@emulators/microsoft 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +55 -0
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -687,6 +687,61 @@ function oauthRoutes({ app, store, baseUrl, tokenMap }) {
|
|
|
687
687
|
userPrincipalName: user.preferred_username
|
|
688
688
|
});
|
|
689
689
|
});
|
|
690
|
+
app.post("/:tenant/oauth2/token", async (c) => {
|
|
691
|
+
const contentType = c.req.header("Content-Type") ?? "";
|
|
692
|
+
const rawText = await c.req.text();
|
|
693
|
+
let body;
|
|
694
|
+
if (contentType.includes("application/json")) {
|
|
695
|
+
try {
|
|
696
|
+
body = JSON.parse(rawText);
|
|
697
|
+
} catch {
|
|
698
|
+
body = {};
|
|
699
|
+
}
|
|
700
|
+
} else {
|
|
701
|
+
body = Object.fromEntries(new URLSearchParams(rawText));
|
|
702
|
+
}
|
|
703
|
+
const resource = typeof body.resource === "string" ? body.resource : "";
|
|
704
|
+
if (resource && !body.scope) {
|
|
705
|
+
const normalized = resource.endsWith("/") ? resource : resource + "/";
|
|
706
|
+
body.scope = normalized + ".default";
|
|
707
|
+
}
|
|
708
|
+
const params = new URLSearchParams();
|
|
709
|
+
for (const [key, value] of Object.entries(body)) {
|
|
710
|
+
if (key !== "resource" && typeof value === "string") {
|
|
711
|
+
params.set(key, value);
|
|
712
|
+
}
|
|
713
|
+
}
|
|
714
|
+
const v2Req = new Request(`${baseUrl}/oauth2/v2.0/token`, {
|
|
715
|
+
method: "POST",
|
|
716
|
+
headers: new Headers({
|
|
717
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
718
|
+
...c.req.header("Authorization") ? { Authorization: c.req.header("Authorization") } : {}
|
|
719
|
+
}),
|
|
720
|
+
body: params.toString()
|
|
721
|
+
});
|
|
722
|
+
return app.fetch(v2Req);
|
|
723
|
+
});
|
|
724
|
+
app.get("/v1.0/users/:id", (c) => {
|
|
725
|
+
const userId = c.req.param("id");
|
|
726
|
+
const user = ms.users.findOneBy("oid", userId);
|
|
727
|
+
if (!user) {
|
|
728
|
+
return c.json({
|
|
729
|
+
error: {
|
|
730
|
+
code: "Request_ResourceNotFound",
|
|
731
|
+
message: `Resource '${userId}' does not exist or one of its queried reference-property objects are not present.`
|
|
732
|
+
}
|
|
733
|
+
}, 404);
|
|
734
|
+
}
|
|
735
|
+
return c.json({
|
|
736
|
+
"@odata.context": `${baseUrl}/v1.0/$metadata#users/$entity`,
|
|
737
|
+
id: user.oid,
|
|
738
|
+
displayName: user.name,
|
|
739
|
+
givenName: user.given_name,
|
|
740
|
+
surname: user.family_name,
|
|
741
|
+
mail: user.email,
|
|
742
|
+
userPrincipalName: user.preferred_username
|
|
743
|
+
});
|
|
744
|
+
});
|
|
690
745
|
app.get("/oauth2/v2.0/logout", (c) => {
|
|
691
746
|
const post_logout_redirect_uri = c.req.query("post_logout_redirect_uri");
|
|
692
747
|
if (post_logout_redirect_uri) {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/store.ts","../src/helpers.ts","../src/routes/oauth.ts","../../core/src/store.ts","../../core/src/server.ts","../../core/src/webhooks.ts","../../core/src/middleware/error-handler.ts","../../core/src/middleware/auth.ts","../../core/src/debug.ts","../../core/src/fonts.ts","../../core/src/middleware/pagination.ts","../../core/src/ui.ts","../../core/src/oauth-helpers.ts","../src/index.ts"],"sourcesContent":["import { Store, type Collection } from \"@emulators/core\";\nimport type { MicrosoftUser, MicrosoftOAuthClient } from \"./entities.js\";\n\nexport interface MicrosoftStore {\n users: Collection<MicrosoftUser>;\n oauthClients: Collection<MicrosoftOAuthClient>;\n}\n\nexport function getMicrosoftStore(store: Store): MicrosoftStore {\n return {\n users: store.collection<MicrosoftUser>(\"microsoft.users\", [\"oid\", \"email\"]),\n oauthClients: store.collection<MicrosoftOAuthClient>(\"microsoft.oauth_clients\", [\"client_id\"]),\n };\n}\n","import { randomUUID } from \"crypto\";\n\n/** Default tenant ID used when none is configured */\nexport const DEFAULT_TENANT_ID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\n\n/**\n * Generate a Microsoft-style object ID (UUID v4 format).\n */\nexport function generateOid(): string {\n return randomUUID();\n}\n","import { createHash, randomBytes } from \"crypto\";\nimport { SignJWT, exportJWK, generateKeyPair } from \"jose\";\nimport type { RouteContext } from \"@emulators/core\";\nimport {\n escapeHtml,\n escapeAttr,\n renderCardPage,\n renderErrorPage,\n renderUserButton,\n matchesRedirectUri,\n constantTimeSecretEqual,\n bodyStr,\n debug,\n} from \"@emulators/core\";\nimport { getMicrosoftStore } from \"../store.js\";\nimport { DEFAULT_TENANT_ID } from \"../helpers.js\";\nimport type { MicrosoftUser } from \"../entities.js\";\nimport type { Store } from \"@emulators/core\";\n\n// RSA key pair generated at module load for signing id_tokens\nconst keyPairPromise = generateKeyPair(\"RS256\");\nconst KID = \"emulate-microsoft-1\";\n\ntype PendingCode = {\n email: string;\n scope: string;\n redirectUri: string;\n clientId: string;\n nonce: string | null;\n codeChallenge: string | null;\n codeChallengeMethod: string | null;\n created_at: number;\n};\n\ntype StoredRefreshToken = {\n email: string;\n clientId: string;\n scope: string;\n nonce: string | null;\n};\n\nconst PENDING_CODE_TTL_MS = 10 * 60 * 1000;\n\nfunction getPendingCodes(store: Store): Map<string, PendingCode> {\n let map = store.getData<Map<string, PendingCode>>(\"microsoft.oauth.pendingCodes\");\n if (!map) {\n map = new Map();\n store.setData(\"microsoft.oauth.pendingCodes\", map);\n }\n return map;\n}\n\nfunction getRefreshTokens(store: Store): Map<string, StoredRefreshToken> {\n let map = store.getData<Map<string, StoredRefreshToken>>(\"microsoft.oauth.refreshTokens\");\n if (!map) {\n map = new Map();\n store.setData(\"microsoft.oauth.refreshTokens\", map);\n }\n return map;\n}\n\nfunction isPendingCodeExpired(p: PendingCode): boolean {\n return Date.now() - p.created_at > PENDING_CODE_TTL_MS;\n}\n\nconst SERVICE_LABEL = \"Microsoft\";\n\nasync function createIdToken(\n user: MicrosoftUser,\n clientId: string,\n nonce: string | null,\n baseUrl: string,\n): Promise<string> {\n const { privateKey } = await keyPairPromise;\n const now = Math.floor(Date.now() / 1000);\n\n const builder = new SignJWT({\n sub: user.oid,\n email: user.email,\n name: user.name,\n given_name: user.given_name,\n family_name: user.family_name,\n preferred_username: user.preferred_username,\n oid: user.oid,\n tid: user.tenant_id,\n ver: \"2.0\",\n ...(nonce ? { nonce } : {}),\n })\n .setProtectedHeader({ alg: \"RS256\", kid: KID, typ: \"JWT\" })\n .setIssuer(`${baseUrl}/${user.tenant_id}/v2.0`)\n .setAudience(clientId)\n .setIssuedAt(now)\n .setExpirationTime(\"1h\");\n\n return builder.sign(privateKey);\n}\n\nexport function oauthRoutes({ app, store, baseUrl, tokenMap }: RouteContext): void {\n const ms = getMicrosoftStore(store);\n\n // ---------- OpenID Configuration ----------\n // Microsoft uses /{tenant}/v2.0/.well-known/openid-configuration\n // We also serve at /.well-known/openid-configuration for convenience.\n\n const oidcConfig = (tenantId: string) => ({\n issuer: `${baseUrl}/${tenantId}/v2.0`,\n authorization_endpoint: `${baseUrl}/oauth2/v2.0/authorize`,\n token_endpoint: `${baseUrl}/oauth2/v2.0/token`,\n userinfo_endpoint: `${baseUrl}/oidc/userinfo`,\n end_session_endpoint: `${baseUrl}/oauth2/v2.0/logout`,\n jwks_uri: `${baseUrl}/discovery/v2.0/keys`,\n response_types_supported: [\"code\"],\n response_modes_supported: [\"query\", \"fragment\", \"form_post\"],\n subject_types_supported: [\"pairwise\"],\n id_token_signing_alg_values_supported: [\"RS256\"],\n scopes_supported: [\"openid\", \"email\", \"profile\", \"offline_access\", \"User.Read\", \".default\"],\n grant_types_supported: [\"authorization_code\", \"refresh_token\", \"client_credentials\"],\n token_endpoint_auth_methods_supported: [\"client_secret_post\", \"client_secret_basic\"],\n claims_supported: [\n \"sub\", \"iss\", \"aud\", \"exp\", \"iat\", \"nonce\",\n \"name\", \"email\", \"given_name\", \"family_name\",\n \"preferred_username\", \"oid\", \"tid\", \"ver\",\n ],\n code_challenge_methods_supported: [\"plain\", \"S256\"],\n });\n\n app.get(\"/.well-known/openid-configuration\", (c) => {\n return c.json(oidcConfig(DEFAULT_TENANT_ID));\n });\n\n app.get(\"/:tenant/v2.0/.well-known/openid-configuration\", (c) => {\n const tenant = c.req.param(\"tenant\");\n return c.json(oidcConfig(tenant === \"common\" || tenant === \"organizations\" || tenant === \"consumers\" ? DEFAULT_TENANT_ID : tenant));\n });\n\n // ---------- JWKS ----------\n\n app.get(\"/discovery/v2.0/keys\", async (c) => {\n const { publicKey } = await keyPairPromise;\n const jwk = await exportJWK(publicKey);\n return c.json({\n keys: [{\n ...jwk,\n kid: KID,\n use: \"sig\",\n alg: \"RS256\",\n }],\n });\n });\n\n // ---------- Authorization page ----------\n\n app.get(\"/oauth2/v2.0/authorize\", (c) => {\n const client_id = c.req.query(\"client_id\") ?? \"\";\n const redirect_uri = c.req.query(\"redirect_uri\") ?? \"\";\n const scope = c.req.query(\"scope\") ?? \"\";\n const state = c.req.query(\"state\") ?? \"\";\n const nonce = c.req.query(\"nonce\") ?? \"\";\n const response_mode = c.req.query(\"response_mode\") ?? \"query\";\n const code_challenge = c.req.query(\"code_challenge\") ?? \"\";\n const code_challenge_method = c.req.query(\"code_challenge_method\") ?? \"\";\n\n const clientsConfigured = ms.oauthClients.all().length > 0;\n let clientName = \"\";\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n clientName = client.name;\n }\n\n const subtitleText = clientName\n ? `Sign in to <strong>${escapeHtml(clientName)}</strong> with your Microsoft account.