ts-client-lib 0.0.7

package/README.md

@@ -0,0 +1,76 @@
+# ts-client-lib
+
+TypeScript utilities for **browser and Node**: auth (JWT decode, OAuth URL helpers), **finance** (bonus eligibility, KYC limits), **entities**, **games**, and **shared helpers** (pagination, strings, compression, etc.). No framework or database dependencies in the core modules—safe to use from React, microservices, or scripts.
+
+**npm:** [`ts-client-lib`](https://www.npmjs.com/package/ts-client-lib) · **source:** [github.com/onalbi/ts-client-lib](https://github.com/onalbi/ts-client-lib)
+
+---
+
+## Install
+
+```bash
+npm install ts-client-lib
+```
+
+Peer: **`reflect-metadata`** (required by some decorators; add if your bundler does not inject it).
+
+---
+
+## Usage
+
+Imports are **explicit module paths** (no single barrel).
+
+```typescript
+// JWT (client-safe decode; verify only on the server)
+import { decodeJWT, isExpired } from 'ts-client-lib/auth/TSJWT';
+
+// OAuth: login/connect URLs, callback helpers
+import { buildLoginRedirectUrl, OAUTH2_PROVIDER_IDS } from 'ts-client-lib/auth/TSOAuth';
+
+// Bonus & KYC eligibility (same rules as your API can enforce server-side)
+import { BonusEligibility } from 'ts-client-lib/finance/TSBonus';
+import { KYCEligibility } from 'ts-client-lib/finance/TSKYC';
+
+// Cursor pagination UI helpers
+import { TSPagination } from 'ts-client-lib/utils/TSPagination';
+```
+
+See each file’s JSDoc for types and examples.
+
+---
+
+## Scripts
+
+| Command | Purpose |
+|--------|---------|
+| `npm run build` | `tsc --declaration` — emit `.js` / `.d.ts` next to sources |
+| `npm run clean` | `clean:artifacts` then `clean:deps` (see `package.json`) |
+| `npm run lint` | ESLint (`eslint.config.cjs`) |
+| `npm test` | Build, then Vitest (`vitest` config in `package.json`) |
+| `npm run test:coverage` | Vitest with coverage |
+
+Vitest options live under **`package.json` → `"vitest"`**.
+
+---
+
+## Testing
+
+- **Unit tests** live in **`test/**/*.spec.ts`** (Vitest). Examples: `BonusEligibility.spec.ts`, `KYCEligibility.spec.ts`, `TSOAuth.spec.ts`, `TSPagination.spec.ts`, plus entity/helper specs (`Money`, `BetSlip`, etc.).
+- **Platform integration** (e.g. bonus-service + GraphQL + live templates, Mongo `paginateCollection`, kyc-service engine) belongs in **your application repo**, not here—keep this package free of service URLs and secrets.
+
+---
+
+## Publish
+
+```bash
+npm run build
+npm publish
+```
+
+`prepublishOnly` runs the build; `postpublish` runs `clean:artifacts` (see `package.json`).
+
+---
+
+## License
+
+MIT © [Albion Liçi](mailto:lici.albion@gmail.com)

package/auth/TSJWT.d.ts

@@ -0,0 +1,29 @@
+/**
+ * JWT utilities (client-safe, read-only)
+ *
+ * Decode JWT payload without verification. For use in browser/client to read
+ * claims (e.g. exp for proactive refresh). Verification must be done server-side.
+ *
+ * No Node.js or crypto dependencies - uses atob and JSON.parse only.
+ */
+export interface JwtPayload {
+    exp?: number;
+    iat?: number;
+    sub?: string;
+    [key: string]: unknown;
+}
+/**
+ * Decode JWT token without verification (client-side only, for reading claims).
+ *
+ * @param token - Raw JWT string (header.payload.signature)
+ * @returns Decoded payload or null if invalid/not a JWT
+ */
+export declare function decodeJWT(token: string): JwtPayload | null;
+/**
+ * Check if a decoded JWT payload is expired (exp claim in seconds since epoch).
+ *
+ * @param payload - Result of decodeJWT(token)
+ * @param nowMs - Optional current time in ms (default: Date.now())
+ * @returns true if exp is set and in the past
+ */
+export declare function isExpired(payload: JwtPayload | null, nowMs?: number): boolean;

