK,KAAK,kBAAkB,EAAE;AAChC,gBAAA,SAAS,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA,6BAAA,EAAgC,CAAC,CAAE,CAAA,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;;aAEhI;AACL,YAAA,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC;YAC1B,SAAS,CAAC,mBAAmB,CAAC;AAC5B,gBAAA,IAAI,EAAE,WAAW;AACjB,gBAAA,KAAK,EAAE,IAAI;AACX,gBAAA,WAAW,EAAE,EAAE;AACf,gBAAA,oBAAoB,EAAE,EAAE;AACzB,aAAA,CAAC;YAEF,aAAa,CAAC,sBAAsB,CAAC;AACrC,YAAA,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,6BAA6B,CAAC;;AAGzD,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;IAG7B,uBAAuB,GAAA;AACrB,QAAA,OAAO,uBAAuB,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;;IAGrF,wBAAwB,GAAA;AAC9B,QAAA,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC;QAEhC,IAAI,GAAG,EAAE;AACP,YAAA,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;;;AAItB,IAAA,mBAAmB,CAAC,QAAgC,EAAA;AAC1D,QAAA,SAAS,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC;AAC3C,QAAAC,OAAY,CAAC,IAAI,GAAG,QAAQ,CAAC,MAAoB;AACjD,QAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAGrB,IAAA,iBAAiB,CAAC,QAAuB,EAAA;AAC/C,QAAA,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;AAChC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;QAC3B,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC;;;;MC5VxC,IAAI,CAAA;IACP,OAAO,QAAQ;AAEd,IAAA,OAAO;AAEhB,IAAA,WAAA,CAAoB,MAAmB,EAAA;QACrC,IAAI,CAAC,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC;AACtC,QAAA,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;AACvC,QAAA,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE;;IAG5C,OAAO,MAAM,GAAG;AACd,QAAA,KAAK,EAAE;AACL,YAAA,SAAS,EAAE,mBAAmB;AAC/B,SAAA;AACD,QAAA,SAAS,EAAE;AACT,YAAA,gBAAgB,EAAE,6BAA6B;AAC/C,YAAA,SAAS,EAAE,sBAAsB;AACjC,YAAA,OAAO,EAAE,oBAAoB;AAC7B,YAAA,IAAI,EAAE,iBAAiB;AACxB,SAAA;AACD,QAAA,QAAQ,EAAE;AACR,YAAA,OAAO,EAAE,kBAAkB;AAC3B,YAAA,OAAO,EAAE,kBAAkB;AAC3B,YAAA,2BAA2B,EAAE,6BAA6B;AAC3D,SAAA;AACD,QAAA,OAAO,EAAE;AACP,YAAA,cAAc,EAAE,gBAAgB;AAChC,YAAA,eAAe,EAAE,iBAAiB;AACnC,SAAA;KACO;IAEV,aAAa,WAAW,GAAA;AACtB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE;YACzB,MAAM,aAAa,EAAE;AAErB,YAAA,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;;QAG1C,OAAO,IAAI,CAAC,QAAQ;;IAGtB,OAAO,UAAU,CAAC,MAAmB,EAAA;QACnC,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC;QAEhC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAACD,KAAS,CAAC,KAAK,CAAC,EAAE;AAC/C,YAAA,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC;;QAGlC,OAAO,IAAI,CAAC,QAAQ;;AAGtB,IAAA,OAAO,aAAa,GAAA;AAClB,QAAA,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ;;AAGxB,IAAA,YAAY,CAAC,KAAmC,EAAA;AAC9C,QAAA,IAAI;AACF,YAAA,IAAI,OAA4B;AAEhC,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AAC7B,gBAAA,OAAO,GAAG,SAAS,CAAe,KAAK,CAAC;;iBACnC;gBACL,OAAO,GAAG,KAAK;;AAGjB,YAAA,IAAI,CAAC,OAAO;AAAE,gBAAA,OAAO,KAAK;YAE1B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACrC,YAAA,OAAO,OAAO,CAAC,GAAG,GAAG,WAAW;;QAChC,OAAO,KAAK,EAAE;AACd,YAAAE,gBAAuB,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,KAAK;;;AAIhB,IAAA,MAAM,eAAe,GAAA;AACnB,QAAA,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE;AACnC,QAAA,OAAO,OAAO,KAAK,KAAK,QAAQ;;AAGlC,IAAA,MAAM,QAAQ,GAAA;AACZ,QAAA,MAAM,YAAY,GAAGF,KAAS,CAAC,KAAK;QAEpC,IAAI,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE;AACnD,YAAA,OAAO,YAAY;;AAGrB,QAAA,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;QAEjC,IAAIA,KAAS,CAAC,YAAY,CAAC,IAAI,IAAI,CAACA,KAAS,CAAC,KAAK,EAAE;AACnD,YAAA,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,uBAAuB,CAAC,EAAE,gBAAgB,EAAE,IAAI,CAAC;;QAGjF,OAAOA,KAAS,CAAC,KAAe;;AAGlC,IAAA,MAAM,QAAQ,GAAA;AACZ,QAAA,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE;AAEnC,QAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AAC7B,YAAA,OAAO,IAAI;;QAGb,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,OAAO,IAAI;;AAGb,QAAA,IAAI;AACF,YAAA,OAAO,SAAS,CAAe,KAAK,CAAC;;QACrC,OAAO,KAAK,EAAE;AACd,YAAAE,gBAAuB,