New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@authing/web
Advanced tools
@authing/web - npm Package Compare versions
@@ -1,2 +0,2 @@ | ||
| import e from"axios";var t=function(){return t=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},t.apply(this,arguments)};function o(e,t,o,n){return new(o||(o=Promise))((function(r,i){function s(e){try{a(n.next(e))}catch(e){i(e)}}function c(e){try{a(n.throw(e))}catch(e){i(e)}}function a(e){var t;e.done?r(e.value):(t=e.value,t instanceof o?t:new o((function(e){e(t)}))).then(s,c)}a((n=n.apply(e,t||[])).next())}))}function n(e,t){var o,n,r,i,s={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){return function(i){if(o)throw new TypeError("Generator is already executing.");for(;s;)try{if(o=1,n&&(r=2&i[0]?n.return:i[0]?n.throw||((r=n.return)&&r.call(n),0):n.next)&&!(r=r.call(n,i[1])).done)return r;switch(n=0,r&&(i=[2&i[0],r.value]),i[0]){case 0:case 1:r=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,n=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(r=s.trys,(r=r.length>0&&r[r.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!r||i[1]>r[0]&&i[1]<r[3])){s.label=i[1];break}if(6===i[0]&&s.label<r[1]){s.label=r[1],r=i;break}if(r&&s.label<r[2]){s.label=r[2],s.ops.push(i);break}r[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],n=0}finally{o=r=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,c])}}}function r(e){var t,r;return o(this,void 0,void 0,(function(){var o,i,s,c;return n(this,(function(n){switch(n.label){case 0:return n.trys.push([0,2,,3]),[4,e];case 1:return[2,n.sent()];case 2:if(o=n.sent(),o.isAxiosError&&(null===(r=null===(t=o.response)||void 0===t?void 0:t.data)||void 0===r?void 0:r.error))throw i=o.response.data,s=i.error,c=i.error_description,new Error("认证服务器返回错误 ".concat(s,": ").concat(c));throw o;case 3:return[2]}}))}))}function i(t,i){return o(this,void 0,void 0,(function(){var o;return n(this,(function(n){return o=c(i),[2,r(e.get(t,o))]}))}))}function s(t,i,s){return o(this,void 0,void 0,(function(){var o;return n(this,(function(n){return o=c(s),[2,r(e.post(t,i,o))]}))}))}function c(e){return Object.assign({},e||{},{headers:t(t({},null==e?void 0:e.headers),{"x-authing-request-from":"sdk-web","x-authing-sdk-version":"5.1.21-alpha.3"})})}var a="".concat("authing-spa",":").concat("1"),d=function(){function e(){this.storage=Object.create(null)}return e.prototype.get=function(e){var t;return null!==(t=this.storage[e])&&void 0!==t?t:null},e.prototype.put=function(e,t){this.storage[e]=t},e.prototype.delete=function(e){delete this.storage[e]},e}(),u=function(){function e(){}return e.prototype.get=function(e){var t=localStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){localStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){localStorage.removeItem(e)},e}(),p=function(){function e(){}return e.prototype.get=function(){return null},e.prototype.put=function(){},e.prototype.delete=function(){},e}(),l=function(){function e(){}return e.prototype.get=function(e){var t=sessionStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){sessionStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){sessionStorage.removeItem(e)},e}();function h(e){return Object.keys(e).filter((function(t){return null!==e[t]&&void 0!==e[t]})).map((function(t){return encodeURIComponent(t)+"="+encodeURIComponent(e[t])})).join("&")}function f(e){return[a,e,"login-state"].join(":")}function g(e,t){return[a,e,"tx",t].join(":")}function v(){return window.crypto||window.msCrypto}function w(){var e=v();return e.subtle||e.webkitSubtle}function m(e){var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";return Array.from(v().getRandomValues(new Uint8Array(e))).map((function(e){return t[e%t.length]})).join("")}function k(e){for(var t=[],o=0;o<e.length;++o)t.push(e.charCodeAt(o));return new Uint8Array(t)}function y(e){return void 0===e&&(e="SHA-256"),o(this,void 0,void 0,(function(){var t,o;return n(this,(function(n){switch(n.label){case 0:return t=m(43),[4,w().digest(e,k(t))];case 1:return o=n.sent(),[2,{codeChallenge:function(e){for(var t=new Uint8Array(e),o="",n=0;n<t.byteLength;++n)o+=String.fromCharCode(t[n]);var r=window.btoa(o),i={"+":"-","/":"_","=":""};return r.replace(/[+/=]/g,(function(e){return i[e]}))}(o),codeVerifier:t}]}}))}))}function _(e){var t=e.split("."),o=t[0],n=t[1];if(!t[2])throw new Error("无效的 Token 格式");var r=JSON.parse(window.atob(o));if(r.enc)throw new Error("本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能");return n=n.replace(/-/g,"+").replace(/_/g,"/"),n=decodeURIComponent(window.atob(n).split("").map((function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)})).join("")),{header:r,body:JSON.parse(n)}}var b=function(){function e(e){var t,o,n,r,i;if(this.options=e,this.domain=function(e){var t,o=/^(((?:http)|(?:https)):\/\/)?((?:[\w-_]+)(?:\.[\w-_]+)+)(?:\/.*)?$/.exec(e);if(o&&o[3])return"".concat(null!==(t=o[1])&&void 0!==t?t:"https://").concat(o[3]);throw Error("无效的域名配置: ".concat(e))}(this.options.domain),!(e.useImplicitMode||v()&&w()))throw new Error("PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true");"object"==typeof localStorage?this.loginStateProvider=new u:(console.warn("您的浏览器版本过低,登录态存储功能将不可用"),this.loginStateProvider=new d),"object"==typeof sessionStorage?this.transactionProvider=new l:(e.useImplicitMode||console.warn("您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true"),this.transactionProvider=new p),e.implicitResponseType=null!==(t=e.implicitResponseType)&&void 0!==t?t:"id_token token",e.redirectResponseMode=null!==(o=e.redirectResponseMode)&&void 0!==o?o:"fragment",e.popupWidth=null!==(n=e.popupWidth)&&void 0!==n?n:800,e.popupHeight=null!==(r=e.popupHeight)&&void 0!==r?r:600,e.scope=null!==(i=e.scope)&&void 0!==i?i:"openid profile"}return e.prototype.getLoginStateWithRedirect=function(){var e;return o(this,void 0,void 0,(function(){var t,o,r,i,s,c,a,d;return n(this,(function(n){switch(n.label){case 0:return t=m(16),o=m(16),r=null!==(e=this.options.redirectUri)&&void 0!==e?e:window.location.origin,i={redirect_uri:r,response_mode:this.options.redirectResponseMode||"query",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:t,nonce:o,scope:this.options.scope},this.options.useImplicitMode?[3,2]:[4,y()];case 1:c=n.sent(),a=c.codeChallenge,d=c.codeVerifier,i.code_challenge=a,i.code_challenge_method="S256",s=d,n.label=2;case 2:return[4,this.transactionProvider.put(g(this.options.appId,t),{codeVerifier:s,state:t,redirectUri:r,nonce:o})];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(h(i))),[2]}}))}))},e.prototype.getLoginState=function(e){var t;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i,c,a,d,u,p,l,g,v;return n(this,(function(n){switch(n.label){case 0:return e.ignoreCache?[3,3]:[4,this.loginStateProvider.get(f(this.options.appId))];case 1:return(o=n.sent())&&o.expireAt&&o.expireAt>Date.now()?this.options.introspectAccessToken&&o.accessToken?[4,s("".concat(this.domain,"/oidc/token/introspection"),h({client_id:this.options.appId,token:o.accessToken}),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})]:[2,o]:[3,3];case 2:if(!0===n.sent().data.active)return[2,o];n.label=3;case 3:return[4,this.loginStateProvider.delete(f(this.options.appId))];case 4:if(n.sent(),void 0!==this.globalMsgListener)throw new Error("另一个认证流程正在进行中,请不要同时发起多个认证");return this.globalMsgListener=null,window.crossOriginIsolated?(console.warn("当前页面运行在隔离模式下,无法获取登录态"),[2,null]):(r=m(16),i=m(16),a=null!==(t=this.options.redirectUri)&&void 0!==t?t:window.location.origin,d={redirect_uri:a,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:r,nonce:i,prompt:"none",scope:this.options.scope},this.options.useImplicitMode?[3,6]:[4,y()]);case 5:u=n.sent(),p=u.codeChallenge,l=u.codeVerifier,c=l,d.code_challenge=p,d.code_challenge_method="S256",n.label=6;case 6:return(g=document.createElement("iframe")).hidden=!0,g.width=g.height="0",g.src="".concat(this.domain,"/oidc/auth?").concat(h(d)),window.navigator.userAgent.indexOf("MSIE")>=1||window.navigator.userAgent.indexOf("Trident")>=1&&window.navigator.userAgent.indexOf("rv")>=1||window.navigator.userAgent.indexOf("Edge")>=1?document.body.appendChild(g):document.body.append(g),[4,Promise.race([this.listenToPostMessage(r),new Promise((function(e){return setTimeout((function(){return e(null)}),5e3)}))])];case 7:if(v=n.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,g.remove(),null===v)return console.warn("登录态获取超时"),[2,null];if(v.error)return"login_required"!==v.error?console.warn("登录态获取失败,认证服务器返回错误: error=".concat(v.error,", error_description=").concat(v.errorDesc)):console.warn("用户未登录"),[2,null];if(v.state!==r)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(v,i,a,c)]}}))}))},e.prototype.loginWithRedirect=function(e){var r;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,i,s,c,a,d,u,p;return n(this,(function(n){switch(n.label){case 0:if(!(o=e.redirectUri||this.options.redirectUri))throw new Error("必须设置 redirect_uri");return i=m(16),s=m(16),c=t(t({redirect_uri:o,response_mode:this.options.redirectResponseMode,response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:i,nonce:s,scope:this.options.scope},e.forced&&{prompt:"login"}),e.login_page_context&&{login_page_context:e.login_page_context}),this.options.useImplicitMode?[3,2]:[4,y()];case 1:d=n.sent(),u=d.codeChallenge,p=d.codeVerifier,c.code_challenge=u,c.code_challenge_method="S256",a=p,n.label=2;case 2:return[4,this.transactionProvider.put(g(this.options.appId,i),t(t({codeVerifier:a,state:i,redirectUri:o,nonce:s},this.options.redirectToOriginalUri&&{originalUri:null!==(r=e.originalUri)&&void 0!==r?r:window.location.href}),void 0!==e.customState&&{customState:e.customState}))];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(h(c))),[2]}}))}))},e.prototype.isRedirectCallback=function(){var e=this.resolveCallbackParams();return!!e&&(!!e.error||(this.options.useImplicitMode?!(!e.access_token&&!e.id_token):!!e.code))},e.prototype.handleRedirectCallback=function(){return o(this,void 0,void 0,(function(){var e,o,r,i,s,c,a,d,u,p,l;return n(this,(function(n){switch(n.label){case 0:if(!(e=this.resolveCallbackParams()))throw new Error("非法的回调 URL");if(e.error)throw new Error("认证失败, error=".concat(e.error,", error_description=").concat(e.error_description));if(!(i=e.state))throw new Error("非法的回调 URL: 缺少 state");return[4,this.transactionProvider.get(g(this.options.appId,i))];case 1:return(s=n.sent())?[4,this.transactionProvider.delete(g(this.options.appId,i))]:[3,5];case 2:if(n.sent(),s.state!==i)throw new Error("state 验证失败");if(o=s.originalUri,r=s.customState,this.options.useImplicitMode)return[3,4];if(!(c=e.code))throw new Error("非法的回调 URL: 缺少 code");return[4,this.exchangeToken(c,s.redirectUri,s.codeVerifier,s.nonce)];case 3:return a=n.sent(),this.options.redirectToOriginalUri&&o&&window.location.replace(o),[2,a];case 4:return[3,6];case 5:if(!this.options.useImplicitMode)throw new Error("获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage");n.label=6;case 6:if(d=e.id_token,u=e.access_token,p=null==s?void 0:s.nonce,this.options.implicitResponseType.includes("token")&&!u||this.options.implicitResponseType.includes("id_token")&&!d)throw new Error("非法的回调 URL: 缺少 token");return[4,this.saveLoginState({idToken:d,accessToken:u,nonce:p})];case 7:return l=n.sent(),this.options.redirectToOriginalUri&&o&&window.location.replace(o),[2,t(t({},l),{customState:r})]}}))}))},e.prototype.loginWithPopup=function(e){return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i,s,c,a,d,u,p,l,f;return n(this,(function(n){switch(n.label){case 0:if(o=e.redirectUri||this.options.redirectUri||window.location.origin,void 0!==this.globalMsgListener)throw new Error("另一个认证流程正在进行中,请不要同时发起多个认证");if(this.globalMsgListener=null,window.crossOriginIsolated)throw new Error("当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect");return r=m(16),i=m(16),s=t(t({redirect_uri:o,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:r,nonce:i},e.forced&&{prompt:"login"}),{scope:this.options.scope}),this.options.useImplicitMode?[3,2]:[4,y()];case 1:a=n.sent(),d=a.codeChallenge,u=a.codeVerifier,c=u,s.code_challenge=d,s.code_challenge_method="S256",n.label=2;case 2:if(p="".concat(this.domain,"/oidc/auth?").concat(h(s)),!(l=window.open(p,"authing-spa-login-window","popup,width=".concat(this.options.popupWidth,",height=").concat(this.options.popupHeight))))throw new Error("弹出窗口失败");return[4,Promise.race([this.listenToPostMessage(r),new Promise((function(e){var t=setInterval((function(){l.closed&&(clearInterval(t),setTimeout((function(){return e(null)}),500))}),500)}))])];case 3:if(f=n.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,!f)return[2,null];if(f.error)throw new Error("登录失败,认证服务器返回错误: error=".concat(f.error,", error_description=").concat(f.errorDesc));if(f.state!==r)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(f,i,o,c)]}}))}))},e.prototype.getUserInfo=function(e){var t,r;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,s,c;return n(this,(function(n){switch(n.label){case 0:return null===(t=e.accessToken)||void 0===t?[3,1]:(s=t,[3,3]);case 1:return[4,this.getLoginState()];case 2:s=null===(r=n.sent())||void 0===r?void 0:r.accessToken,n.label=3;case 3:if(!(o=s))throw new Error("access token 不存在,请重新登录");return[4,i("".concat(this.domain,"/api/v3/get-profile"),{headers:{Authorization:"Bearer ".concat(o),"x-authing-userpool-id":this.options.userPoolId}})];case 4:return(c=n.sent().data).data?[2,c.data]:[2,{apiCode:c.apiCode,message:c.message,statusCode:c.statusCode}]}}))}))},e.prototype.logoutWithRedirect=function(e){var t;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i;return n(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(f(this.options.appId))];case 1:return(o=n.sent())?[4,this.loginStateProvider.delete(f(this.options.appId))]:[2];case 2:return n.sent(),r={id_token_hint:o.idToken},(i=null!==(t=e.redirectUri)&&void 0!==t?t:this.options.logoutRedirectUri)&&(r.post_logout_redirect_uri=i,r.state=e.state),[4,this.loginStateProvider.delete(f(this.options.appId))];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/session/end?").concat(h(r))),[2]}}))}))},e.prototype.refreshToken=function(){return o(this,void 0,void 0,(function(){var e,t,o;return n(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(f(this.options.appId))];case 1:if(!(null==(e=n.sent())?void 0:e.refreshToken))throw new Error("获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能");return t={grant_type:"refresh_token",redirect_uri:"",refresh_token:e.refreshToken},[4,s("".concat(this.domain,"/oidc/token"),h(t),{headers:{"Content-Type":"application/x-www-form-urlencoded","x-authing-app-id":this.options.appId}})];case 2:return o=n.sent().data,[4,this.loginStateProvider.delete(f(this.options.appId))];case 3:return n.sent(),[2,this.saveLoginState({idToken:o.id_token,accessToken:o.access_token,refreshToken:o.refresh_token})]}}))}))},e.prototype.listenToPostMessage=function(e){return o(this,void 0,void 0,(function(){var t=this;return n(this,(function(o){return[2,new Promise((function(o,n){var r=function(i){var s;if(i.origin===t.domain&&"authorization_response"===(null===(s=i.data)||void 0===s?void 0:s.type)){window.removeEventListener("message",r),t.globalMsgListener=void 0;var c=i.data.response;return c&&c.state===e?c.error?o({error:c.error,errorDesc:c.error_description}):o({accessToken:c.access_token,idToken:c.id_token,refreshToken:c.refresh_token,code:c.code,state:c.state}):n(new Error("非法的服务端返回值"))}};t.globalMsgListener=r,window.addEventListener("message",r)}))]}))}))},e.prototype.saveLoginState=function(e){return o(this,void 0,void 0,(function(){var t,o,r,i,s,c;return n(this,(function(n){switch(n.label){case 0:if(t=e.accessToken,o=e.idToken,r=e.refreshToken,i={accessToken:t,idToken:o,refreshToken:r,timestamp:Date.now()},o&&(s=_(o).body,i.parsedIdToken=s,i.expireAt=1e3*s.exp,e.nonce&&s.nonce!==e.nonce))throw new Error("nonce 验证失败");return t&&(c=_(t).body,i.parsedAccessToken=c,i.expireAt=1e3*c.exp),[4,this.loginStateProvider.put(f(this.options.appId),i)];case 1:return n.sent(),[2,i]}}))}))},e.prototype.exchangeToken=function(e,t,r,i){return o(this,void 0,void 0,(function(){var o,c;return n(this,(function(n){switch(n.label){case 0:return o={grant_type:"authorization_code",code:e,code_verifier:r,client_id:this.options.appId,redirect_uri:t},[4,s("".concat(this.domain,"/oidc/token"),h(o),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})];case 1:return c=n.sent().data,[2,this.saveLoginState({idToken:c.id_token,accessToken:c.access_token,refreshToken:c.refresh_token,nonce:i})]}}))}))},e.prototype.handleOIDCWebMsgResponse=function(e,t,r,i){return o(this,void 0,void 0,(function(){return n(this,(function(o){if(this.options.useImplicitMode){if(this.options.implicitResponseType.includes("token")&&"string"!=typeof e.accessToken||this.options.implicitResponseType.includes("id_token")&&"string"!=typeof e.idToken)throw new Error("无效的 Token 返回值");return[2,this.saveLoginState({accessToken:e.accessToken,idToken:e.idToken,refreshToken:e.refreshToken,nonce:t})]}if("string"!=typeof e.code)throw new Error("无效的 Code 返回值");if(!r||!i)throw new Error;return[2,this.exchangeToken(e.code,r,i,t)]}))}))},e.prototype.resolveCallbackParams=function(){var e="fragment"===this.options.redirectResponseMode?window.location.hash:window.location.search;if(!e)return null;var t=Object.create(null);return e.substring(1).split("&").forEach((function(e){var o=e.split("="),n=o[0],r=o[1];t[n]=r})),t},e}();export{b as Authing}; | ||
| import e from"axios";var t=function(){return t=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},t.apply(this,arguments)};function o(e,t,o,n){return new(o||(o=Promise))((function(r,i){function s(e){try{c(n.next(e))}catch(e){i(e)}}function a(e){try{c(n.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?r(e.value):(t=e.value,t instanceof o?t:new o((function(e){e(t)}))).then(s,a)}c((n=n.apply(e,t||[])).next())}))}function n(e,t){var o,n,r,i,s={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(i){return function(a){return function(i){if(o)throw new TypeError("Generator is already executing.");for(;s;)try{if(o=1,n&&(r=2&i[0]?n.return:i[0]?n.throw||((r=n.return)&&r.call(n),0):n.next)&&!(r=r.call(n,i[1])).done)return r;switch(n=0,r&&(i=[2&i[0],r.value]),i[0]){case 0:case 1:r=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,n=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(r=s.trys,(r=r.length>0&&r[r.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!r||i[1]>r[0]&&i[1]<r[3])){s.label=i[1];break}if(6===i[0]&&s.label<r[1]){s.label=r[1],r=i;break}if(r&&s.label<r[2]){s.label=r[2],s.ops.push(i);break}r[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],n=0}finally{o=r=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,a])}}}function r(e){var t,r;return o(this,void 0,void 0,(function(){var o,i,s,a;return n(this,(function(n){switch(n.label){case 0:return n.trys.push([0,2,,3]),[4,e];case 1:return[2,n.sent()];case 2:if(o=n.sent(),o.isAxiosError&&(null===(r=null===(t=o.response)||void 0===t?void 0:t.data)||void 0===r?void 0:r.error))throw i=o.response.data,s=i.error,a=i.error_description,new Error("认证服务器返回错误 ".concat(s,": ").concat(a));throw o;case 3:return[2]}}))}))}function i(t,i){return o(this,void 0,void 0,(function(){var o;return n(this,(function(n){return o=a(i),[2,r(e.get(t,o))]}))}))}function s(t,i,s){return o(this,void 0,void 0,(function(){var o;return n(this,(function(n){return o=a(s),[2,r(e.post(t,i,o))]}))}))}function a(e){return Object.assign({},e||{},{headers:t(t({},null==e?void 0:e.headers),{"x-authing-request-from":"sdk-web","x-authing-sdk-version":"5.1.21"})})}var c="".concat("authing-spa",":").concat("1"),d=function(){function e(){this.storage=Object.create(null)}return e.prototype.get=function(e){var t;return null!==(t=this.storage[e])&&void 0!==t?t:null},e.prototype.put=function(e,t){this.storage[e]=t},e.prototype.delete=function(e){delete this.storage[e]},e}(),p=function(){function e(){}return e.prototype.get=function(e){var t=localStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){localStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){localStorage.removeItem(e)},e}(),u=function(){function e(){}return e.prototype.get=function(){return null},e.prototype.put=function(){},e.prototype.delete=function(){},e}(),l=function(){function e(){}return e.prototype.get=function(e){var t=sessionStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){sessionStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){sessionStorage.removeItem(e)},e}();function h(e){return Object.keys(e).filter((function(t){return null!==e[t]&&void 0!==e[t]})).map((function(t){return encodeURIComponent(t)+"="+encodeURIComponent(e[t])})).join("&")}function f(e){return[c,e,"login-state"].join(":")}function v(e,t){return[c,e,"tx",t].join(":")}function g(){return window.crypto||window.msCrypto}function w(){var e=g();return e.subtle||e.webkitSubtle}function m(e){var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";return Array.from(g().getRandomValues(new Uint8Array(e))).map((function(e){return t[e%t.length]})).join("")}function y(e){for(var t=[],o=0;o<e.length;++o)t.push(e.charCodeAt(o));return new Uint8Array(t)}function k(e){return void 0===e&&(e="SHA-256"),o(this,void 0,void 0,(function(){var t,o;return n(this,(function(n){switch(n.label){case 0:return t=m(43),[4,w().digest(e,y(t))];case 1:return o=n.sent(),[2,{codeChallenge:function(e){for(var t=new Uint8Array(e),o="",n=0;n<t.byteLength;++n)o+=String.fromCharCode(t[n]);var r=window.btoa(o),i={"+":"-","/":"_","=":""};return r.replace(/[+/=]/g,(function(e){return i[e]}))}(o),codeVerifier:t}]}}))}))}function b(e){var t=e.split("."),o=t[0],n=t[1];if(!t[2])throw new Error("无效的 Token 格式");var r=JSON.parse(window.atob(o));if(r.enc)throw new Error("本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能");return n=n.replace(/-/g,"+").replace(/_/g,"/"),n=decodeURIComponent(window.atob(n).split("").map((function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)})).join("")),{header:r,body:JSON.parse(n)}}var _=function(){function e(e){var t,o,n,r,i;if(this.options=e,this.domain=function(e){var t,o=/^(((?:http)|(?:https)):\/\/)?((?:[\w-_]+)(?:\.[\w-_]+)+)(?:\/.*)?$/.exec(e);if(o&&o[3])return"".concat(null!==(t=o[1])&&void 0!==t?t:"https://").concat(o[3]);throw Error("无效的域名配置: ".concat(e))}(this.options.domain),!(e.useImplicitMode||g()&&w()))throw new Error("PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true");"object"==typeof localStorage?this.loginStateProvider=new p:(console.warn("您的浏览器版本过低,登录态存储功能将不可用"),this.loginStateProvider=new d),"object"==typeof sessionStorage?this.transactionProvider=new l:(e.useImplicitMode||console.warn("您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true"),this.transactionProvider=new u),e.implicitResponseType=null!==(t=e.implicitResponseType)&&void 0!==t?t:"id_token token",e.redirectResponseMode=null!==(o=e.redirectResponseMode)&&void 0!==o?o:"fragment",e.popupWidth=null!==(n=e.popupWidth)&&void 0!==n?n:800,e.popupHeight=null!==(r=e.popupHeight)&&void 0!==r?r:600,e.scope=null!==(i=e.scope)&&void 0!==i?i:"openid profile"}return e.prototype.getLoginStateWithRedirect=function(){var e;return o(this,void 0,void 0,(function(){var t,o,r,i,s,a,c,d;return n(this,(function(n){switch(n.label){case 0:return t=m(16),o=m(16),r=null!==(e=this.options.redirectUri)&&void 0!==e?e:window.location.origin,i={redirect_uri:r,response_mode:this.options.redirectResponseMode||"query",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:t,nonce:o,scope:this.options.scope},this.options.useImplicitMode?[3,2]:[4,k()];case 1:a=n.sent(),c=a.codeChallenge,d=a.codeVerifier,i.code_challenge=c,i.code_challenge_method="S256",s=d,n.label=2;case 2:return[4,this.transactionProvider.put(v(this.options.appId,t),{codeVerifier:s,state:t,redirectUri:r,nonce:o})];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(h(i))),[2]}}))}))},e.prototype.getLoginState=function(e){var t;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i,a,c,d,p,u,l,v,g;return n(this,(function(n){switch(n.label){case 0:return e.ignoreCache?[3,3]:[4,this.loginStateProvider.get(f(this.options.appId))];case 1:return(o=n.sent())&&o.expireAt&&o.expireAt>Date.now()?this.options.introspectAccessToken&&o.accessToken?[4,s("".concat(this.domain,"/oidc/token/introspection"),h({client_id:this.options.appId,token:o.accessToken}),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})]:[2,o]:[3,3];case 2:if(!0===n.sent().data.active)return[2,o];n.label=3;case 3:return[4,this.loginStateProvider.delete(f(this.options.appId))];case 4:if(n.sent(),void 0!==this.globalMsgListener)throw new Error("另一个认证流程正在进行中,请不要同时发起多个认证");return this.globalMsgListener=null,window.crossOriginIsolated?(console.warn("当前页面运行在隔离模式下,无法获取登录态"),[2,null]):(r=m(16),i=m(16),c=null!==(t=this.options.redirectUri)&&void 0!==t?t:window.location.origin,d={redirect_uri:c,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:r,nonce:i,prompt:"none",scope:this.options.scope},this.options.useImplicitMode?[3,6]:[4,k()]);case 5:p=n.sent(),u=p.codeChallenge,l=p.codeVerifier,a=l,d.code_challenge=u,d.code_challenge_method="S256",n.label=6;case 6:return(v=document.createElement("iframe")).hidden=!0,v.width=v.height="0",v.src="".concat(this.domain,"/oidc/auth?").concat(h(d)),window.navigator.userAgent.indexOf("MSIE")>=1||window.navigator.userAgent.indexOf("Trident")>=1&&window.navigator.userAgent.indexOf("rv")>=1||window.navigator.userAgent.indexOf("Edge")>=1?document.body.appendChild(v):document.body.append(v),[4,Promise.race([this.listenToPostMessage(r),new Promise((function(e){return setTimeout((function(){return e(null)}),5e3)}))])];case 7:if(g=n.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,v.remove(),null===g)return console.warn("登录态获取超时"),[2,null];if(g.error)return"login_required"!==g.error?console.warn("登录态获取失败,认证服务器返回错误: error=".concat(g.error,", error_description=").concat(g.errorDesc)):console.warn("用户未登录"),[2,null];if(g.state!==r)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(g,i,c,a)]}}))}))},e.prototype.loginWithRedirect=function(e){var r;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,i,s,a,c,d,p,u;return n(this,(function(n){switch(n.label){case 0:if(!(o=e.redirectUri||this.options.redirectUri))throw new Error("必须设置 redirect_uri");return i=m(16),s=m(16),a=t(t({redirect_uri:o,response_mode:this.options.redirectResponseMode,response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:i,nonce:s,scope:this.options.scope},e.forced&&{prompt:"login"}),e.login_page_context&&{login_page_context:e.login_page_context}),this.options.useImplicitMode?[3,2]:[4,k()];case 1:d=n.sent(),p=d.codeChallenge,u=d.codeVerifier,a.code_challenge=p,a.code_challenge_method="S256",c=u,n.label=2;case 2:return[4,this.transactionProvider.put(v(this.options.appId,i),t(t({codeVerifier:c,state:i,redirectUri:o,nonce:s},this.options.redirectToOriginalUri&&{originalUri:null!==(r=e.originalUri)&&void 0!==r?r:window.location.href}),void 0!==e.customState&&{customState:e.customState}))];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(h(a))),[2]}}))}))},e.prototype.isRedirectCallback=function(){var e=this.resolveCallbackParams();return!!e&&(!!e.error||(this.options.useImplicitMode?!(!e.access_token&&!e.id_token):!!e.code))},e.prototype.handleRedirectCallback=function(){return o(this,void 0,void 0,(function(){var e,o,r,i,s,a,c,d,p,u,l;return n(this,(function(n){switch(n.label){case 0:if(!(e=this.resolveCallbackParams()))throw new Error("非法的回调 URL");if(e.error)throw new Error("认证失败, error=".concat(e.error,", error_description=").concat(e.error_description));if(!(i=e.state))throw new Error("非法的回调 URL: 缺少 state");return[4,this.transactionProvider.get(v(this.options.appId,i))];case 1:return(s=n.sent())?[4,this.transactionProvider.delete(v(this.options.appId,i))]:[3,5];case 2:if(n.sent(),s.state!==i)throw new Error("state 验证失败");if(o=s.originalUri,r=s.customState,this.options.useImplicitMode)return[3,4];if(!(a=e.code))throw new Error("非法的回调 URL: 缺少 code");return[4,this.exchangeToken(a,s.redirectUri,s.codeVerifier,s.nonce)];case 3:return c=n.sent(),this.options.redirectToOriginalUri&&o&&window.location.replace(o),[2,c];case 4:return[3,6];case 5:if(!this.options.useImplicitMode)throw new Error("获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage");n.label=6;case 6:if(d=e.id_token,p=e.access_token,u=null==s?void 0:s.nonce,this.options.implicitResponseType.includes("token")&&!p||this.options.implicitResponseType.includes("id_token")&&!d)throw new Error("非法的回调 URL: 缺少 token");return[4,this.saveLoginState({idToken:d,accessToken:p,nonce:u})];case 7:return l=n.sent(),this.options.redirectToOriginalUri&&o&&window.location.replace(o),[2,t(t({},l),{customState:r})]}}))}))},e.prototype.loginWithPopup=function(e){return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i,s,a,c,d,p,u,l,f;return n(this,(function(n){switch(n.label){case 0:if(o=e.redirectUri||this.options.redirectUri||window.location.origin,void 0!==this.globalMsgListener)throw new Error("另一个认证流程正在进行中,请不要同时发起多个认证");if(this.globalMsgListener=null,window.crossOriginIsolated)throw new Error("当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect");return r=m(16),i=m(16),s=t(t({redirect_uri:o,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:r,nonce:i},e.forced&&{prompt:"login"}),{scope:this.options.scope}),this.options.useImplicitMode?[3,2]:[4,k()];case 1:c=n.sent(),d=c.codeChallenge,p=c.codeVerifier,a=p,s.code_challenge=d,s.code_challenge_method="S256",n.label=2;case 2:if(u="".concat(this.domain,"/oidc/auth?").concat(h(s)),!(l=window.open(u,"authing-spa-login-window","popup,width=".concat(this.options.popupWidth,",height=").concat(this.options.popupHeight))))throw new Error("弹出窗口失败");return[4,Promise.race([this.listenToPostMessage(r),new Promise((function(e){var t=setInterval((function(){l.closed&&(clearInterval(t),setTimeout((function(){return e(null)}),500))}),500)}))])];case 3:if(f=n.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,!f)return[2,null];if(f.error)throw new Error("登录失败,认证服务器返回错误: error=".concat(f.error,", error_description=").concat(f.errorDesc));if(f.state!==r)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(f,i,o,a)]}}))}))},e.prototype.getUserInfo=function(e){var t,r;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,s,a;return n(this,(function(n){switch(n.label){case 0:return null===(t=e.accessToken)||void 0===t?[3,1]:(s=t,[3,3]);case 1:return[4,this.getLoginState()];case 2:s=null===(r=n.sent())||void 0===r?void 0:r.accessToken,n.label=3;case 3:if(!(o=s))throw new Error("access token 不存在,请重新登录");return[4,i("".concat(this.domain,"/api/v3/get-profile"),{headers:{Authorization:"Bearer ".concat(o),"x-authing-userpool-id":this.options.userPoolId}})];case 4:return(a=n.sent().data).data?[2,a.data]:[2,{apiCode:a.apiCode,message:a.message,statusCode:a.statusCode}]}}))}))},e.prototype.logoutWithRedirect=function(e){var t;return void 0===e&&(e={}),o(this,void 0,void 0,(function(){var o,r,i;return n(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(f(this.options.appId))];case 1:return(o=n.sent())?[4,this.loginStateProvider.delete(f(this.options.appId))]:[2];case 2:return n.sent(),r={id_token_hint:o.idToken},(i=null!==(t=e.redirectUri)&&void 0!==t?t:this.options.logoutRedirectUri)&&(r.post_logout_redirect_uri=i,r.state=e.state),[4,this.loginStateProvider.delete(f(this.options.appId))];case 3:return n.sent(),window.location.replace("".concat(this.domain,"/oidc/session/end?").concat(h(r))),[2]}}))}))},e.prototype.refreshToken=function(){return o(this,void 0,void 0,(function(){var e,t,o;return n(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(f(this.options.appId))];case 1:if(!(null==(e=n.sent())?void 0:e.refreshToken))throw new Error("获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能");return t={grant_type:"refresh_token",redirect_uri:"",refresh_token:e.refreshToken},[4,s("".concat(this.domain,"/oidc/token"),h(t),{headers:{"Content-Type":"application/x-www-form-urlencoded","x-authing-app-id":this.options.appId}})];case 2:return o=n.sent().data,[4,this.loginStateProvider.delete(f(this.options.appId))];case 3:return n.sent(),[2,this.saveLoginState({idToken:o.id_token,accessToken:o.access_token,refreshToken:o.refresh_token})]}}))}))},e.prototype.listenToPostMessage=function(e){return o(this,void 0,void 0,(function(){var t=this;return n(this,(function(o){return[2,new Promise((function(o,n){var r=function(i){var s;if(i.origin===t.domain&&"authorization_response"===(null===(s=i.data)||void 0===s?void 0:s.type)){window.removeEventListener("message",r),t.globalMsgListener=void 0;var a=i.data.response;return a&&a.state===e?a.error?o({error:a.error,errorDesc:a.error_description}):o({accessToken:a.access_token,idToken:a.id_token,refreshToken:a.refresh_token,code:a.code,state:a.state}):n(new Error("非法的服务端返回值"))}};t.globalMsgListener=r,window.addEventListener("message",r)}))]}))}))},e.prototype.saveLoginState=function(e){return o(this,void 0,void 0,(function(){var t,o,r,i,s,a;return n(this,(function(n){switch(n.label){case 0:if(t=e.accessToken,o=e.idToken,r=e.refreshToken,i={accessToken:t,idToken:o,refreshToken:r,timestamp:Date.now()},o&&(s=b(o).body,i.parsedIdToken=s,i.expireAt=1e3*s.exp,e.nonce&&s.nonce!==e.nonce))throw new Error("nonce 验证失败");return t&&(a=b(t).body,i.parsedAccessToken=a,i.expireAt=1e3*a.exp),[4,this.loginStateProvider.put(f(this.options.appId),i)];case 1:return n.sent(),[2,i]}}))}))},e.prototype.exchangeToken=function(e,t,r,i){return o(this,void 0,void 0,(function(){var o,a;return n(this,(function(n){switch(n.label){case 0:return o={grant_type:"authorization_code",code:e,code_verifier:r,client_id:this.options.appId,redirect_uri:t},[4,s("".concat(this.domain,"/oidc/token"),h(o),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})];case 1:return a=n.sent().data,[2,this.saveLoginState({idToken:a.id_token,accessToken:a.access_token,refreshToken:a.refresh_token,nonce:i})]}}))}))},e.prototype.handleOIDCWebMsgResponse=function(e,t,r,i){return o(this,void 0,void 0,(function(){return n(this,(function(o){if(this.options.useImplicitMode){if(this.options.implicitResponseType.includes("token")&&"string"!=typeof e.accessToken||this.options.implicitResponseType.includes("id_token")&&"string"!=typeof e.idToken)throw new Error("无效的 Token 返回值");return[2,this.saveLoginState({accessToken:e.accessToken,idToken:e.idToken,refreshToken:e.refreshToken,nonce:t})]}if("string"!=typeof e.code)throw new Error("无效的 Code 返回值");if(!r||!i)throw new Error;return[2,this.exchangeToken(e.code,r,i,t)]}))}))},e.prototype.resolveCallbackParams=function(){var e="fragment"===this.options.redirectResponseMode?window.location.hash:window.location.search;if(!e)return null;var t=Object.create(null);return e.substring(1).split("&").forEach((function(e){var o=e.split("="),n=o[0],r=o[1];t[n]=r})),t},e.prototype.login=function(e,r){var i,a,c,d,p;return o(this,void 0,void 0,(function(){var o,u,l;return n(this,(function(n){switch(n.label){case 0:o={code:"/api/v3/signin-by-mobile",phone:"/api/v3/signin-by-mobile",password:"/api/v3/signin",passCode:"/api/v3/signin"},n.label=1;case 1:return n.trys.push([1,7,,8]),[4,s(this.domain+o[r],e,{headers:{"x-authing-app-id":this.options.appId}})];case 2:return u=n.sent().data,(null===(i=u.data)||void 0===i?void 0:i.access_token)||(null===(a=u.data)||void 0===a?void 0:a.id_token)?[4,this.saveLoginState(t({accessToken:null===(c=u.data)||void 0===c?void 0:c.access_token,idToken:null===(d=u.data)||void 0===d?void 0:d.id_token,refreshToken:null===(p=u.data)||void 0===p?void 0:p.refresh_token},u.data))]:[3,4];case 3:return[2,n.sent()];case 4:return[4,this.loginStateProvider.delete(f(this.options.appId))];case 5:throw n.sent(),new Error(u);case 6:return[3,8];case 7:throw l=n.sent(),new Error("login error: "+JSON.stringify(l));case 8:return[2]}}))}))},e.prototype.getPublicKey=function(e){var t;return o(this,void 0,void 0,(function(){var o,r;return n(this,(function(n){switch(n.label){case 0:return n.trys.push([0,2,,3]),[4,i("".concat(this.domain,"/api/v3/system"))];case 1:return o=n.sent().data,[2,null===(t=null==o?void 0:o[e])||void 0===t?void 0:t.publicKey];case 2:throw r=n.sent(),new Error("get public key error: "+JSON.stringify(r));case 3:return[2]}}))}))},e.prototype.loginByEmail=function(e){var r,i;return o(this,void 0,void 0,(function(){var o,s;return n(this,(function(n){switch(n.label){case 0:if(!(null===(r=e.options)||void 0===r?void 0:r.passwordEncryptType)||"none"===(null===(i=e.options)||void 0===i?void 0:i.passwordEncryptType))return[3,2];if(!this.options.encryptFunction)throw new Error('encrypFunction is required, if passwordEncryptType is not "none"');return[4,this.getPublicKey(e.options.passwordEncryptType)];case 1:if("string"!=typeof(o=n.sent()))throw new Error("publicKey of ".concat(e.options.passwordEncryptType," is not a string, please contact the administrator"));e.passwordPayload.password=this.options.encryptFunction(e.passwordPayload.password,o),n.label=2;case 2:return s=t(t({},e),{connection:"PASSWORD"}),[4,this.login(s,"password")];case 3:return[2,n.sent()]}}))}))},e}();export{_ as Authing}; | ||
