@descope/node-sdk 1.6.5 → 1.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/package.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/project.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/management/permission.ts","../../lib/management/role.ts","../../lib/management/group.ts","../../lib/management/sso.ts","../../lib/management/accesskey.ts","../../lib/management/flow.ts","../../lib/management/theme.ts","../../lib/management/audit.ts","../../lib/management/authz.ts","../../lib/management/ssoapplication.ts","../../lib/management/password.ts","../../lib/fetch-polyfill.ts","../../lib/index.ts","../../lib/management/index.ts","../../lib/errors.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name */\nexport const refreshTokenCookieName = 'DSR';\n/** Session JWT cookie name */\nexport const sessionTokenCookieName = 'DS';\n/** The key of the tenants claims in the claims map */\nexport const authorizedTenantsClaimName = 'tenants';\n/** The key of the permissions claims in the claims map either under tenant or top level */\nexport const permissionsClaimName = 'permissions';\n/** The key of the roles claims in the claims map either under tenant or top level */\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/**\n * Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n */\nconst generateCookie = (name: string, value: string, options?: Record<string, string | number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n options?.cookieMaxAge || ''\n }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`;\n\n/**\n * Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n */\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/**\n * Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n */\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/**\n * Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n */\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/**\n * Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n */\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/** API paths for the Descope service Management APIs */\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n createBatch: '/v1/mgmt/user/create/batch',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n logout: '/v1/mgmt/user/logout',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n setRole: '/v1/mgmt/user/update/role/set',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n setSSOApps: '/v1/mgmt/user/update/ssoapp/set',\n addSSOApps: '/v1/mgmt/user/update/ssoapp/add',\n removeSSOApps: '/v1/mgmt/user/update/ssoapp/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set', // Deprecated\n setTemporaryPassword: '/v1/mgmt/user/password/set/temporary',\n setActivePassword: '/v1/mgmt/user/password/set/active',\n expirePassword: '/v1/mgmt/user/password/expire',\n removeAllPasskeys: '/v1/mgmt/user/passkeys/delete',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n generateEmbeddedLink: '/v1/mgmt/user/signin/embeddedlink',\n history: '/v1/mgmt/user/history',\n },\n project: {\n updateName: '/v1/mgmt/project/update/name',\n clone: '/v1/mgmt/project/clone',\n export: '/v1/mgmt/project/export',\n import: '/v1/mgmt/project/import',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n settings: '/v1/mgmt/tenant/settings',\n loadAll: '/v1/mgmt/tenant/all',\n searchAll: '/v1/mgmt/tenant/search',\n },\n ssoApplication: {\n oidcCreate: '/v1/mgmt/sso/idp/app/oidc/create',\n samlCreate: '/v1/mgmt/sso/idp/app/saml/create',\n oidcUpdate: '/v1/mgmt/sso/idp/app/oidc/update',\n samlUpdate: '/v1/mgmt/sso/idp/app/saml/update',\n delete: '/v1/mgmt/sso/idp/app/delete',\n load: '/v1/mgmt/sso/idp/app/load',\n loadAll: '/v1/mgmt/sso/idp/apps/load',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n settingsv2: '/v2/mgmt/sso/settings',\n oidc: {\n configure: '/v1/mgmt/sso/oidc',\n },\n saml: {\n configure: '/v1/mgmt/sso/saml',\n metadata: '/v1/mgmt/sso/saml/metadata',\n },\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n impersonate: '/v1/mgmt/impersonate',\n },\n password: {\n settings: '/v1/mgmt/password/settings',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n search: '/v1/mgmt/role/search',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n delete: '/v1/mgmt/flow/delete',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n authz: {\n schemaSave: '/v1/mgmt/authz/schema/save',\n schemaDelete: '/v1/mgmt/authz/schema/delete',\n schemaLoad: '/v1/mgmt/authz/schema/load',\n nsSave: '/v1/mgmt/authz/ns/save',\n nsDelete: '/v1/mgmt/authz/ns/delete',\n rdSave: '/v1/mgmt/authz/rd/save',\n rdDelete: '/v1/mgmt/authz/rd/delete',\n reCreate: '/v1/mgmt/authz/re/create',\n reDelete: '/v1/mgmt/authz/re/delete',\n reDeleteResources: '/v1/mgmt/authz/re/deleteresources',\n hasRelations: '/v1/mgmt/authz/re/has',\n who: '/v1/mgmt/authz/re/who',\n resource: '/v1/mgmt/authz/re/resource',\n targets: '/v1/mgmt/authz/re/targets',\n targetAll: '/v1/mgmt/authz/re/targetall',\n getModified: '/v1/mgmt/authz/getmodified',\n },\n};\n","import {\n SdkResponse,\n transformResponse,\n UserHistoryResponse,\n UserResponse,\n LoginOptions,\n} from '@descope/core-js-sdk';\nimport { deprecate } from 'util';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n GenerateEmbeddedLinkResponse,\n AttributesTypes,\n UserStatus,\n User,\n InviteBatchResponse,\n} from './types';\nimport { CoreSdk, DeliveryMethodForTestUser } from '../types';\nimport apiPaths from './paths';\n\ntype SearchSort = {\n field: string;\n desc?: boolean;\n};\n\ntype SearchRequest = {\n page?: number;\n limit?: number;\n sort?: SearchSort[];\n text?: string;\n emails?: string[];\n phones?: string[];\n statuses?: UserStatus[];\n roles?: string[];\n tenantIds?: string[];\n customAttributes?: Record<string, AttributesTypes>;\n withTestUser?: boolean;\n testUsersOnly?: boolean;\n ssoAppIds?: string[];\n};\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => {\n /* Create User */\n function create(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function create(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function create(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create user\n // 1. The new form - create(loginId, { email, phone, ... }})\n // 2. The old form - create(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Create User End */\n\n /* Create Test User */\n function createTestUser(\n loginId: string,\n options?: UserOptions,\n ): Promise<SdkResponse<UserResponse>>;\n function createTestUser(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function createTestUser(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create test user\n // 1. The new form - createTestUser(loginId, { email, phone, ... }})\n // 2. The old form - createTestUser(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n test: true,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n test: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Create Test User End */\n\n /* Invite User */\n function invite(\n loginId: string,\n options?: UserOptions & {\n inviteUrl?: string;\n sendMail?: boolean; // send invite via mail, default is according to project settings\n sendSMS?: boolean; // send invite via text message, default is according to project settings\n },\n ): Promise<SdkResponse<UserResponse>>;\n function invite(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function invite(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of invite user\n // 1. The new form - invite(loginId, { email, phone, ... }})\n // 2. The old form - invite(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n inviteUrl,\n sendMail,\n sendSMS,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n invite: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Invite User End */\n\n /* Update User */\n function update(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function update(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function update(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of update user\n // 1. The new form - update(loginId, { email, phone, ... }})\n // 2. The old form - update(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.update, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Update User End */\n\n return {\n create,\n /**\n * Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n *\n * You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n */\n createTestUser,\n invite,\n inviteBatch: (\n users: User[],\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n ): Promise<SdkResponse<InviteBatchResponse>> =>\n transformResponse<InviteBatchResponse, InviteBatchResponse>(\n sdk.httpClient.post(\n apiPaths.user.createBatch,\n {\n users,\n invite: true,\n inviteUrl,\n sendMail,\n sendSMS,\n },\n { token: managementKey },\n ),\n (data) => data,\n ),\n update,\n /**\n * Delete an existing user.\n * @param loginId The login ID of the user\n */\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /**\n * Delete an existing user by User ID.\n * @param userId The user ID can be found in the Subject (`sub`) claim\n * in the user's JWT.\n */\n deleteByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { userId }, { token: managementKey }),\n ),\n /**\n * Delete all test users in the project.\n */\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /**\n * Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n */\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /**\n * Logout a user from all devices by the login ID\n * @param loginId logout user by login ID\n * @returns The UserResponse if found, throws otherwise.\n */\n logoutUser: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { loginId }, { token: managementKey }),\n ),\n /**\n * Logout a user from all devices by user ID. The ID can be found\n * on the user's JWT.\n * @param userId Logout a user from all devices by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n */\n logoutUserByUserId: (userId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { userId }, { token: managementKey }),\n ),\n /**\n * Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n */\n\n searchAll: deprecate(\n (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n statuses?: UserStatus[],\n emails?: string[],\n phones?: string[],\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n tenantIds,\n roleNames: roles,\n limit,\n page,\n testUsersOnly,\n withTestUser,\n customAttributes,\n statuses,\n emails,\n phones,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n 'searchAll is deprecated please use search() instead',\n ),\n /**\n * Search all users. Results can be filtered according to tenants roles and more,\n * Pagination is also available using the limit and page parameters.\n * @param searchReq an object with all the constraints for this search\n * @returns An array of UserResponse found by the query\n */\n search: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n ...searchReq,\n roleNames: searchReq.roles,\n roles: undefined,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /**\n * Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n */\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (\n loginId: string,\n displayName?: string,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName, givenName, middleName, familyName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /**\n * Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n */\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n */\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n */\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateEmbeddedLink: (\n loginId: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEmbeddedLink,\n { loginId, customClaims },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Set temporary password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setTemporaryPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setTemporaryPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Set password for the given login ID of user.\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setActivePassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setActivePassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /** Deprecated (user setTemporaryPassword instead)\n * Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId The login ID of the user\n */\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /**\n * Removes all registered passkeys (WebAuthn devices) for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n */\n removeAllPasskeys: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeAllPasskeys, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /**\n * Retrieve users' authentication history, by the given user's ids.\n * @param userIds The user IDs\n */\n history: (userIds: string[]): Promise<SdkResponse<UserHistoryResponse[]>> =>\n transformResponse<UserHistoryResponse[]>(\n sdk.httpClient.post(apiPaths.user.history, userIds, { token: managementKey }),\n (data) => data,\n ),\n };\n};\n\nexport interface UserOptions {\n email?: string;\n phone?: string;\n displayName?: string;\n roles?: string[];\n userTenants?: AssociatedTenant[];\n customAttributes?: Record<string, AttributesTypes>;\n picture?: string;\n verifiedEmail?: boolean;\n verifiedPhone?: boolean;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n additionalLoginIds?: string[];\n ssoAppIds?: string[];\n}\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CloneProjectResponse, ProjectTag } from './types';\n\nconst withProject = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Update the current project name.\n * @param name The new name of the project\n */\n updateName: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateName,\n {\n name,\n },\n { token: managementKey },\n ),\n ),\n /**\n * Clone the current project, including its settings and configurations.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * @param name The name of the new project\n * @param tag The tag of the new project\n * @returns The new project details (name, id, and tag)\n */\n clone: (name: string, tag?: ProjectTag): Promise<SdkResponse<CloneProjectResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.clone,\n {\n name,\n tag,\n },\n { token: managementKey },\n ),\n ),\n\n /**\n * Exports all settings and configurations for a project and returns the\n * raw JSON files response as an object.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * - Secrets, keys and tokens are not stripped from the exported data.\n *\n * @returns An object containing the exported JSON files payload.\n */\n export: (): Promise<SdkResponse<Record<string, any>>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.export, {}, { token: managementKey }),\n (data) => data.files,\n ),\n\n /**\n * Imports all settings and configurations for a project overriding any\n * current configuration.\n * - This action is supported only with a pro license or above.\n * - Secrets, keys and tokens are not overwritten unless overwritten in the input.\n *\n * @param files The raw JSON dictionary of files, in the same format as\n * the one returned by calls to export.\n */\n import: (files: Record<string, any>): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.export,\n {\n files,\n },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withProject;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant, AttributesTypes, TenantSettings } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n searchAll: (\n ids?: string[],\n names?: string[],\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.post(\n apiPaths.tenant.searchAll,\n {\n tenantIds: ids,\n tenantNames: names,\n tenantSelfProvisioningDomains: selfProvisioningDomains,\n customAttributes,\n },\n { token: managementKey },\n ),\n (data) => data.tenants,\n ),\n getSettings: (tenantId: string): Promise<SdkResponse<TenantSettings>> =>\n transformResponse<TenantSettings, TenantSettings>(\n sdk.httpClient.get(apiPaths.tenant.settings, {\n queryParams: { id: tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: TenantSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n impersonate: (\n impersonatorId: string,\n loginId: string,\n validateConsent: boolean,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.impersonate,\n { impersonatorId, loginId, validateConsent },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role, RoleSearchOptions } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames, tenantId },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames, tenantId },\n { token: managementKey },\n ),\n ),\n delete: (name: string, tenantId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name, tenantId }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n search: (options: RoleSearchOptions): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.post(apiPaths.role.search, options, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n */\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /**\n * Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n */\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /**\n * Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n */\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { deprecate } from 'util';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n RoleMappings,\n AttributeMapping,\n SSOSettingsResponse,\n SSOOIDCSettings,\n SSOSAMLSettings,\n SSOSAMLByMetadataSettings,\n SSOSettings,\n} from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: deprecate(\n (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n 'getSettings is deprecated, please use loadSettings instead',\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n configureSettings: deprecate(\n (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n 'configureSettings is deprecated, please use configureSAMLSettings instead ',\n ),\n configureMetadata: deprecate(\n (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n 'configureMetadata is deprecated, please use configureSAMLByMetadata instead',\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n configureOIDCSettings: (\n tenantId: string,\n settings: SSOOIDCSettings,\n domains?: string[],\n ): Promise<SdkResponse<never>> => {\n const readySettings = { ...settings, userAttrMapping: settings.attributeMapping };\n delete readySettings.attributeMapping;\n return transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.oidc.configure,\n {\n tenantId,\n settings: readySettings,\n domains,\n },\n { token: managementKey },\n ),\n );\n },\n configureSAMLSettings: (\n tenantId: string,\n settings: SSOSAMLSettings,\n redirectUrl?: string,\n domains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.configure,\n { tenantId, settings, redirectUrl, domains },\n { token: managementKey },\n ),\n ),\n configureSAMLByMetadata: (\n tenantId: string,\n settings: SSOSAMLByMetadataSettings,\n redirectUrl?: string,\n domains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.metadata,\n { tenantId, settings, redirectUrl, domains },\n { token: managementKey },\n ),\n ),\n loadSettings: (tenantId: string): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.get(apiPaths.sso.settingsv2, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => {\n const readySettings = data as any;\n if (readySettings.oidc) {\n readySettings.oidc = {\n ...readySettings.oidc,\n attributeMapping: readySettings.oidc.userAttrMapping,\n };\n delete readySettings.oidc.userAttrMapping;\n }\n if (readySettings.saml?.groupsMapping) {\n readySettings.saml.groupsMapping = readySettings.saml?.groupsMapping.map((gm: any) => {\n const rm = gm;\n rm.roleName = rm.role.name;\n delete rm.role;\n return rm;\n });\n }\n return readySettings;\n },\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @param userId Optional bind this access key to a specific user.