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,IAAI;;;AAIf,IAAA,MAAM,MAAM,GAAA;AACV,QAAA,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;QAE9C,IAAI,KAAK,EAAE;AACT,YAAA,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,iBAAiB,EAAE,KAAK,CAAC;;QAGvG,SAAS,CAAC,KAAK,EAAE;AAEjB,QAAA,OAAO,IAAI;;IAGb,QAAQ,GAAA;QACN,OAAOF,KAAS,CAAC,KAAK;;AAGhB,IAAA,eAAe,CAAC,OAAe,EAAE,IAAuB,EAAE,cAAc,GAAG,KAAK,EAAA;AACtF,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc;AAC7C,QAAA,KAAK,CAAC,IAAI,GAAG,IAAI;AACjB,QAAA,KAAK,CAAC,cAAc,GAAG,cAAc;AAErC,QAAA,OAAO,KAAK;;;;;;","names":["authState","profileState","Sentry.captureException"],"sources":["../../node_modules/jwt-decode/build/esm/index.js","src/auth/passkey-auth.ts","src/auth/auth-helpers.ts","src/auth/auth.ts"],"sourcesContent":["export class InvalidTokenError extends Error {\n}\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {\n let code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n }));\n}\nfunction base64UrlDecode(str) {\n let output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw new Error(\"base64 string is not of the correct length\");\n }\n try {\n return b64DecodeUnicode(output);\n }\n catch (err) {\n return atob(output);\n }\n}\nexport function jwtDecode(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified: must be a string\");\n }\n options || (options = {});\n const pos = options.header === true ? 0 : 1;\n const part = token.split(\".\")[pos];\n if (typeof part !== \"string\") {\n throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n }\n let decoded;\n try {\n decoded = base64UrlDecode(part);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);\n }\n try {\n return JSON.parse(decoded);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);\n }\n}\n","import { jwtDecode } from \"jwt-decode\";\nimport type { PasskeyOptionsResponse, TokenResponse, UnidyClient } from \"../api\";\nimport { createLogger } from \"../logger\";\nimport type { TokenPayload } from \"./auth\";\nimport { authState, authStore } from \"./store/auth-store\";\n\nconst logger = createLogger(\"PasskeyAuth\");\n\nconst PASSKEY_ERRORS: Record<string, string> = {\n NotSupportedError: \"passkey_not_supported\",\n NotAllowedError: \"passkey_cancelled\",\n SecurityError: \"passkey_security_error\",\n InvalidStateError: \"passkey_invalid_state\",\n};\n\nfunction decodeBase64Url(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padded = base64 + \"=\".repeat((4 - (base64.length % 4)) % 4);\n return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));\n}\n\nfunction buildPublicKeyOptions(options: PasskeyOptionsResponse): PublicKeyCredentialRequestOptions {\n return {\n challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),\n timeout: options.timeout || 60000,\n rpId: options.rpId,\n userVerification: (options.userVerification as UserVerificationRequirement) || \"required\",\n allowCredentials: options.allowCredentials?.map((cred) => ({\n ...cred,\n id: decodeBase64Url(cred.id),\n })),\n };\n}\n\nfunction formatCredentialForServer(credential: PublicKeyCredential) {\n const response = credential.response as AuthenticatorAssertionResponse;\n return {\n id: credential.id,\n rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),\n response: {\n authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),\n clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),\n signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),\n },\n type: credential.type,\n };\n}\n\nfunction extractAndSetSignInId(tokenResponse: TokenResponse) {\n if (tokenResponse.sid) {\n authStore.setSignInId(tokenResponse.sid);\n return;\n }\n\n // Fallback: extract sid from JWT token payload\n try {\n const decoded = jwtDecode<TokenPayload>(tokenResponse.jwt);\n if (decoded.sid) {\n authStore.setSignInId(decoded.sid);\n }\n } catch {\n // Failed to decode JWT token to extract sid, continue