@cloudflare/workers-auth 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/{chunk-PAWJFY3S.mjs → chunk-O6YSETKJ.mjs} +0 -2
  2. package/dist/index.d.mts +18 -3
  3. package/dist/index.mjs +135 -46
  4. package/dist/metafile-esm.json +1 -1
  5. package/dist/test-helpers/index.mjs +1 -3
  6. package/package.json +2 -2
  7. package/dist/chunk-PAWJFY3S.mjs.map +0 -1
  8. package/dist/index.mjs.map +0 -1
  9. package/dist/test-helpers/index.mjs.map +0 -1
package/dist/{chunk-PAWJFY3S.mjs → chunk-O6YSETKJ.mjs} RENAMED
@@ -2,5 +2,3 @@ var __defProp = Object.defineProperty;
2
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
3
 
4
4
  export { __name };
5
- //# sourceMappingURL=chunk-PAWJFY3S.mjs.map
6
- //# sourceMappingURL=chunk-PAWJFY3S.mjs.map
package/dist/index.d.mts CHANGED
@@ -236,11 +236,21 @@ declare const getCfAuthorizationTokenFromEnv: () => string | undefined;
236
236
 
237
237
  /**
238
238
  * A list of OAuth2AuthCodePKCE errors.
239
+ *
240
+ * Instances may carry the structured details from the OAuth provider's
241
+ * `error`, `error_description` and `error_uri` query parameters (RFC 6749
242
+ * §4.1.2.1) so callers can render them — see {@link toErrorClass}.
239
243
  */
240
244
  declare class ErrorOAuth2 extends UserError {
245
+ /** The OAuth `error` code returned by the provider (e.g. `invalid_scope`). */
246
+ code?: string;
247
+ /** The OAuth `error_description` returned by the provider, if any. */
248
+ description?: string;
249
+ /** The OAuth `error_uri` returned by the provider, if any. */
250
+ uri?: string;
241
251
  toString(): string;
242
252
  }
243
- declare class ErrorUnknown extends UserError {
253
+ declare class ErrorUnknown extends ErrorOAuth2 {
244
254
  toString(): string;
245
255
  }
246
256
  declare class ErrorNoAuthCode extends ErrorOAuth2 {
@@ -299,9 +309,14 @@ declare class ErrorUnsupportedGrantType extends ErrorAccessTokenResponse {
299
309
  toString(): string;
300
310
  }
301
311
  /**
302
- * Translate the raw error strings returned from the server into error classes.
312
+ * Translate an OAuth error response from the provider into one of our error
313
+ * classes. The `error_description` and `error_uri` parameters (RFC 6749
314
+ * §4.1.2.1) are included in the message when present so the user sees the
315
+ * specific reason for the failure rather than just the bare error code, and
316
+ * are also attached as structured fields so the HTTP callback handler can
317
+ * render them on the browser-facing error page.
303
318
  */
304
- declare function toErrorClass(rawError: string): ErrorOAuth2 | ErrorUnknown;
319
+ declare function toErrorClass(rawError: string, description?: string, uri?: string): ErrorOAuth2 | ErrorUnknown;
305
320
 
306
321
  /**
307
322
  * Options for an interactive OAuth login.
package/dist/index.mjs CHANGED
@@ -1,5 +1,5 @@
1
- import { __name } from './chunk-PAWJFY3S.mjs';
2
- import { mkdirSync, writeFileSync, rmSync } from 'node:fs';
1
+ import { __name } from './chunk-O6YSETKJ.mjs';
2
+ import { mkdirSync, writeFileSync, chmodSync, rmSync } from 'node:fs';
3
3
  import path from 'node:path';
4
4
  import { getEnvironmentVariableFactory, getCloudflareApiEnvironmentFromEnv, UserError, getGlobalWranglerConfigPath, parseTOML, readFileSync, getCloudflareComplianceRegion } from '@cloudflare/workers-utils';
5
5
  import { spawnSync } from 'node:child_process';
@@ -901,8 +901,10 @@ function writeAuthConfigFile(config) {
901
901
  recursive: true
902
902
  });
903
903
  writeFileSync(configPath, dist_default.stringify(config), {
904
- encoding: "utf-8"
904
+ encoding: "utf-8",
905
+ mode: 384
905
906
  });
907
+ chmodSync(configPath, 384);
906
908
  }
907
909
  __name(writeAuthConfigFile, "writeAuthConfigFile");
908
910
  function readAuthConfigFile() {
@@ -1052,11 +1054,17 @@ var ErrorOAuth2 = class extends UserError {
1052
1054
  static {
1053
1055
  __name(this, "ErrorOAuth2");
1054
1056
  }
1057
+ /** The OAuth `error` code returned by the provider (e.g. `invalid_scope`). */
1058
+ code;
1059
+ /** The OAuth `error_description` returned by the provider, if any. */
1060
+ description;
1061
+ /** The OAuth `error_uri` returned by the provider, if any. */
1062
+ uri;
1055
1063
  toString() {
1056
1064
  return "ErrorOAuth2";
1057
1065
  }
1058
1066
  };
1059
- var ErrorUnknown = class extends UserError {
1067
+ var ErrorUnknown = class extends ErrorOAuth2 {
1060
1068
  static {
1061
1069
  __name(this, "ErrorUnknown");
1062
1070
  }
@@ -1192,61 +1200,93 @@ var ErrorUnsupportedGrantType = class extends ErrorAccessTokenResponse {
1192
1200
  return "ErrorUnsupportedGrantType";
1193
1201
  }
1194
1202
  };
1195
- function toErrorClass(rawError) {
1203
+ function formatOAuthErrorMessage(code, description, uri) {
1204
+ let message = `OAuth error: ${code}`;
1205
+ if (description) {
1206
+ message += `
1207
+ ${description}`;
1208
+ }
1209
+ if (uri) {
1210
+ message += `
1211
+ See: ${uri}`;
1212
+ }
1213
+ return message;
1214
+ }
1215
+ __name(formatOAuthErrorMessage, "formatOAuthErrorMessage");
1216
+ function toErrorClass(rawError, description, uri) {
1217
+ const message = formatOAuthErrorMessage(rawError, description, uri);
1218
+ let error;
1196
1219
  switch (rawError) {
1197
1220
  case "invalid_request":
1198
- return new ErrorInvalidRequest(rawError, {
1221
+ error = new ErrorInvalidRequest(message, {
1199
1222
  telemetryMessage: "user oauth invalid request"
1200
1223
  });
1224
+ break;
1201
1225
  case "invalid_grant":
1202
- return new ErrorInvalidGrant(rawError, {
1226
+ error = new ErrorInvalidGrant(message, {
1203
1227
  telemetryMessage: "user oauth invalid grant"
1204
1228
  });
1229
+ break;
1205
1230
  case "unauthorized_client":
1206
- return new ErrorUnauthorizedClient(rawError, {
1231
+ error = new ErrorUnauthorizedClient(message, {
1207
1232
  telemetryMessage: "user oauth unauthorized client"
1208
1233
  });
1234
+ break;
1209
1235
  case "access_denied":
1210
- return new ErrorAccessDenied(rawError, {
1236
+ error = new ErrorAccessDenied(message, {
1211
1237
  telemetryMessage: "user oauth access denied"
1212
1238
  });
1239
+ break;
1213
1240
  case "unsupported_response_type":
1214
- return new ErrorUnsupportedResponseType(rawError, {
1241
+ error = new ErrorUnsupportedResponseType(message, {
1215
1242
  telemetryMessage: "user oauth unsupported response type"
1216
1243
  });
1244
+ break;
1217
1245
  case "invalid_scope":
1218
- return new ErrorInvalidScope(rawError, {
1246
+ error = new ErrorInvalidScope(message, {
1219
1247
  telemetryMessage: "user oauth invalid scope"
1220
1248
  });
1249
+ break;
1221
1250
  case "server_error":
1222
- return new ErrorServerError(rawError, {
1251
+ error = new ErrorServerError(message, {
1223
1252
  telemetryMessage: "user oauth server error"
1224
1253
  });
1254
+ break;
1225
1255
  case "temporarily_unavailable":
1226
- return new ErrorTemporarilyUnavailable(rawError, {
1256
+ error = new ErrorTemporarilyUnavailable(message, {
1227
1257
  telemetryMessage: "user oauth temporarily unavailable"
1228
1258
  });
1259
+ break;
1229
1260
  case "invalid_client":
1230
- return new ErrorInvalidClient(rawError, {
1261
+ error = new ErrorInvalidClient(message, {
1231
1262
  telemetryMessage: "user oauth invalid client"
1232
1263
  });
1264
+ break;
1233
1265
  case "unsupported_grant_type":
1234
- return new ErrorUnsupportedGrantType(rawError, {
1266
+ error = new ErrorUnsupportedGrantType(message, {
1235
1267
  telemetryMessage: "user oauth unsupported grant type"
1236
1268
  });
1269
+ break;
1237
1270
  case "invalid_json":
1238
- return new ErrorInvalidJson(rawError, {
1271
+ error = new ErrorInvalidJson(message, {
1239
1272
  telemetryMessage: "user oauth invalid json"
1240
1273
  });
1274
+ break;
1241
1275
  case "invalid_token":
1242
- return new ErrorInvalidToken(rawError, {
1276
+ error = new ErrorInvalidToken(message, {
1243
1277
  telemetryMessage: "user oauth invalid token"
1244
1278
  });
1279
+ break;
1245
1280
  default:
1246
- return new ErrorUnknown(rawError, {
1281
+ error = new ErrorUnknown(message, {
1247
1282
  telemetryMessage: "user oauth unknown error"
1248
1283
  });
1284
+ break;
1249
1285
  }
1286
+ error.code = rawError;
1287
+ error.description = description;
1288
+ error.uri = uri;
1289
+ return error;
1250
1290
  }
1251
1291
  __name(toErrorClass, "toErrorClass");
1252
1292
 
@@ -1376,10 +1416,10 @@ __name(readStoredAuthState, "readStoredAuthState");
1376
1416
  // src/token-exchange.ts
1377
1417
  function isReturningFromAuthServer(query, state, logger) {
1378
1418
  if (query.error) {
1379
- if (Array.isArray(query.error)) {
1380
- throw toErrorClass(query.error[0]);
1381
- }
1382
- throw toErrorClass(query.error);
1419
+ const error = Array.isArray(query.error) ? query.error[0] : query.error;
1420
+ const description = Array.isArray(query.error_description) ? query.error_description[0] : query.error_description;
1421
+ const uri = Array.isArray(query.error_uri) ? query.error_uri[0] : query.error_uri;
1422
+ throw toErrorClass(error, description, uri);
1383
1423
  }
1384
1424
  const code = query.code;
1385
1425
  if (!code) {
@@ -1502,7 +1542,7 @@ async function exchangeAuthCodeForAccessToken(state, logger, isNonInteractiveOrC
1502
1542
  }
1503
1543
  const json = await getJSONFromResponse(response, logger);
1504
1544
  if ("error" in json) {
1505
- throw new Error(json.error);
1545
+ throw toErrorClass(json.error);
1506
1546
  }
1507
1547
  const { access_token, expires_in, refresh_token, scope } = json;
1508
1548
  state.hasAuthCodeBeenExchangedForAccessToken = true;
@@ -1609,6 +1649,9 @@ async function getOauthToken(options, state, ctx, generators) {
1609
1649
  server = http.createServer(async (req, res) => {
1610
1650
  function finish(token, error) {
1611
1651
  clearTimeout(loginTimeoutHandle);
1652
+ if (!res.writableEnded) {
1653
+ res.end();
1654
+ }
1612
1655
  server.close((closeErr) => {
1613
1656
  if (error || closeErr) {
1614
1657
  reject(error || closeErr);
@@ -1619,6 +1662,43 @@ async function getOauthToken(options, state, ctx, generators) {
1619
1662
  });
1620
1663
  }
1621
1664
  __name(finish, "finish");
1665
+ function renderErrorPage(detail) {
1666
+ const escape = /* @__PURE__ */ __name((s) => s.replace(
1667
+ /[&<>"']/g,
1668
+ (c) => ({
1669
+ "&": "&amp;",
1670
+ "<": "&lt;",
1671
+ ">": "&gt;",
1672
+ '"': "&quot;",
1673
+ "'": "&#39;"
1674
+ })[c]
1675
+ ), "escape");
1676
+ const codeRow = detail.code ? `<p>Code: <code>${escape(detail.code)}</code></p>` : "";
1677
+ const descriptionRow = detail.description ? `<p class="detail">${escape(detail.description)}</p>` : "";
1678
+ const body = `<!doctype html>
1679
+ <html lang="en">
1680
+ <head>
1681
+ <meta charset="utf-8" />
1682
+ <title>Wrangler login failed</title>
1683
+ <style>
1684
+ body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; max-width: 720px; margin: 4rem auto; padding: 0 1rem; color: #1f2933; line-height: 1.5; }
1685
+ h1 { color: #c12d3f; }
1686
+ code { background: #f5f7fa; padding: 0.15em 0.3em; border-radius: 3px; }
1687
+ p.detail { background: #f5f7fa; padding: 1rem; border-radius: 4px; white-space: pre-wrap; }
1688
+ </style>
1689
+ </head>
1690
+ <body>
1691
+ <h1>Wrangler login failed</h1>
1692
+ <p>The Cloudflare OAuth provider returned an error.</p>
1693
+ ${codeRow}
1694
+ ${descriptionRow}
1695
+ <p>You can close this tab and return to your terminal for more details.</p>
1696
+ </body>
1697
+ </html>`;
1698
+ res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
1699
+ res.end(body);
1700
+ }
1701
+ __name(renderErrorPage, "renderErrorPage");
1622
1702
  assert2(req.url, "This request doesn't have a URL");
1623
1703
  const { pathname, query } = url.parse(req.url, true);
1624
1704
  if (req.method !== "GET") {
@@ -1643,37 +1723,48 @@ async function getOauthToken(options, state, ctx, generators) {
1643
1723
  );
1644
1724
  });
1645
1725
  return;
1646
- } else {
1647
- finish(null, err);
1648
- return;
1649
1726
  }
1727
+ const oauthErr = err;
1728
+ renderErrorPage({
1729
+ code: oauthErr.code,
1730
+ description: oauthErr.description ?? oauthErr.message
1731
+ });
1732
+ finish(null, oauthErr);
1733
+ return;
1650
1734
  }
1651
1735
  if (!hasAuthCode) {
1736
+ const noCodeMessage = "The Cloudflare OAuth provider did not return an authorisation code.";
1737
+ renderErrorPage({ description: noCodeMessage });
1652
1738
  finish(
1653
1739
  null,
1654
- new ErrorNoAuthCode("", {
1740
+ new ErrorNoAuthCode(noCodeMessage, {
1655
1741
  telemetryMessage: "user oauth missing auth code"
1656
1742
  })
1657
1743
  );
1658
1744
  return;
1659
- } else {
1660
- try {
1661
- const exchange = await exchangeAuthCodeForAccessToken(
1662
- state,
1663
- ctx.logger,
1664
- ctx.isNonInteractiveOrCI
1665
- );
1666
- res.writeHead(307, {
1667
- Location: options.granted.url
1668
- });
1669
- res.end(() => {
1670
- finish(exchange);
1671
- });
1672
- } catch (err) {
1673
- finish(null, err);
1674
- }
1675
- return;
1676
1745
  }
1746
+ try {
1747
+ const exchange = await exchangeAuthCodeForAccessToken(
1748
+ state,
1749
+ ctx.logger,
1750
+ ctx.isNonInteractiveOrCI
1751
+ );
1752
+ res.writeHead(307, {
1753
+ Location: options.granted.url
1754
+ });
1755
+ res.end(() => {
1756
+ finish(exchange);
1757
+ });
1758
+ } catch (err) {
1759
+ const exchangeErr = err;
1760
+ const isOAuthError = exchangeErr instanceof ErrorOAuth2;
1761
+ renderErrorPage({
1762
+ code: isOAuthError ? exchangeErr.code : void 0,
1763
+ description: (isOAuthError ? exchangeErr.description : void 0) ?? exchangeErr.message ?? "Failed to exchange the authorisation code for an access token."
1764
+ });
1765
+ finish(null, exchangeErr);
1766
+ }
1767
+ return;
1677
1768
  }
1678
1769
  }
1679
1770
  });
@@ -2150,5 +2241,3 @@ smol-toml/dist/index.js:
2150
2241
  */
2151
2242
 
2152
2243
  export { ErrorAccessDenied, ErrorAccessTokenResponse, ErrorAuthenticationGrant, ErrorInvalidClient, ErrorInvalidGrant, ErrorInvalidJson, ErrorInvalidRequest, ErrorInvalidReturnedStateParam, ErrorInvalidScope, ErrorInvalidToken, ErrorNoAuthCode, ErrorOAuth2, ErrorServerError, ErrorTemporarilyUnavailable, ErrorUnauthorizedClient, ErrorUnknown, ErrorUnsupportedGrantType, ErrorUnsupportedResponseType, OAUTH_CALLBACK_URL, PKCE_CHARSET, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, base64urlEncode, clearAccessCaches, createOAuthFlow, domainUsesAccess, generateAuthUrl, generatePKCECodes, generateRandomState, getAccessClientIdFromEnv, getAccessClientSecretFromEnv, getAccessHeaders, getAuthConfigFilePath, getAuthDomainFromEnv, getAuthUrlFromEnv, getCfAuthorizationTokenFromEnv, getClientIdFromEnv, getCloudflareAccessHeaders, getRevokeUrlFromEnv, getTokenUrlFromEnv, readAuthConfigFile, readStoredAuthState, toErrorClass, writeAuthConfigFile };
2153
- //# sourceMappingURL=index.mjs.map
2154
- //# sourceMappingURL=index.mjs.map
package/dist/metafile-esm.json CHANGED
@@ -1 +1 @@
1
- {"inputs":{"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js":{"bytes":2787,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js":{"bytes":3985,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js":{"bytes":4937,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js":{"bytes":6532,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js","kind":"import-statement","original":"./date.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js":{"bytes":4687,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js","kind":"import-statement","original":"./primitive.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js","kind":"import-statement","original":"./struct.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js":{"bytes":7675,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js","kind":"import-statement","original":"./primitive.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js","kind":"import-statement","original":"./extract.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js":{"bytes":5694,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js","kind":"import-statement","original":"./struct.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js","kind":"import-statement","original":"./extract.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js":{"bytes":6453,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js":{"bytes":1883,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js","kind":"import-statement","original":"./parse.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js","kind":"import-statement","original":"./stringify.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js","kind":"import-statement","original":"./date.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"}],"format":"esm"},"src/auth-config-file.ts":{"bytes":2176,"imports":[{"path":"node:fs","kind":"import-statement","external":true},{"path":"node:path","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js","kind":"import-statement","original":"smol-toml"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/env-vars.ts":{"bytes":4034,"imports":[{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/access.ts":{"bytes":7367,"imports":[{"path":"node:child_process","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/errors.ts":{"bytes":5158,"imports":[{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js":{"bytes":1634,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/generate-auth-url.ts":{"bytes":1024,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/pkce.ts":{"bytes":2624,"imports":[{"path":"node:crypto","kind":"import-statement","external":true},{"path":"node:util","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/state.ts":{"bytes":3698,"imports":[{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/token-exchange.ts":{"bytes":10927,"imports":[{"path":"node:assert","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"src/access.ts","kind":"import-statement","original":"./access"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"src/state.ts","kind":"import-statement","original":"./state"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/callback-server.ts":{"bytes":6470,"imports":[{"path":"node:assert","kind":"import-statement","external":true},{"path":"node:http","kind":"import-statement","external":true},{"path":"node:url","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/token-exchange.ts","kind":"import-statement","original":"./token-exchange"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/generate-random-state.ts":{"bytes":599,"imports":[{"path":"node:crypto","kind":"import-statement","external":true},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/flow.ts":{"bytes":11610,"imports":[{"path":"node:fs","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js","kind":"import-statement","original":"ts-dedent"},{"path":"undici","kind":"import-statement","external":true},{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"src/callback-server.ts","kind":"import-statement","original":"./callback-server"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/generate-random-state.ts","kind":"import-statement","original":"./generate-random-state"},{"path":"src/state.ts","kind":"import-statement","original":"./state"},{"path":"src/token-exchange.ts","kind":"import-statement","original":"./token-exchange"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/index.ts":{"bytes":1960,"imports":[{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"src/access.ts","kind":"import-statement","original":"./access"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/flow.ts","kind":"import-statement","original":"./flow"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/generate-random-state.ts","kind":"import-statement","original":"./generate-random-state"},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"src/state.ts","kind":"import-statement","original":"./state"}],"format":"esm"},"src/test-helpers/msw-handlers/access.ts":{"bytes":744,"imports":[{"path":"msw","kind":"import-statement","external":true}],"format":"esm"},"src/test-helpers/msw-handlers/oauth.ts":{"bytes":760,"imports":[{"path":"msw","kind":"import-statement","external":true}],"format":"esm"},"src/test-helpers/index.ts":{"bytes":123,"imports":[{"path":"src/test-helpers/msw-handlers/access.ts","kind":"import-statement","original":"./msw-handlers/access"},{"path":"src/test-helpers/msw-handlers/oauth.ts","kind":"import-statement","original":"./msw-handlers/oauth"}],"format":"esm"}},"outputs":{"dist/index.mjs.map":{"imports":[],"exports":[],"inputs":{},"bytes":147250},"dist/index.mjs":{"imports":[{"path":"dist/chunk-PAWJFY3S.mjs","kind":"import-statement"},{"path":"node:fs","kind":"import-statement","external":true},{"path":"node:path","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:child_process","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:fs","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"node:assert","kind":"import-statement","external":true},{"path":"node:http","kind":"import-statement","external":true},{"path":"node:url","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:assert","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"node:crypto","kind":"import-statement","external":true},{"path":"node:util","kind":"import-statement","external":true},{"path":"node:crypto","kind":"import-statement","external":true}],"exports":["ErrorAccessDenied","ErrorAccessTokenResponse","ErrorAuthenticationGrant","ErrorInvalidClient","ErrorInvalidGrant","ErrorInvalidJson","ErrorInvalidRequest","ErrorInvalidReturnedStateParam","ErrorInvalidScope","ErrorInvalidToken","ErrorNoAuthCode","ErrorOAuth2","ErrorServerError","ErrorTemporarilyUnavailable","ErrorUnauthorizedClient","ErrorUnknown","ErrorUnsupportedGrantType","ErrorUnsupportedResponseType","OAUTH_CALLBACK_URL","PKCE_CHARSET","RECOMMENDED_CODE_VERIFIER_LENGTH","RECOMMENDED_STATE_LENGTH","base64urlEncode","clearAccessCaches","createOAuthFlow","domainUsesAccess","generateAuthUrl","generatePKCECodes","generateRandomState","getAccessClientIdFromEnv","getAccessClientSecretFromEnv","getAccessHeaders","getAuthConfigFilePath","getAuthDomainFromEnv","getAuthUrlFromEnv","getCfAuthorizationTokenFromEnv","getClientIdFromEnv","getCloudflareAccessHeaders","getRevokeUrlFromEnv","getTokenUrlFromEnv","readAuthConfigFile","readStoredAuthState","toErrorClass","writeAuthConfigFile"],"entryPoint":"src/index.ts","inputs":{"src/auth-config-file.ts":{"bytesInOutput":1034},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js":{"bytesInOutput":1202},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js":{"bytesInOutput":2207},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js":{"bytesInOutput":2493},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js":{"bytesInOutput":3824},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js":{"bytesInOutput":2447},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js":{"bytesInOutput":4706},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js":{"bytesInOutput":3067},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js":{"bytesInOutput":4707},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js":{"bytesInOutput":62},"src/index.ts":{"bytesInOutput":0},"src/access.ts":{"bytesInOutput":4501},"src/env-vars.ts":{"bytesInOutput":1709},"src/errors.ts":{"bytesInOutput":5163},"src/flow.ts":{"bytesInOutput":5871},"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js":{"bytesInOutput":1494},"src/callback-server.ts":{"bytesInOutput":4268},"src/token-exchange.ts":{"bytesInOutput":6866},"src/generate-auth-url.ts":{"bytesInOutput":524},"src/pkce.ts":{"bytesInOutput":1203},"src/state.ts":{"bytesInOutput":1328},"src/generate-random-state.ts":{"bytesInOutput":328}},"bytes":76626},"dist/test-helpers/index.mjs.map":{"imports":[],"exports":[],"inputs":{},"bytes":2952},"dist/test-helpers/index.mjs":{"imports":[{"path":"dist/chunk-PAWJFY3S.mjs","kind":"import-statement"},{"path":"msw","kind":"import-statement","external":true},{"path":"msw","kind":"import-statement","external":true}],"exports":["mswAccessHandlers","mswSuccessOauthHandlers"],"entryPoint":"src/test-helpers/index.ts","inputs":{"src/test-helpers/msw-handlers/access.ts":{"bytesInOutput":756},"src/test-helpers/index.ts":{"bytesInOutput":0},"src/test-helpers/msw-handlers/oauth.ts":{"bytesInOutput":877}},"bytes":1811},"dist/chunk-PAWJFY3S.mjs.map":{"imports":[],"exports":[],"inputs":{},"bytes":93},"dist/chunk-PAWJFY3S.mjs":{"imports":[],"exports":["__name"],"inputs":{},"bytes":151}}}
