New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@nhost/hasura-auth-js
Advanced tools
@nhost/hasura-auth-js - npm Package Compare versions
Comparing version 2.4.1 to 2.4.2
@@ -1,3 +0,3 @@ | ||
| "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const Fe=require("jose"),d=require("xstate"),H=require("js-cookie"),Ye=require("fetch-ponyfill");function je(n){const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(n){for(const r in n)if(r!=="default"){const s=Object.getOwnPropertyDescriptor(n,r);Object.defineProperty(e,r,s.get?s:{enumerable:!0,get:()=>n[r]})}}return e.default=n,Object.freeze(e)}const Be=je(Fe),O="nhostRefreshToken",N="nhostRefreshTokenId",k="nhostRefreshTokenExpiresAt",Z=3,ee=60,$=5,Q=0,z=1,R=10,P=20;class v extends Error{constructor(e){super(e.message),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),e instanceof Error?(this.name=e.name,this.error={error:e.name,status:z,message:e.message}):(this.name=e.error,this.error=e)}}const I={status:R,error:"invalid-email",message:"Email is incorrectly formatted"},re={status:R,error:"invalid-mfa-type",message:"MFA type is invalid"},se={status:R,error:"invalid-mfa-code",message:"MFA code is invalid"},U={status:R,error:"invalid-password",message:"Password is incorrectly formatted"},W={status:R,error:"invalid-phone-number",message:"Phone number is incorrectly formatted"},ne={status:R,error:"invalid-mfa-ticket",message:"MFA ticket is invalid"},te={status:R,error:"no-mfa-ticket",message:"No MFA ticket has been provided"},ie={status:R,error:"no-refresh-token",message:"No refresh token has been provided"},oe={status:P,error:"refresher-already-running",message:"The token refresher is already running. You must wait until is has finished before submitting a new token."},_={status:P,error:"already-signed-in",message:"User is already signed in"},ae={status:P,error:"unauthenticated-user",message:"User is not authenticated"},Qe={status:P,error:"user-not-anonymous",message:"User is not anonymous"},ce={status:P,error:"unverified-user",message:"Email needs verification"},ue={status:R,error:"invalid-refresh-token",message:"Invalid or expired refresh token"},le={status:z,error:"invalid-sign-in-method",message:"Invalid sign-in method"},M={user:null,mfa:null,accessToken:{value:null,expiresAt:null,expiresInSeconds:15},refreshTimer:{startedAt:null,attempts:0,lastAttempt:null},refreshToken:{value:null},importTokenAttempts:0,errors:{}};function ze(n){return new TextEncoder().encode(n)}function S(n){const e=new Uint8Array(n);let r="";for(const t of e)r+=String.fromCharCode(t);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function X(n){const e=n.replace(/-/g,"+").replace(/_/g,"/"),r=(4-e.length%4)%4,s=e.padEnd(e.length+r,"="),t=atob(s),i=new ArrayBuffer(t.length),c=new Uint8Array(i);for(let E=0;E<t.length;E++)c[E]=t.charCodeAt(E);return i}function de(){return(window==null?void 0:window.PublicKeyCredential)!==void 0&&typeof window.PublicKeyCredential=="function"}function fe(n){const{id:e}=n;return{...n,id:X(e),transports:n.transports}}function he(n){return n==="localhost"||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(n)}class g extends Error{constructor({message:e,code:r,cause:s,name:t}){super(e,{cause:s}),this.name=t!=null?t:s.name,this.code=r}}function Xe({error:n,options:e}){var s,t;const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(n.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else if(n.name==="ConstraintError"){if(((s=r.authenticatorSelection)==null?void 0:s.requireResidentKey)===!0)return new g({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:n});if(((t=r.authenticatorSelection)==null?void 0:t.userVerification)==="required")return new g({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:n})}else{if(n.name==="InvalidStateError")return new g({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:n});if(n.name==="NotAllowedError")return new g({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if(n.name==="NotSupportedError")return r.pubKeyCredParams.filter(c=>c.type==="public-key").length===0?new g({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:n}):new g({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:n});if(n.name==="SecurityError"){const i=window.location.hostname;if(he(i)){if(r.rp.id!==i)return new g({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:n})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:n})}else if(n.name==="TypeError"){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new g({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:n})}else if(n.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}class Je{createNewAbortSignal(){if(this.controller){const r=new Error("Cancelling existing WebAuthn API call for new one");r.name="AbortError",this.controller.abort(r)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}}const Ee=new Je,Ze=["cross-platform","platform"];function me(n){if(n&&!(Ze.indexOf(n)<0))return n}async function ge(n){var u;if(!de())throw new Error("WebAuthn is not supported in this browser");const r={publicKey:{...n,challenge:X(n.challenge),user:{...n.user,id:ze(n.user.id)},excludeCredentials:(u=n.excludeCredentials)==null?void 0:u.map(fe)}};r.signal=Ee.createNewAbortSignal();let s;try{s=await navigator.credentials.create(r)}catch(l){throw Xe({error:l,options:r})}if(!s)throw new Error("Registration was not completed");const{id:t,rawId:i,response:c,type:E}=s;let f;typeof c.getTransports=="function"&&(f=c.getTransports());let h;if(typeof c.getPublicKeyAlgorithm=="function")try{h=c.getPublicKeyAlgorithm()}catch(l){G("getPublicKeyAlgorithm()",l)}let a;if(typeof c.getPublicKey=="function")try{const l=c.getPublicKey();l!==null&&(a=S(l))}catch(l){G("getPublicKey()",l)}let o;if(typeof c.getAuthenticatorData=="function")try{o=S(c.getAuthenticatorData())}catch(l){G("getAuthenticatorData()",l)}return{id:t,rawId:S(i),response:{attestationObject:S(c.attestationObject),clientDataJSON:S(c.clientDataJSON),transports:f,publicKeyAlgorithm:h,publicKey:a,authenticatorData:o},type:E,clientExtensionResults:s.getClientExtensionResults(),authenticatorAttachment:me(s.authenticatorAttachment)}}function G(n,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${n}. You should report this error to them. | ||
| `,e)}function er(n){return new TextDecoder("utf-8").decode(n)}function rr(){const n=window.PublicKeyCredential;return n.isConditionalMediationAvailable===void 0?new Promise(e=>e(!1)):n.isConditionalMediationAvailable()}function sr({error:n,options:e}){const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(n.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else{if(n.name==="NotAllowedError")return new g({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if(n.name==="SecurityError"){const s=window.location.hostname;if(he(s)){if(r.rpId!==s)return new g({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:n})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:n})}else if(n.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}async function Te(n,e=!1){var o,u;if(!de())throw new Error("WebAuthn is not supported in this browser");let r;((o=n.allowCredentials)==null?void 0:o.length)!==0&&(r=(u=n.allowCredentials)==null?void 0:u.map(fe));const s={...n,challenge:X(n.challenge),allowCredentials:r},t={};if(e){if(!await rr())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');t.mediation="conditional",s.allowCredentials=[]}t.publicKey=s,t.signal=Ee.createNewAbortSignal();let i;try{i=await navigator.credentials.get(t)}catch(l){throw sr({error:l,options:t})}if(!i)throw new Error("Authentication was not completed");const{id:c,rawId:E,response:f,type:h}=i;let a;return f.userHandle&&(a=er(f.userHandle)),{id:c,rawId:S(E),response:{authenticatorData:S(f.authenticatorData),clientDataJSON:S(f.clientDataJSON),signature:S(f.signature),userHandle:a},type:h,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:me(i.authenticatorAttachment)}}const L=typeof window!="undefined",x=new Map,nr=n=>{var e;return L&&typeof localStorage!="undefined"?localStorage.getItem(n):(e=x.get(n))!=null?e:null},tr=(n,e)=>{L&&typeof localStorage!="undefined"?e?localStorage.setItem(n,e):localStorage.removeItem(n):e?x.set(n,e):x.has(n)&&x.delete(n)},pe=(n,e)=>{if(n==="localStorage"||n==="web")return nr;if(n==="cookie")return r=>{var s;return L&&(s=H.get(r))!=null?s:null};if(!e)throw Error(`clientStorageType is set to '${n}' but no clientStorage has been given`);if(n==="react-native")return r=>{var s;return(s=e.getItem)==null?void 0:s.call(e,r)};if(n==="capacitor")return r=>{var s;return(s=e.get)==null?void 0:s.call(e,{key:r})};if(n==="expo-secure-storage")return r=>{var s;return(s=e.getItemAsync)==null?void 0:s.call(e,r)};if(n==="custom"){if(e.getItem&&e.removeItem)return e.getItem;if(e.getItemAsync)return e.getItemAsync;throw Error(`clientStorageType is set to 'custom' but clientStorage is missing either "getItem" and "removeItem" properties or "getItemAsync" property`)}throw Error(`Unknown storage type: ${n}`)},we=(n,e)=>{if(n==="localStorage"||n==="web")return tr;if(n==="cookie")return(r,s)=>{L&&(s?H.set(r,s,{expires:30,sameSite:"lax",httpOnly:!1}):H.remove(r))};if(!e)throw Error(`clientStorageType is set to '${n}' but no clienStorage has been given`);if(n==="react-native")return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(n==="capacitor")return(r,s)=>{var t,i;return s?(t=e.set)==null?void 0:t.call(e,{key:r,value:s}):(i=e.remove)==null?void 0:i.call(e,{key:r})};if(n==="expo-secure-storage")return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.deleteItemAsync)==null?void 0:i.call(e,r)};if(n==="custom"){if(!e.removeItem)throw Error("clientStorageType is set to 'custom' but clientStorage is missing a removeItem property");if(e.setItem)return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(e.setItemAsync)return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};throw Error("clientStorageType is set to 'custom' but clientStorage is missing setItem or setItemAsync property")}throw Error(`Unknown storage type: ${n}`)},b=n=>!n||!n.accessToken.value||!n.accessToken.expiresAt||!n.user?null:{accessToken:n.accessToken.value,accessTokenExpiresIn:(n.accessToken.expiresAt.getTime()-Date.now())/1e3,refreshToken:n.refreshToken.value,user:n.user},A=({accessToken:n,refreshToken:e,isError:r,user:s,error:t})=>r?{session:null,error:t}:s&&n?{session:{accessToken:n,accessTokenExpiresIn:0,refreshToken:e,user:s},error:null}:{session:null,error:null},D=()=>typeof window!="undefined";let Re=globalThis.fetch;typeof EdgeRuntime!="string"&&(Re=Ye().fetch);const _e=async(n,e,{token:r,body:s}={})=>{const t={"Content-Type":"application/json",Accept:"*/*"};r&&(t.Authorization=`Bearer ${r}`);const i={method:e,headers:t};s&&(i.body=JSON.stringify(s));try{const c=await Re(n,i);if(!c.ok){const E=await c.json();return Promise.reject({error:E})}try{return{data:await c.json(),error:null}}catch{return console.warn(`Unexpected response: can't parse the response of the server at ${n}`),{data:"OK",error:null}}}catch{const E={message:"Network Error",status:Q,error:"network"};return Promise.reject({error:E})}},w=async(n,e,r)=>_e(n,"POST",{token:r,body:e}),Ae=(n,e)=>_e(n,"GET",{token:e}),K=(n,e)=>{const r=e&&Object.entries(e).map(([s,t])=>{const i=Array.isArray(t)?t.join(","):typeof t=="object"?JSON.stringify(t):t;return`${s}=${encodeURIComponent(i)}`}).join("&");return r?`${n}?${r}`:n},p=(n,e)=>{if(!(e!