package/auth/TSJWT.js

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * JWT utilities (client-safe, read-only)
+ *
+ * Decode JWT payload without verification. For use in browser/client to read
+ * claims (e.g. exp for proactive refresh). Verification must be done server-side.
+ *
+ * No Node.js or crypto dependencies - uses atob and JSON.parse only.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeJWT = decodeJWT;
+exports.isExpired = isExpired;
+/**
+ * Decode JWT token without verification (client-side only, for reading claims).
+ *
+ * @param token - Raw JWT string (header.payload.signature)
+ * @returns Decoded payload or null if invalid/not a JWT
+ */
+function decodeJWT(token) {
+    try {
+        var parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        var payload = parts[1];
+        var decoded = JSON.parse(atob(payload.replace(/-/g, '+').replace(/_/g, '/')));
+        return decoded;
+    }
+    catch (_a) {
+        return null;
+    }
+}
+/**
+ * Check if a decoded JWT payload is expired (exp claim in seconds since epoch).
+ *
+ * @param payload - Result of decodeJWT(token)
+ * @param nowMs - Optional current time in ms (default: Date.now())
+ * @returns true if exp is set and in the past
+ */
+function isExpired(payload, nowMs) {
+    if (nowMs === void 0) { nowMs = Date.now(); }
+    if (!(payload === null || payload === void 0 ? void 0 : payload.exp))
+        return false;
+    return payload.exp * 1000 < nowMs;
+}

