UNPKG

@aptos-labs/siwa

Version:

Library of utilities for Sign in with Aptos

github.com/aptos-labs/sign-in-with-aptos

aptos-labs/sign-in-with-aptos

1 lines 30.9 kB
1
{"version":3,"sources":["../src/index.ts","../src/core.ts","../src/internal.ts","../src/signatures.ts","../src/utils.ts","../src/serializers.ts"],"sourcesContent":["import type { AptosSignInBoundFields } from \"@aptos-labs/wallet-standard\";\n\nexport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n AptosSignInOutput,\n} from \"@aptos-labs/wallet-standard\";\nexport * from \"./core.js\";\nexport * from \"./serializers.js\";\nexport {\n VerificationComparisonError,\n VerificationError,\n VerificationMessageError,\n VerificationResult,\n VerificationSignatureError,\n} from \"./types.js\";\nexport * from \"./utils.js\";\n\n/**\n * @deprecated Use `AptosSignInBoundFields` instead.\n */\nexport type AptosSignInRequiredFields = AptosSignInBoundFields;\n","import {\n AccountAddress,\n AccountPublicKey,\n type Aptos,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n} from \"@aptos-labs/wallet-standard\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { arraysEqual, asyncTryOrDefault, mainnet } from \"./internal.js\";\nimport { verifySignature } from \"./signatures.js\";\nimport type {\n VerificationError,\n VerificationMessageError,\n VerificationResult,\n VerificationResultWithData,\n} from \"./types.js\";\n\n/**\n * Create a SIWA message from the input following the ABNF format defined in the Sign in with Aptos specifications.\n *\n * @param input The input to create the SIWA message from.\n *\n * @returns The SIWA message text.\n */\nexport function createSignInMessage(\n input: AptosSignInInput & AptosSignInBoundFields,\n): string {\n let message = `${input.domain} wants you to sign in with your Aptos account:\\n`;\n message += `${input.address}`;\n\n if (input.statement) {\n message += `\\n\\n${input.statement}`;\n }\n\n const fields: string[] = [];\n if (input.uri) {\n fields.push(`URI: ${input.uri}`);\n }\n if (input.version) {\n fields.push(`Version: ${input.version}`);\n }\n if (input.nonce) {\n fields.push(`Nonce: ${input.nonce}`);\n }\n if (input.issuedAt) {\n fields.push(`Issued At: ${input.issuedAt}`);\n }\n if (input.expirationTime) {\n fields.push(`Expiration Time: ${input.expirationTime}`);\n }\n if (input.notBefore) {\n fields.push(`Not Before: ${input.notBefore}`);\n }\n if (input.requestId) {\n fields.push(`Request ID: ${input.requestId}`);\n }\n if (input.chainId) {\n fields.push(`Chain ID: ${input.chainId}`);\n }\n if (input.resources) {\n fields.push(\"Resources:\");\n for (const resource of input.resources) {\n fields.push(`- ${resource}`);\n }\n }\n\n if (fields.length) {\n message += `\\n\\n${fields.join(\"\\n\")}`;\n }\n\n return message;\n}\n\n/**\n * Generate a signing message using the SIWA signing algorithm.\n * ( sha3_256(b\"SIGN_IN_WITH_APTOS::\" ) || <message> )\n *\n * @param message The SIWA message to sign.\n *\n * @returns The signing message.\n */\nexport function createSignInSigningMessage(message: string): Uint8Array {\n const domainSeparator = \"SIGN_IN_WITH_APTOS::\";\n const domainSeparatorHash = sha3_256(domainSeparator);\n return new Uint8Array([\n ...domainSeparatorHash,\n ...new TextEncoder().encode(message),\n ]);\n}\n\nconst DOMAIN =\n \"(?<domain>[^\\\\n]+?) wants you to sign in with your Aptos account:\\\\n\";\nconst ADDRESS = \"(?<address>[^\\\\n]+)(?:\\\\n|$)\";\nconst STATEMENT = \"(?:\\\\n(?<statement>[\\\\S\\\\s]*?)(?:\\\\n|$))??\";\nconst URI = \"(?:\\\\nURI: (?<uri>[^\\\\n]+))?\";\nconst VERSION = \"(?:\\\\nVersion: (?<version>[^\\\\n]+))?\";\nconst NONCE = \"(?:\\\\nNonce: (?