=null&&e.redirectTo))return e;const{redirectTo:r,...s}=e;if(!n)return r.startsWith("/")?s:e;const t=new URL(n),i=Object.fromEntries(new URLSearchParams(t.search)),c=new URL(r.startsWith("/")?t.origin+r:r),E=new URLSearchParams(c.search);let f=Object.fromEntries(E);r.startsWith("/")&&(f={...i,...f});let h=t.pathname;return c.pathname.length>1&&(h+=c.pathname.slice(1)),{...s,redirectTo:K(c.origin+h,f)}};function C(n,e){var t;if(!e){if(typeof window=="undefined")return;e=((t=window.location)==null?void 0:t.href)||""}n=n.replace(/[\[\]]/g,"\\$&");const r=new RegExp("[?&#]"+n+"(=([^&#]*)|&|#|$)"),s=r.exec(e);return s?s[2]?decodeURIComponent(s[2].replace(/\+/g," ")):"":null}function q(n){var r;if(typeof window=="undefined")return;const e=window==null?void 0:window.location;if(e&&e){const s=new URLSearchParams(e.search),t=new URLSearchParams((r=e.hash)==null?void 0:r.slice(1));s.delete(n),t.delete(n);let i=window.location.pathname;Array.from(s).length&&(i+=`?${s.toString()}`),Array.from(t).length&&(i+=`#${t.toString()}`),window.history.pushState({},"",i)}}const y=n=>!!n&&typeof n=="string"&&!!String(n).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/),V=n=>!!n&&typeof n=="string"&&n.length>=Z,F=n=>!!n&&typeof n=="string",Ie=n=>n&&typeof n=="string"&&n.match(/^mfaTotp:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),Se=({backendUrl:n,clientUrl:e,clientStorageType:r="web",clientStorage:s,refreshIntervalTime:t,autoRefreshToken:i=!0,autoSignIn:c=!0})=>{const E=pe(r,s),f=we(r,s),h=async(a,o,u)=>(await w(`${n}${a}`,o,u)).data;return d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},context:M,predictableActionArguments:!0,id:"nhost",type:"parallel",states:{authentication:{initial:"starting",on:{SESSION_UPDATE:[{cond:"hasSession",actions:["saveSession","resetTimer","reportTokenChanged"],target:".signedIn"}]},states:{starting:{tags:["loading"],always:{cond:"isSignedIn",target:"signedIn"},invoke:{id:"importRefreshToken",src:"importRefreshToken",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"signedIn"},{target:"signedOut"}],onError:[{cond:"shouldRetryImportToken",actions:"incrementTokenImportAttempts",target:"retryTokenImport"},{actions:["saveAuthenticationError"],target:"signedOut"}]}},retryTokenImport:{tags:["loading"],after:{RETRY_IMPORT_TOKEN_DELAY:"starting"}},signedOut:{initial:"noErrors",entry:"reportSignedOut",states:{noErrors:{},success:{},needsSmsOtp:{},needsMfa:{},failed:{},signingOut:{entry:["clearContextExceptRefreshToken"],exit:["destroyRefreshToken","reportTokenChanged"],invoke:{src:"signout",id:"signingOut",onDone:{target:"success"},onError:{target:"failed",actions:["saveAuthenticationError"]}}}},on:{SIGNIN_PASSWORD:"authenticating.password",SIGNIN_ANONYMOUS:"authenticating.anonymous",SIGNIN_SECURITY_KEY_EMAIL:"authenticating.securityKeyEmail",SIGNIN_MFA_TOTP:"authenticating.mfa.totp",SIGNIN_PAT:"authenticating.pat"}},authenticating:{entry:"resetErrors",states:{password:{invoke:{src:"signInPassword",id:"authenticateUserWithPassword",onDone:[{cond:"hasMfaTicket",actions:["saveMfaTicket"],target:"#nhost.authentication.signedOut.needsMfa"},{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"}],onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}},pat:{invoke:{src:"signInPAT",id:"authenticateWithPAT",onDone:{actions:["savePATSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},anonymous:{invoke:{src:"signInAnonymous",id:"authenticateAnonymously",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},mfa:{states:{totp:{invoke:{src:"signInMfaTotp",id:"signInMfaTotp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:["saveAuthenticationError"],target:"#nhost.authentication.signedOut.failed"}}}}},securityKeyEmail:{invoke:{src:"signInSecurityKeyEmail",id:"authenticateUserWithSecurityKey",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}}}},signedIn:{type:"parallel",entry:["reportSignedIn","cleanUrl","broadcastToken","resetErrors"],on:{SIGNOUT:"signedOut.signingOut"},states:{refreshTimer:{id:"timer",initial:"idle",states:{disabled:{type:"final"},stopped:{always:{cond:"noToken",target:"idle"}},idle:{always:[{cond:"isAutoRefreshDisabled",target:"disabled"},{cond:"isRefreshTokenPAT",target:"disabled"},{cond:"hasRefreshToken",target:"running"}]},running:{initial:"pending",entry:"resetTimer",states:{pending:{after:{1e3:{internal:!1,target:"pending"}},always:{cond:"refreshTimerShouldRefresh",target:"refreshing"}},refreshing:{invoke:{src:"refreshToken",id:"refreshToken",onDone:{actions:["saveSession","resetTimer","reportTokenChanged"],target:"pending"},onError:[{actions:"saveRefreshAttempt",target:"pending"}]}}}}}}}}}},token:{initial:"idle",states:{idle:{on:{TRY_TOKEN:"running"},initial:"noErrors",states:{noErrors:{},error:{}}},running:{invoke:{src:"refreshToken",id:"authenticateWithToken",onDone:{actions:["saveSession","reportTokenChanged"],target:["#nhost.authentication.signedIn","idle.noErrors"]},onError:[{cond:"isSignedIn",target:"idle.error"},{actions:"saveAuthenticationError",target:["#nhost.authentication.signedOut.failed","idle.error"]}]}}}},registration:{initial:"incomplete",on:{SIGNED_IN:[{cond:"isAnonymous",target:".incomplete"},".complete"]},states:{incomplete:{on:{SIGNUP_EMAIL_PASSWORD:"emailPassword",SIGNUP_SECURITY_KEY:"securityKey",PASSWORDLESS_EMAIL:"passwordlessEmail",PASSWORDLESS_SMS:"passwordlessSms",PASSWORDLESS_SMS_OTP:"passwordlessSmsOtp"},initial:"noErrors",states:{noErrors:{},needsEmailVerification:{},needsOtp:{},failed:{}}},emailPassword:{entry:["resetErrors"],invoke:{src:"signUpEmailPassword",id:"signUpEmailPassword",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},securityKey:{entry:["resetErrors"],invoke:{src:"signUpSecurityKey",id:"signUpSecurityKey",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},passwordlessEmail:{entry:["resetErrors"],invoke:{src:"passwordlessEmail",id:"passwordlessEmail",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSms:{entry:["resetErrors"],invoke:{src:"passwordlessSms",id:"passwordlessSms",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsOtp"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSmsOtp:{entry:["resetErrors"],invoke:{src:"passwordlessSmsOtp",id:"passwordlessSmsOtp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},complete:{on:{SIGNED_OUT:"incomplete"}}}}}},{actions:{reportSignedIn:d.send("SIGNED_IN"),reportSignedOut:d.send("SIGNED_OUT"),reportTokenChanged:d.send("TOKEN_CHANGED"),incrementTokenImportAttempts:d.assign({importTokenAttempts:({importTokenAttempts:a})=>a+1}),clearContext:d.assign(()=>(f(k,null),f(O,null),f(N,null),{...M})),clearContextExceptRefreshToken:d.assign(({refreshToken:{value:a}})=>(f(k,null),{...M,refreshToken:{value:a}})),saveSession:d.assign({user:(a,{data:o})=>{var u;return((u=o==null?void 0:o.session)==null?void 0:u.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:u,accessToken:l}=o.session,m=new Date(Date.now()+u*1e3);return f(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:u}}return f(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const u=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return u&&f(O,u),l&&f(N,l),{value:u}}}),savePATSession:d.assign({user:(a,{data:o})=>{var u;return((u=o==null?void 0:o.session)==null?void 0:u.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:u,accessToken:l}=o.session,m=new Date(Date.now()+u*1e3);return f(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:u}}return f(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const u=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return u&&f(O,u),l&&f(N,l),{value:u,isPAT:!0}}}),saveMfaTicket:d.assign({mfa:(a,o)=>{var u;return(u=o.data)==null?void 0:u.mfa}}),resetTimer:d.assign({refreshTimer:a=>({startedAt:new Date,attempts:0,lastAttempt:null})}),saveRefreshAttempt:d.assign({refreshTimer:(a,o)=>({startedAt:a.refreshTimer.startedAt,attempts:a.refreshTimer.attempts+1,lastAttempt:new Date})}),saveAuthenticationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,authentication:o})}),resetErrors:d.assign({errors:a=>({}),importTokenAttempts:a=>0}),saveRegistrationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,registration:o})}),destroyRefreshToken:d.assign({refreshToken:a=>(f(O,null),f(N,null),{value:null})}),cleanUrl:()=>{c&&C("refreshToken")&&(q("refreshToken"),q("type"))},broadcastToken:a=>{if(c)try{new BroadcastChannel("nhost").postMessage(a.refreshToken.value)}catch{}}},guards:{isAnonymous:(a,o)=>{var u;return!!((u=a.user)!=null&&u.isAnonymous)},isSignedIn:a=>!!a.user&&!!a.accessToken.value,noToken:a=>!a.refreshToken.value,isRefreshTokenPAT:a=>{var o;return!!((o=a.refreshToken)!=null&&o.isPAT)},hasRefreshToken:a=>!!a.refreshToken.value,isAutoRefreshDisabled:()=>!i,refreshTimerShouldRefresh:a=>{const{expiresAt:o}=a.accessToken;if(!o)return!1;if(o.getTime()<Date.now())return!0;if(a.refreshTimer.lastAttempt)return a.refreshTimer.attempts>$?!1:Date.now()-a.refreshTimer.lastAttempt.getTime()>Math.pow(2,a.refreshTimer.attempts-1)*5e3;if(t&&Date.now()-a.refreshTimer.startedAt.getTime()>t*1e3)return!0;const u=a.accessToken.expiresInSeconds;return u?o.getTime()-Date.now()-1e3*Math.min(ee,u*.5)<=0:!1},shouldRetryImportToken:(a,o)=>a.importTokenAttempts<$&&(o.data.error.status===Q||o.data.error.status>=500),unverified:(a,{data:{error:o}})=>o.status===401&&(o.message==="Email is not verified"||o.error==="unverified-user"),hasSession:(a,o)=>{var u;return!!((u=o.data)!=null&&u.session)},hasMfaTicket:(a,o)=>{var u;return!!((u=o.data)!=null&&u.mfa)}},services:{signInPassword:(a,{email:o,password:u})=>y(o)?V(u)?h("/signin/email-password",{email:o,password:u}):Promise.reject({error:U}):Promise.reject({error:I}),signInPAT:(a,{pat:o})=>h("/signin/pat",{personalAccessToken:o}),passwordlessSms:(a,{phoneNumber:o,options:u})=>{var l;return F(o)?(l=a.user)!=null&&l.isAnonymous?(console.warn("Deanonymisation from a phone number is not yet implemented in hasura-auth"),h("/user/deanonymize",{signInMethod:"passwordless",connection:"sms",phoneNumber:o,options:p(e,u)},a.accessToken.value)):h("/signin/passwordless/sms",{phoneNumber:o,options:p(e,u)}):Promise.reject({error:W})},passwordlessSmsOtp:(a,{phoneNumber:o,otp:u})=>F(o)?h("/signin/passwordless/sms/otp",{phoneNumber:o,otp:u}):Promise.reject({error:W}),passwordlessEmail:(a,{email:o,options:u})=>{var l;return y(o)?(l=a.user)!=null&&l.isAnonymous?h("/user/deanonymize",{signInMethod:"passwordless",connection:"email",email:o,options:p(e,u)},a.accessToken.value):h("/signin/passwordless/email",{email:o,options:p(e,u)}):Promise.reject({error:I})},signInAnonymous:a=>h("/signin/anonymous"),signInMfaTotp:(a,o)=>{var l;const u=o.ticket||((l=a.mfa)==null?void 0:l.ticket);return u?Ie(u)?h("/signin/mfa/totp",{ticket:u,otp:o.otp}):Promise.reject({error:ne}):Promise.reject({error:te})},signInSecurityKeyEmail:async(a,{email:o})=>{if(!y(o))throw new v(I);const u=await h("/signin/webauthn",{email:o});let l;try{l=await Te(u)}catch(m){throw new v(m)}return h("/signin/webauthn/verify",{email:o,credential:l})},refreshToken:async(a,o)=>{const u=o.type==="TRY_TOKEN"?o.token:a.refreshToken.value;return{session:await h("/token",{refreshToken:u}),error:null}},signout:(a,o)=>h("/signout",{refreshToken:a.refreshToken.value,all:!!o.all}),signUpEmailPassword:async(a,{email:o,password:u,options:l})=>{var m;return y(o)?V(u)?(m=a.user)!