{"version":3,"sources":["../../src/auth/web3-signed-builder.ts"],"sourcesContent":["/**\n * Builder for Web3Signed Authorization headers.\n *\n * @remarks\n * Ported from `personal-server-ts`\n * (`packages/core/src/signing/request-signer.ts`). The original was wired\n * to a Node-only `ServerAccount` and `node:crypto`. This isomorphic version\n * accepts any `signMessage` callback (viem accounts, wallet clients, etc.)\n * and uses `@noble/hashes` for SHA-256 so it runs in browsers and Workers.\n *\n * Wire format is identical to PS — payload is JSON with sorted keys,\n * base64url-encoded, signed via EIP-191.\n *\n * @category Auth\n */\n\nimport { sha256 } from \"@noble/hashes/sha2\";\nimport { bytesToHex } from \"viem\";\nimport { toBase64 } from \"../utils/encoding\";\n\n/**\n * Sign-message callback compatible with viem `LocalAccount`/`WalletClient`-style\n * signers. Must produce an EIP-191 (`personal_sign`) signature.\n */\nexport type Web3SignedSignFn = (message: string) => Promise<`0x${string}`>;\n\n/** SHA-256 of the empty string — bodyHash for empty bodies. */\nconst EMPTY_BODY_HASH =\n  \"sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\";\n\n/** Default token lifetime (seconds). */\nconst DEFAULT_TTL_SECONDS = 300;\n\n/** Base64url encode bytes (no padding). */\nfunction base64urlEncode(input: Uint8Array): string {\n  return toBase64(input)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\n/** Compute the `sha256:<hex>` bodyHash claim for a request body. */\nexport function computeBodyHash(body: Uint8Array | undefined): string {\n  if (!body || body.length === 0) {\n    return EMPTY_BODY_HASH;\n  }\n  const digest = sha256(body);\n  return `sha256:${bytesToHex(digest).slice(2)}`;\n}\n\n/**\n * Build a Web3Signed Authorization header value.\n *\n * @returns The full header value (`\"Web3Signed <base64url>.<sig>\"`).\n */\nexport async function buildWeb3SignedHeader(params: {\n  /** EIP-191 signer (e.g. viem `account.signMessage`). */\n  signMessage: Web3SignedSignFn;\n  /** Expected origin (e.g. `\"https://ps.example.com\"`). */\n  aud: string;\n  /** HTTP method (e.g. `\"GET\"`). */\n  method: string;\n  /** Request URI/path (e.g. `\"/v1/data/instagram.profile\"`). */\n  uri: string;\n  /** Optional request body — when present, used to compute `bodyHash`. */\n  body?: Uint8Array;\n  /** Issued-at (unix seconds). Defaults to now. */\n  iat?: number;\n  /** Expiry (unix seconds). Defaults to `iat + 300`. */\n  exp?: number;\n  /** Optional grant id, attached as the `grantId` claim. */\n  grantId?: string;\n  /** Pre-computed `bodyHash` claim — overrides `body`. */\n  bodyHash?: string;\n}): Promise<string> {\n  const now = Math.floor(Date.now() / 1000);\n  const iat = params.iat ?? now;\n  const exp = params.exp ?? iat + DEFAULT_TTL_SECONDS;\n\n  const payload: Record<string, unknown> = {\n    aud: params.aud,\n    bodyHash: params.bodyHash ?? computeBodyHash(params.body),\n    exp,\n    iat,\n    method: params.method,\n    uri: params.uri,\n  };\n\n  if (params.grantId !== undefined) {\n    payload[\"grantId\"] = params.grantId;\n  }\n\n  // Sort keys for deterministic serialization.\n  const sortedPayload = Object.keys(payload)\n    .sort()\n    .reduce<Record<string, unknown>>((acc, key) => {\n      acc[key] = payload[key];\n      return acc;\n    }, {});\n\n  const payloadJson = JSON.stringify(sortedPayload);\n  const payloadBytes = new TextEncoder().encode(payloadJson);\n  const payloadBase64 = base64urlEncode(payloadBytes);\n\n  const signature = await params.signMessage(payloadBase64);\n\n  return `Web3Signed ${payloadBase64}.${signature}`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBA,kBAAuB;AACvB,kBAA2B;AAC3B,sBAAyB;AASzB,MAAM,kBACJ;AAGF,MAAM,sBAAsB;AAG5B,SAAS,gBAAgB,OAA2B;AAClD,aAAO,0BAAS,KAAK,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AACtB;AAGO,SAAS,gBAAgB,MAAsC;AACpE,MAAI,CAAC,QAAQ,KAAK,WAAW,GAAG;AAC9B,WAAO;AAAA,EACT;AACA,QAAM,aAAS,oBAAO,IAAI;AAC1B,SAAO,cAAU,wBAAW,MAAM,EAAE,MAAM,CAAC,CAAC;AAC9C;AAOA,eAAsB,sBAAsB,QAmBxB;AAClB,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,QAAM,MAAM,OAAO,OAAO;AAC1B,QAAM,MAAM,OAAO,OAAO,MAAM;AAEhC,QAAM,UAAmC;AAAA,IACvC,KAAK,OAAO;AAAA,IACZ,UAAU,OAAO,YAAY,gBAAgB,OAAO,IAAI;AAAA,IACxD;AAAA,IACA;AAAA,IACA,QAAQ,OAAO;AAAA,IACf,KAAK,OAAO;AAAA,EACd;AAEA,MAAI,OAAO,YAAY,QAAW;AAChC,YAAQ,SAAS,IAAI,OAAO;AAAA,EAC9B;AAGA,QAAM,gBAAgB,OAAO,KAAK,OAAO,EACtC,KAAK,EACL,OAAgC,CAAC,KAAK,QAAQ;AAC7C,QAAI,GAAG,IAAI,QAAQ,GAAG;AACtB,WAAO;AAAA,EACT,GAAG,CAAC,CAAC;AAEP,QAAM,cAAc,KAAK,UAAU,aAAa;AAChD,QAAM,eAAe,IAAI,YAAY,EAAE,OAAO,WAAW;AACzD,QAAM,gBAAgB,gBAAgB,YAAY;AAElD,QAAM,YAAY,MAAM,OAAO,YAAY,aAAa;AAExD,SAAO,cAAc,aAAa,IAAI,SAAS;AACjD;","names":[]}