package/auth/TSOAuth.d.ts

@@ -0,0 +1,132 @@
+/**
+ * Framework-agnostic OAuth client helpers for login, connect, and callback.
+ *
+ * Use from any client (React, Vue, mobile, etc.): build URLs, parse callback params,
+ * and classify providers (OAuth2 vs OAuth1 vs custom). Auth-service is the source of
+ * truth for provider registry; this module mirrors path conventions so any framework
+ * can drive login, callback, connect, and link flows without duplicating logic.
+ *
+ * @see docs/social-service.md §7.5 Client application: login and connect (any framework)
+ */
+/** OAuth2 provider ids: path segment /auth/oauth2/{id}. */
+export declare const OAUTH2_PROVIDER_IDS: readonly ["google", "meta", "twitter", "linkedin", "reddit", "tiktok", "pinterest", "discord", "mastodon", "medium", "github", "whatsapp-meta", "tumblr", "yahoo", "snapchat", "snapchat-public-profile", "dribbble", "behance", "notion", "substack", "deviantart", "figma", "twitch", "ghost", "webflow"];
+/** OAuth1 provider ids: path segment /auth/oauth1/{id}. */
+export declare const OAUTH1_PROVIDER_IDS: readonly ["wordpress", "twitter-oauth1", "tumblr-oauth1"];
+/** Custom providers: app shows /login/{id} (e.g. Telegram, Bluesky, WhatsApp); auth may still issue connect URL. */
+export declare const CUSTOM_PROVIDER_IDS: readonly ["telegram", "bluesky", "whatsapp"];
+export type OAuth2ProviderId = (typeof OAUTH2_PROVIDER_IDS)[number];
+export type OAuth1ProviderId = (typeof OAUTH1_PROVIDER_IDS)[number];
+export type CustomProviderId = (typeof CUSTOM_PROVIDER_IDS)[number];
+/** URL param keys that indicate OAuth error; clients should clear them from the URL after showing the message. */
+export declare const OAUTH_ERROR_PARAM_KEYS: readonly ["error", "provider"];
+/** OAuth error code values (auth-service redirects with ?error=...). Single source of truth for app and auth. */
+export declare const OAUTH_ERROR_AUTH_FAILED: "auth_failed";
+export declare const OAUTH_ERROR_INVALID_USER: "invalid_user";
+/** Snapchat: businessapi `public_profiles/my_profile` returned HTTP 403 (allowlisting / API not enabled). */
+export declare const OAUTH_ERROR_SNAP_PUBLIC_PROFILE_FORBIDDEN: "snap_public_profile_forbidden";
+export declare const OAUTH_ERROR_CODES: readonly ["auth_failed", "invalid_user", "snap_public_profile_forbidden"];
+export type OAuthErrorCode = (typeof OAUTH_ERROR_CODES)[number];
+export interface BuildLoginRedirectUrlOptions {
+    tenantId: string;
+    returnTo?: string;
+    scopeLayer?: 'minimal' | 'based' | 'full';
+    /** Origin of the app (e.g. window.location.origin). Required for custom providers so redirect goes to /login/{id}. */
+    appOrigin?: string;
+}
+/**
+ * Build the full redirect URL for social login (OAuth2/OAuth1) or the app-relative path for custom providers.
+ * For custom providers, if appOrigin is given returns full URL `${appOrigin}/login/${providerId}?...`; otherwise returns path-only `/login/${providerId}?...`.
+ */
+export declare function buildLoginRedirectUrl(authUrl: string, providerId: string, options: BuildLoginRedirectUrlOptions): string;
+export interface BuildConnectUrlRequestOptions {
+    tenantId: string;
+    workspaceId?: string;
+    returnTo?: string;
+    /**
+     * Passed to GET /auth/connect-url/...; auth-service emits `/auth/connect/oauth2/{id}/{layer}` when set.
+     * For social account linking (posting), use `full` so registry `scopeSets.full` applies (e.g. TikTok `video.publish`).
+     */
+    scopeLayer?: 'minimal' | 'based' | 'full';
+}
+/**
+ * Build the URL for GET /auth/connect-url/:providerId (caller adds Bearer and fetches).
+ * Returns the request URL; the response body is JSON { url } or { errorCode }.
+ */
+export declare function buildConnectUrlRequestUrl(authUrl: string, providerId: string, options: BuildConnectUrlRequestOptions): string;
+/** Error response from auth-service connect-url and other auth HTTP APIs. */
+export interface AuthErrorResponse {
+    errorCode?: string;
+}
+export interface CallbackParams {
+    accessToken?: string | null;
+    refreshToken?: string | null;
+    userId?: string | null;
+    error?: string | null;
+    provider?: string | null;
+    returnTo?: string | null;
+}
+/**
+ * Parse OAuth callback query params (from returnTo after login or connect).
+ * Accepts URLSearchParams or search string. Framework-agnostic.
+ */
+export declare function parseCallbackParams(input: URLSearchParams | string): CallbackParams;
+/**
+ * Whether the given params contain OAuth error keys (error or provider).
+ * Use to decide whether to show an error message and then clear params.
+ */
+export declare function hasOAuthErrorParams(params: URLSearchParams | string): boolean;
+/**
+ * Minimal user identity from callback params + JWT (for fallback when me query fails).
+ * Returns { id, tenantId } so any client can map to their User type.
+ */
+export declare function getUserIdFromCallbackParams(params: URLSearchParams | string, accessToken: string): {
+    id: string;
+    tenantId: string;
+};
+/** Optional labels for the iframe; defaults match the built-in copy. */
+export interface CustomConnectIframeLabels {
+    /** Telegram: text above the widget. Default: "Sign in with Telegram." */
+    telegramSubtitle?: string;
+    /** Bluesky: text above the form. Default: "Handle and app password." */
+    blueskySubtitle?: string;
+    /** Bluesky: label for handle input. Default: "Handle" */
+    blueskyHandle?: string;
+    /** Bluesky: label for app password input. Default: "App password" */
+    blueskyAppPassword?: string;
+    /** Bluesky: submit button. Default: "Sign in" */
+    blueskySubmit?: string;
+    /** WhatsApp: text above the form. Default: "Phone (with country code)." */
+    whatsappSubtitle?: string;
+    /** WhatsApp: label for phone input. Default: "Phone" */
+    whatsappPhone?: string;
+    /** WhatsApp: label for display name input. Default: "Name (optional)" */
+    whatsappName?: string;
+    /** WhatsApp: submit button. Default: "Sign in" */
+    whatsappSubmit?: string;
+}
+export interface BuildCustomConnectIframeUrlOptions {
+    /** Auth service URL/path (e.g. /api/auth; forms POST to authUrl/auth/custom/:provider). */
+    authUrl: string;
+    tenantId: string;
+    returnTo?: string;
+    state?: string;
+    /** When true, form target="_top" so redirect replaces entire page (e.g. close iframe context). */
+    embed?: boolean;
+    /** Light or dark; applied as data-theme in iframe. */
+    theme?: 'light' | 'dark';
+    /** Override title text (e.g. "Connect with Telegram"). */
+    title?: string;
+    /** Telegram bot username (no @); required for Telegram widget. */
+    telegramBotUsername?: string;
+    /** Override labels in the iframe (blueskyHandle, blueskySubmit, etc.); defaults match built-in copy. */
+    labels?: Partial<CustomConnectIframeLabels>;
+}
+/**
+ * Build the URL for the shared custom-connect iframe page (when you serve the page at iframePageUrl).
+ */
+export declare function buildCustomConnectIframeUrl(iframePageUrl: string, providerId: string, options: BuildCustomConnectIframeUrlOptions): string;
+/**
+ * Build the iframe document as an HTML string for use with iframe.srcdoc.
+ * Config inlined; minimal styles and script. For same-origin use, serve a page that calls this and document.write().
+ */
+export declare function getCustomConnectIframeSrcdoc(providerId: string, options: BuildCustomConnectIframeUrlOptions): string;

