{"version":3,"file":"jwtPayloadParser.mjs","names":["orgPermissions: string[]","orgId: string | undefined","orgRole: OrganizationCustomRoleKey | undefined","orgSlug: string | undefined","orgPermissions: OrganizationCustomPermissionKey[] | undefined"],"sources":["../../src/jwtPayloadParser.ts"],"sourcesContent":["import { splitByScope } from './authorization';\nimport type {\n  JwtPayload,\n  OrganizationCustomPermissionKey,\n  OrganizationCustomRoleKey,\n  SharedSignedInAuthObjectProperties,\n} from './types';\n\nexport const parsePermissions = ({ per, fpm }: { per?: string; fpm?: string }) => {\n  if (!per || !fpm) {\n    return { permissions: [], featurePermissionMap: [] };\n  }\n\n  const permissions = per.split(',').map(p => p.trim());\n\n  // TODO: make this more efficient\n  const featurePermissionMap = fpm\n    .split(',')\n    .map(permission => Number.parseInt(permission.trim(), 10))\n    .map((permission: number) =>\n      permission\n        .toString(2)\n        .padStart(permissions.length, '0')\n        .split('')\n        .map(bit => Number.parseInt(bit, 10))\n        .reverse(),\n    )\n    .filter(Boolean);\n\n  return { permissions, featurePermissionMap };\n};\n\n/**\n *\n */\nfunction buildOrgPermissions({\n  features,\n  permissions,\n  featurePermissionMap,\n}: {\n  features?: string[];\n  permissions?: string[];\n  featurePermissionMap?: number[][];\n}) {\n  // Early return if any required input is missing\n  if (!features || !permissions || !featurePermissionMap) {\n    return [];\n  }\n\n  const orgPermissions: string[] = [];\n\n  // Process each feature and its permissions in a single loop\n  for (let featureIndex = 0; featureIndex < features.length; featureIndex++) {\n    const feature = features[featureIndex];\n\n    if (featureIndex >= featurePermissionMap.length) {\n      continue;\n    }\n\n    const permissionBits = featurePermissionMap[featureIndex];\n    if (!permissionBits) {\n      continue;\n    }\n\n    for (let permIndex = 0; permIndex < permissionBits.length; permIndex++) {\n      if (permissionBits[permIndex] === 1) {\n        orgPermissions.push(`org:${feature}:${permissions[permIndex]}`);\n      }\n    }\n  }\n\n  return orgPermissions;\n}\n\n/**\n * Resolves the signed-in auth state from JWT claims.\n *\n * @experimental\n */\nconst __experimental_JWTPayloadToAuthObjectProperties = (claims: JwtPayload): SharedSignedInAuthObjectProperties => {\n  let orgId: string | undefined;\n  let orgRole: OrganizationCustomRoleKey | undefined;\n  let orgSlug: string | undefined;\n  let orgPermissions: OrganizationCustomPermissionKey[] | undefined;\n\n  // fva can be undefined for instances that have not opt-in\n  const