houdini 1.2.9 → 1.2.11

package/build/router-esm/package.json

@@ -0,0 +1 @@
+{"type":"module"}

package/build/runtime/router/cookies.d.ts

@@ -0,0 +1,41 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+export declare function parse(str: string, options?: {
+    decode?: (val: string) => string;
+}): Record<string, string>;
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ */
+export declare function serialize(name: string, val: string, options: {
+    encode: boolean;
+    maxAge: number;
+    domain: string;
+    path: string;
+    expires: Date;
+    httpOnly: boolean;
+    priority: string | number;
+    secure: boolean;
+    sameSite: string | boolean;
+}): string;

package/build/runtime/router/jwt.d.ts

@@ -0,0 +1,117 @@
+type SubtleCryptoImportKeyAlgorithm = any;
+/**
+ * @typedef JwtAlgorithm
+ * @type {'ES256'|'ES384'|'ES512'|'HS256'|'HS384'|'HS512'|'RS256'|'RS384'|'RS512'}
+ */
+export type JwtAlgorithm = 'ES256' | 'ES384' | 'ES512' | 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512';
+/**
+ * @typedef JwtAlgorithms
+ */
+export interface JwtAlgorithms {
+    [key: string]: SubtleCryptoImportKeyAlgorithm;
+}
+/**
+ * @typedef JwtHeader
+ * @prop {string} [typ] Type
+ */
+export interface JwtHeader {
+    /**
+     * Type (default: `"JWT"`)
+     *
+     * @default "JWT"
+     */
+    typ?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtPayload
+ * @prop {string} [iss] Issuer
+ * @prop {string} [sub] Subject
+ * @prop {string | string[]} [aud] Audience
+ * @prop {string} [exp] Expiration Time
+ * @prop {string} [nbf] Not Before
+ * @prop {string} [iat] Issued At
+ * @prop {string} [jti] JWT ID
+ */
+export interface JwtPayload {
+    /** Issuer */
+    iss?: string;
+    /** Subject */
+    sub?: string;
+    /** Audience */
+    aud?: string | string[];
+    /** Expiration Time */
+    exp?: number;
+    /** Not Before */
+    nbf?: number;
+    /** Issued At */
+    iat?: number;
+    /** JWT ID */
+    jti?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtOptions
+ * @prop {JwtAlgorithm | string} algorithm
+ */
+export interface JwtOptions {
+    algorithm?: JwtAlgorithm | string;
+}
+/**
+ * @typedef JwtSignOptions
+ * @extends JwtOptions
+ * @prop {JwtHeader} [header]
+ */
+export interface JwtSignOptions extends JwtOptions {
+    header?: JwtHeader;
+}
+/**
+ * @typedef JwtVerifyOptions
+ * @extends JwtOptions
+ * @prop {boolean} [throwError=false] If `true` throw error if checks fail. (default: `false`)
+ */
+export interface JwtVerifyOptions extends JwtOptions {
+    /**
+     * If `true` throw error if checks fail. (default: `false`)
+     *
+     * @default false
+     */
+    throwError?: boolean;
+}
+/**
+ * @typedef JwtData
+ * @prop {JwtHeader} header
+ * @prop {JwtPayload} payload
+ */
+export interface JwtData {
+    header: JwtHeader;
+    payload: JwtPayload;
+}
+/**
+ * Signs a payload and returns the token
+ *
+ * @param {JwtPayload} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
+ * @param {string | JsonWebKey} secret A string which is used to sign the payload.
+ * @param {JwtSignOptions | JwtAlgorithm | string} [options={ algorithm: 'HS256', header: { typ: 'JWT' } }] The options object or the algorithm.
+ * @throws {Error} If there's a validation issue.
+ * @returns {Promise<string>} Returns token as a `string`.
+ */
+export declare function encode(payload: JwtPayload, secret: string | JsonWebKey, options?: JwtSignOptions | JwtAlgorithm): Promise<string>;
+/**
+ * Verifies the integrity of the token and returns a boolean value.
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @param {string | JsonWebKey} secret The string which was used to sign the payload.
+ * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+ * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
+ * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`.
+ */
+export declare function verify(token: string, secret: string | JsonWebKey, options?: JwtVerifyOptions | JwtAlgorithm): Promise<boolean>;
+/**
+ * Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @returns {JwtData} Returns an `object` containing `header` and `payload`.
+ */
+export declare function decode(token: string): JwtData;
+export {};