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n */\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n userId?: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants, userId, customClaims },\n { token: managementKey },\n ),\n ),\n /**\n * Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n */\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /**\n * Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n */\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /**\n * Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n */\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /**\n * Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n */\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /**\n * Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n */\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /**\n * Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n */\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n delete: (flowIds: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.delete, { ids: flowIds }, { token: managementKey }),\n ),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n */\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n AuthzSchema,\n AuthzNamespace,\n AuthzRelationDefinition,\n AuthzRelation,\n AuthzRelationQuery,\n AuthzModified,\n} from './types';\n\nconst WithAuthz = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n * Schema name can be used for projects to track versioning.\n *\n * @param schema the schema to save\n * @param upgrade should we upgrade existing schema or ignore any namespace not provided\n * @returns standard success or failure response\n */\n saveSchema: (schema: AuthzSchema, upgrade: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaSave, { schema, upgrade }, { token: managementKey }),\n ),\n /**\n * Delete the schema for the project which will also delete all relations.\n *\n * @returns standard success or failure response\n */\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /**\n * Load the schema for the project.\n *\n * @returns the schema associated with the project\n */\n loadSchema: (): Promise<SdkResponse<AuthzSchema>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaLoad, {}, { token: managementKey }),\n (data) => data.schema,\n ),\n /**\n * Save (create or update) the given namespace.\n * Will not delete relation definitions not mentioned in the namespace.\n *\n * @param namespace the namespace to save\n * @param oldName if we are changing the namespace name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n saveNamespace: (\n namespace: AuthzNamespace,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.nsSave,\n { namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Delete the given namespace.\n * Will also delete the relevant relations.\n *\n * @param name to delete.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n deleteNamespace: (name: string, schemaName?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.nsDelete, { name, schemaName }, { token: managementKey }),\n ),\n /**\n * Save (create or update) the given relation definition.\n *\n * @param relationDefinition rd to save.\n * @param namespace that it belongs to.\n * @param oldName if we are changing the relation definition name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n saveRelationDefinition: (\n relationDefinition: AuthzRelationDefinition,\n namespace: string,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdSave,\n { relationDefinition, namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Delete the given relation definition.\n * Will also delete the relevant relations.\n *\n * @param name to delete.\n * @param namespace it belongs to.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n deleteRelationDefinition: (\n name: string,\n namespace: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdDelete,\n { name, namespace, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Create the given relations.\n *\n * @param relations to create.\n * @returns standard success or failure response\n */\n createRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reCreate, { relations }, { token: managementKey }),\n ),\n /**\n * Delete the given relations.\n *\n * @param relations to delete.\n * @returns standard success or failure response\n */\n deleteRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reDelete, { relations }, { token: managementKey }),\n ),\n /**\n * Delete the relations for the given resources.\n *\n * @param resources resources to delete relations for.\n * @returns standard success or failure response\n */\n deleteRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /**\n * Query relations to see what relations exists.\n *\n * @param relationQueries array of relation queries to check.\n * @returns array of relation query responses with the boolean flag indicating if relation exists\n */\n hasRelations: (\n relationQueries: AuthzRelationQuery[],\n ): Promise<SdkResponse<AuthzRelationQuery[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.hasRelations,\n { relationQueries },\n { token: managementKey },\n ),\n (data) => data.relationQueries,\n ),\n /**\n * List all the users that have the given relation definition to the given resource.\n *\n * @param resource The resource we are checking\n * @param relationDefinition The relation definition we are querying\n * @param namespace The namespace for the relation definition\n * @returns array of users who have the given relation definition\n */\n whoCanAccess: (\n resource: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<string[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.who,\n { resource, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.targets,\n ),\n /**\n * Return the list of all defined relations (not recursive) on the given resource.\n *\n * @param resource The resource we are checking\n * @returns array of relations that exist for the given resource\n */\n resourceRelations: (resource: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.resource, { resource }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all defined relations (not recursive) for the given targets.\n *\n * @param targets array of targets we want to check\n * @returns array of relations that exist for the given targets\n */\n targetsRelations: (targets: string[]): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targets, { targets }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all relations for the given target including derived relations from the schema tree.\n *\n * @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n */\n whatCanTargetAccess: (target: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targetAll, { target }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all relations for the given target including derived relations from the schema tree.\n *\n * @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n */\n getModified: (since: Date): Promise<SdkResponse<AuthzModified>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.getModified,\n { since: since ? since.getTime() : 0 },\n { token: managementKey },\n ),\n (data) => data as AuthzModified,\n ),\n});\n\nexport default WithAuthz;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateSSOApplicationResponse,\n SSOApplication,\n OidcApplicationOptions,\n SamlApplicationOptions,\n} from './types';\n\ntype MultipleSSOApplicationResponse = {\n apps: SSOApplication[];\n};\n\nconst withSSOApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createOidcApplication: (\n options: OidcApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n createSamlApplication: (\n options: SamlApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n updateOidcApplication: (\n options: OidcApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n updateSamlApplication: (\n options: SamlApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.ssoApplication.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<SSOApplication>> =>\n transformResponse<SSOApplication, SSOApplication>(\n sdk.httpClient.get(apiPaths.ssoApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<SSOApplication[]>> =>\n transformResponse<MultipleSSOApplicationResponse, SSOApplication[]>(\n sdk.httpClient.get(apiPaths.ssoApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n});\n\nexport default withSSOApplication;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { PasswordSettings } from './types';\n\nconst withPassword = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<PasswordSettings>> =>\n transformResponse<PasswordSettings, PasswordSettings>(\n sdk.httpClient.get(apiPaths.password.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: PasswordSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.password.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withPassword;\n","import { fetch as crossFetch, Headers } from 'cross-fetch';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 * 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof crossFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return crossFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, {\n ExchangeAccessKeyResponse,\n AccessKeyLoginOptions,\n SdkResponse,\n wrapWith,\n} from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key */\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n fetch,\n ...config,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node || '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike | Uint8Array> = {};\n\n /** Fetch the public keys (JWKs) from Descope for the configured project */\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /**\n * Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n */\n management,\n\n /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */\n async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /**\n * Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n */\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /**\n * Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n /* istanbul ignore next */\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /**\n * Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n /* istanbul ignore next */\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n /* istanbul ignore next */\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /**\n * Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n /* istanbul ignore next */\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /**\n * Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @param loginOptions Optional advanced controls over login parameters\n * @returns AuthenticationInfo with session JWT data\n */\n async exchangeAccessKey(\n accessKey: string,\n loginOptions?: AccessKeyLoginOptions,\n ): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey, loginOptions);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, '', permissions);\n },\n\n /**\n * Retrieves the permissions from JWT top level claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedPermissions(authInfo: AuthenticationInfo, permissions: string[]): string[] {\n return sdk.getMatchedTenantPermissions(authInfo, '', permissions);\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the permissions for\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /**\n * Retrieves the permissions from JWT tenant claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param tenant tenant to match the permissions for\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n * */\n getMatchedTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.filter((perm) => granted.includes(perm));\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, '', roles);\n },\n\n /**\n * Retrieves the roles from JWT top level claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedRoles(authInfo: AuthenticationInfo, roles: string[]): string[] {\n return sdk.getMatchedTenantRoles(authInfo, '', roles);\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the roles for\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n\n /**\n * Retrieves the roles from JWT tenant claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param tenant tenant to match the roles for\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.filter((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/** Descope SDK client with delivery methods enum.\n *\n * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n *\n * ```js\n * import descopeSdk from '@descope/node-sdk';\n *\n * const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n *\n * const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n */\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\nexport { descopeErrors } from './errors';\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withProject from './project';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\nimport WithAuthz from './authz';\nimport withSSOApplication from './ssoapplication';\nimport withPassword from './password';\n\n/** Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n project: withProject(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n ssoApplication: withSSOApplication(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n password: withPassword(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n authz: WithAuthz(sdk, managementKey),\n});\n\nexport default withManagement;\n","// eslint-disable-next-line import/prefer-default-export\n/** Common Error Codes */\nexport const descopeErrors = {\n badRequest: 'E011001',\n missingArguments: 'E011002',\n invalidRequest: 'E011003',\n invalidArguments: 'E011004',\n wrongOTPCode: 'E061102',\n tooManyOTPAttempts: 'E061103',\n enchantedLinkPending: 'E062503',\n userNotFound: 'E062108',\n};\n"],"names":["withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","createBatch","update","delete","deleteAllTestUsers","load","logout","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","setRole","addRole","removeRole","setSSOApps","addSSOApps","removeSSOApps","addTenant","removeTenant","setPassword","setTemporaryPassword","setActivePassword","expirePassword","removeAllPasskeys","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","generateEmbeddedLink","history","updateName","clone","export","import","deactivate","activate","settings","loadAll","searchAll","oidcCreate","samlCreate","oidcUpdate","samlUpdate","metadata","mapping","settingsv2","oidc","configure","saml","impersonate","list","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","schemaSave","schemaDelete","schemaLoad","nsSave","nsDelete","rdSave","rdDelete","reCreate","reDelete","reDeleteResources","hasRelations","who","resource","targets","targetAll","getModified","withUser","sdk","managementKey","loginId","emailOrOptions","phone","displayName","roles","userTenants","customAttributes","picture","verifiedEmail","verifiedPhone","givenName","middleName","familyName","additionalLoginIds","body","email","roleNames","undefined","transformResponse","httpClient","post","user","createTestUser","test","invite","inviteUrl","sendMail","sendSMS","inviteBatch","users","deleteByUserId","userId","queryParams","loadByUserId","logoutUser","logoutUserByUserId","deprecate","tenantIds","limit","page","testUsersOnly","withTestUser","statuses","emails","phones","searchReq","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","setRoles","addRoles","removeRoles","tenantId","setTenantRoles","addTenantRoles","removeTenantRoles","addSSOapps","ssoAppIds","setSSOapps","removeSSOapps","generateOTPForTestUser","deliveryMethod","loginOptions","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","customClaims","password","userIds","withProject","tag","files","withTenant","selfProvisioningDomains","createWithId","id","tenants","ids","names","tenantNames","tenantSelfProvisioningDomains","getSettings","configureSettings","withJWT","jwt","impersonatorId","validateConsent","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","loginIds","groupId","withSSOSettings","deleteSettings","idpURL","idpCert","entityId","redirectURL","domains","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","configureOIDCSettings","readySettings","userAttrMapping","configureSAMLSettings","redirectUrl","configureSAMLByMetadata","loadSettings","groupsMapping","map","gm","rm","roleName","role","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowIds","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","externalIds","audits","a","res","occurred","parseFloat","WithAuthz","saveSchema","schema","upgrade","deleteSchema","loadSchema","saveNamespace","namespace","oldName","schemaName","deleteNamespace","saveRelationDefinition","relationDefinition","deleteRelationDefinition","createRelations","relations","deleteRelations","deleteRelationsForResources","resources","relationQueries","whoCanAccess","resourceRelations","targetsRelations","whatCanTargetAccess","target","since","getTime","withSSOApplication","createOidcApplication","enabled","createSamlApplication","updateOidcApplication","updateSamlApplication","apps","withPassword","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","crossFetch","fetch","nodeSdk","publicKey","config","coreSdk","createSdk","baseHeaders","process","versions","node","projectId","logger","management","project","accessKey","ssoApplication","sso","permission","group","audit","authz","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","getMatchedPermissions","getMatchedTenantPermissions","granted","every","perm","includes","filter","validateRoles","validateTenantRoles","getMatchedRoles","getMatchedTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName","badRequest","missingArguments","invalidRequest","invalidArguments","wrongOTPCode","tooManyOTPAttempts","enchantedLinkPending","userNotFound"],"mappings":"6QAEO,MC+BMA,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAA,OAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GDVoC,SCsDoBL,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cDhDC,OCmD9BT,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAgC,eAAI,IAAAlB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAgC,eAAC,IAAAlB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,YAAa,6BACbC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,QAAS,gCACTC,WAAY,mCACZC,WAAY,kCACZC,WAAY,kCACZC,cAAe,qCACfC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,qBAAsB,uCACtBC,kBAAmB,oCACnBC,eAAgB,gCAChBC,kBAAmB,gCACnBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,wCAC9BC,qBAAsB,oCACtBC,QAAS,yBAnCElC,EAqCJ,CACPmC,WAAY,+BACZC,MAAO,yBACPC,OAAQ,0BACRC,OAAQ,2BAzCGtC,EA2CF,CACTC,OAAQ,4BACRK,KAAM,qBACNE,OAAQ,4BACRL,OAAQ,4BACRoC,WAAY,gCACZC,SAAU,8BACVpC,OAAQ,6BAlDGJ,EAoDL,CACNC,OAAQ,yBACRE,OAAQ,yBACRC,OAAQ,yBACRE,KAAM,kBACNmC,SAAU,2BACVC,QAAS,sBACTC,UAAW,0BA3DA3C,EA6DG,CACd4C,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZ3C,OAAQ,8BACRE,KAAM,4BACNoC,QAAS,8BApEE1C,EAsER,CACHyC,SAAU,wBACVO,SAAU,wBACVC,QAAS,uBACTC,WAAY,wBACZC,KAAM,CACJC,UAAW,qBAEbC,KAAM,CACJD,UAAW,oBACXJ,SAAU,+BAhFDhD,EAmFR,CACHG,OAAQ,sBACRmD,YAAa,wBArFFtD,EAuFH,CACRyC,SAAU,8BAxFCzC,EA0FD,CACVC,OAAQ,6BACRE,OAAQ,6BACRC,OAAQ,6BACRsC,QAAS,2BA9FE1C,EAgGP,CACJC,OAAQ,uBACRE,OAAQ,uBACRC,OAAQ,uBACRsC,QAAS,oBACTlC,OAAQ,wBArGGR,EAuGP,CACJuD,KAAM,qBACNnD,OAAQ,uBACRiC,OAAQ,uBACRC,OAAQ,wBA3GGtC,EA6GN,CACLqC,OAAQ,wBACRC,OAAQ,yBA/GGtC,EAiHN,CACLwD,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BApHV1D,EAsHN,CACLQ,OAAQ,yBAvHGR,EAyHN,CACL2D,WAAY,6BACZC,aAAc,+BACdC,WAAY,6BACZC,OAAQ,yBACRC,SAAU,2BACVC,OAAQ,yBACRC,SAAU,2BACVC,SAAU,2BACVC,SAAU,2BACVC,kBAAmB,oCACnBC,aAAc,wBACdC,IAAK,wBACLC,SAAU,6BACVC,QAAS,4BACTC,UAAW,8BACXC,YAAa,8BCtFjB,MAAMC,EAAW,CAACC,EAAcC,KA4SvB,CACL5E,OAzRF,SACE6E,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EAqPCC,eA5NF,SACEtB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,qBACAU,MAAM,GAEThH,OAAAC,OAAAD,OAAAC,OAAA,CACGwF,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPM,MAAM,IAEd,OAAOL,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EA4KCG,OA5IF,SACExB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAgB,EACAC,EACAC,EACAjB,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAmB,QAAQ,EACRlB,mBACAC,UACAC,gBACAC,gBACAgB,YACAC,WACAC,UACAd,sBAEHtG,OAAAC,OAAAD,OAAAC,OAAA,CACGwF,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPO,QAAQ,IAEhB,OAAON,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EAsFCO,YAAa,CACXC,EACAJ,EACAC,EACAC,IAEAT,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcE,YACd,CACEyG,QACAL,QAAQ,EACRC,YACAC,WACAC,WAEF,CAAE7G,MAAOiF,KAEV9G,GAASA,IAEdoC,OApFF,SACE2E,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcG,OAAQyF,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EA0CC/F,OAAS0E,GACPkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAE0E,WAAW,CAAElF,MAAOiF,KAOpE+B,eAAiBC,GACfb,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAEyG,UAAU,CAAEjH,MAAOiF,KAKnExE,mBAAoB,IAClB2F,EAAAA,kBACEpB,EAAIqB,WAAW7F,OAAOJ,EAAcK,mBAAoB,CAAET,MAAOiF,KAErEvE,KAAOwE,GACLkB,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcM,KAAM,CACrCwG,YAAa,CAAEhC,WACflF,MAAOiF,KAER9G,GAASA,EAAKoI,OAQnBY,aAAeF,GACbb,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcM,KAAM,CACrCwG,YAAa,CAAED,UACfjH,MAAOiF,KAER9G,GAASA,EAAKoI,OAOnBa,WAAalC,GACXkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcO,OAAQ,CAAEuE,WAAW,CAAElF,MAAOiF,KAQpEoC,mBAAqBJ,GACnBb,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcO,OAAQ,CAAEsG,UAAU,CAAEjH,MAAOiF,KAcnElC,UAAWuE,EAAAA,WACT,CACEC,EACAjC,EACAkC,EACAC,EACAC,EACAC,EACAnC,EACAoC,EACAC,EACAC,IAEA1B,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcQ,OACd,CACE2G,YACArB,UAAWZ,EACXkC,QACAC,OACAC,gBACAC,eACAnC,mBACAoC,WACAC,SACAC,UAEF,CAAE9H,MAAOiF,KAEV9G,GAASA,EAAK4I,SAEnB,uDAQFnG,OAASmH,GACP3B,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcQ,OAETnB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAqI,GACH,CAAA7B,UAAW6B,EAAUzC,MACrBA,WAAOa,IAET,CAAEnG,MAAOiF,KAEV9G,GAASA,EAAK4I,QAUnBlG,iBAAkB,CAChBqE,EACA8C,IAEA5B,oBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcS,iBAAkB,CACjDqG,YAAa,CAAEhC,UAAS8C,YACxBhI,MAAOiF,KAER9G,GAASA,IAEdyE,SAAWsC,GACTkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcU,aACd,CAAEoE,UAAS+C,OAAQ,WACnB,CAAEjI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB5D,WAAauC,GACXkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcU,aACd,CAAEoE,UAAS+C,OAAQ,YACnB,CAAEjI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBxF,cAAe,CAACmE,EAAiBgD,IAC/B9B,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcW,cACd,CAAEmE,UAASgD,cACX,CAAElI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBvF,YAAa,CACXkE,EACAe,EACAkC,IAEA/B,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcY,YACd,CAAEkE,UAASe,QAAOmC,SAAUD,GAC5B,CAAEnI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBtF,YAAa,CACXiE,EACAE,EACA+C,IAEA/B,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAca,YACd,CAAEiE,UAASE,QAAOgD,SAAUD,GAC5B,CAAEnI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBrF,kBAAmB,CACjBgE,EACAG,EACAO,EACAC,EACAC,IAEAM,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcc,kBACd,CAAEgE,UAASG,cAAaO,YAAWC,aAAYC,cAC/C,CAAE9F,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBpF,cAAe,CAAC+D,EAAiBO,IAC/BW,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAce,cACd,CAAE+D,UAASO,WACX,CAAEzF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBnF,sBAAuB,CACrB8D,EACAmD,EACAC,IAEAlC,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcgB,sBACd,CAAE8D,UAASmD,eAAcC,kBACzB,CAAEtI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBgC,SAAU,CAACrD,EAAiBI,IAC1Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAciB,QACd,CAAE6D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBiC,SAAU,CAACtD,EAAiBI,IAC1Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAckB,QACd,CAAE4D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBkC,YAAa,CAACvD,EAAiBI,IAC7Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcmB,WACd,CAAE2D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB5E,UAAW,CAACuD,EAAiBwD,IAC3BtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcuB,UACd,CAAEuD,UAASwD,YACX,CAAE1I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB3E,aAAc,CAACsD,EAAiBwD,IAC9BtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcwB,aACd,CAAEsD,UAASwD,YACX,CAAE1I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBoC,eAAgB,CACdzD,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAciB,QACd,CAAE6D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBqC,eAAgB,CACd1D,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAckB,QACd,CAAE4D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBsC,kBAAmB,CACjB3D,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcmB,WACd,CAAE2D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBuC,WAAY,CAAC5D,EAAiB6D,IAC5B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcqB,WACd,CAAEyD,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnByC,WAAY,CAAC9D,EAAiB6D,IAC5B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcoB,WACd,CAAE0D,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB0C,cAAe,CAAC/D,EAAiB6D,IAC/B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcsB,cACd,CAAEwD,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAcnB2C,uBAAwB,CACtBC,EACAjE,EACAkE,IAEAhD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAc8B,mBACd,CAAEiH,iBAAgBjE,UAASkE,gBAC3B,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAedkL,6BAA8B,CAC5BF,EACAjE,EACAoE,EACAF,IAEAhD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAc+B,yBACd,CAAEgH,iBAAgBjE,UAASqE,IAAKD,EAAKF,gBACrC,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAcdqL,iCAAkC,CAChCtE,EACAoE,EACAF,IAEAhD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcgC,6BACd,CAAE8C,UAASqE,IAAKD,EAAKF,gBACrB,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAGdkE,qBAAsB,CACpB6C,EACAuE,IAEArD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAciC,qBACd,CAAE6C,UAASuE,gBACX,CAAEzJ,MAAOiF,KAEV9G,GAASA,IAWd2D,qBAAsB,CAACoD,EAAiBwE,IACtCtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAc0B,qBACd,CAAEoD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IAQd4D,kBAAmB,CAACmD,EAAiBwE,IACnCtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAc2B,kBACd,CAAEmD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IAWd0D,YAAa,CAACqD,EAAiBwE,IAC7BtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcyB,YACd,CAAEqD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IASd6D,eAAiBkD,GACfkB,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAc4B,eAAgB,CAAEkD,WAAW,CAAElF,MAAOiF,KACvE9G,GAASA,IASd8D,kBAAoBiD,GAClBkB,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAc6B,kBAAmB,CAAEiD,WAAW,CAAElF,MAAOiF,KAC1E9G,GAASA,IAOdmE,QAAUqH,GACRvD,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAckC,QAASqH,EAAS,CAAE3J,MAAOiF,KAC5D9G,GAASA,MCz4BZyL,EAAc,CAAC5E,EAAcC,KAA4B,CAK7D1C,WAAapD,GACXiH,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAiBmC,WACjB,CACEpD,QAEF,CAAEa,MAAOiF,KAWfzC,MAAO,CAACrD,EAAc0K,IACpBzD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAiBoC,MACjB,CACErD,OACA0K,OAEF,CAAE7J,MAAOiF,KAafxC,OAAQ,IACN2D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAiBqC,OAAQ,CAAA,EAAI,CAAEzC,MAAOiF,KACzD9G,GAASA,EAAK2L,QAYnBpH,OAASoH,GACP1D,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAiBqC,OACjB,CACEqH,SAEF,CAAE9J,MAAOiF,OC9DX8E,EAAa,CAAC/E,EAAcC,KAA4B,CAC5D5E,OAAQ,CACNlB,EACA6K,EACAxE,IAEAY,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgBC,OAChB,CAAElB,OAAM6K,0BAAyBxE,oBACjC,CAAExF,MAAOiF,KAGfgF,aAAc,CACZC,EACA/K,EACA6K,EACAxE,IAEAY,oBACEpB,EAAIqB,WAAWC,KACblG,EAAgBC,OAChB,CAAE6J,KAAI/K,OAAM6K,0BAAyBxE,oBACrC,CAAExF,MAAOiF,KAGf1E,OAAQ,CACN2J,EACA/K,EACA6K,EACAxE,IAEAY,oBACEpB,EAAIqB,WAAWC,KACblG,EAAgBG,OAChB,CAAE2J,KAAI/K,OAAM6K,0BAAyBxE,oBACrC,CAAExF,MAAOiF,KAGfzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAgBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,KAEjEvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAgBM,KAAM,CACvCwG,YAAa,CAAEgD,MACflK,MAAOiF,KAER9G,GAASA,IAEd2E,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAgB0C,QAAS,CAC1C9C,MAAOiF,KAER9G,GAASA,EAAKgM,UAEnBpH,UAAW,CACTqH,EACAC,EACAL,EACAxE,IAEAY,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgB2C,UAChB,CACEwE,UAAW6C,EACXE,YAAaD,EACbE,8BAA+BP,EAC/BxE,oBAEF,CAAExF,MAAOiF,KAEV9G,GAASA,EAAKgM,UAEnBK,YAAc9B,GACZtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAgByC,SAAU,CAC3CqE,YAAa,CAAEgD,GAAIxB,GACnB1I,MAAOiF,KAER9G,GAASA,IAEdsM,kBAAmB,CAAC/B,EAAkB7F,IACpCuD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgByC,SACXpD,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAA6F,aACf,CACE1I,MAAOiF,OC/FXyF,EAAU,CAAC1F,EAAcC,KAA4B,CACzD1E,OAAQ,CACNoK,EACAlB,IAEArD,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAaG,OAAQ,CAAEoK,MAAKlB,gBAAgB,CAAEzJ,MAAOiF,KAE7EvB,YAAa,CACXkH,EACA1F,EACA2F,IAEAzE,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAasD,YACb,CAAEkH,iBAAgB1F,UAAS2F,mBAC3B,CAAE7K,MAAOiF,OCbX6F,EAAiB,CAAC9F,EAAcC,KAA4B,CAChE5E,OAAQ,CAAClB,EAAc4L,IACrB3E,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAoBC,OACpB,CAAElB,OAAM4L,eACR,CAAE/K,MAAOiF,KAGf1E,OAAQ,CAACpB,EAAc6L,EAAiBD,IACtC3E,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAoBG,OACpB,CAAEpB,OAAM6L,UAASD,eACjB,CAAE/K,MAAOiF,KAGfzE,OAASrB,GACPiH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAoBI,OAAQ,CAAErB,QAAQ,CAAEa,MAAOiF,KAEvEnC,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAoB0C,QAAS,CAC9C9C,MAAOiF,KAER9G,GAASA,EAAK8M,gBC1BfC,EAAW,CAAClG,EAAcC,KAA4B,CAC1D5E,OAAQ,CACNlB,EACA4L,EACAI,EACAzC,IAEAtC,oBACEpB,EAAIqB,WAAWC,KACblG,EAAcC,OACd,CAAElB,OAAM4L,cAAaI,kBAAiBzC,YACtC,CAAE1I,MAAOiF,KAGf1E,OAAQ,CACNpB,EACA6L,EACAD,EACAI,EACAzC,IAEAtC,oBACEpB,EAAIqB,WAAWC,KACblG,EAAcG,OACd,CAAEpB,OAAM6L,UAASD,cAAaI,kBAAiBzC,YAC/C,CAAE1I,MAAOiF,KAGfzE,OAAQ,CAACrB,EAAcuJ,IACrBtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAErB,OAAMuJ,YAAY,CAAE1I,MAAOiF,KAE3EnC,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAc0C,QAAS,CACxC9C,MAAOiF,KAER9G,GAASA,EAAKmH,QAEnB1E,OAASnC,GACP2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAcQ,OAAQnC,EAAS,CACjDuB,MAAOiF,KAER9G,GAASA,EAAKmH,UChDf8F,EAAY,CAACpG,EAAcC,KAA4B,CAM3DrB,cAAgB8E,GACdtC,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAewD,cAAe,CAAE8E,YAAY,CAAE1I,MAAOiF,KAU7EpB,uBAAwB,CACtB6E,EACAiB,EACA0B,IAEAjF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeyD,uBACf,CAAE6E,WAAU2C,WAAU1B,WACtB,CAAE3J,MAAOiF,KAUfnB,oBAAqB,CAAC4E,EAAkB4C,IACtClF,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAe0D,oBACf,CAAE4E,WAAU4C,WACZ,CAAEtL,MAAOiF,OCjCXsG,EAAkB,CAACvG,EAAcC,KAA4B,CACjEuF,YAAalD,EAASA,WACnBoB,GACCtC,oBACEpB,EAAIqB,WAAWpH,IAAImB,EAAayC,SAAU,CACxCqE,YAAa,CAAEwB,YACf1I,MAAOiF,KAER9G,GAASA,KAEd,8DAEFqN,eAAiB9C,GACftC,EAAAA,kBACEpB,EAAIqB,WAAW7F,OAAOJ,EAAayC,SAAU,CAC3CqE,YAAa,CAAEwB,YACf1I,MAAOiF,KAGbwF,kBAAmBnD,EAAAA,WACjB,CACEoB,EACA+C,EACAC,EACAC,EACAC,EACAC,IAEAzF,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAayC,SACb,CAAE6F,WAAU+C,SAAQE,WAAUD,UAASE,cAAaC,WACpD,CAAE7L,MAAOiF,MAGf,8EAEF6G,kBAAmBxE,EAASA,WAC1B,CACEoB,EACAqD,EACAH,EACAC,IAEAzF,oBACEpB,EAAIqB,WAAWC,KACblG,EAAagD,SACb,CAAEsF,WAAUqD,iBAAgBH,cAAaC,WACzC,CAAE7L,MAAOiF,MAGf,+EAEF+G,iBAAkB,CAChBtD,EACAuD,EACAC,IAEA9F,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaiD,QACb,CAAEqF,WAAUuD,eAAcC,oBAC1B,CAAElM,MAAOiF,KAGfkH,sBAAuB,CACrBzD,EACA7F,EACAgJ,KAEA,MAAMO,EAAqB3M,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAAwJ,gBAAiBxJ,EAASqJ,mBAE/D,cADOE,EAAcF,iBACd9F,EAAiBA,kBACtBpB,EAAIqB,WAAWC,KACblG,EAAamD,KAAKC,UAClB,CACEkF,WACA7F,SAAUuJ,EACVP,WAEF,CAAE7L,MAAOiF,IAEZ,EAEHqH,sBAAuB,CACrB5D,EACA7F,EACA0J,EACAV,IAEAzF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaqD,KAAKD,UAClB,CAAEkF,WAAU7F,WAAU0J,cAAaV,WACnC,CAAE7L,MAAOiF,KAGfuH,wBAAyB,CACvB9D,EACA7F,EACA0J,EACAV,IAEAzF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaqD,KAAKL,SAClB,CAAEsF,WAAU7F,WAAU0J,cAAaV,WACnC,CAAE7L,MAAOiF,KAGfwH,aAAe/D,GACbtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAakD,WAAY,CAC1C4D,YAAa,CAAEwB,YACf1I,MAAOiF,KAER9G,YACC,MAAMiO,EAAgBjO,EAgBtB,OAfIiO,EAAc7I,OAChB6I,EAAc7I,KACT9D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA0M,EAAc7I,MAAI,CACrB2I,iBAAkBE,EAAc7I,KAAK8I,yBAEhCD,EAAc7I,KAAK8I,kBAEN,UAAlBD,EAAc3I,YAAI,IAAA3E,OAAA,EAAAA,EAAE4N,iBACtBN,EAAc3I,KAAKiJ,cAAkC,UAAlBN,EAAc3I,YAAI,IAAAlE,OAAA,EAAAA,EAAEmN,cAAcC,KAAKC,IACxE,MAAMC,EAAKD,EAGX,OAFAC,EAAGC,SAAWD,EAAGE,KAAK5N,YACf0N,EAAGE,KACHF,CAAE,KAGNT,CAAa,MCtItBY,EAAgB,CAAChI,EAAcC,KAA4B,CAW/D5E,OAAQ,CACNlB,EACA8N,EACA3H,EACA4H,EACAjG,EACAwC,IAEArD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAmBC,OACnB,CAAElB,OAAM8N,aAAY/G,UAAWZ,EAAO4H,aAAYjG,SAAQwC,gBAC1D,CAAEzJ,MAAOiF,KAQfvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAmBM,KAAM,CAC1CwG,YAAa,CAAEgD,MACflK,MAAOiF,KAER9G,GAASA,EAAKgP,MAOnBpK,UAAYwE,GACVnB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBQ,OAAQ,CAAE2G,aAAa,CAAEvH,MAAOiF,KACtE9G,GAASA,EAAKiP,OAQnB7M,OAAQ,CAAC2J,EAAY/K,IACnBiH,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAmBG,OAAQ,CAAE2J,KAAI/K,QAAQ,CAAEa,MAAOiF,KACrE9G,GAASA,EAAKgP,MAOnBxK,WAAauH,GACX9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBuC,WAAY,CAAEuH,MAAM,CAAElK,MAAOiF,KAMxErC,SAAWsH,GACT9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBwC,SAAU,CAAEsH,MAAM,CAAElK,MAAOiF,KAMtEzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,OC3FhEoI,EAAW,CAACrI,EAAcC,KAA4B,CAC1DtB,KAAM,IACJyC,EAAiBA,kBAACpB,EAAIqB,WAAWC,KAAKlG,EAAcuD,KAAM,CAAE,EAAE,CAAE3D,MAAOiF,KACzEzE,OAAS8M,GACPlH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAE4J,IAAKkD,GAAW,CAAEtN,MAAOiF,KAEzExC,OAAS8K,GACPnH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcqC,OAAQ,CAAE8K,UAAU,CAAEvN,MAAOiF,KAEnEvC,OAAQ,CAAC6K,EAAgBC,EAAYC,IACnCrH,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcsC,OACd,CAAE6K,SAAQC,OAAMC,WAChB,CAAEzN,MAAOiF,OChBXyI,EAAY,CAAC1I,EAAcC,KAA4B,CAC3DxC,OAAQ,IACN2D,EAAiBA,kBAACpB,EAAIqB,WAAWC,KAAKlG,EAAeqC,OAAQ,CAAE,EAAE,CAAEzC,MAAOiF,KAC5EvC,OAASiL,GACPvH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAesC,OAAQ,CAAEiL,SAAS,CAAE3N,MAAOiF,OCL/D2I,EAAY,CAAC5I,EAAcC,KAA4B,CAM3DrE,OAASiN,IACP,MAAM7H,EAAYvG,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmO,GAAe,CAAAC,YAAaD,EAAcxC,WAE5D,cADOrF,EAAKqF,SACLjF,oBACLpB,EAAIqB,WAAWC,KAAKlG,EAAeQ,OAAQoF,EAAM,CAAEhG,MAAOiF,KACzD9G,GACCA,eAAAA,EAAM4P,OAAOpB,KAAKqB,IAChB,MAAMC,EACDxO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAsO,IACHE,SAAUC,WAAWH,EAAEE,UACvB7C,SAAU2C,EAAEF,cAGd,cADOG,EAAIH,YACJG,CAAG,KAEf,ICdCG,EAAY,CAACpJ,EAAcC,KAA4B,CAU3DoJ,WAAY,CAACC,EAAqBC,IAChCnI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe2D,WAAY,CAAEuK,SAAQC,WAAW,CAAEvO,MAAOiF,KAOjFuJ,aAAc,IACZpI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe4D,aAAc,CAAE,EAAE,CAAEhE,MAAOiF,KAOlEwJ,WAAY,IACVrI,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAe6D,WAAY,CAAA,EAAI,CAAEjE,MAAOiF,KAC3D9G,GAASA,EAAKmQ,SAWnBI,cAAe,CACbC,EACAC,EACAC,IAEAzI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAe8D,OACf,CAAEyK,YAAWC,UAASC,cACtB,CAAE7O,MAAOiF,KAWf6J,gBAAiB,CAAC3P,EAAc0P,IAC9BzI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe+D,SAAU,CAAEhF,OAAM0P,cAAc,CAAE7O,MAAOiF,KAWhF8J,uBAAwB,CACtBC,EACAL,EACAC,EACAC,IAEAzI,oBACEpB,EAAIqB,WAAWC,KACblG,EAAegE,OACf,CAAE4K,qBAAoBL,YAAWC,UAASC,cAC1C,CAAE7O,MAAOiF,KAYfgK,yBAA0B,CACxB9P,EACAwP,EACAE,IAEAzI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeiE,SACf,CAAElF,OAAMwP,YAAWE,cACnB,CAAE7O,MAAOiF,KASfiK,gBAAkBC,GAChB/I,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAekE,SAAU,CAAE6K,aAAa,CAAEnP,MAAOiF,KAQzEmK,gBAAkBD,GAChB/I,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAemE,SAAU,CAAE4K,aAAa,CAAEnP,MAAOiF,KAQzEoK,4BAA8BC,GAC5BlJ,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeoE,kBACf,CAAE8K,aACF,CAAEtP,MAAOiF,KASfR,aACE8K,GAEAnJ,oBACEpB,EAAIqB,WAAWC,KACblG,EAAeqE,aACf,CAAE8K,mBACF,CAAEvP,MAAOiF,KAEV9G,GAASA,EAAKoR,kBAUnBC,aAAc,CACZ7K,EACAqK,EACAL,IAEAvI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAesE,IACf,CAAEC,WAAUqK,qBAAoBL,aAChC,CAAE3O,MAAOiF,KAEV9G,GAASA,EAAKyG,UAQnB6K,kBAAoB9K,GAClByB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAeuE,SAAU,CAAEA,YAAY,CAAE3E,MAAOiF,KACnE9G,GAASA,EAAKgR,YAQnBO,iBAAmB9K,GACjBwB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAewE,QAAS,CAAEA,WAAW,CAAE5E,MAAOiF,KACjE9G,GAASA,EAAKgR,YAQnBQ,oBAAsBC,GACpBxJ,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAeyE,UAAW,CAAE+K,UAAU,CAAE5P,MAAOiF,KAClE9G,GAASA,EAAKgR,YAQnBrK,YAAc+K,GACZzJ,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAe0E,YACf,CAAE+K,MAAOA,EAAQA,EAAMC,UAAY,GACnC,CAAE9P,MAAOiF,KAEV9G,GAASA,MCjOV4R,EAAqB,CAAC/K,EAAcC,KAA4B,CACpE+K,sBACEvR,UAEA,OAAA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB4C,0CAEnBvE,GAAO,CACVwR,gBAASnR,EAAAL,EAAQwR,0BAEnB,CAAEjQ,MAAOiF,IAEZ,EACHiL,sBACEzR,UAEA,OAAA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB6C,0CAEnBxE,GAAO,CACVwR,gBAASnR,EAAAL,EAAQwR,0BAEnB,CAAEjQ,MAAOiF,IAEZ,EACHkL,sBACE1R,GAEA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB8C,WAAUzD,OAAAC,OAAA,GAC7BjB,GACL,CAAEuB,MAAOiF,KAGfmL,sBACE3R,GAEA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB+C,WAAU1D,OAAAC,OAAA,GAC7BjB,GACL,CAAEuB,MAAOiF,KAGfzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAwBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,KAEzEvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAwBM,KAAM,CAC/CwG,YAAa,CAAEgD,MACflK,MAAOiF,KAER9G,GAASA,IAEd2E,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAwB0C,QAAS,CAClD9C,MAAOiF,KAER9G,GAASA,EAAKkS,SCzEfC,EAAe,CAACtL,EAAcC,KAA4B,CAC9DuF,YAAc9B,GACZtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAkByC,SAAU,CAC7CqE,YAAa,CAAEwB,YACf1I,MAAOiF,KAER9G,GAASA,IAEdsM,kBAAmB,CAAC/B,EAAkB7F,IACpCuD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAkByC,SACbpD,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAA6F,aACf,CACE1I,MAAOiF,aClBC,QAAlBnG,EAAAyR,WAAWC,eAAO,IAAA1R,IAAlByR,WAAWC,QAAYA,EAAOA,SAE9B,MAGMC,EAAe,IAAIxS,KAGvBA,EAAKyS,SAASC,YAEZA,YAAS7R,GAAAS,EAAAoR,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,EAAUC,SAAI7S,ICWjB8S,EAAWjS,WAAAmG,cAAEA,EAAa+L,UAAEA,GAASlS,EAAKmS,EAAM1S,EAAAA,OAAAO,EAArC,+BACf,MAAMoS,EAAUC,UACd1R,OAAAC,OAAAD,OAAAC,OAAA,CAAAoR,MAAAA,GACGG,GAAM,CACTG,YAAW3R,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACNuR,EAAOG,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAA/R,OAAA,EAAAA,EAAAgS,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWR,EAExB7D,EAA6C,CAAA,EAgC7CsE,ECtDe,EAAC1M,EAAcC,KAA4B,CAChEsB,KAAMxB,EAASC,EAAKC,GACpB0M,QAAS/H,EAAY5E,EAAKC,GAC1B2M,UAAW5E,EAAchI,EAAKC,GAC9BnF,OAAQiK,EAAW/E,EAAKC,GACxB4M,eAAgB9B,EAAmB/K,EAAKC,GACxC6M,IAAKvG,EAAgBvG,EAAKC,GAC1B0F,IAAKD,EAAQ1F,EAAKC,GAClB8M,WAAYjH,EAAe9F,EAAKC,GAChCyE,SAAU4G,EAAatL,EAAKC,GAC5B8H,KAAM7B,EAASlG,EAAKC,GACpB+M,MAAO5G,EAAUpG,EAAKC,GACtBuI,KAAMH,EAASrI,EAAKC,GACpB0I,MAAOD,EAAU1I,EAAKC,GACtBgN,MAAOrE,EAAU5I,EAAKC,GACtBiN,MAAO9D,EAAUpJ,EAAKC,KDuCHkN,CAAejB,EAASjM,GAErCD,iCACDkM,GAAO,CAOVQ,aAGA1T,aAAaoU,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAIlF,EAAKgF,EAAOC,KAAM,OAAOjF,EAAKgF,EAAOC,KAKzC,GAFA5S,OAAOC,OAAO0N,OAhDApP,WAChB,GAAIgT,EACF,IACE,MAAMuB,EAAYC,KAAKC,MAAMzB,GACvB7D,QAAYuF,YAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAMlF,EAKpB,CAHC,MAAOwF,GAEP,MADAlB,SAAAA,EAAQmB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB3B,EAAQ7K,WAC/BpH,IAAI,WAAWuS,KACfsB,MAAM5U,GAASA,EAAK6U,UACe3F,KACtC,OAAKnN,MAAMC,QAAQ2S,UACQG,QAAQC,IACjCJ,EAAWlG,KAAI3O,MAAOmP,GAAQ,CAACA,EAAIkF,UAAWK,EAAAA,UAAUvF,QAGtC+F,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAW5S,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAyT,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErBlG,EAAKgF,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAOlF,EAAKgF,EAAOC,IACpB,EAODrU,kBAAkB2M,SAEhB,MACM3K,SADYuT,EAASA,UAAC5I,EAAK3F,EAAIwO,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAI1T,IACFA,EAAM2T,IAAe,QAAT7U,EAAAkB,EAAM2T,WAAG,IAAA7U,OAAA,EAAAA,EAAE8U,MAAM,KAAKC,MAC9B7T,EAAM2T,MAAQnC,GAEhB,MAAM,IAAIsC,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAEpJ,MAAK3K,QACf,EAODhC,sBAAsBgW,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBtN,EAAIiP,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAnB,SAAAA,EAAQmB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAOD5U,qBAAqBkW,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQtN,EAAIiP,YAAYC,GACtB,MAAMC,QAAgBnP,EAAIoP,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBrP,EAAIiP,YAA0B,QAAdnV,EAAAqV,EAAQhW,YAAM,IAAAW,OAAA,EAAAA,EAAAwV,WAEnD,CAED,MAAMhC,MAAmB,QAAb/S,EAAA4U,EAAQvB,aAAK,IAAArT,OAAA,EAAAA,EAAEgV,aAK5B,CAJC,MAAOC,GAGP,MADA/C,SAAAA,EAAQmB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQDxW,gCACEgW,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBtN,EAAIyP,gBAAgBT,EAKzC,CAHC,MAAOpB,GAEPnB,SAAAA,EAAQiD,IAAI,wCAAwC9B,2BACrD,CAED,OAAO5N,EAAI2P,eAAeT,EAC3B,EAQDlW,wBACE4T,EACAxI,GAEA,IAAKwI,EAAW,MAAMU,MAAM,gCAE5B,IAAIpU,EACJ,IACEA,QAAa8G,EAAI4M,UAAUgD,SAAShD,EAAWxI,EAIhD,CAHC,MAAOwJ,GAEP,MADAnB,SAAAA,EAAQmB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAepW,EAAKC,KAC5B,IAAKmW,EAEH,MADA7C,SAAAA,EAAQmB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBtN,EAAIiP,YAAYK,EAKrC,CAHC,MAAO1B,GAEP,MADAnB,SAAAA,EAAQmB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACjV,EAA8BqL,IACzCjG,EAAI8P,0BAA0BlV,EAAU,GAAIqL,GASrD8J,sBAAqB,CAACnV,EAA8BqL,IAC3CjG,EAAIgQ,4BAA4BpV,EAAU,GAAIqL,GAUvD6J,0BACElV,EACAE,EACAmL,GAGA,GAAInL,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMmV,EAAUtV,EAA2BC,EnB1Pb,cmB0P6CE,GAC3E,OAAOmL,EAAYiK,OAAOC,GAASF,EAAQG,SAASD,IACrD,EASDH,4BACEpV,EACAE,EACAmL,GAEA,GAAInL,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAMmV,EAAUtV,EAA2BC,EnB5Qb,cmB4Q6CE,GAC3E,OAAOmL,EAAYoK,QAAQF,GAASF,EAAQG,SAASD,IACtD,EAQDG,cAAa,CAAC1V,EAA8B0F,IACnCN,EAAIuQ,oBAAoB3V,EAAU,GAAI0F,GAS/CkQ,gBAAe,CAAC5V,EAA8B0F,IACrCN,EAAIyQ,sBAAsB7V,EAAU,GAAI0F,GAUjDiQ,oBAAoB3V,EAA8BE,EAAgBwF,GAEhE,GAAIxF,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM4V,EAAa/V,EAA2BC,EnB7StB,QmB6SgDE,GACxE,OAAOwF,EAAM4P,OAAOnI,GAAS2I,EAAWN,SAASrI,IAClD,EASD0I,sBAAsB7V,EAA8BE,EAAgBwF,GAClE,GAAIxF,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAM4V,EAAa/V,EAA2BC,EnB3TtB,QmB2TgDE,GACxE,OAAOwF,EAAM+P,QAAQtI,GAAS2I,EAAWN,SAASrI,IACnD,IAGH,OAAO4I,EAAAA,SACL3Q,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEFlH,EACD,EAoBHiT,EAAQ6E,uBnB7W8B,MmB8WtC7E,EAAQ8E,uBnB5W8B,6CqBFT,CAC3BC,WAAY,UACZC,iBAAkB,UAClBC,eAAgB,UAChBC,iBAAkB,UAClBC,aAAc,UACdC,mBAAoB,UACpBC,qBAAsB,UACtBC,aAAc"}