`\n : \"Choose a seeded user to continue.\";\n\n const users = ms.users.all();\n const userButtons = users\n .map((user) => {\n return renderUserButton({\n letter: (user.email[0] ?? \"?\").toUpperCase(),\n login: user.email,\n name: user.name,\n email: user.email,\n formAction: \"/oauth2/v2.0/authorize/callback\",\n hiddenFields: {\n email: user.email,\n redirect_uri,\n scope,\n state,\n nonce,\n client_id,\n response_mode,\n code_challenge,\n code_challenge_method,\n },\n });\n })\n .join(\"\\n\");\n\n const body = users.length === 0\n ? '<p class=\"empty\">No users in the emulator store.</p>'\n : userButtons;\n\n return c.html(renderCardPage(\"Sign in with Microsoft\", subtitleText, body, SERVICE_LABEL));\n });\n\n // ---------- Authorization callback ----------\n\n app.post(\"/oauth2/v2.0/authorize/callback\", async (c) => {\n const body = await c.req.parseBody();\n const email = bodyStr(body.email);\n const redirect_uri = bodyStr(body.redirect_uri);\n const scope = bodyStr(body.scope);\n const state = bodyStr(body.state);\n const client_id = bodyStr(body.client_id);\n const nonce = bodyStr(body.nonce);\n const response_mode = bodyStr(body.response_mode) || \"query\";\n const code_challenge = bodyStr(body.code_challenge);\n const code_challenge_method = bodyStr(body.code_challenge_method);\n\n // Validate redirect_uri against registered client\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n }\n\n const code = randomBytes(20).toString(\"hex\");\n\n getPendingCodes(store).set(code, {\n email,\n scope,\n redirectUri: redirect_uri,\n clientId: client_id,\n nonce: nonce || null,\n codeChallenge: code_challenge || null,\n codeChallengeMethod: code_challenge_method || null,\n created_at: Date.now(),\n });\n\n debug(\"microsoft.oauth\", `[Microsoft callback] code=${code.slice(0, 8)}... email=${email}`);\n\n if (response_mode === \"form_post\") {\n const html = `<!DOCTYPE html>\n<html>\n<head><title>Submit</title></head>\n<body onload=\"document.forms[0].submit()\">\n<form method=\"POST\" action=\"${escapeAttr(redirect_uri)}\">\n<input type=\"hidden\" name=\"code\" value=\"${escapeAttr(code)}\" />\n<input type=\"hidden\" name=\"state\" value=\"${escapeAttr(state)}\" />\n</form>\n</body>\n</html>`;\n return c.html(html);\n }\n\n // Default: query mode redirect\n const url = new URL(redirect_uri);\n url.searchParams.set(\"code\", code);\n if (state) url.searchParams.set(\"state\", state);\n\n return c.redirect(url.toString(), 302);\n });\n\n // ---------- Token exchange ----------\n\n app.post(\"/oauth2/v2.0/token\", async (c) => {\n const contentType = c.req.header(\"Content-Type\") ?? \"\";\n const rawText = await c.req.text();\n\n let body: Record<string, unknown>;\n if (contentType.includes(\"application/json\")) {\n try { body = JSON.parse(rawText); } catch { body = {}; }\n } else {\n body = Object.fromEntries(new URLSearchParams(rawText));\n }\n\n const grant_type = typeof body.grant_type === \"string\" ? body.grant_type : \"\";\n const code = typeof body.code === \"string\" ? body.code : \"\";\n let client_id = typeof body.client_id === \"string\" ? body.client_id : \"\";\n let client_secret = typeof body.client_secret === \"string\" ? body.client_secret : \"\";\n const refresh_token = typeof body.refresh_token === \"string\" ? body.refresh_token : \"\";\n const redirect_uri = typeof body.redirect_uri === \"string\" ? body.redirect_uri : \"\";\n const code_verifier = typeof body.code_verifier === \"string\" ? body.code_verifier : undefined;\n const scope = typeof body.scope === \"string\" ? body.scope : \"\";\n\n // Support client_secret_basic: credentials in Authorization header\n const authHeader = c.req.header(\"Authorization\") ?? \"\";\n if (authHeader.startsWith(\"Basic \")) {\n const decoded = Buffer.from(authHeader.slice(6), \"base64\").toString();\n const sep = decoded.indexOf(\":\");\n if (sep !== -1) {\n const headerId = decodeURIComponent(decoded.slice(0, sep));\n const headerSecret = decodeURIComponent(decoded.slice(sep + 1));\n if (!client_id) client_id = headerId;\n if (!client_secret) client_secret = headerSecret;\n }\n }\n\n if (grant_type === \"authorization_code\") {\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_id is incorrect.\" }, 401);\n }\n if (!constantTimeSecretEqual(client_secret, client.client_secret)) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_secret is incorrect.\" }, 401);\n }\n }\n\n const pendingMap = getPendingCodes(store);\n const pending = pendingMap.get(code);\n if (!pending) {\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n if (isPendingCodeExpired(pending)) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n\n // Verify redirect_uri matches the one used in the authorization request (RFC 6749 §4.1.3)\n if (pending.redirectUri && redirect_uri && pending.redirectUri !== redirect_uri) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The redirect_uri does not match the one used in the authorization request.\" }, 400);\n }\n\n // PKCE verification\n if (pending.codeChallenge !== null) {\n if (code_verifier === undefined) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n const method = (pending.codeChallengeMethod ?? \"plain\").toLowerCase();\n if (method === \"s256\") {\n const expected = createHash(\"sha256\").update(code_verifier).digest(\"base64url\");\n if (expected !== pending.codeChallenge) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n } else if (method === \"plain\") {\n if (code_verifier !== pending.codeChallenge) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n } else {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n }\n\n // Single-use: delete immediately\n pendingMap.delete(code);\n\n const user = ms.users.findOneBy(\"email\", pending.email as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const refreshToken = \"r_microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = pending.scope ? pending.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Store refresh token\n getRefreshTokens(store).set(refreshToken, {\n email: user.email,\n clientId: pending.clientId,\n scope: pending.scope,\n nonce: pending.nonce,\n });\n\n const idToken = await createIdToken(user, pending.clientId, pending.nonce, baseUrl);\n\n debug(\"microsoft.oauth\", `[Microsoft token] issued token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: pending.scope || \"openid email profile\",\n refresh_token: refreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"refresh_token\") {\n const refreshMap = getRefreshTokens(store);\n const stored = refreshMap.get(refresh_token);\n if (!stored) {\n return c.json({ error: \"invalid_grant\", error_description: \"The refresh_token is invalid.\" }, 400);\n }\n\n const user = ms.users.findOneBy(\"email\", stored.email as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const newRefreshToken = \"r_microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = stored.scope ? stored.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Rotate refresh token\n refreshMap.delete(refresh_token);\n refreshMap.set(newRefreshToken, {\n email: stored.email,\n clientId: stored.clientId,\n scope: stored.scope,\n nonce: stored.nonce,\n });\n\n const idToken = await createIdToken(user, stored.clientId || client_id, stored.nonce, baseUrl);\n\n debug(\"microsoft.oauth\", `[Microsoft refresh] issued new token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: stored.scope || \"openid email profile\",\n refresh_token: newRefreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"client_credentials\") {\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_id is incorrect.\" }, 401);\n }\n if (!constantTimeSecretEqual(client_secret, client.client_secret)) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_secret is incorrect.\" }, 401);\n }\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = scope ? scope.split(/\\s+/).filter(Boolean) : [\".default\"];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: client_id, id: 0, scopes });\n }\n\n debug(\"microsoft.oauth\", `[Microsoft client_credentials] issued token for ${client_id}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: scope || \".default\",\n });\n }\n\n return c.json({ error: \"unsupported_grant_type\", error_description: \"Only authorization_code, refresh_token, and client_credentials are supported.\" }, 400);\n });\n\n // ---------- UserInfo (Microsoft Graph /oidc/userinfo) ----------\n\n app.get(\"/oidc/userinfo\", (c) => {\n const authUser = c.get(\"authUser\");\n if (!authUser) {\n return c.json({ error: \"invalid_token\", error_description: \"Authentication required.\" }, 401);\n }\n\n const user = ms.users.findOneBy(\"email\", authUser.login as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_token\", error_description: \"User not found.\" }, 401);\n }\n\n return c.json({\n sub: user.oid,\n email: user.email,\n name: user.name,\n given_name: user.given_name,\n family_name: user.family_name,\n preferred_username: user.preferred_username,\n });\n });\n\n // ---------- Microsoft Graph /me endpoint ----------\n\n app.get(\"/v1.0/me\", (c) => {\n const authUser = c.get(\"authUser\");\n if (!authUser) {\n return c.json({ error: { code: \"InvalidAuthenticationToken\", message: \"Authentication required.