package/build/runtime/router/server.d.ts

@@ -0,0 +1,25 @@
+import type { ConfigFile } from '../lib';
+type ServerHandlerArgs = {
+    url: string;
+    config: ConfigFile;
+    session_keys: string[];
+    set_header: (key: string, value: string | number | string[]) => void;
+    get_header: (key: string) => string | number | string[] | undefined;
+    redirect: (code: number, url: string) => void;
+    next: () => void;
+};
+export declare function handle_request(args: ServerHandlerArgs): Promise<void>;
+export type Server = {
+    use(fn: ServerMiddleware): void;
+};
+export type ServerMiddleware = (req: IncomingRequest, res: ServerResponse, next: () => void) => void;
+export type IncomingRequest = {
+    url?: string;
+    headers: Headers;
+};
+export type ServerResponse = {
+    redirect(url: string, status?: number): void;
+    set_header(name: string, value: string): void;
+};
+export declare function get_session(req: Headers, secrets: string[]): Promise<App.Session>;
+export {};

package/build/runtime-cjs/router/cookies.d.ts

@@ -0,0 +1,41 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+export declare function parse(str: string, options?: {
+    decode?: (val: string) => string;
+}): Record<string, string>;
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ */
+export declare function serialize(name: string, val: string, options: {
+    encode: boolean;
+    maxAge: number;
+    domain: string;
+    path: string;
+    expires: Date;
+    httpOnly: boolean;
+    priority: string | number;
+    secure: boolean;
+    sameSite: string | boolean;
+}): string;

package/build/runtime-cjs/router/cookies.js

@@ -0,0 +1,168 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var cookies_exports = {};
+__export(cookies_exports, {
+  parse: () => parse,
+  serialize: () => serialize
+});
+module.exports = __toCommonJS(cookies_exports);
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+let __toString = Object.prototype.toString;
+let fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+function parse(str, options) {
+  if (typeof str !== "string") {
+    throw new TypeError("argument str must be a string");
+  }
+  let obj = {};
+  let opt = options || {};
+  let dec = opt.decode || decode;
+  let index = 0;
+  while (index < str.length) {
+    let eqIdx = str.indexOf("=", index);
+    if (eqIdx === -1) {
+      break;
+    }
+    let endIdx = str.indexOf(";", index);
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
+    }
+    let key = str.slice(index, eqIdx).trim();
+    if (void 0 === obj[key]) {
+      let val = str.slice(eqIdx + 1, endIdx).trim();
+      if (val.charCodeAt(0) === 34) {
+        val = val.slice(1, -1);
+      }
+      obj[key] = tryDecode(val, dec);
+    }
+    index = endIdx + 1;
+  }
+  return obj;
+}
+function serialize(name, val, options) {
+  let opt = options || {};
+  let enc = opt.encode || encode;
+  if (typeof enc !== "function") {
+    throw new TypeError("option encode is invalid");
+  }
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError("argument name is invalid");
+  }
+  let value = enc(val);
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError("argument val is invalid");
+  }
+  let str = name + "=" + value;
+  if (opt.maxAge !== null) {
+    let maxAge = opt.maxAge - 0;
+    if (Number.isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError("option maxAge is invalid");
+    }
+    str += "; Max-Age=" + Math.floor(maxAge);
+  }
+  if (opt.domain) {
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError("option domain is invalid");
+    }
+    str += "; Domain=" + opt.domain;
+  }
+  if (opt.path) {
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError("option path is invalid");
+    }
+    str += "; Path=" + opt.path;
+  }
+  if (opt.expires) {
+    let expires = opt.expires;
+    if (!isDate(expires) || Number.isNaN(expires.valueOf())) {
+      throw new TypeError("option expires is invalid");
+    }
+    str += "; Expires=" + expires.toUTCString();
+  }
+  if (opt.httpOnly) {
+    str += "; HttpOnly";
+  }
+  if (opt.secure) {
+    str += "; Secure";
+  }
+  if (opt.priority) {
+    let priority = typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority;
+    switch (priority) {
+      case "low":
+        str += "; Priority=Low";
+        break;
+      case "medium":
+        str += "; Priority=Medium";
+        break;
+      case "high":
+        str += "; Priority=High";
+        break;
+      default:
+        throw new TypeError("option priority is invalid");
+    }
+  }
+  if (opt.sameSite) {
+    let sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
+    switch (sameSite) {
+      case true:
+        str += "; SameSite=Strict";
+        break;
+      case "lax":
+        str += "; SameSite=Lax";
+        break;
+      case "strict":
+        str += "; SameSite=Strict";
+        break;
+      case "none":
+        str += "; SameSite=None";
+        break;
+      default:
+        throw new TypeError("option sameSite is invalid");
+    }
+  }
+  return str;
+}
+function decode(str) {
+  return str.indexOf("%") !== -1 ? decodeURIComponent(str) : str;
+}
+function encode(val) {
+  return encodeURIComponent(val);
+}
+function isDate(val) {
+  return __toString.call(val) === "[object Date]" || val instanceof Date;
+}
+function tryDecode(str, decode2) {
+  try {
+    return decode2(str);
+  } catch (e) {
+    return str;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  parse,
+  serialize
+});