without it\n }\n}\n\nfunction handlePasskeyError(error: unknown) {\n logger.error(\"Passkey error:\", error);\n\n let errorMessage = \"passkey_error\";\n if (error instanceof DOMException) {\n errorMessage = PASSKEY_ERRORS[error.name] || \"passkey_error\";\n }\n\n authStore.setFieldError(\"passkey\", errorMessage);\n authStore.setLoading(false);\n}\n\nexport async function authenticateWithPasskey(client: UnidyClient, onSuccess: (response: TokenResponse) => void) {\n authStore.setLoading(true);\n authStore.clearErrors();\n\n if (!window.PublicKeyCredential) {\n authStore.setFieldError(\"passkey\", \"passkey_not_supported\");\n authStore.setLoading(false);\n return;\n }\n\n try {\n const [optionsError, options] = await client.auth.getPasskeyOptions(authState.sid || undefined);\n\n if (optionsError || !options) {\n authStore.setFieldError(\"passkey\", optionsError || \"bad_request\");\n authStore.setLoading(false);\n return;\n }\n\n const publicKeyOptions = buildPublicKeyOptions(options as PasskeyOptionsResponse);\n\n const credential = (await navigator.credentials.get({\n publicKey: publicKeyOptions,\n })) as PublicKeyCredential | null;\n\n if (!credential) {\n authStore.setFieldError(\"passkey\", \"passkey_cancelled\");\n authStore.setLoading(false);\n return;\n }\n\n const formattedCredential = formatCredentialForServer(credential);\n\n const [verifyError, tkResponse] = await client.auth.authenticateWithPasskey(formattedCredential);\n\n const tokenResponse = tkResponse as TokenResponse;\n if (verifyError || !tokenResponse) {\n authStore.setGlobalError(\"auth\", verifyError || \"authentication_failed\");\n authStore.setLoading(false);\n return;\n }\n\n authStore.setToken(tokenResponse.jwt);\n extractAndSetSignInId(tokenResponse);\n onSuccess(tokenResponse);\n } catch (error) {\n handlePasskeyError(error);\n }\n}\n","import { jwtDecode } from \"jwt-decode\";\nimport type { CreateSignInResponse, RequiredFieldsResponse, TokenResponse, UnidyClient } from \"../api\";\nimport { authState, authStore } from \"../auth/store/auth-store\";\nimport { t } from \"../i18n\";\nimport { createLogger } from \"../logger\";\nimport type { ProfileRaw } from \"../profile\";\nimport { state as profileState } from \"../profile/store/profile-store\";\nimport { clearUrlParam } from \"../shared/component-utils\";\nimport { Flash } from \"../shared/store/flash-store\";\nimport type { TokenPayload } from \"./auth\";\nimport { authenticateWithPasskey } from \"./passkey-auth\";\n\nexport class AuthHelpers {\n private client: UnidyClient;\n private logger = createLogger(\"AuthHelpers\");\n\n private static readonly PASSWORD_ERROR_IDENTIFIERS = [\n \"invalid_password\",\n \"password_required\",\n \"password_not_set\",\n \"passwords_do_not_match\",\n ];\n\n constructor(client: UnidyClient) {\n this.client = client;\n }\n\n async createSignIn(email: string, password?: string, sendMagicCode?: boolean) {\n if (!email) {\n throw new Error(t(\"errors.required_field\", { field: \"Email\" }));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.createSignIn(email, password, sendMagicCode);\n\n if (error) {\n this.handleAuthError(error, response);\n return;\n }\n\n if (password) {\n const token = jwtDecode<TokenPayload>((response as TokenResponse).jwt);\n authStore.setSignInId(token.sid);\n authStore.setToken((response as TokenResponse).jwt);\n authStore.setLoading(false);\n authStore.getRootComponentRef()?.onAuth(response as TokenResponse);\n return;\n }\n\n if (sendMagicCode) {\n authStore.setSignInId((response as CreateSignInResponse).sid);\n authStore.setMagicCodeStep(\"sent\");\n authStore.setStep(\"magic-code\");\n authStore.setLoading(false);\n return [error, response] as const;\n }\n const signInResponse = response as CreateSignInResponse;\n authStore.setStep(\"verification\");\n authStore.setEmail(email);\n authStore.setSignInId(signInResponse.sid);\n