<nonce>[^\\\\n]+))?\";\nconst ISSUED_AT = \"(?:\\\\nIssued At: (?<issuedAt>[^\\\\n]+))?\";\nconst EXPIRATION_TIME = \"(?:\\\\nExpiration Time: (?<expirationTime>[^\\\\n]+))?\";\nconst NOT_BEFORE = \"(?:\\\\nNot Before: (?<notBefore>[^\\\\n]+))?\";\nconst REQUEST_ID = \"(?:\\\\nRequest ID: (?<requestId>[^\\\\n]+))?\";\nconst CHAIN_ID = \"(?:\\\\nChain ID: (?<chainId>[^\\\\n]+))?\";\nconst RESOURCES = \"(?:\\\\nResources:(?<resources>(?:\\\\n- [^\\\\n]+)*))?\";\nconst FIELDS = `${URI}${VERSION}${NONCE}${ISSUED_AT}${EXPIRATION_TIME}${NOT_BEFORE}${REQUEST_ID}${CHAIN_ID}${RESOURCES}`;\nconst MESSAGE = new RegExp(`^${DOMAIN}${ADDRESS}${STATEMENT}${FIELDS}\\\\n*$`);\n\n/**\n * Parse a SIWA message into an `AptosSignInInput` object with the required fields.\n *\n * @param text The SIWA message to parse.\n *\n * @returns The parsed `AptosSignInInput` object with the required fields.\n */\nexport function parseSignInMessage(\n text: string,\n): VerificationResultWithData<AptosSignInInput & AptosSignInBoundFields> {\n const match = MESSAGE.exec(text);\n if (!match) return { valid: false, errors: [\"invalid_message\"] };\n\n const groups = match.groups;\n if (!groups) return { valid: false, errors: [\"invalid_message\"] };\n\n const errors: VerificationMessageError[] = [];\n\n if (!groups.domain || groups.domain === \"undefined\")\n errors.push(\"message_domain_missing\");\n if (!groups.address || groups.address === \"undefined\")\n errors.push(\"message_address_missing\");\n if (!groups.version || groups.version === \"undefined\")\n errors.push(\"message_version_missing\");\n if (!groups.chainId || groups.chainId === \"undefined\")\n errors.push(\"message_chain_id_missing\");\n\n if (errors.length) return { valid: false, errors };\n\n return {\n valid: true,\n data: {\n domain: groups.domain,\n address: groups.address,\n statement: groups.statement,\n uri: groups.uri,\n version: groups.version,\n nonce: groups.nonce,\n chainId: groups.chainId,\n issuedAt: groups.issuedAt,\n expirationTime: groups.expirationTime,\n notBefore: groups.notBefore,\n requestId: groups.requestId,\n resources: groups.resources?.split(\"\\n- \").slice(1),\n },\n };\n}\n\n/**\n * Verifies a SIWA plain text message against expected `AptosSignInInput` fields (including required fields).\n *\n * @param params.publicKey The public key of the user that is signing in.\n * @param params.expected The expected fields to verify against the input.\n * @param params.message The SIWA plain text message to verify.\n *\n * @param options.aptosConfig The Aptos configuration to use for the verification.\n * @param options.excludedResources The resources to exclude from the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignInMessage(\n params: {\n publicKey: PublicKey;\n // From the beginning of the flow\n expected: AptosSignInInput & { domain: string };\n // From wallet, AptosSignInOutput\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos; excludedResources?: string[] } = {},\n): Promise<VerificationResult> {\n const { expected, input, publicKey } = params;\n\n if (!(publicKey instanceof AccountPublicKey)) {\n return { valid: false, errors: [\"invalid_public_key\"] };\n }\n\n // 1. Check that the authentication key of the account at `input.address` matches the `PublicKey`'s derived authentication key\n const accountAddress = input.address;\n const accountAuthenticationKey = await asyncTryOrDefault(\n async () =>\n (await (options.aptos ?? mainnet).getAccountInfo({ accountAddress }))\n .authentication_key,\n accountAddress,\n );\n const publicKeyAuthenticationKey = publicKey.authKey().derivedAddress();\n if (\n !AccountAddress.from(accountAuthenticationKey, {\n maxMissingChars: 63,\n }).equals(publicKeyAuthenticationKey)\n ) {\n return { valid: false, errors: [\"invalid_auth_key\"] };\n }\n\n // 2. Check if the `expected` fields match the `input` fields\n const errors: VerificationError[] = [];\n\n if (expected.domain && expected.domain !