{ "version": 3, "sources": ["../../src/index.ts", "../../src/utils/Logger.ts", "../../src/utils/CryptoUtils.ts", "../../src/utils/Event.ts", "../../node_modules/jwt-decode/build/esm/index.js", "../../src/utils/JwtUtils.ts", "../../src/utils/PopupUtils.ts", "../../src/utils/Timer.ts", "../../src/utils/UrlUtils.ts", "../../src/errors/ErrorResponse.ts", "../../src/errors/ErrorTimeout.ts", "../../src/AccessTokenEvents.ts", "../../src/CheckSessionIFrame.ts", "../../src/InMemoryWebStorage.ts", "../../src/JsonService.ts", "../../src/MetadataService.ts", "../../src/WebStorageStateStore.ts", "../../src/OidcClientSettings.ts", "../../src/UserInfoService.ts", "../../src/TokenClient.ts", "../../src/ResponseValidator.ts", "../../src/State.ts", "../../src/SigninState.ts", "../../src/SigninRequest.ts", "../../src/SigninResponse.ts", "../../src/SignoutRequest.ts", "../../src/SignoutResponse.ts", "../../src/ClaimsService.ts", "../../src/OidcClient.ts", "../../src/SessionMonitor.ts", "../../src/User.ts", "../../src/navigators/AbstractChildWindow.ts", "../../src/UserManagerSettings.ts", "../../src/navigators/IFrameWindow.ts", "../../src/navigators/IFrameNavigator.ts", "../../src/navigators/PopupWindow.ts", "../../src/navigators/PopupNavigator.ts", "../../src/navigators/RedirectNavigator.ts", "../../src/UserManagerEvents.ts", "../../src/SilentRenewService.ts", "../../src/RefreshState.ts", "../../src/UserManager.ts", "../../package.json", "../../src/Version.ts"], "sourcesContent": ["// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nexport { ErrorResponse, ErrorTimeout } from \"./errors\";\nexport type { INavigator, IFrameWindowParams, IWindow, NavigateParams, NavigateResponse, PopupWindowParams, RedirectParams } from \"./navigators\";\nexport { Log, Logger } from \"./utils\";\nexport type { ILogger, PopupWindowFeatures } from \"./utils\";\nexport type { OidcAddressClaim, OidcStandardClaims, IdTokenClaims, JwtClaims } from \"./Claims\";\n\nexport { AccessTokenEvents } from \"./AccessTokenEvents\";\nexport type { AccessTokenCallback } from \"./AccessTokenEvents\";\nexport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nexport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\nexport type { AsyncStorage } from \"./AsyncStorage\";\nexport { MetadataService } from \"./MetadataService\";\nexport * from \"./OidcClient\";\nexport { OidcClientSettingsStore } from \"./OidcClientSettings\";\nexport type { OidcClientSettings, SigningKey, ExtraHeader } from \"./OidcClientSettings\";\nexport type { OidcMetadata } from \"./OidcMetadata\";\nexport { SessionMonitor } from \"./SessionMonitor\";\nexport type { SessionStatus } from \"./SessionStatus\";\nexport type { SigninRequest, SigninRequestCreateArgs } from \"./SigninRequest\";\nexport type { RefreshState } from \"./RefreshState\";\nexport { SigninResponse } from \"./SigninResponse\";\nexport { SigninState } from \"./SigninState\";\nexport type { SigninStateArgs, SigninStateCreateArgs } from \"./SigninState\";\nexport type { SignoutRequest, SignoutRequestArgs } from \"./SignoutRequest\";\nexport { SignoutResponse } from \"./SignoutResponse\";\nexport { State } from \"./State\";\nexport type { StateStore } from \"./StateStore\";\nexport { User } from \"./User\";\nexport type { UserProfile } from \"./User\";\nexport * from \"./UserManager\";\nexport type {\n UserManagerEvents,\n SilentRenewErrorCallback,\n UserLoadedCallback,\n UserSessionChangedCallback,\n UserSignedInCallback,\n UserSignedOutCallback,\n UserUnloadedCallback,\n} from \"./UserManagerEvents\";\nexport { UserManagerSettingsStore } from \"./UserManagerSettings\";\nexport type { UserManagerSettings } from \"./UserManagerSettings\";\nexport { Version } from \"./Version\";\nexport { WebStorageStateStore } from \"./WebStorageStateStore\";\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Native interface\n *\n * @public\n */\nexport interface ILogger {\n debug(...args: unknown[]): void;\n info(...args: unknown[]): void;\n warn(...args: unknown[]): void;\n error(...args: unknown[]): void;\n}\n\nconst nopLogger: ILogger = {\n debug: () => undefined,\n info: () => undefined,\n warn: () => undefined,\n error: () => undefined,\n};\n\nlet level: number;\nlet logger: ILogger;\n\n/**\n * Log levels\n *\n * @public\n */\nexport enum Log {\n NONE,\n ERROR,\n WARN,\n INFO,\n DEBUG\n}\n\n/**\n * Log manager\n *\n * @public\n */\nexport namespace Log { // eslint-disable-line @typescript-eslint/no-namespace\n export function reset(): void {\n level = Log.INFO;\n logger = nopLogger;\n }\n\n export function setLevel(value: Log): void {\n if (!(Log.NONE <= value && value <= Log.DEBUG)) {\n throw new Error(\"Invalid log level\");\n }\n level = value;\n }\n\n export function setLogger(value: ILogger): void {\n logger = value;\n }\n}\n\n/**\n * Internal logger instance\n *\n * @public\n */\nexport class Logger {\n private _method?: string;\n public constructor(private _name: string) {}\n\n /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */\n public debug(...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(this._name, this._method), ...args);\n }\n }\n public info(...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(this._name, this._method), ...args);\n }\n }\n public warn(...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(this._name, this._method), ...args);\n }\n }\n public error(...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(this._name, this._method), ...args);\n }\n }\n /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */\n\n public throw(err: Error): never {\n this.error(err);\n throw err;\n }\n\n public create(method: string): Logger {\n const methodLogger: Logger = Object.create(this);\n methodLogger._method = method;\n methodLogger.debug(\"begin\");\n return methodLogger;\n }\n\n public static createStatic(name: string, staticMethod: string): Logger {\n const staticLogger = new Logger(`${name}.${staticMethod}`);\n staticLogger.debug(\"begin\");\n return staticLogger;\n }\n\n private static _format(name: string, method?: string) {\n const prefix = `[${name}]`;\n return method ? `${prefix} ${method}:` : prefix;\n }\n\n /* eslint-disable @typescript-eslint/no-unsafe-enum-comparison */\n // helpers for static class methods\n public static debug(name: string, ...args: unknown[]): void {\n if (level >= Log.DEBUG) {\n logger.debug(Logger._format(name), ...args);\n }\n }\n public static info(name: string, ...args: unknown[]): void {\n if (level >= Log.INFO) {\n logger.info(Logger._format(name), ...args);\n }\n }\n public static warn(name: string, ...args: unknown[]): void {\n if (level >= Log.WARN) {\n logger.warn(Logger._format(name), ...args);\n }\n }\n public static error(name: string, ...args: unknown[]): void {\n if (level >= Log.ERROR) {\n logger.error(Logger._format(name), ...args);\n }\n }\n /* eslint-enable @typescript-eslint/no-unsafe-enum-comparison */\n}\n\nLog.reset();\n", "import { Logger } from \"./Logger\";\n\nconst UUID_V4_TEMPLATE = \"10000000-1000-4000-8000-100000000000\";\n\nconst toBase64 = (val: ArrayBuffer): string =>\n btoa([...new Uint8Array(val)]\n .map((chr) => String.fromCharCode(chr))\n .join(\"\"));\n\n/**\n * @internal\n */\nexport class CryptoUtils {\n private static _randomWord(): number {\n const arr = new Uint32Array(1);\n crypto.getRandomValues(arr);\n return arr[0];\n }\n\n /**\n * Generates RFC4122 version 4 guid\n */\n public static generateUUIDv4(): string {\n const uuid = UUID_V4_TEMPLATE.replace(/[018]/g, c =>\n (+c ^ CryptoUtils._randomWord() & 15 >> +c / 4).toString(16),\n );\n return uuid.replace(/-/g, \"\");\n }\n\n /**\n * PKCE: Generate a code verifier\n */\n public static generateCodeVerifier(): string {\n return CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4() + CryptoUtils.generateUUIDv4();\n }\n\n /**\n * PKCE: Generate a code challenge\n */\n public static async generateCodeChallenge(code_verifier: string): Promise {\n if (!crypto.subtle) {\n throw new Error(\"Crypto.subtle is available only in secure contexts (HTTPS).\");\n }\n\n try {\n const encoder = new TextEncoder();\n const data = encoder.encode(code_verifier);\n const hashed = await crypto.subtle.digest(\"SHA-256\", data);\n return toBase64(hashed).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n }\n catch (err) {\n Logger.error(\"CryptoUtils.generateCodeChallenge\", err);\n throw err;\n }\n }\n\n /**\n * Generates a base64-encoded string for a basic auth header\n */\n public static generateBasicAuth(client_id: string, client_secret: string): string {\n const encoder = new TextEncoder();\n const data = encoder.encode([client_id, client_secret].join(\":\"));\n return toBase64(data);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport type Callback = (...ev: EventType) => (Promise | void);\n\n/**\n * @internal\n */\nexport class Event {\n protected readonly _logger = new Logger(`Event('${this._name}')`);\n\n private _callbacks: Array> = [];\n\n public constructor(protected readonly _name: string) {}\n\n public addHandler(cb: Callback): () => void {\n this._callbacks.push(cb);\n return () => this.removeHandler(cb);\n }\n\n public removeHandler(cb: Callback): void {\n const idx = this._callbacks.lastIndexOf(cb);\n if (idx >= 0) {\n this._callbacks.splice(idx, 1);\n }\n }\n\n public async raise(...ev: EventType): Promise {\n this._logger.debug(\"raise:\", ...ev);\n for (const cb of this._callbacks) {\n await cb(...ev);\n }\n }\n}\n", "export class InvalidTokenError extends Error {\n}\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {\n let code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n }));\n}\nfunction base64UrlDecode(str) {\n let output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw new Error(\"base64 string is not of the correct length\");\n }\n try {\n return b64DecodeUnicode(output);\n }\n catch (err) {\n return atob(output);\n }\n}\nexport function jwtDecode(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified: must be a string\");\n }\n options || (options = {});\n const pos = options.header === true ? 0 : 1;\n const part = token.split(\".\")[pos];\n if (typeof part !== \"string\") {\n throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n }\n let decoded;\n try {\n decoded = base64UrlDecode(part);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);\n }\n try {\n return JSON.parse(decoded);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);\n }\n}\n", "import { jwtDecode } from \"jwt-decode\";\n\nimport { Logger } from \"./Logger\";\nimport type { JwtClaims } from \"../Claims\";\n\n/**\n * @internal\n */\nexport class JwtUtils {\n // IMPORTANT: doesn't validate the token\n public static decode(token: string): JwtClaims {\n try {\n return jwtDecode(token);\n }\n catch (err) {\n Logger.error(\"JwtUtils.decode\", err);\n throw err;\n }\n }\n}\n", "/**\n *\n * @public\n * @see https://developer.mozilla.org/en-US/docs/Web/API/Window/open#window_features\n */\nexport interface PopupWindowFeatures {\n left?: number;\n top?: number;\n width?: number;\n height?: number;\n menubar?: boolean | string;\n toolbar?: boolean | string;\n location?: boolean | string;\n status?: boolean | string;\n resizable?: boolean | string;\n scrollbars?: boolean | string;\n /** Close popup window after time in seconds, by default it is -1. To enable this feature set value greater than 0 */\n closePopupWindowAfterInSeconds?: number;\n\n [k: string]: boolean | string | number | undefined;\n}\n\nexport class PopupUtils {\n /**\n * Populates a map of window features with a placement centered in front of\n * the current window. If no explicit width is given, a default value is\n * binned into [800, 720, 600, 480, 360] based on the current window's width.\n */\n static center({ ...features }: PopupWindowFeatures): PopupWindowFeatures {\n if (features.width == null)\n features.width = [800, 720, 600, 480].find(width => width <= window.outerWidth / 1.618) ?? 360;\n features.left ??= Math.max(0, Math.round(window.screenX + (window.outerWidth - features.width) / 2));\n if (features.height != null)\n features.top ??= Math.max(0, Math.round(window.screenY + (window.outerHeight - features.height) / 2));\n return features;\n }\n\n static serialize(features: PopupWindowFeatures): string {\n return Object.entries(features)\n .filter(([, value]) => value != null)\n .map(([key, value]) => `${key}=${typeof value !== \"boolean\" ? value as string : value ? \"yes\" : \"no\"}`)\n .join(\",\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event } from \"./Event\";\nimport { Logger } from \"./Logger\";\n\n/**\n * @internal\n */\nexport class Timer extends Event<[void]> {\n protected readonly _logger = new Logger(`Timer('${this._name}')`);\n private _timerHandle: ReturnType | null = null;\n private _expiration = 0;\n\n // get the time\n public static getEpochTime(): number {\n return Math.floor(Date.now() / 1000);\n }\n\n public init(durationInSeconds: number): void {\n const logger = this._logger.create(\"init\");\n durationInSeconds = Math.max(Math.floor(durationInSeconds), 1);\n const expiration = Timer.getEpochTime() + durationInSeconds;\n if (this.expiration === expiration && this._timerHandle) {\n // no need to reinitialize to same expiration, so bail out\n logger.debug(\"skipping since already initialized for expiration at\", this.expiration);\n return;\n }\n\n this.cancel();\n\n logger.debug(\"using duration\", durationInSeconds);\n this._expiration = expiration;\n\n // we're using a fairly short timer and then checking the expiration in the\n // callback to handle scenarios where the browser device sleeps, and then\n // the timers end up getting delayed.\n const timerDurationInSeconds = Math.min(durationInSeconds, 5);\n this._timerHandle = setInterval(this._callback, timerDurationInSeconds * 1000);\n }\n\n public get expiration(): number {\n return this._expiration;\n }\n\n public cancel(): void {\n this._logger.create(\"cancel\");\n if (this._timerHandle) {\n clearInterval(this._timerHandle);\n this._timerHandle = null;\n }\n }\n\n protected _callback = (): void => {\n const diff = this._expiration - Timer.getEpochTime();\n this._logger.debug(\"timer completes in\", diff);\n\n if (this._expiration <= Timer.getEpochTime()) {\n this.cancel();\n void super.raise();\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @internal\n */\nexport class UrlUtils {\n public static readParams(url: string, responseMode: \"query\" | \"fragment\" = \"query\"): URLSearchParams {\n if (!url) throw new TypeError(\"Invalid URL\");\n // the base URL is irrelevant, it's just here to support relative url arguments\n const parsedUrl = new URL(url, \"http://127.0.0.1\");\n const params = parsedUrl[responseMode === \"fragment\" ? \"hash\" : \"search\"];\n return new URLSearchParams(params.slice(1));\n }\n}\n\n/**\n * @internal\n */\nexport const URL_STATE_DELIMITER = \";\";", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\n\n/**\n * Error class thrown in case of an authentication error.\n *\n * @public\n * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError\n */\nexport class ErrorResponse extends Error {\n /** Marker to detect class: \"ErrorResponse\" */\n public readonly name: string = \"ErrorResponse\";\n\n /** An error code string that can be used to classify the types of errors that occur and to respond to errors. */\n public readonly error: string | null;\n /** additional information that can help a developer identify the cause of the error.*/\n public readonly error_description: string | null;\n /**\n * URI identifying a human-readable web page with information about the error, used to provide the client\n developer with additional information about the error.\n */\n public readonly error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public state?: unknown;\n\n public readonly session_state: string | null;\n\n public url_state?: string;\n\n public constructor(\n args: {\n error?: string | null; error_description?: string | null; error_uri?: string | null;\n userState?: unknown; session_state?: string | null; url_state?: string;\n },\n /** The x-www-form-urlencoded request body sent to the authority server */\n public readonly form?: URLSearchParams,\n ) {\n super(args.error_description || args.error || \"\");\n\n if (!args.error) {\n Logger.error(\"ErrorResponse\", \"No error passed\");\n throw new Error(\"No error passed\");\n }\n\n this.error = args.error;\n this.error_description = args.error_description ?? null;\n this.error_uri = args.error_uri ?? null;\n\n this.state = args.userState;\n this.session_state = args.session_state ?? null;\n this.url_state = args.url_state;\n }\n}\n", "// Copyright (C) 2021 AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * Error class thrown in case of network timeouts (e.g IFrame time out).\n *\n * @public\n */\nexport class ErrorTimeout extends Error {\n /** Marker to detect class: \"ErrorTimeout\" */\n public readonly name: string = \"ErrorTimeout\";\n\n public constructor(message?: string) {\n super(message);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type AccessTokenCallback = (...ev: unknown[]) => (Promise | void);\n\n/**\n * @public\n */\nexport class AccessTokenEvents {\n protected readonly _logger = new Logger(\"AccessTokenEvents\");\n\n private readonly _expiringTimer = new Timer(\"Access token expiring\");\n private readonly _expiredTimer = new Timer(\"Access token expired\");\n private readonly _expiringNotificationTimeInSeconds: number;\n\n public constructor(args: { expiringNotificationTimeInSeconds: number }) {\n this._expiringNotificationTimeInSeconds = args.expiringNotificationTimeInSeconds;\n }\n\n public load(container: User): void {\n const logger = this._logger.create(\"load\");\n // only register events if there's an access token and it has an expiration\n if (container.access_token && container.expires_in !== undefined) {\n const duration = container.expires_in;\n logger.debug(\"access token present, remaining duration:\", duration);\n\n if (duration > 0) {\n // only register expiring if we still have time\n let expiring = duration - this._expiringNotificationTimeInSeconds;\n if (expiring <= 0) {\n expiring = 1;\n }\n\n logger.debug(\"registering expiring timer, raising in\", expiring, \"seconds\");\n this._expiringTimer.init(expiring);\n }\n else {\n logger.debug(\"canceling existing expiring timer because we're past expiration.\");\n this._expiringTimer.cancel();\n }\n\n // if it's negative, it will still fire\n const expired = duration + 1;\n logger.debug(\"registering expired timer, raising in\", expired, \"seconds\");\n this._expiredTimer.init(expired);\n }\n else {\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n }\n\n public unload(): void {\n this._logger.debug(\"unload: canceling existing access token timers\");\n this._expiringTimer.cancel();\n this._expiredTimer.cancel();\n }\n\n /**\n * Add callback: Raised prior to the access token expiring.\n */\n public addAccessTokenExpiring(cb: AccessTokenCallback): () => void {\n return this._expiringTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised prior to the access token expiring.\n */\n public removeAccessTokenExpiring(cb: AccessTokenCallback): void {\n this._expiringTimer.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised after the access token has expired.\n */\n public addAccessTokenExpired(cb: AccessTokenCallback): () => void {\n return this._expiredTimer.addHandler(cb);\n }\n /**\n * Remove callback: Raised after the access token has expired.\n */\n public removeAccessTokenExpired(cb: AccessTokenCallback): void {\n this._expiredTimer.removeHandler(cb);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport class CheckSessionIFrame {\n private readonly _logger = new Logger(\"CheckSessionIFrame\");\n private _frame_origin: string;\n private _frame: HTMLIFrameElement;\n private _timer: ReturnType | null = null;\n private _session_state: string | null = null;\n\n public constructor(\n private _callback: () => Promise,\n private _client_id: string,\n url: string,\n private _intervalInSeconds: number,\n private _stopOnError: boolean,\n ) {\n const parsedUrl = new URL(url);\n this._frame_origin = parsedUrl.origin;\n\n this._frame = window.document.createElement(\"iframe\");\n\n // shotgun approach\n this._frame.style.visibility = \"hidden\";\n this._frame.style.position = \"fixed\";\n this._frame.style.left = \"-1000px\";\n this._frame.style.top = \"0\";\n this._frame.width = \"0\";\n this._frame.height = \"0\";\n this._frame.src = parsedUrl.href;\n }\n\n public load(): Promise {\n return new Promise((resolve) => {\n this._frame.onload = () => {\n resolve();\n };\n\n window.document.body.appendChild(this._frame);\n window.addEventListener(\"message\", this._message, false);\n });\n }\n\n private _message = (e: MessageEvent): void => {\n if (e.origin === this._frame_origin &&\n e.source === this._frame.contentWindow\n ) {\n if (e.data === \"error\") {\n this._logger.error(\"error message from check session op iframe\");\n if (this._stopOnError) {\n this.stop();\n }\n }\n else if (e.data === \"changed\") {\n this._logger.debug(\"changed message from check session op iframe\");\n this.stop();\n void this._callback();\n }\n else {\n this._logger.debug(e.data + \" message from check session op iframe\");\n }\n }\n };\n\n public start(session_state: string): void {\n if (this._session_state === session_state) {\n return;\n }\n\n this._logger.create(\"start\");\n\n this.stop();\n\n this._session_state = session_state;\n\n const send = () => {\n if (!this._frame.contentWindow || !this._session_state) {\n return;\n }\n\n this._frame.contentWindow.postMessage(this._client_id + \" \" + this._session_state, this._frame_origin);\n };\n\n // trigger now\n send();\n\n // and setup timer\n this._timer = setInterval(send, this._intervalInSeconds * 1000);\n }\n\n public stop(): void {\n this._logger.create(\"stop\");\n this._session_state = null;\n\n if (this._timer) {\n\n clearInterval(this._timer);\n this._timer = null;\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\n\n/**\n * @public\n */\nexport class InMemoryWebStorage implements Storage {\n private readonly _logger = new Logger(\"InMemoryWebStorage\");\n private _data: Record = {};\n\n public clear(): void {\n this._logger.create(\"clear\");\n this._data = {};\n }\n\n public getItem(key: string): string {\n this._logger.create(`getItem('${key}')`);\n return this._data[key];\n }\n\n public setItem(key: string, value: string): void {\n this._logger.create(`setItem('${key}')`);\n this._data[key] = value;\n }\n\n public removeItem(key: string): void {\n this._logger.create(`removeItem('${key}')`);\n delete this._data[key];\n }\n\n public get length(): number {\n return Object.getOwnPropertyNames(this._data).length;\n }\n\n public key(index: number): string {\n return Object.getOwnPropertyNames(this._data)[index];\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { ErrorResponse, ErrorTimeout } from \"./errors\";\nimport type { ExtraHeader } from \"./OidcClientSettings\";\nimport { Logger } from \"./utils\";\n\n/**\n * @internal\n */\nexport type JwtHandler = (text: string) => Promise>;\n\n/**\n * @internal\n */\nexport interface GetJsonOpts {\n token?: string;\n credentials?: RequestCredentials;\n}\n\n/**\n * @internal\n */\nexport interface PostFormOpts {\n body: URLSearchParams;\n basicAuth?: string;\n timeoutInSeconds?: number;\n initCredentials?: \"same-origin\" | \"include\" | \"omit\";\n}\n\n/**\n * @internal\n */\nexport class JsonService {\n private readonly _logger = new Logger(\"JsonService\");\n\n private _contentTypes: string[] = [];\n\n public constructor(\n additionalContentTypes: string[] = [],\n private _jwtHandler: JwtHandler | null = null,\n private _extraHeaders: Record = {},\n ) {\n this._contentTypes.push(...additionalContentTypes, \"application/json\");\n if (_jwtHandler) {\n this._contentTypes.push(\"application/jwt\");\n }\n }\n\n protected async fetchWithTimeout(input: RequestInfo, init: RequestInit & { timeoutInSeconds?: number } = {}) {\n const { timeoutInSeconds, ...initFetch } = init;\n if (!timeoutInSeconds) {\n return await fetch(input, initFetch);\n }\n\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeoutInSeconds * 1000);\n\n try {\n const response = await fetch(input, {\n ...init,\n signal: controller.signal,\n });\n return response;\n }\n catch (err) {\n if (err instanceof DOMException && err.name === \"AbortError\") {\n throw new ErrorTimeout(\"Network timed out\");\n }\n throw err;\n }\n finally {\n clearTimeout(timeoutId);\n }\n }\n\n public async getJson(url: string, {\n token,\n credentials,\n }: GetJsonOpts = {}): Promise> {\n const logger = this._logger.create(\"getJson\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n };\n if (token) {\n logger.debug(\"token passed, setting Authorization header\");\n headers[\"Authorization\"] = \"Bearer \" + token;\n }\n\n this.appendExtraHeaders(headers);\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"GET\", headers, credentials });\n }\n catch (err) {\n logger.error(\"Network Error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n logger.throw(new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`));\n }\n if (response.ok && this._jwtHandler && contentType?.startsWith(\"application/jwt\")) {\n return await this._jwtHandler(await response.text());\n }\n let json: Record;\n try {\n json = await response.json();\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n return json;\n }\n\n public async postForm(url: string, {\n body,\n basicAuth,\n timeoutInSeconds,\n initCredentials,\n }: PostFormOpts): Promise> {\n const logger = this._logger.create(\"postForm\");\n const headers: HeadersInit = {\n \"Accept\": this._contentTypes.join(\", \"),\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n };\n if (basicAuth !