\" } }, 401);\n }\n\n const user = ms.users.findOneBy(\"email\", authUser.login as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: { code: \"Request_ResourceNotFound\", message: \"User not found.\" } }, 404);\n }\n\n return c.json({\n \"@odata.context\": `${baseUrl}/v1.0/$metadata#users/$entity`,\n id: user.oid,\n displayName: user.name,\n givenName: user.given_name,\n surname: user.family_name,\n mail: user.email,\n userPrincipalName: user.preferred_username,\n });\n });\n\n // ---------- Logout ----------\n\n app.get(\"/oauth2/v2.0/logout\", (c) => {\n const post_logout_redirect_uri = c.req.query(\"post_logout_redirect_uri\");\n if (post_logout_redirect_uri) {\n // Validate against registered client redirect URIs\n const allClients = ms.oauthClients.all();\n if (allClients.length > 0) {\n const allowed = allClients.some((client) =>\n matchesRedirectUri(post_logout_redirect_uri, client.redirect_uris),\n );\n if (!allowed) {\n return c.text(\"Invalid post_logout_redirect_uri\", 400);\n }\n }\n return c.redirect(post_logout_redirect_uri, 302);\n }\n return c.text(\"Logged out\", 200);\n });\n\n // ---------- Token revocation ----------\n\n app.post(\"/oauth2/v2.0/revoke\", async (c) => {\n const contentType = c.req.header(\"Content-Type\") ?? \"\";\n const rawText = await c.req.text();\n\n let token: string;\n if (contentType.includes(\"application/json\")) {\n try {\n const parsed = JSON.parse(rawText);\n token = typeof parsed.token === \"string\" ? parsed.token : \"\";\n } catch {\n token = \"\";\n }\n } else {\n const params = new URLSearchParams(rawText);\n token = params.get(\"token\") ?? \"\";\n }\n\n if (token && tokenMap) {\n tokenMap.delete(token);\n }\n\n // Also check refresh tokens\n if (token) {\n getRefreshTokens(store).delete(token);\n }\n\n return c.body(null, 200);\n });\n}\n","export interface Entity {\n id: number;\n created_at: string;\n updated_at: string;\n}\n\nexport type InsertInput<T extends Entity> = Omit<T, \"id\" | \"created_at\" | \"updated_at\"> & { id?: number };\n\nexport type FilterFn<T> = (item: T) => boolean;\nexport type SortFn<T> = (a: T, b: T) => number;\n\nexport interface QueryOptions<T> {\n filter?: FilterFn<T>;\n sort?: SortFn<T>;\n page?: number;\n per_page?: number;\n}\n\nexport interface PaginatedResult<T> {\n items: T[];\n total_count: number;\n page: number;\n per_page: number;\n has_next: boolean;\n has_prev: boolean;\n}\n\nexport class Collection<T extends Entity> {\n private items = new Map<number, T>();\n private indexes = new Map<string, Map<string | number, Set<number>>>();\n private autoId = 1;\n readonly fieldNames: string[];\n\n constructor(private indexFields: (keyof T)[] = []) {\n this.fieldNames = indexFields.map(String).sort();\n for (const field of indexFields) {\n this.indexes.set(String(field), new Map());\n }\n }\n\n private addToIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n if (!indexMap.has(key)) {\n indexMap.set(key, new Set());\n }\n indexMap.get(key)!.add(item.id);\n }\n }\n\n private removeFromIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n indexMap.get(key)?.delete(item.id);\n }\n }\n\n insert(data: InsertInput<T>): T {\n const now = new Date().toISOString();\n const explicitId = data.id != null && data.id > 0 ? data.id : undefined;\n const id = explicitId ?? this.autoId++;\n if (id >= this.autoId) {\n this.autoId = id + 1;\n }\n const item = {\n ...data,\n id,\n created_at: now,\n updated_at: now,\n } as unknown as T;\n this.items.set(id, item);\n this.addToIndex(item);\n return item;\n }\n\n get(id: number): T | undefined {\n return this.items.get(id);\n }\n\n findBy(field: keyof T, value: T[keyof T] | string | number): T[] {\n if (this.indexes.has(String(field))) {\n const ids = this.indexes.get(String(field))!.get(String(value));\n if (!ids) return [];\n return Array.from(ids).map((id) => this.items.get(id)!).filter(Boolean);\n }\n return this.all().filter((item) => item[field] === value);\n }\n\n findOneBy(field: keyof T, value: T[keyof T] | string | number): T | undefined {\n return this.findBy(field, value)[0];\n }\n\n update(id: number, data: Partial<T>): T | undefined {\n const existing = this.items.get(id);\n if (!existing) return undefined;\n this.removeFromIndex(existing);\n const updated = {\n ...existing,\n ...data,\n id,\n updated_at: new Date().toISOString(),\n } as T;\n this.items.set(id, updated);\n this.addToIndex(updated);\n return updated;\n }\n\n delete(id: number): boolean {\n const existing = this.items.get(id);\n if (!existing) return false;\n this.removeFromIndex(existing);\n return this.items.delete(id);\n }\n\n all(): T[] {\n return Array.from(this.items.values());\n }\n\n query(options: QueryOptions<T> = {}): PaginatedResult<T> {\n let results = this.all();\n\n if (options.filter) {\n results = results.filter(options.filter);\n }\n\n const total_count = results.length;\n\n if (options.sort) {\n results.sort(options.sort);\n }\n\n const page = options.page ?? 1;\n const per_page = Math.min(options.per_page ?? 30, 100);\n const start = (page - 1) * per_page;\n const paged = results.slice(start, start + per_page);\n\n return {\n items: paged,\n total_count,\n page,\n per_page,\n has_next: start + per_page < total_count,\n has_prev: page > 1,\n };\n }\n\n count(filter?: FilterFn<T>): number {\n if (!filter) return this.items.size;\n return this.all().filter(filter).length;\n }\n\n clear(): void {\n this.items.clear();\n for (const indexMap of this.indexes.values()) {\n indexMap.clear();\n }\n this.autoId = 1;\n }\n}\n\nexport class Store {\n private collections = new Map<string, Collection<any>>();\n private _data = new Map<string, unknown>();\n\n collection<T extends Entity>(name: string, indexFields: (keyof T)[] = []): Collection<T> {\n const existing = this.collections.get(name);\n if (existing) {\n if (indexFields.length > 0) {\n const requested = indexFields.map(String).sort();\n if (existing.fieldNames.length !== requested.length || existing.fieldNames.some((f, i) => f !== requested[i])) {\n throw new Error(\n `Collection \"${name}\" already exists with indexes [${existing.fieldNames}] but was requested with [${requested}]`\n );\n }\n }\n return existing as Collection<T>;\n }\n const col = new Collection<T>(indexFields);\n this.collections.set(name, col);\n return col;\n }\n\n getData<V>(key: string): V | undefined {\n return this._data.get(key) as V | undefined;\n }\n\n setData<V>(key: string, value: V): void {\n this._data.set(key, value);\n }\n\n reset(): void {\n for (const collection of this.collections.values()) {\n collection.clear();\n }\n this._data.clear();\n }\n}\n","import { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport { Store } from \"./store.js\";\nimport { WebhookDispatcher } from \"./webhooks.js\";\nimport { createApiErrorHandler, createErrorHandler } from \"./middleware/error-handler.js\";\nimport { authMiddleware, type AuthFallback, type TokenMap, type AppKeyResolver, type AppEnv } from \"./middleware/auth.js\";\nimport type { ServicePlugin } from \"./plugin.js\";\nimport { registerFontRoutes } from \"./fonts.js\";\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n docsUrl?: string;\n tokens?: Record<string, { login: string; id: number; scopes?: string[] }>;\n appKeyResolver?: AppKeyResolver;\n fallbackUser?: AuthFallback;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4000;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<AppEnv>();\n const store = new Store();\n const webhooks = new WebhookDispatcher();\n\n const tokenMap: TokenMap = new Map();\n if (options.tokens) {\n for (const [token, user] of Object.entries(options.tokens)) {\n tokenMap.set(token, {\n login: user.login,\n id: user.id,\n scopes: user.scopes ?? [\"repo\", \"user\", \"admin:org\", \"admin:repo_hook\"],\n });\n }\n }\n\n const docsUrl = options.docsUrl ?? `https://emulate.dev/${plugin.name}`;\n\n registerFontRoutes(app);\n\n app.onError(createApiErrorHandler(docsUrl));\n app.use(\"*\", cors());\n app.use(\"*\", createErrorHandler(docsUrl));\n app.use(\"*\", authMiddleware(tokenMap, options.appKeyResolver, options.fallbackUser));\n\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use(\"*\", async (c, next) => {\n const token = c.get(\"authToken\") ?? \"__anonymous__\";\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [key, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(key);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(token);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 5000, resetAt: now + 3600 };\n rateLimitCounters.set(token, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header(\"X-RateLimit-Limit\", \"5000\");\n c.header(\"X-RateLimit-Remaining\", String(counter.remaining));\n c.header(\"X-RateLimit-Reset\", String(counter.resetAt));\n c.header(\"X-RateLimit-Resource\", \"core\");\n\n if (counter.remaining === 0) {\n return c.json(\n {\n message: \"API rate limit exceeded\",\n documentation_url: docsUrl,\n },\n 403\n );\n }\n\n await next();\n });\n\n plugin.register(app, store, webhooks, baseUrl, tokenMap);\n\n app.notFound((c) =>\n c.json(\n {\n message: \"Not Found\",\n documentation_url: docsUrl,\n },\n 404\n )\n );\n\n return { app, store, webhooks, port, baseUrl, tokenMap };\n}\n","import { createHmac } from \"crypto\";\n\nexport interface WebhookSubscription {\n id: number;\n url: string;\n events: string[];\n active: boolean;\n secret?: string;\n owner: string;\n repo?: string;\n}\n\nexport interface WebhookDelivery {\n id: number;\n hook_id: number;\n event: string;\n action?: string;\n payload: unknown;\n status_code: number | null;\n delivered_at: string;\n duration: number | null;\n success: boolean;\n}\n\nconst MAX_DELIVERIES = 1000;\n\nexport class WebhookDispatcher {\n private subscriptions: WebhookSubscription[] = [];\n private deliveries: WebhookDelivery[] = [];\n private subscriptionIdCounter = 1;\n private deliveryIdCounter = 1;\n\n register(sub: Omit<WebhookSubscription, \"id\"> & { id?: number }): WebhookSubscription {\n const { id: explicitId, ...rest } = sub;\n const id = explicitId !