factorVerificationAge = claims.fva ?? null;\n\n  // sts can be undefined for instances that have not opt-in\n  const sessionStatus = claims.sts ?? null;\n\n  switch (claims.v) {\n    case 2: {\n      if (claims.o) {\n        orgId = claims.o?.id;\n        orgSlug = claims.o?.slg;\n\n        if (claims.o?.rol) {\n          orgRole = `org:${claims.o?.rol}`;\n        }\n        const { org } = splitByScope(claims.fea);\n        const { permissions, featurePermissionMap } = parsePermissions({\n          per: claims.o?.per,\n          fpm: claims.o?.fpm,\n        });\n        orgPermissions = buildOrgPermissions({\n          features: org,\n          featurePermissionMap: featurePermissionMap,\n          permissions: permissions,\n        });\n      }\n      break;\n    }\n    default:\n      orgId = claims.org_id;\n      orgRole = claims.org_role;\n      orgSlug = claims.org_slug;\n      orgPermissions = claims.org_permissions;\n      break;\n  }\n\n  return {\n    sessionClaims: claims,\n    sessionId: claims.sid,\n    sessionStatus,\n    actor: claims.act,\n    userId: claims.sub,\n    orgId: orgId,\n    orgRole: orgRole,\n    orgSlug: orgSlug,\n    orgPermissions,\n    factorVerificationAge,\n  };\n};\n\nexport { __experimental_JWTPayloadToAuthObjectProperties };\n"],"mappings":";;;AAQA,MAAa,oBAAoB,EAAE,KAAK,UAA0C;AAChF,KAAI,CAAC,OAAO,CAAC,IACX,QAAO;EAAE,aAAa,EAAE;EAAE,sBAAsB,EAAE;EAAE;CAGtD,MAAM,cAAc,IAAI,MAAM,IAAI,CAAC,KAAI,MAAK,EAAE,MAAM,CAAC;AAgBrD,QAAO;EAAE;EAAa,sBAbO,IAC1B,MAAM,IAAI,CACV,KAAI,eAAc,OAAO,SAAS,WAAW,MAAM,EAAE,GAAG,CAAC,CACzD,KAAK,eACJ,WACG,SAAS,EAAE,CACX,SAAS,YAAY,QAAQ,IAAI,CACjC,MAAM,GAAG,CACT,KAAI,QAAO,OAAO,SAAS,KAAK,GAAG,CAAC,CACpC,SAAS,CACb,CACA,OAAO,QAAQ;EAE0B;;;;;AAM9C,SAAS,oBAAoB,EAC3B,UACA,aACA,wBAKC;AAED,KAAI,CAAC,YAAY,CAAC,eAAe,CAAC,qBAChC,QAAO,EAAE;CAGX,MAAMA,iBAA2B,EAAE;AAGnC,MAAK,IAAI,eAAe,GAAG,eAAe,SAAS,QAAQ,gBAAgB;EACzE,MAAM,UAAU,SAAS;AAEzB,MAAI,gBAAgB,qBAAqB,OACvC;EAGF,MAAM,iBAAiB,qBAAqB;AAC5C,MAAI,CAAC,eACH;AAGF,OAAK,IAAI,YAAY,GAAG,YAAY,eAAe,QAAQ,YACzD,KAAI,eAAe,eAAe,EAChC,gBAAe,KAAK,OAAO,QAAQ,GAAG,YAAY,aAAa;;AAKrE,QAAO;;;;;;;AAQT,MAAM,mDAAmD,WAA2D;CAClH,IAAIC;CACJ,IAAIC;CACJ,IAAIC;CACJ,IAAIC;CAGJ,MAAM,wBAAwB,OAAO,OAAO;CAG5C,MAAM,gBAAgB,OAAO,OAAO;AAEpC,SAAQ,OAAO,GAAf;EACE,KAAK;AACH,OAAI,OAAO,GAAG;AACZ,YAAQ,OAAO,GAAG;AAClB,cAAU,OAAO,GAAG;AAEpB,QAAI,OAAO,GAAG,IACZ,WAAU,OAAO,OAAO,GAAG;IAE7B,MAAM,EAAE,QAAQ,aAAa,OAAO,IAAI;IACxC,MAAM,EAAE,aAAa,yBAAyB,iBAAiB;KAC7D,KAAK,OAAO,GAAG;KACf,KAAK,OAAO,GAAG;KAChB,CAAC;AACF,qBAAiB,oBAAoB;KACnC,UAAU;KACY;KACT;KACd,CAAC;;AAEJ;EAEF;AACE,WAAQ,OAAO;AACf,aAAU,OAAO;AACjB,aAAU,OAAO;AACjB,oBAAiB,OAAO;AACxB;;AAGJ,QAAO;EACL,eAAe;EACf,WAAW,OAAO;EAClB;EACA,OAAO,OAAO;EACd,QAAQ,OAAO;EACR;EACE;EACA;EACT;EACA;EACD"}