altcha 3.0.0-beta.2 → 3.0.0-beta.4

package/dist/plugins/obfuscation.plugin.js

@@ -1,3 +1,111 @@
+const noop = () => {
+};
+function safe_not_equal(a, b) {
+  return a != a ? b == b : a !== b || a !== null && typeof a === "object" || typeof a === "function";
+}
+function subscribe_to_store(store2, run, invalidate) {
+  if (store2 == null) {
+    run(void 0);
+    return noop;
+  }
+  const unsub = untrack(
+    () => store2.subscribe(
+      run,
+      // @ts-expect-error
+      invalidate
+    )
+  );
+  return unsub.unsubscribe ? () => unsub.unsubscribe() : unsub;
+}
+const subscriber_queue = [];
+function writable(value, start = noop) {
+  let stop = null;
+  const subscribers = /* @__PURE__ */ new Set();
+  function set(new_value) {
+    if (safe_not_equal(value, new_value)) {
+      value = new_value;
+      if (stop) {
+        const run_queue = !subscriber_queue.length;
+        for (const subscriber of subscribers) {
+          subscriber[1]();
+          subscriber_queue.push(subscriber, value);
+        }
+        if (run_queue) {
+          for (let i = 0; i < subscriber_queue.length; i += 2) {
+            subscriber_queue[i][0](subscriber_queue[i + 1]);
+          }
+          subscriber_queue.length = 0;
+        }
+      }
+    }
+  }
+  function update(fn) {
+    set(fn(
+      /** @type {T} */
+      value
+    ));
+  }
+  function subscribe(run, invalidate = noop) {
+    const subscriber = [run, invalidate];
+    subscribers.add(subscriber);
+    if (subscribers.size === 1) {
+      stop = start(set, update) || noop;
+    }
+    run(
+      /** @type {T} */
+      value
+    );
+    return () => {
+      subscribers.delete(subscriber);
+      if (subscribers.size === 0 && stop) {
+        stop();
+        stop = null;
+      }
+    };
+  }
+  return { set, update, subscribe };
+}
+function get(store2) {
+  let value;
+  subscribe_to_store(store2, (_) => value = _)();
+  return value;
+}
+let untracking = false;
+function untrack(fn) {
+  var previous_untracking = untracking;
+  try {
+    untracking = true;
+    return fn();
+  } finally {
+    untracking = previous_untracking;
+  }
+}
+function store(defaultValue) {
+  const scope = {
+    get: (name) => {
+      return get(scope.store)[name];
+    },
+    set: (name, value) => {
+      if (typeof name === "string") {
+        Object.assign(get(scope.store), {
+          [name]: value
+        });
+      } else {
+        Object.assign(get(scope.store), name);
+      }
+      scope.store.set(get(scope.store));
+    },
+    store: writable(defaultValue)
+  };
+  return scope;
+}
+globalThis.$altcha = globalThis.$altcha || {
+  algorithms: /* @__PURE__ */ new Map(),
+  defaults: store({}),
+  i18n: store({}),
+  instances: /* @__PURE__ */ new Set(),
+  plugins: /* @__PURE__ */ new Set()
+};
 class BasePlugin {
   constructor(host) {
     this.host = host;
@@ -14,6 +122,42 @@ class BasePlugin {
   async onVerify(value) {
   }
 }
+function getDigest(algorithm) {
+  switch (algorithm) {
+    case "PBKDF2/SHA-512":
+      return "SHA-512";
+    case "PBKDF2/SHA-384":
+      return "SHA-384";
+    case "PBKDF2/SHA-256":
+    default:
+      return "SHA-256";
+  }
+}
+async function deriveKey(parameters, salt, password) {
+  const { algorithm, cost, keyLength = 32 } = parameters;
+  const passwordKey = await crypto.subtle.importKey(
+    "raw",
+    password,
+    { name: "PBKDF2" },
+    false,
+    ["deriveKey"]
+  );
+  const derivedKey = await crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations: cost,
