{
  "version": 3,
  "sources": ["../../src/editorbar/api.ts"],
  "sourcesContent": ["import { getServiceMap } from \"@framerjs/shared/src/ServiceMap.ts\" // @framerjs/shared is not tree-shakeable\nimport type { EditorBarSiteAccess } from \"./types.ts\"\n\nexport enum EditorBarAccessStatus {\n\t/** No Framer account */\n\tNoAuth = \"no-auth\",\n\t/** Has a Framer account but no access to project */\n\tNoAccess = \"no-access\",\n\t/** Has access to project, but no content permission */\n\tNoPermission = \"no-permission\",\n\t/** Network requests failed */\n\tError = \"error\",\n\t/** We don't (yet) know the access because user hasn't granted Storage Access API permission */\n\tUnknown = \"unknown\",\n\t/** Has access to Project and content permission */\n\tSuccess = \"success\",\n}\n\ninterface CommonEditorBarAccessApiResponse {\n\tuserId?: string\n}\n\nexport type EditorBarAccessApiResponse = CommonEditorBarAccessApiResponse &\n\t(\n\t\t| {\n\t\t\t\tstatus:\n\t\t\t\t\t| EditorBarAccessStatus.NoAuth\n\t\t\t\t\t| EditorBarAccessStatus.Error\n\t\t\t\t\t| EditorBarAccessStatus.Unknown\n\t\t\t\t\t| EditorBarAccessStatus.NoAccess\n\t\t\t\t\t| EditorBarAccessStatus.NoPermission\n\t\t  }\n\t\t| {\n\t\t\t\tstatus: EditorBarAccessStatus.Success\n\t\t\t\tdata: EditorBarSiteAccess\n\t\t  }\n\t)\n\nasync function getStorageAccessPermission() {\n\ttry {\n\t\treturn await navigator.permissions.query({\n\t\t\t// biome-ignore lint/suspicious/noExplicitAny: The types are wrong. \"storage-access\" is a valid name.\n\t\t\tname: \"storage-access\" as any,\n\t\t})\n\t} catch (_) {\n\t\t// Safari doesn't implement querying the \"storage-access\" permission.\n\t\treturn { state: \"prompt\" }\n\t}\n}\n\nfunction getEditorBarEnvironment() {\n\tswitch (window.location.origin) {\n\t\tcase \"https://edit.framerlocal.com\":\n\t\t\treturn \"local\"\n\t\tcase \"https://edit.development.framer.com\":\n\t\t\treturn \"development\"\n\t\tdefault:\n\t\t\treturn \"production\"\n\t}\n}\n\nfunction redirectToCookieMonster() {\n\tconst returnUrl = new URL(window.location.href)\n\treturnUrl.searchParams.set(\"cookieMonsterDone\", \"true\")\n\n\tconst redirectUrl = new URL(window.location.origin)\n\tredirectUrl.pathname = \"/cookie-monster\"\n\tredirectUrl.searchParams.set(\"continue\", returnUrl.toString())\n\n\twindow.location.href = redirectUrl.toString()\n}\n\n/**\n * Note: we are intentionally not using {@link import(\"web/lib/apiFetcher\").apiFetcher} here.\n * apiFetcher comes with a significant amount of bloat, and we don't want to download it for\n * production site visitors that may not see the Editor Bar.\n *\n * The drawback of this is that we won't get any of the goodies that apiFetcher provides,\n * like automatic retries, locally persisting the token, and automatically refreshing it.