package/build/runtime-cjs/router/jwt.d.ts

@@ -0,0 +1,117 @@
+type SubtleCryptoImportKeyAlgorithm = any;
+/**
+ * @typedef JwtAlgorithm
+ * @type {'ES256'|'ES384'|'ES512'|'HS256'|'HS384'|'HS512'|'RS256'|'RS384'|'RS512'}
+ */
+export type JwtAlgorithm = 'ES256' | 'ES384' | 'ES512' | 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512';
+/**
+ * @typedef JwtAlgorithms
+ */
+export interface JwtAlgorithms {
+    [key: string]: SubtleCryptoImportKeyAlgorithm;
+}
+/**
+ * @typedef JwtHeader
+ * @prop {string} [typ] Type
+ */
+export interface JwtHeader {
+    /**
+     * Type (default: `"JWT"`)
+     *
+     * @default "JWT"
+     */
+    typ?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtPayload
+ * @prop {string} [iss] Issuer
+ * @prop {string} [sub] Subject
+ * @prop {string | string[]} [aud] Audience
+ * @prop {string} [exp] Expiration Time
+ * @prop {string} [nbf] Not Before
+ * @prop {string} [iat] Issued At
+ * @prop {string} [jti] JWT ID
+ */
+export interface JwtPayload {
+    /** Issuer */
+    iss?: string;
+    /** Subject */
+    sub?: string;
+    /** Audience */
+    aud?: string | string[];
+    /** Expiration Time */
+    exp?: number;
+    /** Not Before */
+    nbf?: number;
+    /** Issued At */
+    iat?: number;
+    /** JWT ID */
+    jti?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtOptions
+ * @prop {JwtAlgorithm | string} algorithm
+ */
+export interface JwtOptions {
+    algorithm?: JwtAlgorithm | string;
+}
+/**
+ * @typedef JwtSignOptions
+ * @extends JwtOptions
+ * @prop {JwtHeader} [header]
+ */
+export interface JwtSignOptions extends JwtOptions {
+    header?: JwtHeader;
+}
+/**
+ * @typedef JwtVerifyOptions
+ * @extends JwtOptions
+ * @prop {boolean} [throwError=false] If `true` throw error if checks fail. (default: `false`)
+ */
+export interface JwtVerifyOptions extends JwtOptions {
+    /**
+     * If `true` throw error if checks fail. (default: `false`)
+     *
+     * @default false
+     */
+    throwError?: boolean;
+}
+/**
+ * @typedef JwtData
+ * @prop {JwtHeader} header
+ * @prop {JwtPayload} payload
+ */
+export interface JwtData {
+    header: JwtHeader;
+    payload: JwtPayload;
+}
+/**
+ * Signs a payload and returns the token
+ *
+ * @param {JwtPayload} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
+ * @param {string | JsonWebKey} secret A string which is used to sign the payload.
+ * @param {JwtSignOptions | JwtAlgorithm | string} [options={ algorithm: 'HS256', header: { typ: 'JWT' } }] The options object or the algorithm.
+ * @throws {Error} If there's a validation issue.
+ * @returns {Promise<string>} Returns token as a `string`.
+ */
+export declare function encode(payload: JwtPayload, secret: string | JsonWebKey, options?: JwtSignOptions | JwtAlgorithm): Promise<string>;
+/**
+ * Verifies the integrity of the token and returns a boolean value.
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @param {string | JsonWebKey} secret The string which was used to sign the payload.
+ * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+ * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
+ * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`.
+ */
+export declare function verify(token: string, secret: string | JsonWebKey, options?: JwtVerifyOptions | JwtAlgorithm): Promise<boolean>;
+/**
+ * Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @returns {JwtData} Returns an `object` containing `header` and `payload`.
+ */
+export declare function decode(token: string): JwtData;
+export {};