| //# sourceMappingURL=index.esm.js.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"index.esm.js","sources":["../../src/axios.ts","../../src/constants.ts","../../src/storage/InMemoryStorgeProvider.ts","../../src/storage/LocalStorageProvider.ts","../../src/storage/NullStorageProvider.ts","../../src/storage/SessionStorageProvider.ts","../../src/utils.ts","../../src/Authing.ts"],"sourcesContent":["import axios, { AxiosError, AxiosRequestConfig } from 'axios'\n\nimport { version } from '../package.json'\n\nfunction isAxiosError(e: any): e is AxiosError {\n\treturn e.isAxiosError\n}\n\nasync function axiosPromiseWrapper(p: Promise<any>) {\n\ttry {\n\t\treturn await p\n\t} catch (e) {\n\t\tif (isAxiosError(e)) {\n\t\t\tif ((e.response?.data as any)?.error) {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n\t\t\t\tconst { error, error_description } = e.response!.data as any\n\t\t\t\tthrow new Error(`认证服务器返回错误 ${error}: ${error_description}`)\n\t\t\t}\n\t\t}\n\t\tthrow e\n\t}\n}\n\nexport async function axiosGet(\n\turl: string,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.get(url, _options))\n}\n\nexport async function axiosPost(\n\turl: string,\n\tdata?: any,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.post(url, data, _options))\n}\n\nfunction mergeOptions (options?: AxiosRequestConfig<string>): AxiosRequestConfig {\n\tconst _options = Object.assign({}, options || {}, {\n\t\theaders: {\n\t\t\t...options?.headers,\n\t\t\t'x-authing-request-from': 'sdk-web',\n\t\t\t'x-authing-sdk-version': version\n\t\t}\n\t})\n\treturn _options\n}\n","export const SDK_IDENTIFIER = 'authing-spa'\nexport const STORAGE_VERSION = '1'\n\nexport const STORAGE_KEY_PREFIX = `${SDK_IDENTIFIER}:${STORAGE_VERSION}`\n\nexport const DEFAULT_IFRAME_LOGINSTATE_TIMEOUT = 5000\n\nexport const DEFAULT_POPUP_WIDTH = 800\nexport const DEFAULT_POPUP_HEIGHT = 600\n\nexport const DEFAULT_SCOPE = 'openid profile'\n\nexport const MSG_PENDING_AUTHZ =\n '另一个认证流程正在进行中,请不要同时发起多个认证'\nexport const MSG_CROSS_ORIGIN_ISOLATED =\n '当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect'\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class InMemoryStorageProvider<T> implements StorageProvider<T> {\n\tprivate readonly storage = Object.create(null)\n\n\tget(key: string): MayBePromise<T | null> {\n\t\treturn this.storage[key] ?? null\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tthis.storage[key] = value\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tdelete this.storage[key]\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class LocalStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = localStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tlocalStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tlocalStorage.removeItem(key)\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class NullStorageProvider<T> implements StorageProvider<T> {\n\tget(): MayBePromise<T | null> {\n\t\treturn null\n\t}\n\n\tput(): MayBePromise<void> {\n\t\t// null\n\t}\n\n\tdelete(): MayBePromise<void> {\n\t\t// null\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class SessionStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = sessionStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tsessionStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tsessionStorage.removeItem(key)\n\t}\n}\n","import { STORAGE_KEY_PREFIX } from './constants'\nimport { StrDict } from './types'\n\nexport function createQueryParams(params: any) {\n\treturn Object.keys(params)\n\t\t.filter(k => params[k] !== null && params[k] !== undefined)\n\t\t.map(\n\t\t\tk => encodeURIComponent(k) + '=' + encodeURIComponent(params[k] as string)\n\t\t)\n\t\t.join('&')\n}\n\nexport function loginStateKey(appId: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'login-state'].join(':')\n}\n\nexport function transactionKey(appId: string, state: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'tx', state].join(':')\n}\n\nexport function getCrypto() {\n\t//ie 11.x uses msCrypto\n\treturn (window.crypto || (window as any).msCrypto) as Crypto\n}\n\nexport function getCryptoSubtle() {\n\tconst crypto = getCrypto()\n\t//safari 10.x uses webkitSubtle\n\treturn crypto.subtle || (crypto as any).webkitSubtle\n}\n\nexport function createRandomString(length: number) {\n\tconst charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'\n\tconst randomValues = Array.from(\n\t\tgetCrypto().getRandomValues(new Uint8Array(length))\n\t)\n\treturn randomValues.map(v => charset[v % charset.length]).join('')\n}\n\nexport function string2Buf(str: string) {\n\tconst buffer: number[] = []\n\tfor (let i = 0; i < str.length; ++i) {\n\t\tbuffer.push(str.charCodeAt(i))\n\t}\n\treturn new Uint8Array(buffer)\n}\n\nfunction buf2Base64Url(buffer: ArrayBuffer) {\n\tconst ie11SafeInput = new Uint8Array(buffer)\n\tlet binary = ''\n\tfor (let i = 0; i < ie11SafeInput.byteLength; ++i) {\n\t\tbinary += String.fromCharCode(ie11SafeInput[i])\n\t}\n\tconst base64 = window.btoa(binary)\n\tconst charMapping: StrDict = { '+': '-', '/': '_', '=': '' }\n\treturn base64.replace(/[+/=]/g, (ch: string) => charMapping[ch])\n}\n\nexport async function genPKCEPair(algorithm = 'SHA-256') {\n\t// 规定最少 43 个字符\n\tconst codeVerifier = createRandomString(43)\n\tconst hash = await getCryptoSubtle().digest(\n\t\talgorithm,\n\t\tstring2Buf(codeVerifier)\n\t)\n\tconst codeChallenge = buf2Base64Url(hash)\n\treturn { codeChallenge, codeVerifier }\n}\n\nexport function domainC14n(domain: string) {\n\tconst domainExp = /^(((?:http)|(?:https)):\\/\\/)?((?:[\\w-_]+)(?:\\.[\\w-_]+)+)(?:\\/.*)?$/\n\tconst matchRes = domainExp.exec(domain)\n\tif (matchRes && matchRes[3]) {\n\t\treturn `${matchRes[1] ?? 'https://'}${matchRes[3]}`\n\t}\n\tthrow Error(`无效的域名配置: ${domain}`)\n}\n\nexport function parseToken(token: string) {\n\tlet [header, body, sig] = token.split('.')\n\tif (!sig) {\n\t\tthrow new Error('无效的 Token 格式')\n\t}\n\n\tconst headerObj = JSON.parse(window.atob(header))\n\tif (headerObj.enc) {\n\t\tthrow new Error(\n\t\t\t'本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能'\n\t\t)\n\t}\n\n\tbody = body.replace(/-/g, '+').replace(/_/g, '/')\n\tbody = decodeURIComponent(\n\t\twindow\n\t\t\t.atob(body)\n\t\t\t.split('')\n\t\t\t.map(function (c) {\n\t\t\t\treturn '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)\n\t\t\t})\n\t\t\t.join('')\n\t)\n\n\treturn {\n\t\theader: headerObj,\n\t\tbody: JSON.parse(body)\n\t}\n}\n\nexport function isIE() {\n\tif (\n\t\twindow.navigator.userAgent.indexOf('MSIE') >= 1 ||\n (window.navigator.userAgent.indexOf('Trident') >= 1 &&\n window.navigator.userAgent.indexOf('rv') >= 1) ||\n window.navigator.userAgent.indexOf('Edge') >= 1\n\t) {\n\t\treturn true\n\t}\n\n\treturn false\n}\n","import { axiosGet, axiosPost } from './axios'\nimport {\n\tDEFAULT_IFRAME_LOGINSTATE_TIMEOUT,\n\tDEFAULT_POPUP_HEIGHT,\n\tDEFAULT_POPUP_WIDTH,\n\tDEFAULT_SCOPE,\n\tMSG_CROSS_ORIGIN_ISOLATED,\n\tMSG_PENDING_AUTHZ\n} from './constants'\nimport {\n\tAuthingSPAInitOptions,\n\tLoginState,\n\tIDToken,\n\tAccessToken,\n\tLoginTransaction,\n\tAuthzURLParams,\n\tOIDCWebMessageResponse,\n\tPKCETokenParams,\n\tOIDCTokenResponse,\n\tLoginStateWithCustomStateData,\n\tLogoutURLParams,\n\tIUserInfo,\n\tNormalError\n} from './global'\nimport { InMemoryStorageProvider } from './storage/InMemoryStorgeProvider'\nimport { StorageProvider } from './storage/interface'\nimport { LocalStorageProvider } from './storage/LocalStorageProvider'\nimport { NullStorageProvider } from './storage/NullStorageProvider'\nimport { SessionStorageProvider } from './storage/SessionStorageProvider'\nimport { MsgListener, StrDict } from './types'\nimport {\n\tcreateQueryParams,\n\tcreateRandomString,\n\tdomainC14n,\n\tgenPKCEPair,\n\tgetCrypto,\n\tgetCryptoSubtle,\n\tisIE,\n\tloginStateKey,\n\tparseToken,\n\ttransactionKey\n} from './utils'\n\nexport class Authing {\n\tprivate globalMsgListener: MsgListener | null | undefined\n\n\tprivate readonly options: Required<AuthingSPAInitOptions>\n\tprivate readonly loginStateProvider: StorageProvider<LoginState>\n\tprivate readonly transactionProvider: StorageProvider<LoginTransaction>\n\tprivate readonly domain: string\n\n\tconstructor(options: AuthingSPAInitOptions) {\n\t\tthis.options = options as any\n\t\tthis.domain = domainC14n(this.options.domain)\n\n\t\tif (!options.useImplicitMode && (!getCrypto() || !getCryptoSubtle())) {\n\t\t\tthrow new Error(\n\t\t\t\t'PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true'\n\t\t\t)\n\t\t}\n\n\t\tif (typeof localStorage === 'object') {\n\t\t\tthis.loginStateProvider = new LocalStorageProvider()\n\t\t} else {\n\t\t\tconsole.warn('您的浏览器版本过低,登录态存储功能将不可用')\n\t\t\tthis.loginStateProvider = new InMemoryStorageProvider()\n\t\t}\n\n\t\tif (typeof sessionStorage === 'object') {\n\t\t\tthis.transactionProvider = new SessionStorageProvider()\n\t\t} else {\n\t\t\tif (!options.useImplicitMode) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t'您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true'\n\t\t\t\t)\n\t\t\t}\n\t\t\tthis.transactionProvider = new NullStorageProvider()\n\t\t}\n\n\t\toptions.implicitResponseType =\n options.implicitResponseType ?? 'id_token token'\n\t\toptions.redirectResponseMode = options.redirectResponseMode ?? 'fragment'\n\t\toptions.popupWidth = options.popupWidth ?? DEFAULT_POPUP_WIDTH\n\t\toptions.popupHeight = options.popupHeight ?? DEFAULT_POPUP_HEIGHT\n\t\toptions.scope = options.scope ?? DEFAULT_SCOPE\n\t}\n\n\tasync getLoginStateWithRedirect() {\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tconst redirectUri = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode || 'query',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 按顺序用以下方式获取用户登录态:\n *\n * 1. 本地缓存获取\n * 2. 隐藏 iframe 获取\n *\n * @param options.ignoreCache 忽略本地缓存\n */\n\tasync getLoginState(\n\t\toptions: {\n ignoreCache?: boolean\n } = {}\n\t): Promise<null | LoginState> {\n\t\t// 1. 从 loginStateProvider 中(默认为 localStorage)获取\n\t\tif (!options.ignoreCache) {\n\t\t\tconst state = await this.loginStateProvider.get(\n\t\t\t\tloginStateKey(this.options.appId)\n\t\t\t)\n\t\t\tif (state && state.expireAt && state.expireAt > Date.now()) {\n\t\t\t\tif (!this.options.introspectAccessToken || !state.accessToken) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\n\t\t\t\tconst { data } = await axiosPost(\n\t\t\t\t\t`${this.domain}/oidc/token/introspection`,\n\t\t\t\t\tcreateQueryParams({\n\t\t\t\t\t\tclient_id: this.options.appId,\n\t\t\t\t\t\ttoken: state.accessToken\n\t\t\t\t\t}),\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t)\n\n\t\t\t\tif (data.active === true) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\t// 2. 用隐藏 iframe 获取\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tconsole.warn('当前页面运行在隔离模式下,无法获取登录态')\n\t\t\treturn null\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tlet codeVerifier: string | undefined\n\t\tconst redirectUrl = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUrl,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tprompt: 'none',\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst iframe = document.createElement('iframe')\n\t\t// iframe.title = 'postMessage() Initiator';\n\t\tiframe.hidden = true\n\t\tiframe.width = iframe.height = '0'\n\n\t\tiframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tif (isIE()) {\n\t\t\tdocument.body.appendChild(iframe)\n\t\t} else {\n\t\t\tdocument.body.append(iframe)\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve =>\n\t\t\t\tsetTimeout(() => resolve(null), DEFAULT_IFRAME_LOGINSTATE_TIMEOUT)\n\t\t\t)\n\t\t])\n\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tiframe.remove()\n\n\t\tif (res === null) {\n\t\t\tconsole.warn('登录态获取超时')\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tif (res.error !== 'login_required') {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`登录态获取失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t\t)\n\t\t\t} else {\n\t\t\t\tconsole.warn('用户未登录')\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUrl, codeVerifier)\n\t}\n\n\t/**\n * 将用户重定向到 Authing 认证端点进行登录,需要配合 handleRedirectCallback 使用\n *\n * @param options.redirectUri 回调地址,默认为初始化参数中的 redirectUri\n * @param options.originalUri 发起登录的 URL,若设置了 redirectToOriginalUri 会在登录结束后重定向回到此页面,默认为当前 URL\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n * @param options.customState 自定义的中间状态,会被传递到回调端点\n */\n\tasync loginWithRedirect(\n\t\toptions: {\n redirectUri?: string\n originalUri?: string\n forced?: boolean\n customState?: any\n login_page_context?: string\n } = {}\n\t): Promise<void> {\n\t\tconst redirectUri = options.redirectUri || this.options.redirectUri\n\t\tif (!redirectUri) {\n\t\t\tthrow new Error('必须设置 redirect_uri')\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode,\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\t...(options.login_page_context && {\n\t\t\t\tlogin_page_context: options.login_page_context\n\t\t\t})\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce,\n\t\t\t\t...(this.options.redirectToOriginalUri && {\n\t\t\t\t\toriginalUri: options.originalUri ?? window.location.href\n\t\t\t\t}),\n\t\t\t\t...(options.customState !== undefined && {\n\t\t\t\t\tcustomState: options.customState\n\t\t\t\t})\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 判断当前 URL 是否为 Authing 登录回调 URL\n */\n\tisRedirectCallback(): boolean {\n\t\tconst params = this.resolveCallbackParams()\n\n\t\tif (!params) {\n\t\t\treturn false\n\t\t}\n\n\t\tif (params['error']) {\n\t\t\treturn true\n\t\t}\n\n\t\tif (this.options.useImplicitMode) {\n\t\t\treturn !!(params['access_token'] || params['id_token'])\n\t\t} else {\n\t\t\treturn !!params['code']\n\t\t}\n\t}\n\n\t/**\n * 在回调端点处理 Authing 发送的授权码或 token,获取用户登录态\n */\n\tasync handleRedirectCallback(): Promise<LoginStateWithCustomStateData> {\n\t\tconst paramDict = this.resolveCallbackParams()\n\t\tif (!paramDict) {\n\t\t\tthrow new Error('非法的回调 URL')\n\t\t}\n\n\t\tif (paramDict.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`认证失败, error=${paramDict.error}, error_description=${paramDict.error_description}`\n\t\t\t)\n\t\t}\n\n\t\tlet originalUri: string | undefined\n\t\tlet customState: any\n\n\t\tconst { state } = paramDict\n\t\tif (!state) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 state')\n\t\t}\n\t\tconst tx = await this.transactionProvider.get(\n\t\t\ttransactionKey(this.options.appId, state)\n\t\t)\n\t\tif (tx) {\n\t\t\tawait this.transactionProvider.delete(\n\t\t\t\ttransactionKey(this.options.appId, state)\n\t\t\t)\n\n\t\t\tif (tx.state !== state) {\n\t\t\t\tthrow new Error('state 验证失败')\n\t\t\t}\n\n\t\t\toriginalUri = tx.originalUri\n\t\t\tcustomState = tx.customState\n\t\t\tif (!this.options.useImplicitMode) {\n\t\t\t\t// PKCE code flow\n\t\t\t\tconst { code } = paramDict\n\t\t\t\tif (!code) {\n\t\t\t\t\tthrow new Error('非法的回调 URL: 缺少 code')\n\t\t\t\t}\n\t\t\t\tconst res = await this.exchangeToken(\n\t\t\t\t\tcode,\n\t\t\t\t\ttx.redirectUri,\n tx.codeVerifier as string,\n tx.nonce\n\t\t\t\t)\n\n\t\t\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\t\t\twindow.location.replace(originalUri)\n\t\t\t\t}\n\n\t\t\t\treturn res\n\t\t\t}\n\t\t} else if (!this.options.useImplicitMode) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage'\n\t\t\t)\n\t\t}\n\t\t// implicit flow\n\t\tconst idToken = paramDict.id_token\n\t\tconst accessToken = paramDict.access_token\n\t\t// implict 模式没有refresh_token\n\t\t// https://docs.authing.cn/v2/concepts/oidc/choose-flow.html#%E9%9A%90%E5%BC%8F%E6%A8%A1%E5%BC%8F\n\t\t// const refreshToken = paramDict.refresh_token\n\t\tconst nonce = tx?.nonce\n\n\t\tif (\n\t\t\t(this.options.implicitResponseType.includes('token') && !accessToken) ||\n (this.options.implicitResponseType.includes('id_token') && !idToken)\n\t\t) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 token')\n\t\t}\n\n\t\tconst result = await this.saveLoginState({\n\t\t\tidToken,\n\t\t\taccessToken,\n\t\t\tnonce\n\t\t})\n\n\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\twindow.location.replace(originalUri)\n\t\t}\n\n\t\treturn { ...result, customState }\n\n\t}\n\n\t/**\n * 弹出一个新的 Authing 登录页面窗口,在其中完成登录\n *\n * @param options.redirectUri 回调地址,需要和当前页面在 same origin 下;默认为初始化参数中的 redirectUri 或 window.location.origin\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n */\n\tasync loginWithPopup(\n\t\toptions: { redirectUri?: string; forced?: boolean } = {}\n\t): Promise<LoginState | null> {\n\t\tconst redirectUri =\n options.redirectUri || this.options.redirectUri || window.location.origin\n\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tthrow new Error(MSG_CROSS_ORIGIN_ISOLATED)\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst url = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tconst win = window.open(\n\t\t\turl,\n\t\t\t'authing-spa-login-window',\n\t\t\t`popup,width=${this.options.popupWidth},height=${this.options.popupHeight}`\n\t\t)\n\t\tif (!win) {\n\t\t\tthrow new Error('弹出窗口失败')\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve => {\n\t\t\t\tconst handle = setInterval(() => {\n\t\t\t\t\tif (win.closed) {\n\t\t\t\t\t\tclearInterval(handle)\n\t\t\t\t\t\t// 防止 post message 事件和 close 事件同时到达\n\t\t\t\t\t\tsetTimeout(() => resolve(null), 500)\n\t\t\t\t\t}\n\t\t\t\t}, 500)\n\t\t\t})\n\t\t])\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tif (!res) {\n\t\t\t// 窗口被用户关闭了\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t)\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUri, codeVerifier)\n\t}\n\n\t// /**\n\t// * 由于 iframe 存在跨域 cookie 无法携带以及联邦认证支持问题,暂时不支持本方法\n\t// *\n\t// * 在指定的 iframe 中显示 Authing 登录页面,在其中完成登录\n\t// *\n\t// * 注意: 当需要手动关闭 iframe 时,必须同时调用 abortIframeLogin 方法\n\t// *\n\t// * @param options.forced 即使在用户已登录时也提示用户再次登录\n\t// */\n\t/*\n async loginWithIframe(\n iframe: HTMLIFrameElement,\n options: { forced?: boolean } = {},\n ): Promise<LoginState> {\n if (this.globalMsgListener !== undefined) {\n throw new Error(MSG_PENDING_AUTHZ);\n }\n this.globalMsgListener = null;\n\n if (window.crossOriginIsolated) {\n // 如果是 crossOriginIsolated 就发不了 postMessage 了\n throw new Error(MSG_CROSS_ORIGIN_ISOLATED);\n }\n\n const state = createRandomString(16);\n const nonce = createRandomString(16);\n let codeVerifier: string | undefined;\n\n const params: AuthzURLParams = {\n redirect_uri: window.location.href,\n response_mode: 'web_message',\n response_type: this.options.useImplicitMode\n ? this.options.implicitResponseType\n : 'code',\n client_id: this.options.appId,\n state,\n nonce,\n ...(options.forced && { prompt: 'login' }),\n scope: this.options.scope,\n };\n\n if (!this.options.useImplicitMode) {\n const { codeChallenge, codeVerifier: v } = await genPKCEPair();\n codeVerifier = v;\n params.code_challenge = codeChallenge;\n params.code_challenge_method = 'S256';\n }\n\n iframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`;\n\n const res = await this.listenToPostMessage(state);\n if (res.error) {\n throw new Error(\n `登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`,\n );\n }\n\n if (res.state !== state) {\n throw new Error('state 验证失败');\n }\n\n return this.handleSuccessfulOIDCResponse(\n res,\n window.location.href,\n codeVerifier,\n );\n }\n */\n\n\t/**\n * 手动中止 iframe 登录, 并移除 SDK 注册的事件监听器\n */\n\t/*\n abortIframeLogin(): void {\n if (this.globalMsgListener) {\n window.removeEventListener('message', this.globalMsgListener);\n }\n this.globalMsgListener = undefined;\n }\n */\n\n\t/**\n * 用 Access Token 获取用户身份信息\n *\n * @param options.accessToken Access Token,默认从登录态中获取\n */\n\tasync getUserInfo(\n\t\toptions: {\n accessToken?: string\n } = {}\n\t): Promise<IUserInfo | NormalError> {\n\t\tconst accessToken =\n options.accessToken ?? (await this.getLoginState())?.accessToken\n\t\tif (!accessToken) {\n\t\t\tthrow new Error('access token 不存在,请重新登录')\n\t\t}\n\n\t\tconst { data } = await axiosGet(`${this.domain}/api/v3/get-profile`, {\n\t\t\theaders: {\n\t\t\t\tAuthorization: `Bearer ${accessToken}`,\n\t\t\t\t'x-authing-userpool-id': this.options.userPoolId\n\t\t\t}\n\t\t})\n\n\t\tif (data.data) {\n\t\t\treturn data.data as IUserInfo\n\t\t}\n\n\t\treturn {\n\t\t\tapiCode: data.apiCode,\n\t\t\tmessage: data.message,\n\t\t\tstatusCode: data.statusCode\n\t\t}\n\t}\n\n\t/**\n * 重定向到 Authing 的登出端点,完成登出操作\n *\n * @param options.redirectUri 登出完成后的回调地址,默认为初始化参数中的 logoutRedirectUri\n * @param options.state 自定义中间状态\n */\n\tasync logoutWithRedirect(\n\t\toptions: {\n redirectUri?: string | null\n state?: string\n } = {}\n\t): Promise<void> {\n\t\tconst loginState = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!loginState) {\n\t\t\treturn\n\t\t}\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\tconst params: LogoutURLParams = {\n\t\t\tid_token_hint: loginState.idToken\n\t\t}\n\n\t\tconst logoutRedirectUri =\n options.redirectUri ?? this.options.logoutRedirectUri\n\t\tif (logoutRedirectUri) {\n\t\t\tparams.post_logout_redirect_uri = logoutRedirectUri\n\t\t\tparams.state = options.state\n\t\t}\n\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/session/end?${createQueryParams(params)}`\n\t\t)\n\t\treturn\n\t}\n\t/**\n *\n * 使用内部维护的 refresh_token 刷新 access_token、id_token\n *\n */\n\tasync refreshToken(): Promise<null | LoginState> {\n\t\tconst state = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!state?.refreshToken) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能'\n\t\t\t)\n\t\t}\n\t\tconst data = {\n\t\t\tgrant_type: 'refresh_token',\n\t\t\tredirect_uri: '',\n\t\t\trefresh_token: state.refreshToken\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(data),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token\n\t\t})\n\t}\n\n\tprivate async listenToPostMessage(state: string) {\n\t\treturn new Promise<OIDCWebMessageResponse>((resolve, reject) => {\n\t\t\tconst msgEventListener = (msgEvent: MessageEvent) => {\n\t\t\t\tif (\n\t\t\t\t\tmsgEvent.origin !== this.domain ||\n msgEvent.data?.type !== 'authorization_response'\n\t\t\t\t) {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\twindow.removeEventListener('message', msgEventListener)\n\t\t\t\tthis.globalMsgListener = undefined\n\n\t\t\t\tconst { response } = msgEvent.data\n\t\t\t\tif (!response || response.state !== state) {\n\t\t\t\t\treturn reject(new Error('非法的服务端返回值'))\n\t\t\t\t}\n\n\t\t\t\tif (response.error) {\n\t\t\t\t\treturn resolve({\n\t\t\t\t\t\terror: response.error,\n\t\t\t\t\t\terrorDesc: response.error_description\n\t\t\t\t\t})\n\t\t\t\t}\n\n\t\t\t\treturn resolve({\n\t\t\t\t\taccessToken: response.access_token,\n\t\t\t\t\tidToken: response.id_token,\n\t\t\t\t\trefreshToken: response.refresh_token,\n\t\t\t\t\tcode: response.code,\n\t\t\t\t\tstate: response.state\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tthis.globalMsgListener = msgEventListener\n\t\t\twindow.addEventListener('message', msgEventListener)\n\t\t})\n\t}\n\n\tprivate async saveLoginState(params: {\n accessToken?: string\n idToken?: string\n refreshToken?: string\n nonce?: string\n }) {\n\t\tconst { accessToken, idToken, refreshToken } = params\n\t\tconst loginState: LoginState = {\n\t\t\taccessToken: accessToken,\n\t\t\tidToken: idToken,\n\t\t\trefreshToken: refreshToken,\n\t\t\ttimestamp: Date.now()\n\t\t}\n\n\t\tif (idToken) {\n\t\t\tconst parsedIdToken: IDToken = parseToken(idToken).body\n\t\t\tloginState.parsedIdToken = parsedIdToken\n\t\t\tloginState.expireAt = parsedIdToken.exp * 1000\n\n\t\t\tif (params.nonce && parsedIdToken.nonce !== params.nonce) {\n\t\t\t\tthrow new Error('nonce 验证失败')\n\t\t\t}\n\t\t}\n\n\t\tif (accessToken) {\n\t\t\tconst parsedAccessToken: AccessToken = parseToken(accessToken).body\n\t\t\tloginState.parsedAccessToken = parsedAccessToken\n\t\t\tloginState.expireAt = parsedAccessToken.exp * 1000\n\t\t}\n\n\t\tawait this.loginStateProvider.put(\n\t\t\tloginStateKey(this.options.appId),\n\t\t\tloginState\n\t\t)\n\t\treturn loginState\n\t}\n\n\tprivate async exchangeToken(\n\t\tcode: string,\n\t\tredirectUri: string,\n\t\tcodeVerifier: string,\n\t\tnonce: string\n\t) {\n\t\tconst tokenParam: PKCETokenParams = {\n\t\t\tgrant_type: 'authorization_code',\n\t\t\tcode,\n\t\t\tcode_verifier: codeVerifier as string,\n\t\t\tclient_id: this.options.appId,\n\t\t\tredirect_uri: redirectUri\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(tokenParam),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token,\n\t\t\tnonce\n\t\t})\n\t}\n\n\tprivate async handleOIDCWebMsgResponse(\n\t\tres: OIDCWebMessageResponse,\n\t\tnonce: string,\n\t\t// 只有 PKCE 会用下面两个参数\n\t\tredirectUri?: string,\n\t\tcodeVerifier?: string\n\t) {\n\t\tif (this.options.useImplicitMode) {\n\t\t\t// implicit flow\n\t\t\tif (\n\t\t\t\t(this.options.implicitResponseType.includes('token') &&\n typeof res.accessToken !== 'string') ||\n (this.options.implicitResponseType.includes('id_token') &&\n typeof res.idToken !== 'string')\n\t\t\t) {\n\t\t\t\tthrow new Error('无效的 Token 返回值')\n\t\t\t}\n\n\t\t\treturn this.saveLoginState({\n\t\t\t\taccessToken: res.accessToken,\n\t\t\t\tidToken: res.idToken,\n\t\t\t\trefreshToken: res.refreshToken,\n\t\t\t\tnonce\n\t\t\t})\n\t\t}\n\n\t\t// PKCE code flow\n\t\tif (typeof res.code !