1
+ {"inputs":{"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js":{"bytes":2787,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js":{"bytes":3985,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js":{"bytes":4937,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js":{"bytes":6532,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js","kind":"import-statement","original":"./date.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js":{"bytes":4687,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js","kind":"import-statement","original":"./primitive.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js","kind":"import-statement","original":"./struct.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js":{"bytes":7675,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js","kind":"import-statement","original":"./primitive.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js","kind":"import-statement","original":"./extract.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js":{"bytes":5694,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js","kind":"import-statement","original":"./struct.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js","kind":"import-statement","original":"./extract.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","kind":"import-statement","original":"./util.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js":{"bytes":6453,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js":{"bytes":1883,"imports":[{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js","kind":"import-statement","original":"./parse.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js","kind":"import-statement","original":"./stringify.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js","kind":"import-statement","original":"./date.js"},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","kind":"import-statement","original":"./error.js"}],"format":"esm"},"src/auth-config-file.ts":{"bytes":2626,"imports":[{"path":"node:fs","kind":"import-statement","external":true},{"path":"node:path","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js","kind":"import-statement","original":"smol-toml"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/env-vars.ts":{"bytes":4034,"imports":[{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/access.ts":{"bytes":7367,"imports":[{"path":"node:child_process","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/errors.ts":{"bytes":6757,"imports":[{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js":{"bytes":1634,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/generate-auth-url.ts":{"bytes":1024,"imports":[{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/pkce.ts":{"bytes":2624,"imports":[{"path":"node:crypto","kind":"import-statement","external":true},{"path":"node:util","kind":"import-statement","external":true},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/state.ts":{"bytes":3698,"imports":[{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/token-exchange.ts":{"bytes":11369,"imports":[{"path":"node:assert","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"src/access.ts","kind":"import-statement","original":"./access"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"src/state.ts","kind":"import-statement","original":"./state"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/callback-server.ts":{"bytes":9274,"imports":[{"path":"node:assert","kind":"import-statement","external":true},{"path":"node:http","kind":"import-statement","external":true},{"path":"node:url","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/token-exchange.ts","kind":"import-statement","original":"./token-exchange"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/generate-random-state.ts":{"bytes":599,"imports":[{"path":"node:crypto","kind":"import-statement","external":true},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/flow.ts":{"bytes":11610,"imports":[{"path":"node:fs","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js","kind":"import-statement","original":"ts-dedent"},{"path":"undici","kind":"import-statement","external":true},{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"src/callback-server.ts","kind":"import-statement","original":"./callback-server"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/generate-random-state.ts","kind":"import-statement","original":"./generate-random-state"},{"path":"src/state.ts","kind":"import-statement","original":"./state"},{"path":"src/token-exchange.ts","kind":"import-statement","original":"./token-exchange"},{"path":"<runtime>","kind":"import-statement","external":true}],"format":"esm"},"src/index.ts":{"bytes":1960,"imports":[{"path":"src/auth-config-file.ts","kind":"import-statement","original":"./auth-config-file"},{"path":"src/access.ts","kind":"import-statement","original":"./access"},{"path":"src/env-vars.ts","kind":"import-statement","original":"./env-vars"},{"path":"src/errors.ts","kind":"import-statement","original":"./errors"},{"path":"src/flow.ts","kind":"import-statement","original":"./flow"},{"path":"src/generate-auth-url.ts","kind":"import-statement","original":"./generate-auth-url"},{"path":"src/generate-random-state.ts","kind":"import-statement","original":"./generate-random-state"},{"path":"src/pkce.ts","kind":"import-statement","original":"./pkce"},{"path":"src/state.ts","kind":"import-statement","original":"./state"}],"format":"esm"},"src/test-helpers/msw-handlers/access.ts":{"bytes":744,"imports":[{"path":"msw","kind":"import-statement","external":true}],"format":"esm"},"src/test-helpers/msw-handlers/oauth.ts":{"bytes":760,"imports":[{"path":"msw","kind":"import-statement","external":true}],"format":"esm"},"src/test-helpers/index.ts":{"bytes":123,"imports":[{"path":"src/test-helpers/msw-handlers/access.ts","kind":"import-statement","original":"./msw-handlers/access"},{"path":"src/test-helpers/msw-handlers/oauth.ts","kind":"import-statement","original":"./msw-handlers/oauth"}],"format":"esm"}},"outputs":{"dist/index.mjs":{"imports":[{"path":"dist/chunk-O6YSETKJ.mjs","kind":"import-statement"},{"path":"node:fs","kind":"import-statement","external":true},{"path":"node:path","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:child_process","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:fs","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"node:assert","kind":"import-statement","external":true},{"path":"node:http","kind":"import-statement","external":true},{"path":"node:url","kind":"import-statement","external":true},{"path":"@cloudflare/workers-utils","kind":"import-statement","external":true},{"path":"node:assert","kind":"import-statement","external":true},{"path":"undici","kind":"import-statement","external":true},{"path":"node:crypto","kind":"import-statement","external":true},{"path":"node:util","kind":"import-statement","external":true},{"path":"node:crypto","kind":"import-statement","external":true}],"exports":["ErrorAccessDenied","ErrorAccessTokenResponse","ErrorAuthenticationGrant","ErrorInvalidClient","ErrorInvalidGrant","ErrorInvalidJson","ErrorInvalidRequest","ErrorInvalidReturnedStateParam","ErrorInvalidScope","ErrorInvalidToken","ErrorNoAuthCode","ErrorOAuth2","ErrorServerError","ErrorTemporarilyUnavailable","ErrorUnauthorizedClient","ErrorUnknown","ErrorUnsupportedGrantType","ErrorUnsupportedResponseType","OAUTH_CALLBACK_URL","PKCE_CHARSET","RECOMMENDED_CODE_VERIFIER_LENGTH","RECOMMENDED_STATE_LENGTH","base64urlEncode","clearAccessCaches","createOAuthFlow","domainUsesAccess","generateAuthUrl","generatePKCECodes","generateRandomState","getAccessClientIdFromEnv","getAccessClientSecretFromEnv","getAccessHeaders","getAuthConfigFilePath","getAuthDomainFromEnv","getAuthUrlFromEnv","getCfAuthorizationTokenFromEnv","getClientIdFromEnv","getCloudflareAccessHeaders","getRevokeUrlFromEnv","getTokenUrlFromEnv","readAuthConfigFile","readStoredAuthState","toErrorClass","writeAuthConfigFile"],"entryPoint":"src/index.ts","inputs":{"src/auth-config-file.ts":{"bytesInOutput":1090},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js":{"bytesInOutput":1202},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js":{"bytesInOutput":2207},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js":{"bytesInOutput":2493},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js":{"bytesInOutput":3824},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js":{"bytesInOutput":2447},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js":{"bytesInOutput":4706},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js":{"bytesInOutput":3067},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js":{"bytesInOutput":4707},"../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js":{"bytesInOutput":62},"src/index.ts":{"bytesInOutput":0},"src/access.ts":{"bytesInOutput":4501},"src/env-vars.ts":{"bytesInOutput":1709},"src/errors.ts":{"bytesInOutput":6069},"src/flow.ts":{"bytesInOutput":5871},"../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js":{"bytesInOutput":1494},"src/callback-server.ts":{"bytesInOutput":6446},"src/token-exchange.ts":{"bytesInOutput":7078},"src/generate-auth-url.ts":{"bytesInOutput":524},"src/pkce.ts":{"bytesInOutput":1203},"src/state.ts":{"bytesInOutput":1328},"src/generate-random-state.ts":{"bytesInOutput":328}},"bytes":79978},"dist/test-helpers/index.mjs":{"imports":[{"path":"dist/chunk-O6YSETKJ.mjs","kind":"import-statement"},{"path":"msw","kind":"import-statement","external":true},{"path":"msw","kind":"import-statement","external":true}],"exports":["mswAccessHandlers","mswSuccessOauthHandlers"],"entryPoint":"src/test-helpers/index.ts","inputs":{"src/test-helpers/msw-handlers/access.ts":{"bytesInOutput":756},"src/test-helpers/index.ts":{"bytesInOutput":0},"src/test-helpers/msw-handlers/oauth.ts":{"bytesInOutput":877}},"bytes":1811},"dist/chunk-O6YSETKJ.mjs":{"imports":[],"exports":["__name"],"inputs":{},"bytes":151}}}
package/dist/test-helpers/index.mjs CHANGED
@@ -1,4 +1,4 @@
1
- import '../chunk-PAWJFY3S.mjs';
1
+ import '../chunk-O6YSETKJ.mjs';
2
2
  import { http, HttpResponse } from 'msw';
3
3
 
4
4
  var mswAccessHandlers = [
@@ -58,5 +58,3 @@ var mswSuccessOauthHandlers = [
58
58
  ];
59
59
 
60
60
  export { mswAccessHandlers, mswSuccessOauthHandlers };
61
- //# sourceMappingURL=index.mjs.map
62
- //# sourceMappingURL=index.mjs.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cloudflare/workers-auth",
3
- "version": "0.1.0",
3
+ "version": "0.1.1",
4
4
  "description": "Internal OAuth 2.0 + PKCE flow for Cloudflare CLIs. Not intended for external use — APIs may change without notice.",
5
5
  "homepage": "https://github.com/cloudflare/workers-sdk/tree/main/packages/workers-auth#readme",
6
6
  "bugs": {
@@ -29,7 +29,7 @@
29
29
  },
30
30
  "dependencies": {
31
31
  "undici": "7.24.8",
32
- "@cloudflare/workers-utils": "0.22.1"
32
+ "@cloudflare/workers-utils": "0.23.0"
33
33
  },
34
34
  "devDependencies": {
35
35
  "@types/node": "22.15.17",
package/dist/chunk-PAWJFY3S.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":[],"names":[],"mappings":"","file":"chunk-PAWJFY3S.mjs"}
package/dist/index.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js","../../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js","../src/auth-config-file.ts","../src/env-vars.ts","../src/access.ts","../src/errors.ts","../../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/src/index.ts","../src/generate-auth-url.ts","../src/pkce.ts","../src/state.ts","../src/token-exchange.ts","../src/callback-server.ts","../src/generate-random-state.ts","../src/flow.ts"],"names":["endPtr","getCloudflareApiEnvironmentFromEnv","UserError","i","crypto","assert","fetch"],"mappings":";;;;;;;;;;;;;AA2BA,SAAS,iBAAA,CAAkB,QAAQ,GAAA,EAAK;AACpC,EAAA,IAAI,QAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,GAAG,CAAA,CAAE,MAAM,aAAa,CAAA;AACpD,EAAA,OAAO,CAAC,KAAA,CAAM,MAAA,EAAQ,MAAM,GAAA,EAAI,CAAE,SAAS,CAAC,CAAA;AAChD;AAHS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAIT,SAAS,aAAA,CAAc,MAAA,EAAQ,IAAA,EAAM,MAAA,EAAQ;AACzC,EAAA,IAAI,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,aAAa,CAAA;AACtC,EAAA,IAAI,SAAA,GAAY,EAAA;AAChB,EAAA,IAAI,aAAa,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,CAAC,IAAI,CAAA,IAAK,CAAA;AAC7C,EAAA,KAAA,IAAS,IAAI,IAAA,GAAO,CAAA,EAAG,CAAA,IAAK,IAAA,GAAO,GAAG,CAAA,EAAA,EAAK;AACvC,IAAA,IAAI,CAAA,GAAI,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA;AACnB,IAAA,IAAI,CAAC,CAAA;AACD,MAAA;AACJ,IAAA,SAAA,IAAa,CAAA,CAAE,QAAA,EAAS,CAAE,MAAA,CAAO,WAAW,GAAG,CAAA;AAC/C,IAAA,SAAA,IAAa,KAAA;AACb,IAAA,SAAA,IAAa,CAAA;AACb,IAAA,SAAA,IAAa,IAAA;AACb,IAAA,IAAI,MAAM,IAAA,EAAM;AACZ,MAAA,SAAA,IAAa,GAAA,CAAI,MAAA,CAAO,SAAA,GAAY,MAAA,GAAS,CAAC,CAAA;AAC9C,MAAA,SAAA,IAAa,KAAA;AAAA;AACjB;AAEJ,EAAA,OAAO,SAAA;AACX;AAlBS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAmBF,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EAlDrC;AAkDqC,IAAA,MAAA,CAAA,IAAA,EAAA,WAAA,CAAA;AAAA;AAAA,EACjC,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EACA,WAAA,CAAY,SAAS,OAAA,EAAS;AAC1B,IAAA,MAAM,CAAC,MAAM,MAAM,CAAA,GAAI,kBAAkB,OAAA,CAAQ,IAAA,EAAM,QAAQ,GAAG,CAAA;AAClE,IAAA,MAAM,SAAA,GAAY,aAAA,CAAc,OAAA,CAAQ,IAAA,EAAM,MAAM,MAAM,CAAA;AAC1D,IAAA,KAAA,CAAM,0BAA0B,OAAO;;AAAA,EAAO,SAAS,IAAI,OAAO,CAAA;AAClE,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA;AAEzB,CAAA;;;AClCA,SAAS,SAAA,CAAU,KAAK,GAAA,EAAK;AACzB,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,GAAA,CAAI,GAAA,GAAM,EAAE,CAAC,CAAA,KAAM,IAAA;AACtB,IAAA;AACJ,EAAA,OAAO,EAAE,KAAM,CAAA,GAAI,CAAA;AACvB;AALS,MAAA,CAAA,SAAA,EAAA,WAAA,CAAA;AAMF,SAAS,eAAe,GAAA,EAAK,KAAA,GAAQ,CAAA,EAAG,GAAA,GAAM,IAAI,MAAA,EAAQ;AAC7D,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,IAAA,EAAM,KAAK,CAAA;AACjC,EAAA,IAAI,GAAA,CAAI,GAAA,GAAM,CAAC,CAAA,KAAM,IAAA;AACjB,IAAA,GAAA,EAAA;AACJ,EAAA,OAAO,GAAA,IAAO,MAAM,GAAA,GAAM,EAAA;AAC9B;AALgB,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAMT,SAAS,WAAA,CAAY,KAAK,GAAA,EAAK;AAClC,EAAA,KAAA,IAAS,CAAA,GAAI,GAAA,EAAK,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,IAAI,CAAA,GAAI,IAAI,CAAC,CAAA;AACb,IAAA,IAAI,CAAA,KAAM,IAAA;AACN,MAAA,OAAO,CAAA;AACX,IAAA,IAAI,CAAA,KAAM,IAAA,IAAQ,GAAA,CAAI,CAAA,GAAI,CAAC,CAAA,KAAM,IAAA;AAC7B,MAAA,OAAO,CAAA,GAAI,CAAA;AACf,IAAA,IAAK,CAAA,GAAI,GAAA,IAAU,CAAA,KAAM,GAAA,IAAS,MAAM,MAAA,EAAQ;AAC5C,MAAA,MAAM,IAAI,UAAU,gDAAA,EAAkD;AAAA,QAClE,IAAA,EAAM,GAAA;AAAA,QACN;AAAA,OACH,CAAA;AAAA;AACL;AAEJ,EAAA,OAAO,GAAA,CAAI,MAAA;AACf;AAfgB,MAAA,CAAA,WAAA,EAAA,aAAA,CAAA;AAgBT,SAAS,QAAA,CAAS,GAAA,EAAK,GAAA,EAAK,WAAA,EAAa,WAAA,EAAa;AACzD,EAAA,IAAI,CAAA;AACJ,EAAA,OAAA,CAAQ,IAAI,GAAA,CAAI,GAAG,CAAA,MAAO,GAAA,IAAO,MAAM,GAAA,IAAS,CAAC,WAAA,KAAgB,CAAA,KAAM,QAAQ,CAAA,KAAM,IAAA,IAAQ,GAAA,CAAI,GAAA,GAAM,CAAC,CAAA,KAAM,IAAA,CAAA;AAC1G,IAAA,GAAA,EAAA;AACJ,EAAA,OAAO,WAAA,IAAe,CAAA,KAAM,GAAA,GACtB,GAAA,GACA,QAAA,CAAS,KAAK,WAAA,CAAY,GAAA,EAAK,GAAG,CAAA,EAAG,WAAW,CAAA;AAC1D;AAPgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;AAQT,SAAS,UAAU,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,cAAc,KAAA,EAAO;AAC/D,EAAA,IAAI,CAAC,GAAA,EAAK;AACN,IAAA,GAAA,GAAM,cAAA,CAAe,KAAK,GAAG,CAAA;AAC7B,IAAA,OAAO,GAAA,GAAM,CAAA,GAAI,GAAA,CAAI,MAAA,GAAS,GAAA;AAAA;AAElC,EAAA,KAAA,IAAS,CAAA,GAAI,GAAA,EAAK,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,IAAI,CAAA,GAAI,IAAI,CAAC,CAAA;AACb,IAAA,IAAI,MAAM,GAAA,EAAK;AACX,MAAA,CAAA,GAAI,cAAA,CAAe,KAAK,CAAC,CAAA;AAAA,KAC7B,MAAA,IACS,MAAM,GAAA,EAAK;AAChB,MAAA,OAAO,CAAA,GAAI,CAAA;AAAA,KACf,MAAA,IACS,CAAA,KAAM,GAAA,IAAQ,WAAA,KAAgB,CAAA,KAAM,IAAA,IAAS,CAAA,KAAM,IAAA,IAAQ,GAAA,CAAI,CAAA,GAAI,CAAC,CAAA,KAAM,IAAA,CAAA,EAAS;AACxF,MAAA,OAAO,CAAA;AAAA;AACX;AAEJ,EAAA,MAAM,IAAI,UAAU,8BAAA,EAAgC;AAAA,IAChD,IAAA,EAAM,GAAA;AAAA,IACN;AAAA,GACH,CAAA;AACL;AArBgB,MAAA,CAAA,SAAA,EAAA,WAAA,CAAA;AAsBT,SAAS,YAAA,CAAa,KAAK,IAAA,EAAM;AACpC,EAAA,IAAI,KAAA,GAAQ,IAAI,IAAI,CAAA;AACpB,EAAA,IAAI,SAAS,KAAA,KAAU,GAAA,CAAI,OAAO,CAAC,CAAA,IAAK,IAAI,IAAA,GAAO,CAAC,MAAM,GAAA,CAAI,IAAA,GAAO,CAAC,CAAA,GAChE,GAAA,CAAI,MAAM,IAAA,EAAM,IAAA,GAAO,CAAC,CAAA,GACxB,KAAA;AACN,EAAA,IAAA,IAAQ,OAAO,MAAA,GAAS,CAAA;AACxB,EAAA;AACI,IAAA,IAAA,GAAO,GAAA,CAAI,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAI,CAAA;AAAA,SAC9B,OAAO,EAAA,IAAM,KAAA,KAAU,GAAA,IAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AACxD,EAAA,IAAI,OAAO,EAAA,EAAI;AACX,IAAA,IAAA,IAAQ,MAAA,CAAO,MAAA;AACf,IAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACnB,MAAA,IAAI,GAAA,CAAI,IAAI,CAAA,KAAM,KAAA;AACd,QAAA,IAAA,EAAA;AACJ,MAAA,IAAI,GAAA,CAAI,IAAI,CAAA,KAAM,KAAA;AACd,QAAA,IAAA,EAAA;AAAA;AACR;AAEJ,EAAA,OAAO,IAAA;AACX;AAnBgB,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;;;AC3DhB,IAAI,YAAA,GAAe,oFAAA;AACZ,IAAM,QAAA,GAAN,MAAM,SAAA,SAAiB,IAAA,CAAK;AAAA,EA5BnC;AA4BmC,IAAA,MAAA,CAAA,IAAA,EAAA,UAAA,CAAA;AAAA;AAAA,EAC/B,QAAA,GAAW,KAAA;AAAA,EACX,QAAA,GAAW,KAAA;AAAA,EACX,OAAA,GAAU,IAAA;AAAA,EACV,YAAY,IAAA,EAAM;AACd,IAAA,IAAI,OAAA,GAAU,IAAA;AACd,IAAA,IAAI,OAAA,GAAU,IAAA;AACd,IAAA,IAAI,MAAA,GAAS,GAAA;AACb,IAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAC1B,MAAA,IAAI,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,YAAY,CAAA;AACnC,MAAA,IAAI,KAAA,EAAO;AACP,QAAA,IAAI,CAAC,KAAA,CAAM,CAAC,CAAA,EAAG;AACX,UAAA,OAAA,GAAU,KAAA;AACV,UAAA,IAAA,GAAO,cAAc,IAAI,CAAA,CAAA;AAAA;AAE7B,QAAA,OAAA,GAAU,CAAC,CAAC,KAAA,CAAM,CAAC,CAAA;AAEnB,QAAA,OAAA,IAAW,IAAA,CAAK,EAAE,CAAA,KAAM,GAAA,KAAQ,OAAO,IAAA,CAAK,OAAA,CAAQ,KAAK,GAAG,CAAA,CAAA;AAE5D,QAAA,IAAI,MAAM,CAAC,CAAA,IAAK,CAAC,KAAA,CAAM,CAAC,IAAI,EAAA,EAAI;AAC5B,UAAA,IAAA,GAAO,EAAA;AAAA,SACX,MACK;AACD,UAAA,MAAA,GAAS,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA;AACrB,UAAA,IAAA,GAAO,KAAK,WAAA,EAAY;AACxB,UAAA,IAAI,CAAC,MAAA,IAAU,OAAA;AACX,YAAA,IAAA,IAAQ,GAAA;AAAA;AAChB,OACJ,MACK;AACD,QAAA,IAAA,GAAO,EAAA;AAAA;AACX;AAEJ,IAAA,KAAA,CAAM,IAAI,CAAA;AACV,IAAA,IAAI,CAAC,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,CAAA,EAAG;AACxB,MAAA,IAAA,CAAK,QAAA,GAAW,OAAA;AAChB,MAAA,IAAA,CAAK,QAAA,GAAW,OAAA;AAChB,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA;AACnB;AACJ,EACA,UAAA,GAAa;AACT,IAAA,OAAO,IAAA,CAAK,YAAY,IAAA,CAAK,QAAA;AAAA;AACjC,EACA,OAAA,GAAU;AACN,IAAA,OAAO,CAAC,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,OAAA;AAAA;AACrD,EACA,MAAA,GAAS;AACL,IAAA,OAAO,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,QAAA;AAAA;AAClC,EACA,MAAA,GAAS;AACL,IAAA,OAAO,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,QAAA;AAAA;AAClC,EACA,OAAA,GAAU;AACN,IAAA,OAAO,IAAA,CAAK,YAAY,IAAA,CAAK,QAAA;AAAA;AACjC,EACA,WAAA,GAAc;AACV,IAAA,IAAI,GAAA,GAAM,MAAM,WAAA,EAAY;AAE5B,IAAA,IAAI,KAAK,MAAA,EAAO;AACZ,MAAA,OAAO,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAE1B,IAAA,IAAI,KAAK,MAAA,EAAO;AACZ,MAAA,OAAO,GAAA,CAAI,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAE3B,IAAA,IAAI,KAAK,OAAA,KAAY,IAAA;AACjB,MAAA,OAAO,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAE1B,IAAA,IAAI,KAAK,OAAA,KAAY,GAAA;AACjB,MAAA,OAAO,GAAA;AAGX,IAAA,IAAI,MAAA,GAAU,CAAE,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,EAAG,CAAC,CAAA,GAAK,EAAA,GAAM,CAAE,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAC,CAAA;AAC3E,IAAA,MAAA,GAAS,KAAK,OAAA,CAAQ,CAAC,CAAA,KAAM,GAAA,GAAM,SAAS,CAAC,MAAA;AAC7C,IAAA,IAAI,aAAa,IAAI,IAAA,CAAK,KAAK,OAAA,EAAQ,GAAK,SAAS,GAAK,CAAA;AAC1D,IAAA,OAAO,WAAW,WAAA,EAAY,CAAE,MAAM,CAAA,EAAG,EAAE,IAAI,IAAA,CAAK,OAAA;AAAA;AACxD,EACA,OAAO,oBAAA,CAAqB,MAAA,EAAQ,MAAA,GAAS,GAAA,EAAK;AAC9C,IAAA,IAAI,IAAA,GAAO,IAAI,SAAA,CAAS,MAAM,CAAA;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AACf,IAAA,OAAO,IAAA;AAAA;AACX,EACA,OAAO,oBAAoB,MAAA,EAAQ;AAC/B,IAAA,IAAI,IAAA,GAAO,IAAI,SAAA,CAAS,MAAM,CAAA;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,OAAO,IAAA;AAAA;AACX,EACA,OAAO,gBAAgB,MAAA,EAAQ;AAC3B,IAAA,IAAI,IAAA,GAAO,IAAI,SAAA,CAAS,MAAM,CAAA;AAC9B,IAAA,IAAA,CAAK,QAAA,GAAW,KAAA;AAChB,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,OAAO,IAAA;AAAA;AACX,EACA,OAAO,gBAAgB,MAAA,EAAQ;AAC3B,IAAA,IAAI,IAAA,GAAO,IAAI,SAAA,CAAS,MAAM,CAAA;AAC9B,IAAA,IAAA,CAAK,QAAA,GAAW,KAAA;AAChB,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,OAAO,IAAA;AAAA;AAEf,CAAA;;;AChGA,IAAI,SAAA,GAAY,8DAAA;AAChB,IAAI,WAAA,GAAc,qDAAA;AAClB,IAAI,YAAA,GAAe,eAAA;AACnB,IAAI,YAAA,GAAe,kBAAA;AACnB,IAAI,OAAA,GAAU;AAAA,EACV,CAAA,EAAG,IAAA;AAAA,EACH,CAAA,EAAG,GAAA;AAAA,EACH,CAAA,EAAG,IAAA;AAAA,EACH,CAAA,EAAG,IAAA;AAAA,EACH,CAAA,EAAG,IAAA;AAAA,EACH,GAAA,EAAK,GAAA;AAAA,EACL,IAAA,EAAM;AACV,CAAA;AACO,SAAS,YAAY,GAAA,EAAK,GAAA,GAAM,CAAA,EAAG,MAAA,GAAS,IAAI,MAAA,EAAQ;AAC3D,EAAA,IAAI,SAAA,GAAY,GAAA,CAAI,GAAG,CAAA,KAAM,GAAA;AAC7B,EAAA,IAAI,WAAA,GAAc,GAAA,CAAI,GAAA,EAAK,CAAA,KAAM,GAAA,CAAI,GAAG,CAAA,IAAK,GAAA,CAAI,GAAG,CAAA,KAAM,GAAA,CAAI,GAAA,GAAM,CAAC,CAAA;AACrE,EAAA,IAAI,WAAA,EAAa;AACb,IAAA,MAAA,IAAU,CAAA;AACV,IAAA,IAAI,GAAA,CAAI,GAAA,IAAO,CAAC,CAAA,KAAM,IAAA;AAClB,MAAA,GAAA,EAAA;AACJ,IAAA,IAAI,GAAA,CAAI,GAAG,CAAA,KAAM,IAAA;AACb,MAAA,GAAA,EAAA;AAAA;AAER,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAI,UAAA,GAAa,GAAA;AACjB,EAAA,OAAO,GAAA,GAAM,SAAS,CAAA,EAAG;AACrB,IAAA,IAAI,CAAA,GAAI,IAAI,GAAA,EAAK,CAAA;AACjB,IAAA,IAAI,MAAM,IAAA,IAAS,CAAA,KAAM,QAAQ,GAAA,CAAI,GAAG,MAAM,IAAA,EAAO;AACjD,MAAA,IAAI,CAAC,WAAA,EAAa;AACd,QAAA,MAAM,IAAI,UAAU,qCAAA,EAAuC;AAAA,UACvD,IAAA,EAAM,GAAA;AAAA,UACN,KAAK,GAAA,GAAM;AAAA,SACd,CAAA;AAAA;AACL,eAEM,CAAA,GAAI,GAAA,IAAU,CAAA,KAAM,GAAA,IAAS,MAAM,MAAA,EAAQ;AACjD,MAAA,MAAM,IAAI,UAAU,+CAAA,EAAiD;AAAA,QACjE,IAAA,EAAM,GAAA;AAAA,QACN,KAAK,GAAA,GAAM;AAAA,OACd,CAAA;AAAA;AAEL,IAAA,IAAI,QAAA,EAAU;AACV,MAAA,QAAA,GAAW,KAAA;AACX,MAAA,IAAI,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAK;AAExB,QAAA,IAAI,IAAA,GAAO,IAAI,KAAA,CAAM,GAAA,EAAM,OAAQ,CAAA,KAAM,GAAA,GAAM,IAAI,CAAG,CAAA;AACtD,QAAA,IAAI,CAAC,YAAA,CAAa,IAAA,CAAK,IAAI,CAAA,EAAG;AAC1B,UAAA,MAAM,IAAI,UAAU,wBAAA,EAA0B;AAAA,YAC1C,IAAA,EAAM,GAAA;AAAA,YACN,GAAA,EAAK;AAAA,WACR,CAAA;AAAA;AAEL,QAAA,IAAI;AACA,UAAA,MAAA,IAAU,MAAA,CAAO,aAAA,CAAc,QAAA,CAAS,IAAA,EAAM,EAAE,CAAC,CAAA;AAAA,SACrD,CAAA,MACM;AACF,UAAA,MAAM,IAAI,UAAU,wBAAA,EAA0B;AAAA,YAC1C,IAAA,EAAM,GAAA;AAAA,YACN,GAAA,EAAK;AAAA,WACR,CAAA;AAAA;AACL,OACJ,MAAA,IACS,gBAAgB,CAAA,KAAM,IAAA,IAAQ,MAAM,GAAA,IAAO,CAAA,KAAM,GAAA,IAAQ,CAAA,KAAM,IAAA,CAAA,EAAO;AAE3E,QAAA,GAAA,GAAM,QAAA,CAAS,GAAA,EAAK,GAAA,GAAM,CAAA,EAAG,IAAI,CAAA;AACjC,QAAA,IAAI,IAAI,GAAG,CAAA,KAAM,QAAQ,GAAA,CAAI,GAAG,MAAM,IAAA,EAAM;AACxC,UAAA,MAAM,IAAI,UAAU,4DAAA,EAA8D;AAAA,YAC9E,IAAA,EAAM,GAAA;AAAA,YACN,GAAA,EAAK;AAAA,WACR,CAAA;AAAA;AAEL,QAAA,GAAA,GAAM,QAAA,CAAS,KAAK,GAAG,CAAA;AAAA,OAC3B,MAAA,IACS,KAAK,OAAA,EAAS;AAEnB,QAAA,MAAA,IAAU,QAAQ,CAAC,CAAA;AAAA,OACvB,MACK;AACD,QAAA,MAAM,IAAI,UAAU,8BAAA,EAAgC;AAAA,UAChD,IAAA,EAAM,GAAA;AAAA,UACN,GAAA,EAAK;AAAA,SACR,CAAA;AAAA;AAEL,MAAA,UAAA,GAAa,GAAA;AAAA,KACjB,MAAA,IACS,CAAC,SAAA,IAAa,CAAA,KAAM,IAAA,EAAM;AAC/B,MAAA,GAAA,GAAM,GAAA,GAAM,CAAA;AACZ,MAAA,QAAA,GAAW,IAAA;AACX,MAAA,MAAA,IAAU,GAAA,CAAI,KAAA,CAAM,UAAA,EAAY,GAAG,CAAA;AAAA;AACvC;AAEJ,EAAA,OAAO,MAAA,GAAS,GAAA,CAAI,KAAA,CAAM,UAAA,EAAY,SAAS,CAAC,CAAA;AACpD;AAjFgB,MAAA,CAAA,WAAA,EAAA,aAAA,CAAA;AAkFT,SAAS,UAAA,CAAW,KAAA,EAAO,IAAA,EAAM,GAAA,EAAK,gBAAA,EAAkB;AAE3D,EAAA,IAAI,KAAA,KAAU,MAAA;AACV,IAAA,OAAO,IAAA;AACX,EAAA,IAAI,KAAA,KAAU,OAAA;AACV,IAAA,OAAO,KAAA;AACX,EAAA,IAAI,KAAA,KAAU,MAAA;AACV,IAAA,OAAO,CAAA,QAAA;AACX,EAAA,IAAI,KAAA,KAAU,SAAS,KAAA,KAAU,MAAA;AAC7B,IAAA,OAAO,QAAA;AACX,EAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,MAAA,IAAU,KAAA,KAAU,MAAA;AACjD,IAAA,OAAO,GAAA;AAEX,EAAA,IAAI,KAAA,KAAU,IAAA;AACV,IAAA,OAAO,mBAAmB,EAAA,GAAK,CAAA;AAEnC,EAAA,IAAI,KAAA,GAAQ,SAAA,CAAU,IAAA,CAAK,KAAK,CAAA;AAChC,EAAA,IAAI,KAAA,IAAS,WAAA,CAAY,IAAA,CAAK,KAAK,CAAA,EAAG;AAClC,IAAA,IAAI,YAAA,CAAa,IAAA,CAAK,KAAK,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,UAAU,gCAAA,EAAkC;AAAA,QAClD,IAAA;AAAA,QACA;AAAA,OACH,CAAA;AAAA;AAEL,IAAA,KAAA,GAAQ,KAAA,CAAM,OAAA,CAAQ,IAAA,EAAM,EAAE,CAAA;AAC9B,IAAA,IAAI,UAAU,CAAC,KAAA;AACf,IAAA,IAAI,KAAA,CAAM,OAAO,CAAA,EAAG;AAChB,MAAA,MAAM,IAAI,UAAU,gBAAA,EAAkB;AAAA,QAClC,IAAA;AAAA,QACA;AAAA,OACH,CAAA;AAAA;AAEL,IAAA,IAAI,KAAA,EAAO;AACP,MAAA,IAAA,CAAK,QAAQ,CAAC,MAAA,CAAO,cAAc,OAAO,CAAA,KAAM,CAAC,gBAAA,EAAkB;AAC/D,QAAA,MAAM,IAAI,UAAU,gDAAA,EAAkD;AAAA,UAClE,IAAA;AAAA,UACA;AAAA,SACH,CAAA;AAAA;AAEL,MAAA,IAAI,SAAS,gBAAA,KAAqB,IAAA;AAC9B,QAAA,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA;AAE9B,IAAA,OAAO,OAAA;AAAA;AAEX,EAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,KAAK,CAAA;AAC/B,EAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAQ,EAAG;AACjB,IAAA,MAAM,IAAI,UAAU,eAAA,EAAiB;AAAA,MACjC,IAAA;AAAA,MACA;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,OAAO,IAAA;AACX;AApDgB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;;;AC9FhB,SAAS,iBAAA,CAAkB,GAAA,EAAK,QAAA,EAAU,MAAA,EAAQ,aAAA,EAAe;AAC7D,EAAA,IAAI,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,QAAA,EAAU,MAAM,CAAA;AACtC,EAAA,IAAI,UAAA,GAAa,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,aAAa,EAAA,EAAI;AAGjB,IAAA,WAAA,CAAY,KAAK,UAAU,CAAA;AAC3B,IAAA,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA;AAAA;AAErC,EAAA,IAAI,OAAA,GAAU,MAAM,OAAA,EAAQ;AAC5B,EAAA,IAAI,CAAC,aAAA,EAAe;AAChB,IAAA,IAAI,UAAA,GAAa,KAAA,CAAM,OAAA,CAAQ,IAAA,EAAM,QAAQ,MAAM,CAAA;AACnD,IAAA,IAAI,aAAa,EAAA,EAAI;AACjB,MAAA,MAAM,IAAI,UAAU,2CAAA,EAA6C;AAAA,QAC7D,IAAA,EAAM,GAAA;AAAA,QACN,KAAK,QAAA,GAAW;AAAA,OACnB,CAAA;AAAA;AACL;AAEJ,EAAA,OAAO,CAAC,SAAS,UAAU,CAAA;AAC/B;AApBS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAqBF,SAAS,YAAA,CAAa,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,OAAO,gBAAA,EAAkB;AACjE,EAAA,IAAI,UAAU,CAAA,EAAG;AACb,IAAA,MAAM,IAAI,UAAU,4DAAA,EAA8D;AAAA,MAC9E,IAAA,EAAM,GAAA;AAAA,MACN;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,IAAI,CAAA,GAAI,IAAI,GAAG,CAAA;AACf,EAAA,IAAI,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAK;AACxB,IAAA,IAAI,CAAC,KAAA,EAAOA,OAAM,CAAA,GAAI,CAAA,KAAM,MACtB,UAAA,CAAW,GAAA,EAAK,GAAA,EAAK,KAAA,EAAO,gBAAgB,CAAA,GAC5C,gBAAA,CAAiB,GAAA,EAAK,GAAA,EAAK,OAAO,gBAAgB,CAAA;AACxD,IAAA,IAAI,SAAS,GAAA,GAAM,SAAA,CAAU,KAAKA,OAAAA,EAAQ,GAAA,EAAK,GAAG,CAAA,GAAIA,OAAAA;AACtD,IAAA,IAAIA,OAAAA,GAAS,MAAA,IAAU,GAAA,KAAQ,GAAA,EAAK;AAChC,MAAA,IAAI,WAAA,GAAc,cAAA,CAAe,GAAA,EAAKA,OAAAA,EAAQ,MAAM,CAAA;AACpD,MAAA,IAAI,cAAc,EAAA,EAAI;AAClB,QAAA,MAAM,IAAI,UAAU,2CAAA,EAA6C;AAAA,UAC7D,IAAA,EAAM,GAAA;AAAA,UACN,GAAA,EAAK;AAAA,SACR,CAAA;AAAA;AACL;AAEJ,IAAA,OAAO,CAAC,OAAO,MAAM,CAAA;AAAA;AAEzB,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAK;AACxB,IAAA,MAAA,GAAS,YAAA,CAAa,KAAK,GAAG,CAAA;AAC9B,IAAA,IAAI,MAAA,GAAS,WAAA,CAAY,GAAA,EAAK,GAAA,EAAK,MAAM,CAAA;AACzC,IAAA,IAAI,GAAA,EAAK;AACL,MAAA,MAAA,GAAS,QAAA,CAAS,GAAA,EAAK,MAAA,EAAQ,GAAA,KAAQ,GAAG,CAAA;AAC1C,MAAA,IAAI,IAAI,MAAM,CAAA,IAAK,IAAI,MAAM,CAAA,KAAM,OAAO,GAAA,CAAI,MAAM,CAAA,KAAM,GAAA,IAAO,IAAI,MAAM,CAAA,KAAM,QAAQ,GAAA,CAAI,MAAM,MAAM,IAAA,EAAM;AAC3G,QAAA,MAAM,IAAI,UAAU,kCAAA,EAAoC;AAAA,UACpD,IAAA,EAAM,GAAA;AAAA,UACN,GAAA,EAAK;AAAA,SACR,CAAA;AAAA;AAEL,MAAA,MAAA,IAAW,EAAE,GAAA,CAAI,MAAM,CAAA,KAAM,GAAA,CAAA;AAAA;AAEjC,IAAA,OAAO,CAAC,QAAQ,MAAM,CAAA;AAAA;AAE1B,EAAA,MAAA,GAAS,SAAA,CAAU,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAA;AACrC,EAAA,IAAI,KAAA,GAAQ,iBAAA,CAAkB,GAAA,EAAK,GAAA,EAAK,MAAA,GAAU,EAAE,GAAA,CAAI,MAAA,GAAS,CAAC,CAAA,KAAM,GAAA,CAAA,EAAO,GAAA,KAAQ,GAAG,CAAA;AAC1F,EAAA,IAAI,CAAC,KAAA,CAAM,CAAC,CAAA,EAAG;AACX,IAAA,MAAM,IAAI,UAAU,sDAAA,EAAwD;AAAA,MACxE,IAAA,EAAM,GAAA;AAAA,MACN;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,IAAI,GAAA,IAAO,KAAA,CAAM,CAAC,CAAA,GAAI,EAAA,EAAI;AACtB,IAAA,MAAA,GAAS,QAAA,CAAS,GAAA,EAAK,GAAA,GAAM,KAAA,CAAM,CAAC,CAAC,CAAA;AACrC,IAAA,MAAA,IAAU,EAAE,GAAA,CAAI,MAAM,CAAA,KAAM,GAAA,CAAA;AAAA;AAEhC,EAAA,OAAO;AAAA,IACH,WAAW,KAAA,CAAM,CAAC,CAAA,EAAG,GAAA,EAAK,KAAK,gBAAgB,CAAA;AAAA,IAC/C;AAAA,GACJ;AACJ;AAxDgB,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;;;ACrBhB,IAAI,WAAA,GAAc,wBAAA;AACX,SAAS,QAAA,CAAS,GAAA,EAAK,GAAA,EAAK,GAAA,GAAM,GAAA,EAAK;AAC1C,EAAA,IAAI,MAAM,GAAA,GAAM,CAAA;AAChB,EAAA,IAAI,SAAS,EAAC;AACd,EAAA,IAAI,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,GAAG,CAAA;AACjC,EAAA,IAAI,SAAS,CAAA,EAAG;AACZ,IAAA,MAAM,IAAI,UAAU,8CAAA,EAAgD;AAAA,MAChE,IAAA,EAAM,GAAA;AAAA,MACN;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,GAAG;AACC,IAAA,IAAI,CAAA,GAAI,GAAA,CAAI,GAAA,GAAM,EAAE,GAAG,CAAA;AAEvB,IAAA,IAAI,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAM;AAEzB,MAAA,IAAI,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAM;AACzB,QAAA,IAAI,CAAA,KAAM,IAAI,GAAA,GAAM,CAAC,KAAK,CAAA,KAAM,GAAA,CAAI,GAAA,GAAM,CAAC,CAAA,EAAG;AAC1C,UAAA,MAAM,IAAI,UAAU,2CAAA,EAA6C;AAAA,YAC7D,IAAA,EAAM,GAAA;AAAA,YACN;AAAA,WACH,CAAA;AAAA;AAEL,QAAA,IAAI,GAAA,GAAM,YAAA,CAAa,GAAA,EAAK,GAAG,CAAA;AAC/B,QAAA,IAAI,MAAM,CAAA,EAAG;AACT,UAAA,MAAM,IAAI,UAAU,+BAAA,EAAiC;AAAA,YACjD,IAAA,EAAM,GAAA;AAAA,YACN;AAAA,WACH,CAAA;AAAA;AAEL,QAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,GAAG,CAAA;AAC1B,QAAA,IAAI,MAAA,GAAS,IAAI,KAAA,CAAM,GAAA,EAAK,MAAM,CAAA,IAAK,GAAA,GAAM,MAAA,GAAS,MAAA,GAAS,GAAG,CAAA;AAClE,QAAA,IAAI,OAAA,GAAU,eAAe,MAAM,CAAA;AACnC,QAAA,IAAI,UAAU,EAAA,EAAI;AACd,UAAA,MAAM,IAAI,UAAU,kCAAA,EAAoC;AAAA,YACpD,IAAA,EAAM,GAAA;AAAA,YACN,GAAA,EAAK,MAAM,GAAA,GAAM;AAAA,WACpB,CAAA;AAAA;AAEL,QAAA,IAAI,MAAA,CAAO,WAAU,EAAG;AACpB,UAAA,MAAM,IAAI,UAAU,0CAAA,EAA4C;AAAA,YAC5D,IAAA,EAAM,GAAA;AAAA,YACN,GAAA,EAAK;AAAA,WACR,CAAA;AAAA;AAEL,QAAA,IAAI,SAAS,GAAA,EAAK;AACd,UAAA,MAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,GAAG,CAAA;AAC7B,UAAA,IAAI,SAAS,CAAA,EAAG;AACZ,YAAA,MAAM,IAAI,UAAU,8CAAA,EAAgD;AAAA,cAChE,IAAA,EAAM,GAAA;AAAA,cACN;AAAA,aACH,CAAA;AAAA;AACL;AAEJ,QAAA,MAAA,CAAO,IAAA,CAAK,WAAA,CAAY,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAAA,OAC1C,MACK;AAED,QAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,EAAK,GAAG,CAAA;AAC1B,QAAA,IAAI,IAAA,GAAO,IAAI,KAAA,CAAM,GAAA,EAAK,MAAM,CAAA,IAAK,GAAA,GAAM,MAAA,GAAS,MAAA,GAAS,GAAG,CAAA;AAChE,QAAA,IAAI,CAAC,WAAA,CAAY,IAAA,CAAK,IAAI,CAAA,EAAG;AACzB,UAAA,MAAM,IAAI,UAAU,kEAAA,EAAoE;AAAA,YACpF,IAAA,EAAM,GAAA;AAAA,YACN;AAAA,WACH,CAAA;AAAA;AAEL,QAAA,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,OAAA,EAAS,CAAA;AAAA;AAC9B;AACJ,GAEJ,QAAS,GAAA,GAAM,CAAA,IAAK,GAAA,GAAM,MAAA;AAC1B,EAAA,OAAO,CAAC,QAAQ,QAAA,CAAS,GAAA,EAAK,SAAS,CAAA,EAAG,IAAA,EAAM,IAAI,CAAC,CAAA;AACzD;AAvEgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;AAwET,SAAS,gBAAA,CAAiB,GAAA,EAAK,GAAA,EAAK,KAAA,EAAO,gBAAA,EAAkB;AAChE,EAAA,IAAI,MAAM,EAAC;AACX,EAAA,IAAI,IAAA,uBAAW,GAAA,EAAI;AACnB,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,GAAA,EAAA;AACA,EAAA,OAAA,CAAQ,CAAA,GAAI,GAAA,CAAI,GAAA,EAAK,CAAA,MAAO,OAAO,CAAA,EAAG;AAClC,IAAA,IAAI,MAAM,EAAE,IAAA,EAAM,GAAA,EAAK,GAAA,EAAK,MAAM,CAAA,EAAE;AACpC,IAAA,IAAI,MAAM,IAAA,EAAM;AACZ,MAAA,MAAM,IAAI,SAAA,CAAU,2CAAA,EAA6C,GAAG,CAAA;AAAA,KACxE,MAAA,IACS,MAAM,GAAA,EAAK;AAChB,MAAA,MAAM,IAAI,SAAA,CAAU,uCAAA,EAAyC,GAAG,CAAA;AAAA,KACpE,MAAA,IACS,MAAM,GAAA,EAAK;AAChB,MAAA,MAAM,IAAI,SAAA,CAAU,iCAAA,EAAmC,GAAG,CAAA;AAAA,KAC9D,MAAA,IACS,CAAA,KAAM,GAAA,IAAO,CAAA,KAAM,GAAA,EAAM;AAC9B,MAAA,IAAI,CAAA;AACJ,MAAA,IAAI,CAAA,GAAI,GAAA;AACR,MAAA,IAAI,MAAA,GAAS,KAAA;AACb,MAAA,IAAI,CAAC,GAAA,EAAK,SAAS,IAAI,QAAA,CAAS,GAAA,EAAK,MAAM,CAAC,CAAA;AAC5C,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACjC,QAAA,IAAI,CAAA;AACA,UAAA,CAAA,GAAI,SAAS,CAAA,CAAE,CAAC,IAAK,CAAA,CAAE,CAAC,IAAI,EAAC;AACjC,QAAA,CAAA,GAAI,IAAI,CAAC,CAAA;AACT,QAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,CAAC,OAAO,OAAO,CAAA,CAAE,CAAC,CAAA,KAAM,YAAY,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,CAAC,CAAC,CAAA,CAAA,EAAI;AAChF,UAAA,MAAM,IAAI,UAAU,6CAAA,EAA+C;AAAA,YAC/D,IAAA,EAAM,GAAA;AAAA,YACN;AAAA,WACH,CAAA;AAAA;AAEL,QAAA,IAAI,CAAC,MAAA,IAAU,CAAA,KAAM,WAAA,EAAa;AAC9B,UAAA,MAAA,CAAO,cAAA,CAAe,CAAA,EAAG,CAAA,EAAG,EAAE,UAAA,EAAY,MAAM,YAAA,EAAc,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA;AACxF;AAEJ,MAAA,IAAI,MAAA,EAAQ;AACR,QAAA,MAAM,IAAI,UAAU,6CAAA,EAA+C;AAAA,UAC/D,IAAA,EAAM,GAAA;AAAA,UACN;AAAA,SACH,CAAA;AAAA;AAEL,MAAA,IAAI,CAAC,KAAA,EAAO,WAAW,CAAA,GAAI,YAAA,CAAa,KAAK,SAAA,EAAW,GAAA,EAAK,KAAA,GAAQ,CAAA,EAAG,gBAAgB,CAAA;AACxF,MAAA,IAAA,CAAK,IAAI,KAAK,CAAA;AACd,MAAA,CAAA,CAAE,CAAC,CAAA,GAAI,KAAA;AACP,MAAA,GAAA,GAAM,WAAA;AACN,MAAA,KAAA,GAAQ,IAAI,GAAA,GAAM,CAAC,CAAA,KAAM,GAAA,GAAM,MAAM,CAAA,GAAI,CAAA;AAAA;AAC7C;AAEJ,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,UAAU,kDAAA,EAAoD;AAAA,MACpE,IAAA,EAAM,GAAA;AAAA,MACN,GAAA,EAAK;AAAA,KACR,CAAA;AAAA;AAEL,EAAA,IAAI,CAAC,CAAA,EAAG;AACJ,IAAA,MAAM,IAAI,UAAU,8BAAA,EAAgC;AAAA,MAChD,IAAA,EAAM,GAAA;AAAA,MACN;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,OAAO,CAAC,KAAK,GAAG,CAAA;AACpB;AA9DgB,MAAA,CAAA,gBAAA,EAAA,kBAAA,CAAA;AA+DT,SAAS,UAAA,CAAW,GAAA,EAAK,GAAA,EAAK,KAAA,EAAO,gBAAA,EAAkB;AAC1D,EAAA,IAAI,MAAM,EAAC;AACX,EAAA,IAAI,CAAA;AACJ,EAAA,GAAA,EAAA;AACA,EAAA,OAAA,CAAQ,CAAA,GAAI,GAAA,CAAI,GAAA,EAAK,CAAA,MAAO,OAAO,CAAA,EAAG;AAClC,IAAA,IAAI,MAAM,GAAA,EAAK;AACX,MAAA,MAAM,IAAI,UAAU,6BAAA,EAA+B;AAAA,QAC/C,IAAA,EAAM,GAAA;AAAA,QACN,KAAK,GAAA,GAAM;AAAA,OACd,CAAA;AAAA,eAEI,CAAA,KAAM,GAAA;AACX,MAAA,GAAA,GAAM,WAAA,CAAY,KAAK,GAAG,CAAA;AAAA,SAAA,IACrB,MAAM,GAAA,IAAO,CAAA,KAAM,OAAQ,CAAA,KAAM,IAAA,IAAQ,MAAM,IAAA,EAAM;AAC1D,MAAA,IAAI,CAAA,GAAI,aAAa,GAAA,EAAK,GAAA,GAAM,GAAG,GAAA,EAAK,KAAA,GAAQ,GAAG,gBAAgB,CAAA;AACnE,MAAA,GAAA,CAAI,IAAA,CAAK,CAAA,CAAE,CAAC,CAAC,CAAA;AACb,MAAA,GAAA,GAAM,EAAE,CAAC,CAAA;AAAA;AACb;AAEJ,EAAA,IAAI,CAAC,CAAA,EAAG;AACJ,IAAA,MAAM,IAAI,UAAU,8BAAA,EAAgC;AAAA,MAChD,IAAA,EAAM,GAAA;AAAA,MACN;AAAA,KACH,CAAA;AAAA;AAEL,EAAA,OAAO,CAAC,KAAK,GAAG,CAAA;AACpB;AA1BgB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;;;ACxIhB,SAAS,SAAA,CAAU,GAAA,EAAK,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM;AACvC,EAAA,IAAI,CAAA,GAAI,KAAA;AACR,EAAA,IAAI,CAAA,GAAI,IAAA;AACR,EAAA,IAAI,CAAA;AACJ,EAAA,IAAI,MAAA,GAAS,KAAA;AACb,EAAA,IAAI,KAAA;AACJ,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAI,CAAA,EAAG;AACH,MAAA,CAAA,GAAI,SAAS,CAAA,CAAE,CAAC,IAAK,CAAA,CAAE,CAAC,IAAI,EAAC;AAC7B,MAAA,CAAA,GAAA,CAAK,KAAA,GAAQ,CAAA,CAAE,CAAC,CAAA,EAAG,CAAA;AACnB,MAAA,IAAI,SAAS,CAAA,KAAwB,KAAA,CAAM,MAAM,CAAA,IAAyB,KAAA,CAAM,MAAM,CAAA,CAAA,EAAqB;AACvG,QAAA,OAAO,IAAA;AAAA;AAEX,MAAA,IAAI,KAAA,CAAM,MAAM,CAAA,EAAoB;AAChC,QAAA,IAAI,CAAA,GAAI,EAAE,MAAA,GAAS,CAAA;AACnB,QAAA,CAAA,GAAI,EAAE,CAAC,CAAA;AACP,QAAA,CAAA,GAAI,CAAA,CAAE,CAAC,CAAA,CAAE,CAAA;AAAA;AACb;AAEJ,IAAA,CAAA,GAAI,IAAI,CAAC,CAAA;AACT,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,CAAA,EAAG,CAAC,CAAA,KAAM,CAAA,CAAE,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,IAAuB,CAAA,CAAE,CAAC,GAAG,CAAA,EAAG;AAC9E,MAAA,OAAO,IAAA;AAAA;AAEX,IAAA,IAAI,CAAC,MAAA,EAAQ;AACT,MAAA,IAAI,MAAM,WAAA,EAAa;AACnB,QAAA,MAAA,CAAO,cAAA,CAAe,CAAA,EAAG,CAAA,EAAG,EAAE,UAAA,EAAY,MAAM,YAAA,EAAc,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,CAAA;AACpF,QAAA,MAAA,CAAO,cAAA,CAAe,CAAA,EAAG,CAAA,EAAG,EAAE,UAAA,EAAY,MAAM,YAAA,EAAc,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA;AAExF,MAAA,CAAA,CAAE,CAAC,CAAA,GAAI;AAAA,QACH,GAAG,CAAA,GAAI,GAAA,CAAI,SAAS,CAAA,IAAK,IAAA,KAAS,IAC5B,CAAA,GACA,IAAA;AAAA,QACN,CAAA,EAAG,KAAA;AAAA,QACH,CAAA,EAAG,CAAA;AAAA,QACH,GAAG;AAAC,OACR;AAAA;AACJ;AAEJ,EAAA,KAAA,GAAQ,EAAE,CAAC,CAAA;AACX,EAAA,IAAI,KAAA,CAAM,MAAM,IAAA,IAAQ,EAAE,SAAS,CAAA,IAAyB,KAAA,CAAM,MAAM,CAAA,CAAA,EAA4B;AAEhG,IAAA,OAAO,IAAA;AAAA;AAEX,EAAA,IAAI,SAAS,CAAA,EAAoB;AAC7B,IAAA,IAAI,CAAC,MAAM,CAAA,EAAG;AACV,MAAA,KAAA,CAAM,CAAA,GAAI,IAAA;AACV,MAAA,CAAA,CAAE,CAAC,IAAI,EAAC;AAAA;AAEZ,IAAA,CAAA,CAAE,CAAC,CAAA,CAAE,IAAA,CAAK,CAAA,GAAI,EAAE,CAAA;AAChB,IAAA,KAAA,CAAM,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,CAAA,GAAK,QAAQ,EAAE,CAAA,EAAG,CAAA,EAAuB,CAAA,EAAG,KAAA,EAAO,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,EAAC,EAAE;AAAA;AAEpF,EAAA,IAAI,MAAM,CAAA,EAAG;AAET,IAAA,OAAO,IAAA;AAAA;AAEX,EAAA,KAAA,CAAM,CAAA,GAAI,IAAA;AACV,EAAA,IAAI,SAAS,CAAA,EAAuB;AAChC,IAAA,CAAA,GAAI,SAAS,CAAA,CAAE,CAAC,IAAK,CAAA,CAAE,CAAC,IAAI,EAAC;AAAA,GACjC,MAAA,IACS,IAAA,KAAS,CAAA,IAAuB,MAAA,EAAQ;AAC7C,IAAA,OAAO,IAAA;AAAA;AAEX,EAAA,OAAO,CAAC,CAAA,EAAG,CAAA,EAAG,KAAA,CAAM,CAAC,CAAA;AACzB;AA/DS,MAAA,CAAA,SAAA,EAAA,WAAA,CAAA;AAgEF,SAAS,KAAA,CAAM,MAAM,EAAE,QAAA,GAAW,KAAM,gBAAA,EAAiB,GAAI,EAAC,EAAG;AACpE,EAAA,IAAI,MAAM,EAAC;AACX,EAAA,IAAI,OAAO,EAAC;AACZ,EAAA,IAAI,GAAA,GAAM,GAAA;AACV,EAAA,IAAI,CAAA,GAAI,IAAA;AACR,EAAA,KAAA,IAAS,MAAM,QAAA,CAAS,IAAA,EAAM,CAAC,CAAA,EAAG,GAAA,GAAM,KAAK,MAAA,IAAS;AAClD,IAAA,IAAI,IAAA,CAAK,GAAG,CAAA,KAAM,GAAA,EAAK;AACnB,MAAA,IAAI,YAAA,GAAe,IAAA,CAAK,EAAE,GAAG,CAAA,KAAM,GAAA;AACnC,MAAA,IAAI,IAAI,QAAA,CAAS,IAAA,EAAM,GAAA,IAAO,CAAC,cAAc,GAAG,CAAA;AAChD,MAAA,IAAI,YAAA,EAAc;AACd,QAAA,IAAI,KAAK,CAAA,CAAE,CAAC,CAAA,GAAI,CAAC,MAAM,GAAA,EAAK;AACxB,UAAA,MAAM,IAAI,UAAU,mCAAA,EAAqC;AAAA,YACrD,IAAA;AAAA,YACA,GAAA,EAAK,CAAA,CAAE,CAAC,CAAA,GAAI;AAAA,WACf,CAAA;AAAA;AAEL,QAAA,CAAA,CAAE,CAAC,CAAA,EAAA;AAAA;AAEP,MAAA,IAAI,CAAA,GAAI,SAAA;AAAA,QAAU,EAAE,CAAC,CAAA;AAAA,QAAG,GAAA;AAAA,QAAK,IAAA;AAAA,QAAM,eAAe,CAAA,GAAqB;AAAA;AAAA,OAAqB;AAC5F,MAAA,IAAI,CAAC,CAAA,EAAG;AACJ,QAAA,MAAM,IAAI,UAAU,sDAAA,EAAwD;AAAA,UACxE,IAAA;AAAA,UACA;AAAA,SACH,CAAA;AAAA;AAEL,MAAA,CAAA,GAAI,EAAE,CAAC,CAAA;AACP,MAAA,GAAA,GAAM,EAAE,CAAC,CAAA;AACT,MAAA,GAAA,GAAM,EAAE,CAAC,CAAA;AAAA,KACb,MACK;AACD,MAAA,IAAI,CAAA,GAAI,QAAA,CAAS,IAAA,EAAM,GAAG,CAAA;AAC1B,MAAA,IAAI,CAAA,GAAI,SAAA;AAAA,QAAU,EAAE,CAAC,CAAA;AAAA,QAAG,GAAA;AAAA,QAAK,CAAA;AAAA,QAAG;AAAA;AAAA,OAAmB;AACnD,MAAA,IAAI,CAAC,CAAA,EAAG;AACJ,QAAA,MAAM,IAAI,UAAU,sDAAA,EAAwD;AAAA,UACxE,IAAA;AAAA,UACA;AAAA,SACH,CAAA;AAAA;AAEL,MAAA,IAAI,CAAA,GAAI,aAAa,IAAA,EAAM,CAAA,CAAE,CAAC,CAAA,EAAG,MAAA,EAAQ,UAAU,gBAAgB,CAAA;AACnE,MAAA,CAAA,CAAE,CAAC,CAAA,CAAE,CAAA,CAAE,CAAC,CAAC,CAAA,GAAI,EAAE,CAAC,CAAA;AAChB,MAAA,GAAA,GAAM,EAAE,CAAC,CAAA;AAAA;AAEb,IAAA,GAAA,GAAM,QAAA,CAAS,IAAA,EAAM,GAAA,EAAK,IAAI,CAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,GAAG,CAAA,IAAK,IAAA,CAAK,GAAG,MAAM,IAAA,IAAQ,IAAA,CAAK,GAAG,CAAA,KAAM,IAAA,EAAM;AACvD,MAAA,MAAM,IAAI,UAAU,+DAAA,EAAiE;AAAA,QACjF,IAAA;AAAA,QACA;AAAA,OACH,CAAA;AAAA;AAEL,IAAA,GAAA,GAAM,QAAA,CAAS,MAAM,GAAG,CAAA;AAAA;AAE5B,EAAA,OAAO,GAAA;AACX;AApDgB,MAAA,CAAA,KAAA,EAAA,OAAA,CAAA;;;ACpEhB,IAAI,QAAA,GAAW,gBAAA;AACf,SAAS,eAAe,GAAA,EAAK;AACzB,EAAA,IAAI,OAAO,OAAO,GAAA;AAClB,EAAA,IAAI,SAAS,QAAA,EAAU;AACnB,IAAA,IAAI,KAAA,CAAM,QAAQ,GAAG,CAAA;AACjB,MAAA,OAAO,OAAA;AACX,IAAA,IAAI,GAAA,YAAe,IAAA;AACf,MAAA,OAAO,MAAA;AAAA;AAEf,EAAA,OAAO,IAAA;AACX;AATS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAUT,SAAS,gBAAgB,GAAA,EAAK;AAC1B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAI,cAAA,CAAe,GAAA,CAAI,CAAC,CAAC,CAAA,KAAM,QAAA;AAC3B,MAAA,OAAO,KAAA;AAAA;AAEf,EAAA,OAAO,IAAI,MAAA,IAAU,CAAA;AACzB;AANS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAOT,SAAS,aAAa,CAAA,EAAG;AACrB,EAAA,OAAO,KAAK,SAAA,CAAU,CAAC,CAAA,CAAE,OAAA,CAAQ,SAAS,SAAS,CAAA;AACvD;AAFS,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;AAGT,SAAS,cAAA,CAAe,GAAA,EAAK,IAAA,EAAM,KAAA,EAAO,aAAA,EAAe;AACrD,EAAA,IAAI,UAAU,CAAA,EAAG;AACb,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA;AAEnF,EAAA,IAAI,SAAS,QAAA,EAAU;AACnB,IAAA,IAAI,MAAM,GAAG,CAAA;AACT,MAAA,OAAO,KAAA;AACX,IAAA,IAAI,GAAA,KAAQ,QAAA;AACR,MAAA,OAAO,KAAA;AACX,IAAA,IAAI,GAAA,KAAQ,CAAA,QAAA;AACR,MAAA,OAAO,MAAA;AACX,IAAA,IAAI,aAAA,IAAiB,MAAA,CAAO,SAAA,CAAU,GAAG,CAAA;AACrC,MAAA,OAAO,GAAA,CAAI,QAAQ,CAAC,CAAA;AACxB,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA;AAExB,EAAA,IAAI,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,SAAA,EAAW;AACzC,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA;AAExB,EAAA,IAAI,SAAS,QAAA,EAAU;AACnB,IAAA,OAAO,aAAa,GAAG,CAAA;AAAA;AAE3B,EAAA,IAAI,SAAS,MAAA,EAAQ;AACjB,IAAA,IAAI,KAAA,CAAM,GAAA,CAAI,OAAA,EAAS,CAAA,EAAG;AACtB,MAAA,MAAM,IAAI,UAAU,+BAA+B,CAAA;AAAA;AAEvD,IAAA,OAAO,IAAI,WAAA,EAAY;AAAA;AAE3B,EAAA,IAAI,SAAS,QAAA,EAAU;AACnB,IAAA,OAAO,oBAAA,CAAqB,GAAA,EAAK,KAAA,EAAO,aAAa,CAAA;AAAA;AAEzD,EAAA,IAAI,SAAS,OAAA,EAAS;AAClB,IAAA,OAAO,cAAA,CAAe,GAAA,EAAK,KAAA,EAAO,aAAa,CAAA;AAAA;AAEvD;AAjCS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAkCT,SAAS,oBAAA,CAAqB,GAAA,EAAK,KAAA,EAAO,aAAA,EAAe;AACrD,EAAA,IAAI,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC1B,EAAA,IAAI,KAAK,MAAA,KAAW,CAAA;AAChB,IAAA,OAAO,IAAA;AACX,EAAA,IAAI,GAAA,GAAM,IAAA;AACV,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AAClC,IAAA,IAAI,CAAA,GAAI,KAAK,CAAC,CAAA;AACd,IAAA,IAAI,CAAA;AACA,MAAA,GAAA,IAAO,IAAA;AACX,IAAA,GAAA,IAAO,SAAS,IAAA,CAAK,CAAC,CAAA,GAAI,CAAA,GAAI,aAAa,CAAC,CAAA;AAC5C,IAAA,GAAA,IAAO,KAAA;AACP,IAAA,GAAA,IAAO,cAAA,CAAe,GAAA,CAAI,CAAC,CAAA,EAAG,cAAA,CAAe,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG,KAAA,GAAQ,CAAA,EAAG,aAAa,CAAA;AAAA;AAElF,EAAA,OAAO,GAAA,GAAM,IAAA;AACjB;AAdS,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA;AAeT,SAAS,cAAA,CAAe,KAAA,EAAO,KAAA,EAAO,aAAA,EAAe;AACjD,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA;AACjB,IAAA,OAAO,IAAA;AACX,EAAA,IAAI,GAAA,GAAM,IAAA;AACV,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,IAAI,CAAA;AACA,MAAA,GAAA,IAAO,IAAA;AACX,IAAA,IAAI,MAAM,CAAC,CAAA,KAAM,QAAQ,KAAA,CAAM,CAAC,MAAM,MAAA,EAAQ;AAC1C,MAAA,MAAM,IAAI,UAAU,gDAAgD,CAAA;AAAA;AAExE,IAAA,GAAA,IAAO,cAAA,CAAe,KAAA,CAAM,CAAC,CAAA,EAAG,cAAA,CAAe,KAAA,CAAM,CAAC,CAAC,CAAA,EAAG,KAAA,GAAQ,CAAA,EAAG,aAAa,CAAA;AAAA;AAEtF,EAAA,OAAO,GAAA,GAAM,IAAA;AACjB;AAbS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAcT,SAAS,mBAAA,CAAoB,KAAA,EAAO,GAAA,EAAK,KAAA,EAAO,aAAA,EAAe;AAC3D,EAAA,IAAI,UAAU,CAAA,EAAG;AACb,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA;AAEnF,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,GAAA,IAAO,CAAA,EAAG,GAAA,IAAO,IAAI,CAAA,EAAA,EAAK,GAAG,CAAA;AAAA,CAAA;AAC7B,IAAA,GAAA,IAAO,eAAe,CAAA,EAAG,KAAA,CAAM,CAAC,CAAA,EAAG,GAAA,EAAK,OAAO,aAAa,CAAA;AAAA;AAEhE,EAAA,OAAO,GAAA;AACX;AAVS,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA;AAWT,SAAS,cAAA,CAAe,QAAA,EAAU,GAAA,EAAK,MAAA,EAAQ,OAAO,aAAA,EAAe;AACjE,EAAA,IAAI,UAAU,CAAA,EAAG;AACb,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA;AAEnF,EAAA,IAAI,QAAA,GAAW,EAAA;AACf,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAI,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC1B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AAClC,IAAA,IAAI,CAAA,GAAI,KAAK,CAAC,CAAA;AACd,IAAA,IAAI,IAAI,CAAC,CAAA,KAAM,QAAQ,GAAA,CAAI,CAAC,MAAM,MAAA,EAAQ;AACtC,MAAA,IAAI,IAAA,GAAO,cAAA,CAAe,GAAA,CAAI,CAAC,CAAC,CAAA;AAChC,MAAA,IAAI,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,UAAA,EAAY;AAC1C,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,iCAAA,EAAoC,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA;AAEnE,MAAA,IAAI,MAAM,QAAA,CAAS,IAAA,CAAK,CAAC,CAAA,GAAI,CAAA,GAAI,aAAa,CAAC,CAAA;AAC/C,MAAA,IAAI,SAAS,OAAA,IAAW,eAAA,CAAgB,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG;AAC7C,QAAA,MAAA,IAAA,CAAW,MAAA,IAAU,IAAA,IAAQ,mBAAA,CAAoB,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,GAAS,CAAA,EAAG,MAAM,IAAI,GAAG,CAAA,CAAA,GAAK,GAAA,EAAK,KAAA,GAAQ,GAAG,aAAa,CAAA;AAAA,OACxH,MAAA,IACS,SAAS,QAAA,EAAU;AACxB,QAAA,IAAI,SAAS,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,GAAK,GAAA;AAC3C,QAAA,MAAA,IAAA,CAAW,MAAA,IAAU,IAAA,IAAQ,cAAA,CAAe,MAAA,EAAQ,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,EAAQ,KAAA,GAAQ,CAAA,EAAG,aAAa,CAAA;AAAA,OAChG,MACK;AACD,QAAA,QAAA,IAAY,GAAA;AACZ,QAAA,QAAA,IAAY,KAAA;AACZ,QAAA,QAAA,IAAY,eAAe,GAAA,CAAI,CAAC,CAAA,EAAG,IAAA,EAAM,OAAO,aAAa,CAAA;AAC7D,QAAA,QAAA,IAAY,IAAA;AAAA;AAChB;AACJ;AAEJ,EAAA,IAAI,QAAA,KAAa,YAAY,CAAC,MAAA,CAAA;AAC1B,IAAA,QAAA,GAAW,QAAA,GAAW,IAAI,QAAQ,CAAA;AAAA,EAAM,QAAQ,CAAA,CAAA,GAAK,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,CAAA;AACrE,EAAA,OAAO,QAAA,IAAY,MAAA,GACb,CAAA,EAAG,QAAQ;AAAA,EAAK,MAAM,KACtB,QAAA,IAAY,MAAA;AACtB;AAnCS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAoCF,SAAS,SAAA,CAAU,KAAK,EAAE,QAAA,GAAW,KAAM,cAAA,GAAiB,KAAA,EAAM,GAAI,EAAC,EAAG;AAC7E,EAAA,IAAI,cAAA,CAAe,GAAG,CAAA,KAAM,QAAA,EAAU;AAClC,IAAA,MAAM,IAAI,UAAU,6CAA6C,CAAA;AAAA;AAErE,EAAA,IAAI,MAAM,cAAA,CAAe,CAAA,EAAG,GAAA,EAAK,EAAA,EAAI,UAAU,cAAc,CAAA;AAC7D,EAAA,IAAI,GAAA,CAAI,GAAA,CAAI,MAAA,GAAS,CAAC,CAAA,KAAM,IAAA;AACxB,IAAA,OAAO,GAAA,GAAM,IAAA;AACjB,EAAA,OAAO,GAAA;AACX;AARgB,MAAA,CAAA,SAAA,EAAA,WAAA,CAAA;;;AC/HhB,IAAO,YAAA,GAAQ,EAAE,KAAA,EAAO,SAAA,EAAW,UAAU,SAAA,EAAU;;;ACLvD,IAAM,qBAAA,GAAwB,QAAA;AASvB,SAAS,qBAAA,GAAgC;AAC/C,EAAA,MAAM,cAAc,kCAAA,EAAmC;AACvD,EAAA,MAAM,QAAA,GAAW,GAAG,qBAAqB,CAAA,CAAA,EAAI,gBAAgB,YAAA,GAAe,cAAA,GAAiB,CAAA,EAAG,WAAW,CAAA,KAAA,CAAO,CAAA,CAAA;AAClH,EAAA,OAAO,IAAA,CAAK,IAAA,CAAK,2BAAA,EAA4B,EAAG,QAAQ,CAAA;AACzD;AAJgB,MAAA,CAAA,qBAAA,EAAA,uBAAA,CAAA;AAaT,SAAS,oBAAoB,MAAA,EAA8B;AACjE,EAAA,MAAM,aAAa,qBAAA,EAAsB;AAEzC,EAAA,SAAA,CAAU,IAAA,CAAK,OAAA,CAAQ,UAAU,CAAA,EAAG;AAAA,IACnC,SAAA,EAAW;AAAA,GACX,CAAA;AACD,EAAA,aAAA,CAAc,UAAA,EAAY,YAAA,CAAK,SAAA,CAAU,MAAM,CAAA,EAAG;AAAA,IACjD,QAAA,EAAU;AAAA,GACV,CAAA;AACF;AATgB,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA;AAiBT,SAAS,kBAAA,GAAqC;AACpD,EAAA,OAAO,SAAA,CAAU,YAAA,CAAa,qBAAA,EAAuB,CAAC,CAAA;AACvD;AAFgB,MAAA,CAAA,kBAAA,EAAA,oBAAA,CAAA;ACpDT,IAAM,qBAAqB,6BAAA,CAA8B;AAAA,EAC/D,YAAA,EAAc,oBAAA;AAAA,EACd,8BAAc,MAAA,CAAA,MACbC,kCAAAA,EAAmC,KAAM,SAAA,GACtC,yCACA,sCAAA,EAHU,cAAA;AAIf,CAAC;AAUM,IAAM,uBAAuB,6BAAA,CAA8B;AAAA,EACjE,YAAA,EAAc,sBAAA;AAAA,EACd,8BAAc,MAAA,CAAA,MACbA,kCAAAA,EAAmC,KAAM,SAAA,GACtC,gCACA,qBAAA,EAHU,cAAA;AAIf,CAAC;AAUM,IAAM,oBAAoB,6BAAA,CAA8B;AAAA,EAC9D,YAAA,EAAc,mBAAA;AAAA,EACd,YAAA,kBAAc,MAAA,CAAA,MAAM,CAAA,QAAA,EAAW,oBAAA,EAAsB,CAAA,YAAA,CAAA,EAAvC,cAAA;AACf,CAAC;AAUM,IAAM,qBAAqB,6BAAA,CAA8B;AAAA,EAC/D,YAAA,EAAc,oBAAA;AAAA,EACd,YAAA,kBAAc,MAAA,CAAA,MAAM,CAAA,QAAA,EAAW,oBAAA,EAAsB,CAAA,aAAA,CAAA,EAAvC,cAAA;