/**
 * Skipped minification because the original files appears to be already minified.
 * Original file: /npm/near-sign-verify@0.4.5/dist/index.js
 *
 * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files
 */
import{ed25519 as I}from"@noble/curves/ed25519.js";import{base58 as T,base64 as z}from"@scure/base";import{ed25519 as $}from"@noble/curves/ed25519.js";import{sha256 as K}from"@noble/hashes/sha2.js";import{base58 as F}from"@scure/base";import{b as R}from"@zorsh/zorsh";import{b as o}from"@zorsh/zorsh";var k=o.struct({message:o.string(),nonce:o.array(o.u8(),32),recipient:o.string(),callbackUrl:o.option(o.string())}),h=o.struct({accountId:o.string(),publicKey:o.string(),signature:o.string(),message:o.string(),nonce:o.array(o.u8(),32),recipient:o.string(),callbackUrl:o.option(o.string()),state:o.option(o.string())});var g="ed25519:",W=2147484061;function w(t){let e=R.u32().serialize(W),r={...t,nonce:Array.from(t.nonce),callbackUrl:t.callbackUrl||null},a=k.serialize(r),n=new Uint8Array(e.length+a.length);return n.set(e,0),n.set(a,e.length),n}function A(t){return K(t)}async function N(t,e,r){if(r.startsWith(g)){if(!$.verify(e,t,F.decode(r.split(":")[1])))throw new Error("Ed25519 signature verification failed.");return!0}throw new Error(`Unsupported public key type: "${r}". Must start with "${g}".`)}function P(){let t=Date.now().toString(),e=crypto.getRandomValues(new Uint8Array(16)),r=new TextEncoder,a=new Uint8Array(32),n=r.encode(t.padStart(16,"0"));return a.set(n.slice(0,16)),a.set(e,16),a}function D(t,e=864e5){try{if(t.length!==32)throw new Error("Invalid nonce length");let r=new TextDecoder,a=t.slice(0,16),n=r.decode(a).replace(/^0+/,""),s=parseInt(n,10);if(isNaN(s))throw new Error("Invalid timestamp in nonce");let i=Date.now()-s;if(i<0)throw new Error("Nonce timestamp is in the future");if(i>e)throw new Error("Nonce has expired")}catch(r){throw r instanceof Error?r:new Error("Unknown error validating nonce")}}import{base64 as M}from"@scure/base";function U(t){let e=h.serialize(t);return M.encode(e)}async function _(t,e,r){let{message:a,recipient:n,nonce:s,callbackUrl:i}=r,l={message:a,nonce:Array.from(s),recipient:n,callbackUrl:i||null},c=w(l),d=A(c);if(!t.startsWith(g))throw new Error("Invalid KeyPair format: missing ed25519 prefix.");let f=t.substring(g.length),p=T.decode(f);if(p.length!==64)throw new Error(`Expected decoded private key to be 64 bytes for Ed25519, got ${p.length}`);let m=p.slice(0,32),y=I.sign(d,m),b=z.encode(y),x=I.getPublicKey(m),E=g+T.encode(x),S={accountId:e,publicKey:E,signature:b,message:a,nonce:Array.from(s),recipient:n,callbackUrl:i||null,state:r.state||null};return U(S)}async function j(t,e){let{message:r,recipient:a,nonce:n,callbackUrl:s}=e,i=await t.signMessage({message:r,nonce:n,recipient:a}),l={accountId:i.accountId,publicKey:i.publicKey,signature:i.signature,message:r,nonce:Array.from(n),recipient:a,callbackUrl:s||null,state:i.state||null};return U(l)}function V(t){if(typeof t.signMessage=="function")return"wallet";if(typeof t=="string"&&t.startsWith(g))return"keypair";throw new Error("Invalid signer: must be KeyPair or a wallet object with a signMessage method.")}async function B(t,e){let{signer:r,accountId:a,recipient:n,callbackUrl:s,nonce:i,state:l}=e,c=i||P(),d={message:t,recipient:n,nonce:c,callbackUrl:s||null,state:l||null};if(V(r)==="keypair"){if(!a)throw new Error("accountId is required when using a KeyPair signer.");return _(r,a,d)}return j(r,d)}import{base64 as C}from"@scure/base";import{base64 as O}from"@scure/base";function v(t){try{let e=O.decode(t),r=h.deserialize(e);if(!r)throw new Error("Deserialization failed: null result");return r}catch(e){throw e instanceof Error?new Error(`Invalid auth token: ${e.message.replace(/^Error: /,"")}`):new Error(`Invalid auth token: ${String(e)}`)}}async function H(t,e,r){let i=`${t.endsWith(".testnet")?"https://test.api.fastnear.com":"https://api.fastnear.com"}/v0/public_key/${e}${r?"":"/all"}`;try{let l=await fetch(i);if(!l.ok)return{success:!1,apiFailure:!0};let c=await l.json();return c&&Array.isArray(c.account_ids)?c.account_ids.includes(t)?{success:!0}:{success:!1,apiFailure:!1}:{success:!1,apiFailure:!0}}catch{return{success:!1,apiFailure:!0}}}async function q(t,e){let r;try{r=v(t)}catch(u){throw new Error(`Failed to parse auth token: ${u.message}`)}let{accountId:a,publicKey:n,signature:s,message:i,nonce:l,recipient:c,callbackUrl:d,state:f}=r,p=new Uint8Array(l);if(e?.validateNonce){if(!e.validateNonce(p))throw new Error("Custom nonce validation failed.")}else try{D(p,e?.nonceMaxAge)}catch(u){throw new Error(`Nonce validation failed: ${u instanceof Error?u.message:"Unknown error"}`)}if(e?.validateRecipient){if(!e.validateRecipient(c))throw new Error("Custom recipient validation failed.")}else if(e&&typeof e.expectedRecipient=="string"&&c!==e.expectedRecipient)throw new Error(`Recipient mismatch: expected '${e.expectedRecipient}', but recipient is '${c}'.`);if(e?.validateState){if(!e.validateState(f))throw new Error("Custom state validation failed.")}else if(e&&typeof e.expectedState=="string"&&f!==e.expectedState)throw new Error(`State mismatch: expected '${e.expectedState}', got '${f?.toString()||"undefined"}'.`);if(e?.validateMessage){if(!e.validateMessage(i))throw new Error("Custom message validation failed.")}else if(e&&typeof e.expectedMessage=="string"&&i!==e.expectedMessage)throw new Error(`Message mismatch: expected '${e.expectedMessage}', got '${i}'.`);let m=e?.requireFullAccessKey??!0,y=await H(a,n,m);if(!y.success){let u=y.apiFailure?"API error or unexpected response":"public key not associated with the account or does not meet access key requirements";throw new Error(`Public key ownership verification failed: ${u}.`)}let b={message:i,nonce:Array.from(p),recipient:c,callbackUrl:d},x=w(b),E=A(x),S=C.decode(s);try{await N(E,S,n)}catch(u){throw new Error(`Cryptographic signature verification failed: ${u instanceof Error?u.message:String(u)}`)}return{accountId:a,message:i,publicKey:n,callbackUrl:d||void 0,state:f||void 0}}function X(t){return new TextEncoder().encode(t)}function G(t){return new TextDecoder().decode(t)}export{P as generateNonce,v as parseAuthToken,B as sign,X as stringToUint8Array,G as uint8ArrayToString,q as verify};
//# sourceMappingURL=index.js.map