\n *\n * We don't need automatic refreshing because we only send one FramerEditApi request in the\n * entire EditorBar session. The rest are nice to have, but not essential.\n *\n * When we expand FramerEditApi with more requests, we should use apiFetcher for those.\n */\nasync function requestAccessToken() {\n\tconst response = await fetch(`${getServiceMap().api}/auth/web/access-token?source=editorbar`, {\n\t\tcredentials: \"include\",\n\t})\n\n\tif (!response.ok) {\n\t\treturn undefined\n\t}\n\n\tconst data = await response.json()\n\tconst { accessToken } = data\n\treturn accessToken\n}\n\nasync function getUserIdFromToken(token: string): Promise<string | undefined> {\n\ttry {\n\t\tconst { jwtDecode } = await import(\"jwt-decode\")\n\t\tconst decoded = jwtDecode<{ userId: string }>(token)\n\t\treturn decoded.userId\n\t} catch {\n\t\treturn undefined\n\t}\n}\n\nexport async function getEditorBarAccess(siteId: string): Promise<EditorBarAccessApiResponse> {\n\tif (\"hasStorageAccess\" in document) {\n\t\tconst hasStorageAccess = await document.hasStorageAccess()\n\t\tif (!hasStorageAccess) {\n\t\t\tconst permission = await getStorageAccessPermission()\n\t\t\tif (permission.state === \"granted\") {\n\t\t\t\t// Even if our permission is already granted, the API mandates that we must request it.\n\t\t\t\t// It will be automatically granted.\n\t\t\t\t// See https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess\n\t\t\t\tawait document.requestStorageAccess()\n\t\t\t} else {\n\t\t\t\t// We can't know the authentication state because we can't access our own cookies.\n\t\t\t\t// We'll ask for permission on the first user interaction.\n\t\t\t\treturn { status: EditorBarAccessStatus.Unknown }\n\t\t\t}\n\t\t}\n\t}\n\n\tconst accessToken = await requestAccessToken()\n\tif (!accessToken) {\n\t\treturn { status: EditorBarAccessStatus.NoAuth }\n\t}\n\n\tconst [userId, response] = await Promise.all([\n\t\tgetUserIdFromToken(accessToken),\n\t\tfetch(`${getServiceMap().api}/edit/sites/${siteId}/access`, {\n\t\t\theaders: {\n\t\t\t\tAuthorization: `Bearer ${accessToken}`,\n\t\t\t},\n\t\t}),\n\t])\n\n\tif (!response.ok) {\n\t\tswitch (response.status) {\n\t\t\tcase 401: {\n\t\t\t\tif (\n\t\t\t\t\tgetEditorBarEnvironment() === \"development\" &&\n\t\t\t\t\tnew URLSearchParams(window.location.search).get(\"cookieMonsterDone\") !