== undefined) {\n headers[\"Authorization\"] = \"Basic \" + basicAuth;\n }\n\n this.appendExtraHeaders(headers);\n\n let response: Response;\n try {\n logger.debug(\"url:\", url);\n response = await this.fetchWithTimeout(url, { method: \"POST\", headers, body, timeoutInSeconds, credentials: initCredentials });\n }\n catch (err) {\n logger.error(\"Network error\");\n throw err;\n }\n\n logger.debug(\"HTTP response received, status\", response.status);\n const contentType = response.headers.get(\"Content-Type\");\n if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {\n throw new Error(`Invalid response Content-Type: ${(contentType ?? \"undefined\")}, from URL: ${url}`);\n }\n\n const responseText = await response.text();\n\n let json: Record = {};\n if (responseText) {\n try {\n json = JSON.parse(responseText);\n }\n catch (err) {\n logger.error(\"Error parsing JSON response\", err);\n if (response.ok) throw err;\n throw new Error(`${response.statusText} (${response.status})`);\n }\n }\n\n if (!response.ok) {\n logger.error(\"Error from server:\", json);\n if (json.error) {\n throw new ErrorResponse(json, body);\n }\n throw new Error(`${response.statusText} (${response.status}): ${JSON.stringify(json)}`);\n }\n\n return json;\n }\n\n private appendExtraHeaders(\n headers: Record,\n ): void {\n const logger = this._logger.create(\"appendExtraHeaders\");\n const customKeys = Object.keys(this._extraHeaders);\n const protectedHeaders = [\n \"authorization\",\n \"accept\",\n \"content-type\",\n ];\n if (customKeys.length === 0) {\n return;\n }\n customKeys.forEach((headerName) => {\n if (protectedHeaders.includes(headerName.toLocaleLowerCase())) {\n logger.warn(\"Protected header could not be overridden\", headerName, protectedHeaders);\n return;\n }\n const content = (typeof this._extraHeaders[headerName] === \"function\") ?\n (this._extraHeaders[headerName] as ()=>string)() :\n this._extraHeaders[headerName];\n if (content && content !== \"\") {\n headers[headerName] = content as string;\n }\n });\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { OidcClientSettingsStore, SigningKey } from \"./OidcClientSettings\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\n\n/**\n * @public\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata\n */\nexport class MetadataService {\n private readonly _logger = new Logger(\"MetadataService\");\n private readonly _jsonService;\n\n // cache\n private _metadataUrl: string;\n private _signingKeys: SigningKey[] | null = null;\n private _metadata: Partial | null = null;\n private _fetchRequestCredentials: RequestCredentials | undefined;\n\n public constructor(private readonly _settings: OidcClientSettingsStore) {\n this._metadataUrl = this._settings.metadataUrl;\n this._jsonService = new JsonService(\n [\"application/jwk-set+json\"],\n null,\n this._settings.extraHeaders,\n );\n if (this._settings.signingKeys) {\n this._logger.debug(\"using signingKeys from settings\");\n this._signingKeys = this._settings.signingKeys;\n }\n\n if (this._settings.metadata) {\n this._logger.debug(\"using metadata from settings\");\n this._metadata = this._settings.metadata;\n }\n\n if (this._settings.fetchRequestCredentials) {\n this._logger.debug(\"using fetchRequestCredentials from settings\");\n this._fetchRequestCredentials = this._settings.fetchRequestCredentials;\n }\n }\n\n public resetSigningKeys(): void {\n this._signingKeys = null;\n }\n\n public async getMetadata(): Promise> {\n const logger = this._logger.create(\"getMetadata\");\n if (this._metadata) {\n logger.debug(\"using cached values\");\n return this._metadata;\n }\n\n if (!this._metadataUrl) {\n logger.throw(new Error(\"No authority or metadataUrl configured on settings\"));\n throw null;\n }\n\n logger.debug(\"getting metadata from\", this._metadataUrl);\n const metadata = await this._jsonService.getJson(this._metadataUrl, { credentials: this._fetchRequestCredentials });\n\n logger.debug(\"merging remote JSON with seed metadata\");\n this._metadata = Object.assign({}, this._settings.metadataSeed, metadata);\n return this._metadata;\n }\n\n public getIssuer(): Promise {\n return this._getMetadataProperty(\"issuer\") as Promise;\n }\n\n public getAuthorizationEndpoint(): Promise {\n return this._getMetadataProperty(\"authorization_endpoint\") as Promise;\n }\n\n public getUserInfoEndpoint(): Promise {\n return this._getMetadataProperty(\"userinfo_endpoint\") as Promise;\n }\n\n public getTokenEndpoint(optional: false): Promise;\n public getTokenEndpoint(optional?: true): Promise;\n public getTokenEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"token_endpoint\", optional) as Promise;\n }\n\n public getCheckSessionIframe(): Promise {\n return this._getMetadataProperty(\"check_session_iframe\", true) as Promise;\n }\n\n public getEndSessionEndpoint(): Promise {\n return this._getMetadataProperty(\"end_session_endpoint\", true) as Promise;\n }\n\n public getRevocationEndpoint(optional: false): Promise;\n public getRevocationEndpoint(optional?: true): Promise;\n public getRevocationEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"revocation_endpoint\", optional) as Promise;\n }\n\n public getKeysEndpoint(optional: false): Promise;\n public getKeysEndpoint(optional?: true): Promise;\n public getKeysEndpoint(optional = true): Promise {\n return this._getMetadataProperty(\"jwks_uri\", optional) as Promise;\n }\n\n protected async _getMetadataProperty(name: keyof OidcMetadata, optional=false): Promise {\n const logger = this._logger.create(`_getMetadataProperty('${name}')`);\n\n const metadata = await this.getMetadata();\n logger.debug(\"resolved\");\n\n if (metadata[name] === undefined) {\n if (optional === true) {\n logger.warn(\"Metadata does not contain optional property\");\n return undefined;\n }\n\n logger.throw(new Error(\"Metadata does not contain property \" + name));\n }\n\n return metadata[name];\n }\n\n public async getSigningKeys(): Promise {\n const logger = this._logger.create(\"getSigningKeys\");\n if (this._signingKeys) {\n logger.debug(\"returning signingKeys from cache\");\n return this._signingKeys;\n }\n\n const jwks_uri = await this.getKeysEndpoint(false);\n logger.debug(\"got jwks_uri\", jwks_uri);\n\n const keySet = await this._jsonService.getJson(jwks_uri);\n logger.debug(\"got key set\", keySet);\n\n if (!Array.isArray(keySet.keys)) {\n logger.throw(new Error(\"Missing keys on keyset\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n this._signingKeys = keySet.keys;\n return this._signingKeys;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\nimport type { AsyncStorage } from \"./AsyncStorage\";\n\n/**\n * @public\n */\nexport class WebStorageStateStore implements StateStore {\n private readonly _logger = new Logger(\"WebStorageStateStore\");\n\n private readonly _store: AsyncStorage | Storage;\n private readonly _prefix: string;\n\n public constructor({\n prefix = \"oidc.\",\n store = localStorage,\n }: { prefix?: string; store?: AsyncStorage | Storage } = {}) {\n this._store = store;\n this._prefix = prefix;\n }\n\n public async set(key: string, value: string): Promise {\n this._logger.create(`set('${key}')`);\n\n key = this._prefix + key;\n await this._store.setItem(key, value);\n }\n\n public async get(key: string): Promise {\n this._logger.create(`get('${key}')`);\n\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n return item;\n }\n\n public async remove(key: string): Promise {\n this._logger.create(`remove('${key}')`);\n\n key = this._prefix + key;\n const item = await this._store.getItem(key);\n await this._store.removeItem(key);\n return item;\n }\n\n public async getAllKeys(): Promise {\n this._logger.create(\"getAllKeys\");\n const len = await this._store.length;\n\n const keys = [];\n for (let index = 0; index < len; index++) {\n const key = await this._store.key(index);\n if (key && key.indexOf(this._prefix) === 0) {\n keys.push(key.substr(this._prefix.length));\n }\n }\n return keys;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport type { OidcMetadata } from \"./OidcMetadata\";\nimport type { StateStore } from \"./StateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nconst DefaultResponseType = \"code\";\nconst DefaultScope = \"openid\";\nconst DefaultClientAuthentication = \"client_secret_post\";\nconst DefaultStaleStateAgeInSeconds = 60 * 15;\n\n/**\n * @public\n */\nexport type SigningKey = Record;\n\n/**\n * @public\n */\nexport type ExtraHeader = string | (() => string);\n\n/**\n * The settings used to configure the {@link OidcClient}.\n *\n * @public\n */\nexport interface OidcClientSettings {\n /** The URL of the OIDC/OAuth2 provider */\n authority: string;\n metadataUrl?: string;\n /** Provide metadata when authority server does not allow CORS on the metadata endpoint */\n metadata?: Partial;\n /** Can be used to seed or add additional values to the results of the discovery request */\n metadataSeed?: Partial;\n /** Provide signingKeys when authority server does not allow CORS on the jwks uri */\n signingKeys?: SigningKey[];\n\n /** Your client application's identifier as registered with the OIDC/OAuth2 */\n client_id: string;\n client_secret?: string;\n /** The type of response desired from the OIDC/OAuth2 provider (default: \"code\") */\n response_type?: string;\n /** The scope being requested from the OIDC/OAuth2 provider (default: \"openid\") */\n scope?: string;\n /** The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider */\n redirect_uri: string;\n /** The OIDC/OAuth2 post-logout redirect URI */\n post_logout_redirect_uri?: string;\n\n /**\n * Client authentication method that is used to authenticate when using the token endpoint (default: \"client_secret_post\")\n * - \"client_secret_basic\": using the HTTP Basic authentication scheme\n * - \"client_secret_post\": including the client credentials in the request body\n *\n * See https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication\n */\n client_authentication?: \"client_secret_basic\" | \"client_secret_post\";\n\n /** optional protocol param */\n prompt?: string;\n /** optional protocol param */\n display?: string;\n /** optional protocol param */\n max_age?: number;\n /** optional protocol param */\n ui_locales?: string;\n /** optional protocol param */\n acr_values?: string;\n /** optional protocol param */\n resource?: string | string[];\n\n /**\n * Optional protocol param\n * The response mode used by the authority server is defined by the response_type unless explicitly specified:\n * - Response mode for the OAuth 2.0 response type \"code\" is the \"query\" encoding\n * - Response mode for the OAuth 2.0 response type \"token\" is the \"fragment\" encoding\n *\n * @see https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes\n */\n response_mode?: \"query\" | \"fragment\";\n\n /**\n * Should optional OIDC protocol claims be removed from profile or specify the ones to be removed (default: true)\n * When true, the following claims are removed by default: [\"nbf\", \"jti\", \"auth_time\", \"nonce\", \"acr\", \"amr\", \"azp\", \"at_hash\"]\n * When specifying claims, the following claims are not allowed: [\"sub\", \"iss\", \"aud\", \"exp\", \"iat\"]\n */\n filterProtocolClaims?: boolean | string[];\n /** Flag to control if additional identity data is loaded from the user info endpoint in order to populate the user's profile (default: false) */\n loadUserInfo?: boolean;\n /** Number (in seconds) indicating the age of state entries in storage for authorize requests that are considered abandoned and thus can be cleaned up (default: 900) */\n staleStateAgeInSeconds?: number;\n\n /**\n * Indicates how objects returned from the user info endpoint as claims (e.g. `address`) are merged into the claims from the\n * id token as a single object. (default: `{ array: \"replace\" }`)\n * - array: \"replace\": natives (string, int, float) and arrays are replaced, objects are merged as distinct objects\n * - array: \"merge\": natives (string, int, float) are replaced, arrays and objects are merged as distinct objects\n */\n mergeClaimsStrategy?: { array: \"replace\" | \"merge\" };\n\n /**\n * Storage object used to persist interaction state (default: window.localStorage, InMemoryWebStorage iff no window).\n * E.g. `stateStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n stateStore?: StateStore;\n\n /**\n * An object containing additional query string parameters to be including in the authorization request.\n * E.g, when using Azure AD to obtain an access token an additional resource parameter is required. extraQueryParams: `{resource:\"some_identifier\"}`\n */\n extraQueryParams?: Record;\n\n extraTokenParams?: Record;\n\n /**\n * An object containing additional header to be including in request.\n */\n extraHeaders?: Record;\n\n /**\n * Will check the content type header of the response of the revocation endpoint to match these passed values (default: [])\n */\n revokeTokenAdditionalContentTypes?: string[];\n /**\n * Will disable PKCE validation, changing to true will not append to sign in request code_challenge and code_challenge_method. (default: false)\n */\n disablePKCE?: boolean;\n /**\n * Sets the credentials for fetch requests. (default: \"same-origin\")\n * Use this if you need to send cookies to the OIDC/OAuth2 provider or if you are using a proxy that requires cookies\n */\n fetchRequestCredentials?: RequestCredentials;\n\n /**\n * Only scopes in this list will be passed in the token refresh request.\n */\n refreshTokenAllowedScope?: string | undefined;\n}\n\n/**\n * The settings with defaults applied of the {@link OidcClient}.\n *\n * @public\n * @see {@link OidcClientSettings}\n */\nexport class OidcClientSettingsStore {\n // metadata\n public readonly authority: string;\n public readonly metadataUrl: string;\n public readonly metadata: Partial | undefined;\n public readonly metadataSeed: Partial | undefined;\n public readonly signingKeys: SigningKey[] | undefined;\n\n // client config\n public readonly client_id: string;\n public readonly client_secret: string | undefined;\n public readonly response_type: string;\n public readonly scope: string;\n public readonly redirect_uri: string;\n public readonly post_logout_redirect_uri: string | undefined;\n public readonly client_authentication: \"client_secret_basic\" | \"client_secret_post\";\n\n // optional protocol params\n public readonly prompt: string | undefined;\n public readonly display: string | undefined;\n public readonly max_age: number | undefined;\n public readonly ui_locales: string | undefined;\n public readonly acr_values: string | undefined;\n public readonly resource: string | string[] | undefined;\n public readonly response_mode: \"query\" | \"fragment\" | undefined;\n\n // behavior flags\n public readonly filterProtocolClaims: boolean | string[];\n public readonly loadUserInfo: boolean;\n public readonly staleStateAgeInSeconds: number;\n public readonly mergeClaimsStrategy: { array: \"replace\" | \"merge\" };\n\n public readonly stateStore: StateStore;\n\n // extra\n public readonly extraQueryParams: Record;\n public readonly extraTokenParams: Record;\n public readonly extraHeaders: Record;\n\n public readonly revokeTokenAdditionalContentTypes?: string[];\n public readonly fetchRequestCredentials: RequestCredentials;\n public readonly refreshTokenAllowedScope: string | undefined;\n public readonly disablePKCE: boolean;\n\n public constructor({\n // metadata related\n authority, metadataUrl, metadata, signingKeys, metadataSeed,\n // client related\n client_id, client_secret, response_type = DefaultResponseType, scope = DefaultScope,\n redirect_uri, post_logout_redirect_uri,\n client_authentication = DefaultClientAuthentication,\n // optional protocol\n prompt, display, max_age, ui_locales, acr_values, resource, response_mode,\n // behavior flags\n filterProtocolClaims = true,\n loadUserInfo = false,\n staleStateAgeInSeconds = DefaultStaleStateAgeInSeconds,\n mergeClaimsStrategy = { array: \"replace\" },\n disablePKCE = false,\n // other behavior\n stateStore,\n revokeTokenAdditionalContentTypes,\n fetchRequestCredentials,\n refreshTokenAllowedScope,\n // extra\n extraQueryParams = {},\n extraTokenParams = {},\n extraHeaders = {},\n }: OidcClientSettings) {\n\n this.authority = authority;\n\n if (metadataUrl) {\n this.metadataUrl = metadataUrl;\n } else {\n this.metadataUrl = authority;\n if (authority) {\n if (!this.metadataUrl.endsWith(\"/\")) {\n this.metadataUrl += \"/\";\n }\n this.metadataUrl += \".well-known/openid-configuration\";\n }\n }\n\n this.metadata = metadata;\n this.metadataSeed = metadataSeed;\n this.signingKeys = signingKeys;\n\n this.client_id = client_id;\n this.client_secret = client_secret;\n this.response_type = response_type;\n this.scope = scope;\n this.redirect_uri = redirect_uri;\n this.post_logout_redirect_uri = post_logout_redirect_uri;\n this.client_authentication = client_authentication;\n\n this.prompt = prompt;\n this.display = display;\n this.max_age = max_age;\n this.ui_locales = ui_locales;\n this.acr_values = acr_values;\n this.resource = resource;\n this.response_mode = response_mode;\n\n this.filterProtocolClaims = filterProtocolClaims ?? true;\n this.loadUserInfo = !!loadUserInfo;\n this.staleStateAgeInSeconds = staleStateAgeInSeconds;\n this.mergeClaimsStrategy = mergeClaimsStrategy;\n this.disablePKCE = !!disablePKCE;\n this.revokeTokenAdditionalContentTypes = revokeTokenAdditionalContentTypes;\n\n this.fetchRequestCredentials = fetchRequestCredentials ? fetchRequestCredentials : \"same-origin\";\n\n if (stateStore) {\n this.stateStore = stateStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.localStorage : new InMemoryWebStorage();\n this.stateStore = new WebStorageStateStore({ store });\n }\n\n this.refreshTokenAllowedScope = refreshTokenAllowedScope;\n\n this.extraQueryParams = extraQueryParams;\n this.extraTokenParams = extraTokenParams;\n this.extraHeaders = extraHeaders;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { JwtClaims } from \"./Claims\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\n\n/**\n * @internal\n */\nexport class UserInfoService {\n protected readonly _logger = new Logger(\"UserInfoService\");\n private readonly _jsonService: JsonService;\n\n public constructor(private readonly _settings: OidcClientSettingsStore,\n private readonly _metadataService: MetadataService,\n ) {\n this._jsonService = new JsonService(\n undefined,\n this._getClaimsFromJwt,\n this._settings.extraHeaders,\n );\n }\n\n public async getClaims(token: string): Promise {\n const logger = this._logger.create(\"getClaims\");\n if (!token) {\n this._logger.throw(new Error(\"No token passed\"));\n }\n\n const url = await this._metadataService.getUserInfoEndpoint();\n logger.debug(\"got userinfo url\", url);\n\n const claims = await this._jsonService.getJson(url, {\n token,\n credentials: this._settings.fetchRequestCredentials,\n });\n logger.debug(\"got claims\", claims);\n\n return claims;\n }\n\n protected _getClaimsFromJwt = async (responseText: string): Promise => {\n const logger = this._logger.create(\"_getClaimsFromJwt\");\n try {\n const payload = JwtUtils.decode(responseText);\n logger.debug(\"JWT decoding successful\");\n\n return payload;\n } catch (err) {\n logger.error(\"Error parsing JWT response\");\n throw err;\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { CryptoUtils, Logger } from \"./utils\";\nimport { JsonService } from \"./JsonService\";\nimport type { MetadataService } from \"./MetadataService\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\n\n/**\n * @internal\n */\nexport interface ExchangeCodeArgs {\n client_id?: string;\n client_secret?: string;\n redirect_uri?: string;\n\n grant_type?: string;\n code: string;\n code_verifier?: string;\n}\n\n/**\n * @internal\n */\nexport interface ExchangeCredentialsArgs {\n client_id?: string;\n client_secret?: string;\n\n grant_type?: string;\n scope?: string;\n\n username: string;\n password: string;\n}\n\n/**\n * @internal\n */\nexport interface ExchangeRefreshTokenArgs {\n client_id?: string;\n client_secret?: string;\n redirect_uri?: string;\n\n grant_type?: string;\n refresh_token: string;\n scope?: string;\n resource?: string | string[];\n\n timeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport interface RevokeArgs {\n token: string;\n token_type_hint?: \"access_token\" | \"refresh_token\";\n}\n\n/**\n * @internal\n */\nexport class TokenClient {\n private readonly _logger = new Logger(\"TokenClient\");\n private readonly _jsonService;\n\n public constructor(\n private readonly _settings: OidcClientSettingsStore,\n private readonly _metadataService: MetadataService,\n ) {\n this._jsonService = new JsonService(\n this._settings.revokeTokenAdditionalContentTypes,\n null,\n this._settings.extraHeaders,\n );\n }\n\n /**\n * Exchange code.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3\n */\n public async exchangeCode({\n grant_type = \"authorization_code\",\n redirect_uri = this._settings.redirect_uri,\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n ...args\n }: ExchangeCodeArgs): Promise> {\n const logger = this._logger.create(\"exchangeCode\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!redirect_uri) {\n logger.throw(new Error(\"A redirect_uri is required\"));\n }\n if (!args.code) {\n logger.throw(new Error(\"A code is required\"));\n }\n\n const params = new URLSearchParams({ grant_type, redirect_uri });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n /**\n * Exchange credentials.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2\n */\n public async exchangeCredentials({\n grant_type = \"password\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n scope = this._settings.scope,\n ...args\n }: ExchangeCredentialsArgs): Promise> {\n const logger = this._logger.create(\"exchangeCredentials\");\n\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n\n const params = new URLSearchParams({ grant_type, scope });\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n /**\n * Exchange a refresh token.\n *\n * @see https://www.rfc-editor.org/rfc/rfc6749#section-6\n */\n public async exchangeRefreshToken({\n grant_type = \"refresh_token\",\n client_id = this._settings.client_id,\n client_secret = this._settings.client_secret,\n timeoutInSeconds,\n ...args\n }: ExchangeRefreshTokenArgs): Promise> {\n const logger = this._logger.create(\"exchangeRefreshToken\");\n if (!client_id) {\n logger.throw(new Error(\"A client_id is required\"));\n }\n if (!args.refresh_token) {\n logger.throw(new Error(\"A refresh_token is required\"));\n }\n\n const params = new URLSearchParams({ grant_type });\n for (const [key, value] of Object.entries(args)) {\n if (Array.isArray(value)) {\n value.forEach(param => params.append(key, param));\n }\n else if (value != null) {\n params.set(key, value);\n }\n }\n let basicAuth: string | undefined;\n switch (this._settings.client_authentication) {\n case \"client_secret_basic\":\n if (!client_secret) {\n logger.throw(new Error(\"A client_secret is required\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n basicAuth = CryptoUtils.generateBasicAuth(client_id, client_secret);\n break;\n case \"client_secret_post\":\n params.append(\"client_id\", client_id);\n if (client_secret) {\n params.append(\"client_secret\", client_secret);\n }\n break;\n }\n\n const url = await this._metadataService.getTokenEndpoint(false);\n logger.debug(\"got token endpoint\");\n\n const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials });\n logger.debug(\"got response\");\n\n return response;\n }\n\n /**\n * Revoke an access or refresh token.\n *\n * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n */\n public async revoke(args: RevokeArgs): Promise {\n const logger = this._logger.create(\"revoke\");\n if (!args.token) {\n logger.throw(new Error(\"A token is required\"));\n }\n\n const url = await this._metadataService.getRevocationEndpoint(false);\n\n logger.debug(`got revocation endpoint, revoking ${args.token_type_hint ?? \"default token type\"}`);\n\n const params = new URLSearchParams();\n for (const [key, value] of Object.entries(args)) {\n if (value != null) {\n params.set(key, value);\n }\n }\n params.set(\"client_id\", this._settings.client_id);\n if (this._settings.client_secret) {\n params.set(\"client_secret\", this._settings.client_secret);\n }\n\n await this._jsonService.postForm(url, { body: params });\n logger.debug(\"got response\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, JwtUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { UserInfoService } from \"./UserInfoService\";\nimport { TokenClient } from \"./TokenClient\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { SigninState } from \"./SigninState\";\nimport type { SigninResponse } from \"./SigninResponse\";\nimport type { State } from \"./State\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { UserProfile } from \"./User\";\nimport type { RefreshState } from \"./RefreshState\";\nimport type { IdTokenClaims } from \"./Claims\";\nimport type { ClaimsService } from \"./ClaimsService\";\n\n/**\n * @internal\n */\nexport class ResponseValidator {\n protected readonly _logger = new Logger(\"ResponseValidator\");\n protected readonly _userInfoService = new UserInfoService(this._settings, this._metadataService);\n protected readonly _tokenClient = new TokenClient(this._settings, this._metadataService);\n\n public constructor(\n protected readonly _settings: OidcClientSettingsStore,\n protected readonly _metadataService: MetadataService,\n protected readonly _claimsService: ClaimsService,\n ) {}\n\n public async validateSigninResponse(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"validateSigninResponse\");\n\n this._processSigninState(response, state);\n logger.debug(\"state processed\");\n\n await this._processCode(response, state);\n logger.debug(\"code processed\");\n\n if (response.isOpenId) {\n this._validateIdTokenAttributes(response);\n }\n logger.debug(\"tokens validated\");\n\n await this._processClaims(response, state?.skipUserInfo, response.isOpenId);\n logger.debug(\"claims processed\");\n }\n\n public async validateCredentialsResponse(response: SigninResponse, skipUserInfo: boolean): Promise {\n const logger = this._logger.create(\"validateCredentialsResponse\");\n\n if (response.isOpenId && !!response.id_token) {\n this._validateIdTokenAttributes(response);\n }\n logger.debug(\"tokens validated\");\n\n await this._processClaims(response, skipUserInfo, response.isOpenId);\n logger.debug(\"claims processed\");\n }\n\n public async validateRefreshResponse(response: SigninResponse, state: RefreshState): Promise {\n const logger = this._logger.create(\"validateRefreshResponse\");\n\n response.userState = state.data;\n // if there's no session_state on the response, copy over session_state from original request\n response.session_state ??