package/auth/TSOAuth.js

@@ -0,0 +1,230 @@
+"use strict";
+/**
+ * Framework-agnostic OAuth client helpers for login, connect, and callback.
+ *
+ * Use from any client (React, Vue, mobile, etc.): build URLs, parse callback params,
+ * and classify providers (OAuth2 vs OAuth1 vs custom). Auth-service is the source of
+ * truth for provider registry; this module mirrors path conventions so any framework
+ * can drive login, callback, connect, and link flows without duplicating logic.
+ *
+ * @see docs/social-service.md §7.5 Client application: login and connect (any framework)
+ */
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAUTH_ERROR_CODES = exports.OAUTH_ERROR_SNAP_PUBLIC_PROFILE_FORBIDDEN = exports.OAUTH_ERROR_INVALID_USER = exports.OAUTH_ERROR_AUTH_FAILED = exports.OAUTH_ERROR_PARAM_KEYS = exports.CUSTOM_PROVIDER_IDS = exports.OAUTH1_PROVIDER_IDS = exports.OAUTH2_PROVIDER_IDS = void 0;
+exports.buildLoginRedirectUrl = buildLoginRedirectUrl;
+exports.buildConnectUrlRequestUrl = buildConnectUrlRequestUrl;
+exports.parseCallbackParams = parseCallbackParams;
+exports.hasOAuthErrorParams = hasOAuthErrorParams;
+exports.getUserIdFromCallbackParams = getUserIdFromCallbackParams;
+exports.buildCustomConnectIframeUrl = buildCustomConnectIframeUrl;
+exports.getCustomConnectIframeSrcdoc = getCustomConnectIframeSrcdoc;
+var TSJWT_js_1 = require("./TSJWT.js");
+// --- Provider lists (mirror auth-service path conventions) --------------------
+/** OAuth2 provider ids: path segment /auth/oauth2/{id}. */
+exports.OAUTH2_PROVIDER_IDS = [
+    'google', 'meta', 'twitter', 'linkedin', 'reddit', 'tiktok', 'pinterest', 'discord',
+    'mastodon', 'medium', 'github', 'whatsapp-meta', 'tumblr', 'yahoo', 'snapchat', 'snapchat-public-profile', 'dribbble', 'behance', 'notion',
+    'substack', 'deviantart', 'figma', 'twitch', 'ghost', 'webflow'
+];
+/** OAuth1 provider ids: path segment /auth/oauth1/{id}. */
+exports.OAUTH1_PROVIDER_IDS = ['wordpress', 'twitter-oauth1', 'tumblr-oauth1'];
+/** Custom providers: app shows /login/{id} (e.g. Telegram, Bluesky, WhatsApp); auth may still issue connect URL. */
+exports.CUSTOM_PROVIDER_IDS = ['telegram', 'bluesky', 'whatsapp'];
+/** URL param keys that indicate OAuth error; clients should clear them from the URL after showing the message. */
+exports.OAUTH_ERROR_PARAM_KEYS = ['error', 'provider'];
+/** OAuth error code values (auth-service redirects with ?error=...). Single source of truth for app and auth. */
+exports.OAUTH_ERROR_AUTH_FAILED = 'auth_failed';
+exports.OAUTH_ERROR_INVALID_USER = 'invalid_user';
+/** Snapchat: businessapi `public_profiles/my_profile` returned HTTP 403 (allowlisting / API not enabled). */
+exports.OAUTH_ERROR_SNAP_PUBLIC_PROFILE_FORBIDDEN = 'snap_public_profile_forbidden';
+exports.OAUTH_ERROR_CODES = [
+    exports.OAUTH_ERROR_AUTH_FAILED,
+    exports.OAUTH_ERROR_INVALID_USER,
+    exports.OAUTH_ERROR_SNAP_PUBLIC_PROFILE_FORBIDDEN
+];
+/**
+ * Build the full redirect URL for social login (OAuth2/OAuth1) or the app-relative path for custom providers.
+ * For custom providers, if appOrigin is given returns full URL `${appOrigin}/login/${providerId}?...`; otherwise returns path-only `/login/${providerId}?...`.
+ */
+function buildLoginRedirectUrl(authUrl, providerId, options) {
+    var tenantId = options.tenantId, returnTo = options.returnTo, scopeLayer = options.scopeLayer, appOrigin = options.appOrigin;
+    var query = new URLSearchParams({ tenantId: tenantId });
+    if (returnTo)
+        query.set('returnTo', returnTo);
+    var qs = query.toString();
+    var scopeSeg = scopeLayer === 'minimal' || scopeLayer === 'based' || scopeLayer === 'full' ? "/".concat(scopeLayer) : '';