== 'string') {\n\t\t\tthrow new Error('无效的 Code 返回值')\n\t\t}\n\n\t\tif (!redirectUri || !codeVerifier) {\n\t\t\t// should never happen\n\t\t\tthrow new Error()\n\t\t}\n\n\t\treturn this.exchangeToken(res.code, redirectUri, codeVerifier, nonce)\n\t}\n\n\tprivate resolveCallbackParams() {\n\t\tconst paramSource: string =\n this.options.redirectResponseMode === 'fragment'\n \t? window.location.hash\n \t: window.location.search\n\t\tif (!paramSource) {\n\t\t\treturn null\n\t\t}\n\n\t\tconst paramDict: StrDict = Object.create(null)\n\t\tparamSource\n\t\t\t.substring(1)\n\t\t\t.split('&')\n\t\t\t.forEach(item => {\n\t\t\t\tconst [key, val] = item.split('=')\n\t\t\t\tparamDict[key] = val\n\t\t\t})\n\n\t\treturn paramDict\n\t}\n}\n"],"names":["axiosPromiseWrapper","p","_d","e_1","isAxiosError","_b","response","_a","data","error","_c","error_description","Error","concat","axiosGet","url","options","_options","mergeOptions","axios","get","axiosPost","post","Object","assign","headers","STORAGE_KEY_PREFIX","InMemoryStorageProvider","this","storage","create","prototype","key","put","value","delete","LocalStorageProvider","jsonItem","localStorage","getItem","JSON","parse","setItem","stringify","removeItem","NullStorageProvider","SessionStorageProvider","sessionStorage","createQueryParams","params","keys","filter","k","undefined","map","encodeURIComponent","join","loginStateKey","appId","transactionKey","state","getCrypto","window","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","length","charset","Array","from","getRandomValues","Uint8Array","v","string2Buf","str","buffer","i","push","charCodeAt","genPKCEPair","algorithm","codeVerifier","digest","hash","sent","codeChallenge","ie11SafeInput","binary","byteLength","String","fromCharCode","base64","btoa","charMapping","replace","ch","buf2Base64Url","parseToken","token","split","header","body","headerObj","atob","enc","decodeURIComponent","c","toString","slice","Authing","domain","matchRes","exec","domainC14n","useImplicitMode","loginStateProvider","console","warn","transactionProvider","implicitResponseType","redirectResponseMode","popupWidth","popupHeight","scope","_e","getLoginStateWithRedirect","nonce","redirectUri","location","origin","redirect_uri","response_mode","response_type","client_id","code_challenge","code_challenge_method","getLoginState","ignoreCache","state_1","expireAt","Date","now","introspectAccessToken","accessToken","active","globalMsgListener","crossOriginIsolated","redirectUrl","prompt","iframe","document","createElement","hidden","width","height","src","navigator","userAgent","indexOf","appendChild","append","Promise","race","listenToPostMessage","resolve","setTimeout","res","removeEventListener","remove","errorDesc","handleOIDCWebMsgResponse","loginWithRedirect","forced","login_page_context","__assign","redirectToOriginalUri","originalUri","href","customState","isRedirectCallback","resolveCallbackParams","handleRedirectCallback","paramDict","tx","code","exchangeToken","idToken","id_token","access_token","includes","saveLoginState","result","loginWithPopup","win","open","handle","setInterval","closed","clearInterval","getUserInfo","Authorization","userPoolId","apiCode","message","statusCode","logoutWithRedirect","loginState","id_token_hint","logoutRedirectUri","post_logout_redirect_uri","refreshToken","grant_type","refresh_token","tokenRes","reject","msgEventListener","msgEvent","_this","type","addEventListener","timestamp","parsedIdToken","exp","parsedAccessToken","tokenParam","code_verifier","paramSource","search","substring","forEach","item","val"],"mappings":"ojDAQA,SAAeA,EAAoBC,iHAE1B,6BAAA,CAAA,EAAMA,GAAb,KAAA,EAAA,MAAA,CAAA,EAAOC,iBAEP,cAAiBC,EAPTC,eAQwB,QAA3BC,EAAa,UAAZF,EAAEG,gBAAU,IAAAC,OAAA,EAAAA,EAAAC,YAAc,IAAAH,OAAA,EAAAA,EAAAI,OAG9B,MADMC,EAA+BP,EAAEG,SAAUE,KAAzCC,EAAKC,EAAAD,MAAEE,EAAiBD,EAAAC,kBAC1B,IAAIC,MAAM,aAAAC,OAAaJ,EAAU,MAAAI,OAAAF,IAGzC,MAAMR,yBAEP,CAEqB,SAAAW,EACrBC,EACAC,4EAGA,OADMC,EAAWC,EAAaF,GACvB,CAAA,EAAAhB,EAAoBmB,EAAMC,IAAIL,EAAKE,UAC1C,UAEqBI,EACrBN,EACAP,EACAQ,4EAGA,OADMC,EAAWC,EAAaF,GAC9B,CAAA,EAAOhB,EAAoBmB,EAAMG,KAAKP,EAAKP,EAAMS,UACjD,CAED,SAASC,EAAcF,GAQtB,OAPiBO,OAAOC,OAAO,CAAA,EAAIR,GAAW,CAAA,EAAI,CACjDS,eACIT,aAAO,EAAPA,EAASS,SACZ,CAAA,yBAA0B,UAC1B,4CAIH,CCjDO,IAGMC,EAAqB,UAHJ,cAGqB,KAAAb,OAFpB,KCE/Bc,EAAA,WAAA,SAAAA,IACkBC,KAAAC,QAAUN,OAAOO,OAAO,KAazC,CAAD,OAXCH,EAAGI,UAAAX,IAAH,SAAIY,SACH,OAA4B,QAArBzB,EAAAqB,KAAKC,QAAQG,UAAQ,IAAAzB,EAAAA,EAAA,MAG7BoB,EAAAI,UAAAE,IAAA,SAAID,EAAaE,GAChBN,KAAKC,QAAQG,GAAOE,GAGrBP,EAAMI,UAAAI,OAAN,SAAOH,UACCJ,KAAKC,QAAQG,IAErBL,CAAD,ICdAS,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGL,UAAAX,IAAH,SAAIY,GACH,IAAMK,EAAWC,aAAaC,QAAQP,GACtC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBD,EAAAL,UAAAE,IAAA,SAAID,EAAaE,GAChBI,aAAaI,QAAQV,EAAKQ,KAAKG,UAAUT,KAG1CE,EAAML,UAAAI,OAAN,SAAOH,GACNM,aAAaM,WAAWZ,IAEzBI,CAAD,IChBAS,EAAA,WAAA,SAAAA,IAYC,CAAD,OAXCA,EAAAd,UAAAX,IAAA,WACC,OAAO,MAGRyB,EAAAd,UAAAE,IAAA,aAIAY,EAAAd,UAAAI,OAAA,aAGAU,CAAD,ICZAC,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGf,UAAAX,IAAH,SAAIY,GACH,IAAMK,EAAWU,eAAeR,QAAQP,GACxC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBS,EAAAf,UAAAE,IAAA,SAAID,EAAaE,GAChBa,eAAeL,QAAQV,EAAKQ,KAAKG,UAAUT,KAG5CY,EAAMf,UAAAI,OAAN,SAAOH,GACNe,eAAeH,WAAWZ,IAE3Bc,CAAD,IChBM,SAAUE,EAAkBC,GACjC,OAAO1B,OAAO2B,KAAKD,GACjBE,QAAO,SAAAC,GAAK,OAAc,OAAdH,EAAOG,SAA6BC,IAAdJ,EAAOG,EAAgB,IACzDE,KACA,SAAAF,GAAK,OAAAG,mBAAmBH,GAAK,IAAMG,mBAAmBN,EAAOG,GAAxD,IAELI,KAAK,IACR,CAEM,SAAUC,EAAcC,GAC7B,MAAO,CAAChC,EAAoBgC,EAAO,eAAeF,KAAK,IACxD,CAEgB,SAAAG,EAAeD,EAAeE,GAC7C,MAAO,CAAClC,EAAoBgC,EAAO,KAAME,GAAOJ,KAAK,IACtD,UAEgBK,IAEf,OAAQC,OAAOC,QAAWD,OAAeE,QAC1C,UAEgBC,IACf,IAAMF,EAASF,IAEf,OAAOE,EAAOG,QAAWH,EAAeI,YACzC,CAEM,SAAUC,EAAmBC,GAClC,IAAMC,EACH,iEAIH,OAHqBC,MAAMC,KAC1BX,IAAYY,gBAAgB,IAAIC,WAAWL,KAExBf,KAAI,SAAAqB,GAAK,OAAAL,EAAQK,EAAIL,EAAQD,OAAO,IAAEb,KAAK,GAChE,CAEM,SAAUoB,EAAWC,GAE1B,IADA,IAAMC,EAAmB,GAChBC,EAAI,EAAGA,EAAIF,EAAIR,SAAUU,EACjCD,EAAOE,KAAKH,EAAII,WAAWF,IAE5B,OAAO,IAAIL,WAAWI,EACvB,CAaM,SAAgBI,EAAYC,eAAA,IAAAA,IAAAA,EAAqB,sGAGzC,OADPC,EAAehB,EAAmB,IAC3B,CAAA,EAAMH,IAAkBoB,OACpCF,EACAP,EAAWQ,YAGZ,OALME,EAAO/E,EAGZgF,OAED,CAAA,EAAO,CAAEC,cAnBV,SAAuBV,GAGtB,IAFA,IAAMW,EAAgB,IAAIf,WAAWI,GACjCY,EAAS,GACJX,EAAI,EAAGA,EAAIU,EAAcE,aAAcZ,EAC/CW,GAAUE,OAAOC,aAAaJ,EAAcV,IAE7C,IAAMe,EAAShC,OAAOiC,KAAKL,GACrBM,EAAuB,CAAE,IAAK,IAAK,IAAK,IAAK,IAAK,IACxD,OAAOF,EAAOG,QAAQ,UAAU,SAACC,GAAe,OAAAF,EAAYE,EAAZ,GACjD,CASuBC,CAAcb,GACZF,aAAYA,UACpC,CAWK,SAAUgB,EAAWC,GACtB,IAAA9F,EAAsB8F,EAAMC,MAAM,KAAjCC,EAAMhG,EAAA,GAAEiG,EAAIjG,EAAA,GACjB,SACC,MAAM,IAAIK,MAAM,gBAGjB,IAAM6F,EAAYjE,KAAKC,MAAMqB,OAAO4C,KAAKH,IACzC,GAAIE,EAAUE,IACb,MAAM,IAAI/F,MACT,mDAeF,OAXA4F,EAAOA,EAAKP,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC7CO,EAAOI,mBACN9C,OACE4C,KAAKF,GACLF,MAAM,IACNhD,KAAI,SAAUuD,GACd,MAAO,KAAO,KAAOA,EAAE5B,WAAW,GAAG6B,SAAS,KAAKC,OAAO,EAC3D,IACCvD,KAAK,KAGD,CACN+C,OAAQE,EACRD,KAAMhE,KAAKC,MAAM+D,GAEnB,CChEA,IAAAQ,EAAA,WAQC,SAAAA,EAAYhG,iBAIX,GAHAY,KAAKZ,QAAUA,EACfY,KAAKqF,ODiBD,SAAqBA,SAEpBC,EADY,qEACSC,KAAKF,GAChC,GAAIC,GAAYA,EAAS,GACxB,MAAO,GAAGrG,OAAW,QAAXN,EAAA2G,EAAS,UAAE,IAAA3G,EAAAA,EAAI,YAAUM,OAAGqG,EAAS,IAEhD,MAAMtG,MAAM,YAAAC,OAAYoG,GACzB,CCxBgBG,CAAWxF,KAAKZ,QAAQiG,UAEjCjG,EAAQqG,iBAAqBxD,KAAgBI,KACjD,MAAM,IAAIrD,MACT,yEAI0B,iBAAjB0B,aACVV,KAAK0F,mBAAqB,IAAIlF,GAE9BmF,QAAQC,KAAK,yBACb5F,KAAK0F,mBAAqB,IAAI3F,GAGD,iBAAnBoB,eACVnB,KAAK6F,oBAAsB,IAAI3E,GAE1B9B,EAAQqG,iBACZE,QAAQC,KACP,yDAGF5F,KAAK6F,oBAAsB,IAAI5E,GAGhC7B,EAAQ0G,qBACwB,QAA5BnH,EAAAS,EAAQ0G,4BAAoB,IAAAnH,EAAAA,EAAI,iBACpCS,EAAQ2G,qBAAuD,QAAhCtH,EAAAW,EAAQ2G,4BAAwB,IAAAtH,EAAAA,EAAA,WAC/DW,EAAQ4G,WAAmC,QAAtBlH,EAAAM,EAAQ4G,kBAAc,IAAAlH,EAAAA,EN3EV,IM4EjCM,EAAQ6G,YAAqC,QAAvB3H,EAAAc,EAAQ6G,mBAAe,IAAA3H,EAAAA,EN3EX,IM4ElCc,EAAQ8G,MAAyB,QAAjBC,EAAA/G,EAAQ8G,aAAS,IAAAC,EAAAA,EN1EN,gBM2E3B,CAqyBF,OAnyBOf,EAAAjF,UAAAiG,0BAAN,+HAkBK,OAjBEpE,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAC3B8D,EAAsC,QAAxB3H,EAAAqB,KAAKZ,QAAQkH,mBAAW,IAAA3H,EAAAA,EAAIuD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAcH,EACdI,cAAe1G,KAAKZ,QAAQ2G,sBAAwB,QACpDY,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKZ,QAAQ8G,OAIhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKZ,QAAQ0C,MAAOE,GACnC,CACCwB,aAAYA,EACZxB,MAAKA,EACLsE,YAAWA,EACXD,MAAKA,mBANPvH,EAAA6E,OAUAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,eAE/C,EAUK+D,EAAajF,UAAA4G,cAAnB,SACC3H,qBAAA,IAAAA,IAAAA,EAEQ,CAAA,gHAGJ,OAACA,EAAQ4H,YAAW,CAAA,EAAA,GACT,CAAA,EAAMhH,KAAK0F,mBAAmBlG,IAC3CqC,EAAc7B,KAAKZ,QAAQ0C,gBAExB,OAHEmF,EAAQnI,EAEb6E,SACYsD,EAAMC,UAAYD,EAAMC,SAAWC,KAAKC,MAC/CpH,KAAKZ,QAAQiI,uBAA0BJ,EAAMK,YAI3B,CAAA,EAAA7H,EACtB,GAAGR,OAAAe,KAAKqF,OAAM,6BACdjE,EAAkB,CACjBwF,UAAW5G,KAAKZ,QAAQ0C,MACxB2C,MAAOwC,EAAMK,cAEd,CACCzH,QAAS,CACR,eAAgB,wCAXlB,CAAA,EAAOoH,GAFiD,CAAA,EAAA,UAkBzD,IAAoB,IAbHnI,EAWhB6E,OAXW/E,KAaH2I,OACR,MAAA,CAAA,EAAON,oBAMV,MAAA,CAAA,EAAMjH,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAGhE,GAHAhD,EAAA6E,YAG+BlC,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIxI,MNjKX,4BMqKA,OAFAgB,KAAKwH,kBAAoB,KAErBtF,OAAOuF,qBAEV9B,QAAQC,KAAK,wBACb,CAAA,EAAO,QAGF5D,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BkF,EAAsC,QAAxB/I,EAAAqB,KAAKZ,QAAQkH,mBAAW,IAAA3H,EAAAA,EAAIuD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAciB,EACdhB,cAAe,cACfC,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLsB,OAAQ,OACRzB,MAAOlG,KAAKZ,QAAQ8G,OAGhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,aAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAepB,OAZNc,EAASC,SAASC,cAAc,WAE/BC,QAAS,EAChBH,EAAOI,MAAQJ,EAAOK,OAAS,IAE/BL,EAAOM,IAAM,GAAAjJ,OAAGe,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,IDvG3Da,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,GAC3CnG,OAAOiG,UAAUC,UAAUC,QAAQ,YAAc,GAChDnG,OAAOiG,UAAUC,UAAUC,QAAQ,OAAS,GAC9CnG,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,ECsG/CR,SAASjD,KAAK0D,YAAYV,GAE1BC,SAASjD,KAAK2D,OAAOX,GAGJ,CAAA,EAAAY,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,OAAAC,YAAW,WAAM,OAAAD,EAAQ,KAAR,GN3N4B,IM2N7C,cAWF,GAdME,EAAM/J,EAKV6E,OAEE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,EAEzBmG,EAAOmB,SAEK,OAARF,EAEH,OADAlD,QAAQC,KAAK,WACb,CAAA,EAAO,MAGR,GAAIiD,EAAIhK,MAQP,MAPkB,mBAAdgK,EAAIhK,MACP8G,QAAQC,KACP,4BAAA3G,OAA4B4J,EAAIhK,MAAK,wBAAAI,OAAuB4J,EAAIG,YAGjErD,QAAQC,KAAK,SAEd,CAAA,EAAO,MAGR,GAAIiD,EAAI7G,QAAUA,EACjB,MAAM,IAAIhD,MAAM,cAGjB,MAAA,CAAA,EAAOgB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOqB,EAAalE,UAC9D,EAUK4B,EAAiBjF,UAAA+I,kBAAvB,SACC9J,qBAAA,IAAAA,IAAAA,EAMQ,CAAA,0GAGR,KADMkH,EAAclH,EAAQkH,aAAetG,KAAKZ,QAAQkH,aAEvD,MAAM,IAAItH,MAAM,qBAuBb,OApBEgD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,OACLoF,aAAcH,EACdI,cAAe1G,KAAKZ,QAAQ2G,qBAC5BY,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKZ,QAAQ8G,OAChB9G,EAAQ+J,QAAU,CAAExB,OAAQ,UAC5BvI,EAAQgK,oBAAsB,CACjCA,mBAAoBhK,EAAQgK,qBAKzBpJ,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKZ,QAAQ0C,MAAOE,GAAMqH,EAAAA,EAAA,CAExC7F,aAAYA,EACZxB,MAAKA,EACLsE,cACAD,MAAKA,GACDrG,KAAKZ,QAAQkK,uBAAyB,CACzCC,oBAAa5K,EAAAS,EAAQmK,2BAAerH,OAAOqE,SAASiD,YAEzB/H,IAAxBrC,EAAQqK,aAA6B,CACxCA,YAAarK,EAAQqK,8BAXxB3K,EAAA6E,OAgBAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,eAE/C,EAKD+D,EAAAjF,UAAAuJ,mBAAA,WACC,IAAMrI,EAASrB,KAAK2J,wBAEpB,QAAKtI,MAIDA,EAAc,QAIdrB,KAAKZ,QAAQqG,mBACNpE,EAAqB,eAAKA,EAAiB,YAE5CA,EAAa,QAOlB+D,EAAAjF,UAAAyJ,uBAAN,+HAEC,KADMC,EAAY7J,KAAK2J,yBAEtB,MAAM,IAAI3K,MAAM,aAGjB,GAAI6K,EAAUhL,MACb,MAAM,IAAIG,MACT,eAAAC,OAAe4K,EAAUhL,MAAK,wBAAAI,OAAuB4K,EAAU9K,oBAQjE,KADQiD,EAAU6H,EAAS7H,OAE1B,MAAM,IAAIhD,MAAM,uBAEN,MAAA,CAAA,EAAMgB,KAAK6F,oBAAoBrG,IACzCuC,EAAe/B,KAAKZ,QAAQ0C,MAAOE,YAEhC,OAHE8H,EAAKnL,EAEVgF,QAEA,CAAA,EAAM3D,KAAK6F,oBAAoBtF,OAC9BwB,EAAe/B,KAAKZ,QAAQ0C,MAAOE,KAF/B,CAAA,EAAA,UAKL,GAJArD,EAAAgF,OAIImG,EAAG9H,QAAUA,EAChB,MAAM,IAAIhD,MAAM,cAKb,GAFJuK,EAAcO,EAAGP,YACjBE,EAAcK,EAAGL,YACZzJ,KAAKZ,QAAQqG,gBAAd,MAA6B,CAAA,EAAA,GAGhC,KADQsE,EAASF,EAASE,MAEzB,MAAM,IAAI/K,MAAM,sBAEL,MAAA,CAAA,EAAMgB,KAAKgK,cACtBD,EACAD,EAAGxD,YACEwD,EAAGtG,aACHsG,EAAGzD,eAOT,OAXMwC,EAAMlK,EAKXgF,OAEG3D,KAAKZ,QAAQkK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAOV,6BAEF,IAAK7I,KAAKZ,QAAQqG,gBACxB,MAAM,IAAIzG,MACT,wEAWF,GAPMiL,EAAUJ,EAAUK,SACpB5C,EAAcuC,EAAUM,aAIxB9D,EAAQyD,eAAAA,EAAIzD,MAGhBrG,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,WAAa9C,GACrDtH,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,cAAgBH,EAE/D,MAAM,IAAIjL,MAAM,uBAGF,MAAM,CAAA,EAAAgB,KAAKqK,eAAe,CACxCJ,QAAOA,EACP3C,YAAWA,EACXjB,MAAKA,YAON,OAVMiE,EAAS3L,EAIbgF,OAEE3D,KAAKZ,QAAQkK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAAF,EAAAA,EAAA,CAAA,EAAYiB,GAAM,CAAEb,YAAWA,WAE/B,EAQKrE,EAAcjF,UAAAoK,eAApB,SACCnL,eAAA,IAAAA,IAAAA,EAAwD,CAAA,gHAKxD,GAHMkH,EACFlH,EAAQkH,aAAetG,KAAKZ,QAAQkH,aAAepE,OAAOqE,SAASC,YAExC/E,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIxI,MNtbX,4BM0bA,GAFAgB,KAAKwH,kBAAoB,KAErBtF,OAAOuF,oBAEV,MAAM,IAAIzI,MN1bX,kDM8cI,OAjBEgD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,EACLgI,EAAAA,EAAA,CAAA5C,aAAcH,EACdI,cAAe,cACfC,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,SACIjH,EAAQ+J,QAAU,CAAExB,OAAQ,UAChC,CAAAzB,MAAOlG,KAAKZ,QAAQ8G,QAIhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C3E,EAAqCF,SAAnCmF,EAAajF,EAAAiF,cAAgBb,EAACpE,EAAA6E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAShC,GANM3H,EAAM,GAAGF,OAAAe,KAAKqF,OAAoB,eAAApG,OAAAmC,EAAkBC,MACpDmJ,EAAMtI,OAAOuI,KAClBtL,EACA,2BACA,eAAeF,OAAAe,KAAKZ,QAAQ4G,WAAU,YAAA/G,OAAWe,KAAKZ,QAAQ6G,eAG9D,MAAM,IAAIjH,MAAM,UAGL,MAAM,CAAA,EAAAwJ,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,IAAM+B,EAASC,aAAY,WACtBH,EAAII,SACPC,cAAcH,GAEd9B,YAAW,WAAM,OAAAD,EAAQ,KAAK,GAAE,KAEjC,GAAE,IACJ,cAOD,GAjBME,EAAMpK,EAWVkF,OACE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,GAEpBoH,EAEJ,MAAA,CAAA,EAAO,MAGR,GAAIA,EAAIhK,MACP,MAAM,IAAIG,MACT,yBAAAC,OAAyB4J,EAAIhK,MAAK,wBAAAI,OAAuB4J,EAAIG,YAI/D,GAAIH,EAAI7G,QAAUA,EACjB,MAAM,IAAIhD,MAAM,cAGjB,MAAA,CAAA,EAAOgB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOC,EAAa9C,UAC9D,EAwFK4B,EAAWjF,UAAA2K,YAAjB,SACC1L,uBAAA,IAAAA,IAAAA,EAEQ,CAAA,gGAGJ,OAAmB,QAAnBT,EAAAS,EAAQkI,mBAAW,IAAA3I,EAAA,CAAA,EAAA,eAAK,KAAA,EAAA,MAAA,CAAA,EAAMqB,KAAK+G,wBAAZjI,EAA4B,UAA3BR,EAAAqF,cAA2B,IAAAlF,OAAA,EAAAA,EAAE6I,6BACzD,KAFMA,EAC8DxI,GAEnE,MAAM,IAAIE,MAAM,0BAGA,MAAA,CAAA,EAAME,EAAS,GAAAD,OAAGe,KAAKqF,8BAA6B,CACpExF,QAAS,CACRkL,cAAe,UAAU9L,OAAAqI,GACzB,wBAAyBtH,KAAKZ,QAAQ4L,sBAIxC,OAPQpM,EAASN,EAKfqF,OALU/E,MAOHA,KACD,CAAA,EAAAA,EAAKA,MAGN,CAAA,EAAA,CACNqM,QAASrM,EAAKqM,QACdC,QAAStM,EAAKsM,QACdC,WAAYvM,EAAKuM,mBAElB,EAQK/F,EAAkBjF,UAAAiL,mBAAxB,SACChM,qBAAA,IAAAA,IAAAA,EAGQ,CAAA,yFAEW,KAAA,EAAA,MAAA,CAAA,EAAMY,KAAK0F,mBAAmBlG,IAChDqC,EAAc7B,KAAKZ,QAAQ0C,gBAE5B,OAHMuJ,EAAa5M,EAElBkF,QAID,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,SAFzD,CAAA,UAeP,OAbArD,EAAAkF,OAEMtC,EAA0B,CAC/BiK,cAAeD,EAAWpB,UAGrBsB,EACqB,QAAvB5M,EAAAS,EAAQkH,mBAAe,IAAA3H,EAAAA,EAAAqB,KAAKZ,QAAQmM,qBAEvClK,EAAOmK,yBAA2BD,EAClClK,EAAOW,MAAQ5C,EAAQ4C,OAGxB,CAAA,EAAMhC,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAKhE,OALArD,EAAAkF,OAEAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,sBAAApG,OAAqBmC,EAAkBC,KAEhD,CAAA,SACN,EAMK+D,EAAAjF,UAAAsL,aAAN,wGACe,KAAA,EAAA,MAAA,CAAA,EAAMzL,KAAK0F,mBAAmBlG,IAC3CqC,EAAc7B,KAAKZ,QAAQ0C,gBAE5B,KAAKE,OAHCA,EAAQrD,EAEbgF,eACI3B,EAAOyJ,cACX,MAAM,IAAIzM,MACT,yDAS0B,OANtBJ,EAAO,CACZ8M,WAAY,gBACZjF,aAAc,GACdkF,cAAe3J,EAAMyJ,cAGM,CAAA,EAAMhM,EACjC,GAAGR,OAAAe,KAAKqF,OAAmB,eAC3BjE,EAAkBxC,GAClB,CACCiB,QAAS,CACR,eAAgB,oCAChB,mBAAoBG,KAAKZ,QAAQ0C,iBAMpC,OAZc8J,EAAcjN,EAS3BgF,OATqB/E,KAYtB,CAAA,EAAMoB,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAEhE,OAFAnD,EAAAgF,OAEO,CAAA,EAAA3D,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,uBAExB,EAEavG,EAAmBjF,UAAAuI,oBAAjC,SAAkC1G,iFACjC,MAAA,CAAA,EAAO,IAAIwG,SAAgC,SAACG,EAASkD,GACpD,IAAMC,EAAmB,SAACC,SACzB,GACCA,EAASvF,SAAWwF,EAAK3G,QACI,oCAAxB1G,EAAAoN,EAASnN,2BAAMqN,MAFrB,CAOA/J,OAAO4G,oBAAoB,UAAWgD,GACtCE,EAAKxE,uBAAoB/F,EAEjB,IAAA/C,EAAaqN,EAASnN,cAC9B,OAAKF,GAAYA,EAASsD,QAAUA,EAIhCtD,EAASG,MACL8J,EAAQ,CACd9J,MAAOH,EAASG,MAChBmK,UAAWtK,EAASK,oBAIf4J,EAAQ,CACdrB,YAAa5I,EAASyL,aACtBF,QAASvL,EAASwL,SAClBuB,aAAc/M,EAASiN,cACvB5B,KAAMrL,EAASqL,KACf/H,MAAOtD,EAASsD,QAfT6J,EAAO,IAAI7M,MAAM,aAPxB,CAwBF,EAEAgN,EAAKxE,kBAAoBsE,EACzB5J,OAAOgK,iBAAiB,UAAWJ,EACnC,UACD,EAEa1G,EAAcjF,UAAAkK,eAA5B,SAA6BhJ,6GAc5B,GARQiG,EAAuCjG,EAA5BiG,YAAE2C,EAA0B5I,EAAM4I,QAAvBwB,EAAiBpK,eACzCgK,EAAyB,CAC9B/D,YAAaA,EACb2C,QAASA,EACTwB,aAAcA,EACdU,UAAWhF,KAAKC,OAGb6C,IACGmC,EAAyB5H,EAAWyF,GAASrF,KACnDyG,EAAWe,cAAgBA,EAC3Bf,EAAWnE,SAA+B,IAApBkF,EAAcC,IAEhChL,EAAOgF,OAAS+F,EAAc/F,QAAUhF,EAAOgF,OAClD,MAAM,IAAIrH,MAAM,cAUlB,OANIsI,IACGgF,EAAiC9H,EAAW8C,GAAa1C,KAC/DyG,EAAWiB,kBAAoBA,EAC/BjB,EAAWnE,SAAmC,IAAxBoF,EAAkBD,KAGzC,CAAA,EAAMrM,KAAK0F,mBAAmBrF,IAC7BwB,EAAc7B,KAAKZ,QAAQ0C,OAC3BuJ,WAED,OAJA1M,EAAAgF,OAIA,CAAA,EAAO0H,SACP,EAEajG,EAAajF,UAAA6J,cAA3B,SACCD,EACAzD,EACA9C,EACA6C,qGAU4B,OARtBkG,EAA8B,CACnCb,WAAY,qBACZ3B,KAAIA,EACJyC,cAAehJ,EACfoD,UAAW5G,KAAKZ,QAAQ0C,MACxB2E,aAAcH,GAGa,CAAA,EAAM7G,EACjC,GAAGR,OAAAe,KAAKqF,OAAmB,eAC3BjE,EAAkBmL,GAClB,CACC1M,QAAS,CACR,eAAgB,+CAKnB,OAVc+L,EAAcjN,EAQ3BgF,OARqB/E,KAUf,CAAA,EAAAoB,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,cACvBtF,MAAKA,WAEN,EAEajB,EAAAjF,UAAA8I,yBAAd,SACCJ,EACAxC,EAEAC,EACA9C,sEAEA,GAAIxD,KAAKZ,QAAQqG,gBAAiB,CAEjC,GACEzF,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,UACX,iBAApBvB,EAAIvB,aACZtH,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,aACnB,iBAAhBvB,EAAIoB,QAEjB,MAAM,IAAIjL,MAAM,iBAGjB,MAAO,CAAA,EAAAgB,KAAKqK,eAAe,CAC1B/C,YAAauB,EAAIvB,YACjB2C,QAASpB,EAAIoB,QACbwB,aAAc5C,EAAI4C,aAClBpF,MAAKA,IAEN,CAGD,GAAwB,iBAAbwC,EAAIkB,KACd,MAAM,IAAI/K,MAAM,gBAGjB,IAAKsH,IAAgB9C,EAEpB,MAAM,IAAIxE,MAGX,MAAA,CAAA,EAAOgB,KAAKgK,cAAcnB,EAAIkB,KAAMzD,EAAa9C,EAAc6C,SAC/D,EAEOjB,EAAAjF,UAAAwJ,sBAAR,WACC,IAAM8C,EACoC,aAAtCzM,KAAKZ,QAAQ2G,qBACV7D,OAAOqE,SAAS7C,KAChBxB,OAAOqE,SAASmG,OACvB,IAAKD,EACJ,OAAO,KAGR,IAAM5C,EAAqBlK,OAAOO,OAAO,MASzC,OARAuM,EACEE,UAAU,GACVjI,MAAM,KACNkI,SAAQ,SAAAC,GACF,IAAAlO,EAAakO,EAAKnI,MAAM,KAAvBtE,EAAGzB,EAAA,GAAEmO,OACZjD,EAAUzJ,GAAO0M,CAClB,IAEMjD,GAERzE,CAAD"} | ||
| {"version":3,"file":"index.esm.js","sources":["../../src/axios.ts","../../src/constants.ts","../../src/storage/InMemoryStorgeProvider.ts","../../src/storage/LocalStorageProvider.ts","../../src/storage/NullStorageProvider.ts","../../src/storage/SessionStorageProvider.ts","../../src/utils.ts","../../src/Authing.ts"],"sourcesContent":["import axios, { AxiosError, AxiosRequestConfig } from 'axios'\n\nimport { version } from '../package.json'\n\nfunction isAxiosError(e: any): e is AxiosError {\n\treturn e.isAxiosError\n}\n\nasync function axiosPromiseWrapper(p: Promise<any>) {\n\ttry {\n\t\treturn await p\n\t} catch (e) {\n\t\tif (isAxiosError(e)) {\n\t\t\tif ((e.response?.data as any)?.error) {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n\t\t\t\tconst { error, error_description } = e.response!.data as any\n\t\t\t\tthrow new Error(`认证服务器返回错误 ${error}: ${error_description}`)\n\t\t\t}\n\t\t}\n\t\tthrow e\n\t}\n}\n\nexport async function axiosGet(\n\turl: string,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.get(url, _options))\n}\n\nexport async function axiosPost(\n\turl: string,\n\tdata?: any,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.post(url, data, _options))\n}\n\nfunction mergeOptions (options?: AxiosRequestConfig<string>): AxiosRequestConfig {\n\tconst _options = Object.assign({}, options || {}, {\n\t\theaders: {\n\t\t\t...options?.headers,\n\t\t\t'x-authing-request-from': 'sdk-web',\n\t\t\t'x-authing-sdk-version': version\n\t\t}\n\t})\n\treturn _options\n}\n","export const SDK_IDENTIFIER = 'authing-spa'\nexport const STORAGE_VERSION = '1'\n\nexport const STORAGE_KEY_PREFIX = `${SDK_IDENTIFIER}:${STORAGE_VERSION}`\n\nexport const DEFAULT_IFRAME_LOGINSTATE_TIMEOUT = 5000\n\nexport const DEFAULT_POPUP_WIDTH = 800\nexport const DEFAULT_POPUP_HEIGHT = 600\n\nexport const DEFAULT_SCOPE = 'openid profile'\n\nexport const MSG_PENDING_AUTHZ =\n '另一个认证流程正在进行中,请不要同时发起多个认证'\nexport const MSG_CROSS_ORIGIN_ISOLATED =\n '当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect'\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class InMemoryStorageProvider<T> implements StorageProvider<T> {\n\tprivate readonly storage = Object.create(null)\n\n\tget(key: string): MayBePromise<T | null> {\n\t\treturn this.storage[key] ?? null\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tthis.storage[key] = value\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tdelete this.storage[key]\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class LocalStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = localStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tlocalStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tlocalStorage.removeItem(key)\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class NullStorageProvider<T> implements StorageProvider<T> {\n\tget(): MayBePromise<T | null> {\n\t\treturn null\n\t}\n\n\tput(): MayBePromise<void> {\n\t\t// null\n\t}\n\n\tdelete(): MayBePromise<void> {\n\t\t// null\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class SessionStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = sessionStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tsessionStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tsessionStorage.removeItem(key)\n\t}\n}\n","import { STORAGE_KEY_PREFIX } from './constants'\nimport { StrDict } from './types'\n\nexport function createQueryParams(params: any) {\n\treturn Object.keys(params)\n\t\t.filter(k => params[k] !== null && params[k] !== undefined)\n\t\t.map(\n\t\t\tk => encodeURIComponent(k) + '=' + encodeURIComponent(params[k] as string)\n\t\t)\n\t\t.join('&')\n}\n\nexport function loginStateKey(appId: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'login-state'].join(':')\n}\n\nexport function transactionKey(appId: string, state: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'tx', state].join(':')\n}\n\nexport function getCrypto() {\n\t//ie 11.x uses msCrypto\n\treturn (window.crypto || (window as any).msCrypto) as Crypto\n}\n\nexport function getCryptoSubtle() {\n\tconst crypto = getCrypto()\n\t//safari 10.x uses webkitSubtle\n\treturn crypto.subtle || (crypto as any).webkitSubtle\n}\n\nexport function createRandomString(length: number) {\n\tconst charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'\n\tconst randomValues = Array.from(\n\t\tgetCrypto().getRandomValues(new Uint8Array(length))\n\t)\n\treturn randomValues.map(v => charset[v % charset.length]).join('')\n}\n\nexport function string2Buf(str: string) {\n\tconst buffer: number[] = []\n\tfor (let i = 0; i < str.length; ++i) {\n\t\tbuffer.push(str.charCodeAt(i))\n\t}\n\treturn new Uint8Array(buffer)\n}\n\nfunction buf2Base64Url(buffer: ArrayBuffer) {\n\tconst ie11SafeInput = new Uint8Array(buffer)\n\tlet binary = ''\n\tfor (let i = 0; i < ie11SafeInput.byteLength; ++i) {\n\t\tbinary += String.fromCharCode(ie11SafeInput[i])\n\t}\n\tconst base64 = window.btoa(binary)\n\tconst charMapping: StrDict = { '+': '-', '/': '_', '=': '' }\n\treturn base64.replace(/[+/=]/g, (ch: string) => charMapping[ch])\n}\n\nexport async function genPKCEPair(algorithm = 'SHA-256') {\n\t// 规定最少 43 个字符\n\tconst codeVerifier = createRandomString(43)\n\tconst hash = await getCryptoSubtle().digest(\n\t\talgorithm,\n\t\tstring2Buf(codeVerifier)\n\t)\n\tconst codeChallenge = buf2Base64Url(hash)\n\treturn { codeChallenge, codeVerifier }\n}\n\nexport function domainC14n(domain: string) {\n\tconst domainExp = /^(((?:http)|(?:https)):\\/\\/)?((?:[\\w-_]+)(?:\\.[\\w-_]+)+)(?:\\/.*)?$/\n\tconst matchRes = domainExp.exec(domain)\n\tif (matchRes && matchRes[3]) {\n\t\treturn `${matchRes[1] ?? 'https://'}${matchRes[3]}`\n\t}\n\tthrow Error(`无效的域名配置: ${domain}`)\n}\n\nexport function parseToken(token: string) {\n\tlet [header, body, sig] = token.split('.')\n\tif (!sig) {\n\t\tthrow new Error('无效的 Token 格式')\n\t}\n\n\tconst headerObj = JSON.parse(window.atob(header))\n\tif (headerObj.enc) {\n\t\tthrow new Error(\n\t\t\t'本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能'\n\t\t)\n\t}\n\n\tbody = body.replace(/-/g, '+').replace(/_/g, '/')\n\tbody = decodeURIComponent(\n\t\twindow\n\t\t\t.atob(body)\n\t\t\t.split('')\n\t\t\t.map(function (c) {\n\t\t\t\treturn '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)\n\t\t\t})\n\t\t\t.join('')\n\t)\n\n\treturn {\n\t\theader: headerObj,\n\t\tbody: JSON.parse(body)\n\t}\n}\n\nexport function isIE() {\n\tif (\n\t\twindow.navigator.userAgent.indexOf('MSIE') >= 1 ||\n (window.navigator.userAgent.indexOf('Trident') >= 1 &&\n window.navigator.userAgent.indexOf('rv') >= 1) ||\n window.navigator.userAgent.indexOf('Edge') >= 1\n\t) {\n\t\treturn true\n\t}\n\n\treturn false\n}\n","import { axiosGet, axiosPost } from './axios'\nimport {\n\tDEFAULT_IFRAME_LOGINSTATE_TIMEOUT,\n\tDEFAULT_POPUP_HEIGHT,\n\tDEFAULT_POPUP_WIDTH,\n\tDEFAULT_SCOPE,\n\tMSG_CROSS_ORIGIN_ISOLATED,\n\tMSG_PENDING_AUTHZ\n} from './constants'\nimport {\n\tAuthingSPAInitOptions,\n\tLoginState,\n\tIDToken,\n\tAccessToken,\n\tLoginTransaction,\n\tAuthzURLParams,\n\tOIDCWebMessageResponse,\n\tPKCETokenParams,\n\tOIDCTokenResponse,\n\tLoginStateWithCustomStateData,\n\tLogoutURLParams,\n\tIUserInfo,\n\tNormalError\n} from './global'\nimport { InMemoryStorageProvider } from './storage/InMemoryStorgeProvider'\nimport { StorageProvider } from './storage/interface'\nimport { LocalStorageProvider } from './storage/LocalStorageProvider'\nimport { NullStorageProvider } from './storage/NullStorageProvider'\nimport { SessionStorageProvider } from './storage/SessionStorageProvider'\nimport { EncryptType, MsgListener, PassCodeLoginOptions, PasswordLoginOptions, StrDict } from './types'\nimport {\n\tcreateQueryParams,\n\tcreateRandomString,\n\tdomainC14n,\n\tgenPKCEPair,\n\tgetCrypto,\n\tgetCryptoSubtle,\n\tisIE,\n\tloginStateKey,\n\tparseToken,\n\ttransactionKey\n} from './utils'\n\nexport class Authing {\n\tprivate globalMsgListener: MsgListener | null | undefined\n\n\tprivate readonly options: Required<AuthingSPAInitOptions>\n\tprivate readonly loginStateProvider: StorageProvider<LoginState>\n\tprivate readonly transactionProvider: StorageProvider<LoginTransaction>\n\tprivate readonly domain: string\n\n\tconstructor(options: AuthingSPAInitOptions) {\n\t\tthis.options = options as any\n\t\tthis.domain = domainC14n(this.options.domain)\n\n\t\tif (!options.useImplicitMode && (!getCrypto() || !getCryptoSubtle())) {\n\t\t\tthrow new Error(\n\t\t\t\t'PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true'\n\t\t\t)\n\t\t}\n\n\t\tif (typeof localStorage === 'object') {\n\t\t\tthis.loginStateProvider = new LocalStorageProvider()\n\t\t} else {\n\t\t\tconsole.warn('您的浏览器版本过低,登录态存储功能将不可用')\n\t\t\tthis.loginStateProvider = new InMemoryStorageProvider()\n\t\t}\n\n\t\tif (typeof sessionStorage === 'object') {\n\t\t\tthis.transactionProvider = new SessionStorageProvider()\n\t\t} else {\n\t\t\tif (!options.useImplicitMode) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t'您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true'\n\t\t\t\t)\n\t\t\t}\n\t\t\tthis.transactionProvider = new NullStorageProvider()\n\t\t}\n\n\t\toptions.implicitResponseType =\n options.implicitResponseType ?? 'id_token token'\n\t\toptions.redirectResponseMode = options.redirectResponseMode ?? 'fragment'\n\t\toptions.popupWidth = options.popupWidth ?? DEFAULT_POPUP_WIDTH\n\t\toptions.popupHeight = options.popupHeight ?? DEFAULT_POPUP_HEIGHT\n\t\toptions.scope = options.scope ?? DEFAULT_SCOPE\n\t}\n\n\tasync getLoginStateWithRedirect() {\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tconst redirectUri = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode || 'query',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 按顺序用以下方式获取用户登录态:\n *\n * 1. 本地缓存获取\n * 2. 隐藏 iframe 获取\n *\n * @param options.ignoreCache 忽略本地缓存\n */\n\tasync getLoginState(\n\t\toptions: {\n ignoreCache?: boolean\n } = {}\n\t): Promise<null | LoginState> {\n\t\t// 1. 从 loginStateProvider 中(默认为 localStorage)获取\n\t\tif (!options.ignoreCache) {\n\t\t\tconst state = await this.loginStateProvider.get(\n\t\t\t\tloginStateKey(this.options.appId)\n\t\t\t)\n\t\t\tif (state && state.expireAt && state.expireAt > Date.now()) {\n\t\t\t\tif (!this.options.introspectAccessToken || !state.accessToken) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\n\t\t\t\tconst { data } = await axiosPost(\n\t\t\t\t\t`${this.domain}/oidc/token/introspection`,\n\t\t\t\t\tcreateQueryParams({\n\t\t\t\t\t\tclient_id: this.options.appId,\n\t\t\t\t\t\ttoken: state.accessToken\n\t\t\t\t\t}),\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t)\n\n\t\t\t\tif (data.active === true) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\t// 2. 用隐藏 iframe 获取\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tconsole.warn('当前页面运行在隔离模式下,无法获取登录态')\n\t\t\treturn null\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tlet codeVerifier: string | undefined\n\t\tconst redirectUrl = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUrl,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tprompt: 'none',\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst iframe = document.createElement('iframe')\n\t\t// iframe.title = 'postMessage() Initiator';\n\t\tiframe.hidden = true\n\t\tiframe.width = iframe.height = '0'\n\n\t\tiframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tif (isIE()) {\n\t\t\tdocument.body.appendChild(iframe)\n\t\t} else {\n\t\t\tdocument.body.append(iframe)\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve =>\n\t\t\t\tsetTimeout(() => resolve(null), DEFAULT_IFRAME_LOGINSTATE_TIMEOUT)\n\t\t\t)\n\t\t])\n\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tiframe.remove()\n\n\t\tif (res === null) {\n\t\t\tconsole.warn('登录态获取超时')\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tif (res.error !== 'login_required') {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`登录态获取失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t\t)\n\t\t\t} else {\n\t\t\t\tconsole.warn('用户未登录')\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUrl, codeVerifier)\n\t}\n\n\t/**\n * 将用户重定向到 Authing 认证端点进行登录,需要配合 handleRedirectCallback 使用\n *\n * @param options.redirectUri 回调地址,默认为初始化参数中的 redirectUri\n * @param options.originalUri 发起登录的 URL,若设置了 redirectToOriginalUri 会在登录结束后重定向回到此页面,默认为当前 URL\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n * @param options.customState 自定义的中间状态,会被传递到回调端点\n */\n\tasync loginWithRedirect(\n\t\toptions: {\n redirectUri?: string\n originalUri?: string\n forced?: boolean\n customState?: any\n login_page_context?: string\n } = {}\n\t): Promise<void> {\n\t\tconst redirectUri = options.redirectUri || this.options.redirectUri\n\t\tif (!redirectUri) {\n\t\t\tthrow new Error('必须设置 redirect_uri')\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode,\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\t...(options.login_page_context && {\n\t\t\t\tlogin_page_context: options.login_page_context\n\t\t\t})\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce,\n\t\t\t\t...(this.options.redirectToOriginalUri && {\n\t\t\t\t\toriginalUri: options.originalUri ?? window.location.href\n\t\t\t\t}),\n\t\t\t\t...(options.customState !== undefined && {\n\t\t\t\t\tcustomState: options.customState\n\t\t\t\t})\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 判断当前 URL 是否为 Authing 登录回调 URL\n */\n\tisRedirectCallback(): boolean {\n\t\tconst params = this.resolveCallbackParams()\n\n\t\tif (!params) {\n\t\t\treturn false\n\t\t}\n\n\t\tif (params['error']) {\n\t\t\treturn true\n\t\t}\n\n\t\tif (this.options.useImplicitMode) {\n\t\t\treturn !!(params['access_token'] || params['id_token'])\n\t\t} else {\n\t\t\treturn !!params['code']\n\t\t}\n\t}\n\n\t/**\n * 在回调端点处理 Authing 发送的授权码或 token,获取用户登录态\n */\n\tasync handleRedirectCallback(): Promise<LoginStateWithCustomStateData> {\n\t\tconst paramDict = this.resolveCallbackParams()\n\t\tif (!paramDict) {\n\t\t\tthrow new Error('非法的回调 URL')\n\t\t}\n\n\t\tif (paramDict.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`认证失败, error=${paramDict.error}, error_description=${paramDict.error_description}`\n\t\t\t)\n\t\t}\n\n\t\tlet originalUri: string | undefined\n\t\tlet customState: any\n\n\t\tconst { state } = paramDict\n\t\tif (!state) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 state')\n\t\t}\n\t\tconst tx = await this.transactionProvider.get(\n\t\t\ttransactionKey(this.options.appId, state)\n\t\t)\n\t\tif (tx) {\n\t\t\tawait this.transactionProvider.delete(\n\t\t\t\ttransactionKey(this.options.appId, state)\n\t\t\t)\n\n\t\t\tif (tx.state !== state) {\n\t\t\t\tthrow new Error('state 验证失败')\n\t\t\t}\n\n\t\t\toriginalUri = tx.originalUri\n\t\t\tcustomState = tx.customState\n\t\t\tif (!this.options.useImplicitMode) {\n\t\t\t\t// PKCE code flow\n\t\t\t\tconst { code } = paramDict\n\t\t\t\tif (!code) {\n\t\t\t\t\tthrow new Error('非法的回调 URL: 缺少 code')\n\t\t\t\t}\n\t\t\t\tconst res = await this.exchangeToken(\n\t\t\t\t\tcode,\n\t\t\t\t\ttx.redirectUri,\n tx.codeVerifier as string,\n tx.nonce\n\t\t\t\t)\n\n\t\t\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\t\t\twindow.location.replace(originalUri)\n\t\t\t\t}\n\n\t\t\t\treturn res\n\t\t\t}\n\t\t} else if (!this.options.useImplicitMode) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage'\n\t\t\t)\n\t\t}\n\t\t// implicit flow\n\t\tconst idToken = paramDict.id_token\n\t\tconst accessToken = paramDict.access_token\n\t\t// implict 模式没有refresh_token\n\t\t// https://docs.authing.cn/v2/concepts/oidc/choose-flow.html#%E9%9A%90%E5%BC%8F%E6%A8%A1%E5%BC%8F\n\t\t// const refreshToken = paramDict.refresh_token\n\t\tconst nonce = tx?.nonce\n\n\t\tif (\n\t\t\t(this.options.implicitResponseType.includes('token') && !accessToken) ||\n (this.options.implicitResponseType.includes('id_token') && !idToken)\n\t\t) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 token')\n\t\t}\n\n\t\tconst result = await this.saveLoginState({\n\t\t\tidToken,\n\t\t\taccessToken,\n\t\t\tnonce\n\t\t})\n\n\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\twindow.location.replace(originalUri)\n\t\t}\n\n\t\treturn { ...result, customState }\n\n\t}\n\n\t/**\n * 弹出一个新的 Authing 登录页面窗口,在其中完成登录\n *\n * @param options.redirectUri 回调地址,需要和当前页面在 same origin 下;默认为初始化参数中的 redirectUri 或 window.location.origin\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n */\n\tasync loginWithPopup(\n\t\toptions: { redirectUri?: string; forced?: boolean } = {}\n\t): Promise<LoginState | null> {\n\t\tconst redirectUri =\n options.redirectUri || this.options.redirectUri || window.location.origin\n\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tthrow new Error(MSG_CROSS_ORIGIN_ISOLATED)\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst url = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tconst win = window.open(\n\t\t\turl,\n\t\t\t'authing-spa-login-window',\n\t\t\t`popup,width=${this.options.popupWidth},height=${this.options.popupHeight}`\n\t\t)\n\t\tif (!win) {\n\t\t\tthrow new Error('弹出窗口失败')\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve => {\n\t\t\t\tconst handle = setInterval(() => {\n\t\t\t\t\tif (win.closed) {\n\t\t\t\t\t\tclearInterval(handle)\n\t\t\t\t\t\t// 防止 post message 事件和 close 事件同时到达\n\t\t\t\t\t\tsetTimeout(() => resolve(null), 500)\n\t\t\t\t\t}\n\t\t\t\t}, 500)\n\t\t\t})\n\t\t])\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tif (!res) {\n\t\t\t// 窗口被用户关闭了\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t)\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUri, codeVerifier)\n\t}\n\n\t// /**\n\t// * 由于 iframe 存在跨域 cookie 无法携带以及联邦认证支持问题,暂时不支持本方法\n\t// *\n\t// * 在指定的 iframe 中显示 Authing 登录页面,在其中完成登录\n\t// *\n\t// * 注意: 当需要手动关闭 iframe 时,必须同时调用 abortIframeLogin 方法\n\t// *\n\t// * @param options.forced 即使在用户已登录时也提示用户再次登录\n\t// */\n\t/*\n async loginWithIframe(\n iframe: HTMLIFrameElement,\n options: { forced?: boolean } = {},\n ): Promise<LoginState> {\n if (this.globalMsgListener !