=null&&m.isAnonymous?h("/user/deanonymize",{signInMethod:"email-password",email:o,password:u,options:p(e,l)},a.accessToken.value):h("/signup/email-password",{email:o,password:u,options:p(e,l)}):Promise.reject({error:U}):Promise.reject({error:I})},signUpSecurityKey:async(a,{email:o,options:u})=>{if(!y(o))return Promise.reject({error:I});const l=u==null?void 0:u.nickname;l&&delete u.nickname;const m=await h("/signup/webauthn",{email:o,options:u});let T;try{T=await ge(m)}catch(qe){throw new v(qe)}return h("/signup/webauthn/verify",{credential:T,options:{redirectTo:u==null?void 0:u.redirectTo,nickname:l}})},importRefreshToken:async a=>{if(a.user&&a.refreshToken.value&&a.accessToken.value&&a.accessToken.expiresAt)return{session:{accessToken:a.accessToken.value,accessTokenExpiresIn:a.accessToken.expiresAt.getTime()-Date.now(),refreshToken:a.refreshToken.value,user:a.user},error:null};let o=null;if(c){const l=C("refreshToken")||null;if(l)try{return{session:await h("/token",{refreshToken:l}),error:null}}catch(m){o=m.error}else{const m=C("error"),T=C("errorDescription");if(m&&T!=="social user already exists")return Promise.reject({session:null,error:{status:R,error:m,message:T||m}})}}const u=await E(O);if(u)try{return{session:await h("/token",{refreshToken:u}),error:null}}catch(l){o=l.error}return o?Promise.reject({error:o,session:null}):{error:null,session:null}}},delays:{RETRY_IMPORT_TOKEN_DELAY:({importTokenAttempts:a})=>Math.pow(2,a-1)*5e3}})},ye=({backendUrl:n,clientUrl:e,interpreter:r})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changeEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:s=>I}),saveRequestError:d.assign({error:(s,{data:{error:t}})=>t}),reportError:d.send(s=>({type:"ERROR",error:s.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(s,{email:t})=>!y(t)},services:{requestChange:async(s,{email:t,options:i})=>(await w(`${n}/user/email/change`,{newEmail:t,options:p(e,i)},r==null?void 0:r.getSnapshot().context.accessToken.value)).data}}),ke=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidPassword",actions:"saveInvalidPasswordError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidPasswordError:d.assign({error:r=>U}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidPassword:(r,{password:s})=>!V(s)},services:{requestChange:(r,{password:s,ticket:t})=>w(`${n}/user/password`,{newPassword:s,ticket:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),ir=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{}},tsTypes:{},predictableActionArguments:!0,id:"enableMfa",initial:"idle",context:{error:null,imageUrl:null,secret:null},states:{idle:{initial:"initial",on:{GENERATE:"generating"},states:{initial:{},error:{}}},generating:{invoke:{src:"generate",id:"generate",onDone:{target:"generated",actions:["reportGeneratedSuccess","saveGeneration"]},onError:{actions:["saveError","reportGeneratedError"],target:"idle.error"}}},generated:{initial:"idle",states:{idle:{initial:"idle",on:{ACTIVATE:[{cond:"invalidMfaType",actions:"saveInvalidMfaTypeError",target:".error"},{cond:"invalidMfaCode",actions:"saveInvalidMfaCodeError",target:".error"},{target:"activating"}]},states:{idle:{},error:{}}},activating:{invoke:{src:"activate",id:"activate",onDone:{target:"activated",actions:"reportSuccess"},onError:{actions:["saveError","reportError"],target:"idle.error"}}},activated:{type:"final"}}}}},{actions:{saveInvalidMfaTypeError:d.assign({error:r=>re}),saveInvalidMfaCodeError:d.assign({error:r=>se}),saveError:d.assign({error:(r,{data:{error:s}})=>s}),saveGeneration:d.assign({imageUrl:(r,{data:{imageUrl:s}})=>s,secret:(r,{data:{totpSecret:s}})=>s}),reportError:d.send((r,s)=>(console.log("REPORT",r,s),{type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS"),reportGeneratedSuccess:d.send("GENERATED"),reportGeneratedError:d.send(r=>({type:"GENERATED_ERROR",error:r.error}))},guards:{invalidMfaCode:(r,{code:s})=>!s,invalidMfaType:(r,{activeMfaType:s})=>!s||s!=="totp"},services:{generate:async r=>{const{data:s}=await Ae(`${n}/mfa/totp/generate`,e==null?void 0:e.getSnapshot().context.accessToken.value);return s},activate:(r,{code:s,activeMfaType:t})=>w(`${n}/user/mfa`,{code:s,activeMfaType:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),Oe=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{requestChange:(r,{email:s,options:t})=>w(`${n}/user/password/reset`,{email:s,options:p(e,t)})}}),ve=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"sendVerificationEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"request",id:"request",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{request:async(r,{email:s,options:t})=>(await w(`${n}/user/email/send-verification-email`,{email:s,options:p(e,t)})).data}});class J{constructor({clientStorageType:e="web",autoSignIn:r=!0,autoRefreshToken:s=!0,start:t=!0,backendUrl:i,clientUrl:c,devTools:E,...f}){if(this._started=!1,this._subscriptionsQueue=new Set,this._subscriptions=new Set,this.backendUrl=i,this.clientUrl=c,this._machine=Se({...f,backendUrl:i,clientUrl:c,clientStorageType:e,autoSignIn:r,autoRefreshToken:s}),t&&this.start({devTools:E}),typeof window!="undefined"&&r)try{this._channel=new BroadcastChannel("nhost"),this._channel.addEventListener("message",h=>{var o;const a=(o=this.interpreter)==null?void 0:o.getSnapshot().context.refreshToken.value;this.interpreter&&h.data!==a&&this.interpreter.send("TRY_TOKEN",{token:h.data})})}catch{}}start({devTools:e=!1,initialSession:r,interpreter:s}={}){var c,E;const t={...this.machine.context};r&&(t.user=r.user,t.refreshToken.value=(c=r.refreshToken)!=null?c:null,t.accessToken.value=(E=r.accessToken)!=null?E:null,t.accessToken.expiresAt=new Date(Date.now()+r.accessTokenExpiresIn*1e3));const i=this.machine.withContext(t);this._interpreter||(this._interpreter=s||d.interpret(i,{devTools:e})),(!this._started||typeof window=="undefined")&&(this._interpreter.initialized&&(this._interpreter.stop(),this._subscriptions.forEach(f=>f())),this._interpreter.start(i.initialState),this._subscriptionsQueue.forEach(f=>f(this))),this._started=!0}get machine(){return this._machine}get interpreter(){return this._interpreter}get started(){return this._started}subscribe(e){if(this.started){const r=e(this);return this._subscriptions.add(r),r}else return this._subscriptionsQueue.add(e),()=>{console.log("onTokenChanged was added before the interpreter started. Cannot unsubscribe listener.")}}}class Pe extends J{constructor({...e}){super({...e,autoSignIn:D()&&e.autoSignIn,autoRefreshToken:D()&&e.autoRefreshToken,clientStorageType:"cookie"})}}const or=Pe,Ne=async({backendUrl:n,interpreter:e},r)=>{try{const{data:s}=await w(`${n}/user/webauthn/add`,{},e==null?void 0:e.getSnapshot().context.accessToken.value);let t;try{t=await ge(s)}catch(c){throw new v(c)}const{data:i}=await w(`${n}/user/webauthn/verify`,{credential:t,nickname:r},e==null?void 0:e.getSnapshot().context.accessToken.value);return{key:i,isError:!1,error:null,isSuccess:!0}}catch(s){const{error:t}=s;return{isError:!0,error:t,isSuccess:!1}}},be=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,needsEmailVerification:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,needsEmailVerification:!0})})}),Ce=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{password:e,ticket:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSuccess:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSuccess:!0})})}),ar=n=>new Promise(e=>{n.send("GENERATE"),n.onTransition(r=>{r.matches("generated")?e({error:null,isError:!1,isGenerated:!0,qrCodeDataUrl:r.context.imageUrl||""}):r.matches({idle:"error"})&&e({error:r.context.error||null,isError:!0,isGenerated:!1,qrCodeDataUrl:""})})}),cr=(n,e)=>new Promise(r=>{n.send("ACTIVATE",{activeMfaType:"totp",code:e}),n.onTransition(s=>{s.matches({generated:"activated"})?r({error:null,isActivated:!0,isError:!1}):s.matches({generated:{idle:"error"}})&&r({error:s.context.error,isActivated:!1,isError:!0})})}),De=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),Me=(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),xe=n=>new Promise(e=>{const{changed:r}=n.send("SIGNIN_ANONYMOUS");r||e({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(s=>{s.matches({authentication:"signedIn"})&&e({isSuccess:!0,isError:!1,error:null,user:s.context.user,accessToken:s.context.accessToken.value,refreshToken:s.context.refreshToken.value}),s.matches({authentication:{signedOut:"failed"}})&&e({isSuccess:!1,isError:!0,error:s.context.errors.authentication||null,user:null,accessToken:null,refreshToken:null})})}),Ue=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_PASSWORD",{email:e,password:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:i.user});n.onTransition(c=>{c.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,needsMfaOtp:!1,mfa:null,user:null}):c.matches({authentication:{signedOut:"needsMfa"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!0,mfa:c.context.mfa,user:null}):c.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:c.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:null}):c.matches({authentication:"signedIn"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:c.context.user})})}),Y=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_EMAIL",{email:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1});n.onTransition(i=>{i.matches("registration.incomplete.failed")?s({error:i.context.errors.registration||null,isError:!0,isSuccess:!1}):i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})&&s({error:null,isError:!1,isSuccess:!0})})}),Ke=(n,e)=>new Promise(r=>{const{changed:s,context:t}=n.send({type:"SIGNIN_SECURITY_KEY_EMAIL",email:e});if(!s)return r({accessToken:t.accessToken.value,refreshToken:t.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:t.user});n.onTransition(i=>{i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?r({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):i.matches({authentication:{signedOut:"failed"}})?r({accessToken:null,refreshToken:null,error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):i.matches({authentication:"signedIn"})&&r({accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:i.context.user})})}),Ve=(n,e)=>new Promise(async r=>{var E,f;const s=(E=n.interpreter)==null?void 0:E.getSnapshot(),t=s==null?void 0:s.context.accessToken.value,{data:i}=await w(`${n.backendUrl}/elevate/webauthn`,{email:e},t);let c;try{c=await Te(i)}catch(h){throw new v(h)}try{const{data:{session:h},error:a}=await w(`${n.backendUrl}/elevate/webauthn/verify`,{email:e,credential:c},t);h&&!a&&((f=n.interpreter)==null||f.send({type:"SESSION_UPDATE",data:{session:h}}),r({error:null,isError:!1,isSuccess:!0,elevated:!0}))}catch(h){const{error:a}=h;r({error:a,isError:!0,isSuccess:!1,elevated:!1})}}),Le=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_MFA_TOTP",{otp:e,ticket:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,user:i.user});n.onTransition(c=>{c.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:c.