You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
@nhost/hasura-auth-js
Advanced tools
@nhost/hasura-auth-js - npm Package Compare versions
Comparing version 2.5.4 to 2.5.5
| "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const Fe=require("jwt-decode"),d=require("xstate"),H=require("js-cookie"),Ye=require("fetch-ponyfill"),O="nhostRefreshToken",N="nhostRefreshTokenId",k="nhostRefreshTokenExpiresAt",J=3,ee=60,$=5,Q=0,z=1,R=10,P=20;class v extends Error{constructor(e){super(e.message),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),e instanceof Error?(this.name=e.name,this.error={error:e.name,status:z,message:e.message}):(this.name=e.error,this.error=e)}}const I={status:R,error:"invalid-email",message:"Email is incorrectly formatted"},re={status:R,error:"invalid-mfa-type",message:"MFA type is invalid"},se={status:R,error:"invalid-mfa-code",message:"MFA code is invalid"},U={status:R,error:"invalid-password",message:"Password is incorrectly formatted"},W={status:R,error:"invalid-phone-number",message:"Phone number is incorrectly formatted"},ne={status:R,error:"invalid-mfa-ticket",message:"MFA ticket is invalid"},te={status:R,error:"no-mfa-ticket",message:"No MFA ticket has been provided"},ie={status:R,error:"no-refresh-token",message:"No refresh token has been provided"},oe={status:P,error:"refresher-already-running",message:"The token refresher is already running. You must wait until is has finished before submitting a new token."},_={status:P,error:"already-signed-in",message:"User is already signed in"},ae={status:P,error:"unauthenticated-user",message:"User is not authenticated"},je={status:P,error:"user-not-anonymous",message:"User is not anonymous"},ce={status:P,error:"unverified-user",message:"Email needs verification"},ue={status:R,error:"invalid-refresh-token",message:"Invalid or expired refresh token"},le={status:z,error:"invalid-sign-in-method",message:"Invalid sign-in method"},M={user:null,mfa:null,accessToken:{value:null,expiresAt:null,expiresInSeconds:15},refreshTimer:{startedAt:null,attempts:0,lastAttempt:null},refreshToken:{value:null},importTokenAttempts:0,errors:{}};function Be(n){return new TextEncoder().encode(n)}function S(n){const e=new Uint8Array(n);let r="";for(const t of e)r+=String.fromCharCode(t);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function X(n){const e=n.replace(/-/g,"+").replace(/_/g,"/"),r=(4-e.length%4)%4,s=e.padEnd(e.length+r,"="),t=atob(s),i=new ArrayBuffer(t.length),u=new Uint8Array(i);for(let E=0;E<t.length;E++)u[E]=t.charCodeAt(E);return i}function de(){return(window==null?void 0:window.PublicKeyCredential)!==void 0&&typeof window.PublicKeyCredential=="function"}function he(n){const{id:e}=n;return{...n,id:X(e),transports:n.transports}}function fe(n){return n==="localhost"||/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(n)}class g extends Error{constructor({message:e,code:r,cause:s,name:t}){super(e,{cause:s}),this.name=t!=null?t:s.name,this.code=r}}function Qe({error:n,options:e}){var s,t;const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(n.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else if(n.name==="ConstraintError"){if(((s=r.authenticatorSelection)==null?void 0:s.requireResidentKey)===!0)return new g({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:n});if(((t=r.authenticatorSelection)==null?void 0:t.userVerification)==="required")return new g({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:n})}else{if(n.name==="InvalidStateError")return new g({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:n});if(n.name==="NotAllowedError")return new g({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if(n.name==="NotSupportedError")return r.pubKeyCredParams.filter(u=>u.type==="public-key").length===0?new g({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:n}):new g({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:n});if(n.name==="SecurityError"){const i=window.location.hostname;if(fe(i)){if(r.rp.id!==i)return new g({message:`The RP ID "${r.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:n})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:n})}else if(n.name==="TypeError"){if(r.user.id.byteLength<1||r.user.id.byteLength>64)return new g({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:n})}else if(n.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}class ze{createNewAbortSignal(){if(this.controller){const r=new Error("Cancelling existing WebAuthn API call for new one");r.name="AbortError",this.controller.abort(r)}const e=new AbortController;return this.controller=e,e.signal}cancelCeremony(){if(this.controller){const e=new Error("Manually cancelling existing WebAuthn API call");e.name="AbortError",this.controller.abort(e),this.controller=void 0}}}const Ee=new ze,Xe=["cross-platform","platform"];function me(n){if(n&&!(Xe.indexOf(n)<0))return n}async function ge(n){var c;if(!de())throw new Error("WebAuthn is not supported in this browser");const r={publicKey:{...n,challenge:X(n.challenge),user:{...n.user,id:Be(n.user.id)},excludeCredentials:(c=n.excludeCredentials)==null?void 0:c.map(he)}};r.signal=Ee.createNewAbortSignal();let s;try{s=await navigator.credentials.create(r)}catch(l){throw Qe({error:l,options:r})}if(!s)throw new Error("Registration was not completed");const{id:t,rawId:i,response:u,type:E}=s;let h;typeof u.getTransports=="function"&&(h=u.getTransports());let f;if(typeof u.getPublicKeyAlgorithm=="function")try{f=u.getPublicKeyAlgorithm()}catch(l){G("getPublicKeyAlgorithm()",l)}let a;if(typeof u.getPublicKey=="function")try{const l=u.getPublicKey();l!==null&&(a=S(l))}catch(l){G("getPublicKey()",l)}let o;if(typeof u.getAuthenticatorData=="function")try{o=S(u.getAuthenticatorData())}catch(l){G("getAuthenticatorData()",l)}return{id:t,rawId:S(i),response:{attestationObject:S(u.attestationObject),clientDataJSON:S(u.clientDataJSON),transports:h,publicKeyAlgorithm:f,publicKey:a,authenticatorData:o},type:E,clientExtensionResults:s.getClientExtensionResults(),authenticatorAttachment:me(s.authenticatorAttachment)}}function G(n,e){console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${n}. You should report this error to them. | ||
| `,e)}function Ze(n){return new TextDecoder("utf-8").decode(n)}function Je(){const n=window.PublicKeyCredential;return n.isConditionalMediationAvailable===void 0?new Promise(e=>e(!1)):n.isConditionalMediationAvailable()}function er({error:n,options:e}){const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(n.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else{if(n.name==="NotAllowedError")return new g({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if(n.name==="SecurityError"){const s=window.location.hostname;if(fe(s)){if(r.rpId!==s)return new g({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:n})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:n})}else if(n.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}async function Te(n,e=!1){var o,c;if(!de())throw new Error("WebAuthn is not supported in this browser");let r;((o=n.allowCredentials)==null?void 0:o.length)!==0&&(r=(c=n.allowCredentials)==null?void 0:c.map(he));const s={...n,challenge:X(n.challenge),allowCredentials:r},t={};if(e){if(!await Je())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');t.mediation="conditional",s.allowCredentials=[]}t.publicKey=s,t.signal=Ee.createNewAbortSignal();let i;try{i=await navigator.credentials.get(t)}catch(l){throw er({error:l,options:t})}if(!i)throw new Error("Authentication was not completed");const{id:u,rawId:E,response:h,type:f}=i;let a;return h.userHandle&&(a=Ze(h.userHandle)),{id:u,rawId:S(E),response:{authenticatorData:S(h.authenticatorData),clientDataJSON:S(h.clientDataJSON),signature:S(h.signature),userHandle:a},type:f,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:me(i.authenticatorAttachment)}}const L=typeof window!="undefined",x=new Map,rr=n=>{var e;return L&&typeof localStorage!="undefined"?localStorage.getItem(n):(e=x.get(n))!=null?e:null},sr=(n,e)=>{L&&typeof localStorage!="undefined"?e?localStorage.setItem(n,e):localStorage.removeItem(n):e?x.set(n,e):x.has(n)&&x.delete(n)},pe=(n,e)=>{if(n==="localStorage"||n==="web")return rr;if(n==="cookie")return r=>{var s;return L&&(s=H.get(r))!=null?s:null};if(!e)throw Error(`clientStorageType is set to '${n}' but no clientStorage has been given`);if(n==="react-native")return r=>{var s;return(s=e.getItem)==null?void 0:s.call(e,r)};if(n==="capacitor")return r=>{var s;return(s=e.get)==null?void 0:s.call(e,{key:r})};if(n==="expo-secure-storage")return r=>{var s;return(s=e.getItemAsync)==null?void 0:s.call(e,r)};if(n==="custom"){if(e.getItem&&e.removeItem)return e.getItem;if(e.getItemAsync)return e.getItemAsync;throw Error(`clientStorageType is set to 'custom' but clientStorage is missing either "getItem" and "removeItem" properties or "getItemAsync" property`)}throw Error(`Unknown storage type: ${n}`)},we=(n,e)=>{if(n==="localStorage"||n==="web")return sr;if(n==="cookie")return(r,s)=>{L&&(s?H.set(r,s,{expires:30,sameSite:"lax",httpOnly:!1}):H.remove(r))};if(!e)throw Error(`clientStorageType is set to '${n}' but no clienStorage has been given`);if(n==="react-native")return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(n==="capacitor")return(r,s)=>{var t,i;return s?(t=e.set)==null?void 0:t.call(e,{key:r,value:s}):(i=e.remove)==null?void 0:i.call(e,{key:r})};if(n==="expo-secure-storage")return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.deleteItemAsync)==null?void 0:i.call(e,r)};if(n==="custom"){if(!e.removeItem)throw Error("clientStorageType is set to 'custom' but clientStorage is missing a removeItem property");if(e.setItem)return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(e.setItemAsync)return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};throw Error("clientStorageType is set to 'custom' but clientStorage is missing setItem or setItemAsync property")}throw Error(`Unknown storage type: ${n}`)},b=n=>!n||!n.accessToken.value||!n.accessToken.expiresAt||!n.user?null:{accessToken:n.accessToken.value,accessTokenExpiresIn:(n.accessToken.expiresAt.getTime()-Date.now())/1e3,refreshToken:n.refreshToken.value,user:n.user},A=({accessToken:n,refreshToken:e,isError:r,user:s,error:t})=>r?{session:null,error:t}:s&&n?{session:{accessToken:n,accessTokenExpiresIn:0,refreshToken:e,user:s},error:null}:{session:null,error:null},D=()=>typeof window!="undefined"&&typeof window.location!="undefined";let Re=globalThis.fetch;typeof EdgeRuntime!="string"&&(Re=Ye().fetch);const _e=async(n,e,{token:r,body:s}={})=>{const t={"Content-Type":"application/json",Accept:"*/*"};r&&(t.Authorization=`Bearer ${r}`);const i={method:e,headers:t};s&&(i.body=JSON.stringify(s));try{const u=await Re(n,i);if(!u.ok){const E=await u.json();return Promise.reject({error:E})}try{return{data:await u.json(),error:null}}catch{return console.warn(`Unexpected response: can't parse the response of the server at ${n}`),{data:"OK",error:null}}}catch{const E={message:"Network Error",status:Q,error:"network"};return Promise.reject({error:E})}},w=async(n,e,r)=>_e(n,"POST",{token:r,body:e}),Ae=(n,e)=>_e(n,"GET",{token:e}),K=(n,e)=>{const r=e&&Object.entries(e).map(([s,t])=>{const i=Array.isArray(t)?t.join(","):typeof t=="object"?JSON.stringify(t):t;return`${s}=${encodeURIComponent(i)}`}).join("&");return r?`${n}?${r}`:n},p=(n,e)=>{if(!(e!