== undefined) {\n throw new Error(MSG_PENDING_AUTHZ);\n }\n this.globalMsgListener = null;\n\n if (window.crossOriginIsolated) {\n // 如果是 crossOriginIsolated 就发不了 postMessage 了\n throw new Error(MSG_CROSS_ORIGIN_ISOLATED);\n }\n\n const state = createRandomString(16);\n const nonce = createRandomString(16);\n let codeVerifier: string | undefined;\n\n const params: AuthzURLParams = {\n redirect_uri: window.location.href,\n response_mode: 'web_message',\n response_type: this.options.useImplicitMode\n ? this.options.implicitResponseType\n : 'code',\n client_id: this.options.appId,\n state,\n nonce,\n ...(options.forced && { prompt: 'login' }),\n scope: this.options.scope,\n };\n\n if (!this.options.useImplicitMode) {\n const { codeChallenge, codeVerifier: v } = await genPKCEPair();\n codeVerifier = v;\n params.code_challenge = codeChallenge;\n params.code_challenge_method = 'S256';\n }\n\n iframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`;\n\n const res = await this.listenToPostMessage(state);\n if (res.error) {\n throw new Error(\n `登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`,\n );\n }\n\n if (res.state !== state) {\n throw new Error('state 验证失败');\n }\n\n return this.handleSuccessfulOIDCResponse(\n res,\n window.location.href,\n codeVerifier,\n );\n }\n */\n\n\t/**\n * 手动中止 iframe 登录, 并移除 SDK 注册的事件监听器\n */\n\t/*\n abortIframeLogin(): void {\n if (this.globalMsgListener) {\n window.removeEventListener('message', this.globalMsgListener);\n }\n this.globalMsgListener = undefined;\n }\n */\n\n\t/**\n * 用 Access Token 获取用户身份信息\n *\n * @param options.accessToken Access Token,默认从登录态中获取\n */\n\tasync getUserInfo(\n\t\toptions: {\n accessToken?: string\n } = {}\n\t): Promise<IUserInfo | NormalError> {\n\t\tconst accessToken =\n options.accessToken ?? (await this.getLoginState())?.accessToken\n\t\tif (!accessToken) {\n\t\t\tthrow new Error('access token 不存在,请重新登录')\n\t\t}\n\n\t\tconst { data } = await axiosGet(`${this.domain}/api/v3/get-profile`, {\n\t\t\theaders: {\n\t\t\t\tAuthorization: `Bearer ${accessToken}`,\n\t\t\t\t'x-authing-userpool-id': this.options.userPoolId\n\t\t\t}\n\t\t})\n\n\t\tif (data.data) {\n\t\t\treturn data.data as IUserInfo\n\t\t}\n\n\t\treturn {\n\t\t\tapiCode: data.apiCode,\n\t\t\tmessage: data.message,\n\t\t\tstatusCode: data.statusCode\n\t\t}\n\t}\n\n\t/**\n * 重定向到 Authing 的登出端点,完成登出操作\n *\n * @param options.redirectUri 登出完成后的回调地址,默认为初始化参数中的 logoutRedirectUri\n * @param options.state 自定义中间状态\n */\n\tasync logoutWithRedirect(\n\t\toptions: {\n redirectUri?: string | null\n state?: string\n } = {}\n\t): Promise<void> {\n\t\tconst loginState = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!loginState) {\n\t\t\treturn\n\t\t}\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\tconst params: LogoutURLParams = {\n\t\t\tid_token_hint: loginState.idToken\n\t\t}\n\n\t\tconst logoutRedirectUri =\n options.redirectUri ?? this.options.logoutRedirectUri\n\t\tif (logoutRedirectUri) {\n\t\t\tparams.post_logout_redirect_uri = logoutRedirectUri\n\t\t\tparams.state = options.state\n\t\t}\n\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/session/end?${createQueryParams(params)}`\n\t\t)\n\t\treturn\n\t}\n\t/**\n *\n * 使用内部维护的 refresh_token 刷新 access_token、id_token\n *\n */\n\tasync refreshToken(): Promise<null | LoginState> {\n\t\tconst state = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!state?.refreshToken) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能'\n\t\t\t)\n\t\t}\n\t\tconst data = {\n\t\t\tgrant_type: 'refresh_token',\n\t\t\tredirect_uri: '',\n\t\t\trefresh_token: state.refreshToken\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(data),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token\n\t\t})\n\t}\n\n\tprivate async listenToPostMessage(state: string) {\n\t\treturn new Promise<OIDCWebMessageResponse>((resolve, reject) => {\n\t\t\tconst msgEventListener = (msgEvent: MessageEvent) => {\n\t\t\t\tif (\n\t\t\t\t\tmsgEvent.origin !== this.domain ||\n msgEvent.data?.type !== 'authorization_response'\n\t\t\t\t) {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\twindow.removeEventListener('message', msgEventListener)\n\t\t\t\tthis.globalMsgListener = undefined\n\n\t\t\t\tconst { response } = msgEvent.data\n\t\t\t\tif (!response || response.state !== state) {\n\t\t\t\t\treturn reject(new Error('非法的服务端返回值'))\n\t\t\t\t}\n\n\t\t\t\tif (response.error) {\n\t\t\t\t\treturn resolve({\n\t\t\t\t\t\terror: response.error,\n\t\t\t\t\t\terrorDesc: response.error_description\n\t\t\t\t\t})\n\t\t\t\t}\n\n\t\t\t\treturn resolve({\n\t\t\t\t\taccessToken: response.access_token,\n\t\t\t\t\tidToken: response.id_token,\n\t\t\t\t\trefreshToken: response.refresh_token,\n\t\t\t\t\tcode: response.code,\n\t\t\t\t\tstate: response.state\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tthis.globalMsgListener = msgEventListener\n\t\t\twindow.addEventListener('message', msgEventListener)\n\t\t})\n\t}\n\n\tprivate async saveLoginState(params: {\n accessToken?: string\n idToken?: string\n refreshToken?: string\n nonce?: string\n }) {\n\t\tconst { accessToken, idToken, refreshToken } = params\n\t\tconst loginState: LoginState = {\n\t\t\taccessToken: accessToken,\n\t\t\tidToken: idToken,\n\t\t\trefreshToken: refreshToken,\n\t\t\ttimestamp: Date.now()\n\t\t}\n\n\t\tif (idToken) {\n\t\t\tconst parsedIdToken: IDToken = parseToken(idToken).body\n\t\t\tloginState.parsedIdToken = parsedIdToken\n\t\t\tloginState.expireAt = parsedIdToken.exp * 1000\n\n\t\t\tif (params.nonce && parsedIdToken.nonce !== params.nonce) {\n\t\t\t\tthrow new Error('nonce 验证失败')\n\t\t\t}\n\t\t}\n\n\t\tif (accessToken) {\n\t\t\tconst parsedAccessToken: AccessToken = parseToken(accessToken).body\n\t\t\tloginState.parsedAccessToken = parsedAccessToken\n\t\t\tloginState.expireAt = parsedAccessToken.exp * 1000\n\t\t}\n\n\t\tawait this.loginStateProvider.put(\n\t\t\tloginStateKey(this.options.appId),\n\t\t\tloginState\n\t\t)\n\t\treturn loginState\n\t}\n\n\tprivate async exchangeToken(\n\t\tcode: string,\n\t\tredirectUri: string,\n\t\tcodeVerifier: string,\n\t\tnonce: string\n\t) {\n\t\tconst tokenParam: PKCETokenParams = {\n\t\t\tgrant_type: 'authorization_code',\n\t\t\tcode,\n\t\t\tcode_verifier: codeVerifier as string,\n\t\t\tclient_id: this.options.appId,\n\t\t\tredirect_uri: redirectUri\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(tokenParam),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token,\n\t\t\tnonce\n\t\t})\n\t}\n\n\tprivate async handleOIDCWebMsgResponse(\n\t\tres: OIDCWebMessageResponse,\n\t\tnonce: string,\n\t\t// 只有 PKCE 会用下面两个参数\n\t\tredirectUri?: string,\n\t\tcodeVerifier?: string\n\t) {\n\t\tif (this.options.useImplicitMode) {\n\t\t\t// implicit flow\n\t\t\tif (\n\t\t\t\t(this.options.implicitResponseType.includes('token') &&\n typeof res.accessToken !== 'string') ||\n (this.options.implicitResponseType.includes('id_token') &&\n typeof res.idToken !== 'string')\n\t\t\t) {\n\t\t\t\tthrow new Error('无效的 Token 返回值')\n\t\t\t}\n\n\t\t\treturn this.saveLoginState({\n\t\t\t\taccessToken: res.accessToken,\n\t\t\t\tidToken: res.idToken,\n\t\t\t\trefreshToken: res.refreshToken,\n\t\t\t\tnonce\n\t\t\t})\n\t\t}\n\n\t\t// PKCE code flow\n\t\tif (typeof res.code !== 'string') {\n\t\t\tthrow new Error('无效的 Code 返回值')\n\t\t}\n\n\t\tif (!redirectUri || !codeVerifier) {\n\t\t\t// should never happen\n\t\t\tthrow new Error()\n\t\t}\n\n\t\treturn this.exchangeToken(res.code, redirectUri, codeVerifier, nonce)\n\t}\n\n\tprivate resolveCallbackParams() {\n\t\tconst paramSource: string =\n this.options.redirectResponseMode === 'fragment'\n \t? window.location.hash\n \t: window.location.search\n\t\tif (!paramSource) {\n\t\t\treturn null\n\t\t}\n\n\t\tconst paramDict: StrDict = Object.create(null)\n\t\tparamSource\n\t\t\t.substring(1)\n\t\t\t.split('&')\n\t\t\t.forEach(item => {\n\t\t\t\tconst [key, val] = item.split('=')\n\t\t\t\tparamDict[key] = val\n\t\t\t})\n\n\t\treturn paramDict\n\t}\n\n\n\n\tprivate async login(\n\t\tdata: | PasswordLoginOptions\n | PassCodeLoginOptions,\n\t\ttype: string\n\t): Promise<LoginState> {\n\t\tconst urlMap: Record<string, string> = {\n\t\t\tcode: '/api/v3/signin-by-mobile',\n\t\t\tphone: '/api/v3/signin-by-mobile',\n\t\t\tpassword: '/api/v3/signin',\n\t\t\tpassCode: '/api/v3/signin'\n\t\t}\n\t\ttry {\n\t\t\tconst {data:response} = await axiosPost(\n\t\t\t\tthis.domain + urlMap[type],\n\t\t\t\tdata,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t)\n\t\t\tif (response.data?.access_token || response.data?.id_token) {\n\t\t\t\tconst loginState = await this.saveLoginState({\n\t\t\t\t\taccessToken: response.data?.access_token,\n\t\t\t\t\tidToken: response.data?.id_token,\n\t\t\t\t\trefreshToken: response.data?.refresh_token,\n\t\t\t\t\t...response.data\n\t\t\t\t})\n\t\t\t\treturn loginState\n\t\t\t} else {\n\t\t\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\t\t\t\tthrow new Error(response)\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tthrow new Error('login error: ' + JSON.stringify(e))\n\t\t}\n\t}\n\n\n\tasync getPublicKey(encryptType: EncryptType): Promise<string> {\n\t\ttry {\n\t\t\tconst { data }= await axiosGet(`${this.domain}/api/v3/system`)\n\n\t\t\treturn data?.[encryptType]?.publicKey\n\t\t} catch (e) {\n\t\t\tthrow new Error('get public key error: ' + JSON.stringify(e))\n\t\t}\n\t}\n\n\tasync loginByEmail(\n\t\tdata: PasswordLoginOptions\n\t): Promise<LoginState> {\n\n\t\tif (\n\t\t\tdata.options?.passwordEncryptType &&\n data.options?.passwordEncryptType !== 'none'\n\t\t) {\n\t\t\tif (!this.options.encryptFunction) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'encrypFunction is required, if passwordEncryptType is not \"none\"'\n\t\t\t\t)\n\t\t\t}\n\n\t\t\tconst publicKey = await this.getPublicKey(\n\t\t\t\tdata.options.passwordEncryptType\n\t\t\t)\n\n\t\t\tif (typeof publicKey !== 'string') {\n\t\t\t\tthrow new Error(`publicKey of ${data.options.passwordEncryptType} is not a string, please contact the administrator` )\n\t\t\t}\n\n\t\t\tdata.passwordPayload.password = this.options.encryptFunction(\n\t\t\t\tdata.passwordPayload.password,\n\t\t\t\tpublicKey\n\t\t\t)\n\t\t}\n\n\t\tconst _data: PasswordLoginOptions = {\n\t\t\t...data,\n\t\t\tconnection: 'PASSWORD'\n\t\t}\n\t\treturn await this.login(_data, 'password')\n\t}\n\n}\n"],"names":["axiosPromiseWrapper","p","_d","e_1","isAxiosError","_b","response","_a","data","error","_c","error_description","Error","concat","axiosGet","url","options","_options","mergeOptions","axios","get","axiosPost","post","Object","assign","headers","STORAGE_KEY_PREFIX","InMemoryStorageProvider","this","storage","create","prototype","key","put","value","delete","LocalStorageProvider","jsonItem","localStorage","getItem","JSON","parse","setItem","stringify","removeItem","NullStorageProvider","SessionStorageProvider","sessionStorage","createQueryParams","params","keys","filter","k","undefined","map","encodeURIComponent","join","loginStateKey","appId","transactionKey","state","getCrypto","window","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","length","charset","Array","from","getRandomValues","Uint8Array","v","string2Buf","str","buffer","i","push","charCodeAt","genPKCEPair","algorithm","codeVerifier","digest","hash","sent","codeChallenge","ie11SafeInput","binary","byteLength","String","fromCharCode","base64","btoa","charMapping","replace","ch","buf2Base64Url","parseToken","token","split","header","body","headerObj","atob","enc","decodeURIComponent","c","toString","slice","Authing","domain","matchRes","exec","domainC14n","useImplicitMode","loginStateProvider","console","warn","transactionProvider","implicitResponseType","redirectResponseMode","popupWidth","popupHeight","scope","_e","getLoginStateWithRedirect","nonce","redirectUri","location","origin","redirect_uri","response_mode","response_type","client_id","code_challenge","code_challenge_method","getLoginState","ignoreCache","state_1","expireAt","Date","now","introspectAccessToken","accessToken","active","globalMsgListener","crossOriginIsolated","redirectUrl","prompt","iframe","document","createElement","hidden","width","height","src","navigator","userAgent","indexOf","appendChild","append","Promise","race","listenToPostMessage","resolve","setTimeout","res","removeEventListener","remove","errorDesc","handleOIDCWebMsgResponse","loginWithRedirect","forced","login_page_context","__assign","redirectToOriginalUri","originalUri","href","customState","isRedirectCallback","resolveCallbackParams","handleRedirectCallback","paramDict","tx","code","exchangeToken","idToken","id_token","access_token","includes","saveLoginState","result","loginWithPopup","win","open","handle","setInterval","closed","clearInterval","getUserInfo","Authorization","userPoolId","apiCode","message","statusCode","logoutWithRedirect","loginState","id_token_hint","logoutRedirectUri","post_logout_redirect_uri","refreshToken","grant_type","refresh_token","tokenRes","reject","msgEventListener","msgEvent","_this","type","addEventListener","timestamp","parsedIdToken","exp","parsedAccessToken","tokenParam","code_verifier","paramSource","search","substring","forEach","item","val","login","urlMap","phone","password","passCode","_f","getPublicKey","encryptType","publicKey","e_2","loginByEmail","passwordEncryptType","encryptFunction","passwordPayload","_data","connection"],"mappings":"ojDAQA,SAAeA,EAAoBC,iHAE1B,6BAAA,CAAA,EAAMA,GAAb,KAAA,EAAA,MAAA,CAAA,EAAOC,iBAEP,cAAiBC,EAPTC,eAQwB,QAA3BC,EAAa,UAAZF,EAAEG,gBAAU,IAAAC,OAAA,EAAAA,EAAAC,YAAc,IAAAH,OAAA,EAAAA,EAAAI,OAG9B,MADMC,EAA+BP,EAAEG,SAAUE,KAAzCC,EAAKC,EAAAD,MAAEE,EAAiBD,EAAAC,kBAC1B,IAAIC,MAAM,aAAAC,OAAaJ,EAAU,MAAAI,OAAAF,IAGzC,MAAMR,yBAEP,CAEqB,SAAAW,EACrBC,EACAC,4EAGA,OADMC,EAAWC,EAAaF,GACvB,CAAA,EAAAhB,EAAoBmB,EAAMC,IAAIL,EAAKE,UAC1C,UAEqBI,EACrBN,EACAP,EACAQ,4EAGA,OADMC,EAAWC,EAAaF,GAC9B,CAAA,EAAOhB,EAAoBmB,EAAMG,KAAKP,EAAKP,EAAMS,UACjD,CAED,SAASC,EAAcF,GAQtB,OAPiBO,OAAOC,OAAO,CAAA,EAAIR,GAAW,CAAA,EAAI,CACjDS,eACIT,aAAO,EAAPA,EAASS,SACZ,CAAA,yBAA0B,UAC1B,oCAIH,CCjDO,IAGMC,EAAqB,UAHJ,cAGqB,KAAAb,OAFpB,KCE/Bc,EAAA,WAAA,SAAAA,IACkBC,KAAAC,QAAUN,OAAOO,OAAO,KAazC,CAAD,OAXCH,EAAGI,UAAAX,IAAH,SAAIY,SACH,OAA4B,QAArBzB,EAAAqB,KAAKC,QAAQG,UAAQ,IAAAzB,EAAAA,EAAA,MAG7BoB,EAAAI,UAAAE,IAAA,SAAID,EAAaE,GAChBN,KAAKC,QAAQG,GAAOE,GAGrBP,EAAMI,UAAAI,OAAN,SAAOH,UACCJ,KAAKC,QAAQG,IAErBL,CAAD,ICdAS,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGL,UAAAX,IAAH,SAAIY,GACH,IAAMK,EAAWC,aAAaC,QAAQP,GACtC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBD,EAAAL,UAAAE,IAAA,SAAID,EAAaE,GAChBI,aAAaI,QAAQV,EAAKQ,KAAKG,UAAUT,KAG1CE,EAAML,UAAAI,OAAN,SAAOH,GACNM,aAAaM,WAAWZ,IAEzBI,CAAD,IChBAS,EAAA,WAAA,SAAAA,IAYC,CAAD,OAXCA,EAAAd,UAAAX,IAAA,WACC,OAAO,MAGRyB,EAAAd,UAAAE,IAAA,aAIAY,EAAAd,UAAAI,OAAA,aAGAU,CAAD,ICZAC,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGf,UAAAX,IAAH,SAAIY,GACH,IAAMK,EAAWU,eAAeR,QAAQP,GACxC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBS,EAAAf,UAAAE,IAAA,SAAID,EAAaE,GAChBa,eAAeL,QAAQV,EAAKQ,KAAKG,UAAUT,KAG5CY,EAAMf,UAAAI,OAAN,SAAOH,GACNe,eAAeH,WAAWZ,IAE3Bc,CAAD,IChBM,SAAUE,EAAkBC,GACjC,OAAO1B,OAAO2B,KAAKD,GACjBE,QAAO,SAAAC,GAAK,OAAc,OAAdH,EAAOG,SAA6BC,IAAdJ,EAAOG,EAAgB,IACzDE,KACA,SAAAF,GAAK,OAAAG,mBAAmBH,GAAK,IAAMG,mBAAmBN,EAAOG,GAAxD,IAELI,KAAK,IACR,CAEM,SAAUC,EAAcC,GAC7B,MAAO,CAAChC,EAAoBgC,EAAO,eAAeF,KAAK,IACxD,CAEgB,SAAAG,EAAeD,EAAeE,GAC7C,MAAO,CAAClC,EAAoBgC,EAAO,KAAME,GAAOJ,KAAK,IACtD,UAEgBK,IAEf,OAAQC,OAAOC,QAAWD,OAAeE,QAC1C,UAEgBC,IACf,IAAMF,EAASF,IAEf,OAAOE,EAAOG,QAAWH,EAAeI,YACzC,CAEM,SAAUC,EAAmBC,GAClC,IAAMC,EACH,iEAIH,OAHqBC,MAAMC,KAC1BX,IAAYY,gBAAgB,IAAIC,WAAWL,KAExBf,KAAI,SAAAqB,GAAK,OAAAL,EAAQK,EAAIL,EAAQD,OAAO,IAAEb,KAAK,GAChE,CAEM,SAAUoB,EAAWC,GAE1B,IADA,IAAMC,EAAmB,GAChBC,EAAI,EAAGA,EAAIF,EAAIR,SAAUU,EACjCD,EAAOE,KAAKH,EAAII,WAAWF,IAE5B,OAAO,IAAIL,WAAWI,EACvB,CAaM,SAAgBI,EAAYC,eAAA,IAAAA,IAAAA,EAAqB,sGAGzC,OADPC,EAAehB,EAAmB,IAC3B,CAAA,EAAMH,IAAkBoB,OACpCF,EACAP,EAAWQ,YAGZ,OALME,EAAO/E,EAGZgF,OAED,CAAA,EAAO,CAAEC,cAnBV,SAAuBV,GAGtB,IAFA,IAAMW,EAAgB,IAAIf,WAAWI,GACjCY,EAAS,GACJX,EAAI,EAAGA,EAAIU,EAAcE,aAAcZ,EAC/CW,GAAUE,OAAOC,aAAaJ,EAAcV,IAE7C,IAAMe,EAAShC,OAAOiC,KAAKL,GACrBM,EAAuB,CAAE,IAAK,IAAK,IAAK,IAAK,IAAK,IACxD,OAAOF,EAAOG,QAAQ,UAAU,SAACC,GAAe,OAAAF,EAAYE,EAAZ,GACjD,CASuBC,CAAcb,GACZF,aAAYA,UACpC,CAWK,SAAUgB,EAAWC,GACtB,IAAA9F,EAAsB8F,EAAMC,MAAM,KAAjCC,EAAMhG,EAAA,GAAEiG,EAAIjG,EAAA,GACjB,SACC,MAAM,IAAIK,MAAM,gBAGjB,IAAM6F,EAAYjE,KAAKC,MAAMqB,OAAO4C,KAAKH,IACzC,GAAIE,EAAUE,IACb,MAAM,IAAI/F,MACT,mDAeF,OAXA4F,EAAOA,EAAKP,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC7CO,EAAOI,mBACN9C,OACE4C,KAAKF,GACLF,MAAM,IACNhD,KAAI,SAAUuD,GACd,MAAO,KAAO,KAAOA,EAAE5B,WAAW,GAAG6B,SAAS,KAAKC,OAAO,EAC3D,IACCvD,KAAK,KAGD,CACN+C,OAAQE,EACRD,KAAMhE,KAAKC,MAAM+D,GAEnB,CChEA,IAAAQ,EAAA,WAQC,SAAAA,EAAYhG,iBAIX,GAHAY,KAAKZ,QAAUA,EACfY,KAAKqF,ODiBD,SAAqBA,SAEpBC,EADY,qEACSC,KAAKF,GAChC,GAAIC,GAAYA,EAAS,GACxB,MAAO,GAAGrG,OAAW,QAAXN,EAAA2G,EAAS,UAAE,IAAA3G,EAAAA,EAAI,YAAUM,OAAGqG,EAAS,IAEhD,MAAMtG,MAAM,YAAAC,OAAYoG,GACzB,CCxBgBG,CAAWxF,KAAKZ,QAAQiG,UAEjCjG,EAAQqG,iBAAqBxD,KAAgBI,KACjD,MAAM,IAAIrD,MACT,yEAI0B,iBAAjB0B,aACVV,KAAK0F,mBAAqB,IAAIlF,GAE9BmF,QAAQC,KAAK,yBACb5F,KAAK0F,mBAAqB,IAAI3F,GAGD,iBAAnBoB,eACVnB,KAAK6F,oBAAsB,IAAI3E,GAE1B9B,EAAQqG,iBACZE,QAAQC,KACP,yDAGF5F,KAAK6F,oBAAsB,IAAI5E,GAGhC7B,EAAQ0G,qBACwB,QAA5BnH,EAAAS,EAAQ0G,4BAAoB,IAAAnH,EAAAA,EAAI,iBACpCS,EAAQ2G,qBAAuD,QAAhCtH,EAAAW,EAAQ2G,4BAAwB,IAAAtH,EAAAA,EAAA,WAC/DW,EAAQ4G,WAAmC,QAAtBlH,EAAAM,EAAQ4G,kBAAc,IAAAlH,EAAAA,EN3EV,IM4EjCM,EAAQ6G,YAAqC,QAAvB3H,EAAAc,EAAQ6G,mBAAe,IAAA3H,EAAAA,EN3EX,IM4ElCc,EAAQ8G,MAAyB,QAAjBC,EAAA/G,EAAQ8G,aAAS,IAAAC,EAAAA,EN1EN,gBM2E3B,CA43BF,OA13BOf,EAAAjF,UAAAiG,0BAAN,+HAkBK,OAjBEpE,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAC3B8D,EAAsC,QAAxB3H,EAAAqB,KAAKZ,QAAQkH,mBAAW,IAAA3H,EAAAA,EAAIuD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAcH,EACdI,cAAe1G,KAAKZ,QAAQ2G,sBAAwB,QACpDY,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKZ,QAAQ8G,OAIhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKZ,QAAQ0C,MAAOE,GACnC,CACCwB,aAAYA,EACZxB,MAAKA,EACLsE,YAAWA,EACXD,MAAKA,mBANPvH,EAAA6E,OAUAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,eAE/C,EAUK+D,EAAajF,UAAA4G,cAAnB,SACC3H,qBAAA,IAAAA,IAAAA,EAEQ,CAAA,gHAGJ,OAACA,EAAQ4H,YAAW,CAAA,EAAA,GACT,CAAA,EAAMhH,KAAK0F,mBAAmBlG,IAC3CqC,EAAc7B,KAAKZ,QAAQ0C,gBAExB,OAHEmF,EAAQnI,EAEb6E,SACYsD,EAAMC,UAAYD,EAAMC,SAAWC,KAAKC,MAC/CpH,KAAKZ,QAAQiI,uBAA0BJ,EAAMK,YAI3B,CAAA,EAAA7H,EACtB,GAAGR,OAAAe,KAAKqF,OAAM,6BACdjE,EAAkB,CACjBwF,UAAW5G,KAAKZ,QAAQ0C,MACxB2C,MAAOwC,EAAMK,cAEd,CACCzH,QAAS,CACR,eAAgB,wCAXlB,CAAA,EAAOoH,GAFiD,CAAA,EAAA,UAkBzD,IAAoB,IAbHnI,EAWhB6E,OAXW/E,KAaH2I,OACR,MAAA,CAAA,EAAON,oBAMV,MAAA,CAAA,EAAMjH,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAGhE,GAHAhD,EAAA6E,YAG+BlC,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIxI,MNjKX,4BMqKA,OAFAgB,KAAKwH,kBAAoB,KAErBtF,OAAOuF,qBAEV9B,QAAQC,KAAK,wBACb,CAAA,EAAO,QAGF5D,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BkF,EAAsC,QAAxB/I,EAAAqB,KAAKZ,QAAQkH,mBAAW,IAAA3H,EAAAA,EAAIuD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAciB,EACdhB,cAAe,cACfC,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLsB,OAAQ,OACRzB,MAAOlG,KAAKZ,QAAQ8G,OAGhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,aAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAepB,OAZNc,EAASC,SAASC,cAAc,WAE/BC,QAAS,EAChBH,EAAOI,MAAQJ,EAAOK,OAAS,IAE/BL,EAAOM,IAAM,GAAAjJ,OAAGe,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,IDvG3Da,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,GAC3CnG,OAAOiG,UAAUC,UAAUC,QAAQ,YAAc,GAChDnG,OAAOiG,UAAUC,UAAUC,QAAQ,OAAS,GAC9CnG,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,ECsG/CR,SAASjD,KAAK0D,YAAYV,GAE1BC,SAASjD,KAAK2D,OAAOX,GAGJ,CAAA,EAAAY,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,OAAAC,YAAW,WAAM,OAAAD,EAAQ,KAAR,GN3N4B,IM2N7C,cAWF,GAdME,EAAM/J,EAKV6E,OAEE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,EAEzBmG,EAAOmB,SAEK,OAARF,EAEH,OADAlD,QAAQC,KAAK,WACb,CAAA,EAAO,MAGR,GAAIiD,EAAIhK,MAQP,MAPkB,mBAAdgK,EAAIhK,MACP8G,QAAQC,KACP,4BAAA3G,OAA4B4J,EAAIhK,MAAK,wBAAAI,OAAuB4J,EAAIG,YAGjErD,QAAQC,KAAK,SAEd,CAAA,EAAO,MAGR,GAAIiD,EAAI7G,QAAUA,EACjB,MAAM,IAAIhD,MAAM,cAGjB,MAAA,CAAA,EAAOgB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOqB,EAAalE,UAC9D,EAUK4B,EAAiBjF,UAAA+I,kBAAvB,SACC9J,qBAAA,IAAAA,IAAAA,EAMQ,CAAA,0GAGR,KADMkH,EAAclH,EAAQkH,aAAetG,KAAKZ,QAAQkH,aAEvD,MAAM,IAAItH,MAAM,qBAuBb,OApBEgD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,OACLoF,aAAcH,EACdI,cAAe1G,KAAKZ,QAAQ2G,qBAC5BY,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKZ,QAAQ8G,OAChB9G,EAAQ+J,QAAU,CAAExB,OAAQ,UAC5BvI,EAAQgK,oBAAsB,CACjCA,mBAAoBhK,EAAQgK,qBAKzBpJ,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C7E,EAAqCK,SAAnC8E,EAAanF,EAAAmF,cAAgBb,EAACtE,EAAA+E,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKZ,QAAQ0C,MAAOE,GAAMqH,EAAAA,EAAA,CAExC7F,aAAYA,EACZxB,MAAKA,EACLsE,cACAD,MAAKA,GACDrG,KAAKZ,QAAQkK,uBAAyB,CACzCC,oBAAa5K,EAAAS,EAAQmK,2BAAerH,OAAOqE,SAASiD,YAEzB/H,IAAxBrC,EAAQqK,aAA6B,CACxCA,YAAarK,EAAQqK,8BAXxB3K,EAAA6E,OAgBAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAApG,OAAcmC,EAAkBC,eAE/C,EAKD+D,EAAAjF,UAAAuJ,mBAAA,WACC,IAAMrI,EAASrB,KAAK2J,wBAEpB,QAAKtI,MAIDA,EAAc,QAIdrB,KAAKZ,QAAQqG,mBACNpE,EAAqB,eAAKA,EAAiB,YAE5CA,EAAa,QAOlB+D,EAAAjF,UAAAyJ,uBAAN,+HAEC,KADMC,EAAY7J,KAAK2J,yBAEtB,MAAM,IAAI3K,MAAM,aAGjB,GAAI6K,EAAUhL,MACb,MAAM,IAAIG,MACT,eAAAC,OAAe4K,EAAUhL,MAAK,wBAAAI,OAAuB4K,EAAU9K,oBAQjE,KADQiD,EAAU6H,EAAS7H,OAE1B,MAAM,IAAIhD,MAAM,uBAEN,MAAA,CAAA,EAAMgB,KAAK6F,oBAAoBrG,IACzCuC,EAAe/B,KAAKZ,QAAQ0C,MAAOE,YAEhC,OAHE8H,EAAKnL,EAEVgF,QAEA,CAAA,EAAM3D,KAAK6F,oBAAoBtF,OAC9BwB,EAAe/B,KAAKZ,QAAQ0C,MAAOE,KAF/B,CAAA,EAAA,UAKL,GAJArD,EAAAgF,OAIImG,EAAG9H,QAAUA,EAChB,MAAM,IAAIhD,MAAM,cAKb,GAFJuK,EAAcO,EAAGP,YACjBE,EAAcK,EAAGL,YACZzJ,KAAKZ,QAAQqG,gBAAd,MAA6B,CAAA,EAAA,GAGhC,KADQsE,EAASF,EAASE,MAEzB,MAAM,IAAI/K,MAAM,sBAEL,MAAA,CAAA,EAAMgB,KAAKgK,cACtBD,EACAD,EAAGxD,YACEwD,EAAGtG,aACHsG,EAAGzD,eAOT,OAXMwC,EAAMlK,EAKXgF,OAEG3D,KAAKZ,QAAQkK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAOV,6BAEF,IAAK7I,KAAKZ,QAAQqG,gBACxB,MAAM,IAAIzG,MACT,wEAWF,GAPMiL,EAAUJ,EAAUK,SACpB5C,EAAcuC,EAAUM,aAIxB9D,EAAQyD,eAAAA,EAAIzD,MAGhBrG,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,WAAa9C,GACrDtH,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,cAAgBH,EAE/D,MAAM,IAAIjL,MAAM,uBAGF,MAAM,CAAA,EAAAgB,KAAKqK,eAAe,CACxCJ,QAAOA,EACP3C,YAAWA,EACXjB,MAAKA,YAON,OAVMiE,EAAS3L,EAIbgF,OAEE3D,KAAKZ,QAAQkK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAAF,EAAAA,EAAA,CAAA,EAAYiB,GAAM,CAAEb,YAAWA,WAE/B,EAQKrE,EAAcjF,UAAAoK,eAApB,SACCnL,eAAA,IAAAA,IAAAA,EAAwD,CAAA,gHAKxD,GAHMkH,EACFlH,EAAQkH,aAAetG,KAAKZ,QAAQkH,aAAepE,OAAOqE,SAASC,YAExC/E,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIxI,MNtbX,4BM0bA,GAFAgB,KAAKwH,kBAAoB,KAErBtF,OAAOuF,oBAEV,MAAM,IAAIzI,MN1bX,kDM8cI,OAjBEgD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,EACLgI,EAAAA,EAAA,CAAA5C,aAAcH,EACdI,cAAe,cACfC,cAAe3G,KAAKZ,QAAQqG,gBACzBzF,KAAKZ,QAAQ0G,qBACb,OACHc,UAAW5G,KAAKZ,QAAQ0C,MACxBE,MAAKA,EACLqE,SACIjH,EAAQ+J,QAAU,CAAExB,OAAQ,UAChC,CAAAzB,MAAOlG,KAAKZ,QAAQ8G,QAIhBlG,KAAKZ,QAAQqG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C3E,EAAqCF,SAAnCmF,EAAajF,EAAAiF,cAAgBb,EAACpE,EAAA6E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAShC,GANM3H,EAAM,GAAGF,OAAAe,KAAKqF,OAAoB,eAAApG,OAAAmC,EAAkBC,MACpDmJ,EAAMtI,OAAOuI,KAClBtL,EACA,2BACA,eAAeF,OAAAe,KAAKZ,QAAQ4G,WAAU,YAAA/G,OAAWe,KAAKZ,QAAQ6G,eAG9D,MAAM,IAAIjH,MAAM,UAGL,MAAM,CAAA,EAAAwJ,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,IAAM+B,EAASC,aAAY,WACtBH,EAAII,SACPC,cAAcH,GAEd9B,YAAW,WAAM,OAAAD,EAAQ,KAAK,GAAE,KAEjC,GAAE,IACJ,cAOD,GAjBME,EAAMpK,EAWVkF,OACE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,GAEpBoH,EAEJ,MAAA,CAAA,EAAO,MAGR,GAAIA,EAAIhK,MACP,MAAM,IAAIG,MACT,yBAAAC,OAAyB4J,EAAIhK,MAAK,wBAAAI,OAAuB4J,EAAIG,YAI/D,GAAIH,EAAI7G,QAAUA,EACjB,MAAM,IAAIhD,MAAM,cAGjB,MAAA,CAAA,EAAOgB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOC,EAAa9C,UAC9D,EAwFK4B,EAAWjF,UAAA2K,YAAjB,SACC1L,uBAAA,IAAAA,IAAAA,EAEQ,CAAA,gGAGJ,OAAmB,QAAnBT,EAAAS,EAAQkI,mBAAW,IAAA3I,EAAA,CAAA,EAAA,eAAK,KAAA,EAAA,MAAA,CAAA,EAAMqB,KAAK+G,wBAAZjI,EAA4B,UAA3BR,EAAAqF,cAA2B,IAAAlF,OAAA,EAAAA,EAAE6I,6BACzD,KAFMA,EAC8DxI,GAEnE,MAAM,IAAIE,MAAM,0BAGA,MAAA,CAAA,EAAME,EAAS,GAAAD,OAAGe,KAAKqF,8BAA6B,CACpExF,QAAS,CACRkL,cAAe,UAAU9L,OAAAqI,GACzB,wBAAyBtH,KAAKZ,QAAQ4L,sBAIxC,OAPQpM,EAASN,EAKfqF,OALU/E,MAOHA,KACD,CAAA,EAAAA,EAAKA,MAGN,CAAA,EAAA,CACNqM,QAASrM,EAAKqM,QACdC,QAAStM,EAAKsM,QACdC,WAAYvM,EAAKuM,mBAElB,EAQK/F,EAAkBjF,UAAAiL,mBAAxB,SACChM,qBAAA,IAAAA,IAAAA,EAGQ,CAAA,yFAEW,KAAA,EAAA,MAAA,CAAA,EAAMY,KAAK0F,mBAAmBlG,IAChDqC,EAAc7B,KAAKZ,QAAQ0C,gBAE5B,OAHMuJ,EAAa5M,EAElBkF,QAID,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,SAFzD,CAAA,UAeP,OAbArD,EAAAkF,OAEMtC,EAA0B,CAC/BiK,cAAeD,EAAWpB,UAGrBsB,EACqB,QAAvB5M,EAAAS,EAAQkH,mBAAe,IAAA3H,EAAAA,EAAAqB,KAAKZ,QAAQmM,qBAEvClK,EAAOmK,yBAA2BD,EAClClK,EAAOW,MAAQ5C,EAAQ4C,OAGxB,CAAA,EAAMhC,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAKhE,OALArD,EAAAkF,OAEAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,sBAAApG,OAAqBmC,EAAkBC,KAEhD,CAAA,SACN,EAMK+D,EAAAjF,UAAAsL,aAAN,wGACe,KAAA,EAAA,MAAA,CAAA,EAAMzL,KAAK0F,mBAAmBlG,IAC3CqC,EAAc7B,KAAKZ,QAAQ0C,gBAE5B,KAAKE,OAHCA,EAAQrD,EAEbgF,eACI3B,EAAOyJ,cACX,MAAM,IAAIzM,MACT,yDAS0B,OANtBJ,EAAO,CACZ8M,WAAY,gBACZjF,aAAc,GACdkF,cAAe3J,EAAMyJ,cAGM,CAAA,EAAMhM,EACjC,GAAGR,OAAAe,KAAKqF,OAAmB,eAC3BjE,EAAkBxC,GAClB,CACCiB,QAAS,CACR,eAAgB,oCAChB,mBAAoBG,KAAKZ,QAAQ0C,iBAMpC,OAZc8J,EAAcjN,EAS3BgF,OATqB/E,KAYtB,CAAA,EAAMoB,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAEhE,OAFAnD,EAAAgF,OAEO,CAAA,EAAA3D,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,uBAExB,EAEavG,EAAmBjF,UAAAuI,oBAAjC,SAAkC1G,iFACjC,MAAA,CAAA,EAAO,IAAIwG,SAAgC,SAACG,EAASkD,GACpD,IAAMC,EAAmB,SAACC,SACzB,GACCA,EAASvF,SAAWwF,EAAK3G,QACI,oCAAxB1G,EAAAoN,EAASnN,2BAAMqN,MAFrB,CAOA/J,OAAO4G,oBAAoB,UAAWgD,GACtCE,EAAKxE,uBAAoB/F,EAEjB,IAAA/C,EAAaqN,EAASnN,cAC9B,OAAKF,GAAYA,EAASsD,QAAUA,EAIhCtD,EAASG,MACL8J,EAAQ,CACd9J,MAAOH,EAASG,MAChBmK,UAAWtK,EAASK,oBAIf4J,EAAQ,CACdrB,YAAa5I,EAASyL,aACtBF,QAASvL,EAASwL,SAClBuB,aAAc/M,EAASiN,cACvB5B,KAAMrL,EAASqL,KACf/H,MAAOtD,EAASsD,QAfT6J,EAAO,IAAI7M,MAAM,aAPxB,CAwBF,EAEAgN,EAAKxE,kBAAoBsE,EACzB5J,OAAOgK,iBAAiB,UAAWJ,EACnC,UACD,EAEa1G,EAAcjF,UAAAkK,eAA5B,SAA6BhJ,6GAc5B,GARQiG,EAAuCjG,EAA5BiG,YAAE2C,EAA0B5I,EAAM4I,QAAvBwB,EAAiBpK,eACzCgK,EAAyB,CAC9B/D,YAAaA,EACb2C,QAASA,EACTwB,aAAcA,EACdU,UAAWhF,KAAKC,OAGb6C,IACGmC,EAAyB5H,EAAWyF,GAASrF,KACnDyG,EAAWe,cAAgBA,EAC3Bf,EAAWnE,SAA+B,IAApBkF,EAAcC,IAEhChL,EAAOgF,OAAS+F,EAAc/F,QAAUhF,EAAOgF,OAClD,MAAM,IAAIrH,MAAM,cAUlB,OANIsI,IACGgF,EAAiC9H,EAAW8C,GAAa1C,KAC/DyG,EAAWiB,kBAAoBA,EAC/BjB,EAAWnE,SAAmC,IAAxBoF,EAAkBD,KAGzC,CAAA,EAAMrM,KAAK0F,mBAAmBrF,IAC7BwB,EAAc7B,KAAKZ,QAAQ0C,OAC3BuJ,WAED,OAJA1M,EAAAgF,OAIA,CAAA,EAAO0H,SACP,EAEajG,EAAajF,UAAA6J,cAA3B,SACCD,EACAzD,EACA9C,EACA6C,qGAU4B,OARtBkG,EAA8B,CACnCb,WAAY,qBACZ3B,KAAIA,EACJyC,cAAehJ,EACfoD,UAAW5G,KAAKZ,QAAQ0C,MACxB2E,aAAcH,GAGa,CAAA,EAAM7G,EACjC,GAAGR,OAAAe,KAAKqF,OAAmB,eAC3BjE,EAAkBmL,GAClB,CACC1M,QAAS,CACR,eAAgB,+CAKnB,OAVc+L,EAAcjN,EAQ3BgF,OARqB/E,KAUf,CAAA,EAAAoB,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,cACvBtF,MAAKA,WAEN,EAEajB,EAAAjF,UAAA8I,yBAAd,SACCJ,EACAxC,EAEAC,EACA9C,sEAEA,GAAIxD,KAAKZ,QAAQqG,gBAAiB,CAEjC,GACEzF,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,UACX,iBAApBvB,EAAIvB,aACZtH,KAAKZ,QAAQ0G,qBAAqBsE,SAAS,aACnB,iBAAhBvB,EAAIoB,QAEjB,MAAM,IAAIjL,MAAM,iBAGjB,MAAO,CAAA,EAAAgB,KAAKqK,eAAe,CAC1B/C,YAAauB,EAAIvB,YACjB2C,QAASpB,EAAIoB,QACbwB,aAAc5C,EAAI4C,aAClBpF,MAAKA,IAEN,CAGD,GAAwB,iBAAbwC,EAAIkB,KACd,MAAM,IAAI/K,MAAM,gBAGjB,IAAKsH,IAAgB9C,EAEpB,MAAM,IAAIxE,MAGX,MAAA,CAAA,EAAOgB,KAAKgK,cAAcnB,EAAIkB,KAAMzD,EAAa9C,EAAc6C,SAC/D,EAEOjB,EAAAjF,UAAAwJ,sBAAR,WACC,IAAM8C,EACoC,aAAtCzM,KAAKZ,QAAQ2G,qBACV7D,OAAOqE,SAAS7C,KAChBxB,OAAOqE,SAASmG,OACvB,IAAKD,EACJ,OAAO,KAGR,IAAM5C,EAAqBlK,OAAOO,OAAO,MASzC,OARAuM,EACEE,UAAU,GACVjI,MAAM,KACNkI,SAAQ,SAAAC,GACF,IAAAlO,EAAakO,EAAKnI,MAAM,KAAvBtE,EAAGzB,EAAA,GAAEmO,OACZjD,EAAUzJ,GAAO0M,CAClB,IAEMjD,GAKMzE,EAAAjF,UAAA4M,MAAd,SACCnO,EAEAqN,qHAEMe,EAAiC,CACtCjD,KAAM,2BACNkD,MAAO,2BACPC,SAAU,iBACVC,SAAU,mCAGc,6BAAA,CAAA,EAAM1N,EAC7BO,KAAKqF,OAAS2H,EAAOf,GACrBrN,EACA,CACCiB,QAAS,CACR,mBAAoBG,KAAKZ,QAAQ0C,iBAIhC,OATQpD,EAAY0O,EAQvBzJ,OARmB/E,cAShBD,EAAAD,EAASE,2BAAMuL,gBAA6B,QAAb1L,EAAAC,EAASE,YAAI,IAAAH,OAAA,EAAAA,EAAEyL,UAC9B,CAAA,EAAMlK,KAAKqK,eAAchB,EAAA,CAC3C/B,YAA4B,QAAfxI,EAAAJ,EAASE,YAAM,IAAAE,OAAA,EAAAA,EAAAqL,aAC5BF,gBAAS3L,EAAAI,EAASE,2BAAMsL,SACxBuB,aAA2B,UAAb/M,EAASE,YAAI,IAAAuH,OAAA,EAAAA,EAAEwF,eAC1BjN,EAASE,QAL4C,CAAA,EAAA,UAOzD,MAAA,CAAA,EANmBwO,EAKjBzJ,QAGF,KAAA,EAAA,MAAA,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKZ,QAAQ0C,gBAChE,MADAsL,EAAAzJ,OACM,IAAI3E,MAAMN,6BAGjB,iBAAM,IAAIM,MAAM,gBAAkB4B,KAAKG,UAAUxC,2BAElD,EAGK6G,EAAYjF,UAAAkN,aAAlB,SAAmBC,2GAED,6BAAM,CAAA,EAAApO,EAAS,GAAGD,OAAAe,KAAKqF,OAAM,2BAE7C,OAFQzG,EAAQH,EAA8CkF,OAAlD/E,KAEL,CAAA,EAAqB,QAArBD,EAAAC,aAAI,EAAJA,EAAO0O,UAAc,IAAA3O,OAAA,EAAAA,EAAA4O,kBAE5B,iBAAM,IAAIvO,MAAM,yBAA2B4B,KAAKG,UAAUyM,2BAE3D,EAEKpI,EAAYjF,UAAAsN,aAAlB,SACC7O,6GAIC,aAAAD,EAAAC,EAAKQ,8BAASsO,sBAC6B,UAA1B,QAAZjP,EAAAG,EAAKQ,eAAO,IAAAX,OAAA,EAAAA,EAAEiP,qBADnB,MACiD,CAAA,EAAA,GAEjD,IAAK1N,KAAKZ,QAAQuO,gBACjB,MAAM,IAAI3O,MACT,oEAIgB,MAAM,CAAA,EAAAgB,KAAKqN,aAC5BzO,EAAKQ,QAAQsO,6BAGd,GAAyB,iBAJnBH,EAAYzO,EAEjB6E,QAGA,MAAM,IAAI3E,MAAM,gBAAgBC,OAAAL,EAAKQ,QAAQsO,oBAAuE,uDAGrH9O,EAAKgP,gBAAgBV,SAAWlN,KAAKZ,QAAQuO,gBAC5C/O,EAAKgP,gBAAgBV,SACrBK,oBAQK,OAJDM,SACFjP,GAAI,CACPkP,WAAY,aAEA,CAAA,EAAA9N,KAAK+M,MAAMc,EAAO,aAA/B,KAAA,EAAA,MAAA,CAAA,EAAO/O,gBACP,EAEDsG,CAAD"} |