== input.domain)\n errors.push(\"message_domain_mismatch\");\n if (expected.address && expected.address !== input.address)\n errors.push(\"message_address_mismatch\");\n if (expected.statement !== input.statement)\n errors.push(\"message_statement_mismatch\");\n if (expected.uri && expected.uri !== input.uri)\n errors.push(\"message_uri_mismatch\");\n if (expected.version && expected.version !== input.version)\n errors.push(\"message_version_mismatch\");\n if (expected.chainId && expected.chainId !== input.chainId)\n errors.push(\"message_chain_id_mismatch\");\n if (expected.nonce !== input.nonce) errors.push(\"message_nonce_mismatch\");\n if (expected.issuedAt !== input.issuedAt)\n errors.push(\"message_issued_at_mismatch\");\n if (expected.expirationTime !== input.expirationTime)\n errors.push(\"message_expiration_time_mismatch\");\n if (expected.notBefore !== input.notBefore)\n errors.push(\"message_not_before_mismatch\");\n if (expected.requestId !== input.requestId)\n errors.push(\"message_request_id_mismatch\");\n if (expected.resources) {\n if (!input.resources) {\n errors.push(\"message_resources_missing\");\n } else if (\n !arraysEqual(\n expected.resources,\n input.resources,\n // If there is resource injection, exclude the resource since the expected value is not known\n options?.excludedResources,\n )\n ) {\n errors.push(\"message_resources_mismatch\");\n }\n } else if (input.resources) {\n errors.push(\"message_resources_unexpected\");\n }\n\n // 3. Do timebased comparisons on `expirationTime` and `notBefore`\n const currentTime = new Date();\n\n if (\n expected.expirationTime &&\n currentTime.getTime() >= new Date(expected.expirationTime).getTime()\n ) {\n errors.push(\"message_expired\");\n }\n\n if (\n expected.notBefore &&\n currentTime.getTime() < new Date(expected.notBefore).getTime()\n ) {\n errors.push(\"message_not_yet_valid\");\n }\n\n if (errors.length) return { valid: false, errors };\n\n return { valid: true };\n}\n\n/**\n * Using the `publicKey` and `signature`, verify that the `signature` is valid for the `message`.\n *\n * @param output The `AptosSignInOutput` to verify against the input.\n *\n * @returns The `AptosSignInInput` fields that are parsed from the message.\n */\nexport async function verifySignInSignature(\n output: {\n publicKey: PublicKey;\n signature: Signature;\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos } = {},\n): Promise<VerificationResult> {\n const siwaMessage = createSignInMessage(output.input);\n\n const signingMessage = createSignInSigningMessage(siwaMessage);\n\n const isSignatureValid = await verifySignature(\n {\n publicKey: output.publicKey,\n signature: output.signature,\n signingMessage,\n },\n options,\n );\n if (!isSignatureValid) return { valid: false, errors: [\"invalid_signature\"] };\n\n return { valid: true };\n}\n","import { Aptos, AptosConfig, Network } from \"@aptos-labs/ts-sdk\";\n\n/**\n * @internal\n *\n * Type with a numeric `length` and numerically indexed elements of a generic type `T`.\n *\n * For example, `Array<T>` and `Uint8Array`.\n *\n * @group Internal\n */\nexport interface Indexed<T> {\n length: number;\n [index: number]: T;\n}\n\n/**\n * @internal\n *\n * Efficiently compare {@link Indexed} arrays (e.g. `Array` and `Uint8Array`).\n *\n * @param a An array.\n * @param b Another array.