|
|
1
|
+
{"version":3,"file":"index.cjs.js","sources":["../../lib/constants.ts","../../lib/helpers.ts","../../lib/management/paths.ts","../../lib/management/user.ts","../../lib/management/project.ts","../../lib/management/tenant.ts","../../lib/management/jwt.ts","../../lib/management/permission.ts","../../lib/management/role.ts","../../lib/management/group.ts","../../lib/management/sso.ts","../../lib/management/accesskey.ts","../../lib/management/flow.ts","../../lib/management/theme.ts","../../lib/management/audit.ts","../../lib/management/authz.ts","../../lib/management/ssoapplication.ts","../../lib/management/password.ts","../../lib/fetch-polyfill.ts","../../lib/index.ts","../../lib/management/index.ts","../../lib/errors.ts"],"sourcesContent":["// eslint-disable-next-line import/prefer-default-export\n/** Refresh JWT cookie name */\nexport const refreshTokenCookieName = 'DSR';\n/** Session JWT cookie name */\nexport const sessionTokenCookieName = 'DS';\n/** The key of the tenants claims in the claims map */\nexport const authorizedTenantsClaimName = 'tenants';\n/** The key of the permissions claims in the claims map either under tenant or top level */\nexport const permissionsClaimName = 'permissions';\n/** The key of the roles claims in the claims map either under tenant or top level */\nexport const rolesClaimName = 'roles';\n","import type { SdkFnWrapper } from '@descope/core-js-sdk';\nimport { authorizedTenantsClaimName, refreshTokenCookieName } from './constants';\nimport { AuthenticationInfo } from './types';\n\n/**\n * Generate a cookie string from given parameters\n * @param name name of the cookie\n * @param value value of cookie that must be already encoded\n * @param options any options to put on the cookie like cookieDomain, cookieMaxAge, cookiePath\n * @returns Cookie string with all options on the string\n */\nconst generateCookie = (name: string, value: string, options?: Record<string, string | number>) =>\n `${name}=${value}; Domain=${options?.cookieDomain || ''}; Max-Age=${\n options?.cookieMaxAge || ''\n }; Path=${options?.cookiePath || '/'}; HttpOnly; SameSite=Strict`;\n\n/**\n * Parse the cookie string and return the value of the cookie\n * @param cookie the raw cookie string\n * @param name the name of the cookie to get value for\n * @returns the value of the given cookie\n */\nconst getCookieValue = (cookie: string | null | undefined, name: string) => {\n const match = cookie?.match(RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n return match ? match[1] : null;\n};\n\n// eslint-disable-next-line import/prefer-default-export\n/**\n * Add cookie generation to core-js functions.\n * @param fn the function we are wrapping\n * @returns Wrapped function with cookie generation\n */\nexport const withCookie: SdkFnWrapper<{ refreshJwt?: string; cookies?: string[] }> =\n (fn) =>\n async (...args) => {\n const resp = await fn(...args);\n\n // istanbul ignore next\n if (!resp.data) {\n return resp;\n }\n\n // eslint-disable-next-line prefer-const\n let { refreshJwt, ...rest } = resp.data;\n const cookies: string[] = [];\n\n if (!refreshJwt) {\n if (resp.response?.headers.get('set-cookie')) {\n refreshJwt = getCookieValue(\n resp.response?.headers.get('set-cookie'),\n refreshTokenCookieName,\n );\n cookies.push(resp.response?.headers.get('set-cookie')!);\n }\n } else {\n cookies.push(generateCookie(refreshTokenCookieName, refreshJwt, rest));\n }\n\n return { ...resp, data: { ...resp.data, refreshJwt, cookies } };\n };\n\n/**\n * Get the claim (used for permissions or roles) for a given tenant or top level if tenant is empty\n * @param authInfo The parsed authentication info from the JWT\n * @param claim name of the claim\n * @param tenant tenant to retrieve the claim for\n * @returns the claim for the given tenant or top level if tenant is empty\n */\nexport function getAuthorizationClaimItems(\n authInfo: AuthenticationInfo,\n claim: string,\n tenant?: string,\n): string[] {\n const value = tenant\n ? authInfo.token[authorizedTenantsClaimName]?.[tenant]?.[claim]\n : authInfo.token[claim];\n return Array.isArray(value) ? value : [];\n}\n\n/**\n * Check if the user is associated with the given tenant\n * @param authInfo The parsed authentication info from the JWT\n * @param tenant tenant to check if user is associated with\n * @returns true if user is associated with the tenant\n */\nexport function isUserAssociatedWithTenant(authInfo: AuthenticationInfo, tenant: string): boolean {\n return !!authInfo.token[authorizedTenantsClaimName]?.[tenant];\n}\n","/** API paths for the Descope service Management APIs */\nexport default {\n user: {\n create: '/v1/mgmt/user/create',\n createBatch: '/v1/mgmt/user/create/batch',\n update: '/v1/mgmt/user/update',\n delete: '/v1/mgmt/user/delete',\n deleteAllTestUsers: '/v1/mgmt/user/test/delete/all',\n load: '/v1/mgmt/user',\n logout: '/v1/mgmt/user/logout',\n search: '/v1/mgmt/user/search',\n getProviderToken: '/v1/mgmt/user/provider/token',\n updateStatus: '/v1/mgmt/user/update/status',\n updateLoginId: '/v1/mgmt/user/update/loginid',\n updateEmail: '/v1/mgmt/user/update/email',\n updatePhone: '/v1/mgmt/user/update/phone',\n updateDisplayName: '/v1/mgmt/user/update/name',\n updatePicture: '/v1/mgmt/user/update/picture',\n updateCustomAttribute: '/v1/mgmt/user/update/customAttribute',\n setRole: '/v1/mgmt/user/update/role/set',\n addRole: '/v1/mgmt/user/update/role/add',\n removeRole: '/v1/mgmt/user/update/role/remove',\n setSSOApps: '/v1/mgmt/user/update/ssoapp/set',\n addSSOApps: '/v1/mgmt/user/update/ssoapp/add',\n removeSSOApps: '/v1/mgmt/user/update/ssoapp/remove',\n addTenant: '/v1/mgmt/user/update/tenant/add',\n removeTenant: '/v1/mgmt/user/update/tenant/remove',\n setPassword: '/v1/mgmt/user/password/set', // Deprecated\n setTemporaryPassword: '/v1/mgmt/user/password/set/temporary',\n setActivePassword: '/v1/mgmt/user/password/set/active',\n expirePassword: '/v1/mgmt/user/password/expire',\n removeAllPasskeys: '/v1/mgmt/user/passkeys/delete',\n generateOTPForTest: '/v1/mgmt/tests/generate/otp',\n generateMagicLinkForTest: '/v1/mgmt/tests/generate/magiclink',\n generateEnchantedLinkForTest: '/v1/mgmt/tests/generate/enchantedlink',\n generateEmbeddedLink: '/v1/mgmt/user/signin/embeddedlink',\n history: '/v1/mgmt/user/history',\n },\n project: {\n updateName: '/v1/mgmt/project/update/name',\n clone: '/v1/mgmt/project/clone',\n export: '/v1/mgmt/project/export',\n import: '/v1/mgmt/project/import',\n },\n accessKey: {\n create: '/v1/mgmt/accesskey/create',\n load: '/v1/mgmt/accesskey',\n search: '/v1/mgmt/accesskey/search',\n update: '/v1/mgmt/accesskey/update',\n deactivate: '/v1/mgmt/accesskey/deactivate',\n activate: '/v1/mgmt/accesskey/activate',\n delete: '/v1/mgmt/accesskey/delete',\n },\n tenant: {\n create: '/v1/mgmt/tenant/create',\n update: '/v1/mgmt/tenant/update',\n delete: '/v1/mgmt/tenant/delete',\n load: '/v1/mgmt/tenant',\n settings: '/v1/mgmt/tenant/settings',\n loadAll: '/v1/mgmt/tenant/all',\n searchAll: '/v1/mgmt/tenant/search',\n },\n ssoApplication: {\n oidcCreate: '/v1/mgmt/sso/idp/app/oidc/create',\n samlCreate: '/v1/mgmt/sso/idp/app/saml/create',\n oidcUpdate: '/v1/mgmt/sso/idp/app/oidc/update',\n samlUpdate: '/v1/mgmt/sso/idp/app/saml/update',\n delete: '/v1/mgmt/sso/idp/app/delete',\n load: '/v1/mgmt/sso/idp/app/load',\n loadAll: '/v1/mgmt/sso/idp/apps/load',\n },\n sso: {\n settings: '/v1/mgmt/sso/settings',\n metadata: '/v1/mgmt/sso/metadata',\n mapping: '/v1/mgmt/sso/mapping',\n settingsv2: '/v2/mgmt/sso/settings',\n oidc: {\n configure: '/v1/mgmt/sso/oidc',\n },\n saml: {\n configure: '/v1/mgmt/sso/saml',\n metadata: '/v1/mgmt/sso/saml/metadata',\n },\n },\n jwt: {\n update: '/v1/mgmt/jwt/update',\n impersonate: '/v1/mgmt/impersonate',\n },\n password: {\n settings: '/v1/mgmt/password/settings',\n },\n permission: {\n create: '/v1/mgmt/permission/create',\n update: '/v1/mgmt/permission/update',\n delete: '/v1/mgmt/permission/delete',\n loadAll: '/v1/mgmt/permission/all',\n },\n role: {\n create: '/v1/mgmt/role/create',\n update: '/v1/mgmt/role/update',\n delete: '/v1/mgmt/role/delete',\n loadAll: '/v1/mgmt/role/all',\n search: '/v1/mgmt/role/search',\n },\n flow: {\n list: '/v1/mgmt/flow/list',\n delete: '/v1/mgmt/flow/delete',\n export: '/v1/mgmt/flow/export',\n import: '/v1/mgmt/flow/import',\n },\n theme: {\n export: '/v1/mgmt/theme/export',\n import: '/v1/mgmt/theme/import',\n },\n group: {\n loadAllGroups: '/v1/mgmt/group/all',\n loadAllGroupsForMember: '/v1/mgmt/group/member/all',\n loadAllGroupMembers: '/v1/mgmt/group/members',\n },\n audit: {\n search: '/v1/mgmt/audit/search',\n },\n authz: {\n schemaSave: '/v1/mgmt/authz/schema/save',\n schemaDelete: '/v1/mgmt/authz/schema/delete',\n schemaLoad: '/v1/mgmt/authz/schema/load',\n nsSave: '/v1/mgmt/authz/ns/save',\n nsDelete: '/v1/mgmt/authz/ns/delete',\n rdSave: '/v1/mgmt/authz/rd/save',\n rdDelete: '/v1/mgmt/authz/rd/delete',\n reCreate: '/v1/mgmt/authz/re/create',\n reDelete: '/v1/mgmt/authz/re/delete',\n reDeleteResources: '/v1/mgmt/authz/re/deleteresources',\n hasRelations: '/v1/mgmt/authz/re/has',\n who: '/v1/mgmt/authz/re/who',\n resource: '/v1/mgmt/authz/re/resource',\n targets: '/v1/mgmt/authz/re/targets',\n targetAll: '/v1/mgmt/authz/re/targetall',\n getModified: '/v1/mgmt/authz/getmodified',\n },\n};\n","import {\n SdkResponse,\n transformResponse,\n UserHistoryResponse,\n UserResponse,\n LoginOptions,\n} from '@descope/core-js-sdk';\nimport {\n ProviderTokenResponse,\n AssociatedTenant,\n GenerateEnchantedLinkForTestResponse,\n GenerateMagicLinkForTestResponse,\n GenerateOTPForTestResponse,\n GenerateEmbeddedLinkResponse,\n AttributesTypes,\n UserStatus,\n User,\n InviteBatchResponse,\n TemplateOptions,\n} from './types';\nimport { CoreSdk, DeliveryMethodForTestUser } from '../types';\nimport apiPaths from './paths';\n\ntype SearchSort = {\n field: string;\n desc?: boolean;\n};\n\ntype SearchRequest = {\n page?: number;\n limit?: number;\n sort?: SearchSort[];\n text?: string;\n emails?: string[];\n phones?: string[];\n statuses?: UserStatus[];\n roles?: string[];\n tenantIds?: string[];\n customAttributes?: Record<string, AttributesTypes>;\n withTestUser?: boolean;\n testUsersOnly?: boolean;\n ssoAppIds?: string[];\n};\n\ntype SingleUserResponse = {\n user: UserResponse;\n};\n\ntype MultipleUsersResponse = {\n users: UserResponse[];\n};\n\nconst withUser = (sdk: CoreSdk, managementKey?: string) => {\n /* Create User */\n function create(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function create(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function create(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create user\n // 1. The new form - create(loginId, { email, phone, ... }})\n // 2. The old form - create(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Create User End */\n\n /* Create Test User */\n function createTestUser(\n loginId: string,\n options?: UserOptions,\n ): Promise<SdkResponse<UserResponse>>;\n function createTestUser(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function createTestUser(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of create test user\n // 1. The new form - createTestUser(loginId, { email, phone, ... }})\n // 2. The old form - createTestUser(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n test: true,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n test: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Create Test User End */\n\n /* Invite User */\n function invite(\n loginId: string,\n options?: UserOptions & {\n inviteUrl?: string;\n sendMail?: boolean; // send invite via mail, default is according to project settings\n sendSMS?: boolean; // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions;\n },\n ): Promise<SdkResponse<UserResponse>>;\n function invite(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function invite(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of invite user\n // 1. The new form - invite(loginId, { email, phone, ... }})\n // 2. The old form - invite(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n invite: true,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n inviteUrl,\n sendMail,\n sendSMS,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n invite: true,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.create, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Invite User End */\n\n /* Update User */\n function update(loginId: string, options?: UserOptions): Promise<SdkResponse<UserResponse>>;\n function update(\n loginId: string,\n email?: string,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>>;\n\n function update(\n loginId: string,\n emailOrOptions?: string | UserOptions,\n phone?: string,\n displayName?: string,\n roles?: string[],\n userTenants?: AssociatedTenant[],\n customAttributes?: Record<string, AttributesTypes>,\n picture?: string,\n verifiedEmail?: boolean,\n verifiedPhone?: boolean,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n additionalLoginIds?: string[],\n ): Promise<SdkResponse<UserResponse>> {\n // We support both the old and new parameters forms of update user\n // 1. The new form - update(loginId, { email, phone, ... }})\n // 2. The old form - update(loginId, email, phone, ...)\n const body =\n typeof emailOrOptions === 'string'\n ? {\n loginId,\n email: emailOrOptions,\n phone,\n displayName,\n givenName,\n middleName,\n familyName,\n roleNames: roles,\n userTenants,\n customAttributes,\n picture,\n verifiedEmail,\n verifiedPhone,\n additionalLoginIds,\n }\n : {\n loginId,\n ...emailOrOptions,\n roleNames: emailOrOptions?.roles,\n roles: undefined,\n };\n return transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(apiPaths.user.update, body, { token: managementKey }),\n (data) => data.user,\n );\n }\n /* Update User End */\n\n return {\n create,\n /**\n * Create a new test user.\n * The loginID is required and will determine what the user will use to sign in.\n * Make sure the login id is unique for test. All other fields are optional.\n *\n * You can later generate OTP, Magic link and enchanted link to use in the test without the need\n * of 3rd party messaging services.\n * Those users are not counted as part of the monthly active users\n * @returns The UserResponse if found, throws otherwise.\n */\n createTestUser,\n invite,\n inviteBatch: (\n users: User[],\n inviteUrl?: string,\n sendMail?: boolean, // send invite via mail, default is according to project settings\n sendSMS?: boolean, // send invite via text message, default is according to project settings\n templateOptions?: TemplateOptions,\n ): Promise<SdkResponse<InviteBatchResponse>> =>\n transformResponse<InviteBatchResponse, InviteBatchResponse>(\n sdk.httpClient.post(\n apiPaths.user.createBatch,\n {\n users,\n invite: true,\n inviteUrl,\n sendMail,\n sendSMS,\n templateOptions,\n },\n { token: managementKey },\n ),\n (data) => data,\n ),\n update,\n /**\n * Delete an existing user.\n * @param loginId The login ID of the user\n */\n delete: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { loginId }, { token: managementKey }),\n ),\n /**\n * Delete an existing user by User ID.\n * @param userId The user ID can be found in the Subject (`sub`) claim\n * in the user's JWT.\n */\n deleteByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.delete, { userId }, { token: managementKey }),\n ),\n /**\n * Delete all test users in the project.\n */\n deleteAllTestUsers: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.user.deleteAllTestUsers, { token: managementKey }),\n ),\n load: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { loginId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /**\n * Load an existing user by user ID. The ID can be found\n * on the user's JWT.\n * @param userId load a user by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n */\n loadByUserId: (userId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.get(apiPaths.user.load, {\n queryParams: { userId },\n token: managementKey,\n }),\n (data) => data.user,\n ),\n /**\n * Logout a user from all devices by the login ID\n * @param loginId logout user by login ID\n * @returns The UserResponse if found, throws otherwise.\n */\n logoutUser: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { loginId }, { token: managementKey }),\n ),\n /**\n * Logout a user from all devices by user ID. The ID can be found\n * on the user's JWT.\n * @param userId Logout a user from all devices by this user ID field\n * @returns The UserResponse if found, throws otherwise.\n */\n logoutUserByUserId: (userId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.user.logout, { userId }, { token: managementKey }),\n ),\n /**\n * Search all users. Results can be filtered according to tenants and/or\n * roles, and also paginated used the limit and page parameters.\n * @deprecated Use search instead\n * @param tenantIds optional list of tenant IDs to filter by\n * @param roles optional list of roles to filter by\n * @param limit optionally limit the response, leave out for default limit\n * @param page optionally paginate over the response\n * @param testUsersOnly optionally filter only test users\n * @param withTestUser optionally include test users in search\n * @returns An array of UserResponse found by the query\n */\n searchAll: (\n tenantIds?: string[],\n roles?: string[],\n limit?: number,\n page?: number,\n testUsersOnly?: boolean,\n withTestUser?: boolean,\n customAttributes?: Record<string, AttributesTypes>,\n statuses?: UserStatus[],\n emails?: string[],\n phones?: string[],\n ): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n tenantIds,\n roleNames: roles,\n limit,\n page,\n testUsersOnly,\n withTestUser,\n customAttributes,\n statuses,\n emails,\n phones,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /**\n * Search all users. Results can be filtered according to tenants roles and more,\n * Pagination is also available using the limit and page parameters.