@@ -1,2 +0,2 @@ | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("axios")):"function"==typeof define&&define.amd?define(["exports","axios"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AuthingFactory={},e.axios)}(this,(function(e,t){"use strict";function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var n=o(t),r=function(){return r=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},r.apply(this,arguments)};function i(e,t,o,n){return new(o||(o=Promise))((function(r,i){function s(e){try{a(n.next(e))}catch(e){i(e)}}function c(e){try{a(n.throw(e))}catch(e){i(e)}}function a(e){var t;e.done?r(e.value):(t=e.value,t instanceof o?t:new o((function(e){e(t)}))).then(s,c)}a((n=n.apply(e,t||[])).next())}))}function s(e,t){var o,n,r,i,s={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){return function(i){if(o)throw new TypeError("Generator is already executing.");for(;s;)try{if(o=1,n&&(r=2&i[0]?n.return:i[0]?n.throw||((r=n.return)&&r.call(n),0):n.next)&&!(r=r.call(n,i[1])).done)return r;switch(n=0,r&&(i=[2&i[0],r.value]),i[0]){case 0:case 1:r=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,n=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(r=s.trys,(r=r.length>0&&r[r.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!r||i[1]>r[0]&&i[1]<r[3])){s.label=i[1];break}if(6===i[0]&&s.label<r[1]){s.label=r[1],r=i;break}if(r&&s.label<r[2]){s.label=r[2],s.ops.push(i);break}r[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],n=0}finally{o=r=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,c])}}}function c(e){var t,o;return i(this,void 0,void 0,(function(){var n,r,i,c;return s(this,(function(s){switch(s.label){case 0:return s.trys.push([0,2,,3]),[4,e];case 1:return[2,s.sent()];case 2:if(n=s.sent(),n.isAxiosError&&(null===(o=null===(t=n.response)||void 0===t?void 0:t.data)||void 0===o?void 0:o.error))throw r=n.response.data,i=r.error,c=r.error_description,new Error("认证服务器返回错误 ".concat(i,": ").concat(c));throw n;case 3:return[2]}}))}))}function a(e,t){return i(this,void 0,void 0,(function(){var o;return s(this,(function(r){return o=d(t),[2,c(n.default.get(e,o))]}))}))}function u(e,t,o){return i(this,void 0,void 0,(function(){var r;return s(this,(function(i){return r=d(o),[2,c(n.default.post(e,t,r))]}))}))}function d(e){return Object.assign({},e||{},{headers:r(r({},null==e?void 0:e.headers),{"x-authing-request-from":"sdk-web","x-authing-sdk-version":"5.1.21-alpha.3"})})}var p="".concat("authing-spa",":").concat("1"),l="另一个认证流程正在进行中,请不要同时发起多个认证",h=function(){function e(){this.storage=Object.create(null)}return e.prototype.get=function(e){var t;return null!==(t=this.storage[e])&&void 0!==t?t:null},e.prototype.put=function(e,t){this.storage[e]=t},e.prototype.delete=function(e){delete this.storage[e]},e}(),f=function(){function e(){}return e.prototype.get=function(e){var t=localStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){localStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){localStorage.removeItem(e)},e}(),g=function(){function e(){}return e.prototype.get=function(){return null},e.prototype.put=function(){},e.prototype.delete=function(){},e}(),v=function(){function e(){}return e.prototype.get=function(e){var t=sessionStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){sessionStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){sessionStorage.removeItem(e)},e}();function w(e){return Object.keys(e).filter((function(t){return null!==e[t]&&void 0!==e[t]})).map((function(t){return encodeURIComponent(t)+"="+encodeURIComponent(e[t])})).join("&")}function m(e){return[p,e,"login-state"].join(":")}function y(e,t){return[p,e,"tx",t].join(":")}function k(){return window.crypto||window.msCrypto}function _(){var e=k();return e.subtle||e.webkitSubtle}function b(e){var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";return Array.from(k().getRandomValues(new Uint8Array(e))).map((function(e){return t[e%t.length]})).join("")}function T(e){for(var t=[],o=0;o<e.length;++o)t.push(e.charCodeAt(o));return new Uint8Array(t)}function I(e){return void 0===e&&(e="SHA-256"),i(this,void 0,void 0,(function(){var t,o;return s(this,(function(n){switch(n.label){case 0:return t=b(43),[4,_().digest(e,T(t))];case 1:return o=n.sent(),[2,{codeChallenge:function(e){for(var t=new Uint8Array(e),o="",n=0;n<t.byteLength;++n)o+=String.fromCharCode(t[n]);var r=window.btoa(o),i={"+":"-","/":"_","=":""};return r.replace(/[+/=]/g,(function(e){return i[e]}))}(o),codeVerifier:t}]}}))}))}function S(e){var t=e.split("."),o=t[0],n=t[1];if(!t[2])throw new Error("无效的 Token 格式");var r=JSON.parse(window.atob(o));if(r.enc)throw new Error("本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能");return n=n.replace(/-/g,"+").replace(/_/g,"/"),n=decodeURIComponent(window.atob(n).split("").map((function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)})).join("")),{header:r,body:JSON.parse(n)}}var M=function(){function e(e){var t,o,n,r,i;if(this.options=e,this.domain=function(e){var t,o=/^(((?:http)|(?:https)):\/\/)?((?:[\w-_]+)(?:\.[\w-_]+)+)(?:\/.*)?$/.exec(e);if(o&&o[3])return"".concat(null!==(t=o[1])&&void 0!==t?t:"https://").concat(o[3]);throw Error("无效的域名配置: ".concat(e))}(this.options.domain),!(e.useImplicitMode||k()&&_()))throw new Error("PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true");"object"==typeof localStorage?this.loginStateProvider=new f:(console.warn("您的浏览器版本过低,登录态存储功能将不可用"),this.loginStateProvider=new h),"object"==typeof sessionStorage?this.transactionProvider=new v:(e.useImplicitMode||console.warn("您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true"),this.transactionProvider=new g),e.implicitResponseType=null!==(t=e.implicitResponseType)&&void 0!==t?t:"id_token token",e.redirectResponseMode=null!==(o=e.redirectResponseMode)&&void 0!==o?o:"fragment",e.popupWidth=null!==(n=e.popupWidth)&&void 0!==n?n:800,e.popupHeight=null!==(r=e.popupHeight)&&void 0!==r?r:600,e.scope=null!==(i=e.scope)&&void 0!==i?i:"openid profile"}return e.prototype.getLoginStateWithRedirect=function(){var e;return i(this,void 0,void 0,(function(){var t,o,n,r,i,c,a,u;return s(this,(function(s){switch(s.label){case 0:return t=b(16),o=b(16),n=null!==(e=this.options.redirectUri)&&void 0!==e?e:window.location.origin,r={redirect_uri:n,response_mode:this.options.redirectResponseMode||"query",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:t,nonce:o,scope:this.options.scope},this.options.useImplicitMode?[3,2]:[4,I()];case 1:c=s.sent(),a=c.codeChallenge,u=c.codeVerifier,r.code_challenge=a,r.code_challenge_method="S256",i=u,s.label=2;case 2:return[4,this.transactionProvider.put(y(this.options.appId,t),{codeVerifier:i,state:t,redirectUri:n,nonce:o})];case 3:return s.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(w(r))),[2]}}))}))},e.prototype.getLoginState=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,r,i,c,a,d,p,h,f,g;return s(this,(function(s){switch(s.label){case 0:return e.ignoreCache?[3,3]:[4,this.loginStateProvider.get(m(this.options.appId))];case 1:return(o=s.sent())&&o.expireAt&&o.expireAt>Date.now()?this.options.introspectAccessToken&&o.accessToken?[4,u("".concat(this.domain,"/oidc/token/introspection"),w({client_id:this.options.appId,token:o.accessToken}),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})]:[2,o]:[3,3];case 2:if(!0===s.sent().data.active)return[2,o];s.label=3;case 3:return[4,this.loginStateProvider.delete(m(this.options.appId))];case 4:if(s.sent(),void 0!==this.globalMsgListener)throw new Error(l);return this.globalMsgListener=null,window.crossOriginIsolated?(console.warn("当前页面运行在隔离模式下,无法获取登录态"),[2,null]):(n=b(16),r=b(16),c=null!==(t=this.options.redirectUri)&&void 0!==t?t:window.location.origin,a={redirect_uri:c,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:n,nonce:r,prompt:"none",scope:this.options.scope},this.options.useImplicitMode?[3,6]:[4,I()]);case 5:d=s.sent(),p=d.codeChallenge,h=d.codeVerifier,i=h,a.code_challenge=p,a.code_challenge_method="S256",s.label=6;case 6:return(f=document.createElement("iframe")).hidden=!0,f.width=f.height="0",f.src="".concat(this.domain,"/oidc/auth?").concat(w(a)),window.navigator.userAgent.indexOf("MSIE")>=1||window.navigator.userAgent.indexOf("Trident")>=1&&window.navigator.userAgent.indexOf("rv")>=1||window.navigator.userAgent.indexOf("Edge")>=1?document.body.appendChild(f):document.body.append(f),[4,Promise.race([this.listenToPostMessage(n),new Promise((function(e){return setTimeout((function(){return e(null)}),5e3)}))])];case 7:if(g=s.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,f.remove(),null===g)return console.warn("登录态获取超时"),[2,null];if(g.error)return"login_required"!==g.error?console.warn("登录态获取失败,认证服务器返回错误: error=".concat(g.error,", error_description=").concat(g.errorDesc)):console.warn("用户未登录"),[2,null];if(g.state!==n)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(g,r,c,i)]}}))}))},e.prototype.loginWithRedirect=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,i,c,a,u,d,p;return s(this,(function(s){switch(s.label){case 0:if(!(o=e.redirectUri||this.options.redirectUri))throw new Error("必须设置 redirect_uri");return n=b(16),i=b(16),c=r(r({redirect_uri:o,response_mode:this.options.redirectResponseMode,response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:n,nonce:i,scope:this.options.scope},e.forced&&{prompt:"login"}),e.login_page_context&&{login_page_context:e.login_page_context}),this.options.useImplicitMode?[3,2]:[4,I()];case 1:u=s.sent(),d=u.codeChallenge,p=u.codeVerifier,c.code_challenge=d,c.code_challenge_method="S256",a=p,s.label=2;case 2:return[4,this.transactionProvider.put(y(this.options.appId,n),r(r({codeVerifier:a,state:n,redirectUri:o,nonce:i},this.options.redirectToOriginalUri&&{originalUri:null!==(t=e.originalUri)&&void 0!==t?t:window.location.href}),void 0!==e.customState&&{customState:e.customState}))];case 3:return s.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(w(c))),[2]}}))}))},e.prototype.isRedirectCallback=function(){var e=this.resolveCallbackParams();return!!e&&(!!e.error||(this.options.useImplicitMode?!(!e.access_token&&!e.id_token):!!e.code))},e.prototype.handleRedirectCallback=function(){return i(this,void 0,void 0,(function(){var e,t,o,n,i,c,a,u,d,p,l;return s(this,(function(s){switch(s.label){case 0:if(!(e=this.resolveCallbackParams()))throw new Error("非法的回调 URL");if(e.error)throw new Error("认证失败, error=".concat(e.error,", error_description=").concat(e.error_description));if(!(n=e.state))throw new Error("非法的回调 URL: 缺少 state");return[4,this.transactionProvider.get(y(this.options.appId,n))];case 1:return(i=s.sent())?[4,this.transactionProvider.delete(y(this.options.appId,n))]:[3,5];case 2:if(s.sent(),i.state!==n)throw new Error("state 验证失败");if(t=i.originalUri,o=i.customState,this.options.useImplicitMode)return[3,4];if(!(c=e.code))throw new Error("非法的回调 URL: 缺少 code");return[4,this.exchangeToken(c,i.redirectUri,i.codeVerifier,i.nonce)];case 3:return a=s.sent(),this.options.redirectToOriginalUri&&t&&window.location.replace(t),[2,a];case 4:return[3,6];case 5:if(!this.options.useImplicitMode)throw new Error("获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage");s.label=6;case 6:if(u=e.id_token,d=e.access_token,p=null==i?void 0:i.nonce,this.options.implicitResponseType.includes("token")&&!d||this.options.implicitResponseType.includes("id_token")&&!u)throw new Error("非法的回调 URL: 缺少 token");return[4,this.saveLoginState({idToken:u,accessToken:d,nonce:p})];case 7:return l=s.sent(),this.options.redirectToOriginalUri&&t&&window.location.replace(t),[2,r(r({},l),{customState:o})]}}))}))},e.prototype.loginWithPopup=function(e){return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var t,o,n,i,c,a,u,d,p,h,f;return s(this,(function(s){switch(s.label){case 0:if(t=e.redirectUri||this.options.redirectUri||window.location.origin,void 0!==this.globalMsgListener)throw new Error(l);if(this.globalMsgListener=null,window.crossOriginIsolated)throw new Error("当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect");return o=b(16),n=b(16),i=r(r({redirect_uri:t,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:o,nonce:n},e.forced&&{prompt:"login"}),{scope:this.options.scope}),this.options.useImplicitMode?[3,2]:[4,I()];case 1:a=s.sent(),u=a.codeChallenge,d=a.codeVerifier,c=d,i.code_challenge=u,i.code_challenge_method="S256",s.label=2;case 2:if(p="".concat(this.domain,"/oidc/auth?").concat(w(i)),!(h=window.open(p,"authing-spa-login-window","popup,width=".concat(this.options.popupWidth,",height=").concat(this.options.popupHeight))))throw new Error("弹出窗口失败");return[4,Promise.race([this.listenToPostMessage(o),new Promise((function(e){var t=setInterval((function(){h.closed&&(clearInterval(t),setTimeout((function(){return e(null)}),500))}),500)}))])];case 3:if(f=s.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,!f)return[2,null];if(f.error)throw new Error("登录失败,认证服务器返回错误: error=".concat(f.error,", error_description=").concat(f.errorDesc));if(f.state!==o)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(f,n,t,c)]}}))}))},e.prototype.getUserInfo=function(e){var t,o;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var n,r,i;return s(this,(function(s){switch(s.label){case 0:return null===(t=e.accessToken)||void 0===t?[3,1]:(r=t,[3,3]);case 1:return[4,this.getLoginState()];case 2:r=null===(o=s.sent())||void 0===o?void 0:o.accessToken,s.label=3;case 3:if(!(n=r))throw new Error("access token 不存在,请重新登录");return[4,a("".concat(this.domain,"/api/v3/get-profile"),{headers:{Authorization:"Bearer ".concat(n),"x-authing-userpool-id":this.options.userPoolId}})];case 4:return(i=s.sent().data).data?[2,i.data]:[2,{apiCode:i.apiCode,message:i.message,statusCode:i.statusCode}]}}))}))},e.prototype.logoutWithRedirect=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,r;return s(this,(function(i){switch(i.label){case 0:return[4,this.loginStateProvider.get(m(this.options.appId))];case 1:return(o=i.sent())?[4,this.loginStateProvider.delete(m(this.options.appId))]:[2];case 2:return i.sent(),n={id_token_hint:o.idToken},(r=null!==(t=e.redirectUri)&&void 0!==t?t:this.options.logoutRedirectUri)&&(n.post_logout_redirect_uri=r,n.state=e.state),[4,this.loginStateProvider.delete(m(this.options.appId))];case 3:return i.sent(),window.location.replace("".concat(this.domain,"/oidc/session/end?").concat(w(n))),[2]}}))}))},e.prototype.refreshToken=function(){return i(this,void 0,void 0,(function(){var e,t,o;return s(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(m(this.options.appId))];case 1:if(!(null==(e=n.sent())?void 0:e.refreshToken))throw new Error("获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能");return t={grant_type:"refresh_token",redirect_uri:"",refresh_token:e.refreshToken},[4,u("".concat(this.domain,"/oidc/token"),w(t),{headers:{"Content-Type":"application/x-www-form-urlencoded","x-authing-app-id":this.options.appId}})];case 2:return o=n.sent().data,[4,this.loginStateProvider.delete(m(this.options.appId))];case 3:return n.sent(),[2,this.saveLoginState({idToken:o.id_token,accessToken:o.access_token,refreshToken:o.refresh_token})]}}))}))},e.prototype.listenToPostMessage=function(e){return i(this,void 0,void 0,(function(){var t=this;return s(this,(function(o){return[2,new Promise((function(o,n){var r=function(i){var s;if(i.origin===t.domain&&"authorization_response"===(null===(s=i.data)||void 0===s?void 0:s.type)){window.removeEventListener("message",r),t.globalMsgListener=void 0;var c=i.data.response;return c&&c.state===e?c.error?o({error:c.error,errorDesc:c.error_description}):o({accessToken:c.access_token,idToken:c.id_token,refreshToken:c.refresh_token,code:c.code,state:c.state}):n(new Error("非法的服务端返回值"))}};t.globalMsgListener=r,window.addEventListener("message",r)}))]}))}))},e.prototype.saveLoginState=function(e){return i(this,void 0,void 0,(function(){var t,o,n,r,i,c;return s(this,(function(s){switch(s.label){case 0:if(t=e.accessToken,o=e.idToken,n=e.refreshToken,r={accessToken:t,idToken:o,refreshToken:n,timestamp:Date.now()},o&&(i=S(o).body,r.parsedIdToken=i,r.expireAt=1e3*i.exp,e.nonce&&i.nonce!==e.nonce))throw new Error("nonce 验证失败");return t&&(c=S(t).body,r.parsedAccessToken=c,r.expireAt=1e3*c.exp),[4,this.loginStateProvider.put(m(this.options.appId),r)];case 1:return s.sent(),[2,r]}}))}))},e.prototype.exchangeToken=function(e,t,o,n){return i(this,void 0,void 0,(function(){var r,i;return s(this,(function(s){switch(s.label){case 0:return r={grant_type:"authorization_code",code:e,code_verifier:o,client_id:this.options.appId,redirect_uri:t},[4,u("".concat(this.domain,"/oidc/token"),w(r),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})];case 1:return i=s.sent().data,[2,this.saveLoginState({idToken:i.id_token,accessToken:i.access_token,refreshToken:i.refresh_token,nonce:n})]}}))}))},e.prototype.handleOIDCWebMsgResponse=function(e,t,o,n){return i(this,void 0,void 0,(function(){return s(this,(function(r){if(this.options.useImplicitMode){if(this.options.implicitResponseType.includes("token")&&"string"!=typeof e.accessToken||this.options.implicitResponseType.includes("id_token")&&"string"!=typeof e.idToken)throw new Error("无效的 Token 返回值");return[2,this.saveLoginState({accessToken:e.accessToken,idToken:e.idToken,refreshToken:e.refreshToken,nonce:t})]}if("string"!=typeof e.code)throw new Error("无效的 Code 返回值");if(!o||!n)throw new Error;return[2,this.exchangeToken(e.code,o,n,t)]}))}))},e.prototype.resolveCallbackParams=function(){var e="fragment"===this.options.redirectResponseMode?window.location.hash:window.location.search;if(!e)return null;var t=Object.create(null);return e.substring(1).split("&").forEach((function(e){var o=e.split("="),n=o[0],r=o[1];t[n]=r})),t},e}();e.Authing=M,Object.defineProperty(e,"__esModule",{value:!0})})); | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("axios")):"function"==typeof define&&define.amd?define(["exports","axios"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AuthingFactory={},e.axios)}(this,(function(e,t){"use strict";function o(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var n=o(t),r=function(){return r=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},r.apply(this,arguments)};function i(e,t,o,n){return new(o||(o=Promise))((function(r,i){function s(e){try{c(n.next(e))}catch(e){i(e)}}function a(e){try{c(n.throw(e))}catch(e){i(e)}}function c(e){var t;e.done?r(e.value):(t=e.value,t instanceof o?t:new o((function(e){e(t)}))).then(s,a)}c((n=n.apply(e,t||[])).next())}))}function s(e,t){var o,n,r,i,s={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(i){return function(a){return function(i){if(o)throw new TypeError("Generator is already executing.");for(;s;)try{if(o=1,n&&(r=2&i[0]?n.return:i[0]?n.throw||((r=n.return)&&r.call(n),0):n.next)&&!(r=r.call(n,i[1])).done)return r;switch(n=0,r&&(i=[2&i[0],r.value]),i[0]){case 0:case 1:r=i;break;case 4:return s.label++,{value:i[1],done:!1};case 5:s.label++,n=i[1],i=[0];continue;case 7:i=s.ops.pop(),s.trys.pop();continue;default:if(!(r=s.trys,(r=r.length>0&&r[r.length-1])||6!==i[0]&&2!==i[0])){s=0;continue}if(3===i[0]&&(!r||i[1]>r[0]&&i[1]<r[3])){s.label=i[1];break}if(6===i[0]&&s.label<r[1]){s.label=r[1],r=i;break}if(r&&s.label<r[2]){s.label=r[2],s.ops.push(i);break}r[2]&&s.ops.pop(),s.trys.pop();continue}i=t.call(e,s)}catch(e){i=[6,e],n=0}finally{o=r=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,a])}}}function a(e){var t,o;return i(this,void 0,void 0,(function(){var n,r,i,a;return s(this,(function(s){switch(s.label){case 0:return s.trys.push([0,2,,3]),[4,e];case 1:return[2,s.sent()];case 2:if(n=s.sent(),n.isAxiosError&&(null===(o=null===(t=n.response)||void 0===t?void 0:t.data)||void 0===o?void 0:o.error))throw r=n.response.data,i=r.error,a=r.error_description,new Error("认证服务器返回错误 ".concat(i,": ").concat(a));throw n;case 3:return[2]}}))}))}function c(e,t){return i(this,void 0,void 0,(function(){var o;return s(this,(function(r){return o=u(t),[2,a(n.default.get(e,o))]}))}))}function d(e,t,o){return i(this,void 0,void 0,(function(){var r;return s(this,(function(i){return r=u(o),[2,a(n.default.post(e,t,r))]}))}))}function u(e){return Object.assign({},e||{},{headers:r(r({},null==e?void 0:e.headers),{"x-authing-request-from":"sdk-web","x-authing-sdk-version":"5.1.21"})})}var p="".concat("authing-spa",":").concat("1"),l="另一个认证流程正在进行中,请不要同时发起多个认证",h=function(){function e(){this.storage=Object.create(null)}return e.prototype.get=function(e){var t;return null!==(t=this.storage[e])&&void 0!==t?t:null},e.prototype.put=function(e,t){this.storage[e]=t},e.prototype.delete=function(e){delete this.storage[e]},e}(),f=function(){function e(){}return e.prototype.get=function(e){var t=localStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){localStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){localStorage.removeItem(e)},e}(),v=function(){function e(){}return e.prototype.get=function(){return null},e.prototype.put=function(){},e.prototype.delete=function(){},e}(),g=function(){function e(){}return e.prototype.get=function(e){var t=sessionStorage.getItem(e);return null===t?null:JSON.parse(t)},e.prototype.put=function(e,t){sessionStorage.setItem(e,JSON.stringify(t))},e.prototype.delete=function(e){sessionStorage.removeItem(e)},e}();function w(e){return Object.keys(e).filter((function(t){return null!==e[t]&&void 0!==e[t]})).map((function(t){return encodeURIComponent(t)+"="+encodeURIComponent(e[t])})).join("&")}function y(e){return[p,e,"login-state"].join(":")}function m(e,t){return[p,e,"tx",t].join(":")}function b(){return window.crypto||window.msCrypto}function k(){var e=b();return e.subtle||e.webkitSubtle}function _(e){var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";return Array.from(b().getRandomValues(new Uint8Array(e))).map((function(e){return t[e%t.length]})).join("")}function T(e){for(var t=[],o=0;o<e.length;++o)t.push(e.charCodeAt(o));return new Uint8Array(t)}function I(e){return void 0===e&&(e="SHA-256"),i(this,void 0,void 0,(function(){var t,o;return s(this,(function(n){switch(n.label){case 0:return t=_(43),[4,k().digest(e,T(t))];case 1:return o=n.sent(),[2,{codeChallenge:function(e){for(var t=new Uint8Array(e),o="",n=0;n<t.byteLength;++n)o+=String.fromCharCode(t[n]);var r=window.btoa(o),i={"+":"-","/":"_","=":""};return r.replace(/[+/=]/g,(function(e){return i[e]}))}(o),codeVerifier:t}]}}))}))}function S(e){var t=e.split("."),o=t[0],n=t[1];if(!t[2])throw new Error("无效的 Token 格式");var r=JSON.parse(window.atob(o));if(r.enc)throw new Error("本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能");return n=n.replace(/-/g,"+").replace(/_/g,"/"),n=decodeURIComponent(window.atob(n).split("").map((function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)})).join("")),{header:r,body:JSON.parse(n)}}var E=function(){function e(e){var t,o,n,r,i;if(this.options=e,this.domain=function(e){var t,o=/^(((?:http)|(?:https)):\/\/)?((?:[\w-_]+)(?:\.[\w-_]+)+)(?:\/.*)?$/.exec(e);if(o&&o[3])return"".concat(null!==(t=o[1])&&void 0!==t?t:"https://").concat(o[3]);throw Error("无效的域名配置: ".concat(e))}(this.options.domain),!(e.useImplicitMode||b()&&k()))throw new Error("PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true");"object"==typeof localStorage?this.loginStateProvider=new f:(console.warn("您的浏览器版本过低,登录态存储功能将不可用"),this.loginStateProvider=new h),"object"==typeof sessionStorage?this.transactionProvider=new g:(e.useImplicitMode||console.warn("您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true"),this.transactionProvider=new v),e.implicitResponseType=null!==(t=e.implicitResponseType)&&void 0!==t?t:"id_token token",e.redirectResponseMode=null!==(o=e.redirectResponseMode)&&void 0!==o?o:"fragment",e.popupWidth=null!==(n=e.popupWidth)&&void 0!==n?n:800,e.popupHeight=null!==(r=e.popupHeight)&&void 0!==r?r:600,e.scope=null!==(i=e.scope)&&void 0!==i?i:"openid profile"}return e.prototype.getLoginStateWithRedirect=function(){var e;return i(this,void 0,void 0,(function(){var t,o,n,r,i,a,c,d;return s(this,(function(s){switch(s.label){case 0:return t=_(16),o=_(16),n=null!==(e=this.options.redirectUri)&&void 0!==e?e:window.location.origin,r={redirect_uri:n,response_mode:this.options.redirectResponseMode||"query",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:t,nonce:o,scope:this.options.scope},this.options.useImplicitMode?[3,2]:[4,I()];case 1:a=s.sent(),c=a.codeChallenge,d=a.codeVerifier,r.code_challenge=c,r.code_challenge_method="S256",i=d,s.label=2;case 2:return[4,this.transactionProvider.put(m(this.options.appId,t),{codeVerifier:i,state:t,redirectUri:n,nonce:o})];case 3:return s.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(w(r))),[2]}}))}))},e.prototype.getLoginState=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,r,i,a,c,u,p,h,f,v;return s(this,(function(s){switch(s.label){case 0:return e.ignoreCache?[3,3]:[4,this.loginStateProvider.get(y(this.options.appId))];case 1:return(o=s.sent())&&o.expireAt&&o.expireAt>Date.now()?this.options.introspectAccessToken&&o.accessToken?[4,d("".concat(this.domain,"/oidc/token/introspection"),w({client_id:this.options.appId,token:o.accessToken}),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})]:[2,o]:[3,3];case 2:if(!0===s.sent().data.active)return[2,o];s.label=3;case 3:return[4,this.loginStateProvider.delete(y(this.options.appId))];case 4:if(s.sent(),void 0!==this.globalMsgListener)throw new Error(l);return this.globalMsgListener=null,window.crossOriginIsolated?(console.warn("当前页面运行在隔离模式下,无法获取登录态"),[2,null]):(n=_(16),r=_(16),a=null!==(t=this.options.redirectUri)&&void 0!==t?t:window.location.origin,c={redirect_uri:a,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:n,nonce:r,prompt:"none",scope:this.options.scope},this.options.useImplicitMode?[3,6]:[4,I()]);case 5:u=s.sent(),p=u.codeChallenge,h=u.codeVerifier,i=h,c.code_challenge=p,c.code_challenge_method="S256",s.label=6;case 6:return(f=document.createElement("iframe")).hidden=!0,f.width=f.height="0",f.src="".concat(this.domain,"/oidc/auth?").concat(w(c)),window.navigator.userAgent.indexOf("MSIE")>=1||window.navigator.userAgent.indexOf("Trident")>=1&&window.navigator.userAgent.indexOf("rv")>=1||window.navigator.userAgent.indexOf("Edge")>=1?document.body.appendChild(f):document.body.append(f),[4,Promise.race([this.listenToPostMessage(n),new Promise((function(e){return setTimeout((function(){return e(null)}),5e3)}))])];case 7:if(v=s.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,f.remove(),null===v)return console.warn("登录态获取超时"),[2,null];if(v.error)return"login_required"!==v.error?console.warn("登录态获取失败,认证服务器返回错误: error=".concat(v.error,", error_description=").concat(v.errorDesc)):console.warn("用户未登录"),[2,null];if(v.state!==n)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(v,r,a,i)]}}))}))},e.prototype.loginWithRedirect=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,i,a,c,d,u,p;return s(this,(function(s){switch(s.label){case 0:if(!(o=e.redirectUri||this.options.redirectUri))throw new Error("必须设置 redirect_uri");return n=_(16),i=_(16),a=r(r({redirect_uri:o,response_mode:this.options.redirectResponseMode,response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:n,nonce:i,scope:this.options.scope},e.forced&&{prompt:"login"}),e.login_page_context&&{login_page_context:e.login_page_context}),this.options.useImplicitMode?[3,2]:[4,I()];case 1:d=s.sent(),u=d.codeChallenge,p=d.codeVerifier,a.code_challenge=u,a.code_challenge_method="S256",c=p,s.label=2;case 2:return[4,this.transactionProvider.put(m(this.options.appId,n),r(r({codeVerifier:c,state:n,redirectUri:o,nonce:i},this.options.redirectToOriginalUri&&{originalUri:null!==(t=e.originalUri)&&void 0!==t?t:window.location.href}),void 0!==e.customState&&{customState:e.customState}))];case 3:return s.sent(),window.location.replace("".concat(this.domain,"/oidc/auth?").concat(w(a))),[2]}}))}))},e.prototype.isRedirectCallback=function(){var e=this.resolveCallbackParams();return!!e&&(!!e.error||(this.options.useImplicitMode?!(!e.access_token&&!e.id_token):!!e.code))},e.prototype.handleRedirectCallback=function(){return i(this,void 0,void 0,(function(){var e,t,o,n,i,a,c,d,u,p,l;return s(this,(function(s){switch(s.label){case 0:if(!(e=this.resolveCallbackParams()))throw new Error("非法的回调 URL");if(e.error)throw new Error("认证失败, error=".concat(e.error,", error_description=").concat(e.error_description));if(!(n=e.state))throw new Error("非法的回调 URL: 缺少 state");return[4,this.transactionProvider.get(m(this.options.appId,n))];case 1:return(i=s.sent())?[4,this.transactionProvider.delete(m(this.options.appId,n))]:[3,5];case 2:if(s.sent(),i.state!==n)throw new Error("state 验证失败");if(t=i.originalUri,o=i.customState,this.options.useImplicitMode)return[3,4];if(!(a=e.code))throw new Error("非法的回调 URL: 缺少 code");return[4,this.exchangeToken(a,i.redirectUri,i.codeVerifier,i.nonce)];case 3:return c=s.sent(),this.options.redirectToOriginalUri&&t&&window.location.replace(t),[2,c];case 4:return[3,6];case 5:if(!this.options.useImplicitMode)throw new Error("获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage");s.label=6;case 6:if(d=e.id_token,u=e.access_token,p=null==i?void 0:i.nonce,this.options.implicitResponseType.includes("token")&&!u||this.options.implicitResponseType.includes("id_token")&&!d)throw new Error("非法的回调 URL: 缺少 token");return[4,this.saveLoginState({idToken:d,accessToken:u,nonce:p})];case 7:return l=s.sent(),this.options.redirectToOriginalUri&&t&&window.location.replace(t),[2,r(r({},l),{customState:o})]}}))}))},e.prototype.loginWithPopup=function(e){return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var t,o,n,i,a,c,d,u,p,h,f;return s(this,(function(s){switch(s.label){case 0:if(t=e.redirectUri||this.options.redirectUri||window.location.origin,void 0!==this.globalMsgListener)throw new Error(l);if(this.globalMsgListener=null,window.crossOriginIsolated)throw new Error("当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect");return o=_(16),n=_(16),i=r(r({redirect_uri:t,response_mode:"web_message",response_type:this.options.useImplicitMode?this.options.implicitResponseType:"code",client_id:this.options.appId,state:o,nonce:n},e.forced&&{prompt:"login"}),{scope:this.options.scope}),this.options.useImplicitMode?[3,2]:[4,I()];case 1:c=s.sent(),d=c.codeChallenge,u=c.codeVerifier,a=u,i.code_challenge=d,i.code_challenge_method="S256",s.label=2;case 2:if(p="".concat(this.domain,"/oidc/auth?").concat(w(i)),!(h=window.open(p,"authing-spa-login-window","popup,width=".concat(this.options.popupWidth,",height=").concat(this.options.popupHeight))))throw new Error("弹出窗口失败");return[4,Promise.race([this.listenToPostMessage(o),new Promise((function(e){var t=setInterval((function(){h.closed&&(clearInterval(t),setTimeout((function(){return e(null)}),500))}),500)}))])];case 3:if(f=s.sent(),this.globalMsgListener&&window.removeEventListener("message",this.globalMsgListener),this.globalMsgListener=void 0,!f)return[2,null];if(f.error)throw new Error("登录失败,认证服务器返回错误: error=".concat(f.error,", error_description=").concat(f.errorDesc));if(f.state!==o)throw new Error("state 验证失败");return[2,this.handleOIDCWebMsgResponse(f,n,t,a)]}}))}))},e.prototype.getUserInfo=function(e){var t,o;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var n,r,i;return s(this,(function(s){switch(s.label){case 0:return null===(t=e.accessToken)||void 0===t?[3,1]:(r=t,[3,3]);case 1:return[4,this.getLoginState()];case 2:r=null===(o=s.sent())||void 0===o?void 0:o.accessToken,s.label=3;case 3:if(!(n=r))throw new Error("access token 不存在,请重新登录");return[4,c("".concat(this.domain,"/api/v3/get-profile"),{headers:{Authorization:"Bearer ".concat(n),"x-authing-userpool-id":this.options.userPoolId}})];case 4:return(i=s.sent().data).data?[2,i.data]:[2,{apiCode:i.apiCode,message:i.message,statusCode:i.statusCode}]}}))}))},e.prototype.logoutWithRedirect=function(e){var t;return void 0===e&&(e={}),i(this,void 0,void 0,(function(){var o,n,r;return s(this,(function(i){switch(i.label){case 0:return[4,this.loginStateProvider.get(y(this.options.appId))];case 1:return(o=i.sent())?[4,this.loginStateProvider.delete(y(this.options.appId))]:[2];case 2:return i.sent(),n={id_token_hint:o.idToken},(r=null!==(t=e.redirectUri)&&void 0!==t?t:this.options.logoutRedirectUri)&&(n.post_logout_redirect_uri=r,n.state=e.state),[4,this.loginStateProvider.delete(y(this.options.appId))];case 3:return i.sent(),window.location.replace("".concat(this.domain,"/oidc/session/end?").concat(w(n))),[2]}}))}))},e.prototype.refreshToken=function(){return i(this,void 0,void 0,(function(){var e,t,o;return s(this,(function(n){switch(n.label){case 0:return[4,this.loginStateProvider.get(y(this.options.appId))];case 1:if(!(null==(e=n.sent())?void 0:e.refreshToken))throw new Error("获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能");return t={grant_type:"refresh_token",redirect_uri:"",refresh_token:e.refreshToken},[4,d("".concat(this.domain,"/oidc/token"),w(t),{headers:{"Content-Type":"application/x-www-form-urlencoded","x-authing-app-id":this.options.appId}})];case 2:return o=n.sent().data,[4,this.loginStateProvider.delete(y(this.options.appId))];case 3:return n.sent(),[2,this.saveLoginState({idToken:o.id_token,accessToken:o.access_token,refreshToken:o.refresh_token})]}}))}))},e.prototype.listenToPostMessage=function(e){return i(this,void 0,void 0,(function(){var t=this;return s(this,(function(o){return[2,new Promise((function(o,n){var r=function(i){var s;if(i.origin===t.domain&&"authorization_response"===(null===(s=i.data)||void 0===s?void 0:s.type)){window.removeEventListener("message",r),t.globalMsgListener=void 0;var a=i.data.response;return a&&a.state===e?a.error?o({error:a.error,errorDesc:a.error_description}):o({accessToken:a.access_token,idToken:a.id_token,refreshToken:a.refresh_token,code:a.code,state:a.state}):n(new Error("非法的服务端返回值"))}};t.globalMsgListener=r,window.addEventListener("message",r)}))]}))}))},e.prototype.saveLoginState=function(e){return i(this,void 0,void 0,(function(){var t,o,n,r,i,a;return s(this,(function(s){switch(s.label){case 0:if(t=e.accessToken,o=e.idToken,n=e.refreshToken,r={accessToken:t,idToken:o,refreshToken:n,timestamp:Date.now()},o&&(i=S(o).body,r.parsedIdToken=i,r.expireAt=1e3*i.exp,e.nonce&&i.nonce!==e.nonce))throw new Error("nonce 验证失败");return t&&(a=S(t).body,r.parsedAccessToken=a,r.expireAt=1e3*a.exp),[4,this.loginStateProvider.put(y(this.options.appId),r)];case 1:return s.sent(),[2,r]}}))}))},e.prototype.exchangeToken=function(e,t,o,n){return i(this,void 0,void 0,(function(){var r,i;return s(this,(function(s){switch(s.label){case 0:return r={grant_type:"authorization_code",code:e,code_verifier:o,client_id:this.options.appId,redirect_uri:t},[4,d("".concat(this.domain,"/oidc/token"),w(r),{headers:{"Content-Type":"application/x-www-form-urlencoded"}})];case 1:return i=s.sent().data,[2,this.saveLoginState({idToken:i.id_token,accessToken:i.access_token,refreshToken:i.refresh_token,nonce:n})]}}))}))},e.prototype.handleOIDCWebMsgResponse=function(e,t,o,n){return i(this,void 0,void 0,(function(){return s(this,(function(r){if(this.options.useImplicitMode){if(this.options.implicitResponseType.includes("token")&&"string"!=typeof e.accessToken||this.options.implicitResponseType.includes("id_token")&&"string"!=typeof e.idToken)throw new Error("无效的 Token 返回值");return[2,this.saveLoginState({accessToken:e.accessToken,idToken:e.idToken,refreshToken:e.refreshToken,nonce:t})]}if("string"!=typeof e.code)throw new Error("无效的 Code 返回值");if(!o||!n)throw new Error;return[2,this.exchangeToken(e.code,o,n,t)]}))}))},e.prototype.resolveCallbackParams=function(){var e="fragment"===this.options.redirectResponseMode?window.location.hash:window.location.search;if(!e)return null;var t=Object.create(null);return e.substring(1).split("&").forEach((function(e){var o=e.split("="),n=o[0],r=o[1];t[n]=r})),t},e.prototype.login=function(e,t){var o,n,a,c,u;return i(this,void 0,void 0,(function(){var i,p,l;return s(this,(function(s){switch(s.label){case 0:i={code:"/api/v3/signin-by-mobile",phone:"/api/v3/signin-by-mobile",password:"/api/v3/signin",passCode:"/api/v3/signin"},s.label=1;case 1:return s.trys.push([1,7,,8]),[4,d(this.domain+i[t],e,{headers:{"x-authing-app-id":this.options.appId}})];case 2:return p=s.sent().data,(null===(o=p.data)||void 0===o?void 0:o.access_token)||(null===(n=p.data)||void 0===n?void 0:n.id_token)?[4,this.saveLoginState(r({accessToken:null===(a=p.data)||void 0===a?void 0:a.access_token,idToken:null===(c=p.data)||void 0===c?void 0:c.id_token,refreshToken:null===(u=p.data)||void 0===u?void 0:u.refresh_token},p.data))]:[3,4];case 3:return[2,s.sent()];case 4:return[4,this.loginStateProvider.delete(y(this.options.appId))];case 5:throw s.sent(),new Error(p);case 6:return[3,8];case 7:throw l=s.sent(),new Error("login error: "+JSON.stringify(l));case 8:return[2]}}))}))},e.prototype.getPublicKey=function(e){var t;return i(this,void 0,void 0,(function(){var o,n;return s(this,(function(r){switch(r.label){case 0:return r.trys.push([0,2,,3]),[4,c("".concat(this.domain,"/api/v3/system"))];case 1:return o=r.sent().data,[2,null===(t=null==o?void 0:o[e])||void 0===t?void 0:t.publicKey];case 2:throw n=r.sent(),new Error("get public key error: "+JSON.stringify(n));case 3:return[2]}}))}))},e.prototype.loginByEmail=function(e){var t,o;return i(this,void 0,void 0,(function(){var n,i;return s(this,(function(s){switch(s.label){case 0:if(!(null===(t=e.options)||void 0===t?void 0:t.passwordEncryptType)||"none"===(null===(o=e.options)||void 0===o?void 0:o.passwordEncryptType))return[3,2];if(!this.options.encryptFunction)throw new Error('encrypFunction is required, if passwordEncryptType is not "none"');return[4,this.getPublicKey(e.options.passwordEncryptType)];case 1:if("string"!=typeof(n=s.sent()))throw new Error("publicKey of ".concat(e.options.passwordEncryptType," is not a string, please contact the administrator"));e.passwordPayload.password=this.options.encryptFunction(e.passwordPayload.password,n),s.label=2;case 2:return i=r(r({},e),{connection:"PASSWORD"}),[4,this.login(i,"password")];case 3:return[2,s.sent()]}}))}))},e}();e.Authing=E,Object.defineProperty(e,"__esModule",{value:!0})})); | ||