+      hash: getDigest(algorithm)
+    },
+    passwordKey,
+    { name: "AES-GCM", length: keyLength * 8 },
+    true,
+    ["encrypt"]
+  );
+  return {
+    derivedKey: new Uint8Array(await crypto.subtle.exportKey("raw", derivedKey))
+  };
+}
 function bufferStartsWith(buffer, prefix) {
   if (prefix.length > buffer.length) {
     return false;
@@ -50,9 +194,45 @@ function hexToBuffer(hex) {
 async function delay(ms) {
   await new Promise((resolve) => setTimeout(resolve, ms));
 }
+async function hmac(algorithm, data, keyStr) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(keyStr),
+    {
+      name: "HMAC",
+      hash: { name: algorithm }
+    },
+    false,
+    ["sign", "verify"]
+  );
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    key,
+    typeof data === "string" ? new TextEncoder().encode(data) : data
+  );
+  return new Uint8Array(signature);
+}
+function sortKeys(obj) {
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return obj;
+  }
+  return Object.keys(obj).sort().reduce((acc, key) => {
+    const value = obj[key];
+    if (value !== void 0) {
+      acc[key] = sortKeys(value);
+    }
+    return acc;
+  }, {});
+}
 function timeDuration(start) {
   return Math.floor((performance.now() - start) * 10) / 10;
 }
+var HmacAlgorithm = /* @__PURE__ */ ((HmacAlgorithm2) => {
+  HmacAlgorithm2["SHA_256"] = "SHA-256";
+  HmacAlgorithm2["SHA_384"] = "SHA-384";
+  HmacAlgorithm2["SHA_512"] = "SHA-512";
+  return HmacAlgorithm2;
+})(HmacAlgorithm || {});
 var State = /* @__PURE__ */ ((State2) => {
   State2["CODE"] = "code";
   State2["ERROR"] = "error";
@@ -87,6 +267,62 @@ class PasswordBuffer {
     return this.buffer;
   }
 }
+async function createChallenge(options) {
+  const {
+    algorithm,
+    counter,
+    counterMode = "uint32",
+    cost,
+    deriveKey: deriveKey2,
+    data,
+    expiresAt,
+    hmacAlgorithm = HmacAlgorithm.SHA_256,
+    hmacKeySignatureSecret,
+    hmacSignatureSecret,
+    keyLength = 32,
+    keyPrefix = "00",
+    keyPrefixLength = keyLength / 2,
+    memoryCost,
+    parallelism
+  } = options;
+  const parameters = {
+    algorithm,
+    nonce: bufferToHex(crypto.getRandomValues(new Uint8Array(16))),
+    salt: bufferToHex(crypto.getRandomValues(new Uint8Array(16))),
+    cost,
+    keyLength,
+    memoryCost,
+    parallelism,
+    keyPrefix,
+    expiresAt: expiresAt instanceof Date ? Math.floor(expiresAt.getTime() / 1e3) : expiresAt,
+    data
+  };
+  let deriveKeyResult = null;
+  if (counter !== void 0) {
+    const nonceBuf = hexToBuffer(parameters.nonce);
+    deriveKeyResult = await deriveKey2(
+      parameters,
+      hexToBuffer(parameters.salt),
+      new PasswordBuffer(nonceBuf, counterMode).setCounter(counter)
+    );
+    if (deriveKeyResult.parameters) {
+      Object.assign(parameters, deriveKeyResult.parameters);
+    }
+    parameters.keyPrefix = bufferToHex(deriveKeyResult.derivedKey.slice(0, keyPrefixLength));
+  }
+  if (!hmacSignatureSecret) {
+    return {
+      parameters: sortKeys(parameters)
+    };
+  }
+  return signChallenge(
+    hmacAlgorithm,
+    parameters,
+    deriveKeyResult?.derivedKey,
+    hmacSignatureSecret,
+    hmacKeySignatureSecret
+  );
+}
 async function solveChallenge(options) {
   const {
     challenge,
@@ -94,7 +330,7 @@ async function solveChallenge(options) {
     counterMode = "uint32",
     counterStart = 0,
     counterStep = 1,
-    deriveKey,
+    deriveKey: deriveKey2,
     timeout = 9e4
   } = options;