\n * @param excludedValues Values to exclude from `a` the comparison.\n *\n * @return `true` if the arrays have the same length and elements, `false` otherwise.\n *\n * @group Internal\n */\nexport function arraysEqual<T>(\n a: Indexed<T>,\n b: Indexed<T>,\n excludedValues?: T[],\n): boolean {\n if (a === b) return true;\n\n const length = a.length;\n if (length !== b.length) return false;\n\n for (let i = 0; i < length; i++) {\n if (excludedValues?.includes(a[i])) continue;\n if (a[i] !== b[i]) return false;\n }\n\n return true;\n}\n\n/**\n * @internal\n *\n * Encode a `Uint8Array` to a base64 string.\n *\n * @param bytes A `Uint8Array` to encode.\n *\n * @returns A base64 encoded string.\n *\n * @group Internal\n */\nexport function encodeBase64(bytes: Uint8Array): string {\n const base64Alphabet =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";\n let result = \"\";\n for (let i = 0; i < bytes.byteLength; i += 3) {\n let buffer = 0;\n let bufferBitSize = 0;\n for (let j = 0; j < 3 && i + j < bytes.byteLength; j++) {\n buffer = (buffer << 8) | bytes[i + j];\n bufferBitSize += 8;\n }\n for (let j = 0; j < 4; j++) {\n if (bufferBitSize >= 6) {\n result += base64Alphabet[(buffer >> (bufferBitSize - 6)) & 0x3f];\n bufferBitSize -= 6;\n } else if (bufferBitSize > 0) {\n result += base64Alphabet[(buffer << (6 - bufferBitSize)) & 0x3f];\n bufferBitSize = 0;\n }\n }\n }\n return result;\n}\n\nexport async function asyncTryOrDefault<T>(\n fn: () => Promise<T>,\n defaultValue: T,\n): Promise<T> {\n try {\n return await fn();\n } catch (_) {\n return defaultValue;\n }\n}\n\nexport const mainnet = new Aptos(new AptosConfig({ network: Network.MAINNET }));\n","import type { Aptos, HexInput, PublicKey, Signature } from \"@aptos-labs/ts-sdk\";\nimport { mainnet } from \"./internal.js\";\n\n/**\n * Verifies a signature using the Sign in with Aptos signing algorithm.\n *\n * @param output The AptosSignInOutput to verify the signature against.\n * @param options The options to use for the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignature(\n params: {\n publicKey: PublicKey;\n signature: Signature;\n signingMessage: HexInput;\n },\n options: { aptos?: Aptos } = {},\n): Promise<boolean> {\n return params.publicKey.verifySignatureAsync({\n aptosConfig: options.aptos?.config ?? mainnet.config,\n message: params.signingMessage,\n signature: params.signature,\n });\n}\n","import {\n AnyPublicKey,\n AnySignature,\n Deserializer,\n Ed25519PublicKey,\n Ed25519Signature,\n Hex,\n type HexInput,\n MultiEd25519PublicKey,\n MultiEd25519Signature,\n MultiKey,\n MultiKeySignature,\n type PublicKey,\n type Signature,\n SigningScheme,\n} from \"@aptos-labs/ts-sdk\";\nimport { encodeBase64 } from \"./internal.js\";\n\n/**\n * Check if the scheme is a valid public key scheme\n *\n * @param scheme The scheme to check.\n *\n * @returns True if the scheme is a valid public key scheme, false otherwise.\n */\nexport const isValidPublicKeyScheme = (\n scheme: string,\n): scheme is \"ed25519\" | \"multi_ed25519\" | \"single_key\" | \"multi_key\" => {\n return (\n scheme === \"ed25519\" ||\n scheme === \"multi_ed25519\" ||\n scheme === \"single_key\" ||\n scheme === \"multi_key\"\n );\n};\n\n/**\n * Get the signing scheme of a public key.\n *\n * @param value The public key or signing scheme to get the scheme of.\n *\n * @returns The signing scheme of the public key.