=null&&e.redirectTo))return e;const{redirectTo:r,...s}=e;if(!n)return r.startsWith("/")?s:e;const t=new URL(n),i=Object.fromEntries(new URLSearchParams(t.search)),u=new URL(r.startsWith("/")?t.origin+r:r),E=new URLSearchParams(u.search);let h=Object.fromEntries(E);r.startsWith("/")&&(h={...i,...h});let f=t.pathname;return u.pathname.length>1&&(f+=u.pathname.slice(1)),{...s,redirectTo:K(u.origin+f,h)}};function C(n,e){var t;if(!e){if(typeof window=="undefined")return;e=((t=window.location)==null?void 0:t.href)||""}n=n.replace(/[\[\]]/g,"\\$&");const r=new RegExp("[?&#]"+n+"(=([^&#]*)|&|#|$)"),s=r.exec(e);return s?s[2]?decodeURIComponent(s[2].replace(/\+/g," ")):"":null}function q(n){var r;if(typeof window=="undefined")return;const e=window==null?void 0:window.location;if(e&&e){const s=new URLSearchParams(e.search),t=new URLSearchParams((r=e.hash)==null?void 0:r.slice(1));s.delete(n),t.delete(n);let i=window.location.pathname;Array.from(s).length&&(i+=`?${s.toString()}`),Array.from(t).length&&(i+=`#${t.toString()}`),window.history.pushState({},"",i)}}const y=n=>!!n&&typeof n=="string"&&!!String(n).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/),V=n=>!!n&&typeof n=="string"&&n.length>=J,F=n=>!!n&&typeof n=="string",Ie=n=>n&&typeof n=="string"&&n.match(/^mfaTotp:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),Se=({backendUrl:n,clientUrl:e,clientStorageType:r="web",clientStorage:s,refreshIntervalTime:t,autoRefreshToken:i=!0,autoSignIn:u=!0})=>{const E=pe(r,s),h=we(r,s),f=async(a,o,c)=>(await w(`${n}${a}`,o,c)).data;return d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},context:M,predictableActionArguments:!0,id:"nhost",type:"parallel",states:{authentication:{initial:"starting",on:{SESSION_UPDATE:[{cond:"hasSession",actions:["saveSession","resetTimer","reportTokenChanged"],target:".signedIn"}]},states:{starting:{tags:["loading"],always:{cond:"isSignedIn",target:"signedIn"},invoke:{id:"importRefreshToken",src:"importRefreshToken",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"signedIn"},{target:"signedOut"}],onError:[{cond:"shouldRetryImportToken",actions:"incrementTokenImportAttempts",target:"retryTokenImport"},{actions:["saveAuthenticationError"],target:"signedOut"}]}},retryTokenImport:{tags:["loading"],after:{RETRY_IMPORT_TOKEN_DELAY:"starting"}},signedOut:{initial:"noErrors",entry:"reportSignedOut",states:{noErrors:{},success:{},needsSmsOtp:{},needsMfa:{},failed:{},signingOut:{entry:["clearContextExceptRefreshToken"],exit:["destroyRefreshToken","reportTokenChanged"],invoke:{src:"signout",id:"signingOut",onDone:{target:"success"},onError:{target:"failed",actions:["saveAuthenticationError"]}}}},on:{SIGNIN_PASSWORD:"authenticating.password",SIGNIN_ANONYMOUS:"authenticating.anonymous",SIGNIN_SECURITY_KEY_EMAIL:"authenticating.securityKeyEmail",SIGNIN_MFA_TOTP:"authenticating.mfa.totp",SIGNIN_PAT:"authenticating.pat"}},authenticating:{entry:"resetErrors",states:{password:{invoke:{src:"signInPassword",id:"authenticateUserWithPassword",onDone:[{cond:"hasMfaTicket",actions:["saveMfaTicket"],target:"#nhost.authentication.signedOut.needsMfa"},{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"}],onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}},pat:{invoke:{src:"signInPAT",id:"authenticateWithPAT",onDone:{actions:["savePATSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},anonymous:{invoke:{src:"signInAnonymous",id:"authenticateAnonymously",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},mfa:{states:{totp:{invoke:{src:"signInMfaTotp",id:"signInMfaTotp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:["saveAuthenticationError"],target:"#nhost.authentication.signedOut.failed"}}}}},securityKeyEmail:{invoke:{src:"signInSecurityKeyEmail",id:"authenticateUserWithSecurityKey",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}}}},signedIn:{type:"parallel",entry:["reportSignedIn","cleanUrl","broadcastToken","resetErrors"],on:{SIGNOUT:"signedOut.signingOut"},states:{refreshTimer:{id:"timer",initial:"idle",states:{disabled:{type:"final"},stopped:{always:{cond:"noToken",target:"idle"}},idle:{always:[{cond:"isAutoRefreshDisabled",target:"disabled"},{cond:"isRefreshTokenPAT",target:"disabled"},{cond:"hasRefreshToken",target:"running"}]},running:{initial:"pending",entry:"resetTimer",states:{pending:{after:{1e3:{internal:!1,target:"pending"}},always:{cond:"refreshTimerShouldRefresh",target:"refreshing"}},refreshing:{invoke:{src:"refreshToken",id:"refreshToken",onDone:{actions:["saveSession","resetTimer","reportTokenChanged"],target:"pending"},onError:[{actions:"saveRefreshAttempt",target:"pending"}]}}}}}}}}}},token:{initial:"idle",states:{idle:{on:{TRY_TOKEN:"running"},initial:"noErrors",states:{noErrors:{},error:{}}},running:{invoke:{src:"refreshToken",id:"authenticateWithToken",onDone:{actions:["saveSession","reportTokenChanged"],target:["#nhost.authentication.signedIn","idle.noErrors"]},onError:[{cond:"isSignedIn",target:"idle.error"},{actions:"saveAuthenticationError",target:["#nhost.authentication.signedOut.failed","idle.error"]}]}}}},registration:{initial:"incomplete",on:{SIGNED_IN:[{cond:"isAnonymous",target:".incomplete"},".complete"]},states:{incomplete:{on:{SIGNUP_EMAIL_PASSWORD:"emailPassword",SIGNUP_SECURITY_KEY:"securityKey",PASSWORDLESS_EMAIL:"passwordlessEmail",PASSWORDLESS_SMS:"passwordlessSms",PASSWORDLESS_SMS_OTP:"passwordlessSmsOtp"},initial:"noErrors",states:{noErrors:{},needsEmailVerification:{},needsOtp:{},failed:{}}},emailPassword:{entry:["resetErrors"],invoke:{src:"signUpEmailPassword",id:"signUpEmailPassword",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},securityKey:{entry:["resetErrors"],invoke:{src:"signUpSecurityKey",id:"signUpSecurityKey",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},passwordlessEmail:{entry:["resetErrors"],invoke:{src:"passwordlessEmail",id:"passwordlessEmail",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSms:{entry:["resetErrors"],invoke:{src:"passwordlessSms",id:"passwordlessSms",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsOtp"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSmsOtp:{entry:["resetErrors"],invoke:{src:"passwordlessSmsOtp",id:"passwordlessSmsOtp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},complete:{on:{SIGNED_OUT:"incomplete"}}}}}},{actions:{reportSignedIn:d.send("SIGNED_IN"),reportSignedOut:d.send("SIGNED_OUT"),reportTokenChanged:d.send("TOKEN_CHANGED"),incrementTokenImportAttempts:d.assign({importTokenAttempts:({importTokenAttempts:a})=>a+1}),clearContext:d.assign(()=>(h(k,null),h(O,null),h(N,null),{...M})),clearContextExceptRefreshToken:d.assign(({refreshToken:{value:a}})=>(h(k,null),{...M,refreshToken:{value:a}})),saveSession:d.assign({user:(a,{data:o})=>{var c;return((c=o==null?void 0:o.session)==null?void 0:c.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:c,accessToken:l}=o.session,m=new Date(Date.now()+c*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:c}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const c=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return c&&h(O,c),l&&h(N,l),{value:c}}}),savePATSession:d.assign({user:(a,{data:o})=>{var c;return((c=o==null?void 0:o.session)==null?void 0:c.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:c,accessToken:l}=o.session,m=new Date(Date.now()+c*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:c}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const c=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return c&&h(O,c),l&&h(N,l),{value:c,isPAT:!0}}}),saveMfaTicket:d.assign({mfa:(a,o)=>{var c;return(c=o.data)==null?void 0:c.mfa}}),resetTimer:d.assign({refreshTimer:a=>({startedAt:new Date,attempts:0,lastAttempt:null})}),saveRefreshAttempt:d.assign({refreshTimer:(a,o)=>({startedAt:a.refreshTimer.startedAt,attempts:a.refreshTimer.attempts+1,lastAttempt:new Date})}),saveAuthenticationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,authentication:o})}),resetErrors:d.assign({errors:a=>({}),importTokenAttempts:a=>0}),saveRegistrationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,registration:o})}),destroyRefreshToken:d.assign({refreshToken:a=>(h(O,null),h(N,null),{value:null})}),cleanUrl:()=>{u&&C("refreshToken")&&(q("refreshToken"),q("type"))},broadcastToken:a=>{if(u)try{new BroadcastChannel("nhost").postMessage({type:"broadcast_token",payload:{token:a.refreshToken.value}})}catch{}}},guards:{isAnonymous:(a,o)=>{var c;return!!((c=a.user)!=null&&c.isAnonymous)},isSignedIn:a=>!!a.user&&!!a.accessToken.value,noToken:a=>!a.refreshToken.value,isRefreshTokenPAT:a=>{var o;return!!((o=a.refreshToken)!=null&&o.isPAT)},hasRefreshToken:a=>!!a.refreshToken.value,isAutoRefreshDisabled:()=>!i,refreshTimerShouldRefresh:a=>{const{expiresAt:o}=a.accessToken;if(!o)return!1;if(a.refreshTimer.lastAttempt)return a.refreshTimer.attempts>$?!1:Date.now()-a.refreshTimer.lastAttempt.getTime()>Math.pow(2,a.refreshTimer.attempts-1)*5e3;if(o.getTime()<Date.now()||t&&Date.now()-a.refreshTimer.startedAt.getTime()>t*1e3)return!0;const c=a.accessToken.expiresInSeconds;return c?o.getTime()-Date.now()-1e3*Math.min(ee,c*.5)<=0:!1},shouldRetryImportToken:(a,o)=>a.importTokenAttempts<$&&(o.data.error.status===Q||o.data.error.status>=500),unverified:(a,{data:{error:o}})=>o.status===401&&(o.message==="Email is not verified"||o.error==="unverified-user"),hasSession:(a,o)=>{var c;return!!((c=o.data)!=null&&c.session)},hasMfaTicket:(a,o)=>{var c;return!!((c=o.data)!=null&&c.mfa)}},services:{signInPassword:(a,{email:o,password:c})=>y(o)?V(c)?f("/signin/email-password",{email:o,password:c}):Promise.reject({error:U}):Promise.reject({error:I}),signInPAT:(a,{pat:o})=>f("/signin/pat",{personalAccessToken:o}),passwordlessSms:(a,{phoneNumber:o,options:c})=>{var l;return F(o)?(l=a.user)!=null&&l.isAnonymous?(console.warn("Deanonymisation from a phone number is not yet implemented in hasura-auth"),f("/user/deanonymize",{signInMethod:"passwordless",connection:"sms",phoneNumber:o,options:p(e,c)},a.accessToken.value)):f("/signin/passwordless/sms",{phoneNumber:o,options:p(e,c)}):Promise.reject({error:W})},passwordlessSmsOtp:(a,{phoneNumber:o,otp:c})=>F(o)?f("/signin/passwordless/sms/otp",{phoneNumber:o,otp:c}):Promise.reject({error:W}),passwordlessEmail:(a,{email:o,options:c})=>{var l;return y(o)?(l=a.user)!=null&&l.isAnonymous?f("/user/deanonymize",{signInMethod:"passwordless",connection:"email",email:o,options:p(e,c)},a.accessToken.value):f("/signin/passwordless/email",{email:o,options:p(e,c)}):Promise.reject({error:I})},signInAnonymous:a=>f("/signin/anonymous"),signInMfaTotp:(a,o)=>{var l;const c=o.ticket||((l=a.mfa)==null?void 0:l.ticket);return c?Ie(c)?f("/signin/mfa/totp",{ticket:c,otp:o.otp}):Promise.reject({error:ne}):Promise.reject({error:te})},signInSecurityKeyEmail:async(a,{email:o})=>{if(!y(o))throw new v(I);const c=await f("/signin/webauthn",{email:o});let l;try{l=await Te(c)}catch(m){throw new v(m)}return f("/signin/webauthn/verify",{email:o,credential:l})},refreshToken:async(a,o)=>{const c=o.type==="TRY_TOKEN"?o.token:a.refreshToken.value;return{session:await f("/token",{refreshToken:c}),error:null}},signout:async(a,o)=>{const c=await f("/signout",{refreshToken:a.refreshToken.value,all:!!o.all});try{new BroadcastChannel("nhost").postMessage({type:"signout"})}catch{}return c},signUpEmailPassword:async(a,{email:o,password:c,options:l})=>{var m;return y(o)?V(c)?(m=a.user)!