   const { nonce, keyPrefix, salt } = challenge.parameters;
@@ -110,7 +346,7 @@ async function solveChallenge(options) {
     if (controller?.signal.aborted || timeout && counter % 10 === 0 && performance.now() - start > timeout) {
       return null;
     }
-    const { derivedKey } = await deriveKey(
+    const { derivedKey } = await deriveKey2(
       challenge.parameters,
       saltBuf,
       password.setCounter(counter)
@@ -138,7 +374,8 @@ async function solveChallengeWorkers(options) {
     controller = new AbortController(),
     createWorker,
     onOutOfMemory = (c) => c > 1 ? Math.floor(c / 2) : 0,
-    counterMode
+    counterMode,
+    timeout = 9e4
   } = options;
   const workersConcurrency = Math.min(16, Math.max(1, concurrency));
   const workersInstances = [];
@@ -179,6 +416,7 @@ async function solveChallengeWorkers(options) {
             counterMode,
             counterStart: i,
             counterStep: workersConcurrency,
+            timeout,
             type: "work"
           });
         });
@@ -210,8 +448,24 @@ async function solveChallengeWorkers(options) {
   }
   return solution || null;
 }
+async function signChallenge(algorithm, parameters, derivedKey, hmacSignatureSecret, hmacKeySignatureSecret) {
+  if (derivedKey && hmacKeySignatureSecret) {
+    parameters.keySignature = bufferToHex(
+      await hmac(algorithm, derivedKey, hmacKeySignatureSecret)
+    );
+  }
+  parameters = sortKeys(parameters);
+  return {
+    parameters,
+    signature: bufferToHex(await hmac(algorithm, JSON.stringify(parameters), hmacSignatureSecret))
+  };
+}
 async function deobfuscate(obfuscatedData, options = {}) {
-  const { concurrency = navigator.hardwareConcurrency, deriveKey: deriveKey2 } = options;
+  let {
+    concurrency = Math.max(1, Math.min(4, navigator.hardwareConcurrency)),
+    createWorker,
+    deriveKey: deriveKey$1 = deriveKey
+  } = options;
   let challenge = null;
   try {
     challenge = JSON.parse(atob(obfuscatedData));
@@ -223,21 +477,20 @@ async function deobfuscate(obfuscatedData, options = {}) {
   }
   const cipher = challenge.cipher;
   let solution = null;
-  if (deriveKey2) {
-    solution = await solveChallenge({
-      challenge,
-      deriveKey: deriveKey2
-    });
-  } else {
-    const createWorker = globalThis.$altcha.algorithms.get(challenge.parameters.algorithm);
-    if (!createWorker) {
-      throw new Error(`Unsupported algorithm ${challenge.parameters.algorithm}.`);
-    }
+  if (!createWorker && "$altcha" in globalThis) {
+    createWorker = globalThis.$altcha.algorithms.get(challenge.parameters.algorithm);
+  }
+  if (createWorker) {
     solution = await solveChallengeWorkers({
       challenge,
       concurrency,
       createWorker
     });
+  } else {
+    solution = await solveChallenge({
+      challenge,
+      deriveKey: deriveKey$1
+    });
   }
   if (!solution) {
     throw new Error("Unable to find solution.");
@@ -259,7 +512,48 @@ async function deobfuscate(obfuscatedData, options = {}) {
   );
   return new TextDecoder().decode(result);
 }
+async function obfuscate(str, options = {}) {
+  const { deriveKey: deriveKey$1 = deriveKey } = options;
+  const counterMin = options?.counterMin || 20;
+  const counterMax = options?.counterMax || 200;
+  const { parameters } = await createChallenge({
+    algorithm: "PBKDF2/SHA-256",
+    cost: 5e3,
+    deriveKey: deriveKey$1,
+    counter: Math.floor(Math.random() * (counterMax - counterMin + 1)) + counterMin,
+    keyPrefixLength: 32,
+    ...options
+  });