\n */\nexport function getSignInPublicKeyScheme(\n value: SigningScheme | PublicKey,\n): string {\n // If the value is a PublicKey\n if (typeof value === \"object\") {\n if (Ed25519PublicKey.isInstance(value)) {\n return \"ed25519\";\n }\n if (AnyPublicKey.isInstance(value)) {\n return \"single_key\";\n }\n if (MultiKey.isInstance(value)) {\n return \"multi_key\";\n }\n if (value instanceof MultiEd25519PublicKey) {\n return \"multi_ed25519\";\n }\n throw new Error(`Unknown public key type for instance: ${value}`);\n }\n\n // If the value is a SigningScheme\n switch (value) {\n case SigningScheme.Ed25519:\n return \"ed25519\";\n case SigningScheme.MultiEd25519:\n return \"multi_ed25519\";\n case SigningScheme.SingleKey:\n return \"single_key\";\n case SigningScheme.MultiKey:\n return \"multi_key\";\n default:\n throw new Error(`Unknown public key type for signing scheme: ${value}`);\n }\n}\n\n/**\n * Deserialize a public key from a hex string.\n *\n * @param scheme The signing scheme of the public key.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized public key.\n */\nexport function deserializeSignInPublicKey(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\",\n value: HexInput,\n): PublicKey {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519PublicKey.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519PublicKey.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnyPublicKey.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKey.deserialize(deserializer);\n default:\n throw new Error(\n `Unknown public key type for signing scheme: ${scheme}`,\n );\n }\n }\n\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519PublicKey.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519PublicKey.deserialize(deserializer);\n case \"single_key\":\n return AnyPublicKey.deserialize(deserializer);\n case \"multi_key\":\n return MultiKey.deserialize(deserializer);\n default:\n throw new Error(`Unknown public key type: ${scheme}`);\n }\n}\n\n/**\n * Deserialize a signature from a hex string.\n *\n * @param scheme The signing scheme of the signature.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized signature.\n */\nexport function deserializeSignInSignature(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\",\n value: HexInput,\n): Signature {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519Signature.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519Signature.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnySignature.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKeySignature.deserialize(deserializer);\n default:\n throw new Error(`Unknown signature type for signing scheme: ${scheme}`);\n }\n }\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519Signature.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519Signature.deserialize(deserializer);\n case \"single_key\":\n return AnySignature.deserialize(deserializer);\n case \"multi_key\":\n return MultiKeySignature.deserialize(deserializer);\n default:\n throw new Error(`Unknown signature type: ${scheme}`);\n }\n}\n\n/**\n * Generates a random nonce using the `crypto.getRandomValues` API.\n *\n * @returns A random nonce.\n */\nexport function generateNonce(): string {\n const bytes = new Uint8Array(12);\n crypto.getRandomValues(bytes);\n return encodeBase64(bytes);\n}\n","import type { PublicKey, Signature } from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n AptosSignInOutput,\n} from \"@aptos-labs/wallet-standard\";\nimport {\n deserializeSignInPublicKey,\n deserializeSignInSignature,\n isValidPublicKeyScheme,\n} from \"./utils.js\";\n\nexport const CURRENT_SERIALIZATION_VERSION = \"2\";\n\nexport type SerializationVersion = \"2\";\n\nexport type SerializedAptosSignInOutput = {\n version: \"2\";\n type: string;\n signature: string;\n input: AptosSignInInput & AptosSignInBoundFields;\n publicKey: string;\n};\n\nexport type DeserializedAptosSignInOutput = {\n version: \"2\";\n type: string;\n signature: Signature;\n input: AptosSignInInput & AptosSignInBoundFields;\n publicKey: PublicKey;\n};\n\n/**\n * A helper function that serializes a `AptosSignInOutput` to a versioned `SerializedAptosSignInOutput`. This format is used to help transfer\n * the `AptosSignInOutput` from the frontend to the backend.