== \"true\"\n\t\t\t\t) {\n\t\t\t\t\tredirectToCookieMonster()\n\t\t\t\t\t// Fake an error just so that we show nothing\n\t\t\t\t\treturn { status: EditorBarAccessStatus.Error }\n\t\t\t\t}\n\n\t\t\t\treturn { status: EditorBarAccessStatus.NoAuth }\n\t\t\t}\n\t\t\tcase 404: {\n\t\t\t\treturn { status: EditorBarAccessStatus.NoAccess, userId }\n\t\t\t}\n\t\t\tdefault: {\n\t\t\t\treturn { status: EditorBarAccessStatus.Error }\n\t\t\t}\n\t\t}\n\t}\n\n\tlet data: EditorBarSiteAccess | undefined\n\ttry {\n\t\tdata = await response.json()\n\t} catch {\n\t\treturn { status: EditorBarAccessStatus.Error }\n\t}\n\n\tif (data?.permissions?.canEditContent !== \"on\") {\n\t\treturn { status: EditorBarAccessStatus.NoPermission, userId }\n\t}\n\n\treturn { status: EditorBarAccessStatus.Success, data, userId }\n}\n"],
  "mappings": ";;;;;AAsCA,eAAe,6BAA6B;AAC3C,MAAI;AACH,WAAO,MAAM,UAAU,YAAY,MAAM;AAAA;AAAA,MAExC,MAAM;AAAA,IACP,CAAC;AAAA,EACF,SAAS,GAAG;AAEX,WAAO,EAAE,OAAO,SAAS;AAAA,EAC1B;AACD;AAEA,SAAS,0BAA0B;AAClC,UAAQ,OAAO,SAAS,QAAQ;AAAA,IAC/B,KAAK;AACJ,aAAO;AAAA,IACR,KAAK;AACJ,aAAO;AAAA,IACR;AACC,aAAO;AAAA,EACT;AACD;AAEA,SAAS,0BAA0B;AAClC,QAAM,YAAY,IAAI,IAAI,OAAO,SAAS,IAAI;AAC9C,YAAU,aAAa,IAAI,qBAAqB,MAAM;AAEtD,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,MAAM;AAClD,cAAY,WAAW;AACvB,cAAY,aAAa,IAAI,YAAY,UAAU,SAAS,CAAC;AAE7D,SAAO,SAAS,OAAO,YAAY,SAAS;AAC7C;AAeA,eAAe,qBAAqB;AACnC,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,EAAE,GAAG,2CAA2C;AAAA,IAC7F,aAAa;AAAA,EACd,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AACjB,WAAO;AAAA,EACR;AAEA,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAM,EAAE,YAAY,IAAI;AACxB,SAAO;AACR;AAEA,eAAe,mBAAmB,OAA4C;AAC7E,MAAI;AACH,UAAM,EAAE,UAAU,IAAI,MAAM,OAAO,yCAAY;AAC/C,UAAM,UAAU,UAA8B,KAAK;AACnD,WAAO,QAAQ;AAAA,EAChB,QAAQ;AACP,WAAO;AAAA,EACR;AACD;AAEA,eAAsB,mBAAmB,QAAqD;AAC7F,MAAI,sBAAsB,UAAU;AACnC,UAAM,mBAAmB,MAAM,SAAS,iBAAiB;AACzD,QAAI,CAAC,kBAAkB;AACtB,YAAM,aAAa,MAAM,2BAA2B;AACpD,UAAI,WAAW,UAAU,WAAW;AAInC,cAAM,SAAS,qBAAqB;AAAA,MACrC,OAAO;AAGN,eAAO,EAAE,QAAQ,wBAA8B;AAAA,MAChD;AAAA,IACD;AAAA,EACD;AAEA,QAAM,cAAc,MAAM,mBAAmB;AAC7C,MAAI,CAAC,aAAa;AACjB,WAAO,EAAE,QAAQ,uBAA6B;AAAA,EAC/C;AAEA,QAAM,CAAC,QAAQ,QAAQ,IAAI,MAAM,QAAQ,IAAI;AAAA,IAC5C,mBAAmB,WAAW;AAAA,IAC9B,MAAM,GAAG,cAAc,EAAE,GAAG,eAAe,MAAM,WAAW;AAAA,MAC3D,SAAS;AAAA,QACR,eAAe,UAAU,WAAW;AAAA,MACrC;AAAA,IACD,CAAC;AAAA,EACF,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AACjB,YAAQ,SAAS,QAAQ;AAAA,MACxB,KAAK,KAAK;AACT,YACC,wBAAwB,MAAM,iBAC9B,IAAI,gBAAgB,OAAO,SAAS,MAAM,EAAE,IAAI,mBAAmB,MAAM,QACxE;AACD,kCAAwB;AAExB,iBAAO,EAAE,QAAQ,oBAA4B;AAAA,QAC9C;AAEA,eAAO,EAAE,QAAQ,uBAA6B;AAAA,MAC/C;AAAA,MACA,KAAK,KAAK;AACT,eAAO,EAAE,QAAQ,4BAAgC,OAAO;AAAA,MACzD;AAAA,MACA,SAAS;AACR,eAAO,EAAE,QAAQ,oBAA4B;AAAA,MAC9C;AAAA,IACD;AAAA,EACD;AAEA,MAAI;AACJ,MAAI;AACH,WAAO,MAAM,SAAS,KAAK;AAAA,EAC5B,QAAQ;AACP,WAAO,EAAE,QAAQ,oBAA4B;AAAA,EAC9C;AAEA,MAAI,MAAM,aAAa,mBAAmB,MAAM;AAC/C,WAAO,EAAE,QAAQ,oCAAoC,OAAO;AAAA,EAC7D;AAEA,SAAO,EAAE,QAAQ,yBAA+B,MAAM,OAAO;AAC9D;",
  "names": []
}