+    if (exports.CUSTOM_PROVIDER_IDS.indexOf(providerId) !== -1) {
+        var path = "/login/".concat(providerId, "?").concat(qs);
+        return appOrigin ? "".concat(appOrigin.replace(/\/$/, '')).concat(path) : path;
+    }
+    if (exports.OAUTH1_PROVIDER_IDS.indexOf(providerId) !== -1) {
+        return "".concat(authUrl.replace(/\/$/, ''), "/auth/oauth1/").concat(providerId).concat(scopeSeg, "?").concat(qs);
+    }
+    return "".concat(authUrl.replace(/\/$/, ''), "/auth/oauth2/").concat(providerId).concat(scopeSeg, "?").concat(qs);
+}
+/**
+ * Build the URL for GET /auth/connect-url/:providerId (caller adds Bearer and fetches).
+ * Returns the request URL; the response body is JSON { url } or { errorCode }.
+ */
+function buildConnectUrlRequestUrl(authUrl, providerId, options) {
+    var tenantId = options.tenantId, workspaceId = options.workspaceId, returnTo = options.returnTo, scopeLayer = options.scopeLayer;
+    var params = new URLSearchParams({ tenantId: tenantId });
+    if (workspaceId)
+        params.set('workspaceId', workspaceId);
+    if (returnTo)
+        params.set('returnTo', returnTo);
+    if (scopeLayer)
+        params.set('scopeLayer', scopeLayer);
+    var base = authUrl.replace(/\/$/, '');
+    return "".concat(base, "/auth/connect-url/").concat(encodeURIComponent(providerId), "?").concat(params.toString());
+}
+/**
+ * Parse OAuth callback query params (from returnTo after login or connect).
+ * Accepts URLSearchParams or search string. Framework-agnostic.
+ */
+function parseCallbackParams(input) {
+    var _a, _b, _c, _d, _e, _f;
+    var params = typeof input === 'string' ? new URLSearchParams(input) : input;
+    return {
+        accessToken: (_a = params.get('accessToken')) !== null && _a !== void 0 ? _a : undefined,
+        refreshToken: (_b = params.get('refreshToken')) !== null && _b !== void 0 ? _b : undefined,
+        userId: (_c = params.get('userId')) !== null && _c !== void 0 ? _c : undefined,
+        error: (_d = params.get('error')) !== null && _d !== void 0 ? _d : undefined,
+        provider: (_e = params.get('provider')) !== null && _e !== void 0 ? _e : undefined,
+        returnTo: (_f = params.get('returnTo')) !== null && _f !== void 0 ? _f : undefined
+    };
+}
+/**
+ * Whether the given params contain OAuth error keys (error or provider).
+ * Use to decide whether to show an error message and then clear params.
+ */
+function hasOAuthErrorParams(params) {
+    var p = typeof params === 'string' ? new URLSearchParams(params) : params;
+    return exports.OAUTH_ERROR_PARAM_KEYS.some(function (key) { return p.has(key); });
+}
+/**
+ * Minimal user identity from callback params + JWT (for fallback when me query fails).
+ * Returns { id, tenantId } so any client can map to their User type.
+ */
+function getUserIdFromCallbackParams(params, accessToken) {
+    var p = typeof params === 'string' ? new URLSearchParams(params) : params;
+    var payload = (0, TSJWT_js_1.decodeJWT)(accessToken);
+    var id = p.get('userId') || (payload === null || payload === void 0 ? void 0 : payload.sub) || '';
+    var tenantId = (payload === null || payload === void 0 ? void 0 : payload.tid) || p.get('tenantId') || '';
+    return { id: id, tenantId: tenantId };
+}
+var DEFAULT_IFRAME_LABELS = {
+    telegramSubtitle: 'Sign in with Telegram.',
+    blueskySubtitle: 'Handle and app password.',
+    blueskyHandle: 'Handle',
+    blueskyAppPassword: 'App password',
+    blueskySubmit: 'Sign in',
+    whatsappSubtitle: 'Phone (with country code).',
+    whatsappPhone: 'Phone',
+    whatsappName: 'Name (optional)',