| //# sourceMappingURL=index.global.js.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"index.global.js","sources":["../../src/axios.ts","../../src/constants.ts","../../src/storage/InMemoryStorgeProvider.ts","../../src/storage/LocalStorageProvider.ts","../../src/storage/NullStorageProvider.ts","../../src/storage/SessionStorageProvider.ts","../../src/utils.ts","../../src/Authing.ts"],"sourcesContent":["import axios, { AxiosError, AxiosRequestConfig } from 'axios'\n\nimport { version } from '../package.json'\n\nfunction isAxiosError(e: any): e is AxiosError {\n\treturn e.isAxiosError\n}\n\nasync function axiosPromiseWrapper(p: Promise<any>) {\n\ttry {\n\t\treturn await p\n\t} catch (e) {\n\t\tif (isAxiosError(e)) {\n\t\t\tif ((e.response?.data as any)?.error) {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n\t\t\t\tconst { error, error_description } = e.response!.data as any\n\t\t\t\tthrow new Error(`认证服务器返回错误 ${error}: ${error_description}`)\n\t\t\t}\n\t\t}\n\t\tthrow e\n\t}\n}\n\nexport async function axiosGet(\n\turl: string,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.get(url, _options))\n}\n\nexport async function axiosPost(\n\turl: string,\n\tdata?: any,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.post(url, data, _options))\n}\n\nfunction mergeOptions (options?: AxiosRequestConfig<string>): AxiosRequestConfig {\n\tconst _options = Object.assign({}, options || {}, {\n\t\theaders: {\n\t\t\t...options?.headers,\n\t\t\t'x-authing-request-from': 'sdk-web',\n\t\t\t'x-authing-sdk-version': version\n\t\t}\n\t})\n\treturn _options\n}\n","export const SDK_IDENTIFIER = 'authing-spa'\nexport const STORAGE_VERSION = '1'\n\nexport const STORAGE_KEY_PREFIX = `${SDK_IDENTIFIER}:${STORAGE_VERSION}`\n\nexport const DEFAULT_IFRAME_LOGINSTATE_TIMEOUT = 5000\n\nexport const DEFAULT_POPUP_WIDTH = 800\nexport const DEFAULT_POPUP_HEIGHT = 600\n\nexport const DEFAULT_SCOPE = 'openid profile'\n\nexport const MSG_PENDING_AUTHZ =\n '另一个认证流程正在进行中,请不要同时发起多个认证'\nexport const MSG_CROSS_ORIGIN_ISOLATED =\n '当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect'\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class InMemoryStorageProvider<T> implements StorageProvider<T> {\n\tprivate readonly storage = Object.create(null)\n\n\tget(key: string): MayBePromise<T | null> {\n\t\treturn this.storage[key] ?? null\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tthis.storage[key] = value\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tdelete this.storage[key]\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class LocalStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = localStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tlocalStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tlocalStorage.removeItem(key)\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class NullStorageProvider<T> implements StorageProvider<T> {\n\tget(): MayBePromise<T | null> {\n\t\treturn null\n\t}\n\n\tput(): MayBePromise<void> {\n\t\t// null\n\t}\n\n\tdelete(): MayBePromise<void> {\n\t\t// null\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class SessionStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = sessionStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tsessionStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tsessionStorage.removeItem(key)\n\t}\n}\n","import { STORAGE_KEY_PREFIX } from './constants'\nimport { StrDict } from './types'\n\nexport function createQueryParams(params: any) {\n\treturn Object.keys(params)\n\t\t.filter(k => params[k] !== null && params[k] !== undefined)\n\t\t.map(\n\t\t\tk => encodeURIComponent(k) + '=' + encodeURIComponent(params[k] as string)\n\t\t)\n\t\t.join('&')\n}\n\nexport function loginStateKey(appId: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'login-state'].join(':')\n}\n\nexport function transactionKey(appId: string, state: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'tx', state].join(':')\n}\n\nexport function getCrypto() {\n\t//ie 11.x uses msCrypto\n\treturn (window.crypto || (window as any).msCrypto) as Crypto\n}\n\nexport function getCryptoSubtle() {\n\tconst crypto = getCrypto()\n\t//safari 10.x uses webkitSubtle\n\treturn crypto.subtle || (crypto as any).webkitSubtle\n}\n\nexport function createRandomString(length: number) {\n\tconst charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'\n\tconst randomValues = Array.from(\n\t\tgetCrypto().getRandomValues(new Uint8Array(length))\n\t)\n\treturn randomValues.map(v => charset[v % charset.length]).join('')\n}\n\nexport function string2Buf(str: string) {\n\tconst buffer: number[] = []\n\tfor (let i = 0; i < str.length; ++i) {\n\t\tbuffer.push(str.charCodeAt(i))\n\t}\n\treturn new Uint8Array(buffer)\n}\n\nfunction buf2Base64Url(buffer: ArrayBuffer) {\n\tconst ie11SafeInput = new Uint8Array(buffer)\n\tlet binary = ''\n\tfor (let i = 0; i < ie11SafeInput.byteLength; ++i) {\n\t\tbinary += String.fromCharCode(ie11SafeInput[i])\n\t}\n\tconst base64 = window.btoa(binary)\n\tconst charMapping: StrDict = { '+': '-', '/': '_', '=': '' }\n\treturn base64.replace(/[+/=]/g, (ch: string) => charMapping[ch])\n}\n\nexport async function genPKCEPair(algorithm = 'SHA-256') {\n\t// 规定最少 43 个字符\n\tconst codeVerifier = createRandomString(43)\n\tconst hash = await getCryptoSubtle().digest(\n\t\talgorithm,\n\t\tstring2Buf(codeVerifier)\n\t)\n\tconst codeChallenge = buf2Base64Url(hash)\n\treturn { codeChallenge, codeVerifier }\n}\n\nexport function domainC14n(domain: string) {\n\tconst domainExp = /^(((?:http)|(?:https)):\\/\\/)?((?:[\\w-_]+)(?:\\.[\\w-_]+)+)(?:\\/.*)?$/\n\tconst matchRes = domainExp.exec(domain)\n\tif (matchRes && matchRes[3]) {\n\t\treturn `${matchRes[1] ?? 'https://'}${matchRes[3]}`\n\t}\n\tthrow Error(`无效的域名配置: ${domain}`)\n}\n\nexport function parseToken(token: string) {\n\tlet [header, body, sig] = token.split('.')\n\tif (!sig) {\n\t\tthrow new Error('无效的 Token 格式')\n\t}\n\n\tconst headerObj = JSON.parse(window.atob(header))\n\tif (headerObj.enc) {\n\t\tthrow new Error(\n\t\t\t'本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能'\n\t\t)\n\t}\n\n\tbody = body.replace(/-/g, '+').replace(/_/g, '/')\n\tbody = decodeURIComponent(\n\t\twindow\n\t\t\t.atob(body)\n\t\t\t.split('')\n\t\t\t.map(function (c) {\n\t\t\t\treturn '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)\n\t\t\t})\n\t\t\t.join('')\n\t)\n\n\treturn {\n\t\theader: headerObj,\n\t\tbody: JSON.parse(body)\n\t}\n}\n\nexport function isIE() {\n\tif (\n\t\twindow.navigator.userAgent.indexOf('MSIE') >= 1 ||\n (window.navigator.userAgent.indexOf('Trident') >= 1 &&\n window.navigator.userAgent.indexOf('rv') >= 1) ||\n window.navigator.userAgent.indexOf('Edge') >= 1\n\t) {\n\t\treturn true\n\t}\n\n\treturn false\n}\n","import { axiosGet, axiosPost } from './axios'\nimport {\n\tDEFAULT_IFRAME_LOGINSTATE_TIMEOUT,\n\tDEFAULT_POPUP_HEIGHT,\n\tDEFAULT_POPUP_WIDTH,\n\tDEFAULT_SCOPE,\n\tMSG_CROSS_ORIGIN_ISOLATED,\n\tMSG_PENDING_AUTHZ\n} from './constants'\nimport {\n\tAuthingSPAInitOptions,\n\tLoginState,\n\tIDToken,\n\tAccessToken,\n\tLoginTransaction,\n\tAuthzURLParams,\n\tOIDCWebMessageResponse,\n\tPKCETokenParams,\n\tOIDCTokenResponse,\n\tLoginStateWithCustomStateData,\n\tLogoutURLParams,\n\tIUserInfo,\n\tNormalError\n} from './global'\nimport { InMemoryStorageProvider } from './storage/InMemoryStorgeProvider'\nimport { StorageProvider } from './storage/interface'\nimport { LocalStorageProvider } from './storage/LocalStorageProvider'\nimport { NullStorageProvider } from './storage/NullStorageProvider'\nimport { SessionStorageProvider } from './storage/SessionStorageProvider'\nimport { MsgListener, StrDict } from './types'\nimport {\n\tcreateQueryParams,\n\tcreateRandomString,\n\tdomainC14n,\n\tgenPKCEPair,\n\tgetCrypto,\n\tgetCryptoSubtle,\n\tisIE,\n\tloginStateKey,\n\tparseToken,\n\ttransactionKey\n} from './utils'\n\nexport class Authing {\n\tprivate globalMsgListener: MsgListener | null | undefined\n\n\tprivate readonly options: Required<AuthingSPAInitOptions>\n\tprivate readonly loginStateProvider: StorageProvider<LoginState>\n\tprivate readonly transactionProvider: StorageProvider<LoginTransaction>\n\tprivate readonly domain: string\n\n\tconstructor(options: AuthingSPAInitOptions) {\n\t\tthis.options = options as any\n\t\tthis.domain = domainC14n(this.options.domain)\n\n\t\tif (!options.useImplicitMode && (!getCrypto() || !getCryptoSubtle())) {\n\t\t\tthrow new Error(\n\t\t\t\t'PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true'\n\t\t\t)\n\t\t}\n\n\t\tif (typeof localStorage === 'object') {\n\t\t\tthis.loginStateProvider = new LocalStorageProvider()\n\t\t} else {\n\t\t\tconsole.warn('您的浏览器版本过低,登录态存储功能将不可用')\n\t\t\tthis.loginStateProvider = new InMemoryStorageProvider()\n\t\t}\n\n\t\tif (typeof sessionStorage === 'object') {\n\t\t\tthis.transactionProvider = new SessionStorageProvider()\n\t\t} else {\n\t\t\tif (!options.useImplicitMode) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t'您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true'\n\t\t\t\t)\n\t\t\t}\n\t\t\tthis.transactionProvider = new NullStorageProvider()\n\t\t}\n\n\t\toptions.implicitResponseType =\n options.implicitResponseType ?? 'id_token token'\n\t\toptions.redirectResponseMode = options.redirectResponseMode ?? 'fragment'\n\t\toptions.popupWidth = options.popupWidth ?? DEFAULT_POPUP_WIDTH\n\t\toptions.popupHeight = options.popupHeight ?? DEFAULT_POPUP_HEIGHT\n\t\toptions.scope = options.scope ?? DEFAULT_SCOPE\n\t}\n\n\tasync getLoginStateWithRedirect() {\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tconst redirectUri = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode || 'query',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 按顺序用以下方式获取用户登录态:\n *\n * 1. 本地缓存获取\n * 2. 隐藏 iframe 获取\n *\n * @param options.ignoreCache 忽略本地缓存\n */\n\tasync getLoginState(\n\t\toptions: {\n ignoreCache?: boolean\n } = {}\n\t): Promise<null | LoginState> {\n\t\t// 1. 从 loginStateProvider 中(默认为 localStorage)获取\n\t\tif (!options.ignoreCache) {\n\t\t\tconst state = await this.loginStateProvider.get(\n\t\t\t\tloginStateKey(this.options.appId)\n\t\t\t)\n\t\t\tif (state && state.expireAt && state.expireAt > Date.now()) {\n\t\t\t\tif (!this.options.introspectAccessToken || !state.accessToken) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\n\t\t\t\tconst { data } = await axiosPost(\n\t\t\t\t\t`${this.domain}/oidc/token/introspection`,\n\t\t\t\t\tcreateQueryParams({\n\t\t\t\t\t\tclient_id: this.options.appId,\n\t\t\t\t\t\ttoken: state.accessToken\n\t\t\t\t\t}),\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t)\n\n\t\t\t\tif (data.active === true) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\t// 2. 用隐藏 iframe 获取\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tconsole.warn('当前页面运行在隔离模式下,无法获取登录态')\n\t\t\treturn null\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tlet codeVerifier: string | undefined\n\t\tconst redirectUrl = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUrl,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tprompt: 'none',\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst iframe = document.createElement('iframe')\n\t\t// iframe.title = 'postMessage() Initiator';\n\t\tiframe.hidden = true\n\t\tiframe.width = iframe.height = '0'\n\n\t\tiframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tif (isIE()) {\n\t\t\tdocument.body.appendChild(iframe)\n\t\t} else {\n\t\t\tdocument.body.append(iframe)\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve =>\n\t\t\t\tsetTimeout(() => resolve(null), DEFAULT_IFRAME_LOGINSTATE_TIMEOUT)\n\t\t\t)\n\t\t])\n\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tiframe.remove()\n\n\t\tif (res === null) {\n\t\t\tconsole.warn('登录态获取超时')\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tif (res.error !== 'login_required') {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`登录态获取失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t\t)\n\t\t\t} else {\n\t\t\t\tconsole.warn('用户未登录')\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUrl, codeVerifier)\n\t}\n\n\t/**\n * 将用户重定向到 Authing 认证端点进行登录,需要配合 handleRedirectCallback 使用\n *\n * @param options.redirectUri 回调地址,默认为初始化参数中的 redirectUri\n * @param options.originalUri 发起登录的 URL,若设置了 redirectToOriginalUri 会在登录结束后重定向回到此页面,默认为当前 URL\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n * @param options.customState 自定义的中间状态,会被传递到回调端点\n */\n\tasync loginWithRedirect(\n\t\toptions: {\n redirectUri?: string\n originalUri?: string\n forced?: boolean\n customState?: any\n login_page_context?: string\n } = {}\n\t): Promise<void> {\n\t\tconst redirectUri = options.redirectUri || this.options.redirectUri\n\t\tif (!redirectUri) {\n\t\t\tthrow new Error('必须设置 redirect_uri')\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode,\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\t...(options.login_page_context && {\n\t\t\t\tlogin_page_context: options.login_page_context\n\t\t\t})\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce,\n\t\t\t\t...(this.options.redirectToOriginalUri && {\n\t\t\t\t\toriginalUri: options.originalUri ?? window.location.href\n\t\t\t\t}),\n\t\t\t\t...(options.customState !== undefined && {\n\t\t\t\t\tcustomState: options.customState\n\t\t\t\t})\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 判断当前 URL 是否为 Authing 登录回调 URL\n */\n\tisRedirectCallback(): boolean {\n\t\tconst params = this.resolveCallbackParams()\n\n\t\tif (!params) {\n\t\t\treturn false\n\t\t}\n\n\t\tif (params['error']) {\n\t\t\treturn true\n\t\t}\n\n\t\tif (this.options.useImplicitMode) {\n\t\t\treturn !!(params['access_token'] || params['id_token'])\n\t\t} else {\n\t\t\treturn !!params['code']\n\t\t}\n\t}\n\n\t/**\n * 在回调端点处理 Authing 发送的授权码或 token,获取用户登录态\n */\n\tasync handleRedirectCallback(): Promise<LoginStateWithCustomStateData> {\n\t\tconst paramDict = this.resolveCallbackParams()\n\t\tif (!paramDict) {\n\t\t\tthrow new Error('非法的回调 URL')\n\t\t}\n\n\t\tif (paramDict.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`认证失败, error=${paramDict.error}, error_description=${paramDict.error_description}`\n\t\t\t)\n\t\t}\n\n\t\tlet originalUri: string | undefined\n\t\tlet customState: any\n\n\t\tconst { state } = paramDict\n\t\tif (!state) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 state')\n\t\t}\n\t\tconst tx = await this.transactionProvider.get(\n\t\t\ttransactionKey(this.options.appId, state)\n\t\t)\n\t\tif (tx) {\n\t\t\tawait this.transactionProvider.delete(\n\t\t\t\ttransactionKey(this.options.appId, state)\n\t\t\t)\n\n\t\t\tif (tx.state !== state) {\n\t\t\t\tthrow new Error('state 验证失败')\n\t\t\t}\n\n\t\t\toriginalUri = tx.originalUri\n\t\t\tcustomState = tx.customState\n\t\t\tif (!this.options.useImplicitMode) {\n\t\t\t\t// PKCE code flow\n\t\t\t\tconst { code } = paramDict\n\t\t\t\tif (!code) {\n\t\t\t\t\tthrow new Error('非法的回调 URL: 缺少 code')\n\t\t\t\t}\n\t\t\t\tconst res = await this.exchangeToken(\n\t\t\t\t\tcode,\n\t\t\t\t\ttx.redirectUri,\n tx.codeVerifier as string,\n tx.nonce\n\t\t\t\t)\n\n\t\t\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\t\t\twindow.location.replace(originalUri)\n\t\t\t\t}\n\n\t\t\t\treturn res\n\t\t\t}\n\t\t} else if (!this.options.useImplicitMode) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage'\n\t\t\t)\n\t\t}\n\t\t// implicit flow\n\t\tconst idToken = paramDict.id_token\n\t\tconst accessToken = paramDict.access_token\n\t\t// implict 模式没有refresh_token\n\t\t// https://docs.authing.cn/v2/concepts/oidc/choose-flow.html#%E9%9A%90%E5%BC%8F%E6%A8%A1%E5%BC%8F\n\t\t// const refreshToken = paramDict.refresh_token\n\t\tconst nonce = tx?.nonce\n\n\t\tif (\n\t\t\t(this.options.implicitResponseType.includes('token') && !accessToken) ||\n (this.options.implicitResponseType.includes('id_token') && !idToken)\n\t\t) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 token')\n\t\t}\n\n\t\tconst result = await this.saveLoginState({\n\t\t\tidToken,\n\t\t\taccessToken,\n\t\t\tnonce\n\t\t})\n\n\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\twindow.location.replace(originalUri)\n\t\t}\n\n\t\treturn { ...result, customState }\n\n\t}\n\n\t/**\n * 弹出一个新的 Authing 登录页面窗口,在其中完成登录\n *\n * @param options.redirectUri 回调地址,需要和当前页面在 same origin 下;默认为初始化参数中的 redirectUri 或 window.location.origin\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n */\n\tasync loginWithPopup(\n\t\toptions: { redirectUri?: string; forced?: boolean } = {}\n\t): Promise<LoginState | null> {\n\t\tconst redirectUri =\n options.redirectUri || this.options.redirectUri || window.location.origin\n\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tthrow new Error(MSG_CROSS_ORIGIN_ISOLATED)\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst url = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tconst win = window.open(\n\t\t\turl,\n\t\t\t'authing-spa-login-window',\n\t\t\t`popup,width=${this.options.popupWidth},height=${this.options.popupHeight}`\n\t\t)\n\t\tif (!win) {\n\t\t\tthrow new Error('弹出窗口失败')\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve => {\n\t\t\t\tconst handle = setInterval(() => {\n\t\t\t\t\tif (win.closed) {\n\t\t\t\t\t\tclearInterval(handle)\n\t\t\t\t\t\t// 防止 post message 事件和 close 事件同时到达\n\t\t\t\t\t\tsetTimeout(() => resolve(null), 500)\n\t\t\t\t\t}\n\t\t\t\t}, 500)\n\t\t\t})\n\t\t])\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tif (!res) {\n\t\t\t// 窗口被用户关闭了\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t)\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUri, codeVerifier)\n\t}\n\n\t// /**\n\t// * 由于 iframe 存在跨域 cookie 无法携带以及联邦认证支持问题,暂时不支持本方法\n\t// *\n\t// * 在指定的 iframe 中显示 Authing 登录页面,在其中完成登录\n\t// *\n\t// * 注意: 当需要手动关闭 iframe 时,必须同时调用 abortIframeLogin 方法\n\t// *\n\t// * @param options.forced 即使在用户已登录时也提示用户再次登录\n\t// */\n\t/*\n async loginWithIframe(\n iframe: HTMLIFrameElement,\n options: { forced?: boolean } = {},\n ): Promise<LoginState> {\n if (this.globalMsgListener !== undefined) {\n throw new Error(MSG_PENDING_AUTHZ);\n }\n this.globalMsgListener = null;\n\n if (window.crossOriginIsolated) {\n // 如果是 crossOriginIsolated 就发不了 postMessage 了\n throw new Error(MSG_CROSS_ORIGIN_ISOLATED);\n }\n\n const state = createRandomString(16);\n const nonce = createRandomString(16);\n let codeVerifier: string | undefined;\n\n const params: AuthzURLParams = {\n redirect_uri: window.location.href,\n response_mode: 'web_message',\n response_type: this.options.useImplicitMode\n ? this.options.implicitResponseType\n : 'code',\n client_id: this.options.appId,\n state,\n nonce,\n ...(options.forced && { prompt: 'login' }),\n scope: this.options.scope,\n };\n\n if (!this.options.useImplicitMode) {\n const { codeChallenge, codeVerifier: v } = await genPKCEPair();\n codeVerifier = v;\n params.code_challenge = codeChallenge;\n params.code_challenge_method = 'S256';\n }\n\n iframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`;\n\n const res = await this.listenToPostMessage(state);\n if (res.error) {\n throw new Error(\n `登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`,\n );\n }\n\n if (res.state !== state) {\n throw new Error('state 验证失败');\n }\n\n return this.handleSuccessfulOIDCResponse(\n res,\n window.location.href,\n codeVerifier,\n );\n }\n */\n\n\t/**\n * 手动中止 iframe 登录, 并移除 SDK 注册的事件监听器\n */\n\t/*\n abortIframeLogin(): void {\n if (this.globalMsgListener) {\n window.removeEventListener('message', this.globalMsgListener);\n }\n this.globalMsgListener = undefined;\n }\n */\n\n\t/**\n * 用 Access Token 获取用户身份信息\n *\n * @param options.accessToken Access Token,默认从登录态中获取\n */\n\tasync getUserInfo(\n\t\toptions: {\n accessToken?: string\n } = {}\n\t): Promise<IUserInfo | NormalError> {\n\t\tconst accessToken =\n options.accessToken ?? (await this.getLoginState())?.accessToken\n\t\tif (!accessToken) {\n\t\t\tthrow new Error('access token 不存在,请重新登录')\n\t\t}\n\n\t\tconst { data } = await axiosGet(`${this.domain}/api/v3/get-profile`, {\n\t\t\theaders: {\n\t\t\t\tAuthorization: `Bearer ${accessToken}`,\n\t\t\t\t'x-authing-userpool-id': this.options.userPoolId\n\t\t\t}\n\t\t})\n\n\t\tif (data.data) {\n\t\t\treturn data.data as IUserInfo\n\t\t}\n\n\t\treturn {\n\t\t\tapiCode: data.apiCode,\n\t\t\tmessage: data.message,\n\t\t\tstatusCode: data.statusCode\n\t\t}\n\t}\n\n\t/**\n * 重定向到 Authing 的登出端点,完成登出操作\n *\n * @param options.redirectUri 登出完成后的回调地址,默认为初始化参数中的 logoutRedirectUri\n * @param options.state 自定义中间状态\n */\n\tasync logoutWithRedirect(\n\t\toptions: {\n redirectUri?: string | null\n state?: string\n } = {}\n\t): Promise<void> {\n\t\tconst loginState = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!loginState) {\n\t\t\treturn\n\t\t}\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\tconst params: LogoutURLParams = {\n\t\t\tid_token_hint: loginState.idToken\n\t\t}\n\n\t\tconst logoutRedirectUri =\n options.redirectUri ?? this.options.logoutRedirectUri\n\t\tif (logoutRedirectUri) {\n\t\t\tparams.post_logout_redirect_uri = logoutRedirectUri\n\t\t\tparams.state = options.state\n\t\t}\n\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/session/end?${createQueryParams(params)}`\n\t\t)\n\t\treturn\n\t}\n\t/**\n *\n * 使用内部维护的 refresh_token 刷新 access_token、id_token\n *\n */\n\tasync refreshToken(): Promise<null | LoginState> {\n\t\tconst state = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!state?.refreshToken) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能'\n\t\t\t)\n\t\t}\n\t\tconst data = {\n\t\t\tgrant_type: 'refresh_token',\n\t\t\tredirect_uri: '',\n\t\t\trefresh_token: state.refreshToken\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(data),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token\n\t\t})\n\t}\n\n\tprivate async listenToPostMessage(state: string) {\n\t\treturn new Promise<OIDCWebMessageResponse>((resolve, reject) => {\n\t\t\tconst msgEventListener = (msgEvent: MessageEvent) => {\n\t\t\t\tif (\n\t\t\t\t\tmsgEvent.origin !== this.domain ||\n msgEvent.data?.type !== 'authorization_response'\n\t\t\t\t) {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\twindow.removeEventListener('message', msgEventListener)\n\t\t\t\tthis.globalMsgListener = undefined\n\n\t\t\t\tconst { response } = msgEvent.data\n\t\t\t\tif (!response || response.state !== state) {\n\t\t\t\t\treturn reject(new Error('非法的服务端返回值'))\n\t\t\t\t}\n\n\t\t\t\tif (response.error) {\n\t\t\t\t\treturn resolve({\n\t\t\t\t\t\terror: response.error,\n\t\t\t\t\t\terrorDesc: response.error_description\n\t\t\t\t\t})\n\t\t\t\t}\n\n\t\t\t\treturn resolve({\n\t\t\t\t\taccessToken: response.access_token,\n\t\t\t\t\tidToken: response.id_token,\n\t\t\t\t\trefreshToken: response.refresh_token,\n\t\t\t\t\tcode: response.code,\n\t\t\t\t\tstate: response.state\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tthis.globalMsgListener = msgEventListener\n\t\t\twindow.addEventListener('message', msgEventListener)\n\t\t})\n\t}\n\n\tprivate async saveLoginState(params: {\n accessToken?: string\n idToken?: string\n refreshToken?: string\n nonce?: string\n }) {\n\t\tconst { accessToken, idToken, refreshToken } = params\n\t\tconst loginState: LoginState = {\n\t\t\taccessToken: accessToken,\n\t\t\tidToken: idToken,\n\t\t\trefreshToken: refreshToken,\n\t\t\ttimestamp: Date.now()\n\t\t}\n\n\t\tif (idToken) {\n\t\t\tconst parsedIdToken: IDToken = parseToken(idToken).body\n\t\t\tloginState.parsedIdToken = parsedIdToken\n\t\t\tloginState.expireAt = parsedIdToken.exp * 1000\n\n\t\t\tif (params.nonce && parsedIdToken.nonce !== params.nonce) {\n\t\t\t\tthrow new Error('nonce 验证失败')\n\t\t\t}\n\t\t}\n\n\t\tif (accessToken) {\n\t\t\tconst parsedAccessToken: AccessToken = parseToken(accessToken).body\n\t\t\tloginState.parsedAccessToken = parsedAccessToken\n\t\t\tloginState.expireAt = parsedAccessToken.exp * 1000\n\t\t}\n\n\t\tawait this.loginStateProvider.put(\n\t\t\tloginStateKey(this.options.appId),\n\t\t\tloginState\n\t\t)\n\t\treturn loginState\n\t}\n\n\tprivate async exchangeToken(\n\t\tcode: string,\n\t\tredirectUri: string,\n\t\tcodeVerifier: string,\n\t\tnonce: string\n\t) {\n\t\tconst tokenParam: PKCETokenParams = {\n\t\t\tgrant_type: 'authorization_code',\n\t\t\tcode,\n\t\t\tcode_verifier: codeVerifier as string,\n\t\t\tclient_id: this.options.appId,\n\t\t\tredirect_uri: redirectUri\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(tokenParam),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token,\n\t\t\tnonce\n\t\t})\n\t}\n\n\tprivate async handleOIDCWebMsgResponse(\n\t\tres: OIDCWebMessageResponse,\n\t\tnonce: string,\n\t\t// 只有 PKCE 会用下面两个参数\n\t\tredirectUri?: string,\n\t\tcodeVerifier?: string\n\t) {\n\t\tif (this.options.useImplicitMode) {\n\t\t\t// implicit flow\n\t\t\tif (\n\t\t\t\t(this.options.implicitResponseType.includes('token') &&\n typeof res.accessToken !== 'string') ||\n (this.options.implicitResponseType.includes('id_token') &&\n typeof res.idToken !== 'string')\n\t\t\t) {\n\t\t\t\tthrow new Error('无效的 Token 返回值')\n\t\t\t}\n\n\t\t\treturn this.saveLoginState({\n\t\t\t\taccessToken: res.accessToken,\n\t\t\t\tidToken: res.idToken,\n\t\t\t\trefreshToken: res.refreshToken,\n\t\t\t\tnonce\n\t\t\t})\n\t\t}\n\n\t\t// PKCE code flow\n\t\tif (typeof res.code !== 'string') {\n\t\t\tthrow new Error('无效的 Code 返回值')\n\t\t}\n\n\t\tif (!redirectUri || !codeVerifier) {\n\t\t\t// should never happen\n\t\t\tthrow new Error()\n\t\t}\n\n\t\treturn this.exchangeToken(res.code, redirectUri, codeVerifier, nonce)\n\t}\n\n\tprivate resolveCallbackParams() {\n\t\tconst paramSource: string =\n this.options.redirectResponseMode === 'fragment'\n \t? window.location.hash\n \t: window.location.search\n\t\tif (!paramSource) {\n\t\t\treturn null\n\t\t}\n\n\t\tconst paramDict: StrDict = Object.create(null)\n\t\tparamSource\n\t\t\t.substring(1)\n\t\t\t.split('&')\n\t\t\t.forEach(item => {\n\t\t\t\tconst [key, val] = item.split('=')\n\t\t\t\tparamDict[key] = val\n\t\t\t})\n\n\t\treturn