=null&&m.isAnonymous?f("/user/deanonymize",{signInMethod:"email-password",email:o,password:c,options:p(e,l)},a.accessToken.value):f("/signup/email-password",{email:o,password:c,options:p(e,l)}):Promise.reject({error:U}):Promise.reject({error:I})},signUpSecurityKey:async(a,{email:o,options:c})=>{if(!y(o))return Promise.reject({error:I});const l=c==null?void 0:c.nickname;l&&delete c.nickname;const m=await f("/signup/webauthn",{email:o,options:c});let T;try{T=await ge(m)}catch(qe){throw new v(qe)}return f("/signup/webauthn/verify",{credential:T,options:{redirectTo:c==null?void 0:c.redirectTo,nickname:l}})},importRefreshToken:async a=>{if(a.user&&a.refreshToken.value&&a.accessToken.value&&a.accessToken.expiresAt)return{session:{accessToken:a.accessToken.value,accessTokenExpiresIn:a.accessToken.expiresAt.getTime()-Date.now(),refreshToken:a.refreshToken.value,user:a.user},error:null};let o=null;if(u){const l=C("refreshToken")||null;if(l)try{return{session:await f("/token",{refreshToken:l}),error:null}}catch(m){o=m.error}else{const m=C("error"),T=C("errorDescription");if(m&&T!=="social user already exists")return Promise.reject({session:null,error:{status:R,error:m,message:T||m}})}}const c=await E(O);if(c)try{return{session:await f("/token",{refreshToken:c}),error:null}}catch(l){o=l.error}return o?Promise.reject({error:o,session:null}):{error:null,session:null}}},delays:{RETRY_IMPORT_TOKEN_DELAY:({importTokenAttempts:a})=>Math.pow(2,a-1)*5e3}})},ye=({backendUrl:n,clientUrl:e,interpreter:r})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changeEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:s=>I}),saveRequestError:d.assign({error:(s,{data:{error:t}})=>t}),reportError:d.send(s=>({type:"ERROR",error:s.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(s,{email:t})=>!y(t)},services:{requestChange:async(s,{email:t,options:i})=>(await w(`${n}/user/email/change`,{newEmail:t,options:p(e,i)},r==null?void 0:r.getSnapshot().context.accessToken.value)).data}}),ke=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidPassword",actions:"saveInvalidPasswordError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidPasswordError:d.assign({error:r=>U}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidPassword:(r,{password:s})=>!V(s)},services:{requestChange:(r,{password:s,ticket:t})=>w(`${n}/user/password`,{newPassword:s,ticket:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),nr=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{}},tsTypes:{},predictableActionArguments:!0,id:"enableMfa",initial:"idle",context:{error:null,imageUrl:null,secret:null},states:{idle:{initial:"initial",on:{GENERATE:"generating"},states:{initial:{},error:{}}},generating:{invoke:{src:"generate",id:"generate",onDone:{target:"generated",actions:["reportGeneratedSuccess","saveGeneration"]},onError:{actions:["saveError","reportGeneratedError"],target:"idle.error"}}},generated:{initial:"idle",states:{idle:{initial:"idle",on:{ACTIVATE:[{cond:"invalidMfaType",actions:"saveInvalidMfaTypeError",target:".error"},{cond:"invalidMfaCode",actions:"saveInvalidMfaCodeError",target:".error"},{target:"activating"}]},states:{idle:{},error:{}}},activating:{invoke:{src:"activate",id:"activate",onDone:{target:"activated",actions:"reportSuccess"},onError:{actions:["saveError","reportError"],target:"idle.error"}}},activated:{type:"final"}}}}},{actions:{saveInvalidMfaTypeError:d.assign({error:r=>re}),saveInvalidMfaCodeError:d.assign({error:r=>se}),saveError:d.assign({error:(r,{data:{error:s}})=>s}),saveGeneration:d.assign({imageUrl:(r,{data:{imageUrl:s}})=>s,secret:(r,{data:{totpSecret:s}})=>s}),reportError:d.send((r,s)=>(console.log("REPORT",r,s),{type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS"),reportGeneratedSuccess:d.send("GENERATED"),reportGeneratedError:d.send(r=>({type:"GENERATED_ERROR",error:r.error}))},guards:{invalidMfaCode:(r,{code:s})=>!s,invalidMfaType:(r,{activeMfaType:s})=>!s||s!=="totp"},services:{generate:async r=>{const{data:s}=await Ae(`${n}/mfa/totp/generate`,e==null?void 0:e.getSnapshot().context.accessToken.value);return s},activate:(r,{code:s,activeMfaType:t})=>w(`${n}/user/mfa`,{code:s,activeMfaType:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),Oe=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{requestChange:(r,{email:s,options:t})=>w(`${n}/user/password/reset`,{email:s,options:p(e,t)})}}),ve=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"sendVerificationEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"request",id:"request",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{request:async(r,{email:s,options:t})=>(await w(`${n}/user/email/send-verification-email`,{email:s,options:p(e,t)})).data}});class Z{constructor({clientStorageType:e="web",autoSignIn:r=!0,autoRefreshToken:s=!0,start:t=!0,backendUrl:i,clientUrl:u,devTools:E,...h}){var f;if(this._started=!1,this._subscriptionsQueue=new Set,this._subscriptions=new Set,this.backendUrl=i,this.clientUrl=u,this._machine=Se({...h,backendUrl:i,clientUrl:u,clientStorageType:e,autoSignIn:r,autoRefreshToken:s}),t&&this.start({devTools:E}),typeof window!="undefined")try{this._channel=new BroadcastChannel("nhost"),r&&((f=this._channel)==null||f.addEventListener("message",a=>{var l;const{type:o,payload:c}=a.data;if(o==="broadcast_token"){const m=(l=this.interpreter)==null?void 0:l.getSnapshot().context.refreshToken.value;this.interpreter&&c.token&&c.token!==m&&this.interpreter.send("TRY_TOKEN",{token:c.token})}})),this._channel.addEventListener("message",a=>{const{type:o}=a.data;o==="signout"&&this.interpreter&&this.interpreter.send("SIGNOUT")})}catch{}}start({devTools:e=!1,initialSession:r,interpreter:s}={}){var u,E;const t={...this.machine.context,accessToken:{...this.machine.context.accessToken},refreshToken:{...this.machine.context.refreshToken}};r&&(t.user=r.user,t.refreshToken.value=(u=r.refreshToken)!=null?u:null,t.accessToken.value=(E=r.accessToken)!=null?E:null,t.accessToken.expiresAt=new Date(Date.now()+r.accessTokenExpiresIn*1e3));const i=this.machine.withContext(t);this._interpreter||(this._interpreter=s||d.interpret(i,{devTools:e})),(!this._started||typeof window=="undefined")&&(this._interpreter.initialized&&(this._interpreter.stop(),this._subscriptions.forEach(h=>h())),this._interpreter.start(i.initialState),this._subscriptionsQueue.forEach(h=>h(this))),this._started=!0}get machine(){return this._machine}get interpreter(){return this._interpreter}get started(){return this._started}subscribe(e){if(this.started){const r=e(this);return this._subscriptions.add(r),r}else return this._subscriptionsQueue.add(e),()=>{console.log("onTokenChanged was added before the interpreter started. Cannot unsubscribe listener.")}}}class Pe extends Z{constructor({...e}){super({...e,autoSignIn:D()&&e.autoSignIn,autoRefreshToken:D()&&e.autoRefreshToken,clientStorageType:"cookie"})}}const tr=Pe,Ne=async({backendUrl:n,interpreter:e},r)=>{try{const{data:s}=await w(`${n}/user/webauthn/add`,{},e==null?void 0:e.getSnapshot().context.accessToken.value);let t;try{t=await ge(s)}catch(u){throw new v(u)}const{data:i}=await w(`${n}/user/webauthn/verify`,{credential:t,nickname:r},e==null?void 0:e.getSnapshot().context.accessToken.value);return{key:i,isError:!1,error:null,isSuccess:!0}}catch(s){const{error:t}=s;return{isError:!0,error:t,isSuccess:!1}}},be=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,needsEmailVerification:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,needsEmailVerification:!0})})}),Ce=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{password:e,ticket:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSuccess:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSuccess:!0})})}),ir=n=>new Promise(e=>{n.send("GENERATE"),n.onTransition(r=>{r.matches("generated")?e({error:null,isError:!1,isGenerated:!0,qrCodeDataUrl:r.context.imageUrl||""}):r.matches({idle:"error"})&&e({error:r.context.error||null,isError:!0,isGenerated:!1,qrCodeDataUrl:""})})}),or=(n,e)=>new Promise(r=>{n.send("ACTIVATE",{activeMfaType:"totp",code:e}),n.onTransition(s=>{s.matches({generated:"activated"})?r({error:null,isActivated:!0,isError:!1}):s.matches({generated:{idle:"error"}})&&r({error:s.context.error,isActivated:!1,isError:!0})})}),De=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),Me=(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),xe=n=>new Promise(e=>{const{changed:r}=n.send("SIGNIN_ANONYMOUS");r||e({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(s=>{s.matches({authentication:"signedIn"})&&e({isSuccess:!0,isError:!1,error:null,user:s.context.user,accessToken:s.context.accessToken.value,refreshToken:s.context.refreshToken.value}),s.matches({authentication:{signedOut:"failed"}})&&e({isSuccess:!1,isError:!0,error:s.context.errors.authentication||null,user:null,accessToken:null,refreshToken:null})})}),Ue=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_PASSWORD",{email:e,password:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:i.user});n.onTransition(u=>{u.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,needsMfaOtp:!1,mfa:null,user:null}):u.matches({authentication:{signedOut:"needsMfa"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!0,mfa:u.context.mfa,user:null}):u.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:u.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:null}):u.matches({authentication:"signedIn"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:u.context.user})})}),Y=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_EMAIL",{email:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1});n.onTransition(i=>{i.matches("registration.incomplete.failed")?s({error:i.context.errors.registration||null,isError:!0,isSuccess:!1}):i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})&&s({error:null,isError:!1,isSuccess:!0})})}),Ke=(n,e)=>new Promise(r=>{const{changed:s,context:t}=n.send({type:"SIGNIN_SECURITY_KEY_EMAIL",email:e});if(!s)return r({accessToken:t.accessToken.value,refreshToken:t.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:t.user});n.onTransition(i=>{i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?r({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):i.matches({authentication:{signedOut:"failed"}})?r({accessToken:null,refreshToken:null,error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):i.matches({authentication:"signedIn"})&&r({accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:i.context.user})})}),Ve=(n,e)=>new Promise(async r=>{var E,h;const s=(E=n.interpreter)==null?void 0:E.getSnapshot(),t=s==null?void 0:s.context.accessToken.value,{data:i}=await w(`${n.backendUrl}/elevate/webauthn`,{email:e},t);let u;try{u=await Te(i)}catch(f){throw new v(f)}try{const{data:{session:f},error:a}=await w(`${n.backendUrl}/elevate/webauthn/verify`,{email:e,credential:u},t);f&&!a&&((h=n.interpreter)==null||h.send({type:"SESSION_UPDATE",data:{session:f}}),r({error:null,isError:!1,isSuccess:!0,elevated:!0}))}catch(f){const{error:a}=f;r({error:a,isError:!0,isSuccess:!1,elevated:!1})}}),Le=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_MFA_TOTP",{otp:e,ticket:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,user:i.user});n.onTransition(u=>{u.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:u.