authStore.setLoginOptions(signInResponse.login_options);\n authStore.setLoading(false);\n }\n\n async authenticateWithPassword(password: string) {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n if (!password) {\n throw new Error(t(\"errors.required_field\", { field: \"Password\" }));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.authenticateWithPassword(authState.sid, password);\n\n if (error) {\n this.handleAuthError(error, response);\n } else {\n authStore.setLoading(false);\n this.handleAuthSuccess(response as TokenResponse);\n return;\n }\n }\n\n private handleAuthError(error: string, response: unknown) {\n switch (error) {\n case \"account_not_found\":\n authStore.setFieldError(\"email\", error);\n break;\n\n case \"missing_required_fields\": {\n authStore.setMissingFields((response as RequiredFieldsResponse).fields);\n profileState.data = (response as RequiredFieldsResponse).fields as ProfileRaw;\n\n if ((response as RequiredFieldsResponse).sid) {\n authStore.setSignInId((response as RequiredFieldsResponse).sid as string);\n }\n\n authStore.setStep(\"missing-fields\");\n break;\n }\n\n default:\n if (AuthHelpers.PASSWORD_ERROR_IDENTIFIERS.includes(error)) {\n authStore.setFieldError(\"password\", error);\n } else {\n // e.g. \"account_locked\", \"internal_server_error\"\n authStore.setGlobalError(\"auth\", error);\n }\n break;\n }\n\n authStore.setLoading(false);\n }\n\n async logout() {\n const [error, _] = await this.client.auth.signOut(authState.sid as string);\n\n if (error) {\n authStore.setGlobalError(\"auth\", error);\n }\n\n return [error, _] as const;\n }\n\n async refreshToken() {\n if (authState.step === \"missing-fields\") {\n return;\n }\n this.extractSignInIdFromQuery();\n\n if (!authState.sid) {\n this.logger.warn(\"No sign-in ID in the session\");\n return;\n }\n\n const [error, response] = await this.client.auth.refreshToken(authState.sid);\n\n if (error) {\n authStore.reset();\n authStore.setGlobalError(\"auth\", error);\n } else {\n authStore.setToken((response as TokenResponse).jwt);\n }\n }\n\n handleSocialAuthRedirect(): void {\n // missing required fields flow\n const url = new URL(window.location.href);\n const params = url.searchParams;\n const error = params.get(\"error\");\n\n if (error !== \"missing_required_fields\") {\n return;\n }\n\n const fieldsFromUrl = params.get(\"fields\");\n if (!fieldsFromUrl) {\n return;\n }\n\n const signInId = params.get(\"sid\");\n if (signInId) {\n authStore.setSignInId(signInId);\n } else {\n return;\n }\n\n try {\n const fields = JSON.parse(fieldsFromUrl);\n\n authStore.setMissingFields(fields);\n profileState.data = fields as ProfileRaw;\n authStore.setStep(\"missing-fields\");\n\n params.delete(\"error\");\n params.delete(\"fields\");\n const cleanUrl = `${url.origin}${url.pathname}${url.hash}`;\n window.history.replaceState(null, \"\", cleanUrl);\n } catch (e) {\n this.logger.error(\"Failed to parse missing fields payload:\", e);\n authStore.setGlobalError(\"auth\", \"invalid_required_fields_payload\");\n }\n }\n\n async sendMagicCode() {\n if (!authState.sid && authState.step !== \"single-login\") {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n authStore.setMagicCodeStep(\"requested\");\n authStore.setLoading(true);\n authStore.clearErrors();\n\n if (authState.step === \"single-login\") {\n const [error, response] = await this.createSignIn(authState.email, undefined, true);\n authStore.setLoading(false);\n return [error, response] as const;\n }\n\n const [error, response] = await this.client.auth.sendMagicCode(authState.sid);\n\n authStore.setLoading(false);\n\n authStore.setStep(\"magic-code\");\n\n if (!error) {\n authStore.setMagicCodeStep(\"sent\");\n\n return [null, response] as const;\n }\n\n authStore.setFieldError(\"magicCode\", error);\n\n if (error === \"magic_code_recently_created\") {\n