paramDict\n\t}\n}\n"],"names":["axiosPromiseWrapper","p","_d","e_1","isAxiosError","_b","response","_a","data","error","_c","error_description","Error","concat","axiosGet","url","options","_options","mergeOptions","axios","get","axiosPost","post","Object","assign","headers","STORAGE_KEY_PREFIX","MSG_PENDING_AUTHZ","InMemoryStorageProvider","this","storage","create","prototype","key","put","value","delete","LocalStorageProvider","jsonItem","localStorage","getItem","JSON","parse","setItem","stringify","removeItem","NullStorageProvider","SessionStorageProvider","sessionStorage","createQueryParams","params","keys","filter","k","undefined","map","encodeURIComponent","join","loginStateKey","appId","transactionKey","state","getCrypto","window","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","length","charset","Array","from","getRandomValues","Uint8Array","v","string2Buf","str","buffer","i","push","charCodeAt","genPKCEPair","algorithm","codeVerifier","digest","hash","sent","codeChallenge","ie11SafeInput","binary","byteLength","String","fromCharCode","base64","btoa","charMapping","replace","ch","buf2Base64Url","parseToken","token","split","header","body","headerObj","atob","enc","decodeURIComponent","c","toString","slice","Authing","domain","matchRes","exec","domainC14n","useImplicitMode","loginStateProvider","console","warn","transactionProvider","implicitResponseType","redirectResponseMode","popupWidth","popupHeight","scope","_e","getLoginStateWithRedirect","nonce","redirectUri","location","origin","redirect_uri","response_mode","response_type","client_id","code_challenge","code_challenge_method","getLoginState","ignoreCache","state_1","expireAt","Date","now","introspectAccessToken","accessToken","active","globalMsgListener","crossOriginIsolated","redirectUrl","prompt","iframe","document","createElement","hidden","width","height","src","navigator","userAgent","indexOf","appendChild","append","Promise","race","listenToPostMessage","resolve","setTimeout","res","removeEventListener","remove","errorDesc","handleOIDCWebMsgResponse","loginWithRedirect","forced","login_page_context","__assign","redirectToOriginalUri","originalUri","href","customState","isRedirectCallback","resolveCallbackParams","handleRedirectCallback","paramDict","tx","code","exchangeToken","idToken","id_token","access_token","includes","saveLoginState","result","loginWithPopup","win","open","handle","setInterval","closed","clearInterval","getUserInfo","Authorization","userPoolId","apiCode","message","statusCode","logoutWithRedirect","loginState","id_token_hint","logoutRedirectUri","post_logout_redirect_uri","refreshToken","grant_type","refresh_token","tokenRes","reject","msgEventListener","msgEvent","_this","type","addEventListener","timestamp","parsedIdToken","exp","parsedAccessToken","tokenParam","code_verifier","paramSource","search","substring","forEach","item","val"],"mappings":"u4DAQA,SAAeA,EAAoBC,iHAE1B,6BAAA,CAAA,EAAMA,GAAb,KAAA,EAAA,MAAA,CAAA,EAAOC,iBAEP,cAAiBC,EAPTC,eAQwB,QAA3BC,EAAa,UAAZF,EAAEG,gBAAU,IAAAC,OAAA,EAAAA,EAAAC,YAAc,IAAAH,OAAA,EAAAA,EAAAI,OAG9B,MADMC,EAA+BP,EAAEG,SAAUE,KAAzCC,EAAKC,EAAAD,MAAEE,EAAiBD,EAAAC,kBAC1B,IAAIC,MAAM,aAAAC,OAAaJ,EAAU,MAAAI,OAAAF,IAGzC,MAAMR,yBAEP,CAEqB,SAAAW,EACrBC,EACAC,4EAGA,OADMC,EAAWC,EAAaF,GACvB,CAAA,EAAAhB,EAAoBmB,EAAK,QAACC,IAAIL,EAAKE,UAC1C,UAEqBI,EACrBN,EACAP,EACAQ,4EAGA,OADMC,EAAWC,EAAaF,GAC9B,CAAA,EAAOhB,EAAoBmB,UAAMG,KAAKP,EAAKP,EAAMS,UACjD,CAED,SAASC,EAAcF,GAQtB,OAPiBO,OAAOC,OAAO,CAAA,EAAIR,GAAW,CAAA,EAAI,CACjDS,eACIT,aAAO,EAAPA,EAASS,SACZ,CAAA,yBAA0B,UAC1B,4CAIH,CCjDO,IAGMC,EAAqB,UAHJ,cAGqB,KAAAb,OAFpB,KAWlBc,EACX,2BCVFC,EAAA,WAAA,SAAAA,IACkBC,KAAAC,QAAUP,OAAOQ,OAAO,KAazC,CAAD,OAXCH,EAAGI,UAAAZ,IAAH,SAAIa,SACH,OAA4B,QAArB1B,EAAAsB,KAAKC,QAAQG,UAAQ,IAAA1B,EAAAA,EAAA,MAG7BqB,EAAAI,UAAAE,IAAA,SAAID,EAAaE,GAChBN,KAAKC,QAAQG,GAAOE,GAGrBP,EAAMI,UAAAI,OAAN,SAAOH,UACCJ,KAAKC,QAAQG,IAErBL,CAAD,ICdAS,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGL,UAAAZ,IAAH,SAAIa,GACH,IAAMK,EAAWC,aAAaC,QAAQP,GACtC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBD,EAAAL,UAAAE,IAAA,SAAID,EAAaE,GAChBI,aAAaI,QAAQV,EAAKQ,KAAKG,UAAUT,KAG1CE,EAAML,UAAAI,OAAN,SAAOH,GACNM,aAAaM,WAAWZ,IAEzBI,CAAD,IChBAS,EAAA,WAAA,SAAAA,IAYC,CAAD,OAXCA,EAAAd,UAAAZ,IAAA,WACC,OAAO,MAGR0B,EAAAd,UAAAE,IAAA,aAIAY,EAAAd,UAAAI,OAAA,aAGAU,CAAD,ICZAC,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGf,UAAAZ,IAAH,SAAIa,GACH,IAAMK,EAAWU,eAAeR,QAAQP,GACxC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBS,EAAAf,UAAAE,IAAA,SAAID,EAAaE,GAChBa,eAAeL,QAAQV,EAAKQ,KAAKG,UAAUT,KAG5CY,EAAMf,UAAAI,OAAN,SAAOH,GACNe,eAAeH,WAAWZ,IAE3Bc,CAAD,IChBM,SAAUE,EAAkBC,GACjC,OAAO3B,OAAO4B,KAAKD,GACjBE,QAAO,SAAAC,GAAK,OAAc,OAAdH,EAAOG,SAA6BC,IAAdJ,EAAOG,EAAgB,IACzDE,KACA,SAAAF,GAAK,OAAAG,mBAAmBH,GAAK,IAAMG,mBAAmBN,EAAOG,GAAxD,IAELI,KAAK,IACR,CAEM,SAAUC,EAAcC,GAC7B,MAAO,CAACjC,EAAoBiC,EAAO,eAAeF,KAAK,IACxD,CAEgB,SAAAG,EAAeD,EAAeE,GAC7C,MAAO,CAACnC,EAAoBiC,EAAO,KAAME,GAAOJ,KAAK,IACtD,UAEgBK,IAEf,OAAQC,OAAOC,QAAWD,OAAeE,QAC1C,UAEgBC,IACf,IAAMF,EAASF,IAEf,OAAOE,EAAOG,QAAWH,EAAeI,YACzC,CAEM,SAAUC,EAAmBC,GAClC,IAAMC,EACH,iEAIH,OAHqBC,MAAMC,KAC1BX,IAAYY,gBAAgB,IAAIC,WAAWL,KAExBf,KAAI,SAAAqB,GAAK,OAAAL,EAAQK,EAAIL,EAAQD,OAAO,IAAEb,KAAK,GAChE,CAEM,SAAUoB,EAAWC,GAE1B,IADA,IAAMC,EAAmB,GAChBC,EAAI,EAAGA,EAAIF,EAAIR,SAAUU,EACjCD,EAAOE,KAAKH,EAAII,WAAWF,IAE5B,OAAO,IAAIL,WAAWI,EACvB,CAaM,SAAgBI,EAAYC,eAAA,IAAAA,IAAAA,EAAqB,sGAGzC,OADPC,EAAehB,EAAmB,IAC3B,CAAA,EAAMH,IAAkBoB,OACpCF,EACAP,EAAWQ,YAGZ,OALME,EAAOhF,EAGZiF,OAED,CAAA,EAAO,CAAEC,cAnBV,SAAuBV,GAGtB,IAFA,IAAMW,EAAgB,IAAIf,WAAWI,GACjCY,EAAS,GACJX,EAAI,EAAGA,EAAIU,EAAcE,aAAcZ,EAC/CW,GAAUE,OAAOC,aAAaJ,EAAcV,IAE7C,IAAMe,EAAShC,OAAOiC,KAAKL,GACrBM,EAAuB,CAAE,IAAK,IAAK,IAAK,IAAK,IAAK,IACxD,OAAOF,EAAOG,QAAQ,UAAU,SAACC,GAAe,OAAAF,EAAYE,EAAZ,GACjD,CASuBC,CAAcb,GACZF,aAAYA,UACpC,CAWK,SAAUgB,EAAWC,GACtB,IAAA/F,EAAsB+F,EAAMC,MAAM,KAAjCC,EAAMjG,EAAA,GAAEkG,EAAIlG,EAAA,GACjB,SACC,MAAM,IAAIK,MAAM,gBAGjB,IAAM8F,EAAYjE,KAAKC,MAAMqB,OAAO4C,KAAKH,IACzC,GAAIE,EAAUE,IACb,MAAM,IAAIhG,MACT,mDAeF,OAXA6F,EAAOA,EAAKP,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC7CO,EAAOI,mBACN9C,OACE4C,KAAKF,GACLF,MAAM,IACNhD,KAAI,SAAUuD,GACd,MAAO,KAAO,KAAOA,EAAE5B,WAAW,GAAG6B,SAAS,KAAKC,OAAO,EAC3D,IACCvD,KAAK,KAGD,CACN+C,OAAQE,EACRD,KAAMhE,KAAKC,MAAM+D,GAEnB,CChEA,IAAAQ,EAAA,WAQC,SAAAA,EAAYjG,iBAIX,GAHAa,KAAKb,QAAUA,EACfa,KAAKqF,ODiBD,SAAqBA,SAEpBC,EADY,qEACSC,KAAKF,GAChC,GAAIC,GAAYA,EAAS,GACxB,MAAO,GAAGtG,OAAW,QAAXN,EAAA4G,EAAS,UAAE,IAAA5G,EAAAA,EAAI,YAAUM,OAAGsG,EAAS,IAEhD,MAAMvG,MAAM,YAAAC,OAAYqG,GACzB,CCxBgBG,CAAWxF,KAAKb,QAAQkG,UAEjClG,EAAQsG,iBAAqBxD,KAAgBI,KACjD,MAAM,IAAItD,MACT,yEAI0B,iBAAjB2B,aACVV,KAAK0F,mBAAqB,IAAIlF,GAE9BmF,QAAQC,KAAK,yBACb5F,KAAK0F,mBAAqB,IAAI3F,GAGD,iBAAnBoB,eACVnB,KAAK6F,oBAAsB,IAAI3E,GAE1B/B,EAAQsG,iBACZE,QAAQC,KACP,yDAGF5F,KAAK6F,oBAAsB,IAAI5E,GAGhC9B,EAAQ2G,qBACwB,QAA5BpH,EAAAS,EAAQ2G,4BAAoB,IAAApH,EAAAA,EAAI,iBACpCS,EAAQ4G,qBAAuD,QAAhCvH,EAAAW,EAAQ4G,4BAAwB,IAAAvH,EAAAA,EAAA,WAC/DW,EAAQ6G,WAAmC,QAAtBnH,EAAAM,EAAQ6G,kBAAc,IAAAnH,EAAAA,EN3EV,IM4EjCM,EAAQ8G,YAAqC,QAAvB5H,EAAAc,EAAQ8G,mBAAe,IAAA5H,EAAAA,EN3EX,IM4ElCc,EAAQ+G,MAAyB,QAAjBC,EAAAhH,EAAQ+G,aAAS,IAAAC,EAAAA,EN1EN,gBM2E3B,CAqyBF,OAnyBOf,EAAAjF,UAAAiG,0BAAN,+HAkBK,OAjBEpE,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAC3B8D,EAAsC,QAAxB5H,EAAAsB,KAAKb,QAAQmH,mBAAW,IAAA5H,EAAAA,EAAIwD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAcH,EACdI,cAAe1G,KAAKb,QAAQ4G,sBAAwB,QACpDY,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKb,QAAQ+G,OAIhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKb,QAAQ2C,MAAOE,GACnC,CACCwB,aAAYA,EACZxB,MAAKA,EACLsE,YAAWA,EACXD,MAAKA,mBANPxH,EAAA8E,OAUAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,eAE/C,EAUK+D,EAAajF,UAAA4G,cAAnB,SACC5H,qBAAA,IAAAA,IAAAA,EAEQ,CAAA,gHAGJ,OAACA,EAAQ6H,YAAW,CAAA,EAAA,GACT,CAAA,EAAMhH,KAAK0F,mBAAmBnG,IAC3CsC,EAAc7B,KAAKb,QAAQ2C,gBAExB,OAHEmF,EAAQpI,EAEb8E,SACYsD,EAAMC,UAAYD,EAAMC,SAAWC,KAAKC,MAC/CpH,KAAKb,QAAQkI,uBAA0BJ,EAAMK,YAI3B,CAAA,EAAA9H,EACtB,GAAGR,OAAAgB,KAAKqF,OAAM,6BACdjE,EAAkB,CACjBwF,UAAW5G,KAAKb,QAAQ2C,MACxB2C,MAAOwC,EAAMK,cAEd,CACC1H,QAAS,CACR,eAAgB,wCAXlB,CAAA,EAAOqH,GAFiD,CAAA,EAAA,UAkBzD,IAAoB,IAbHpI,EAWhB8E,OAXWhF,KAaH4I,OACR,MAAA,CAAA,EAAON,oBAMV,MAAA,CAAA,EAAMjH,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAGhE,GAHAjD,EAAA8E,YAG+BlC,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIzI,MAAMe,GAIjB,OAFAE,KAAKwH,kBAAoB,KAErBtF,OAAOuF,qBAEV9B,QAAQC,KAAK,wBACb,CAAA,EAAO,QAGF5D,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BkF,EAAsC,QAAxBhJ,EAAAsB,KAAKb,QAAQmH,mBAAW,IAAA5H,EAAAA,EAAIwD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAciB,EACdhB,cAAe,cACfC,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLsB,OAAQ,OACRzB,MAAOlG,KAAKb,QAAQ+G,OAGhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,aAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAepB,OAZNc,EAASC,SAASC,cAAc,WAE/BC,QAAS,EAChBH,EAAOI,MAAQJ,EAAOK,OAAS,IAE/BL,EAAOM,IAAM,GAAAlJ,OAAGgB,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,IDvG3Da,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,GAC3CnG,OAAOiG,UAAUC,UAAUC,QAAQ,YAAc,GAChDnG,OAAOiG,UAAUC,UAAUC,QAAQ,OAAS,GAC9CnG,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,ECsG/CR,SAASjD,KAAK0D,YAAYV,GAE1BC,SAASjD,KAAK2D,OAAOX,GAGJ,CAAA,EAAAY,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,OAAAC,YAAW,WAAM,OAAAD,EAAQ,KAAR,GN3N4B,IM2N7C,cAWF,GAdME,EAAMhK,EAKV8E,OAEE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,EAEzBmG,EAAOmB,SAEK,OAARF,EAEH,OADAlD,QAAQC,KAAK,WACb,CAAA,EAAO,MAGR,GAAIiD,EAAIjK,MAQP,MAPkB,mBAAdiK,EAAIjK,MACP+G,QAAQC,KACP,4BAAA5G,OAA4B6J,EAAIjK,MAAK,wBAAAI,OAAuB6J,EAAIG,YAGjErD,QAAQC,KAAK,SAEd,CAAA,EAAO,MAGR,GAAIiD,EAAI7G,QAAUA,EACjB,MAAM,IAAIjD,MAAM,cAGjB,MAAA,CAAA,EAAOiB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOqB,EAAalE,UAC9D,EAUK4B,EAAiBjF,UAAA+I,kBAAvB,SACC/J,qBAAA,IAAAA,IAAAA,EAMQ,CAAA,0GAGR,KADMmH,EAAcnH,EAAQmH,aAAetG,KAAKb,QAAQmH,aAEvD,MAAM,IAAIvH,MAAM,qBAuBb,OApBEiD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,OACLoF,aAAcH,EACdI,cAAe1G,KAAKb,QAAQ4G,qBAC5BY,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKb,QAAQ+G,OAChB/G,EAAQgK,QAAU,CAAExB,OAAQ,UAC5BxI,EAAQiK,oBAAsB,CACjCA,mBAAoBjK,EAAQiK,qBAKzBpJ,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKb,QAAQ2C,MAAOE,GAAMqH,EAAAA,EAAA,CAExC7F,aAAYA,EACZxB,MAAKA,EACLsE,cACAD,MAAKA,GACDrG,KAAKb,QAAQmK,uBAAyB,CACzCC,oBAAa7K,EAAAS,EAAQoK,2BAAerH,OAAOqE,SAASiD,YAEzB/H,IAAxBtC,EAAQsK,aAA6B,CACxCA,YAAatK,EAAQsK,8BAXxB5K,EAAA8E,OAgBAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,eAE/C,EAKD+D,EAAAjF,UAAAuJ,mBAAA,WACC,IAAMrI,EAASrB,KAAK2J,wBAEpB,QAAKtI,MAIDA,EAAc,QAIdrB,KAAKb,QAAQsG,mBACNpE,EAAqB,eAAKA,EAAiB,YAE5CA,EAAa,QAOlB+D,EAAAjF,UAAAyJ,uBAAN,+HAEC,KADMC,EAAY7J,KAAK2J,yBAEtB,MAAM,IAAI5K,MAAM,aAGjB,GAAI8K,EAAUjL,MACb,MAAM,IAAIG,MACT,eAAAC,OAAe6K,EAAUjL,MAAK,wBAAAI,OAAuB6K,EAAU/K,oBAQjE,KADQkD,EAAU6H,EAAS7H,OAE1B,MAAM,IAAIjD,MAAM,uBAEN,MAAA,CAAA,EAAMiB,KAAK6F,oBAAoBtG,IACzCwC,EAAe/B,KAAKb,QAAQ2C,MAAOE,YAEhC,OAHE8H,EAAKpL,EAEViF,QAEA,CAAA,EAAM3D,KAAK6F,oBAAoBtF,OAC9BwB,EAAe/B,KAAKb,QAAQ2C,MAAOE,KAF/B,CAAA,EAAA,UAKL,GAJAtD,EAAAiF,OAIImG,EAAG9H,QAAUA,EAChB,MAAM,IAAIjD,MAAM,cAKb,GAFJwK,EAAcO,EAAGP,YACjBE,EAAcK,EAAGL,YACZzJ,KAAKb,QAAQsG,gBAAd,MAA6B,CAAA,EAAA,GAGhC,KADQsE,EAASF,EAASE,MAEzB,MAAM,IAAIhL,MAAM,sBAEL,MAAA,CAAA,EAAMiB,KAAKgK,cACtBD,EACAD,EAAGxD,YACEwD,EAAGtG,aACHsG,EAAGzD,eAOT,OAXMwC,EAAMnK,EAKXiF,OAEG3D,KAAKb,QAAQmK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAOV,6BAEF,IAAK7I,KAAKb,QAAQsG,gBACxB,MAAM,IAAI1G,MACT,wEAWF,GAPMkL,EAAUJ,EAAUK,SACpB5C,EAAcuC,EAAUM,aAIxB9D,EAAQyD,eAAAA,EAAIzD,MAGhBrG,KAAKb,QAAQ2G,qBAAqBsE,SAAS,WAAa9C,GACrDtH,KAAKb,QAAQ2G,qBAAqBsE,SAAS,cAAgBH,EAE/D,MAAM,IAAIlL,MAAM,uBAGF,MAAM,CAAA,EAAAiB,KAAKqK,eAAe,CACxCJ,QAAOA,EACP3C,YAAWA,EACXjB,MAAKA,YAON,OAVMiE,EAAS5L,EAIbiF,OAEE3D,KAAKb,QAAQmK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAAF,EAAAA,EAAA,CAAA,EAAYiB,GAAM,CAAEb,YAAWA,WAE/B,EAQKrE,EAAcjF,UAAAoK,eAApB,SACCpL,eAAA,IAAAA,IAAAA,EAAwD,CAAA,gHAKxD,GAHMmH,EACFnH,EAAQmH,aAAetG,KAAKb,QAAQmH,aAAepE,OAAOqE,SAASC,YAExC/E,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIzI,MAAMe,GAIjB,GAFAE,KAAKwH,kBAAoB,KAErBtF,OAAOuF,oBAEV,MAAM,IAAI1I,MN1bX,kDM8cI,OAjBEiD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,EACLgI,EAAAA,EAAA,CAAA5C,aAAcH,EACdI,cAAe,cACfC,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,SACIlH,EAAQgK,QAAU,CAAExB,OAAQ,UAChC,CAAAzB,MAAOlG,KAAKb,QAAQ+G,QAIhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C5E,EAAqCF,SAAnCoF,EAAalF,EAAAkF,cAAgBb,EAACrE,EAAA8E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAShC,GANM5H,EAAM,GAAGF,OAAAgB,KAAKqF,OAAoB,eAAArG,OAAAoC,EAAkBC,MACpDmJ,EAAMtI,OAAOuI,KAClBvL,EACA,2BACA,eAAeF,OAAAgB,KAAKb,QAAQ6G,WAAU,YAAAhH,OAAWgB,KAAKb,QAAQ8G,eAG9D,MAAM,IAAIlH,MAAM,UAGL,MAAM,CAAA,EAAAyJ,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,IAAM+B,EAASC,aAAY,WACtBH,EAAII,SACPC,cAAcH,GAEd9B,YAAW,WAAM,OAAAD,EAAQ,KAAK,GAAE,KAEjC,GAAE,IACJ,cAOD,GAjBME,EAAMrK,EAWVmF,OACE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,GAEpBoH,EAEJ,MAAA,CAAA,EAAO,MAGR,GAAIA,EAAIjK,MACP,MAAM,IAAIG,MACT,yBAAAC,OAAyB6J,EAAIjK,MAAK,wBAAAI,OAAuB6J,EAAIG,YAI/D,GAAIH,EAAI7G,QAAUA,EACjB,MAAM,IAAIjD,MAAM,cAGjB,MAAA,CAAA,EAAOiB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOC,EAAa9C,UAC9D,EAwFK4B,EAAWjF,UAAA2K,YAAjB,SACC3L,uBAAA,IAAAA,IAAAA,EAEQ,CAAA,gGAGJ,OAAmB,QAAnBT,EAAAS,EAAQmI,mBAAW,IAAA5I,EAAA,CAAA,EAAA,eAAK,KAAA,EAAA,MAAA,CAAA,EAAMsB,KAAK+G,wBAAZlI,EAA4B,UAA3BR,EAAAsF,cAA2B,IAAAnF,OAAA,EAAAA,EAAE8I,6BACzD,KAFMA,EAC8DzI,GAEnE,MAAM,IAAIE,MAAM,0BAGA,MAAA,CAAA,EAAME,EAAS,GAAAD,OAAGgB,KAAKqF,8BAA6B,CACpEzF,QAAS,CACRmL,cAAe,UAAU/L,OAAAsI,GACzB,wBAAyBtH,KAAKb,QAAQ6L,sBAIxC,OAPQrM,EAASN,EAKfsF,OALUhF,MAOHA,KACD,CAAA,EAAAA,EAAKA,MAGN,CAAA,EAAA,CACNsM,QAAStM,EAAKsM,QACdC,QAASvM,EAAKuM,QACdC,WAAYxM,EAAKwM,mBAElB,EAQK/F,EAAkBjF,UAAAiL,mBAAxB,SACCjM,qBAAA,IAAAA,IAAAA,EAGQ,CAAA,yFAEW,KAAA,EAAA,MAAA,CAAA,EAAMa,KAAK0F,mBAAmBnG,IAChDsC,EAAc7B,KAAKb,QAAQ2C,gBAE5B,OAHMuJ,EAAa7M,EAElBmF,QAID,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,SAFzD,CAAA,UAeP,OAbAtD,EAAAmF,OAEMtC,EAA0B,CAC/BiK,cAAeD,EAAWpB,UAGrBsB,EACqB,QAAvB7M,EAAAS,EAAQmH,mBAAe,IAAA5H,EAAAA,EAAAsB,KAAKb,QAAQoM,qBAEvClK,EAAOmK,yBAA2BD,EAClClK,EAAOW,MAAQ7C,EAAQ6C,OAGxB,CAAA,EAAMhC,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAKhE,OALAtD,EAAAmF,OAEAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,sBAAArG,OAAqBoC,EAAkBC,KAEhD,CAAA,SACN,EAMK+D,EAAAjF,UAAAsL,aAAN,wGACe,KAAA,EAAA,MAAA,CAAA,EAAMzL,KAAK0F,mBAAmBnG,IAC3CsC,EAAc7B,KAAKb,QAAQ2C,gBAE5B,KAAKE,OAHCA,EAAQtD,EAEbiF,eACI3B,EAAOyJ,cACX,MAAM,IAAI1M,MACT,yDAS0B,OANtBJ,EAAO,CACZ+M,WAAY,gBACZjF,aAAc,GACdkF,cAAe3J,EAAMyJ,cAGM,CAAA,EAAMjM,EACjC,GAAGR,OAAAgB,KAAKqF,OAAmB,eAC3BjE,EAAkBzC,GAClB,CACCiB,QAAS,CACR,eAAgB,oCAChB,mBAAoBI,KAAKb,QAAQ2C,iBAMpC,OAZc8J,EAAclN,EAS3BiF,OATqBhF,KAYtB,CAAA,EAAMqB,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAEhE,OAFApD,EAAAiF,OAEO,CAAA,EAAA3D,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,uBAExB,EAEavG,EAAmBjF,UAAAuI,oBAAjC,SAAkC1G,iFACjC,MAAA,CAAA,EAAO,IAAIwG,SAAgC,SAACG,EAASkD,GACpD,IAAMC,EAAmB,SAACC,SACzB,GACCA,EAASvF,SAAWwF,EAAK3G,QACI,oCAAxB3G,EAAAqN,EAASpN,2BAAMsN,MAFrB,CAOA/J,OAAO4G,oBAAoB,UAAWgD,GACtCE,EAAKxE,uBAAoB/F,EAEjB,IAAAhD,EAAasN,EAASpN,cAC9B,OAAKF,GAAYA,EAASuD,QAAUA,EAIhCvD,EAASG,MACL+J,EAAQ,CACd/J,MAAOH,EAASG,MAChBoK,UAAWvK,EAASK,oBAIf6J,EAAQ,CACdrB,YAAa7I,EAAS0L,aACtBF,QAASxL,EAASyL,SAClBuB,aAAchN,EAASkN,cACvB5B,KAAMtL,EAASsL,KACf/H,MAAOvD,EAASuD,QAfT6J,EAAO,IAAI9M,MAAM,aAPxB,CAwBF,EAEAiN,EAAKxE,kBAAoBsE,EACzB5J,OAAOgK,iBAAiB,UAAWJ,EACnC,UACD,EAEa1G,EAAcjF,UAAAkK,eAA5B,SAA6BhJ,6GAc5B,GARQiG,EAAuCjG,EAA5BiG,YAAE2C,EAA0B5I,EAAM4I,QAAvBwB,EAAiBpK,eACzCgK,EAAyB,CAC9B/D,YAAaA,EACb2C,QAASA,EACTwB,aAAcA,EACdU,UAAWhF,KAAKC,OAGb6C,IACGmC,EAAyB5H,EAAWyF,GAASrF,KACnDyG,EAAWe,cAAgBA,EAC3Bf,EAAWnE,SAA+B,IAApBkF,EAAcC,IAEhChL,EAAOgF,OAAS+F,EAAc/F,QAAUhF,EAAOgF,OAClD,MAAM,IAAItH,MAAM,cAUlB,OANIuI,IACGgF,EAAiC9H,EAAW8C,GAAa1C,KAC/DyG,EAAWiB,kBAAoBA,EAC/BjB,EAAWnE,SAAmC,IAAxBoF,EAAkBD,KAGzC,CAAA,EAAMrM,KAAK0F,mBAAmBrF,IAC7BwB,EAAc7B,KAAKb,QAAQ2C,OAC3BuJ,WAED,OAJA3M,EAAAiF,OAIA,CAAA,EAAO0H,SACP,EAEajG,EAAajF,UAAA6J,cAA3B,SACCD,EACAzD,EACA9C,EACA6C,qGAU4B,OARtBkG,EAA8B,CACnCb,WAAY,qBACZ3B,KAAIA,EACJyC,cAAehJ,EACfoD,UAAW5G,KAAKb,QAAQ2C,MACxB2E,aAAcH,GAGa,CAAA,EAAM9G,EACjC,GAAGR,OAAAgB,KAAKqF,OAAmB,eAC3BjE,EAAkBmL,GAClB,CACC3M,QAAS,CACR,eAAgB,+CAKnB,OAVcgM,EAAclN,EAQ3BiF,OARqBhF,KAUf,CAAA,EAAAqB,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,cACvBtF,MAAKA,WAEN,EAEajB,EAAAjF,UAAA8I,yBAAd,SACCJ,EACAxC,EAEAC,EACA9C,sEAEA,GAAIxD,KAAKb,QAAQsG,gBAAiB,CAEjC,GACEzF,KAAKb,QAAQ2G,qBAAqBsE,SAAS,UACX,iBAApBvB,EAAIvB,aACZtH,KAAKb,QAAQ2G,qBAAqBsE,SAAS,aACnB,iBAAhBvB,EAAIoB,QAEjB,MAAM,IAAIlL,MAAM,iBAGjB,MAAO,CAAA,EAAAiB,KAAKqK,eAAe,CAC1B/C,YAAauB,EAAIvB,YACjB2C,QAASpB,EAAIoB,QACbwB,aAAc5C,EAAI4C,aAClBpF,MAAKA,IAEN,CAGD,GAAwB,iBAAbwC,EAAIkB,KACd,MAAM,IAAIhL,MAAM,gBAGjB,IAAKuH,IAAgB9C,EAEpB,MAAM,IAAIzE,MAGX,MAAA,CAAA,EAAOiB,KAAKgK,cAAcnB,EAAIkB,KAAMzD,EAAa9C,EAAc6C,SAC/D,EAEOjB,EAAAjF,UAAAwJ,sBAAR,WACC,IAAM8C,EACoC,aAAtCzM,KAAKb,QAAQ4G,qBACV7D,OAAOqE,SAAS7C,KAChBxB,OAAOqE,SAASmG,OACvB,IAAKD,EACJ,OAAO,KAGR,IAAM5C,EAAqBnK,OAAOQ,OAAO,MASzC,OARAuM,EACEE,UAAU,GACVjI,MAAM,KACNkI,SAAQ,SAAAC,GACF,IAAAnO,EAAamO,EAAKnI,MAAM,KAAvBtE,EAAG1B,EAAA,GAAEoO,OACZjD,EAAUzJ,GAAO0M,CAClB,IAEMjD,GAERzE,CAAD"} | ||
| {"version":3,"file":"index.global.js","sources":["../../src/axios.ts","../../src/constants.ts","../../src/storage/InMemoryStorgeProvider.ts","../../src/storage/LocalStorageProvider.ts","../../src/storage/NullStorageProvider.ts","../../src/storage/SessionStorageProvider.ts","../../src/utils.ts","../../src/Authing.ts"],"sourcesContent":["import axios, { AxiosError, AxiosRequestConfig } from 'axios'\n\nimport { version } from '../package.json'\n\nfunction isAxiosError(e: any): e is AxiosError {\n\treturn e.isAxiosError\n}\n\nasync function axiosPromiseWrapper(p: Promise<any>) {\n\ttry {\n\t\treturn await p\n\t} catch (e) {\n\t\tif (isAxiosError(e)) {\n\t\t\tif ((e.response?.data as any)?.error) {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n\t\t\t\tconst { error, error_description } = e.response!.data as any\n\t\t\t\tthrow new Error(`认证服务器返回错误 ${error}: ${error_description}`)\n\t\t\t}\n\t\t}\n\t\tthrow e\n\t}\n}\n\nexport async function axiosGet(\n\turl: string,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.get(url, _options))\n}\n\nexport async function axiosPost(\n\turl: string,\n\tdata?: any,\n\toptions?: AxiosRequestConfig<string>\n) {\n\tconst _options = mergeOptions(options)\n\treturn axiosPromiseWrapper(axios.post(url, data, _options))\n}\n\nfunction mergeOptions (options?: AxiosRequestConfig<string>): AxiosRequestConfig {\n\tconst _options = Object.assign({}, options || {}, {\n\t\theaders: {\n\t\t\t...options?.headers,\n\t\t\t'x-authing-request-from': 'sdk-web',\n\t\t\t'x-authing-sdk-version': version\n\t\t}\n\t})\n\treturn _options\n}\n","export const SDK_IDENTIFIER = 'authing-spa'\nexport const STORAGE_VERSION = '1'\n\nexport const STORAGE_KEY_PREFIX = `${SDK_IDENTIFIER}:${STORAGE_VERSION}`\n\nexport const DEFAULT_IFRAME_LOGINSTATE_TIMEOUT = 5000\n\nexport const DEFAULT_POPUP_WIDTH = 800\nexport const DEFAULT_POPUP_HEIGHT = 600\n\nexport const DEFAULT_SCOPE = 'openid profile'\n\nexport const MSG_PENDING_AUTHZ =\n '另一个认证流程正在进行中,请不要同时发起多个认证'\nexport const MSG_CROSS_ORIGIN_ISOLATED =\n '当前页面运行在隔离模式下, 无法进行此方式登录, 请使用 loginWithRedirect'\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class InMemoryStorageProvider<T> implements StorageProvider<T> {\n\tprivate readonly storage = Object.create(null)\n\n\tget(key: string): MayBePromise<T | null> {\n\t\treturn this.storage[key] ?? null\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tthis.storage[key] = value\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tdelete this.storage[key]\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class LocalStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = localStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tlocalStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tlocalStorage.removeItem(key)\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class NullStorageProvider<T> implements StorageProvider<T> {\n\tget(): MayBePromise<T | null> {\n\t\treturn null\n\t}\n\n\tput(): MayBePromise<void> {\n\t\t// null\n\t}\n\n\tdelete(): MayBePromise<void> {\n\t\t// null\n\t}\n}\n","import { MayBePromise } from '../types'\nimport { StorageProvider } from './interface'\n\nexport class SessionStorageProvider<T> implements StorageProvider<T> {\n\tget(key: string): MayBePromise<T | null> {\n\t\tconst jsonItem = sessionStorage.getItem(key)\n\t\tif (jsonItem === null) {\n\t\t\treturn null\n\t\t}\n\t\treturn JSON.parse(jsonItem) as T\n\t}\n\n\tput(key: string, value: T): MayBePromise<void> {\n\t\tsessionStorage.setItem(key, JSON.stringify(value))\n\t}\n\n\tdelete(key: string): MayBePromise<void> {\n\t\tsessionStorage.removeItem(key)\n\t}\n}\n","import { STORAGE_KEY_PREFIX } from './constants'\nimport { StrDict } from './types'\n\nexport function createQueryParams(params: any) {\n\treturn Object.keys(params)\n\t\t.filter(k => params[k] !== null && params[k] !== undefined)\n\t\t.map(\n\t\t\tk => encodeURIComponent(k) + '=' + encodeURIComponent(params[k] as string)\n\t\t)\n\t\t.join('&')\n}\n\nexport function loginStateKey(appId: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'login-state'].join(':')\n}\n\nexport function transactionKey(appId: string, state: string) {\n\treturn [STORAGE_KEY_PREFIX, appId, 'tx', state].join(':')\n}\n\nexport function getCrypto() {\n\t//ie 11.x uses msCrypto\n\treturn (window.crypto || (window as any).msCrypto) as Crypto\n}\n\nexport function getCryptoSubtle() {\n\tconst crypto = getCrypto()\n\t//safari 10.x uses webkitSubtle\n\treturn crypto.subtle || (crypto as any).webkitSubtle\n}\n\nexport function createRandomString(length: number) {\n\tconst charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'\n\tconst randomValues = Array.from(\n\t\tgetCrypto().getRandomValues(new Uint8Array(length))\n\t)\n\treturn randomValues.map(v => charset[v % charset.length]).join('')\n}\n\nexport function string2Buf(str: string) {\n\tconst buffer: number[] = []\n\tfor (let i = 0; i < str.length; ++i) {\n\t\tbuffer.push(str.charCodeAt(i))\n\t}\n\treturn new Uint8Array(buffer)\n}\n\nfunction buf2Base64Url(buffer: ArrayBuffer) {\n\tconst ie11SafeInput = new Uint8Array(buffer)\n\tlet binary = ''\n\tfor (let i = 0; i < ie11SafeInput.byteLength; ++i) {\n\t\tbinary += String.fromCharCode(ie11SafeInput[i])\n\t}\n\tconst base64 = window.btoa(binary)\n\tconst charMapping: StrDict = { '+': '-', '/': '_', '=': '' }\n\treturn base64.replace(/[+/=]/g, (ch: string) => charMapping[ch])\n}\n\nexport async function genPKCEPair(algorithm = 'SHA-256') {\n\t// 规定最少 43 个字符\n\tconst codeVerifier = createRandomString(43)\n\tconst hash = await getCryptoSubtle().digest(\n\t\talgorithm,\n\t\tstring2Buf(codeVerifier)\n\t)\n\tconst codeChallenge = buf2Base64Url(hash)\n\treturn { codeChallenge, codeVerifier }\n}\n\nexport function domainC14n(domain: string) {\n\tconst domainExp = /^(((?:http)|(?:https)):\\/\\/)?((?:[\\w-_]+)(?:\\.[\\w-_]+)+)(?:\\/.*)?$/\n\tconst matchRes = domainExp.exec(domain)\n\tif (matchRes && matchRes[3]) {\n\t\treturn `${matchRes[1] ?? 'https://'}${matchRes[3]}`\n\t}\n\tthrow Error(`无效的域名配置: ${domain}`)\n}\n\nexport function parseToken(token: string) {\n\tlet [header, body, sig] = token.split('.')\n\tif (!sig) {\n\t\tthrow new Error('无效的 Token 格式')\n\t}\n\n\tconst headerObj = JSON.parse(window.atob(header))\n\tif (headerObj.enc) {\n\t\tthrow new Error(\n\t\t\t'本 SDK 目前不支持处理加密 Token, 请在应用配置中关闭「ID Token 加密」功能'\n\t\t)\n\t}\n\n\tbody = body.replace(/-/g, '+').replace(/_/g, '/')\n\tbody = decodeURIComponent(\n\t\twindow\n\t\t\t.atob(body)\n\t\t\t.split('')\n\t\t\t.map(function (c) {\n\t\t\t\treturn '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)\n\t\t\t})\n\t\t\t.join('')\n\t)\n\n\treturn {\n\t\theader: headerObj,\n\t\tbody: JSON.parse(body)\n\t}\n}\n\nexport function isIE() {\n\tif (\n\t\twindow.navigator.userAgent.indexOf('MSIE') >= 1 ||\n (window.navigator.userAgent.indexOf('Trident') >= 1 &&\n window.navigator.userAgent.indexOf('rv') >= 1) ||\n window.navigator.userAgent.indexOf('Edge') >= 1\n\t) {\n\t\treturn true\n\t}\n\n\treturn false\n}\n","import { axiosGet, axiosPost } from './axios'\nimport {\n\tDEFAULT_IFRAME_LOGINSTATE_TIMEOUT,\n\tDEFAULT_POPUP_HEIGHT,\n\tDEFAULT_POPUP_WIDTH,\n\tDEFAULT_SCOPE,\n\tMSG_CROSS_ORIGIN_ISOLATED,\n\tMSG_PENDING_AUTHZ\n} from './constants'\nimport {\n\tAuthingSPAInitOptions,\n\tLoginState,\n\tIDToken,\n\tAccessToken,\n\tLoginTransaction,\n\tAuthzURLParams,\n\tOIDCWebMessageResponse,\n\tPKCETokenParams,\n\tOIDCTokenResponse,\n\tLoginStateWithCustomStateData,\n\tLogoutURLParams,\n\tIUserInfo,\n\tNormalError\n} from './global'\nimport { InMemoryStorageProvider } from './storage/InMemoryStorgeProvider'\nimport { StorageProvider } from './storage/interface'\nimport { LocalStorageProvider } from './storage/LocalStorageProvider'\nimport { NullStorageProvider } from './storage/NullStorageProvider'\nimport { SessionStorageProvider } from './storage/SessionStorageProvider'\nimport { EncryptType, MsgListener, PassCodeLoginOptions, PasswordLoginOptions, StrDict } from './types'\nimport {\n\tcreateQueryParams,\n\tcreateRandomString,\n\tdomainC14n,\n\tgenPKCEPair,\n\tgetCrypto,\n\tgetCryptoSubtle,\n\tisIE,\n\tloginStateKey,\n\tparseToken,\n\ttransactionKey\n} from './utils'\n\nexport class Authing {\n\tprivate globalMsgListener: MsgListener | null | undefined\n\n\tprivate readonly options: Required<AuthingSPAInitOptions>\n\tprivate readonly loginStateProvider: StorageProvider<LoginState>\n\tprivate readonly transactionProvider: StorageProvider<LoginTransaction>\n\tprivate readonly domain: string\n\n\tconstructor(options: AuthingSPAInitOptions) {\n\t\tthis.options = options as any\n\t\tthis.domain = domainC14n(this.options.domain)\n\n\t\tif (!options.useImplicitMode && (!getCrypto() || !getCryptoSubtle())) {\n\t\t\tthrow new Error(\n\t\t\t\t'PKCE 模式需要浏览器 crypto 能力, 请确保浏览器处于 https 域名下,或设置 useImplicitMode 为 true'\n\t\t\t)\n\t\t}\n\n\t\tif (typeof localStorage === 'object') {\n\t\t\tthis.loginStateProvider = new LocalStorageProvider()\n\t\t} else {\n\t\t\tconsole.warn('您的浏览器版本过低,登录态存储功能将不可用')\n\t\t\tthis.loginStateProvider = new InMemoryStorageProvider()\n\t\t}\n\n\t\tif (typeof sessionStorage === 'object') {\n\t\t\tthis.transactionProvider = new SessionStorageProvider()\n\t\t} else {\n\t\t\tif (!options.useImplicitMode) {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t'您的浏览器版本过低,PKCE 重定向认证功能将不可用,请设置 useImplicitMode 为 true'\n\t\t\t\t)\n\t\t\t}\n\t\t\tthis.transactionProvider = new NullStorageProvider()\n\t\t}\n\n\t\toptions.implicitResponseType =\n options.implicitResponseType ?? 'id_token token'\n\t\toptions.redirectResponseMode = options.redirectResponseMode ?? 'fragment'\n\t\toptions.popupWidth = options.popupWidth ?? DEFAULT_POPUP_WIDTH\n\t\toptions.popupHeight = options.popupHeight ?? DEFAULT_POPUP_HEIGHT\n\t\toptions.scope = options.scope ?? DEFAULT_SCOPE\n\t}\n\n\tasync getLoginStateWithRedirect() {\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tconst redirectUri = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode || 'query',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 按顺序用以下方式获取用户登录态:\n *\n * 1. 本地缓存获取\n * 2. 隐藏 iframe 获取\n *\n * @param options.ignoreCache 忽略本地缓存\n */\n\tasync getLoginState(\n\t\toptions: {\n ignoreCache?: boolean\n } = {}\n\t): Promise<null | LoginState> {\n\t\t// 1. 从 loginStateProvider 中(默认为 localStorage)获取\n\t\tif (!options.ignoreCache) {\n\t\t\tconst state = await this.loginStateProvider.get(\n\t\t\t\tloginStateKey(this.options.appId)\n\t\t\t)\n\t\t\tif (state && state.expireAt && state.expireAt > Date.now()) {\n\t\t\t\tif (!this.options.introspectAccessToken || !state.accessToken) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\n\t\t\t\tconst { data } = await axiosPost(\n\t\t\t\t\t`${this.domain}/oidc/token/introspection`,\n\t\t\t\t\tcreateQueryParams({\n\t\t\t\t\t\tclient_id: this.options.appId,\n\t\t\t\t\t\ttoken: state.accessToken\n\t\t\t\t\t}),\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t)\n\n\t\t\t\tif (data.active === true) {\n\t\t\t\t\treturn state\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\t// 2. 用隐藏 iframe 获取\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tconsole.warn('当前页面运行在隔离模式下,无法获取登录态')\n\t\t\treturn null\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\t\tlet codeVerifier: string | undefined\n\t\tconst redirectUrl = this.options.redirectUri ?? window.location.origin\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUrl,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tprompt: 'none',\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst iframe = document.createElement('iframe')\n\t\t// iframe.title = 'postMessage() Initiator';\n\t\tiframe.hidden = true\n\t\tiframe.width = iframe.height = '0'\n\n\t\tiframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tif (isIE()) {\n\t\t\tdocument.body.appendChild(iframe)\n\t\t} else {\n\t\t\tdocument.body.append(iframe)\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve =>\n\t\t\t\tsetTimeout(() => resolve(null), DEFAULT_IFRAME_LOGINSTATE_TIMEOUT)\n\t\t\t)\n\t\t])\n\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tiframe.remove()\n\n\t\tif (res === null) {\n\t\t\tconsole.warn('登录态获取超时')\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tif (res.error !== 'login_required') {\n\t\t\t\tconsole.warn(\n\t\t\t\t\t`登录态获取失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t\t)\n\t\t\t} else {\n\t\t\t\tconsole.warn('用户未登录')\n\t\t\t}\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUrl, codeVerifier)\n\t}\n\n\t/**\n * 将用户重定向到 Authing 认证端点进行登录,需要配合 handleRedirectCallback 使用\n *\n * @param options.redirectUri 回调地址,默认为初始化参数中的 redirectUri\n * @param options.originalUri 发起登录的 URL,若设置了 redirectToOriginalUri 会在登录结束后重定向回到此页面,默认为当前 URL\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n * @param options.customState 自定义的中间状态,会被传递到回调端点\n */\n\tasync loginWithRedirect(\n\t\toptions: {\n redirectUri?: string\n originalUri?: string\n forced?: boolean\n customState?: any\n login_page_context?: string\n } = {}\n\t): Promise<void> {\n\t\tconst redirectUri = options.redirectUri || this.options.redirectUri\n\t\tif (!redirectUri) {\n\t\t\tthrow new Error('必须设置 redirect_uri')\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: this.options.redirectResponseMode,\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\tscope: this.options.scope,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\t...(options.login_page_context && {\n\t\t\t\tlogin_page_context: options.login_page_context\n\t\t\t})\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t\tcodeVerifier = v\n\t\t}\n\n\t\tawait this.transactionProvider.put(\n\t\t\ttransactionKey(this.options.appId, state),\n\t\t\t{\n\t\t\t\tcodeVerifier,\n\t\t\t\tstate,\n\t\t\t\tredirectUri,\n\t\t\t\tnonce,\n\t\t\t\t...(this.options.redirectToOriginalUri && {\n\t\t\t\t\toriginalUri: options.originalUri ?? window.location.href\n\t\t\t\t}),\n\t\t\t\t...(options.customState !== undefined && {\n\t\t\t\t\tcustomState: options.customState\n\t\t\t\t})\n\t\t\t}\n\t\t)\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\t)\n\t}\n\n\t/**\n * 判断当前 URL 是否为 Authing 登录回调 URL\n */\n\tisRedirectCallback(): boolean {\n\t\tconst params = this.resolveCallbackParams()\n\n\t\tif (!params) {\n\t\t\treturn false\n\t\t}\n\n\t\tif (params['error']) {\n\t\t\treturn true\n\t\t}\n\n\t\tif (this.options.useImplicitMode) {\n\t\t\treturn !!(params['access_token'] || params['id_token'])\n\t\t} else {\n\t\t\treturn !!params['code']\n\t\t}\n\t}\n\n\t/**\n * 在回调端点处理 Authing 发送的授权码或 token,获取用户登录态\n */\n\tasync handleRedirectCallback(): Promise<LoginStateWithCustomStateData> {\n\t\tconst paramDict = this.resolveCallbackParams()\n\t\tif (!paramDict) {\n\t\t\tthrow new Error('非法的回调 URL')\n\t\t}\n\n\t\tif (paramDict.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`认证失败, error=${paramDict.error}, error_description=${paramDict.error_description}`\n\t\t\t)\n\t\t}\n\n\t\tlet originalUri: string | undefined\n\t\tlet customState: any\n\n\t\tconst { state } = paramDict\n\t\tif (!state) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 state')\n\t\t}\n\t\tconst tx = await this.transactionProvider.get(\n\t\t\ttransactionKey(this.options.appId, state)\n\t\t)\n\t\tif (tx) {\n\t\t\tawait this.transactionProvider.delete(\n\t\t\t\ttransactionKey(this.options.appId, state)\n\t\t\t)\n\n\t\t\tif (tx.state !== state) {\n\t\t\t\tthrow new Error('state 验证失败')\n\t\t\t}\n\n\t\t\toriginalUri = tx.originalUri\n\t\t\tcustomState = tx.customState\n\t\t\tif (!this.options.useImplicitMode) {\n\t\t\t\t// PKCE code flow\n\t\t\t\tconst { code } = paramDict\n\t\t\t\tif (!code) {\n\t\t\t\t\tthrow new Error('非法的回调 URL: 缺少 code')\n\t\t\t\t}\n\t\t\t\tconst res = await this.exchangeToken(\n\t\t\t\t\tcode,\n\t\t\t\t\ttx.redirectUri,\n tx.codeVerifier as string,\n tx.nonce\n\t\t\t\t)\n\n\t\t\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\t\t\twindow.location.replace(originalUri)\n\t\t\t\t}\n\n\t\t\t\treturn res\n\t\t\t}\n\t\t} else if (!this.options.useImplicitMode) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取登录流程会话失败, 请确认是否重复访问了回调端点,以及浏览器是否支持 sessionStorage'\n\t\t\t)\n\t\t}\n\t\t// implicit flow\n\t\tconst idToken = paramDict.id_token\n\t\tconst accessToken = paramDict.access_token\n\t\t// implict 模式没有refresh_token\n\t\t// https://docs.authing.cn/v2/concepts/oidc/choose-flow.html#%E9%9A%90%E5%BC%8F%E6%A8%A1%E5%BC%8F\n\t\t// const refreshToken = paramDict.refresh_token\n\t\tconst nonce = tx?.nonce\n\n\t\tif (\n\t\t\t(this.options.implicitResponseType.includes('token') && !accessToken) ||\n (this.options.implicitResponseType.includes('id_token') && !idToken)\n\t\t) {\n\t\t\tthrow new Error('非法的回调 URL: 缺少 token')\n\t\t}\n\n\t\tconst result = await this.saveLoginState({\n\t\t\tidToken,\n\t\t\taccessToken,\n\t\t\tnonce\n\t\t})\n\n\t\tif (this.options.redirectToOriginalUri && originalUri) {\n\t\t\twindow.location.replace(originalUri)\n\t\t}\n\n\t\treturn { ...result, customState }\n\n\t}\n\n\t/**\n * 弹出一个新的 Authing 登录页面窗口,在其中完成登录\n *\n * @param options.redirectUri 回调地址,需要和当前页面在 same origin 下;默认为初始化参数中的 redirectUri 或 window.location.origin\n * @param options.forced 即使在用户已登录时也提示用户再次登录\n */\n\tasync loginWithPopup(\n\t\toptions: { redirectUri?: string; forced?: boolean } = {}\n\t): Promise<LoginState | null> {\n\t\tconst redirectUri =\n options.redirectUri || this.options.redirectUri || window.location.origin\n\n\t\tif (this.globalMsgListener !== undefined) {\n\t\t\tthrow new Error(MSG_PENDING_AUTHZ)\n\t\t}\n\t\tthis.globalMsgListener = null\n\n\t\tif (window.crossOriginIsolated) {\n\t\t\t// 如果是 crossOriginIsolated 就发不了 postMessage 了\n\t\t\tthrow new Error(MSG_CROSS_ORIGIN_ISOLATED)\n\t\t}\n\n\t\tconst state = createRandomString(16)\n\t\tconst nonce = createRandomString(16)\n\n\t\tconst params: AuthzURLParams = {\n\t\t\tredirect_uri: redirectUri,\n\t\t\tresponse_mode: 'web_message',\n\t\t\tresponse_type: this.options.useImplicitMode\n\t\t\t\t? this.options.implicitResponseType\n\t\t\t\t: 'code',\n\t\t\tclient_id: this.options.appId,\n\t\t\tstate,\n\t\t\tnonce,\n\t\t\t...(options.forced && { prompt: 'login' }),\n\t\t\tscope: this.options.scope\n\t\t}\n\n\t\tlet codeVerifier: string | undefined\n\t\tif (!this.options.useImplicitMode) {\n\t\t\tconst { codeChallenge, codeVerifier: v } = await genPKCEPair()\n\t\t\tcodeVerifier = v\n\t\t\tparams.code_challenge = codeChallenge\n\t\t\tparams.code_challenge_method = 'S256'\n\t\t}\n\n\t\tconst url = `${this.domain}/oidc/auth?${createQueryParams(params)}`\n\t\tconst win = window.open(\n\t\t\turl,\n\t\t\t'authing-spa-login-window',\n\t\t\t`popup,width=${this.options.popupWidth},height=${this.options.popupHeight}`\n\t\t)\n\t\tif (!win) {\n\t\t\tthrow new Error('弹出窗口失败')\n\t\t}\n\n\t\tconst res = await Promise.race([\n\t\t\tthis.listenToPostMessage(state),\n\t\t\tnew Promise<null>(resolve => {\n\t\t\t\tconst handle = setInterval(() => {\n\t\t\t\t\tif (win.closed) {\n\t\t\t\t\t\tclearInterval(handle)\n\t\t\t\t\t\t// 防止 post message 事件和 close 事件同时到达\n\t\t\t\t\t\tsetTimeout(() => resolve(null), 500)\n\t\t\t\t\t}\n\t\t\t\t}, 500)\n\t\t\t})\n\t\t])\n\t\tif (this.globalMsgListener) {\n\t\t\twindow.removeEventListener('message', this.globalMsgListener)\n\t\t}\n\t\tthis.globalMsgListener = undefined\n\n\t\tif (!res) {\n\t\t\t// 窗口被用户关闭了\n\t\t\treturn null\n\t\t}\n\n\t\tif (res.error) {\n\t\t\tthrow new Error(\n\t\t\t\t`登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`\n\t\t\t)\n\t\t}\n\n\t\tif (res.state !== state) {\n\t\t\tthrow new Error('state 验证失败')\n\t\t}\n\n\t\treturn this.handleOIDCWebMsgResponse(res, nonce, redirectUri, codeVerifier)\n\t}\n\n\t// /**\n\t// * 由于 iframe 存在跨域 cookie 无法携带以及联邦认证支持问题,暂时不支持本方法\n\t// *\n\t// * 在指定的 iframe 中显示 Authing 登录页面,在其中完成登录\n\t// *\n\t// * 注意: 当需要手动关闭 iframe 时,必须同时调用 abortIframeLogin 方法\n\t// *\n\t// * @param options.forced 即使在用户已登录时也提示用户再次登录\n\t// */\n\t/*\n async loginWithIframe(\n iframe: HTMLIFrameElement,\n options: { forced?: boolean } = {},\n ): Promise<LoginState> {\n if (this.globalMsgListener !== undefined) {\n throw new Error(MSG_PENDING_AUTHZ);\n }\n this.globalMsgListener = null;\n\n if (window.crossOriginIsolated) {\n // 如果是 crossOriginIsolated 就发不了 postMessage 了\n throw new Error(MSG_CROSS_ORIGIN_ISOLATED);\n }\n\n const state = createRandomString(16);\n const nonce = createRandomString(16);\n let codeVerifier: string | undefined;\n\n const params: AuthzURLParams = {\n redirect_uri: window.location.href,\n response_mode: 'web_message',\n response_type: this.options.useImplicitMode\n ? this.options.implicitResponseType\n : 'code',\n client_id: this.options.appId,\n state,\n nonce,\n ...(options.forced && { prompt: 'login' }),\n scope: this.options.scope,\n };\n\n if (!this.options.useImplicitMode) {\n const { codeChallenge, codeVerifier: v } = await genPKCEPair();\n codeVerifier = v;\n params.code_challenge = codeChallenge;\n params.code_challenge_method = 'S256';\n }\n\n iframe.src = `${this.domain}/oidc/auth?${createQueryParams(params)}`;\n\n const res = await this.listenToPostMessage(state);\n if (res.error) {\n throw new Error(\n `登录失败,认证服务器返回错误: error=${res.error}, error_description=${res.errorDesc}`,\n );\n }\n\n if (res.state !== state) {\n throw new Error('state 验证失败');\n }\n\n return this.handleSuccessfulOIDCResponse(\n res,\n window.location.href,\n codeVerifier,\n );\n }\n */\n\n\t/**\n * 手动中止 iframe 登录, 并移除 SDK 注册的事件监听器\n */\n\t/*\n abortIframeLogin(): void {\n if (this.globalMsgListener) {\n window.removeEventListener('message', this.globalMsgListener);\n }\n this.globalMsgListener = undefined;\n }\n */\n\n\t/**\n * 用 Access Token 获取用户身份信息\n *\n * @param options.accessToken Access Token,默认从登录态中获取\n */\n\tasync getUserInfo(\n\t\toptions: {\n accessToken?: string\n } = {}\n\t): Promise<IUserInfo | NormalError> {\n\t\tconst accessToken =\n options.accessToken ?? (await this.getLoginState())?.accessToken\n\t\tif (!accessToken) {\n\t\t\tthrow new Error('access token 不存在,请重新登录')\n\t\t}\n\n\t\tconst { data } = await axiosGet(`${this.domain}/api/v3/get-profile`, {\n\t\t\theaders: {\n\t\t\t\tAuthorization: `Bearer ${accessToken}`,\n\t\t\t\t'x-authing-userpool-id': this.options.userPoolId\n\t\t\t}\n\t\t})\n\n\t\tif (data.data) {\n\t\t\treturn data.data as IUserInfo\n\t\t}\n\n\t\treturn {\n\t\t\tapiCode: data.apiCode,\n\t\t\tmessage: data.message,\n\t\t\tstatusCode: data.statusCode\n\t\t}\n\t}\n\n\t/**\n * 重定向到 Authing 的登出端点,完成登出操作\n *\n * @param options.redirectUri 登出完成后的回调地址,默认为初始化参数中的 logoutRedirectUri\n * @param options.state 自定义中间状态\n */\n\tasync logoutWithRedirect(\n\t\toptions: {\n redirectUri?: string | null\n state?: string\n } = {}\n\t): Promise<void> {\n\t\tconst loginState = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!loginState) {\n\t\t\treturn\n\t\t}\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\tconst params: LogoutURLParams = {\n\t\t\tid_token_hint: loginState.idToken\n\t\t}\n\n\t\tconst logoutRedirectUri =\n options.redirectUri ?? this.options.logoutRedirectUri\n\t\tif (logoutRedirectUri) {\n\t\t\tparams.post_logout_redirect_uri = logoutRedirectUri\n\t\t\tparams.state = options.state\n\t\t}\n\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\twindow.location.replace(\n\t\t\t`${this.domain}/oidc/session/end?${createQueryParams(params)}`\n\t\t)\n\t\treturn\n\t}\n\t/**\n *\n * 使用内部维护的 refresh_token 刷新 access_token、id_token\n *\n */\n\tasync refreshToken(): Promise<null | LoginState> {\n\t\tconst state = await this.loginStateProvider.get(\n\t\t\tloginStateKey(this.options.appId)\n\t\t)\n\t\tif (!state?.refreshToken) {\n\t\t\tthrow new Error(\n\t\t\t\t'获取 refresh_token 失败,请检查相关协议配置,是否开启 refresh_token 相关功能'\n\t\t\t)\n\t\t}\n\t\tconst data = {\n\t\t\tgrant_type: 'refresh_token',\n\t\t\tredirect_uri: '',\n\t\t\trefresh_token: state.refreshToken\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(data),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded',\n\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\t// 清掉旧的登录态\n\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token\n\t\t})\n\t}\n\n\tprivate async listenToPostMessage(state: string) {\n\t\treturn new Promise<OIDCWebMessageResponse>((resolve, reject) => {\n\t\t\tconst msgEventListener = (msgEvent: MessageEvent) => {\n\t\t\t\tif (\n\t\t\t\t\tmsgEvent.origin !== this.domain ||\n msgEvent.data?.type !== 'authorization_response'\n\t\t\t\t) {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\twindow.removeEventListener('message', msgEventListener)\n\t\t\t\tthis.globalMsgListener = undefined\n\n\t\t\t\tconst { response } = msgEvent.data\n\t\t\t\tif (!response || response.state !== state) {\n\t\t\t\t\treturn reject(new Error('非法的服务端返回值'))\n\t\t\t\t}\n\n\t\t\t\tif (response.error) {\n\t\t\t\t\treturn resolve({\n\t\t\t\t\t\terror: response.error,\n\t\t\t\t\t\terrorDesc: response.error_description\n\t\t\t\t\t})\n\t\t\t\t}\n\n\t\t\t\treturn resolve({\n\t\t\t\t\taccessToken: response.access_token,\n\t\t\t\t\tidToken: response.id_token,\n\t\t\t\t\trefreshToken: response.refresh_token,\n\t\t\t\t\tcode: response.code,\n\t\t\t\t\tstate: response.state\n\t\t\t\t})\n\t\t\t}\n\n\t\t\tthis.globalMsgListener = msgEventListener\n\t\t\twindow.addEventListener('message', msgEventListener)\n\t\t})\n\t}\n\n\tprivate async saveLoginState(params: {\n accessToken?: string\n idToken?: string\n refreshToken?: string\n nonce?: string\n }) {\n\t\tconst { accessToken, idToken, refreshToken } = params\n\t\tconst loginState: LoginState = {\n\t\t\taccessToken: accessToken,\n\t\t\tidToken: idToken,\n\t\t\trefreshToken: refreshToken,\n\t\t\ttimestamp: Date.now()\n\t\t}\n\n\t\tif (idToken) {\n\t\t\tconst parsedIdToken: IDToken = parseToken(idToken).body\n\t\t\tloginState.parsedIdToken = parsedIdToken\n\t\t\tloginState.expireAt = parsedIdToken.exp * 1000\n\n\t\t\tif (params.nonce && parsedIdToken.nonce !== params.nonce) {\n\t\t\t\tthrow new Error('nonce 验证失败')\n\t\t\t}\n\t\t}\n\n\t\tif (accessToken) {\n\t\t\tconst parsedAccessToken: AccessToken = parseToken(accessToken).body\n\t\t\tloginState.parsedAccessToken = parsedAccessToken\n\t\t\tloginState.expireAt = parsedAccessToken.exp * 1000\n\t\t}\n\n\t\tawait this.loginStateProvider.put(\n\t\t\tloginStateKey(this.options.appId),\n\t\t\tloginState\n\t\t)\n\t\treturn loginState\n\t}\n\n\tprivate async exchangeToken(\n\t\tcode: string,\n\t\tredirectUri: string,\n\t\tcodeVerifier: string,\n\t\tnonce: string\n\t) {\n\t\tconst tokenParam: PKCETokenParams = {\n\t\t\tgrant_type: 'authorization_code',\n\t\t\tcode,\n\t\t\tcode_verifier: codeVerifier as string,\n\t\t\tclient_id: this.options.appId,\n\t\t\tredirect_uri: redirectUri\n\t\t}\n\n\t\tconst { data: tokenRes } = (await axiosPost(\n\t\t\t`${this.domain}/oidc/token`,\n\t\t\tcreateQueryParams(tokenParam),\n\t\t\t{\n\t\t\t\theaders: {\n\t\t\t\t\t'Content-Type': 'application/x-www-form-urlencoded'\n\t\t\t\t}\n\t\t\t}\n\t\t)) as { data: OIDCTokenResponse }\n\n\t\treturn this.saveLoginState({\n\t\t\tidToken: tokenRes.id_token,\n\t\t\taccessToken: tokenRes.access_token,\n\t\t\trefreshToken: tokenRes.refresh_token,\n\t\t\tnonce\n\t\t})\n\t}\n\n\tprivate async handleOIDCWebMsgResponse(\n\t\tres: OIDCWebMessageResponse,\n\t\tnonce: string,\n\t\t// 只有 PKCE 会用下面两个参数\n\t\tredirectUri?: string,\n\t\tcodeVerifier?: string\n\t) {\n\t\tif (this.options.useImplicitMode) {\n\t\t\t// implicit flow\n\t\t\tif (\n\t\t\t\t(this.options.implicitResponseType.includes('token') &&\n typeof res.accessToken !== 'string') ||\n (this.options.implicitResponseType.includes('id_token') &&\n typeof res.idToken !== 'string')\n\t\t\t) {\n\t\t\t\tthrow new Error('无效的 Token 返回值')\n\t\t\t}\n\n\t\t\treturn this.saveLoginState({\n\t\t\t\taccessToken: res.accessToken,\n\t\t\t\tidToken: res.idToken,\n\t\t\t\trefreshToken: res.refreshToken,\n\t\t\t\tnonce\n\t\t\t})\n\t\t}\n\n\t\t// PKCE code flow\n\t\tif (typeof res.code !== 'string') {\n\t\t\tthrow new Error('无效的 Code 返回值')\n\t\t}\n\n\t\tif (!redirectUri || !codeVerifier) {\n\t\t\t// should never happen\n\t\t\tthrow new Error()\n\t\t}\n\n\t\treturn this.exchangeToken(res.code, redirectUri, codeVerifier, nonce)\n\t}\n\n\tprivate resolveCallbackParams() {\n\t\tconst paramSource: string =\n this.options.redirectResponseMode === 'fragment'\n \t? window.location.hash\n \t: window.location.search\n\t\tif (!paramSource) {\n\t\t\treturn null\n\t\t}\n\n\t\tconst paramDict: StrDict = Object.create(null)\n\t\tparamSource\n\t\t\t.substring(1)\n\t\t\t.split('&')\n\t\t\t.forEach(item => {\n\t\t\t\tconst [key, val] = item.split('=')\n\t\t\t\tparamDict[key] = val\n\t\t\t})\n\n\t\treturn paramDict\n\t}\n\n\n\n\tprivate async login(\n\t\tdata: | PasswordLoginOptions\n | PassCodeLoginOptions,\n\t\ttype: string\n\t): Promise<LoginState> {\n\t\tconst urlMap: Record<string, string> = {\n\t\t\tcode: '/api/v3/signin-by-mobile',\n\t\t\tphone: '/api/v3/signin-by-mobile',\n\t\t\tpassword: '/api/v3/signin',\n\t\t\tpassCode: '/api/v3/signin'\n\t\t}\n\t\ttry {\n\t\t\tconst {data:response} = await axiosPost(\n\t\t\t\tthis.domain + urlMap[type],\n\t\t\t\tdata,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t'x-authing-app-id': this.options.appId\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t)\n\t\t\tif (response.data?.access_token || response.data?.id_token) {\n\t\t\t\tconst loginState = await this.saveLoginState({\n\t\t\t\t\taccessToken: response.data?.access_token,\n\t\t\t\t\tidToken: response.data?.id_token,\n\t\t\t\t\trefreshToken: response.data?.refresh_token,\n\t\t\t\t\t...response.data\n\t\t\t\t})\n\t\t\t\treturn loginState\n\t\t\t} else {\n\t\t\t\tawait this.loginStateProvider.delete(loginStateKey(this.options.appId))\n\t\t\t\tthrow new Error(response)\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tthrow new Error('login error: ' + JSON.stringify(e))\n\t\t}\n\t}\n\n\n\tasync getPublicKey(encryptType: EncryptType): Promise<string> {\n\t\ttry {\n\t\t\tconst { data }= await axiosGet(`${this.domain}/api/v3/system`)\n\n\t\t\treturn data?.[encryptType]?.publicKey\n\t\t} catch (e) {\n\t\t\tthrow new Error('get public key error: ' + JSON.stringify(e))\n\t\t}\n\t}\n\n\tasync loginByEmail(\n\t\tdata: PasswordLoginOptions\n\t): Promise<LoginState> {\n\n\t\tif (\n\t\t\tdata.options?.passwordEncryptType &&\n data.options?.passwordEncryptType !== 'none'\n\t\t) {\n\t\t\tif (!this.options.encryptFunction) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'encrypFunction is required, if passwordEncryptType is not \"none\"'\n\t\t\t\t)\n\t\t\t}\n\n\t\t\tconst publicKey = await this.getPublicKey(\n\t\t\t\tdata.options.passwordEncryptType\n\t\t\t)\n\n\t\t\tif (typeof publicKey !== 'string') {\n\t\t\t\tthrow new Error(`publicKey of ${data.options.passwordEncryptType} is not a string, please contact the administrator` )\n\t\t\t}\n\n\t\t\tdata.passwordPayload.password = this.options.encryptFunction(\n\t\t\t\tdata.passwordPayload.password,\n\t\t\t\tpublicKey\n\t\t\t)\n\t\t}\n\n\t\tconst _data: PasswordLoginOptions = {\n\t\t\t...data,\n\t\t\tconnection: 'PASSWORD'\n\t\t}\n\t\treturn await this.login(_data, 'password')\n\t}\n\n}\n"],"names":["axiosPromiseWrapper","p","_d","e_1","isAxiosError","_b","response","_a","data","error","_c","error_description","Error","concat","axiosGet","url","options","_options","mergeOptions","axios","get","axiosPost","post","Object","assign","headers","STORAGE_KEY_PREFIX","MSG_PENDING_AUTHZ","InMemoryStorageProvider","this","storage","create","prototype","key","put","value","delete","LocalStorageProvider","jsonItem","localStorage","getItem","JSON","parse","setItem","stringify","removeItem","NullStorageProvider","SessionStorageProvider","sessionStorage","createQueryParams","params","keys","filter","k","undefined","map","encodeURIComponent","join","loginStateKey","appId","transactionKey","state","getCrypto","window","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","length","charset","Array","from","getRandomValues","Uint8Array","v","string2Buf","str","buffer","i","push","charCodeAt","genPKCEPair","algorithm","codeVerifier","digest","hash","sent","codeChallenge","ie11SafeInput","binary","byteLength","String","fromCharCode","base64","btoa","charMapping","replace","ch","buf2Base64Url","parseToken","token","split","header","body","headerObj","atob","enc","decodeURIComponent","c","toString","slice","Authing","domain","matchRes","exec","domainC14n","useImplicitMode","loginStateProvider","console","warn","transactionProvider","implicitResponseType","redirectResponseMode","popupWidth","popupHeight","scope","_e","getLoginStateWithRedirect","nonce","redirectUri","location","origin","redirect_uri","response_mode","response_type","client_id","code_challenge","code_challenge_method","getLoginState","ignoreCache","state_1","expireAt","Date","now","introspectAccessToken","accessToken","active","globalMsgListener","crossOriginIsolated","redirectUrl","prompt","iframe","document","createElement","hidden","width","height","src","navigator","userAgent","indexOf","appendChild","append","Promise","race","listenToPostMessage","resolve","setTimeout","res","removeEventListener","remove","errorDesc","handleOIDCWebMsgResponse","loginWithRedirect","forced","login_page_context","__assign","redirectToOriginalUri","originalUri","href","customState","isRedirectCallback","resolveCallbackParams","handleRedirectCallback","paramDict","tx","code","exchangeToken","idToken","id_token","access_token","includes","saveLoginState","result","loginWithPopup","win","open","handle","setInterval","closed","clearInterval","getUserInfo","Authorization","userPoolId","apiCode","message","statusCode","logoutWithRedirect","loginState","id_token_hint","logoutRedirectUri","post_logout_redirect_uri","refreshToken","grant_type","refresh_token","tokenRes","reject","msgEventListener","msgEvent","_this","type","addEventListener","timestamp","parsedIdToken","exp","parsedAccessToken","tokenParam","code_verifier","paramSource","search","substring","forEach","item","val","login","urlMap","phone","password","passCode","_f","getPublicKey","encryptType","publicKey","e_2","loginByEmail","passwordEncryptType","encryptFunction","passwordPayload","_data","connection"],"mappings":"u4DAQA,SAAeA,EAAoBC,iHAE1B,6BAAA,CAAA,EAAMA,GAAb,KAAA,EAAA,MAAA,CAAA,EAAOC,iBAEP,cAAiBC,EAPTC,eAQwB,QAA3BC,EAAa,UAAZF,EAAEG,gBAAU,IAAAC,OAAA,EAAAA,EAAAC,YAAc,IAAAH,OAAA,EAAAA,EAAAI,OAG9B,MADMC,EAA+BP,EAAEG,SAAUE,KAAzCC,EAAKC,EAAAD,MAAEE,EAAiBD,EAAAC,kBAC1B,IAAIC,MAAM,aAAAC,OAAaJ,EAAU,MAAAI,OAAAF,IAGzC,MAAMR,yBAEP,CAEqB,SAAAW,EACrBC,EACAC,4EAGA,OADMC,EAAWC,EAAaF,GACvB,CAAA,EAAAhB,EAAoBmB,EAAK,QAACC,IAAIL,EAAKE,UAC1C,UAEqBI,EACrBN,EACAP,EACAQ,4EAGA,OADMC,EAAWC,EAAaF,GAC9B,CAAA,EAAOhB,EAAoBmB,UAAMG,KAAKP,EAAKP,EAAMS,UACjD,CAED,SAASC,EAAcF,GAQtB,OAPiBO,OAAOC,OAAO,CAAA,EAAIR,GAAW,CAAA,EAAI,CACjDS,eACIT,aAAO,EAAPA,EAASS,SACZ,CAAA,yBAA0B,UAC1B,oCAIH,CCjDO,IAGMC,EAAqB,UAHJ,cAGqB,KAAAb,OAFpB,KAWlBc,EACX,2BCVFC,EAAA,WAAA,SAAAA,IACkBC,KAAAC,QAAUP,OAAOQ,OAAO,KAazC,CAAD,OAXCH,EAAGI,UAAAZ,IAAH,SAAIa,SACH,OAA4B,QAArB1B,EAAAsB,KAAKC,QAAQG,UAAQ,IAAA1B,EAAAA,EAAA,MAG7BqB,EAAAI,UAAAE,IAAA,SAAID,EAAaE,GAChBN,KAAKC,QAAQG,GAAOE,GAGrBP,EAAMI,UAAAI,OAAN,SAAOH,UACCJ,KAAKC,QAAQG,IAErBL,CAAD,ICdAS,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGL,UAAAZ,IAAH,SAAIa,GACH,IAAMK,EAAWC,aAAaC,QAAQP,GACtC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBD,EAAAL,UAAAE,IAAA,SAAID,EAAaE,GAChBI,aAAaI,QAAQV,EAAKQ,KAAKG,UAAUT,KAG1CE,EAAML,UAAAI,OAAN,SAAOH,GACNM,aAAaM,WAAWZ,IAEzBI,CAAD,IChBAS,EAAA,WAAA,SAAAA,IAYC,CAAD,OAXCA,EAAAd,UAAAZ,IAAA,WACC,OAAO,MAGR0B,EAAAd,UAAAE,IAAA,aAIAY,EAAAd,UAAAI,OAAA,aAGAU,CAAD,ICZAC,EAAA,WAAA,SAAAA,IAgBC,CAAD,OAfCA,EAAGf,UAAAZ,IAAH,SAAIa,GACH,IAAMK,EAAWU,eAAeR,QAAQP,GACxC,OAAiB,OAAbK,EACI,KAEDG,KAAKC,MAAMJ,IAGnBS,EAAAf,UAAAE,IAAA,SAAID,EAAaE,GAChBa,eAAeL,QAAQV,EAAKQ,KAAKG,UAAUT,KAG5CY,EAAMf,UAAAI,OAAN,SAAOH,GACNe,eAAeH,WAAWZ,IAE3Bc,CAAD,IChBM,SAAUE,EAAkBC,GACjC,OAAO3B,OAAO4B,KAAKD,GACjBE,QAAO,SAAAC,GAAK,OAAc,OAAdH,EAAOG,SAA6BC,IAAdJ,EAAOG,EAAgB,IACzDE,KACA,SAAAF,GAAK,OAAAG,mBAAmBH,GAAK,IAAMG,mBAAmBN,EAAOG,GAAxD,IAELI,KAAK,IACR,CAEM,SAAUC,EAAcC,GAC7B,MAAO,CAACjC,EAAoBiC,EAAO,eAAeF,KAAK,IACxD,CAEgB,SAAAG,EAAeD,EAAeE,GAC7C,MAAO,CAACnC,EAAoBiC,EAAO,KAAME,GAAOJ,KAAK,IACtD,UAEgBK,IAEf,OAAQC,OAAOC,QAAWD,OAAeE,QAC1C,UAEgBC,IACf,IAAMF,EAASF,IAEf,OAAOE,EAAOG,QAAWH,EAAeI,YACzC,CAEM,SAAUC,EAAmBC,GAClC,IAAMC,EACH,iEAIH,OAHqBC,MAAMC,KAC1BX,IAAYY,gBAAgB,IAAIC,WAAWL,KAExBf,KAAI,SAAAqB,GAAK,OAAAL,EAAQK,EAAIL,EAAQD,OAAO,IAAEb,KAAK,GAChE,CAEM,SAAUoB,EAAWC,GAE1B,IADA,IAAMC,EAAmB,GAChBC,EAAI,EAAGA,EAAIF,EAAIR,SAAUU,EACjCD,EAAOE,KAAKH,EAAII,WAAWF,IAE5B,OAAO,IAAIL,WAAWI,EACvB,CAaM,SAAgBI,EAAYC,eAAA,IAAAA,IAAAA,EAAqB,sGAGzC,OADPC,EAAehB,EAAmB,IAC3B,CAAA,EAAMH,IAAkBoB,OACpCF,EACAP,EAAWQ,YAGZ,OALME,EAAOhF,EAGZiF,OAED,CAAA,EAAO,CAAEC,cAnBV,SAAuBV,GAGtB,IAFA,IAAMW,EAAgB,IAAIf,WAAWI,GACjCY,EAAS,GACJX,EAAI,EAAGA,EAAIU,EAAcE,aAAcZ,EAC/CW,GAAUE,OAAOC,aAAaJ,EAAcV,IAE7C,IAAMe,EAAShC,OAAOiC,KAAKL,GACrBM,EAAuB,CAAE,IAAK,IAAK,IAAK,IAAK,IAAK,IACxD,OAAOF,EAAOG,QAAQ,UAAU,SAACC,GAAe,OAAAF,EAAYE,EAAZ,GACjD,CASuBC,CAAcb,GACZF,aAAYA,UACpC,CAWK,SAAUgB,EAAWC,GACtB,IAAA/F,EAAsB+F,EAAMC,MAAM,KAAjCC,EAAMjG,EAAA,GAAEkG,EAAIlG,EAAA,GACjB,SACC,MAAM,IAAIK,MAAM,gBAGjB,IAAM8F,EAAYjE,KAAKC,MAAMqB,OAAO4C,KAAKH,IACzC,GAAIE,EAAUE,IACb,MAAM,IAAIhG,MACT,mDAeF,OAXA6F,EAAOA,EAAKP,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC7CO,EAAOI,mBACN9C,OACE4C,KAAKF,GACLF,MAAM,IACNhD,KAAI,SAAUuD,GACd,MAAO,KAAO,KAAOA,EAAE5B,WAAW,GAAG6B,SAAS,KAAKC,OAAO,EAC3D,IACCvD,KAAK,KAGD,CACN+C,OAAQE,EACRD,KAAMhE,KAAKC,MAAM+D,GAEnB,CChEA,IAAAQ,EAAA,WAQC,SAAAA,EAAYjG,iBAIX,GAHAa,KAAKb,QAAUA,EACfa,KAAKqF,ODiBD,SAAqBA,SAEpBC,EADY,qEACSC,KAAKF,GAChC,GAAIC,GAAYA,EAAS,GACxB,MAAO,GAAGtG,OAAW,QAAXN,EAAA4G,EAAS,UAAE,IAAA5G,EAAAA,EAAI,YAAUM,OAAGsG,EAAS,IAEhD,MAAMvG,MAAM,YAAAC,OAAYqG,GACzB,CCxBgBG,CAAWxF,KAAKb,QAAQkG,UAEjClG,EAAQsG,iBAAqBxD,KAAgBI,KACjD,MAAM,IAAItD,MACT,yEAI0B,iBAAjB2B,aACVV,KAAK0F,mBAAqB,IAAIlF,GAE9BmF,QAAQC,KAAK,yBACb5F,KAAK0F,mBAAqB,IAAI3F,GAGD,iBAAnBoB,eACVnB,KAAK6F,oBAAsB,IAAI3E,GAE1B/B,EAAQsG,iBACZE,QAAQC,KACP,yDAGF5F,KAAK6F,oBAAsB,IAAI5E,GAGhC9B,EAAQ2G,qBACwB,QAA5BpH,EAAAS,EAAQ2G,4BAAoB,IAAApH,EAAAA,EAAI,iBACpCS,EAAQ4G,qBAAuD,QAAhCvH,EAAAW,EAAQ4G,4BAAwB,IAAAvH,EAAAA,EAAA,WAC/DW,EAAQ6G,WAAmC,QAAtBnH,EAAAM,EAAQ6G,kBAAc,IAAAnH,EAAAA,EN3EV,IM4EjCM,EAAQ8G,YAAqC,QAAvB5H,EAAAc,EAAQ8G,mBAAe,IAAA5H,EAAAA,EN3EX,IM4ElCc,EAAQ+G,MAAyB,QAAjBC,EAAAhH,EAAQ+G,aAAS,IAAAC,EAAAA,EN1EN,gBM2E3B,CA43BF,OA13BOf,EAAAjF,UAAAiG,0BAAN,+HAkBK,OAjBEpE,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAC3B8D,EAAsC,QAAxB5H,EAAAsB,KAAKb,QAAQmH,mBAAW,IAAA5H,EAAAA,EAAIwD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAcH,EACdI,cAAe1G,KAAKb,QAAQ4G,sBAAwB,QACpDY,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKb,QAAQ+G,OAIhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKb,QAAQ2C,MAAOE,GACnC,CACCwB,aAAYA,EACZxB,MAAKA,EACLsE,YAAWA,EACXD,MAAKA,mBANPxH,EAAA8E,OAUAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,eAE/C,EAUK+D,EAAajF,UAAA4G,cAAnB,SACC5H,qBAAA,IAAAA,IAAAA,EAEQ,CAAA,gHAGJ,OAACA,EAAQ6H,YAAW,CAAA,EAAA,GACT,CAAA,EAAMhH,KAAK0F,mBAAmBnG,IAC3CsC,EAAc7B,KAAKb,QAAQ2C,gBAExB,OAHEmF,EAAQpI,EAEb8E,SACYsD,EAAMC,UAAYD,EAAMC,SAAWC,KAAKC,MAC/CpH,KAAKb,QAAQkI,uBAA0BJ,EAAMK,YAI3B,CAAA,EAAA9H,EACtB,GAAGR,OAAAgB,KAAKqF,OAAM,6BACdjE,EAAkB,CACjBwF,UAAW5G,KAAKb,QAAQ2C,MACxB2C,MAAOwC,EAAMK,cAEd,CACC1H,QAAS,CACR,eAAgB,wCAXlB,CAAA,EAAOqH,GAFiD,CAAA,EAAA,UAkBzD,IAAoB,IAbHpI,EAWhB8E,OAXWhF,KAaH4I,OACR,MAAA,CAAA,EAAON,oBAMV,MAAA,CAAA,EAAMjH,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAGhE,GAHAjD,EAAA8E,YAG+BlC,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIzI,MAAMe,GAIjB,OAFAE,KAAKwH,kBAAoB,KAErBtF,OAAOuF,qBAEV9B,QAAQC,KAAK,wBACb,CAAA,EAAO,QAGF5D,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BkF,EAAsC,QAAxBhJ,EAAAsB,KAAKb,QAAQmH,mBAAW,IAAA5H,EAAAA,EAAIwD,OAAOqE,SAASC,OAE1DnF,EAAyB,CAC9BoF,aAAciB,EACdhB,cAAe,cACfC,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLsB,OAAQ,OACRzB,MAAOlG,KAAKb,QAAQ+G,OAGhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,aAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAepB,OAZNc,EAASC,SAASC,cAAc,WAE/BC,QAAS,EAChBH,EAAOI,MAAQJ,EAAOK,OAAS,IAE/BL,EAAOM,IAAM,GAAAlJ,OAAGgB,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,IDvG3Da,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,GAC3CnG,OAAOiG,UAAUC,UAAUC,QAAQ,YAAc,GAChDnG,OAAOiG,UAAUC,UAAUC,QAAQ,OAAS,GAC9CnG,OAAOiG,UAAUC,UAAUC,QAAQ,SAAW,ECsG/CR,SAASjD,KAAK0D,YAAYV,GAE1BC,SAASjD,KAAK2D,OAAOX,GAGJ,CAAA,EAAAY,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,OAAAC,YAAW,WAAM,OAAAD,EAAQ,KAAR,GN3N4B,IM2N7C,cAWF,GAdME,EAAMhK,EAKV8E,OAEE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,EAEzBmG,EAAOmB,SAEK,OAARF,EAEH,OADAlD,QAAQC,KAAK,WACb,CAAA,EAAO,MAGR,GAAIiD,EAAIjK,MAQP,MAPkB,mBAAdiK,EAAIjK,MACP+G,QAAQC,KACP,4BAAA5G,OAA4B6J,EAAIjK,MAAK,wBAAAI,OAAuB6J,EAAIG,YAGjErD,QAAQC,KAAK,SAEd,CAAA,EAAO,MAGR,GAAIiD,EAAI7G,QAAUA,EACjB,MAAM,IAAIjD,MAAM,cAGjB,MAAA,CAAA,EAAOiB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOqB,EAAalE,UAC9D,EAUK4B,EAAiBjF,UAAA+I,kBAAvB,SACC/J,qBAAA,IAAAA,IAAAA,EAMQ,CAAA,0GAGR,KADMmH,EAAcnH,EAAQmH,aAAetG,KAAKb,QAAQmH,aAEvD,MAAM,IAAIvH,MAAM,qBAuBb,OApBEiD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,OACLoF,aAAcH,EACdI,cAAe1G,KAAKb,QAAQ4G,qBAC5BY,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,MAAKA,EACLH,MAAOlG,KAAKb,QAAQ+G,OAChB/G,EAAQgK,QAAU,CAAExB,OAAQ,UAC5BxI,EAAQiK,oBAAsB,CACjCA,mBAAoBjK,EAAQiK,qBAKzBpJ,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C9E,EAAqCK,SAAnC+E,EAAapF,EAAAoF,cAAgBb,EAACvE,EAAAgF,aACtCnC,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,OAC/BtD,EAAeT,YAGhB,KAAA,EAAA,MAAA,CAAA,EAAM/C,KAAK6F,oBAAoBxF,IAC9B0B,EAAe/B,KAAKb,QAAQ2C,MAAOE,GAAMqH,EAAAA,EAAA,CAExC7F,aAAYA,EACZxB,MAAKA,EACLsE,cACAD,MAAKA,GACDrG,KAAKb,QAAQmK,uBAAyB,CACzCC,oBAAa7K,EAAAS,EAAQoK,2BAAerH,OAAOqE,SAASiD,YAEzB/H,IAAxBtC,EAAQsK,aAA6B,CACxCA,YAAatK,EAAQsK,8BAXxB5K,EAAA8E,OAgBAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,eAAArG,OAAcoC,EAAkBC,eAE/C,EAKD+D,EAAAjF,UAAAuJ,mBAAA,WACC,IAAMrI,EAASrB,KAAK2J,wBAEpB,QAAKtI,MAIDA,EAAc,QAIdrB,KAAKb,QAAQsG,mBACNpE,EAAqB,eAAKA,EAAiB,YAE5CA,EAAa,QAOlB+D,EAAAjF,UAAAyJ,uBAAN,+HAEC,KADMC,EAAY7J,KAAK2J,yBAEtB,MAAM,IAAI5K,MAAM,aAGjB,GAAI8K,EAAUjL,MACb,MAAM,IAAIG,MACT,eAAAC,OAAe6K,EAAUjL,MAAK,wBAAAI,OAAuB6K,EAAU/K,oBAQjE,KADQkD,EAAU6H,EAAS7H,OAE1B,MAAM,IAAIjD,MAAM,uBAEN,MAAA,CAAA,EAAMiB,KAAK6F,oBAAoBtG,IACzCwC,EAAe/B,KAAKb,QAAQ2C,MAAOE,YAEhC,OAHE8H,EAAKpL,EAEViF,QAEA,CAAA,EAAM3D,KAAK6F,oBAAoBtF,OAC9BwB,EAAe/B,KAAKb,QAAQ2C,MAAOE,KAF/B,CAAA,EAAA,UAKL,GAJAtD,EAAAiF,OAIImG,EAAG9H,QAAUA,EAChB,MAAM,IAAIjD,MAAM,cAKb,GAFJwK,EAAcO,EAAGP,YACjBE,EAAcK,EAAGL,YACZzJ,KAAKb,QAAQsG,gBAAd,MAA6B,CAAA,EAAA,GAGhC,KADQsE,EAASF,EAASE,MAEzB,MAAM,IAAIhL,MAAM,sBAEL,MAAA,CAAA,EAAMiB,KAAKgK,cACtBD,EACAD,EAAGxD,YACEwD,EAAGtG,aACHsG,EAAGzD,eAOT,OAXMwC,EAAMnK,EAKXiF,OAEG3D,KAAKb,QAAQmK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAOV,6BAEF,IAAK7I,KAAKb,QAAQsG,gBACxB,MAAM,IAAI1G,MACT,wEAWF,GAPMkL,EAAUJ,EAAUK,SACpB5C,EAAcuC,EAAUM,aAIxB9D,EAAQyD,eAAAA,EAAIzD,MAGhBrG,KAAKb,QAAQ2G,qBAAqBsE,SAAS,WAAa9C,GACrDtH,KAAKb,QAAQ2G,qBAAqBsE,SAAS,cAAgBH,EAE/D,MAAM,IAAIlL,MAAM,uBAGF,MAAM,CAAA,EAAAiB,KAAKqK,eAAe,CACxCJ,QAAOA,EACP3C,YAAWA,EACXjB,MAAKA,YAON,OAVMiE,EAAS5L,EAIbiF,OAEE3D,KAAKb,QAAQmK,uBAAyBC,GACzCrH,OAAOqE,SAASlC,QAAQkF,GAGzB,CAAA,EAAAF,EAAAA,EAAA,CAAA,EAAYiB,GAAM,CAAEb,YAAWA,WAE/B,EAQKrE,EAAcjF,UAAAoK,eAApB,SACCpL,eAAA,IAAAA,IAAAA,EAAwD,CAAA,gHAKxD,GAHMmH,EACFnH,EAAQmH,aAAetG,KAAKb,QAAQmH,aAAepE,OAAOqE,SAASC,YAExC/E,IAA3BzB,KAAKwH,kBACR,MAAM,IAAIzI,MAAMe,GAIjB,GAFAE,KAAKwH,kBAAoB,KAErBtF,OAAOuF,oBAEV,MAAM,IAAI1I,MN1bX,kDM8cI,OAjBEiD,EAAQQ,EAAmB,IAC3B6D,EAAQ7D,EAAmB,IAE3BnB,EACLgI,EAAAA,EAAA,CAAA5C,aAAcH,EACdI,cAAe,cACfC,cAAe3G,KAAKb,QAAQsG,gBACzBzF,KAAKb,QAAQ2G,qBACb,OACHc,UAAW5G,KAAKb,QAAQ2C,MACxBE,MAAKA,EACLqE,SACIlH,EAAQgK,QAAU,CAAExB,OAAQ,UAChC,CAAAzB,MAAOlG,KAAKb,QAAQ+G,QAIhBlG,KAAKb,QAAQsG,gBAAe,CAAA,EAAA,GACiB,CAAA,EAAAnC,YAA3C5E,EAAqCF,SAAnCoF,EAAalF,EAAAkF,cAAgBb,EAACrE,EAAA8E,aACtCA,EAAeT,EACf1B,EAAOwF,eAAiBjD,EACxBvC,EAAOyF,sBAAwB,wBAShC,GANM5H,EAAM,GAAGF,OAAAgB,KAAKqF,OAAoB,eAAArG,OAAAoC,EAAkBC,MACpDmJ,EAAMtI,OAAOuI,KAClBvL,EACA,2BACA,eAAeF,OAAAgB,KAAKb,QAAQ6G,WAAU,YAAAhH,OAAWgB,KAAKb,QAAQ8G,eAG9D,MAAM,IAAIlH,MAAM,UAGL,MAAM,CAAA,EAAAyJ,QAAQC,KAAK,CAC9BzI,KAAK0I,oBAAoB1G,GACzB,IAAIwG,SAAc,SAAAG,GACjB,IAAM+B,EAASC,aAAY,WACtBH,EAAII,SACPC,cAAcH,GAEd9B,YAAW,WAAM,OAAAD,EAAQ,KAAK,GAAE,KAEjC,GAAE,IACJ,cAOD,GAjBME,EAAMrK,EAWVmF,OACE3D,KAAKwH,mBACRtF,OAAO4G,oBAAoB,UAAW9I,KAAKwH,mBAE5CxH,KAAKwH,uBAAoB/F,GAEpBoH,EAEJ,MAAA,CAAA,EAAO,MAGR,GAAIA,EAAIjK,MACP,MAAM,IAAIG,MACT,yBAAAC,OAAyB6J,EAAIjK,MAAK,wBAAAI,OAAuB6J,EAAIG,YAI/D,GAAIH,EAAI7G,QAAUA,EACjB,MAAM,IAAIjD,MAAM,cAGjB,MAAA,CAAA,EAAOiB,KAAKiJ,yBAAyBJ,EAAKxC,EAAOC,EAAa9C,UAC9D,EAwFK4B,EAAWjF,UAAA2K,YAAjB,SACC3L,uBAAA,IAAAA,IAAAA,EAEQ,CAAA,gGAGJ,OAAmB,QAAnBT,EAAAS,EAAQmI,mBAAW,IAAA5I,EAAA,CAAA,EAAA,eAAK,KAAA,EAAA,MAAA,CAAA,EAAMsB,KAAK+G,wBAAZlI,EAA4B,UAA3BR,EAAAsF,cAA2B,IAAAnF,OAAA,EAAAA,EAAE8I,6BACzD,KAFMA,EAC8DzI,GAEnE,MAAM,IAAIE,MAAM,0BAGA,MAAA,CAAA,EAAME,EAAS,GAAAD,OAAGgB,KAAKqF,8BAA6B,CACpEzF,QAAS,CACRmL,cAAe,UAAU/L,OAAAsI,GACzB,wBAAyBtH,KAAKb,QAAQ6L,sBAIxC,OAPQrM,EAASN,EAKfsF,OALUhF,MAOHA,KACD,CAAA,EAAAA,EAAKA,MAGN,CAAA,EAAA,CACNsM,QAAStM,EAAKsM,QACdC,QAASvM,EAAKuM,QACdC,WAAYxM,EAAKwM,mBAElB,EAQK/F,EAAkBjF,UAAAiL,mBAAxB,SACCjM,qBAAA,IAAAA,IAAAA,EAGQ,CAAA,yFAEW,KAAA,EAAA,MAAA,CAAA,EAAMa,KAAK0F,mBAAmBnG,IAChDsC,EAAc7B,KAAKb,QAAQ2C,gBAE5B,OAHMuJ,EAAa7M,EAElBmF,QAID,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,SAFzD,CAAA,UAeP,OAbAtD,EAAAmF,OAEMtC,EAA0B,CAC/BiK,cAAeD,EAAWpB,UAGrBsB,EACqB,QAAvB7M,EAAAS,EAAQmH,mBAAe,IAAA5H,EAAAA,EAAAsB,KAAKb,QAAQoM,qBAEvClK,EAAOmK,yBAA2BD,EAClClK,EAAOW,MAAQ7C,EAAQ6C,OAGxB,CAAA,EAAMhC,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAKhE,OALAtD,EAAAmF,OAEAzB,OAAOqE,SAASlC,QACf,UAAGrE,KAAKqF,OAAM,sBAAArG,OAAqBoC,EAAkBC,KAEhD,CAAA,SACN,EAMK+D,EAAAjF,UAAAsL,aAAN,wGACe,KAAA,EAAA,MAAA,CAAA,EAAMzL,KAAK0F,mBAAmBnG,IAC3CsC,EAAc7B,KAAKb,QAAQ2C,gBAE5B,KAAKE,OAHCA,EAAQtD,EAEbiF,eACI3B,EAAOyJ,cACX,MAAM,IAAI1M,MACT,yDAS0B,OANtBJ,EAAO,CACZ+M,WAAY,gBACZjF,aAAc,GACdkF,cAAe3J,EAAMyJ,cAGM,CAAA,EAAMjM,EACjC,GAAGR,OAAAgB,KAAKqF,OAAmB,eAC3BjE,EAAkBzC,GAClB,CACCiB,QAAS,CACR,eAAgB,oCAChB,mBAAoBI,KAAKb,QAAQ2C,iBAMpC,OAZc8J,EAAclN,EAS3BiF,OATqBhF,KAYtB,CAAA,EAAMqB,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAEhE,OAFApD,EAAAiF,OAEO,CAAA,EAAA3D,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,uBAExB,EAEavG,EAAmBjF,UAAAuI,oBAAjC,SAAkC1G,iFACjC,MAAA,CAAA,EAAO,IAAIwG,SAAgC,SAACG,EAASkD,GACpD,IAAMC,EAAmB,SAACC,SACzB,GACCA,EAASvF,SAAWwF,EAAK3G,QACI,oCAAxB3G,EAAAqN,EAASpN,2BAAMsN,MAFrB,CAOA/J,OAAO4G,oBAAoB,UAAWgD,GACtCE,EAAKxE,uBAAoB/F,EAEjB,IAAAhD,EAAasN,EAASpN,cAC9B,OAAKF,GAAYA,EAASuD,QAAUA,EAIhCvD,EAASG,MACL+J,EAAQ,CACd/J,MAAOH,EAASG,MAChBoK,UAAWvK,EAASK,oBAIf6J,EAAQ,CACdrB,YAAa7I,EAAS0L,aACtBF,QAASxL,EAASyL,SAClBuB,aAAchN,EAASkN,cACvB5B,KAAMtL,EAASsL,KACf/H,MAAOvD,EAASuD,QAfT6J,EAAO,IAAI9M,MAAM,aAPxB,CAwBF,EAEAiN,EAAKxE,kBAAoBsE,EACzB5J,OAAOgK,iBAAiB,UAAWJ,EACnC,UACD,EAEa1G,EAAcjF,UAAAkK,eAA5B,SAA6BhJ,6GAc5B,GARQiG,EAAuCjG,EAA5BiG,YAAE2C,EAA0B5I,EAAM4I,QAAvBwB,EAAiBpK,eACzCgK,EAAyB,CAC9B/D,YAAaA,EACb2C,QAASA,EACTwB,aAAcA,EACdU,UAAWhF,KAAKC,OAGb6C,IACGmC,EAAyB5H,EAAWyF,GAASrF,KACnDyG,EAAWe,cAAgBA,EAC3Bf,EAAWnE,SAA+B,IAApBkF,EAAcC,IAEhChL,EAAOgF,OAAS+F,EAAc/F,QAAUhF,EAAOgF,OAClD,MAAM,IAAItH,MAAM,cAUlB,OANIuI,IACGgF,EAAiC9H,EAAW8C,GAAa1C,KAC/DyG,EAAWiB,kBAAoBA,EAC/BjB,EAAWnE,SAAmC,IAAxBoF,EAAkBD,KAGzC,CAAA,EAAMrM,KAAK0F,mBAAmBrF,IAC7BwB,EAAc7B,KAAKb,QAAQ2C,OAC3BuJ,WAED,OAJA3M,EAAAiF,OAIA,CAAA,EAAO0H,SACP,EAEajG,EAAajF,UAAA6J,cAA3B,SACCD,EACAzD,EACA9C,EACA6C,qGAU4B,OARtBkG,EAA8B,CACnCb,WAAY,qBACZ3B,KAAIA,EACJyC,cAAehJ,EACfoD,UAAW5G,KAAKb,QAAQ2C,MACxB2E,aAAcH,GAGa,CAAA,EAAM9G,EACjC,GAAGR,OAAAgB,KAAKqF,OAAmB,eAC3BjE,EAAkBmL,GAClB,CACC3M,QAAS,CACR,eAAgB,+CAKnB,OAVcgM,EAAclN,EAQ3BiF,OARqBhF,KAUf,CAAA,EAAAqB,KAAKqK,eAAe,CAC1BJ,QAAS2B,EAAS1B,SAClB5C,YAAasE,EAASzB,aACtBsB,aAAcG,EAASD,cACvBtF,MAAKA,WAEN,EAEajB,EAAAjF,UAAA8I,yBAAd,SACCJ,EACAxC,EAEAC,EACA9C,sEAEA,GAAIxD,KAAKb,QAAQsG,gBAAiB,CAEjC,GACEzF,KAAKb,QAAQ2G,qBAAqBsE,SAAS,UACX,iBAApBvB,EAAIvB,aACZtH,KAAKb,QAAQ2G,qBAAqBsE,SAAS,aACnB,iBAAhBvB,EAAIoB,QAEjB,MAAM,IAAIlL,MAAM,iBAGjB,MAAO,CAAA,EAAAiB,KAAKqK,eAAe,CAC1B/C,YAAauB,EAAIvB,YACjB2C,QAASpB,EAAIoB,QACbwB,aAAc5C,EAAI4C,aAClBpF,MAAKA,IAEN,CAGD,GAAwB,iBAAbwC,EAAIkB,KACd,MAAM,IAAIhL,MAAM,gBAGjB,IAAKuH,IAAgB9C,EAEpB,MAAM,IAAIzE,MAGX,MAAA,CAAA,EAAOiB,KAAKgK,cAAcnB,EAAIkB,KAAMzD,EAAa9C,EAAc6C,SAC/D,EAEOjB,EAAAjF,UAAAwJ,sBAAR,WACC,IAAM8C,EACoC,aAAtCzM,KAAKb,QAAQ4G,qBACV7D,OAAOqE,SAAS7C,KAChBxB,OAAOqE,SAASmG,OACvB,IAAKD,EACJ,OAAO,KAGR,IAAM5C,EAAqBnK,OAAOQ,OAAO,MASzC,OARAuM,EACEE,UAAU,GACVjI,MAAM,KACNkI,SAAQ,SAAAC,GACF,IAAAnO,EAAamO,EAAKnI,MAAM,KAAvBtE,EAAG1B,EAAA,GAAEoO,OACZjD,EAAUzJ,GAAO0M,CAClB,IAEMjD,GAKMzE,EAAAjF,UAAA4M,MAAd,SACCpO,EAEAsN,qHAEMe,EAAiC,CACtCjD,KAAM,2BACNkD,MAAO,2BACPC,SAAU,iBACVC,SAAU,mCAGc,6BAAA,CAAA,EAAM3N,EAC7BQ,KAAKqF,OAAS2H,EAAOf,GACrBtN,EACA,CACCiB,QAAS,CACR,mBAAoBI,KAAKb,QAAQ2C,iBAIhC,OATQrD,EAAY2O,EAQvBzJ,OARmBhF,cAShBD,EAAAD,EAASE,2BAAMwL,gBAA6B,QAAb3L,EAAAC,EAASE,YAAI,IAAAH,OAAA,EAAAA,EAAE0L,UAC9B,CAAA,EAAMlK,KAAKqK,eAAchB,EAAA,CAC3C/B,YAA4B,QAAfzI,EAAAJ,EAASE,YAAM,IAAAE,OAAA,EAAAA,EAAAsL,aAC5BF,gBAAS5L,EAAAI,EAASE,2BAAMuL,SACxBuB,aAA2B,UAAbhN,EAASE,YAAI,IAAAwH,OAAA,EAAAA,EAAEwF,eAC1BlN,EAASE,QAL4C,CAAA,EAAA,UAOzD,MAAA,CAAA,EANmByO,EAKjBzJ,QAGF,KAAA,EAAA,MAAA,CAAA,EAAM3D,KAAK0F,mBAAmBnF,OAAOsB,EAAc7B,KAAKb,QAAQ2C,gBAChE,MADAsL,EAAAzJ,OACM,IAAI5E,MAAMN,6BAGjB,iBAAM,IAAIM,MAAM,gBAAkB6B,KAAKG,UAAUzC,2BAElD,EAGK8G,EAAYjF,UAAAkN,aAAlB,SAAmBC,2GAED,6BAAM,CAAA,EAAArO,EAAS,GAAGD,OAAAgB,KAAKqF,OAAM,2BAE7C,OAFQ1G,EAAQH,EAA8CmF,OAAlDhF,KAEL,CAAA,EAAqB,QAArBD,EAAAC,aAAI,EAAJA,EAAO2O,UAAc,IAAA5O,OAAA,EAAAA,EAAA6O,kBAE5B,iBAAM,IAAIxO,MAAM,yBAA2B6B,KAAKG,UAAUyM,2BAE3D,EAEKpI,EAAYjF,UAAAsN,aAAlB,SACC9O,6GAIC,aAAAD,EAAAC,EAAKQ,8BAASuO,sBAC6B,UAA1B,QAAZlP,EAAAG,EAAKQ,eAAO,IAAAX,OAAA,EAAAA,EAAEkP,qBADnB,MACiD,CAAA,EAAA,GAEjD,IAAK1N,KAAKb,QAAQwO,gBACjB,MAAM,IAAI5O,MACT,oEAIgB,MAAM,CAAA,EAAAiB,KAAKqN,aAC5B1O,EAAKQ,QAAQuO,6BAGd,GAAyB,iBAJnBH,EAAY1O,EAEjB8E,QAGA,MAAM,IAAI5E,MAAM,gBAAgBC,OAAAL,EAAKQ,QAAQuO,oBAAuE,uDAGrH/O,EAAKiP,gBAAgBV,SAAWlN,KAAKb,QAAQwO,gBAC5ChP,EAAKiP,gBAAgBV,SACrBK,oBAQK,OAJDM,SACFlP,GAAI,CACPmP,WAAY,aAEA,CAAA,EAAA9N,KAAK+M,MAAMc,EAAO,aAA/B,KAAA,EAAA,MAAA,CAAA,EAAOhP,gBACP,EAEDuG,CAAD"} |
| import { AuthingSPAInitOptions, LoginState, LoginStateWithCustomStateData, IUserInfo, NormalError } from './global'; | ||
| import { EncryptType, PasswordLoginOptions } from './types'; | ||
| export declare class Authing { | ||
@@ -86,2 +87,5 @@ private globalMsgListener; | ||
| private resolveCallbackParams; | ||
| private login; | ||
| getPublicKey(encryptType: EncryptType): Promise<string>; | ||
| loginByEmail(data: PasswordLoginOptions): Promise<LoginState>; | ||
| } |
@@ -85,3 +85,10 @@ import { ImplicitResponseType, RedirectResponseMode } from './types'; | ||
| popupHeight?: number; | ||
| /** | ||
| * 加密函数 @authing/miniapp-sm2encrypt | ||
| */ | ||
| encryptFunction?: EncryptFunction; | ||
| } | ||
| export interface EncryptFunction { | ||
| (plainText: string, publicKey: string): string; | ||
| } | ||
| export interface LoginState { | ||
@@ -88,0 +95,0 @@ accessToken?: string; |
@@ -6,1 +6,31 @@ export declare type StrDict = Record<string, string>; | ||
| export declare type MsgListener = (e: MessageEvent<any>) => void; | ||
| export declare type PasswordEncryptType = 'none' | 'rsa' | 'sm2'; | ||
| export declare type EncryptType = 'rsa' | 'sm2'; | ||
| interface CommonLoginOptions { | ||
| passwordEncryptType?: PasswordEncryptType; | ||
| scope?: string; | ||
| clientIp?: string; | ||
| context?: string; | ||
| tenantId?: string; | ||
| customData?: Record<string, unknown>; | ||
| autoRegister?: boolean; | ||
| } | ||
| export interface PasswordLoginOptions { | ||
| connection?: 'PASSWORD'; | ||
| passwordPayload: { | ||
| password: string; | ||
| email: string; | ||
| }; | ||
| options?: CommonLoginOptions; | ||
| } | ||
| export interface PassCodeLoginOptions { | ||
| connection?: 'PASSCODE'; | ||
| passCodePayload: { | ||
| passCode: string; | ||
| email?: string; | ||
| phone?: string; | ||
| phoneCountryCode?: string; | ||
| }; | ||
| options?: CommonLoginOptions; | ||
| } | ||
| export {}; |
+1
-1
| { | ||
| "name": "@authing/web", | ||
| "version": "5.1.21-alpha.3", | ||
| "version": "5.1.21", | ||
| "description": "Official SDK of Authing for Browser", | ||
@@ -5,0 +5,0 @@ "main": "dist/global/index.global.js", |
Fixed alerts
Not semver v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
175725
8.73%- Lines of code
592
10.86%- Number of low quality alerts
2
-33.33%No dependency changes