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null}):u.matches({authentication:"signedIn"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,user:u.context.user})})}),Ge=(n,e)=>new Promise(r=>{const{changed:s}=n.send("SIGNIN_PAT",{pat:e});s||r({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(t=>{if(t.matches({authentication:{signedOut:"failed"}}))return r({accessToken:null,refreshToken:null,user:null,error:t.context.errors.authentication||null,isError:!0,isSuccess:!1});if(t.matches({authentication:"signedIn"}))return r({accessToken:t.context.accessToken.value,refreshToken:t.context.refreshToken.value,user:t.context.user,error:null,isError:!1,isSuccess:!0})})}),j=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_SMS",{phoneNumber:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,needsOtp:!1});n.onTransition(i=>{i.matches("registration.incomplete.needsOtp")?s({error:null,isError:!1,isSuccess:!1,needsOtp:!0}):i.matches("registration.incomplete.failed")&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsOtp:!1})})}),He=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send({type:"PASSWORDLESS_SMS_OTP",phoneNumber:e,otp:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null});n.onTransition(i=>{i.matches({authentication:"signedIn"})?s({error:null,isError:!1,isSuccess:!0,user:i.context.user,accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value}):i.matches({registration:{incomplete:"failed"}})&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null})})}),$e=async(n,e)=>new Promise(r=>{const{event:s}=n.send("SIGNOUT",{all:e});if(s.type!=="SIGNED_OUT")return r({isSuccess:!1,isError:!0,error:ae});n.onTransition(t=>{t.matches({authentication:{signedOut:"success"}})?r({isSuccess:!0,isError:!1,error:null}):t.matches("authentication.signedOut.failed")&&r({isSuccess:!1,isError:!0,error:t.context.errors.signout||null})})}),B=(n,e,r,s)=>new Promise(t=>{const{changed:i,context:u}=n.send("SIGNUP_EMAIL_PASSWORD",{email:e,password:r,options:s});if(!i)return t({error:_,accessToken:u.accessToken.value,refreshToken:u.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:u.user});n.onTransition(E=>{E.matches("registration.incomplete.failed")?t({accessToken:null,refreshToken:null,error:E.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):E.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?t({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):E.matches({authentication:"signedIn",registration:"complete"})&&t({accessToken:E.context.accessToken.value,refreshToken:E.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:E.context.user})})}),We=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNUP_SECURITY_KEY",{email:e,options:r});if(!t)return s({error:_,accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:i.user});n.onTransition(u=>{u.matches("registration.incomplete.failed")?s({accessToken:null,refreshToken:null,error:u.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):u.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):u.matches({authentication:"signedIn",registration:"complete"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:u.context.user})})}),ar=async({backendUrl:n,interpreter:e},{expiresAt:r,metadata:s})=>{try{const{data:t}=await w(`${n}/pat`,{expiresAt:r.toISOString(),metadata:s},e==null?void 0:e.getSnapshot().context.accessToken.value);return{data:t?{id:t.id||null,personalAccessToken:t.personalAccessToken||null}:null,isError:!1,error:null,isSuccess:!0}}catch(t){const{error:i}=t;return{isError:!0,error:i,isSuccess:!1,data:null}}};class cr{constructor({url:e,autoRefreshToken:r=!0,autoSignIn:s=!0,clientStorage:t,clientStorageType:i,refreshIntervalTime:u,start:E=!0}){var h;this.url=e,this._client=new Z({backendUrl:e,clientUrl:typeof window!="undefined"&&((h=window.location)==null?void 0:h.origin)||"",autoRefreshToken:r,autoSignIn:s,start:E,clientStorage:t,clientStorageType:i,refreshIntervalTime:u})}async signUp(e){const r=await this.waitUntilReady(),{email:s,options:t}=e;return"securityKey"in e?A(await We(r,s,t)):A(await B(r,s,e.password,t))}async connectProvider(e){const s=(await this.waitUntilReady()).getSnapshot().context.accessToken.value,{provider:t,options:i}=e,u=K(`${this._client.backendUrl}/signin/provider/${t}`,p(this._client.clientUrl,{...i,connect:s}));return D()&&(window.location.href=u),{providerUrl:u}}async signIn(e){const r=await this.waitUntilReady();if(!e){const s=await xe(r);return{...A(s),mfa:null}}if("provider"in e){const{provider:s,options:t}=e,i=K(`${this._client.backendUrl}/signin/provider/${s}`,p(this._client.clientUrl,t));return D()&&(window.location.href=i),{providerUrl:i,provider:s,session:null,mfa:null,error:null}}if("email"in e&&"password"in e){const s=await Ue(r,e.email,e.password);return s.needsEmailVerification?{session:null,mfa:null,error:ce}:s.needsMfaOtp?{session:null,mfa:s.mfa,error:null}:{...A(s),mfa:null}}if("email"in e&&"securityKey"in e){if(e.securityKey!==!0)throw Error("securityKey must be true");const s=await Ke(r,e.email);return{...A(s),mfa:null}}if("email"in e){const{email:s,options:t}=e,{error:i}=await Y(r,s,t);return{session:null,mfa:null,error:i}}if("phoneNumber"in e&&"otp"in e){const s=await He(r,e.phoneNumber,e.otp);return{...A(s),mfa:null}}if("phoneNumber"in e){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s,mfa:null,session:null}}if("otp"in e){const s=await Le(r,e.otp,e.ticket);return{...A(s),mfa:null}}return{error:le,mfa:null,session:null}}async signInPAT(e){const r=await this.waitUntilReady(),s=await Ge(r,e);return A(s)}async signOut(e){const r=await this.waitUntilReady(),{error:s}=await $e(r,e==null?void 0:e.all);return{error:s}}async resetPassword({email:e,options:r}){const s=d.interpret(Oe(this._client)).start(),{error:t}=await De(s,e,r);return{error:t}}async changePassword({newPassword:e,ticket:r}){const s=d.interpret(ke(this._client)).start(),{error:t}=await Ce(s,e,r);return{error:t}}async sendVerificationEmail({email:e,options:r}){const s=d.interpret(ve(this._client)).start(),{error:t}=await Me(s,e,r);return{error:t}}async changeEmail({newEmail:e,options:r}){const s=d.interpret(ye(this._client)).start(),{error:t}=await be(s,e,r);return{error:t}}async deanonymize(e){const r=await this.waitUntilReady();if(e.signInMethod==="passwordless"){if(e.connection==="email"){const{error:s}=await Y(r,e.email,e.options);return{error:s}}if(e.connection==="sms"){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s}}}if(e.signInMethod==="email-password"){const{error:s}=await B(r,e.email,e.password,e.options);return{error:s}}throw Error("Unknown deanonymization method")}async addSecurityKey(e){const{error:r,key:s}=await Ne(this._client,e);return{error:r,key:s}}async elevateEmailSecurityKey(e){if(!e)throw Error("A user email is required");return{...await Ve(this._client,e),mfa:null}}async createPAT(e,r){return ar(this._client,{expiresAt:e,metadata:r})}onTokenChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{t.type==="TOKEN_CHANGED"&&e(b(i))});return()=>r==null?void 0:r.stop()})}onAuthStateChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{(t.type==="SIGNED_IN"||t.type==="SIGNED_OUT")&&e(t.type,b(i))});return()=>r==null?void 0:r.stop()})}isAuthenticated(){var e;return!!((e=this._client.interpreter)!=null&&e.getSnapshot().matches({authentication:"signedIn"}))}async isAuthenticatedAsync(){return(await this.waitUntilReady()).getSnapshot().matches({authentication:"signedIn"})}getAuthenticationStatus(){var r;const e=((r=this.client.interpreter)==null?void 0:r.getSnapshot().context.importTokenAttempts)||0;return this.isReady()?{isAuthenticated:this.isAuthenticated(),isLoading:!1,connectionAttempts:e}:{isAuthenticated:!1,isLoading:!0,connectionAttempts:e}}getAccessToken(){var e,r;return(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot().context.accessToken.value)!=null?r:void 0}getDecodedAccessToken(){const e=this.getAccessToken();return e?Fe.jwtDecode(e):null}getHasuraClaims(){var e;return((e=this.getDecodedAccessToken())==null?void 0:e["https://hasura.io/jwt/claims"])||null}getHasuraClaim(e){var r;return((r=this.getHasuraClaims())==null?void 0:r[e.startsWith("x-hasura-")?e:`x-hasura-${e}`])||null}async refreshSession(e){try{const r=await this.waitUntilReady();return new Promise(s=>{const t=e||r.getSnapshot().context.refreshToken.value;if(!t)return s({session:null,error:ie});const{changed:i}=r.send("TRY_TOKEN",{token:t});if(!i)return s({session:null,error:oe});r.onTransition(u=>{u.matches({token:{idle:"error"}})?s({session:null,error:ue}):u.event.type==="TOKEN_CHANGED"&&s({session:b(u.context),error:null})})})}catch(r){return{session:null,error:r.message}}}getSession(){var e,r;return b((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)}getUser(){var e,r,s;return((s=(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)==null?void 0:s.user)||null}waitUntilReady(){const r=this._client.interpreter;if(!r)throw Error("Auth interpreter not set");return r.getSnapshot().hasTag("loading")?new Promise((s,t)=>{let i=setTimeout(()=>t("The state machine is not yet ready after 15 seconds."),15e3);r.onTransition(u=>{if(!u.hasTag("loading"))return clearTimeout(i),s(r)})}):Promise.resolve(r)}isReady(){var e,r;return!((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())!=null&&r.hasTag("loading"))}get client(){return this._client}}exports.AuthClient=Z;exports.AuthClientSSR=tr;exports.AuthCookieClient=Pe;exports.CodifiedError=v;exports.EMAIL_NEEDS_VERIFICATION=ce;exports.HasuraAuthClient=cr;exports.INITIAL_MACHINE_CONTEXT=M;exports.INVALID_EMAIL_ERROR=I;exports.INVALID_MFA_CODE_ERROR=se;exports.INVALID_MFA_TICKET_ERROR=ne;exports.INVALID_MFA_TYPE_ERROR=re;exports.INVALID_PASSWORD_ERROR=U;exports.INVALID_PHONE_NUMBER_ERROR=W;exports.INVALID_REFRESH_TOKEN=ue;exports.INVALID_SIGN_IN_METHOD=le;exports.MIN_PASSWORD_LENGTH=J;exports.NETWORK_ERROR_CODE=Q;exports.NHOST_JWT_EXPIRES_AT_KEY=k;exports.NHOST_REFRESH_TOKEN_ID_KEY=N;exports.NHOST_REFRESH_TOKEN_KEY=O;exports.NO_MFA_TICKET_ERROR=te;exports.NO_REFRESH_TOKEN=ie;exports.OTHER_ERROR_CODE=z;exports.REFRESH_TOKEN_MAX_ATTEMPTS=$;exports.STATE_ERROR_CODE=P;exports.TOKEN_REFRESHER_RUNNING_ERROR=oe;exports.TOKEN_REFRESH_MARGIN_SECONDS=ee;exports.USER_ALREADY_SIGNED_IN=_;exports.USER_NOT_ANONYMOUS=je;exports.USER_UNAUTHENTICATED=ae;exports.VALIDATION_ERROR_CODE=R;exports.activateMfaPromise=or;exports.addSecurityKeyPromise=Ne;exports.changeEmailPromise=be;exports.changePasswordPromise=Ce;exports.createAuthMachine=Se;exports.createChangeEmailMachine=ye;exports.createChangePasswordMachine=ke;exports.createEnableMfaMachine=nr;exports.createResetPasswordMachine=Oe;exports.createSendVerificationEmailMachine=ve;exports.elevateEmailSecurityKeyPromise=Ve;exports.encodeQueryParameters=K;exports.generateQrCodePromise=ir;exports.getAuthenticationResult=A;exports.getFetch=Ae;exports.getParameterByName=C;exports.getSession=b;exports.isBrowser=D;exports.isValidEmail=y;exports.isValidPassword=V;exports.isValidPhoneNumber=F;exports.isValidTicket=Ie;exports.localStorageGetter=pe;exports.localStorageSetter=we;exports.postFetch=w;exports.removeParameterFromWindow=q;exports.resetPasswordPromise=De;exports.rewriteRedirectTo=p;exports.sendVerificationEmailPromise=Me;exports.signInAnonymousPromise=xe;exports.signInEmailPasswordPromise=Ue;exports.signInEmailPasswordlessPromise=Y;exports.signInEmailSecurityKeyPromise=Ke;exports.signInMfaTotpPromise=Le;exports.signInPATPromise=Ge;exports.signInSmsPasswordlessOtpPromise=He;exports.signInSmsPasswordlessPromise=j;exports.signOutPromise=$e;exports.signUpEmailPasswordPromise=B;exports.signUpEmailSecurityKeyPromise=We; | ||
