qumra-pos-auth 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +113 -0
- package/dist/SignatureVerifier-ueydiL4D.d.cts +25 -0
- package/dist/SignatureVerifier-ueydiL4D.d.ts +25 -0
- package/dist/chunk-SRPTNNYT.js +127 -0
- package/dist/chunk-SRPTNNYT.js.map +1 -0
- package/dist/crypto.cjs +133 -0
- package/dist/crypto.cjs.map +1 -0
- package/dist/crypto.d.cts +46 -0
- package/dist/crypto.d.ts +46 -0
- package/dist/crypto.js +3 -0
- package/dist/crypto.js.map +1 -0
- package/dist/index.cjs +706 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +479 -0
- package/dist/index.d.ts +479 -0
- package/dist/index.js +566 -0
- package/dist/index.js.map +1 -0
- package/package.json +60 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/errors.ts","../src/time.ts","../src/token/TokenManager.ts","../src/pin/PinManager.ts","../src/activation/ActivationManager.ts","../src/policy.ts","../src/service/AuthService.ts","../src/createAuth.ts"],"names":[],"mappings":";;;AAUO,IAAM,gBAAA,GAAN,cAA+B,KAAA,CAAM;AAAA,EAC1C,WAAA,CAAY,SAAiB,KAAA,EAAiB;AAC5C,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,CAAA;AACxB,IAAA,IAAA,CAAK,IAAA,GAAO,kBAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,KAAA,CAAM;AAAA;AAAA,EAElC,IAAA;AAAA,EACT,WAAA,CAAY,OAAA,EAAiB,IAAA,EAAe,KAAA,EAAiB;AAC3D,IAAA,KAAA,CAAM,OAAA,EAAS,EAAE,KAAA,EAAO,CAAA;AACxB,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EACd;AACF;;;ACnBO,IAAM,WAAA,GAAqB,MAAM,IAAA,CAAK,GAAA;AAEtC,IAAM,MAAA,GAAS;AACf,IAAM,SAAS,EAAA,GAAK;AACpB,IAAM,OAAO,EAAA,GAAK;AAClB,IAAM,MAAM,EAAA,GAAK;;;ACyBjB,IAAM,eAAN,MAAmB;AAAA,EACP,KAAA;AAAA,EACA,GAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACA,eAAA;AAAA;AAAA,EAKT,QAAA,GAA2C,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO3C,MAAA,GAA4B,IAAA;AAAA,EAEpC,YAAY,IAAA,EAA2B;AACrC,IAAA,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AAClB,IAAA,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA;AAChB,IAAA,IAAA,CAAK,GAAA,GAAM,KAAK,GAAA,IAAO,WAAA;AACvB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,EAAA,GAAK,MAAA;AAClC,IAAA,IAAA,CAAK,kBAAkB,IAAA,CAAK,eAAA;AAAA,EAC9B;AAAA;AAAA,EAGA,MAAM,MAAM,KAAA,EAAwC;AAClD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,GAAA,CAAI,MAAM,KAAK,CAAA;AACvC,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AACjC,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAClC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,MAAM,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,GAAA,EAAK,CAAA;AACvC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,MAAA,GAAwB;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,EAAW;AAC3C,IAAA,IAAI,MAAA,IAAU,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ;AAC7B,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,IAAI,CAAA;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AAAA,EAChB;AAAA,EAEA,MAAM,SAAA,GAAwC;AAC5C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,EAAW;AAC3C,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,UAAA,GAA4B;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,EAAW;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,IAAA,OAAO,KAAK,aAAA,CAAc,IAAA,CAAK,MAAM,CAAA,GAAI,IAAA,CAAK,OAAO,WAAA,GAAc,IAAA;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAA,GAAwC;AAC5C,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,WAAA,EAAY;AACvC,IAAA,QAAQ,QAAQ,MAAA;AAAQ,MACtB,KAAK,OAAA;AAAA,MACL,KAAK,WAAA;AACH,QAAA,OAAO,QAAQ,MAAA,CAAO,WAAA;AAAA,MACxB;AACE,QAAA,OAAO,IAAA;AAAA;AACX,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAA,GAAuC;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,EAAW;AAC3C,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAI,CAAC,MAAA,EAAQ,OAAO,EAAE,QAAQ,YAAA,EAAa;AAC3C,IAAA,IAAI,IAAA,CAAK,cAAc,MAAM,CAAA,SAAU,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAO;AAEjE,IAAA,IAAI,CAAC,KAAK,cAAA,CAAe,MAAM,GAAG,OAAO,EAAE,QAAQ,SAAA,EAAU;AAC7D,IAAA,OAAO,KAAK,WAAA,EAAY;AAAA,EAC1B;AAAA,EAEA,cAAc,MAAA,EAA6B;AACzC,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,MAAA,CAAO,kBAAkB,IAAA,CAAK,MAAA;AAAA,EACpD;AAAA,EAEA,eAAe,MAAA,EAA6B;AAC1C,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,MAAA,CAAO,gBAAA;AAAA,EAC7B;AAAA;AAAA,EAGQ,WAAA,GAAuC;AAC7C,IAAA,IAAI,IAAA,CAAK,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAC/B,IAAA,IAAA,CAAK,QAAA,GAAW,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AAC7C,MAAA,IAAA,CAAK,QAAA,GAAW,IAAA;AAAA,IAClB,CAAC,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,QAAA;AAAA,EACd;AAAA,EAEA,MAAc,SAAA,GAAqC;AACjD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,EAAW;AAC5C,IAAA,IAAI,CAAC,OAAA,EAAS,OAAO,EAAE,QAAQ,YAAA,EAAa;AAE5C,IAAA,IAAI,IAAA,CAAK,cAAc,OAAO,CAAA,SAAU,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,OAAA,EAAQ;AAC3E,IAAA,IAAI;AACF,MAAA,MAAM,OAAO,MAAM,IAAA,CAAK,GAAA,CAAI,OAAA,CAAQ,QAAQ,YAAY,CAAA;AACxD,MAAA,MAAM,IAAA,GAAO,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAC/B,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,IAAI,CAAA;AAChC,MAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,MAAA,MAAM,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,GAAA,EAAK,CAAA;AACvC,MAAA,OAAO,EAAE,MAAA,EAAQ,WAAA,EAAa,MAAA,EAAQ,IAAA,EAAK;AAAA,IAC7C,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,eAAe,iBAAA,EAAmB;AAEpC,QAAA,MAAM,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,IAAI,CAAA;AAChC,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,QAAA,OAAO,EAAE,QAAQ,UAAA,EAAW;AAAA,MAC9B;AACA,MAAA,IAAI,eAAe,gBAAA,EAAkB;AAEnC,QAAA,OAAO,EAAE,QAAQ,SAAA,EAAU;AAAA,MAC7B;AAEA,MAAA,OAAO,EAAE,QAAQ,SAAA,EAAU;AAAA,IAC7B;AAAA,EACF;AAAA,EAEQ,SAAS,IAAA,EAAiC;AAChD,IAAA,MAAM,EAAA,GAAK,KAAK,GAAA,EAAI;AACpB,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,eAAA,EAAiB,EAAA,GAAK,IAAA,CAAK,YAAA,GAAe,MAAA;AAAA,MAC1C,gBAAA,EAAkB,EAAA,GAAK,IAAA,CAAK,mBAAA,GAAsB,MAAA;AAAA,MAClD,SAAA,EAAW,KAAK,SAAA,IAAa;AAAA,KAC/B;AAAA,EACF;AACF;;;AClKO,IAAM,aAAN,MAAiB;AAAA,EACL,SAAA;AAAA,EACA,MAAA;AAAA,EACA,GAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA,uBAAe,GAAA,EAA0B;AAAA,EAE1D,YAAY,IAAA,EAAyB;AACnC,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,GAAA,GAAM,KAAK,GAAA,IAAO,WAAA;AACvB,IAAA,IAAA,CAAK,WAAA,GAAc,KAAK,WAAA,IAAe,CAAA;AACvC,IAAA,IAAA,CAAK,SAAA,GAAY,KAAK,SAAA,IAAa,MAAA;AAAA,EACrC;AAAA;AAAA,EAGA,MAAM,YAAA,GAAyC;AAC7C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,EAAa;AAC/C,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO,EAAE,EAAA,EAAI,CAAA,CAAE,EAAA,EAAI,IAAA,EAAM,CAAA,CAAE,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,QAAO,CAAE,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,MAAA,CAAO,SAAA,EAAmB,GAAA,EAAiC;AAC/D,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA;AACzC,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,WAAA,GAAc,GAAA,EAAK;AACpC,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,MAAA,EAAQ,QAAA;AAAA,QACR,YAAA,EAAc,MAAM,WAAA,GAAc;AAAA,OACpC;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAChD,IAAA,IAAI,CAAC,OAAA,EAAS,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,QAAQ,iBAAA,EAAkB;AAC5D,IAAA,IAAI,CAAC,QAAQ,MAAA,EAAQ,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,QAAQ,UAAA,EAAW;AAE5D,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,OAAO,MAAA,CAAO,GAAA,EAAK,QAAQ,OAAO,CAAA;AAC3D,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,IAAA,CAAK,QAAA,CAAS,OAAO,SAAS,CAAA;AAC9B,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,IAAA;AAAA,QACJ,OAAA,EAAS,EAAE,SAAA,EAAW,OAAA,CAAQ,IAAI,IAAA,EAAM,OAAA,CAAQ,IAAA,EAAM,KAAA,EAAO,GAAA;AAAI,OACnE;AAAA,IACF;AAEA,IAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,SAAA,EAAW,GAAG,CAAA;AAAA,EAC5C;AAAA;AAAA,EAGA,MAAM,SAAA,EAAyB;AAC7B,IAAA,IAAA,CAAK,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,EAChC;AAAA,EAEQ,eAAA,CAAgB,WAAmB,GAAA,EAAwB;AACjE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA;AACxC,IAAA,MAAM,KAAA,GAAA,CAAS,IAAA,EAAM,KAAA,IAAS,CAAA,IAAK,CAAA;AACnC,IAAA,IAAI,KAAA,IAAS,KAAK,WAAA,EAAa;AAC7B,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,SAAA;AAC/B,MAAA,IAAA,CAAK,SAAS,GAAA,CAAI,SAAA,EAAW,EAAE,KAAA,EAAO,CAAA,EAAG,aAAa,CAAA;AACtD,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,QAAQ,QAAA,EAAU,YAAA,EAAc,KAAK,SAAA,EAAU;AAAA,IACrE;AACA,IAAA,IAAA,CAAK,SAAS,GAAA,CAAI,SAAA,EAAW,EAAE,KAAA,EAAO,WAAA,EAAa,GAAG,CAAA;AACtD,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,MAAA,EAAQ,SAAA;AAAA,MACR,YAAA,EAAc,KAAK,WAAA,GAAc;AAAA,KACnC;AAAA,EACF;AAAA,EAEA,MAAc,YAAY,EAAA,EAAgD;AACxE,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,EAAa;AAC/C,IAAA,OAAO,KAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AAAA,EACrC;AACF;;;AC7EO,IAAM,oBAAN,MAAwB;AAAA,EACZ,KAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA,GAAA;AAAA,EACA,QAAA;AAAA,EAEjB,YAAY,IAAA,EAAgC;AAC1C,IAAA,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AAClB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACtB,IAAA,IAAA,CAAK,GAAA,GAAM,KAAK,GAAA,IAAO,WAAA;AACvB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS,aAAA,EAAkD;AAC/D,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,aAAa,CAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,QAAQ,WAAA,EAAY;AAErD,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,MAAA;AAAA,MAChC,MAAA,CAAO,WAAA;AAAA,MACP,MAAA,CAAO,SAAA;AAAA,MACP,IAAA,CAAK;AAAA,KACP;AACA,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,QAAQ,eAAA,EAAgB;AAExD,IAAA,MAAM,SAAS,MAAA,CAAO,MAAA;AACtB,IAAA,IAAI,KAAK,QAAA,KAAa,MAAA,IAAa,MAAA,CAAO,QAAA,KAAa,KAAK,QAAA,EAAU;AACpE,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,cAAA,EAAe;AAAA,IAC7C;AAEA,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,CAAA;AAClC,IAAA,IAAI,GAAA,IAAO,MAAA,CAAO,SAAA,GAAY,OAAA,EAAS;AACrC,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,SAAA,EAAU;AAAA,IACxC;AAEA,IAAA,MAAM,MAAA,GAA2B;AAAA,MAC/B,MAAA;AAAA,MACA,GAAA,EAAK,aAAA;AAAA,MACL,UAAA,EAAY;AAAA,KACd;AACA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,MAAM,CAAA;AACtC,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,MAAM,aAAA,GAAkD;AACtD,IAAA,OAAO,IAAA,CAAK,MAAM,cAAA,EAAe;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,gBAAA,GAAqD;AACzD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe;AAC/C,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AACpB,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,MAAA,CAAO,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,KAAA,GAAuB;AAC3B,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,IAAI,CAAA;AAAA,EACtC;AAAA,EAEQ,MACN,GAAA,EAGO;AACP,IAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC3B,IAAA,IAAI,OAAO,CAAA,IAAK,GAAA,KAAQ,GAAA,CAAI,MAAA,GAAS,GAAG,OAAO,IAAA;AAC/C,IAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,KAAA,CAAM,GAAA,GAAM,CAAC,CAAA;AAChC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,MAAA,CAAO,MAAA,CAAO,UAAU,CAAC,CAAA;AAC/D,MAAA,MAAA,GAAS,IAAA,CAAK,MAAM,IAAI,CAAA;AACxB,MAAA,SAAA,GAAY,MAAA,CAAO,OAAO,MAAM,CAAA;AAAA,IAClC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI,CAAC,aAAA,CAAc,MAAM,CAAA,EAAG,OAAO,IAAA;AAEnC,IAAA,MAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,UAAU,CAAA;AACvD,IAAA,OAAO,EAAE,MAAA,EAAQ,WAAA,EAAa,SAAA,EAAU;AAAA,EAC1C;AACF;AAEA,SAAS,cAAc,CAAA,EAAmC;AACxD,EAAA,IAAI,OAAO,CAAA,KAAM,QAAA,IAAY,CAAA,KAAM,MAAM,OAAO,KAAA;AAChD,EAAA,MAAM,CAAA,GAAI,CAAA;AACV,EAAA,OACE,OAAO,CAAA,CAAE,UAAA,KAAe,QAAA,IACxB,OAAO,CAAA,CAAE,QAAA,KAAa,QAAA,IACtB,OAAO,CAAA,CAAE,QAAA,KAAa,QAAA,IACtB,OAAO,EAAE,SAAA,KAAc,QAAA;AAE3B;;;AC7HO,IAAM,qBAAA,GAAsC;AAAA,EACjD,cAAc,EAAA,GAAK,GAAA;AAAA,EACnB,SAAS,CAAA,GAAI;AACf;;;ACqBA,IAAM,UAAA,GAAuB;AAAA,EAC3B,mBAAA,EAAqB,IAAA;AAAA,EACrB,iBAAA,EAAmB;AACrB,CAAA;AAUO,IAAM,cAAN,MAAkB;AAAA,EACN,KAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACR,MAAA;AAAA,EACA,IAAA;AAAA,EACA,UAAA;AAAA,EAEQ,SAAA,uBAAgB,GAAA,EAAc;AAAA,EACvC,MAAA,GAAqB;AAAA,IAC3B,IAAA,EAAM,aAAA;AAAA,IACN,MAAA,EAAQ,QAAA;AAAA,IACR,UAAA,EAAY,KAAA;AAAA,IACZ,OAAA,EAAS,IAAA;AAAA,IACT,WAAA,EAAa,IAAA;AAAA,IACb,YAAA,EAAc,uBAAA;AAAA,IACd,mBAAA,EAAqB,IAAA;AAAA,IACrB,UAAA,EAAY;AAAA,GACd;AAAA,EAEA,YAAY,IAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AAClB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,YAAA;AACnB,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,UAAA;AACjB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,iBAAA;AACvB,IAAA,IAAA,CAAK,MAAA,GAAS,KAAK,MAAA,IAAU,qBAAA;AAC7B,IAAA,IAAA,CAAK,GAAA,GAAM,KAAK,GAAA,IAAO,WAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,IAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,OAAO,UAAA,EAAW;AAC7B,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,gBAAA,EAAiB;AACrD,IAAA,IAAI,KAAA,IAAS,CAAC,KAAA,CAAM,EAAA,KAAO,MAAM,MAAA,KAAW,eAAA,IAAmB,KAAA,CAAM,MAAA,KAAW,cAAA,CAAA,EAAiB;AAE/F,MAAA,MAAM,IAAA,CAAK,WAAW,KAAA,EAAM;AAAA,IAC9B;AACA,IAAA,OAAO,KAAK,UAAA,EAAW;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,OAAO,WAAA,EAAY;AAC9B,IAAA,OAAO,KAAK,UAAA,EAAW;AAAA,EACzB;AAAA,EAEA,SAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA;AAAA,EAGA,OAAA,GAAmB;AACjB,IAAA,OAAO,IAAA,CAAK,OAAO,MAAA,KAAW,QAAA;AAAA,EAChC;AAAA,EAEA,eAAe,EAAA,EAA0B;AACvC,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,EAAE,CAAA;AACrB,IAAA,EAAA,CAAG,KAAK,MAAM,CAAA;AACd,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,EAAE,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,KAAA,EAAwC;AACxD,IAAA,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA;AAC7B,IAAA,OAAO,KAAK,UAAA,EAAW;AAAA,EACzB;AAAA;AAAA,EAGA,MAAM,gBAAgB,aAAA,EAAkD;AACtE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,aAAa,CAAA;AAC3D,IAAA,MAAM,KAAK,UAAA,EAAW;AACtB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,MAAA,GAA8B;AAClC,IAAA,MAAM,IAAA,CAAK,OAAO,MAAA,EAAO;AACzB,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,IAAI,CAAA;AACjC,IAAA,OAAO,KAAK,UAAA,EAAW;AAAA,EACzB;AAAA;AAAA,EAGA,aAAA,GAAwC;AACtC,IAAA,OAAO,IAAA,CAAK,OAAO,aAAA,EAAc;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAA,GAAoC;AAClC,IAAA,OAAO,IAAA,CAAK,OAAO,cAAA,EAAe;AAAA,EACpC;AAAA;AAAA,EAGA,MAAM,oBAAoB,EAAA,EAA2B;AACnD,IAAA,MAAM,IAAA,GAAQ,MAAM,IAAA,CAAK,KAAA,CAAM,UAAS,IAAM,UAAA;AAC9C,IAAA,MAAM,IAAA,CAAK,MAAM,QAAA,CAAS;AAAA,MACxB,mBAAA,EAAqB,EAAA;AAAA,MACrB,iBAAA,EAAmB,KAAK,iBAAA,IAAqB;AAAA,KAC9C,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAA,GAAyC;AAC7C,IAAA,OAAO,IAAA,CAAK,KAAK,YAAA,EAAa;AAAA,EAChC;AAAA,EAEA,MAAM,YAAA,CAAa,SAAA,EAAmB,GAAA,EAAiC;AACrE,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,WAAW,GAAG,CAAA;AACpD,IAAA,IAAI,OAAO,EAAA,EAAI;AACb,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,MAAA,CAAO,OAAO,CAAA;AAC3C,MAAA,MAAM,KAAK,UAAA,EAAW;AAAA,IACxB;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,IAAI,CAAA;AACjC,IAAA,MAAM,KAAK,UAAA,EAAW;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,UAAA,GAAkC;AAC9C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,aAAA,EAAc;AACtC,IAAA,MAAM,OAAA,GAAU,KAAK,SAAA,CAAU,IAAI,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,MAAM,CAAA;AACnE,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,KAAA,MAAW,EAAA,IAAM,IAAA,CAAK,SAAA,EAAW,EAAA,CAAG,IAAI,CAAA;AAAA,IAC1C;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAc,aAAA,GAAqC;AACjD,IAAA,MAAM,CAAC,QAAQ,OAAA,EAAS,UAAA,EAAY,OAAO,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MAC/D,IAAA,CAAK,MAAM,UAAA,EAAW;AAAA,MACtB,IAAA,CAAK,MAAM,WAAA,EAAY;AAAA,MACvB,IAAA,CAAK,MAAM,cAAA,EAAe;AAAA,MAC1B,IAAA,CAAK,MAAM,QAAA;AAAS,KACrB,CAAA;AACD,IAAA,MAAM,OAAO,OAAA,IAAW,UAAA;AACxB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAErB,IAAA,MAAM,aAAa,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,aAAA,CAAc,MAAM,CAAA,GAAI,KAAA;AAChE,IAAA,MAAM,IAAA,GAAO,UAAA,CAAW,UAAA,EAAY,IAAA,EAAM,UAAU,CAAA;AACpD,IAAA,MAAM,SAAS,aAAA,CAAc,IAAA,EAAM,KAAK,IAAA,EAAM,UAAA,EAAY,KAAK,MAAM,CAAA;AAErE,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,QAAQ,MAAA,CAAO,KAAA;AAAA,MACf,UAAA;AAAA,MACA,OAAA,EAAS,OAAA;AAAA,MACT,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,qBAAqB,IAAA,CAAK,mBAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,IAAM,uBAAA,GACJ,4SAAA;AACF,IAAM,4BAAA,GACJ,oUAAA;AACF,IAAM,8BAAA,GAAiC,+IAAA;AAEvC,SAAS,UAAA,CACP,UAAA,EACA,IAAA,EACA,UAAA,EACe;AACf,EAAA,IAAI,YAAY,OAAO,QAAA;AACvB,EAAA,IAAI,IAAA,CAAK,iBAAA,IAAqB,IAAA,EAAM,OAAO,kBAAA;AAC3C,EAAA,IAAI,UAAA,IAAc,MAAM,OAAO,mBAAA;AAC/B,EAAA,OAAO,aAAA;AACT;AAaA,SAAS,aAAA,CACP,IAAA,EACA,GAAA,EACA,IAAA,EACA,YACA,MAAA,EACmB;AACnB,EAAA,IAAI,SAAS,QAAA,EAAU;AACrB,IAAA,OAAO,EAAE,KAAA,EAAO,QAAA,EAAU,WAAA,EAAa,IAAA,EAAM,cAAc,IAAA,EAAK;AAAA,EAClE;AACA,EAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,IAAA,OAAO,EAAE,KAAA,EAAO,QAAA,EAAU,WAAA,EAAa,IAAA,EAAM,cAAc,uBAAA,EAAwB;AAAA,EACrF;AAEA,EAAA,IAAI,YAAA;AACJ,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,aAAA;AAEJ,EAAA,IAAI,IAAA,KAAS,uBAAuB,UAAA,EAAY;AAC9C,IAAA,YAAA,GAAe,WAAW,MAAA,CAAO,SAAA;AACjC,IAAA,OAAA,GAAU,UAAA,CAAW,MAAA,CAAO,OAAA,IAAW,MAAA,CAAO,OAAA;AAC9C,IAAA,aAAA,GAAgB,8BAAA;AAAA,EAClB,CAAA,MAAO;AAEL,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,mBAAA,IAAuB,IAAA,CAAK,iBAAA,IAAqB,GAAA;AACrE,IAAA,YAAA,GAAe,SAAS,MAAA,CAAO,YAAA;AAC/B,IAAA,OAAA,GAAU,MAAA,CAAO,OAAA;AACjB,IAAA,aAAA,GAAgB,4BAAA;AAAA,EAClB;AAEA,EAAA,IAAI,MAAM,YAAA,EAAc;AACtB,IAAA,OAAO,EAAE,KAAA,EAAO,QAAA,EAAU,WAAA,EAAa,IAAA,EAAM,cAAc,IAAA,EAAK;AAAA,EAClE;AACA,EAAA,MAAM,SAAS,YAAA,GAAe,OAAA;AAC9B,EAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,IAAA,OAAO,EAAE,KAAA,EAAO,OAAA,EAAS,WAAA,EAAa,MAAA,EAAQ,cAAc,IAAA,EAAK;AAAA,EACnE;AACA,EAAA,OAAO,EAAE,KAAA,EAAO,QAAA,EAAU,WAAA,EAAa,IAAA,EAAM,cAAc,aAAA,EAAc;AAC3E;;;ACvOO,SAAS,WAAW,IAAA,EAA+B;AACxD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,IAAO,WAAA;AACxB,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,IAAI,cAAA,EAAe;AACjD,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,QAAA,IAAY,IAAI,sBAAA,EAAuB;AAG7D,EAAA,IAAI,OAAA;AACJ,EAAA,MAAM,MAAA,GAAS,IAAI,YAAA,CAAa;AAAA,IAC9B,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,KAAK,IAAA,CAAK,GAAA;AAAA,IACV,GAAA;AAAA,IACA,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,eAAA,EAAiB,CAAC,EAAA,KAAO,OAAA,CAAQ,oBAAoB,EAAE;AAAA,GACxD,CAAA;AAED,EAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW;AAAA,IAC1B,WAAW,IAAA,CAAK,SAAA;AAAA,IAChB,MAAA;AAAA,IACA,GAAA;AAAA,IACA,aAAa,IAAA,CAAK,cAAA;AAAA,IAClB,WAAW,IAAA,CAAK;AAAA,GACjB,CAAA;AAED,EAAA,MAAM,UAAA,GAAa,IAAI,iBAAA,CAAkB;AAAA,IACvC,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,QAAA;AAAA,IACA,WAAW,IAAA,CAAK,mBAAA;AAAA,IAChB,GAAA;AAAA,IACA,UAAU,IAAA,CAAK;AAAA,GAChB,CAAA;AAED,EAAA,OAAA,GAAU,IAAI,WAAA,CAAY;AAAA,IACxB,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,YAAA,EAAc,MAAA;AAAA,IACd,UAAA,EAAY,IAAA;AAAA,IACZ,iBAAA,EAAmB,UAAA;AAAA,IACnB,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb;AAAA,GACD,CAAA;AAED,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,MAAA;AAAA,IACA,IAAA;AAAA,IACA,UAAA;AAAA,IACA,aAAA,EAAe,MAAM,OAAA,CAAQ,aAAA,EAAc;AAAA,IAC3C,kBAAA,EAAoB,MAAM,OAAA,CAAQ,kBAAA;AAAmB,GACvD;AACF","file":"index.js","sourcesContent":["/**\n * فرق جوهري بين نوعي الفشل — بيحدد سلوك الـ auth بالكامل:\n *\n * - AuthNetworkError: النت/السيرفر مش متاح (offline أو 5xx). قابل لإعادة المحاولة،\n * ومابيمسحش أي توكن. النتيجة: sync يقف مؤقتاً (pause) والجلسة تفضل شغّالة أوفلاين.