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null}):c.matches({authentication:"signedIn"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,user:c.context.user})})}),Ge=(n,e)=>new Promise(r=>{const{changed:s}=n.send("SIGNIN_PAT",{pat:e});s||r({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(t=>{if(t.matches({authentication:{signedOut:"failed"}}))return r({accessToken:null,refreshToken:null,user:null,error:t.context.errors.authentication||null,isError:!0,isSuccess:!1});if(t.matches({authentication:"signedIn"}))return r({accessToken:t.context.accessToken.value,refreshToken:t.context.refreshToken.value,user:t.context.user,error:null,isError:!1,isSuccess:!0})})}),j=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_SMS",{phoneNumber:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,needsOtp:!1});n.onTransition(i=>{i.matches("registration.incomplete.needsOtp")?s({error:null,isError:!1,isSuccess:!1,needsOtp:!0}):i.matches("registration.incomplete.failed")&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsOtp:!1})})}),He=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send({type:"PASSWORDLESS_SMS_OTP",phoneNumber:e,otp:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null});n.onTransition(i=>{i.matches({authentication:"signedIn"})?s({error:null,isError:!1,isSuccess:!0,user:i.context.user,accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value}):i.matches({registration:{incomplete:"failed"}})&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null})})}),$e=async(n,e)=>new Promise(r=>{const{event:s}=n.send("SIGNOUT",{all:e});if(s.type!=="SIGNED_OUT")return r({isSuccess:!1,isError:!0,error:ae});n.onTransition(t=>{t.matches({authentication:{signedOut:"success"}})?r({isSuccess:!0,isError:!1,error:null}):t.matches("authentication.signedOut.failed")&&r({isSuccess:!1,isError:!0,error:t.context.errors.signout||null})})}),B=(n,e,r,s)=>new Promise(t=>{const{changed:i,context:c}=n.send("SIGNUP_EMAIL_PASSWORD",{email:e,password:r,options:s});if(!i)return t({error:_,accessToken:c.accessToken.value,refreshToken:c.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:c.user});n.onTransition(E=>{E.matches("registration.incomplete.failed")?t({accessToken:null,refreshToken:null,error:E.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):E.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?t({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):E.matches({authentication:"signedIn",registration:"complete"})&&t({accessToken:E.context.accessToken.value,refreshToken:E.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:E.context.user})})}),We=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNUP_SECURITY_KEY",{email:e,options:r});if(!t)return s({error:_,accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:i.user});n.onTransition(c=>{c.matches("registration.incomplete.failed")?s({accessToken:null,refreshToken:null,error:c.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):c.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):c.matches({authentication:"signedIn",registration:"complete"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:c.context.user})})}),ur=async({backendUrl:n,interpreter:e},{expiresAt:r,metadata:s})=>{try{const{data:t}=await w(`${n}/pat`,{expiresAt:r.toISOString(),metadata:s},e==null?void 0:e.getSnapshot().context.accessToken.value);return{data:t?{id:t.id||null,personalAccessToken:t.personalAccessToken||null}:null,isError:!1,error:null,isSuccess:!0}}catch(t){const{error:i}=t;return{isError:!0,error:i,isSuccess:!1,data:null}}};class lr{constructor({url:e,autoRefreshToken:r=!0,autoSignIn:s=!0,clientStorage:t,clientStorageType:i,refreshIntervalTime:c,start:E=!0}){var f;this.url=e,this._client=new J({backendUrl:e,clientUrl:typeof window!="undefined"&&((f=window.location)==null?void 0:f.origin)||"",autoRefreshToken:r,autoSignIn:s,start:E,clientStorage:t,clientStorageType:i,refreshIntervalTime:c})}async signUp(e){const r=await this.waitUntilReady(),{email:s,options:t}=e;return"securityKey"in e?A(await We(r,s,t)):A(await B(r,s,e.password,t))}async connectProvider(e){const s=(await this.waitUntilReady()).getSnapshot().context.accessToken.value,{provider:t,options:i}=e,c=K(`${this._client.backendUrl}/signin/provider/${t}`,p(this._client.clientUrl,{...i,connect:s}));return D()&&(window.location.href=c),{providerUrl:c}}async signIn(e){const r=await this.waitUntilReady();if(!e){const s=await xe(r);return{...A(s),mfa:null}}if("provider"in e){const{provider:s,options:t}=e,i=K(`${this._client.backendUrl}/signin/provider/${s}`,p(this._client.clientUrl,t));return D()&&(window.location.href=i),{providerUrl:i,provider:s,session:null,mfa:null,error:null}}if("email"in e&&"password"in e){const s=await Ue(r,e.email,e.password);return s.needsEmailVerification?{session:null,mfa:null,error:ce}:s.needsMfaOtp?{session:null,mfa:s.mfa,error:null}:{...A(s),mfa:null}}if("email"in e&&"securityKey"in e){if(e.securityKey!==!0)throw Error("securityKey must be true");const s=await Ke(r,e.email);return{...A(s),mfa:null}}if("email"in e){const{email:s,options:t}=e,{error:i}=await Y(r,s,t);return{session:null,mfa:null,error:i}}if("phoneNumber"in e&&"otp"in e){const s=await He(r,e.phoneNumber,e.otp);return{...A(s),mfa:null}}if("phoneNumber"in e){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s,mfa:null,session:null}}if("otp"in e){const s=await Le(r,e.otp,e.ticket);return{...A(s),mfa:null}}return{error:le,mfa:null,session:null}}async signInPAT(e){const r=await this.waitUntilReady(),s=await Ge(r,e);return A(s)}async signOut(e){const r=await this.waitUntilReady(),{error:s}=await $e(r,e==null?void 0:e.all);return{error:s}}async resetPassword({email:e,options:r}){const s=d.interpret(Oe(this._client)).start(),{error:t}=await De(s,e,r);return{error:t}}async changePassword({newPassword:e,ticket:r}){const s=d.interpret(ke(this._client)).start(),{error:t}=await Ce(s,e,r);return{error:t}}async sendVerificationEmail({email:e,options:r}){const s=d.interpret(ve(this._client)).start(),{error:t}=await Me(s,e,r);return{error:t}}async changeEmail({newEmail:e,options:r}){const s=d.interpret(ye(this._client)).start(),{error:t}=await be(s,e,r);return{error:t}}async deanonymize(e){const r=await this.waitUntilReady();if(e.signInMethod==="passwordless"){if(e.connection==="email"){const{error:s}=await Y(r,e.email,e.options);return{error:s}}if(e.connection==="sms"){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s}}}if(e.signInMethod==="email-password"){const{error:s}=await B(r,e.email,e.password,e.options);return{error:s}}throw Error("Unknown deanonymization method")}async addSecurityKey(e){const{error:r,key:s}=await Ne(this._client,e);return{error:r,key:s}}async elevateEmailSecurityKey(e){if(!e)throw Error("A user email is required");return{...await Ve(this._client,e),mfa:null}}async createPAT(e,r){return ur(this._client,{expiresAt:e,metadata:r})}onTokenChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{t.type==="TOKEN_CHANGED"&&e(b(i))});return()=>r==null?void 0:r.stop()})}onAuthStateChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{(t.type==="SIGNED_IN"||t.type==="SIGNED_OUT")&&e(t.type,b(i))});return()=>r==null?void 0:r.stop()})}isAuthenticated(){var e;return!!((e=this._client.interpreter)!=null&&e.getSnapshot().matches({authentication:"signedIn"}))}async isAuthenticatedAsync(){return(await this.waitUntilReady()).getSnapshot().matches({authentication:"signedIn"})}getAuthenticationStatus(){var r;const e=((r=this.client.interpreter)==null?void 0:r.getSnapshot().context.importTokenAttempts)||0;return this.isReady()?{isAuthenticated:this.isAuthenticated(),isLoading:!1,connectionAttempts:e}:{isAuthenticated:!1,isLoading:!0,connectionAttempts:e}}getAccessToken(){var e,r;return(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot().context.accessToken.value)!=null?r:void 0}getDecodedAccessToken(){const e=this.getAccessToken();return e?Be.decodeJwt(e):null}getHasuraClaims(){var e;return((e=this.getDecodedAccessToken())==null?void 0:e["https://hasura.io/jwt/claims"])||null}getHasuraClaim(e){var r;return((r=this.getHasuraClaims())==null?void 0:r[e.startsWith("x-hasura-")?e:`x-hasura-${e}`])||null}async refreshSession(e){try{const r=await this.waitUntilReady();return new Promise(s=>{const t=e||r.getSnapshot().context.refreshToken.value;if(!t)return s({session:null,error:ie});const{changed:i}=r.send("TRY_TOKEN",{token:t});if(!i)return s({session:null,error:oe});r.onTransition(c=>{c.matches({token:{idle:"error"}})?s({session:null,error:ue}):c.event.type==="TOKEN_CHANGED"&&s({session:b(c.context),error:null})})})}catch(r){return{session:null,error:r.message}}}getSession(){var e,r;return b((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)}getUser(){var e,r,s;return((s=(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)==null?void 0:s.user)||null}waitUntilReady(){const r=this._client.interpreter;if(!r)throw Error("Auth interpreter not set");return r.getSnapshot().hasTag("loading")?new Promise((s,t)=>{let i=setTimeout(()=>t("The state machine is not yet ready after 15 seconds."),15e3);r.onTransition(c=>{if(!c.hasTag("loading"))return clearTimeout(i),s(r)})}):Promise.resolve(r)}isReady(){var e,r;return!((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())!=null&&r.hasTag("loading"))}get client(){return this._client}}exports.AuthClient=J;exports.AuthClientSSR=or;exports.AuthCookieClient=Pe;exports.CodifiedError=v;exports.EMAIL_NEEDS_VERIFICATION=ce;exports.HasuraAuthClient=lr;exports.INITIAL_MACHINE_CONTEXT=M;exports.INVALID_EMAIL_ERROR=I;exports.INVALID_MFA_CODE_ERROR=se;exports.INVALID_MFA_TICKET_ERROR=ne;exports.INVALID_MFA_TYPE_ERROR=re;exports.INVALID_PASSWORD_ERROR=U;exports.INVALID_PHONE_NUMBER_ERROR=W;exports.INVALID_REFRESH_TOKEN=ue;exports.INVALID_SIGN_IN_METHOD=le;exports.MIN_PASSWORD_LENGTH=Z;exports.NETWORK_ERROR_CODE=Q;exports.NHOST_JWT_EXPIRES_AT_KEY=k;exports.NHOST_REFRESH_TOKEN_ID_KEY=N;exports.NHOST_REFRESH_TOKEN_KEY=O;exports.NO_MFA_TICKET_ERROR=te;exports.NO_REFRESH_TOKEN=ie;exports.OTHER_ERROR_CODE=z;exports.REFRESH_TOKEN_MAX_ATTEMPTS=$;exports.STATE_ERROR_CODE=P;exports.TOKEN_REFRESHER_RUNNING_ERROR=oe;exports.TOKEN_REFRESH_MARGIN_SECONDS=ee;exports.USER_ALREADY_SIGNED_IN=_;exports.USER_NOT_ANONYMOUS=Qe;exports.USER_UNAUTHENTICATED=ae;exports.VALIDATION_ERROR_CODE=R;exports.activateMfaPromise=cr;exports.addSecurityKeyPromise=Ne;exports.changeEmailPromise=be;exports.changePasswordPromise=Ce;exports.createAuthMachine=Se;exports.createChangeEmailMachine=ye;exports.createChangePasswordMachine=ke;exports.createEnableMfaMachine=ir;exports.createResetPasswordMachine=Oe;exports.createSendVerificationEmailMachine=ve;exports.elevateEmailSecurityKeyPromise=Ve;exports.encodeQueryParameters=K;exports.generateQrCodePromise=ar;exports.getAuthenticationResult=A;exports.getFetch=Ae;exports.getParameterByName=C;exports.getSession=b;exports.isBrowser=D;exports.isValidEmail=y;exports.isValidPassword=V;exports.isValidPhoneNumber=F;exports.isValidTicket=Ie;exports.localStorageGetter=pe;exports.localStorageSetter=we;exports.postFetch=w;exports.removeParameterFromWindow=q;exports.resetPasswordPromise=De;exports.rewriteRedirectTo=p;exports.sendVerificationEmailPromise=Me;exports.signInAnonymousPromise=xe;exports.signInEmailPasswordPromise=Ue;exports.signInEmailPasswordlessPromise=Y;exports.signInEmailSecurityKeyPromise=Ke;exports.signInMfaTotpPromise=Le;exports.signInPATPromise=Ge;exports.signInSmsPasswordlessOtpPromise=He;exports.signInSmsPasswordlessPromise=j;exports.signOutPromise=$e;exports.signUpEmailPasswordPromise=B;exports.signUpEmailSecurityKeyPromise=We; | ||
