{"version":3,"file":"validate-login-response.mjs","sourceRoot":"","sources":["../../../src/sdk/utils/validate-login-response.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAc;IAClD,MAAM,YAAY,GAAG,KAAsB,CAAC;IAE5C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,KAAK,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,YAAY,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChE,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACzC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import type { LoginResponse } from '../authentication';\n\n/**\n * Validates that the input is a well-formed, non-expired LoginResponse.\n *\n * Checks structural shape (token + profile objects exist) and verifies\n * the JWT access token's `exp` claim is still in the future. This acts\n * as a hard guard against stale cached tokens regardless of client-side\n * TTL tracking (obtainedAt / expiresIn), which can be corrupted.\n *\n * @param input - unknown/untyped input\n * @returns boolean if input is a valid, non-expired LoginResponse\n */\nexport function validateLoginResponse(input: unknown): input is LoginResponse {\n  const assumedInput = input as LoginResponse;\n\n  if (!assumedInput) {\n    return false;\n  }\n\n  if (!assumedInput?.token || !assumedInput?.profile) {\n    return false;\n  }\n\n  if (isJwtExpired(assumedInput.token.accessToken)) {\n    return false;\n  }\n\n  return true;\n}\n\n/**\n * Checks whether a JWT has expired by decoding its `exp` claim.\n *\n * @param token - A JWT string.\n * @returns true if the token is expired or cannot be decoded; false if still valid.\n */\nfunction isJwtExpired(token: string): boolean {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) {\n      return true;\n    }\n    const base64 = parts[1].replace(/-/gu, '+').replace(/_/gu, '/');\n    const { exp } = JSON.parse(atob(base64));\n    return !Number.isInteger(exp) || exp * 1000 <= Date.now();\n  } catch {\n    return true;\n  }\n}\n"]}