\n *\n * - AuthRejectedError: السيرفر رفض صراحةً (401/400 invalid_grant، refresh متبطّل،\n * كلمة سر غلط). دائم — إعادة المحاولة مش هتفيد. النتيجة: التوكنات تتمسح والجلسة\n * تتحوّل للوضع الأوفلاين/المقفول. البيانات التجارية لا تُمسح أبداً.\n */\nexport class AuthNetworkError extends Error {\n constructor(message: string, cause?: unknown) {\n super(message, { cause });\n this.name = \"AuthNetworkError\";\n }\n}\n\nexport class AuthRejectedError extends Error {\n /** كود السيرفر لو متاح (invalid_grant, invalid_credentials …). */\n readonly code: string | undefined;\n constructor(message: string, code?: string, cause?: unknown) {\n super(message, { cause });\n this.name = \"AuthRejectedError\";\n this.code = code;\n }\n}\n","/**\n * كل حسابات الوقت في الـ auth بالمللي ثانية منذ epoch (نفس شكل Date.now).\n * دالة now محقونة علشان الاختبارات تتحكم في الزمن (زي SyncEngine).\n */\nexport type Clock = () => number;\n\nexport const systemClock: Clock = () => Date.now();\n\nexport const SECOND = 1000;\nexport const MINUTE = 60 * SECOND;\nexport const HOUR = 60 * MINUTE;\nexport const DAY = 24 * HOUR;\n","import type { AuthApi } from \"../ports/AuthApi\";\nimport type { AuthVault } from \"../ports/AuthVault\";\nimport { AuthNetworkError, AuthRejectedError } from \"../errors\";\nimport type { Clock } from \"../time\";\nimport { systemClock, SECOND } from \"../time\";\nimport type { AuthTokens, LoginInput, TokenResponse } from \"../types\";\n\n/**\n * نتيجة محاولة ضمان توكن صالح. غنية علشان AuthService يقدر يفرّق بين \"النت مقطوع\"\n * (pause، الجلسة تكمل) و \"السيرفر رفض\" (التوكنات اتمسحت، ندخل مسار grace/lock).\n */\nexport type RefreshOutcome =\n | { status: \"valid\"; tokens: AuthTokens } // access لسه صالح، مفيش داعي لـ refresh\n | { status: \"refreshed\"; tokens: AuthTokens } // عملنا refresh بنجاح\n | { status: \"network\" } // offline/5xx — التوكنات محفوظة، sync يقف\n | { status: \"rejected\" } // refresh متبطّل — التوكنات اتمسحت\n | { status: \"signed-out\" }; // مفيش توكنات أصلاً\n\nexport interface TokenManagerOptions {\n vault: AuthVault;\n api: AuthApi;\n now?: Clock;\n /**\n * هامش أمان: نعتبر التوكن \"منتهي\" قبل انتهائه الحقيقي بـ skew — علشان ماننفّذش\n * نداء بتوكن هيقع أثناء الرحلة. افتراضي 30 ثانية.\n */\n skewMs?: number;\n /** يتنادى بعد كل اتصال ناجح بالسيرفر (login/refresh) — AuthService بيحدّث الـ meta. */\n onServerContact?: (at: number) => void | Promise<void>;\n}\n\n/**\n * TokenVault + OAuth. بيملك دورة حياة التوكنات: login، refresh دوّار single-flight،\n * وينتج التوكن الصالح للـ SyncEngine. القاعدة الذهبية: getValidToken مابيرميش أبداً —\n * null معناها \"اعمل pause\"، مش استثناء.\n */\nexport class TokenManager {\n private readonly vault: AuthVault;\n private readonly api: AuthApi;\n private readonly now: Clock;\n private readonly skewMs: number;\n private readonly onServerContact:\n | ((at: number) => void | Promise<void>)\n | undefined;\n\n /** single-flight: كل النداءات المتزامنة بتشارك نفس عملية الـ refresh. */\n private inflight: Promise<RefreshOutcome> | null = null;\n\n /**\n * نسخة في الذاكرة من آخر توكنات معروفة. الغرض الوحيد: peekValidToken المتزامن\n * — لأن SyncEngine.getAuthToken متزامن بينما الـ vault async. بتتحدّث مع كل\n * تحميل/حفظ للتوكنات، ودورة الـ refresh الخلفية بتحافظ عليها دافية.\n */\n private cached: AuthTokens | null = null;\n\n constructor(opts: TokenManagerOptions) {\n this.vault = opts.vault;\n this.api = opts.api;\n this.now = opts.now ?? systemClock;\n this.skewMs = opts.skewMs ?? 30 * SECOND;\n this.onServerContact = opts.onServerContact;\n }\n\n /** تسجيل دخول أونلاين. بيرمي AuthRejectedError/AuthNetworkError زي الـ api. */\n async login(input: LoginInput): Promise<AuthTokens> {\n const resp = await this.api.login(input);\n const tokens = this.toTokens(resp);\n await this.vault.saveTokens(tokens);\n this.cached = tokens;\n await this.onServerContact?.(this.now());\n return tokens;\n }\n\n /** خروج: إبطال best-effort على السيرفر ثم مسح التوكنات المحلية. */\n async logout(): Promise<void> {\n const tokens = await this.vault.loadTokens();\n if (tokens && this.api.revoke) {\n try {\n await this.api.revoke(tokens.refreshToken);\n } catch {\n // الإبطال best-effort — لو النت مقطوع نمسح محلياً برضه.\n }\n }\n await this.vault.saveTokens(null);\n this.cached = null;\n }\n\n async getTokens(): Promise<AuthTokens | null> {\n const tokens = await this.vault.loadTokens();\n this.cached = tokens;\n return tokens;\n }\n\n /** يملأ الكاش من الـ vault مرة (عند الإقلاع) — علشان peek يشتغل قبل أي نداء. */\n async primeCache(): Promise<void> {\n this.cached = await this.vault.loadTokens();\n }\n\n /**\n * توكن access صالح متزامن من الكاش — من غير أي I/O أو refresh. ده اللي بيتوصّل\n * لـ SyncEngine.getAuthToken. بيرجّع null لو مفيش كاش أو الكاش منتهي؛ دورة الـ\n * refresh الخلفية (getValidToken) هي اللي بتجدّد الكاش.\n */\n peekValidToken(): string | null {\n if (!this.cached) return null;\n return this.isAccessValid(this.cached) ? this.cached.accessToken : null;\n }\n\n /**\n * التوكن الصالح للـ SyncEngine. مابيرميش: أي فشل → null (= pause).\n */\n async getValidToken(): Promise<string | null> {\n const outcome = await this.ensureFresh();\n switch (outcome.status) {\n case \"valid\":\n case \"refreshed\":\n return outcome.tokens.accessToken;\n default:\n return null;\n }\n }\n\n /**\n * يضمن توكن access صالح: يرجّعه لو صالح، أو يعمل refresh دوّار single-flight.\n * مابيرميش — بيرجّع RefreshOutcome. AuthService بيستخدمه لتحديث حالة الوصول.