{"version":3,"file":"flow-siwe.cjs","sourceRoot":"","sources":["../../../src/sdk/authentication-jwt-bearer/flow-siwe.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,+BAAmC;AAEnC,6CAMoB;AAUpB,0CAA4C;AAC5C,kFAAyE;AAazE,MAAa,iBAAiB;IAO5B,YACE,MAA4C,EAC5C,OAAmC;;QAR5B,4CAAoB;QAEpB,6CAAqC;QAE9C,4CAA+C;QAM7C,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;QACtB,uBAAA,IAAI,8BAAY,OAAO,MAAA,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,uBAAA,IAAI,uEAAgB,MAApB,IAAI,CAAkB,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,uBAAA,IAAI,8DAAO,MAAX,IAAI,CAAS,CAAC;QAC1C,OAAO,aAAa,CAAC,OAAO,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,uBAAA,IAAI,iCAAQ,CAAC,OAAO,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,MAAM,IAAA,gCAAqB,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;QACjC,OAAO,MAAM,uBAAA,IAAI,iCAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,MAAiC;QACvC,uBAAA,IAAI,6BAAW,MAAM,MAAA,CAAC;IACxB,CAAC;CA2EF;AA/HD,8CA+HC;;AAzEC,0EAA0E;AAC1E,KAAK;IACH,MAAM,IAAI,GAAG,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAC5D,IAAI,CAAC,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;IAE3D,IAAI,UAAU,GAAG,gBAAgB,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,6BAED,KAAK;IACH,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,QAAQ;IACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAQ,EAAC,OAAO,EAAE,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,uBAAA,IAAI,kFAA2B,MAA/B,IAAI,EAA4B,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAErD,eAAe;IACf,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAY,EACrC,UAAU,EACV,SAAS,EACT,uBAAA,IAAI,iCAAQ,CAAC,IAAI,EACjB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CACjB,CAAC;IAEF,YAAY;IACZ,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAa,EACvC,YAAY,CAAC,KAAK,EAClB,uBAAA,IAAI,iCAAQ,CAAC,GAAG,EAChB,uBAAA,IAAI,iCAAQ,CAAC,QAAQ,CACtB,CAAC;IAEF,OAAO;IACP,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,YAAY,CAAC,OAAO;QAC7B,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,MAAM,uBAAA,IAAI,kCAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC,uGAE0B,KAAa;IACtC,uBAAA,IAAI,qEAAc,MAAlB,IAAI,EAAe,uBAAA,IAAI,iCAAQ,CAAC,CAAC;IAEjC,OAAO,IAAI,kBAAW,CAAC;QACrB,MAAM,EAAE,uBAAA,IAAI,iCAAQ,EAAE,MAAM;QAC5B,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,GAAG,EAAE,IAAA,yBAAc,EAAC,uBAAA,IAAI,iCAAQ,CAAC,GAAG,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,uBAAA,IAAI,iCAAQ,EAAE,OAAO;QAC9B,KAAK;QACL,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,CAAC,CAAC,cAAc,EAAE,CAAC;AACtB,CAAC,6EAGC,MAAkC;IAElC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,wBAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC","sourcesContent":["import { SiweMessage } from 'siwe';\n\nimport {\n  SIWE_LOGIN_URL,\n  authenticate,\n  authorizeOIDC,\n  getNonce,\n  getUserProfileLineage,\n} from './services';\nimport type {\n  AuthConfig,\n  AuthStorageOptions,\n  AuthType,\n  IBaseAuth,\n  LoginResponse,\n  UserProfile,\n  UserProfileLineage,\n} from './types';\nimport { ValidationError } from '../errors';\nimport { validateLoginResponse } from '../utils/validate-login-response';\n\ntype JwtBearerAuth_SIWE_Options = {\n  storage: AuthStorageOptions;\n};\n\ntype JwtBearerAuth_SIWE_Signer = {\n  address: string;\n  chainId: number;\n  signMessage: (message: string) => Promise<string>;\n  domain: string;\n};\n\nexport class SIWEJwtBearerAuth implements IBaseAuth {\n  readonly #config: AuthConfig;\n\n  readonly #options: JwtBearerAuth_SIWE_Options;\n\n  #signer: JwtBearerAuth_SIWE_Signer | undefined;\n\n  constructor(\n    config: AuthConfig & { type: AuthType.SiWE },\n    options: JwtBearerAuth_SIWE_Options,\n  ) {\n    this.