\n * @param searchReq an object with all the constraints for this search\n * @returns An array of UserResponse found by the query\n */\n search: (searchReq: SearchRequest): Promise<SdkResponse<UserResponse[]>> =>\n transformResponse<MultipleUsersResponse, UserResponse[]>(\n sdk.httpClient.post(\n apiPaths.user.search,\n {\n ...searchReq,\n roleNames: searchReq.roles,\n roles: undefined,\n },\n { token: managementKey },\n ),\n (data) => data.users,\n ),\n /**\n * Get the provider token for the given login ID.\n * Only users that logged-in using social providers will have token.\n * Note: The 'Manage tokens from provider' setting must be enabled.\n * @param loginId the login ID of the user\n * @param provider the provider name (google, facebook, etc.).\n * @returns The ProviderTokenResponse of the given user and provider\n */\n getProviderToken: (\n loginId: string,\n provider: string,\n ): Promise<SdkResponse<ProviderTokenResponse>> =>\n transformResponse<ProviderTokenResponse>(\n sdk.httpClient.get(apiPaths.user.getProviderToken, {\n queryParams: { loginId, provider },\n token: managementKey,\n }),\n (data) => data,\n ),\n activate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'enabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n deactivate: (loginId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateStatus,\n { loginId, status: 'disabled' },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateLoginId: (loginId: string, newLoginId?: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateLoginId,\n { loginId, newLoginId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateEmail: (\n loginId: string,\n email: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateEmail,\n { loginId, email, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePhone: (\n loginId: string,\n phone: string,\n isVerified: boolean,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePhone,\n { loginId, phone, verified: isVerified },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateDisplayName: (\n loginId: string,\n displayName?: string,\n givenName?: string,\n middleName?: string,\n familyName?: string,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateDisplayName,\n { loginId, displayName, givenName, middleName, familyName },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updatePicture: (loginId: string, picture: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updatePicture,\n { loginId, picture },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n updateCustomAttribute: (\n loginId: string,\n attributeKey: string,\n attributeValue: AttributesTypes,\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.updateCustomAttribute,\n { loginId, attributeKey, attributeValue },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeRoles: (loginId: string, roles: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenant: (loginId: string, tenantId: string): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeTenant,\n { loginId, tenantId },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeTenantRoles: (\n loginId: string,\n tenantId: string,\n roles: string[],\n ): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeRole,\n { loginId, tenantId, roleNames: roles },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n addSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.addSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n setSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.setSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n removeSSOapps: (loginId: string, ssoAppIds: string[]): Promise<SdkResponse<UserResponse>> =>\n transformResponse<SingleUserResponse, UserResponse>(\n sdk.httpClient.post(\n apiPaths.user.removeSSOApps,\n { loginId, ssoAppIds },\n { token: managementKey },\n ),\n (data) => data.user,\n ),\n\n /**\n * Generate OTP for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * Returns the code for the login (exactly as it sent via Email or SMS)\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateOTPForTestResponse which includes the loginId and the OTP code\n */\n generateOTPForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateOTPForTestResponse>> =>\n transformResponse<GenerateOTPForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateOTPForTest,\n { deliveryMethod, loginId, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Generate Magic Link for the given login ID of a test user.\n * Choose the selected delivery method for verification.\n * It returns the link for the login (exactly as it sent via Email)\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param deliveryMethod optional DeliveryMethod\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateMagicLinkForTestResponse which includes the loginId and the magic link\n */\n generateMagicLinkForTestUser: (\n deliveryMethod: DeliveryMethodForTestUser,\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateMagicLinkForTestResponse>> =>\n transformResponse<GenerateMagicLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateMagicLinkForTest,\n { deliveryMethod, loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Generate Enchanted Link for the given login ID of a test user.\n * It returns the link for the login (exactly as it sent via Email)\n * and pendingRef which is used to poll for a valid session\n * This is useful when running tests and don't want to use 3rd party messaging services\n *\n * @param loginId login ID of a test user\n * @param uri optional redirect uri which will be used instead of any global configuration.\n * @param loginOptions optional LoginOptions - can be provided to set custom claims to the generated jwt.\n * @returns GenerateEnchantedLinkForTestResponse which includes the loginId, the enchanted link and the pendingRef\n */\n generateEnchantedLinkForTestUser: (\n loginId: string,\n uri: string,\n loginOptions?: LoginOptions,\n ): Promise<SdkResponse<GenerateEnchantedLinkForTestResponse>> =>\n transformResponse<GenerateEnchantedLinkForTestResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEnchantedLinkForTest,\n { loginId, URI: uri, loginOptions },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n generateEmbeddedLink: (\n loginId: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<GenerateEmbeddedLinkResponse>> =>\n transformResponse<GenerateEmbeddedLinkResponse>(\n sdk.httpClient.post(\n apiPaths.user.generateEmbeddedLink,\n { loginId, customClaims },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Set temporary password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setTemporaryPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setTemporaryPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Set password for the given login ID of user.\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setActivePassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setActivePassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /** Deprecated (user setTemporaryPassword instead)\n * Set password for the given login ID of user.\n * Note: The password will automatically be set as expired.\n * The user will not be able to log-in with this password, and will be required to replace it on next login.\n * See also: expirePassword\n * @param loginId The login ID of the user\n * @param password The password to set for the user\n */\n setPassword: (loginId: string, password: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(\n apiPaths.user.setPassword,\n { loginId, password },\n { token: managementKey },\n ),\n (data) => data,\n ),\n\n /**\n * Expire password for the given login ID.\n * Note: user sign-in with an expired password, the user will get an error with code.\n * Use the `ResetPassword` or `ReplacePassword` methods to reset/replace the password.\n * @param loginId The login ID of the user\n */\n expirePassword: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.expirePassword, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /**\n * Removes all registered passkeys (WebAuthn devices) for the user with the given login ID.\n * Note: The user might not be able to login anymore if they have no other authentication\n * methods or a verified email/phone.\n * @param loginId The login ID of the user\n */\n removeAllPasskeys: (loginId: string): Promise<SdkResponse<never>> =>\n transformResponse<never>(\n sdk.httpClient.post(apiPaths.user.removeAllPasskeys, { loginId }, { token: managementKey }),\n (data) => data,\n ),\n\n /**\n * Retrieve users' authentication history, by the given user's ids.\n * @param userIds The user IDs\n */\n history: (userIds: string[]): Promise<SdkResponse<UserHistoryResponse[]>> =>\n transformResponse<UserHistoryResponse[]>(\n sdk.httpClient.post(apiPaths.user.history, userIds, { token: managementKey }),\n (data) => data,\n ),\n };\n};\n\nexport interface UserOptions {\n email?: string;\n phone?: string;\n displayName?: string;\n roles?: string[];\n userTenants?: AssociatedTenant[];\n customAttributes?: Record<string, AttributesTypes>;\n picture?: string;\n verifiedEmail?: boolean;\n verifiedPhone?: boolean;\n givenName?: string;\n middleName?: string;\n familyName?: string;\n additionalLoginIds?: string[];\n ssoAppIds?: string[];\n}\n\nexport default withUser;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CloneProjectResponse, ProjectTag } from './types';\n\nconst withProject = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Update the current project name.\n * @param name The new name of the project\n */\n updateName: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.updateName,\n {\n name,\n },\n { token: managementKey },\n ),\n ),\n /**\n * Clone the current project, including its settings and configurations.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * @param name The name of the new project\n * @param tag The tag of the new project\n * @returns The new project details (name, id, and tag)\n */\n clone: (name: string, tag?: ProjectTag): Promise<SdkResponse<CloneProjectResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.clone,\n {\n name,\n tag,\n },\n { token: managementKey },\n ),\n ),\n\n /**\n * Exports all settings and configurations for a project and returns the\n * raw JSON files response as an object.\n * - This action is supported only with a pro license or above.\n * - Users, tenants and access keys are not cloned.\n * - Secrets, keys and tokens are not stripped from the exported data.\n *\n * @returns An object containing the exported JSON files payload.\n */\n export: (): Promise<SdkResponse<Record<string, any>>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.project.export, {}, { token: managementKey }),\n (data) => data.files,\n ),\n\n /**\n * Imports all settings and configurations for a project overriding any\n * current configuration.\n * - This action is supported only with a pro license or above.\n * - Secrets, keys and tokens are not overwritten unless overwritten in the input.\n *\n * @param files The raw JSON dictionary of files, in the same format as\n * the one returned by calls to export.\n */\n import: (files: Record<string, any>): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.project.import,\n {\n files,\n },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withProject;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { CreateTenantResponse, Tenant, AttributesTypes, TenantSettings } from './types';\n\ntype MultipleTenantResponse = {\n tenants: Tenant[];\n};\n\nconst withTenant = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<CreateTenantResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n createWithId: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.create,\n { id, name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n update: (\n id: string,\n name: string,\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.update,\n { id, name, selfProvisioningDomains, customAttributes },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.tenant.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<Tenant>> =>\n transformResponse<Tenant, Tenant>(\n sdk.httpClient.get(apiPaths.tenant.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.get(apiPaths.tenant.loadAll, {\n token: managementKey,\n }),\n (data) => data.tenants,\n ),\n searchAll: (\n ids?: string[],\n names?: string[],\n selfProvisioningDomains?: string[],\n customAttributes?: Record<string, AttributesTypes>,\n ): Promise<SdkResponse<Tenant[]>> =>\n transformResponse<MultipleTenantResponse, Tenant[]>(\n sdk.httpClient.post(\n apiPaths.tenant.searchAll,\n {\n tenantIds: ids,\n tenantNames: names,\n tenantSelfProvisioningDomains: selfProvisioningDomains,\n customAttributes,\n },\n { token: managementKey },\n ),\n (data) => data.tenants,\n ),\n getSettings: (tenantId: string): Promise<SdkResponse<TenantSettings>> =>\n transformResponse<TenantSettings, TenantSettings>(\n sdk.httpClient.get(apiPaths.tenant.settings, {\n queryParams: { id: tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: TenantSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.tenant.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withTenant;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { UpdateJWTResponse } from './types';\n\nconst withJWT = (sdk: CoreSdk, managementKey?: string) => ({\n update: (\n jwt: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),\n ),\n impersonate: (\n impersonatorId: string,\n loginId: string,\n validateConsent: boolean,\n ): Promise<SdkResponse<UpdateJWTResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.jwt.impersonate,\n { impersonatorId, loginId, validateConsent },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withJWT;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Permission } from './types';\n\ntype MultiplePermissionResponse = {\n permissions: Permission[];\n};\n\nconst withPermission = (sdk: CoreSdk, managementKey?: string) => ({\n create: (name: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.create,\n { name, description },\n { token: managementKey },\n ),\n ),\n update: (name: string, newName: string, description?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.permission.update,\n { name, newName, description },\n { token: managementKey },\n ),\n ),\n delete: (name: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.permission.delete, { name }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Permission[]>> =>\n transformResponse<MultiplePermissionResponse, Permission[]>(\n sdk.httpClient.get(apiPaths.permission.loadAll, {\n token: managementKey,\n }),\n (data) => data.permissions,\n ),\n});\n\nexport default withPermission;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Role, RoleSearchOptions } from './types';\n\ntype MultipleRoleResponse = {\n roles: Role[];\n};\n\nconst withRole = (sdk: CoreSdk, managementKey?: string) => ({\n create: (\n name: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.create,\n { name, description, permissionNames, tenantId },\n { token: managementKey },\n ),\n ),\n update: (\n name: string,\n newName: string,\n description?: string,\n permissionNames?: string[],\n tenantId?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.role.update,\n { name, newName, description, permissionNames, tenantId },\n { token: managementKey },\n ),\n ),\n delete: (name: string, tenantId?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.role.delete, { name, tenantId }, { token: managementKey }),\n ),\n loadAll: (): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.get(apiPaths.role.loadAll, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n search: (options: RoleSearchOptions): Promise<SdkResponse<Role[]>> =>\n transformResponse<MultipleRoleResponse, Role[]>(\n sdk.httpClient.post(apiPaths.role.search, options, {\n token: managementKey,\n }),\n (data) => data.roles,\n ),\n});\n\nexport default withRole;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Group } from './types';\n\nconst withGroup = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Load all groups for a specific tenant id.\n * @param tenantId Tenant ID to load groups from.\n * @returns Group[] list of groups\n */\n loadAllGroups: (tenantId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(apiPaths.group.loadAllGroups, { tenantId }, { token: managementKey }),\n ),\n\n /**\n * Load all groups for the provided user IDs or login IDs.\n * @param tenantId Tenant ID to load groups from.\n * @param userIds Optional List of user IDs, with the format of \"U2J5ES9S8TkvCgOvcrkpzUgVTEBM\" (example), which can be found on the user's JWT.\n * @param loginIds Optional List of login IDs, how the user identifies when logging in.\n * @returns Group[] list of groups\n */\n loadAllGroupsForMember: (\n tenantId: string,\n userIds: string[],\n loginIds: string[],\n ): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupsForMember,\n { tenantId, loginIds, userIds },\n { token: managementKey },\n ),\n ),\n\n /**\n * Load all members of the provided group id.\n * @param tenantId Tenant ID to load groups from.\n * @param groupId Group ID to load members for.\n * @returns Group[] list of groups\n */\n loadAllGroupMembers: (tenantId: string, groupId: string): Promise<SdkResponse<Group[]>> =>\n transformResponse<Group[]>(\n sdk.httpClient.post(\n apiPaths.group.loadAllGroupMembers,\n { tenantId, groupId },\n { token: managementKey },\n ),\n ),\n});\n\nexport default withGroup;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n RoleMappings,\n AttributeMapping,\n SSOSettingsResponse,\n SSOOIDCSettings,\n SSOSAMLSettings,\n SSOSAMLByMetadataSettings,\n SSOSettings,\n} from './types';\n\nconst withSSOSettings = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * @deprecated Use loadSettings instead\n */\n getSettings: (tenantId: string): Promise<SdkResponse<SSOSettingsResponse>> =>\n transformResponse<SSOSettingsResponse>(\n sdk.httpClient.get(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n deleteSettings: (tenantId: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.delete(apiPaths.sso.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n ),\n /**\n * @deprecated Use configureSAMLSettings instead\n */\n configureSettings: (\n tenantId: string,\n idpURL: string,\n idpCert: string,\n entityId: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.settings,\n { tenantId, idpURL, entityId, idpCert, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n /**\n * @deprecated Use configureSAMLByMetadata instead\n */\n configureMetadata: (\n tenantId: string,\n idpMetadataURL: string,\n redirectURL: string,\n domains: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.metadata,\n { tenantId, idpMetadataURL, redirectURL, domains },\n { token: managementKey },\n ),\n ),\n configureMapping: (\n tenantId: string,\n roleMappings?: RoleMappings,\n attributeMapping?: AttributeMapping,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.mapping,\n { tenantId, roleMappings, attributeMapping },\n { token: managementKey },\n ),\n ),\n configureOIDCSettings: (\n tenantId: string,\n settings: SSOOIDCSettings,\n domains?: string[],\n ): Promise<SdkResponse<never>> => {\n const readySettings = { ...settings, userAttrMapping: settings.attributeMapping };\n delete readySettings.attributeMapping;\n return transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.oidc.configure,\n {\n tenantId,\n settings: readySettings,\n domains,\n },\n { token: managementKey },\n ),\n );\n },\n configureSAMLSettings: (\n tenantId: string,\n settings: SSOSAMLSettings,\n redirectUrl?: string,\n domains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.configure,\n { tenantId, settings, redirectUrl, domains },\n { token: managementKey },\n ),\n ),\n configureSAMLByMetadata: (\n tenantId: string,\n settings: SSOSAMLByMetadataSettings,\n redirectUrl?: string,\n domains?: string[],\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.sso.saml.metadata,\n { tenantId, settings, redirectUrl, domains },\n { token: managementKey },\n ),\n ),\n loadSettings: (tenantId: string): Promise<SdkResponse<SSOSettings>> =>\n transformResponse<SSOSettings>(\n sdk.httpClient.get(apiPaths.sso.settingsv2, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => {\n const readySettings = data as any;\n if (readySettings.oidc) {\n readySettings.oidc = {\n ...readySettings.oidc,\n attributeMapping: readySettings.oidc.userAttrMapping,\n };\n delete readySettings.oidc.userAttrMapping;\n }\n if (readySettings.saml?.groupsMapping) {\n readySettings.saml.groupsMapping = readySettings.saml?.groupsMapping.map((gm: any) => {\n const rm = gm;\n rm.roleName = rm.role.name;\n delete rm.role;\n return rm;\n });\n }\n return readySettings;\n },\n ),\n});\n\nexport default withSSOSettings;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AccessKey, AssociatedTenant, CreatedAccessKeyResponse } from './types';\n\ntype SingleKeyResponse = {\n key: AccessKey;\n};\n\ntype MultipleKeysResponse = {\n keys: AccessKey[];\n};\n\nconst withAccessKey = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Create a new access key for a project.