\n */\n async ensureFresh(): Promise<RefreshOutcome> {\n const tokens = await this.vault.loadTokens();\n this.cached = tokens;\n if (!tokens) return { status: \"signed-out\" };\n if (this.isAccessValid(tokens)) return { status: \"valid\", tokens };\n // الـ access انتهى. من غير refresh صالح مانقدرش نجدّد أوفلاين → pause.\n if (!this.isRefreshValid(tokens)) return { status: \"network\" };\n return this.refreshOnce();\n }\n\n isAccessValid(tokens: AuthTokens): boolean {\n return this.now() < tokens.accessExpiresAt - this.skewMs;\n }\n\n isRefreshValid(tokens: AuthTokens): boolean {\n return this.now() < tokens.refreshExpiresAt;\n }\n\n /** refresh single-flight: نداء واحد بس بيطير حتى لو اتنادى من كذا مكان. */\n private refreshOnce(): Promise<RefreshOutcome> {\n if (this.inflight) return this.inflight;\n this.inflight = this.doRefresh().finally(() => {\n this.inflight = null;\n });\n return this.inflight;\n }\n\n private async doRefresh(): Promise<RefreshOutcome> {\n const current = await this.vault.loadTokens();\n if (!current) return { status: \"signed-out\" };\n // ممكن نداء تاني كان سبقنا وجدّد بالفعل وإحنا بنستنى — اتأكد.\n if (this.isAccessValid(current)) return { status: \"valid\", tokens: current };\n try {\n const resp = await this.api.refresh(current.refreshToken);\n const next = this.toTokens(resp);\n await this.vault.saveTokens(next); // refresh دوّار: بنخزّن الـ refresh الجديد\n this.cached = next;\n await this.onServerContact?.(this.now());\n return { status: \"refreshed\", tokens: next };\n } catch (err) {\n if (err instanceof AuthRejectedError) {\n // الـ refresh اتبطّل/اتسحب → امسح التوكنات (مش البيانات). ندخل offline/lock.\n await this.vault.saveTokens(null);\n this.cached = null;\n return { status: \"rejected\" };\n }\n if (err instanceof AuthNetworkError) {\n // النت مقطوع → احتفظ بالتوكنات، جرّب تاني الدورة الجاية.\n return { status: \"network\" };\n }\n // خطأ غير متوقع — عامله معاملة الشبكة (محافِظ، مايمسحش).\n return { status: \"network\" };\n }\n }\n\n private toTokens(resp: TokenResponse): AuthTokens {\n const at = this.now();\n return {\n accessToken: resp.accessToken,\n refreshToken: resp.refreshToken,\n accessExpiresAt: at + resp.expiresInSec * SECOND,\n refreshExpiresAt: at + resp.refreshExpiresInSec * SECOND,\n tokenType: resp.tokenType ?? \"Bearer\",\n };\n }\n}\n","import type { CashierDirectory } from \"../ports/CashierDirectory\";\nimport type { PinHasher } from \"../ports/PinHasher\";\nimport type { Clock } from \"../time\";\nimport { systemClock, MINUTE } from \"../time\";\nimport type { CashierRecord, PinResult, PublicCashier } from \"../types\";\n\nexport interface PinManagerOptions {\n directory: CashierDirectory;\n hasher: PinHasher;\n now?: Clock;\n /** عدد المحاولات الخاطئة قبل القفل المؤقت. افتراضي 5. */\n maxAttempts?: number;\n /** مدة القفل بعد استنفاد المحاولات. افتراضي دقيقة. */\n lockoutMs?: number;\n}\n\ninterface AttemptState {\n count: number;\n lockedUntil: number;\n}\n\n/**\n * دخول الكاشير اليومي بالـ PIN المحلي. بيتحقق بـ argon2id ضد الـ hash المتزامن —\n * نفس الكود أونلاين وأوفلاين، مفيش نداء سيرفر. فيه قفل مؤقت لكل كاشير بعد محاولات\n * فاشلة متتالية (حماية من التخمين).\n *\n * ملاحظة: PinManager بيتحقق بس — إدارة الكاشيرية (إضافة/تعديل PIN) من داشبورد\n * التاجر، وبتوصل الجهاز عن طريق مزامنة جدول cashiers.\n */\nexport class PinManager {\n private readonly directory: CashierDirectory;\n private readonly hasher: PinHasher;\n private readonly now: Clock;\n private readonly maxAttempts: number;\n private readonly lockoutMs: number;\n private readonly attempts = new Map<string, AttemptState>();\n\n constructor(opts: PinManagerOptions) {\n this.directory = opts.directory;\n this.hasher = opts.hasher;\n this.now = opts.now ?? systemClock;\n this.maxAttempts = opts.maxAttempts ?? 5;\n this.lockoutMs = opts.lockoutMs ?? MINUTE;\n }\n\n /** قائمة الكاشيرية للعرض (من غير الـ hashes). */\n async listCashiers(): Promise<PublicCashier[]> {\n const rows = await this.directory.listCashiers();\n return rows.map((c) => ({ id: c.id, name: c.name, active: c.active }));\n }\n\n /**\n * يتحقق من PIN كاشير معيّن. النجاح بيصفّر عدّاد محاولاته؛ الفشل بيزوّده ويقفل\n * مؤقتاً عند الوصول للحد.\n */\n async verify(cashierId: string, pin: string): Promise<PinResult> {\n const now = this.now();\n const state = this.attempts.get(cashierId);\n if (state && state.lockedUntil > now) {\n return {\n ok: false,\n reason: \"locked\",\n retryAfterMs: state.lockedUntil - now,\n };\n }\n\n const cashier = await this.findCashier(cashierId);\n if (!cashier) return { ok: false, reason: \"unknown-cashier\" };\n if (!cashier.active) return { ok: false, reason: \"inactive\" };\n\n const valid = await this.hasher.verify(pin, cashier.pinHash);\n if (valid) {\n this.attempts.delete(cashierId);\n return {\n ok: true,\n cashier: { cashierId: cashier.id, name: cashier.name, since: now },\n };\n }\n\n return this.registerFailure(cashierId, now);\n }\n\n /** يفكّ القفل يدوياً (مثلاً المدير سمح). */\n reset(cashierId: string): void {\n this.attempts.delete(cashierId);\n }\n\n private registerFailure(cashierId: string, now: number): PinResult {\n const prev = this.attempts.get(cashierId);\n const count = (prev?.count ?? 0) + 1;\n if (count >= this.maxAttempts) {\n const lockedUntil = now + this.lockoutMs;\n this.attempts.set(cashierId, { count: 0, lockedUntil });\n return { ok: false, reason: \"locked\", retryAfterMs: this.lockoutMs };\n }\n this.attempts.set(cashierId, { count, lockedUntil: 0 });\n return {\n ok: false,\n reason: \"bad-pin\",\n attemptsLeft: this.maxAttempts - count,\n };\n }\n\n private async findCashier(id: string): Promise<CashierRecord | undefined> {\n const rows = await this.directory.listCashiers();\n return rows.find((c) => c.id === id);\n }\n}\n","import type { AuthVault } from \"../ports/AuthVault\";\nimport type { SignatureVerifier } from \"../ports/SignatureVerifier\";\nimport { b64url } from \"../crypto/base64\";\nimport type { Clock } from \"../time\";\nimport { systemClock } from \"../time\";\nimport type {\n ActivationClaims,\n ActivationResult,\n StoredActivation,\n} from \"../types\";\n\n/**\n * التفعيل الأوفلاين: مفتاح موقّع بـ Ed25519 يصدره سيرفر قمرة، يتحقق منه الجهاز\n * محلياً بالمفتاح العام المثبّت — بدون أي اتصال بالسيرفر. ده اللي بيسمح بوضع\n * offline-activated لجهاز اتفعّل من غير ما يشوف النت.