+  const key = await crypto.subtle.importKey(
+    "raw",
+    hexToBuffer(parameters.keyPrefix),
+    { name: "AES-GCM" },
+    false,
+    ["encrypt"]
+  );
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const data = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv },
+    key,
+    new TextEncoder().encode(str)
+  );
+  return btoa(
+    JSON.stringify({
+      parameters: {
+        ...parameters,
+        // Return only half the derived key
+        keyPrefix: parameters.keyPrefix.slice(0, parameters.keyLength || 32)
+      },
+      cipher: {
+        iv: bufferToHex(iv),
+        data: bufferToHex(data)
+      }
+    })
+  );
+}
 class ObfuscationPlugin extends BasePlugin {
+  static deobfuscate = deobfuscate;
+  static obfuscate = obfuscate;
   elTrigger = null;
   activate() {
     this.elTrigger = this.host.querySelector("button");

package/dist/plugins/obfuscation.plugin.min.js

@@ -1 +1 @@
-class e{constructor(e){this.host=e}static register(e){"$altcha"in globalThis&&!globalThis.$altcha.plugins.has(e)&&globalThis.$altcha.plugins.add(e)}async onFetchChallenge(e){}async onRequestServerVerification(e,t){}async onVerify(e){}}function t(e,t){if(t.length>e.length)return!1;for(let r=0;r<t.length;r++)if(e[r]!==t[r])return!1;return!0}function r(e){return Array.from(new Uint8Array(e)).map(e=>e.toString(16).padStart(2,"0")).join("")}function n(e){if(e.length%2!=0)throw new Error(`Hex string must have an even length. Got: ${e}`);const t=new ArrayBuffer(e.length/2),r=new DataView(t);for(let t=0;t<e.length;t+=2){const n=e.substring(t,t+2),a=parseInt(n,16);r.setUint8(t/2,a)}return new Uint8Array(t)}async function a(e){await new Promise(t=>setTimeout(t,e))}function o(e){return Math.floor(10*(performance.now()-e))/10}var i=(e=>(e.CODE="code",e.ERROR="error",e.VERIFIED="verified",e.VERIFYING="verifying",e.UNVERIFIED="unverified",e.EXPIRED="expired",e))(i||{});class s{constructor(e,t="uint32"){this.nonce=e,this.mode=t,this.buffer=new Uint8Array(this.nonce.length+this.COUNTER_BYTES),this.buffer.set(this.nonce,0),this.dataView=new DataView(this.buffer.buffer)}COUNTER_BYTES=4;buffer;dataView;encoder=new TextEncoder;setCounter(e){return"string"===this.mode?function(e,t){const r=new Uint8Array(e.length+t.length);return r.set(e,0),r.set(t,e.length),r}(this.nonce,this.encoder.encode(e.toString())):(this.dataView.setUint32(this.nonce.length,e,!1),this.buffer)}}async function c(e){const{challenge:t,concurrency:r=navigator.hardwareConcurrency,controller:n=new AbortController,createWorker:a,onOutOfMemory:o=e=>e>1?Math.floor(e/2):0,counterMode:i}=e,s=Math.min(16,Math.max(1,r)),l=[],h=()=>{for(const e of l)e.terminate()};for(let e=0;e<s;e++)l.push(await a(t.parameters.algorithm));let u=null;try{u=await Promise.race(l.map((e,r)=>(n.signal.addEventListener("abort",()=>{e.postMessage({type:"abort"})}),new Promise((n,a)=>{e.addEventListener("error",e=>{a(e)}),e.addEventListener("message",t=>{if(t.data){for(const t of l)t!==e&&t.postMessage({type:"abort"});if(t.data.error)return a(new Error(t.data.error))}n(t.data)}),e.postMessage({challenge:t,counterMode:i,counterStart:r,counterStep:s,type:"work"})}))))}catch(r){if(r instanceof Error&&!!r?.message?.includes("Out of memory")&&o){h();const r=o(s);if(r)return c({...e,challenge:t,controller:n,concurrency:r,createWorker:a})}throw r}finally{h()}return n.signal.aborted?null:u||null}async function l(e,i={}){const{concurrency:l=navigator.hardwareConcurrency,deriveKey:h}=i;let u=null;try{u=JSON.parse(atob(e))}catch{throw new Error("Unable to parse obfuscated data.")