| `,e)}function Ze(n){return new TextDecoder("utf-8").decode(n)}function Je(){const n=window.PublicKeyCredential;return n.isConditionalMediationAvailable===void 0?new Promise(e=>e(!1)):n.isConditionalMediationAvailable()}function er({error:n,options:e}){const{publicKey:r}=e;if(!r)throw Error("options was missing required publicKey property");if(n.name==="AbortError"){if(e.signal instanceof AbortSignal)return new g({message:"Authentication ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:n})}else{if(n.name==="NotAllowedError")return new g({message:n.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:n});if(n.name==="SecurityError"){const s=window.location.hostname;if(fe(s)){if(r.rpId!==s)return new g({message:`The RP ID "${r.rpId}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:n})}else return new g({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:n})}else if(n.name==="UnknownError")return new g({message:"The authenticator was unable to process the specified options, or could not create a new assertion signature",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:n})}return n}async function Te(n,e=!1){var o,c;if(!de())throw new Error("WebAuthn is not supported in this browser");let r;((o=n.allowCredentials)==null?void 0:o.length)!==0&&(r=(c=n.allowCredentials)==null?void 0:c.map(he));const s={...n,challenge:X(n.challenge),allowCredentials:r},t={};if(e){if(!await Je())throw Error("Browser does not support WebAuthn autofill");if(document.querySelectorAll("input[autocomplete$='webauthn']").length<1)throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');t.mediation="conditional",s.allowCredentials=[]}t.publicKey=s,t.signal=Ee.createNewAbortSignal();let i;try{i=await navigator.credentials.get(t)}catch(l){throw er({error:l,options:t})}if(!i)throw new Error("Authentication was not completed");const{id:u,rawId:E,response:h,type:f}=i;let a;return h.userHandle&&(a=Ze(h.userHandle)),{id:u,rawId:S(E),response:{authenticatorData:S(h.authenticatorData),clientDataJSON:S(h.clientDataJSON),signature:S(h.signature),userHandle:a},type:f,clientExtensionResults:i.getClientExtensionResults(),authenticatorAttachment:me(i.authenticatorAttachment)}}const L=typeof window!="undefined",x=new Map,rr=n=>{var e;return L&&typeof localStorage!="undefined"?localStorage.getItem(n):(e=x.get(n))!=null?e:null},sr=(n,e)=>{L&&typeof localStorage!="undefined"?e?localStorage.setItem(n,e):localStorage.removeItem(n):e?x.set(n,e):x.has(n)&&x.delete(n)},pe=(n,e)=>{if(n==="localStorage"||n==="web")return rr;if(n==="cookie")return r=>{var s;return L&&(s=H.get(r))!=null?s:null};if(!e)throw Error(`clientStorageType is set to '${n}' but no clientStorage has been given`);if(n==="react-native")return r=>{var s;return(s=e.getItem)==null?void 0:s.call(e,r)};if(n==="capacitor")return r=>{var s;return(s=e.get)==null?void 0:s.call(e,{key:r})};if(n==="expo-secure-storage")return r=>{var s;return(s=e.getItemAsync)==null?void 0:s.call(e,r)};if(n==="custom"){if(e.getItem&&e.removeItem)return e.getItem;if(e.getItemAsync)return e.getItemAsync;throw Error(`clientStorageType is set to 'custom' but clientStorage is missing either "getItem" and "removeItem" properties or "getItemAsync" property`)}throw Error(`Unknown storage type: ${n}`)},we=(n,e)=>{if(n==="localStorage"||n==="web")return sr;if(n==="cookie")return(r,s)=>{L&&(s?H.set(r,s,{expires:30,sameSite:"lax",httpOnly:!1}):H.remove(r))};if(!e)throw Error(`clientStorageType is set to '${n}' but no clienStorage has been given`);if(n==="react-native")return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(n==="capacitor")return(r,s)=>{var t,i;return s?(t=e.set)==null?void 0:t.call(e,{key:r,value:s}):(i=e.remove)==null?void 0:i.call(e,{key:r})};if(n==="expo-secure-storage")return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.deleteItemAsync)==null?void 0:i.call(e,r)};if(n==="custom"){if(!e.removeItem)throw Error("clientStorageType is set to 'custom' but clientStorage is missing a removeItem property");if(e.setItem)return(r,s)=>{var t,i;return s?(t=e.setItem)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};if(e.setItemAsync)return async(r,s)=>{var t,i;return s?(t=e.setItemAsync)==null?void 0:t.call(e,r,s):(i=e.removeItem)==null?void 0:i.call(e,r)};throw Error("clientStorageType is set to 'custom' but clientStorage is missing setItem or setItemAsync property")}throw Error(`Unknown storage type: ${n}`)},b=n=>!n||!n.accessToken.value||!n.accessToken.expiresAt||!n.user?null:{accessToken:n.accessToken.value,accessTokenExpiresIn:(n.accessToken.expiresAt.getTime()-Date.now())/1e3,refreshToken:n.refreshToken.value,user:n.user},A=({accessToken:n,refreshToken:e,isError:r,user:s,error:t})=>r?{session:null,error:t}:s&&n?{session:{accessToken:n,accessTokenExpiresIn:0,refreshToken:e,user:s},error:null}:{session:null,error:null},D=()=>typeof window!="undefined"&&typeof window.location!="undefined";let Re=globalThis.fetch;typeof EdgeRuntime!="string"&&(Re=Ye().fetch);const _e=async(n,e,{token:r,body:s}={})=>{const t={"Content-Type":"application/json",Accept:"*/*"};r&&(t.Authorization=`Bearer ${r}`);const i={method:e,headers:t};s&&(i.body=JSON.stringify(s));try{const u=await Re(n,i);if(!u.ok){const E=await u.json();return Promise.reject({error:E})}try{return{data:await u.json(),error:null}}catch{return console.warn(`Unexpected response: can't parse the response of the server at ${n}`),{data:"OK",error:null}}}catch{const E={message:"Network Error",status:Q,error:"network"};return Promise.reject({error:E})}},w=async(n,e,r)=>_e(n,"POST",{token:r,body:e}),Ae=(n,e)=>_e(n,"GET",{token:e}),K=(n,e)=>{const r=e&&Object.entries(e).map(([s,t])=>{const i=Array.isArray(t)?t.join(","):typeof t=="object"?JSON.stringify(t):t;return`${s}=${encodeURIComponent(i)}`}).join("&");return r?`${n}?${r}`:n},p=(n,e)=>{if(!(e!=null&&e.redirectTo))return e;const{redirectTo:r,...s}=e;if(!n)return r.startsWith("/")?s:e;const t=new URL(n),i=Object.fromEntries(new URLSearchParams(t.search)),u=new URL(r.startsWith("/")?t.origin+r:r),E=new URLSearchParams(u.search);let h=Object.fromEntries(E);r.startsWith("/")&&(h={...i,...h});let f=t.pathname;return u.pathname.length>1&&(f+=u.pathname.slice(1)),{...s,redirectTo:K(u.origin+f,h)}};function C(n,e){var t;if(!e){if(typeof window=="undefined")return;e=((t=window.location)==null?void 0:t.href)||""}n=n.replace(/[\[\]]/g,"\\$&");const r=new RegExp("[?&#]"+n+"(=([^&#]*)|&|#|$)"),s=r.exec(e);return s?s[2]?decodeURIComponent(s[2].replace(/\+/g," ")):"":null}function q(n){var r;if(typeof window=="undefined")return;const e=window==null?void 0:window.location;if(e&&e){const s=new URLSearchParams(e.search),t=new URLSearchParams((r=e.hash)==null?void 0:r.slice(1));s.delete(n),t.delete(n);let i=window.location.pathname;Array.from(s).length&&(i+=`?${s.toString()}`),Array.from(t).length&&(i+=`#${t.toString()}`),window.history.pushState({},"",i)}}const y=n=>!!n&&typeof n=="string"&&!!String(n).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/),V=n=>!!n&&typeof n=="string"&&n.length>=J,F=n=>!!n&&typeof n=="string",Ie=n=>n&&typeof n=="string"&&n.match(/^mfaTotp:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i),Se=({backendUrl:n,clientUrl:e,clientStorageType:r="web",clientStorage:s,refreshIntervalTime:t,autoRefreshToken:i=!0,autoSignIn:u=!0})=>{const E=pe(r,s),h=we(r,s),f=async(a,o,c)=>(await w(`${n}${a}`,o,c)).data;return d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},context:M,predictableActionArguments:!0,id:"nhost",type:"parallel",states:{authentication:{initial:"starting",on:{SESSION_UPDATE:[{cond:"hasSession",actions:["saveSession","resetTimer","reportTokenChanged"],target:".signedIn"}]},states:{starting:{tags:["loading"],always:{cond:"isSignedIn",target:"signedIn"},invoke:{id:"importRefreshToken",src:"importRefreshToken",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"signedIn"},{target:"signedOut"}],onError:[{cond:"shouldRetryImportToken",actions:"incrementTokenImportAttempts",target:"retryTokenImport"},{actions:["saveAuthenticationError"],target:"signedOut"}]}},retryTokenImport:{tags:["loading"],after:{RETRY_IMPORT_TOKEN_DELAY:"starting"}},signedOut:{initial:"noErrors",entry:"reportSignedOut",states:{noErrors:{},success:{},needsSmsOtp:{},needsMfa:{},failed:{},signingOut:{entry:["clearContextExceptRefreshToken"],exit:["destroyRefreshToken","reportTokenChanged"],invoke:{src:"signout",id:"signingOut",onDone:{target:"success"},onError:{target:"failed",actions:["saveAuthenticationError"]}}}},on:{SIGNIN_PASSWORD:"authenticating.password",SIGNIN_ANONYMOUS:"authenticating.anonymous",SIGNIN_SECURITY_KEY_EMAIL:"authenticating.securityKeyEmail",SIGNIN_MFA_TOTP:"authenticating.mfa.totp",SIGNIN_PAT:"authenticating.pat"}},authenticating:{entry:"resetErrors",states:{password:{invoke:{src:"signInPassword",id:"authenticateUserWithPassword",onDone:[{cond:"hasMfaTicket",actions:["saveMfaTicket"],target:"#nhost.authentication.signedOut.needsMfa"},{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"}],onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}},pat:{invoke:{src:"signInPAT",id:"authenticateWithPAT",onDone:{actions:["savePATSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},anonymous:{invoke:{src:"signInAnonymous",id:"authenticateAnonymously",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}}},mfa:{states:{totp:{invoke:{src:"signInMfaTotp",id:"signInMfaTotp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:["saveAuthenticationError"],target:"#nhost.authentication.signedOut.failed"}}}}},securityKeyEmail:{invoke:{src:"signInSecurityKeyEmail",id:"authenticateUserWithSecurityKey",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:[{cond:"unverified",target:["#nhost.authentication.signedOut","#nhost.registration.incomplete.needsEmailVerification"]},{actions:"saveAuthenticationError",target:"#nhost.authentication.signedOut.failed"}]}}}},signedIn:{type:"parallel",entry:["reportSignedIn","cleanUrl","broadcastToken","resetErrors"],on:{SIGNOUT:"signedOut.signingOut"},states:{refreshTimer:{id:"timer",initial:"idle",states:{disabled:{type:"final"},stopped:{always:{cond:"noToken",target:"idle"}},idle:{always:[{cond:"isAutoRefreshDisabled",target:"disabled"},{cond:"isRefreshTokenPAT",target:"disabled"},{cond:"hasRefreshToken",target:"running"}]},running:{initial:"pending",entry:"resetTimer",states:{pending:{after:{1e3:{internal:!1,target:"pending"}},always:{cond:"refreshTimerShouldRefresh",target:"refreshing"}},refreshing:{invoke:{src:"refreshToken",id:"refreshToken",onDone:{actions:["saveSession","resetTimer","reportTokenChanged"],target:"pending"},onError:[{cond:"isUnauthorizedError",target:"#nhost.authentication.signedOut"},{actions:"saveRefreshAttempt",target:"pending"}]}}}}}}}}}},token:{initial:"idle",states:{idle:{on:{TRY_TOKEN:"running"},initial:"noErrors",states:{noErrors:{},error:{}}},running:{invoke:{src:"refreshToken",id:"authenticateWithToken",onDone:{actions:["saveSession","reportTokenChanged"],target:["#nhost.authentication.signedIn","idle.noErrors"]},onError:[{cond:"isSignedIn",target:"idle.error"},{actions:"saveAuthenticationError",target:["#nhost.authentication.signedOut.failed","idle.error"]}]}}}},registration:{initial:"incomplete",on:{SIGNED_IN:[{cond:"isAnonymous",target:".incomplete"},".complete"]},states:{incomplete:{on:{SIGNUP_EMAIL_PASSWORD:"emailPassword",SIGNUP_SECURITY_KEY:"securityKey",PASSWORDLESS_EMAIL:"passwordlessEmail",PASSWORDLESS_SMS:"passwordlessSms",PASSWORDLESS_SMS_OTP:"passwordlessSmsOtp"},initial:"noErrors",states:{noErrors:{},needsEmailVerification:{},needsOtp:{},failed:{}}},emailPassword:{entry:["resetErrors"],invoke:{src:"signUpEmailPassword",id:"signUpEmailPassword",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},securityKey:{entry:["resetErrors"],invoke:{src:"signUpSecurityKey",id:"signUpSecurityKey",onDone:[{cond:"hasSession",actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]}],onError:[{cond:"unverified",target:"incomplete.needsEmailVerification"},{actions:"saveRegistrationError",target:"incomplete.failed"}]}},passwordlessEmail:{entry:["resetErrors"],invoke:{src:"passwordlessEmail",id:"passwordlessEmail",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsEmailVerification"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSms:{entry:["resetErrors"],invoke:{src:"passwordlessSms",id:"passwordlessSms",onDone:{actions:"clearContext",target:["#nhost.authentication.signedOut","incomplete.needsOtp"]},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},passwordlessSmsOtp:{entry:["resetErrors"],invoke:{src:"passwordlessSmsOtp",id:"passwordlessSmsOtp",onDone:{actions:["saveSession","reportTokenChanged"],target:"#nhost.authentication.signedIn"},onError:{actions:"saveRegistrationError",target:"incomplete.failed"}}},complete:{on:{SIGNED_OUT:"incomplete"}}}}}},{actions:{reportSignedIn:d.send("SIGNED_IN"),reportSignedOut:d.send("SIGNED_OUT"),reportTokenChanged:d.send("TOKEN_CHANGED"),incrementTokenImportAttempts:d.assign({importTokenAttempts:({importTokenAttempts:a})=>a+1}),clearContext:d.assign(()=>(h(k,null),h(O,null),h(N,null),{...M})),clearContextExceptRefreshToken:d.assign(({refreshToken:{value:a}})=>(h(k,null),{...M,refreshToken:{value:a}})),saveSession:d.assign({user:(a,{data:o})=>{var c;return((c=o==null?void 0:o.session)==null?void 0:c.