\n * @param name Access key name\n * @param expireTime When the access key expires. Keep at 0 to make it indefinite.\n * @param roles Optional roles in the project. Does not apply for multi-tenants\n * @param keyTenants Optional associated tenants for this key and its roles for each.\n * @param userId Optional bind this access key to a specific user.\n * @param customClaims Optional map of claims and their values that will be present in the JWT.\n * @returns A newly created key and its cleartext. Make sure to save the cleartext securely.\n */\n create: (\n name: string,\n expireTime: number,\n roles?: string[],\n keyTenants?: AssociatedTenant[],\n userId?: string,\n customClaims?: Record<string, any>,\n ): Promise<SdkResponse<CreatedAccessKeyResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.accessKey.create,\n { name, expireTime, roleNames: roles, keyTenants, userId, customClaims },\n { token: managementKey },\n ),\n ),\n /**\n * Load an access key.\n * @param id Access key ID to load\n * @returns The loaded access key.\n */\n load: (id: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.get(apiPaths.accessKey.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data.key,\n ),\n /**\n * Search all access keys\n * @param tenantIds Optional tenant ID filter to apply on the search results\n * @returns An array of found access keys\n */\n searchAll: (tenantIds?: string[]): Promise<SdkResponse<AccessKey[]>> =>\n transformResponse<MultipleKeysResponse, AccessKey[]>(\n sdk.httpClient.post(apiPaths.accessKey.search, { tenantIds }, { token: managementKey }),\n (data) => data.keys,\n ),\n /**\n * Update an access key.\n * @param id Access key ID to load\n * @param name The updated access key name\n * @returns The updated access key\n */\n update: (id: string, name: string): Promise<SdkResponse<AccessKey>> =>\n transformResponse<SingleKeyResponse, AccessKey>(\n sdk.httpClient.post(apiPaths.accessKey.update, { id, name }, { token: managementKey }),\n (data) => data.key,\n ),\n /**\n * Deactivate an access key. Deactivated access keys cannot be used until they are\n * activated again.\n * @param id Access key ID to deactivate\n */\n deactivate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.deactivate, { id }, { token: managementKey }),\n ),\n /**\n * Activate an access key. Only deactivated access keys can be activated again.\n * @param id Access key ID to activate\n */\n activate: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.activate, { id }, { token: managementKey }),\n ),\n /**\n * Delete an access key. IMPORTANT: This cannot be undone. Use carefully.\n * @param id Access key ID to delete\n */\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.accessKey.delete, { id }, { token: managementKey }),\n ),\n});\n\nexport default withAccessKey;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { FlowResponse, FlowsResponse, Screen, Flow } from './types';\n\nconst WithFlow = (sdk: CoreSdk, managementKey?: string) => ({\n list: (): Promise<SdkResponse<FlowsResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.flow.list, {}, { token: managementKey })),\n delete: (flowIds: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.delete, { ids: flowIds }, { token: managementKey }),\n ),\n export: (flowId: string): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.flow.export, { flowId }, { token: managementKey }),\n ),\n import: (flowId: string, flow: Flow, screens?: Screen[]): Promise<SdkResponse<FlowResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.flow.import,\n { flowId, flow, screens },\n { token: managementKey },\n ),\n ),\n});\n\nexport default WithFlow;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { Theme, ThemeResponse } from './types';\n\nconst WithTheme = (sdk: CoreSdk, managementKey?: string) => ({\n export: (): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(sdk.httpClient.post(apiPaths.theme.export, {}, { token: managementKey })),\n import: (theme: Theme): Promise<SdkResponse<ThemeResponse>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.theme.import, { theme }, { token: managementKey }),\n ),\n});\n\nexport default WithTheme;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { AuditSearchOptions, AuditRecord } from './types';\n\nconst WithAudit = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Search the audit trail for up to last 30 days based on given optional parameters\n * @param searchOptions to filter which audit records to return\n * @returns the audit records array\n */\n search: (searchOptions: AuditSearchOptions): Promise<SdkResponse<AuditRecord[]>> => {\n const body = { ...searchOptions, externalIds: searchOptions.loginIds };\n delete body.loginIds;\n return transformResponse(\n sdk.httpClient.post(apiPaths.audit.search, body, { token: managementKey }),\n (data) =>\n data?.audits.map((a) => {\n const res = {\n ...a,\n occurred: parseFloat(a.occurred),\n loginIds: a.externalIds,\n };\n delete res.externalIds;\n return res;\n }),\n );\n },\n});\n\nexport default WithAudit;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n AuthzSchema,\n AuthzNamespace,\n AuthzRelationDefinition,\n AuthzRelation,\n AuthzRelationQuery,\n AuthzModified,\n} from './types';\n\nconst WithAuthz = (sdk: CoreSdk, managementKey?: string) => ({\n /**\n * Save (create or update) the given schema.\n * In case of update, will update only given namespaces and will not delete namespaces unless upgrade flag is true.\n * Schema name can be used for projects to track versioning.\n *\n * @param schema the schema to save\n * @param upgrade should we upgrade existing schema or ignore any namespace not provided\n * @returns standard success or failure response\n */\n saveSchema: (schema: AuthzSchema, upgrade: boolean): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaSave, { schema, upgrade }, { token: managementKey }),\n ),\n /**\n * Delete the schema for the project which will also delete all relations.\n *\n * @returns standard success or failure response\n */\n deleteSchema: (): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaDelete, {}, { token: managementKey }),\n ),\n /**\n * Load the schema for the project.\n *\n * @returns the schema associated with the project\n */\n loadSchema: (): Promise<SdkResponse<AuthzSchema>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.schemaLoad, {}, { token: managementKey }),\n (data) => data.schema,\n ),\n /**\n * Save (create or update) the given namespace.\n * Will not delete relation definitions not mentioned in the namespace.\n *\n * @param namespace the namespace to save\n * @param oldName if we are changing the namespace name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n saveNamespace: (\n namespace: AuthzNamespace,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.nsSave,\n { namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Delete the given namespace.\n * Will also delete the relevant relations.\n *\n * @param name to delete.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n deleteNamespace: (name: string, schemaName?: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.nsDelete, { name, schemaName }, { token: managementKey }),\n ),\n /**\n * Save (create or update) the given relation definition.\n *\n * @param relationDefinition rd to save.\n * @param namespace that it belongs to.\n * @param oldName if we are changing the relation definition name, what was the old name we are updating.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n saveRelationDefinition: (\n relationDefinition: AuthzRelationDefinition,\n namespace: string,\n oldName?: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdSave,\n { relationDefinition, namespace, oldName, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Delete the given relation definition.\n * Will also delete the relevant relations.\n *\n * @param name to delete.\n * @param namespace it belongs to.\n * @param schemaName optional and used to track the current schema version.\n * @returns standard success or failure response\n */\n deleteRelationDefinition: (\n name: string,\n namespace: string,\n schemaName?: string,\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.rdDelete,\n { name, namespace, schemaName },\n { token: managementKey },\n ),\n ),\n /**\n * Create the given relations.\n *\n * @param relations to create.\n * @returns standard success or failure response\n */\n createRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reCreate, { relations }, { token: managementKey }),\n ),\n /**\n * Delete the given relations.\n *\n * @param relations to delete.\n * @returns standard success or failure response\n */\n deleteRelations: (relations: AuthzRelation[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.reDelete, { relations }, { token: managementKey }),\n ),\n /**\n * Delete the relations for the given resources.\n *\n * @param resources resources to delete relations for.\n * @returns standard success or failure response\n */\n deleteRelationsForResources: (resources: string[]): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.reDeleteResources,\n { resources },\n { token: managementKey },\n ),\n ),\n /**\n * Query relations to see what relations exists.\n *\n * @param relationQueries array of relation queries to check.\n * @returns array of relation query responses with the boolean flag indicating if relation exists\n */\n hasRelations: (\n relationQueries: AuthzRelationQuery[],\n ): Promise<SdkResponse<AuthzRelationQuery[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.hasRelations,\n { relationQueries },\n { token: managementKey },\n ),\n (data) => data.relationQueries,\n ),\n /**\n * List all the users that have the given relation definition to the given resource.\n *\n * @param resource The resource we are checking\n * @param relationDefinition The relation definition we are querying\n * @param namespace The namespace for the relation definition\n * @returns array of users who have the given relation definition\n */\n whoCanAccess: (\n resource: string,\n relationDefinition: string,\n namespace: string,\n ): Promise<SdkResponse<string[]>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.who,\n { resource, relationDefinition, namespace },\n { token: managementKey },\n ),\n (data) => data.targets,\n ),\n /**\n * Return the list of all defined relations (not recursive) on the given resource.\n *\n * @param resource The resource we are checking\n * @returns array of relations that exist for the given resource\n */\n resourceRelations: (resource: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.resource, { resource }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all defined relations (not recursive) for the given targets.\n *\n * @param targets array of targets we want to check\n * @returns array of relations that exist for the given targets\n */\n targetsRelations: (targets: string[]): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targets, { targets }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all relations for the given target including derived relations from the schema tree.\n *\n * @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n */\n whatCanTargetAccess: (target: string): Promise<SdkResponse<AuthzRelation[]>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.authz.targetAll, { target }, { token: managementKey }),\n (data) => data.relations,\n ),\n /**\n * Return the list of all relations for the given target including derived relations from the schema tree.\n *\n * @param target The target to check relations for\n * @returns array of relations that exist for the given targets\n */\n getModified: (since: Date): Promise<SdkResponse<AuthzModified>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.authz.getModified,\n { since: since ? since.getTime() : 0 },\n { token: managementKey },\n ),\n (data) => data as AuthzModified,\n ),\n});\n\nexport default WithAuthz;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport {\n CreateSSOApplicationResponse,\n SSOApplication,\n OidcApplicationOptions,\n SamlApplicationOptions,\n} from './types';\n\ntype MultipleSSOApplicationResponse = {\n apps: SSOApplication[];\n};\n\nconst withSSOApplication = (sdk: CoreSdk, managementKey?: string) => ({\n createOidcApplication: (\n options: OidcApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n createSamlApplication: (\n options: SamlApplicationOptions,\n ): Promise<SdkResponse<CreateSSOApplicationResponse>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlCreate,\n {\n ...options,\n enabled: options.enabled ?? true,\n },\n { token: managementKey },\n ),\n ),\n updateOidcApplication: (\n options: OidcApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.oidcUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n updateSamlApplication: (\n options: SamlApplicationOptions & { id: string },\n ): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.ssoApplication.samlUpdate,\n { ...options },\n { token: managementKey },\n ),\n ),\n delete: (id: string): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(apiPaths.ssoApplication.delete, { id }, { token: managementKey }),\n ),\n load: (id: string): Promise<SdkResponse<SSOApplication>> =>\n transformResponse<SSOApplication, SSOApplication>(\n sdk.httpClient.get(apiPaths.ssoApplication.load, {\n queryParams: { id },\n token: managementKey,\n }),\n (data) => data,\n ),\n loadAll: (): Promise<SdkResponse<SSOApplication[]>> =>\n transformResponse<MultipleSSOApplicationResponse, SSOApplication[]>(\n sdk.httpClient.get(apiPaths.ssoApplication.loadAll, {\n token: managementKey,\n }),\n (data) => data.apps,\n ),\n});\n\nexport default withSSOApplication;\n","import { SdkResponse, transformResponse } from '@descope/core-js-sdk';\nimport { CoreSdk } from '../types';\nimport apiPaths from './paths';\nimport { PasswordSettings } from './types';\n\nconst withPassword = (sdk: CoreSdk, managementKey?: string) => ({\n getSettings: (tenantId: string): Promise<SdkResponse<PasswordSettings>> =>\n transformResponse<PasswordSettings, PasswordSettings>(\n sdk.httpClient.get(apiPaths.password.settings, {\n queryParams: { tenantId },\n token: managementKey,\n }),\n (data) => data,\n ),\n configureSettings: (tenantId: string, settings: PasswordSettings): Promise<SdkResponse<never>> =>\n transformResponse(\n sdk.httpClient.post(\n apiPaths.password.settings,\n { ...settings, tenantId },\n {\n token: managementKey,\n },\n ),\n ),\n});\n\nexport default withPassword;\n","import { fetch as crossFetch, Headers } from 'cross-fetch';\n\nglobalThis.Headers ??= Headers;\n\nconst highWaterMarkMb = 1024 * 1024 * 30; // 30MB\n\n// we are increasing the response buffer size due to an issue where node-fetch hangs when response is too big\nconst patchedFetch = (...args: Parameters<typeof crossFetch>) => {\n // we can get Request on the first arg, or RequestInfo on the second arg\n // we want to make sure we are setting the \"highWaterMark\" so we are doing it on both args\n args.forEach((arg) => {\n // eslint-disable-next-line no-param-reassign, @typescript-eslint/no-unused-expressions\n arg && ((arg as any).highWaterMark ??= highWaterMarkMb);\n });\n\n return crossFetch(...args);\n};\n\nexport default patchedFetch as unknown as typeof fetch;\n","import createSdk, {\n ExchangeAccessKeyResponse,\n AccessKeyLoginOptions,\n SdkResponse,\n wrapWith,\n} from '@descope/core-js-sdk';\nimport { JWK, JWTHeaderParameters, KeyLike, errors, importJWK, jwtVerify } from 'jose';\nimport {\n permissionsClaimName,\n refreshTokenCookieName,\n rolesClaimName,\n sessionTokenCookieName,\n} from './constants';\nimport { getAuthorizationClaimItems, isUserAssociatedWithTenant, withCookie } from './helpers';\nimport withManagement from './management';\nimport { AuthenticationInfo } from './types';\nimport fetch from './fetch-polyfill';\n\ndeclare const BUILD_VERSION: string;\n\n/** Configuration arguments which include the Descope core SDK args and an optional management key */\ntype NodeSdkArgs = Parameters<typeof createSdk>[0] & {\n managementKey?: string;\n publicKey?: string;\n};\n\nconst nodeSdk = ({ managementKey, publicKey, ...config }: NodeSdkArgs) => {\n const coreSdk = createSdk({\n fetch,\n ...config,\n baseHeaders: {\n ...config.baseHeaders,\n 'x-descope-sdk-name': 'nodejs',\n 'x-descope-sdk-node-version': process?.versions?.node || '',\n 'x-descope-sdk-version': BUILD_VERSION,\n },\n });\n\n const { projectId, logger } = config;\n\n const keys: Record<string, KeyLike | Uint8Array> = {};\n\n /** Fetch the public keys (JWKs) from Descope for the configured project */\n const fetchKeys = async () => {\n if (publicKey) {\n try {\n const parsedKey = JSON.parse(publicKey);\n const key = await importJWK(parsedKey);\n return {\n [parsedKey.kid]: key,\n };\n } catch (e) {\n logger?.error('Failed to parse the provided public key', e);\n throw new Error(`Failed to parse public key. Error: ${e}`);\n }\n }\n\n const keysWrapper = await coreSdk.httpClient\n .get(`v2/keys/${projectId}`)\n .then((resp) => resp.json());\n const publicKeys: JWK[] = keysWrapper.keys;\n if (!Array.isArray(publicKeys)) return {};\n const kidJwksPairs = await Promise.all(\n publicKeys.map(async (key) => [key.kid, await importJWK(key)]),\n );\n\n return kidJwksPairs.reduce(\n (acc, [kid, jwk]) => (kid ? { ...acc, [kid.toString()]: jwk } : acc),\n {},\n );\n };\n\n const management = withManagement(coreSdk, managementKey);\n\n const sdk = {\n ...coreSdk,\n\n /**\n * Provides various APIs for managing a Descope project programmatically. A management key must\n * be provided as an argument when initializing the SDK to use these APIs. Management keys can be\n * generated in the Descope console.\n */\n management,\n\n /** Get the key that can validate the given JWT KID in the header. Can retrieve the public key from local cache or from Descope. */\n async getKey(header: JWTHeaderParameters): Promise<KeyLike | Uint8Array> {\n if (!header?.kid) throw Error('header.kid must not be empty');\n\n if (keys[header.kid]) return keys[header.kid];\n\n // do we need to fetch once or every time?\n Object.assign(keys, await fetchKeys());\n\n if (!keys[header.kid]) throw Error('failed to fetch matching key');\n\n return keys[header.kid];\n },\n\n /**\n * Validate the given JWT with the right key and make sure the issuer is correct\n * @param jwt the JWT string to parse and validate\n * @returns AuthenticationInfo with the parsed token and JWT. Will throw an error if validation fails.\n */\n async validateJwt(jwt: string): Promise<AuthenticationInfo> {\n // Do not hard-code the algo because library does not support `None` so all are valid\n const res = await jwtVerify(jwt, sdk.getKey, { clockTolerance: 5 });\n const token = res.payload;\n\n if (token) {\n token.iss = token.iss?.split('/').pop(); // support both url and project id as issuer\n if (token.iss !