}if(!u||"object"!=typeof u||!("parameters"in u)||!("cipher"in u))throw new Error("Invalid obfuscated data format.");const f=u.cipher;let g=null;if(h)g=await async function(e){const{challenge:i,controller:c,counterMode:l="uint32",counterStart:h=0,counterStep:u=1,deriveKey:f,timeout:g=9e4}=e,{nonce:d,keyPrefix:w,salt:m}=i.parameters,y=n(d),p=n(m),E=w.length%2==0?n(w):null,b=new s(y,l),T=performance.now();let v=h,S="",C=T;for(;;){if(c?.signal.aborted||g&&v%10==0&&performance.now()-T>g)return null;const{derivedKey:e}=await f(i.parameters,p,b.setCounter(v));if(v%10==0&&performance.now()-C>200&&(await a(0),C=performance.now()),E?t(e,E):r(e).startsWith(w)){S=r(e);break}v+=u}return{counter:v,derivedKey:S,time:o(T)}}({challenge:u,deriveKey:h});else{const e=globalThis.$altcha.algorithms.get(u.parameters.algorithm);if(!e)throw new Error(`Unsupported algorithm ${u.parameters.algorithm}.`);g=await c({challenge:u,concurrency:l,createWorker:e})}if(!g)throw new Error("Unable to find solution.");const d=await crypto.subtle.importKey("raw",n(g.derivedKey),{name:"AES-GCM"},!1,["decrypt"]),w=await crypto.subtle.decrypt({name:"AES-GCM",iv:n(f.iv)},d,n(f.data));return(new TextDecoder).decode(w)}e.register(class extends e{elTrigger=null;activate(){this.elTrigger=this.host.querySelector("button"),this.elTrigger&&(this.elTrigger.addEventListener("click",this.onTriggerClick.bind(this)),this.host.configure({floatingAnchor:this.elTrigger}))}destroy(){}async onVerify(e){const{minDuration:t=500}=e,r=performance.now(),n=this.host.getAttribute("data-obfuscated");if(n){this.host.reset(i.VERIFYING);try{const e=await l(n);await this.#e(Math.max(0,t-(performance.now()-r))),this.#t(e)}catch(e){this.host.setState(i.ERROR,String(e))}finally{this.host.setState(i.VERIFIED)}return null}}onTriggerClick(e){e.preventDefault(),this.host.show(),this.host.verify().then(()=>{this.host.hide()})}#t(e){let t;if(e.match(/^(mailto|tel|sms|https?):/)){const[r]=e.slice(e.indexOf(":")+1).replace(/^\/\//,"").split("?");t=document.createElement("a"),t.href=e,t.innerText=r}else t=document.createTextNode(e);this.elTrigger&&t&&(this.elTrigger.after(t),this.elTrigger.parentElement?.removeChild(this.elTrigger))}async#e(e){await new Promise(t=>setTimeout(t,e))}});
+const e=()=>{};function t(t,r,n){if(null==t)return r(void 0),e;const a=function(e){var t=o;try{return o=!0,e()}finally{o=t}}(()=>t.subscribe(r,n));return a.unsubscribe?()=>a.unsubscribe():a}const r=[];function n(t,n=e){let a=null;const o=new Set;function i(e){if(i=e,((n=t)!=n?i==i:n!==i||null!==n&&"object"==typeof n||"function"==typeof n)&&(t=e,a)){const e=!r.length;for(const e of o)e[1](),r.push(e,t);if(e){for(let e=0;e<r.length;e+=2)r[e][0](r[e+1]);r.length=0}}var n,i}function s(e){i(e(t))}return{set:i,update:s,subscribe:function(r,c=e){const l=[r,c];return o.add(l),1===o.size&&(a=n(i,s)||e),r(t),()=>{o.delete(l),0===o.size&&a&&(a(),a=null)}}}}function a(e){let r;return t(e,e=>r=e)(),r}let o=!1;function i(e){const t={get:e=>a(t.store)[e],set:(e,r)=>{"string"==typeof e?Object.assign(a(t.store),{[e]:r}):Object.assign(a(t.store),e),t.store.set(a(t.store))},store:n(e)};return t}globalThis.$altcha=globalThis.$altcha||{algorithms:new Map,defaults:i({}),i18n:i({}),instances:new Set,plugins:new Set};class s{constructor(e){this.host=e}static register(e){"$altcha"in globalThis&&!globalThis.$altcha.plugins.has(e)&&globalThis.