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:c,accessToken:l}=o.session,m=new Date(Date.now()+c*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:c}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const c=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return c&&h(O,c),l&&h(N,l),{value:c}}}),savePATSession:d.assign({user:(a,{data:o})=>{var c;return((c=o==null?void 0:o.session)==null?void 0:c.user)||null},accessToken:(a,{data:o})=>{if(o.session){const{accessTokenExpiresIn:c,accessToken:l}=o.session,m=new Date(Date.now()+c*1e3);return h(k,m.toISOString()),{value:l,expiresAt:m,expiresInSeconds:c}}return h(k,null),{value:null,expiresAt:null,expiresInSeconds:null}},refreshToken:(a,{data:o})=>{var m,T;const c=((m=o.session)==null?void 0:m.refreshToken)||null,l=((T=o.session)==null?void 0:T.refreshTokenId)||null;return c&&h(O,c),l&&h(N,l),{value:c,isPAT:!0}}}),saveMfaTicket:d.assign({mfa:(a,o)=>{var c;return(c=o.data)==null?void 0:c.mfa}}),resetTimer:d.assign({refreshTimer:a=>({startedAt:new Date,attempts:0,lastAttempt:null})}),saveRefreshAttempt:d.assign({refreshTimer:(a,o)=>({startedAt:a.refreshTimer.startedAt,attempts:a.refreshTimer.attempts+1,lastAttempt:new Date})}),saveAuthenticationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,authentication:o})}),resetErrors:d.assign({errors:a=>({}),importTokenAttempts:a=>0}),saveRegistrationError:d.assign({errors:({errors:a},{data:{error:o}})=>({...a,registration:o})}),destroyRefreshToken:d.assign({refreshToken:a=>(h(O,null),h(N,null),{value:null})}),cleanUrl:()=>{u&&C("refreshToken")&&(q("refreshToken"),q("type"))},broadcastToken:a=>{if(u)try{new BroadcastChannel("nhost").postMessage({type:"broadcast_token",payload:{token:a.refreshToken.value}})}catch{}}},guards:{isAnonymous:(a,o)=>{var c;return!!((c=a.user)!=null&&c.isAnonymous)},isSignedIn:a=>!!a.user&&!!a.accessToken.value,noToken:a=>!a.refreshToken.value,isRefreshTokenPAT:a=>{var o;return!!((o=a.refreshToken)!=null&&o.isPAT)},hasRefreshToken:a=>!!a.refreshToken.value,isAutoRefreshDisabled:()=>!i,refreshTimerShouldRefresh:a=>{const{expiresAt:o}=a.accessToken;if(!o)return!1;if(a.refreshTimer.lastAttempt)return a.refreshTimer.attempts>$?!1:Date.now()-a.refreshTimer.lastAttempt.getTime()>Math.pow(2,a.refreshTimer.attempts-1)*5e3;if(o.getTime()<Date.now()||t&&Date.now()-a.refreshTimer.startedAt.getTime()>t*1e3)return!0;const c=a.accessToken.expiresInSeconds;return c?o.getTime()-Date.now()-1e3*Math.min(ee,c*.5)<=0:!1},shouldRetryImportToken:(a,o)=>a.importTokenAttempts<$&&(o.data.error.status===Q||o.data.error.status>=500),unverified:(a,{data:{error:o}})=>o.status===401&&(o.message==="Email is not verified"||o.error==="unverified-user"),hasSession:(a,o)=>{var c;return!!((c=o.data)!=null&&c.session)},hasMfaTicket:(a,o)=>{var c;return!!((c=o.data)!=null&&c.mfa)},isUnauthorizedError:(a,{data:{error:o}})=>o.status===401},services:{signInPassword:(a,{email:o,password:c})=>y(o)?V(c)?f("/signin/email-password",{email:o,password:c}):Promise.reject({error:U}):Promise.reject({error:I}),signInPAT:(a,{pat:o})=>f("/signin/pat",{personalAccessToken:o}),passwordlessSms:(a,{phoneNumber:o,options:c})=>{var l;return F(o)?(l=a.user)!=null&&l.isAnonymous?(console.warn("Deanonymisation from a phone number is not yet implemented in hasura-auth"),f("/user/deanonymize",{signInMethod:"passwordless",connection:"sms",phoneNumber:o,options:p(e,c)},a.accessToken.value)):f("/signin/passwordless/sms",{phoneNumber:o,options:p(e,c)}):Promise.reject({error:W})},passwordlessSmsOtp:(a,{phoneNumber:o,otp:c})=>F(o)?f("/signin/passwordless/sms/otp",{phoneNumber:o,otp:c}):Promise.reject({error:W}),passwordlessEmail:(a,{email:o,options:c})=>{var l;return y(o)?(l=a.user)!=null&&l.isAnonymous?f("/user/deanonymize",{signInMethod:"passwordless",connection:"email",email:o,options:p(e,c)},a.accessToken.value):f("/signin/passwordless/email",{email:o,options:p(e,c)}):Promise.reject({error:I})},signInAnonymous:a=>f("/signin/anonymous"),signInMfaTotp:(a,o)=>{var l;const c=o.ticket||((l=a.mfa)==null?void 0:l.ticket);return c?Ie(c)?f("/signin/mfa/totp",{ticket:c,otp:o.otp}):Promise.reject({error:ne}):Promise.reject({error:te})},signInSecurityKeyEmail:async(a,{email:o})=>{if(!y(o))throw new v(I);const c=await f("/signin/webauthn",{email:o});let l;try{l=await Te(c)}catch(m){throw new v(m)}return f("/signin/webauthn/verify",{email:o,credential:l})},refreshToken:async(a,o)=>{const c=o.type==="TRY_TOKEN"?o.token:a.refreshToken.value;return{session:await f("/token",{refreshToken:c}),error:null}},signout:async(a,o)=>{const c=await f("/signout",{refreshToken:a.refreshToken.value,all:!!o.all});try{new BroadcastChannel("nhost").postMessage({type:"signout"})}catch{}return c},signUpEmailPassword:async(a,{email:o,password:c,options:l})=>{var m;return y(o)?V(c)?(m=a.user)!=null&&m.isAnonymous?f("/user/deanonymize",{signInMethod:"email-password",email:o,password:c,options:p(e,l)},a.accessToken.value):f("/signup/email-password",{email:o,password:c,options:p(e,l)}):Promise.reject({error:U}):Promise.reject({error:I})},signUpSecurityKey:async(a,{email:o,options:c})=>{if(!y(o))return Promise.reject({error:I});const l=c==null?void 0:c.nickname;l&&delete c.nickname;const m=await f("/signup/webauthn",{email:o,options:c});let T;try{T=await ge(m)}catch(qe){throw new v(qe)}return f("/signup/webauthn/verify",{credential:T,options:{redirectTo:c==null?void 0:c.redirectTo,nickname:l}})},importRefreshToken:async a=>{if(a.user&&a.refreshToken.value&&a.accessToken.value&&a.accessToken.expiresAt)return{session:{accessToken:a.accessToken.value,accessTokenExpiresIn:a.accessToken.expiresAt.getTime()-Date.now(),refreshToken:a.refreshToken.value,user:a.user},error:null};let o=null;if(u){const l=C("refreshToken")||null;if(l)try{return{session:await f("/token",{refreshToken:l}),error:null}}catch(m){o=m.error}else{const m=C("error"),T=C("errorDescription");if(m&&T!=="social user already exists")return Promise.reject({session:null,error:{status:R,error:m,message:T||m}})}}const c=await E(O);if(c)try{return{session:await f("/token",{refreshToken:c}),error:null}}catch(l){o=l.error}return o?Promise.reject({error:o,session:null}):{error:null,session:null}}},delays:{RETRY_IMPORT_TOKEN_DELAY:({importTokenAttempts:a})=>Math.pow(2,a-1)*5e3}})},ye=({backendUrl:n,clientUrl:e,interpreter:r})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changeEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:s=>I}),saveRequestError:d.assign({error:(s,{data:{error:t}})=>t}),reportError:d.send(s=>({type:"ERROR",error:s.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(s,{email:t})=>!y(t)},services:{requestChange:async(s,{email:t,options:i})=>(await w(`${n}/user/email/change`,{newEmail:t,options:p(e,i)},r==null?void 0:r.getSnapshot().context.accessToken.value)).data}}),ke=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidPassword",actions:"saveInvalidPasswordError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidPasswordError:d.assign({error:r=>U}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidPassword:(r,{password:s})=>!V(s)},services:{requestChange:(r,{password:s,ticket:t})=>w(`${n}/user/password`,{newPassword:s,ticket:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),nr=({backendUrl:n,interpreter:e})=>d.createMachine({schema:{context:{},events:{}},tsTypes:{},predictableActionArguments:!0,id:"enableMfa",initial:"idle",context:{error:null,imageUrl:null,secret:null},states:{idle:{initial:"initial",on:{GENERATE:"generating"},states:{initial:{},error:{}}},generating:{invoke:{src:"generate",id:"generate",onDone:{target:"generated",actions:["reportGeneratedSuccess","saveGeneration"]},onError:{actions:["saveError","reportGeneratedError"],target:"idle.error"}}},generated:{initial:"idle",states:{idle:{initial:"idle",on:{ACTIVATE:[{cond:"invalidMfaType",actions:"saveInvalidMfaTypeError",target:".error"},{cond:"invalidMfaCode",actions:"saveInvalidMfaCodeError",target:".error"},{target:"activating"}]},states:{idle:{},error:{}}},activating:{invoke:{src:"activate",id:"activate",onDone:{target:"activated",actions:"reportSuccess"},onError:{actions:["saveError","reportError"],target:"idle.error"}}},activated:{type:"final"}}}}},{actions:{saveInvalidMfaTypeError:d.assign({error:r=>re}),saveInvalidMfaCodeError:d.assign({error:r=>se}),saveError:d.assign({error:(r,{data:{error:s}})=>s}),saveGeneration:d.assign({imageUrl:(r,{data:{imageUrl:s}})=>s,secret:(r,{data:{totpSecret:s}})=>s}),reportError:d.send((r,s)=>(console.log("REPORT",r,s),{type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS"),reportGeneratedSuccess:d.send("GENERATED"),reportGeneratedError:d.send(r=>({type:"GENERATED_ERROR",error:r.error}))},guards:{invalidMfaCode:(r,{code:s})=>!s,invalidMfaType:(r,{activeMfaType:s})=>!s||s!=="totp"},services:{generate:async r=>{const{data:s}=await Ae(`${n}/mfa/totp/generate`,e==null?void 0:e.getSnapshot().context.accessToken.value);return s},activate:(r,{code:s,activeMfaType:t})=>w(`${n}/user/mfa`,{code:s,activeMfaType:t},e==null?void 0:e.getSnapshot().context.accessToken.value)}}),Oe=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"changePassword",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"requestChange",id:"requestChange",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{requestChange:(r,{email:s,options:t})=>w(`${n}/user/password/reset`,{email:s,options:p(e,t)})}}),ve=({backendUrl:n,clientUrl:e})=>d.createMachine({schema:{context:{},events:{},services:{}},tsTypes:{},predictableActionArguments:!0,id:"sendVerificationEmail",initial:"idle",context:{error:null},states:{idle:{on:{REQUEST:[{cond:"invalidEmail",actions:"saveInvalidEmailError",target:".error"},{target:"requesting"}]},initial:"initial",states:{initial:{},success:{},error:{}}},requesting:{invoke:{src:"request",id:"request",onDone:{target:"idle.success",actions:"reportSuccess"},onError:{actions:["saveRequestError","reportError"],target:"idle.error"}}}}},{actions:{saveInvalidEmailError:d.assign({error:r=>I}),saveRequestError:d.assign({error:(r,{data:{error:s}})=>s}),reportError:d.send(r=>({type:"ERROR",error:r.error})),reportSuccess:d.send("SUCCESS")},guards:{invalidEmail:(r,{email:s})=>!y(s)},services:{request:async(r,{email:s,options:t})=>(await w(`${n}/user/email/send-verification-email`,{email:s,options:p(e,t)})).data}});class Z{constructor({clientStorageType:e="web",autoSignIn:r=!0,autoRefreshToken:s=!0,start:t=!0,backendUrl:i,clientUrl:u,devTools:E,...h}){var f;if(this._started=!1,this._subscriptionsQueue=new Set,this._subscriptions=new Set,this.backendUrl=i,this.clientUrl=u,this._machine=Se({...h,backendUrl:i,clientUrl:u,clientStorageType:e,autoSignIn:r,autoRefreshToken:s}),t&&this.start({devTools:E}),typeof window!