#config = config;\n    this.#options = options;\n  }\n\n  async getAccessToken(): Promise<string> {\n    const session = await this.#getAuthSession();\n    if (session) {\n      return session.token.accessToken;\n    }\n\n    const loginResponse = await this.#login();\n    return loginResponse.token.accessToken;\n  }\n\n  async getUserProfile(): Promise<UserProfile> {\n    const session = await this.#getAuthSession();\n    if (session) {\n      return session.profile;\n    }\n\n    const loginResponse = await this.#login();\n    return loginResponse.profile;\n  }\n\n  async getIdentifier(): Promise<string> {\n    this.#assertSigner(this.#signer);\n    return this.#signer.address;\n  }\n\n  async getUserProfileLineage(): Promise<UserProfileLineage> {\n    const accessToken = await this.getAccessToken();\n    return await getUserProfileLineage(this.#config.env, accessToken);\n  }\n\n  async signMessage(message: string): Promise<string> {\n    this.#assertSigner(this.#signer);\n    return await this.#signer.signMessage(message);\n  }\n\n  prepare(signer: JwtBearerAuth_SIWE_Signer) {\n    this.#signer = signer;\n  }\n\n  // convert expiresIn from seconds to milliseconds and use 90% of expiresIn\n  async #getAuthSession(): Promise<LoginResponse | null> {\n    const auth = await this.#options.storage.getLoginResponse();\n    if (!validateLoginResponse(auth)) {\n      return null;\n    }\n\n    const currentTime = Date.now();\n    const sessionAge = currentTime - auth.token.obtainedAt;\n    const refreshThreshold = auth.token.expiresIn * 1000 * 0.9;\n\n    if (sessionAge < refreshThreshold) {\n      return auth;\n    }\n    return null;\n  }\n\n  async #login(): Promise<LoginResponse> {\n    this.#assertSigner(this.#signer);\n\n    // Nonce\n    const address = await this.getIdentifier();\n    const nonceRes = await getNonce(address, this.#config.env);\n    const rawMessage = this.#createSiWELoginRawMessage(nonceRes.nonce);\n    const signature = await this.signMessage(rawMessage);\n\n    // Authenticate\n    const authResponse = await authenticate(\n      rawMessage,\n      signature,\n      this.#config.type,\n      this.#config.env,\n    );\n\n    // Authorize\n    const tokenResponse = await authorizeOIDC(\n      authResponse.token,\n      this.#config.env,\n      this.#config.platform,\n    );\n\n    // Save\n    const result: LoginResponse = {\n      profile: authResponse.profile,\n      token: tokenResponse,\n    };\n\n    await this.#options.storage.setLoginResponse(result);\n\n    return result;\n  }\n\n  #createSiWELoginRawMessage(nonce: string): string {\n    this.#assertSigner(this.#signer);\n\n    return new SiweMessage({\n      domain: this.#signer?.domain,\n      address: this.#signer?.address,\n      uri: SIWE_LOGIN_URL(this.#config.env),\n      version: '1',\n      chainId: this.#signer?.chainId,\n      nonce,\n      issuedAt: new Date().toISOString(),\n    }).prepareMessage();\n  }\n\n  #assertSigner(\n    signer?: JwtBearerAuth_SIWE_Signer,\n  ): asserts signer is JwtBearerAuth_SIWE_Signer {\n    if (!signer) {\n      throw new ValidationError(`you must call 'prepare()' before logging in`);\n    }\n  }\n}\n"]}