$altcha.plugins.add(e)}async onFetchChallenge(e){}async onRequestServerVerification(e,t){}async onVerify(e){}}function c(e){switch(e){case"PBKDF2/SHA-512":return"SHA-512";case"PBKDF2/SHA-384":return"SHA-384";default:return"SHA-256"}}async function l(e,t,r){const{algorithm:n,cost:a,keyLength:o=32}=e,i=await crypto.subtle.importKey("raw",r,{name:"PBKDF2"},!1,["deriveKey"]),s=await crypto.subtle.deriveKey({name:"PBKDF2",salt:t,iterations:a,hash:c(n)},i,{name:"AES-GCM",length:8*o},!0,["encrypt"]);return{derivedKey:new Uint8Array(await crypto.subtle.exportKey("raw",s))}}function u(e,t){if(t.length>e.length)return!1;for(let r=0;r<t.length;r++)if(e[r]!==t[r])return!1;return!0}function h(e){return Array.from(new Uint8Array(e)).map(e=>e.toString(16).padStart(2,"0")).join("")}function f(e){if(e.length%2!=0)throw new Error(`Hex string must have an even length. Got: ${e}`);const t=new ArrayBuffer(e.length/2),r=new DataView(t);for(let t=0;t<e.length;t+=2){const n=e.substring(t,t+2),a=parseInt(n,16);r.setUint8(t/2,a)}return new Uint8Array(t)}async function y(e){await new Promise(t=>setTimeout(t,e))}async function g(e,t,r){const n=await crypto.subtle.importKey("raw",(new TextEncoder).encode(r),{name:"HMAC",hash:{name:e}},!1,["sign","verify"]),a=await crypto.subtle.sign("HMAC",n,"string"==typeof t?(new TextEncoder).encode(t):t);return new Uint8Array(a)}function d(e){return"object"!=typeof e||null===e||Array.isArray(e)?e:Object.keys(e).sort().reduce((t,r)=>{const n=e[r];return void 0!==n&&(t[r]=d(n)),t},{})}function m(e){return Math.floor(10*(performance.now()-e))/10}var w=(e=>(e.SHA_256="SHA-256",e.SHA_384="SHA-384",e.SHA_512="SHA-512",e))(w||{}),p=(e=>(e.CODE="code",e.ERROR="error",e.VERIFIED="verified",e.VERIFYING="verifying",e.UNVERIFIED="unverified",e.EXPIRED="expired",e))(p||{});class b{constructor(e,t="uint32"){this.nonce=e,this.mode=t,this.buffer=new Uint8Array(this.nonce.length+this.COUNTER_BYTES),this.buffer.set(this.nonce,0),this.dataView=new DataView(this.buffer.buffer)}COUNTER_BYTES=4;buffer;dataView;encoder=new TextEncoder;setCounter(e){return"string"===this.mode?function(e,t){const r=new Uint8Array(e.length+t.length);return r.set(e,0),r.set(t,e.length),r}(this.nonce,this.encoder.encode(e.toString())):(this.dataView.setUint32(this.nonce.length,e,!1),this.buffer)}}async function S(e){const{algorithm:t,counter:r,counterMode:n="uint32",cost:a,deriveKey:o,data:i,expiresAt:s,hmacAlgorithm:c=w.SHA_256,hmacKeySignatureSecret:l,hmacSignatureSecret:u,keyLength:y=32,keyPrefix:m="00",keyPrefixLength:p=y/2,memoryCost:S,parallelism:v}=e,A={algorithm:t,nonce:h(crypto.getRandomValues(new Uint8Array(16))),salt:h(crypto.getRandomValues(new Uint8Array(16))),cost:a,keyLength:y,memoryCost:S,parallelism:v,keyPrefix:m,expiresAt:s instanceof Date?Math.floor(s.getTime()/1e3):s,data:i};let E=null;if(void 0!==r){const e=f(A.nonce);E=await o(A,f(A.salt),new b(e,n).setCounter(r)),E.parameters&&Object.assign(A,E.parameters),A.keyPrefix=h(E.derivedKey.slice(0,p))}return u?async function(e,t,r,n,a){r&&a&&(t.keySignature=h(await g(e,r,a)));return t=d(t),{parameters:t,signature:h(await g(e,JSON.stringify(t),n))}}(c,A,E?.derivedKey,u,l):{parameters:d(A)}}async function v(e){const{challenge:t,concurrency:r=navigator.hardwareConcurrency,controller:n=new AbortController,createWorker:a,onOutOfMemory:o=e=>e>1?Math.floor(e/2):0,counterMode:i,timeout:s=9e4}=e,c=Math.min(16,Math.max(1,r)),l=[],u=()=>{for(const e of l)e.terminate()};for(let e=0;e<c;e++)l.push(await a(t.parameters.algorithm));let h=null;try{h=await Promise.race(l.map((e,r)=>(n.signal.addEventListener("abort",()=>{e.postMessage({type:"abort"})}),new Promise((n,a)=>{e.addEventListener("error",e=>{a(e)}),e.addEventListener("message",t=>{if(t.data){for(const t of l)t!