| "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const Fe=require("jose"),d=require("xstate"),H=require("js-cookie"),Ye=require("fetch-ponyfill");function je(t){const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(t){for(const r in t)if(r!=="default"){const s=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(e,r,s.get?s:{enumerable:!0,get:()=>t[r]})}}return e.default=t,Object.freeze(e)}const Be=je(Fe),O="nhostRefreshToken",N="nhostRefreshTokenId",k="nhostRefreshTokenExpiresAt",Z=3,ee=60,$=5,Q=0,z=1,R=10,P=20;class v extends Error{constructor(e){super(e.message),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),e instanceof Error?(this.name=e.name,this.error={error:e.name,status:z,message:e.message}):(this.name=e.error,this.error=e)}}const I={status:R,error:"invalid-email",message:"Email is incorrectly formatted"},re={status:R,error:"invalid-mfa-type",message:"MFA type is invalid"},se={status:R,error:"invalid-mfa-code",message:"MFA code is invalid"},U={status:R,error:"invalid-password",message:"Password is incorrectly formatted"},W={status:R,error:"invalid-phone-number",message:"Phone number is incorrectly formatted"},te={status:R,error:"invalid-mfa-ticket",message:"MFA ticket is invalid"},ne={status:R,error:"no-mfa-ticket",message:"No MFA ticket has been provided"},ie={status:R,error:"no-refresh-token",message:"No refresh token has been provided"},oe={status:P,error:"refresher-already-running",message:"The token refresher is already running. You must wait until is has finished before submitting a new token."},_={status:P,error:"already-signed-in",message:"User is already signed in"},ae={status:P,error:"unauthenticated-user",message:"User is not authenticated"},Qe={status:P,error:"user-not-anonymous",message:"User is not anonymous"},ce={status:P,error:"unverified-user",message:"Email needs verification"},ue={status:R,error:"invalid-refresh-token",message:"Invalid or expired refresh token"},le={status:z,error:"invalid-sign-in-method",message:"Invalid sign-in method"},M={user:null,mfa:null,accessToken:{value:null,expiresAt:null,expiresInSeconds:15},refreshTimer:{startedAt:null,attempts:0,lastAttempt:null},refreshToken:{value:null},importTokenAttempts:0,errors:{}};function ze(t){return new TextEncoder().encode(t)}function S(t){const e=new Uint8Array(t);let r="";for(const n of e)r+=String.fromCharCode(n);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function X(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),r=(4-e.length%4)%4,s=e.padEnd(e.length+r,"="),n=atob(s),i=new ArrayBuffer(n.length),c=new Uint8Array(i);for(let E=0;E<n.length;E++)c[E]=n.charCodeAt(E);return i}function de(){return(window==null?void 0:window.PublicKeyCredential)!==void 0&&typeof window.PublicKeyCredential=="function"}function he(t){const{id:e}=t;return{...t,id:X(e),transports:t.transports}}function fe(t){return t==="localhost"||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(t)}class g extends Error{constructor({message:e,code:r,cause:s,name:n}){super(e,{cause:s}),this.name=n!=null?n:s.name,this.code=r}}function Xe({error:t,options:e}){var s,n;const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(t.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if(t.name==="ConstraintError"){if(((s=r.authenticatorSelection)==null?void 0:s.requireResidentKey)===!0)return new g({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if(((n=r.authenticatorSelection)==null?void 0:n.userVerification)==="required")return new g({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if(t.name==="InvalidStateError")return new g({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if(t.name==="NotAllowedError")return new g({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if(t.name==="NotSupportedError")return r.pubKeyCredParams.filter(c=>c.type==="public-key").length===0?new g({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new g({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if(t.name==="SecurityError"){const i=window.location.hostname;if(fe(i)){if(r.rp.id!==i)return new g({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t})}else if(t.name==="TypeError"){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new g({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if(t.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}class Je{createNewAbortSignal(){if(this.controller){const r=new Error("Cancelling existing WebAuthn API call for new one");r.name="AbortError",this.controller.abort(r)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}}const Ee=new Je,Ze=["cross-platform","platform"];function me(t){if(t&&!(Ze.indexOf(t)<0))return t}async function ge(t){var u;if(!de())throw new Error("WebAuthn is not supported in this browser");const r={publicKey:{...t,challenge:X(t.challenge),user:{...t.user,id:ze(t.user.id)},excludeCredentials:(u=t.excludeCredentials)==null?void 0:u.map(he)}};r.signal=Ee.createNewAbortSignal();let s;try{s=await navigator.credentials.create(r)}catch(l){throw Xe({error:l,options:r})}if(!s)throw new Error("Registration was not completed");const{id:n,rawId:i,response:c,type:E}=s;let h;typeof c.getTransports=="function"&&(h=c.getTransports());let f;if(typeof c.getPublicKeyAlgorithm=="function")try{f=c.getPublicKeyAlgorithm()}catch(l){G("getPublicKeyAlgorithm()",l)}let a;if(typeof c.getPublicKey=="function")try{const l=c.getPublicKey();l!==null&&(a=S(l))}catch(l){G("getPublicKey()",l)}let o;if(typeof c.getAuthenticatorData=="function")try{o=S(c.getAuthenticatorData())}catch(l){G("getAuthenticatorData()",l)}return{id:n,rawId:S(i),response:{attestationObject:S(c.attestationObject),clientDataJSON:S(c.clientDataJSON),transports:h,publicKeyAlgorithm:f,publicKey:a,authenticatorData:o},type:E,clientExtensionResults:s.getClientExtensionResults(),authenticatorAttachment:me(s.authenticatorAttachment)}}function G(t,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${t}. You should report this error to them. | ||
| `,e)}function er(t){return new TextDecoder("utf-8").decode(t)}function rr(){const t=window.PublicKeyCredential;return t.isConditionalMediationAvailable===void 0?new Promise(e=>e(!1)):t.isConditionalMediationAvailable()}function sr({error:t,options:e}){const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(t.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else{if(t.name==="NotAllowedError")return new g({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if(t.name==="SecurityError"){const s=window.location.hostname;if(fe(s)){if(r.rpId!==s)return new g({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t})}else if(t.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}return t}async function Te(t,e=!1){var o,u;if(!de())throw new Error("WebAuthn is not supported in this browser");let r;((o=t.allowCredentials)==null?void 0:o.length)!==0&&(r=(u=t.allowCredentials)==null?void 0:u.map(he));const s={...t,challenge:X(t.challenge),allowCredentials:r},n={};if(e){if(!await rr())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');n.mediation="conditional",s.allowCredentials=[]}n.publicKey=s,n.signal=Ee.createNewAbortSignal();let i;try{i=await navigator.credentials.get(n)}catch(l){throw sr({error:l,options:n})}if(!i)throw new Error("Authentication was not completed");const{id:c,rawId:E,response:h,type:f}=i;let a;return h.userHandle&&(a=er(h.userHandle)),{id:c,rawId:S(E),response:{authenticatorData:S(h.authenticatorData),clientDataJSON:S(h.clientDataJSON),signature:S(h.signature),userHandle:a},type:f,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:me(i.authenticatorAttachment)}}const L=typeof window!="undefined",x=new Map,tr=t=>{var e;return L&&typeof localStorage!="undefined"?localStorage.getItem(t):(e=x.get(t))!=null?e:null},nr=(t,e)=>{L&&typeof localStorage!="undefined"?e?localStorage.setItem(t,e):localStorage.removeItem(t):e?x.set(t,e):x.has(t)&&x.delete(t)},pe=(t,e)=>{if(t==="localStorage"||t==="web")return tr;if(t==="cookie")return r=>{var s;return L&&(s=H.get(r))!=null?s:null};if(!e)throw Error(`clientStorageType is set to '${t}' but no clientStorage has been given`);if(t==="react-native")return r=>{var s;return(s=e.getItem)==null?void 0:s.call(e,r)};if(t==="capacitor")return r=>{var s;return(s=e.get)==null?void 0:s.call(e,{key:r})};if(t==="expo-secure-storage")return r=>{var s;return(s=e.getItemAsync)==null?void 0:s.call(e,r)};if(t==="custom"){if(e.getItem&&e.removeItem)return e.getItem;if(e.getItemAsync)return e.getItemAsync;throw Error(`clientStorageType is set to 'custom' but clientStorage is missing either "getItem" and "removeItem" properties or "getItemAsync" property`)}throw Error(`Unknown storage type: ${t}`)},we=(t,e)=>{if(t==="localStorage"||t==="web")return nr;if(t==="cookie")return(r,s)=>{L&&(s?H.set(r,s,{expires:30,sameSite:"lax",httpOnly:!1}):H.remove(r))};if(!e)throw Error(`clientStorageType is set to '${t}' but no clienStorage has been given`);if(t==="react-native")return(r,s)=>{var n,i;return s?(n=e.setItem)==null?void 0:n.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(t==="capacitor")return(r,s)=>{var n,i;return s?(n=e.set)==null?void 0:n.call(e,{key:r,value:s}):(i=e.remove)==null?void 0:i.call(e,{key:r})};if(t==="expo-secure-storage")return async(r,s)=>{var n,i;return s?(n=e.setItemAsync)==null?void 0:n.call(e,r,s):(i=e.deleteItemAsync)==null?void 0:i.call(e,r)};if(t==="custom"){if(!e.removeItem)throw Error("clientStorageType is set to 'custom' but clientStorage is missing a removeItem property");if(e.setItem)return(r,s)=>{var n,i;return s?(n=e.setItem)==null?void 0:n.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(e.setItemAsync)return async(r,s)=>{var n,i;return s?(n=e.setItemAsync)==null?void 0:n.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};throw Error("clientStorageType is set to 'custom' but clientStorage is missing setItem or setItemAsync property")}throw Error(`Unknown storage type: ${t}`)},b=t=>!t||!t.accessToken.value||!t.accessToken.expiresAt||!t.user?null:{accessToken:t.accessToken.value,accessTokenExpiresIn:(t.accessToken.expiresAt.getTime()-Date.now())/1e3,refreshToken:t.refreshToken.value,user:t.user},A=({accessToken:t,refreshToken:e,isError:r,user:s,error:n})=>r?{session:null,error:n}:s&&t?{session:{accessToken:t,accessTokenExpiresIn:0,refreshToken:e,user:s},error:null}:{session:null,error:null},D=()=>typeof window!="undefined";let Re=globalThis.fetch;typeof EdgeRuntime!="string"&&(Re=Ye().fetch);const _e=async(t,e,{token:r,body:s}={})=>{const n={"Content-Type":"application/json",Accept:"*/*"};r&&(n.Authorization=`Bearer ${r}`);const i={method:e,headers:n};s&&(i.body=JSON.stringify(s));try{const c=await Re(t,i);if(!c.ok){const E=await c.json();return Promise.reject({error:E})}try{return{data:await c.json(),error:null}}catch{return console.warn(`Unexpected response: can't parse the response of the server at ${t}`),{data:"OK",error:null}}}catch{const E={message:"Network Error",status:Q,error:"network"};return Promise.reject({error:E})}},w=async(t,e,r)=>_e(t,"POST",{token:r,body:e}),Ae=(t,e)=>_e(t,"GET",{token:e}),K=(t,e)=>{const r=e&&Object.entries(e).map(([s,n])=>{const i=Array.isArray(n)?n.join(","):typeof n=="object"?JSON.stringify(n):n;return`${s}=${encodeURIComponent(i)}`}).join("&");return r?`${t}?${r}`:t},p=(t,e)=>{if(!(e!=null&&e.redirectTo))return e;const{redirectTo:r,...s}=e;if(!t)return r.startsWith("/")?s:e;const n=new URL(t),i=Object.fromEntries(new URLSearchParams(n.search)),c=new URL(r.startsWith("/")?n.origin+r:r),E=new URLSearchParams(c.search);let h=Object.fromEntries(E);r.startsWith("/")&&(h={...i,...h});let f=n.pathname;return c.pathname.length>1&&(f+=c.pathname.slice(1)),{...s,redirectTo:K(c.origin+f,h)}};function C(t,e){var n;if(!e){if(typeof window=="undefined")return;e=((n=window.location)==null?void 0:n.href)||""}t=t.replace(/[\[\]]/g,"\\$&");const r=new RegExp("[?&#]"+t+"(=([^&#]*)|&|#|$)"),s=r.exec(e);return s?s[2]?decodeURIComponent(s[2].replace(/\+/g," ")):"":null}function q(t){var r;if(typeof window=="undefined")return;const e=window==null?void 0:window.location;if(e&&e){const s=new URLSearchParams(e.search),n=new URLSearchParams((r=e.hash)==null?void 0:r.slice(1));s.delete(t),n.delete(t);let i=window.location.pathname;Array.from(s).length&&(i+=`?