= state.session_state;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n // OpenID Connect Core 1.0 says that id_token is optional in refresh response:\n // https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse\n if (response.isOpenId && !!response.id_token) {\n this._validateIdTokenAttributes(response, state.id_token);\n logger.debug(\"ID Token validated\");\n }\n\n if (!response.id_token) {\n // if there's no id_token on the response, copy over id_token from original request\n response.id_token = state.id_token;\n // and decoded part too\n response.profile = state.profile;\n }\n\n const hasIdToken = response.isOpenId && !!response.id_token;\n await this._processClaims(response, false, hasIdToken);\n logger.debug(\"claims processed\");\n }\n\n public validateSignoutResponse(response: SignoutResponse, state: State): void {\n const logger = this._logger.create(\"validateSignoutResponse\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n }\n\n protected _processSigninState(response: SigninResponse, state: SigninState): void {\n const logger = this._logger.create(\"_processSigninState\");\n if (state.id !== response.state) {\n logger.throw(new Error(\"State does not match\"));\n }\n\n if (!state.client_id) {\n logger.throw(new Error(\"No client_id on state\"));\n }\n\n if (!state.authority) {\n logger.throw(new Error(\"No authority on state\"));\n }\n\n // ensure we're using the correct authority\n if (this._settings.authority !== state.authority) {\n logger.throw(new Error(\"authority mismatch on settings vs. signin state\"));\n }\n if (this._settings.client_id && this._settings.client_id !== state.client_id) {\n logger.throw(new Error(\"client_id mismatch on settings vs. signin state\"));\n }\n\n // now that we know the state matches, take the stored data\n // and set it into the response so callers can get their state\n // this is important for both success & error outcomes\n logger.debug(\"state validated\");\n response.userState = state.data;\n response.url_state = state.url_state;\n // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request\n response.scope ??= state.scope;\n\n if (response.error) {\n logger.warn(\"Response was error\", response.error);\n throw new ErrorResponse(response);\n }\n\n if (state.code_verifier && !response.code) {\n logger.throw(new Error(\"Expected code in response\"));\n }\n\n }\n\n protected async _processClaims(response: SigninResponse, skipUserInfo = false, validateSub = true): Promise {\n const logger = this._logger.create(\"_processClaims\");\n response.profile = this._claimsService.filterProtocolClaims(response.profile);\n\n if (skipUserInfo || !this._settings.loadUserInfo || !response.access_token) {\n logger.debug(\"not loading user info\");\n return;\n }\n\n logger.debug(\"loading user info\");\n const claims = await this._userInfoService.getClaims(response.access_token);\n logger.debug(\"user info claims received from user info endpoint\");\n\n if (validateSub && claims.sub !== response.profile.sub) {\n logger.throw(new Error(\"subject from UserInfo response does not match subject in ID Token\"));\n }\n\n response.profile = this._claimsService.mergeClaims(response.profile, this._claimsService.filterProtocolClaims(claims as IdTokenClaims));\n logger.debug(\"user info claims received, updated profile:\", response.profile);\n }\n\n protected async _processCode(response: SigninResponse, state: SigninState): Promise {\n const logger = this._logger.create(\"_processCode\");\n if (response.code) {\n logger.debug(\"Validating code\");\n const tokenResponse = await this._tokenClient.exchangeCode({\n client_id: state.client_id,\n client_secret: state.client_secret,\n code: response.code,\n redirect_uri: state.redirect_uri,\n code_verifier: state.code_verifier,\n ...state.extraTokenParams,\n });\n Object.assign(response, tokenResponse);\n } else {\n logger.debug(\"No code to process\");\n }\n }\n\n protected _validateIdTokenAttributes(response: SigninResponse, existingToken?: string): void {\n const logger = this._logger.create(\"_validateIdTokenAttributes\");\n\n logger.debug(\"decoding ID Token JWT\");\n const incoming = JwtUtils.decode(response.id_token ?? \"\");\n\n if (!incoming.sub) {\n logger.throw(new Error(\"ID Token is missing a subject claim\"));\n }\n\n if (existingToken) {\n const existing = JwtUtils.decode(existingToken);\n if (incoming.sub !== existing.sub) {\n logger.throw(new Error(\"sub in id_token does not match current sub\"));\n }\n if (incoming.auth_time && incoming.auth_time !== existing.auth_time) {\n logger.throw(new Error(\"auth_time in id_token does not match original auth_time\"));\n }\n if (incoming.azp && incoming.azp !== existing.azp) {\n logger.throw(new Error(\"azp in id_token does not match original azp\"));\n }\n if (!incoming.azp && existing.azp) {\n logger.throw(new Error(\"azp not in id_token, but present in original id_token\"));\n }\n }\n\n response.profile = incoming as UserProfile;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils, Timer } from \"./utils\";\nimport type { StateStore } from \"./StateStore\";\n\n/**\n * @public\n */\nexport class State {\n public readonly id: string;\n public readonly created: number;\n public readonly request_type: string | undefined;\n public readonly url_state: string | undefined;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data?: unknown;\n\n public constructor(args: {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n url_state?: string;\n }) {\n this.id = args.id || CryptoUtils.generateUUIDv4();\n this.data = args.data;\n\n if (args.created && args.created > 0) {\n this.created = args.created;\n }\n else {\n this.created = Timer.getEpochTime();\n }\n this.request_type = args.request_type;\n this.url_state = args.url_state;\n }\n\n public toStorageString(): string {\n new Logger(\"State\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n url_state: this.url_state,\n });\n }\n\n public static fromStorageString(storageString: string): Promise {\n Logger.createStatic(\"State\", \"fromStorageString\");\n return Promise.resolve(new State(JSON.parse(storageString)));\n }\n\n public static async clearStaleState(storage: StateStore, age: number): Promise {\n const logger = Logger.createStatic(\"State\", \"clearStaleState\");\n const cutoff = Timer.getEpochTime() - age;\n\n const keys = await storage.getAllKeys();\n logger.debug(\"got keys\", keys);\n\n for (let i = 0; i < keys.length; i++) {\n const key = keys[i];\n const item = await storage.get(key);\n let remove = false;\n\n if (item) {\n try {\n const state = await State.fromStorageString(item);\n\n logger.debug(\"got item from key:\", key, state.created);\n if (state.created <= cutoff) {\n remove = true;\n }\n }\n catch (err) {\n logger.error(\"Error parsing state for key:\", key, err);\n remove = true;\n }\n }\n else {\n logger.debug(\"no item in storage for key:\", key);\n remove = true;\n }\n\n if (remove) {\n logger.debug(\"removed item for key:\", key);\n void storage.remove(key);\n }\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, CryptoUtils } from \"./utils\";\nimport { State } from \"./State\";\n\n/** @public */\nexport interface SigninStateArgs {\n id?: string;\n data?: unknown;\n created?: number;\n request_type?: string;\n\n code_verifier?: string;\n code_challenge?: string;\n authority: string;\n client_id: string;\n redirect_uri: string;\n scope: string;\n client_secret?: string;\n extraTokenParams?: Record;\n response_mode?: \"query\" | \"fragment\";\n skipUserInfo?: boolean;\n url_state?: string;\n}\n\n/** @public */\nexport type SigninStateCreateArgs = Omit & {\n code_verifier?: string | boolean;\n};\n\n/**\n * @public\n */\nexport class SigninState extends State {\n // isCode\n /** The same code_verifier that was used to obtain the authorization_code via PKCE. */\n public readonly code_verifier: string | undefined;\n /** Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). */\n public readonly code_challenge: string | undefined;\n\n // to ensure state still matches settings\n /** @see {@link OidcClientSettings.authority} */\n public readonly authority: string;\n /** @see {@link OidcClientSettings.client_id} */\n public readonly client_id: string;\n /** @see {@link OidcClientSettings.redirect_uri} */\n public readonly redirect_uri: string;\n /** @see {@link OidcClientSettings.scope} */\n public readonly scope: string;\n /** @see {@link OidcClientSettings.client_secret} */\n public readonly client_secret: string | undefined;\n /** @see {@link OidcClientSettings.extraTokenParams} */\n public readonly extraTokenParams: Record | undefined;\n /** @see {@link OidcClientSettings.response_mode} */\n public readonly response_mode: \"query\" | \"fragment\" | undefined;\n\n public readonly skipUserInfo: boolean | undefined;\n\n private constructor(args: SigninStateArgs) {\n super(args);\n\n this.code_verifier = args.code_verifier;\n this.code_challenge = args.code_challenge;\n this.authority = args.authority;\n this.client_id = args.client_id;\n this.redirect_uri = args.redirect_uri;\n this.scope = args.scope;\n this.client_secret = args.client_secret;\n this.extraTokenParams = args.extraTokenParams;\n\n this.response_mode = args.response_mode;\n this.skipUserInfo = args.skipUserInfo;\n }\n\n public static async create(args: SigninStateCreateArgs): Promise {\n const code_verifier = args.code_verifier === true ? CryptoUtils.generateCodeVerifier() : (args.code_verifier || undefined);\n const code_challenge = code_verifier ? (await CryptoUtils.generateCodeChallenge(code_verifier)) : undefined;\n\n return new SigninState({\n ...args,\n code_verifier,\n code_challenge,\n });\n }\n\n public toStorageString(): string {\n new Logger(\"SigninState\").create(\"toStorageString\");\n return JSON.stringify({\n id: this.id,\n data: this.data,\n created: this.created,\n request_type: this.request_type,\n url_state: this.url_state,\n\n code_verifier: this.code_verifier,\n authority: this.authority,\n client_id: this.client_id,\n redirect_uri: this.redirect_uri,\n scope: this.scope,\n client_secret: this.client_secret,\n extraTokenParams : this.extraTokenParams,\n response_mode: this.response_mode,\n skipUserInfo: this.skipUserInfo,\n });\n }\n\n public static fromStorageString(storageString: string): Promise {\n Logger.createStatic(\"SigninState\", \"fromStorageString\");\n const data = JSON.parse(storageString);\n return SigninState.create(data);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, URL_STATE_DELIMITER } from \"./utils\";\nimport { SigninState } from \"./SigninState\";\n\n/**\n * @public\n * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest\n */\nexport interface SigninRequestCreateArgs {\n // mandatory\n url: string;\n authority: string;\n client_id: string;\n redirect_uri: string;\n response_type: string;\n scope: string;\n\n // optional\n response_mode?: \"query\" | \"fragment\";\n nonce?: string;\n display?: string;\n prompt?: string;\n max_age?: number;\n ui_locales?: string;\n id_token_hint?: string;\n login_hint?: string;\n acr_values?: string;\n\n // other\n resource?: string | string[];\n request?: string;\n request_uri?: string;\n request_type?: string;\n extraQueryParams?: Record;\n\n // special\n extraTokenParams?: Record;\n client_secret?: string;\n skipUserInfo?: boolean;\n disablePKCE?: boolean;\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state_data?: unknown;\n url_state?: string;\n}\n\n/**\n * @public\n */\nexport class SigninRequest {\n private static readonly _logger = new Logger(\"SigninRequest\");\n\n public readonly url: string;\n public readonly state: SigninState;\n\n private constructor(args: {\n url: string;\n state: SigninState;\n }) {\n this.url = args.url;\n this.state = args.state;\n }\n\n public static async create({\n // mandatory\n url, authority, client_id, redirect_uri, response_type, scope,\n // optional\n state_data, response_mode, request_type, client_secret, nonce, url_state,\n resource,\n skipUserInfo,\n extraQueryParams,\n extraTokenParams,\n disablePKCE,\n ...optionalParams\n }: SigninRequestCreateArgs): Promise {\n if (!url) {\n this._logger.error(\"create: No url passed\");\n throw new Error(\"url\");\n }\n if (!client_id) {\n this._logger.error(\"create: No client_id passed\");\n throw new Error(\"client_id\");\n }\n if (!redirect_uri) {\n this._logger.error(\"create: No redirect_uri passed\");\n throw new Error(\"redirect_uri\");\n }\n if (!response_type) {\n this._logger.error(\"create: No response_type passed\");\n throw new Error(\"response_type\");\n }\n if (!scope) {\n this._logger.error(\"create: No scope passed\");\n throw new Error(\"scope\");\n }\n if (!authority) {\n this._logger.error(\"create: No authority passed\");\n throw new Error(\"authority\");\n }\n\n const state = await SigninState.create({\n data: state_data,\n request_type,\n url_state,\n code_verifier: !disablePKCE,\n client_id, authority, redirect_uri,\n response_mode,\n client_secret, scope, extraTokenParams,\n skipUserInfo,\n });\n\n const parsedUrl = new URL(url);\n parsedUrl.searchParams.append(\"client_id\", client_id);\n parsedUrl.searchParams.append(\"redirect_uri\", redirect_uri);\n parsedUrl.searchParams.append(\"response_type\", response_type);\n parsedUrl.searchParams.append(\"scope\", scope);\n if (nonce) {\n parsedUrl.searchParams.append(\"nonce\", nonce);\n }\n\n let stateParam = state.id;\n if (url_state) {\n stateParam = `${stateParam}${URL_STATE_DELIMITER}${url_state}`;\n }\n parsedUrl.searchParams.append(\"state\", stateParam);\n if (state.code_challenge) {\n parsedUrl.searchParams.append(\"code_challenge\", state.code_challenge);\n parsedUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n }\n\n if (resource) {\n // https://datatracker.ietf.org/doc/html/rfc8707\n const resources = Array.isArray(resource) ? resource : [resource];\n resources\n .forEach(r => parsedUrl.searchParams.append(\"resource\", r));\n }\n\n for (const [key, value] of Object.entries({ response_mode, ...optionalParams, ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n return new SigninRequest({\n url: parsedUrl.href,\n state,\n });\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Timer, URL_STATE_DELIMITER } from \"./utils\";\nimport type { UserProfile } from \"./User\";\n\nconst OidcScope = \"openid\";\n\n/**\n * @public\n * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse\n * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError\n */\nexport class SigninResponse {\n // props present in the initial callback response regardless of success\n public readonly state: string | null;\n /** @see {@link User.session_state} */\n public session_state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public readonly error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public readonly error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public readonly error_uri: string | null;\n\n // success props\n public readonly code: string | null;\n\n // props set after validation\n /** @see {@link User.id_token} */\n public id_token?: string;\n /** @see {@link User.access_token} */\n public access_token = \"\";\n /** @see {@link User.token_type} */\n public token_type = \"\";\n /** @see {@link User.refresh_token} */\n public refresh_token?: string;\n /** @see {@link User.scope} */\n public scope?: string;\n /** @see {@link User.expires_at} */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n public url_state?: string;\n\n /** @see {@link User.profile} */\n public profile: UserProfile = {} as UserProfile;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n this.session_state = params.get(\"session_state\");\n if (this.state) {\n const splitState = decodeURIComponent(this.state).split(URL_STATE_DELIMITER);\n this.state = splitState[0];\n if (splitState.length > 1) {\n this.url_state = splitState.slice(1).join(URL_STATE_DELIMITER);\n }\n }\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n\n this.code = params.get(\"code\");\n }\n\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n public set expires_in(value: number | undefined) {\n // spec expects a number, but normalize here just in case\n if (typeof value === \"string\") value = Number(value);\n if (value !== undefined && value >= 0) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n public get isOpenId(): boolean {\n return this.scope?.split(\" \").includes(OidcScope) || !!this.id_token;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { State } from \"./State\";\n\n/**\n * @public\n * @see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout\n */\nexport interface SignoutRequestArgs {\n // mandatory\n url: string;\n\n // optional\n id_token_hint?: string;\n client_id?: string;\n post_logout_redirect_uri?: string;\n extraQueryParams?: Record;\n\n // special\n request_type?: string;\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state_data?: unknown;\n}\n\n/**\n * @public\n */\nexport class SignoutRequest {\n private readonly _logger = new Logger(\"SignoutRequest\");\n\n public readonly url: string;\n public readonly state?: State;\n\n public constructor({\n url,\n state_data, id_token_hint, post_logout_redirect_uri, extraQueryParams, request_type, client_id,\n }: SignoutRequestArgs) {\n if (!url) {\n this._logger.error(\"ctor: No url passed\");\n throw new Error(\"url\");\n }\n\n const parsedUrl = new URL(url);\n if (id_token_hint) {\n parsedUrl.searchParams.append(\"id_token_hint\", id_token_hint);\n }\n if (client_id) {\n parsedUrl.searchParams.append(\"client_id\", client_id);\n }\n\n if (post_logout_redirect_uri) {\n parsedUrl.searchParams.append(\"post_logout_redirect_uri\", post_logout_redirect_uri);\n\n if (state_data) {\n this.state = new State({ data: state_data, request_type });\n\n parsedUrl.searchParams.append(\"state\", this.state.id);\n }\n }\n\n for (const [key, value] of Object.entries({ ...extraQueryParams })) {\n if (value != null) {\n parsedUrl.searchParams.append(key, value.toString());\n }\n }\n\n this.url = parsedUrl.href;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\n/**\n * @public\n * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError\n */\nexport class SignoutResponse {\n public readonly state: string | null;\n\n // error props\n /** @see {@link ErrorResponse.error} */\n public error: string | null;\n /** @see {@link ErrorResponse.error_description} */\n public error_description: string | null;\n /** @see {@link ErrorResponse.error_uri} */\n public error_uri: string | null;\n\n /** custom state data set during the initial signin request */\n public userState: unknown;\n\n public constructor(params: URLSearchParams) {\n this.state = params.get(\"state\");\n\n this.error = params.get(\"error\");\n this.error_description = params.get(\"error_description\");\n this.error_uri = params.get(\"error_uri\");\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport type { JwtClaims } from \"./Claims\";\nimport type { OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { UserProfile } from \"./User\";\nimport { Logger } from \"./utils\";\n\n/**\n * Protocol claims that could be removed by default from profile.\n * Derived from the following sets of claims:\n * - {@link https://datatracker.ietf.org/doc/html/rfc7519.html#section-4.1}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#IDToken}\n * - {@link https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken}\n *\n * @internal\n */\nconst DefaultProtocolClaims = [\n \"nbf\",\n \"jti\",\n \"auth_time\",\n \"nonce\",\n \"acr\",\n \"amr\",\n \"azp\",\n \"at_hash\", // https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken\n] as const;\n\n/**\n * Protocol claims that should never be removed from profile.\n * \"sub\" is needed internally and others should remain required as per the OIDC specs.\n *\n * @internal\n */\nconst InternalRequiredProtocolClaims = [\"sub\", \"iss\", \"aud\", \"exp\", \"iat\"];\n\n/**\n * @internal\n */\nexport class ClaimsService {\n protected readonly _logger = new Logger(\"ClaimsService\");\n public constructor(\n protected readonly _settings: OidcClientSettingsStore,\n ) {}\n\n public filterProtocolClaims(claims: UserProfile): UserProfile {\n const result = { ...claims };\n\n if (this._settings.filterProtocolClaims) {\n let protocolClaims;\n if (Array.isArray(this._settings.filterProtocolClaims)) {\n protocolClaims = this._settings.filterProtocolClaims;\n } else {\n protocolClaims = DefaultProtocolClaims;\n }\n\n for (const claim of protocolClaims) {\n if (!InternalRequiredProtocolClaims.includes(claim)) {\n delete result[claim];\n }\n }\n }\n\n return result;\n }\n\n public mergeClaims(claims1: JwtClaims, claims2: JwtClaims): UserProfile;\n public mergeClaims(claims1: UserProfile, claims2: JwtClaims): UserProfile {\n const result = { ...claims1 };\n for (const [claim, values] of Object.entries(claims2)) {\n if (result[claim] !== values) {\n if (Array.isArray(result[claim]) || Array.isArray(values)) {\n if (this._settings.mergeClaimsStrategy.array == \"replace\") {\n result[claim] = values;\n } else {\n const mergedValues = Array.isArray(result[claim]) ? result[claim] as unknown[] : [result[claim]];\n for (const value of Array.isArray(values) ? values : [values]) {\n if (!mergedValues.includes(value)) {\n mergedValues.push(value);\n }\n }\n result[claim] = mergedValues;\n }\n } else if (typeof result[claim] === \"object\" && typeof values === \"object\") {\n result[claim] = this.mergeClaims(result[claim] as JwtClaims, values as JwtClaims);\n } else {\n result[claim] = values;\n }\n }\n }\n\n return result;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, UrlUtils } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { type OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport { ResponseValidator } from \"./ResponseValidator\";\nimport { MetadataService } from \"./MetadataService\";\nimport type { RefreshState } from \"./RefreshState\";\nimport { SigninRequest, type SigninRequestCreateArgs } from \"./SigninRequest\";\nimport { SigninResponse } from \"./SigninResponse\";\nimport { SignoutRequest, type SignoutRequestArgs } from \"./SignoutRequest\";\nimport { SignoutResponse } from \"./SignoutResponse\";\nimport { SigninState } from \"./SigninState\";\nimport { State } from \"./State\";\nimport { TokenClient } from \"./TokenClient\";\nimport { ClaimsService } from \"./ClaimsService\";\n\n/**\n * @public\n */\nexport interface CreateSigninRequestArgs\n extends Omit {\n redirect_uri?: string;\n response_type?: string;\n scope?: string;\n\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state?: unknown;\n}\n\n/**\n * @public\n */\nexport interface UseRefreshTokenArgs {\n redirect_uri?: string;\n resource?: string | string[];\n extraTokenParams?: Record;\n timeoutInSeconds?: number;\n\n state: RefreshState;\n}\n\n/**\n * @public\n */\nexport type CreateSignoutRequestArgs = Omit & {\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n state?: unknown;\n};\n\n/**\n * @public\n */\nexport type ProcessResourceOwnerPasswordCredentialsArgs = {\n username: string;\n password: string;\n skipUserInfo?: boolean;\n extraTokenParams?: Record;\n};\n\n/**\n * Provides the raw OIDC/OAuth2 protocol support for the authorization endpoint and the end session endpoint in the\n * authorization server. It provides a bare-bones protocol implementation and is used by the UserManager class.\n * Only use this class if you simply want protocol support without the additional management features of the\n * UserManager class.\n *\n * @public\n */\nexport class OidcClient {\n public readonly settings: OidcClientSettingsStore;\n protected readonly _logger = new Logger(\"OidcClient\");\n\n public readonly metadataService: MetadataService;\n protected readonly _claimsService: ClaimsService;\n protected readonly _validator: ResponseValidator;\n protected readonly _tokenClient: TokenClient;\n\n public constructor(settings: OidcClientSettings);\n public constructor(settings: OidcClientSettingsStore, metadataService: MetadataService);\n public constructor(settings: OidcClientSettings | OidcClientSettingsStore, metadataService?: MetadataService) {\n this.settings = settings instanceof OidcClientSettingsStore ? settings : new OidcClientSettingsStore(settings);\n\n this.metadataService = metadataService ?? new MetadataService(this.settings);\n this._claimsService = new ClaimsService(this.settings);\n this._validator = new ResponseValidator(this.settings, this.metadataService, this._claimsService);\n this._tokenClient = new TokenClient(this.settings, this.metadataService);\n }\n\n public async createSigninRequest({\n state,\n request,\n request_uri,\n request_type,\n id_token_hint,\n login_hint,\n skipUserInfo,\n nonce,\n url_state,\n response_type = this.settings.response_type,\n scope = this.settings.scope,\n redirect_uri = this.settings.redirect_uri,\n prompt = this.settings.prompt,\n display = this.settings.display,\n max_age = this.settings.max_age,\n ui_locales = this.settings.ui_locales,\n acr_values = this.settings.acr_values,\n resource = this.settings.resource,\n response_mode = this.settings.response_mode,\n extraQueryParams = this.settings.extraQueryParams,\n extraTokenParams = this.settings.extraTokenParams,\n }: CreateSigninRequestArgs): Promise {\n const logger = this._logger.create(\"createSigninRequest\");\n\n if (response_type !== \"code\") {\n throw new Error(\"Only the Authorization Code flow (with PKCE) is supported\");\n }\n\n const url = await this.metadataService.getAuthorizationEndpoint();\n logger.debug(\"Received authorization endpoint\", url);\n\n const signinRequest = await SigninRequest.create({\n url,\n authority: this.settings.authority,\n client_id: this.settings.client_id,\n redirect_uri,\n response_type,\n scope,\n state_data: state,\n url_state,\n prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,\n resource, request, request_uri, extraQueryParams, extraTokenParams, request_type, response_mode,\n client_secret: this.settings.client_secret,\n skipUserInfo,\n nonce,\n disablePKCE: this.settings.disablePKCE,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signinState = signinRequest.state;\n await this.settings.stateStore.set(signinState.id, signinState.toStorageString());\n return signinRequest;\n }\n\n public async readSigninResponseState(url: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {\n const logger = this._logger.create(\"readSigninResponseState\");\n\n const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.throw(new Error(\"No state in response\"));\n // need to throw within this function's body for type narrowing to work\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = await SigninState.