==e&&t.postMessage({type:"abort"});if(t.data.error)return a(new Error(t.data.error))}n(t.data)}),e.postMessage({challenge:t,counterMode:i,counterStart:r,counterStep:c,timeout:s,type:"work"})}))))}catch(r){if(r instanceof Error&&!!r?.message?.includes("Out of memory")&&o){u();const r=o(c);if(r)return v({...e,challenge:t,controller:n,concurrency:r,createWorker:a})}throw r}finally{u()}return n.signal.aborted?null:h||null}async function A(e,t={}){let{concurrency:r=Math.max(1,Math.min(4,navigator.hardwareConcurrency)),createWorker:n,deriveKey:a=l}=t,o=null;try{o=JSON.parse(atob(e))}catch{throw new Error("Unable to parse obfuscated data.")}if(!o||"object"!=typeof o||!("parameters"in o)||!("cipher"in o))throw new Error("Invalid obfuscated data format.");const i=o.cipher;let s=null;if(!n&&"$altcha"in globalThis&&(n=globalThis.$altcha.algorithms.get(o.parameters.algorithm)),s=n?await v({challenge:o,concurrency:r,createWorker:n}):await async function(e){const{challenge:t,controller:r,counterMode:n="uint32",counterStart:a=0,counterStep:o=1,deriveKey:i,timeout:s=9e4}=e,{nonce:c,keyPrefix:l,salt:g}=t.parameters,d=f(c),w=f(g),p=l.length%2==0?f(l):null,S=new b(d,n),v=performance.now();let A=a,E="",T=v;for(;;){if(r?.signal.aborted||s&&A%10==0&&performance.now()-v>s)return null;const{derivedKey:e}=await i(t.parameters,w,S.setCounter(A));if(A%10==0&&performance.now()-T>200&&(await y(0),T=performance.now()),p?u(e,p):h(e).startsWith(l)){E=h(e);break}A+=o}return{counter:A,derivedKey:E,time:m(v)}}({challenge:o,deriveKey:a}),!s)throw new Error("Unable to find solution.");const c=await crypto.subtle.importKey("raw",f(s.derivedKey),{name:"AES-GCM"},!1,["decrypt"]),g=await crypto.subtle.decrypt({name:"AES-GCM",iv:f(i.iv)},c,f(i.data));return(new TextDecoder).decode(g)}async function E(e,t={}){const{deriveKey:r=l}=t,n=t?.counterMin||20,a=t?.counterMax||200,{parameters:o}=await S({algorithm:"PBKDF2/SHA-256",cost:5e3,deriveKey:r,counter:Math.floor(Math.random()*(a-n+1))+n,keyPrefixLength:32,...t}),i=await crypto.subtle.importKey("raw",f(o.keyPrefix),{name:"AES-GCM"},!1,["encrypt"]),s=crypto.getRandomValues(new Uint8Array(12)),c=await crypto.subtle.encrypt({name:"AES-GCM",iv:s},i,(new TextEncoder).encode(e));return btoa(JSON.stringify({parameters:{...o,keyPrefix:o.keyPrefix.slice(0,o.keyLength||32)},cipher:{iv:h(s),data:h(c)}}))}s.register(class extends s{static deobfuscate=A;static obfuscate=E;elTrigger=null;activate(){this.elTrigger=this.host.querySelector("button"),this.elTrigger&&(this.elTrigger.addEventListener("click",this.onTriggerClick.bind(this)),this.host.configure({floatingAnchor:this.elTrigger}))}destroy(){}async onVerify(e){const{minDuration:t=500}=e,r=performance.now(),n=this.host.getAttribute("data-obfuscated");if(n){this.host.reset(p.VERIFYING);try{const e=await A(n);await this.#e(Math.max(0,t-(performance.now()-r))),this.#t(e)}catch(e){this.host.setState(p.ERROR,String(e))}finally{this.host.setState(p.VERIFIED)}return null}}onTriggerClick(e){e.preventDefault(),this.host.show(),this.host.verify().then(()=>{this.host.hide()})}#t(e){let t;if(e.match(/^(mailto|tel|sms|https?):/)){const[r]=e.slice(e.indexOf(":")+1).replace(/^\/\//,"").split("?");t=document.createElement("a"),t.href=e,t.innerText=r}else t=document.createTextNode(e);this.elTrigger&&t&&(this.elTrigger.after(t),this.elTrigger.parentElement?.removeChild(this.elTrigger))}async#e(e){await new Promise(t=>setTimeout(t,e))}});