${s.toString()}`),Array.from(n).length&&(i+=`#${n.toString()}`),window.history.pushState({},"",i)}}const y=t=>!!t&&typeof t=="string"&&!!String(t).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/),V=t=>!!t&&typeof t=="string"&&t.length>=Z,F=t=>!!t&&typeof t=="string",Ie=t=>t&&typeof t=="string"&&t.match(/^mfaTotp:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),Se=({backendUrl:t,clientUrl:e,clientStorageType:r="web",clientStorage:s,refreshIntervalTime:n,autoRefreshToken:i=!0,autoSignIn:c=!0})=>{const E=pe(r,s),h=we(r,s),f=async(a,o,u)=>(await w(`${t}${a}`,o,u)).data;return d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},context:M,predictableActionArguments:!0,id:"nhost",type:"parallel",states:{authentication:{initial:"starting",on:{SESSION_UPDATE:[{cond:"hasSession",actions:["saveSession","resetTimer","reportTokenChanged"],target:".signedIn"}]},states:{starting:{tags:["loading"],always:{cond:"isSignedIn",target:"signedIn"},invoke:{id:"importRefreshToken",src:"importRefreshToken",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"signedIn"},{target:"signedOut"}],onError:[{cond:"shouldRetryImportToken",actions:"incrementTokenImportAttempts",target:"retryTokenImport"},{actions:["saveAuthenticationError"],target:"signedOut"}]}},retryTokenImport:{tags:["loading"],after:{RETRY_IMPORT_TOKEN_DELAY:"starting"}},signedOut:{initial:"noErrors",entry:"reportSignedOut",states:{noErrors:{},success:{},needsSmsOtp:{},needsMfa:{},failed:{},signingOut:{entry:["clearContextExceptRefreshToken"],exit:["destroyRefreshToken","reportTokenChanged"],invoke:{src:"signout",id:"signingOut",onDone:{target:"success"},onError:{target:"failed",actions:["saveAuthenticationError"]}}}},on:{SIGNIN_PASSWORD:"authenticating.password",SIGNIN_ANONYMOUS:"authenticating.anonymous",SIGNIN_SECURITY_KEY_EMAIL:"authenticating.securityKeyEmail",SIGNIN_MFA_TOTP:"authenticating.mfa.totp",SIGNIN_PAT:"authenticating.pat"}},authenticating:{entry:"resetErrors",states:{password:{invoke:{src:"signInPassword",id:"authenticateUserWithPassword",onDone:[{cond:"hasMfaTicket",actions:["saveMfaTicket"],target:"#nhost.authentication.signedOut.needsMfa"},{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"}],onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}},pat:{invoke:{src:"signInPAT",id:"authenticateWithPAT",onDone:{actions:["savePATSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},anonymous:{invoke:{src:"signInAnonymous",id:"authenticateAnonymously",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},mfa:{states:{totp:{invoke:{src:"signInMfaTotp",id:"signInMfaTotp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:["saveAuthenticationError"],target:"#nhost.authentication.signedOut.failed"}}}}},securityKeyEmail:{invoke:{src:"signInSecurityKeyEmail",id:"authenticateUserWithSecurityKey",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}}}},signedIn:{type:"parallel",entry:["reportSignedIn","cleanUrl","broadcastToken","resetErrors"],on:{SIGNOUT:"signedOut.signingOut"},states:{refreshTimer:{id:"timer",initial:"idle",states:{disabled:{type:"final"},stopped:{always:{cond:"noToken",target:"idle"}},idle:{always:[{cond:"isAutoRefreshDisabled",target:"disabled"},{cond:"isRefreshTokenPAT",target:"disabled"},{cond:"hasRefreshToken",target:"running"}]},running:{initial:"pending",entry:"resetTimer",states:{pending:{after:{1e3:{internal:!1,target:"pending"}},always:{cond:"refreshTimerShouldRefresh",target:"refreshing"}},refreshing:{invoke:{src:"refreshToken",id:"refreshToken",onDone:{actions:["saveSession","resetTimer","reportTokenChanged"],target:"pending"},onError:[{actions:"saveRefreshAttempt",target:"pending"}]}}}}}}}}}},token:{initial:"idle",states:{idle:{on:{TRY_TOKEN:"running"},initial:"noErrors",states:{noErrors:{},error:{}}},running:{invoke:{src:"refreshToken",id:"authenticateWithToken",onDone:{actions:["saveSession","reportTokenChanged"],target:["#nhost.authentication.signedIn","idle.noErrors"]},onError:[{cond:"isSignedIn",target:"idle.error"},{actions:"saveAuthenticationError",target:["#nhost.authentication.signedOut.failed","idle.error"]}]}}}},registration:{initial:"incomplete",on:{SIGNED_IN:[{cond:"isAnonymous",target:".incomplete"},".complete"]},states:{incomplete:{on:{SIGNUP_EMAIL_PASSWORD:"emailPassword",SIGNUP_SECURITY_KEY:"securityKey",PASSWORDLESS_EMAIL:"passwordlessEmail",PASSWORDLESS_SMS:"passwordlessSms",PASSWORDLESS_SMS_OTP:"passwordlessSmsOtp"},initial:"noErrors",states:{noErrors:{},needsEmailVerification:{},needsOtp:{},failed:{}}},emailPassword:{entry:["resetErrors"],invoke:{src:"signUpEmailPassword",id:"signUpEmailPassword",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},securityKey:{entry:["resetErrors"],invoke:{src:"signUpSecurityKey",id:"signUpSecurityKey",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},passwordlessEmail:{entry:["resetErrors"],invoke:{src:"passwordlessEmail",id:"passwordlessEmail",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSms:{entry:["resetErrors"],invoke:{src:"passwordlessSms",id:"passwordlessSms",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsOtp"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSmsOtp:{entry:["resetErrors"],invoke:{src:"passwordlessSmsOtp",id:"passwordlessSmsOtp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},complete:{on:{SIGNED_OUT:"incomplete"}}}}}},{actions:{reportSignedIn:d.send("SIGNED_IN"),reportSignedOut:d.send("SIGNED_OUT"),reportTokenChanged:d.send("TOKEN_CHANGED"),incrementTokenImportAttempts:d.assign({importTokenAttempts:({importTokenAttempts:a})=>a+1}),clearContext:d.assign(()=>(h(k,null),h(O,null),h(N,null),{...M})),clearContextExceptRefreshToken:d.assign(({refreshToken:{value:a}})=>(h(k,null),{...M,refreshToken:{value:a}})),saveSession:d.assign({user:(a,{data:o})=>{var u;return((u=o==null?void 0:o.session)==null?void 0:u.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:u,accessToken:l}=o.session,m=new Date(Date.now()+u*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:u}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const u=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return u&&h(O,u),l&&h(N,l),{value:u}}}),savePATSession:d.assign({user:(a,{data:o})=>{var u;return((u=o==null?void 0:o.session)==null?void 0:u.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:u,accessToken:l}=o.session,m=new Date(Date.now()+u*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:u}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const u=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return u&&h(O,u),l&&h(N,l),{value:u,isPAT:!0}}}),saveMfaTicket:d.assign({mfa:(a,o)=>{var u;return(u=o.data)==null?void 0:u.mfa}}),resetTimer:d.assign({refreshTimer:a=>({startedAt:new Date,attempts:0,lastAttempt:null})}),saveRefreshAttempt:d.assign({refreshTimer:(a,o)=>({startedAt:a.refreshTimer.startedAt,attempts:a.refreshTimer.attempts+1,lastAttempt:new Date})}),saveAuthenticationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,authentication:o})}),resetErrors:d.assign({errors:a=>({}),importTokenAttempts:a=>0}),saveRegistrationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,registration:o})}),destroyRefreshToken:d.assign({refreshToken:a=>(h(O,null),h(N,null),{value:null})}),cleanUrl:()=>{c&&C("refreshToken")&&(q("refreshToken"),q("type"))},broadcastToken:a=>{if(c)try{new BroadcastChannel("nhost").postMessage({type:"broadcast_token",payload:{token:a.refreshToken.value}})}catch{}}},guards:{isAnonymous:(a,o)=>{var u;return!!((u=a.user)!=null&&u.isAnonymous)},isSignedIn:a=>!!a.user&&!!a.accessToken.value,noToken:a=>!a.refreshToken.value,isRefreshTokenPAT:a=>{var o;return!!((o=a.refreshToken)!=null&&o.isPAT)},hasRefreshToken:a=>!!a.refreshToken.value,isAutoRefreshDisabled:()=>!i,refreshTimerShouldRefresh:a=>{const{expiresAt:o}=a.accessToken;if(!o)return!1;if(o.getTime()<Date.now())return!0;if(a.refreshTimer.lastAttempt)return a.refreshTimer.attempts>$?!1:Date.now()-a.refreshTimer.lastAttempt.getTime()>Math.pow(2,a.refreshTimer.attempts-1)*5e3;if(n&&Date.now()-a.refreshTimer.startedAt.getTime()>n*1e3)return!0;const u=a.accessToken.expiresInSeconds;return u?o.getTime()-Date.now()-1e3*Math.min(ee,u*.5)<=0:!1},shouldRetryImportToken:(a,o)=>a.importTokenAttempts<$&&(o.data.error.status===Q||o.data.error.status>=500),unverified:(a,{data:{error:o}})=>o.status===401&&(o.message==="Email is not verified"||o.error==="unverified-user"),hasSession:(a,o)=>{var u;return!!((u=o.data)!=null&&u.session)},hasMfaTicket:(a,o)=>{var u;return!!((u=o.data)!=null&&u.mfa)}},services:{signInPassword:(a,{email:o,password:u})=>y(o)?V(u)?f("/signin/email-password",{email:o,password:u}):Promise.reject({error:U}):Promise.reject({error:I}),signInPAT:(a,{pat:o})=>f("/signin/pat",{personalAccessToken:o}),passwordlessSms:(a,{phoneNumber:o,options:u})=>{var l;return F(o)?(l=a.user)!=null&&l.isAnonymous?(console.warn("Deanonymisation from a phone number is not yet implemented in hasura-auth"),f("/user/deanonymize",{signInMethod:"passwordless",connection:"sms",phoneNumber:o,options:p(e,u)},a.accessToken.value)):f("/signin/passwordless/sms",{phoneNumber:o,options:p(e,u)}):Promise.reject({error:W})},passwordlessSmsOtp:(a,{phoneNumber:o,otp:u})=>F(o)?f("/signin/passwordless/sms/otp",{phoneNumber:o,otp:u}):Promise.reject({error:W}),passwordlessEmail:(a,{email:o,options:u})=>{var l;return y(o)?(l=a.user)!=null&&l.isAnonymous?f("/user/deanonymize",{signInMethod:"passwordless",connection:"email",email:o,options:p(e,u)},a.accessToken.value):f("/signin/passwordless/email",{email:o,options:p(e,u)}):Promise.reject({error:I})},signInAnonymous:a=>f("/signin/anonymous"),signInMfaTotp:(a,o)=>{var l;const u=o.ticket||((l=a.mfa)==null?void 0:l.ticket);return u?Ie(u)?f("/signin/mfa/totp",{ticket:u,otp:o.otp}):Promise.reject({error:te}):Promise.reject({error:ne})},signInSecurityKeyEmail:async(a,{email:o})=>{if(!y(o))throw new v(I);const u=await f("/signin/webauthn",{email:o});let l;try{l=await Te(u)}catch(m){throw new v(m)}return f("/signin/webauthn/verify",{email:o,credential:l})},refreshToken:async(a,o)=>{const u=o.type==="TRY_TOKEN"?o.token:a.refreshToken.value;return{session:await f("/token",{refreshToken:u}),error:null}},signout:async(a,o)=>{const u=await f("/signout",{refreshToken:a.refreshToken.value,all:!!o.all});try{new BroadcastChannel("nhost").postMessage({type:"signout"})}catch{}return u},signUpEmailPassword:async(a,{email:o,password:u,options:l})=>{var m;return y(o)?V(u)?(m=a.user)!=null&&m.isAnonymous?f("/user/deanonymize",{signInMethod:"email-password",email:o,password:u,options:p(e,l)},a.accessToken.value):f("/signup/email-password",{email:o,password:u,options:p(e,l)}):Promise.reject({error:U}):Promise.reject({error:I})},signUpSecurityKey:async(a,{email:o,options:u})=>{if(!y(o))return Promise.reject({error:I});const l=u==null?void 0:u.nickname;l&&delete u.nickname;const m=await f("/signup/webauthn",{email:o,options:u});let T;try{T=await ge(m)}catch(qe){throw new v(qe)}return f("/signup/webauthn/verify",{credential:T,options:{redirectTo:u==null?void 0:u.redirectTo,nickname:l}})},importRefreshToken:async a=>{if(a.user&&a.refreshToken.value&&a.accessToken.value&&a.accessToken.expiresAt)return{session:{accessToken:a.accessToken.value,accessTokenExpiresIn:a.accessToken.expiresAt.getTime()-Date.now(),refreshToken:a.refreshToken.value,user:a.user},error:null};let o=null;if(c){const l=C("refreshToken")||null;if(l)try{return{session:await f("/token",{refreshToken:l}),error:null}}catch(m){o=m.error}else{const m=C("error"),T=C("errorDescription");if(m&&T!