package/build/runtime-cjs/router/jwt.js

@@ -0,0 +1,181 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var jwt_exports = {};
+__export(jwt_exports, {
+  decode: () => decode,
+  encode: () => encode,
+  verify: () => verify
+});
+module.exports = __toCommonJS(jwt_exports);
+function base64UrlParse(s) {
+  return new Uint8Array(
+    Array.prototype.map.call(
+      atob(s.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")),
+      (c) => c.charCodeAt(0)
+    )
+  );
+}
+function base64UrlStringify(a) {
+  return btoa(String.fromCharCode.apply(0, a)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+const algorithms = {
+  ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } },
+  ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } },
+  ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } },
+  HS256: { name: "HMAC", hash: { name: "SHA-256" } },
+  HS384: { name: "HMAC", hash: { name: "SHA-384" } },
+  HS512: { name: "HMAC", hash: { name: "SHA-512" } },
+  RS256: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } },
+  RS384: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-384" } },
+  RS512: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-512" } }
+};
+function _utf8ToUint8Array(str) {
+  return base64UrlParse(btoa(unescape(encodeURIComponent(str))));
+}
+function _str2ab(str) {
+  str = atob(str);
+  const buf = new ArrayBuffer(str.length);
+  const bufView = new Uint8Array(buf);
+  for (let i = 0, strLen = str.length; i < strLen; i++) {
+    bufView[i] = str.charCodeAt(i);
+  }
+  return buf;
+}
+function _decodePayload(raw) {
+  switch (raw.length % 4) {
+    case 0:
+      break;
+    case 2:
+      raw += "==";
+      break;
+    case 3:
+      raw += "=";
+      break;
+    default:
+      throw new Error("Illegal base64url string!");
+  }
+  try {
+    return JSON.parse(decodeURIComponent(escape(atob(raw))));
+  } catch {
+    return null;
+  }
+}
+async function encode(payload, secret, options = { algorithm: "HS256", header: { typ: "JWT" } }) {
+  if (typeof options === "string")
+    options = { algorithm: options, header: { typ: "JWT" } };
+  options = { algorithm: "HS256", header: { typ: "JWT" }, ...options };
+  if (payload === null || typeof payload !== "object")
+    throw new Error("payload must be an object");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  if (!payload.iat)
+    payload.iat = Math.floor(Date.now() / 1e3);
+  const payloadAsJSON = JSON.stringify(payload);
+  const partialToken = `${base64UrlStringify(
+    _utf8ToUint8Array(JSON.stringify({ ...options.header, alg: options.algorithm }))
+  )}.${base64UrlStringify(_utf8ToUint8Array(payloadAsJSON))}`;
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "pkcs8";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["sign"]);
+  const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken));
+  return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`;
+}
+async function verify(token, secret, options = { algorithm: "HS256", throwError: false }) {
+  if (typeof options === "string")
+    options = { algorithm: options, throwError: false };
+  options = { algorithm: "HS256", throwError: false, ...options };
+  if (typeof token !== "string")
+    throw new Error("token must be a string");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const tokenParts = token.split(".");
+  if (tokenParts.length !== 3)
+    throw new Error("token must consist of 3 parts");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  const { payload } = decode(token);
+  if (!payload) {
+    if (options.throwError)
+      throw "PARSE_ERROR";
+    return false;
+  }
+  if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "NOT_YET_VALID";
+    return false;
+  }
+  if (payload.exp && payload.exp <= Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "EXPIRED";
+    return false;
+  }
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "spki";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["verify"]);
+  return await crypto.subtle.verify(
+    algorithm,
+    key,
+    base64UrlParse(tokenParts[2]),
+    _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`)
+  );
+}
+function decode(token) {
+  return {
+    header: _decodePayload(
+      token.split(".")[0].replace(/-/g, "+").replace(/_/g, "/")
+    ),
+    payload: _decodePayload(
+      token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")
+    )
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  decode,
+  encode,
+  verify
+});