\n *\n * صيغة المفتاح (زي JWT بس Ed25519): <payloadB64url>.<signatureB64url>\n * التوقيع على بايتات مقطع الـ payload نفسه (نص b64url).\n */\nexport interface ActivationManagerOptions {\n vault: AuthVault;\n verifier: SignatureVerifier;\n /** المفتاح العام لقمرة (32 بايت Ed25519) — مثبّت في التطبيق. */\n publicKey: Uint8Array;\n now?: Clock;\n \n /** لو محدَّد، لازم claims.deviceId يطابقه (منع نقل المفتاح لجهاز تاني). */\n deviceId?: string;\n}\n\nexport class ActivationManager {\n private readonly vault: AuthVault;\n private readonly verifier: SignatureVerifier;\n private readonly publicKey: Uint8Array;\n private readonly now: Clock;\n private readonly deviceId: string | undefined;\n\n constructor(opts: ActivationManagerOptions) {\n this.vault = opts.vault;\n this.verifier = opts.verifier;\n this.publicKey = opts.publicKey;\n this.now = opts.now ?? systemClock;\n this.deviceId = opts.deviceId;\n }\n\n /**\n * يتحقق من مفتاح تفعيل ويخزّنه لو صالح. الترتيب: صيغة → توقيع → الجهاز → الانتهاء.\n * التوقيع بيتفحص قبل أي حاجة تانية علشان مانثقش في أي claim قبل التأكد إنه من قمرة.\n */\n async activate(activationKey: string): Promise<ActivationResult> {\n const parsed = this.parse(activationKey);\n if (!parsed) return { ok: false, reason: \"malformed\" };\n\n const okSig = await this.verifier.verify(\n parsed.signedBytes,\n parsed.signature,\n this.publicKey,\n );\n if (!okSig) return { ok: false, reason: \"bad-signature\" };\n\n const claims = parsed.claims;\n if (this.deviceId !== undefined && claims.deviceId !== this.deviceId) {\n return { ok: false, reason: \"wrong-device\" };\n }\n\n const now = this.now();\n const graceMs = claims.graceMs ?? 0;\n if (now >= claims.expiresAt + graceMs) {\n return { ok: false, reason: \"expired\" };\n }\n\n const stored: StoredActivation = {\n claims,\n key: activationKey,\n verifiedAt: now,\n };\n await this.vault.saveActivation(stored);\n return { ok: true, claims };\n }\n\n async getActivation(): Promise<StoredActivation | null> {\n return this.vault.loadActivation();\n }\n\n /**\n * يعيد التحقق من المفتاح المخزّن (توقيع + جهاز) ويحدّث verifiedAt. بيُستدعى عند\n * الإقلاع علشان نتأكد إن المفتاح المخزّن لسه سليم ومش متلاعب فيه.\n */\n async revalidateStored(): Promise<ActivationResult | null> {\n const stored = await this.vault.loadActivation();\n if (!stored) return null;\n return this.activate(stored.key);\n }\n\n async clear(): Promise<void> {\n await this.vault.saveActivation(null);\n }\n\n private parse(\n key: string,\n ):\n | { claims: ActivationClaims; signedBytes: Uint8Array; signature: Uint8Array }\n | null {\n const dot = key.indexOf(\".\");\n if (dot <= 0 || dot === key.length - 1) return null;\n const payloadB64 = key.slice(0, dot);\n const sigB64 = key.slice(dot + 1);\n let claims: ActivationClaims;\n let signature: Uint8Array;\n try {\n const json = new TextDecoder().decode(b64url.decode(payloadB64));\n claims = JSON.parse(json) as ActivationClaims;\n signature = b64url.decode(sigB64);\n } catch {\n return null;\n }\n if (!isValidClaims(claims)) return null;\n // التوقيع على بايتات مقطع الـ payload (نص b64url) — زي ما وقّعه السيرفر.\n const signedBytes = new TextEncoder().encode(payloadB64);\n return { claims, signedBytes, signature };\n }\n}\n\nfunction isValidClaims(c: unknown): c is ActivationClaims {\n if (typeof c !== \"object\" || c === null) return false;\n const o = c as Record<string, unknown>;\n return (\n typeof o.merchantId === \"string\" &&\n typeof o.deviceId === \"string\" &&\n typeof o.issuedAt === \"number\" &&\n typeof o.expiresAt === \"number\"\n );\n}\n","import type { AccessPolicy } from \"./types\";\nimport { DAY } from \"./time\";\n\n/**\n * الافتراضي: 30 يوم أوفلاين مسموحة (يطابق عمر الـ refresh)، بعدها 3 أيام grace\n * (تحذير للمدير) ثم قفل البيع الجديد. البيانات لا تُمسح أبداً في أي مرحلة.\n */\nexport const DEFAULT_ACCESS_POLICY: AccessPolicy = {\n maxOfflineMs: 30 * DAY,\n graceMs: 3 * DAY,\n};\n","import type { AuthVault } from \"../ports/AuthVault\";\nimport type { TokenManager } from \"../token/TokenManager\";\nimport type { PinManager } from \"../pin/PinManager\";\nimport type { ActivationManager } from \"../activation/ActivationManager\";\nimport type { Clock } from \"../time\";\nimport { systemClock } from \"../time\";\nimport { DEFAULT_ACCESS_POLICY } from \"../policy\";\nimport type {\n AccessPolicy,\n AccessState,\n ActivationResult,\n AuthMeta,\n AuthStatus,\n LoginInput,\n OperatingMode,\n PinResult,\n PublicCashier,\n StoredActivation,\n} from \"../types\";\n\nexport interface AuthServiceOptions {\n vault: AuthVault;\n tokenManager: TokenManager;\n pinManager: PinManager;\n activationManager: ActivationManager;\n policy?: AccessPolicy;\n now?: Clock;\n}\n\ntype Listener = (status: AuthStatus) => void;\n\nconst EMPTY_META: AuthMeta = {\n lastServerContactAt: null,\n activatedOnlineAt: null,\n};\n\n/**\n * الواجهة الموحّدة للـ auth. بتجمع الثلاث مدراء وبتدير آلة الحالة\n * (active → grace → locked) والأوضاع الثلاثة. بتعرض callback واحد getValidToken\n * للـ SyncEngine، وبثّ حالة onStatusChange للـ UI.\n *\n * مبدأ ثابت: مفيش أي مسار هنا بيمسح بيانات تجارية — أسوأ حالة إن البيع الجديد\n * يتقفل. مسح التوكنات (عند رفض السيرفر) مش مسح للـ outbox أو التاريخ.\n */\nexport class AuthService {\n private readonly vault: AuthVault;\n private readonly now: Clock;\n private readonly policy: AccessPolicy;\n readonly tokens: TokenManager;\n readonly pins: PinManager;\n readonly activation: ActivationManager;\n\n private readonly listeners = new Set<Listener>();\n private status: AuthStatus = {\n mode: \"unactivated\",\n access: \"locked\",\n tokenValid: false,\n cashier: null,\n graceEndsAt: null,\n lockedReason: LOCK_REASON_UNACTIVATED,\n lastServerContactAt: null,\n activation: null,\n };\n\n constructor(opts: AuthServiceOptions) {\n this.vault = opts.vault;\n this.tokens = opts.tokenManager;\n this.pins = opts.pinManager;\n this.activation = opts.activationManager;\n this.policy = opts.policy ?? DEFAULT_ACCESS_POLICY;\n this.now = opts.now ?? systemClock;\n }\n\n // -------------------------------------------------------------------------\n // إقلاع + إعادة تقييم\n // -------------------------------------------------------------------------\n\n /** الإقلاع: يملأ كاش التوكن، يعيد التحقق من مفتاح التفعيل المخزّن، ثم يحسب الحالة. */\n async init(): Promise<AuthStatus> {\n await this.tokens.primeCache();\n const check = await this.activation.revalidateStored();\n if (check && !check.ok && (check.reason === \"bad-signature\" || check.reason === \"wrong-device\")) {\n // مفتاح متلاعب فيه أو منقول لجهاز تاني → ماينفعش نثق فيه.