="undefined")try{this._channel=new BroadcastChannel("nhost"),r&&((f=this._channel)==null||f.addEventListener("message",a=>{var l;const{type:o,payload:c}=a.data;if(o==="broadcast_token"){const m=(l=this.interpreter)==null?void 0:l.getSnapshot().context.refreshToken.value;this.interpreter&&c.token&&c.token!==m&&this.interpreter.send("TRY_TOKEN",{token:c.token})}})),this._channel.addEventListener("message",a=>{const{type:o}=a.data;o==="signout"&&this.interpreter&&this.interpreter.send("SIGNOUT")})}catch{}}start({devTools:e=!1,initialSession:r,interpreter:s}={}){var u,E;const t={...this.machine.context,accessToken:{...this.machine.context.accessToken},refreshToken:{...this.machine.context.refreshToken}};r&&(t.user=r.user,t.refreshToken.value=(u=r.refreshToken)!=null?u:null,t.accessToken.value=(E=r.accessToken)!=null?E:null,t.accessToken.expiresAt=new Date(Date.now()+r.accessTokenExpiresIn*1e3));const i=this.machine.withContext(t);this._interpreter||(this._interpreter=s||d.interpret(i,{devTools:e})),(!this._started||typeof window=="undefined")&&(this._interpreter.initialized&&(this._interpreter.stop(),this._subscriptions.forEach(h=>h())),this._interpreter.start(i.initialState),this._subscriptionsQueue.forEach(h=>h(this))),this._started=!0}get machine(){return this._machine}get interpreter(){return this._interpreter}get started(){return this._started}subscribe(e){if(this.started){const r=e(this);return this._subscriptions.add(r),r}else return this._subscriptionsQueue.add(e),()=>{console.log("onTokenChanged was added before the interpreter started. Cannot unsubscribe listener.")}}}class Pe extends Z{constructor({...e}){super({...e,autoSignIn:D()&&e.autoSignIn,autoRefreshToken:D()&&e.autoRefreshToken,clientStorageType:"cookie"})}}const tr=Pe,Ne=async({backendUrl:n,interpreter:e},r)=>{try{const{data:s}=await w(`${n}/user/webauthn/add`,{},e==null?void 0:e.getSnapshot().context.accessToken.value);let t;try{t=await ge(s)}catch(u){throw new v(u)}const{data:i}=await w(`${n}/user/webauthn/verify`,{credential:t,nickname:r},e==null?void 0:e.getSnapshot().context.accessToken.value);return{key:i,isError:!1,error:null,isSuccess:!0}}catch(s){const{error:t}=s;return{isError:!0,error:t,isSuccess:!1}}},be=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,needsEmailVerification:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,needsEmailVerification:!0})})}),Ce=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{password:e,ticket:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSuccess:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSuccess:!0})})}),ir=n=>new Promise(e=>{n.send("GENERATE"),n.onTransition(r=>{r.matches("generated")?e({error:null,isError:!1,isGenerated:!0,qrCodeDataUrl:r.context.imageUrl||""}):r.matches({idle:"error"})&&e({error:r.context.error||null,isError:!0,isGenerated:!1,qrCodeDataUrl:""})})}),or=(n,e)=>new Promise(r=>{n.send("ACTIVATE",{activeMfaType:"totp",code:e}),n.onTransition(s=>{s.matches({generated:"activated"})?r({error:null,isActivated:!0,isError:!1}):s.matches({generated:{idle:"error"}})&&r({error:s.context.error,isActivated:!1,isError:!0})})}),De=async(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),Me=(n,e,r)=>new Promise(s=>{n.send("REQUEST",{email:e,options:r}),n.onTransition(t=>{t.matches({idle:"error"})?s({error:t.context.error,isError:!0,isSent:!1}):t.matches({idle:"success"})&&s({error:null,isError:!1,isSent:!0})})}),xe=n=>new Promise(e=>{const{changed:r}=n.send("SIGNIN_ANONYMOUS");r||e({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(s=>{s.matches({authentication:"signedIn"})&&e({isSuccess:!0,isError:!1,error:null,user:s.context.user,accessToken:s.context.accessToken.value,refreshToken:s.context.refreshToken.value}),s.matches({authentication:{signedOut:"failed"}})&&e({isSuccess:!1,isError:!0,error:s.context.errors.authentication||null,user:null,accessToken:null,refreshToken:null})})}),Ue=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_PASSWORD",{email:e,password:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:i.user});n.onTransition(u=>{u.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,needsMfaOtp:!1,mfa:null,user:null}):u.matches({authentication:{signedOut:"needsMfa"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!0,mfa:u.context.mfa,user:null}):u.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:u.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:null}):u.matches({authentication:"signedIn"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,needsMfaOtp:!1,mfa:null,user:u.context.user})})}),Y=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_EMAIL",{email:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1});n.onTransition(i=>{i.matches("registration.incomplete.failed")?s({error:i.context.errors.registration||null,isError:!0,isSuccess:!1}):i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})&&s({error:null,isError:!1,isSuccess:!0})})}),Ke=(n,e)=>new Promise(r=>{const{changed:s,context:t}=n.send({type:"SIGNIN_SECURITY_KEY_EMAIL",email:e});if(!s)return r({accessToken:t.accessToken.value,refreshToken:t.refreshToken.value,error:_,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:t.user});n.onTransition(i=>{i.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?r({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):i.matches({authentication:{signedOut:"failed"}})?r({accessToken:null,refreshToken:null,error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):i.matches({authentication:"signedIn"})&&r({accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:i.context.user})})}),Ve=(n,e)=>new Promise(async r=>{var E,h;const s=(E=n.interpreter)==null?void 0:E.getSnapshot(),t=s==null?void 0:s.context.accessToken.value,{data:i}=await w(`${n.backendUrl}/elevate/webauthn`,{email:e},t);let u;try{u=await Te(i)}catch(f){throw new v(f)}try{const{data:{session:f},error:a}=await w(`${n.backendUrl}/elevate/webauthn/verify`,{email:e,credential:u},t);f&&!a&&((h=n.interpreter)==null||h.send({type:"SESSION_UPDATE",data:{session:f}}),r({error:null,isError:!1,isSuccess:!0,elevated:!0}))}catch(f){const{error:a}=f;r({error:a,isError:!0,isSuccess:!1,elevated:!1})}}),Le=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNIN_MFA_TOTP",{otp:e,ticket:r});if(!t)return s({accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,error:_,isError:!0,isSuccess:!1,user:i.user});n.onTransition(u=>{u.matches({authentication:{signedOut:"failed"}})?s({accessToken:null,refreshToken:null,error:u.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null}):u.matches({authentication:"signedIn"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,user:u.context.user})})}),Ge=(n,e)=>new Promise(r=>{const{changed:s}=n.send("SIGNIN_PAT",{pat:e});s||r({isSuccess:!1,isError:!0,error:_,user:null,accessToken:null,refreshToken:null}),n.onTransition(t=>{if(t.matches({authentication:{signedOut:"failed"}}))return r({accessToken:null,refreshToken:null,user:null,error:t.context.errors.authentication||null,isError:!0,isSuccess:!1});if(t.matches({authentication:"signedIn"}))return r({accessToken:t.context.accessToken.value,refreshToken:t.context.refreshToken.value,user:t.context.user,error:null,isError:!1,isSuccess:!0})})}),j=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send("PASSWORDLESS_SMS",{phoneNumber:e,options:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,needsOtp:!1});n.onTransition(i=>{i.matches("registration.incomplete.needsOtp")?s({error:null,isError:!1,isSuccess:!1,needsOtp:!0}):i.matches("registration.incomplete.failed")&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,needsOtp:!1})})}),He=(n,e,r)=>new Promise(s=>{const{changed:t}=n.send({type:"PASSWORDLESS_SMS_OTP",phoneNumber:e,otp:r});if(!t)return s({error:_,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null});n.onTransition(i=>{i.matches({authentication:"signedIn"})?s({error:null,isError:!1,isSuccess:!0,user:i.context.user,accessToken:i.context.accessToken.value,refreshToken:i.context.refreshToken.value}):i.matches({registration:{incomplete:"failed"}})&&s({error:i.context.errors.authentication||null,isError:!0,isSuccess:!1,user:null,accessToken:null,refreshToken:null})})}),$e=async(n,e)=>new Promise(r=>{const{event:s}=n.send("SIGNOUT",{all:e});if(s.type!=="SIGNED_OUT")return r({isSuccess:!1,isError:!0,error:ae});n.onTransition(t=>{t.matches({authentication:{signedOut:"success"}})?r({isSuccess:!0,isError:!1,error:null}):t.matches("authentication.signedOut.failed")&&r({isSuccess:!1,isError:!0,error:t.context.errors.signout||null})})}),B=(n,e,r,s)=>new Promise(t=>{const{changed:i,context:u}=n.send("SIGNUP_EMAIL_PASSWORD",{email:e,password:r,options:s});if(!i)return t({error:_,accessToken:u.accessToken.value,refreshToken:u.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:u.user});n.onTransition(E=>{E.matches("registration.incomplete.failed")?t({accessToken:null,refreshToken:null,error:E.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):E.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?t({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):E.matches({authentication:"signedIn",registration:"complete"})&&t({accessToken:E.context.accessToken.value,refreshToken:E.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:E.context.user})})}),We=(n,e,r)=>new Promise(s=>{const{changed:t,context:i}=n.send("SIGNUP_SECURITY_KEY",{email:e,options:r});if(!t)return s({error:_,accessToken:i.accessToken.value,refreshToken:i.refreshToken.value,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:i.user});n.onTransition(u=>{u.matches("registration.incomplete.failed")?s({accessToken:null,refreshToken:null,error:u.context.errors.registration||null,isError:!0,isSuccess:!1,needsEmailVerification:!1,user:null}):u.matches({authentication:{signedOut:"noErrors"},registration:{incomplete:"needsEmailVerification"}})?s({accessToken:null,refreshToken:null,error:null,isError:!1,isSuccess:!1,needsEmailVerification:!0,user:null}):u.matches({authentication:"signedIn",registration:"complete"})&&s({accessToken:u.context.accessToken.value,refreshToken:u.context.refreshToken.value,error:null,isError:!1,isSuccess:!0,needsEmailVerification:!1,user:u.context.user})})}),ar=async({backendUrl:n,interpreter:e},{expiresAt:r,metadata:s})=>{try{const{data:t}=await w(`${n}/pat`,{expiresAt:r.toISOString(),metadata:s},e==null?void 0:e.getSnapshot().context.accessToken.value);return{data:t?{id:t.id||null,personalAccessToken:t.personalAccessToken||null}:null,isError:!1,error:null,isSuccess:!0}}catch(t){const{error:i}=t;return{isError:!0,error:i,isSuccess:!1,data:null}}};class cr{constructor({url:e,autoRefreshToken:r=!0,autoSignIn:s=!0,clientStorage:t,clientStorageType:i,refreshIntervalTime:u,start:E=!0}){var h;this.url=e,this._client=new Z({backendUrl:e,clientUrl:typeof window!