=="social user already exists")return Promise.reject({session:null,error:{status:R,error:m,message:T||m}})}}const u=await E(O);if(u)try{return{session:await f("/token",{refreshToken:u}),error:null}}catch(l){o=l.error}return o?Promise.reject({error:o,session:null}):{error:null,session:null}}},delays:{RETRY_IMPORT_TOKEN_DELAY:({importTokenAttempts:a})=>Math.pow(2,a-1)*5e3}})},ye=({backendUrl:t,clientUrl:e,interpreter:r})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changeEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:s=>I}),saveRequestError:d.assign({error:(s,{data:{error:n}})=>n}),reportError:d.send(s=>({type:"ERROR",error:s.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(s,{email:n})=>!y(n)},services:{requestChange:async(s,{email:n,options:i})=>(await w(`${t}/user/email/change`,{newEmail:n,options:p(e,i)},r==null?void 0:r.getSnapshot().context.accessToken.value)).data}}),ke=({backendUrl:t,interpreter:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidPassword",actions:"saveInvalidPasswordError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidPasswordError:d.assign({error:r=>U}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidPassword:(r,{password:s})=>!V(s)},services:{requestChange:(r,{password:s,ticket:n})=>w(`${t}/user/password`,{newPassword:s,ticket:n},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),ir=({backendUrl:t,interpreter:e})=>d.createMachine({schema:{context:{},events:{}},tsTypes:{},predictableActionArguments:!0,id:"enableMfa",initial:"idle",context:{error:null,imageUrl:null,secret:null},states:{idle:{initial:"initial",on:{GENERATE:"generating"},states:{initial:{},error:{}}},generating:{invoke:{src:"generate",id:"generate",onDone:{target:"generated",actions:["reportGeneratedSuccess","saveGeneration"]},onError:{actions:["saveError","reportGeneratedError"],target:"idle.error"}}},generated:{initial:"idle",states:{idle:{initial:"idle",on:{ACTIVATE:[{cond:"invalidMfaType",actions:"saveInvalidMfaTypeError",target:".error"},{cond:"invalidMfaCode",actions:"saveInvalidMfaCodeError",target:".error"},{target:"activating"}]},states:{idle:{},error:{}}},activating:{invoke:{src:"activate",id:"activate",onDone:{target:"activated",actions:"reportSuccess"},onError:{actions:["saveError","reportError"],target:"idle.error"}}},activated:{type:"final"}}}}},{actions:{saveInvalidMfaTypeError:d.assign({error:r=>re}),saveInvalidMfaCodeError:d.assign({error:r=>se}),saveError:d.assign({error:(r,{data:{error:s}})=>s}),saveGeneration:d.assign({imageUrl:(r,{data:{imageUrl:s}})=>s,secret:(r,{data:{totpSecret:s}})=>s}),reportError:d.send((r,s)=>(console.log("REPORT",r,s),{type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS"),reportGeneratedSuccess:d.send("GENERATED"),reportGeneratedError:d.send(r=>({type:"GENERATED_ERROR",error:r.error}))},guards:{invalidMfaCode:(r,{code:s})=>!s,invalidMfaType:(r,{activeMfaType:s})=>!s||s!=="totp"},services:{generate:async r=>{const{data:s}=await Ae(`${t}/mfa/totp/generate`,e==null?void 0:e.getSnapshot().context.accessToken.value);return s},activate:(r,{code:s,activeMfaType:n})=>w(`${t}/user/mfa`,{code:s,activeMfaType:n},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),Oe=({backendUrl:t,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{requestChange:(r,{email:s,options:n})=>w(`${t}/user/password/reset`,{email:s,options:p(e,n)})}}),ve=({backendUrl:t,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"sendVerificationEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"request",id:"request",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{request:async(r,{email:s,options:n})=>(await w(`${t}/user/email/send-verification-email`,{email:s,options:p(e,n)})).data}});class J{constructor({clientStorageType:e="web",autoSignIn:r=!0,autoRefreshToken:s=!0,start:n=!0,backendUrl:i,clientUrl:c,devTools:E,...h}){var f;if(this._started=!1,this._subscriptionsQueue=new Set,this._subscriptions=new Set,this.backendUrl=i,this.clientUrl=c,this._machine=Se({...h,backendUrl:i,clientUrl:c,clientStorageType:e,autoSignIn:r,autoRefreshToken:s}),n&&this.start({devTools:E}),typeof window!="undefined")try{this._channel=new BroadcastChannel("nhost"),r&&((f=this._channel)==null||f.addEventListener("message",a=>{var l;const{type:o,payload:u}=a.data;if(o==="broadcast_token"){const m=(l=this.interpreter)==null?void 0:l.getSnapshot().context.refreshToken.value;this.interpreter&&u.token.data!==m&&this.interpreter.send("TRY_TOKEN",{token:u.token.data})}})),this._channel.addEventListener("message",a=>{const{type:o}=a.data;o==="signout"&&this.interpreter&&this.interpreter.send("SIGNOUT")})}catch{}}start({devTools:e=!1,initialSession:r,interpreter:s}={}){var c,E;const n={...this.machine.context};r&&(n.user=r.user,n.refreshToken.value=(c=r.refreshToken)!=null?c:null,n.accessToken.value=(E=r.accessToken)!=null?E:null,n.accessToken.expiresAt=new Date(Date.now()+r.accessTokenExpiresIn*1e3));const i=this.machine.withContext(n);this._interpreter||(this._interpreter=s||d.interpret(i,{devTools:e})),(!this._started||typeof window=="undefined")&&(this._interpreter.initialized&&(this._interpreter.stop(),this._subscriptions.forEach(h=>h())),this._interpreter.start(i.initialState),this._subscriptionsQueue.forEach(h=>h(this))),this._started=!0}get machine(){return this._machine}get interpreter(){return this._interpreter}get started(){return this._started}subscribe(e){if(this.started){const r=e(this);return this._subscriptions.add(r),r}else return this._subscriptionsQueue.add(e),()=>{console.log("onTokenChanged was added before the interpreter started. Cannot unsubscribe listener.")}}}class Pe extends J{constructor({...e}){super({...e,autoSignIn:D()&&e.autoSignIn,autoRefreshToken:D()&&e.autoRefreshToken,clientStorageType:"cookie"})}}const or=Pe,Ne=async({backendUrl:t,interpreter:e},r)=>{try{const{data:s}=await w(`${t}/user/webauthn/add`,{},e==null?void 0:e.getSnapshot().context.accessToken.value);let n;try{n=await ge(s)}catch(c){throw new v(c)}const{data:i}=await w(`${t}/user/webauthn/verify`,{credential:n,nickname:r},e==null?void 0:e.getSnapshot().context.accessToken.value);return{key:i,isError:!1,error:null,isSuccess:!0}}catch(s){const{error:n}=s;return{isError:!0,error:n,isSuccess:!1}}},be=async(t,e,r)=>new Promise(s=>{t.send("REQUEST",{email:e,options:r}),t.onTransition(n=>{n.matches({idle:"error"})?s({error:n.context.error,isError:!0,needsEmailVerification:!1}):n.matches({idle:"success"})&&s({error:null,isError:!1,needsEmailVerification:!0})})}),Ce=async(t,e,r)=>new Promise(s=>{t.send("REQUEST",{password:e,ticket:r}),t.onTransition(n=>{n.matches({idle:"error"})?s({error:n.context.error,isError:!0,isSuccess:!1}):n.matches({idle:"success"})&&s({error:null,isError:!1,isSuccess:!0})})}),ar=t=>new Promise(e=>{t.send("GENERATE"),t.onTransition(r=>{r.matches("generated")?e({error:null,isError:!1,isGenerated:!0,qrCodeDataUrl:r.context.imageUrl||""}):r.matches({idle:"error"})&&e({error:r.context.error||null,isError:!0,isGenerated:!1,qrCodeDataUrl:""})})}),cr=(t,e)=>new Promise(r=>{t.send("ACTIVATE",{activeMfaType:"totp",code:e}),t.onTransition(s=>{s.matches({generated:"activated"})?r({error:null,isActivated:!0,isError:!1}):s.matches({generated:{idle:"error"}})&&r({error:s.context.error,isActivated:!1,isError:!0})})}),De=async(t,e,r)=>new Promise(s=>{t.send("REQUEST",{email:e,options:r}),t.onTransition(n=>{n.matches({idle:"error"})?s({error:n.context.error,isError:!0,isSent:!1}):n.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),Me=(t,e,r)=>new Promise(s=>{t.send("REQUEST",{email:e,options:r}),t.onTransition(n=>{n.matches({idle:"error"})?s({error:n.context.error,isError:!0,isSent:!1}):n.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),xe=t=>new Promise(e=>{const{changed:r}=t.send("SIGNIN_ANONYMOUS");r||e({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),t.onTransition(s=>{s.matches({authentication:"signedIn"})&&e({isSuccess:!0,isError:!1,error:null,user:s.context.user,accessToken:s.context.accessToken.value,refreshToken:s.context.refreshToken.value}),s.matches({authentication:{signedOut:"failed"}})&&e({isSuccess:!1,isError:!0,error:s.context.errors.authentication||null,user:null,accessToken:null,refreshToken:null})})}),Ue=(t,e,r)=>new Promise(s=>{const{changed:n,context:i}=t.send("SIGNIN_PASSWORD",{email:e,password:r});if(!n)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:i.user});t.onTransition(c=>{c.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,needsMfaOtp:!1,mfa:null,user:null}):c.matches({authentication:{signedOut:"needsMfa"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!0,mfa:c.context.mfa,user:null}):c.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:c.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:null}):c.matches({authentication:"signedIn"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:c.context.user})})}),Y=(t,e,r)=>new Promise(s=>{const{changed:n}=t.send("PASSWORDLESS_EMAIL",{email:e,options:r});if(!n)return s({error:_,isError:!0,isSuccess:!1});t.onTransition(i=>{i.matches("registration.incomplete.failed")?s({error:i.context.errors.registration||null,isError:!0,isSuccess:!1}):i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})&&s({error:null,isError:!1,isSuccess:!0})})}),Ke=(t,e)=>new Promise(r=>{const{changed:s,context:n}=t.send({type:"SIGNIN_SECURITY_KEY_EMAIL",email:e});if(!s)return r({accessToken:n.accessToken.value,refreshToken:n.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:n.user});t.onTransition(i=>{i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?r({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):i.matches({authentication:{signedOut:"failed"}})?r({accessToken:null,refreshToken:null,error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):i.matches({authentication:"signedIn"})&&r({accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:i.context.user})})}),Ve=(t,e)=>new Promise(async r=>{var E,h;const s=(E=t.interpreter)==null?void 0:E.getSnapshot(),n=s==null?void 0:s.context.accessToken.value,{data:i}=await w(`${t.backendUrl}/elevate/webauthn`,{email:e},n);let c;try{c=await Te(i)}catch(f){throw new v(f)}try{const{data:{session:f},error:a}=await w(`${t.backendUrl}/elevate/webauthn/verify`,{email:e,credential:c},n);f&&!a&&((h=t.interpreter)==null||h.send({type:"SESSION_UPDATE",data:{session:f}}),r({error:null,isError:!1,isSuccess:!0,elevated:!0}))}catch(f){const{error:a}=f;r({error:a,isError:!0,isSuccess:!1,elevated:!1})}}),Le=(t,e,r)=>new Promise(s=>{const{changed:n,context:i}=t.send("SIGNIN_MFA_TOTP",{otp:e,ticket:r});if(!n)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,user:i.user});t.onTransition(c=>{c.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:c.