\n await this.activation.clear();\n }\n return this.reevaluate();\n }\n\n /**\n * يحاول تحديث التوكن (لو النت رجع) ثم يعيد حساب الحالة. التطبيق بينادي ده دورياً\n * وبعد أي reconnect. مابيرميش.\n */\n async refresh(): Promise<AuthStatus> {\n await this.tokens.ensureFresh();\n return this.reevaluate();\n }\n\n getStatus(): AuthStatus {\n return this.status;\n }\n\n /** هل مسموح ببيع جديد دلوقتي؟ (locked = لأ). */\n canSell(): boolean {\n return this.status.access !== \"locked\";\n }\n\n onStatusChange(cb: Listener): () => void {\n this.listeners.add(cb);\n cb(this.status);\n return () => this.listeners.delete(cb);\n }\n\n // -------------------------------------------------------------------------\n // الجهاز/التاجر\n // -------------------------------------------------------------------------\n\n /** تسجيل دخول أونلاين. بيرمي زي الـ api (rejected/network). */\n async onlineLogin(input: LoginInput): Promise<AuthStatus> {\n await this.tokens.login(input); // بيحدّث الـ meta عبر onServerContact\n return this.reevaluate();\n }\n\n /** إدخال مفتاح تفعيل أوفلاين. */\n async activateOffline(activationKey: string): Promise<ActivationResult> {\n const result = await this.activation.activate(activationKey);\n await this.reevaluate();\n return result;\n }\n\n /** خروج التاجر: يمسح التوكنات وجلسة الكاشير (مش البيانات، مش التفعيل). */\n async logout(): Promise<AuthStatus> {\n await this.tokens.logout();\n await this.vault.saveSession(null);\n return this.reevaluate();\n }\n\n /** callback الوحيد للـ SyncEngine (async). null = pause. */\n getValidToken(): Promise<string | null> {\n return this.tokens.getValidToken();\n }\n\n /**\n * نسخة متزامنة للـ SyncEngine (getAuthToken بتاعه متزامن). بترجّع آخر توكن صالح\n * من الكاش من غير I/O؛ refresh()/getValidToken الدورية هي اللي بتدفّي الكاش.\n */\n getAccessTokenSync(): string | null {\n return this.tokens.peekValidToken();\n }\n\n /** يُمرَّر للـ TokenManager: يسجّل آخر اتصال ناجح بالسيرفر ويعلّم التفعيل الأونلاين. */\n async recordServerContact(at: number): Promise<void> {\n const meta = (await this.vault.loadMeta()) ?? EMPTY_META;\n await this.vault.saveMeta({\n lastServerContactAt: at,\n activatedOnlineAt: meta.activatedOnlineAt ?? at,\n });\n }\n\n // -------------------------------------------------------------------------\n // الكاشير (PIN)\n // -------------------------------------------------------------------------\n\n async listCashiers(): Promise<PublicCashier[]> {\n return this.pins.listCashiers();\n }\n\n async cashierLogin(cashierId: string, pin: string): Promise<PinResult> {\n const result = await this.pins.verify(cashierId, pin);\n if (result.ok) {\n await this.vault.saveSession(result.cashier);\n await this.reevaluate();\n }\n return result;\n }\n\n async cashierLogout(): Promise<void> {\n await this.vault.saveSession(null);\n await this.reevaluate();\n }\n\n // -------------------------------------------------------------------------\n // حساب الحالة\n // -------------------------------------------------------------------------\n\n private async reevaluate(): Promise<AuthStatus> {\n const next = await this.computeStatus();\n const changed = JSON.stringify(next) !== JSON.stringify(this.status);\n this.status = next;\n if (changed) {\n for (const cb of this.listeners) cb(next);\n }\n return next;\n }\n\n private async computeStatus(): Promise<AuthStatus> {\n const [tokens, session, activation, metaRaw] = await Promise.all([\n this.vault.loadTokens(),\n this.vault.loadSession(),\n this.vault.loadActivation(),\n this.vault.loadMeta(),\n ]);\n const meta = metaRaw ?? EMPTY_META;\n const now = this.now();\n\n const tokenValid = tokens ? this.tokens.isAccessValid(tokens) : false;\n const mode = deriveMode(tokenValid, meta, activation);\n const access = computeAccess(mode, now, meta, activation, this.policy);\n\n return {\n mode,\n access: access.state,\n tokenValid,\n cashier: session,\n graceEndsAt: access.graceEndsAt,\n lockedReason: access.lockedReason,\n lastServerContactAt: meta.lastServerContactAt,\n activation,\n };\n }\n}\n\nconst LOCK_REASON_UNACTIVATED =\n \"الجهاز غير مفعّل — سجّل الدخول أونلاين أو أدخل مفتاح تفعيل\";\nconst LOCK_REASON_OFFLINE_TOO_LONG =\n \"الجهاز أوفلاين من مدة طويلة — لازم يتصل بالسيرفر لتجديد الجلسة\";\nconst LOCK_REASON_ACTIVATION_EXPIRED = \"انتهت صلاحية مفتاح التفعيل\";\n\nfunction deriveMode(\n tokenValid: boolean,\n meta: AuthMeta,\n activation: StoredActivation | null,\n): OperatingMode {\n if (tokenValid) return \"online\";\n if (meta.activatedOnlineAt != null) return \"offline-degraded\";\n if (activation != null) return \"offline-activated\";\n return \"unactivated\";\n}\n\ninterface AccessComputation {\n state: AccessState;\n graceEndsAt: number | null;\n lockedReason: string | null;\n}\n\n/**\n * آلة الحالة active → grace → locked. الفكرة: للأوضاع الأوفلاين فيه \"نهاية سماح\"\n * (allowanceEnd) — لحد قبلها active، وبعدها بفترة grace، وبعد الـ grace locked.\n * الوضع online دايماً active (لسه بنكلّم السيرفر)، وunactivated دايماً locked.