== undefined ? explicitId : this.subscriptionIdCounter++;\n if (id >= this.subscriptionIdCounter) {\n this.subscriptionIdCounter = id + 1;\n }\n const subscription: WebhookSubscription = { ...rest, id };\n this.subscriptions.push(subscription);\n return subscription;\n }\n\n unregister(id: number): boolean {\n const idx = this.subscriptions.findIndex((s) => s.id === id);\n if (idx === -1) return false;\n this.subscriptions.splice(idx, 1);\n return true;\n }\n\n getSubscription(id: number): WebhookSubscription | undefined {\n return this.subscriptions.find((s) => s.id === id);\n }\n\n getSubscriptions(owner?: string, repo?: string): WebhookSubscription[] {\n return this.subscriptions.filter((s) => {\n if (owner && s.owner !== owner) return false;\n if (repo !== undefined && s.repo !== repo) return false;\n return true;\n });\n }\n\n updateSubscription(\n id: number,\n data: Partial<Pick<WebhookSubscription, \"url\" | \"events\" | \"active\" | \"secret\">>\n ): WebhookSubscription | undefined {\n const sub = this.subscriptions.find((s) => s.id === id);\n if (!sub) return undefined;\n Object.assign(sub, data);\n return sub;\n }\n\n async dispatch(event: string, action: string | undefined, payload: unknown, owner: string, repo?: string): Promise<void> {\n const matchingSubs = this.subscriptions.filter((s) => {\n if (!s.active) return false;\n if (s.owner !== owner) return false;\n if (repo !== undefined) {\n if (s.repo !== repo) return false;\n } else if (s.repo !== undefined) {\n return false;\n }\n return (\n event === \"ping\" ||\n s.events.includes(\"*\") ||\n s.events.includes(event)\n );\n });\n\n for (const sub of matchingSubs) {\n const delivery: WebhookDelivery = {\n id: this.deliveryIdCounter++,\n hook_id: sub.id,\n event,\n action,\n payload,\n status_code: null,\n delivered_at: new Date().toISOString(),\n duration: null,\n success: false,\n };\n\n const body = JSON.stringify(payload);\n\n const signatureHeaders: Record<string, string> = {};\n if (sub.secret) {\n const hmac = createHmac(\"sha256\", sub.secret).update(body).digest(\"hex\");\n signatureHeaders[\"X-Hub-Signature-256\"] = `sha256=${hmac}`;\n }\n\n try {\n const start = Date.now();\n const response = await fetch(sub.url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"X-GitHub-Event\": event,\n \"X-GitHub-Delivery\": String(delivery.id),\n ...signatureHeaders,\n },\n body,\n signal: AbortSignal.timeout(10000),\n });\n delivery.duration = Date.now() - start;\n delivery.status_code = response.status;\n delivery.success = response.ok;\n } catch {\n delivery.duration = 0;\n delivery.success = false;\n }\n\n this.deliveries.push(delivery);\n if (this.deliveries.length > MAX_DELIVERIES) {\n this.deliveries.splice(0, this.deliveries.length - MAX_DELIVERIES);\n }\n }\n }\n\n getDeliveries(hookId?: number): WebhookDelivery[] {\n if (hookId !== undefined) {\n return this.deliveries.filter((d) => d.hook_id === hookId);\n }\n return [...this.deliveries];\n }\n\n clear(): void {\n this.subscriptions.length = 0;\n this.deliveries.length = 0;\n this.subscriptionIdCounter = 1;\n this.deliveryIdCounter = 1;\n }\n}\n","import type { Context, ErrorHandler, MiddlewareHandler } from \"hono\";\nimport type { ContentfulStatusCode } from \"hono/utils/http-status\";\n\nconst DEFAULT_DOCS_URL = \"https://emulate.dev\";\n\nfunction getDocsUrl(c: Context): string {\n return (c.get(\"docsUrl\") as string | undefined) ?? DEFAULT_DOCS_URL;\n}\n\nfunction errorStatus(err: unknown): number {\n if (err && typeof err === \"object\" && \"status\" in err) {\n const s = (err as { status: unknown }).status;\n if (typeof s === \"number\" && Number.isFinite(s)) return s;\n }\n return 500;\n}\n\n/**\n * Use with `app.onError(...)`. Hono routes handler throws to the app error handler, not to outer middleware try/catch.\n */\nexport function createApiErrorHandler(documentationUrl?: string): ErrorHandler {\n return (err, c) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n const status = errorStatus(err);\n const message = err instanceof Error ? err.message : \"Internal Server Error\";\n return c.json(\n {\n message,\n documentation_url: getDocsUrl(c),\n },\n status as ContentfulStatusCode\n );\n };\n}\n\n/** Sets `docsUrl` on the context for successful responses; register `createApiErrorHandler` for thrown `ApiError`s. */\nexport function createErrorHandler(documentationUrl?: string): MiddlewareHandler {\n return async (c, next) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n await next();\n };\n}\n\nexport const errorHandler: MiddlewareHandler = createErrorHandler();\n\nexport class ApiError extends Error {\n constructor(\n public status: number,\n message: string,\n public errors?: Array<{ resource: string; field: string; code: string }>\n ) {\n super(message);\n this.name = \"ApiError\";\n }\n}\n\nexport function notFound(resource?: string): ApiError {\n return new ApiError(404, resource ? `${resource} not found` : \"Not Found\");\n}\n\nexport function validationError(message: string, errors?: ApiError[\"errors\"]): ApiError {\n return new ApiError(422, message, errors);\n}\n\nexport function unauthorized(): ApiError {\n return new ApiError(401, \"Requires authentication\");\n}\n\nexport function forbidden(): ApiError {\n return new ApiError(403, \"Forbidden\");\n}\n\nexport async function parseJsonBody(c: Context): Promise<Record<string, unknown>> {\n try {\n const body = await c.req.json();\n if (body && typeof body === \"object\" && !Array.isArray(body)) {\n return body as Record<string, unknown>;\n }\n return {};\n } catch {\n throw new ApiError(400, \"Problems parsing JSON\");\n }\n}\n","import type { Context, Next } from \"hono\";\nimport { jwtVerify, importPKCS8 } from \"jose\";\nimport { debug } from \"../debug.js\";\n\nexport interface AuthUser {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport interface AuthApp {\n appId: number;\n slug: string;\n name: string;\n}\n\nexport interface AuthInstallation {\n installationId: number;\n appId: number;\n permissions: Record<string, string>;\n repositoryIds: number[];\n repositorySelection: \"all\" | \"selected\";\n}\n\nexport type TokenMap = Map<string, AuthUser>;\n\nexport type AppEnv = {\n Variables: {\n authUser?: AuthUser;\n authApp?: AuthApp;\n authToken?: string;\n authScopes?: string[];\n docsUrl?: string;\n };\n};\n\nexport interface AppKeyResolver {\n (appId: number): { privateKey: string; slug: string; name: string } | null;\n}\n\nexport interface AuthFallback {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function authMiddleware(tokens: TokenMap, appKeyResolver?: AppKeyResolver, fallbackUser?: AuthFallback) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header(\"Authorization\");\n if (authHeader) {\n const token = authHeader.replace(/^(Bearer|token)\\s+/i, \"\").trim();\n\n if (token.startsWith(\"eyJ\") && appKeyResolver) {\n try {\n const [, payloadB64] = token.split(\".\");\n const payload = JSON.parse(\n Buffer.from(payloadB64, \"base64url\").toString()\n );\n const appId = typeof payload.iss === \"string\" ? parseInt(payload.iss, 10) : payload.iss;\n\n if (typeof appId === \"number\" && !isNaN(appId)) {\n const appInfo = appKeyResolver(appId);\n if (appInfo) {\n const key = await importPKCS8(appInfo.privateKey, \"RS256\");\n await jwtVerify(token, key, { algorithms: [\"RS256\"] });\n c.set(\"authApp\", {\n appId,\n slug: appInfo.slug,\n name: appInfo.name,\n } satisfies AuthApp);\n }\n }\n } catch {\n // JWT verification failed\n }\n } else {\n let user = tokens.get(token);\n if (!user && fallbackUser && token.length > 0) {\n debug(\"auth\", \"fallback user for unknown token\", { login: fallbackUser.login, id: fallbackUser.id });\n user = { login: fallbackUser.login, id: fallbackUser.id, scopes: fallbackUser.scopes };\n }\n if (user) {\n c.set(\"authUser\", user);\n c.set(\"authToken\", token);\n c.set(\"authScopes\", user.scopes);\n }\n }\n }\n await next();\n };\n}\n\nexport function requireAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authUser\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"Requires authentication\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n\nexport function requireAppAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authApp\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"A JSON web token could not be decoded\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n","const isDebug = typeof process !