AACf,CAAC;AAUM,IAAM,sBAAsB,6BAAA,CAA8B;AAAA,EAChE,YAAA,EAAc,qBAAA;AAAA,EACd,YAAA,kBAAc,MAAA,CAAA,MAAM,CAAA,QAAA,EAAW,oBAAA,EAAsB,CAAA,cAAA,CAAA,EAAvC,cAAA;AACf,CAAC;AASM,IAAM,2BAA2B,6BAAA,CAA8B;AAAA,EACrE,YAAA,EAAc;AACf,CAAC;AASM,IAAM,+BAA+B,6BAAA,CAA8B;AAAA,EACzE,YAAA,EAAc;AACf,CAAC;AAQM,IAAM,iCAAiC,6BAAA,CAA8B;AAAA,EAC3E,YAAA,EAAc;AACf,CAAC;;;AC/FD,IAAM,eAAuD,EAAC;AAE9D,IAAM,eAAA,uBAAsB,GAAA,EAAqB;AAK1C,SAAS,iBAAA,GAA0B;AACzC,EAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA,EAAG;AAC5C,IAAA,OAAO,aAAa,GAAG,CAAA;AAAA;AAExB,EAAA,eAAA,CAAgB,KAAA,EAAM;AACvB;AALgB,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAchB,eAAsB,gBAAA,CACrB,QACA,MAAA,EACmB;AACnB,EAAA,MAAA,CAAO,KAAA,CAAM,0CAA0C,MAAM,CAAA;AAE7D,EAAA,IAAI,eAAA,CAAgB,GAAA,CAAI,MAAM,CAAA,EAAG;AAChC,IAAA,MAAA,CAAO,KAAA;AAAA,MACN,iCAAA;AAAA,MACA,MAAA;AAAA,MACA,eAAA,CAAgB,IAAI,MAAM;AAAA,KAC3B;AACA,IAAA,OAAO,eAAA,CAAgB,GAAA,CAAI,MAAM,CAAA,IAAK,KAAA;AAAA;AAEvC,EAAA,MAAA,CAAO,KAAA,CAAM,iCAAiC,MAAM,CAAA;AACpD,EAAA,IAAI;AACH,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,MAAA,GAAS,WAAW,MAAM;AAC/B,MAAA,UAAA,CAAW,KAAA,EAAM;AAAA,OACf,GAAI,CAAA;AAEP,IAAA,MAAM,MAAA,GAAS,MAAM,KAAA,CAAM,CAAA,QAAA,EAAW,MAAM,CAAA,CAAA,EAAI;AAAA,MAC/C,QAAA,EAAU,QAAA;AAAA,MACV,QAAQ,UAAA,CAAW;AAAA,KACnB,CAAA;AACD,IAAA,YAAA,CAAa,MAAM,CAAA;AACnB,IAAA,MAAM,UAAA,GAAa,CAAC,EACnB,MAAA,CAAO,MAAA,KAAW,GAAA,IAClB,MAAA,CAAO,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,QAAA,CAAS,sBAAsB,CAAA,CAAA;AAEhE,IAAA,MAAA,CAAO,KAAA,CAAM,8BAA8B,MAAM,CAAA;AAEjD,IAAA,eAAA,CAAgB,GAAA,CAAI,QAAQ,UAAU,CAAA;AACtC,IAAA,OAAO,UAAA;AAAA,GACR,CAAA,MAAQ;AACP,IAAA,eAAA,CAAgB,GAAA,CAAI,QAAQ,KAAK,CAAA;AACjC,IAAA,OAAO,KAAA;AAAA;AAET;AAtCsB,MAAA,CAAA,gBAAA,EAAA,kBAAA,CAAA;AAuDtB,eAAsB,gBAAA,CACrB,QACA,OAAA,EAIkC;AAClC,EAAA,MAAM,SAAS,OAAA,CAAQ,MAAA;AACvB,EAAA,MAAM,uBAAuB,OAAA,CAAQ,oBAAA;AAWrC,EAAA,MAAM,WAAW,wBAAA,EAAyB;AAC1C,EAAA,MAAM,eAAe,4BAAA,EAA6B;AAElD,EAAA,IAAI,YAAY,YAAA,EAAc;AAC7B,IAAA,MAAA,CAAO,KAAA,CAAM,kDAAkD,MAAM,CAAA;AACrE,IAAA,MAAM,OAAA,GAAU;AAAA,MACf,qBAAA,EAAuB,QAAA;AAAA,MACvB,yBAAA,EAA2B;AAAA,KAC5B;AACA,IAAA,YAAA,CAAa,MAAM,CAAA,GAAI,OAAA;AACvB,IAAA,OAAO,OAAA;AAAA;AAIR,EAAA,IAAI,QAAA,KAAa,MAAA,IAAa,YAAA,KAAiB,MAAA,EAAW;AACzD,IAAA,MAAA,CAAO,IAAA;AAAA,MACN,CAAA,kIAAA,EAEE,QAAA,KAAa,MAAA,GACV,6BAAA,GACA,iCACJ,CAAA,WAAA;AAAA,KACF;AAAA;AAGD,EAAA,IAAI,CAAE,MAAM,gBAAA,CAAiB,MAAA,EAAQ,MAAM,CAAA,EAAI;AAC9C,IAAA,OAAO,EAAC;AAAA;AAET,EAAA,MAAA,CAAO,KAAA,CAAM,sCAAsC,MAAM,CAAA;AACzD,EAAA,IAAI,YAAA,CAAa,MAAM,CAAA,EAAG;AACzB,IAAA,MAAA,CAAO,KAAA,CAAM,2CAA2C,MAAM,CAAA;AAC9D,IAAA,OAAO,aAAa,MAAM,CAAA;AAAA;AAI3B,EAAA,IAAI,sBAAqB,EAAG;AAC3B,IAAA,MAAM,IAAI,SAAA;AAAA,MACT,eAAe,MAAM,CAAA;AAAA;AAAA,wGAAA,CAAA;AAAA,MAKrB;AAAA,QACC,gBAAA,EAAkB;AAAA;AACnB,KACD;AAAA;AAID,EAAA,MAAA,CAAO,MAAM,sDAAsD,CAAA;AACnE,EAAA,MAAM,SAAS,SAAA,CAAU,aAAA,EAAe,CAAC,QAAA,EAAU,OAAA,EAAS,MAAM,CAAC,CAAA;AACnE,EAAA,IAAI,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,SAAA;AAAA,MACT,oLAAA;AAAA,MACA,EAAE,kBAAkB,iCAAA;AAAkC,KACvD;AAAA;AAED,EAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,QAAA,EAAS;AAC5C,EAAA,MAAA,CAAO,KAAA,CAAM,uBAAuB,YAAY,CAAA;AAChD,EAAA,MAAM,OAAA,GAAU,YAAA,CAAa,KAAA,CAAM,8BAA8B,CAAA;AACjE,EAAA,IAAI,OAAA,IAAW,OAAA,CAAQ,MAAA,IAAU,CAAA,EAAG;AACnC,IAAA,MAAM,UAAU,EAAE,MAAA,EAAQ,oBAAoB,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAA,EAAG;AAC3D,IAAA,YAAA,CAAa,MAAM,CAAA,GAAI,OAAA;AACvB,IAAA,MAAA,CAAO,KAAA,CAAM,sCAAsC,MAAM,CAAA;AACzD,IAAA,OAAO,OAAA;AAAA;AAER,EAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAChE;AAtFsB,MAAA,CAAA,gBAAA,EAAA,kBAAA,CAAA;AAgGtB,eAAsB,2BAA2B,OAAA,EAGb;AACnC,EAAA,MAAM,cAAc,8BAAA,EAA+B;AAGnD,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAG9B,IAAA,OAAA,CAAQ,MAAA,CAAO,KAAA;AAAA,MACd;AAAA,KACD;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,CAAA,iBAAA,EAAoB,WAAW,CAAA,CAAA,EAAG;AAAA;AAGpD,EAAA,OAAO,gBAAA,CAAiB,oBAAA,EAAqB,EAAG,OAAO,CAAA;AACxD;AAjBsB,MAAA,CAAA,0BAAA,EAAA,4BAAA,CAAA;ACnKf,IAAM,WAAA,GAAN,cAA0BC,SAAAA,CAAU;AAAA,EApB3C;AAoB2C,IAAA,MAAA,CAAA,IAAA,EAAA,aAAA,CAAA;AAAA;AAAA,EAC1C,QAAA,GAAmB;AAClB,IAAA,OAAO,aAAA;AAAA;AAET;AAGO,IAAM,YAAA,GAAN,cAA2BA,SAAAA,CAAU;AAAA,EA3B5C;AA2B4C,IAAA,MAAA,CAAA,IAAA,EAAA,cAAA,CAAA;AAAA;AAAA,EAC3C,QAAA,GAAmB;AAClB,IAAA,OAAO,cAAA;AAAA;AAET;AAGO,IAAM,eAAA,GAAN,cAA8B,WAAA,CAAY;AAAA,EAlCjD;AAkCiD,IAAA,MAAA,CAAA,IAAA,EAAA,iBAAA,CAAA;AAAA;AAAA,EAChD,QAAA,GAAmB;AAClB,IAAA,OAAO,iBAAA;AAAA;AAET;AACO,IAAM,8BAAA,GAAN,cAA6C,WAAA,CAAY;AAAA,EAvChE;AAuCgE,IAAA,MAAA,CAAA,IAAA,EAAA,gCAAA,CAAA;AAAA;AAAA,EAC/D,QAAA,GAAmB;AAClB,IAAA,OAAO,gCAAA;AAAA;AAET;AACO,IAAM,gBAAA,GAAN,cAA+B,WAAA,CAAY;AAAA,EA5ClD;AA4CkD,IAAA,MAAA,CAAA,IAAA,EAAA,kBAAA,CAAA;AAAA;AAAA,EACjD,QAAA,GAAmB;AAClB,IAAA,OAAO,kBAAA;AAAA;AAET;AAGO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EAnDnD;AAmDmD,IAAA,MAAA,CAAA,IAAA,EAAA,mBAAA,CAAA;AAAA;AAAA,EAClD,QAAA,GAAmB;AAClB,IAAA,OAAO,mBAAA;AAAA;AAET;AACO,IAAM,mBAAA,GAAN,cAAkC,WAAA,CAAY;AAAA,EAxDrD;AAwDqD,IAAA,MAAA,CAAA,IAAA,EAAA,qBAAA,CAAA;AAAA;AAAA,EACpD,QAAA,GAAmB;AAClB,IAAA,OAAO,qBAAA;AAAA;AAET;AACO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EA7DnD;AA6DmD,IAAA,MAAA,CAAA,IAAA,EAAA,mBAAA,CAAA;AAAA;AAAA,EAClD,QAAA,GAAmB;AAClB,IAAA,OAAO,mBAAA;AAAA;AAET;AAMO,IAAM,wBAAA,GAAN,cAAuC,WAAA,CAAY;AAAA,EAvE1D;AAuE0D,IAAA,MAAA,CAAA,IAAA,EAAA,0BAAA,CAAA;AAAA;AAAA,EACzD,QAAA,GAAmB;AAClB,IAAA,OAAO,0BAAA;AAAA;AAET;AACO,IAAM,uBAAA,GAAN,cAAsC,wBAAA,CAAyB;AAAA,EA5EtE;AA4EsE,IAAA,MAAA,CAAA,IAAA,EAAA,yBAAA,CAAA;AAAA;AAAA,EACrE,QAAA,GAAmB;AAClB,IAAA,OAAO,yBAAA;AAAA;AAET;AACO,IAAM,iBAAA,GAAN,cAAgC,wBAAA,CAAyB;AAAA,EAjFhE;AAiFgE,IAAA,MAAA,CAAA,IAAA,EAAA,mBAAA,CAAA;AAAA;AAAA,EAC/D,QAAA,GAAmB;AAClB,IAAA,OAAO,mBAAA;AAAA;AAET;AACO,IAAM,4BAAA,GAAN,cAA2C,wBAAA,CAAyB;AAAA,EAtF3E;AAsF2E,IAAA,MAAA,CAAA,IAAA,EAAA,8BAAA,CAAA;AAAA;AAAA,EAC1E,QAAA,GAAmB;AAClB,IAAA,OAAO,8BAAA;AAAA;AAET;AACO,IAAM,gBAAA,GAAN,cAA+B,wBAAA,CAAyB;AAAA,EA3F/D;AA2F+D,IAAA,MAAA,CAAA,IAAA,EAAA,kBAAA,CAAA;AAAA;AAAA,EAC9D,QAAA,GAAmB;AAClB,IAAA,OAAO,kBAAA;AAAA;AAET;AACO,IAAM,2BAAA,GAAN,cAA0C,wBAAA,CAAyB;AAAA,EAhG1E;AAgG0E,IAAA,MAAA,CAAA,IAAA,EAAA,6BAAA,CAAA;AAAA;AAAA,EACzE,QAAA,GAAmB;AAClB,IAAA,OAAO,6BAAA;AAAA;AAET;AAKO,IAAM,wBAAA,GAAN,cAAuC,WAAA,CAAY;AAAA,EAzG1D;AAyG0D,IAAA,MAAA,CAAA,IAAA,EAAA,0BAAA,CAAA;AAAA;AAAA,EACzD,QAAA,GAAmB;AAClB,IAAA,OAAO,0BAAA;AAAA;AAET;AACO,IAAM,kBAAA,GAAN,cAAiC,wBAAA,CAAyB;AAAA,EA9GjE;AA8GiE,IAAA,MAAA,CAAA,IAAA,EAAA,oBAAA,CAAA;AAAA;AAAA,EAChE,QAAA,GAAmB;AAClB,IAAA,OAAO,oBAAA;AAAA;AAET;AACO,IAAM,iBAAA,GAAN,cAAgC,wBAAA,CAAyB;AAAA,EAnHhE;AAmHgE,IAAA,MAAA,CAAA,IAAA,EAAA,mBAAA,CAAA;AAAA;AAAA,EAC/D,QAAA,GAAmB;AAClB,IAAA,OAAO,mBAAA;AAAA;AAET;AACO,IAAM,yBAAA,GAAN,cAAwC,wBAAA,CAAyB;AAAA,EAxHxE;AAwHwE,IAAA,MAAA,CAAA,IAAA,EAAA,2BAAA,CAAA;AAAA;AAAA,EACvE,QAAA,GAAmB;AAClB,IAAA,OAAO,2BAAA;AAAA;AAET;AAKO,SAAS,aAAa,QAAA,EAA8C;AAC1E,EAAA,QAAQ,QAAA;AAAU,IACjB,KAAK,iBAAA;AACJ,MAAA,OAAO,IAAI,oBAAoB,QAAA,EAAU;AAAA,QACxC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,eAAA;AACJ,MAAA,OAAO,IAAI,kBAAkB,QAAA,EAAU;AAAA,QACtC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,qBAAA;AACJ,MAAA,OAAO,IAAI,wBAAwB,QAAA,EAAU;AAAA,QAC5C,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,eAAA;AACJ,MAAA,OAAO,IAAI,kBAAkB,QAAA,EAAU;AAAA,QACtC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,2BAAA;AACJ,MAAA,OAAO,IAAI,6BAA6B,QAAA,EAAU;AAAA,QACjD,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,eAAA;AACJ,MAAA,OAAO,IAAI,kBAAkB,QAAA,EAAU;AAAA,QACtC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,cAAA;AACJ,MAAA,OAAO,IAAI,iBAAiB,QAAA,EAAU;AAAA,QACrC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,yBAAA;AACJ,MAAA,OAAO,IAAI,4BAA4B,QAAA,EAAU;AAAA,QAChD,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,gBAAA;AACJ,MAAA,OAAO,IAAI,mBAAmB,QAAA,EAAU;AAAA,QACvC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,wBAAA;AACJ,MAAA,OAAO,IAAI,0BAA0B,QAAA,EAAU;AAAA,QAC9C,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,cAAA;AACJ,MAAA,OAAO,IAAI,iBAAiB,QAAA,EAAU;AAAA,QACrC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF,KAAK,eAAA;AACJ,MAAA,OAAO,IAAI,kBAAkB,QAAA,EAAU;AAAA,QACtC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA,IACF;AACC,MAAA,OAAO,IAAI,aAAa,QAAA,EAAU;AAAA,QACjC,gBAAA,EAAkB;AAAA,OAClB,CAAA;AAAA;AAEJ;AAvDgB,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;;;ACjIV,SAAU,OACd,KAAA,EAAoC;AACpC,EAAA,IAAA,SAAA,EAAA;AAAA,EAAA,KAAA,IAAA,EAAA,GAAA,CAAA,EAAA,EAAA,GAAA,SAAA,CAAA,MAAA,EAAA,EAAA,EAAA,EAAoB;AAApB,IAAA,MAAA,CAAA,EAAA,GAAA,CAAA,CAAA,GAAA,SAAA,CAAA,EAAA,CAAA;;AAEA,EAAA,IAAI,OAAA,GAAU,MAAM,IAAA,CAAK,OAAO,UAAU,QAAA,GAAW,CAAC,KAAK,CAAA,GAAI,KAAK,CAAA;AAGpE,EAAA,OAAA,CAAQ,OAAA,CAAQ,MAAA,GAAS,CAAC,CAAA,GAAI,OAAA,CAAQ,OAAA,CAAQ,MAAA,GAAS,CAAC,CAAA,CAAE,OAAA,CACxD,gBAAA,EACA,EAAE,CAAA;AAIJ,EAAA,IAAM,aAAA,GAAgB,OAAA,CAAQ,MAAA,CAAO,SAAC,KAAK,GAAA,EAAG;AAC5C,IAAA,IAAM,OAAA,GAAU,GAAA,CAAI,KAAA,CAAM,qBAAqB,CAAA;AAC/C,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,OAAO,GAAA,CAAI,MAAA,CACT,OAAA,CAAQ,GAAA,CAAI,SAAC,KAAA,EAAK;AAAA,QAAA,IAAA,EAAA,EAAA,EAAA;AAAK,QAAA,OAAA,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,KAAA,CAAM,KAAA,CAAM,QAAQ,CAAA,MAAC,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,SAAA,EAAA,CAAE,MAAA,MAAM,IAAA,IAAA,EAAA,KAAA,SAAA,EAAA,GAAI,CAAA;AAAC,OAAA,CAAC,CAAA;;AAG9D,IAAA,OAAO,GAAA;AACT,GAAA,EAAa,EAAE,CAAA;AAGf,EAAA,IAAI,cAAc,MAAA,EAAQ;AACxB,IAAA,IAAM,SAAA,GAAU,IAAI,MAAA,CAAO,SAAA,GAAW,IAAA,CAAK,GAAA,CAAG,KAAA,CAAR,IAAA,EAAY,aAAa,CAAA,GAAA,GAAA,EAAM,GAAG,CAAA;AAExE,IAAA,OAAA,GAAU,OAAA,CAAQ,GAAA,CAAI,SAAC,GAAA,EAAG;AAAK,MAAA,OAAA,GAAA,CAAI,OAAA,CAAQ,SAAA,EAAS,IAAI,CAAA;KAAC,CAAA;;AAI3D,EAAA,OAAA,CAAQ,CAAC,CAAA,GAAI,OAAA,CAAQ,CAAC,CAAA,CAAE,OAAA,CAAQ,UAAU,EAAE,CAAA;AAG5C,EAAA,IAAI,MAAA,GAAS,QAAQ,CAAC,CAAA;AAEtB,EAAA,MAAA,CAAO,OAAA,CAAQ,SAAC,KAAA,EAAO,CAAA,EAAC;AAEtB,IAAA,IAAM,YAAA,GAAe,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA;AACjD,IAAA,IAAM,WAAA,GAAc,YAAA,GAAe,YAAA,CAAa,CAAC,CAAA,GAAI,EAAA;AACrD,IAAA,IAAI,aAAA,GAAgB,KAAA;AAEpB,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,QAAA,CAAS,IAAI,CAAA,EAAG;AACrD,MAAA,aAAA,GAAgB,MAAA,CAAO,KAAK,CAAA,CACzB,KAAA,CAAM,IAAI,CAAA,CACV,GAAA,CAAI,SAAC,GAAA,EAAKC,EAAAA,EAAC;AACV,QAAA,OAAOA,EAAAA,KAAM,CAAA,GAAI,GAAA,GAAM,EAAA,GAAG,WAAA,GAAc,GAAA;OACzC,CAAA,CACA,KAAK,IAAI,CAAA;;AAGd,IAAA,MAAA,IAAU,aAAA,GAAgB,OAAA,CAAQ,CAAA,GAAI,CAAC,CAAA;GACxC,CAAA;AAED,EAAA,OAAO,MAAA;AACT;AAvDgB,MAAA,CAAA,MAAA,EAAA,QAAA,CAAA;AAyDhB,IAAA,WAAA,GAAe,MAAA;;;ACjDR,IAAM,kBAAA,GAAqB;AAS3B,IAAM,kCAAkB,MAAA,CAAA,CAAC;AAAA,EAC/B,OAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,EACA,eAAA;AAAA,EACA;AACD,CAAA,KAA4B;AAC3B,EAAA,OACC,OAAA,GACA,CAAA,8BAAA,EACa,kBAAA,CAAmB,QAAQ,CAAC,iBACzB,kBAAA,CAAmB,kBAAkB,CAAC,CAAA,OAAA,EAE7C,kBAAA,CAAmB,CAAC,GAAG,MAAA,EAAQ,gBAAgB,CAAA,CAAE,IAAA,CAAK,GAAG,CAAC,CAAC,CAAA,OAAA,EAC3D,eAAe,CAAA,gBAAA,EACN,kBAAA,CAAmB,aAAa,CAAC,CAAA,2BAAA,CAAA;AAGrD,CAAA,EAlB+B,iBAAA;ACOxB,IAAM,gCAAA,GAAmC;AAKzC,IAAM,wBAAA,GAA2B;AAKjC,IAAM,YAAA,GACZ;AAWM,SAAS,gBAAgB,KAAA,EAAuB;AACtD,EAAA,IAAI,MAAA,GAAS,KAAK,KAAK,CAAA;AACvB,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA;AAClC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA;AAClC,EAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,IAAA,EAAM,EAAE,CAAA;AAChC,EAAA,OAAO,MAAA;AACR;AANgB,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAWhB,eAAsB,iBAAA,GAAwC;AAC7D,EAAA,MAAM,MAAA,GAAS,IAAI,WAAA,CAAY,gCAAgC,CAAA;AAC/D,EAAAC,SAAA,CAAO,gBAAgB,MAAM,CAAA;AAC7B,EAAA,MAAM,YAAA,GAAe,eAAA;AAAA,IACpB,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,CACf,IAAI,CAAC,GAAA,KAAgB,YAAA,CAAa,GAAA,GAAM,YAAA,CAAa,MAAM,CAAC,CAAA,CAC5D,KAAK,EAAE;AAAA,GACV;AACA,EAAA,MAAM,MAAA,GAAS,MAAMA,SAAA,CAAO,MAAA,CAAO,MAAA;AAAA,IAClC,SAAA;AAAA,IACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,YAAY;AAAA,GACtC;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,MAAM,CAAA;AAClC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,MAAM,aAAa,IAAA,CAAK,UAAA;AACxB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,EAAY,CAAA,EAAA,EAAK;AACpC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,IAAA,CAAK,CAAC,CAAC,CAAA;AAAA;AAEtC,EAAA,MAAM,aAAA,GAAgB,gBAAgB,MAAM,CAAA;AAC5C,EAAA,OAAO,EAAE,eAAe,YAAA,EAAa;AACtC;AApBsB,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;;;ACVtB,IAAI,kCAAA,GAAqC,KAAA;AAwBlC,SAAS,oBAAoB,OAAA,EAGhB;AACnB,EAAA,MAAM,EAAE,cAAA,EAAgB,aAAA,EAAc,GAAI,WAAW,EAAC;AAEtD,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACH,IAAA,MAAA,GAAS,kBAAkB,kBAAA,EAAmB;AAAA,GAC/C,CAAA,MAAQ;AACP,IAAA,OAAO,EAAC;AAAA;AAGT,EAAA,MAAM,EAAE,WAAA,EAAa,aAAA,EAAe,eAAA,EAAiB,MAAA,EAAQ,WAAU,GACtE,MAAA;AAED,EAAA,IAAI,WAAA,EAAa;AAChB,IAAA,OAAO;AAAA,MACN,WAAA,EAAa;AAAA,QACZ,KAAA,EAAO,WAAA;AAAA;AAAA,QAEP,QAAQ,eAAA,IAAmB;AAAA,OAC5B;AAAA,MACA,YAAA,EAAc,EAAE,KAAA,EAAO,aAAA,IAAiB,EAAA,EAAG;AAAA,MAC3C;AAAA,KACD;AAAA;AAGD,EAAA,IAAI,SAAA,EAAW;AACd,IAAA,IAAI,CAAC,sCAAsC,aAAA,EAAe;AACzD,MAAA,kCAAA,GAAqC,IAAA;AACrC,MAAA,aAAA,CAAc,IAAA;AAAA,QACb,CAAA;AAAA,KAAA,EACS,cAAA,KAAmB,MAAA,GAAY,qBAAA,EAAsB,GAAI,kBAAkB,CAAA;AAAA;AAAA,+GAAA;AAAA,OAGrF;AAAA;AAED,IAAA,OAAO,EAAE,oBAAoB,SAAA,EAAU;AAAA;AAGxC,EAAA,OAAO,EAAC;AACT;AA1CgB,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA;;;ACXT,SAAS,yBAAA,CACf,KAAA,EACA,KAAA,EACA,MAAA,EACU;AACV,EAAA,IAAI,MAAM,KAAA,EAAO;AAChB,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAA,CAAM,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAM,YAAA,CAAa,KAAA,CAAM,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA;AAElC,IAAA,MAAM,YAAA,CAAa,MAAM,KAAK,CAAA;AAAA;AAG/B,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA;AACnB,EAAA,IAAI,CAAC,IAAA,EAAM;AACV,IAAA,OAAO,KAAA;AAAA;AAGR,EAAA,MAAM,kBAAkB,KAAA,CAAM,KAAA;AAC9B,EAAA,IAAI,eAAA,KAAoB,MAAM,eAAA,EAAiB;AAC9C,IAAA,MAAA,CAAO,IAAA;AAAA,MACN;AAAA,KACD;AACA,IAAA,MAAM,IAAI,+BAA+B,EAAA,EAAI;AAAA,MAC5C,gBAAA,EAAkB;AAAA,KAClB,CAAA;AAAA;AAEF,EAAAC,OAAA,CAAO,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAC,CAAA;AAC3B,EAAA,KAAA,CAAM,iBAAA,GAAoB,IAAA;AAC1B,EAAA,KAAA,CAAM,sCAAA,GAAyC,KAAA;AAC/C,EAAA,OAAO,IAAA;AACR;AA9BgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA;AAoChB,eAAsB,UAAA,CACrB,MAAA,EACA,QAAA,EACA,KAAA,EACA,UAAA,EAIkB;AAClB,EAAA,MAAM,EAAE,aAAA,EAAe,YAAA,EAAa,GAAI,MAAM,iBAAA,EAAkB;AAChE,EAAA,MAAM,kBAAkB,UAAA,CAAW,mBAAA;AAAA,IAClC;AAAA,GACD;AAEA,EAAA,MAAA,CAAO,OAAO,KAAA,EAAO;AAAA,IACpB,aAAA;AAAA,IACA,YAAA;AAAA,IACA;AAAA,GACA,CAAA;AAED,EAAA,OAAO,WAAW,eAAA,CAAgB;AAAA,IACjC,SAAS,iBAAA,EAAkB;AAAA,IAC3B,QAAA;AAAA,IACA,MAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACA,CAAA;AACF;AA3BsB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;AAgCtB,eAAsB,kCAAA,CACrB,QACA,oBAAA,EACyB;AAGzB,EAAA,MAAM,qBAAqB,mBAAA,CAAoB;AAAA,IAC9C,aAAA,EAAe;AAAA,GACf,CAAA,CAAE,YAAA;AACH,EAAA,IAAI,CAAC,kBAAA,EAAoB;AACxB,IAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA;AAG3C,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IAClC,UAAA,EAAY,eAAA;AAAA,IACZ,aAAA,EAAe,oBAAoB,KAAA,IAAS,EAAA;AAAA,IAC5C,WAAW,kBAAA;AAAmB,GAC9B,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,MAAM,cAAA,CAAe,MAAA,EAAQ,QAAQ,oBAAoB,CAAA;AAE1E,EAAA,IAAI,QAAA,CAAS,UAAU,GAAA,EAAK;AAC3B,IAAA,IAAI,mBAAA,GAAsB,MAAA;AAE1B,IAAA,IAAI;AACH,MAAA,mBAAA,GAAsB,MAAM,mBAAA,CAAoB,QAAA,EAAU,MAAM,CAAA;AAAA,aACxD,CAAA,EAAG;AAEX,MAAA,MAAA,CAAO,MAAM,CAAC,CAAA;AAAA;AAGf,IAAA,IAAI,wBAAwB,MAAA,EAAW;AAEtC,MAAA,MAAM,OAAO,mBAAA,KAAwB,QAAA,GAClC,IAAI,KAAA,CAAM,mBAAmB,CAAA,GAC7B,mBAAA;AAAA,KACJ,MAAO;AACN,MAAA,MAAM,IAAI,YAAA;AAAA,QACT,+DAAA;AAAA,QACA,EAAE,kBAAkB,+CAAA;AAAgD,OACrE;AAAA;AACD,GACD,MAAO;AACN,IAAA,IAAI;AACH,MAAA,MAAM,OAAQ,MAAM,mBAAA;AAAA,QACnB,QAAA;AAAA,QACA;AAAA,OACD;AACA,MAAA,IAAI,WAAW,IAAA,EAAM;AACpB,QAAA,MAAM,IAAA,CAAK,KAAA;AAAA;AAGZ,MAAA,MAAM,EAAE,YAAA,EAAc,UAAA,EAAY,aAAA,EAAe,OAAM,GAAI,IAAA;AAE3D,MAAA,MAAM,WAAA,GAA2B;AAAA,QAChC,KAAA,EAAO,YAAA;AAAA,QACP,MAAA,EAAQ,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,UAAA,GAAa,GAAI,CAAA,CAAE,WAAA;AAAY,OAC9D;AAIA,MAAA,MAAM,SAAmB,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,IAAI,EAAC;AASrD,MAAA,MAAM,aAAA,GAA+B;AAAA,QACpC,KAAA,EAAO,WAAA;AAAA,QACP,MAAA;AAAA,QACA,YAAA,EAAc,aAAA,GACX,EAAE,KAAA,EAAO,eAAc,GACvB;AAAA,OACJ;AACA,MAAA,OAAO,aAAA;AAAA,aACC,KAAA,EAAO;AACf,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC9B,QAAA,MAAM,aAAa,KAAK,CAAA;AAAA,OACzB,MAAO;AACN,QAAA,MAAM,KAAA;AAAA;AACP;AACD;AAEF;AAtFsB,MAAA,CAAA,kCAAA,EAAA,oCAAA,CAAA;AA2FtB,eAAsB,8BAAA,CACrB,KAAA,EACA,MAAA,EACA,oBAAA,EACyB;AACzB,EAAA,MAAM,EAAE,iBAAA,EAAmB,YAAA,GAAe,EAAA,EAAG,GAAI,KAAA;AAEjD,EAAA,IAAI,CAAC,YAAA,EAAc;AAClB,IAAA,MAAA,CAAO,KAAK,iCAAiC,CAAA;AAAA,GAC9C,MAAA,IAAW,CAAC,iBAAA,EAAmB;AAC9B,IAAA,MAAA,CAAO,KAAK,8CAA8C,CAAA;AAAA;AAG3D,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IAClC,UAAA,EAAY,CAAA,kBAAA,CAAA;AAAA,IACZ,MAAM,iBAAA,IAAqB,EAAA;AAAA,IAC3B,YAAA,EAAc,kBAAA;AAAA,IACd,WAAW,kBAAA,EAAmB;AAAA,IAC9B,aAAA,EAAe;AAAA,GACf,CAAA;AAED,EAAA,MAAM,QAAA,GAAW,MAAM,cAAA,CAAe,MAAA,EAAQ,QAAQ,oBAAoB,CAAA;AAC1E,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,IAAA,MAAM,EAAE,KAAA,EAAM,GAAK,MAAM,mBAAA,CAAoB,UAAU,MAAM,CAAA;AAI7D,IAAA,IAAI,UAAU,eAAA,EAAiB;AAC9B,MAAA,MAAA,CAAO,IAAI,0DAA0D,CAAA;AAAA;AAItE,IAAA,MAAM,aAAa,KAAK,CAAA;AAAA;AAEzB,EAAA,MAAM,IAAA,GAAQ,MAAM,mBAAA,CAAoB,QAAA,EAAU,MAAM,CAAA;AACxD,EAAA,IAAI,WAAW,IAAA,EAAM;AACpB,IAAA,MAAM,IAAI,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA;AAE3B,EAAA,MAAM,EAAE,YAAA,EAAc,UAAA,EAAY,aAAA,EAAe,OAAM,GAAI,IAAA;AAC3D,EAAA,KAAA,CAAM,sCAAA,GAAyC,IAAA;AAE/C,EAAA,MAAM,aAAa,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,aAAa,GAAI,CAAA;AAC1D,EAAA,MAAM,WAAA,GAA2B;AAAA,IAChC,KAAA,EAAO,YAAA;AAAA,IACP,MAAA,EAAQ,WAAW,WAAA;AAAY,GAChC;AAIA,EAAA,MAAM,SAAmB,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,IAAI,EAAC;AAIrD,EAAA,MAAM,aAAA,GAA+B;AAAA,IACpC,KAAA,EAAO,WAAA;AAAA,IACP,MAAA;AAAA,IACA,YAAA,EAAc,aAAA,GAAgB,EAAE,KAAA,EAAO,eAAc,GAAI;AAAA,GAC1D;AACA,EAAA,OAAO,aAAA;AACR;AA3DsB,MAAA,CAAA,8BAAA,EAAA,gCAAA,CAAA;AAmEtB,eAAsB,cAAA,CACrB,IAAA,EACA,MAAA,EACA,oBAAA,EACoB;AACpB,EAAA,MAAM,OAAA,GAAkC;AAAA,IACvC,cAAA,EAAgB;AAAA,GACjB;AAIA,EAAA,MAAA,CAAO,KAAA;AAAA,IACN,qBAAA;AAAA,IACA,CAAA,WAAA,EAAc,IAAA,CAAK,GAAA,CAAI,YAAY,KAAK,WAAW,CAAA;AAAA,GACpD;AACA,EAAA,IAAI,MAAM,gBAAA,CAAiB,oBAAA,EAAqB,EAAG,MAAM,CAAA,EAAG;AAC3D,IAAA,MAAA,CAAO,KAAA;AAAA,MACN;AAAA,KACD;AAEA,IAAA,MAAM,aAAA,GAAgB,MAAM,0BAAA,CAA2B;AAAA,MACtD,MAAA;AAAA,MACA;AAAA,KACA,CAAA;AACD,IAAA,MAAA,CAAO,MAAA,CAAO,SAAS,aAAa,CAAA;AAAA;AAErC,EAAA,MAAA,CAAO,KAAA,CAAM,0BAAA,EAA4B,kBAAA,EAAoB,CAAA;AAC7D,EAAA,IAAI;AACH,IAAA,MAAM,QAAA,GAAW,MAAMC,KAAAA,CAAM,kBAAA,EAAmB,EAAG;AAAA,MAClD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,MACpB;AAAA,KACA,CAAA;AACD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAA,CAAO,KAAA;AAAA,QACN,6BAAA;AAAA,QACA,QAAA,CAAS,MAAA;AAAA,QACT,QAAA,CAAS;AAAA,OACV;AAAA;AAED,IAAA,OAAO,QAAA;AAAA,WACC,CAAA,EAAG;AACX,IAAA,MAAA,CAAO,KAAA,CAAM,+BAA+B,CAAC,CAAA;AAC7C,IAAA,MAAM,CAAA;AAAA;AAER;AA7CsB,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AA+CtB,eAAe,mBAAA,CACd,UACA,MAAA,EACC;AACD,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,EAAA,IAAI;AACH,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,WACd,CAAA,EAAG;AAEX,IAAA,IAAI,IAAA,CAAK,KAAA,CAAM,iBAAiB,CAAA,EAAG;AAClC,MAAA,MAAA,CAAO,KAAA;AAAA,QACN;AAAA,OACD;AACA,MAAA,IAAI,IAAA,CAAK,KAAA,CAAM,oBAAoB,CAAA,EAAG;AACrC,QAAA,MAAA,CAAO,KAAA;AAAA,UACN,CAAA,0MAAA,EAA6M,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAC,CAAA;AAAA,SAC5O;AAAA;AACD;AAED,IAAA,MAAA,CAAO,KAAA,CAAM,6BAA6B,IAAI,CAAA;AAC9C,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,CAAA,kCAAA,EAAqC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA,CAAA;AAAA,MAC3E,EAAE,OAAO,CAAA;AAAE,KACZ;AAAA;AAEF;AAzBe,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA;;;AC1Rf,eAAsB,aAAA,CACrB,OAAA,EACA,KAAA,EACA,GAAA,EACA,UAAA,EAIyB;AACzB,EAAA,MAAM,YAAY,MAAM,UAAA;AAAA,IACvB,OAAA,CAAQ,MAAA;AAAA,IACR,OAAA,CAAQ,QAAA;AAAA,IACR,KAAA;AAAA,IACA;AAAA,GACD;AACA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI,kBAAA;AACJ,EAAA,MAAM,YAAA,GAAe,IAAI,OAAA,CAAuB,CAAC,GAAG,MAAA,KAAW;AAC9D,IAAA,kBAAA,GAAqB,WAAW,MAAM;AACrC,MAAA,MAAA,CAAO,KAAA,EAAM;AACb,MAAA,YAAA,CAAa,kBAAkB,CAAA;AAC/B,MAAA,MAAA;AAAA,QACC,IAAIJ,SAAAA;AAAA,UACH,6DAAA;AAAA,UACA,EAAE,kBAAkB,kCAAA;AAAmC;AACxD,OACD;AAAA,OACE,IAAM,CAAA;AAAA,GACT,CAAA;AAED,EAAA,MAAM,YAAA,GAAe,IAAI,OAAA,CAAuB,CAAC,SAAS,MAAA,KAAW;AACpE,IAAA,MAAA,GAAS,IAAA,CAAK,YAAA,CAAa,OAAO,GAAA,EAAK,GAAA,KAAQ;AAG9C,MAAA,SAAS,MAAA,CAAO,OAA6B,KAAA,EAAe;AAC3D,QAAA,YAAA,CAAa,kBAAkB,CAAA;AAC/B,QAAA,MAAA,CAAO,KAAA,CAAM,CAAC,QAAA,KAAqB;AAClC,UAAA,IAAI,SAAS,QAAA,EAAU;AACtB,YAAA,MAAA,CAAO,SAAS,QAAQ,CAAA;AAAA,WACzB,MAAO;AACN,YAAAG,QAAO,KAAK,CAAA;AACZ,YAAA,OAAA,CAAQ,KAAK,CAAA;AAAA;AACd,SACA,CAAA;AAAA;AATO,MAAA,MAAA,CAAA,MAAA,EAAA,QAAA,CAAA;AAYT,MAAAA,OAAAA,CAAO,GAAA,CAAI,GAAA,EAAK,iCAAiC,CAAA;AACjD,MAAA,MAAM,EAAE,UAAU,KAAA,EAAM,GAAI,IAAI,KAAA,CAAM,GAAA,CAAI,KAAK,IAAI,CAAA;AACnD,MAAA,IAAI,GAAA,CAAI,WAAW,KAAA,EAAO;AACzB,QAAA,OAAO,GAAA,CAAI,IAAI,IAAI,CAAA;AAAA;AAEpB,MAAA,QAAQ,QAAA;AAAU,QACjB,KAAK,iBAAA,EAAmB;AACvB,UAAA,IAAI,WAAA,GAAc,KAAA;AAClB,UAAA,IAAI;AACH,YAAA,WAAA,GAAc,yBAAA,CAA0B,KAAA,EAAO,KAAA,EAAO,GAAA,CAAI,MAAM,CAAA;AAAA,mBACxD,GAAA,EAAc;AACtB,YAAA,IAAI,eAAe,iBAAA,EAAmB;AACrC,cAAA,GAAA,CAAI,UAAU,GAAA,EAAK;AAAA,gBAClB,QAAA,EAAU,QAAQ,MAAA,CAAO;AAAA,eACzB,CAAA;AACD,cAAA,GAAA,CAAI,IAAI,MAAM;AACb,gBAAA,MAAA;AAAA,kBACC,IAAA;AAAA,kBACA,IAAIH,SAAAA,CAAU,OAAA,CAAQ,MAAA,CAAO,KAAA,EAAO;AAAA,oBACnC,gBAAA,EAAkB;AAAA,mBAClB;AAAA,iBACF;AAAA,eACA,CAAA;AAED,cAAA;AAAA,aACD,MAAO;AACN,cAAA,MAAA,CAAO,MAAM,GAAY,CAAA;AACzB,cAAA;AAAA;AACD;AAED,UAAA,IAAI,CAAC,WAAA,EAAa;AAEjB,YAAA,MAAA;AAAA,cACC,IAAA;AAAA,cACA,IAAI,gBAAgB,EAAA,EAAI;AAAA,gBACvB,gBAAA,EAAkB;AAAA,eAClB;AAAA,aACF;AACA,YAAA;AAAA,WACD,MAAO;AAQN,YAAA,IAAI;AACH,cAAA,MAAM,WAAW,MAAM,8BAAA;AAAA,gBACtB,KAAA;AAAA,gBACA,GAAA,CAAI,MAAA;AAAA,gBACJ,GAAA,CAAI;AAAA,eACL;AACA,cAAA,GAAA,CAAI,UAAU,GAAA,EAAK;AAAA,gBAClB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,eAC1B,CAAA;AACD,cAAA,GAAA,CAAI,IAAI,MAAM;AACb,gBAAA,MAAA,CAAO,QAAQ,CAAA;AAAA,eACf,CAAA;AAAA,qBACO,GAAA,EAAK;AACb,cAAA,MAAA,CAAO,MAAM,GAAY,CAAA;AAAA;AAE1B,YAAA;AAAA;AACD;AACD;AACD,KACA,CAAA;AAED,IAAA,IAAI,OAAA,CAAQ,YAAA,KAAiB,WAAA,IAAe,OAAA,CAAQ,iBAAiB,IAAA,EAAM;AAC1E,MAAA,GAAA,CAAI,MAAA,CAAO,GAAA;AAAA,QACV,CAAA,oCAAA,EAAuC,OAAA,CAAQ,YAAY,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA;AAAA,OACpF;AACA,MAAA,GAAA,CAAI,MAAA,CAAO,GAAA;AAAA,QACV;AAAA,OAED;AAAA;AAKD,IAAA,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,CAAC,GAAA,KAA+B;AACpD,MAAA,YAAA,CAAa,kBAAkB,CAAA;AAC/B,MAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC9B,QAAA,MAAA;AAAA,UACC,IAAIA,SAAAA;AAAA,YACH,CAAA,4CAAA,EAA+C,OAAA,CAAQ,YAAY,CAAA,CAAA,EAAI,QAAQ,YAAY,CAAA,8GAAA,CAAA;AAAA,YAC3F,EAAE,kBAAkB,iCAAA;AAAkC;AACvD,SACD;AAAA,OACD,MAAO;AACN,QAAA,MAAA,CAAO,GAAG,CAAA;AAAA;AACX,KACA,CAAA;AACD,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,YAAA,EAAc,OAAA,CAAQ,YAAY,CAAA;AAAA,GACxD,CAAA;AACD,EAAA,IAAI,QAAQ,OAAA,EAAS;AACpB,IAAA,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,CAAA,wCAAA,EAA2C,SAAS,CAAA,CAAE,CAAA;AACrE,IAAA,MAAM,GAAA,CAAI,cAAc,SAAS,CAAA;AAAA,GAClC,MAAO;AACN,IAAA,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,CAAA,iCAAA,EAAoC,SAAS,CAAA,CAAE,CAAA;AAAA;AAG/D,EAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,YAAA,EAAc,YAAY,CAAC,CAAA;AACjD;AArJsB,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;ACzCf,SAAS,oBAAoB,aAAA,EAA+B;AAClE,EAAA,MAAM,MAAA,GAAS,IAAI,WAAA,CAAY,aAAa,CAAA;AAC5C,EAAAE,SAAAA,CAAO,gBAAgB,MAAM,CAAA;AAC7B,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,CACtB,IAAI,CAAC,GAAA,KAAgB,YAAA,CAAa,GAAA,GAAM,YAAA,CAAa,MAAM,CAAC,CAAA,CAC5D,KAAK,EAAE,CAAA;AACV;AANgB,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA;;;ACoHT,SAAS,gBAAgB,GAAA,EAAqC;AACpE,EAAA,MAAM,iBAAiC,EAAC;AACxC,EAAA,MAAM,UAAA,GAAa;AAAA,IAClB,eAAA,EAAiB,IAAI,eAAA,IAAmB,eAAA;AAAA,IACxC,mBAAA,EAAqB,IAAI,mBAAA,IAAuB;AAAA,GACjD;AAEA,EAAA,eAAe,MAAM,KAAA,EAAqC;AACzD,IAAA,IAAI,GAAA,CAAI,mBAAkB,EAAG;AAG5B,MAAA,GAAA,CAAI,MAAA,CAAO,KAAA;AAAA,QACV;AAAA,OAED;AACA,MAAA,OAAO,KAAA;AAAA;AAGR,IAAA,MAAM,gBAAA,GAAmB,6BAAA;AAAA,MACxB,KAAA,CAAM;AAAA,KACP;AACA,IAAA,IAAI,qBAAqB,cAAA,EAAgB;AACxC,MAAA,MAAM,mBAAA,GAAsB,KAAA,CAAM,gBAAA,EAAkB,iBAAA,GACjD,4CAAA,GACA,mDAAA;AACH,MAAA,MAAM,IAAIF,SAAAA;AAAA,QACT,WAAA;AAAA,0CAAA,EACwC,gBAAgB,CAAA;AAAA,oGAAA,EAC0C,mBAAmB,CAAA;AAAA,GAAA,CAAA;AAAA,QAErH;AAAA,UACC,gBAAA,EAAkB;AAAA;AACnB,OACD;AAAA;AAGD,IAAA,GAAA,CAAI,MAAA,CAAO,IAAI,kCAAkC,CAAA;AAEjD,IAAA,MAAM,QAAQ,MAAM,aAAA;AAAA,MACnB;AAAA,QACC,OAAA,EAAS,MAAM,OAAA,IAAW,IAAA;AAAA,QAC1B,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,UAAU,kBAAA,EAAmB;AAAA,QAC7B,MAAA,EAAQ;AAAA,UACP,GAAA,EAAK,sEAAA;AAAA,UACL,KAAA,EACC;AAAA,SAEF;AAAA,QACA,OAAA,EAAS;AAAA,UACR,GAAA,EAAK;AAAA,SACN;AAAA,QACA,YAAA,EAAc,MAAM,YAAA,IAAgB,WAAA;AAAA,QACpC,YAAA,EAAc,MAAM,YAAA,IAAgB;AAAA,OACrC;AAAA,MACA,cAAA;AAAA,MACA,GAAA;AAAA,MACA;AAAA,KACD;AAEA,IAAA,mBAAA,CAAoB;AAAA,MACnB,WAAA,EAAa,KAAA,CAAM,KAAA,EAAO,KAAA,IAAS,EAAA;AAAA,MACnC,eAAA,EAAiB,MAAM,KAAA,EAAO,MAAA;AAAA,MAC9B,aAAA,EAAe,MAAM,YAAA,EAAc,KAAA;AAAA,MACnC,QAAQ,KAAA,CAAM;AAAA,KACd,CAAA;AAED,IAAA,GAAA,CAAI,MAAA,CAAO,IAAI,CAAA,uBAAA,CAAyB,CAAA;AAExC,IAAA,GAAA,CAAI,oBAAA,IAAuB;AAE3B,IAAA,OAAO,IAAA;AAAA;AAhEO,EAAA,MAAA,CAAA,KAAA,EAAA,OAAA,CAAA;AAmEf,EAAA,SAAS,eAAA,GAA2B;AACnC,IAAA,IAAI,GAAA,CAAI,mBAAkB,EAAG;AAC5B,MAAA,OAAO,KAAA;AAAA;AAER,IAAA,MAAM,EAAE,aAAY,GAAI,mBAAA,CAAoB,EAAE,aAAA,EAAe,GAAA,CAAI,QAAQ,CAAA;AACzE,IAAA,OAAO,OAAA,CAAQ,+BAAe,IAAI,IAAA,MAAU,IAAI,IAAA,CAAK,WAAA,CAAY,MAAM,CAAC,CAAA;AAAA;AALhE,EAAA,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAQT,EAAA,eAAe,YAAA,GAAiC;AAO/C,IAAA,IAAI;AACH,MAAA,MAAM;AAAA,QACL,OAAO,EAAE,KAAA,EAAO,WAAA,EAAa,MAAA,EAAQ,iBAAgB,GAAI;AAAA,UACxD,KAAA,EAAO,EAAA;AAAA,UACP,MAAA,EAAQ;AAAA,SACT;AAAA,QACA,YAAA,EAAc,EAAE,KAAA,EAAO,aAAA,KAAkB,EAAC;AAAA,QAC1C;AAAA,UACG,MAAM,kCAAA;AAAA,QACT,GAAA,CAAI,MAAA;AAAA,QACJ,GAAA,CAAI;AAAA,OACL;AACA,MAAA,mBAAA,CAAoB;AAAA,QACnB,WAAA;AAAA,QACA,eAAA;AAAA,QACA,aAAA;AAAA,QACA;AAAA,OACA,CAAA;AACD,MAAA,OAAO,IAAA;AAAA,aACC,CAAA,EAAG;AACX,MAAA,GAAA,CAAI,MAAA,CAAO,KAAA;AAAA,QACV,yBAAyB,CAAA,YAAa,KAAA,GAAQ,EAAE,OAAA,GAAU,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,OACpE;AACA,MAAA,OAAO,KAAA;AAAA;AACR;AA/Bc,EAAA,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;AAkCf,EAAA,eAAe,yBAAyB,KAAA,EAAqC;AAI5E,IAAA,IAAI,GAAA,CAAI,mBAAkB,EAAG;AAC5B,MAAA,OAAO,IAAA;AAAA;AAGR,IAAA,MAAM,SAAS,mBAAA,CAAoB,EAAE,aAAA,EAAe,GAAA,CAAI,QAAQ,CAAA;AAChE,IAAA,IAAI,CAAC,MAAA,CAAO,WAAA,IAAe,CAAC,OAAO,kBAAA,EAAoB;AAGtD,MAAA,OAAO,CAAC,GAAA,CAAI,oBAAA,EAAqB,IAAM,MAAM,MAAM,KAAK,CAAA;AAAA,KACzD,MAAA,IAAW,iBAAgB,EAAG;AAG7B,MAAA,MAAM,UAAA,GAAa,MAAM,YAAA,EAAa;AACtC,MAAA,IAAI,UAAA,EAAY;AAEf,QAAA,OAAO,IAAA;AAAA,OACR,MAAO;AAEN,QAAA,OAAO,CAAC,GAAA,CAAI,oBAAA,EAAqB,IAAM,MAAM,MAAM,KAAK,CAAA;AAAA;AACzD,KACD,MAAO;AACN,MAAA,OAAO,IAAA;AAAA;AACR;AA1Bc,EAAA,MAAA,CAAA,wBAAA,EAAA,0BAAA,CAAA;AA6Bf,EAAA,eAAe,MAAA,GAAwB;AACtC,IAAA,IAAI,GAAA,CAAI,mBAAkB,EAAG;AAE5B,MAAA,GAAA,CAAI,MAAA,CAAO,GAAA;AAAA,QACV;AAAA,OAED;AACA,MAAA;AAAA;AAGD,IAAA,MAAM,qBAAqB,mBAAA,CAAoB;AAAA,MAC9C,eAAe,GAAA,CAAI;AAAA,KACnB,CAAA,CAAE,YAAA;AACH,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACxB,MAAA,GAAA,CAAI,MAAA,CAAO,IAAI,2BAA2B,CAAA;AAC1C,MAAA;AAAA;AAGD,IAAA,MAAM,IAAA,GACL,CAAA,UAAA,EAAa,kBAAA,CAAmB,kBAAA,EAAoB,CAAC,CAAA,qCAAA,EAE5C,kBAAA,CAAmB,kBAAA,CAAmB,KAAA,IAAS,EAAE,CAAC,CAAA,CAAA;AAE5D,IAAA,MAAM,QAAA,GAAW,MAAMI,KAAAA,CAAM,mBAAA,EAAoB,EAAG;AAAA,MACnD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB;AAAA;AACjB,KACA,CAAA;AACD,IAAA,MAAM,SAAS,IAAA,EAAK;AACpB,IAAA,MAAA,CAAO,uBAAuB,CAAA;AAC9B,IAAA,GAAA,CAAI,MAAA,CAAO,IAAI,CAAA,wBAAA,CAA0B,CAAA;AACzC,IAAA,GAAA,CAAI,oBAAA,IAAuB;AAAA;AAjCb,EAAA,MAAA,CAAA,MAAA,EAAA,QAAA,CAAA;AAoCf,EAAA,eAAe,2BAAA,GAA2D;AAEzE,IAAA,IAAI,SAAS,mBAAA,CAAoB,EAAE,aAAA,EAAe,GAAA,CAAI,QAAQ,CAAA;AAC9D,IAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACxB,MAAA,OAAO,MAAA;AAAA;AAQR,IAAA,MAAM,OAAA,GACL,MAAA,CAAO,WAAA,oBAAe,IAAI,IAAA,MAAU,IAAI,IAAA,CAAK,MAAA,CAAO,WAAA,CAAY,MAAM,CAAA;AACvE,IAAA,IAAI,OAAA,EAAS;AACZ,MAAA,MAAM,UAAA,GAAa,MAAM,YAAA,EAAa;AACtC,MAAA,IAAI,CAAC,UAAA,EAAY;AAChB,QAAA,OAAO,MAAA;AAAA;AAGR,MAAA,MAAA,GAAS,mBAAA,CAAoB,EAAE,aAAA,EAAe,GAAA,CAAI,QAAQ,CAAA;AAAA;AAG3D,IAAA,OAAO,OAAO,WAAA,EAAa,KAAA;AAAA;AAvBb,EAAA,MAAA,CAAA,2BAAA,EAAA,6BAAA,CAAA;AA0Bf,EAAA,OAAO;AAAA,IACN,KAAA;AAAA,IACA,MAAA;AAAA,IACA,wBAAA;AAAA,IACA,2BAAA;AAAA,IACA,eAAA;AAAA,IACA;AAAA,GACD;AACD;AAvNgB,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA","file":"index.mjs","sourcesContent":["/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nfunction getLineColFromPtr(string, ptr) {\n let lines = string.slice(0, ptr).split(/\\r\\n|\\n|\\r/g);\n return [lines.length, lines.pop().length + 1];\n}\nfunction makeCodeBlock(string, line, column) {\n let lines = string.split(/\\r\\n|\\n|\\r/g);\n let codeblock = '';\n let numberLen = (Math.log10(line + 1) | 0) + 1;\n for (let i = line - 1; i <= line + 1; i++) {\n let l = lines[i - 1];\n if (!l)\n continue;\n codeblock += i.toString().padEnd(numberLen, ' ');\n codeblock += ': ';\n codeblock += l;\n codeblock += '\\n';\n if (i === line) {\n codeblock += ' '.repeat(numberLen + column + 2);\n codeblock += '^\\n';\n }\n }\n return codeblock;\n}\nexport class TomlError extends Error {\n line;\n column;\n codeblock;\n constructor(message, options) {\n const [line, column] = getLineColFromPtr(options.toml, options.ptr);\n const codeblock = makeCodeBlock(options.toml, line, column);\n super(`Invalid TOML document: ${message}\\n\\n${codeblock}`, options);\n this.line = line;\n this.column = column;\n this.codeblock = codeblock;\n }\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { TomlError } from './error.js';\nfunction isEscaped(str, ptr) {\n let i = 0;\n while (str[ptr - ++i] === '\\\\')\n ;\n return --i && (i % 2);\n}\nexport function indexOfNewline(str, start = 0, end = str.length) {\n let idx = str.indexOf('\\n', start);\n if (str[idx - 1] === '\\r')\n idx--;\n return idx <= end ? idx : -1;\n}\nexport function skipComment(str, ptr) {\n for (let i = ptr; i < str.length; i++) {\n let c = str[i];\n if (c === '\\n')\n return i;\n if (c === '\\r' && str[i + 1] === '\\n')\n return i + 1;\n if ((c < '\\x20' && c !== '\\t') || c === '\\x7f') {\n throw new TomlError('control characters are not allowed in comments', {\n toml: str,\n ptr: ptr,\n });\n }\n }\n return str.length;\n}\nexport function skipVoid(str, ptr, banNewLines, banComments) {\n let c;\n while ((c = str[ptr]) === ' ' || c === '\\t' || (!banNewLines && (c === '\\n' || c === '\\r' && str[ptr + 1] === '\\n')))\n ptr++;\n return banComments || c !== '#'\n ? ptr\n : skipVoid(str, skipComment(str, ptr), banNewLines);\n}\nexport function skipUntil(str, ptr, sep, end, banNewLines = false) {\n if (!end) {\n ptr = indexOfNewline(str, ptr);\n return ptr < 0 ? str.length : ptr;\n }\n for (let i = ptr; i < str.length; i++) {\n let c = str[i];\n if (c === '#') {\n i = indexOfNewline(str, i);\n }\n else if (c === sep) {\n return i + 1;\n }\n else if (c === end || (banNewLines && (c === '\\n' || (c === '\\r' && str[i + 1] === '\\n')))) {\n return i;\n }\n }\n throw new TomlError('cannot find end of structure', {\n toml: str,\n ptr: ptr\n });\n}\nexport function getStringEnd(str, seek) {\n let first = str[seek];\n let target = first === str[seek + 1] && str[seek + 1] === str[seek + 2]\n ? str.slice(seek, seek + 3)\n : first;\n seek += target.length - 1;\n do\n seek = str.indexOf(target, ++seek);\n while (seek > -1 && first !== \"'\" && isEscaped(str, seek));\n if (seek > -1) {\n seek += target.length;\n if (target.length > 1) {\n if (str[seek] === first)\n seek++;\n if (str[seek] === first)\n seek++;\n }\n }\n return seek;\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nlet DATE_TIME_RE = /^(\\d{4}-\\d{2}-\\d{2})?[T ]?(?:(\\d{2}):\\d{2}:\\d{2}(?:\\.\\d+)?)?(Z|[-+]\\d{2}:\\d{2})?$/i;\nexport class TomlDate extends Date {\n #hasDate = false;\n #hasTime = false;\n #offset = null;\n constructor(date) {\n let hasDate = true;\n let hasTime = true;\n let offset = 'Z';\n if (typeof date === 'string') {\n let match = date.match(DATE_TIME_RE);\n if (match) {\n if (!match[1]) {\n hasDate = false;\n date = `0000-01-01T${date}`;\n }\n hasTime = !!match[2];\n // Make sure to use T instead of a space. Breaks in case of extreme values otherwise.\n hasTime && date[10] === ' ' && (date = date.replace(' ', 'T'));\n // Do not allow rollover hours.\n if (match[2] && +match[2] > 23) {\n date = '';\n }\n else {\n offset = match[3] || null;\n date = date.toUpperCase();\n if (!offset && hasTime)\n date += 'Z';\n }\n }\n else {\n date = '';\n }\n }\n super(date);\n if (!isNaN(this.getTime())) {\n this.#hasDate = hasDate;\n this.#hasTime = hasTime;\n this.#offset = offset;\n }\n }\n isDateTime() {\n return this.#hasDate && this.#hasTime;\n }\n isLocal() {\n return !this.#hasDate || !this.#hasTime || !this.#offset;\n }\n isDate() {\n return this.#hasDate && !this.#hasTime;\n }\n isTime() {\n return this.#hasTime && !this.#hasDate;\n }\n isValid() {\n return this.#hasDate || this.#hasTime;\n }\n toISOString() {\n let iso = super.toISOString();\n // Local Date\n if (this.isDate())\n return iso.slice(0, 10);\n // Local Time\n if (this.isTime())\n return iso.slice(11, 23);\n // Local DateTime\n if (this.#offset === null)\n return iso.slice(0, -1);\n // Offset DateTime\n if (this.#offset === 'Z')\n return iso;\n // This part is quite annoying: JS strips the original timezone from the ISO string representation\n // Instead of using a \"modified\" date and \"Z\", we restore the representation \"as authored\"\n let offset = (+(this.#offset.slice(1, 3)) * 60) + +(this.#offset.slice(4, 6));\n offset = this.#offset[0] === '-' ? offset : -offset;\n let offsetDate = new Date(this.getTime() - (offset * 60e3));\n return offsetDate.toISOString().slice(0, -1) + this.#offset;\n }\n static wrapAsOffsetDateTime(jsDate, offset = 'Z') {\n let date = new TomlDate(jsDate);\n date.#offset = offset;\n return date;\n }\n static wrapAsLocalDateTime(jsDate) {\n let date = new TomlDate(jsDate);\n date.#offset = null;\n return date;\n }\n static wrapAsLocalDate(jsDate) {\n let date = new TomlDate(jsDate);\n date.#hasTime = false;\n date.#offset = null;\n return date;\n }\n static wrapAsLocalTime(jsDate) {\n let date = new TomlDate(jsDate);\n date.#hasDate = false;\n date.#offset = null;\n return date;\n }\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { skipVoid } from './util.js';\nimport { TomlDate } from './date.js';\nimport { TomlError } from './error.js';\nlet INT_REGEX = /^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\\d(_?\\d)*))$/;\nlet FLOAT_REGEX = /^[+-]?\\d(_?\\d)*(\\.\\d(_?\\d)*)?([eE][+-]?\\d(_?\\d)*)?$/;\nlet LEADING_ZERO = /^[+-]?0[0-9_]/;\nlet ESCAPE_REGEX = /^[0-9a-f]{4,8}$/i;\nlet ESC_MAP = {\n b: '\\b',\n t: '\\t',\n n: '\\n',\n f: '\\f',\n r: '\\r',\n '\"': '\"',\n '\\\\': '\\\\',\n};\nexport function parseString(str, ptr = 0, endPtr = str.length) {\n let isLiteral = str[ptr] === '\\'';\n let isMultiline = str[ptr++] === str[ptr] && str[ptr] === str[ptr + 1];\n if (isMultiline) {\n endPtr -= 2;\n if (str[ptr += 2] === '\\r')\n ptr++;\n if (str[ptr] === '\\n')\n ptr++;\n }\n let tmp = 0;\n let isEscape;\n let parsed = '';\n let sliceStart = ptr;\n while (ptr < endPtr - 1) {\n let c = str[ptr++];\n if (c === '\\n' || (c === '\\r' && str[ptr] === '\\n')) {\n if (!isMultiline) {\n throw new TomlError('newlines are not allowed in strings', {\n toml: str,\n ptr: ptr - 1,\n });\n }\n }\n else if ((c < '\\x20' && c !== '\\t') || c === '\\x7f') {\n throw new TomlError('control characters are not allowed in strings', {\n toml: str,\n ptr: ptr - 1,\n });\n }\n if (isEscape) {\n isEscape = false;\n if (c === 'u' || c === 'U') {\n // Unicode escape\n let code = str.slice(ptr, (ptr += (c === 'u' ? 4 : 8)));\n if (!ESCAPE_REGEX.test(code)) {\n throw new TomlError('invalid unicode escape', {\n toml: str,\n ptr: tmp,\n });\n }\n try {\n parsed += String.fromCodePoint(parseInt(code, 16));\n }\n catch {\n throw new TomlError('invalid unicode escape', {\n toml: str,\n ptr: tmp,\n });\n }\n }\n else if (isMultiline && (c === '\\n' || c === ' ' || c === '\\t' || c === '\\r')) {\n // Multiline escape\n ptr = skipVoid(str, ptr - 1, true);\n if (str[ptr] !== '\\n' && str[ptr] !== '\\r') {\n throw new TomlError('invalid escape: only line-ending whitespace may be escaped', {\n toml: str,\n ptr: tmp,\n });\n }\n ptr = skipVoid(str, ptr);\n }\n else if (c in ESC_MAP) {\n // Classic escape\n parsed += ESC_MAP[c];\n }\n else {\n throw new TomlError('unrecognized escape sequence', {\n toml: str,\n ptr: tmp,\n });\n }\n sliceStart = ptr;\n }\n else if (!isLiteral && c === '\\\\') {\n tmp = ptr - 1;\n isEscape = true;\n parsed += str.slice(sliceStart, tmp);\n }\n }\n return parsed + str.slice(sliceStart, endPtr - 1);\n}\nexport function parseValue(value, toml, ptr, integersAsBigInt) {\n // Constant values\n if (value === 'true')\n return true;\n if (value === 'false')\n return false;\n if (value === '-inf')\n return -Infinity;\n if (value === 'inf' || value === '+inf')\n return Infinity;\n if (value === 'nan' || value === '+nan' || value === '-nan')\n return NaN;\n // Avoid FP representation of -0\n if (value === '-0')\n return integersAsBigInt ? 0n : 0;\n // Numbers\n let isInt = INT_REGEX.test(value);\n if (isInt || FLOAT_REGEX.test(value)) {\n if (LEADING_ZERO.test(value)) {\n throw new TomlError('leading zeroes are not allowed', {\n toml: toml,\n ptr: ptr,\n });\n }\n value = value.replace(/_/g, '');\n let numeric = +value;\n if (isNaN(numeric)) {\n throw new TomlError('invalid number', {\n toml: toml,\n ptr: ptr,\n });\n }\n if (isInt) {\n if ((isInt = !Number.isSafeInteger(numeric)) && !integersAsBigInt) {\n throw new TomlError('integer value cannot be represented losslessly', {\n toml: toml,\n ptr: ptr,\n });\n }\n if (isInt || integersAsBigInt === true)\n numeric = BigInt(value);\n }\n return numeric;\n }\n const date = new TomlDate(value);\n if (!date.isValid()) {\n throw new TomlError('invalid value', {\n toml: toml,\n ptr: ptr,\n });\n }\n return date;\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { parseString, parseValue } from './primitive.js';\nimport { parseArray, parseInlineTable } from './struct.js';\nimport { indexOfNewline, skipVoid, skipUntil, skipComment, getStringEnd } from './util.js';\nimport { TomlError } from './error.js';\nfunction sliceAndTrimEndOf(str, startPtr, endPtr, allowNewLines) {\n let value = str.slice(startPtr, endPtr);\n let commentIdx = value.indexOf('#');\n if (commentIdx > -1) {\n // The call to skipComment allows to \"validate\" the comment\n // (absence of control characters)\n skipComment(str, commentIdx);\n value = value.slice(0, commentIdx);\n }\n let trimmed = value.trimEnd();\n if (!allowNewLines) {\n let newlineIdx = value.indexOf('\\n', trimmed.length);\n if (newlineIdx > -1) {\n throw new TomlError('newlines are not allowed in inline tables', {\n toml: str,\n ptr: startPtr + newlineIdx\n });\n }\n }\n return [trimmed, commentIdx];\n}\nexport function extractValue(str, ptr, end, depth, integersAsBigInt) {\n if (depth === 0) {\n throw new TomlError('document contains excessively nested structures. aborting.', {\n toml: str,\n ptr: ptr\n });\n }\n let c = str[ptr];\n if (c === '[' || c === '{') {\n let [value, endPtr] = c === '['\n ? parseArray(str, ptr, depth, integersAsBigInt)\n : parseInlineTable(str, ptr, depth, integersAsBigInt);\n let newPtr = end ? skipUntil(str, endPtr, ',', end) : endPtr;\n if (endPtr - newPtr && end === '}') {\n let nextNewLine = indexOfNewline(str, endPtr, newPtr);\n if (nextNewLine > -1) {\n throw new TomlError('newlines are not allowed in inline tables', {\n toml: str,\n ptr: nextNewLine\n });\n }\n }\n return [value, newPtr];\n }\n let endPtr;\n if (c === '\"' || c === \"'\") {\n endPtr = getStringEnd(str, ptr);\n let parsed = parseString(str, ptr, endPtr);\n if (end) {\n endPtr = skipVoid(str, endPtr, end !== ']');\n if (str[endPtr] && str[endPtr] !== ',' && str[endPtr] !== end && str[endPtr] !== '\\n' && str[endPtr] !== '\\r') {\n throw new TomlError('unexpected character encountered', {\n toml: str,\n ptr: endPtr,\n });\n }\n endPtr += (+(str[endPtr] === ','));\n }\n return [parsed, endPtr];\n }\n endPtr = skipUntil(str, ptr, ',', end);\n let slice = sliceAndTrimEndOf(str, ptr, endPtr - (+(str[endPtr - 1] === ',')), end === ']');\n if (!slice[0]) {\n throw new TomlError('incomplete key-value declaration: no value specified', {\n toml: str,\n ptr: ptr\n });\n }\n if (end && slice[1] > -1) {\n endPtr = skipVoid(str, ptr + slice[1]);\n endPtr += +(str[endPtr] === ',');\n }\n return [\n parseValue(slice[0], str, ptr, integersAsBigInt),\n endPtr,\n ];\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { parseString } from './primitive.js';\nimport { extractValue } from './extract.js';\nimport { getStringEnd, indexOfNewline, skipComment, skipVoid } from './util.js';\nimport { TomlError } from './error.js';\nlet KEY_PART_RE = /^[a-zA-Z0-9-_]+[ \\t]*$/;\nexport function parseKey(str, ptr, end = '=') {\n let dot = ptr - 1;\n let parsed = [];\n let endPtr = str.indexOf(end, ptr);\n if (endPtr < 0) {\n throw new TomlError('incomplete key-value: cannot find end of key', {\n toml: str,\n ptr: ptr,\n });\n }\n do {\n let c = str[ptr = ++dot];\n // If it's whitespace, ignore\n if (c !== ' ' && c !== '\\t') {\n // If it's a string\n if (c === '\"' || c === '\\'') {\n if (c === str[ptr + 1] && c === str[ptr + 2]) {\n throw new TomlError('multiline strings are not allowed in keys', {\n toml: str,\n ptr: ptr,\n });\n }\n let eos = getStringEnd(str, ptr);\n if (eos < 0) {\n throw new TomlError('unfinished string encountered', {\n toml: str,\n ptr: ptr,\n });\n }\n dot = str.indexOf('.', eos);\n let strEnd = str.slice(eos, dot < 0 || dot > endPtr ? endPtr : dot);\n let newLine = indexOfNewline(strEnd);\n if (newLine > -1) {\n throw new TomlError('newlines are not allowed in keys', {\n toml: str,\n ptr: ptr + dot + newLine,\n });\n }\n if (strEnd.trimStart()) {\n throw new TomlError('found extra tokens after the string part', {\n toml: str,\n ptr: eos,\n });\n }\n if (endPtr < eos) {\n endPtr = str.indexOf(end, eos);\n if (endPtr < 0) {\n throw new TomlError('incomplete key-value: cannot find end of key', {\n toml: str,\n ptr: ptr,\n });\n }\n }\n parsed.push(parseString(str, ptr, eos));\n }\n else {\n // Normal raw key part consumption and validation\n dot = str.indexOf('.', ptr);\n let part = str.slice(ptr, dot < 0 || dot > endPtr ? endPtr : dot);\n if (!KEY_PART_RE.test(part)) {\n throw new TomlError('only letter, numbers, dashes and underscores are allowed in keys', {\n toml: str,\n ptr: ptr,\n });\n }\n parsed.push(part.trimEnd());\n }\n }\n // Until there's no more dot\n } while (dot + 1 && dot < endPtr);\n return [parsed, skipVoid(str, endPtr + 1, true, true)];\n}\nexport function parseInlineTable(str, ptr, depth, integersAsBigInt) {\n let res = {};\n let seen = new Set();\n let c;\n let comma = 0;\n ptr++;\n while ((c = str[ptr++]) !== '}' && c) {\n let err = { toml: str, ptr: ptr - 1 };\n if (c === '\\n') {\n throw new TomlError('newlines are not allowed in inline tables', err);\n }\n else if (c === '#') {\n throw new TomlError('inline tables cannot contain comments', err);\n }\n else if (c === ',') {\n throw new TomlError('expected key-value, found comma', err);\n }\n else if (c !== ' ' && c !== '\\t') {\n let k;\n let t = res;\n let hasOwn = false;\n let [key, keyEndPtr] = parseKey(str, ptr - 1);\n for (let i = 0; i < key.length; i++) {\n if (i)\n t = hasOwn ? t[k] : (t[k] = {});\n k = key[i];\n if ((hasOwn = Object.hasOwn(t, k)) && (typeof t[k] !== 'object' || seen.has(t[k]))) {\n throw new TomlError('trying to redefine an already defined value', {\n toml: str,\n ptr: ptr,\n });\n }\n if (!hasOwn && k === '__proto__') {\n Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });\n }\n }\n if (hasOwn) {\n throw new TomlError('trying to redefine an already defined value', {\n toml: str,\n ptr: ptr,\n });\n }\n let [value, valueEndPtr] = extractValue(str, keyEndPtr, '}', depth - 1, integersAsBigInt);\n seen.add(value);\n t[k] = value;\n ptr = valueEndPtr;\n comma = str[ptr - 1] === ',' ? ptr - 1 : 0;\n }\n }\n if (comma) {\n throw new TomlError('trailing commas are not allowed in inline tables', {\n toml: str,\n ptr: comma,\n });\n }\n if (!c) {\n throw new TomlError('unfinished table encountered', {\n toml: str,\n ptr: ptr,\n });\n }\n return [res, ptr];\n}\nexport function parseArray(str, ptr, depth, integersAsBigInt) {\n let res = [];\n let c;\n ptr++;\n while ((c = str[ptr++]) !== ']' && c) {\n if (c === ',') {\n throw new TomlError('expected value, found comma', {\n toml: str,\n ptr: ptr - 1,\n });\n }\n else if (c === '#')\n ptr = skipComment(str, ptr);\n else if (c !== ' ' && c !== '\\t' && c !== '\\n' && c !== '\\r') {\n let e = extractValue(str, ptr - 1, ']', depth - 1, integersAsBigInt);\n res.push(e[0]);\n ptr = e[1];\n }\n }\n if (!c) {\n throw new TomlError('unfinished array encountered', {\n toml: str,\n ptr: ptr,\n });\n }\n return [res, ptr];\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { parseKey } from './struct.js';\nimport { extractValue } from './extract.js';\nimport { skipVoid } from './util.js';\nimport { TomlError } from './error.js';\nfunction peekTable(key, table, meta, type) {\n let t = table;\n let m = meta;\n let k;\n let hasOwn = false;\n let state;\n for (let i = 0; i < key.length; i++) {\n if (i) {\n t = hasOwn ? t[k] : (t[k] = {});\n m = (state = m[k]).c;\n if (type === 0 /* Type.DOTTED */ && (state.t === 1 /* Type.EXPLICIT */ || state.t === 2 /* Type.ARRAY */)) {\n return null;\n }\n if (state.t === 2 /* Type.ARRAY */) {\n let l = t.length - 1;\n t = t[l];\n m = m[l].c;\n }\n }\n k = key[i];\n if ((hasOwn = Object.hasOwn(t, k)) && m[k]?.t === 0 /* Type.DOTTED */ && m[k]?.d) {\n return null;\n }\n if (!hasOwn) {\n if (k === '__proto__') {\n Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });\n Object.defineProperty(m, k, { enumerable: true, configurable: true, writable: true });\n }\n m[k] = {\n t: i < key.length - 1 && type === 2 /* Type.ARRAY */\n ? 3 /* Type.ARRAY_DOTTED */\n : type,\n d: false,\n i: 0,\n c: {},\n };\n }\n }\n state = m[k];\n if (state.t !== type && !(type === 1 /* Type.EXPLICIT */ && state.t === 3 /* Type.ARRAY_DOTTED */)) {\n // Bad key type!\n return null;\n }\n if (type === 2 /* Type.ARRAY */) {\n if (!state.d) {\n state.d = true;\n t[k] = [];\n }\n t[k].push(t = {});\n state.c[state.i++] = (state = { t: 1 /* Type.EXPLICIT */, d: false, i: 0, c: {} });\n }\n if (state.d) {\n // Redefining a table!