+    whatsappSubmit: 'Sign in'
+};
+/** Normalized options for custom connect iframe (shared by URL builder and srcdoc builder). */
+function normalizeCustomConnectOptions(providerId, options) {
+    var _a, _b, _c, _d, _e, _f;
+    return {
+        authUrl: options.authUrl.replace(/\/$/, ''),
+        tenantId: options.tenantId,
+        returnTo: (_a = options.returnTo) !== null && _a !== void 0 ? _a : '',
+        state: (_b = options.state) !== null && _b !== void 0 ? _b : '',
+        embed: options.embed === true,
+        theme: ((_c = options.theme) !== null && _c !== void 0 ? _c : 'light'),
+        title: (_d = options.title) !== null && _d !== void 0 ? _d : "Connect with ".concat(providerId.charAt(0).toUpperCase() + providerId.slice(1)),
+        telegramBotUsername: (_f = (providerId === 'telegram' ? (_e = options.telegramBotUsername) === null || _e === void 0 ? void 0 : _e.replace(/^@/, '') : '')) !== null && _f !== void 0 ? _f : ''
+    };
+}
+/**
+ * Build the URL for the shared custom-connect iframe page (when you serve the page at iframePageUrl).
+ */
+function buildCustomConnectIframeUrl(iframePageUrl, providerId, options) {
+    if (exports.CUSTOM_PROVIDER_IDS.indexOf(providerId) === -1) {
+        throw new Error("Unknown custom provider: ".concat(providerId, ". Use one of: ").concat(exports.CUSTOM_PROVIDER_IDS.join(', ')));
+    }
+    var n = normalizeCustomConnectOptions(providerId, options);
+    var params = new URLSearchParams();
+    params.set('provider', providerId);
+    params.set('authUrl', n.authUrl);
+    params.set('tenantId', n.tenantId);
+    if (n.returnTo)
+        params.set('returnTo', n.returnTo);
+    if (n.state)
+        params.set('state', n.state);
+    if (n.embed)
+        params.set('embed', '1');
+    params.set('theme', n.theme);
+    params.set('title', n.title);
+    if (n.telegramBotUsername && providerId === 'telegram')
+        params.set('telegramBotUsername', n.telegramBotUsername);
+    var base = iframePageUrl.replace(/\?.*$/, '').replace(/#.*$/, '');
+    return "".concat(base, "?").concat(params.toString());
+}
+/**
+ * Build the iframe document as an HTML string for use with iframe.srcdoc.
+ * Config inlined; minimal styles and script. For same-origin use, serve a page that calls this and document.write().
+ */
+function getCustomConnectIframeSrcdoc(providerId, options) {
+    if (exports.CUSTOM_PROVIDER_IDS.indexOf(providerId) === -1) {
+        throw new Error("Unknown custom provider: ".concat(providerId, ". Use one of: ").concat(exports.CUSTOM_PROVIDER_IDS.join(', ')));
+    }
+    var n = normalizeCustomConnectOptions(providerId, options);
+    var labels = __assign(__assign({}, DEFAULT_IFRAME_LABELS), options.labels);
+    var config = {
+        providerId: providerId,
+        authUrl: n.authUrl,
+        tenantId: n.tenantId,
+        returnTo: n.returnTo,
+        state: n.state,
+        embed: n.embed,
+        theme: n.theme,
+        title: n.title,
+        telegramBotUsername: n.telegramBotUsername
+    };
+    var configJson = JSON.stringify(config).replace(/</g, '\\u003c').replace(/>/g, '\\u003e');
+    var buildAction = function (path) {
+        var u = n.authUrl + path + '?tenantId=' + encodeURIComponent(n.tenantId);
+        if (n.returnTo)
+            u += '&returnTo=' + encodeURIComponent(n.returnTo);
+        if (n.state)
+            u += '&state=' + encodeURIComponent(n.state);
+        return u;
+    };
+    var target = n.embed ? '_top' : '_self';
+    var bodyContent = '';
+    if (providerId === 'telegram') {
+        bodyContent = n.telegramBotUsername