\n */\nfunction computeAccess(\n mode: OperatingMode,\n now: number,\n meta: AuthMeta,\n activation: StoredActivation | null,\n policy: AccessPolicy,\n): AccessComputation {\n if (mode === \"online\") {\n return { state: \"active\", graceEndsAt: null, lockedReason: null };\n }\n if (mode === \"unactivated\") {\n return { state: \"locked\", graceEndsAt: null, lockedReason: LOCK_REASON_UNACTIVATED };\n }\n\n let allowanceEnd: number;\n let graceMs: number;\n let expiredReason: string;\n\n if (mode === \"offline-activated\" && activation) {\n allowanceEnd = activation.claims.expiresAt;\n graceMs = activation.claims.graceMs ?? policy.graceMs;\n expiredReason = LOCK_REASON_ACTIVATION_EXPIRED;\n } else {\n // offline-degraded\n const anchor = meta.lastServerContactAt ?? meta.activatedOnlineAt ?? now;\n allowanceEnd = anchor + policy.maxOfflineMs;\n graceMs = policy.graceMs;\n expiredReason = LOCK_REASON_OFFLINE_TOO_LONG;\n }\n\n if (now < allowanceEnd) {\n return { state: \"active\", graceEndsAt: null, lockedReason: null };\n }\n const lockAt = allowanceEnd + graceMs;\n if (now < lockAt) {\n return { state: \"grace\", graceEndsAt: lockAt, lockedReason: null };\n }\n return { state: \"locked\", graceEndsAt: null, lockedReason: expiredReason };\n}\n","import type { AuthApi } from \"./ports/AuthApi\";\nimport type { AuthVault } from \"./ports/AuthVault\";\nimport type { CashierDirectory } from \"./ports/CashierDirectory\";\nimport type { PinHasher } from \"./ports/PinHasher\";\nimport type { SignatureVerifier } from \"./ports/SignatureVerifier\";\nimport { NoblePinHasher } from \"./crypto/NoblePinHasher\";\nimport { NobleSignatureVerifier } from \"./crypto/NobleSignatureVerifier\";\nimport { TokenManager } from \"./token/TokenManager\";\nimport { PinManager } from \"./pin/PinManager\";\nimport { ActivationManager } from \"./activation/ActivationManager\";\nimport { AuthService } from \"./service/AuthService\";\nimport type { Clock } from \"./time\";\nimport { systemClock } from \"./time\";\nimport type { AccessPolicy } from \"./types\";\n\nexport interface CreateAuthOptions {\n /** التخزين الآمن (حسب المنصة). */\n vault: AuthVault;\n /** عميل OAuth. */\n api: AuthApi;\n /** مصدر hashes الكاشيرية المتزامنة (بيقرأ جدول cashiers من storage). */\n directory: CashierDirectory;\n /** المفتاح العام لقمرة (Ed25519, 32 بايت) للتفعيل الأوفلاين. */\n activationPublicKey: Uint8Array;\n /** هوية الجهاز — لو محدَّدة، مفتاح التفعيل لازم يطابقها. */\n deviceId?: string;\n /** سياسة الـ grace/lock. الافتراضي 30 يوم + 3 أيام grace. */\n policy?: AccessPolicy;\n\n // نقاط حقن اختيارية (اختبار / منصات خاصة)\n hasher?: PinHasher;\n verifier?: SignatureVerifier;\n now?: Clock;\n skewMs?: number;\n maxPinAttempts?: number;\n pinLockoutMs?: number;\n}\n\nexport interface Auth {\n service: AuthService;\n tokens: TokenManager;\n pins: PinManager;\n activation: ActivationManager;\n /** async — للاستخدام العام. */\n getValidToken: () => Promise<string | null>;\n /** متزامن — للربط مع SyncEngine: `{ getAuthToken: auth.getAccessTokenSync }`. */\n getAccessTokenSync: () => string | null;\n}\n\n/**\n * يركّب حزمة الـ auth كاملة بأقل إعداد ممكن. الافتراضيات: crypto من @noble،\n * ساعة النظام، سياسة قياسية. كل حاجة قابلة للحقن.\n *\n * لاحظ: بيحلّ اعتماد دائري خفيف — TokenManager محتاج callback بعد كل اتصال\n * ناجح، والـ callback ده بتاع AuthService. بنمرّر closure متأخّر التنفيذ.\n */\nexport function createAuth(opts: CreateAuthOptions): Auth {\n const now = opts.now ?? systemClock;\n const hasher = opts.hasher ?? new NoblePinHasher();\n const verifier = opts.verifier ?? new NobleSignatureVerifier();\n\n // closure بيشير لـ service اللي هيتعرّف تحت — بينفّذ وقت الـ refresh مش دلوقتي.\n let service: AuthService;\n const tokens = new TokenManager({\n vault: opts.vault,\n api: opts.api,\n now,\n skewMs: opts.skewMs,\n onServerContact: (at) => service.recordServerContact(at),\n });\n\n const pins = new PinManager({\n directory: opts.directory,\n hasher,\n now,\n maxAttempts: opts.maxPinAttempts,\n lockoutMs: opts.pinLockoutMs,\n });\n\n const activation = new ActivationManager({\n vault: opts.vault,\n verifier,\n publicKey: opts.activationPublicKey,\n now,\n deviceId: opts.deviceId,\n });\n\n service = new AuthService({\n vault: opts.vault,\n tokenManager: tokens,\n pinManager: pins,\n activationManager: activation,\n policy: opts.policy,\n now,\n });\n\n return {\n service,\n tokens,\n pins,\n activation,\n getValidToken: () => service.getValidToken(),\n getAccessTokenSync: () => service.getAccessTokenSync(),\n };\n}\n"]}
|
package/package.json
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "qumra-pos-auth",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Offline-capable identity for POS/apps: OAuth token vault with single-flight rotating refresh, local PIN (argon2id), Ed25519 offline activation, and an online/offline-degraded/offline-activated mode + grace-lock state machine. Zero dependency on any storage layer. Runs on React Native, Web, Desktop and Node.",
|
|
5
|
+
"keywords": [
|
|
6
|
+
"auth",
|
|
7
|
+
"oauth",
|
|
8
|
+
"offline-first",
|
|
9
|
+
"argon2id",
|
|
10
|
+
"ed25519",
|
|
11
|
+
"token-refresh",
|
|
12
|
+
"pin",
|
|
13
|
+
"pos",
|
|
14
|
+
"react-native",
|
|
15
|
+
"noble"
|
|
16
|
+
],
|
|
17
|
+
"license": "MIT",
|
|
18
|
+
"type": "module",
|
|
19
|
+
"sideEffects": false,
|
|
20
|
+
"main": "./dist/index.cjs",
|
|
21
|
+
"types": "./dist/index.d.ts",
|
|
22
|
+
"exports": {
|
|
23
|
+
".": {
|
|
24
|
+
"types": "./dist/index.d.ts",
|
|
25
|
+
"import": "./dist/index.js",
|
|
26
|
+
"require": "./dist/index.cjs"
|
|
27
|
+
},
|
|
28
|
+
"./crypto": {
|
|
29
|
+
"types": "./dist/crypto.d.ts",
|
|
30
|
+
"import": "./dist/crypto.js",
|
|
31
|
+
"require": "./dist/crypto.cjs"
|
|
32
|
+
},
|
|
33
|
+
"./package.json": "./package.json"
|
|
34
|
+
},
|
|
35
|
+
"files": [
|
|
36
|
+
"dist",
|
|
37
|
+
"README.md"
|
|
38
|
+
],
|
|
39
|
+
"dependencies": {
|
|
40
|
+
"@noble/curves": "^1.9.1",
|
|
41
|
+
"@noble/hashes": "^1.8.0"
|
|
42
|
+
},
|
|
43
|
+
"devDependencies": {
|
|
44
|
+
"@types/node": "^24.13.2",
|
|
45
|
+
"tsup": "^8.5.0",
|
|
46
|
+
"typescript": "^6.0.3",
|
|
47
|
+
"vitest": "^3.2.4"
|
|
48
|
+
},
|
|
49
|
+
"publishConfig": {
|
|
50
|
+
"access": "public"
|
|
51
|
+
},
|
|
52
|
+
"scripts": {
|
|
53
|
+
"build": "tsup",
|
|
54
|
+
"dev": "tsup --watch",
|
|
55
|
+
"test": "vitest run",
|
|
56
|
+
"test:watch": "vitest",
|
|
57
|
+
"typecheck": "tsc --noEmit"
|
|
58
|
+
},
|
|
59
|
+
"module": "./dist/index.js"
|
|
60
|
+
}
|