\n return null;\n }\n state.d = true;\n if (type === 1 /* Type.EXPLICIT */) {\n t = hasOwn ? t[k] : (t[k] = {});\n }\n else if (type === 0 /* Type.DOTTED */ && hasOwn) {\n return null;\n }\n return [k, t, state.c];\n}\nexport function parse(toml, { maxDepth = 1000, integersAsBigInt } = {}) {\n let res = {};\n let meta = {};\n let tbl = res;\n let m = meta;\n for (let ptr = skipVoid(toml, 0); ptr < toml.length;) {\n if (toml[ptr] === '[') {\n let isTableArray = toml[++ptr] === '[';\n let k = parseKey(toml, ptr += +isTableArray, ']');\n if (isTableArray) {\n if (toml[k[1] - 1] !== ']') {\n throw new TomlError('expected end of table declaration', {\n toml: toml,\n ptr: k[1] - 1,\n });\n }\n k[1]++;\n }\n let p = peekTable(k[0], res, meta, isTableArray ? 2 /* Type.ARRAY */ : 1 /* Type.EXPLICIT */);\n if (!p) {\n throw new TomlError('trying to redefine an already defined table or value', {\n toml: toml,\n ptr: ptr,\n });\n }\n m = p[2];\n tbl = p[1];\n ptr = k[1];\n }\n else {\n let k = parseKey(toml, ptr);\n let p = peekTable(k[0], tbl, m, 0 /* Type.DOTTED */);\n if (!p) {\n throw new TomlError('trying to redefine an already defined table or value', {\n toml: toml,\n ptr: ptr,\n });\n }\n let v = extractValue(toml, k[1], void 0, maxDepth, integersAsBigInt);\n p[1][p[0]] = v[0];\n ptr = v[1];\n }\n ptr = skipVoid(toml, ptr, true);\n if (toml[ptr] && toml[ptr] !== '\\n' && toml[ptr] !== '\\r') {\n throw new TomlError('each key-value declaration must be followed by an end-of-line', {\n toml: toml,\n ptr: ptr\n });\n }\n ptr = skipVoid(toml, ptr);\n }\n return res;\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nlet BARE_KEY = /^[a-z0-9-_]+$/i;\nfunction extendedTypeOf(obj) {\n let type = typeof obj;\n if (type === 'object') {\n if (Array.isArray(obj))\n return 'array';\n if (obj instanceof Date)\n return 'date';\n }\n return type;\n}\nfunction isArrayOfTables(obj) {\n for (let i = 0; i < obj.length; i++) {\n if (extendedTypeOf(obj[i]) !== 'object')\n return false;\n }\n return obj.length != 0;\n}\nfunction formatString(s) {\n return JSON.stringify(s).replace(/\\x7f/g, '\\\\u007f');\n}\nfunction stringifyValue(val, type, depth, numberAsFloat) {\n if (depth === 0) {\n throw new Error('Could not stringify the object: maximum object depth exceeded');\n }\n if (type === 'number') {\n if (isNaN(val))\n return 'nan';\n if (val === Infinity)\n return 'inf';\n if (val === -Infinity)\n return '-inf';\n if (numberAsFloat && Number.isInteger(val))\n return val.toFixed(1);\n return val.toString();\n }\n if (type === 'bigint' || type === 'boolean') {\n return val.toString();\n }\n if (type === 'string') {\n return formatString(val);\n }\n if (type === 'date') {\n if (isNaN(val.getTime())) {\n throw new TypeError('cannot serialize invalid date');\n }\n return val.toISOString();\n }\n if (type === 'object') {\n return stringifyInlineTable(val, depth, numberAsFloat);\n }\n if (type === 'array') {\n return stringifyArray(val, depth, numberAsFloat);\n }\n}\nfunction stringifyInlineTable(obj, depth, numberAsFloat) {\n let keys = Object.keys(obj);\n if (keys.length === 0)\n return '{}';\n let res = '{ ';\n for (let i = 0; i < keys.length; i++) {\n let k = keys[i];\n if (i)\n res += ', ';\n res += BARE_KEY.test(k) ? k : formatString(k);\n res += ' = ';\n res += stringifyValue(obj[k], extendedTypeOf(obj[k]), depth - 1, numberAsFloat);\n }\n return res + ' }';\n}\nfunction stringifyArray(array, depth, numberAsFloat) {\n if (array.length === 0)\n return '[]';\n let res = '[ ';\n for (let i = 0; i < array.length; i++) {\n if (i)\n res += ', ';\n if (array[i] === null || array[i] === void 0) {\n throw new TypeError('arrays cannot contain null or undefined values');\n }\n res += stringifyValue(array[i], extendedTypeOf(array[i]), depth - 1, numberAsFloat);\n }\n return res + ' ]';\n}\nfunction stringifyArrayTable(array, key, depth, numberAsFloat) {\n if (depth === 0) {\n throw new Error('Could not stringify the object: maximum object depth exceeded');\n }\n let res = '';\n for (let i = 0; i < array.length; i++) {\n res += `${res && '\\n'}[[${key}]]\\n`;\n res += stringifyTable(0, array[i], key, depth, numberAsFloat);\n }\n return res;\n}\nfunction stringifyTable(tableKey, obj, prefix, depth, numberAsFloat) {\n if (depth === 0) {\n throw new Error('Could not stringify the object: maximum object depth exceeded');\n }\n let preamble = '';\n let tables = '';\n let keys = Object.keys(obj);\n for (let i = 0; i < keys.length; i++) {\n let k = keys[i];\n if (obj[k] !== null && obj[k] !== void 0) {\n let type = extendedTypeOf(obj[k]);\n if (type === 'symbol' || type === 'function') {\n throw new TypeError(`cannot serialize values of type '${type}'`);\n }\n let key = BARE_KEY.test(k) ? k : formatString(k);\n if (type === 'array' && isArrayOfTables(obj[k])) {\n tables += (tables && '\\n') + stringifyArrayTable(obj[k], prefix ? `${prefix}.${key}` : key, depth - 1, numberAsFloat);\n }\n else if (type === 'object') {\n let tblKey = prefix ? `${prefix}.${key}` : key;\n tables += (tables && '\\n') + stringifyTable(tblKey, obj[k], tblKey, depth - 1, numberAsFloat);\n }\n else {\n preamble += key;\n preamble += ' = ';\n preamble += stringifyValue(obj[k], type, depth, numberAsFloat);\n preamble += '\\n';\n }\n }\n }\n if (tableKey && (preamble || !tables)) // Create table only if necessary\n preamble = preamble ? `[${tableKey}]\\n${preamble}` : `[${tableKey}]`;\n return preamble && tables\n ? `${preamble}\\n${tables}`\n : preamble || tables;\n}\nexport function stringify(obj, { maxDepth = 1000, numbersAsFloat = false } = {}) {\n if (extendedTypeOf(obj) !== 'object') {\n throw new TypeError('stringify can only be called with an object');\n }\n let str = stringifyTable(0, obj, '', maxDepth, numbersAsFloat);\n if (str[str.length - 1] !== '\\n')\n return str + '\\n';\n return str;\n}\n","/*!\n * Copyright (c) Squirrel Chat et al., All rights reserved.\n * SPDX-License-Identifier: BSD-3-Clause\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions are met:\n *\n * 1. Redistributions of source code must retain the above copyright notice, this\n * list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright notice,\n * this list of conditions and the following disclaimer in the\n * documentation and/or other materials provided with the distribution.\n * 3. Neither the name of the copyright holder nor the names of its contributors\n * may be used to endorse or promote products derived from this software without\n * specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\n * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\n * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\n * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n */\nimport { parse } from './parse.js';\nimport { stringify } from './stringify.js';\nimport { TomlDate } from './date.js';\nimport { TomlError } from './error.js';\nexport default { parse, stringify, TomlDate, TomlError };\nexport { parse, stringify, TomlDate, TomlError };\n","import { mkdirSync, writeFileSync } from \"node:fs\";\nimport path from \"node:path\";\nimport {\n\tgetCloudflareApiEnvironmentFromEnv,\n\tgetGlobalWranglerConfigPath,\n\tparseTOML,\n\treadFileSync,\n} from \"@cloudflare/workers-utils\";\nimport TOML from \"smol-toml\";\n\n/**\n * The data that may be read from the on-disk user auth config file.\n */\nexport interface UserAuthConfig {\n\toauth_token?: string;\n\trefresh_token?: string;\n\texpiration_time?: string;\n\tscopes?: string[];\n\t/** @deprecated - this field was only provided by the deprecated v1 `wrangler config` command. */\n\tapi_token?: string;\n}\n\n/**\n * The path to the config file that holds user authentication data,\n * relative to the user's home directory.\n */\nconst USER_AUTH_CONFIG_PATH = \"config\";\n\n/**\n * Returns the absolute path to the auth config TOML file.\n *\n * The file lives under the global Wrangler config directory and is named\n * `default.toml` in production, or `<environment>.toml` for the staging /\n * other Cloudflare API environments.\n */\nexport function getAuthConfigFilePath(): string {\n\tconst environment = getCloudflareApiEnvironmentFromEnv();\n\tconst filePath = `${USER_AUTH_CONFIG_PATH}/${environment === \"production\" ? \"default.toml\" : `${environment}.toml`}`;\n\treturn path.join(getGlobalWranglerConfigPath(), filePath);\n}\n\n/**\n * Writes the user auth config to disk.\n *\n * No in-memory cache to invalidate — auth state is read on demand by every call\n * site that needs it. Callers are responsible for any consumer-side cache\n * purging (e.g. via the {@link OAuthFlowContext.purgeOnLoginOrLogout} hook).\n */\nexport function writeAuthConfigFile(config: UserAuthConfig): void {\n\tconst configPath = getAuthConfigFilePath();\n\n\tmkdirSync(path.dirname(configPath), {\n\t\trecursive: true,\n\t});\n\twriteFileSync(configPath, TOML.stringify(config), {\n\t\tencoding: \"utf-8\",\n\t});\n}\n\n/**\n * Reads the user auth config from disk.\n *\n * @throws if the file does not exist or cannot be parsed as TOML. Callers\n * typically catch this and treat the failure as \"not logged in via local OAuth\".\n */\nexport function readAuthConfigFile(): UserAuthConfig {\n\treturn parseTOML(readFileSync(getAuthConfigFilePath())) as UserAuthConfig;\n}\n","import {\n\tgetCloudflareApiEnvironmentFromEnv,\n\tgetEnvironmentVariableFactory,\n} from \"@cloudflare/workers-utils\";\n\n/**\n * `WRANGLER_CLIENT_ID` is a UUID that is used to identify Wrangler\n * to the Cloudflare APIs.\n *\n * Normally you should not need to set this explicitly.\n * If you want to switch to the staging environment set the\n * `WRANGLER_API_ENVIRONMENT=staging` environment variable instead.\n */\nexport const getClientIdFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_CLIENT_ID\",\n\tdefaultValue: () =>\n\t\tgetCloudflareApiEnvironmentFromEnv() === \"staging\"\n\t\t\t? \"4b2ea6cc-9421-4761-874b-ce550e0e3def\"\n\t\t\t: \"54d11594-84e4-41aa-b438-e81b8fa78ee7\",\n});\n\n/**\n * `WRANGLER_AUTH_DOMAIN` is the URL base domain that is used\n * to access OAuth URLs for the Cloudflare APIs.\n *\n * Normally you should not need to set this explicitly.\n * If you want to switch to the staging environment set the\n * `WRANGLER_API_ENVIRONMENT=staging` environment variable instead.\n */\nexport const getAuthDomainFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_AUTH_DOMAIN\",\n\tdefaultValue: () =>\n\t\tgetCloudflareApiEnvironmentFromEnv() === \"staging\"\n\t\t\t? \"dash.staging.cloudflare.com\"\n\t\t\t: \"dash.cloudflare.com\",\n});\n\n/**\n * `WRANGLER_AUTH_URL` is the path that is used to access OAuth\n * for the Cloudflare APIs.\n *\n * Normally you should not need to set this explicitly.\n * If you want to switch to the staging environment set the\n * `WRANGLER_API_ENVIRONMENT=staging` environment variable instead.\n */\nexport const getAuthUrlFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_AUTH_URL\",\n\tdefaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/auth`,\n});\n\n/**\n * `WRANGLER_TOKEN_URL` is the path that is used to exchange an OAuth\n * token for an API token.\n *\n * Normally you should not need to set this explicitly.\n * If you want to switch to the staging environment set the\n * `WRANGLER_API_ENVIRONMENT=staging` environment variable instead.\n */\nexport const getTokenUrlFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_TOKEN_URL\",\n\tdefaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/token`,\n});\n\n/**\n * `WRANGLER_REVOKE_URL` is the path that is used to exchange an OAuth\n * refresh token for a new OAuth token.\n *\n * Normally you should not need to set this explicitly.\n * If you want to switch to the staging environment set the\n * `WRANGLER_API_ENVIRONMENT=staging` environment variable instead.\n */\nexport const getRevokeUrlFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_REVOKE_URL\",\n\tdefaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/revoke`,\n});\n\n/**\n * `CLOUDFLARE_ACCESS_CLIENT_ID` is the Client ID of a Cloudflare Access Service Token.\n * Used together with `CLOUDFLARE_ACCESS_CLIENT_SECRET` to authenticate with\n * Access-protected domains in non-interactive environments (e.g. CI).\n *\n * @see https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/service-tokens/\n */\nexport const getAccessClientIdFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"CLOUDFLARE_ACCESS_CLIENT_ID\",\n});\n\n/**\n * `CLOUDFLARE_ACCESS_CLIENT_SECRET` is the Client Secret of a Cloudflare Access Service Token.\n * Used together with `CLOUDFLARE_ACCESS_CLIENT_ID` to authenticate with\n * Access-protected domains in non-interactive environments (e.g. CI).\n *\n * @see https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/service-tokens/\n */\nexport const getAccessClientSecretFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"CLOUDFLARE_ACCESS_CLIENT_SECRET\",\n});\n\n/**\n * `WRANGLER_CF_AUTHORIZATION_TOKEN` is an explicit `CF_Authorization` cookie value\n * used to authenticate against the OAuth auth domain when it is Access-protected\n * (typically staging). When set, the OAuth flow skips Access detection and uses\n * this token directly.\n */\nexport const getCfAuthorizationTokenFromEnv = getEnvironmentVariableFactory({\n\tvariableName: \"WRANGLER_CF_AUTHORIZATION_TOKEN\",\n});\n","import { spawnSync } from \"node:child_process\";\nimport { UserError } from \"@cloudflare/workers-utils\";\nimport { fetch } from \"undici\";\nimport {\n\tgetAccessClientIdFromEnv,\n\tgetAccessClientSecretFromEnv,\n\tgetAuthDomainFromEnv,\n\tgetCfAuthorizationTokenFromEnv,\n} from \"./env-vars\";\nimport type { OAuthFlowLogger } from \"./context\";\n\nconst headersCache: Record<string, Record<string, string>> = {};\n\nconst usesAccessCache = new Map<string, boolean>();\n\n/**\n * Clear internal caches. Exported for use in tests only.\n */\nexport function clearAccessCaches(): void {\n\tfor (const key of Object.keys(headersCache)) {\n\t\tdelete headersCache[key];\n\t}\n\tusesAccessCache.clear();\n}\n\n/**\n * Probe a domain to detect whether it is sitting behind Cloudflare Access.\n *\n * A 302 to `cloudflareaccess.com` is the canonical signal. Service-auth-only\n * Access applications return a hard 403 instead and are therefore not detected\n * here — see {@link getAccessHeaders} for how this is handled.\n */\nexport async function domainUsesAccess(\n\tdomain: string,\n\tlogger: OAuthFlowLogger\n): Promise<boolean> {\n\tlogger.debug(\"Checking if domain has Access enabled:\", domain);\n\n\tif (usesAccessCache.has(domain)) {\n\t\tlogger.debug(\n\t\t\t\"Using cached Access switch for:\",\n\t\t\tdomain,\n\t\t\tusesAccessCache.get(domain)\n\t\t);\n\t\treturn usesAccessCache.get(domain) ?? false;\n\t}\n\tlogger.debug(\"Access switch not cached for:\", domain);\n\ttry {\n\t\tconst controller = new AbortController();\n\t\tconst cancel = setTimeout(() => {\n\t\t\tcontroller.abort();\n\t\t}, 1000);\n\n\t\tconst output = await fetch(`https://${domain}`, {\n\t\t\tredirect: \"manual\",\n\t\t\tsignal: controller.signal,\n\t\t});\n\t\tclearTimeout(cancel);\n\t\tconst usesAccess = !!(\n\t\t\toutput.status === 302 &&\n\t\t\toutput.headers.get(\"location\")?.includes(\"cloudflareaccess.com\")\n\t\t);\n\t\tlogger.debug(\"Caching access switch for:\", domain);\n\n\t\tusesAccessCache.set(domain, usesAccess);\n\t\treturn usesAccess;\n\t} catch {\n\t\tusesAccessCache.set(domain, false);\n\t\treturn false;\n\t}\n}\n\n/**\n * Get the headers needed to authenticate with an Access-protected domain.\n *\n * @param domain The hostname of the Access-protected domain (e.g. `\"example.com\"`).\n * @param options logger + an `isNonInteractiveOrCI` predicate used to\n * produce an actionable error in CI; both default to no-op / `false`.\n * @returns\n * - Service token headers (`CF-Access-Client-Id` + `CF-Access-Client-Secret`) if env vars are set\n * - A `Cookie: CF_Authorization=...` header if obtained via `cloudflared` (interactive only)\n * - An empty object if the domain is not behind Access\n * @throws {UserError} If the response does not contain a `CF_Authorization` cookie,\n * indicating the service token is invalid, expired, or lacks a Service Auth policy.\n * Also throws in non-interactive environments when the domain is behind Access\n * but no service token credentials are configured.\n */\nexport async function getAccessHeaders(\n\tdomain: string,\n\toptions: {\n\t\tlogger: OAuthFlowLogger;\n\t\tisNonInteractiveOrCI: () => boolean;\n\t}\n): Promise<Record<string, string>> {\n\tconst logger = options.logger;\n\tconst isNonInteractiveOrCI = options.isNonInteractiveOrCI;\n\n\t// 1. If Access Service Token credentials are provided, use them directly.\n\t//\n\t// This check intentionally comes before `domainUsesAccess()`, which detects\n\t// Access by looking for a 302 redirect to `cloudflareaccess.com`. When an\n\t// Access application is configured to only allow Service Auth tokens (no\n\t// interactive user authentication), the domain responds with a hard 403\n\t// instead of redirecting, so `domainUsesAccess()` returns false. If we\n\t// gated the env var check on `domainUsesAccess()` we would never attach\n\t// the service token headers and the request would fail with a 403.\n\tconst clientId = getAccessClientIdFromEnv();\n\tconst clientSecret = getAccessClientSecretFromEnv();\n\n\tif (clientId && clientSecret) {\n\t\tlogger.debug(\"Using Access Service Token headers for domain:\", domain);\n\t\tconst headers = {\n\t\t\t\"CF-Access-Client-Id\": clientId,\n\t\t\t\"CF-Access-Client-Secret\": clientSecret,\n\t\t};\n\t\theadersCache[domain] = headers;\n\t\treturn headers;\n\t}\n\n\t// Warn if only one of the two env vars is set\n\tif (clientId !== undefined || clientSecret !== undefined) {\n\t\tlogger.warn(\n\t\t\t\"Both CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET must be set to use Access Service Token authentication. \" +\n\t\t\t\t`Only ${\n\t\t\t\t\tclientId !== undefined\n\t\t\t\t\t\t? \"CLOUDFLARE_ACCESS_CLIENT_ID\"\n\t\t\t\t\t\t: \"CLOUDFLARE_ACCESS_CLIENT_SECRET\"\n\t\t\t\t} was found.`\n\t\t);\n\t}\n\n\tif (!(await domainUsesAccess(domain, logger))) {\n\t\treturn {};\n\t}\n\tlogger.debug(\"Getting Access headers for domain:\", domain);\n\tif (headersCache[domain]) {\n\t\tlogger.debug(\"Using cached Access headers for domain:\", domain);\n\t\treturn headersCache[domain];\n\t}\n\n\t// 2. If non-interactive (CI), error with actionable message\n\tif (isNonInteractiveOrCI()) {\n\t\tthrow new UserError(\n\t\t\t`The domain \"${domain}\" is behind Cloudflare Access, but no Access Service Token credentials were found ` +\n\t\t\t\t`and the current environment is non-interactive.\\n` +\n\t\t\t\t`Set the CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET environment variables ` +\n\t\t\t\t`to authenticate with an Access Service Token.\\n` +\n\t\t\t\t`See https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/service-tokens/`,\n\t\t\t{\n\t\t\t\ttelemetryMessage: \"user access missing service token non interactive\",\n\t\t\t}\n\t\t);\n\t}\n\n\t// 3. Interactive: fall back to cloudflared\n\tlogger.debug(\"Spawning cloudflared to get Access token for domain:\");\n\tconst output = spawnSync(\"cloudflared\", [\"access\", \"login\", domain]);\n\tif (output.error) {\n\t\tthrow new UserError(\n\t\t\t\"To use Wrangler with Cloudflare Access, please install `cloudflared` from https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation\",\n\t\t\t{ telemetryMessage: \"user access missing cloudflared\" }\n\t\t);\n\t}\n\tconst stringOutput = output.stdout.toString();\n\tlogger.debug(\"cloudflared output:\", stringOutput);\n\tconst matches = stringOutput.match(/fetched your token:\\n\\n(.*)/m);\n\tif (matches && matches.length >= 2) {\n\t\tconst headers = { Cookie: `CF_Authorization=${matches[1]}` };\n\t\theadersCache[domain] = headers;\n\t\tlogger.debug(\"Caching Access headers for domain:\", domain);\n\t\treturn headers;\n\t}\n\tthrow new Error(\"Failed to authenticate with Cloudflare Access\");\n}\n\n/**\n * Get headers needed to authenticate with the Cloudflare OAuth auth domain\n * (the OAuth `WRANGLER_AUTH_DOMAIN`, which is `dash.cloudflare.com` by default\n * and `dash.staging.cloudflare.com` in staging).\n *\n * Checks `WRANGLER_CF_AUTHORIZATION_TOKEN` first, then falls back to\n * {@link getAccessHeaders} against the configured auth domain.\n */\nexport async function getCloudflareAccessHeaders(options: {\n\tlogger: OAuthFlowLogger;\n\tisNonInteractiveOrCI: () => boolean;\n}): Promise<Record<string, string>> {\n\tconst cfAuthToken = getCfAuthorizationTokenFromEnv();\n\n\t// If the environment variable is defined, go ahead and use it.\n\tif (cfAuthToken !== undefined) {\n\t\t// Don't include the token value in the log — if debug logging is enabled\n\t\t// and logs are persisted, the raw token would leak as a credential.\n\t\toptions.logger.debug(\n\t\t\t\"Using WRANGLER_CF_AUTHORIZATION_TOKEN from environment\"\n\t\t);\n\t\treturn { Cookie: `CF_Authorization=${cfAuthToken}` };\n\t}\n\n\treturn getAccessHeaders(getAuthDomainFromEnv(), options);\n}\n","/* Based heavily on code from https://github.com/BitySA/oauth2-auth-code-pkce\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { UserError } from \"@cloudflare/workers-utils\";\n\n/**\n * A list of OAuth2AuthCodePKCE errors.\n */\n// To \"namespace\" all errors.\nexport class ErrorOAuth2 extends UserError {\n\ttoString(): string {\n\t\treturn \"ErrorOAuth2\";\n\t}\n}\n\n// Unclassified Oauth errors\nexport class ErrorUnknown extends UserError {\n\ttoString(): string {\n\t\treturn \"ErrorUnknown\";\n\t}\n}\n\n// Some generic, internal errors that can happen.\nexport class ErrorNoAuthCode extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorNoAuthCode\";\n\t}\n}\nexport class ErrorInvalidReturnedStateParam extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidReturnedStateParam\";\n\t}\n}\nexport class ErrorInvalidJson extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidJson\";\n\t}\n}\n\n// Errors that occur across many endpoints\nexport class ErrorInvalidScope extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidScope\";\n\t}\n}\nexport class ErrorInvalidRequest extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidRequest\";\n\t}\n}\nexport class ErrorInvalidToken extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidToken\";\n\t}\n}\n\n/**\n * Possible authorization grant errors given by the redirection from the\n * authorization server.\n */\nexport class ErrorAuthenticationGrant extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorAuthenticationGrant\";\n\t}\n}\nexport class ErrorUnauthorizedClient extends ErrorAuthenticationGrant {\n\ttoString(): string {\n\t\treturn \"ErrorUnauthorizedClient\";\n\t}\n}\nexport class ErrorAccessDenied extends ErrorAuthenticationGrant {\n\ttoString(): string {\n\t\treturn \"ErrorAccessDenied\";\n\t}\n}\nexport class ErrorUnsupportedResponseType extends ErrorAuthenticationGrant {\n\ttoString(): string {\n\t\treturn \"ErrorUnsupportedResponseType\";\n\t}\n}\nexport class ErrorServerError extends ErrorAuthenticationGrant {\n\ttoString(): string {\n\t\treturn \"ErrorServerError\";\n\t}\n}\nexport class ErrorTemporarilyUnavailable extends ErrorAuthenticationGrant {\n\ttoString(): string {\n\t\treturn \"ErrorTemporarilyUnavailable\";\n\t}\n}\n\n/**\n * A list of possible access token response errors.