+            ? "<p>".concat(escapeHtml(labels.telegramSubtitle), "</p><div id=\"w\"></div><script>\nvar c=JSON.parse(document.getElementById(\"cfg\").textContent);\nwindow.onTelegramAuth=function(user){\n  var f=document.createElement(\"form\");f.method=\"POST\";f.action=c.authUrl+\"/auth/custom/telegram?tenantId=\"+encodeURIComponent(c.tenantId)+(c.returnTo?\"&returnTo=\"+encodeURIComponent(c.returnTo):\"\")+(c.state?\"&state=\"+encodeURIComponent(c.state):\"\");f.target=\"").concat(target, "\";f.enctype=\"application/x-www-form-urlencoded\";\n  [\"id\",\"first_name\",\"last_name\",\"username\",\"photo_url\",\"auth_date\",\"hash\"].forEach(function(k){if(user[k]==null)return;var i=document.createElement(\"input\");i.type=\"hidden\";i.name=k;i.value=String(user[k]);f.appendChild(i);});\n  document.body.appendChild(f);f.submit();\n};\nvar s=document.createElement(\"script\");s.src=\"https://telegram.org/js/telegram-widget.js?23\";s.setAttribute(\"data-telegram-login\",\"").concat(n.telegramBotUsername.replace(/"/g, '&quot;'), "\");s.setAttribute(\"data-size\",\"large\");s.setAttribute(\"data-onauth\",\"onTelegramAuth(user)\");s.setAttribute(\"data-request-access\",\"write\");s.async=true;document.getElementById(\"w\").appendChild(s);\n</script>")
+            : '<p class="err">Missing telegramBotUsername.</p>';
+    }
+    else if (providerId === 'bluesky') {
+        var action = buildAction('/auth/custom/bluesky');
+        bodyContent = "<p>".concat(escapeHtml(labels.blueskySubtitle), "</p><form action=\"").concat(action.replace(/"/g, '&quot;'), "\" method=\"POST\" target=\"").concat(target, "\">\n<label>").concat(escapeHtml(labels.blueskyHandle), "</label><input name=\"identifier\" type=\"text\" placeholder=\"you.bsky.social\" required>\n<label>").concat(escapeHtml(labels.blueskyAppPassword), "</label><input name=\"appPassword\" type=\"password\" placeholder=\"xxxx-xxxx-xxxx\" required>\n<button type=\"submit\">").concat(escapeHtml(labels.blueskySubmit), "</button></form>");
+    }
+    else if (providerId === 'whatsapp') {
+        var action = buildAction('/auth/custom/whatsapp');
+        bodyContent = "<p>".concat(escapeHtml(labels.whatsappSubtitle), "</p><form action=\"").concat(action.replace(/"/g, '&quot;'), "\" method=\"POST\" target=\"").concat(target, "\">\n<label>").concat(escapeHtml(labels.whatsappPhone), "</label><input name=\"whatsappId\" type=\"tel\" placeholder=\"+1234567890\" required>\n<label>").concat(escapeHtml(labels.whatsappName), "</label><input name=\"displayName\" type=\"text\">\n<button type=\"submit\">").concat(escapeHtml(labels.whatsappSubmit), "</button></form>");
+    }
+    return "<!DOCTYPE html><html><head><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"><style>\nbody{font-family:system-ui,sans-serif;margin:0;padding:12px;min-height:100vh;display:flex;flex-direction:column;align-items:center;justify-content:center;box-sizing:border-box;background:".concat(n.theme === 'dark' ? '#1a1a2e' : '#f8fafc', ";color:").concat(n.theme === 'dark' ? '#e2e8f0' : '#1e293b', ";}\nh1{margin:0 0 8px;font-size:1.1rem;}\np{margin:0 0 12px;font-size:0.85rem;color:#64748b;}\nform{display:flex;flex-direction:column;gap:8px;}\nlabel{font-size:0.85rem;}\ninput{padding:6px 10px;border:1px solid #cbd5e1;border-radius:6px;}\nbutton{padding:8px 12px;border:none;border-radius:6px;background:#1185fe;color:#fff;cursor:pointer;}\n.err{color:#dc2626;}\n</style></head><body><h1>").concat(escapeHtml(n.title), "</h1><script type=\"application/json\" id=\"cfg\">").concat(configJson, "</script>").concat(bodyContent, "</body></html>");
+}
+function escapeHtml(s) {
+    return s
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}