authStore.setMagicCodeStep(\"sent\");\n }\n\n return [error, response] as const;\n }\n\n async authenticateWithMagicCode(code: string) {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n if (!code) {\n throw new Error(t(\"errors.magic_code_is_missing\"));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.authenticateWithMagicCode(authState.sid, code);\n\n if (!error) {\n this.handleAuthSuccess(response as TokenResponse);\n return;\n }\n\n if (error === \"missing_required_fields\") {\n this.handleMissingFields(response as RequiredFieldsResponse);\n return;\n }\n\n authStore.setLoading(false);\n authStore.setFieldError(\"magicCode\", error);\n }\n\n async sendResetPasswordEmail() {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n authStore.setLoading(true);\n authStore.setResetPasswordStep(\"requested\");\n\n const [error, _] = await this.client.auth.sendResetPasswordEmail(authState.sid, window.location.href);\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n } else {\n authStore.setResetPasswordStep(\"sent\");\n authStore.clearErrors();\n }\n\n authStore.setLoading(false);\n }\n\n async handleResetPasswordRedirect(): Promise<boolean> {\n const url = new URL(window.location.href);\n const params = url.searchParams;\n const resetToken = params.get(\"reset_password_token\");\n\n if (!resetToken) {\n return false;\n }\n\n if (authState.sid) {\n authStore.setLoading(true);\n\n const [error] = await this.client.auth.validateResetPasswordToken(authState.sid, resetToken);\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n authStore.setStep(\"reset-password\");\n authStore.setLoading(false);\n return false;\n }\n }\n\n authStore.setResetToken(resetToken);\n authStore.setStep(\"reset-password\");\n authStore.setLoading(false);\n\n return true;\n }\n\n async resetPassword() {\n if (!authState.resetPassword.token) {\n throw new Error(\"No reset token available\");\n }\n\n if (!authState.resetPassword.newPassword) {\n authStore.setFieldError(\"resetPassword\", \"password_required\");\n return;\n }\n\n if (\n authState.resetPassword.passwordConfirmation &&\n authState.resetPassword.newPassword !== authState.resetPassword.passwordConfirmation\n ) {\n authStore.setFieldError(\"resetPassword\", \"passwords_do_not_match\");\n return;\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.resetPassword(\n authState.sid as string,\n authState.resetPassword.token,\n authState.resetPassword.newPassword,\n authState.resetPassword.passwordConfirmation,\n );\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n\n // TODO: add proper password requirements handling --> for now this is fine\n if (error === \"invalid_password\") {\n authStore.setFieldError(\"password\", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join(\"\\n\"));\n }\n } else {\n authStore.setStep(\"email\");\n authStore.updateResetPassword({\n step: \"completed\",\n token: null,\n newPassword: \"\",\n passwordConfirmation: \"\",\n });\n\n clearUrlParam(\"reset_password_token\");\n Flash.success.addMessage(\"Password reset successfully\");\n }\n\n authStore.setLoading(false);\n }\n\n authenticateWithPasskey() {\n return authenticateWithPasskey(this.client, (response) => this.handleAuthSuccess(response));\n }\n\n private extractSignInIdFromQuery() {\n const sid = clearUrlParam(\"sid\");\n\n if (sid) {\n authStore.setSignInId(sid);\n }\n }\n\n private handleMissingFields(response: RequiredFieldsResponse) {\n authStore.setMissingFields(response.fields);\n profileState.data = response.fields as ProfileRaw;\n authStore.setStep(\"missing-fields\");\n authStore.setLoading(false);\n }\n\n private handleAuthSuccess(response: TokenResponse) {\n authStore.setToken(response.jwt);\n authStore.setLoading(false);\n authStore.getRootComponentRef()?.onAuth(response);\n }\n}\n","import * as Sentry from \"@sentry/browser\";\nimport type { UnidyClient } from \"../api\";\nimport { authStore, authState } from \"./store/auth-store\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { AuthHelpers } from \"./auth-helpers\";\nimport { waitForConfig } from \"../shared/store/unidy-store\";\nimport { getUnidyClient } from \"../api\";\nimport { t } from \"../i18n\";\n\nexport interface TokenPayload {\n sub: string; // unidy id\n sid: string; // sign-in id\n exp: number;\n iat: number;\n iss: string;\n aud: string;\n nonce: string;\n auth_time: number;\n email: string;\n email_verified: boolean;\n [key: string]: unknown;\n}\n\nexport type AuthError = Error & {\n code: \"TOKEN_EXPIRED\" | \"REFRESH_FAILED\" | \"NO_TOKEN\" | \"INVALID_TOKEN\" | \"SIGN_IN_NOT_FOUND\" | \"SIGN_OUT_FAILED\";\n requiresReauth: boolean;\n};\n\nexport class Auth {\n private static instance: Auth;\n\n readonly helpers: AuthHelpers;\n\n private constructor(client: UnidyClient) {\n this.helpers = new AuthHelpers(client);\n this.helpers.handleSocialAuthRedirect();\n this.helpers.handleResetPasswordRedirect();\n }\n\n static Errors = {\n email: {\n NOT_FOUND: \"account_not_found\",\n },\n magicCode: {\n RECENTLY_CREATED: \"magic_code_recently_created\",\n NOT_VALID: \"magic_code_not_valid\",\n EXPIRED: \"magic_code_expired\",\n USED: \"magic_code_used\",\n },\n password: {\n INVALID: \"invalid_password\",\n NOT_SET: \"password_not_set\",\n RESET_PASSWORD_ALREADY_SENT: \"reset_password_already_sent\",\n },\n general: {\n ACCOUNT_LOCKED: \"account_locked\",\n SIGN_IN_EXPIRED: \"sign_in_expired\",\n },\n } as const;\n\n static async getInstance(): Promise<Auth> {\n if (!Auth.isInitialized()) {\n await waitForConfig();\n\n return Auth.initialize(getUnidyClient());\n }\n\n return Auth.instance;\n }\n\n static initialize(client: UnidyClient): Auth {\n Auth.instance = new Auth(client);\n\n if (Auth.instance.isTokenValid(authState.token)) {\n authStore.setAuthenticated(true);\n }\n\n return Auth.instance;\n }\n\n static isInitialized(): boolean {\n return !!Auth.instance;\n }\n\n isTokenValid(token: string | TokenPayload | null): boolean {\n try {\n let decoded: TokenPayload | null;\n\n if (typeof token === \"string\") {\n decoded = jwtDecode<TokenPayload>(token);\n } else {\n decoded = token;\n }\n\n if (!decoded) return false;\n\n const currentTime = Date.now() / 1000;\n return decoded.exp > currentTime;\n } catch (error) {\n Sentry.captureException(error);\n return false;\n }\n }\n\n async isAuthenticated(): Promise<boolean> {\n const token = await this.getToken();\n return typeof token === \"string\";\n }\n\n async getToken(): Promise<string | AuthError> {\n const currentToken = authState.token;\n\n if (currentToken && this.isTokenValid(currentToken)) {\n return currentToken;\n }\n\n await this.helpers.refreshToken();\n\n if (authState.globalErrors.auth || !authState.token) {\n return this.createAuthError(t(\"errors.refresh_failed\"), \"REFRESH_FAILED\", true);\n }\n\n return authState.token as string;\n }\n\n async userData(): Promise<TokenPayload | null> {\n const token = await this.getToken();\n\n if (typeof token !== \"string\") {\n return null;\n }\n\n if (!token) {\n return null;\n }\n\n try {\n return jwtDecode<TokenPayload>(token);\n } catch (error) {\n Sentry.captureException(error);\n return null;\n }\n }\n\n async logout(): Promise<boolean | AuthError> {\n const [error, _] = await this.helpers.logout();\n\n if (error) {\n return this.createAuthError(t(\"errors.sign_out_failed\", { reason: error }), \"SIGN_OUT_FAILED\", false);\n }\n\n authStore.reset();\n\n return true;\n }\n\n getEmail(): string | null {\n return authState.email;\n }\n\n private createAuthError(message: string, code: AuthError[\"code\"], requiresReauth = false): AuthError {\n const error = new Error(message) as AuthError;\n error.code = code;\n error.requiresReauth = requiresReauth;\n\n return error;\n }\n}\n"],"version":3}