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSigninResponse(url: string): Promise {\n const logger = this._logger.create(\"processSigninResponse\");\n\n const { state, response } = await this.readSigninResponseState(url, true);\n logger.debug(\"received state from storage; validating response\");\n await this._validator.validateSigninResponse(response, state);\n return response;\n }\n\n public async processResourceOwnerPasswordCredentials({\n username,\n password,\n skipUserInfo = false,\n extraTokenParams = {},\n }: ProcessResourceOwnerPasswordCredentialsArgs): Promise {\n const tokenResponse: Record = await this._tokenClient.exchangeCredentials({ username, password, ...extraTokenParams });\n const signinResponse: SigninResponse = new SigninResponse(new URLSearchParams());\n Object.assign(signinResponse, tokenResponse);\n await this._validator.validateCredentialsResponse(signinResponse, skipUserInfo);\n return signinResponse;\n }\n\n public async useRefreshToken({\n state,\n redirect_uri,\n resource,\n timeoutInSeconds,\n extraTokenParams,\n }: UseRefreshTokenArgs): Promise {\n const logger = this._logger.create(\"useRefreshToken\");\n\n // https://github.com/authts/oidc-client-ts/issues/695\n // In some cases (e.g. AzureAD), not all granted scopes are allowed on token refresh requests.\n // Therefore, we filter all granted scopes by a list of allowable scopes.\n let scope;\n if (this.settings.refreshTokenAllowedScope === undefined) {\n scope = state.scope;\n } else {\n const allowableScopes = this.settings.refreshTokenAllowedScope.split(\" \");\n const providedScopes = state.scope?.split(\" \") || [];\n\n scope = providedScopes.filter(s => allowableScopes.includes(s)).join(\" \");\n }\n\n const result = await this._tokenClient.exchangeRefreshToken({\n refresh_token: state.refresh_token,\n // provide the (possible filtered) scope list\n scope,\n redirect_uri,\n resource,\n timeoutInSeconds,\n ...extraTokenParams,\n });\n const response = new SigninResponse(new URLSearchParams());\n Object.assign(response, result);\n logger.debug(\"validating response\", response);\n await this._validator.validateRefreshResponse(response, {\n ...state,\n // override the scope in the state handed over to the validator\n // so it can set the granted scope to the requested scope in case none is included in the response\n scope,\n });\n return response;\n }\n\n public async createSignoutRequest({\n state,\n id_token_hint,\n client_id,\n request_type,\n post_logout_redirect_uri = this.settings.post_logout_redirect_uri,\n extraQueryParams = this.settings.extraQueryParams,\n }: CreateSignoutRequestArgs = {}): Promise {\n const logger = this._logger.create(\"createSignoutRequest\");\n\n const url = await this.metadataService.getEndSessionEndpoint();\n if (!url) {\n logger.throw(new Error(\"No end session endpoint\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n logger.debug(\"Received end session endpoint\", url);\n\n // specify the client identifier when post_logout_redirect_uri is used but id_token_hint is not\n if (!client_id && post_logout_redirect_uri && !id_token_hint) {\n client_id = this.settings.client_id;\n }\n\n const request = new SignoutRequest({\n url,\n id_token_hint,\n client_id,\n post_logout_redirect_uri,\n state_data: state,\n extraQueryParams,\n request_type,\n });\n\n // house cleaning\n await this.clearStaleState();\n\n const signoutState = request.state;\n if (signoutState) {\n logger.debug(\"Signout request has state to persist\");\n await this.settings.stateStore.set(signoutState.id, signoutState.toStorageString());\n }\n\n return request;\n }\n\n public async readSignoutResponseState(url: string, removeState = false): Promise<{ state: State | undefined; response: SignoutResponse }> {\n const logger = this._logger.create(\"readSignoutResponseState\");\n\n const response = new SignoutResponse(UrlUtils.readParams(url, this.settings.response_mode));\n if (!response.state) {\n logger.debug(\"No state in response\");\n\n if (response.error) {\n logger.warn(\"Response was error:\", response.error);\n throw new ErrorResponse(response);\n }\n\n return { state: undefined, response };\n }\n\n const storedStateString = await this.settings.stateStore[removeState ? \"remove\" : \"get\"](response.state);\n if (!storedStateString) {\n logger.throw(new Error(\"No matching state found in storage\"));\n throw null; // https://github.com/microsoft/TypeScript/issues/46972\n }\n\n const state = await State.fromStorageString(storedStateString);\n return { state, response };\n }\n\n public async processSignoutResponse(url: string): Promise {\n const logger = this._logger.create(\"processSignoutResponse\");\n\n const { state, response } = await this.readSignoutResponseState(url, true);\n if (state) {\n logger.debug(\"Received state from storage; validating response\");\n this._validator.validateSignoutResponse(response, state);\n } else {\n logger.debug(\"No state from storage; skipping response validation\");\n }\n\n return response;\n }\n\n public clearStaleState(): Promise {\n this._logger.create(\"clearStaleState\");\n return State.clearStaleState(this.settings.stateStore, this.settings.staleStateAgeInSeconds);\n }\n\n public async revokeToken(token: string, type?: \"access_token\" | \"refresh_token\"): Promise {\n this._logger.create(\"revokeToken\");\n return await this._tokenClient.revoke({\n token,\n token_type_hint: type,\n });\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { CheckSessionIFrame } from \"./CheckSessionIFrame\";\nimport type { UserManager } from \"./UserManager\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport class SessionMonitor {\n private readonly _logger = new Logger(\"SessionMonitor\");\n\n private _sub: string | undefined;\n private _checkSessionIFrame?: CheckSessionIFrame;\n\n public constructor(private readonly _userManager: UserManager) {\n if (!_userManager) {\n this._logger.throw(new Error(\"No user manager passed\"));\n }\n\n this._userManager.events.addUserLoaded(this._start);\n this._userManager.events.addUserUnloaded(this._stop);\n\n this._init().catch((err: unknown) => {\n // catch to suppress errors since we're in a ctor\n this._logger.error(err);\n });\n }\n\n protected async _init(): Promise {\n this._logger.create(\"_init\");\n const user = await this._userManager.getUser();\n // doing this manually here since calling getUser\n // doesn't trigger load event.\n if (user) {\n void this._start(user);\n }\n else if (this._userManager.settings.monitorAnonymousSession) {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub ? {\n sub: session.sub,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n }\n\n protected _start = async (\n user: User | {\n session_state: string;\n profile: { sub: string } | null;\n },\n ): Promise => {\n const session_state = user.session_state;\n if (!session_state) {\n return;\n }\n const logger = this._logger.create(\"_start\");\n\n if (user.profile) {\n this._sub = user.profile.sub;\n logger.debug(\"session_state\", session_state, \", sub\", this._sub);\n }\n else {\n this._sub = undefined;\n logger.debug(\"session_state\", session_state, \", anonymous user\");\n }\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.start(session_state);\n return;\n }\n\n try {\n const url = await this._userManager.metadataService.getCheckSessionIframe();\n if (url) {\n logger.debug(\"initializing check session iframe\");\n\n const client_id = this._userManager.settings.client_id;\n const intervalInSeconds = this._userManager.settings.checkSessionIntervalInSeconds;\n const stopOnError = this._userManager.settings.stopCheckSessionOnError;\n\n const checkSessionIFrame = new CheckSessionIFrame(this._callback, client_id, url, intervalInSeconds, stopOnError);\n await checkSessionIFrame.load();\n this._checkSessionIFrame = checkSessionIFrame;\n checkSessionIFrame.start(session_state);\n }\n else {\n logger.warn(\"no check session iframe found in the metadata\");\n }\n }\n catch (err) {\n // catch to suppress errors since we're in non-promise callback\n logger.error(\"Error from getCheckSessionIframe:\", err instanceof Error ? err.message : err);\n }\n };\n\n protected _stop = (): void => {\n const logger = this._logger.create(\"_stop\");\n this._sub = undefined;\n\n if (this._checkSessionIFrame) {\n this._checkSessionIFrame.stop();\n }\n\n if (this._userManager.settings.monitorAnonymousSession) {\n // using a timer to delay re-initialization to avoid race conditions during signout\n // TODO rewrite to use promise correctly\n // eslint-disable-next-line @typescript-eslint/no-misused-promises\n const timerHandle = setInterval(async () => {\n clearInterval(timerHandle);\n\n try {\n const session = await this._userManager.querySessionStatus();\n if (session) {\n const tmpUser = {\n session_state: session.session_state,\n profile: session.sub ? {\n sub: session.sub,\n } : null,\n };\n void this._start(tmpUser);\n }\n }\n catch (err) {\n // catch to suppress errors since we're in a callback\n logger.error(\"error from querySessionStatus\", err instanceof Error ? err.message : err);\n }\n }, 1000);\n }\n };\n\n protected _callback = async (): Promise => {\n const logger = this._logger.create(\"_callback\");\n try {\n const session = await this._userManager.querySessionStatus();\n let raiseEvent = true;\n\n if (session && this._checkSessionIFrame) {\n if (session.sub === this._sub) {\n raiseEvent = false;\n this._checkSessionIFrame.start(session.session_state);\n\n logger.debug(\"same sub still logged in at OP, session state has changed, restarting check session iframe; session_state\", session.session_state);\n await this._userManager.events._raiseUserSessionChanged();\n }\n else {\n logger.debug(\"different subject signed into OP\", session.sub);\n }\n }\n else {\n logger.debug(\"subject no longer signed into OP\");\n }\n\n if (raiseEvent) {\n if (this._sub) {\n await this._userManager.events._raiseUserSignedOut();\n }\n else {\n await this._userManager.events._raiseUserSignedIn();\n }\n } else {\n logger.debug(\"no change in session detected, no event to raise\");\n }\n }\n catch (err) {\n if (this._sub) {\n logger.debug(\"Error calling queryCurrentSigninSession; raising signed out event\", err);\n await this._userManager.events._raiseUserSignedOut();\n }\n }\n };\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport type { IdTokenClaims } from \"./Claims\";\n\n/**\n * Holds claims represented by a combination of the `id_token` and the user info endpoint.\n *\n * @public\n */\nexport type UserProfile = IdTokenClaims;\n\n/**\n * @public\n */\nexport class User {\n /**\n * A JSON Web Token (JWT). Only provided if `openid` scope was requested.\n * The application can access the data decoded by using the `profile` property.\n */\n public id_token?: string;\n\n /** The session state value returned from the OIDC provider. */\n public session_state: string | null;\n\n /**\n * The requested access token returned from the OIDC provider. The application can use this token to\n * authenticate itself to the secured resource.\n */\n public access_token: string;\n\n /**\n * An OAuth 2.0 refresh token. The app can use this token to acquire additional access tokens after the\n * current access token expires. Refresh tokens are long-lived and can be used to maintain access to resources\n * for extended periods of time.\n */\n public refresh_token?: string;\n\n /** Typically \"Bearer\" */\n public token_type: string;\n\n /** The scopes that the requested access token is valid for. */\n public scope?: string;\n\n /** The claims represented by a combination of the `id_token` and the user info endpoint. */\n public profile: UserProfile;\n\n /** The expires at returned from the OIDC provider. */\n public expires_at?: number;\n\n /** custom state data set during the initial signin request */\n public readonly state: unknown;\n public readonly url_state?: string;\n\n public constructor(args: {\n id_token?: string;\n session_state?: string | null;\n access_token: string;\n refresh_token?: string;\n token_type: string;\n scope?: string;\n profile: UserProfile;\n expires_at?: number;\n userState?: unknown;\n url_state?: string;\n }) {\n this.id_token = args.id_token;\n this.session_state = args.session_state ?? null;\n this.access_token = args.access_token;\n this.refresh_token = args.refresh_token;\n\n this.token_type = args.token_type;\n this.scope = args.scope;\n this.profile = args.profile;\n this.expires_at = args.expires_at;\n this.state = args.userState;\n this.url_state = args.url_state;\n }\n\n /** Computed number of seconds the access token has remaining. */\n public get expires_in(): number | undefined {\n if (this.expires_at === undefined) {\n return undefined;\n }\n return this.expires_at - Timer.getEpochTime();\n }\n\n public set expires_in(value: number | undefined) {\n if (value !== undefined) {\n this.expires_at = Math.floor(value) + Timer.getEpochTime();\n }\n }\n\n /** Computed value indicating if the access token is expired. */\n public get expired(): boolean | undefined {\n const expires_in = this.expires_in;\n if (expires_in === undefined) {\n return undefined;\n }\n return expires_in <= 0;\n }\n\n /** Array representing the parsed values from the `scope`. */\n public get scopes(): string[] {\n return this.scope?.split(\" \") ?? [];\n }\n\n public toStorageString(): string {\n new Logger(\"User\").create(\"toStorageString\");\n return JSON.stringify({\n id_token: this.id_token,\n session_state: this.session_state,\n access_token: this.access_token,\n refresh_token: this.refresh_token,\n token_type: this.token_type,\n scope: this.scope,\n profile: this.profile,\n expires_at: this.expires_at,\n });\n }\n\n public static fromStorageString(storageString: string): User {\n Logger.createStatic(\"User\", \"fromStorageString\");\n return new User(JSON.parse(storageString));\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Event, Logger, UrlUtils } from \"../utils\";\nimport type { IWindow, NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst messageSource = \"oidc-client\";\n\ninterface MessageData {\n source: string;\n url: string;\n keepOpen: boolean;\n}\n\n/**\n * Window implementation which resolves via communication from a child window\n * via the `Window.postMessage()` interface.\n *\n * @internal\n */\nexport abstract class AbstractChildWindow implements IWindow {\n protected abstract readonly _logger: Logger;\n protected readonly _abort = new Event<[reason: Error]>(\"Window navigation aborted\");\n protected readonly _disposeHandlers = new Set<() => void>();\n\n protected _window: WindowProxy | null = null;\n\n public async navigate(params: NavigateParams): Promise {\n const logger = this._logger.create(\"navigate\");\n if (!this._window) {\n throw new Error(\"Attempted to navigate on a disposed window\");\n }\n\n logger.debug(\"setting URL in window\");\n this._window.location.replace(params.url);\n\n const { url, keepOpen } = await new Promise((resolve, reject) => {\n const listener = (e: MessageEvent) => {\n const data: MessageData | undefined = e.data;\n const origin = params.scriptOrigin ?? window.location.origin;\n if (e.origin !== origin || data?.source !== messageSource) {\n // silently discard events not intended for us\n return;\n }\n try {\n const state = UrlUtils.readParams(data.url, params.response_mode).get(\"state\");\n if (!state) {\n logger.warn(\"no state found in response url\");\n }\n if (e.source !== this._window && state !== params.state) {\n // MessageEvent source is a relatively modern feature, we can't rely on it\n // so we also inspect the payload for a matching state key as an alternative\n return;\n }\n }\n catch (err) {\n this._dispose();\n reject(new Error(\"Invalid response from window\"));\n }\n resolve(data);\n };\n window.addEventListener(\"message\", listener, false);\n this._disposeHandlers.add(() => window.removeEventListener(\"message\", listener, false));\n this._disposeHandlers.add(this._abort.addHandler((reason) => {\n this._dispose();\n reject(reason);\n }));\n });\n logger.debug(\"got response from window\");\n this._dispose();\n\n if (!keepOpen) {\n this.close();\n }\n\n return { url };\n }\n\n public abstract close(): void;\n\n private _dispose(): void {\n this._logger.create(\"_dispose\");\n\n for (const dispose of this._disposeHandlers) {\n dispose();\n }\n this._disposeHandlers.clear();\n }\n\n protected static _notifyParent(parent: Window, url: string, keepOpen = false, targetOrigin = window.location.origin): void {\n parent.postMessage({\n source: messageSource,\n url,\n keepOpen,\n } as MessageData, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { type OidcClientSettings, OidcClientSettingsStore } from \"./OidcClientSettings\";\nimport type { PopupWindowFeatures } from \"./utils/PopupUtils\";\nimport { WebStorageStateStore } from \"./WebStorageStateStore\";\nimport { InMemoryWebStorage } from \"./InMemoryWebStorage\";\n\nexport const DefaultPopupWindowFeatures: PopupWindowFeatures = {\n location: false,\n toolbar: false,\n height: 640,\n closePopupWindowAfterInSeconds: -1,\n};\nexport const DefaultPopupTarget = \"_blank\";\nconst DefaultAccessTokenExpiringNotificationTimeInSeconds = 60;\nconst DefaultCheckSessionIntervalInSeconds = 2;\nexport const DefaultSilentRequestTimeoutInSeconds = 10;\n\n/**\n * The settings used to configure the {@link UserManager}.\n *\n * @public\n */\nexport interface UserManagerSettings extends OidcClientSettings {\n /** The URL for the page containing the call to signinPopupCallback to handle the callback from the OIDC/OAuth2 */\n popup_redirect_uri?: string;\n popup_post_logout_redirect_uri?: string;\n /**\n * The features parameter to window.open for the popup signin window. By default, the popup is\n * placed centered in front of the window opener.\n * (default: \\{ location: false, menubar: false, height: 640, closePopupWindowAfterInSeconds: -1 \\})\n */\n popupWindowFeatures?: PopupWindowFeatures;\n /** The target parameter to window.open for the popup signin window (default: \"_blank\") */\n popupWindowTarget?: string;\n /** The methods window.location method used to redirect (default: \"assign\") */\n redirectMethod?: \"replace\" | \"assign\";\n /** The methods target window being redirected (default: \"self\") */\n redirectTarget?: \"top\" | \"self\";\n\n /** The target to pass while calling postMessage inside iframe for callback (default: window.location.origin) */\n iframeNotifyParentOrigin?: string;\n\n /** The script origin to check during 'message' callback execution while performing silent auth via iframe (default: window.location.origin) */\n iframeScriptOrigin?: string;\n\n /** The URL for the page containing the code handling the silent renew */\n silent_redirect_uri?: string;\n /** Number of seconds to wait for the silent renew to return before assuming it has failed or timed out (default: 10) */\n silentRequestTimeoutInSeconds?: number;\n /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration. The automatic renew attempt starts 1 minute before the access token expires (default: true) */\n automaticSilentRenew?: boolean;\n /** Flag to validate user.profile.sub in silent renew calls (default: true) */\n validateSubOnSilentRenew?: boolean;\n /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: false) */\n includeIdTokenInSilentRenew?: boolean;\n\n /** Will raise events for when user has performed a signout at the OP (default: false) */\n monitorSession?: boolean;\n monitorAnonymousSession?: boolean;\n /** Interval in seconds to check the user's session (default: 2) */\n checkSessionIntervalInSeconds?: number;\n query_status_response_type?: string;\n stopCheckSessionOnError?: boolean;\n\n /**\n * The `token_type_hint`s to pass to the authority server by default (default: [\"access_token\", \"refresh_token\"])\n *\n * Token types will be revoked in the same order as they are given here.\n */\n revokeTokenTypes?: (\"access_token\" | \"refresh_token\")[];\n /** Will invoke the revocation endpoint on signout if there is an access token for the user (default: false) */\n revokeTokensOnSignout?: boolean;\n /** Flag to control if id_token is included as id_token_hint in silent signout calls (default: false) */\n includeIdTokenInSilentSignout?: boolean;\n\n /** The number of seconds before an access token is to expire to raise the accessTokenExpiring event (default: 60) */\n accessTokenExpiringNotificationTimeInSeconds?: number;\n\n /**\n * Storage object used to persist User for currently authenticated user (default: window.sessionStorage, InMemoryWebStorage iff no window).\n * E.g. `userStore: new WebStorageStateStore({ store: window.localStorage })`\n */\n userStore?: WebStorageStateStore;\n}\n\n/**\n * The settings with defaults applied of the {@link UserManager}.\n * @see {@link UserManagerSettings}\n *\n * @public\n */\nexport class UserManagerSettingsStore extends OidcClientSettingsStore {\n public readonly popup_redirect_uri: string;\n public readonly popup_post_logout_redirect_uri: string | undefined;\n public readonly popupWindowFeatures: PopupWindowFeatures;\n public readonly popupWindowTarget: string;\n public readonly redirectMethod: \"replace\" | \"assign\";\n public readonly redirectTarget: \"top\" | \"self\";\n\n public readonly iframeNotifyParentOrigin: string | undefined;\n public readonly iframeScriptOrigin: string | undefined;\n\n public readonly silent_redirect_uri: string;\n public readonly silentRequestTimeoutInSeconds: number;\n public readonly automaticSilentRenew: boolean;\n public readonly validateSubOnSilentRenew: boolean;\n public readonly includeIdTokenInSilentRenew: boolean;\n\n public readonly monitorSession: boolean;\n public readonly monitorAnonymousSession: boolean;\n public readonly checkSessionIntervalInSeconds: number;\n public readonly query_status_response_type: string;\n public readonly stopCheckSessionOnError: boolean;\n\n public readonly revokeTokenTypes: (\"access_token\" | \"refresh_token\")[];\n public readonly revokeTokensOnSignout: boolean;\n public readonly includeIdTokenInSilentSignout: boolean;\n\n public readonly accessTokenExpiringNotificationTimeInSeconds: number;\n\n public readonly userStore: WebStorageStateStore;\n\n public constructor(args: UserManagerSettings) {\n const {\n popup_redirect_uri = args.redirect_uri,\n popup_post_logout_redirect_uri = args.post_logout_redirect_uri,\n popupWindowFeatures = DefaultPopupWindowFeatures,\n popupWindowTarget = DefaultPopupTarget,\n redirectMethod = \"assign\",\n redirectTarget = \"self\",\n\n iframeNotifyParentOrigin = args.iframeNotifyParentOrigin,\n iframeScriptOrigin = args.iframeScriptOrigin,\n\n silent_redirect_uri = args.redirect_uri,\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n automaticSilentRenew = true,\n validateSubOnSilentRenew = true,\n includeIdTokenInSilentRenew = false,\n\n monitorSession = false,\n monitorAnonymousSession = false,\n checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds,\n query_status_response_type = \"code\",\n stopCheckSessionOnError = true,\n\n revokeTokenTypes = [\"access_token\", \"refresh_token\"],\n revokeTokensOnSignout = false,\n includeIdTokenInSilentSignout = false,\n\n accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds,\n\n userStore,\n } = args;\n\n super(args);\n\n this.popup_redirect_uri = popup_redirect_uri;\n this.popup_post_logout_redirect_uri = popup_post_logout_redirect_uri;\n this.popupWindowFeatures = popupWindowFeatures;\n this.popupWindowTarget = popupWindowTarget;\n this.redirectMethod = redirectMethod;\n this.redirectTarget = redirectTarget;\n\n this.iframeNotifyParentOrigin = iframeNotifyParentOrigin;\n this.iframeScriptOrigin = iframeScriptOrigin;\n\n this.silent_redirect_uri = silent_redirect_uri;\n this.silentRequestTimeoutInSeconds = silentRequestTimeoutInSeconds;\n this.automaticSilentRenew = automaticSilentRenew;\n this.validateSubOnSilentRenew = validateSubOnSilentRenew;\n this.includeIdTokenInSilentRenew = includeIdTokenInSilentRenew;\n\n this.monitorSession = monitorSession;\n this.monitorAnonymousSession = monitorAnonymousSession;\n this.checkSessionIntervalInSeconds = checkSessionIntervalInSeconds;\n this.stopCheckSessionOnError = stopCheckSessionOnError;\n this.query_status_response_type = query_status_response_type;\n\n this.revokeTokenTypes = revokeTokenTypes;\n this.revokeTokensOnSignout = revokeTokensOnSignout;\n this.includeIdTokenInSilentSignout = includeIdTokenInSilentSignout;\n\n this.accessTokenExpiringNotificationTimeInSeconds = accessTokenExpiringNotificationTimeInSeconds;\n\n if (userStore) {\n this.userStore = userStore;\n }\n else {\n const store = typeof window !