package/devices/TSCordova.d.ts

@@ -0,0 +1,5 @@
+export declare class TSCordova {
+    static bootstrap(closure: () => void): void;
+    static bind(plugin: string, closure: (plugin: any) => void): void;
+    static isCordova(): boolean;
+}

package/devices/TSCordova.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TSCordova = void 0;
+function _window() {
+    return window;
+}
+var TSCordova = /** @class */ (function () {
+    function TSCordova() {
+    }
+    TSCordova.bootstrap = function (closure) {
+        if (TSCordova.isCordova()) {
+            console.log('Bootstrapped with Cordova');
+            var script = document.createElement('script');
+            script.type = 'text/javascript';
+            script.src = 'cordova.js';
+            document.head.appendChild(script);
+            var legacyScript_1 = script;
+            if (legacyScript_1.readyState) {
+                legacyScript_1.onreadystatechange = function () {
+                    if (legacyScript_1.readyState === 'loaded' || legacyScript_1.readyState === 'complete') {
+                        document.addEventListener('deviceready', closure, false);
+                    }
+                };
+            }
+            else {
+                document.addEventListener('deviceready', closure, false);
+            }
+        }
+        else {
+            closure();
+        }
+    };
+    TSCordova.bind = function (plugin, closure) {
+        if (typeof cordova !== 'undefined') {
+            if (Object.hasOwn(cordova.plugins, plugin)) {
+                closure(cordova.plugins[plugin]);
+            }
+            else if (Object.hasOwn(_window().plugins, plugin)) {
+                closure(_window().plugins[plugin]);
+            }
+            else if (Object.hasOwn(_window(), plugin)) {
+                closure(_window()[plugin]);
+            }
+        }
+    };
+    TSCordova.isCordova = function () {
+        // Global || Local
+        return typeof _isCordova !== 'undefined' || (document.URL.indexOf('http://') === -1 && document.URL.indexOf('https://') === -1);
+    };
+    return TSCordova;
+}());
+exports.TSCordova = TSCordova;

package/entities/TSCountries.d.ts

@@ -0,0 +1,14 @@
+export interface TSCountry {
+    alpha2: string;
+    alpha3: string;
+    dial: Array<string>;
+    currencies: Array<string>;
+    emoji?: string;
+    ioc: string;
+    languages: Array<string>;
+    name: string;
+    status: string;
+}
+export declare const TSCountries: {
+    [k: string]: TSCountry | any;
+};