== projectId) {\n // We must do the verification here, since issuer can be either project ID or URL\n throw new errors.JWTClaimValidationFailed(\n 'unexpected \"iss\" claim value',\n 'iss',\n 'check_failed',\n );\n }\n }\n\n return { jwt, token };\n },\n\n /**\n * Validate an active session\n * @param sessionToken session JWT to validate\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateSession(sessionToken: string): Promise<AuthenticationInfo> {\n if (!sessionToken) throw Error('session token is required for validation');\n\n try {\n const token = await sdk.validateJwt(sessionToken);\n return token;\n } catch (error) {\n /* istanbul ignore next */\n logger?.error('session validation failed', error);\n throw Error(`session validation failed. Error: ${error}`);\n }\n },\n\n /**\n * Refresh the session using a refresh token\n * @param refreshToken refresh JWT to refresh the session with\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async refreshSession(refreshToken: string): Promise<AuthenticationInfo> {\n if (!refreshToken) throw Error('refresh token is required to refresh a session');\n\n try {\n await sdk.validateJwt(refreshToken);\n const jwtResp = await sdk.refresh(refreshToken);\n if (jwtResp.ok) {\n const token = await sdk.validateJwt(jwtResp.data?.sessionJwt);\n return token;\n }\n /* istanbul ignore next */\n throw Error(jwtResp.error?.errorMessage);\n } catch (refreshTokenErr) {\n /* istanbul ignore next */\n logger?.error('refresh token validation failed', refreshTokenErr);\n throw Error(`refresh token validation failed, Error: ${refreshTokenErr}`);\n }\n },\n\n /**\n * Validate session and refresh it if it expired\n * @param sessionToken session JWT\n * @param refreshToken refresh JWT\n * @returns AuthenticationInfo promise or throws Error if there is an issue with JWTs\n */\n async validateAndRefreshSession(\n sessionToken?: string,\n refreshToken?: string,\n ): Promise<AuthenticationInfo> {\n if (!sessionToken && !refreshToken) throw Error('both session and refresh tokens are empty');\n\n try {\n const token = await sdk.validateSession(sessionToken);\n return token;\n } catch (error) {\n /* istanbul ignore next */\n logger?.log(`session validation failed with error ${error} - trying to refresh it`);\n }\n\n return sdk.refreshSession(refreshToken);\n },\n\n /**\n * Exchange API key (access key) for a session key\n * @param accessKey access key to exchange for a session JWT\n * @param loginOptions Optional advanced controls over login parameters\n * @returns AuthenticationInfo with session JWT data\n */\n async exchangeAccessKey(\n accessKey: string,\n loginOptions?: AccessKeyLoginOptions,\n ): Promise<AuthenticationInfo> {\n if (!accessKey) throw Error('access key must not be empty');\n\n let resp: SdkResponse<ExchangeAccessKeyResponse>;\n try {\n resp = await sdk.accessKey.exchange(accessKey, loginOptions);\n } catch (error) {\n logger?.error('failed to exchange access key', error);\n throw Error(`could not exchange access key - Failed to exchange. Error: ${error}`);\n }\n\n const { sessionJwt } = resp.data;\n if (!sessionJwt) {\n logger?.error('failed to parse exchange access key response');\n throw Error('could not exchange access key');\n }\n\n try {\n const token = await sdk.validateJwt(sessionJwt);\n return token;\n } catch (error) {\n logger?.error('failed to parse jwt from access key', error);\n throw Error(`could not exchange access key - failed to validate jwt. Error: ${error}`);\n }\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validatePermissions(authInfo: AuthenticationInfo, permissions: string[]): boolean {\n return sdk.validateTenantPermissions(authInfo, '', permissions);\n },\n\n /**\n * Retrieves the permissions from JWT top level claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedPermissions(authInfo: AuthenticationInfo, permissions: string[]): string[] {\n return sdk.getMatchedTenantPermissions(authInfo, '', permissions);\n },\n\n /**\n * Make sure that all given permissions exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the permissions for\n * @param permissions list of permissions to make sure they exist on te JWT claims\n * @returns true if all permissions exist, false otherwise\n */\n validateTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.every((perm) => granted.includes(perm));\n },\n\n /**\n * Retrieves the permissions from JWT tenant claims that match the specified permissions list\n * @param authInfo JWT parsed info containing the permissions\n * @param tenant tenant to match the permissions for\n * @param permissions List of permissions to match against the JWT claims\n * @returns An array of permissions that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n * */\n getMatchedTenantPermissions(\n authInfo: AuthenticationInfo,\n tenant: string,\n permissions: string[],\n ): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const granted = getAuthorizationClaimItems(authInfo, permissionsClaimName, tenant);\n return permissions.filter((perm) => granted.includes(perm));\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT top level claims\n * @param authInfo JWT parsed info\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateRoles(authInfo: AuthenticationInfo, roles: string[]): boolean {\n return sdk.validateTenantRoles(authInfo, '', roles);\n },\n\n /**\n * Retrieves the roles from JWT top level claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedRoles(authInfo: AuthenticationInfo, roles: string[]): string[] {\n return sdk.getMatchedTenantRoles(authInfo, '', roles);\n },\n\n /**\n * Make sure that all given roles exist on the parsed JWT tenant claims\n * @param authInfo JWT parsed info\n * @param tenant tenant to validate the roles for\n * @param roles list of roles to make sure they exist on te JWT claims\n * @returns true if all roles exist, false otherwise\n */\n validateTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): boolean {\n // check if user is associated to the tenant\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return false;\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.every((role) => membership.includes(role));\n },\n\n /**\n * Retrieves the roles from JWT tenant claims that match the specified roles list\n * @param authInfo JWT parsed info containing the roles\n * @param tenant tenant to match the roles for\n * @param roles List of roles to match against the JWT claims\n * @returns An array of roles that are both in the JWT claims and the specified list. Returns an empty array if no matches are found\n */\n getMatchedTenantRoles(authInfo: AuthenticationInfo, tenant: string, roles: string[]): string[] {\n if (tenant && !isUserAssociatedWithTenant(authInfo, tenant)) return [];\n\n const membership = getAuthorizationClaimItems(authInfo, rolesClaimName, tenant);\n return roles.filter((role) => membership.includes(role));\n },\n };\n\n return wrapWith(\n sdk,\n [\n 'otp.verify.email',\n 'otp.verify.sms',\n 'otp.verify.whatsapp',\n 'magicLink.verify',\n 'enchantedLink.signUp',\n 'enchantedLink.signIn',\n 'oauth.exchange',\n 'saml.exchange',\n 'totp.verify',\n 'webauthn.signIn.finish',\n 'webauthn.signUp.finish',\n 'refresh',\n ] as const,\n withCookie,\n );\n};\n\n/** Descope SDK client with delivery methods enum.\n *\n * Please see full documentation at {@link https://docs.descope.com/guides Descope Docs}\n * @example Usage\n *\n * ```js\n * import descopeSdk from '@descope/node-sdk';\n *\n * const myProjectId = 'xxx';\n * const sdk = descopeSdk({ projectId: myProjectId });\n *\n * const userLoginId = 'loginId';\n * sdk.otp.signIn.email(userLoginId);\n * const jwtResponse = sdk.otp.verify.email(userLoginId, codeFromEmail);\n * ```\n */\n\nnodeSdk.RefreshTokenCookieName = refreshTokenCookieName;\nnodeSdk.SessionTokenCookieName = sessionTokenCookieName;\n\nexport default nodeSdk;\nexport type {\n DeliveryMethod,\n OAuthProvider,\n ResponseData,\n SdkResponse,\n JWTResponse,\n} from '@descope/core-js-sdk';\nexport type { AuthenticationInfo };\nexport { descopeErrors } from './errors';\n","import { CoreSdk } from '../types';\nimport withUser from './user';\nimport withProject from './project';\nimport withTenant from './tenant';\nimport withJWT from './jwt';\nimport withPermission from './permission';\nimport withRole from './role';\nimport withGroup from './group';\nimport withSSOSettings from './sso';\nimport withAccessKey from './accesskey';\nimport WithFlow from './flow';\nimport WithTheme from './theme';\nimport WithAudit from './audit';\nimport WithAuthz from './authz';\nimport withSSOApplication from './ssoapplication';\nimport withPassword from './password';\n\n/** Constructs a higher level Management API that wraps the functions from code-js-sdk */\nconst withManagement = (sdk: CoreSdk, managementKey?: string) => ({\n user: withUser(sdk, managementKey),\n project: withProject(sdk, managementKey),\n accessKey: withAccessKey(sdk, managementKey),\n tenant: withTenant(sdk, managementKey),\n ssoApplication: withSSOApplication(sdk, managementKey),\n sso: withSSOSettings(sdk, managementKey),\n jwt: withJWT(sdk, managementKey),\n permission: withPermission(sdk, managementKey),\n password: withPassword(sdk, managementKey),\n role: withRole(sdk, managementKey),\n group: withGroup(sdk, managementKey),\n flow: WithFlow(sdk, managementKey),\n theme: WithTheme(sdk, managementKey),\n audit: WithAudit(sdk, managementKey),\n authz: WithAuthz(sdk, managementKey),\n});\n\nexport default withManagement;\n","// eslint-disable-next-line import/prefer-default-export\n/** Common Error Codes */\nexport const descopeErrors = {\n badRequest: 'E011001',\n missingArguments: 'E011002',\n invalidRequest: 'E011003',\n invalidArguments: 'E011004',\n wrongOTPCode: 'E061102',\n tooManyOTPAttempts: 'E061103',\n enchantedLinkPending: 'E062503',\n userNotFound: 'E062108',\n};\n"],"names":["withCookie","fn","async","args","resp","data","_d","refreshJwt","rest","__rest","cookies","options","push","cookieDomain","cookieMaxAge","cookiePath","_a","response","headers","get","cookie","name","match","RegExp","getCookieValue","_b","_c","Object","assign","getAuthorizationClaimItems","authInfo","claim","tenant","value","token","Array","isArray","isUserAssociatedWithTenant","apiPaths","create","createBatch","update","delete","deleteAllTestUsers","load","logout","search","getProviderToken","updateStatus","updateLoginId","updateEmail","updatePhone","updateDisplayName","updatePicture","updateCustomAttribute","setRole","addRole","removeRole","setSSOApps","addSSOApps","removeSSOApps","addTenant","removeTenant","setPassword","setTemporaryPassword","setActivePassword","expirePassword","removeAllPasskeys","generateOTPForTest","generateMagicLinkForTest","generateEnchantedLinkForTest","generateEmbeddedLink","history","updateName","clone","export","import","deactivate","activate","settings","loadAll","searchAll","oidcCreate","samlCreate","oidcUpdate","samlUpdate","metadata","mapping","settingsv2","oidc","configure","saml","impersonate","list","loadAllGroups","loadAllGroupsForMember","loadAllGroupMembers","schemaSave","schemaDelete","schemaLoad","nsSave","nsDelete","rdSave","rdDelete","reCreate","reDelete","reDeleteResources","hasRelations","who","resource","targets","targetAll","getModified","withUser","sdk","managementKey","loginId","emailOrOptions","phone","displayName","roles","userTenants","customAttributes","picture","verifiedEmail","verifiedPhone","givenName","middleName","familyName","additionalLoginIds","body","email","roleNames","undefined","transformResponse","httpClient","post","user","createTestUser","test","invite","inviteUrl","sendMail","sendSMS","inviteBatch","users","templateOptions","deleteByUserId","userId","queryParams","loadByUserId","logoutUser","logoutUserByUserId","tenantIds","limit","page","testUsersOnly","withTestUser","statuses","emails","phones","searchReq","provider","status","newLoginId","isVerified","verified","attributeKey","attributeValue","setRoles","addRoles","removeRoles","tenantId","setTenantRoles","addTenantRoles","removeTenantRoles","addSSOapps","ssoAppIds","setSSOapps","removeSSOapps","generateOTPForTestUser","deliveryMethod","loginOptions","generateMagicLinkForTestUser","uri","URI","generateEnchantedLinkForTestUser","customClaims","password","userIds","withProject","tag","files","withTenant","selfProvisioningDomains","createWithId","id","tenants","ids","names","tenantNames","tenantSelfProvisioningDomains","getSettings","configureSettings","withJWT","jwt","impersonatorId","validateConsent","withPermission","description","newName","permissions","withRole","permissionNames","withGroup","loginIds","groupId","withSSOSettings","deleteSettings","idpURL","idpCert","entityId","redirectURL","domains","configureMetadata","idpMetadataURL","configureMapping","roleMappings","attributeMapping","configureOIDCSettings","readySettings","userAttrMapping","configureSAMLSettings","redirectUrl","configureSAMLByMetadata","loadSettings","groupsMapping","map","gm","rm","roleName","role","withAccessKey","expireTime","keyTenants","key","keys","WithFlow","flowIds","flowId","flow","screens","WithTheme","theme","WithAudit","searchOptions","externalIds","audits","a","res","occurred","parseFloat","WithAuthz","saveSchema","schema","upgrade","deleteSchema","loadSchema","saveNamespace","namespace","oldName","schemaName","deleteNamespace","saveRelationDefinition","relationDefinition","deleteRelationDefinition","createRelations","relations","deleteRelations","deleteRelationsForResources","resources","relationQueries","whoCanAccess","resourceRelations","targetsRelations","whatCanTargetAccess","target","since","getTime","withSSOApplication","createOidcApplication","enabled","createSamlApplication","updateOidcApplication","updateSamlApplication","apps","withPassword","globalThis","Headers","patchedFetch","forEach","arg","highWaterMark","crossFetch","fetch","nodeSdk","publicKey","config","coreSdk","createSdk","baseHeaders","process","versions","node","projectId","logger","management","project","accessKey","ssoApplication","sso","permission","group","audit","authz","withManagement","header","kid","Error","parsedKey","JSON","parse","importJWK","e","error","publicKeys","then","json","Promise","all","reduce","acc","jwk","toString","fetchKeys","jwtVerify","getKey","clockTolerance","payload","iss","split","pop","errors","JWTClaimValidationFailed","sessionToken","validateJwt","refreshToken","jwtResp","refresh","ok","sessionJwt","errorMessage","refreshTokenErr","validateSession","log","refreshSession","exchange","validatePermissions","validateTenantPermissions","getMatchedPermissions","getMatchedTenantPermissions","granted","every","perm","includes","filter","validateRoles","validateTenantRoles","getMatchedRoles","getMatchedTenantRoles","membership","wrapWith","RefreshTokenCookieName","SessionTokenCookieName","badRequest","missingArguments","invalidRequest","invalidArguments","wrongOTPCode","tooManyOTPAttempts","enchantedLinkPending","userNotFound"],"mappings":"2PAEO,MC+BMA,EACVC,GACDC,SAAUC,eACR,MAAMC,QAAaH,KAAME,GAGzB,IAAKC,EAAKC,KACR,OAAOD,EAIT,IAAIE,EAA0BF,EAAKC,MAA/BE,WAAEA,GAAUD,EAAKE,EAAjBC,EAAAA,OAAAH,EAAA,CAAA,eACJ,MAAMI,EAAoB,GAlCP,IAA8BC,EAgDjD,OAZKJ,EASHG,EAAQE,KA5CZ,GDVoC,SCsDoBL,cA5C5BI,OADuBA,EA6CiBH,QA5CxC,EAAAG,EAASE,eAAgB,gBACnDF,aAAA,EAAAA,EAASG,eAAgB,aACjBH,aAAA,EAAAA,EAASI,aAAc,mCAkCZ,QAAbC,EAAAZ,EAAKa,gBAAQ,IAAAD,OAAA,EAAAA,EAAEE,QAAQC,IAAI,iBAC7BZ,EA3Be,EAACa,EAAmCC,KACzD,MAAMC,EAAQF,eAAAA,EAAQE,MAAMC,OAAO,cAAcF,cACjD,OAAOC,EAAQA,EAAM,GAAK,IAAI,EAyBXE,CACE,QAAbC,EAAArB,EAAKa,gBAAQ,IAAAQ,OAAA,EAAAA,EAAEP,QAAQC,IAAI,cDhDC,OCmD9BT,EAAQE,KAAoB,QAAfc,EAAAtB,EAAKa,gBAAU,IAAAS,OAAA,EAAAA,EAAAR,QAAQC,IAAI,gBAMhCQ,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAxB,GAAM,CAAAC,KAAWsB,OAAAC,OAAAD,OAAAC,OAAA,GAAAxB,EAAKC,MAAM,CAAAE,aAAYG,aAAY,WAUpDmB,EACdC,EACAC,EACAC,WAEA,MAAMC,EAAQD,EAC0C,QAApDP,EAA6C,QAA7CT,EAAAc,EAASI,MAAgC,eAAI,IAAAlB,OAAA,EAAAA,EAAAgB,UAAO,IAAAP,OAAA,EAAAA,EAAGM,GACvDD,EAASI,MAAMH,GACnB,OAAOI,MAAMC,QAAQH,GAASA,EAAQ,EACxC,CAQgB,SAAAI,EAA2BP,EAA8BE,SACvE,SAAmD,QAA1ChB,EAAAc,EAASI,MAAgC,eAAC,IAAAlB,OAAA,EAAAA,EAAGgB,GACxD,CCvFA,IAAeM,EACP,CACJC,OAAQ,uBACRC,YAAa,6BACbC,OAAQ,uBACRC,OAAQ,uBACRC,mBAAoB,gCACpBC,KAAM,gBACNC,OAAQ,uBACRC,OAAQ,uBACRC,iBAAkB,+BAClBC,aAAc,8BACdC,cAAe,+BACfC,YAAa,6BACbC,YAAa,6BACbC,kBAAmB,4BACnBC,cAAe,+BACfC,sBAAuB,uCACvBC,QAAS,gCACTC,QAAS,gCACTC,WAAY,mCACZC,WAAY,kCACZC,WAAY,kCACZC,cAAe,qCACfC,UAAW,kCACXC,aAAc,qCACdC,YAAa,6BACbC,qBAAsB,uCACtBC,kBAAmB,oCACnBC,eAAgB,gCAChBC,kBAAmB,gCACnBC,mBAAoB,8BACpBC,yBAA0B,oCAC1BC,6BAA8B,wCAC9BC,qBAAsB,oCACtBC,QAAS,yBAnCElC,EAqCJ,CACPmC,WAAY,+BACZC,MAAO,yBACPC,OAAQ,0BACRC,OAAQ,2BAzCGtC,EA2CF,CACTC,OAAQ,4BACRK,KAAM,qBACNE,OAAQ,4BACRL,OAAQ,4BACRoC,WAAY,gCACZC,SAAU,8BACVpC,OAAQ,6BAlDGJ,EAoDL,CACNC,OAAQ,yBACRE,OAAQ,yBACRC,OAAQ,yBACRE,KAAM,kBACNmC,SAAU,2BACVC,QAAS,sBACTC,UAAW,0BA3DA3C,EA6DG,CACd4C,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZC,WAAY,mCACZ3C,OAAQ,8BACRE,KAAM,4BACNoC,QAAS,8BApEE1C,EAsER,CACHyC,SAAU,wBACVO,SAAU,wBACVC,QAAS,uBACTC,WAAY,wBACZC,KAAM,CACJC,UAAW,qBAEbC,KAAM,CACJD,UAAW,oBACXJ,SAAU,+BAhFDhD,EAmFR,CACHG,OAAQ,sBACRmD,YAAa,wBArFFtD,EAuFH,CACRyC,SAAU,8BAxFCzC,EA0FD,CACVC,OAAQ,6BACRE,OAAQ,6BACRC,OAAQ,6BACRsC,QAAS,2BA9FE1C,EAgGP,CACJC,OAAQ,uBACRE,OAAQ,uBACRC,OAAQ,uBACRsC,QAAS,oBACTlC,OAAQ,wBArGGR,EAuGP,CACJuD,KAAM,qBACNnD,OAAQ,uBACRiC,OAAQ,uBACRC,OAAQ,wBA3GGtC,EA6GN,CACLqC,OAAQ,wBACRC,OAAQ,yBA/GGtC,EAiHN,CACLwD,cAAe,qBACfC,uBAAwB,4BACxBC,oBAAqB,0BApHV1D,EAsHN,CACLQ,OAAQ,yBAvHGR,EAyHN,CACL2D,WAAY,6BACZC,aAAc,+BACdC,WAAY,6BACZC,OAAQ,yBACRC,SAAU,2BACVC,OAAQ,yBACRC,SAAU,2BACVC,SAAU,2BACVC,SAAU,2BACVC,kBAAmB,oCACnBC,aAAc,wBACdC,IAAK,wBACLC,SAAU,6BACVC,QAAS,4BACTC,UAAW,8BACXC,YAAa,8BCtFjB,MAAMC,EAAW,CAACC,EAAcC,KA6SvB,CACL5E,OA1RF,SACE6E,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EAsPCC,eA7NF,SACEtB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,qBACAU,MAAM,GAEThH,OAAAC,OAAAD,OAAAC,OAAA,CACGwF,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPM,MAAM,IAEd,OAAOL,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EA6KCG,OA5IF,SACExB,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAgB,EACAC,EACAC,EACAjB,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAmB,QAAQ,EACRlB,mBACAC,UACAC,gBACAC,gBACAgB,YACAC,WACAC,UACAd,sBAEHtG,OAAAC,OAAAD,OAAAC,OAAA,CACGwF,WACGC,IACHe,UAAWf,aAAc,EAAdA,EAAgBG,MAC3BA,WAAOa,EACPO,QAAQ,IAEhB,OAAON,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcC,OAAQ2F,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EAsFCO,YAAa,CACXC,EACAJ,EACAC,EACAC,EACAG,IAEAZ,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcE,YACd,CACEyG,QACAL,QAAQ,EACRC,YACAC,WACAC,UACAG,mBAEF,CAAEhH,MAAOiF,KAEV9G,GAASA,IAEdoC,OAtFF,SACE2E,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAKA,MAAMC,EACsB,iBAAnBb,EACH,CACED,UACAe,MAAOd,EACPC,QACAC,cACAO,YACAC,aACAC,aACAI,UAAWZ,EACXC,cACAC,mBACAC,UACAC,gBACAC,gBACAI,mDAGAb,WACGC,GACH,CAAAe,UAAWf,aAAA,EAAAA,EAAgBG,MAC3BA,WAAOa,IAEf,OAAOC,EAAAA,kBACLpB,EAAIqB,WAAWC,KAAKlG,EAAcG,OAAQyF,EAAM,CAAEhG,MAAOiF,KACxD9G,GAASA,EAAKoI,MAElB,EA4CC/F,OAAS0E,GACPkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAE0E,WAAW,CAAElF,MAAOiF,KAOpEgC,eAAiBC,GACfd,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAE0G,UAAU,CAAElH,MAAOiF,KAKnExE,mBAAoB,IAClB2F,EAAAA,kBACEpB,EAAIqB,WAAW7F,OAAOJ,EAAcK,mBAAoB,CAAET,MAAOiF,KAErEvE,KAAOwE,GACLkB,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcM,KAAM,CACrCyG,YAAa,CAAEjC,WACflF,MAAOiF,KAER9G,GAASA,EAAKoI,OAQnBa,aAAeF,GACbd,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcM,KAAM,CACrCyG,YAAa,CAAED,UACflH,MAAOiF,KAER9G,GAASA,EAAKoI,OAOnBc,WAAanC,GACXkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcO,OAAQ,CAAEuE,WAAW,CAAElF,MAAOiF,KAQpEqC,mBAAqBJ,GACnBd,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcO,OAAQ,CAAEuG,UAAU,CAAElH,MAAOiF,KAcnElC,UAAW,CACTwE,EACAjC,EACAkC,EACAC,EACAC,EACAC,EACAnC,EACAoC,EACAC,EACAC,IAEA1B,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcQ,OACd,CACE2G,YACArB,UAAWZ,EACXkC,QACAC,OACAC,gBACAC,eACAnC,mBACAoC,WACAC,SACAC,UAEF,CAAE9H,MAAOiF,KAEV9G,GAASA,EAAK4I,QAQnBnG,OAASmH,GACP3B,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcQ,OAETnB,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAqI,GACH,CAAA7B,UAAW6B,EAAUzC,MACrBA,WAAOa,IAET,CAAEnG,MAAOiF,KAEV9G,GAASA,EAAK4I,QAUnBlG,iBAAkB,CAChBqE,EACA8C,IAEA5B,oBACEpB,EAAIqB,WAAWpH,IAAImB,EAAcS,iBAAkB,CACjDsG,YAAa,CAAEjC,UAAS8C,YACxBhI,MAAOiF,KAER9G,GAASA,IAEdyE,SAAWsC,GACTkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcU,aACd,CAAEoE,UAAS+C,OAAQ,WACnB,CAAEjI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB5D,WAAauC,GACXkB,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcU,aACd,CAAEoE,UAAS+C,OAAQ,YACnB,CAAEjI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBxF,cAAe,CAACmE,EAAiBgD,IAC/B9B,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcW,cACd,CAAEmE,UAASgD,cACX,CAAElI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBvF,YAAa,CACXkE,EACAe,EACAkC,IAEA/B,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcY,YACd,CAAEkE,UAASe,QAAOmC,SAAUD,GAC5B,CAAEnI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBtF,YAAa,CACXiE,EACAE,EACA+C,IAEA/B,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAca,YACd,CAAEiE,UAASE,QAAOgD,SAAUD,GAC5B,CAAEnI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBrF,kBAAmB,CACjBgE,EACAG,EACAO,EACAC,EACAC,IAEAM,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcc,kBACd,CAAEgE,UAASG,cAAaO,YAAWC,aAAYC,cAC/C,CAAE9F,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBpF,cAAe,CAAC+D,EAAiBO,IAC/BW,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAce,cACd,CAAE+D,UAASO,WACX,CAAEzF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBnF,sBAAuB,CACrB8D,EACAmD,EACAC,IAEAlC,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcgB,sBACd,CAAE8D,UAASmD,eAAcC,kBACzB,CAAEtI,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBgC,SAAU,CAACrD,EAAiBI,IAC1Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAciB,QACd,CAAE6D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBiC,SAAU,CAACtD,EAAiBI,IAC1Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAckB,QACd,CAAE4D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBkC,YAAa,CAACvD,EAAiBI,IAC7Bc,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcmB,WACd,CAAE2D,UAASgB,UAAWZ,GACtB,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB5E,UAAW,CAACuD,EAAiBwD,IAC3BtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcuB,UACd,CAAEuD,UAASwD,YACX,CAAE1I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB3E,aAAc,CAACsD,EAAiBwD,IAC9BtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcwB,aACd,CAAEsD,UAASwD,YACX,CAAE1I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBoC,eAAgB,CACdzD,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAciB,QACd,CAAE6D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBqC,eAAgB,CACd1D,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAckB,QACd,CAAE4D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBsC,kBAAmB,CACjB3D,EACAwD,EACApD,IAEAc,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcmB,WACd,CAAE2D,UAASwD,WAAUxC,UAAWZ,GAChC,CAAEtF,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnBuC,WAAY,CAAC5D,EAAiB6D,IAC5B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcqB,WACd,CAAEyD,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnByC,WAAY,CAAC9D,EAAiB6D,IAC5B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcoB,WACd,CAAE0D,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAEnB0C,cAAe,CAAC/D,EAAiB6D,IAC/B3C,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAcsB,cACd,CAAEwD,UAAS6D,aACX,CAAE/I,MAAOiF,KAEV9G,GAASA,EAAKoI,OAcnB2C,uBAAwB,CACtBC,EACAjE,EACAkE,IAEAhD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAc8B,mBACd,CAAEiH,iBAAgBjE,UAASkE,gBAC3B,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAedkL,6BAA8B,CAC5BF,EACAjE,EACAoE,EACAF,IAEAhD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAc+B,yBACd,CAAEgH,iBAAgBjE,UAASqE,IAAKD,EAAKF,gBACrC,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAcdqL,iCAAkC,CAChCtE,EACAoE,EACAF,IAEAhD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcgC,6BACd,CAAE8C,UAASqE,IAAKD,EAAKF,gBACrB,CAAEpJ,MAAOiF,KAEV9G,GAASA,IAGdkE,qBAAsB,CACpB6C,EACAuE,IAEArD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAciC,qBACd,CAAE6C,UAASuE,gBACX,CAAEzJ,MAAOiF,KAEV9G,GAASA,IAWd2D,qBAAsB,CAACoD,EAAiBwE,IACtCtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAc0B,qBACd,CAAEoD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IAQd4D,kBAAmB,CAACmD,EAAiBwE,IACnCtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAc2B,kBACd,CAAEmD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IAWd0D,YAAa,CAACqD,EAAiBwE,IAC7BtD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcyB,YACd,CAAEqD,UAASwE,YACX,CAAE1J,MAAOiF,KAEV9G,GAASA,IASd6D,eAAiBkD,GACfkB,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAc4B,eAAgB,CAAEkD,WAAW,CAAElF,MAAOiF,KACvE9G,GAASA,IASd8D,kBAAoBiD,GAClBkB,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAc6B,kBAAmB,CAAEiD,WAAW,CAAElF,MAAOiF,KAC1E9G,GAASA,IAOdmE,QAAUqH,GACRvD,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAckC,QAASqH,EAAS,CAAE3J,MAAOiF,KAC5D9G,GAASA,MCz4BZyL,EAAc,CAAC5E,EAAcC,KAA4B,CAK7D1C,WAAapD,GACXiH,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAiBmC,WACjB,CACEpD,QAEF,CAAEa,MAAOiF,KAWfzC,MAAO,CAACrD,EAAc0K,IACpBzD,oBACEpB,EAAIqB,WAAWC,KACblG,EAAiBoC,MACjB,CACErD,OACA0K,OAEF,CAAE7J,MAAOiF,KAafxC,OAAQ,IACN2D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAiBqC,OAAQ,CAAA,EAAI,CAAEzC,MAAOiF,KACzD9G,GAASA,EAAK2L,QAYnBpH,OAASoH,GACP1D,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAiBsC,OACjB,CACEoH,SAEF,CAAE9J,MAAOiF,OC9DX8E,EAAa,CAAC/E,EAAcC,KAA4B,CAC5D5E,OAAQ,CACNlB,EACA6K,EACAxE,IAEAY,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgBC,OAChB,CAAElB,OAAM6K,0BAAyBxE,oBACjC,CAAExF,MAAOiF,KAGfgF,aAAc,CACZC,EACA/K,EACA6K,EACAxE,IAEAY,oBACEpB,EAAIqB,WAAWC,KACblG,EAAgBC,OAChB,CAAE6J,KAAI/K,OAAM6K,0BAAyBxE,oBACrC,CAAExF,MAAOiF,KAGf1E,OAAQ,CACN2J,EACA/K,EACA6K,EACAxE,IAEAY,oBACEpB,EAAIqB,WAAWC,KACblG,EAAgBG,OAChB,CAAE2J,KAAI/K,OAAM6K,0BAAyBxE,oBACrC,CAAExF,MAAOiF,KAGfzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAgBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,KAEjEvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAgBM,KAAM,CACvCyG,YAAa,CAAE+C,MACflK,MAAOiF,KAER9G,GAASA,IAEd2E,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAgB0C,QAAS,CAC1C9C,MAAOiF,KAER9G,GAASA,EAAKgM,UAEnBpH,UAAW,CACTqH,EACAC,EACAL,EACAxE,IAEAY,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgB2C,UAChB,CACEwE,UAAW6C,EACXE,YAAaD,EACbE,8BAA+BP,EAC/BxE,oBAEF,CAAExF,MAAOiF,KAEV9G,GAASA,EAAKgM,UAEnBK,YAAc9B,GACZtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAgByC,SAAU,CAC3CsE,YAAa,CAAE+C,GAAIxB,GACnB1I,MAAOiF,KAER9G,GAASA,IAEdsM,kBAAmB,CAAC/B,EAAkB7F,IACpCuD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAgByC,SACXpD,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAA6F,aACf,CACE1I,MAAOiF,OC/FXyF,EAAU,CAAC1F,EAAcC,KAA4B,CACzD1E,OAAQ,CACNoK,EACAlB,IAEArD,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAaG,OAAQ,CAAEoK,MAAKlB,gBAAgB,CAAEzJ,MAAOiF,KAE7EvB,YAAa,CACXkH,EACA1F,EACA2F,IAEAzE,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAasD,YACb,CAAEkH,iBAAgB1F,UAAS2F,mBAC3B,CAAE7K,MAAOiF,OCbX6F,EAAiB,CAAC9F,EAAcC,KAA4B,CAChE5E,OAAQ,CAAClB,EAAc4L,IACrB3E,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAoBC,OACpB,CAAElB,OAAM4L,eACR,CAAE/K,MAAOiF,KAGf1E,OAAQ,CAACpB,EAAc6L,EAAiBD,IACtC3E,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAoBG,OACpB,CAAEpB,OAAM6L,UAASD,eACjB,CAAE/K,MAAOiF,KAGfzE,OAASrB,GACPiH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAoBI,OAAQ,CAAErB,QAAQ,CAAEa,MAAOiF,KAEvEnC,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAoB0C,QAAS,CAC9C9C,MAAOiF,KAER9G,GAASA,EAAK8M,gBC1BfC,EAAW,CAAClG,EAAcC,KAA4B,CAC1D5E,OAAQ,CACNlB,EACA4L,EACAI,EACAzC,IAEAtC,oBACEpB,EAAIqB,WAAWC,KACblG,EAAcC,OACd,CAAElB,OAAM4L,cAAaI,kBAAiBzC,YACtC,CAAE1I,MAAOiF,KAGf1E,OAAQ,CACNpB,EACA6L,EACAD,EACAI,EACAzC,IAEAtC,oBACEpB,EAAIqB,WAAWC,KACblG,EAAcG,OACd,CAAEpB,OAAM6L,UAASD,cAAaI,kBAAiBzC,YAC/C,CAAE1I,MAAOiF,KAGfzE,OAAQ,CAACrB,EAAcuJ,IACrBtC,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAErB,OAAMuJ,YAAY,CAAE1I,MAAOiF,KAE3EnC,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAc0C,QAAS,CACxC9C,MAAOiF,KAER9G,GAASA,EAAKmH,QAEnB1E,OAASnC,GACP2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAcQ,OAAQnC,EAAS,CACjDuB,MAAOiF,KAER9G,GAASA,EAAKmH,UChDf8F,EAAY,CAACpG,EAAcC,KAA4B,CAM3DrB,cAAgB8E,GACdtC,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAewD,cAAe,CAAE8E,YAAY,CAAE1I,MAAOiF,KAU7EpB,uBAAwB,CACtB6E,EACAiB,EACA0B,IAEAjF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeyD,uBACf,CAAE6E,WAAU2C,WAAU1B,WACtB,CAAE3J,MAAOiF,KAUfnB,oBAAqB,CAAC4E,EAAkB4C,IACtClF,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAe0D,oBACf,CAAE4E,WAAU4C,WACZ,CAAEtL,MAAOiF,OClCXsG,EAAkB,CAACvG,EAAcC,KAA4B,CAIjEuF,YAAc9B,GACZtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAayC,SAAU,CACxCsE,YAAa,CAAEuB,YACf1I,MAAOiF,KAER9G,GAASA,IAEdqN,eAAiB9C,GACftC,EAAAA,kBACEpB,EAAIqB,WAAW7F,OAAOJ,EAAayC,SAAU,CAC3CsE,YAAa,CAAEuB,YACf1I,MAAOiF,KAMbwF,kBAAmB,CACjB/B,EACA+C,EACAC,EACAC,EACAC,EACAC,IAEAzF,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAayC,SACb,CAAE6F,WAAU+C,SAAQE,WAAUD,UAASE,cAAaC,WACpD,CAAE7L,MAAOiF,KAMf6G,kBAAmB,CACjBpD,EACAqD,EACAH,EACAC,IAEAzF,oBACEpB,EAAIqB,WAAWC,KACblG,EAAagD,SACb,CAAEsF,WAAUqD,iBAAgBH,cAAaC,WACzC,CAAE7L,MAAOiF,KAGf+G,iBAAkB,CAChBtD,EACAuD,EACAC,IAEA9F,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaiD,QACb,CAAEqF,WAAUuD,eAAcC,oBAC1B,CAAElM,MAAOiF,KAGfkH,sBAAuB,CACrBzD,EACA7F,EACAgJ,KAEA,MAAMO,EAAqB3M,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAAwJ,gBAAiBxJ,EAASqJ,mBAE/D,cADOE,EAAcF,iBACd9F,EAAiBA,kBACtBpB,EAAIqB,WAAWC,KACblG,EAAamD,KAAKC,UAClB,CACEkF,WACA7F,SAAUuJ,EACVP,WAEF,CAAE7L,MAAOiF,IAEZ,EAEHqH,sBAAuB,CACrB5D,EACA7F,EACA0J,EACAV,IAEAzF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaqD,KAAKD,UAClB,CAAEkF,WAAU7F,WAAU0J,cAAaV,WACnC,CAAE7L,MAAOiF,KAGfuH,wBAAyB,CACvB9D,EACA7F,EACA0J,EACAV,IAEAzF,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAaqD,KAAKL,SAClB,CAAEsF,WAAU7F,WAAU0J,cAAaV,WACnC,CAAE7L,MAAOiF,KAGfwH,aAAe/D,GACbtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAakD,WAAY,CAC1C6D,YAAa,CAAEuB,YACf1I,MAAOiF,KAER9G,YACC,MAAMiO,EAAgBjO,EAgBtB,OAfIiO,EAAc7I,OAChB6I,EAAc7I,KACT9D,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAA0M,EAAc7I,MAAI,CACrB2I,iBAAkBE,EAAc7I,KAAK8I,yBAEhCD,EAAc7I,KAAK8I,kBAEN,UAAlBD,EAAc3I,YAAI,IAAA3E,OAAA,EAAAA,EAAE4N,iBACtBN,EAAc3I,KAAKiJ,cAAkC,UAAlBN,EAAc3I,YAAI,IAAAlE,OAAA,EAAAA,EAAEmN,cAAcC,KAAKC,IACxE,MAAMC,EAAKD,EAGX,OAFAC,EAAGC,SAAWD,EAAGE,KAAK5N,YACf0N,EAAGE,KACHF,CAAE,KAGNT,CAAa,MCrItBY,EAAgB,CAAChI,EAAcC,KAA4B,CAW/D5E,OAAQ,CACNlB,EACA8N,EACA3H,EACA4H,EACAhG,EACAuC,IAEArD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAmBC,OACnB,CAAElB,OAAM8N,aAAY/G,UAAWZ,EAAO4H,aAAYhG,SAAQuC,gBAC1D,CAAEzJ,MAAOiF,KAQfvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAmBM,KAAM,CAC1CyG,YAAa,CAAE+C,MACflK,MAAOiF,KAER9G,GAASA,EAAKgP,MAOnBpK,UAAYwE,GACVnB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBQ,OAAQ,CAAE2G,aAAa,CAAEvH,MAAOiF,KACtE9G,GAASA,EAAKiP,OAQnB7M,OAAQ,CAAC2J,EAAY/K,IACnBiH,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAmBG,OAAQ,CAAE2J,KAAI/K,QAAQ,CAAEa,MAAOiF,KACrE9G,GAASA,EAAKgP,MAOnBxK,WAAauH,GACX9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBuC,WAAY,CAAEuH,MAAM,CAAElK,MAAOiF,KAMxErC,SAAWsH,GACT9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBwC,SAAU,CAAEsH,MAAM,CAAElK,MAAOiF,KAMtEzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAmBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,OC3FhEoI,EAAW,CAACrI,EAAcC,KAA4B,CAC1DtB,KAAM,IACJyC,EAAiBA,kBAACpB,EAAIqB,WAAWC,KAAKlG,EAAcuD,KAAM,CAAE,EAAE,CAAE3D,MAAOiF,KACzEzE,OAAS8M,GACPlH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcI,OAAQ,CAAE4J,IAAKkD,GAAW,CAAEtN,MAAOiF,KAEzExC,OAAS8K,GACPnH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAcqC,OAAQ,CAAE8K,UAAU,CAAEvN,MAAOiF,KAEnEvC,OAAQ,CAAC6K,EAAgBC,EAAYC,IACnCrH,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAcsC,OACd,CAAE6K,SAAQC,OAAMC,WAChB,CAAEzN,MAAOiF,OChBXyI,EAAY,CAAC1I,EAAcC,KAA4B,CAC3DxC,OAAQ,IACN2D,EAAiBA,kBAACpB,EAAIqB,WAAWC,KAAKlG,EAAeqC,OAAQ,CAAE,EAAE,CAAEzC,MAAOiF,KAC5EvC,OAASiL,GACPvH,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAesC,OAAQ,CAAEiL,SAAS,CAAE3N,MAAOiF,OCL/D2I,EAAY,CAAC5I,EAAcC,KAA4B,CAM3DrE,OAASiN,IACP,MAAM7H,EAAYvG,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmO,GAAe,CAAAC,YAAaD,EAAcxC,WAE5D,cADOrF,EAAKqF,SACLjF,oBACLpB,EAAIqB,WAAWC,KAAKlG,EAAeQ,OAAQoF,EAAM,CAAEhG,MAAOiF,KACzD9G,GACCA,eAAAA,EAAM4P,OAAOpB,KAAKqB,IAChB,MAAMC,EACDxO,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAsO,IACHE,SAAUC,WAAWH,EAAEE,UACvB7C,SAAU2C,EAAEF,cAGd,cADOG,EAAIH,YACJG,CAAG,KAEf,ICdCG,EAAY,CAACpJ,EAAcC,KAA4B,CAU3DoJ,WAAY,CAACC,EAAqBC,IAChCnI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe2D,WAAY,CAAEuK,SAAQC,WAAW,CAAEvO,MAAOiF,KAOjFuJ,aAAc,IACZpI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe4D,aAAc,CAAE,EAAE,CAAEhE,MAAOiF,KAOlEwJ,WAAY,IACVrI,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAe6D,WAAY,CAAA,EAAI,CAAEjE,MAAOiF,KAC3D9G,GAASA,EAAKmQ,SAWnBI,cAAe,CACbC,EACAC,EACAC,IAEAzI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAe8D,OACf,CAAEyK,YAAWC,UAASC,cACtB,CAAE7O,MAAOiF,KAWf6J,gBAAiB,CAAC3P,EAAc0P,IAC9BzI,EAAiBA,kBACfpB,EAAIqB,WAAWC,KAAKlG,EAAe+D,SAAU,CAAEhF,OAAM0P,cAAc,CAAE7O,MAAOiF,KAWhF8J,uBAAwB,CACtBC,EACAL,EACAC,EACAC,IAEAzI,oBACEpB,EAAIqB,WAAWC,KACblG,EAAegE,OACf,CAAE4K,qBAAoBL,YAAWC,UAASC,cAC1C,CAAE7O,MAAOiF,KAYfgK,yBAA0B,CACxB9P,EACAwP,EACAE,IAEAzI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeiE,SACf,CAAElF,OAAMwP,YAAWE,cACnB,CAAE7O,MAAOiF,KASfiK,gBAAkBC,GAChB/I,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAekE,SAAU,CAAE6K,aAAa,CAAEnP,MAAOiF,KAQzEmK,gBAAkBD,GAChB/I,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAemE,SAAU,CAAE4K,aAAa,CAAEnP,MAAOiF,KAQzEoK,4BAA8BC,GAC5BlJ,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAeoE,kBACf,CAAE8K,aACF,CAAEtP,MAAOiF,KASfR,aACE8K,GAEAnJ,oBACEpB,EAAIqB,WAAWC,KACblG,EAAeqE,aACf,CAAE8K,mBACF,CAAEvP,MAAOiF,KAEV9G,GAASA,EAAKoR,kBAUnBC,aAAc,CACZ7K,EACAqK,EACAL,IAEAvI,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAesE,IACf,CAAEC,WAAUqK,qBAAoBL,aAChC,CAAE3O,MAAOiF,KAEV9G,GAASA,EAAKyG,UAQnB6K,kBAAoB9K,GAClByB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAeuE,SAAU,CAAEA,YAAY,CAAE3E,MAAOiF,KACnE9G,GAASA,EAAKgR,YAQnBO,iBAAmB9K,GACjBwB,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAewE,QAAS,CAAEA,WAAW,CAAE5E,MAAOiF,KACjE9G,GAASA,EAAKgR,YAQnBQ,oBAAsBC,GACpBxJ,oBACEpB,EAAIqB,WAAWC,KAAKlG,EAAeyE,UAAW,CAAE+K,UAAU,CAAE5P,MAAOiF,KAClE9G,GAASA,EAAKgR,YAQnBrK,YAAc+K,GACZzJ,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAe0E,YACf,CAAE+K,MAAOA,EAAQA,EAAMC,UAAY,GACnC,CAAE9P,MAAOiF,KAEV9G,GAASA,MCjOV4R,EAAqB,CAAC/K,EAAcC,KAA4B,CACpE+K,sBACEvR,UAEA,OAAA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB4C,0CAEnBvE,GAAO,CACVwR,gBAASnR,EAAAL,EAAQwR,0BAEnB,CAAEjQ,MAAOiF,IAEZ,EACHiL,sBACEzR,UAEA,OAAA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB6C,0CAEnBxE,GAAO,CACVwR,gBAASnR,EAAAL,EAAQwR,0BAEnB,CAAEjQ,MAAOiF,IAEZ,EACHkL,sBACE1R,GAEA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB8C,WAAUzD,OAAAC,OAAA,GAC7BjB,GACL,CAAEuB,MAAOiF,KAGfmL,sBACE3R,GAEA2H,EAAiBA,kBACfpB,EAAIqB,WAAWC,KACblG,EAAwB+C,WAAU1D,OAAAC,OAAA,GAC7BjB,GACL,CAAEuB,MAAOiF,KAGfzE,OAAS0J,GACP9D,EAAAA,kBACEpB,EAAIqB,WAAWC,KAAKlG,EAAwBI,OAAQ,CAAE0J,MAAM,CAAElK,MAAOiF,KAEzEvE,KAAOwJ,GACL9D,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAwBM,KAAM,CAC/CyG,YAAa,CAAE+C,MACflK,MAAOiF,KAER9G,GAASA,IAEd2E,QAAS,IACPsD,EAAiBA,kBACfpB,EAAIqB,WAAWpH,IAAImB,EAAwB0C,QAAS,CAClD9C,MAAOiF,KAER9G,GAASA,EAAKkS,SCzEfC,EAAe,CAACtL,EAAcC,KAA4B,CAC9DuF,YAAc9B,GACZtC,EAAAA,kBACEpB,EAAIqB,WAAWpH,IAAImB,EAAkByC,SAAU,CAC7CsE,YAAa,CAAEuB,YACf1I,MAAOiF,KAER9G,GAASA,IAEdsM,kBAAmB,CAAC/B,EAAkB7F,IACpCuD,EAAAA,kBACEpB,EAAIqB,WAAWC,KACblG,EAAkByC,SACbpD,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAmD,GAAU,CAAA6F,aACf,CACE1I,MAAOiF,aClBC,QAAlBnG,EAAAyR,WAAWC,eAAO,IAAA1R,IAAlByR,WAAWC,QAAYA,EAAOA,SAE9B,MAGMC,EAAe,IAAIxS,KAGvBA,EAAKyS,SAASC,YAEZA,YAAS7R,GAAAS,EAAAoR,GAAYC,+BAAAA,cARD,UAQmC,IAGlDC,EAAUC,SAAI7S,ICWjB8S,EAAWjS,WAAAmG,cAAEA,EAAa+L,UAAEA,GAASlS,EAAKmS,EAAM1S,EAAAA,OAAAO,EAArC,+BACf,MAAMoS,EAAUC,UACd1R,OAAAC,OAAAD,OAAAC,OAAA,CAAAoR,MAAAA,GACGG,GAAM,CACTG,YAAW3R,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EACNuR,EAAOG,cACV,qBAAsB,SACtB,8BAAiD,UAAZ,OAAPC,cAAO,IAAPA,aAAO,EAAPA,QAASC,gBAAU,IAAA/R,OAAA,EAAAA,EAAAgS,OAAQ,GACzD,wBAAyB,cAIvBC,UAAEA,EAASC,OAAEA,GAAWR,EAExB7D,EAA6C,CAAA,EAgC7CsE,ECtDe,EAAC1M,EAAcC,KAA4B,CAChEsB,KAAMxB,EAASC,EAAKC,GACpB0M,QAAS/H,EAAY5E,EAAKC,GAC1B2M,UAAW5E,EAAchI,EAAKC,GAC9BnF,OAAQiK,EAAW/E,EAAKC,GACxB4M,eAAgB9B,EAAmB/K,EAAKC,GACxC6M,IAAKvG,EAAgBvG,EAAKC,GAC1B0F,IAAKD,EAAQ1F,EAAKC,GAClB8M,WAAYjH,EAAe9F,EAAKC,GAChCyE,SAAU4G,EAAatL,EAAKC,GAC5B8H,KAAM7B,EAASlG,EAAKC,GACpB+M,MAAO5G,EAAUpG,EAAKC,GACtBuI,KAAMH,EAASrI,EAAKC,GACpB0I,MAAOD,EAAU1I,EAAKC,GACtBgN,MAAOrE,EAAU5I,EAAKC,GACtBiN,MAAO9D,EAAUpJ,EAAKC,KDuCHkN,CAAejB,EAASjM,GAErCD,iCACDkM,GAAO,CAOVQ,aAGA1T,aAAaoU,GACX,KAAKA,aAAA,EAAAA,EAAQC,KAAK,MAAMC,MAAM,gCAE9B,GAAIlF,EAAKgF,EAAOC,KAAM,OAAOjF,EAAKgF,EAAOC,KAKzC,GAFA5S,OAAOC,OAAO0N,OAhDApP,WAChB,GAAIgT,EACF,IACE,MAAMuB,EAAYC,KAAKC,MAAMzB,GACvB7D,QAAYuF,YAAUH,GAC5B,MAAO,CACL,CAACA,EAAUF,KAAMlF,EAKpB,CAHC,MAAOwF,GAEP,MADAlB,SAAAA,EAAQmB,MAAM,0CAA2CD,GACnD,IAAIL,MAAM,sCAAsCK,IACvD,CAGH,MAGME,SAHoB3B,EAAQ7K,WAC/BpH,IAAI,WAAWuS,KACfsB,MAAM5U,GAASA,EAAK6U,UACe3F,KACtC,OAAKnN,MAAMC,QAAQ2S,UACQG,QAAQC,IACjCJ,EAAWlG,KAAI3O,MAAOmP,GAAQ,CAACA,EAAIkF,UAAWK,EAAAA,UAAUvF,QAGtC+F,QAClB,CAACC,GAAMd,EAAKe,KAAUf,EAAW5S,OAAAC,OAAAD,OAAAC,OAAA,CAAA,EAAAyT,IAAK,CAACd,EAAIgB,YAAaD,IAAQD,GAChE,CAAE,GAPmC,EAQtC,EAsB2BG,KAErBlG,EAAKgF,EAAOC,KAAM,MAAMC,MAAM,gCAEnC,OAAOlF,EAAKgF,EAAOC,IACpB,EAODrU,kBAAkB2M,SAEhB,MACM3K,SADYuT,EAASA,UAAC5I,EAAK3F,EAAIwO,OAAQ,CAAEC,eAAgB,KAC7CC,QAElB,GAAI1T,IACFA,EAAM2T,IAAe,QAAT7U,EAAAkB,EAAM2T,WAAG,IAAA7U,OAAA,EAAAA,EAAE8U,MAAM,KAAKC,MAC9B7T,EAAM2T,MAAQnC,GAEhB,MAAM,IAAIsC,EAAMA,OAACC,yBACf,+BACA,MACA,gBAKN,MAAO,CAAEpJ,MAAK3K,QACf,EAODhC,sBAAsBgW,GACpB,IAAKA,EAAc,MAAM1B,MAAM,4CAE/B,IAEE,aADoBtN,EAAIiP,YAAYD,EAMrC,CAJC,MAAOpB,GAGP,MADAnB,SAAAA,EAAQmB,MAAM,4BAA6BA,GACrCN,MAAM,qCAAqCM,IAClD,CACF,EAOD5U,qBAAqBkW,WACnB,IAAKA,EAAc,MAAM5B,MAAM,kDAE/B,UACQtN,EAAIiP,YAAYC,GACtB,MAAMC,QAAgBnP,EAAIoP,QAAQF,GAClC,GAAIC,EAAQE,GAAI,CAEd,aADoBrP,EAAIiP,YAA0B,QAAdnV,EAAAqV,EAAQhW,YAAM,IAAAW,OAAA,EAAAA,EAAAwV,WAEnD,CAED,MAAMhC,MAAmB,QAAb/S,EAAA4U,EAAQvB,aAAK,IAAArT,OAAA,EAAAA,EAAEgV,aAK5B,CAJC,MAAOC,GAGP,MADA/C,SAAAA,EAAQmB,MAAM,kCAAmC4B,GAC3ClC,MAAM,2CAA2CkC,IACxD,CACF,EAQDxW,gCACEgW,EACAE,GAEA,IAAKF,IAAiBE,EAAc,MAAM5B,MAAM,6CAEhD,IAEE,aADoBtN,EAAIyP,gBAAgBT,EAKzC,CAHC,MAAOpB,GAEPnB,SAAAA,EAAQiD,IAAI,wCAAwC9B,2BACrD,CAED,OAAO5N,EAAI2P,eAAeT,EAC3B,EAQDlW,wBACE4T,EACAxI,GAEA,IAAKwI,EAAW,MAAMU,MAAM,gCAE5B,IAAIpU,EACJ,IACEA,QAAa8G,EAAI4M,UAAUgD,SAAShD,EAAWxI,EAIhD,CAHC,MAAOwJ,GAEP,MADAnB,SAAAA,EAAQmB,MAAM,gCAAiCA,GACzCN,MAAM,8DAA8DM,IAC3E,CAED,MAAM0B,WAAEA,GAAepW,EAAKC,KAC5B,IAAKmW,EAEH,MADA7C,SAAAA,EAAQmB,MAAM,gDACRN,MAAM,iCAGd,IAEE,aADoBtN,EAAIiP,YAAYK,EAKrC,CAHC,MAAO1B,GAEP,MADAnB,SAAAA,EAAQmB,MAAM,sCAAuCA,GAC/CN,MAAM,kEAAkEM,IAC/E,CACF,EAQDiC,oBAAmB,CAACjV,EAA8BqL,IACzCjG,EAAI8P,0BAA0BlV,EAAU,GAAIqL,GASrD8J,sBAAqB,CAACnV,EAA8BqL,IAC3CjG,EAAIgQ,4BAA4BpV,EAAU,GAAIqL,GAUvD6J,0BACElV,EACAE,EACAmL,GAGA,GAAInL,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAMmV,EAAUtV,EAA2BC,EnB1Pb,cmB0P6CE,GAC3E,OAAOmL,EAAYiK,OAAOC,GAASF,EAAQG,SAASD,IACrD,EASDH,4BACEpV,EACAE,EACAmL,GAEA,GAAInL,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAMmV,EAAUtV,EAA2BC,EnB5Qb,cmB4Q6CE,GAC3E,OAAOmL,EAAYoK,QAAQF,GAASF,EAAQG,SAASD,IACtD,EAQDG,cAAa,CAAC1V,EAA8B0F,IACnCN,EAAIuQ,oBAAoB3V,EAAU,GAAI0F,GAS/CkQ,gBAAe,CAAC5V,EAA8B0F,IACrCN,EAAIyQ,sBAAsB7V,EAAU,GAAI0F,GAUjDiQ,oBAAoB3V,EAA8BE,EAAgBwF,GAEhE,GAAIxF,IAAWK,EAA2BP,EAAUE,GAAS,OAAO,EAEpE,MAAM4V,EAAa/V,EAA2BC,EnB7StB,QmB6SgDE,GACxE,OAAOwF,EAAM4P,OAAOnI,GAAS2I,EAAWN,SAASrI,IAClD,EASD0I,sBAAsB7V,EAA8BE,EAAgBwF,GAClE,GAAIxF,IAAWK,EAA2BP,EAAUE,GAAS,MAAO,GAEpE,MAAM4V,EAAa/V,EAA2BC,EnB3TtB,QmB2TgDE,GACxE,OAAOwF,EAAM+P,QAAQtI,GAAS2I,EAAWN,SAASrI,IACnD,IAGH,OAAO4I,EAAAA,SACL3Q,EACA,CACE,mBACA,iBACA,sBACA,mBACA,uBACA,uBACA,iBACA,gBACA,cACA,yBACA,yBACA,WAEFlH,EACD,EAoBHiT,EAAQ6E,uBnB7W8B,MmB8WtC7E,EAAQ8E,uBnB5W8B,6CqBFT,CAC3BC,WAAY,UACZC,iBAAkB,UAClBC,eAAgB,UAChBC,iBAAkB,UAClBC,aAAc,UACdC,mBAAoB,UACpBC,qBAAsB,UACtBC,aAAc"}
|