\n */\nexport class ErrorAccessTokenResponse extends ErrorOAuth2 {\n\ttoString(): string {\n\t\treturn \"ErrorAccessTokenResponse\";\n\t}\n}\nexport class ErrorInvalidClient extends ErrorAccessTokenResponse {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidClient\";\n\t}\n}\nexport class ErrorInvalidGrant extends ErrorAccessTokenResponse {\n\ttoString(): string {\n\t\treturn \"ErrorInvalidGrant\";\n\t}\n}\nexport class ErrorUnsupportedGrantType extends ErrorAccessTokenResponse {\n\ttoString(): string {\n\t\treturn \"ErrorUnsupportedGrantType\";\n\t}\n}\n\n/**\n * Translate the raw error strings returned from the server into error classes.\n */\nexport function toErrorClass(rawError: string): ErrorOAuth2 | ErrorUnknown {\n\tswitch (rawError) {\n\t\tcase \"invalid_request\":\n\t\t\treturn new ErrorInvalidRequest(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid request\",\n\t\t\t});\n\t\tcase \"invalid_grant\":\n\t\t\treturn new ErrorInvalidGrant(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid grant\",\n\t\t\t});\n\t\tcase \"unauthorized_client\":\n\t\t\treturn new ErrorUnauthorizedClient(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth unauthorized client\",\n\t\t\t});\n\t\tcase \"access_denied\":\n\t\t\treturn new ErrorAccessDenied(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth access denied\",\n\t\t\t});\n\t\tcase \"unsupported_response_type\":\n\t\t\treturn new ErrorUnsupportedResponseType(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth unsupported response type\",\n\t\t\t});\n\t\tcase \"invalid_scope\":\n\t\t\treturn new ErrorInvalidScope(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid scope\",\n\t\t\t});\n\t\tcase \"server_error\":\n\t\t\treturn new ErrorServerError(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth server error\",\n\t\t\t});\n\t\tcase \"temporarily_unavailable\":\n\t\t\treturn new ErrorTemporarilyUnavailable(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth temporarily unavailable\",\n\t\t\t});\n\t\tcase \"invalid_client\":\n\t\t\treturn new ErrorInvalidClient(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid client\",\n\t\t\t});\n\t\tcase \"unsupported_grant_type\":\n\t\t\treturn new ErrorUnsupportedGrantType(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth unsupported grant type\",\n\t\t\t});\n\t\tcase \"invalid_json\":\n\t\t\treturn new ErrorInvalidJson(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid json\",\n\t\t\t});\n\t\tcase \"invalid_token\":\n\t\t\treturn new ErrorInvalidToken(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth invalid token\",\n\t\t\t});\n\t\tdefault:\n\t\t\treturn new ErrorUnknown(rawError, {\n\t\t\t\ttelemetryMessage: \"user oauth unknown error\",\n\t\t\t});\n\t}\n}\n","export function dedent(\n templ: TemplateStringsArray | string,\n ...values: unknown[]\n): string {\n let strings = Array.from(typeof templ === 'string' ? [templ] : templ);\n\n // 1. Remove trailing whitespace.\n strings[strings.length - 1] = strings[strings.length - 1].replace(\n /\\r?\\n([\\t ]*)$/,\n '',\n );\n\n // 2. Find all line breaks to determine the highest common indentation level.\n const indentLengths = strings.reduce((arr, str) => {\n const matches = str.match(/\\n([\\t ]+|(?!\\s).)/g);\n if (matches) {\n return arr.concat(\n matches.map((match) => match.match(/[\\t ]/g)?.length ?? 0),\n );\n }\n return arr;\n }, <number[]>[]);\n\n // 3. Remove the common indentation from all strings.\n if (indentLengths.length) {\n const pattern = new RegExp(`\\n[\\t ]{${Math.min(...indentLengths)}}`, 'g');\n\n strings = strings.map((str) => str.replace(pattern, '\\n'));\n }\n\n // 4. Remove leading whitespace.\n strings[0] = strings[0].replace(/^\\r?\\n/, '');\n\n // 5. Perform interpolation.\n let string = strings[0];\n\n values.forEach((value, i) => {\n // 5.1 Read current indentation level\n const endentations = string.match(/(?:^|\\n)( *)$/)\n const endentation = endentations ? endentations[1] : ''\n let indentedValue = value\n // 5.2 Add indentation to values with multiline strings\n if (typeof value === 'string' && value.includes('\\n')) {\n indentedValue = String(value)\n .split('\\n')\n .map((str, i) => {\n return i === 0 ? str : `${endentation}${str}`\n })\n .join('\\n');\n }\n\n string += indentedValue + strings[i + 1];\n });\n\n return string;\n}\n\nexport default dedent;\n","interface GenerateAuthUrlProps {\n\tauthUrl: string;\n\tclientId: string;\n\tscopes: string[];\n\tstateQueryParam: string;\n\tcodeChallenge: string;\n}\n\nexport const OAUTH_CALLBACK_URL = \"http://localhost:8976/oauth/callback\";\n\n/**\n * Build the OAuth 2.0 authorize URL for the Cloudflare auth endpoint.\n *\n * Extracted from the rest of the OAuth flow so consumers (or tests) can\n * substitute a deterministic implementation when a stable URL is needed\n * (e.g. for snapshot testing).\n */\nexport const generateAuthUrl = ({\n\tauthUrl,\n\tclientId,\n\tscopes,\n\tstateQueryParam,\n\tcodeChallenge,\n}: GenerateAuthUrlProps) => {\n\treturn (\n\t\tauthUrl +\n\t\t`?response_type=code&` +\n\t\t`client_id=${encodeURIComponent(clientId)}&` +\n\t\t`redirect_uri=${encodeURIComponent(OAUTH_CALLBACK_URL)}&` +\n\t\t// we add offline_access manually for every request\n\t\t`scope=${encodeURIComponent([...scopes, \"offline_access\"].join(\" \"))}&` +\n\t\t`state=${stateQueryParam}&` +\n\t\t`code_challenge=${encodeURIComponent(codeChallenge)}&` +\n\t\t`code_challenge_method=S256`\n\t);\n};\n","/* Based heavily on code from https://github.com/BitySA/oauth2-auth-code-pkce\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { webcrypto as crypto } from \"node:crypto\";\nimport { TextEncoder } from \"node:util\";\n\n/**\n * The maximum length for a code verifier for the best security we can offer.\n * Please note the NOTE section of RFC 7636 § 4.1 - the length must be >= 43,\n * but <= 128, **after** base64 url encoding. This means 32 code verifier bytes\n * encoded will be 43 bytes, or 96 bytes encoded will be 128 bytes. So 96 bytes\n * is the highest valid value that can be used.\n */\nexport const RECOMMENDED_CODE_VERIFIER_LENGTH = 96;\n\n/**\n * A sensible length for the state's length, for anti-csrf.\n */\nexport const RECOMMENDED_STATE_LENGTH = 32;\n\n/**\n * Character set to generate code verifier defined in rfc7636.\n */\nexport const PKCE_CHARSET =\n\t\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\";\n\nexport interface PKCECodes {\n\tcodeChallenge: string;\n\tcodeVerifier: string;\n}\n\n/**\n * Implements *base64url-encode* (RFC 4648 § 5) without padding, which is NOT\n * the same as regular base64 encoding.\n */\nexport function base64urlEncode(value: string): string {\n\tlet base64 = btoa(value);\n\tbase64 = base64.replace(/\\+/g, \"-\");\n\tbase64 = base64.replace(/\\//g, \"_\");\n\tbase64 = base64.replace(/=/g, \"\");\n\treturn base64;\n}\n\n/**\n * Generates a code_verifier and code_challenge, as specified in rfc7636.\n */\nexport async function generatePKCECodes(): Promise<PKCECodes> {\n\tconst output = new Uint32Array(RECOMMENDED_CODE_VERIFIER_LENGTH);\n\tcrypto.getRandomValues(output);\n\tconst codeVerifier = base64urlEncode(\n\t\tArray.from(output)\n\t\t\t.map((num: number) => PKCE_CHARSET[num % PKCE_CHARSET.length])\n\t\t\t.join(\"\")\n\t);\n\tconst buffer = await crypto.subtle.digest(\n\t\t\"SHA-256\",\n\t\tnew TextEncoder().encode(codeVerifier)\n\t);\n\tconst hash = new Uint8Array(buffer);\n\tlet binary = \"\";\n\tconst hashLength = hash.byteLength;\n\tfor (let i = 0; i < hashLength; i++) {\n\t\tbinary += String.fromCharCode(hash[i]);\n\t}\n\tconst codeChallenge = base64urlEncode(binary);\n\treturn { codeChallenge, codeVerifier };\n}\n","import {\n\tgetAuthConfigFilePath,\n\treadAuthConfigFile,\n\ttype UserAuthConfig,\n} from \"./auth-config-file\";\nimport type { OAuthFlowLogger } from \"./context\";\n\nexport interface RefreshToken {\n\tvalue: string;\n}\n\nexport interface AccessToken {\n\tvalue: string;\n\texpiry: string;\n}\n\n/**\n * Transient state that is shared across the steps of a single OAuth login flow\n * within one Wrangler command. This state is not file-backed; it lives only for\n * the duration of an interactive login.\n */\nexport interface OAuthFlowState {\n\tauthorizationCode?: string;\n\tcodeChallenge?: string;\n\tcodeVerifier?: string;\n\thasAuthCodeBeenExchangedForAccessToken?: boolean;\n\tstateQueryParam?: string;\n}\n\n/**\n * The auth state that is stored on disk in the user auth config file (TOML).\n * Read on demand by {@link readStoredAuthState} — never cached at module scope\n * so that environment variables loaded after import (e.g. from `.env`) take\n * priority correctly.\n */\nexport interface StoredAuthState {\n\taccessToken?: AccessToken;\n\trefreshToken?: RefreshToken;\n\tscopes?: string[];\n\t/** @deprecated - this field was only provided by the deprecated v1 `wrangler config` command. */\n\tdeprecatedApiToken?: string;\n}\n\n/**\n * Latch shared at module scope so the deprecated-v1-api-token warning fires\n * at most once per process.\n */\nlet hasWarnedAboutDeprecatedV1ApiToken = false;\n\n/**\n * Reset the deprecated-v1-api-token warning latch. Exported for tests only.\n */\nexport function _resetDeprecatedV1ApiTokenWarningLatch(): void {\n\thasWarnedAboutDeprecatedV1ApiToken = false;\n}\n\n/**\n * Read the on-disk auth state. Called on demand from every site that needs the\n * stored OAuth tokens or the deprecated v1 `api_token`, rather than being\n * cached at module scope, so that environment-based credentials loaded after\n * module import are honoured by the rest of wrangler.\n *\n * @return an empty object when no auth config file exists or the file cannot\n * be parsed — the caller treats this as \"not logged in via local OAuth\".\n *\n * @param options.configOverride seed the state from an in-memory config (used by\n * the OAuth login flow before it writes to disk).\n * @param options.warningLogger if provided, a one-time warning is emitted when a\n * deprecated v1 `api_token` is found on disk. Pass the consumer's logger (e.g.\n * wrangler's logger singleton) to surface this to the user.\n */\nexport function readStoredAuthState(options?: {\n\tconfigOverride?: UserAuthConfig;\n\twarningLogger?: Pick<OAuthFlowLogger, \"warn\">;\n}): StoredAuthState {\n\tconst { configOverride, warningLogger } = options ?? {};\n\n\tlet parsed: UserAuthConfig;\n\ttry {\n\t\tparsed = configOverride ?? readAuthConfigFile();\n\t} catch {\n\t\treturn {};\n\t}\n\n\tconst { oauth_token, refresh_token, expiration_time, scopes, api_token } =\n\t\tparsed;\n\n\tif (oauth_token) {\n\t\treturn {\n\t\t\taccessToken: {\n\t\t\t\tvalue: oauth_token,\n\t\t\t\t// If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.\n\t\t\t\texpiry: expiration_time ?? \"2000-01-01:00:00:00+00:00\",\n\t\t\t},\n\t\t\trefreshToken: { value: refresh_token ?? \"\" },\n\t\t\tscopes,\n\t\t};\n\t}\n\n\tif (api_token) {\n\t\tif (!hasWarnedAboutDeprecatedV1ApiToken && warningLogger) {\n\t\t\thasWarnedAboutDeprecatedV1ApiToken = true;\n\t\t\twarningLogger.warn(\n\t\t\t\t\"It looks like you have used Wrangler v1's `config` command to login with an API token\\n\" +\n\t\t\t\t\t`from ${configOverride === undefined ? getAuthConfigFilePath() : \"in-memory config\"}.\\n` +\n\t\t\t\t\t\"This is no longer supported in the current version of Wrangler.\\n\" +\n\t\t\t\t\t\"If you wish to authenticate via an API token then please set the `CLOUDFLARE_API_TOKEN` environment variable.\"\n\t\t\t);\n\t\t}\n\t\treturn { deprecatedApiToken: api_token };\n\t}\n\n\treturn {};\n}\n","/* Based heavily on code from https://github.com/BitySA/oauth2-auth-code-pkce\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport assert from \"node:assert\";\nimport { fetch } from \"undici\";\nimport { domainUsesAccess, getCloudflareAccessHeaders } from \"./access\";\nimport {\n\tgetAuthDomainFromEnv,\n\tgetAuthUrlFromEnv,\n\tgetClientIdFromEnv,\n\tgetTokenUrlFromEnv,\n} from \"./env-vars\";\nimport {\n\tErrorInvalidReturnedStateParam,\n\tErrorUnknown,\n\ttoErrorClass,\n} from \"./errors\";\nimport { OAUTH_CALLBACK_URL } from \"./generate-auth-url\";\nimport { generatePKCECodes, RECOMMENDED_STATE_LENGTH } from \"./pkce\";\nimport { readStoredAuthState, type OAuthFlowState } from \"./state\";\nimport type { OAuthFlowContext } from \"./context\";\nimport type { generateAuthUrl as defaultGenerateAuthUrl } from \"./generate-auth-url\";\nimport type { generateRandomState as defaultGenerateRandomState } from \"./generate-random-state\";\nimport type { AccessToken, RefreshToken } from \"./state\";\nimport type { ParsedUrlQuery } from \"node:querystring\";\nimport type { Response } from \"undici\";\n\nexport interface AccessContext {\n\ttoken?: AccessToken;\n\tscopes?: string[];\n\trefreshToken?: RefreshToken;\n}\n\ntype TokenResponse =\n\t| {\n\t\t\taccess_token: string;\n\t\t\texpires_in: number;\n\t\t\trefresh_token: string;\n\t\t\tscope: string;\n\t }\n\t| {\n\t\t\terror: string;\n\t };\n\n/**\n * If there is an error, it will be passed back as a rejected Promise.\n * If there is no code, the user should be redirected via\n * [fetchAuthorizationCode].\n */\nexport function isReturningFromAuthServer(\n\tquery: ParsedUrlQuery,\n\tstate: OAuthFlowState,\n\tlogger: OAuthFlowContext[\"logger\"]\n): boolean {\n\tif (query.error) {\n\t\tif (Array.isArray(query.error)) {\n\t\t\tthrow toErrorClass(query.error[0]);\n\t\t}\n\t\tthrow toErrorClass(query.error);\n\t}\n\n\tconst code = query.code;\n\tif (!code) {\n\t\treturn false;\n\t}\n\n\tconst stateQueryParam = query.state;\n\tif (stateQueryParam !== state.stateQueryParam) {\n\t\tlogger.warn(\n\t\t\t\"Received query string parameter doesn't match the one sent! Possible malicious activity somewhere.\"\n\t\t);\n\t\tthrow new ErrorInvalidReturnedStateParam(\"\", {\n\t\t\ttelemetryMessage: \"user oauth invalid returned state\",\n\t\t});\n\t}\n\tassert(!Array.isArray(code));\n\tstate.authorizationCode = code;\n\tstate.hasAuthCodeBeenExchangedForAccessToken = false;\n\treturn true;\n}\n\n/**\n * Build the OAuth authorize URL and seed the transient flow state with the\n * matching PKCE / CSRF values.\n */\nexport async function getAuthURL(\n\tscopes: string[],\n\tclientId: string,\n\tstate: OAuthFlowState,\n\tgenerators: {\n\t\tgenerateAuthUrl: typeof defaultGenerateAuthUrl;\n\t\tgenerateRandomState: typeof defaultGenerateRandomState;\n\t}\n): Promise<string> {\n\tconst { codeChallenge, codeVerifier } = await generatePKCECodes();\n\tconst stateQueryParam = generators.generateRandomState(\n\t\tRECOMMENDED_STATE_LENGTH\n\t);\n\n\tObject.assign(state, {\n\t\tcodeChallenge,\n\t\tcodeVerifier,\n\t\tstateQueryParam,\n\t});\n\n\treturn generators.generateAuthUrl({\n\t\tauthUrl: getAuthUrlFromEnv(),\n\t\tclientId,\n\t\tscopes,\n\t\tstateQueryParam,\n\t\tcodeChallenge,\n\t});\n}\n\n/**\n * Refresh an access token from the remote service.\n */\nexport async function exchangeRefreshTokenForAccessToken(\n\tlogger: OAuthFlowContext[\"logger\"],\n\tisNonInteractiveOrCI: OAuthFlowContext[\"isNonInteractiveOrCI\"]\n): Promise<AccessContext> {\n\t// Read the refresh token fresh from disk on every call so we always pick up\n\t// the latest rotation written by a sibling Wrangler process.\n\tconst storedRefreshToken = readStoredAuthState({\n\t\twarningLogger: logger,\n\t}).refreshToken;\n\tif (!storedRefreshToken) {\n\t\tlogger.warn(\"No refresh token is present.\");\n\t}\n\n\tconst params = new URLSearchParams({\n\t\tgrant_type: \"refresh_token\",\n\t\trefresh_token: storedRefreshToken?.value ?? \"\",\n\t\tclient_id: getClientIdFromEnv(),\n\t});\n\n\tconst response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);\n\n\tif (response.status >= 400) {\n\t\tlet tokenExchangeResErr = undefined;\n\n\t\ttry {\n\t\t\ttokenExchangeResErr = await getJSONFromResponse(response, logger);\n\t\t} catch (e) {\n\t\t\t// If it can't parse to JSON ignore the error\n\t\t\tlogger.error(e);\n\t\t}\n\n\t\tif (tokenExchangeResErr !== undefined) {\n\t\t\t// We will throw the parsed error if it parsed correctly, otherwise we throw an unknown error.\n\t\t\tthrow typeof tokenExchangeResErr === \"string\"\n\t\t\t\t? new Error(tokenExchangeResErr)\n\t\t\t\t: tokenExchangeResErr;\n\t\t} else {\n\t\t\tthrow new ErrorUnknown(\n\t\t\t\t\"Failed to parse Error from exchangeRefreshTokenForAccessToken\",\n\t\t\t\t{ telemetryMessage: \"user oauth refresh token exchange parse error\" }\n\t\t\t);\n\t\t}\n\t} else {\n\t\ttry {\n\t\t\tconst json = (await getJSONFromResponse(\n\t\t\t\tresponse,\n\t\t\t\tlogger\n\t\t\t)) as TokenResponse;\n\t\t\tif (\"error\" in json) {\n\t\t\t\tthrow json.error;\n\t\t\t}\n\n\t\t\tconst { access_token, expires_in, refresh_token, scope } = json;\n\n\t\t\tconst accessToken: AccessToken = {\n\t\t\t\tvalue: access_token,\n\t\t\t\texpiry: new Date(Date.now() + expires_in * 1000).toISOString(),\n\t\t\t};\n\n\t\t\t// Multiple scopes are passed and delimited by spaces,\n\t\t\t// despite using the singular name \"scope\".\n\t\t\tconst scopes: string[] = scope ? scope.split(\" \") : [];\n\n\t\t\t// The caller (refreshToken) persists this via writeAuthConfigFile.\n\t\t\t// No need to mirror the values into any module-level cache.\n\t\t\t//\n\t\t\t// The OAuth server is allowed to omit `refresh_token` from a successful\n\t\t\t// refresh response, in which case the previously issued refresh token\n\t\t\t// remains valid (RFC 6749 §6). Preserve the stored value so we don't\n\t\t\t// wipe a still-valid refresh token from disk.\n\t\t\tconst accessContext: AccessContext = {\n\t\t\t\ttoken: accessToken,\n\t\t\t\tscopes,\n\t\t\t\trefreshToken: refresh_token\n\t\t\t\t\t? { value: refresh_token }\n\t\t\t\t\t: storedRefreshToken,\n\t\t\t};\n\t\t\treturn accessContext;\n\t\t} catch (error) {\n\t\t\tif (typeof error === \"string\") {\n\t\t\t\tthrow toErrorClass(error);\n\t\t\t} else {\n\t\t\t\tthrow error;\n\t\t\t}\n\t\t}\n\t}\n}\n\n/**\n * Fetch an access token from the remote service.\n */\nexport async function exchangeAuthCodeForAccessToken(\n\tstate: OAuthFlowState,\n\tlogger: OAuthFlowContext[\"logger\"],\n\tisNonInteractiveOrCI: OAuthFlowContext[\"isNonInteractiveOrCI\"]\n): Promise<AccessContext> {\n\tconst { authorizationCode, codeVerifier = \"\" } = state;\n\n\tif (!codeVerifier) {\n\t\tlogger.warn(\"No code verifier is being sent.\");\n\t} else if (!authorizationCode) {\n\t\tlogger.warn(\"No authorization grant code is being passed.\");\n\t}\n\n\tconst params = new URLSearchParams({\n\t\tgrant_type: `authorization_code`,\n\t\tcode: authorizationCode ?? \"\",\n\t\tredirect_uri: OAUTH_CALLBACK_URL,\n\t\tclient_id: getClientIdFromEnv(),\n\t\tcode_verifier: codeVerifier,\n\t});\n\n\tconst response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);\n\tif (!response.ok) {\n\t\tconst { error } = (await getJSONFromResponse(response, logger)) as {\n\t\t\terror: string;\n\t\t};\n\t\t// .catch((_) => ({ error: \"invalid_json\" }));\n\t\tif (error === \"invalid_grant\") {\n\t\t\tlogger.log(\"Expired! Auth code or refresh token needs to be renewed.\");\n\t\t\t// alert(\"Redirecting to auth server to obtain a new auth grant code.\");\n\t\t\t// TODO: return refreshAuthCodeOrRefreshToken();\n\t\t}\n\t\tthrow toErrorClass(error);\n\t}\n\tconst json = (await getJSONFromResponse(response, logger)) as TokenResponse;\n\tif (\"error\" in json) {\n\t\tthrow new Error(json.error);\n\t}\n\tconst { access_token, expires_in, refresh_token, scope } = json;\n\tstate.hasAuthCodeBeenExchangedForAccessToken = true;\n\n\tconst expiryDate = new Date(Date.now() + expires_in * 1000);\n\tconst accessToken: AccessToken = {\n\t\tvalue: access_token,\n\t\texpiry: expiryDate.toISOString(),\n\t};\n\n\t// Multiple scopes are passed and delimited by spaces,\n\t// despite using the singular name \"scope\".\n\tconst scopes: string[] = scope ? scope.split(\" \") : [];\n\n\t// The caller (login) persists this via writeAuthConfigFile.\n\t// No need to mirror the values into any module-level cache.\n\tconst accessContext: AccessContext = {\n\t\ttoken: accessToken,\n\t\tscopes,\n\t\trefreshToken: refresh_token ? { value: refresh_token } : undefined,\n\t};\n\treturn accessContext;\n}\n\n/**\n * Make a request to the Cloudflare OAuth endpoint to get a token.\n *\n * Note that the `body` of the POST request is form-urlencoded so\n * can be represented by a URLSearchParams object.\n */\nexport async function fetchAuthToken(\n\tbody: URLSearchParams,\n\tlogger: OAuthFlowContext[\"logger\"],\n\tisNonInteractiveOrCI: OAuthFlowContext[\"isNonInteractiveOrCI\"]\n): Promise<Response> {\n\tconst headers: Record<string, string> = {\n\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t};\n\t// Only log the grant_type — never serialize the full body, which contains\n\t// the refresh token / auth code / code verifier. If debug logging is\n\t// enabled and logs are persisted, the full body would leak credentials.\n\tlogger.debug(\n\t\t\"fetching auth token\",\n\t\t`grant_type=${body.get(\"grant_type\") ?? \"<unknown>\"}`\n\t);\n\tif (await domainUsesAccess(getAuthDomainFromEnv(), logger)) {\n\t\tlogger.debug(\n\t\t\t\"Using Cloudflare Access to get an access token for the auth request\"\n\t\t);\n\t\t// We are trying to access a domain behind Access so we need auth headers.\n\t\tconst accessHeaders = await getCloudflareAccessHeaders({\n\t\t\tlogger,\n\t\t\tisNonInteractiveOrCI,\n\t\t});\n\t\tObject.assign(headers, accessHeaders);\n\t}\n\tlogger.debug(\"Fetching auth token from\", getTokenUrlFromEnv());\n\ttry {\n\t\tconst response = await fetch(getTokenUrlFromEnv(), {\n\t\t\tmethod: \"POST\",\n\t\t\tbody: body.toString(),\n\t\t\theaders,\n\t\t});\n\t\tif (!response.ok) {\n\t\t\tlogger.error(\n\t\t\t\t\"Failed to fetch auth token:\",\n\t\t\t\tresponse.status,\n\t\t\t\tresponse.statusText\n\t\t\t);\n\t\t}\n\t\treturn response;\n\t} catch (e) {\n\t\tlogger.error(\"Failed to fetch auth token:\", e);\n\t\tthrow e;\n\t}\n}\n\nasync function getJSONFromResponse(\n\tresponse: Response,\n\tlogger: OAuthFlowContext[\"logger\"]\n) {\n\tconst text = await response.text();\n\ttry {\n\t\treturn JSON.parse(text);\n\t} catch (e) {\n\t\t// Sometime we get an error response where the body is HTML\n\t\tif (text.match(/<!DOCTYPE html>/)) {\n\t\t\tlogger.error(\n\t\t\t\t\"The body of the response was HTML rather than JSON. Check the debug logs to see the full body of the response.