="undefined"&&((h=window.location)==null?void 0:h.origin)||"",autoRefreshToken:r,autoSignIn:s,start:E,clientStorage:t,clientStorageType:i,refreshIntervalTime:u})}async signUp(e){const r=await this.waitUntilReady(),{email:s,options:t}=e;return"securityKey"in e?A(await We(r,s,t)):A(await B(r,s,e.password,t))}async connectProvider(e){const s=(await this.waitUntilReady()).getSnapshot().context.accessToken.value,{provider:t,options:i}=e,u=K(`${this._client.backendUrl}/signin/provider/${t}`,p(this._client.clientUrl,{...i,connect:s}));return D()&&(window.location.href=u),{providerUrl:u}}async signIn(e){const r=await this.waitUntilReady();if(!e){const s=await xe(r);return{...A(s),mfa:null}}if("provider"in e){const{provider:s,options:t}=e,i=K(`${this._client.backendUrl}/signin/provider/${s}`,p(this._client.clientUrl,t));return D()&&(window.location.href=i),{providerUrl:i,provider:s,session:null,mfa:null,error:null}}if("email"in e&&"password"in e){const s=await Ue(r,e.email,e.password);return s.needsEmailVerification?{session:null,mfa:null,error:ce}:s.needsMfaOtp?{session:null,mfa:s.mfa,error:null}:{...A(s),mfa:null}}if("email"in e&&"securityKey"in e){if(e.securityKey!==!0)throw Error("securityKey must be true");const s=await Ke(r,e.email);return{...A(s),mfa:null}}if("email"in e){const{email:s,options:t}=e,{error:i}=await Y(r,s,t);return{session:null,mfa:null,error:i}}if("phoneNumber"in e&&"otp"in e){const s=await He(r,e.phoneNumber,e.otp);return{...A(s),mfa:null}}if("phoneNumber"in e){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s,mfa:null,session:null}}if("otp"in e){const s=await Le(r,e.otp,e.ticket);return{...A(s),mfa:null}}return{error:le,mfa:null,session:null}}async signInPAT(e){const r=await this.waitUntilReady(),s=await Ge(r,e);return A(s)}async signOut(e){const r=await this.waitUntilReady(),{error:s}=await $e(r,e==null?void 0:e.all);return{error:s}}async resetPassword({email:e,options:r}){const s=d.interpret(Oe(this._client)).start(),{error:t}=await De(s,e,r);return{error:t}}async changePassword({newPassword:e,ticket:r}){const s=d.interpret(ke(this._client)).start(),{error:t}=await Ce(s,e,r);return{error:t}}async sendVerificationEmail({email:e,options:r}){const s=d.interpret(ve(this._client)).start(),{error:t}=await Me(s,e,r);return{error:t}}async changeEmail({newEmail:e,options:r}){const s=d.interpret(ye(this._client)).start(),{error:t}=await be(s,e,r);return{error:t}}async deanonymize(e){const r=await this.waitUntilReady();if(e.signInMethod==="passwordless"){if(e.connection==="email"){const{error:s}=await Y(r,e.email,e.options);return{error:s}}if(e.connection==="sms"){const{error:s}=await j(r,e.phoneNumber,e.options);return{error:s}}}if(e.signInMethod==="email-password"){const{error:s}=await B(r,e.email,e.password,e.options);return{error:s}}throw Error("Unknown deanonymization method")}async addSecurityKey(e){const{error:r,key:s}=await Ne(this._client,e);return{error:r,key:s}}async elevateEmailSecurityKey(e){if(!e)throw Error("A user email is required");return{...await Ve(this._client,e),mfa:null}}async createPAT(e,r){return ar(this._client,{expiresAt:e,metadata:r})}onTokenChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{t.type==="TOKEN_CHANGED"&&e(b(i))});return()=>r==null?void 0:r.stop()})}onAuthStateChanged(e){return this._client.subscribe(()=>{var s;const r=(s=this._client.interpreter)==null?void 0:s.onTransition(({event:t,context:i})=>{(t.type==="SIGNED_IN"||t.type==="SIGNED_OUT")&&e(t.type,b(i))});return()=>r==null?void 0:r.stop()})}isAuthenticated(){var e;return!!((e=this._client.interpreter)!=null&&e.getSnapshot().matches({authentication:"signedIn"}))}async isAuthenticatedAsync(){return(await this.waitUntilReady()).getSnapshot().matches({authentication:"signedIn"})}getAuthenticationStatus(){var r;const e=((r=this.client.interpreter)==null?void 0:r.getSnapshot().context.importTokenAttempts)||0;return this.isReady()?{isAuthenticated:this.isAuthenticated(),isLoading:!1,connectionAttempts:e}:{isAuthenticated:!1,isLoading:!0,connectionAttempts:e}}getAccessToken(){var e,r;return(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot().context.accessToken.value)!=null?r:void 0}getDecodedAccessToken(){const e=this.getAccessToken();return e?Fe.jwtDecode(e):null}getHasuraClaims(){var e;return((e=this.getDecodedAccessToken())==null?void 0:e["https://hasura.io/jwt/claims"])||null}getHasuraClaim(e){var r;return((r=this.getHasuraClaims())==null?void 0:r[e.startsWith("x-hasura-")?e:`x-hasura-${e}`])||null}async refreshSession(e){try{const r=await this.waitUntilReady();return new Promise(s=>{const t=e||r.getSnapshot().context.refreshToken.value;if(!t)return s({session:null,error:ie});const{changed:i}=r.send("TRY_TOKEN",{token:t});if(!i)return s({session:null,error:oe});r.onTransition(u=>{u.matches({token:{idle:"error"}})?s({session:null,error:ue}):u.event.type==="TOKEN_CHANGED"&&s({session:b(u.context),error:null})})})}catch(r){return{session:null,error:r.message}}}getSession(){var e,r;return b((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)}getUser(){var e,r,s;return((s=(r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())==null?void 0:r.context)==null?void 0:s.user)||null}waitUntilReady(){const r=this._client.interpreter;if(!r)throw Error("Auth interpreter not set");return r.getSnapshot().hasTag("loading")?new Promise((s,t)=>{let i=setTimeout(()=>t("The state machine is not yet ready after 15 seconds."),15e3);r.onTransition(u=>{if(!u.hasTag("loading"))return clearTimeout(i),s(r)})}):Promise.resolve(r)}isReady(){var e,r;return!((r=(e=this._client.interpreter)==null?void 0:e.getSnapshot())!=null&&r.hasTag("loading"))}get client(){return this._client}}exports.AuthClient=Z;exports.AuthClientSSR=tr;exports.AuthCookieClient=Pe;exports.CodifiedError=v;exports.EMAIL_NEEDS_VERIFICATION=ce;exports.HasuraAuthClient=cr;exports.INITIAL_MACHINE_CONTEXT=M;exports.INVALID_EMAIL_ERROR=I;exports.INVALID_MFA_CODE_ERROR=se;exports.INVALID_MFA_TICKET_ERROR=ne;exports.INVALID_MFA_TYPE_ERROR=re;exports.INVALID_PASSWORD_ERROR=U;exports.INVALID_PHONE_NUMBER_ERROR=W;exports.INVALID_REFRESH_TOKEN=ue;exports.INVALID_SIGN_IN_METHOD=le;exports.MIN_PASSWORD_LENGTH=J;exports.NETWORK_ERROR_CODE=Q;exports.NHOST_JWT_EXPIRES_AT_KEY=k;exports.NHOST_REFRESH_TOKEN_ID_KEY=N;exports.NHOST_REFRESH_TOKEN_KEY=O;exports.NO_MFA_TICKET_ERROR=te;exports.NO_REFRESH_TOKEN=ie;exports.OTHER_ERROR_CODE=z;exports.REFRESH_TOKEN_MAX_ATTEMPTS=$;exports.STATE_ERROR_CODE=P;exports.TOKEN_REFRESHER_RUNNING_ERROR=oe;exports.TOKEN_REFRESH_MARGIN_SECONDS=ee;exports.USER_ALREADY_SIGNED_IN=_;exports.USER_NOT_ANONYMOUS=je;exports.USER_UNAUTHENTICATED=ae;exports.VALIDATION_ERROR_CODE=R;exports.activateMfaPromise=or;exports.addSecurityKeyPromise=Ne;exports.changeEmailPromise=be;exports.changePasswordPromise=Ce;exports.createAuthMachine=Se;exports.createChangeEmailMachine=ye;exports.createChangePasswordMachine=ke;exports.createEnableMfaMachine=nr;exports.createResetPasswordMachine=Oe;exports.createSendVerificationEmailMachine=ve;exports.elevateEmailSecurityKeyPromise=Ve;exports.encodeQueryParameters=K;exports.generateQrCodePromise=ir;exports.getAuthenticationResult=A;exports.getFetch=Ae;exports.getParameterByName=C;exports.getSession=b;exports.isBrowser=D;exports.isValidEmail=y;exports.isValidPassword=V;exports.isValidPhoneNumber=F;exports.isValidTicket=Ie;exports.localStorageGetter=pe;exports.localStorageSetter=we;exports.postFetch=w;exports.removeParameterFromWindow=q;exports.resetPasswordPromise=De;exports.rewriteRedirectTo=p;exports.sendVerificationEmailPromise=Me;exports.signInAnonymousPromise=xe;exports.signInEmailPasswordPromise=Ue;exports.signInEmailPasswordlessPromise=Y;exports.signInEmailSecurityKeyPromise=Ke;exports.signInMfaTotpPromise=Le;exports.signInPATPromise=Ge;exports.signInSmsPasswordlessOtpPromise=He;exports.signInSmsPasswordlessPromise=j;exports.signOutPromise=$e;exports.signUpEmailPasswordPromise=B;exports.signUpEmailSecurityKeyPromise=We; | ||
| //# sourceMappingURL=index.cjs.js.map |
@@ -175,3 +175,3 @@ export interface Typegen0 { | ||
| reportSignedIn: '' | 'SESSION_UPDATE' | 'done.invoke.authenticateAnonymously' | 'done.invoke.authenticateUserWithPassword' | 'done.invoke.authenticateUserWithSecurityKey' | 'done.invoke.authenticateWithPAT' | 'done.invoke.authenticateWithToken' | 'done.invoke.importRefreshToken' | 'done.invoke.passwordlessSmsOtp' | 'done.invoke.signInMfaTotp' | 'done.invoke.signUpEmailPassword' | 'done.invoke.signUpSecurityKey'; | ||
| reportSignedOut: 'SIGNOUT' | 'done.invoke.authenticateUserWithPassword' | 'done.invoke.importRefreshToken' | 'done.invoke.passwordlessEmail' | 'done.invoke.passwordlessSms' | 'done.invoke.signUpEmailPassword' | 'done.invoke.signUpSecurityKey' | 'error.platform.authenticateAnonymously' | 'error.platform.authenticateUserWithPassword' | 'error.platform.authenticateUserWithSecurityKey' | 'error.platform.authenticateWithPAT' | 'error.platform.authenticateWithToken' | 'error.platform.importRefreshToken' | 'error.platform.signInMfaTotp'; | ||
| reportSignedOut: 'SIGNOUT' | 'done.invoke.authenticateUserWithPassword' | 'done.invoke.importRefreshToken' | 'done.invoke.passwordlessEmail' | 'done.invoke.passwordlessSms' | 'done.invoke.signUpEmailPassword' | 'done.invoke.signUpSecurityKey' | 'error.platform.authenticateAnonymously' | 'error.platform.authenticateUserWithPassword' | 'error.platform.authenticateUserWithSecurityKey' | 'error.platform.authenticateWithPAT' | 'error.platform.authenticateWithToken' | 'error.platform.importRefreshToken' | 'error.platform.refreshToken' | 'error.platform.signInMfaTotp'; | ||
| reportTokenChanged: 'SESSION_UPDATE' | 'SIGNIN_ANONYMOUS' | 'SIGNIN_MFA_TOTP' | 'SIGNIN_PASSWORD' | 'SIGNIN_PAT' | 'SIGNIN_SECURITY_KEY_EMAIL' | 'done.invoke.authenticateAnonymously' | 'done.invoke.authenticateUserWithPassword' | 'done.invoke.authenticateUserWithSecurityKey' | 'done.invoke.authenticateWithPAT' | 'done.invoke.authenticateWithToken' | 'done.invoke.importRefreshToken' | 'done.invoke.passwordlessSmsOtp' | 'done.invoke.refreshToken' | 'done.invoke.signInMfaTotp' | 'done.invoke.signUpEmailPassword' | 'done.invoke.signUpSecurityKey' | 'done.invoke.signingOut' | 'error.platform.signingOut' | 'xstate.stop'; | ||
@@ -198,2 +198,3 @@ resetErrors: '' | 'PASSWORDLESS_EMAIL' | 'PASSWORDLESS_SMS' | 'PASSWORDLESS_SMS_OTP' | 'SESSION_UPDATE' | 'SIGNIN_ANONYMOUS' | 'SIGNIN_MFA_TOTP' | 'SIGNIN_PASSWORD' | 'SIGNIN_PAT' | 'SIGNIN_SECURITY_KEY_EMAIL' | 'SIGNUP_EMAIL_PASSWORD' | 'SIGNUP_SECURITY_KEY' | 'done.invoke.authenticateAnonymously' | 'done.invoke.authenticateUserWithPassword' | 'done.invoke.authenticateUserWithSecurityKey' | 'done.invoke.authenticateWithPAT' | 'done.invoke.authenticateWithToken' | 'done.invoke.importRefreshToken' | 'done.invoke.passwordlessSmsOtp' | 'done.invoke.signInMfaTotp' | 'done.invoke.signUpEmailPassword' | 'done.invoke.signUpSecurityKey'; | ||
| isSignedIn: '' | 'error.platform.authenticateWithToken'; | ||
| isUnauthorizedError: 'error.platform.refreshToken'; | ||
| noToken: ''; | ||
@@ -200,0 +201,0 @@ refreshTimerShouldRefresh: ''; |
| { | ||
| "name": "@nhost/hasura-auth-js", | ||
| "version": "2.5.4", | ||
| "version": "2.5.5", | ||
| "description": "Hasura-auth client", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
1450089
0.15%- Lines of code
8034
0.14%No dependency changes