== \"undefined\" ? window.sessionStorage : new InMemoryWebStorage();\n this.userStore = new WebStorageStateStore({ store });\n }\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { ErrorTimeout } from \"../errors\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport { DefaultSilentRequestTimeoutInSeconds } from \"../UserManagerSettings\";\n\n/**\n * @public\n */\nexport interface IFrameWindowParams {\n silentRequestTimeoutInSeconds?: number;\n}\n\n/**\n * @internal\n */\nexport class IFrameWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"IFrameWindow\");\n private _frame: HTMLIFrameElement | null;\n private _timeoutInSeconds: number;\n\n public constructor({\n silentRequestTimeoutInSeconds = DefaultSilentRequestTimeoutInSeconds,\n }: IFrameWindowParams) {\n super();\n this._timeoutInSeconds = silentRequestTimeoutInSeconds;\n\n this._frame = IFrameWindow.createHiddenIframe();\n this._window = this._frame.contentWindow;\n }\n\n private static createHiddenIframe(): HTMLIFrameElement {\n const iframe = window.document.createElement(\"iframe\");\n\n // shotgun approach\n iframe.style.visibility = \"hidden\";\n iframe.style.position = \"fixed\";\n iframe.style.left = \"-1000px\";\n iframe.style.top = \"0\";\n iframe.width = \"0\";\n iframe.height = \"0\";\n\n window.document.body.appendChild(iframe);\n return iframe;\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._logger.debug(\"navigate: Using timeout of:\", this._timeoutInSeconds);\n const timer = setTimeout(() => void this._abort.raise(new ErrorTimeout(\"IFrame timed out without a response\")), this._timeoutInSeconds * 1000);\n this._disposeHandlers.add(() => clearTimeout(timer));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._frame) {\n if (this._frame.parentNode) {\n this._frame.addEventListener(\"load\", (ev) => {\n const frame = ev.target as HTMLIFrameElement;\n frame.parentNode?.removeChild(frame);\n void this._abort.raise(new Error(\"IFrame removed from DOM\"));\n }, true);\n this._frame.contentWindow?.location.replace(\"about:blank\");\n }\n this._frame = null;\n }\n this._window = null;\n }\n\n public static notifyParent(url: string, targetOrigin?: string): void {\n return super._notifyParent(window.parent, url, false, targetOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport { IFrameWindow, type IFrameWindowParams } from \"./IFrameWindow\";\nimport type { INavigator } from \"./INavigator\";\n\n/**\n * @internal\n */\nexport class IFrameNavigator implements INavigator {\n private readonly _logger = new Logger(\"IFrameNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n silentRequestTimeoutInSeconds = this._settings.silentRequestTimeoutInSeconds,\n }: IFrameWindowParams): Promise {\n return new IFrameWindow({ silentRequestTimeoutInSeconds });\n }\n\n public async callback(url: string): Promise {\n this._logger.create(\"callback\");\n IFrameWindow.notifyParent(url, this._settings.iframeNotifyParentOrigin);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, PopupUtils, type PopupWindowFeatures } from \"../utils\";\nimport { DefaultPopupWindowFeatures, DefaultPopupTarget } from \"../UserManagerSettings\";\nimport { AbstractChildWindow } from \"./AbstractChildWindow\";\nimport type { NavigateParams, NavigateResponse } from \"./IWindow\";\n\nconst checkForPopupClosedInterval = 500;\nconst second = 1000;\n\n/**\n * @public\n */\nexport interface PopupWindowParams {\n popupWindowFeatures?: PopupWindowFeatures;\n popupWindowTarget?: string;\n}\n\n/**\n * @internal\n */\nexport class PopupWindow extends AbstractChildWindow {\n protected readonly _logger = new Logger(\"PopupWindow\");\n\n protected _window: WindowProxy | null;\n\n public constructor({\n popupWindowTarget = DefaultPopupTarget,\n popupWindowFeatures = {},\n }: PopupWindowParams) {\n super();\n const centeredPopup = PopupUtils.center({ ...DefaultPopupWindowFeatures, ...popupWindowFeatures });\n this._window = window.open(undefined, popupWindowTarget, PopupUtils.serialize(centeredPopup));\n if (popupWindowFeatures.closePopupWindowAfterInSeconds && popupWindowFeatures.closePopupWindowAfterInSeconds > 0) {\n setTimeout(() => {\n if (!this._window || typeof this._window.closed !== \"boolean\" || this._window.closed) {\n void this._abort.raise(new Error(\"Popup blocked by user\"));\n return;\n }\n\n this.close();\n }, popupWindowFeatures.closePopupWindowAfterInSeconds * second);\n }\n }\n\n public async navigate(params: NavigateParams): Promise {\n this._window?.focus();\n\n const popupClosedInterval = setInterval(() => {\n if (!this._window || this._window.closed) {\n void this._abort.raise(new Error(\"Popup closed by user\"));\n }\n }, checkForPopupClosedInterval);\n this._disposeHandlers.add(() => clearInterval(popupClosedInterval));\n\n return await super.navigate(params);\n }\n\n public close(): void {\n if (this._window) {\n if (!this._window.closed) {\n this._window.close();\n void this._abort.raise(new Error(\"Popup closed\"));\n }\n }\n this._window = null;\n }\n\n public static notifyOpener(url: string, keepOpen: boolean): void {\n if (!window.opener) {\n throw new Error(\"No window.opener. Can't complete notification.\");\n }\n return super._notifyParent(window.opener, url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport { PopupWindow, type PopupWindowParams } from \"./PopupWindow\";\nimport type { INavigator } from \"./INavigator\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\n\n/**\n * @internal\n */\nexport class PopupNavigator implements INavigator {\n private readonly _logger = new Logger(\"PopupNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n popupWindowFeatures = this._settings.popupWindowFeatures,\n popupWindowTarget = this._settings.popupWindowTarget,\n }: PopupWindowParams): Promise {\n return new PopupWindow({ popupWindowFeatures, popupWindowTarget });\n }\n\n public async callback(url: string, { keepOpen = false }): Promise {\n this._logger.create(\"callback\");\n\n PopupWindow.notifyOpener(url, keepOpen);\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"../utils\";\nimport type { UserManagerSettingsStore } from \"../UserManagerSettings\";\nimport type { INavigator } from \"./INavigator\";\nimport type { IWindow } from \"./IWindow\";\n\n/**\n * @public\n */\nexport interface RedirectParams {\n redirectMethod?: \"replace\" | \"assign\";\n redirectTarget?: \"top\" | \"self\";\n}\n\n/**\n * @internal\n */\nexport class RedirectNavigator implements INavigator {\n private readonly _logger = new Logger(\"RedirectNavigator\");\n\n constructor(private _settings: UserManagerSettingsStore) {}\n\n public async prepare({\n redirectMethod = this._settings.redirectMethod,\n redirectTarget = this._settings.redirectTarget,\n }: RedirectParams): Promise {\n this._logger.create(\"prepare\");\n let targetWindow = window.self as Window;\n\n if (redirectTarget === \"top\") {\n targetWindow = window.top ?? window.self;\n }\n \n const redirect = targetWindow.location[redirectMethod].bind(targetWindow.location) as (url: string) => never;\n let abort: (reason: Error) => void;\n return {\n navigate: async (params): Promise => {\n this._logger.create(\"navigate\");\n // We use a promise that never resolves to block the caller\n const promise = new Promise((resolve, reject) => {\n abort = reject;\n });\n redirect(params.url);\n return await (promise as Promise);\n },\n close: () => {\n this._logger.create(\"close\");\n abort?.(new Error(\"Redirect aborted\"));\n targetWindow.stop();\n },\n };\n }\n\n public async callback(): Promise {\n return;\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Event } from \"./utils\";\nimport { AccessTokenEvents } from \"./AccessTokenEvents\";\nimport type { UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport type { User } from \"./User\";\n\n/**\n * @public\n */\nexport type UserLoadedCallback = (user: User) => Promise | void;\n/**\n * @public\n */\nexport type UserUnloadedCallback = () => Promise | void;\n/**\n * @public\n */\nexport type SilentRenewErrorCallback = (error: Error) => Promise | void;\n/**\n * @public\n */\nexport type UserSignedInCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSignedOutCallback = () => Promise | void;\n/**\n * @public\n */\nexport type UserSessionChangedCallback = () => Promise | void;\n\n/**\n * @public\n */\nexport class UserManagerEvents extends AccessTokenEvents {\n protected readonly _logger = new Logger(\"UserManagerEvents\");\n\n private readonly _userLoaded = new Event<[User]>(\"User loaded\");\n private readonly _userUnloaded = new Event<[]>(\"User unloaded\");\n private readonly _silentRenewError = new Event<[Error]>(\"Silent renew error\");\n private readonly _userSignedIn = new Event<[]>(\"User signed in\");\n private readonly _userSignedOut = new Event<[]>(\"User signed out\");\n private readonly _userSessionChanged = new Event<[]>(\"User session changed\");\n\n public constructor(settings: UserManagerSettingsStore) {\n super({ expiringNotificationTimeInSeconds: settings.accessTokenExpiringNotificationTimeInSeconds });\n }\n\n public async load(user: User, raiseEvent=true): Promise {\n super.load(user);\n if (raiseEvent) {\n await this._userLoaded.raise(user);\n }\n }\n public async unload(): Promise {\n super.unload();\n await this._userUnloaded.raise();\n }\n\n /**\n * Add callback: Raised when a user session has been established (or re-established).\n */\n public addUserLoaded(cb: UserLoadedCallback): () => void {\n return this._userLoaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been established (or re-established).\n */\n public removeUserLoaded(cb: UserLoadedCallback): void {\n return this._userLoaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when a user session has been terminated.\n */\n public addUserUnloaded(cb: UserUnloadedCallback): () => void {\n return this._userUnloaded.addHandler(cb);\n }\n /**\n * Remove callback: Raised when a user session has been terminated.\n */\n public removeUserUnloaded(cb: UserUnloadedCallback): void {\n return this._userUnloaded.removeHandler(cb);\n }\n\n /**\n * Add callback: Raised when the automatic silent renew has failed.\n */\n public addSilentRenewError(cb: SilentRenewErrorCallback): () => void {\n return this._silentRenewError.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the automatic silent renew has failed.\n */\n public removeSilentRenewError(cb: SilentRenewErrorCallback): void {\n return this._silentRenewError.removeHandler(cb);\n }\n /**\n * @internal\n */\n public async _raiseSilentRenewError(e: Error): Promise {\n await this._silentRenewError.raise(e);\n }\n\n /**\n * Add callback: Raised when the user is signed in (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedIn(cb: UserSignedInCallback): () => void {\n return this._userSignedIn.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user is signed in (when `monitorSession` is set).\n */\n public removeUserSignedIn(cb: UserSignedInCallback): void {\n this._userSignedIn.removeHandler(cb);\n }\n /**\n * @internal\n */\n public async _raiseUserSignedIn(): Promise {\n await this._userSignedIn.raise();\n }\n\n /**\n * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSignedOut(cb: UserSignedOutCallback): () => void {\n return this._userSignedOut.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).\n */\n public removeUserSignedOut(cb: UserSignedOutCallback): void {\n this._userSignedOut.removeHandler(cb);\n }\n /**\n * @internal\n */\n public async _raiseUserSignedOut(): Promise {\n await this._userSignedOut.raise();\n }\n\n /**\n * Add callback: Raised when the user session changed (when `monitorSession` is set).\n * @see {@link UserManagerSettings.monitorSession}\n */\n public addUserSessionChanged(cb: UserSessionChangedCallback): () => void {\n return this._userSessionChanged.addHandler(cb);\n }\n /**\n * Remove callback: Raised when the user session changed (when `monitorSession` is set).\n */\n public removeUserSessionChanged(cb: UserSessionChangedCallback): void {\n this._userSessionChanged.removeHandler(cb);\n }\n /**\n * @internal\n */\n public async _raiseUserSessionChanged(): Promise {\n await this._userSessionChanged.raise();\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger, Timer } from \"./utils\";\nimport { ErrorTimeout } from \"./errors\";\nimport type { UserManager } from \"./UserManager\";\nimport type { AccessTokenCallback } from \"./AccessTokenEvents\";\n\n/**\n * @internal\n */\nexport class SilentRenewService {\n protected _logger = new Logger(\"SilentRenewService\");\n private _isStarted = false;\n private readonly _retryTimer = new Timer(\"Retry Silent Renew\");\n\n public constructor(private _userManager: UserManager) {}\n\n public async start(): Promise {\n const logger = this._logger.create(\"start\");\n if (!this._isStarted) {\n this._isStarted = true;\n this._userManager.events.addAccessTokenExpiring(this._tokenExpiring);\n this._retryTimer.addHandler(this._tokenExpiring);\n\n // this will trigger loading of the user so the expiring events can be initialized\n try {\n await this._userManager.getUser();\n // deliberate nop\n }\n catch (err) {\n // catch to suppress errors since we're in a ctor\n logger.error(\"getUser error\", err);\n }\n }\n }\n\n public stop(): void {\n if (this._isStarted) {\n this._retryTimer.cancel();\n this._retryTimer.removeHandler(this._tokenExpiring);\n this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring);\n this._isStarted = false;\n }\n }\n\n protected _tokenExpiring: AccessTokenCallback = async () => {\n const logger = this._logger.create(\"_tokenExpiring\");\n try {\n await this._userManager.signinSilent();\n logger.debug(\"silent token renewal successful\");\n }\n catch (err) {\n if (err instanceof ErrorTimeout) {\n // no response from authority server, e.g. IFrame timeout, ...\n logger.warn(\"ErrorTimeout from signinSilent:\", err, \"retry in 5s\");\n this._retryTimer.init(5);\n return;\n }\n\n logger.error(\"Error from signinSilent:\", err);\n await this._userManager.events._raiseSilentRenewError(err as Error);\n }\n };\n}\n", "// Copyright (C) AuthTS Contributors\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport type { UserProfile } from \"./User\";\n\n/**\n * Fake state store implementation necessary for validating refresh token requests.\n *\n * @public\n */\nexport class RefreshState {\n /** custom \"state\", which can be used by a caller to have \"data\" round tripped */\n public readonly data?: unknown;\n\n public readonly refresh_token: string;\n public readonly id_token?: string;\n public readonly session_state: string | null;\n public readonly scope?: string;\n public readonly profile: UserProfile;\n\n constructor(args: {\n refresh_token: string;\n id_token?: string;\n session_state: string | null;\n scope?: string;\n profile: UserProfile;\n\n state?: unknown;\n }) {\n this.refresh_token = args.refresh_token;\n this.id_token = args.id_token;\n this.session_state = args.session_state;\n this.scope = args.scope;\n this.profile = args.profile;\n\n this.data = args.state;\n\n }\n}\n", "// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.\n// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.\n\nimport { Logger } from \"./utils\";\nimport { ErrorResponse } from \"./errors\";\nimport { type NavigateResponse, type PopupWindowParams, type IWindow, type IFrameWindowParams, type RedirectParams, RedirectNavigator, PopupNavigator, IFrameNavigator, type INavigator } from \"./navigators\";\nimport { OidcClient, type CreateSigninRequestArgs, type CreateSignoutRequestArgs, type ProcessResourceOwnerPasswordCredentialsArgs, type UseRefreshTokenArgs } from \"./OidcClient\";\nimport { type UserManagerSettings, UserManagerSettingsStore } from \"./UserManagerSettings\";\nimport { User } from \"./User\";\nimport { UserManagerEvents } from \"./UserManagerEvents\";\nimport { SilentRenewService } from \"./SilentRenewService\";\nimport { SessionMonitor } from \"./SessionMonitor\";\nimport type { SessionStatus } from \"./SessionStatus\";\nimport type { SignoutResponse } from \"./SignoutResponse\";\nimport type { MetadataService } from \"./MetadataService\";\nimport { RefreshState } from \"./RefreshState\";\nimport type { SigninResponse } from \"./SigninResponse\";\n\n/**\n * @public\n */\nexport type ExtraSigninRequestArgs = Pick;\n/**\n * @public\n */\nexport type ExtraSignoutRequestArgs = Pick;\n\n/**\n * @public\n */\nexport type RevokeTokensTypes = UserManagerSettings[\"revokeTokenTypes\"];\n\n/**\n * @public\n */\nexport type SigninRedirectArgs = RedirectParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninPopupArgs = PopupWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninSilentArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SigninResourceOwnerCredentialsArgs = ProcessResourceOwnerPasswordCredentialsArgs;\n\n/**\n * @public\n */\nexport type QuerySessionStatusArgs = IFrameWindowParams & ExtraSigninRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutRedirectArgs = RedirectParams & ExtraSignoutRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutPopupArgs = PopupWindowParams & ExtraSignoutRequestArgs;\n\n/**\n * @public\n */\nexport type SignoutSilentArgs = IFrameWindowParams & ExtraSignoutRequestArgs;\n\n/**\n * Provides a higher level API for signing a user in, signing out, managing the user's claims returned from the identity provider,\n * and managing an access token returned from the identity provider (OAuth2/OIDC).\n *\n * @public\n */\nexport class UserManager {\n /** Get the settings used to configure the `UserManager`. */\n public readonly settings: UserManagerSettingsStore;\n protected readonly _logger = new Logger(\"UserManager\");\n\n protected readonly _client: OidcClient;\n protected readonly _redirectNavigator: INavigator;\n protected readonly _popupNavigator: INavigator;\n protected readonly _iframeNavigator: INavigator;\n protected readonly _events: UserManagerEvents;\n protected readonly _silentRenewService: SilentRenewService;\n protected readonly _sessionMonitor: SessionMonitor | null;\n\n public constructor(settings: UserManagerSettings, redirectNavigator?: INavigator, popupNavigator?: INavigator, iframeNavigator?: INavigator) {\n this.settings = new UserManagerSettingsStore(settings);\n\n this._client = new OidcClient(settings);\n\n this._redirectNavigator = redirectNavigator ?? new RedirectNavigator(this.settings);\n this._popupNavigator = popupNavigator ?? new PopupNavigator(this.settings);\n this._iframeNavigator = iframeNavigator ?? new IFrameNavigator(this.settings);\n\n this._events = new UserManagerEvents(this.settings);\n this._silentRenewService = new SilentRenewService(this);\n\n // order is important for the following properties; these services depend upon the events.\n if (this.settings.automaticSilentRenew) {\n this.startSilentRenew();\n }\n\n this._sessionMonitor = null;\n if (this.settings.monitorSession) {\n this._sessionMonitor = new SessionMonitor(this);\n }\n\n }\n\n /**\n * Get object used to register for events raised by the `UserManager`.\n */\n public get events(): UserManagerEvents {\n return this._events;\n }\n\n /**\n * Get object used to access the metadata configuration of the identity provider.\n */\n public get metadataService(): MetadataService {\n return this._client.metadataService;\n }\n\n /**\n * Load the `User` object for the currently authenticated user.\n *\n * @returns A promise\n */\n public async getUser(): Promise {\n const logger = this._logger.create(\"getUser\");\n const user = await this._loadUser();\n if (user) {\n logger.info(\"user loaded\");\n await this._events.load(user, false);\n return user;\n }\n\n logger.info(\"user not found in storage\");\n return null;\n }\n\n /**\n * Remove from any storage the currently authenticated user.\n *\n * @returns A promise\n */\n public async removeUser(): Promise {\n const logger = this._logger.create(\"removeUser\");\n await this.storeUser(null);\n logger.info(\"user removed from storage\");\n await this._events.unload();\n }\n\n /**\n * Trigger a redirect of the current window to the authorization endpoint.\n *\n * @returns A promise\n *\n * @throws `Error` In cases of wrong authentication.\n */\n public async signinRedirect(args: SigninRedirectArgs = {}): Promise {\n this._logger.create(\"signinRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signinStart({\n request_type: \"si:r\",\n ...requestArgs,\n }, handle);\n }\n\n /**\n * Process the response (callback) from the authorization endpoint.\n * It is recommend to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise containing the authenticated `User`.\n *\n * @see {@link UserManager.signinCallback}\n */\n public async signinRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinRedirectCallback\");\n const user = await this._signinEnd(url);\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n\n return user;\n }\n\n /**\n * Trigger the signin with user/password.\n *\n * @returns A promise containing the authenticated `User`.\n * @throws {@link ErrorResponse} In cases of wrong authentication.\n */\n public async signinResourceOwnerCredentials({\n username,\n password,\n skipUserInfo = false,\n }: SigninResourceOwnerCredentialsArgs): Promise {\n const logger = this._logger.create(\"signinResourceOwnerCredential\");\n\n const signinResponse = await this._client.processResourceOwnerPasswordCredentials({ username, password, skipUserInfo, extraTokenParams: this.settings.extraTokenParams });\n logger.debug(\"got signin response\");\n\n const user = await this._buildUser(signinResponse);\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n } else {\n logger.info(\"no subject\");\n }\n return user;\n }\n\n /**\n * Trigger a request (via a popup window) to the authorization endpoint.\n *\n * @returns A promise containing the authenticated `User`.\n * @throws `Error` In cases of wrong authentication.\n */\n public async signinPopup(args: SigninPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signinPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No popup_redirect_uri configured\"));\n }\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n const user = await this._signin({\n request_type: \"si:p\",\n redirect_uri: url,\n display: \"popup\",\n ...requestArgs,\n }, handle);\n if (user) {\n if (user.profile && user.profile.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n /**\n * Notify the opening window of response (callback) from the authorization endpoint.\n * It is recommend to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signinCallback}\n */\n public async signinPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signinPopupCallback\");\n await this._popupNavigator.callback(url, { keepOpen });\n logger.info(\"success\");\n }\n\n /**\n * Trigger a silent request (via refresh token or an iframe) to the authorization endpoint.\n *\n * @returns A promise that contains the authenticated `User`.\n */\n public async signinSilent(args: SigninSilentArgs = {}): Promise {\n const logger = this._logger.create(\"signinSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n // first determine if we have a refresh token, or need to use iframe\n let user = await this._loadUser();\n if (user?.refresh_token) {\n logger.debug(\"using refresh token\");\n const state = new RefreshState(user as Required);\n return await this._useRefreshToken({\n state,\n redirect_uri: requestArgs.redirect_uri,\n resource: requestArgs.resource,\n extraTokenParams: requestArgs.extraTokenParams,\n timeoutInSeconds: silentRequestTimeoutInSeconds,\n });\n }\n\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n let verifySub: string | undefined;\n if (user && this.settings.validateSubOnSilentRenew) {\n logger.debug(\"subject prior to silent renew:\", user.profile.sub);\n verifySub = user.profile.sub;\n }\n\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n user = await this._signin({\n request_type: \"si:s\",\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined,\n ...requestArgs,\n }, handle, verifySub);\n if (user) {\n if (user.profile?.sub) {\n logger.info(\"success, signed in subject\", user.profile.sub);\n }\n else {\n logger.info(\"no subject\");\n }\n }\n\n return user;\n }\n\n protected async _useRefreshToken(args: UseRefreshTokenArgs): Promise {\n const response = await this._client.useRefreshToken({\n ...args,\n timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,\n });\n const user = new User({ ...args.state, ...response });\n\n await this.storeUser(user);\n await this._events.load(user);\n return user;\n }\n\n /**\n *\n * Notify the parent window of response (callback) from the authorization endpoint.\n * It is recommend to use {@link UserManager.signinCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signinCallback}\n */\n public async signinSilentCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signinSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger.info(\"success\");\n }\n\n /**\n * Process any response (callback) from the authorization endpoint, by dispatching the request_type\n * and executing one of the following functions:\n * - {@link UserManager.signinRedirectCallback}\n * - {@link UserManager.signinPopupCallback}\n * - {@link UserManager.signinSilentCallback}\n *\n * @throws `Error` If request_type is unknown or signout can not processed.\n */\n public async signinCallback(url = window.location.href): Promise {\n const { state } = await this._client.readSigninResponseState(url);\n switch (state.request_type) {\n case \"si:r\":\n return await this.signinRedirectCallback(url);\n case \"si:p\":\n return await this.signinPopupCallback(url);\n case \"si:s\":\n return await this.signinSilentCallback(url);\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n /**\n * Process any response (callback) from the end session endpoint, by dispatching the request_type\n * and executing one of the following functions:\n * - {@link UserManager.signoutRedirectCallback}\n * - {@link UserManager.signoutPopupCallback}\n * - {@link UserManager.signoutSilentCallback}\n *\n * @throws `Error` If request_type is unknown or signout can not processed.\n */\n public async signoutCallback(url = window.location.href, keepOpen = false): Promise {\n const { state } = await this._client.readSignoutResponseState(url);\n if (!state) {\n return;\n }\n\n switch (state.request_type) {\n case \"so:r\":\n await this.signoutRedirectCallback(url);\n break;\n case \"so:p\":\n await this.signoutPopupCallback(url, keepOpen);\n break;\n case \"so:s\":\n await this.signoutSilentCallback(url);\n break;\n default:\n throw new Error(\"invalid response_type in state\");\n }\n }\n\n /**\n * Query OP for user's current signin status.\n *\n * @returns A promise object with session_state and subject identifier.