== \"undefined\" && (process.env.DEBUG === \"1\" || process.env.DEBUG === \"true\" || process.env.EMULATE_DEBUG === \"1\");\n\nexport function debug(label: string, ...args: unknown[]): void {\n if (isDebug) {\n console.log(`[${label}]`, ...args);\n }\n}\n","import { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, join } from \"node:path\";\nimport type { Hono } from \"hono\";\nimport type { AppEnv } from \"./middleware/auth.js\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\n\nconst FONTS: Record<string, Buffer> = {\n \"geist-sans.woff2\": readFileSync(join(__dirname, \"fonts\", \"geist-sans.woff2\")),\n \"GeistPixel-Square.woff2\": readFileSync(join(__dirname, \"fonts\", \"GeistPixel-Square.woff2\")),\n};\n\nexport function registerFontRoutes(app: Hono<AppEnv>): void {\n app.get(\"/_emulate/fonts/:name\", (c) => {\n const name = c.req.param(\"name\");\n const buf = FONTS[name];\n if (!buf) return c.notFound();\n return new Response(buf, {\n headers: {\n \"Content-Type\": \"font/woff2\",\n \"Cache-Control\": \"public, max-age=31536000, immutable\",\n \"Access-Control-Allow-Origin\": \"*\",\n },\n });\n });\n}\n","import type { Context } from \"hono\";\n\nexport interface PaginationParams {\n page: number;\n per_page: number;\n}\n\nexport function parsePagination(c: Context): PaginationParams {\n const page = Math.max(1, parseInt(c.req.query(\"page\") ?? \"1\", 10) || 1);\n const per_page = Math.min(100, Math.max(1, parseInt(c.req.query(\"per_page\") ?? \"30\", 10) || 30));\n return { page, per_page };\n}\n\nexport function setLinkHeader(\n c: Context,\n totalCount: number,\n page: number,\n perPage: number\n): void {\n const lastPage = Math.max(1, Math.ceil(totalCount / perPage));\n const baseUrl = new URL(c.req.url);\n const links: string[] = [];\n\n const makeLink = (p: number, rel: string) => {\n baseUrl.searchParams.set(\"page\", String(p));\n baseUrl.searchParams.set(\"per_page\", String(perPage));\n return `<${baseUrl.toString()}>; rel=\"${rel}\"`;\n };\n\n if (page < lastPage) {\n links.push(makeLink(page + 1, \"next\"));\n links.push(makeLink(lastPage, \"last\"));\n }\n if (page > 1) {\n links.push(makeLink(1, \"first\"));\n links.push(makeLink(page - 1, \"prev\"));\n }\n\n if (links.length > 0) {\n c.header(\"Link\", links.join(\", \"));\n }\n}\n","export function escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\")\n .replace(/\"/g, \""\");\n}\n\nexport function escapeAttr(s: string): string {\n return escapeHtml(s).replace(/'/g, \"'\");\n}\n\nconst CSS = `\n@font-face{\n font-family:'Geist';font-style:normal;font-weight:100 900;font-display:swap;\n src:url('/_emulate/fonts/geist-sans.woff2') format('woff2');\n}\n@font-face{\n font-family:'Geist Pixel';font-style:normal;font-weight:400;font-display:swap;\n src:url('/_emulate/fonts/GeistPixel-Square.woff2') format('woff2');\n}\n*{box-sizing:border-box;margin:0;padding:0}\nbody{\n font-family:'Geist',-apple-system,BlinkMacSystemFont,sans-serif;\n background:#000;color:#33ff00;min-height:100vh;\n -webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;\n}\n.emu-bar{\n border-bottom:1px solid #0a3300;padding:10px 20px;\n display:flex;align-items:center;gap:10px;font-size:.8125rem;color:#1a8c00;\n}\n.emu-bar-title{font-weight:600;color:#33ff00;font-family:'Geist Pixel',monospace;}\n.emu-bar-links{margin-left:auto;display:flex;gap:16px;}\n.emu-bar-links a{\n color:#1a8c00;font-size:.75rem;text-decoration:none;transition:color .15s;\n}\n.emu-bar-links a:hover{color:#33ff00;}\n.emu-bar-links a .full{display:inline;}\n.emu-bar-links a .short{display:none;}\n@media(max-width:600px){\n .emu-bar-links a .full{display:none;}\n .emu-bar-links a .short{display:inline;}\n}\n\n.content{\n display:flex;align-items:center;justify-content:center;\n min-height:calc(100vh - 42px);padding:24px 16px;\n}\n.content-inner{width:100%;max-width:420px;}\n.card-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.125rem;font-weight:600;margin-bottom:4px;color:#33ff00;\n}\n.card-subtitle{color:#1a8c00;font-size:.8125rem;margin-bottom:18px;line-height:1.45;}\n.powered-by{\n position:fixed;bottom:0;left:0;right:0;\n text-align:center;padding:12px;font-size:.6875rem;color:#0a3300;\n font-family:'Geist Pixel',monospace;\n}\n.powered-by a{color:#1a8c00;text-decoration:none;transition:color .15s;}\n.powered-by a:hover{color:#33ff00;}\n\n.error-title{\n font-family:'Geist Pixel',monospace;\n color:#ff4444;font-size:1.125rem;font-weight:600;margin-bottom:8px;\n}\n.error-msg{color:#1a8c00;font-size:.875rem;line-height:1.5;}\n.error-card{text-align:center;}\n\n.user-form{margin-bottom:8px;}\n.user-form:last-of-type{margin-bottom:0;}\n.user-btn{\n width:100%;display:flex;align-items:center;gap:12px;\n padding:10px 12px;border:1px solid #0a3300;border-radius:8px;\n background:#000;color:inherit;cursor:pointer;text-align:left;\n font:inherit;transition:border-color .15s;\n}\n.user-btn:hover{border-color:#33ff00;}\n.avatar{\n width:36px;height:36px;border-radius:50%;\n background:#0a3300;color:#33ff00;font-weight:600;font-size:.875rem;\n display:flex;align-items:center;justify-content:center;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.user-text{min-width:0;}\n.user-login{font-weight:600;font-size:.875rem;display:block;color:#33ff00;}\n.user-meta{color:#1a8c00;font-size:.75rem;margin-top:1px;}\n.user-email{font-size:.6875rem;color:#116600;word-break:break-all;margin-top:1px;}\n\n.settings-layout{\n max-width:920px;margin:0 auto;padding:28px 20px;\n display:flex;gap:28px;\n}\n.settings-sidebar{width:200px;flex-shrink:0;}\n.settings-sidebar a{\n display:block;padding:6px 10px;border-radius:6px;color:#1a8c00;\n text-decoration:none;font-size:.8125rem;transition:color .15s;\n}\n.settings-sidebar a:hover{color:#33ff00;}\n.settings-sidebar a.active{color:#33ff00;font-weight:600;}\n.settings-main{flex:1;min-width:0;}\n\n.s-card{\n padding:18px 0;margin-bottom:14px;border-bottom:1px solid #0a3300;\n}\n.s-card:last-child{border-bottom:none;}\n.s-card-header{display:flex;align-items:center;gap:14px;margin-bottom:14px;}\n.s-icon{\n width:42px;height:42px;border-radius:8px;\n background:#0a3300;display:flex;align-items:center;justify-content:center;\n font-size:1.125rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.s-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.25rem;font-weight:600;color:#33ff00;\n}\n.s-subtitle{font-size:.75rem;color:#1a8c00;margin-top:2px;}\n.section-heading{\n font-size:.9375rem;font-weight:600;margin-bottom:10px;color:#33ff00;\n display:flex;align-items:center;justify-content:space-between;\n}\n.perm-list{list-style:none;}\n.perm-list li{padding:5px 0;font-size:.8125rem;display:flex;align-items:center;gap:6px;color:#1a8c00;}\n.check{color:#33ff00;}\n.org-row{\n display:flex;align-items:center;gap:8px;padding:7px 0;\n border-bottom:1px solid #0a3300;font-size:.8125rem;\n}\n.org-row:last-child{border-bottom:none;}\n.org-icon{\n width:22px;height:22px;border-radius:4px;background:#0a3300;\n display:flex;align-items:center;justify-content:center;\n font-size:.625rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.org-name{font-weight:600;color:#33ff00;}\n.badge{font-size:.6875rem;padding:1px 7px;border-radius:999px;font-weight:500;}\n.badge-granted{background:#0a3300;color:#33ff00;}\n.badge-denied{background:#1a0a0a;color:#ff4444;}\n.badge-requested{background:#0a3300;color:#1a8c00;}\n.btn-revoke{\n display:inline-block;padding:5px 14px;border-radius:6px;\n border:1px solid #0a3300;background:transparent;color:#ff4444;\n font-size:.75rem;font-weight:600;cursor:pointer;transition:border-color .15s;\n}\n.btn-revoke:hover{border-color:#ff4444;}\n.info-text{color:#1a8c00;font-size:.75rem;line-height:1.5;margin-top:10px;}\n.app-link{\n display:flex;align-items:center;gap:12px;padding:12px;\n border:1px solid #0a3300;border-radius:8px;background:#000;\n text-decoration:none;color:inherit;margin-bottom:8px;transition:border-color .15s;\n}\n.app-link:hover{border-color:#33ff00;}\n.app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}\n.app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}\n.empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}\n`;\n\nconst POWERED_BY = `<div class=\"powered-by\">Powered by <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\">emulate</a></div>`;\n\nfunction emuBar(service?: string): string {\n const title = service ? `${escapeHtml(service)} Emulator` : \"Emulator\";\n return `<div class=\"emu-bar\">\n <span class=\"emu-bar-title\">${title}</span>\n <nav class=\"emu-bar-links\">\n <a href=\"https://github.com/vercel-labs/emulate/issues\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Report Issue</span><span class=\"short\">Report</span></a>\n <a href=\"https://github.com/vercel-labs/emulate\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Source Code</span><span class=\"short\">Source</span></a>\n <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Learn More</span><span class=\"short\">Learn</span></a>\n </nav>\n</div>`;\n}\n\nfunction head(title: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\"/>\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/>\n<title>${escapeHtml(title)} | emulate</title>\n<style>${CSS}</style>\n</head>`;\n}\n\nexport function renderCardPage(\n title: string,\n subtitle: string,\n body: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner\">\n <div class=\"card-title\">${escapeHtml(title)}</div>\n <div class=\"card-subtitle\">${subtitle}</div>\n ${body}\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderErrorPage(title: string, message: string, service?: string): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner error-card\">\n <div class=\"error-title\">${escapeHtml(title)}</div>\n <div class=\"error-msg\">${escapeHtml(message)}</div>\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderSettingsPage(\n title: string,\n sidebarHtml: string,\n bodyHtml: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"settings-layout\">\n <nav class=\"settings-sidebar\">${sidebarHtml}</nav>\n <div class=\"settings-main\">${bodyHtml}</div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport interface UserButtonOptions {\n letter: string;\n login: string;\n name?: string;\n email?: string;\n formAction: string;\n hiddenFields: Record<string, string>;\n}\n\nexport function renderUserButton(opts: UserButtonOptions): string {\n const hiddens = Object.entries(opts.hiddenFields)\n .map(([k, v]) => `<input type=\"hidden\" name=\"${escapeAttr(k)}\" value=\"${escapeAttr(v)}\"/>`)\n .join(\"\");\n\n const nameLine = opts.name\n ? `<div class=\"user-meta\">${escapeHtml(opts.name)}</div>`\n : \"\";\n const emailLine = opts.email\n ? `<div class=\"user-email\">${escapeHtml(opts.email)}</div>`\n : \"\";\n\n return `<form class=\"user-form\" method=\"post\" action=\"${escapeAttr(opts.formAction)}\">\n${hiddens}\n<button type=\"submit\" class=\"user-btn\">\n <span class=\"avatar\">${escapeHtml(opts.letter)}</span>\n <span class=\"user-text\">\n <span class=\"user-login\">${escapeHtml(opts.login)}</span>\n ${nameLine}${emailLine}\n </span>\n</button>\n</form>`;\n}\n","import { timingSafeEqual } from \"crypto\";\n\nexport function normalizeUri(uri: string): string {\n try {\n const u = new URL(uri);\n return `${u.origin}${u.pathname.replace(/\\/+$/, \"\")}`;\n } catch {\n return uri.replace(/\\/+$/, \"\").split(\"?\")[0];\n }\n}\n\nexport function matchesRedirectUri(incoming: string, registered: string[]): boolean {\n const normalized = normalizeUri(incoming);\n return registered.some((r) => normalizeUri(r) === normalized);\n}\n\nexport function constantTimeSecretEqual(a: string, b: string): boolean {\n const bufA = Buffer.from(a, \"utf-8\");\n const bufB = Buffer.from(b, \"utf-8\");\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n\nexport function bodyStr(v: unknown): string {\n if (typeof v === \"string\") return v;\n if (Array.isArray(v) && typeof v[0] === \"string\") return v[0];\n return \"\";\n}\n\nexport function parseCookies(header: string): Record<string, string> {\n const cookies: Record<string, string> = {};\n for (const part of header.split(\";\")) {\n const [k, ...v] = part.split(\"=\");\n if (k) cookies[k.trim()] = v.join(\"=\").trim();\n }\n return cookies;\n}\n","import type { Hono } from \"hono\";\nimport type { ServicePlugin, Store, WebhookDispatcher, TokenMap, AppEnv, RouteContext } from \"@emulators/core\";\nimport { getMicrosoftStore } from \"./store.js\";\nimport { generateOid, DEFAULT_TENANT_ID } from \"./helpers.js\";\nimport { oauthRoutes } from \"./routes/oauth.js\";\n\nexport { getMicrosoftStore, type MicrosoftStore } from \"./store.js\";\nexport * from \"./entities.js\";\n\n\nexport interface MicrosoftSeedConfig {\n users?: Array<{\n email: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n tenant_id?: string;\n }>;\n oauth_clients?: Array<{\n client_id: string;\n client_secret: string;\n name: string;\n redirect_uris: string[];\n tenant_id?: string;\n }>;\n}\n\nfunction seedDefaults(store: Store, _baseUrl: string): void {\n const ms = getMicrosoftStore(store);\n\n ms.users.insert({\n oid: generateOid(),\n email: \"testuser@outlook.com\",\n name: \"Test User\",\n given_name: \"Test\",\n family_name: \"User\",\n email_verified: true,\n tenant_id: DEFAULT_TENANT_ID,\n preferred_username: \"testuser@outlook.com\",\n });\n}\n\nexport function seedFromConfig(store: Store, _baseUrl: string, config: MicrosoftSeedConfig): void {\n const ms = getMicrosoftStore(store);\n\n if (config.users) {\n for (const u of config.users) {\n const existing = ms.users.findOneBy(\"email\", u.email);\n if (existing) continue;\n\n const nameParts = (u.name ?? \"\").split(/\\s+/);\n ms.users.insert({\n oid: generateOid(),\n email: u.email,\n name: u.name ?? u.email.split(\"@\")[0],\n given_name: u.given_name ?? nameParts[0] ?? \"\",\n family_name: u.family_name ?? nameParts.slice(1).join(\" \") ?? \"\",\n email_verified: true,\n tenant_id: u.tenant_id ?? DEFAULT_TENANT_ID,\n preferred_username: u.email,\n });\n }\n }\n\n if (config.oauth_clients) {\n for (const client of config.oauth_clients) {\n const existing = ms.oauthClients.findOneBy(\"client_id\", client.client_id);\n if (existing) continue;\n ms.oauthClients.insert({\n client_id: client.client_id,\n client_secret: client.client_secret,\n name: client.name,\n redirect_uris: client.redirect_uris,\n tenant_id: client.tenant_id ?? DEFAULT_TENANT_ID,\n });\n }\n }\n}\n\nexport const microsoftPlugin: ServicePlugin = {\n name: \"microsoft\",\n register(app: Hono<AppEnv>, store: Store, webhooks: WebhookDispatcher, baseUrl: string, tokenMap?: TokenMap): void {\n const ctx: RouteContext = { app, store, webhooks, baseUrl, tokenMap };\n oauthRoutes(ctx);\n },\n seed(store: Store, baseUrl: string): void {\n seedDefaults(store, baseUrl);\n },\n};\n\nexport default microsoftPlugin;\n"],"mappings":";AAQO,SAAS,kBAAkB,OAA8B;AAC9D,SAAO;AAAA,IACL,OAAO,MAAM,WAA0B,mBAAmB,CAAC,OAAO,OAAO,CAAC;AAAA,IAC1E,cAAc,MAAM,WAAiC,2BAA2B,CAAC,WAAW,CAAC;AAAA,EAC/F;AACF;;;ACbA,SAAS,kBAAkB;AAGpB,IAAM,oBAAoB;AAK1B,SAAS,cAAsB;AACpC,SAAO,WAAW;AACpB;;;ACVA,SAAS,YAAY,mBAAmB;AACxC,SAAS,SAAS,WAAW,uBAAuB;;;AEDpD,SAAS,YAAY;AACrB,SAAS,YAAY;AGArB,SAAS,WAAW,mBAAmB;AEDvC,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,YAAY;AGF9B,SAAS,uBAAuB;ANsCzB,SAAS,mBAAmB,kBAA8C;AAC/E,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,kBAAkB;AACpB,QAAE,IAAI,WAAW,gBAAgB;IACnC;AACA,UAAM,KAAK;EACb;AACF;AAEO,IAAM,eAAkC,mBAAmB;AE/ClE,IAAM,UAAU,OAAO,YAAY,gBAAgB,QAAQ,IAAI,UAAU,OAAO,QAAQ,IAAI,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AAEvI,SAAS,MAAM,UAAkB,MAAuB;AAC7D,MAAI,SAAS;AACX,YAAQ,IAAI,IAAI,KAAK,KAAK,GAAG,IAAI;EACnC;AACF;ACAA,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AAExD,IAAM,QAAgC;EACpC,oBAAoB,aAAa,KAAK,WAAW,SAAS,kBAAkB,CAAC;EAC7E,2BAA2B,aAAa,KAAK,WAAW,SAAS,yBAAyB,CAAC;AAC7F;AEXO,SAAS,WAAW,GAAmB;AAC5C,SAAO,EACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ;AAC3B;AAEO,SAAS,WAAW,GAAmB;AAC5C,SAAO,WAAW,CAAC,EAAE,QAAQ,MAAM,OAAO;AAC5C;AAEA,IAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmJZ,IAAM,aAAa;AAEnB,SAAS,OAAO,SAA0B;AACxC,QAAM,QAAQ,UAAU,GAAG,WAAW,OAAO,CAAC,cAAc;AAC5D,SAAO;gCACuB,KAAK;;;;;;;AAOrC;AAEA,SAAS,KAAK,OAAuB;AACnC,SAAO;;;;;SAKA,WAAW,KAAK,CAAC;SACjB,GAAG;;AAEZ;AAEO,SAAS,eACd,OACA,UACA,MACA,SACQ;AACR,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;8BAGa,WAAW,KAAK,CAAC;iCACd,QAAQ;MACnC,IAAI;;;EAGR,UAAU;;AAEZ;AAEO,SAAS,gBAAgB,OAAe,SAAiB,SAA0B;AACxF,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;+BAGc,WAAW,KAAK,CAAC;6BACnB,WAAW,OAAO,CAAC;;;EAG9C,UAAU;;AAEZ;AA4BO,SAAS,iBAAiB,MAAiC;AAChE,QAAM,UAAU,OAAO,QAAQ,KAAK,YAAY,EAC7C,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,8BAA8B,WAAW,CAAC,CAAC,YAAY,WAAW,CAAC,CAAC,KAAK,EACzF,KAAK,EAAE;AAEV,QAAM,WAAW,KAAK,OAClB,0BAA0B,WAAW,KAAK,IAAI,CAAC,WAC/C;AACJ,QAAM,YAAY,KAAK,QACnB,2BAA2B,WAAW,KAAK,KAAK,CAAC,WACjD;AAEJ,SAAO,iDAAiD,WAAW,KAAK,UAAU,CAAC;EACnF,OAAO;;yBAEgB,WAAW,KAAK,MAAM,CAAC;;+BAEjB,WAAW,KAAK,KAAK,CAAC;MAC/C,QAAQ,GAAG,SAAS;;;;AAI1B;ACxQO,SAAS,aAAa,KAAqB;AAChD,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,GAAG;AACrB,WAAO,GAAG,EAAE,MAAM,GAAG,EAAE,SAAS,QAAQ,QAAQ,EAAE,CAAC;EACrD,QAAQ;AACN,WAAO,IAAI,QAAQ,QAAQ,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;EAC7C;AACF;AAEO,SAAS,mBAAmB,UAAkB,YAA+B;AAClF,QAAM,aAAa,aAAa,QAAQ;AACxC,SAAO,WAAW,KAAK,CAAC,MAAM,aAAa,CAAC,MAAM,UAAU;AAC9D;AAEO,SAAS,wBAAwB,GAAW,GAAoB;AACrE,QAAM,OAAO,OAAO,KAAK,GAAG,OAAO;AACnC,QAAM,OAAO,OAAO,KAAK,GAAG,OAAO;AACnC,MAAI,KAAK,WAAW,KAAK,OAAQ,QAAO;AACxC,SAAO,gBAAgB,MAAM,IAAI;AACnC;AAEO,SAAS,QAAQ,GAAoB;AAC1C,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,MAAM,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC,MAAM,SAAU,QAAO,EAAE,CAAC;AAC5D,SAAO;AACT;;;AVPA,IAAM,iBAAiB,gBAAgB,OAAO;AAC9C,IAAM,MAAM;AAoBZ,IAAM,sBAAsB,KAAK,KAAK;AAEtC,SAAS,gBAAgB,OAAwC;AAC/D,MAAI,MAAM,MAAM,QAAkC,8BAA8B;AAChF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,gCAAgC,GAAG;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAA+C;AACvE,MAAI,MAAM,MAAM,QAAyC,+BAA+B;AACxF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,iCAAiC,GAAG;AAAA,EACpD;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,GAAyB;AACrD,SAAO,KAAK,IAAI,IAAI,EAAE,aAAa;AACrC;AAEA,IAAM,gBAAgB;AAEtB,eAAe,cACb,MACA,UACA,OACA,SACiB;AACjB,QAAM,EAAE,WAAW,IAAI,MAAM;AAC7B,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,QAAM,UAAU,IAAI,QAAQ;AAAA,IAC1B,KAAK,KAAK;AAAA,IACV,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,YAAY,KAAK;AAAA,IACjB,aAAa,KAAK;AAAA,IAClB,oBAAoB,KAAK;AAAA,IACzB,KAAK,KAAK;AAAA,IACV,KAAK,KAAK;AAAA,IACV,KAAK;AAAA,IACL,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,EAC3B,CAAC,EACE,mBAAmB,EAAE,KAAK,SAAS,KAAK,KAAK,KAAK,MAAM,CAAC,EACzD,UAAU,GAAG,OAAO,IAAI,KAAK,SAAS,OAAO,EAC7C,YAAY,QAAQ,EACpB,YAAY,GAAG,EACf,kBAAkB,IAAI;AAEzB,SAAO,QAAQ,KAAK,UAAU;AAChC;AAEO,SAAS,YAAY,EAAE,KAAK,OAAO,SAAS,SAAS,GAAuB;AACjF,QAAM,KAAK