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null}):c.matches({authentication:"signedIn"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,user:c.context.user})})}),Ge=(t,e)=>new Promise(r=>{const{changed:s}=t.send("SIGNIN_PAT",{pat:e});s||r({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),t.onTransition(n=>{if(n.matches({authentication:{signedOut:"failed"}}))return r({accessToken:null,refreshToken:null,user:null,error:n.context.errors.authentication||null,isError:!0,isSuccess:!1});if(n.matches({authentication:"signedIn"}))return r({accessToken:n.context.accessToken.value,refreshToken:n.context.refreshToken.value,user:n.context.user,error:null,isError:!1,isSuccess:!0})})}),j=(t,e,r)=>new Promise(s=>{const{changed:n}=t.send("PASSWORDLESS_SMS",{phoneNumber:e,options:r});if(!n)return s({error:_,isError:!0,isSuccess:!1,needsOtp:!1});t.onTransition(i=>{i.matches("registration.incomplete.needsOtp")?s({error:null,isError:!1,isSuccess:!1,needsOtp:!0}):i.matches("registration.incomplete.failed")&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsOtp:!1})})}),He=(t,e,r)=>new Promise(s=>{const{changed:n}=t.send({type:"PASSWORDLESS_SMS_OTP",phoneNumber:e,otp:r});if(!n)return s({error:_,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null});t.onTransition(i=>{i.matches({authentication:"signedIn"})?s({error:null,isError:!1,isSuccess:!0,user:i.context.user,accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value}):i.matches({registration:{incomplete:"failed"}})&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null})})}),$e=async(t,e)=>new Promise(r=>{const{event:s}=t.send("SIGNOUT",{all:e});if(s.type!=="SIGNED_OUT")return r({isSuccess:!1,isError:!0,error:ae});t.onTransition(n=>{n.matches({authentication:{signedOut:"success"}})?r({isSuccess:!0,isError:!1,error:null}):n.matches("authentication.signedOut.failed")&&r({isSuccess:!1,isError:!0,error:n.context.errors.signout||null})})}),B=(t,e,r,s)=>new Promise(n=>{const{changed:i,context:c}=t.send("SIGNUP_EMAIL_PASSWORD",{email:e,password:r,options:s});if(!i)return n({error:_,accessToken:c.accessToken.value,refreshToken:c.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:c.user});t.onTransition(E=>{E.matches("registration.incomplete.failed")?n({accessToken:null,refreshToken:null,error:E.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):E.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?n({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):E.matches({authentication:"signedIn",registration:"complete"})&&n({accessToken:E.context.accessToken.value,refreshToken:E.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:E.context.user})})}),We=(t,e,r)=>new Promise(s=>{const{changed:n,context:i}=t.send("SIGNUP_SECURITY_KEY",{email:e,options:r});if(!n)return s({error:_,accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:i.user});t.onTransition(c=>{c.matches("registration.incomplete.failed")?s({accessToken:null,refreshToken:null,error:c.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):c.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):c.matches({authentication:"signedIn",registration:"complete"})&&s({accessToken:c.context.accessToken.value,refreshToken:c.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:c.context.user})})}),ur=async({backendUrl:t,interpreter:e},{expiresAt:r,metadata:s})=>{try{const{data:n}=await w(`${t}/pat`,{expiresAt:r.toISOString(),metadata:s},e==null?void 0:e.getSnapshot().context.accessToken.value);return{data:n?{id:n.id||null,personalAccessToken:n.personalAccessToken||null}:null,isError:!1,error:null,isSuccess:!0}}catch(n){const{error:i}=n;return{isError:!0,error:i,isSuccess:!1,data:null}}};class lr{constructor({url:e,autoRefreshToken:r=!0,autoSignIn:s=!0,clientStorage:n,clientStorageType:i,refreshIntervalTime:c,start:E=!0}){var h;this.url=e,this._client=new J({backendUrl:e,clientUrl:typeof window!="undefined"&&((h=window.location)==null?void 0:h.origin)||"",autoRefreshToken:r,autoSignIn:s,start:E,clientStorage:n,clientStorageType:i,refreshIntervalTime:c})}async signUp(e){const r=await this.waitUntilReady(),{email:s,options:n}=e;return"securityKey"in e?A(await We(r,s,n)):A(await B(r,s,e.password,n))}async connectProvider(e){const s=(await this.waitUntilReady()).getSnapshot().context.accessToken.value,{provider:n,options:i}=e,c=K(`${this._client.backendUrl}/signin/provider/${n}`,p(this._client.clientUrl,{...i,connect:s}));return D()&&(window.location.href=c),{providerUrl:c}}async signIn(e){const r=await this.waitUntilReady();if(!e){const s=await xe(r);return{...A(s),mfa:null}}if("provider"in e){const{provider:s,options:n}=e,i=K(`${this._client.backendUrl}/signin/provider/${s}`,p(this._client.clientUrl,n));return D()&&(window.location.href=i),{providerUrl:i,provider:s,session:null,mfa:null,error:null}}if("email"in e&&"password"in e){const s=await Ue(r,e.email,e.password);return s.needsEmailVerification?{session:null,mfa:null,error:ce}:s.needsMfaOtp?{session:null,mfa:s.mfa,error:null}:{...A(s),mfa:null}}if("email"in e&&"securityKey"in e){if(e.securityKey!==!0)throw Error("securityKey must be true");const s=await Ke(r,e.email);return{...A(s),mfa:null}}if("email"in e){const{email:s,options:n}=e,{error:i}=await Y(r,s,n);return{session:null,mfa:null,error:i}}if("phoneNumber"in e&&"otp"in e){const s=await He(r,e.phoneNumber,e.otp);return{...A(s),mfa:null}}if("phoneNumber"in e){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s,mfa:null,session:null}}if("otp"in e){const s=await Le(r,e.otp,e.ticket);return{...A(s),mfa:null}}return{error:le,mfa:null,session:null}}async signInPAT(e){const r=await this.waitUntilReady(),s=await Ge(r,e);return A(s)}async signOut(e){const r=await this.waitUntilReady(),{error:s}=await $e(r,e==null?void 0:e.all);return{error:s}}async resetPassword({email:e,options:r}){const s=d.interpret(Oe(this._client)).start(),{error:n}=await De(s,e,r);return{error:n}}async changePassword({newPassword:e,ticket:r}){const s=d.interpret(ke(this._client)).start(),{error:n}=await Ce(s,e,r);return{error:n}}async sendVerificationEmail({email:e,options:r}){const s=d.interpret(ve(this._client)).start(),{error:n}=await Me(s,e,r);return{error:n}}async changeEmail({newEmail:e,options:r}){const s=d.interpret(ye(this._client)).start(),{error:n}=await be(s,e,r);return{error:n}}async deanonymize(e){const r=await this.waitUntilReady();if(e.signInMethod==="passwordless"){if(e.connection==="email"){const{error:s}=await Y(r,e.email,e.options);return{error:s}}if(e.connection==="sms"){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s}}}if(e.signInMethod==="email-password"){const{error:s}=await B(r,e.email,e.password,e.options);return{error:s}}throw Error("Unknown deanonymization method")}async addSecurityKey(e){const{error:r,key:s}=await Ne(this._client,e);return{error:r,key:s}}async elevateEmailSecurityKey(e){if(!e)throw Error("A user email is required");return{...await Ve(this._client,e),mfa:null}}async createPAT(e,r){return ur(this._client,{expiresAt:e,metadata:r})}onTokenChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:n,context:i})=>{n.type==="TOKEN_CHANGED"&&e(b(i))});return()=>r==null?void 0:r.stop()})}onAuthStateChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:n,context:i})=>{(n.type==="SIGNED_IN"||n.type==="SIGNED_OUT")&&e(n.type,b(i))});return()=>r==null?void 0:r.stop()})}isAuthenticated(){var e;return!!((e=this._client.interpreter)!=null&&e.getSnapshot().matches({authentication:"signedIn"}))}async isAuthenticatedAsync(){return(await this.waitUntilReady()).getSnapshot().matches({authentication:"signedIn"})}getAuthenticationStatus(){var r;const e=((r=this.client.interpreter)==null?void 0:r.getSnapshot().context.importTokenAttempts)||0;return this.isReady()?{isAuthenticated:this.isAuthenticated(),isLoading:!1,connectionAttempts:e}:{isAuthenticated:!1,isLoading:!0,connectionAttempts:e}}getAccessToken(){var e,r;return(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot().context.accessToken.value)!=null?r:void 0}getDecodedAccessToken(){const e=this.getAccessToken();return e?Be.decodeJwt(e):null}getHasuraClaims(){var e;return((e=this.getDecodedAccessToken())==null?void 0:e["https://hasura.io/jwt/claims"])||null}getHasuraClaim(e){var r;return((r=this.getHasuraClaims())==null?void 0:r[e.startsWith("x-hasura-")?e:`x-hasura-${e}`])||null}async refreshSession(e){try{const r=await this.waitUntilReady();return new Promise(s=>{const n=e||r.getSnapshot().context.refreshToken.value;if(!n)return s({session:null,error:ie});const{changed:i}=r.send("TRY_TOKEN",{token:n});if(!i)return s({session:null,error:oe});r.onTransition(c=>{c.matches({token:{idle:"error"}})?s({session:null,error:ue}):c.event.type==="TOKEN_CHANGED"&&s({session:b(c.context),error:null})})})}catch(r){return{session:null,error:r.message}}}getSession(){var e,r;return b((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)}getUser(){var e,r,s;return((s=(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)==null?void 0:s.user)||null}waitUntilReady(){const r=this._client.interpreter;if(!r)throw Error("Auth interpreter not set");return r.getSnapshot().hasTag("loading")?new Promise((s,n)=>{let i=setTimeout(()=>n("The state machine is not yet ready after 15 seconds."),15e3);r.onTransition(c=>{if(!c.hasTag("loading"))return clearTimeout(i),s(r)})}):Promise.resolve(r)}isReady(){var e,r;return!((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())!=null&&r.hasTag("loading"))}get client(){return this._client}}exports.AuthClient=J;exports.AuthClientSSR=or;exports.AuthCookieClient=Pe;exports.CodifiedError=v;exports.EMAIL_NEEDS_VERIFICATION=ce;exports.HasuraAuthClient=lr;exports.INITIAL_MACHINE_CONTEXT=M;exports.INVALID_EMAIL_ERROR=I;exports.INVALID_MFA_CODE_ERROR=se;exports.INVALID_MFA_TICKET_ERROR=te;exports.INVALID_MFA_TYPE_ERROR=re;exports.INVALID_PASSWORD_ERROR=U;exports.INVALID_PHONE_NUMBER_ERROR=W;exports.INVALID_REFRESH_TOKEN=ue;exports.INVALID_SIGN_IN_METHOD=le;exports.MIN_PASSWORD_LENGTH=Z;exports.NETWORK_ERROR_CODE=Q;exports.NHOST_JWT_EXPIRES_AT_KEY=k;exports.NHOST_REFRESH_TOKEN_ID_KEY=N;exports.NHOST_REFRESH_TOKEN_KEY=O;exports.NO_MFA_TICKET_ERROR=ne;exports.NO_REFRESH_TOKEN=ie;exports.OTHER_ERROR_CODE=z;exports.REFRESH_TOKEN_MAX_ATTEMPTS=$;exports.STATE_ERROR_CODE=P;exports.TOKEN_REFRESHER_RUNNING_ERROR=oe;exports.TOKEN_REFRESH_MARGIN_SECONDS=ee;exports.USER_ALREADY_SIGNED_IN=_;exports.USER_NOT_ANONYMOUS=Qe;exports.USER_UNAUTHENTICATED=ae;exports.VALIDATION_ERROR_CODE=R;exports.activateMfaPromise=cr;exports.addSecurityKeyPromise=Ne;exports.changeEmailPromise=be;exports.changePasswordPromise=Ce;exports.createAuthMachine=Se;exports.createChangeEmailMachine=ye;exports.createChangePasswordMachine=ke;exports.createEnableMfaMachine=ir;exports.createResetPasswordMachine=Oe;exports.createSendVerificationEmailMachine=ve;exports.elevateEmailSecurityKeyPromise=Ve;exports.encodeQueryParameters=K;exports.generateQrCodePromise=ar;exports.getAuthenticationResult=A;exports.getFetch=Ae;exports.getParameterByName=C;exports.getSession=b;exports.isBrowser=D;exports.isValidEmail=y;exports.isValidPassword=V;exports.isValidPhoneNumber=F;exports.isValidTicket=Ie;exports.localStorageGetter=pe;exports.localStorageSetter=we;exports.postFetch=w;exports.removeParameterFromWindow=q;exports.resetPasswordPromise=De;exports.rewriteRedirectTo=p;exports.sendVerificationEmailPromise=Me;exports.signInAnonymousPromise=xe;exports.signInEmailPasswordPromise=Ue;exports.signInEmailPasswordlessPromise=Y;exports.signInEmailSecurityKeyPromise=Ke;exports.signInMfaTotpPromise=Le;exports.signInPATPromise=Ge;exports.signInSmsPasswordlessOtpPromise=He;exports.signInSmsPasswordlessPromise=j;exports.signOutPromise=$e;exports.signUpEmailPasswordPromise=B;exports.signUpEmailSecurityKeyPromise=We; | ||
| //# sourceMappingURL=index.cjs.js.map |
| { | ||
| "name": "@nhost/hasura-auth-js", | ||
| "version": "2.4.1", | ||
| "version": "2.4.2", | ||
| "description": "Hasura-auth client", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.39%
1453205
- Lines of code
- increased by0.29%
7965
No dependency changes