\n */\n public async querySessionStatus(args: QuerySessionStatusArgs = {}): Promise {\n const logger = this._logger.create(\"querySessionStatus\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n const url = this.settings.silent_redirect_uri;\n if (!url) {\n logger.throw(new Error(\"No silent_redirect_uri configured\"));\n }\n\n const user = await this._loadUser();\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n const navResponse = await this._signinStart({\n request_type: \"si:s\", // this acts like a signin silent\n redirect_uri: url,\n prompt: \"none\",\n id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined,\n response_type: this.settings.query_status_response_type,\n scope: \"openid\",\n skipUserInfo: true,\n ...requestArgs,\n }, handle);\n try {\n const signinResponse = await this._client.processSigninResponse(navResponse.url);\n logger.debug(\"got signin response\");\n\n if (signinResponse.session_state && signinResponse.profile.sub) {\n logger.info(\"success for subject\", signinResponse.profile.sub);\n return {\n session_state: signinResponse.session_state,\n sub: signinResponse.profile.sub,\n };\n }\n\n logger.info(\"success, user not authenticated\");\n return null;\n }\n catch (err) {\n if (this.settings.monitorAnonymousSession && err instanceof ErrorResponse) {\n switch (err.error) {\n case \"login_required\":\n case \"consent_required\":\n case \"interaction_required\":\n case \"account_selection_required\":\n logger.info(\"success for anonymous user\");\n return {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n session_state: err.session_state!,\n };\n }\n }\n throw err;\n }\n }\n\n protected async _signin(args: CreateSigninRequestArgs, handle: IWindow, verifySub?: string): Promise {\n const navResponse = await this._signinStart(args, handle);\n return await this._signinEnd(navResponse.url, verifySub);\n }\n protected async _signinStart(args: CreateSigninRequestArgs, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signinStart\");\n\n try {\n const signinRequest = await this._client.createSigninRequest(args);\n logger.debug(\"got signin request\");\n\n return await handle.navigate({\n url: signinRequest.url,\n state: signinRequest.state.id,\n response_mode: signinRequest.state.response_mode,\n scriptOrigin: this.settings.iframeScriptOrigin,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signinEnd(url: string, verifySub?: string): Promise {\n const logger = this._logger.create(\"_signinEnd\");\n const signinResponse = await this._client.processSigninResponse(url);\n logger.debug(\"got signin response\");\n\n const user = await this._buildUser(signinResponse, verifySub);\n return user;\n }\n\n protected async _buildUser(signinResponse: SigninResponse, verifySub?: string) {\n const logger = this._logger.create(\"_buildUser\");\n const user = new User(signinResponse);\n if (verifySub) {\n if (verifySub !== user.profile.sub) {\n logger.debug(\"current user does not match user returned from signin. sub from signin:\", user.profile.sub);\n throw new ErrorResponse({ ...signinResponse, error: \"login_required\" });\n }\n logger.debug(\"current user matches user returned from signin\");\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n await this._events.load(user);\n\n return user;\n }\n\n /**\n * Trigger a redirect of the current window to the end session endpoint.\n *\n * @returns A promise\n */\n public async signoutRedirect(args: SignoutRedirectArgs = {}): Promise {\n const logger = this._logger.create(\"signoutRedirect\");\n const {\n redirectMethod,\n ...requestArgs\n } = args;\n const handle = await this._redirectNavigator.prepare({ redirectMethod });\n await this._signoutStart({\n request_type: \"so:r\",\n post_logout_redirect_uri: this.settings.post_logout_redirect_uri,\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Process response (callback) from the end session endpoint.\n * It is recommend to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise containing signout response\n *\n * @see {@link UserManager.signoutCallback}\n */\n public async signoutRedirectCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signoutRedirectCallback\");\n const response = await this._signoutEnd(url);\n logger.info(\"success\");\n return response;\n }\n\n /**\n * Trigger a redirect of a popup window window to the end session endpoint.\n *\n * @returns A promise\n */\n public async signoutPopup(args: SignoutPopupArgs = {}): Promise {\n const logger = this._logger.create(\"signoutPopup\");\n const {\n popupWindowFeatures,\n popupWindowTarget,\n ...requestArgs\n } = args;\n const url = this.settings.popup_post_logout_redirect_uri;\n\n const handle = await this._popupNavigator.prepare({ popupWindowFeatures, popupWindowTarget });\n await this._signout({\n request_type: \"so:p\",\n post_logout_redirect_uri: url,\n // we're putting a dummy entry in here because we\n // need a unique id from the state for notification\n // to the parent window, which is necessary if we\n // plan to return back to the client after signout\n // and so we can close the popup after signout\n state: url == null ? undefined : {},\n ...requestArgs,\n }, handle);\n logger.info(\"success\");\n }\n\n /**\n * Process response (callback) from the end session endpoint from a popup window.\n * It is recommend to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signoutCallback}\n */\n public async signoutPopupCallback(url = window.location.href, keepOpen = false): Promise {\n const logger = this._logger.create(\"signoutPopupCallback\");\n await this._popupNavigator.callback(url, { keepOpen });\n logger.info(\"success\");\n }\n\n protected async _signout(args: CreateSignoutRequestArgs, handle: IWindow): Promise {\n const navResponse = await this._signoutStart(args, handle);\n return await this._signoutEnd(navResponse.url);\n }\n protected async _signoutStart(args: CreateSignoutRequestArgs = {}, handle: IWindow): Promise {\n const logger = this._logger.create(\"_signoutStart\");\n\n try {\n const user = await this._loadUser();\n logger.debug(\"loaded current user from storage\");\n\n if (this.settings.revokeTokensOnSignout) {\n await this._revokeInternal(user);\n }\n\n const id_token = args.id_token_hint || user && user.id_token;\n if (id_token) {\n logger.debug(\"setting id_token_hint in signout request\");\n args.id_token_hint = id_token;\n }\n\n await this.removeUser();\n logger.debug(\"user removed, creating signout request\");\n\n const signoutRequest = await this._client.createSignoutRequest(args);\n logger.debug(\"got signout request\");\n\n return await handle.navigate({\n url: signoutRequest.url,\n state: signoutRequest.state?.id,\n scriptOrigin: this.settings.iframeScriptOrigin,\n });\n }\n catch (err) {\n logger.debug(\"error after preparing navigator, closing navigator window\");\n handle.close();\n throw err;\n }\n }\n protected async _signoutEnd(url: string): Promise {\n const logger = this._logger.create(\"_signoutEnd\");\n const signoutResponse = await this._client.processSignoutResponse(url);\n logger.debug(\"got signout response\");\n\n return signoutResponse;\n }\n\n /**\n * Trigger a silent request (via an iframe) to the end session endpoint.\n *\n * @returns A promise\n */\n public async signoutSilent(args: SignoutSilentArgs = {}): Promise {\n const logger = this._logger.create(\"signoutSilent\");\n const {\n silentRequestTimeoutInSeconds,\n ...requestArgs\n } = args;\n\n const id_token_hint = this.settings.includeIdTokenInSilentSignout\n ? (await this._loadUser())?.id_token\n : undefined;\n\n const url = this.settings.popup_post_logout_redirect_uri;\n const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds });\n await this._signout({\n request_type: \"so:s\",\n post_logout_redirect_uri: url,\n id_token_hint: id_token_hint,\n ...requestArgs,\n }, handle);\n\n logger.info(\"success\");\n }\n\n /**\n * Notify the parent window of response (callback) from the end session endpoint.\n * It is recommend to use {@link UserManager.signoutCallback} instead.\n *\n * @returns A promise\n *\n * @see {@link UserManager.signoutCallback}\n */\n public async signoutSilentCallback(url = window.location.href): Promise {\n const logger = this._logger.create(\"signoutSilentCallback\");\n await this._iframeNavigator.callback(url);\n logger.info(\"success\");\n }\n\n public async revokeTokens(types?: RevokeTokensTypes): Promise {\n const user = await this._loadUser();\n await this._revokeInternal(user, types);\n }\n\n protected async _revokeInternal(user: User | null, types = this.settings.revokeTokenTypes): Promise {\n const logger = this._logger.create(\"_revokeInternal\");\n if (!user) return;\n\n const typesPresent = types.filter(type => typeof user[type] === \"string\");\n\n if (!typesPresent.length) {\n logger.debug(\"no need to revoke due to no token(s)\");\n return;\n }\n\n // don't Promise.all, order matters\n for (const type of typesPresent) {\n await this._client.revokeToken(\n user[type]!, // eslint-disable-line @typescript-eslint/no-non-null-assertion\n type,\n );\n logger.info(`${type} revoked successfully`);\n if (type !== \"access_token\") {\n user[type] = null as never;\n }\n }\n\n await this.storeUser(user);\n logger.debug(\"user stored\");\n await this._events.load(user);\n }\n\n /**\n * Enables silent renew for the `UserManager`.\n */\n public startSilentRenew(): void {\n this._logger.create(\"startSilentRenew\");\n void this._silentRenewService.start();\n }\n\n /**\n * Disables silent renew for the `UserManager`.\n */\n public stopSilentRenew(): void {\n this._silentRenewService.stop();\n }\n\n protected get _userStoreKey(): string {\n return `user:${this.settings.authority}:${this.settings.client_id}`;\n }\n\n protected async _loadUser(): Promise {\n const logger = this._logger.create(\"_loadUser\");\n const storageString = await this.settings.userStore.get(this._userStoreKey);\n if (storageString) {\n logger.debug(\"user storageString loaded\");\n return User.fromStorageString(storageString);\n }\n\n logger.debug(\"no user storageString\");\n return null;\n }\n\n public async storeUser(user: User | null): Promise {\n const logger = this._logger.create(\"storeUser\");\n if (user) {\n logger.debug(\"storing user\");\n const storageString = user.toStorageString();\n await this.settings.userStore.set(this._userStoreKey, storageString);\n }\n else {\n this._logger.debug(\"removing user\");\n await this.settings.userStore.remove(this._userStoreKey);\n }\n }\n\n /**\n * Removes stale state entries in storage for incomplete authorize requests.\n */\n public async clearStaleState(): Promise {\n await this._client.clearStaleState();\n }\n}\n", "{\n \"name\": \"oidc-client-ts\",\n \"version\": \"3.0.1\",\n \"description\": \"OpenID Connect (OIDC) & OAuth2 client library\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/authts/oidc-client-ts.git\"\n },\n \"homepage\": \"https://github.com/authts/oidc-client-ts#readme\",\n \"license\": \"Apache-2.0\",\n \"main\": \"dist/umd/oidc-client-ts.js\",\n \"types\": \"dist/types/oidc-client-ts.d.ts\",\n \"exports\": {\n \".\": {\n \"types\": \"./dist/types/oidc-client-ts.d.ts\",\n \"import\": \"./dist/esm/oidc-client-ts.js\",\n \"require\": \"./dist/umd/oidc-client-ts.js\"\n },\n \"./package.json\": \"./package.json\"\n },\n \"files\": [\n \"dist\"\n ],\n \"keywords\": [\n \"authentication\",\n \"oauth2\",\n \"oidc\",\n \"openid\",\n \"OpenID Connect\"\n ],\n \"scripts\": {\n \"build\": \"node scripts/build.js && npm run build-types\",\n \"build-types\": \"tsc -p tsconfig.build.json && api-extractor run\",\n \"clean\": \"git clean -fdX dist lib *.tsbuildinfo\",\n \"prepack\": \"npm run build\",\n \"test\": \"tsc && jest\",\n \"typedoc\": \"typedoc\",\n \"lint\": \"eslint --max-warnings=0 --cache .\",\n \"prepare\": \"husky install\"\n },\n \"dependencies\": {\n \"jwt-decode\": \"^4.0.0\"\n },\n \"devDependencies\": {\n \"@microsoft/api-extractor\": \"^7.35.0\",\n \"@testing-library/jest-dom\": \"^6.0.0\",\n \"@types/jest\": \"^29.2.3\",\n \"@types/node\": \"^20.8.2\",\n \"@typescript-eslint/eslint-plugin\": \"^6.4.1\",\n \"@typescript-eslint/parser\": \"^6.4.1\",\n \"esbuild\": \"^0.20.0\",\n \"eslint\": \"^8.5.0\",\n \"eslint-plugin-testing-library\": \"^6.0.0\",\n \"http-proxy-middleware\": \"^2.0.1\",\n \"husky\": \"^9.0.6\",\n \"jest\": \"^29.3.1\",\n \"jest-environment-jsdom\": \"^29.3.1\",\n \"jest-mock\": \"^29.3.1\",\n \"lint-staged\": \"^15.0.1\",\n \"ts-jest\": \"^29.0.3\",\n \"typedoc\": \"^0.25.0\",\n \"typescript\": \"~5.3.3\",\n \"yn\": \"^5.0.0\"\n },\n \"engines\": {\n \"node\": \">=18\"\n },\n \"lint-staged\": {\n \"*.{js,jsx,ts,tsx}\": \"eslint --cache --fix\"\n }\n}\n", "// @ts-expect-error avoid enabling resolveJsonModule to keep build process simple\nimport { version } from \"../package.json\";\n\n/**\n * @public\n */\nexport const Version: string = version;\n"], "mappings": ";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACeA,MAAM,YAAqB;AAAA,IACvB,OAAO,MAAM;AAAA,IACb,MAAM,MAAM;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ,OAAO,MAAM;AAAA,EACjB;AAEA,MAAI;AACJ,MAAI;AAOG,MAAK,MAAL,kBAAKA,SAAL;AACH,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AACA,IAAAA,UAAA;AALQ,WAAAA;AAAA,KAAA;AAaL,IAAUA,SAAV;AACI,aAAS,QAAc;AAC1B,cAAQ;AACR,eAAS;AAAA,IACb;AAHO,IAAAA,KAAS;AAKT,aAAS,SAAS,OAAkB;AACvC,UAAI,EAAE,gBAAY,SAAS,SAAS,gBAAY;AAC5C,cAAM,IAAI,MAAM,mBAAmB;AAAA,MACvC;AACA,cAAQ;AAAA,IACZ;AALO,IAAAA,KAAS;AAOT,aAAS,UAAU,OAAsB;AAC5C,eAAS;AAAA,IACb;AAFO,IAAAA,KAAS;AAAA,KAbH;AAuBV,MAAM,SAAN,MAAM,QAAO;AAAA,IAET,YAAoB,OAAe;AAAf;AAAA,IAAgB;AAAA;AAAA,IAGpC,SAAS,MAAuB;AACnC,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,QAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MAClE;AAAA,IACJ;AAAA,IACO,QAAQ,MAAuB;AAClC,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,QAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MACjE;AAAA,IACJ;AAAA,IACO,QAAQ,MAAuB;AAClC,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,QAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MACjE;AAAA,IACJ;AAAA,IACO,SAAS,MAAuB;AACnC,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,QAAO,QAAQ,KAAK,OAAO,KAAK,OAAO,GAAG,GAAG,IAAI;AAAA,MAClE;AAAA,IACJ;AAAA;AAAA,IAGO,MAAM,KAAmB;AAC5B,WAAK,MAAM,GAAG;AACd,YAAM;AAAA,IACV;AAAA,IAEO,OAAO,QAAwB;AAClC,YAAM,eAAuB,OAAO,OAAO,IAAI;AAC/C,mBAAa,UAAU;AACvB,mBAAa,MAAM,OAAO;AAC1B,aAAO;AAAA,IACX;AAAA,IAEA,OAAc,aAAa,MAAc,cAA8B;AACnE,YAAM,eAAe,IAAI,QAAO,GAAG,IAAI,IAAI,YAAY,EAAE;AACzD,mBAAa,MAAM,OAAO;AAC1B,aAAO;AAAA,IACX;AAAA,IAEA,OAAe,QAAQ,MAAc,QAAiB;AAClD,YAAM,SAAS,IAAI,IAAI;AACvB,aAAO,SAAS,GAAG,MAAM,IAAI,MAAM,MAAM;AAAA,IAC7C;AAAA;AAAA;AAAA,IAIA,OAAc,MAAM,SAAiB,MAAuB;AACxD,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,QAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC9C;AAAA,IACJ;AAAA,IACA,OAAc,KAAK,SAAiB,MAAuB;AACvD,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,QAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,IACA,OAAc,KAAK,SAAiB,MAAuB;AACvD,UAAI,SAAS,cAAU;AACnB,eAAO,KAAK,QAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC7C;AAAA,IACJ;AAAA,IACA,OAAc,MAAM,SAAiB,MAAuB;AACxD,UAAI,SAAS,eAAW;AACpB,eAAO,MAAM,QAAO,QAAQ,IAAI,GAAG,GAAG,IAAI;AAAA,MAC9C;AAAA,IACJ;AAAA;AAAA,EAEJ;AAEA,MAAI,MAAM;;;AC3IV,MAAM,mBAAmB;AAEzB,MAAM,WAAW,CAAC,QACd,KAAK,CAAC,GAAG,IAAI,WAAW,GAAG,CAAC,EACvB,IAAI,CAAC,QAAQ,OAAO,aAAa,GAAG,CAAC,EACrC,KAAK,EAAE,CAAC;AAKV,MAAM,cAAN,MAAM,aAAY;AAAA,IACrB,OAAe,cAAsB;AACjC,YAAM,MAAM,IAAI,YAAY,CAAC;AAC7B,aAAO,gBAAgB,GAAG;AAC1B,aAAO,IAAI,CAAC;AAAA,IAChB;AAAA;AAAA;AAAA;AAAA,IAKA,OAAc,iBAAyB;AACnC,YAAM,OAAO,iBAAiB;AAAA,QAAQ;AAAA,QAAU,QAC3C,CAAC,IAAI,aAAY,YAAY,IAAI,MAAM,CAAC,IAAI,GAAG,SAAS,EAAE;AAAA,MAC/D;AACA,aAAO,KAAK,QAAQ,MAAM,EAAE;AAAA,IAChC;AAAA;AAAA;AAAA;AAAA,IAKA,OAAc,uBAA+B;AACzC,aAAO,aAAY,eAAe,IAAI,aAAY,eAAe,IAAI,aAAY,eAAe;AAAA,IACpG;AAAA;AAAA;AAAA;AAAA,IAKA,aAAoB,sBAAsB,eAAwC;AAC9E,UAAI,CAAC,OAAO,QAAQ;AAChB,cAAM,IAAI,MAAM,6DAA6D;AAAA,MACjF;AAEA,UAAI;AACA,cAAM,UAAU,IAAI,YAAY;AAChC,cAAM,OAAO,QAAQ,OAAO,aAAa;AACzC,cAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACzD,eAAO,SAAS,MAAM,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAAA,MACrF,SACO,KAAK;AACR,eAAO,MAAM,qCAAqC,GAAG;AACrD,cAAM;AAAA,MACV;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,OAAc,kBAAkB,WAAmB,eAA+B;AAC9E,YAAM,UAAU,IAAI,YAAY;AAChC,YAAM,OAAO,QAAQ,OAAO,CAAC,WAAW,aAAa,EAAE,KAAK,GAAG,CAAC;AAChE,aAAO,SAAS,IAAI;AAAA,IACxB;AAAA,EACJ;;;ACnDO,MAAM,QAAN,MAAyC;AAAA,IAKrC,YAA+B,OAAe;AAAf;AAJtC,WAAmB,UAAU,IAAI,OAAO,UAAU,KAAK,KAAK,IAAI;AAEhE,WAAQ,aAAyC,CAAC;AAAA,IAEI;AAAA,IAE/C,WAAW,IAAqC;AACnD,WAAK,WAAW,KAAK,EAAE;AACvB,aAAO,MAAM,KAAK,cAAc,EAAE;AAAA,IACtC;AAAA,IAEO,cAAc,IAA+B;AAChD,YAAM,MAAM,KAAK,WAAW,YAAY,EAAE;AAC1C,UAAI,OAAO,GAAG;AACV,aAAK,WAAW,OAAO,KAAK,CAAC;AAAA,MACjC;AAAA,IACJ;AAAA,IAEA,MAAa,SAAS,IAA8B;AAChD,WAAK,QAAQ,MAAM,UAAU,GAAG,EAAE;AAClC,iBAAW,MAAM,KAAK,YAAY;AAC9B,cAAM,GAAG,GAAG,EAAE;AAAA,MAClB;AAAA,IACJ;AAAA,EACJ;;;ACtCO,MAAM,oBAAN,cAAgC,MAAM;AAAA,EAC7C;AACA,oBAAkB,UAAU,OAAO;AACnC,WAAS,iBAAiB,KAAK;AAC3B,WAAO,mBAAmB,KAAK,GAAG,EAAE,QAAQ,QAAQ,CAAC,GAAG,MAAM;AAC1D,UAAI,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY;AACpD,UAAI,KAAK,SAAS,GAAG;AACjB,eAAO,MAAM;AAAA,MACjB;AACA,aAAO,MAAM;AAAA,IACjB,CAAC,CAAC;AAAA,EACN;AACA,WAAS,gBAAgB,KAAK;AAC1B,QAAI,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACrD,YAAQ,OAAO,SAAS,GAAG;AAAA,MACvB,KAAK;AACD;AAAA,MACJ,KAAK;AACD,kBAAU;AACV;AAAA,MACJ,KAAK;AACD,kBAAU;AACV;AAAA,MACJ;AACI,cAAM,IAAI,MAAM,4CAA4C;AAAA,IACpE;AACA,QAAI;AACA,aAAO,iBAAiB,MAAM;AAAA,IAClC,SACO,KAAK;AACR,aAAO,KAAK,MAAM;AAAA,IACtB;AAAA,EACJ;AACO,WAAS,UAAU,OAAO,SAAS;AACtC,QAAI,OAAO,UAAU,UAAU;AAC3B,YAAM,IAAI,kBAAkB,2CAA2C;AAAA,IAC3E;AACA,gBAAY,UAAU,CAAC;AACvB,UAAM,MAAM,QAAQ,WAAW,OAAO,IAAI;AAC1C,UAAM,OAAO,MAAM,MAAM,GAAG,EAAE,GAAG;AACjC,QAAI,OAAO,SAAS,UAAU;AAC1B,YAAM,IAAI,kBAAkB,0CAA0C,MAAM,CAAC,EAAE;AAAA,IACnF;AACA,QAAI;AACJ,QAAI;AACA,gBAAU,gBAAgB,IAAI;AAAA,IAClC,SACO,GAAG;AACN,YAAM,IAAI,kBAAkB,qDAAqD,MAAM,CAAC,KAAK,EAAE,OAAO,GAAG;AAAA,IAC7G;AACA,QAAI;AACA,aAAO,KAAK,MAAM,OAAO;AAAA,IAC7B,SACO,GAAG;AACN,YAAM,IAAI,kBAAkB,mDAAmD,MAAM,CAAC,KAAK,EAAE,OAAO,GAAG;AAAA,IAC3G;AAAA,EACJ;;;AChDO,MAAM,WAAN,MAAe;AAAA;AAAA,IAElB,OAAc,OAAO,OAA0B;AAC3C,UAAI;AACA,eAAO,UAAqB,KAAK;AAAA,MACrC,SACO,KAAK;AACR,eAAO,MAAM,mBAAmB,GAAG;AACnC,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,EACJ;;;ACGO,MAAM,aAAN,MAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMpB,OAAO,OAAO,EAAE,GAAG,SAAS,GAA6C;AA5B7E;AA6BQ,UAAI,SAAS,SAAS;AAClB,iBAAS,SAAQ,MAAC,KAAK,KAAK,KAAK,GAAG,EAAE,KAAK,WAAS,SAAS,OAAO,aAAa,KAAK,MAArE,YAA0E;AAC/F,qBAAS,SAAT,qBAAS,OAAS,KAAK,IAAI,GAAG,KAAK,MAAM,OAAO,WAAW,OAAO,aAAa,SAAS,SAAS,CAAC,CAAC;AACnG,UAAI,SAAS,UAAU;AACnB,uBAAS,QAAT,qBAAS,MAAQ,KAAK,IAAI,GAAG,KAAK,MAAM,OAAO,WAAW,OAAO,cAAc,SAAS,UAAU,CAAC,CAAC;AACxG,aAAO;AAAA,IACX;AAAA,IAEA,OAAO,UAAU,UAAuC;AACpD,aAAO,OAAO,QAAQ,QAAQ,EACzB,OAAO,CAAC,CAAC,EAAE,KAAK,MAAM,SAAS,IAAI,EACnC,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,OAAO,UAAU,YAAY,QAAkB,QAAQ,QAAQ,IAAI,EAAE,EACrG,KAAK,GAAG;AAAA,IACjB;AAAA,EACJ;;;AClCO,MAAM,QAAN,MAAM,eAAc,MAAc;AAAA,IAAlC;AAAA;AACH,WAAmB,UAAU,IAAI,OAAO,UAAU,KAAK,KAAK,IAAI;AAChE,WAAQ,eAAsD;AAC9D,WAAQ,cAAc;AAyCtB,WAAU,YAAY,MAAY;AAC9B,cAAM,OAAO,KAAK,cAAc,OAAM,aAAa;AACnD,aAAK,QAAQ,MAAM,sBAAsB,IAAI;AAE7C,YAAI,KAAK,eAAe,OAAM,aAAa,GAAG;AAC1C,eAAK,OAAO;AACZ,eAAK,MAAM,MAAM;AAAA,QACrB;AAAA,MACJ;AAAA;AAAA;AAAA,IA9CA,OAAc,eAAuB;AACjC,aAAO,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAAA,IACvC;AAAA,IAEO,KAAK,mBAAiC;AACzC,YAAMC,UAAS,KAAK,QAAQ,OAAO,MAAM;AACzC,0BAAoB,KAAK,IAAI,KAAK,MAAM,iBAAiB,GAAG,CAAC;AAC7D,YAAM,aAAa,OAAM,aAAa,IAAI;AAC1C,UAAI,KAAK,eAAe,cAAc,KAAK,cAAc;AAErD,QAAAA,QAAO,MAAM,wDAAwD,KAAK,UAAU;AACpF;AAAA,MACJ;AAEA,WAAK,OAAO;AAEZ,MAAAA,QAAO,MAAM,kBAAkB,iBAAiB;AAChD,WAAK,cAAc;AAKnB,YAAM,yBAAyB,KAAK,IAAI,mBAAmB,CAAC;AAC5D,WAAK,eAAe,YAAY,KAAK,WAAW,yBAAyB,GAAI;AAAA,IACjF;AAAA,IAEA,IAAW,aAAqB;AAC5B,aAAO,KAAK;AAAA,IAChB;AAAA,IAEO,SAAe;AAClB,WAAK,QAAQ,OAAO,QAAQ;AAC5B,UAAI,KAAK,cAAc;AACnB,sBAAc,KAAK,YAAY;AAC/B,aAAK,eAAe;AAAA,MACxB;AAAA,IACJ;AAAA,EAWJ;;;ACxDO,MAAM,WAAN,MAAe;AAAA,IAClB,OAAc,WAAW,KAAa,eAAqC,SAA0B;AACjG,UAAI,CAAC;AAAK,cAAM,IAAI,UAAU,aAAa;AAE3C,YAAM,YAAY,IAAI,IAAI,KAAK,kBAAkB;AACjD,YAAM,SAAS,UAAU,iBAAiB,aAAa,SAAS,QAAQ;AACxE,aAAO,IAAI,gBAAgB,OAAO,MAAM,CAAC,CAAC;AAAA,IAC9C;AAAA,EACJ;AAKO,MAAM,sBAAsB;;;ACR5B,MAAM,gBAAN,cAA4B,MAAM;AAAA,IAqB9B,YACH,MAKgB,MAClB;AAvCN;AAwCQ,YAAM,KAAK,qBAAqB,KAAK,SAAS,EAAE;AAFhC;AAzBpB;AAAA,WAAgB,OAAe;AA6B3B,UAAI,CAAC,KAAK,OAAO;AACb,eAAO,MAAM,iBAAiB,iBAAiB;AAC/C,cAAM,IAAI,MAAM,iBAAiB;AAAA,MACrC;AAEA,WAAK,QAAQ,KAAK;AAClB,WAAK,qBAAoB,UAAK,sBAAL,YAA0B;AACnD,WAAK,aAAY,UAAK,cAAL,YAAkB;AAEnC,WAAK,QAAQ,KAAK;AAClB,WAAK,iBAAgB,UAAK,kBAAL,YAAsB;AAC3C,WAAK,YAAY,KAAK;AAAA,IAC1B;AAAA,EACJ;;;AC/CO,MAAM,eAAN,cAA2B,MAAM;AAAA,IAI7B,YAAY,SAAkB;AACjC,YAAM,OAAO;AAHjB;AAAA,WAAgB,OAAe;AAAA,IAI/B;AAAA,EACJ;;;ACDO,MAAM,oBAAN,MAAwB;AAAA,IAOpB,YAAY,MAAqD;AANxE,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAE3D,WAAiB,iBAAiB,IAAI,MAAM,uBAAuB;AACnE,WAAiB,gBAAgB,IAAI,MAAM,sBAAsB;AAI7D,WAAK,qCAAqC,KAAK;AAAA,IACnD;AAAA,IAEO,KAAK,WAAuB;AAC/B,YAAMC,UAAS,KAAK,QAAQ,OAAO,MAAM;AAEzC,UAAI,UAAU,gBAAgB,UAAU,eAAe,QAAW;AAC9D,cAAM,WAAW,UAAU;AAC3B,QAAAA,QAAO,MAAM,6CAA6C,QAAQ;AAElE,YAAI,WAAW,GAAG;AAEd,cAAI,WAAW,WAAW,KAAK;AAC/B,cAAI,YAAY,GAAG;AACf,uBAAW;AAAA,UACf;AAEA,UAAAA,QAAO,MAAM,0CAA0C,UAAU,SAAS;AAC1E,eAAK,eAAe,KAAK,QAAQ;AAAA,QACrC,OACK;AACD,UAAAA,QAAO,MAAM,kEAAkE;AAC/E,eAAK,eAAe,OAAO;AAAA,QAC/B;AAGA,cAAM,UAAU,WAAW;AAC3B,QAAAA,QAAO,MAAM,yCAAyC,SAAS,SAAS;AACxE,aAAK,cAAc,KAAK,OAAO;AAAA,MACnC,OACK;AACD,aAAK,eAAe,OAAO;AAC3B,aAAK,cAAc,OAAO;AAAA,MAC9B;AAAA,IACJ;AAAA,IAEO,SAAe;AAClB,WAAK,QAAQ,MAAM,gDAAgD;AACnE,WAAK,eAAe,OAAO;AAC3B,WAAK,cAAc,OAAO;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA,IAKO,uBAAuB,IAAqC;AAC/D,aAAO,KAAK,eAAe,WAAW,EAAE;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA,IAIO,0BAA0B,IAA+B;AAC5D,WAAK,eAAe,cAAc,EAAE;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA,IAKO,sBAAsB,IAAqC;AAC9D,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA;AAAA;AAAA;AAAA,IAIO,yBAAyB,IAA+B;AAC3D,WAAK,cAAc,cAAc,EAAE;AAAA,IACvC;AAAA,EACJ;;;ACjFO,MAAM,qBAAN,MAAyB;AAAA,IAOrB,YACK,WACA,YACR,KACQ,oBACA,cACV;AALU;AACA;AAEA;AACA;AAXZ,WAAiB,UAAU,IAAI,OAAO,oBAAoB;AAG1D,WAAQ,SAAgD;AACxD,WAAQ,iBAAgC;AAmCxC,WAAQ,WAAW,CAAC,MAAkC;AAClD,YAAI,EAAE,WAAW,KAAK,iBAClB,EAAE,WAAW,KAAK,OAAO,eAC3B;AACE,cAAI,EAAE,SAAS,SAAS;AACpB,iBAAK,QAAQ,MAAM,4CAA4C;AAC/D,gBAAI,KAAK,cAAc;AACnB,mBAAK,KAAK;AAAA,YACd;AAAA,UACJ,WACS,EAAE,SAAS,WAAW;AAC3B,iBAAK,QAAQ,MAAM,8CAA8C;AACjE,iBAAK,KAAK;AACV,iBAAK,KAAK,UAAU;AAAA,UACxB,OACK;AACD,iBAAK,QAAQ,MAAM,EAAE,OAAO,uCAAuC;AAAA,UACvE;AAAA,QACJ;AAAA,MACJ;AA7CI,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,WAAK,gBAAgB,UAAU;AAE/B,WAAK,SAAS,OAAO,SAAS,cAAc,QAAQ;AAGpD,WAAK,OAAO,MAAM,aAAa;AAC/B,WAAK,OAAO,MAAM,WAAW;AAC7B,WAAK,OAAO,MAAM,OAAO;AACzB,WAAK,OAAO,MAAM,MAAM;AACxB,WAAK,OAAO,QAAQ;AACpB,WAAK,OAAO,SAAS;AACrB,WAAK,OAAO,MAAM,UAAU;AAAA,IAChC;AAAA,IAEO,OAAsB;AACzB,aAAO,IAAI,QAAc,CAAC,YAAY;AAClC,aAAK,OAAO,SAAS,MAAM;AACvB,kBAAQ;AAAA,QACZ;AAEA,eAAO,SAAS,KAAK,YAAY,KAAK,MAAM;AAC5C,eAAO,iBAAiB,WAAW,KAAK,UAAU,KAAK;AAAA,MAC3D,CAAC;AAAA,IACL;AAAA,IAuBO,MAAM,eAA6B;AACtC,UAAI,KAAK,mBAAmB,eAAe;AACvC;AAAA,MACJ;AAEA,WAAK,QAAQ,OAAO,OAAO;AAE3B,WAAK,KAAK;AAEV,WAAK,iBAAiB;AAEtB,YAAM,OAAO,MAAM;AACf,YAAI,CAAC,KAAK,OAAO,iBAAiB,CAAC,KAAK,gBAAgB;AACpD;AAAA,QACJ;AAEA,aAAK,OAAO,cAAc,YAAY,KAAK,aAAa,MAAM,KAAK,gBAAgB,KAAK,aAAa;AAAA,MACzG;AAGA,WAAK;AAGL,WAAK,SAAS,YAAY,MAAM,KAAK,qBAAqB,GAAI;AAAA,IAClE;AAAA,IAEO,OAAa;AAChB,WAAK,QAAQ,OAAO,MAAM;AAC1B,WAAK,iBAAiB;AAEtB,UAAI,KAAK,QAAQ;AAEb,sBAAc,KAAK,MAAM;AACzB,aAAK,SAAS;AAAA,MAClB;AAAA,IACJ;AAAA,EACJ;;;ACjGO,MAAM,qBAAN,MAA4C;AAAA,IAA5C;AACH,WAAiB,UAAU,IAAI,OAAO,oBAAoB;AAC1D,WAAQ,QAAgC,CAAC;AAAA;AAAA,IAElC,QAAc;AACjB,WAAK,QAAQ,OAAO,OAAO;AAC3B,WAAK,QAAQ,CAAC;AAAA,IAClB;AAAA,IAEO,QAAQ,KAAqB;AAChC,WAAK,QAAQ,OAAO,YAAY,GAAG,IAAI;AACvC,aAAO,KAAK,MAAM,GAAG;AAAA,IACzB;AAAA,IAEO,QAAQ,KAAa,OAAqB;AAC7C,WAAK,QAAQ,OAAO,YAAY,GAAG,IAAI;AACvC,WAAK,MAAM,GAAG,IAAI;AAAA,IACtB;AAAA,IAEO,WAAW,KAAmB;AACjC,WAAK,QAAQ,OAAO,eAAe,GAAG,IAAI;AAC1C,aAAO,KAAK,MAAM,GAAG;AAAA,IACzB;AAAA,IAEA,IAAW,SAAiB;AACxB,aAAO,OAAO,oBAAoB,KAAK,KAAK,EAAE;AAAA,IAClD;AAAA,IAEO,IAAI,OAAuB;AAC9B,aAAO,OAAO,oBAAoB,KAAK,KAAK,EAAE,KAAK;AAAA,IACvD;AAAA,EACJ;;;ACNO,MAAM,cAAN,MAAkB;AAAA,IAKd,YACH,yBAAmC,CAAC,GAC5B,cAAiC,MACjC,gBAA6C,CAAC,GACxD;AAFU;AACA;AAPZ,WAAiB,UAAU,IAAI,OAAO,aAAa;AAEnD,WAAQ,gBAA0B,CAAC;AAO/B,WAAK,cAAc,KAAK,GAAG,wBAAwB,kBAAkB;AACrE,UAAI,aAAa;AACb,aAAK,cAAc,KAAK,iBAAiB;AAAA,MAC7C;AAAA,IACJ;AAAA,IAEA,MAAgB,iBAAiB,OAAoB,OAAoD,CAAC,GAAG;AACzG,YAAM,EAAE,kBAAkB,GAAG,UAAU,IAAI;AAC3C,UAAI,CAAC,kBAAkB;AACnB,eAAO,MAAM,MAAM,OAAO,SAAS;AAAA,MACvC;AAEA,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,mBAAmB,GAAI;AAE9E,UAAI;AACA,cAAM,WAAW,MAAM,MAAM,OAAO;AAAA,UAChC,GAAG;AAAA,UACH,QAAQ,WAAW;AAAA,QACvB,CAAC;AACD,eAAO;AAAA,MACX,SACO,KAAK;AACR,YAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC1D,gBAAM,IAAI,aAAa,mBAAmB;AAAA,QAC9C;AACA,cAAM;AAAA,MACV,UACA;AACI,qBAAa,SAAS;AAAA,MAC1B;AAAA,IACJ;AAAA,IAEA,MAAa,QAAQ,KAAa;AAAA,MAC9B;AAAA,MACA;AAAA,IACJ,IAAiB,CAAC,GAAqC;AACnD,YAAMC,UAAS,KAAK,QAAQ,OAAO,SAAS;AAC5C,YAAM,UAAuB;AAAA,QACzB,UAAU,KAAK,cAAc,KAAK,IAAI;AAAA,MAC1C;AACA,UAAI,OAAO;AACP,QAAAA,QAAO,MAAM,4CAA4C;AACzD,gBAAQ,eAAe,IAAI,YAAY;AAAA,MAC3C;AAEA,WAAK,mBAAmB,OAAO;AAE/B,UAAI;AACJ,UAAI;AACA,QAAAA,QAAO,MAAM,QAAQ,GAAG;AACxB,mBAAW,MAAM,KAAK,iBAAiB,KAAK,EAAE,QAAQ,OAAO,SAAS,YAAY,CAAC;AAAA,MACvF,SACO,KAAK;AACR,QAAAA,QAAO,MAAM,eAAe;AAC5B,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,kCAAkC,SAAS,MAAM;AAC9D,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,CAAC,KAAK,cAAc,KAAK,UAAQ,YAAY,WAAW,IAAI,CAAC,GAAG;AAC/E,QAAAA,QAAO,MAAM,IAAI,MAAM,kCAAmC,oCAAe,WAAY,eAAe,GAAG,EAAE,CAAC;AAAA,MAC9G;AACA,UAAI,SAAS,MAAM,KAAK,gBAAe,2CAAa,WAAW,qBAAoB;AAC/E,eAAO,MAAM,KAAK,YAAY,MAAM,SAAS,KAAK,CAAC;AAAA,MACvD;AACA,UAAI;AACJ,UAAI;AACA,eAAO,MAAM,SAAS,KAAK;AAAA,MAC/B,SACO,KAAK;AACR,QAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,YAAI,SAAS;AAAI,gBAAM;AACvB,cAAM,IAAI,MAAM,GAAG,SAAS,UAAU,KAAK,SAAS,MAAM,GAAG;AAAA,MACjE;AACA,UAAI,CAAC,SAAS,IAAI;AACd,QAAAA,QAAO,MAAM,sBAAsB,IAAI;AACvC,YAAI,KAAK,OAAO;AACZ,gBAAM,IAAI,cAAc,IAAI;AAAA,QAChC;AACA,cAAM,IAAI,MAAM,GAAG,SAAS,UAAU,KAAK,SAAS,MAAM,MAAM,KAAK,UAAU,IAAI,CAAC,EAAE;AAAA,MAC1F;AACA,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,SAAS,KAAa;AAAA,MAC/B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,GAAmD;AAC/C,YAAMA,UAAS,KAAK,QAAQ,OAAO,UAAU;AAC7C,YAAM,UAAuB;AAAA,QACzB,UAAU,KAAK,cAAc,KAAK,IAAI;AAAA,QACtC,gBAAgB;AAAA,MACpB;AACA,UAAI,cAAc,QAAW;AACzB,gBAAQ,eAAe,IAAI,WAAW;AAAA,MAC1C;AAEA,WAAK,mBAAmB,OAAO;AAE/B,UAAI;AACJ,UAAI;AACA,QAAAA,QAAO,MAAM,QAAQ,GAAG;AACxB,mBAAW,MAAM,KAAK,iBAAiB,KAAK,EAAE,QAAQ,QAAQ,SAAS,MAAM,kBAAkB,aAAa,gBAAgB,CAAC;AAAA,MACjI,SACO,KAAK;AACR,QAAAA,QAAO,MAAM,eAAe;AAC5B,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,kCAAkC,SAAS,MAAM;AAC9D,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,CAAC,KAAK,cAAc,KAAK,UAAQ,YAAY,WAAW,IAAI,CAAC,GAAG;AAC/E,cAAM,IAAI,MAAM,kCAAmC,oCAAe,WAAY,eAAe,GAAG,EAAE;AAAA,MACtG;AAEA,YAAM,eAAe,MAAM,SAAS,KAAK;AAEzC,UAAI,OAAgC,CAAC;AACrC,UAAI,cAAc;AACd,YAAI;AACA,iBAAO,KAAK,MAAM,YAAY;AAAA,QAClC,SACO,KAAK;AACR,UAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,cAAI,SAAS;AAAI,kBAAM;AACvB,gBAAM,IAAI,MAAM,GAAG,SAAS,UAAU,KAAK,SAAS,MAAM,GAAG;AAAA,QACjE;AAAA,MACJ;AAEA,UAAI,CAAC,SAAS,IAAI;AACd,QAAAA,QAAO,MAAM,sBAAsB,IAAI;AACvC,YAAI,KAAK,OAAO;AACZ,gBAAM,IAAI,cAAc,MAAM,IAAI;AAAA,QACtC;AACA,cAAM,IAAI,MAAM,GAAG,SAAS,UAAU,KAAK,SAAS,MAAM,MAAM,KAAK,UAAU,IAAI,CAAC,EAAE;AAAA,MAC1F;AAEA,aAAO;AAAA,IACX;AAAA,IAEQ,mBACJ,SACI;AACJ,YAAMA,UAAS,KAAK,QAAQ,OAAO,oBAAoB;AACvD,YAAM,aAAa,OAAO,KAAK,KAAK,aAAa;AACjD,YAAM,mBAAmB;AAAA,QACrB;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AACA,UAAI,WAAW,WAAW,GAAG;AACzB;AAAA,MACJ;AACA,iBAAW,QAAQ,CAAC,eAAe;AAC/B,YAAI,iBAAiB,SAAS,WAAW,kBAAkB,CAAC,GAAG;AAC3D,UAAAA,