\n *\n * @param output - The `AptosSignInOutput` to serialize.\n * @returns The serialized `AptosSignInOutput`.\n */\nexport const serializeSignInOutput = (\n output: Pick<AptosSignInOutput, \"type\" | \"signature\" | \"input\" | \"account\">,\n): SerializedAptosSignInOutput => ({\n version: CURRENT_SERIALIZATION_VERSION,\n type: output.type,\n signature: output.signature.bcsToHex().toString(),\n input: output.input,\n publicKey: output.account.publicKey.bcsToHex().toString(),\n});\n\n/**\n * A helper function that deserializes a `SerializedAptosSignInOutput` to a `AptosSignInOutput`. This format is used to help transfer\n * the `AptosSignInOutput` from the backend to the frontend.\n *\n * @param serialized - The `SerializedAptosSignInOutput` to deserialize.\n * @returns The deserialized `AptosSignInOutput`.\n */\nexport const deserializeSignInOutput = (\n serialized: SerializedAptosSignInOutput,\n): DeserializedAptosSignInOutput => {\n const { version } = serialized;\n\n if (version === \"2\") {\n if (!isValidPublicKeyScheme(serialized.type)) {\n throw new Error(`Unexpected public key scheme: ${serialized.type}`);\n }\n\n return {\n version: \"2\",\n type: serialized.type,\n signature: deserializeSignInSignature(\n serialized.type,\n serialized.signature,\n ),\n input: serialized.input,\n publicKey: deserializeSignInPublicKey(\n serialized.type,\n serialized.publicKey,\n ),\n };\n }\n\n throw new Error(`Unexpected serialization version: ${version}`);\n};\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mCAAAE,EAAA,wBAAAC,EAAA,+BAAAC,EAAA,4BAAAC,EAAA,+BAAAC,EAAA,+BAAAC,EAAA,kBAAAC,EAAA,6BAAAC,EAAA,2BAAAC,EAAA,uBAAAC,EAAA,0BAAAC,EAAA,wBAAAC,EAAA,0BAAAC,IAAA,eAAAC,EAAAf,GCAA,IAAAgB,EAMO,8BAKPC,EAAyB,8BCXzB,IAAAC,EAA4C,8BA6BrC,SAASC,EACdC,EACAC,EACAC,EACS,CACT,GAAIF,IAAMC,EAAG,MAAO,GAEpB,IAAME,EAASH,EAAE,OACjB,GAAIG,IAAWF,EAAE,OAAQ,MAAO,GAEhC,QAASG,EAAI,EAAGA,EAAID,EAAQC,IAC1B,GAAI,CAAAF,GAAgB,SAASF,EAAEI,CAAC,CAAC,GAC7BJ,EAAEI,CAAC,IAAMH,EAAEG,CAAC,EAAG,MAAO,GAG5B,MAAO,EACT,CAaO,SAASC,EAAaC,EAA2B,CACtD,IAAMC,EACJ,mEACEC,EAAS,GACb,QAASJ,EAAI,EAAGA,EAAIE,EAAM,WAAYF,GAAK,EAAG,CAC5C,IAAIK,EAAS,EACTC,EAAgB,EACpB,QAASC,EAAI,EAAGA,EAAI,GAAKP,EAAIO,EAAIL,EAAM,WAAYK,IACjDF,EAAUA,GAAU,EAAKH,EAAMF,EAAIO,CAAC,EACpCD,GAAiB,EAEnB,QAASC,EAAI,EAAGA,EAAI,EAAGA,IACjBD,GAAiB,GACnBF,GAAUD,EAAgBE,GAAWC,EAAgB,EAAM,EAAI,EAC/DA,GAAiB,GACRA,EAAgB,IACzBF,GAAUD,EAAgBE,GAAW,EAAIC,EAAkB,EAAI,EAC/DA,EAAgB,EAGtB,CACA,OAAOF,CACT,CAEA,eAAsBI,EACpBC,EACAC,EACY,CACZ,GAAI,CACF,OAAO,MAAMD,EAAG,CAClB,MAAY,CACV,OAAOC,CACT,CACF,CAEO,IAAMC,EAAU,IAAI,QAAM,IAAI,cAAY,CAAE,QAAS,UAAQ,OAAQ,CAAC,CAAC,EClF9E,eAAsBC,EACpBC,EAKAC,EAA6B,CAAC,EACZ,CAClB,OAAOD,EAAO,UAAU,qBAAqB,CAC3C,YAAaC,EAAQ,OAAO,QAAUC,EAAQ,OAC9C,QAASF,EAAO,eAChB,UAAWA,EAAO,SACpB,CAAC,CACH,CFIO,SAASG,EACdC,EACQ,CACR,IAAIC,EAAU,GAAGD,EAAM,MAAM;AAAA,EAC7BC,GAAW,GAAGD,EAAM,OAAO,GAEvBA,EAAM,YACRC,GAAW;AAAA;AAAA,EAAOD,EAAM,SAAS,IAGnC,IAAME,EAAmB,CAAC,EAyB1B,GAxBIF,EAAM,KACRE,EAAO,KAAK,QAAQF,EAAM,GAAG,EAAE,EAE7BA,EAAM,SACRE,EAAO,KAAK,YAAYF,EAAM,OAAO,EAAE,EAErCA,EAAM,OACRE,EAAO,KAAK,UAAUF,EAAM,KAAK,EAAE,EAEjCA,EAAM,UACRE,EAAO,KAAK,cAAcF,EAAM,QAAQ,EAAE,EAExCA,EAAM,gBACRE,EAAO,KAAK,oBAAoBF,EAAM,cAAc,EAAE,EAEpDA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,SACRE,EAAO,KAAK,aAAaF,EAAM,OAAO,EAAE,EAEtCA,EAAM,UAAW,CACnBE,EAAO,KAAK,YAAY,EACxB,QAAWC,KAAYH,EAAM,UAC3BE,EAAO,KAAK,KAAKC,CAAQ,EAAE,CAE/B,CAEA,OAAID,EAAO,SACTD,GAAW;AAAA;AAAA,EAAOC,EAAO,KAAK;AAAA,CAAI,CAAC,IAG9BD,CACT,CAUO,SAASG,EAA2BH,EAA6B,CAEtE,IAAMI,KAAsB,YADJ,sBAC4B,EACpD,OAAO,IAAI,WAAW,CACpB,GAAGA,EACH,GAAG,IAAI,YAAY,EAAE,OAAOJ,CAAO,CACrC,CAAC,CACH,CAEA,IAAMK,EACJ,uEACIC,EAAU,+BACVC,EAAY,6CACZC,EAAM,+BACNC,EAAU,uCACVC,EAAQ,mCACRC,EAAY,0CACZC,EAAkB,sDAClBC,EAAa,4CACbC,EAAa,4CACbC,EAAW,wCACXC,EAAY,oDACZC,EAAS,GAAGT,CAAG,GAAGC,CAAO,GAAGC,CAAK,GAAGC,CAAS,GAAGC,CAAe,GAAGC,CAAU,GAAGC,CAAU,GAAGC,CAAQ,GAAGC,CAAS,GAChHE,EAAU,IAAI,OAAO,IAAIb,CAAM,GAAGC,CAAO,GAAGC,CAAS,GAAGU,CAAM,OAAO,EASpE,SAASE,EACdC,EACuE,CACvE,IAAMC,EAAQH,EAAQ,KAAKE,CAAI,EAC/B,GAAI,CAACC,EAAO,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,iBAAiB,CAAE,EAE/D,IAAMC,EAASD,EAAM,OACrB,GAAI,CAACC,EAAQ,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,iBAAiB,CAAE,EAEhE,IAAMC,EAAqC,CAAC,EAW5C,OATI,CAACD,EAAO,QAAUA,EAAO,SAAW,cACtCC,EAAO,KAAK,wBAAwB,GAClC,CAACD,EAAO,SAAWA,EAAO,UAAY,cACxCC,EAAO,KAAK,yBAAyB,GACnC,CAACD,EAAO,SAAWA,EAAO,UAAY,cACxCC,EAAO,KAAK,yBAAyB,GACnC,CAACD,EAAO,SAAWA,EAAO,UAAY,cACxCC,EAAO,KAAK,0BAA0B,EAEpCA,EAAO,OAAe,CAAE,MAAO,GAAO,OAAAA,CAAO,EAE1C,CACL,MAAO,GACP,KAAM,CACJ,OAAQD,EAAO,OACf,QAASA,EAAO,QAChB,UAAWA,EAAO,UAClB,IAAKA,EAAO,IACZ,QAASA,EAAO,QAChB,MAAOA,EAAO,MACd,QAASA,EAAO,QAChB,SAAUA,EAAO,SACjB,eAAgBA,EAAO,eACvB,UAAWA,EAAO,UAClB,UAAWA,EAAO,UAClB,UAAWA,EAAO,WAAW,MAAM;AAAA,GAAM,EAAE,MAAM,CAAC,CACpD,CACF,CACF,CAcA,eAAsBE,EACpBC,EAOAC,EAA2D,CAAC,EAC/B,CAC7B,GAAM,CAAE,SAAAC,EAAU,MAAA5B,EAAO,UAAA6B,CAAU,EAAIH,EAEvC,GAAI,EAAEG,aAAqB,oBACzB,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,oBAAoB,CAAE,EAIxD,IAAMC,EAAiB9B,EAAM,QACvB+B,EAA2B,MAAMC,EACrC,UACG,MAAOL,EAAQ,OAASM,GAAS,eAAe,CAAE,eAAAH,CAAe,CAAC,GAChE,mBACLA,CACF,EACMI,EAA6BL,EAAU,QAAQ,EAAE,eAAe,EACtE,GACE,CAAC,iBAAe,KAAKE,EAA0B,CAC7C,gBAAiB,EACnB,CAAC,EAAE,OAAOG,CAA0B,EAEpC,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,kBAAkB,CAAE,EAItD,IAAMV,EAA8B,CAAC,EAEjCI,EAAS,QAAUA,EAAS,SAAW5B,EAAM,QAC/CwB,EAAO,KAAK,yBAAyB,EACnCI,EAAS,SAAWA,EAAS,UAAY5B,EAAM,SACjDwB,EAAO,KAAK,0BAA0B,EACpCI,EAAS,YAAc5B,EAAM,WAC/BwB,EAAO,KAAK,4BAA4B,EACtCI,EAAS,KAAOA,EAAS,MAAQ5B,EAAM,KACzCwB,EAAO,KAAK,sBAAsB,EAChCI,EAAS,SAAWA,EAAS,UAAY5B,EAAM,SACjDwB,EAAO,KAAK,0BAA0B,EACpCI,EAAS,SAAWA,EAAS,UAAY5B,EAAM,SACjDwB,EAAO,KAAK,2BAA2B,EACrCI,EAAS,QAAU5B,EAAM,OAAOwB,EAAO,KAAK,wBAAwB,EACpEI,EAAS,WAAa5B,EAAM,UAC9BwB,EAAO,KAAK,4BAA4B,EACtCI,EAAS,iBAAmB5B,EAAM,gBACpCwB,EAAO,KAAK,kCAAkC,EAC5CI,EAAS,YAAc5B,EAAM,WAC/BwB,EAAO,KAAK,6BAA6B,EACvCI,EAAS,YAAc5B,EAAM,WAC/BwB,EAAO,KAAK,6BAA6B,EACvCI,EAAS,UACN5B,EAAM,UAGRmC,EACCP,EAAS,UACT5B,EAAM,UAEN2B,GAAS,iBACX,GAEAH,EAAO,KAAK,4BAA4B,EATxCA,EAAO,KAAK,2BAA2B,EAWhCxB,EAAM,WACfwB,EAAO,KAAK,8BAA8B,EAI5C,IAAMY,EAAc,IAAI,KAgBxB,OAbER,EAAS,gBACTQ,EAAY,QAAQ,GAAK,IAAI,KAAKR,EAAS,cAAc,EAAE,QAAQ,GAEnEJ,EAAO,KAAK,iBAAiB,EAI7BI,EAAS,WACTQ,EAAY,QAAQ,EAAI,IAAI,KAAKR,EAAS,SAAS,EAAE,QAAQ,GAE7DJ,EAAO,KAAK,uBAAuB,EAGjCA,EAAO,OAAe,CAAE,MAAO,GAAO,OAAAA,CAAO,EAE1C,CAAE,MAAO,EAAK,CACvB,CASA,eAAsBa,EACpBC,EAKAX,EAA6B,CAAC,EACD,CAC7B,IAAMY,EAAcxC,EAAoBuC,EAAO,KAAK,EAE9CE,EAAiBpC,EAA2BmC,CAAW,EAU7D,OARyB,MAAME,EAC7B,CACE,UAAWH,EAAO,UAClB,UAAWA,EAAO,UAClB,eAAAE,CACF,EACAb,CACF,EAGO,CAAE,MAAO,EAAK,EAFS,CAAE,MAAO,GAAO,OAAQ,CAAC,mBAAmB,CAAE,CAG9E,CGxSA,IAAAe,EAeO,8BAUA,IAAMC,EACXC,GAGEA,IAAW,WACXA,IAAW,iBACXA,IAAW,cACXA,IAAW,YAWR,SAASC,EACdC,EACQ,CAER,GAAI,OAAOA,GAAU,SAAU,CAC7B,GAAI,mBAAiB,WAAWA,CAAK,EACnC,MAAO,UAET,GAAI,eAAa,WAAWA,CAAK,EAC/B,MAAO,aAET,GAAI,WAAS,WAAWA,CAAK,EAC3B,MAAO,YAET,GAAIA,aAAiB,wBACnB,MAAO,gBAET,MAAM,IAAI,MAAM,yCAAyCA,CAAK,EAAE,CAClE,CAGA,OAAQA,EAAO,CACb,KAAK,gBAAc,QACjB,MAAO,UACT,KAAK,