\"\n\t\t\t);\n\t\t\tif (text.match(/challenge-platform/)) {\n\t\t\t\tlogger.error(\n\t\t\t\t\t`It looks like you might have hit a bot challenge page. This may be transient but if not, please contact Cloudflare to find out what can be done. When you contact Cloudflare, please provide your Ray ID: ${response.headers.get(\"cf-ray\")}`\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t\tlogger.debug(\"Full body of response\\n\\n\", text);\n\t\tthrow new Error(\n\t\t\t`Invalid JSON in response: status: ${response.status} ${response.statusText}`,\n\t\t\t{ cause: e }\n\t\t);\n\t}\n}\n","/* Based heavily on code from https://github.com/BitySA/oauth2-auth-code-pkce\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport assert from \"node:assert\";\nimport http from \"node:http\";\nimport url from \"node:url\";\nimport { UserError } from \"@cloudflare/workers-utils\";\nimport { ErrorAccessDenied, ErrorNoAuthCode } from \"./errors\";\nimport {\n\texchangeAuthCodeForAccessToken,\n\tgetAuthURL,\n\tisReturningFromAuthServer,\n\ttype AccessContext,\n} from \"./token-exchange\";\nimport type { OAuthFlowContext } from \"./context\";\nimport type { generateAuthUrl as defaultGenerateAuthUrl } from \"./generate-auth-url\";\nimport type { generateRandomState as defaultGenerateRandomState } from \"./generate-random-state\";\nimport type { OAuthFlowState } from \"./state\";\n\nexport interface GetOauthTokenOptions {\n\tbrowser: boolean;\n\tscopes: string[];\n\tclientId: string;\n\tdenied: {\n\t\turl: string;\n\t\terror: string;\n\t};\n\tgranted: {\n\t\turl: string;\n\t};\n\tcallbackHost: string;\n\tcallbackPort: number;\n}\n\n/**\n * Orchestrate the interactive OAuth login: spin up a local HTTP callback\n * server, open the authorize URL in the user's browser, and wait for the\n * server to redeem the auth code for an access token. Times out after 2\n * minutes.\n */\nexport async function getOauthToken(\n\toptions: GetOauthTokenOptions,\n\tstate: OAuthFlowState,\n\tctx: OAuthFlowContext,\n\tgenerators: {\n\t\tgenerateAuthUrl: typeof defaultGenerateAuthUrl;\n\t\tgenerateRandomState: typeof defaultGenerateRandomState;\n\t}\n): Promise<AccessContext> {\n\tconst urlToOpen = await getAuthURL(\n\t\toptions.scopes,\n\t\toptions.clientId,\n\t\tstate,\n\t\tgenerators\n\t);\n\tlet server: http.Server;\n\tlet loginTimeoutHandle: ReturnType<typeof setTimeout>;\n\tconst timerPromise = new Promise<AccessContext>((_, reject) => {\n\t\tloginTimeoutHandle = setTimeout(() => {\n\t\t\tserver.close();\n\t\t\tclearTimeout(loginTimeoutHandle);\n\t\t\treject(\n\t\t\t\tnew UserError(\n\t\t\t\t\t\"Timed out waiting for authorization code, please try again.\",\n\t\t\t\t\t{ telemetryMessage: \"user oauth authorization timeout\" }\n\t\t\t\t)\n\t\t\t);\n\t\t}, 120000); // wait for 120 seconds for the user to authorize\n\t});\n\n\tconst loginPromise = new Promise<AccessContext>((resolve, reject) => {\n\t\tserver = http.createServer(async (req, res) => {\n\t\t\tfunction finish(token: null, error: Error): void;\n\t\t\tfunction finish(token: AccessContext): void;\n\t\t\tfunction finish(token: AccessContext | null, error?: Error) {\n\t\t\t\tclearTimeout(loginTimeoutHandle);\n\t\t\t\tserver.close((closeErr?: Error) => {\n\t\t\t\t\tif (error || closeErr) {\n\t\t\t\t\t\treject(error || closeErr);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tassert(token);\n\t\t\t\t\t\tresolve(token);\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tassert(req.url, \"This request doesn't have a URL\"); // This should never happen\n\t\t\tconst { pathname, query } = url.parse(req.url, true);\n\t\t\tif (req.method !== \"GET\") {\n\t\t\t\treturn res.end(\"OK\");\n\t\t\t}\n\t\t\tswitch (pathname) {\n\t\t\t\tcase \"/oauth/callback\": {\n\t\t\t\t\tlet hasAuthCode = false;\n\t\t\t\t\ttry {\n\t\t\t\t\t\thasAuthCode = isReturningFromAuthServer(query, state, ctx.logger);\n\t\t\t\t\t} catch (err: unknown) {\n\t\t\t\t\t\tif (err instanceof ErrorAccessDenied) {\n\t\t\t\t\t\t\tres.writeHead(307, {\n\t\t\t\t\t\t\t\tLocation: options.denied.url,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\tres.end(() => {\n\t\t\t\t\t\t\t\tfinish(\n\t\t\t\t\t\t\t\t\tnull,\n\t\t\t\t\t\t\t\t\tnew UserError(options.denied.error, {\n\t\t\t\t\t\t\t\t\t\ttelemetryMessage: \"user oauth consent denied\",\n\t\t\t\t\t\t\t\t\t})\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tfinish(null, err as Error);\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (!hasAuthCode) {\n\t\t\t\t\t\t// render an error page here\n\t\t\t\t\t\tfinish(\n\t\t\t\t\t\t\tnull,\n\t\t\t\t\t\t\tnew ErrorNoAuthCode(\"\", {\n\t\t\t\t\t\t\t\ttelemetryMessage: \"user oauth missing auth code\",\n\t\t\t\t\t\t\t})\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\t// `exchangeAuthCodeForAccessToken` can reject (network error,\n\t\t\t\t\t\t// invalid JSON, OAuth error response, etc.). Without this\n\t\t\t\t\t\t// `try/catch` the rejection would become an unhandled promise\n\t\t\t\t\t\t// rejection inside an `http.createServer` callback, which is\n\t\t\t\t\t\t// not promise-aware — Node.js >= 15 terminates the process on\n\t\t\t\t\t\t// unhandled rejection by default. Route the error through\n\t\t\t\t\t\t// `finish` so the caller's promise rejects cleanly.\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst exchange = await exchangeAuthCodeForAccessToken(\n\t\t\t\t\t\t\t\tstate,\n\t\t\t\t\t\t\t\tctx.logger,\n\t\t\t\t\t\t\t\tctx.isNonInteractiveOrCI\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tres.writeHead(307, {\n\t\t\t\t\t\t\t\tLocation: options.granted.url,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\tres.end(() => {\n\t\t\t\t\t\t\t\tfinish(exchange);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} catch (err) {\n\t\t\t\t\t\t\tfinish(null, err as Error);\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\n\t\tif (options.callbackHost !== \"localhost\" || options.callbackPort !== 8976) {\n\t\t\tctx.logger.log(\n\t\t\t\t`Temporary login server listening on ${options.callbackHost}:${options.callbackPort}`\n\t\t\t);\n\t\t\tctx.logger.log(\n\t\t\t\t\"Note that the OAuth login page will always redirect to `localhost:8976`.\\n\" +\n\t\t\t\t\t\"If you have changed the callback host or port because you are running in a container, then ensure that you have port forwarding set up correctly.\"\n\t\t\t);\n\t\t}\n\t\t// Surface a clear error when the port is already in use (or any other\n\t\t// `server.listen` failure) rather than crashing with an unhelpful\n\t\t// stack trace from an unhandled 'error' event.\n\t\tserver.once(\"error\", (err: NodeJS.ErrnoException) => {\n\t\t\tclearTimeout(loginTimeoutHandle);\n\t\t\tif (err.code === \"EADDRINUSE\") {\n\t\t\t\treject(\n\t\t\t\t\tnew UserError(\n\t\t\t\t\t\t`The OAuth callback server could not bind to ${options.callbackHost}:${options.callbackPort} because the port is already in use. Stop the process using that port or pass a different \\`--callback-port\\`.`,\n\t\t\t\t\t\t{ telemetryMessage: \"user oauth callback port in use\" }\n\t\t\t\t\t)\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\treject(err);\n\t\t\t}\n\t\t});\n\t\tserver.listen(options.callbackPort, options.callbackHost);\n\t});\n\tif (options.browser) {\n\t\tctx.logger.log(`Opening a link in your default browser: ${urlToOpen}`);\n\t\tawait ctx.openInBrowser(urlToOpen);\n\t} else {\n\t\tctx.logger.log(`Visit this link to authenticate: ${urlToOpen}`);\n\t}\n\n\treturn Promise.race([timerPromise, loginPromise]);\n}\n","import { webcrypto as crypto } from \"node:crypto\";\nimport { PKCE_CHARSET } from \"./pkce\";\n\n/**\n * Generates random state to be passed for anti-csrf.\n *\n * Extracted from the rest of the OAuth flow so consumers (or tests) can\n * substitute a deterministic implementation when a stable state value is\n * needed (e.g. for snapshot testing).\n */\nexport function generateRandomState(lengthOfState: number): string {\n\tconst output = new Uint32Array(lengthOfState);\n\tcrypto.getRandomValues(output);\n\treturn Array.from(output)\n\t\t.map((num: number) => PKCE_CHARSET[num % PKCE_CHARSET.length])\n\t\t.join(\"\");\n}\n","/* Based heavily on code from https://github.com/BitySA/oauth2-auth-code-pkce\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { rmSync } from \"node:fs\";\nimport {\n\tgetCloudflareComplianceRegion,\n\tUserError,\n} from \"@cloudflare/workers-utils\";\nimport dedent from \"ts-dedent\";\nimport { fetch } from \"undici\";\nimport { getAuthConfigFilePath, writeAuthConfigFile } from \"./auth-config-file\";\nimport { getOauthToken } from \"./callback-server\";\nimport { getClientIdFromEnv, getRevokeUrlFromEnv } from \"./env-vars\";\nimport {\n\tgenerateAuthUrl as defaultGenerateAuthUrl,\n\tOAUTH_CALLBACK_URL,\n} from \"./generate-auth-url\";\nimport { generateRandomState as defaultGenerateRandomState } from \"./generate-random-state\";\nimport { readStoredAuthState, type OAuthFlowState } from \"./state\";\nimport { exchangeRefreshTokenForAccessToken } from \"./token-exchange\";\nimport type { OAuthFlowContext } from \"./context\";\nimport type { ComplianceConfig } from \"@cloudflare/workers-utils\";\n\n/**\n * Options for an interactive OAuth login.\n */\nexport interface LoginProps {\n\tcomplianceConfig: ComplianceConfig;\n\t/**\n\t * The OAuth scopes to request. The catalog of valid scope keys is\n\t * consumer-defined; this package treats scopes as opaque strings.\n\t */\n\tscopes: string[];\n\t/**\n\t * Whether to open the authorize URL in a browser. Defaults to `true`.\n\t * When `false` the URL is printed for the user to copy/paste.\n\t */\n\tbrowser?: boolean;\n\t/** Host the local callback server listens on. Defaults to `localhost`. */\n\tcallbackHost?: string;\n\t/** Port the local callback server listens on. Defaults to `8976`. */\n\tcallbackPort?: number;\n}\n\n/**\n * Public surface returned by {@link createOAuthFlow}.\n */\nexport interface OAuthFlowAPI {\n\t/**\n\t * Open the authorize URL in the user's browser, wait for the callback to be\n\t * hit on the local HTTP server, exchange the code for an access token, and\n\t * persist the result to disk.\n\t *\n\t * Refuses to start when `ctx.hasEnvCredentials()` returns `true`.\n\t * Refuses to start when the compliance region is `fedramp_high`.\n\t *\n\t * @returns `true` on success, `false` when env credentials are present.\n\t */\n\tlogin(props: LoginProps): Promise<boolean>;\n\n\t/**\n\t * Revoke the stored refresh token at the Cloudflare OAuth endpoint and\n\t * delete the on-disk auth config file.\n\t *\n\t * No-op when `ctx.hasEnvCredentials()` returns `true` (env credentials\n\t * cannot be revoked).\n\t */\n\tlogout(): Promise<void>;\n\n\t/**\n\t * If the user has no stored OAuth token, attempt an interactive login.\n\t * If they have one but it is expired, attempt a refresh; if refresh fails,\n\t * fall back to an interactive login.\n\t *\n\t * Scopes are required in case an interactive login is triggered — the\n\t * consumer's scope catalog lives outside this package.\n\t *\n\t * @returns `true` when the user is logged in (or env credentials are\n\t * present), `false` when interactive login was needed but skipped (e.g.\n\t * non-interactive environment).\n\t */\n\tloginOrRefreshIfRequired(props: LoginProps): Promise<boolean>;\n\n\t/**\n\t * Read the OAuth access token from local state, refreshing it first if\n\t * needed. Returns `undefined` when there is no stored OAuth token or the\n\t * refresh fails.\n\t *\n\t * This intentionally does NOT consult env credentials — callers that want\n\t * env-or-OAuth resolution should check env first themselves.\n\t */\n\tgetOAuthTokenFromLocalState(): Promise<string | undefined>;\n\n\t/**\n\t * Whether the stored OAuth access token has expired and a refresh is\n\t * required before it can be used. Returns `false` when env credentials are\n\t * present (per `ctx.hasEnvCredentials`), because the stored OAuth state is\n\t * not consulted in that case.\n\t */\n\tisRefreshNeeded(): boolean;\n\n\t/**\n\t * Trigger an OAuth refresh-token rotation. Persists the new access/refresh\n\t * tokens to disk on success. Returns `false` on any failure.\n\t */\n\trefreshToken(): Promise<boolean>;\n}\n\n/**\n * Build an instance of the OAuth flow bound to the given context.\n *\n * The returned object owns module-private state (the transient OAuth flow\n * state and the deprecated-v1 warning latch). In practice consumers create\n * exactly one instance per process.\n */\nexport function createOAuthFlow(ctx: OAuthFlowContext): OAuthFlowAPI {\n\tconst oauthFlowState: OAuthFlowState = {};\n\tconst generators = {\n\t\tgenerateAuthUrl: ctx.generateAuthUrl ?? defaultGenerateAuthUrl,\n\t\tgenerateRandomState: ctx.generateRandomState ?? defaultGenerateRandomState,\n\t};\n\n\tasync function login(props: LoginProps): Promise<boolean> {\n\t\tif (ctx.hasEnvCredentials()) {\n\t\t\t// Env credentials override any login details, so no point in allowing\n\t\t\t// the user to login.\n\t\t\tctx.logger.error(\n\t\t\t\t\"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the \" +\n\t\t\t\t\t\"environment to log in via OAuth.\"\n\t\t\t);\n\t\t\treturn false;\n\t\t}\n\n\t\tconst complianceRegion = getCloudflareComplianceRegion(\n\t\t\tprops.complianceConfig\n\t\t);\n\t\tif (complianceRegion === \"fedramp_high\") {\n\t\t\tconst configurationSource = props.complianceConfig?.compliance_region\n\t\t\t\t? \"`compliance_region` configuration property\"\n\t\t\t\t: \"`CLOUDFLARE_API_ENVIRONMENT` environment variable\";\n\t\t\tthrow new UserError(\n\t\t\t\tdedent`\n\t\t\t\tOAuth login is not supported in the \\`${complianceRegion}\\` compliance region.\n\t\t\t\tPlease use a Cloudflare API token (\\`CLOUDFLARE_API_TOKEN\\` environment variable) or remove the ${configurationSource}.\n\t\t\t`,\n\t\t\t\t{\n\t\t\t\t\ttelemetryMessage: \"user login unsupported compliance region\",\n\t\t\t\t}\n\t\t\t);\n\t\t}\n\n\t\tctx.logger.log(\"Attempting to login via OAuth...\");\n\n\t\tconst oauth = await getOauthToken(\n\t\t\t{\n\t\t\t\tbrowser: props.browser ?? true,\n\t\t\t\tscopes: props.scopes,\n\t\t\t\tclientId: getClientIdFromEnv(),\n\t\t\t\tdenied: {\n\t\t\t\t\turl: \"https://welcome.developers.workers.dev/wrangler-oauth-consent-denied\",\n\t\t\t\t\terror:\n\t\t\t\t\t\t\"Error: Consent denied. You must grant consent to Wrangler in order to login.\\n\" +\n\t\t\t\t\t\t\"If you don't want to do this consider passing an API token via the `CLOUDFLARE_API_TOKEN` environment variable\",\n\t\t\t\t},\n\t\t\t\tgranted: {\n\t\t\t\t\turl: \"https://welcome.developers.workers.dev/wrangler-oauth-consent-granted\",\n\t\t\t\t},\n\t\t\t\tcallbackHost: props.callbackHost ?? \"localhost\",\n\t\t\t\tcallbackPort: props.callbackPort ?? 8976,\n\t\t\t},\n\t\t\toauthFlowState,\n\t\t\tctx,\n\t\t\tgenerators\n\t\t);\n\n\t\twriteAuthConfigFile({\n\t\t\toauth_token: oauth.token?.value ?? \"\",\n\t\t\texpiration_time: oauth.token?.expiry,\n\t\t\trefresh_token: oauth.refreshToken?.value,\n\t\t\tscopes: oauth.scopes,\n\t\t});\n\n\t\tctx.logger.log(`Successfully logged in.`);\n\n\t\tctx.purgeOnLoginOrLogout?.();\n\n\t\treturn true;\n\t}\n\n\tfunction isRefreshNeeded(): boolean {\n\t\tif (ctx.hasEnvCredentials()) {\n\t\t\treturn false;\n\t\t}\n\t\tconst { accessToken } = readStoredAuthState({ warningLogger: ctx.logger });\n\t\treturn Boolean(accessToken && new Date() >= new Date(accessToken.expiry));\n\t}\n\n\tasync function refreshToken(): Promise<boolean> {\n\t\t// `exchangeRefreshTokenForAccessToken` reads the refresh token fresh from\n\t\t// disk on every call, so we always pick up the latest rotation written by a\n\t\t// sibling Wrangler process. Refresh tokens are single-use, so a long-lived\n\t\t// process such as `wrangler dev` would otherwise send a stale value and get\n\t\t// a 401 from the token endpoint.\n\n\t\ttry {\n\t\t\tconst {\n\t\t\t\ttoken: { value: oauth_token, expiry: expiration_time } = {\n\t\t\t\t\tvalue: \"\",\n\t\t\t\t\texpiry: \"\",\n\t\t\t\t},\n\t\t\t\trefreshToken: { value: refresh_token } = {},\n\t\t\t\tscopes,\n\t\t\t} = await exchangeRefreshTokenForAccessToken(\n\t\t\t\tctx.logger,\n\t\t\t\tctx.isNonInteractiveOrCI\n\t\t\t);\n\t\t\twriteAuthConfigFile({\n\t\t\t\toauth_token,\n\t\t\t\texpiration_time,\n\t\t\t\trefresh_token,\n\t\t\t\tscopes,\n\t\t\t});\n\t\t\treturn true;\n\t\t} catch (e) {\n\t\t\tctx.logger.debug(\n\t\t\t\t`Token refresh failed: ${e instanceof Error ? e.message : String(e)}`\n\t\t\t);\n\t\t\treturn false;\n\t\t}\n\t}\n\n\tasync function loginOrRefreshIfRequired(props: LoginProps): Promise<boolean> {\n\t\t// If env credentials are present, the consumer's credential resolver\n\t\t// will use those rather than the stored OAuth token, so we don't need\n\t\t// to refresh or log in.\n\t\tif (ctx.hasEnvCredentials()) {\n\t\t\treturn true;\n\t\t}\n\t\t// TODO: ask permission before opening browser\n\t\tconst stored = readStoredAuthState({ warningLogger: ctx.logger });\n\t\tif (!stored.accessToken && !stored.deprecatedApiToken) {\n\t\t\t// Not logged in.\n\t\t\t// If we are not interactive, we cannot ask the user to login\n\t\t\treturn !ctx.isNonInteractiveOrCI() && (await login(props));\n\t\t} else if (isRefreshNeeded()) {\n\t\t\t// We're logged in, but the refresh token seems to have expired,\n\t\t\t// so let's try to refresh it\n\t\t\tconst didRefresh = await refreshToken();\n\t\t\tif (didRefresh) {\n\t\t\t\t// The token was refreshed, so we're done here\n\t\t\t\treturn true;\n\t\t\t} else {\n\t\t\t\t// If the refresh token isn't valid, then we ask the user to login again\n\t\t\t\treturn !ctx.isNonInteractiveOrCI() && (await login(props));\n\t\t\t}\n\t\t} else {\n\t\t\treturn true;\n\t\t}\n\t}\n\n\tasync function logout(): Promise<void> {\n\t\tif (ctx.hasEnvCredentials()) {\n\t\t\t// Env credentials override any login details, so we cannot log out.\n\t\t\tctx.logger.log(\n\t\t\t\t\"You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the \" +\n\t\t\t\t\t\"environment to log out.\"\n\t\t\t);\n\t\t\treturn;\n\t\t}\n\n\t\tconst storedRefreshToken = readStoredAuthState({\n\t\t\twarningLogger: ctx.logger,\n\t\t}).refreshToken;\n\t\tif (!storedRefreshToken) {\n\t\t\tctx.logger.log(\"Not logged in, exiting...\");\n\t\t\treturn;\n\t\t}\n\n\t\tconst body =\n\t\t\t`client_id=${encodeURIComponent(getClientIdFromEnv())}&` +\n\t\t\t`token_type_hint=refresh_token&` +\n\t\t\t`token=${encodeURIComponent(storedRefreshToken.value || \"\")}`;\n\n\t\tconst response = await fetch(getRevokeUrlFromEnv(), {\n\t\t\tmethod: \"POST\",\n\t\t\tbody,\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t},\n\t\t});\n\t\tawait response.text(); // blank text? would be nice if it was something meaningful\n\t\trmSync(getAuthConfigFilePath());\n\t\tctx.logger.log(`Successfully logged out.`);\n\t\tctx.purgeOnLoginOrLogout?.();\n\t}\n\n\tasync function getOAuthTokenFromLocalState(): Promise<string | undefined> {\n\t\t// Check if we have an OAuth token\n\t\tlet stored = readStoredAuthState({ warningLogger: ctx.logger });\n\t\tif (!stored.accessToken) {\n\t\t\treturn undefined;\n\t\t}\n\n\t\t// If the token is expired, try to refresh it.\n\t\t// Note: we deliberately check the expiry directly rather than going through\n\t\t// `isRefreshNeeded()`, because this function is called from contexts that\n\t\t// already know they want the OAuth token (not env credentials), and we\n\t\t// don't want the env-credentials short-circuit to skip the refresh.\n\t\tconst expired =\n\t\t\tstored.accessToken && new Date() >= new Date(stored.accessToken.expiry);\n\t\tif (expired) {\n\t\t\tconst didRefresh = await refreshToken();\n\t\t\tif (!didRefresh) {\n\t\t\t\treturn undefined;\n\t\t\t}\n\t\t\t// Re-read after the refresh has persisted the new token to disk.\n\t\t\tstored = readStoredAuthState({ warningLogger: ctx.logger });\n\t\t}\n\n\t\treturn stored.accessToken?.value;\n\t}\n\n\treturn {\n\t\tlogin,\n\t\tlogout,\n\t\tloginOrRefreshIfRequired,\n\t\tgetOAuthTokenFromLocalState,\n\t\tisRefreshNeeded,\n\t\trefreshToken,\n\t};\n}\n\n// Re-export the constant for callers that want to know about the redirect URI\n// without depending on `./generate-auth-url`.\nexport { OAUTH_CALLBACK_URL };\n"]}
package/dist/test-helpers/index.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../../src/test-helpers/msw-handlers/access.ts","../../src/test-helpers/msw-handlers/oauth.ts"],"names":["http","HttpResponse"],"mappings":";;;AAEO,IAAM,iBAAA,GAAoB;AAAA,EAChC,IAAA,CAAK,GAAA,CAAI,+BAAA,EAAiC,MAAM;AAC/C,IAAA,OAAO,YAAA,CAAa,KAAK,IAAA,EAAM;AAAA,MAC9B,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,EAAE,QAAA,EAAU,2CAAA;AAA4C,KACjE,CAAA;AAAA,GACD,CAAA;AAAA,EACD,IAAA,CAAK,GAAA,CAAI,mCAAA,EAAqC,MAAM;AACnD,IAAA,OAAO,aAAa,IAAA,CAAK,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,GAC9C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKD,IAAA,CAAK,GAAA,CAAI,uCAAA,EAAyC,MAAM;AACvD,IAAA,OAAO,aAAa,IAAA,CAAK,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,GAC9C;AACF;ACjBO,IAAM,uBAAA,GAA0B;AAAA,EACtCA,IAAAA,CAAK,GAAA;AAAA,IACJ,kBAAA;AAAA,IACA,MAAM;AACL,MAAA,OAAOC,YAAAA,CAAa,IAAA;AAAA,QACnB;AAAA,UACC,OAAA,EAAS,IAAA;AAAA,UACT,QAAQ,EAAC;AAAA,UACT,UAAU,EAAC;AAAA,UACX,IAAA,EAAM;AAAA,SACP;AAAA,QACA,EAAE,QAAQ,GAAA;AAAI,OACf;AAAA,KACD;AAAA,IACA,EAAE,MAAM,IAAA;AAAK,GACd;AAAA;AAAA,EAEAD,IAAAA,CAAK,IAAA,CAAK,iBAAA,EAAmB,MAAMC,YAAAA,CAAa,IAAA,CAAK,EAAA,EAAI,EAAE,MAAA,EAAQ,GAAA,EAAK,CAAA,EAAG;AAAA,IAC1E,IAAA,EAAM;AAAA,GACN,CAAA;AAAA;AAAA,EAEDD,IAAAA,CAAK,IAAA;AAAA,IACJ,gBAAA;AAAA,IACA,MAAM;AACL,MAAA,OAAOC,YAAAA,CAAa,IAAA;AAAA,QACnB;AAAA,UACC,YAAA,EAAc,mBAAA;AAAA,UACd,UAAA,EAAY,GAAA;AAAA,UACZ,aAAA,EAAe,oBAAA;AAAA,UACf,KAAA,EAAO;AAAA,SACR;AAAA,QACA,EAAE,QAAQ,GAAA;AAAI,OACf;AAAA,KACD;AAAA,IACA,EAAE,MAAM,IAAA;AAAK;AAEf","file":"index.mjs","sourcesContent":["import { http, HttpResponse } from \"msw\";\n\nexport const mswAccessHandlers = [\n\thttp.get(\"https://access-protected.com/\", () => {\n\t\treturn HttpResponse.json(null, {\n\t\t\tstatus: 302,\n\t\t\theaders: { location: \"access-protected-com.cloudflareaccess.com\" },\n\t\t});\n\t}),\n\thttp.get(\"https://not-access-protected.com/\", () => {\n\t\treturn HttpResponse.json(\"OK\", { status: 200 });\n\t}),\n\t// Simulates an Access application configured to only allow Service Auth\n\t// tokens: the domain is behind Access but responds with a hard 403 instead\n\t// of redirecting to cloudflareaccess.com, because there is no interactive\n\t// login path for users.\n\thttp.get(\"https://access-service-auth-only.com/\", () => {\n\t\treturn HttpResponse.json(null, { status: 403 });\n\t}),\n];\n","import { http, HttpResponse } from \"msw\";\n\nexport const mswSuccessOauthHandlers = [\n\thttp.all(\n\t\t\"*/oauth/callback\",\n\t\t() => {\n\t\t\treturn HttpResponse.json(\n\t\t\t\t{\n\t\t\t\t\tsuccess: true,\n\t\t\t\t\terrors: [],\n\t\t\t\t\tmessages: [],\n\t\t\t\t\tcode: \"test-oauth-code\",\n\t\t\t\t},\n\t\t\t\t{ status: 200 }\n\t\t\t);\n\t\t},\n\t\t{ once: true }\n\t),\n\t// revoke access token\n\thttp.post(\"*/oauth2/revoke\", () => HttpResponse.text(\"\", { status: 200 }), {\n\t\tonce: true,\n\t}),\n\t// exchange (auth code | refresh token) for access token\n\thttp.post(\n\t\t\"*/oauth2/token\",\n\t\t() => {\n\t\t\treturn HttpResponse.json(\n\t\t\t\t{\n\t\t\t\t\taccess_token: \"test-access-token\",\n\t\t\t\t\texpires_in: 100000,\n\t\t\t\t\trefresh_token: \"test-refresh-token\",\n\t\t\t\t\tscope: \"account:read\",\n\t\t\t\t},\n\t\t\t\t{ status: 200 }\n\t\t\t);\n\t\t},\n\t\t{ once: true }\n\t),\n];\n"]}