QAAO,KAAK,4CAA4C,YAAY,gBAAgB;AACpF;AAAA,QACJ;AACA,cAAM,UAAW,OAAO,KAAK,cAAc,UAAU,MAAM,aACtD,KAAK,cAAc,UAAU,EAAiB,IAC/C,KAAK,cAAc,UAAU;AACjC,YAAI,WAAW,YAAY,IAAI;AAC3B,kBAAQ,UAAU,IAAI;AAAA,QAC1B;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ;;;ACxMO,MAAM,kBAAN,MAAsB;AAAA,IAUlB,YAA6B,WAAoC;AAApC;AATpC,WAAiB,UAAU,IAAI,OAAO,iBAAiB;AAKvD,WAAQ,eAAoC;AAC5C,WAAQ,YAA0C;AAI9C,WAAK,eAAe,KAAK,UAAU;AACnC,WAAK,eAAe,IAAI;AAAA,QACpB,CAAC,0BAA0B;AAAA,QAC3B;AAAA,QACA,KAAK,UAAU;AAAA,MACnB;AACA,UAAI,KAAK,UAAU,aAAa;AAC5B,aAAK,QAAQ,MAAM,iCAAiC;AACpD,aAAK,eAAe,KAAK,UAAU;AAAA,MACvC;AAEA,UAAI,KAAK,UAAU,UAAU;AACzB,aAAK,QAAQ,MAAM,8BAA8B;AACjD,aAAK,YAAY,KAAK,UAAU;AAAA,MACpC;AAEA,UAAI,KAAK,UAAU,yBAAyB;AACxC,aAAK,QAAQ,MAAM,6CAA6C;AAChE,aAAK,2BAA2B,KAAK,UAAU;AAAA,MACnD;AAAA,IACJ;AAAA,IAEO,mBAAyB;AAC5B,WAAK,eAAe;AAAA,IACxB;AAAA,IAEA,MAAa,cAA8C;AACvD,YAAMC,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,UAAI,KAAK,WAAW;AAChB,QAAAA,QAAO,MAAM,qBAAqB;AAClC,eAAO,KAAK;AAAA,MAChB;AAEA,UAAI,CAAC,KAAK,cAAc;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oDAAoD,CAAC;AAC5E,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,yBAAyB,KAAK,YAAY;AACvD,YAAM,WAAW,MAAM,KAAK,aAAa,QAAQ,KAAK,cAAc,EAAE,aAAa,KAAK,yBAAyB,CAAC;AAElH,MAAAA,QAAO,MAAM,wCAAwC;AACrD,WAAK,YAAY,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,cAAc,QAAQ;AACxE,aAAO,KAAK;AAAA,IAChB;AAAA,IAEO,YAA6B;AAChC,aAAO,KAAK,qBAAqB,QAAQ;AAAA,IAC7C;AAAA,IAEO,2BAA4C;AAC/C,aAAO,KAAK,qBAAqB,wBAAwB;AAAA,IAC7D;AAAA,IAEO,sBAAuC;AAC1C,aAAO,KAAK,qBAAqB,mBAAmB;AAAA,IACxD;AAAA,IAIO,iBAAiB,WAAW,MAAmC;AAClE,aAAO,KAAK,qBAAqB,kBAAkB,QAAQ;AAAA,IAC/D;AAAA,IAEO,wBAAqD;AACxD,aAAO,KAAK,qBAAqB,wBAAwB,IAAI;AAAA,IACjE;AAAA,IAEO,wBAAqD;AACxD,aAAO,KAAK,qBAAqB,wBAAwB,IAAI;AAAA,IACjE;AAAA,IAIO,sBAAsB,WAAW,MAAmC;AACvE,aAAO,KAAK,qBAAqB,uBAAuB,QAAQ;AAAA,IACpE;AAAA,IAIO,gBAAgB,WAAW,MAAmC;AACjE,aAAO,KAAK,qBAAqB,YAAY,QAAQ;AAAA,IACzD;AAAA,IAEA,MAAgB,qBAAqB,MAA0B,WAAS,OAAyD;AAC7H,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB,IAAI,IAAI;AAEpE,YAAM,WAAW,MAAM,KAAK,YAAY;AACxC,MAAAA,QAAO,MAAM,UAAU;AAEvB,UAAI,SAAS,IAAI,MAAM,QAAW;AAC9B,YAAI,aAAa,MAAM;AACnB,UAAAA,QAAO,KAAK,6CAA6C;AACzD,iBAAO;AAAA,QACX;AAEA,QAAAA,QAAO,MAAM,IAAI,MAAM,wCAAwC,IAAI,CAAC;AAAA,MACxE;AAEA,aAAO,SAAS,IAAI;AAAA,IACxB;AAAA,IAEA,MAAa,iBAA+C;AACxD,YAAMA,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,UAAI,KAAK,cAAc;AACnB,QAAAA,QAAO,MAAM,kCAAkC;AAC/C,eAAO,KAAK;AAAA,MAChB;AAEA,YAAM,WAAW,MAAM,KAAK,gBAAgB,KAAK;AACjD,MAAAA,QAAO,MAAM,gBAAgB,QAAQ;AAErC,YAAM,SAAS,MAAM,KAAK,aAAa,QAAQ,QAAQ;AACvD,MAAAA,QAAO,MAAM,eAAe,MAAM;AAElC,UAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,GAAG;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,wBAAwB,CAAC;AAChD,cAAM;AAAA,MACV;AAEA,WAAK,eAAe,OAAO;AAC3B,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;;;ACxIO,MAAM,uBAAN,MAAiD;AAAA,IAM7C,YAAY;AAAA,MACf,SAAS;AAAA,MACT,QAAQ;AAAA,IACZ,IAAyD,CAAC,GAAG;AAR7D,WAAiB,UAAU,IAAI,OAAO,sBAAsB;AASxD,WAAK,SAAS;AACd,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,MAAa,IAAI,KAAa,OAA8B;AACxD,WAAK,QAAQ,OAAO,QAAQ,GAAG,IAAI;AAEnC,YAAM,KAAK,UAAU;AACrB,YAAM,KAAK,OAAO,QAAQ,KAAK,KAAK;AAAA,IACxC;AAAA,IAEA,MAAa,IAAI,KAAqC;AAClD,WAAK,QAAQ,OAAO,QAAQ,GAAG,IAAI;AAEnC,YAAM,KAAK,UAAU;AACrB,YAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,GAAG;AAC1C,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,OAAO,KAAqC;AACrD,WAAK,QAAQ,OAAO,WAAW,GAAG,IAAI;AAEtC,YAAM,KAAK,UAAU;AACrB,YAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,GAAG;AAC1C,YAAM,KAAK,OAAO,WAAW,GAAG;AAChC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,aAAgC;AACzC,WAAK,QAAQ,OAAO,YAAY;AAChC,YAAM,MAAM,MAAM,KAAK,OAAO;AAE9B,YAAM,OAAO,CAAC;AACd,eAAS,QAAQ,GAAG,QAAQ,KAAK,SAAS;AACtC,cAAM,MAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACvC,YAAI,OAAO,IAAI,QAAQ,KAAK,OAAO,MAAM,GAAG;AACxC,eAAK,KAAK,IAAI,OAAO,KAAK,QAAQ,MAAM,CAAC;AAAA,QAC7C;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA,EACJ;;;ACrDA,MAAM,sBAAsB;AAC5B,MAAM,eAAe;AACrB,MAAM,8BAA8B;AACpC,MAAM,gCAAgC,KAAK;AAwIpC,MAAM,0BAAN,MAA8B;AAAA,IA4C1B,YAAY;AAAA;AAAA,MAEf;AAAA,MAAW;AAAA,MAAa;AAAA,MAAU;AAAA,MAAa;AAAA;AAAA,MAE/C;AAAA,MAAW;AAAA,MAAe,gBAAgB;AAAA,MAAqB,QAAQ;AAAA,MACvE;AAAA,MAAc;AAAA,MACd,wBAAwB;AAAA;AAAA,MAExB;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAS;AAAA,MAAY;AAAA,MAAY;AAAA,MAAU;AAAA;AAAA,MAE5D,uBAAuB;AAAA,MACvB,eAAe;AAAA,MACf,yBAAyB;AAAA,MACzB,sBAAsB,EAAE,OAAO,UAAU;AAAA,MACzC,cAAc;AAAA;AAAA,MAEd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,MAEA,mBAAmB,CAAC;AAAA,MACpB,mBAAmB,CAAC;AAAA,MACpB,eAAe,CAAC;AAAA,IACpB,GAAuB;AAEnB,WAAK,YAAY;AAEjB,UAAI,aAAa;AACb,aAAK,cAAc;AAAA,MACvB,OAAO;AACH,aAAK,cAAc;AACnB,YAAI,WAAW;AACX,cAAI,CAAC,KAAK,YAAY,SAAS,GAAG,GAAG;AACjC,iBAAK,eAAe;AAAA,UACxB;AACA,eAAK,eAAe;AAAA,QACxB;AAAA,MACJ;AAEA,WAAK,WAAW;AAChB,WAAK,eAAe;AACpB,WAAK,cAAc;AAEnB,WAAK,YAAY;AACjB,WAAK,gBAAgB;AACrB,WAAK,gBAAgB;AACrB,WAAK,QAAQ;AACb,WAAK,eAAe;AACpB,WAAK,2BAA2B;AAChC,WAAK,wBAAwB;AAE7B,WAAK,SAAS;AACd,WAAK,UAAU;AACf,WAAK,UAAU;AACf,WAAK,aAAa;AAClB,WAAK,aAAa;AAClB,WAAK,WAAW;AAChB,WAAK,gBAAgB;AAErB,WAAK,uBAAuB,sDAAwB;AACpD,WAAK,eAAe,CAAC,CAAC;AACtB,WAAK,yBAAyB;AAC9B,WAAK,sBAAsB;AAC3B,WAAK,cAAc,CAAC,CAAC;AACrB,WAAK,oCAAoC;AAEzC,WAAK,0BAA0B,0BAA0B,0BAA0B;AAEnF,UAAI,YAAY;AACZ,aAAK,aAAa;AAAA,MACtB,OACK;AACD,cAAM,QAAQ,OAAO,WAAW,cAAc,OAAO,eAAe,IAAI,mBAAmB;AAC3F,aAAK,aAAa,IAAI,qBAAqB,EAAE,MAAM,CAAC;AAAA,MACxD;AAEA,WAAK,2BAA2B;AAEhC,WAAK,mBAAmB;AACxB,WAAK,mBAAmB;AACxB,WAAK,eAAe;AAAA,IACxB;AAAA,EACJ;;;ACtQO,MAAM,kBAAN,MAAsB;AAAA,IAIlB,YAA6B,WACf,kBACnB;AAFkC;AACf;AAJrB,WAAmB,UAAU,IAAI,OAAO,iBAAiB;AA+BzD,WAAU,oBAAoB,OAAO,iBAA6C;AAC9E,cAAMC,UAAS,KAAK,QAAQ,OAAO,mBAAmB;AACtD,YAAI;AACA,gBAAM,UAAU,SAAS,OAAO,YAAY;AAC5C,UAAAA,QAAO,MAAM,yBAAyB;AAEtC,iBAAO;AAAA,QACX,SAAS,KAAK;AACV,UAAAA,QAAO,MAAM,4BAA4B;AACzC,gBAAM;AAAA,QACV;AAAA,MACJ;AApCI,WAAK,eAAe,IAAI;AAAA,QACpB;AAAA,QACA,KAAK;AAAA,QACL,KAAK,UAAU;AAAA,MACnB;AAAA,IACJ;AAAA,IAEA,MAAa,UAAU,OAAmC;AACtD,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,UAAI,CAAC,OAAO;AACR,aAAK,QAAQ,MAAM,IAAI,MAAM,iBAAiB,CAAC;AAAA,MACnD;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,oBAAoB;AAC5D,MAAAA,QAAO,MAAM,oBAAoB,GAAG;AAEpC,YAAM,SAAS,MAAM,KAAK,aAAa,QAAQ,KAAK;AAAA,QAChD;AAAA,QACA,aAAa,KAAK,UAAU;AAAA,MAChC,CAAC;AACD,MAAAA,QAAO,MAAM,cAAc,MAAM;AAEjC,aAAO;AAAA,IACX;AAAA,EAcJ;;;ACMO,MAAM,cAAN,MAAkB;AAAA,IAId,YACc,WACA,kBACnB;AAFmB;AACA;AALrB,WAAiB,UAAU,IAAI,OAAO,aAAa;AAO/C,WAAK,eAAe,IAAI;AAAA,QACpB,KAAK,UAAU;AAAA,QACf;AAAA,QACA,KAAK,UAAU;AAAA,MACnB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,aAAa;AAAA,MACtB,aAAa;AAAA,MACb,eAAe,KAAK,UAAU;AAAA,MAC9B,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,MAC/B,GAAG;AAAA,IACP,GAAuD;AACnD,YAAMC,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AACA,UAAI,CAAC,cAAc;AACf,QAAAA,QAAO,MAAM,IAAI,MAAM,4BAA4B,CAAC;AAAA,MACxD;AACA,UAAI,CAAC,KAAK,MAAM;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,oBAAoB,CAAC;AAAA,MAChD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,aAAa,CAAC;AAC/D,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC3I,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,oBAAoB;AAAA,MAC7B,aAAa;AAAA,MACb,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,MAC/B,QAAQ,KAAK,UAAU;AAAA,MACvB,GAAG;AAAA,IACP,GAA8D;AAC1D,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AAExD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,MAAM,CAAC;AACxD,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AAEA,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC3I,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,qBAAqB;AAAA,MAC9B,aAAa;AAAA,MACb,YAAY,KAAK,UAAU;AAAA,MAC3B,gBAAgB,KAAK,UAAU;AAAA,MAC/B;AAAA,MACA,GAAG;AAAA,IACP,GAA+D;AAC3D,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,UAAI,CAAC,WAAW;AACZ,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,MACrD;AACA,UAAI,CAAC,KAAK,eAAe;AACrB,QAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AAAA,MACzD;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,WAAW,CAAC;AACjD,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,MAAM,QAAQ,KAAK,GAAG;AACtB,gBAAM,QAAQ,WAAS,OAAO,OAAO,KAAK,KAAK,CAAC;AAAA,QACpD,WACS,SAAS,MAAM;AACpB,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,UAAI;AACJ,cAAQ,KAAK,UAAU,uBAAuB;AAAA,QAC1C,KAAK;AACD,cAAI,CAAC,eAAe;AAChB,YAAAA,QAAO,MAAM,IAAI,MAAM,6BAA6B,CAAC;AACrD,kBAAM;AAAA,UACV;AACA,sBAAY,YAAY,kBAAkB,WAAW,aAAa;AAClE;AAAA,QACJ,KAAK;AACD,iBAAO,OAAO,aAAa,SAAS;AACpC,cAAI,eAAe;AACf,mBAAO,OAAO,iBAAiB,aAAa;AAAA,UAChD;AACA;AAAA,MACR;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,iBAAiB,KAAK;AAC9D,MAAAA,QAAO,MAAM,oBAAoB;AAEjC,YAAM,WAAW,MAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,QAAQ,WAAW,kBAAkB,iBAAiB,KAAK,UAAU,wBAAwB,CAAC;AAC7J,MAAAA,QAAO,MAAM,cAAc;AAE3B,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,OAAO,MAAiC;AAnPzD;AAoPQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,QAAQ;AAC3C,UAAI,CAAC,KAAK,OAAO;AACb,QAAAA,QAAO,MAAM,IAAI,MAAM,qBAAqB,CAAC;AAAA,MACjD;AAEA,YAAM,MAAM,MAAM,KAAK,iBAAiB,sBAAsB,KAAK;AAEnE,MAAAA,QAAO,MAAM,sCAAqC,UAAK,oBAAL,YAAwB,oBAAoB,EAAE;AAEhG,YAAM,SAAS,IAAI,gBAAgB;AACnC,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC7C,YAAI,SAAS,MAAM;AACf,iBAAO,IAAI,KAAK,KAAK;AAAA,QACzB;AAAA,MACJ;AACA,aAAO,IAAI,aAAa,KAAK,UAAU,SAAS;AAChD,UAAI,KAAK,UAAU,eAAe;AAC9B,eAAO,IAAI,iBAAiB,KAAK,UAAU,aAAa;AAAA,MAC5D;AAEA,YAAM,KAAK,aAAa,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC;AACtD,MAAAA,QAAO,MAAM,cAAc;AAAA,IAC/B;AAAA,EACJ;;;ACtPO,MAAM,oBAAN,MAAwB;AAAA,IAKpB,YACgB,WACA,kBACA,gBACrB;AAHqB;AACA;AACA;AAPvB,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAC3D,WAAmB,mBAAmB,IAAI,gBAAgB,KAAK,WAAW,KAAK,gBAAgB;AAC/F,WAAmB,eAAe,IAAI,YAAY,KAAK,WAAW,KAAK,gBAAgB;AAAA,IAMpF;AAAA,IAEH,MAAa,uBAAuB,UAA0B,OAAmC;AAC7F,YAAMC,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAE3D,WAAK,oBAAoB,UAAU,KAAK;AACxC,MAAAA,QAAO,MAAM,iBAAiB;AAE9B,YAAM,KAAK,aAAa,UAAU,KAAK;AACvC,MAAAA,QAAO,MAAM,gBAAgB;AAE7B,UAAI,SAAS,UAAU;AACnB,aAAK,2BAA2B,QAAQ;AAAA,MAC5C;AACA,MAAAA,QAAO,MAAM,kBAAkB;AAE/B,YAAM,KAAK,eAAe,UAAU,+BAAO,cAAc,SAAS,QAAQ;AAC1E,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEA,MAAa,4BAA4B,UAA0B,cAAsC;AACrG,YAAMA,UAAS,KAAK,QAAQ,OAAO,6BAA6B;AAEhE,UAAI,SAAS,YAAY,CAAC,CAAC,SAAS,UAAU;AAC1C,aAAK,2BAA2B,QAAQ;AAAA,MAC5C;AACA,MAAAA,QAAO,MAAM,kBAAkB;AAE/B,YAAM,KAAK,eAAe,UAAU,cAAc,SAAS,QAAQ;AACnE,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEA,MAAa,wBAAwB,UAA0B,OAAoC;AA9DvG;AA+DQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAE5D,eAAS,YAAY,MAAM;AAE3B,qBAAS,kBAAT,qBAAS,gBAAkB,MAAM;AAEjC,qBAAS,UAAT,qBAAS,QAAU,MAAM;AAIzB,UAAI,SAAS,YAAY,CAAC,CAAC,SAAS,UAAU;AAC1C,aAAK,2BAA2B,UAAU,MAAM,QAAQ;AACxD,QAAAA,QAAO,MAAM,oBAAoB;AAAA,MACrC;AAEA,UAAI,CAAC,SAAS,UAAU;AAEpB,iBAAS,WAAW,MAAM;AAE1B,iBAAS,UAAU,MAAM;AAAA,MAC7B;AAEA,YAAM,aAAa,SAAS,YAAY,CAAC,CAAC,SAAS;AACnD,YAAM,KAAK,eAAe,UAAU,OAAO,UAAU;AACrD,MAAAA,QAAO,MAAM,kBAAkB;AAAA,IACnC;AAAA,IAEO,wBAAwB,UAA2B,OAAoB;AAC1E,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAC5D,UAAI,MAAM,OAAO,SAAS,OAAO;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,MAClD;AAKA,MAAAA,QAAO,MAAM,iBAAiB;AAC9B,eAAS,YAAY,MAAM;AAE3B,UAAI,SAAS,OAAO;AAChB,QAAAA,QAAO,KAAK,sBAAsB,SAAS,KAAK;AAChD,cAAM,IAAI,cAAc,QAAQ;AAAA,MACpC;AAAA,IACJ;AAAA,IAEU,oBAAoB,UAA0B,OAA0B;AA5GtF;AA6GQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AACxD,UAAI,MAAM,OAAO,SAAS,OAAO;AAC7B,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,MAClD;AAEA,UAAI,CAAC,MAAM,WAAW;AAClB,QAAAA,QAAO,MAAM,IAAI,MAAM,uBAAuB,CAAC;AAAA,MACnD;AAEA,UAAI,CAAC,MAAM,WAAW;AAClB,QAAAA,QAAO,MAAM,IAAI,MAAM,uBAAuB,CAAC;AAAA,MACnD;AAGA,UAAI,KAAK,UAAU,cAAc,MAAM,WAAW;AAC9C,QAAAA,QAAO,MAAM,IAAI,MAAM,iDAAiD,CAAC;AAAA,MAC7E;AACA,UAAI,KAAK,UAAU,aAAa,KAAK,UAAU,cAAc,MAAM,WAAW;AAC1E,QAAAA,QAAO,MAAM,IAAI,MAAM,iDAAiD,CAAC;AAAA,MAC7E;AAKA,MAAAA,QAAO,MAAM,iBAAiB;AAC9B,eAAS,YAAY,MAAM;AAC3B,eAAS,YAAY,MAAM;AAE3B,qBAAS,UAAT,qBAAS,QAAU,MAAM;AAEzB,UAAI,SAAS,OAAO;AAChB,QAAAA,QAAO,KAAK,sBAAsB,SAAS,KAAK;AAChD,cAAM,IAAI,cAAc,QAAQ;AAAA,MACpC;AAEA,UAAI,MAAM,iBAAiB,CAAC,SAAS,MAAM;AACvC,QAAAA,QAAO,MAAM,IAAI,MAAM,2BAA2B,CAAC;AAAA,MACvD;AAAA,IAEJ;AAAA,IAEA,MAAgB,eAAe,UAA0B,eAAe,OAAO,cAAc,MAAqB;AAC9G,YAAMA,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,eAAS,UAAU,KAAK,eAAe,qBAAqB,SAAS,OAAO;AAE5E,UAAI,gBAAgB,CAAC,KAAK,UAAU,gBAAgB,CAAC,SAAS,cAAc;AACxE,QAAAA,QAAO,MAAM,uBAAuB;AACpC;AAAA,MACJ;AAEA,MAAAA,QAAO,MAAM,mBAAmB;AAChC,YAAM,SAAS,MAAM,KAAK,iBAAiB,UAAU,SAAS,YAAY;AAC1E,MAAAA,QAAO,MAAM,mDAAmD;AAEhE,UAAI,eAAe,OAAO,QAAQ,SAAS,QAAQ,KAAK;AACpD,QAAAA,QAAO,MAAM,IAAI,MAAM,mEAAmE,CAAC;AAAA,MAC/F;AAEA,eAAS,UAAU,KAAK,eAAe,YAAY,SAAS,SAAS,KAAK,eAAe,qBAAqB,MAAuB,CAAC;AACtI,MAAAA,QAAO,MAAM,+CAA+C,SAAS,OAAO;AAAA,IAChF;AAAA,IAEA,MAAgB,aAAa,UAA0B,OAAmC;AACtF,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,UAAI,SAAS,MAAM;AACf,QAAAA,QAAO,MAAM,iBAAiB;AAC9B,cAAM,gBAAgB,MAAM,KAAK,aAAa,aAAa;AAAA,UACvD,WAAW,MAAM;AAAA,UACjB,eAAe,MAAM;AAAA,UACrB,MAAM,SAAS;AAAA,UACf,cAAc,MAAM;AAAA,UACpB,eAAe,MAAM;AAAA,UACrB,GAAG,MAAM;AAAA,QACb,CAAC;AACD,eAAO,OAAO,UAAU,aAAa;AAAA,MACzC,OAAO;AACH,QAAAA,QAAO,MAAM,oBAAoB;AAAA,MACrC;AAAA,IACJ;AAAA,IAEU,2BAA2B,UAA0B,eAA8B;AA7LjG;AA8LQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,4BAA4B;AAE/D,MAAAA,QAAO,MAAM,uBAAuB;AACpC,YAAM,WAAW,SAAS,QAAO,cAAS,aAAT,YAAqB,EAAE;AAExD,UAAI,CAAC,SAAS,KAAK;AACf,QAAAA,QAAO,MAAM,IAAI,MAAM,qCAAqC,CAAC;AAAA,MACjE;AAEA,UAAI,eAAe;AACf,cAAM,WAAW,SAAS,OAAO,aAAa;AAC9C,YAAI,SAAS,QAAQ,SAAS,KAAK;AAC/B,UAAAA,QAAO,MAAM,IAAI,MAAM,4CAA4C,CAAC;AAAA,QACxE;AACA,YAAI,SAAS,aAAa,SAAS,cAAc,SAAS,WAAW;AACjE,UAAAA,QAAO,MAAM,IAAI,MAAM,yDAAyD,CAAC;AAAA,QACrF;AACA,YAAI,SAAS,OAAO,SAAS,QAAQ,SAAS,KAAK;AAC/C,UAAAA,QAAO,MAAM,IAAI,MAAM,6CAA6C,CAAC;AAAA,QACzE;AACA,YAAI,CAAC,SAAS,OAAO,SAAS,KAAK;AAC/B,UAAAA,QAAO,MAAM,IAAI,MAAM,uDAAuD,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,eAAS,UAAU;AAAA,IACvB;AAAA,EACJ;;;AChNO,MAAM,QAAN,MAAM,OAAM;AAAA,IASR,YAAY,MAMhB;AACC,WAAK,KAAK,KAAK,MAAM,YAAY,eAAe;AAChD,WAAK,OAAO,KAAK;AAEjB,UAAI,KAAK,WAAW,KAAK,UAAU,GAAG;AAClC,aAAK,UAAU,KAAK;AAAA,MACxB,OACK;AACD,aAAK,UAAU,MAAM,aAAa;AAAA,MACtC;AACA,WAAK,eAAe,KAAK;AACzB,WAAK,YAAY,KAAK;AAAA,IAC1B;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,OAAO,EAAE,OAAO,iBAAiB;AAC5C,aAAO,KAAK,UAAU;AAAA,QAClB,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,cAAc,KAAK;AAAA,QACnB,WAAW,KAAK;AAAA,MACpB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAAuC;AACnE,aAAO,aAAa,SAAS,mBAAmB;AAChD,aAAO,QAAQ,QAAQ,IAAI,OAAM,KAAK,MAAM,aAAa,CAAC,CAAC;AAAA,IAC/D;AAAA,IAEA,aAAoB,gBAAgB,SAAqB,KAA4B;AACjF,YAAMC,UAAS,OAAO,aAAa,SAAS,iBAAiB;AAC7D,YAAM,SAAS,MAAM,aAAa,IAAI;AAEtC,YAAM,OAAO,MAAM,QAAQ,WAAW;AACtC,MAAAA,QAAO,MAAM,YAAY,IAAI;AAE7B,eAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AAClC,cAAM,MAAM,KAAK,CAAC;AAClB,cAAM,OAAO,MAAM,QAAQ,IAAI,GAAG;AAClC,YAAI,SAAS;AAEb,YAAI,MAAM;AACN,cAAI;AACA,kBAAM,QAAQ,MAAM,OAAM,kBAAkB,IAAI;AAEhD,YAAAA,QAAO,MAAM,sBAAsB,KAAK,MAAM,OAAO;AACrD,gBAAI,MAAM,WAAW,QAAQ;AACzB,uBAAS;AAAA,YACb;AAAA,UACJ,SACO,KAAK;AACR,YAAAA,QAAO,MAAM,gCAAgC,KAAK,GAAG;AACrD,qBAAS;AAAA,UACb;AAAA,QACJ,OACK;AACD,UAAAA,QAAO,MAAM,+BAA+B,GAAG;AAC/C,mBAAS;AAAA,QACb;AAEA,YAAI,QAAQ;AACR,UAAAA,QAAO,MAAM,yBAAyB,GAAG;AACzC,eAAK,QAAQ,OAAO,GAAG;AAAA,QAC3B;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;;;ACzDO,MAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA,IAyB3B,YAAY,MAAuB;AACvC,YAAM,IAAI;AAEV,WAAK,gBAAgB,KAAK;AAC1B,WAAK,iBAAiB,KAAK;AAC3B,WAAK,YAAY,KAAK;AACtB,WAAK,YAAY,KAAK;AACtB,WAAK,eAAe,KAAK;AACzB,WAAK,QAAQ,KAAK;AAClB,WAAK,gBAAgB,KAAK;AAC1B,WAAK,mBAAmB,KAAK;AAE7B,WAAK,gBAAgB,KAAK;AAC1B,WAAK,eAAe,KAAK;AAAA,IAC7B;AAAA,IAEA,aAAoB,OAAO,MAAmD;AAC1E,YAAM,gBAAgB,KAAK,kBAAkB,OAAO,YAAY,qBAAqB,IAAK,KAAK,iBAAiB;AAChH,YAAM,iBAAiB,gBAAiB,MAAM,YAAY,sBAAsB,aAAa,IAAK;AAElG,aAAO,IAAI,aAAY;AAAA,QACnB,GAAG;AAAA,QACH;AAAA,QACA;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,aAAa,EAAE,OAAO,iBAAiB;AAClD,aAAO,KAAK,UAAU;AAAA,QAClB,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,cAAc,KAAK;AAAA,QACnB,WAAW,KAAK;AAAA,QAEhB,eAAe,KAAK;AAAA,QACpB,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,QAChB,cAAc,KAAK;AAAA,QACnB,OAAO,KAAK;AAAA,QACZ,eAAe,KAAK;AAAA,QACpB,kBAAmB,KAAK;AAAA,QACxB,eAAe,KAAK;AAAA,QACpB,cAAc,KAAK;AAAA,MACvB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAA6C;AACzE,aAAO,aAAa,eAAe,mBAAmB;AACtD,YAAM,OAAO,KAAK,MAAM,aAAa;AACrC,aAAO,aAAY,OAAO,IAAI;AAAA,IAClC;AAAA,EACJ;;;AC9DO,MAAM,iBAAN,MAAM,eAAc;AAAA,IAMf,YAAY,MAGjB;AACC,WAAK,MAAM,KAAK;AAChB,WAAK,QAAQ,KAAK;AAAA,IACtB;AAAA,IAEA,aAAoB,OAAO;AAAA;AAAA,MAEvB;AAAA,MAAK;AAAA,MAAW;AAAA,MAAW;AAAA,MAAc;AAAA,MAAe;AAAA;AAAA,MAExD;AAAA,MAAY;AAAA,MAAe;AAAA,MAAc;AAAA,MAAe;AAAA,MAAO;AAAA,MAC/D;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,GAAG;AAAA,IACP,GAAoD;AAChD,UAAI,CAAC,KAAK;AACN,aAAK,QAAQ,MAAM,uBAAuB;AAC1C,cAAM,IAAI,MAAM,KAAK;AAAA,MACzB;AACA,UAAI,CAAC,WAAW;AACZ,aAAK,QAAQ,MAAM,6BAA6B;AAChD,cAAM,IAAI,MAAM,WAAW;AAAA,MAC/B;AACA,UAAI,CAAC,cAAc;AACf,aAAK,QAAQ,MAAM,gCAAgC;AACnD,cAAM,IAAI,MAAM,cAAc;AAAA,MAClC;AACA,UAAI,CAAC,eAAe;AAChB,aAAK,QAAQ,MAAM,iCAAiC;AACpD,cAAM,IAAI,MAAM,eAAe;AAAA,MACnC;AACA,UAAI,CAAC,OAAO;AACR,aAAK,QAAQ,MAAM,yBAAyB;AAC5C,cAAM,IAAI,MAAM,OAAO;AAAA,MAC3B;AACA,UAAI,CAAC,WAAW;AACZ,aAAK,QAAQ,MAAM,6BAA6B;AAChD,cAAM,IAAI,MAAM,WAAW;AAAA,MAC/B;AAEA,YAAM,QAAQ,MAAM,YAAY,OAAO;AAAA,QACnC,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA,eAAe,CAAC;AAAA,QAChB;AAAA,QAAW;AAAA,QAAW;AAAA,QACtB;AAAA,QACA;AAAA,QAAe;AAAA,QAAO;AAAA,QACtB;AAAA,MACJ,CAAC;AAED,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,gBAAU,aAAa,OAAO,aAAa,SAAS;AACpD,gBAAU,aAAa,OAAO,gBAAgB,YAAY;AAC1D,gBAAU,aAAa,OAAO,iBAAiB,aAAa;AAC5D,gBAAU,aAAa,OAAO,SAAS,KAAK;AAC5C,UAAI,OAAO;AACP,kBAAU,aAAa,OAAO,SAAS,KAAK;AAAA,MAChD;AAEA,UAAI,aAAa,MAAM;AACvB,UAAI,WAAW;AACX,qBAAa,GAAG,UAAU,GAAG,mBAAmB,GAAG,SAAS;AAAA,MAChE;AACA,gBAAU,aAAa,OAAO,SAAS,UAAU;AACjD,UAAI,MAAM,gBAAgB;AACtB,kBAAU,aAAa,OAAO,kBAAkB,MAAM,cAAc;AACpE,kBAAU,aAAa,OAAO,yBAAyB,MAAM;AAAA,MACjE;AAEA,UAAI,UAAU;AAEV,cAAM,YAAY,MAAM,QAAQ,QAAQ,IAAI,WAAW,CAAC,QAAQ;AAChE,kBACK,QAAQ,OAAK,UAAU,aAAa,OAAO,YAAY,CAAC,CAAC;AAAA,MAClE;AAEA,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,EAAE,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,CAAC,GAAG;AAClG,YAAI,SAAS,MAAM;AACf,oBAAU,aAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,QACvD;AAAA,MACJ;AAEA,aAAO,IAAI,eAAc;AAAA,QACrB,KAAK,UAAU;AAAA,QACf;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ;AAlGI,EADS,eACe,UAAU,IAAI,OAAO,eAAe;AADzD,MAAM,gBAAN;;;AC5CP,MAAM,YAAY;AAOX,MAAM,iBAAN,MAAqB;AAAA,IAsCjB,YAAY,QAAyB;AAjB5C;AAAA,WAAO,eAAe;AAEtB;AAAA,WAAO,aAAa;AAapB;AAAA,WAAO,UAAuB,CAAC;AAG3B,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,gBAAgB,OAAO,IAAI,eAAe;AAC/C,UAAI,KAAK,OAAO;AACZ,cAAM,aAAa,mBAAmB,KAAK,KAAK,EAAE,MAAM,mBAAmB;AAC3E,aAAK,QAAQ,WAAW,CAAC;AACzB,YAAI,WAAW,SAAS,GAAG;AACvB,eAAK,YAAY,WAAW,MAAM,CAAC,EAAE,KAAK,mBAAmB;AAAA,QACjE;AAAA,MACJ;AAEA,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,oBAAoB,OAAO,IAAI,mBAAmB;AACvD,WAAK,YAAY,OAAO,IAAI,WAAW;AAEvC,WAAK,OAAO,OAAO,IAAI,MAAM;AAAA,IACjC;AAAA,IAEA,IAAW,aAAiC;AACxC,UAAI,KAAK,eAAe,QAAW;AAC/B,eAAO;AAAA,MACX;AACA,aAAO,KAAK,aAAa,MAAM,aAAa;AAAA,IAChD;AAAA,IACA,IAAW,WAAW,OAA2B;AAE7C,UAAI,OAAO,UAAU;AAAU,gBAAQ,OAAO,KAAK;AACnD,UAAI,UAAU,UAAa,SAAS,GAAG;AACnC,aAAK,aAAa,KAAK,MAAM,KAAK,IAAI,MAAM,aAAa;AAAA,MAC7D;AAAA,IACJ;AAAA,IAEA,IAAW,WAAoB;AAnFnC;AAoFQ,eAAO,UAAK,UAAL,mBAAY,MAAM,KAAK,SAAS,eAAc,CAAC,CAAC,KAAK;AAAA,IAChE;AAAA,EACJ;;;ACzDO,MAAM,iBAAN,MAAqB;AAAA,IAMjB,YAAY;AAAA,MACf;AAAA,MACA;AAAA,MAAY;AAAA,MAAe;AAAA,MAA0B;AAAA,MAAkB;AAAA,MAAc;AAAA,IACzF,GAAuB;AARvB,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AASlD,UAAI,CAAC,KAAK;AACN,aAAK,QAAQ,MAAM,qBAAqB;AACxC,cAAM,IAAI,MAAM,KAAK;AAAA,MACzB;AAEA,YAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,UAAI,eAAe;AACf,kBAAU,aAAa,OAAO,iBAAiB,aAAa;AAAA,MAChE;AACA,UAAI,WAAW;AACX,kBAAU,aAAa,OAAO,aAAa,SAAS;AAAA,MACxD;AAEA,UAAI,0BAA0B;AAC1B,kBAAU,aAAa,OAAO,4BAA4B,wBAAwB;AAElF,YAAI,YAAY;AACZ,eAAK,QAAQ,IAAI,MAAM,EAAE,MAAM,YAAY,aAAa,CAAC;AAEzD,oBAAU,aAAa,OAAO,SAAS,KAAK,MAAM,EAAE;AAAA,QACxD;AAAA,MACJ;AAEA,iBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,EAAE,GAAG,iBAAiB,CAAC,GAAG;AAChE,YAAI,SAAS,MAAM;AACf,oBAAU,aAAa,OAAO,KAAK,MAAM,SAAS,CAAC;AAAA,QACvD;AAAA,MACJ;AAEA,WAAK,MAAM,UAAU;AAAA,IACzB;AAAA,EACJ;;;AC/DO,MAAM,kBAAN,MAAsB;AAAA,IAclB,YAAY,QAAyB;AACxC,WAAK,QAAQ,OAAO,IAAI,OAAO;AAE/B,WAAK,QAAQ,OAAO,IAAI,OAAO;AAC/B,WAAK,oBAAoB,OAAO,IAAI,mBAAmB;AACvD,WAAK,YAAY,OAAO,IAAI,WAAW;AAAA,IAC3C;AAAA,EACJ;;;ACXA,MAAM,wBAAwB;AAAA,IAC1B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,EACJ;AAQA,MAAM,iCAAiC,CAAC,OAAO,OAAO,OAAO,OAAO,KAAK;AAKlE,MAAM,gBAAN,MAAoB;AAAA,IAEhB,YACgB,WACrB;AADqB;AAFvB,WAAmB,UAAU,IAAI,OAAO,eAAe;AAAA,IAGpD;AAAA,IAEI,qBAAqB,QAAkC;AAC1D,YAAM,SAAS,EAAE,GAAG,OAAO;AAE3B,UAAI,KAAK,UAAU,sBAAsB;AACrC,YAAI;AACJ,YAAI,MAAM,QAAQ,KAAK,UAAU,oBAAoB,GAAG;AACpD,2BAAiB,KAAK,UAAU;AAAA,QACpC,OAAO;AACH,2BAAiB;AAAA,QACrB;AAEA,mBAAW,SAAS,gBAAgB;AAChC,cAAI,CAAC,+BAA+B,SAAS,KAAK,GAAG;AACjD,mBAAO,OAAO,KAAK;AAAA,UACvB;AAAA,QACJ;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAGO,YAAY,SAAsB,SAAiC;AACtE,YAAM,SAAS,EAAE,GAAG,QAAQ;AAC5B,iBAAW,CAAC,OAAO,MAAM,KAAK,OAAO,QAAQ,OAAO,GAAG;AACnD,YAAI,OAAO,KAAK,MAAM,QAAQ;AAC1B,cAAI,MAAM,QAAQ,OAAO,KAAK,CAAC,KAAK,MAAM,QAAQ,MAAM,GAAG;AACvD,gBAAI,KAAK,UAAU,oBAAoB,SAAS,WAAW;AACvD,qBAAO,KAAK,IAAI;AAAA,YACpB,OAAO;AACH,oBAAM,eAAe,MAAM,QAAQ,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,IAAiB,CAAC,OAAO,KAAK,CAAC;AAC/F,yBAAW,SAAS,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC,MAAM,GAAG;AAC3D,oBAAI,CAAC,aAAa,SAAS,KAAK,GAAG;AAC/B,+BAAa,KAAK,KAAK;AAAA,gBAC3B;AAAA,cACJ;AACA,qBAAO,KAAK,IAAI;AAAA,YACpB;AAAA,UACJ,WAAW,OAAO,OAAO,KAAK,MAAM,YAAY,OAAO,WAAW,UAAU;AACxE,mBAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,GAAgB,MAAmB;AAAA,UACpF,OAAO;AACH,mBAAO,KAAK,IAAI;AAAA,UACpB;AAAA,QACJ;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,EACJ;;;ACxBO,MAAM,aAAN,MAAiB;AAAA,IAWb,YAAY,UAAwD,iBAAmC;AAT9G,WAAmB,UAAU,IAAI,OAAO,YAAY;AAUhD,WAAK,WAAW,oBAAoB,0BAA0B,WAAW,IAAI,wBAAwB,QAAQ;AAE7G,WAAK,kBAAkB,4CAAmB,IAAI,gBAAgB,KAAK,QAAQ;AAC3E,WAAK,iBAAiB,IAAI,cAAc,KAAK,QAAQ;AACrD,WAAK,aAAa,IAAI,kBAAkB,KAAK,UAAU,KAAK,iBAAiB,KAAK,cAAc;AAChG,WAAK,eAAe,IAAI,YAAY,KAAK,UAAU,KAAK,eAAe;AAAA,IAC3E;AAAA,IAEA,MAAa,oBAAoB;AAAA,MAC7B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,gBAAgB,KAAK,SAAS;AAAA,MAC9B,QAAQ,KAAK,SAAS;AAAA,MACtB,eAAe,KAAK,SAAS;AAAA,MAC7B,SAAS,KAAK,SAAS;AAAA,MACvB,UAAU,KAAK,SAAS;AAAA,MACxB,UAAU,KAAK,SAAS;AAAA,MACxB,aAAa,KAAK,SAAS;AAAA,MAC3B,aAAa,KAAK,SAAS;AAAA,MAC3B,WAAW,KAAK,SAAS;AAAA,MACzB,gBAAgB,KAAK,SAAS;AAAA,MAC9B,mBAAmB,KAAK,SAAS;AAAA,MACjC,mBAAmB,KAAK,SAAS;AAAA,IACrC,GAAoD;AAChD,YAAMC,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AAExD,UAAI,kBAAkB,QAAQ;AAC1B,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC/E;AAEA,YAAM,MAAM,MAAM,KAAK,gBAAgB,yBAAyB;AAChE,MAAAA,QAAO,MAAM,mCAAmC,GAAG;AAEnD,YAAM,gBAAgB,MAAM,cAAc,OAAO;AAAA,QAC7C;AAAA,QACA,WAAW,KAAK,SAAS;AAAA,QACzB,WAAW,KAAK,SAAS;AAAA,QACzB;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,QAAQ;AAAA,QAAS;AAAA,QAAS;AAAA,QAAY;AAAA,QAAe;AAAA,QAAY;AAAA,QACjE;AAAA,QAAU;AAAA,QAAS;AAAA,QAAa;AAAA,QAAkB;AAAA,QAAkB;AAAA,QAAc;AAAA,QAClF,eAAe,KAAK,SAAS;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,aAAa,KAAK,SAAS;AAAA,MAC/B,CAAC;AAGD,YAAM,KAAK,gBAAgB;AAE3B,YAAM,cAAc,cAAc;AAClC,YAAM,KAAK,SAAS,WAAW,IAAI,YAAY,IAAI,YAAY,gBAAgB,CAAC;AAChF,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,wBAAwB,KAAa,cAAc,OAAkE;AAC9H,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAE5D,YAAM,WAAW,IAAI,eAAe,SAAS,WAAW,KAAK,KAAK,SAAS,aAAa,CAAC;AACzF,UAAI,CAAC,SAAS,OAAO;AACjB,QAAAA,QAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAE9C,cAAM;AAAA,MACV;AAEA,YAAM,oBAAoB,MAAM,KAAK,SAAS,WAAW,cAAc,WAAW,KAAK,EAAE,SAAS,KAAK;AACvG,UAAI,CAAC,mBAAmB;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAC5D,cAAM;AAAA,MACV;AAEA,YAAM,QAAQ,MAAM,YAAY,kBAAkB,iBAAiB;AACnE,aAAO,EAAE,OAAO,SAAS;AAAA,IAC7B;AAAA,IAEA,MAAa,sBAAsB,KAAsC;AACrE,YAAMA,UAAS,KAAK,QAAQ,OAAO,uBAAuB;AAE1D,YAAM,EAAE,OAAO,SAAS,IAAI,MAAM,KAAK,wBAAwB,KAAK,IAAI;AACxE,MAAAA,QAAO,MAAM,kDAAkD;AAC/D,YAAM,KAAK,WAAW,uBAAuB,UAAU,KAAK;AAC5D,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,wCAAwC;AAAA,MACjD;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,mBAAmB,CAAC;AAAA,IACxB,GAAyE;AACrE,YAAM,gBAAyC,MAAM,KAAK,aAAa,oBAAoB,EAAE,UAAU,UAAU,GAAG,iBAAiB,CAAC;AACtI,YAAM,iBAAiC,IAAI,eAAe,IAAI,gBAAgB,CAAC;AAC/E,aAAO,OAAO,gBAAgB,aAAa;AAC3C,YAAM,KAAK,WAAW,4BAA4B,gBAAgB,YAAY;AAC9E,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,gBAAgB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,GAAiD;AAlMrD;AAmMQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AAKpD,UAAI;AACJ,UAAI,KAAK,SAAS,6BAA6B,QAAW;AACtD,gBAAQ,MAAM;AAAA,MAClB,OAAO;AACH,cAAM,kBAAkB,KAAK,SAAS,yBAAyB,MAAM,GAAG;AACxE,cAAM,mBAAiB,WAAM,UAAN,mBAAa,MAAM,SAAQ,CAAC;AAEnD,gBAAQ,eAAe,OAAO,OAAK,gBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,GAAG;AAAA,MAC5E;AAEA,YAAM,SAAS,MAAM,KAAK,aAAa,qBAAqB;AAAA,QACxD,eAAe,MAAM;AAAA;AAAA,QAErB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACP,CAAC;AACD,YAAM,WAAW,IAAI,eAAe,IAAI,gBAAgB,CAAC;AACzD,aAAO,OAAO,UAAU,MAAM;AAC9B,MAAAA,QAAO,MAAM,uBAAuB,QAAQ;AAC5C,YAAM,KAAK,WAAW,wBAAwB,UAAU;AAAA,QACpD,GAAG;AAAA;AAAA;AAAA,QAGH;AAAA,MACJ,CAAC;AACD,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,qBAAqB;AAAA,MAC9B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,2BAA2B,KAAK,SAAS;AAAA,MACzC,mBAAmB,KAAK,SAAS;AAAA,IACrC,IAA8B,CAAC,GAA4B;AACvD,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AAEzD,YAAM,MAAM,MAAM,KAAK,gBAAgB,sBAAsB;AAC7D,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AACjD,cAAM;AAAA,MACV;AAEA,MAAAA,QAAO,MAAM,iCAAiC,GAAG;AAGjD,UAAI,CAAC,aAAa,4BAA4B,CAAC,eAAe;AAC1D,oBAAY,KAAK,SAAS;AAAA,MAC9B;AAEA,YAAM,UAAU,IAAI,eAAe;AAAA,QAC/B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,MACJ,CAAC;AAGD,YAAM,KAAK,gBAAgB;AAE3B,YAAM,eAAe,QAAQ;AAC7B,UAAI,cAAc;AACd,QAAAA,QAAO,MAAM,sCAAsC;AACnD,cAAM,KAAK,SAAS,WAAW,IAAI,aAAa,IAAI,aAAa,gBAAgB,CAAC;AAAA,MACtF;AAEA,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,yBAAyB,KAAa,cAAc,OAAyE;AACtI,YAAMA,UAAS,KAAK,QAAQ,OAAO,0BAA0B;AAE7D,YAAM,WAAW,IAAI,gBAAgB,SAAS,WAAW,KAAK,KAAK,SAAS,aAAa,CAAC;AAC1F,UAAI,CAAC,SAAS,OAAO;AACjB,QAAAA,QAAO,MAAM,sBAAsB;AAEnC,YAAI,SAAS,OAAO;AAChB,UAAAA,QAAO,KAAK,uBAAuB,SAAS,KAAK;AACjD,gBAAM,IAAI,cAAc,QAAQ;AAAA,QACpC;AAEA,eAAO,EAAE,OAAO,QAAW,SAAS;AAAA,MACxC;AAEA,YAAM,oBAAoB,MAAM,KAAK,SAAS,WAAW,cAAc,WAAW,KAAK,EAAE,SAAS,KAAK;AACvG,UAAI,CAAC,mBAAmB;AACpB,QAAAA,QAAO,MAAM,IAAI,MAAM,oCAAoC,CAAC;AAC5D,cAAM;AAAA,MACV;AAEA,YAAM,QAAQ,MAAM,MAAM,kBAAkB,iBAAiB;AAC7D,aAAO,EAAE,OAAO,SAAS;AAAA,IAC7B;AAAA,IAEA,MAAa,uBAAuB,KAAuC;AACvE,YAAMA,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAE3D,YAAM,EAAE,OAAO,SAAS,IAAI,MAAM,KAAK,yBAAyB,KAAK,IAAI;AACzE,UAAI,OAAO;AACP,QAAAA,QAAO,MAAM,kDAAkD;AAC/D,aAAK,WAAW,wBAAwB,UAAU,KAAK;AAAA,MAC3D,OAAO;AACH,QAAAA,QAAO,MAAM,qDAAqD;AAAA,MACtE;AAEA,aAAO;AAAA,IACX;AAAA,IAEO,kBAAiC;AACpC,WAAK,QAAQ,OAAO,iBAAiB;AACrC,aAAO,MAAM,gBAAgB,KAAK,SAAS,YAAY,KAAK,SAAS,sBAAsB;AAAA,IAC/F;AAAA,IAEA,MAAa,YAAY,OAAe,MAAwD;AAC5F,WAAK,QAAQ,OAAO,aAAa;AACjC,aAAO,MAAM,KAAK,aAAa,OAAO;AAAA,QAClC;AAAA,QACA,iBAAiB;AAAA,MACrB,CAAC;AAAA,IACL;AAAA,EACJ;;;AC5TO,MAAM,iBAAN,MAAqB;AAAA,IAMjB,YAA6B,cAA2B;AAA3B;AALpC,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AAyCtD,WAAU,SAAS,OACf,SAIgB;AAChB,cAAM,gBAAgB,KAAK;AAC3B,YAAI,CAAC,eAAe;AAChB;AAAA,QACJ;AACA,cAAMC,UAAS,KAAK,QAAQ,OAAO,QAAQ;AAE3C,YAAI,KAAK,SAAS;AACd,eAAK,OAAO,KAAK,QAAQ;AACzB,UAAAA,QAAO,MAAM,iBAAiB,eAAe,SAAS,KAAK,IAAI;AAAA,QACnE,OACK;AACD,eAAK,OAAO;AACZ,UAAAA,QAAO,MAAM,iBAAiB,eAAe,kBAAkB;AAAA,QACnE;AAEA,YAAI,KAAK,qBAAqB;AAC1B,eAAK,oBAAoB,MAAM,aAAa;AAC5C;AAAA,QACJ;AAEA,YAAI;AACA,gBAAM,MAAM,MAAM,KAAK,aAAa,gBAAgB,sBAAsB;AAC1E,cAAI,KAAK;AACL,YAAAA,QAAO,MAAM,mCAAmC;AAEhD,kBAAM,YAAY,KAAK,aAAa,SAAS;AAC7C,kBAAM,oBAAoB,KAAK,aAAa,SAAS;AACrD,kBAAM,cAAc,KAAK,aAAa,SAAS;AAE/C,kBAAM,qBAAqB,IAAI,mBAAmB,KAAK,WAAW,WAAW,KAAK,mBAAmB,WAAW;AAChH,kBAAM,mBAAmB,KAAK;AAC9B,iBAAK,sBAAsB;AAC3B,+BAAmB,MAAM,aAAa;AAAA,UAC1C,OACK;AACD,YAAAA,QAAO,KAAK,+CAA+C;AAAA,UAC/D;AAAA,QACJ,SACO,KAAK;AAER,UAAAA,QAAO,MAAM,qCAAqC,eAAe,QAAQ,IAAI,UAAU,GAAG;AAAA,QAC9F;AAAA,MACJ;AAEA,WAAU,QAAQ,MAAY;AAC1B,cAAMA,UAAS,KAAK,QAAQ,OAAO,OAAO;AAC1C,aAAK,OAAO;AAEZ,YAAI,KAAK,qBAAqB;AAC1B,eAAK,oBAAoB,KAAK;AAAA,QAClC;AAEA,YAAI,KAAK,aAAa,SAAS,yBAAyB;AAIpD,gBAAM,cAAc,YAAY,YAAY;AACxC,0BAAc,WAAW;AAEzB,gBAAI;AACA,oBAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,kBAAI,SAAS;AACT,sBAAM,UAAU;AAAA,kBACZ,eAAe,QAAQ;AAAA,kBACvB,SAAS,QAAQ,MAAM;AAAA,oBACnB,KAAK,QAAQ;AAAA,kBACjB,IAAI;AAAA,gBACR;AACA,qBAAK,KAAK,OAAO,OAAO;AAAA,cAC5B;AAAA,YACJ,SACO,KAAK;AAER,cAAAA,QAAO,MAAM,iCAAiC,eAAe,QAAQ,IAAI,UAAU,GAAG;AAAA,YAC1F;AAAA,UACJ,GAAG,GAAI;AAAA,QACX;AAAA,MACJ;AAEA,WAAU,YAAY,YAA2B;AAC7C,cAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,YAAI;AACA,gBAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,cAAI,aAAa;AAEjB,cAAI,WAAW,KAAK,qBAAqB;AACrC,gBAAI,QAAQ,QAAQ,KAAK,MAAM;AAC3B,2BAAa;AACb,mBAAK,oBAAoB,MAAM,QAAQ,aAAa;AAEpD,cAAAA,QAAO,MAAM,6GAA6G,QAAQ,aAAa;AAC/I,oBAAM,KAAK,aAAa,OAAO,yBAAyB;AAAA,YAC5D,OACK;AACD,cAAAA,QAAO,MAAM,oCAAoC,QAAQ,GAAG;AAAA,YAChE;AAAA,UACJ,OACK;AACD,YAAAA,QAAO,MAAM,kCAAkC;AAAA,UACnD;AAEA,cAAI,YAAY;AACZ,gBAAI,KAAK,MAAM;AACX,oBAAM,KAAK,aAAa,OAAO,oBAAoB;AAAA,YACvD,OACK;AACD,oBAAM,KAAK,aAAa,OAAO,mBAAmB;AAAA,YACtD;AAAA,UACJ,OAAO;AACH,YAAAA,QAAO,MAAM,kDAAkD;AAAA,UACnE;AAAA,QACJ,SACO,KAAK;AACR,cAAI,KAAK,MAAM;AACX,YAAAA,QAAO,MAAM,qEAAqE,GAAG;AACrF,kBAAM,KAAK,aAAa,OAAO,oBAAoB;AAAA,UACvD;AAAA,QACJ;AAAA,MACJ;AA/JI,UAAI,CAAC,cAAc;AACf,aAAK,QAAQ,MAAM,IAAI,MAAM,wBAAwB,CAAC;AAAA,MAC1D;AAEA,WAAK,aAAa,OAAO,cAAc,KAAK,MAAM;AAClD,WAAK,aAAa,OAAO,gBAAgB,KAAK,KAAK;AAEnD,WAAK,MAAM,EAAE,MAAM,CAAC,QAAiB;AAEjC,aAAK,QAAQ,MAAM,GAAG;AAAA,MAC1B,CAAC;AAAA,IACL;AAAA,IAEA,MAAgB,QAAuB;AACnC,WAAK,QAAQ,OAAO,OAAO;AAC3B,YAAM,OAAO,MAAM,KAAK,aAAa,QAAQ;AAG7C,UAAI,MAAM;AACN,aAAK,KAAK,OAAO,IAAI;AAAA,MACzB,WACS,KAAK,aAAa,SAAS,yBAAyB;AACzD,cAAM,UAAU,MAAM,KAAK,aAAa,mBAAmB;AAC3D,YAAI,SAAS;AACT,gBAAM,UAAU;AAAA,YACZ,eAAe,QAAQ;AAAA,YACvB,SAAS,QAAQ,MAAM;AAAA,cACnB,KAAK,QAAQ;AAAA,YACjB,IAAI;AAAA,UACR;AACA,eAAK,KAAK,OAAO,OAAO;AAAA,QAC5B;AAAA,MACJ;AAAA,IACJ;AAAA,EA+HJ;;;AClKO,MAAM,OAAN,MAAM,MAAK;AAAA,IAuCP,YAAY,MAWhB;AAlEP;AAmEQ,WAAK,WAAW,KAAK;AACrB,WAAK,iBAAgB,UAAK,kBAAL,YAAsB;AAC3C,WAAK,eAAe,KAAK;AACzB,WAAK,gBAAgB,KAAK;AAE1B,WAAK,aAAa,KAAK;AACvB,WAAK,QAAQ,KAAK;AAClB,WAAK,UAAU,KAAK;AACpB,WAAK,aAAa,KAAK;AACvB,WAAK,QAAQ,KAAK;AAClB,WAAK,YAAY,KAAK;AAAA,IAC1B;AAAA;AAAA,IAGA,IAAW,aAAiC;AACxC,UAAI,KAAK,eAAe,QAAW;AAC/B,eAAO;AAAA,MACX;AACA,aAAO,KAAK,aAAa,MAAM,aAAa;AAAA,IAChD;AAAA,IAEA,IAAW,WAAW,OAA2B;AAC7C,UAAI,UAAU,QAAW;AACrB,aAAK,aAAa,KAAK,MAAM,KAAK,IAAI,MAAM,aAAa;AAAA,MAC7D;AAAA,IACJ;AAAA;AAAA,IAGA,IAAW,UAA+B;AACtC,YAAM,aAAa,KAAK;AACxB,UAAI,eAAe,QAAW;AAC1B,eAAO;AAAA,MACX;AACA,aAAO,cAAc;AAAA,IACzB;AAAA;AAAA,IAGA,IAAW,SAAmB;AAxGlC;AAyGQ,cAAO,gBAAK,UAAL,mBAAY,MAAM,SAAlB,YAA0B,CAAC;AAAA,IACtC;AAAA,IAEO,kBAA0B;AAC7B,UAAI,OAAO,MAAM,EAAE,OAAO,iBAAiB;AAC3C,aAAO,KAAK,UAAU;AAAA,QAClB,UAAU,KAAK;AAAA,QACf,eAAe,KAAK;AAAA,QACpB,cAAc,KAAK;AAAA,QACnB,eAAe,KAAK;AAAA,QACpB,YAAY,KAAK;AAAA,QACjB,OAAO,KAAK;AAAA,QACZ,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA,MACrB,CAAC;AAAA,IACL;AAAA,IAEA,OAAc,kBAAkB,eAA6B;AACzD,aAAO,aAAa,QAAQ,mBAAmB;AAC/C,aAAO,IAAI,MAAK,KAAK,MAAM,aAAa,CAAC;AAAA,IAC7C;AAAA,EACJ;;;ACxHA,MAAM,gBAAgB;AAcf,MAAe,sBAAf,MAAsD;AAAA,IAAtD;AAEH,WAAmB,SAAS,IAAI,MAAuB,2BAA2B;AAClF,WAAmB,mBAAmB,oBAAI,IAAgB;AAE1D,WAAU,UAA8B;AAAA;AAAA,IAExC,MAAa,SAAS,QAAmD;AACrE,YAAMC,UAAS,KAAK,QAAQ,OAAO,UAAU;AAC7C,UAAI,CAAC,KAAK,SAAS;AACf,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAChE;AAEA,MAAAA,QAAO,MAAM,uBAAuB;AACpC,WAAK,QAAQ,SAAS,QAAQ,OAAO,GAAG;AAExC,YAAM,EAAE,KAAK,SAAS,IAAI,MAAM,IAAI,QAAqB,CAAC,SAAS,WAAW;AAC1E,cAAM,WAAW,CAAC,MAAoB;AArClD;AAsCgB,gBAAM,OAAgC,EAAE;AACxC,gBAAM,UAAS,YAAO,iBAAP,YAAuB,OAAO,SAAS;AACtD,cAAI,EAAE,WAAW,WAAU,6BAAM,YAAW,eAAe;AAEvD;AAAA,UACJ;AACA,cAAI;AACA,kBAAM,QAAQ,SAAS,WAAW,KAAK,KAAK,OAAO,aAAa,EAAE,IAAI,OAAO;AAC7E,gBAAI,CAAC,OAAO;AACR,cAAAA,QAAO,KAAK,gCAAgC;AAAA,YAChD;AACA,gBAAI,EAAE,WAAW,KAAK,WAAW,UAAU,OAAO,OAAO;AAGrD;AAAA,YACJ;AAAA,UACJ,SACO,KAAK;AACR,iBAAK,SAAS;AACd,mBAAO,IAAI,MAAM,8BAA8B,CAAC;AAAA,UACpD;AACA,kBAAQ,IAAI;AAAA,QAChB;AACA,eAAO,iBAAiB,WAAW,UAAU,KAAK;AAClD,aAAK,iBAAiB,IAAI,MAAM,OAAO,oBAAoB,WAAW,UAAU,KAAK,CAAC;AACtF,aAAK,iBAAiB,IAAI,KAAK,OAAO,WAAW,CAAC,WAAW;AACzD,eAAK,SAAS;AACd,iBAAO,MAAM;AAAA,QACjB,CAAC,CAAC;AAAA,MACN,CAAC;AACD,MAAAA,QAAO,MAAM,0BAA0B;AACvC,WAAK,SAAS;AAEd,UAAI,CAAC,UAAU;AACX,aAAK,MAAM;AAAA,MACf;AAEA,aAAO,EAAE,IAAI;AAAA,IACjB;AAAA,IAIQ,WAAiB;AACrB,WAAK,QAAQ,OAAO,UAAU;AAE9B,iBAAW,WAAW,KAAK,kBAAkB;AACzC,gBAAQ;AAAA,MACZ;AACA,WAAK,iBAAiB,MAAM;AAAA,IAChC;AAAA,IAEA,OAAiB,cAAc,QAAgB,KAAa,WAAW,OAAO,eAAe,OAAO,SAAS,QAAc;AACvH,aAAO,YAAY;AAAA,QACf,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACJ,GAAkB,YAAY;AAAA,IAClC;AAAA,EACJ;;;ACxFO,MAAM,6BAAkD;AAAA,IAC3D,UAAU;AAAA,IACV,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,gCAAgC;AAAA,EACpC;AACO,MAAM,qBAAqB;AAClC,MAAM,sDAAsD;AAC5D,MAAM,uCAAuC;AACtC,MAAM,uCAAuC;AA4E7C,MAAM,2BAAN,cAAuC,wBAAwB;AAAA,IA+B3D,YAAY,MAA2B;AAC1C,YAAM;AAAA,QACF,qBAAqB,KAAK;AAAA,QAC1B,iCAAiC,KAAK;AAAA,QACtC,sBAAsB;AAAA,QACtB,oBAAoB;AAAA,QACpB,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,QAEjB,2BAA2B,KAAK;AAAA,QAChC,qBAAqB,KAAK;AAAA,QAE1B,sBAAsB,KAAK;AAAA,QAC3B,gCAAgC;AAAA,QAChC,uBAAuB;AAAA,QACvB,2BAA2B;AAAA,QAC3B,8BAA8B;AAAA,QAE9B,iBAAiB;AAAA,QACjB,0BAA0B;AAAA,QAC1B,gCAAgC;AAAA,QAChC,6BAA6B;AAAA,QAC7B,0BAA0B;AAAA,QAE1B,mBAAmB,CAAC,gBAAgB,eAAe;AAAA,QACnD,wBAAwB;AAAA,QACxB,gCAAgC;AAAA,QAEhC,+CAA+C;AAAA,QAE/C;AAAA,MACJ,IAAI;AAEJ,YAAM,IAAI;AAEV,WAAK,qBAAqB;AAC1B,WAAK,iCAAiC;AACtC,WAAK,sBAAsB;AAC3B,WAAK,oBAAoB;AACzB,WAAK,iBAAiB;AACtB,WAAK,iBAAiB;AAEtB,WAAK,2BAA2B;AAChC,WAAK,qBAAqB;AAE1B,WAAK,sBAAsB;AAC3B,WAAK,gCAAgC;AACrC,WAAK,uBAAuB;AAC5B,WAAK,2BAA2B;AAChC,WAAK,8BAA8B;AAEnC,WAAK,iBAAiB;AACtB,WAAK,0BAA0B;AAC/B,WAAK,gCAAgC;AACrC,WAAK,0BAA0B;AAC/B,WAAK,6BAA6B;AAElC,WAAK,mBAAmB;AACxB,WAAK,wBAAwB;AAC7B,WAAK,gCAAgC;AAErC,WAAK,+CAA+C;AAEpD,UAAI,WAAW;AACX,aAAK,YAAY;AAAA,MACrB,OACK;AACD,cAAM,QAAQ,OAAO,WAAW,cAAc,OAAO,iBAAiB,IAAI,mBAAmB;AAC7F,aAAK,YAAY,IAAI,qBAAqB,EAAE,MAAM,CAAC;AAAA,MACvD;AAAA,IACJ;AAAA,EACJ;;;AChLO,MAAM,eAAN,MAAM,sBAAqB,oBAAoB;AAAA,IAK3C,YAAY;AAAA,MACf,gCAAgC;AAAA,IACpC,GAAuB;AACnB,YAAM;AAPV,WAAmB,UAAU,IAAI,OAAO,cAAc;AAQlD,WAAK,oBAAoB;AAEzB,WAAK,SAAS,cAAa,mBAAmB;AAC9C,WAAK,UAAU,KAAK,OAAO;AAAA,IAC/B;AAAA,IAEA,OAAe,qBAAwC;AACnD,YAAM,SAAS,OAAO,SAAS,cAAc,QAAQ;AAGrD,aAAO,MAAM,aAAa;AAC1B,aAAO,MAAM,WAAW;AACxB,aAAO,MAAM,OAAO;AACpB,aAAO,MAAM,MAAM;AACnB,aAAO,QAAQ;AACf,aAAO,SAAS;AAEhB,aAAO,SAAS,KAAK,YAAY,MAAM;AACvC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,SAAS,QAAmD;AACrE,WAAK,QAAQ,MAAM,+BAA+B,KAAK,iBAAiB;AACxE,YAAM,QAAQ,WAAW,MAAM,KAAK,KAAK,OAAO,MAAM,IAAI,aAAa,qCAAqC,CAAC,GAAG,KAAK,oBAAoB,GAAI;AAC7I,WAAK,iBAAiB,IAAI,MAAM,aAAa,KAAK,CAAC;AAEnD,aAAO,MAAM,MAAM,SAAS,MAAM;AAAA,IACtC;AAAA,IAEO,QAAc;AAzDzB;AA0DQ,UAAI,KAAK,QAAQ;AACb,YAAI,KAAK,OAAO,YAAY;AACxB,eAAK,OAAO,iBAAiB,QAAQ,CAAC,OAAO;AA5D7D,gBAAAC;AA6DoB,kBAAM,QAAQ,GAAG;AACjB,aAAAA,MAAA,MAAM,eAAN,gBAAAA,IAAkB,YAAY;AAC9B,iBAAK,KAAK,OAAO,MAAM,IAAI,MAAM,yBAAyB,CAAC;AAAA,UAC/D,GAAG,IAAI;AACP,qBAAK,OAAO,kBAAZ,mBAA2B,SAAS,QAAQ;AAAA,QAChD;AACA,aAAK,SAAS;AAAA,MAClB;AACA,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,OAAc,aAAa,KAAa,cAA6B;AACjE,aAAO,MAAM,cAAc,OAAO,QAAQ,KAAK,OAAO,YAAY;AAAA,IACtE;AAAA,EACJ;;;AChEO,MAAM,kBAAN,MAA4C;AAAA,IAG/C,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,iBAAiB;AAAA,IAEG;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,gCAAgC,KAAK,UAAU;AAAA,IACnD,GAA8C;AAC1C,aAAO,IAAI,aAAa,EAAE,8BAA8B,CAAC;AAAA,IAC7D;AAAA,IAEA,MAAa,SAAS,KAA4B;AAC9C,WAAK,QAAQ,OAAO,UAAU;AAC9B,mBAAa,aAAa,KAAK,KAAK,UAAU,wBAAwB;AAAA,IAC1E;AAAA,EACJ;;;AClBA,MAAM,8BAA8B;AACpC,MAAM,SAAS;AAaR,MAAM,cAAN,cAA0B,oBAAoB;AAAA,IAK1C,YAAY;AAAA,MACf,oBAAoB;AAAA,MACpB,sBAAsB,CAAC;AAAA,IAC3B,GAAsB;AAClB,YAAM;AARV,WAAmB,UAAU,IAAI,OAAO,aAAa;AASjD,YAAM,gBAAgB,WAAW,OAAO,EAAE,GAAG,4BAA4B,GAAG,oBAAoB,CAAC;AACjG,WAAK,UAAU,OAAO,KAAK,QAAW,mBAAmB,WAAW,UAAU,aAAa,CAAC;AAC5F,UAAI,oBAAoB,kCAAkC,oBAAoB,iCAAiC,GAAG;AAC9G,mBAAW,MAAM;AACb,cAAI,CAAC,KAAK,WAAW,OAAO,KAAK,QAAQ,WAAW,aAAa,KAAK,QAAQ,QAAQ;AAClF,iBAAK,KAAK,OAAO,MAAM,IAAI,MAAM,uBAAuB,CAAC;AACzD;AAAA,UACJ;AAEA,eAAK,MAAM;AAAA,QACf,GAAG,oBAAoB,iCAAiC,MAAM;AAAA,MAClE;AAAA,IACJ;AAAA,IAEA,MAAa,SAAS,QAAmD;AA9C7E;AA+CQ,iBAAK,YAAL,mBAAc;AAEd,YAAM,sBAAsB,YAAY,MAAM;AAC1C,YAAI,CAAC,KAAK,WAAW,KAAK,QAAQ,QAAQ;AACtC,eAAK,KAAK,OAAO,MAAM,IAAI,MAAM,sBAAsB,CAAC;AAAA,QAC5D;AAAA,MACJ,GAAG,2BAA2B;AAC9B,WAAK,iBAAiB,IAAI,MAAM,cAAc,mBAAmB,CAAC;AAElE,aAAO,MAAM,MAAM,SAAS,MAAM;AAAA,IACtC;AAAA,IAEO,QAAc;AACjB,UAAI,KAAK,SAAS;AACd,YAAI,CAAC,KAAK,QAAQ,QAAQ;AACtB,eAAK,QAAQ,MAAM;AACnB,eAAK,KAAK,OAAO,MAAM,IAAI,MAAM,cAAc,CAAC;AAAA,QACpD;AAAA,MACJ;AACA,WAAK,UAAU;AAAA,IACnB;AAAA,IAEA,OAAc,aAAa,KAAa,UAAyB;AAC7D,UAAI,CAAC,OAAO,QAAQ;AAChB,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE;AACA,aAAO,MAAM,cAAc,OAAO,QAAQ,KAAK,QAAQ;AAAA,IAC3D;AAAA,EACJ;;;AChEO,MAAM,iBAAN,MAA2C;AAAA,IAG9C,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,gBAAgB;AAAA,IAEI;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,sBAAsB,KAAK,UAAU;AAAA,MACrC,oBAAoB,KAAK,UAAU;AAAA,IACvC,GAA4C;AACxC,aAAO,IAAI,YAAY,EAAE,qBAAqB,kBAAkB,CAAC;AAAA,IACrE;AAAA,IAEA,MAAa,SAAS,KAAa,EAAE,WAAW,MAAM,GAAkB;AACpE,WAAK,QAAQ,OAAO,UAAU;AAE9B,kBAAY,aAAa,KAAK,QAAQ;AAAA,IAC1C;AAAA,EACJ;;;ACTO,MAAM,oBAAN,MAA8C;AAAA,IAGjD,YAAoB,WAAqC;AAArC;AAFpB,WAAiB,UAAU,IAAI,OAAO,mBAAmB;AAAA,IAEC;AAAA,IAE1D,MAAa,QAAQ;AAAA,MACjB,iBAAiB,KAAK,UAAU;AAAA,MAChC,iBAAiB,KAAK,UAAU;AAAA,IACpC,GAAqC;AA3BzC;AA4BQ,WAAK,QAAQ,OAAO,SAAS;AAC7B,UAAI,eAAe,OAAO;AAE1B,UAAI,mBAAmB,OAAO;AAC1B,wBAAe,YAAO,QAAP,YAAc,OAAO;AAAA,MACxC;AAEA,YAAM,WAAW,aAAa,SAAS,cAAc,EAAE,KAAK,aAAa,QAAQ;AACjF,UAAI;AACJ,aAAO;AAAA,QACH,UAAU,OAAO,WAA2B;AACxC,eAAK,QAAQ,OAAO,UAAU;AAE9B,gBAAM,UAAU,IAAI,QAAQ,CAAC,SAAS,WAAW;AAC7C,oBAAQ;AAAA,UACZ,CAAC;AACD,mBAAS,OAAO,GAAG;AACnB,iBAAO,MAAO;AAAA,QAClB;AAAA,QACA,OAAO,MAAM;AACT,eAAK,QAAQ,OAAO,OAAO;AAC3B,yCAAQ,IAAI,MAAM,kBAAkB;AACpC,uBAAa,KAAK;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAAA,IAEA,MAAa,WAA0B;AACnC;AAAA,IACJ;AAAA,EACJ;;;ACtBO,MAAM,oBAAN,cAAgC,kBAAkB;AAAA,IAU9C,YAAY,UAAoC;AACnD,YAAM,EAAE,mCAAmC,SAAS,6CAA6C,CAAC;AAVtG,WAAmB,UAAU,IAAI,OAAO,mBAAmB;AAE3D,WAAiB,cAAc,IAAI,MAAc,aAAa;AAC9D,WAAiB,gBAAgB,IAAI,MAAU,eAAe;AAC9D,WAAiB,oBAAoB,IAAI,MAAe,oBAAoB;AAC5E,WAAiB,gBAAgB,IAAI,MAAU,gBAAgB;AAC/D,WAAiB,iBAAiB,IAAI,MAAU,iBAAiB;AACjE,WAAiB,sBAAsB,IAAI,MAAU,sBAAsB;AAAA,IAI3E;AAAA,IAEA,MAAa,KAAK,MAAY,aAAW,MAAqB;AAC1D,YAAM,KAAK,IAAI;AACf,UAAI,YAAY;AACZ,cAAM,KAAK,YAAY,MAAM,IAAI;AAAA,MACrC;AAAA,IACJ;AAAA,IACA,MAAa,SAAwB;AACjC,YAAM,OAAO;AACb,YAAM,KAAK,cAAc,MAAM;AAAA,IACnC;AAAA;AAAA;AAAA;AAAA,IAKO,cAAc,IAAoC;AACrD,aAAO,KAAK,YAAY,WAAW,EAAE;AAAA,IACzC;AAAA;AAAA;AAAA;AAAA,IAIO,iBAAiB,IAA8B;AAClD,aAAO,KAAK,YAAY,cAAc,EAAE;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA,IAKO,gBAAgB,IAAsC;AACzD,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA;AAAA;AAAA;AAAA,IAIO,mBAAmB,IAAgC;AACtD,aAAO,KAAK,cAAc,cAAc,EAAE;AAAA,IAC9C;AAAA;AAAA;AAAA;AAAA,IAKO,oBAAoB,IAA0C;AACjE,aAAO,KAAK,kBAAkB,WAAW,EAAE;AAAA,IAC/C;AAAA;AAAA;AAAA;AAAA,IAIO,uBAAuB,IAAoC;AAC9D,aAAO,KAAK,kBAAkB,cAAc,EAAE;AAAA,IAClD;AAAA;AAAA;AAAA;AAAA,IAIA,MAAa,uBAAuB,GAAyB;AACzD,YAAM,KAAK,kBAAkB,MAAM,CAAC;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA;AAAA,IAMO,gBAAgB,IAAsC;AACzD,aAAO,KAAK,cAAc,WAAW,EAAE;AAAA,IAC3C;AAAA;AAAA;AAAA;AAAA,IAIO,mBAAmB,IAAgC;AACtD,WAAK,cAAc,cAAc,EAAE;AAAA,IACvC;AAAA;AAAA;AAAA;AAAA,IAIA,MAAa,qBAAoC;AAC7C,YAAM,KAAK,cAAc,MAAM;AAAA,IACnC;AAAA;AAAA;AAAA;AAAA;AAAA,IAMO,iBAAiB,IAAuC;AAC3D,aAAO,KAAK,eAAe,WAAW,EAAE;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA,IAIO,oBAAoB,IAAiC;AACxD,WAAK,eAAe,cAAc,EAAE;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA,IAIA,MAAa,sBAAqC;AAC9C,YAAM,KAAK,eAAe,MAAM;AAAA,IACpC;AAAA;AAAA;AAAA;AAAA;AAAA,IAMO,sBAAsB,IAA4C;AACrE,aAAO,KAAK,oBAAoB,WAAW,EAAE;AAAA,IACjD;AAAA;AAAA;AAAA;AAAA,IAIO,yBAAyB,IAAsC;AAClE,WAAK,oBAAoB,cAAc,EAAE;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA,IAIA,MAAa,2BAA0C;AACnD,YAAM,KAAK,oBAAoB,MAAM;AAAA,IACzC;AAAA,EACJ;;;AC1JO,MAAM,qBAAN,MAAyB;AAAA,IAKrB,YAAoB,cAA2B;AAA3B;AAJ3B,WAAU,UAAU,IAAI,OAAO,oBAAoB;AACnD,WAAQ,aAAa;AACrB,WAAiB,cAAc,IAAI,MAAM,oBAAoB;AAgC7D,WAAU,iBAAsC,YAAY;AACxD,cAAMC,UAAS,KAAK,QAAQ,OAAO,gBAAgB;AACnD,YAAI;AACA,gBAAM,KAAK,aAAa,aAAa;AACrC,UAAAA,QAAO,MAAM,iCAAiC;AAAA,QAClD,SACO,KAAK;AACR,cAAI,eAAe,cAAc;AAE7B,YAAAA,QAAO,KAAK,mCAAmC,KAAK,aAAa;AACjE,iBAAK,YAAY,KAAK,CAAC;AACvB;AAAA,UACJ;AAEA,UAAAA,QAAO,MAAM,4BAA4B,GAAG;AAC5C,gBAAM,KAAK,aAAa,OAAO,uBAAuB,GAAY;AAAA,QACtE;AAAA,MACJ;AAAA,IA/CuD;AAAA,IAEvD,MAAa,QAAuB;AAChC,YAAMA,UAAS,KAAK,QAAQ,OAAO,OAAO;AAC1C,UAAI,CAAC,KAAK,YAAY;AAClB,aAAK,aAAa;AAClB,aAAK,aAAa,OAAO,uBAAuB,KAAK,cAAc;AACnE,aAAK,YAAY,WAAW,KAAK,cAAc;AAG/C,YAAI;AACA,gBAAM,KAAK,aAAa,QAAQ;AAAA,QAEpC,SACO,KAAK;AAER,UAAAA,QAAO,MAAM,iBAAiB,GAAG;AAAA,QACrC;AAAA,MACJ;AAAA,IACJ;AAAA,IAEO,OAAa;AAChB,UAAI,KAAK,YAAY;AACjB,aAAK,YAAY,OAAO;AACxB,aAAK,YAAY,cAAc,KAAK,cAAc;AAClD,aAAK,aAAa,OAAO,0BAA0B,KAAK,cAAc;AACtE,aAAK,aAAa;AAAA,MACtB;AAAA,IACJ;AAAA,EAoBJ;;;ACtDO,MAAM,eAAN,MAAmB;AAAA,IAUtB,YAAY,MAQT;AACC,WAAK,gBAAgB,KAAK;AAC1B,WAAK,WAAW,KAAK;AACrB,WAAK,gBAAgB,KAAK;AAC1B,WAAK,QAAQ,KAAK;AAClB,WAAK,UAAU,KAAK;AAEpB,WAAK,OAAO,KAAK;AAAA,IAErB;AAAA,EACJ;;;ACwCO,MAAM,cAAN,MAAkB;AAAA,IAad,YAAY,UAA+B,mBAAgC,gBAA6B,iBAA8B;AAV7I,WAAmB,UAAU,IAAI,OAAO,aAAa;AAWjD,WAAK,WAAW,IAAI,yBAAyB,QAAQ;AAErD,WAAK,UAAU,IAAI,WAAW,QAAQ;AAEtC,WAAK,qBAAqB,gDAAqB,IAAI,kBAAkB,KAAK,QAAQ;AAClF,WAAK,kBAAkB,0CAAkB,IAAI,eAAe,KAAK,QAAQ;AACzE,WAAK,mBAAmB,4CAAmB,IAAI,gBAAgB,KAAK,QAAQ;AAE5E,WAAK,UAAU,IAAI,kBAAkB,KAAK,QAAQ;AAClD,WAAK,sBAAsB,IAAI,mBAAmB,IAAI;AAGtD,UAAI,KAAK,SAAS,sBAAsB;AACpC,aAAK,iBAAiB;AAAA,MAC1B;AAEA,WAAK,kBAAkB;AACvB,UAAI,KAAK,SAAS,gBAAgB;AAC9B,aAAK,kBAAkB,IAAI,eAAe,IAAI;AAAA,MAClD;AAAA,IAEJ;AAAA;AAAA;AAAA;AAAA,IAKA,IAAW,SAA4B;AACnC,aAAO,KAAK;AAAA,IAChB;AAAA;AAAA;AAAA;AAAA,IAKA,IAAW,kBAAmC;AAC1C,aAAO,KAAK,QAAQ;AAAA,IACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,UAAgC;AACzC,YAAMC,UAAS,KAAK,QAAQ,OAAO,SAAS;AAC5C,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,UAAI,MAAM;AACN,QAAAA,QAAO,KAAK,aAAa;AACzB,cAAM,KAAK,QAAQ,KAAK,MAAM,KAAK;AACnC,eAAO;AAAA,MACX;AAEA,MAAAA,QAAO,KAAK,2BAA2B;AACvC,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,aAA4B;AACrC,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,KAAK,2BAA2B;AACvC,YAAM,KAAK,QAAQ,OAAO;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAa,eAAe,OAA2B,CAAC,GAAkB;AACtE,WAAK,QAAQ,OAAO,gBAAgB;AACpC,YAAM;AAAA,QACF;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AACJ,YAAM,SAAS,MAAM,KAAK,mBAAmB,QAAQ,EAAE,eAAe,CAAC;AACvE,YAAM,KAAK,aAAa;AAAA,QACpB,cAAc;AAAA,QACd,GAAG;AAAA,MACP,GAAG,MAAM;AAAA,IACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAa,uBAAuB,MAAM,OAAO,SAAS,MAAqB;AAC3E,YAAMA,UAAS,KAAK,QAAQ,OAAO,wBAAwB;AAC3D,YAAM,OAAO,MAAM,KAAK,WAAW,GAAG;AACtC,UAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,QAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,MAC9D,OACK;AACD,QAAAA,QAAO,KAAK,YAAY;AAAA,MAC5B;AAEA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAa,+BAA+B;AAAA,MACxC;AAAA,MACA;AAAA,MACA,eAAe;AAAA,IACnB,GAAsD;AAClD,YAAMA,UAAS,KAAK,QAAQ,OAAO,+BAA+B;AAElE,YAAM,iBAAiB,MAAM,KAAK,QAAQ,wCAAwC,EAAE,UAAU,UAAU,cAAc,kBAAkB,KAAK,SAAS,iBAAiB,CAAC;AACxK,MAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAM,OAAO,MAAM,KAAK,WAAW,cAAc;AACjD,UAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,QAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,MAC9D,OAAO;AACH,QAAAA,QAAO,KAAK,YAAY;AAAA,MAC5B;AACA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,MAAa,YAAY,OAAwB,CAAC,GAAkB;AAChE,YAAMA,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,YAAM;AAAA,QACF;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,kCAAkC,CAAC;AAAA,MAC9D;AAEA,YAAM,SAAS,MAAM,KAAK,gBAAgB,QAAQ,EAAE,qBAAqB,kBAAkB,CAAC;AAC5F,YAAM,OAAO,MAAM,KAAK,QAAQ;AAAA,QAC5B,cAAc;AAAA,QACd,cAAc;AAAA,QACd,SAAS;AAAA,QACT,GAAG;AAAA,MACP,GAAG,MAAM;AACT,UAAI,MAAM;AACN,YAAI,KAAK,WAAW,KAAK,QAAQ,KAAK;AAClC,UAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,QAC9D,OACK;AACD,UAAAA,QAAO,KAAK,YAAY;AAAA,QAC5B;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,MAAa,oBAAoB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AAC1F,YAAMA,UAAS,KAAK,QAAQ,OAAO,qBAAqB;AACxD,YAAM,KAAK,gBAAgB,SAAS,KAAK,EAAE,SAAS,CAAC;AACrD,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,aAAa,OAAyB,CAAC,GAAyB;AAxRjF;AAyRQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,YAAM;AAAA,QACF;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AAEJ,UAAI,OAAO,MAAM,KAAK,UAAU;AAChC,UAAI,6BAAM,eAAe;AACrB,QAAAA,QAAO,MAAM,qBAAqB;AAClC,cAAM,QAAQ,IAAI,aAAa,IAAsB;AACrD,eAAO,MAAM,KAAK,iBAAiB;AAAA,UAC/B;AAAA,UACA,cAAc,YAAY;AAAA,UAC1B,UAAU,YAAY;AAAA,UACtB,kBAAkB,YAAY;AAAA,UAC9B,kBAAkB;AAAA,QACtB,CAAC;AAAA,MACL;AAEA,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,mCAAmC,CAAC;AAAA,MAC/D;AAEA,UAAI;AACJ,UAAI,QAAQ,KAAK,SAAS,0BAA0B;AAChD,QAAAA,QAAO,MAAM,kCAAkC,KAAK,QAAQ,GAAG;AAC/D,oBAAY,KAAK,QAAQ;AAAA,MAC7B;AAEA,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,aAAO,MAAM,KAAK,QAAQ;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,eAAe,KAAK,SAAS,8BAA8B,6BAAM,WAAW;AAAA,QAC5E,GAAG;AAAA,MACP,GAAG,QAAQ,SAAS;AACpB,UAAI,MAAM;AACN,aAAI,UAAK,YAAL,mBAAc,KAAK;AACnB,UAAAA,QAAO,KAAK,8BAA8B,KAAK,QAAQ,GAAG;AAAA,QAC9D,OACK;AACD,UAAAA,QAAO,KAAK,YAAY;AAAA,QAC5B;AAAA,MACJ;AAEA,aAAO;AAAA,IACX;AAAA,IAEA,MAAgB,iBAAiB,MAA0C;AACvE,YAAM,WAAW,MAAM,KAAK,QAAQ,gBAAgB;AAAA,QAChD,GAAG;AAAA,QACH,kBAAkB,KAAK,SAAS;AAAA,MACpC,CAAC;AACD,YAAM,OAAO,IAAI,KAAK,EAAE,GAAG,KAAK,OAAO,GAAG,SAAS,CAAC;AAEpD,YAAM,KAAK,UAAU,IAAI;AACzB,YAAM,KAAK,QAAQ,KAAK,IAAI;AAC5B,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAa,qBAAqB,MAAM,OAAO,SAAS,MAAqB;AACzE,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,YAAM,KAAK,iBAAiB,SAAS,GAAG;AACxC,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAa,eAAe,MAAM,OAAO,SAAS,MAA4B;AAC1E,YAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,wBAAwB,GAAG;AAChE,cAAQ,MAAM,cAAc;AAAA,QACxB,KAAK;AACD,iBAAO,MAAM,KAAK,uBAAuB,GAAG;AAAA,QAChD,KAAK;AACD,iBAAO,MAAM,KAAK,oBAAoB,GAAG;AAAA,QAC7C,KAAK;AACD,iBAAO,MAAM,KAAK,qBAAqB,GAAG;AAAA,QAC9C;AACI,gBAAM,IAAI,MAAM,gCAAgC;AAAA,MACxD;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,MAAa,gBAAgB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AACtF,YAAM,EAAE,MAAM,IAAI,MAAM,KAAK,QAAQ,yBAAyB,GAAG;AACjE,UAAI,CAAC,OAAO;AACR;AAAA,MACJ;AAEA,cAAQ,MAAM,cAAc;AAAA,QACxB,KAAK;AACD,gBAAM,KAAK,wBAAwB,GAAG;AACtC;AAAA,QACJ,KAAK;AACD,gBAAM,KAAK,qBAAqB,KAAK,QAAQ;AAC7C;AAAA,QACJ,KAAK;AACD,gBAAM,KAAK,sBAAsB,GAAG;AACpC;AAAA,QACJ;AACI,gBAAM,IAAI,MAAM,gCAAgC;AAAA,MACxD;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,mBAAmB,OAA+B,CAAC,GAAkC;AAC9F,YAAMA,UAAS,KAAK,QAAQ,OAAO,oBAAoB;AACvD,YAAM;AAAA,QACF;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAC1B,UAAI,CAAC,KAAK;AACN,QAAAA,QAAO,MAAM,IAAI,MAAM,mCAAmC,CAAC;AAAA,MAC/D;AAEA,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,YAAM,cAAc,MAAM,KAAK,aAAa;AAAA,QACxC,cAAc;AAAA;AAAA,QACd,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,eAAe,KAAK,SAAS,8BAA8B,6BAAM,WAAW;AAAA,QAC5E,eAAe,KAAK,SAAS;AAAA,QAC7B,OAAO;AAAA,QACP,cAAc;AAAA,QACd,GAAG;AAAA,MACP,GAAG,MAAM;AACT,UAAI;AACA,cAAM,iBAAiB,MAAM,KAAK,QAAQ,sBAAsB,YAAY,GAAG;AAC/E,QAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAI,eAAe,iBAAiB,eAAe,QAAQ,KAAK;AAC5D,UAAAA,QAAO,KAAK,uBAAuB,eAAe,QAAQ,GAAG;AAC7D,iBAAO;AAAA,YACH,eAAe,eAAe;AAAA,YAC9B,KAAK,eAAe,QAAQ;AAAA,UAChC;AAAA,QACJ;AAEA,QAAAA,QAAO,KAAK,iCAAiC;AAC7C,eAAO;AAAA,MACX,SACO,KAAK;AACR,YAAI,KAAK,SAAS,2BAA2B,eAAe,eAAe;AACvE,kBAAQ,IAAI,OAAO;AAAA,YACf,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AAAA,YACL,KAAK;AACD,cAAAA,QAAO,KAAK,4BAA4B;AACxC,qBAAO;AAAA;AAAA,gBAEH,eAAe,IAAI;AAAA,cACvB;AAAA,UACR;AAAA,QACJ;AACA,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IAEA,MAAgB,QAAQ,MAA+B,QAAiB,WAAmC;AACvG,YAAM,cAAc,MAAM,KAAK,aAAa,MAAM,MAAM;AACxD,aAAO,MAAM,KAAK,WAAW,YAAY,KAAK,SAAS;AAAA,IAC3D;AAAA,IACA,MAAgB,aAAa,MAA+B,QAA4C;AACpG,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AAEjD,UAAI;AACA,cAAM,gBAAgB,MAAM,KAAK,QAAQ,oBAAoB,IAAI;AACjE,QAAAA,QAAO,MAAM,oBAAoB;AAEjC,eAAO,MAAM,OAAO,SAAS;AAAA,UACzB,KAAK,cAAc;AAAA,UACnB,OAAO,cAAc,MAAM;AAAA,UAC3B,eAAe,cAAc,MAAM;AAAA,UACnC,cAAc,KAAK,SAAS;AAAA,QAChC,CAAC;AAAA,MACL,SACO,KAAK;AACR,QAAAA,QAAO,MAAM,2DAA2D;AACxE,eAAO,MAAM;AACb,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IACA,MAAgB,WAAW,KAAa,WAAmC;AACvE,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,iBAAiB,MAAM,KAAK,QAAQ,sBAAsB,GAAG;AACnE,MAAAA,QAAO,MAAM,qBAAqB;AAElC,YAAM,OAAO,MAAM,KAAK,WAAW,gBAAgB,SAAS;AAC5D,aAAO;AAAA,IACX;AAAA,IAEA,MAAgB,WAAW,gBAAgC,WAAoB;AAC3E,YAAMA,UAAS,KAAK,QAAQ,OAAO,YAAY;AAC/C,YAAM,OAAO,IAAI,KAAK,cAAc;AACpC,UAAI,WAAW;AACX,YAAI,cAAc,KAAK,QAAQ,KAAK;AAChC,UAAAA,QAAO,MAAM,2EAA2E,KAAK,QAAQ,GAAG;AACxG,gBAAM,IAAI,cAAc,EAAE,GAAG,gBAAgB,OAAO,iBAAiB,CAAC;AAAA,QAC1E;AACA,QAAAA,QAAO,MAAM,gDAAgD;AAAA,MACjE;AAEA,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,MAAM,aAAa;AAC1B,YAAM,KAAK,QAAQ,KAAK,IAAI;AAE5B,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,gBAAgB,OAA4B,CAAC,GAAkB;AACxE,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AACpD,YAAM;AAAA,QACF;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AACJ,YAAM,SAAS,MAAM,KAAK,mBAAmB,QAAQ,EAAE,eAAe,CAAC;AACvE,YAAM,KAAK,cAAc;AAAA,QACrB,cAAc;AAAA,QACd,0BAA0B,KAAK,SAAS;AAAA,QACxC,GAAG;AAAA,MACP,GAAG,MAAM;AACT,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAa,wBAAwB,MAAM,OAAO,SAAS,MAAgC;AACvF,YAAMA,UAAS,KAAK,QAAQ,OAAO,yBAAyB;AAC5D,YAAM,WAAW,MAAM,KAAK,YAAY,GAAG;AAC3C,MAAAA,QAAO,KAAK,SAAS;AACrB,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,aAAa,OAAyB,CAAC,GAAkB;AAClE,YAAMA,UAAS,KAAK,QAAQ,OAAO,cAAc;AACjD,YAAM;AAAA,QACF;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AACJ,YAAM,MAAM,KAAK,SAAS;AAE1B,YAAM,SAAS,MAAM,KAAK,gBAAgB,QAAQ,EAAE,qBAAqB,kBAAkB,CAAC;AAC5F,YAAM,KAAK,SAAS;AAAA,QAChB,cAAc;AAAA,QACd,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,QAM1B,OAAO,OAAO,OAAO,SAAY,CAAC;AAAA,QAClC,GAAG;AAAA,MACP,GAAG,MAAM;AACT,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAa,qBAAqB,MAAM,OAAO,SAAS,MAAM,WAAW,OAAsB;AAC3F,YAAMA,UAAS,KAAK,QAAQ,OAAO,sBAAsB;AACzD,YAAM,KAAK,gBAAgB,SAAS,KAAK,EAAE,SAAS,CAAC;AACrD,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAEA,MAAgB,SAAS,MAAgC,QAA2C;AAChG,YAAM,cAAc,MAAM,KAAK,cAAc,MAAM,MAAM;AACzD,aAAO,MAAM,KAAK,YAAY,YAAY,GAAG;AAAA,IACjD;AAAA,IACA,MAAgB,cAAc,OAAiC,CAAC,GAAG,QAA4C;AA7lBnH;AA8lBQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,eAAe;AAElD,UAAI;AACA,cAAM,OAAO,MAAM,KAAK,UAAU;AAClC,QAAAA,QAAO,MAAM,kCAAkC;AAE/C,YAAI,KAAK,SAAS,uBAAuB;AACrC,gBAAM,KAAK,gBAAgB,IAAI;AAAA,QACnC;AAEA,cAAM,WAAW,KAAK,iBAAiB,QAAQ,KAAK;AACpD,YAAI,UAAU;AACV,UAAAA,QAAO,MAAM,0CAA0C;AACvD,eAAK,gBAAgB;AAAA,QACzB;AAEA,cAAM,KAAK,WAAW;AACtB,QAAAA,QAAO,MAAM,wCAAwC;AAErD,cAAM,iBAAiB,MAAM,KAAK,QAAQ,qBAAqB,IAAI;AACnE,QAAAA,QAAO,MAAM,qBAAqB;AAElC,eAAO,MAAM,OAAO,SAAS;AAAA,UACzB,KAAK,eAAe;AAAA,UACpB,QAAO,oBAAe,UAAf,mBAAsB;AAAA,UAC7B,cAAc,KAAK,SAAS;AAAA,QAChC,CAAC;AAAA,MACL,SACO,KAAK;AACR,QAAAA,QAAO,MAAM,2DAA2D;AACxE,eAAO,MAAM;AACb,cAAM;AAAA,MACV;AAAA,IACJ;AAAA,IACA,MAAgB,YAAY,KAAuC;AAC/D,YAAMA,UAAS,KAAK,QAAQ,OAAO,aAAa;AAChD,YAAM,kBAAkB,MAAM,KAAK,QAAQ,uBAAuB,GAAG;AACrE,MAAAA,QAAO,MAAM,sBAAsB;AAEnC,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAa,cAAc,OAA0B,CAAC,GAAkB;AA7oB5E;AA8oBQ,YAAMA,UAAS,KAAK,QAAQ,OAAO,eAAe;AAClD,YAAM;AAAA,QACF;AAAA,QACA,GAAG;AAAA,MACP,IAAI;AAEJ,YAAM,gBAAgB,KAAK,SAAS,iCAC7B,WAAM,KAAK,UAAU,MAArB,mBAAyB,WAC1B;AAEN,YAAM,MAAM,KAAK,SAAS;AAC1B,YAAM,SAAS,MAAM,KAAK,iBAAiB,QAAQ,EAAE,8BAA8B,CAAC;AACpF,YAAM,KAAK,SAAS;AAAA,QAChB,cAAc;AAAA,QACd,0BAA0B;AAAA,QAC1B;AAAA,QACA,GAAG;AAAA,MACP,GAAG,MAAM;AAET,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAa,sBAAsB,MAAM,OAAO,SAAS,MAAqB;AAC1E,YAAMA,UAAS,KAAK,QAAQ,OAAO,uBAAuB;AAC1D,YAAM,KAAK,iBAAiB,SAAS,GAAG;AACxC,MAAAA,QAAO,KAAK,SAAS;AAAA,IACzB;AAAA,IAEA,MAAa,aAAa,OAA0C;AAChE,YAAM,OAAO,MAAM,KAAK,UAAU;AAClC,YAAM,KAAK,gBAAgB,MAAM,KAAK;AAAA,IAC1C;AAAA,IAEA,MAAgB,gBAAgB,MAAmB,QAAQ,KAAK,SAAS,kBAAiC;AACtG,YAAMA,UAAS,KAAK,QAAQ,OAAO,iBAAiB;AACpD,UAAI,CAAC;AAAM;AAEX,YAAM,eAAe,MAAM,OAAO,UAAQ,OAAO,KAAK,IAAI,MAAM,QAAQ;AAExE,UAAI,CAAC,aAAa,QAAQ;AACtB,QAAAA,QAAO,MAAM,sCAAsC;AACnD;AAAA,MACJ;AAGA,iBAAW,QAAQ,cAAc;AAC7B,cAAM,KAAK,QAAQ;AAAA,UACf,KAAK,IAAI;AAAA;AAAA,UACT;AAAA,QACJ;AACA,QAAAA,QAAO,KAAK,GAAG,IAAI,uBAAuB;AAC1C,YAAI,SAAS,gBAAgB;AACzB,eAAK,IAAI,IAAI;AAAA,QACjB;AAAA,MACJ;AAEA,YAAM,KAAK,UAAU,IAAI;AACzB,MAAAA,QAAO,MAAM,aAAa;AAC1B,YAAM,KAAK,QAAQ,KAAK,IAAI;AAAA,IAChC;AAAA;AAAA;AAAA;AAAA,IAKO,mBAAyB;AAC5B,WAAK,QAAQ,OAAO,kBAAkB;AACtC,WAAK,KAAK,oBAAoB,MAAM;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA,IAKO,kBAAwB;AAC3B,WAAK,oBAAoB,KAAK;AAAA,IAClC;AAAA,IAEA,IAAc,gBAAwB;AAClC,aAAO,QAAQ,KAAK,SAAS,SAAS,IAAI,KAAK,SAAS,SAAS;AAAA,IACrE;AAAA,IAEA,MAAgB,YAAkC;AAC9C,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,YAAM,gBAAgB,MAAM,KAAK,SAAS,UAAU,IAAI,KAAK,aAAa;AAC1E,UAAI,eAAe;AACf,QAAAA,QAAO,MAAM,2BAA2B;AACxC,eAAO,KAAK,kBAAkB,aAAa;AAAA,MAC/C;AAEA,MAAAA,QAAO,MAAM,uBAAuB;AACpC,aAAO;AAAA,IACX;AAAA,IAEA,MAAa,UAAU,MAAkC;AACrD,YAAMA,UAAS,KAAK,QAAQ,OAAO,WAAW;AAC9C,UAAI,MAAM;AACN,QAAAA,QAAO,MAAM,cAAc;AAC3B,cAAM,gBAAgB,KAAK,gBAAgB;AAC3C,cAAM,KAAK,SAAS,UAAU,IAAI,KAAK,eAAe,aAAa;AAAA,MACvE,OACK;AACD,aAAK,QAAQ,MAAM,eAAe;AAClC,cAAM,KAAK,SAAS,UAAU,OAAO,KAAK,aAAa;AAAA,MAC3D;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,MAAa,kBAAiC;AAC1C,YAAM,KAAK,QAAQ,gBAAgB;AAAA,IACvC;AAAA,EACJ;;;ACnwBE,gBAAW;;;ACIN,MAAM,UAAkB;", "names": ["Log", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "logger", "_a", "logger", "logger"] }