gBAAc,aACjB,MAAO,gBACT,KAAK,gBAAc,UACjB,MAAO,aACT,KAAK,gBAAc,SACjB,MAAO,YACT,QACE,MAAM,IAAI,MAAM,+CAA+CA,CAAK,EAAE,CAC1E,CACF,CAUO,SAASC,EACdH,EAMAE,EACW,CACX,IAAME,EAAe,IAAI,eAAa,MAAI,aAAaF,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOF,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAK,gBAAc,QACjB,OAAO,mBAAiB,YAAYI,CAAY,EAClD,KAAK,gBAAc,aACjB,OAAO,wBAAsB,YAAYA,CAAY,EACvD,KAAK,gBAAc,UACjB,OAAO,eAAa,YAAYA,CAAY,EAC9C,KAAK,gBAAc,SACjB,OAAO,WAAS,YAAYA,CAAY,EAC1C,QACE,MAAM,IAAI,MACR,+CAA+CJ,CAAM,EACvD,CACJ,CAIF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAO,mBAAiB,YAAYI,CAAY,EAClD,IAAK,gBACH,OAAO,wBAAsB,YAAYA,CAAY,EACvD,IAAK,aACH,OAAO,eAAa,YAAYA,CAAY,EAC9C,IAAK,YACH,OAAO,WAAS,YAAYA,CAAY,EAC1C,QACE,MAAM,IAAI,MAAM,4BAA4BJ,CAAM,EAAE,CACxD,CACF,CAUO,SAASK,EACdL,EAMAE,EACW,CACX,IAAME,EAAe,IAAI,eAAa,MAAI,aAAaF,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOF,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAK,gBAAc,QACjB,OAAO,mBAAiB,YAAYI,CAAY,EAClD,KAAK,gBAAc,aACjB,OAAO,wBAAsB,YAAYA,CAAY,EACvD,KAAK,gBAAc,UACjB,OAAO,eAAa,YAAYA,CAAY,EAC9C,KAAK,gBAAc,SACjB,OAAO,oBAAkB,YAAYA,CAAY,EACnD,QACE,MAAM,IAAI,MAAM,8CAA8CJ,CAAM,EAAE,CAC1E,CAGF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAO,mBAAiB,YAAYI,CAAY,EAClD,IAAK,gBACH,OAAO,wBAAsB,YAAYA,CAAY,EACvD,IAAK,aACH,OAAO,eAAa,YAAYA,CAAY,EAC9C,IAAK,YACH,OAAO,oBAAkB,YAAYA,CAAY,EACnD,QACE,MAAM,IAAI,MAAM,2BAA2BJ,CAAM,EAAE,CACvD,CACF,CAOO,SAASM,GAAwB,CACtC,IAAMC,EAAQ,IAAI,WAAW,EAAE,EAC/B,cAAO,gBAAgBA,CAAK,EACrBC,EAAaD,CAAK,CAC3B,CC9KO,IAAME,EAAgC,IA2BhCC,EACXC,IACiC,CACjC,QAASF,EACT,KAAME,EAAO,KACb,UAAWA,EAAO,UAAU,SAAS,EAAE,SAAS,EAChD,MAAOA,EAAO,MACd,UAAWA,EAAO,QAAQ,UAAU,SAAS,EAAE,SAAS,CAC1D,GASaC,EACXC,GACkC,CAClC,GAAM,CAAE,QAAAC,CAAQ,EAAID,EAEpB,GAAIC,IAAY,IAAK,CACnB,GAAI,CAACC,EAAuBF,EAAW,IAAI,EACzC,MAAM,IAAI,MAAM,iCAAiCA,EAAW,IAAI,EAAE,EAGpE,MAAO,CACL,QAAS,IACT,KAAMA,EAAW,KACjB,UAAWG,EACTH,EAAW,KACXA,EAAW,SACb,EACA,MAAOA,EAAW,MAClB,UAAWI,EACTJ,EAAW,KACXA,EAAW,SACb,CACF,CACF,CAEA,MAAM,IAAI,MAAM,qCAAqCC,CAAO,EAAE,CAChE","names":["index_exports","__export","CURRENT_SERIALIZATION_VERSION","createSignInMessage","createSignInSigningMessage","deserializeSignInOutput","deserializeSignInPublicKey","deserializeSignInSignature","generateNonce","getSignInPublicKeyScheme","isValidPublicKeyScheme","parseSignInMessage","serializeSignInOutput","verifySignInMessage","verifySignInSignature","__toCommonJS","import_ts_sdk","import_sha3","import_ts_sdk","arraysEqual","a","b","excludedValues","length","i","encodeBase64","bytes","base64Alphabet","result","buffer","bufferBitSize","j","asyncTryOrDefault","fn","defaultValue","mainnet","verifySignature","params","options","mainnet","createSignInMessage","input","message","fields","resource","createSignInSigningMessage","domainSeparatorHash","DOMAIN","ADDRESS","STATEMENT","URI","VERSION","NONCE","ISSUED_AT","EXPIRATION_TIME","NOT_BEFORE","REQUEST_ID","CHAIN_ID","RESOURCES","FIELDS","MESSAGE","parseSignInMessage","text","match","groups","errors","verifySignInMessage","params","options","expected","publicKey","accountAddress","accountAuthenticationKey","asyncTryOrDefault","mainnet","publicKeyAuthenticationKey","arraysEqual","currentTime","verifySignInSignature","output","siwaMessage","signingMessage","verifySignature","import_ts_sdk","isValidPublicKeyScheme","scheme","getSignInPublicKeyScheme","value","deserializeSignInPublicKey","deserializer","deserializeSignInSignature","generateNonce","bytes","encodeBase64","CURRENT_SERIALIZATION_VERSION","serializeSignInOutput","output","deserializeSignInOutput","serialized","version","isValidPublicKeyScheme","deserializeSignInSignature","deserializeSignInPublicKey"]}