,kBAAkB,KAAK;AAMlC,QAAM,aAAa,CAAC,cAAsB;AAAA,IACxC,QAAQ,GAAG,OAAO,IAAI,QAAQ;AAAA,IAC9B,wBAAwB,GAAG,OAAO;AAAA,IAClC,gBAAgB,GAAG,OAAO;AAAA,IAC1B,mBAAmB,GAAG,OAAO;AAAA,IAC7B,sBAAsB,GAAG,OAAO;AAAA,IAChC,UAAU,GAAG,OAAO;AAAA,IACpB,0BAA0B,CAAC,MAAM;AAAA,IACjC,0BAA0B,CAAC,SAAS,YAAY,WAAW;AAAA,IAC3D,yBAAyB,CAAC,UAAU;AAAA,IACpC,uCAAuC,CAAC,OAAO;AAAA,IAC/C,kBAAkB,CAAC,UAAU,SAAS,WAAW,kBAAkB,aAAa,UAAU;AAAA,IAC1F,uBAAuB,CAAC,sBAAsB,iBAAiB,oBAAoB;AAAA,IACnF,uCAAuC,CAAC,sBAAsB,qBAAqB;AAAA,IACnF,kBAAkB;AAAA,MAChB;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MACnC;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAc;AAAA,MAC/B;AAAA,MAAsB;AAAA,MAAO;AAAA,MAAO;AAAA,IACtC;AAAA,IACA,kCAAkC,CAAC,SAAS,MAAM;AAAA,EACpD;AAEA,MAAI,IAAI,qCAAqC,CAAC,MAAM;AAClD,WAAO,EAAE,KAAK,WAAW,iBAAiB,CAAC;AAAA,EAC7C,CAAC;AAED,MAAI,IAAI,kDAAkD,CAAC,MAAM;AAC/D,UAAM,SAAS,EAAE,IAAI,MAAM,QAAQ;AACnC,WAAO,EAAE,KAAK,WAAW,WAAW,YAAY,WAAW,mBAAmB,WAAW,cAAc,oBAAoB,MAAM,CAAC;AAAA,EACpI,CAAC;AAID,MAAI,IAAI,wBAAwB,OAAO,MAAM;AAC3C,UAAM,EAAE,UAAU,IAAI,MAAM;AAC5B,UAAM,MAAM,MAAM,UAAU,SAAS;AACrC,WAAO,EAAE,KAAK;AAAA,MACZ,MAAM,CAAC;AAAA,QACL,GAAG;AAAA,QACH,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,0BAA0B,CAAC,MAAM;AACvC,UAAM,YAAY,EAAE,IAAI,MAAM,WAAW,KAAK;AAC9C,UAAM,eAAe,EAAE,IAAI,MAAM,cAAc,KAAK;AACpD,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,gBAAgB,EAAE,IAAI,MAAM,eAAe,KAAK;AACtD,UAAM,iBAAiB,EAAE,IAAI,MAAM,gBAAgB,KAAK;AACxD,UAAM,wBAAwB,EAAE,IAAI,MAAM,uBAAuB,KAAK;AAEtE,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,aAAa;AACjB,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AACA,mBAAa,OAAO;AAAA,IACtB;AAEA,UAAM,eAAe,aACjB,sBAAsB,WAAW,UAAU,CAAC,2CAC5C;AAEJ,UAAM,QAAQ,GAAG,MAAM,IAAI;AAC3B,UAAM,cAAc,MACjB,IAAI,CAAC,SAAS;AACb,aAAO,iBAAiB;AAAA,QACtB,SAAS,KAAK,MAAM,CAAC,KAAK,KAAK,YAAY;AAAA,QAC3C,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,YAAY;AAAA,QACZ,cAAc;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,KAAK,IAAI;AAEZ,UAAM,OAAO,MAAM,WAAW,IAC1B,yDACA;AAEJ,WAAO,EAAE,KAAK,eAAe,0BAA0B,cAAc,MAAM,aAAa,CAAC;AAAA,EAC3F,CAAC;AAID,MAAI,KAAK,mCAAmC,OAAO,MAAM;AACvD,UAAM,OAAO,MAAM,EAAE,IAAI,UAAU;AACnC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,eAAe,QAAQ,KAAK,YAAY;AAC9C,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,YAAY,QAAQ,KAAK,SAAS;AACxC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,gBAAgB,QAAQ,KAAK,aAAa,KAAK;AACrD,UAAM,iBAAiB,QAAQ,KAAK,cAAc;AAClD,UAAM,wBAAwB,QAAQ,KAAK,qBAAqB;AAGhE,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AAE3C,oBAAgB,KAAK,EAAE,IAAI,MAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,UAAU;AAAA,MACV,OAAO,SAAS;AAAA,MAChB,eAAe,kBAAkB;AAAA,MACjC,qBAAqB,yBAAyB;AAAA,MAC9C,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAED,UAAM,mBAAmB,6BAA6B,KAAK,MAAM,GAAG,CAAC,CAAC,aAAa,KAAK,EAAE;AAE1F,QAAI,kBAAkB,aAAa;AACjC,YAAM,OAAO;AAAA;AAAA;AAAA;AAAA,8BAIW,WAAW,YAAY,CAAC;AAAA,0CACZ,WAAW,IAAI,CAAC;AAAA,2CACf,WAAW,KAAK,CAAC;AAAA;AAAA;AAAA;AAItD,aAAO,EAAE,KAAK,IAAI;AAAA,IACpB;AAGA,UAAM,MAAM,IAAI,IAAI,YAAY;AAChC,QAAI,aAAa,IAAI,QAAQ,IAAI;AACjC,QAAI,MAAO,KAAI,aAAa,IAAI,SAAS,KAAK;AAE9C,WAAO,EAAE,SAAS,IAAI,SAAS,GAAG,GAAG;AAAA,EACvC,CAAC;AAID,MAAI,KAAK,sBAAsB,OAAO,MAAM;AAC1C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AAEjC,QAAI;AACJ,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI;AAAE,eAAO,KAAK,MAAM,OAAO;AAAA,MAAG,QAAQ;AAAE,eAAO,CAAC;AAAA,MAAG;AAAA,IACzD,OAAO;AACL,aAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAAA,IACxD;AAEA,UAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,aAAa;AAC3E,UAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,OAAO;AACzD,QAAI,YAAY,OAAO,KAAK,cAAc,WAAW,KAAK,YAAY;AACtE,QAAI,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AAClF,UAAM,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AACpF,UAAM,eAAe,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;AACjF,UAAM,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AACpF,UAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ;AAG5D,UAAM,aAAa,EAAE,IAAI,OAAO,eAAe,KAAK;AACpD,QAAI,WAAW,WAAW,QAAQ,GAAG;AACnC,YAAM,UAAU,OAAO,KAAK,WAAW,MAAM,CAAC,GAAG,QAAQ,EAAE,SAAS;AACpE,YAAM,MAAM,QAAQ,QAAQ,GAAG;AAC/B,UAAI,QAAQ,IAAI;AACd,cAAM,WAAW,mBAAmB,QAAQ,MAAM,GAAG,GAAG,CAAC;AACzD,cAAM,eAAe,mBAAmB,QAAQ,MAAM,MAAM,CAAC,CAAC;AAC9D,YAAI,CAAC,UAAW,aAAY;AAC5B,YAAI,CAAC,cAAe,iBAAgB;AAAA,MACtC;AAAA,IACF;AAEA,QAAI,eAAe,sBAAsB;AACvC,YAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,UAAI,mBAAmB;AACrB,cAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,YAAI,CAAC,QAAQ;AACX,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,8BAA8B,GAAG,GAAG;AAAA,QAClG;AACA,YAAI,CAAC,wBAAwB,eAAe,OAAO,aAAa,GAAG;AACjE,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,kCAAkC,GAAG,GAAG;AAAA,QACtG;AAAA,MACF;AAEA,YAAM,aAAa,gBAAgB,KAAK;AACxC,YAAM,UAAU,WAAW,IAAI,IAAI;AACnC,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AACA,UAAI,qBAAqB,OAAO,GAAG;AACjC,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AAGA,UAAI,QAAQ,eAAe,gBAAgB,QAAQ,gBAAgB,cAAc;AAC/E,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,6EAA6E,GAAG,GAAG;AAAA,MAChJ;AAGA,UAAI,QAAQ,kBAAkB,MAAM;AAClC,YAAI,kBAAkB,QAAW;AAC/B,iBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,QAC/F;AACA,cAAM,UAAU,QAAQ,uBAAuB,SAAS,YAAY;AACpE,YAAI,WAAW,QAAQ;AACrB,gBAAM,WAAW,WAAW,QAAQ,EAAE,OAAO,aAAa,EAAE,OAAO,WAAW;AAC9E,cAAI,aAAa,QAAQ,eAAe;AACtC,mBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,UAC/F;AAAA,QACF,WAAW,WAAW,SAAS;AAC7B,cAAI,kBAAkB,QAAQ,eAAe;AAC3C,mBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,UAC/F;AAAA,QACF,OAAO;AACL,iBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,QAC/F;AAAA,MACF;AAGA,iBAAW,OAAO,IAAI;AAEtB,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,QAAQ,KAA+B;AAChF,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,eAAe,iBAAiB,YAAY,EAAE,EAAE,SAAS,WAAW;AAC1E,YAAM,SAAS,QAAQ,QAAQ,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE7E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,uBAAiB,KAAK,EAAE,IAAI,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,MACjB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,QAAQ,UAAU,QAAQ,OAAO,OAAO;AAElF,YAAM,mBAAmB,sCAAsC,KAAK,KAAK,EAAE;AAE3E,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,QAAQ,SAAS;AAAA,QACxB,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,iBAAiB;AAClC,YAAM,aAAa,iBAAiB,KAAK;AACzC,YAAM,SAAS,WAAW,IAAI,aAAa;AAC3C,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,gCAAgC,GAAG,GAAG;AAAA,MACnG;AAEA,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,OAAO,KAA+B;AAC/E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,kBAAkB,iBAAiB,YAAY,EAAE,EAAE,SAAS,WAAW;AAC7E,YAAM,SAAS,OAAO,QAAQ,OAAO,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE3E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,iBAAW,OAAO,aAAa;AAC/B,iBAAW,IAAI,iBAAiB;AAAA,QAC9B,OAAO,OAAO;AAAA,QACd,UAAU,OAAO;AAAA,QACjB,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,OAAO,YAAY,WAAW,OAAO,OAAO,OAAO;AAE7F,YAAM,mBAAmB,4CAA4C,KAAK,KAAK,EAAE;AAEjF,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,OAAO,SAAS;AAAA,QACvB,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,sBAAsB;AACvC,YAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,UAAI,mBAAmB;AACrB,cAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,YAAI,CAAC,QAAQ;AACX,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,8BAA8B,GAAG,GAAG;AAAA,QAClG;AACA,YAAI,CAAC,wBAAwB,eAAe,OAAO,aAAa,GAAG;AACjE,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,kCAAkC,GAAG,GAAG;AAAA,QACtG;AAAA,MACF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,SAAS,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC,UAAU;AAEvE,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,WAAW,IAAI,GAAG,OAAO,CAAC;AAAA,MAC/D;AAEA,YAAM,mBAAmB,mDAAmD,SAAS,EAAE;AAEvF,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,SAAS;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,mBAAmB,gFAAgF,GAAG,GAAG;AAAA,EAC5J,CAAC;AAID,MAAI,IAAI,kBAAkB,CAAC,MAAM;AAC/B,UAAM,WAAW,EAAE,IAAI,UAAU;AACjC,QAAI,CAAC,UAAU;AACb,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,2BAA2B,GAAG,GAAG;AAAA,IAC9F;AAEA,UAAM,OAAO,GAAG,MAAM,UAAU,SAAS,SAAS,KAA+B;AACjF,QAAI,CAAC,MAAM;AACT,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,IACrF;AAEA,WAAO,EAAE,KAAK;AAAA,MACZ,KAAK,KAAK;AAAA,MACV,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,YAAY,KAAK;AAAA,MACjB,aAAa,KAAK;AAAA,MAClB,oBAAoB,KAAK;AAAA,IAC3B,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,YAAY,CAAC,MAAM;AACzB,UAAM,WAAW,EAAE,IAAI,UAAU;AACjC,QAAI,CAAC,UAAU;AACb,aAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,8BAA8B,SAAS,2BAA2B,EAAE,GAAG,GAAG;AAAA,IAC3G;AAEA,UAAM,OAAO,GAAG,MAAM,UAAU,SAAS,SAAS,KAA+B;AACjF,QAAI,CAAC,MAAM;AACT,aAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,SAAS,kBAAkB,EAAE,GAAG,GAAG;AAAA,IAChG;AAEA,WAAO,EAAE,KAAK;AAAA,MACZ,kBAAkB,GAAG,OAAO;AAAA,MAC5B,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,mBAAmB,KAAK;AAAA,IAC1B,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,uBAAuB,CAAC,MAAM;AACpC,UAAM,2BAA2B,EAAE,IAAI,MAAM,0BAA0B;AACvE,QAAI,0BAA0B;AAE5B,YAAM,aAAa,GAAG,aAAa,IAAI;AACvC,UAAI,WAAW,SAAS,GAAG;AACzB,cAAM,UAAU,WAAW;AAAA,UAAK,CAAC,WAC/B,mBAAmB,0BAA0B,OAAO,aAAa;AAAA,QACnE;AACA,YAAI,CAAC,SAAS;AACZ,iBAAO,EAAE,KAAK,oCAAoC,GAAG;AAAA,QACvD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,0BAA0B,GAAG;AAAA,IACjD;AACA,WAAO,EAAE,KAAK,cAAc,GAAG;AAAA,EACjC,CAAC;AAID,MAAI,KAAK,uBAAuB,OAAO,MAAM;AAC3C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AAEjC,QAAI;AACJ,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,OAAO;AACjC,gBAAQ,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ;AAAA,MAC5D,QAAQ;AACN,gBAAQ;AAAA,MACV;AAAA,IACF,OAAO;AACL,YAAM,SAAS,IAAI,gBAAgB,OAAO;AAC1C,cAAQ,OAAO,IAAI,OAAO,KAAK;AAAA,IACjC;AAEA,QAAI,SAAS,UAAU;AACrB,eAAS,OAAO,KAAK;AAAA,IACvB;AAGA,QAAI,OAAO;AACT,uBAAiB,KAAK,EAAE,OAAO,KAAK;AAAA,IACtC;AAEA,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AACH;;;AWviBA,SAAS,aAAa,OAAc,UAAwB;AAC1D,QAAM,KAAK,kBAAkB,KAAK;AAElC,KAAG,MAAM,OAAO;AAAA,IACd,KAAK,YAAY;AAAA,IACjB,OAAO;AAAA,IACP,MAAM;AAAA,IACN,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,WAAW;AAAA,IACX,oBAAoB;AAAA,EACtB,CAAC;AACH;AAEO,SAAS,eAAe,OAAc,UAAkB,QAAmC;AAChG,QAAM,KAAK,kBAAkB,KAAK;AAElC,MAAI,OAAO,OAAO;AAChB,eAAW,KAAK,OAAO,OAAO;AAC5B,YAAM,WAAW,GAAG,MAAM,UAAU,SAAS,EAAE,KAAK;AACpD,UAAI,SAAU;AAEd,YAAM,aAAa,EAAE,QAAQ,IAAI,MAAM,KAAK;AAC5C,SAAG,MAAM,OAAO;AAAA,QACd,KAAK,YAAY;AAAA,QACjB,OAAO,EAAE;AAAA,QACT,MAAM,EAAE,QAAQ,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AAAA,QACpC,YAAY,EAAE,cAAc,UAAU,CAAC,KAAK;AAAA,QAC5C,aAAa,EAAE,eAAe,UAAU,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK;AAAA,QAC9D,gBAAgB;AAAA,QAChB,WAAW,EAAE,aAAa;AAAA,QAC1B,oBAAoB,EAAE;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,eAAe;AACxB,eAAW,UAAU,OAAO,eAAe;AACzC,YAAM,WAAW,GAAG,aAAa,UAAU,aAAa,OAAO,SAAS;AACxE,UAAI,SAAU;AACd,SAAG,aAAa,OAAO;AAAA,QACrB,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,MAAM,OAAO;AAAA,QACb,eAAe,OAAO;AAAA,QACtB,WAAW,OAAO,aAAa;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEO,IAAM,kBAAiC;AAAA,EAC5C,MAAM;AAAA,EACN,SAAS,KAAmB,OAAc,UAA6B,SAAiB,UAA2B;AACjH,UAAM,MAAoB,EAAE,KAAK,OAAO,UAAU,SAAS,SAAS;AACpE,gBAAY,GAAG;AAAA,EACjB;AAAA,EACA,KAAK,OAAc,SAAuB;AACxC,iBAAa,OAAO,OAAO;AAAA,EAC7B;AACF;AAEA,IAAO,gBAAQ;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../src/store.ts","../src/helpers.ts","../src/routes/oauth.ts","../../core/src/store.ts","../../core/src/server.ts","../../core/src/webhooks.ts","../../core/src/middleware/error-handler.ts","../../core/src/middleware/auth.ts","../../core/src/debug.ts","../../core/src/fonts.ts","../../core/src/middleware/pagination.ts","../../core/src/ui.ts","../../core/src/oauth-helpers.ts","../../core/src/persistence.ts","../src/index.ts"],"sourcesContent":["import { Store, type Collection } from \"@emulators/core\";\nimport type { MicrosoftUser, MicrosoftOAuthClient } from \"./entities.js\";\n\nexport interface MicrosoftStore {\n users: Collection<MicrosoftUser>;\n oauthClients: Collection<MicrosoftOAuthClient>;\n}\n\nexport function getMicrosoftStore(store: Store): MicrosoftStore {\n return {\n users: store.collection<MicrosoftUser>(\"microsoft.users\", [\"oid\", \"email\"]),\n oauthClients: store.collection<MicrosoftOAuthClient>(\"microsoft.oauth_clients\", [\"client_id\"]),\n };\n}\n","import { randomUUID } from \"crypto\";\n\n/** Default tenant ID used when none is configured */\nexport const DEFAULT_TENANT_ID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\n\n/**\n * Generate a Microsoft-style object ID (UUID v4 format).\n */\nexport function generateOid(): string {\n return randomUUID();\n}\n","import { createHash, randomBytes } from \"crypto\";\nimport { SignJWT, exportJWK, generateKeyPair } from \"jose\";\nimport type { RouteContext } from \"@emulators/core\";\nimport {\n escapeHtml,\n escapeAttr,\n renderCardPage,\n renderErrorPage,\n renderUserButton,\n matchesRedirectUri,\n constantTimeSecretEqual,\n bodyStr,\n debug,\n} from \"@emulators/core\";\nimport { getMicrosoftStore } from \"../store.js\";\nimport { DEFAULT_TENANT_ID } from \"../helpers.js\";\nimport type { MicrosoftUser } from \"../entities.js\";\nimport type { Store } from \"@emulators/core\";\n\n// RSA key pair generated at module load for signing id_tokens\nconst keyPairPromise = generateKeyPair(\"RS256\");\nconst KID = \"emulate-microsoft-1\";\n\ntype PendingCode = {\n email: string;\n scope: string;\n redirectUri: string;\n clientId: string;\n nonce: string | null;\n codeChallenge: string | null;\n codeChallengeMethod: string | null;\n created_at: number;\n};\n\ntype StoredRefreshToken = {\n email: string;\n clientId: string;\n scope: string;\n nonce: string | null;\n};\n\nconst PENDING_CODE_TTL_MS = 10 * 60 * 1000;\n\nfunction getPendingCodes(store: Store): Map<string, PendingCode> {\n let map = store.getData<Map<string, PendingCode>>(\"microsoft.oauth.pendingCodes\");\n if (!map) {\n map = new Map();\n store.setData(\"microsoft.oauth.pendingCodes\", map);\n }\n return map;\n}\n\nfunction getRefreshTokens(store: Store): Map<string, StoredRefreshToken> {\n let map = store.getData<Map<string, StoredRefreshToken>>(\"microsoft.oauth.refreshTokens\");\n if (!map) {\n map = new Map();\n store.setData(\"microsoft.oauth.refreshTokens\", map);\n }\n return map;\n}\n\nfunction isPendingCodeExpired(p: PendingCode): boolean {\n return Date.now() - p.created_at > PENDING_CODE_TTL_MS;\n}\n\nconst SERVICE_LABEL = \"Microsoft\";\n\nasync function createIdToken(\n user: MicrosoftUser,\n clientId: string,\n nonce: string | null,\n baseUrl: string,\n): Promise<string> {\n const { privateKey } = await keyPairPromise;\n const now = Math.floor(Date.now() / 1000);\n\n const builder = new SignJWT({\n sub: user.oid,\n email: user.email,\n name: user.name,\n given_name: user.given_name,\n family_name: user.family_name,\n preferred_username: user.preferred_username,\n oid: user.oid,\n tid: user.tenant_id,\n ver: \"2.0\",\n ...(nonce ? { nonce } : {}),\n })\n .setProtectedHeader({ alg: \"RS256\", kid: KID, typ: \"JWT\" })\n .setIssuer(`${baseUrl}/${user.tenant_id}/v2.0`)\n .setAudience(clientId)\n .setIssuedAt(now)\n .setExpirationTime(\"1h\");\n\n return builder.sign(privateKey);\n}\n\nexport function oauthRoutes({ app, store, baseUrl, tokenMap }: RouteContext): void {\n const ms = getMicrosoftStore(store);\n\n // ---------- OpenID Configuration ----------\n // Microsoft uses /{tenant}/v2.0/.well-known/openid-configuration\n // We also serve at /.well-known/openid-configuration for convenience.\n\n const oidcConfig = (tenantId: string) => ({\n issuer: `${baseUrl}/${tenantId}/v2.0`,\n authorization_endpoint: `${baseUrl}/oauth2/v2.0/authorize`,\n token_endpoint: `${baseUrl}/oauth2/v2.0/token`,\n userinfo_endpoint: `${baseUrl}/oidc/userinfo`,\n end_session_endpoint: `${baseUrl}/oauth2/v2.0/logout`,\n jwks_uri: `${baseUrl}/discovery/v2.0/keys`,\n response_types_supported: [\"code\"],\n response_modes_supported: [\"query\", \"fragment\", \"form_post\"],\n subject_types_supported: [\"pairwise\"],\n id_token_signing_alg_values_supported: [\"RS256\"],\n scopes_supported: [\"openid\", \"email\", \"profile\", \"offline_access\", \"User.Read\", \".default\"],\n grant_types_supported: [\"authorization_code\", \"refresh_token\", \"client_credentials\"],\n token_endpoint_auth_methods_supported: [\"client_secret_post\", \"client_secret_basic\"],\n claims_supported: [\n \"sub\", \"iss\", \"aud\", \"exp\", \"iat\", \"nonce\",\n \"name\", \"email\", \"given_name\", \"family_name\",\n \"preferred_username\", \"oid\", \"tid\", \"ver\",\n ],\n code_challenge_methods_supported: [\"plain\", \"S256\"],\n });\n\n app.get(\"/.well-known/openid-configuration\", (c) => {\n return c.json(oidcConfig(DEFAULT_TENANT_ID));\n });\n\n app.get(\"/:tenant/v2.0/.well-known/openid-configuration\", (c) => {\n const tenant = c.req.param(\"tenant\");\n return c.json(oidcConfig(tenant === \"common\" || tenant === \"organizations\" || tenant === \"consumers\" ? DEFAULT_TENANT_ID : tenant));\n });\n\n // ---------- JWKS ----------\n\n app.get(\"/discovery/v2.0/keys\", async (c) => {\n const { publicKey } = await keyPairPromise;\n const jwk = await exportJWK(publicKey);\n return c.json({\n keys: [{\n ...jwk,\n kid: KID,\n use: \"sig\",\n alg: \"RS256\",\n }],\n });\n });\n\n // ---------- Authorization page ----------\n\n app.get(\"/oauth2/v2.0/authorize\", (c) => {\n const client_id = c.req.query(\"client_id\") ?? \"\";\n const redirect_uri = c.req.query(\"redirect_uri\") ?? \"\";\n const scope = c.req.query(\"scope\") ?? \"\";\n const state = c.req.query(\"state\") ?? \"\";\n const nonce = c.req.query(\"nonce\") ?? \"\";\n const response_mode = c.req.query(\"response_mode\") ?? \"query\";\n const code_challenge = c.req.query(\"code_challenge\") ?? \"\";\n const code_challenge_method = c.req.query(\"code_challenge_method\") ?? \"\";\n\n const clientsConfigured = ms.oauthClients.all().length > 0;\n let clientName = \"\";\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n clientName = client.name;\n }\n\n const subtitleText = clientName\n ? `Sign in to <strong>${escapeHtml(clientName)}</strong> with your Microsoft account.`\n : \"Choose a seeded user to continue.\";\n\n const users = ms.users.all();\n const userButtons = users\n .map((user) => {\n return renderUserButton({\n letter: (user.email[0] ?? \"?\").toUpperCase(),\n login: user.email,\n name: user.name,\n email: user.email,\n formAction: \"/oauth2/v2.0/authorize/callback\",\n hiddenFields: {\n email: user.email,\n redirect_uri,\n scope,\n state,\n nonce,\n client_id,\n response_mode,\n code_challenge,\n code_challenge_method,\n },\n });\n })\n .join(\"\\n\");\n\n const body = users.length === 0\n ? '<p class=\"empty\">No users in the emulator store.</p>'\n : userButtons;\n\n return c.html(renderCardPage(\"Sign in with Microsoft\", subtitleText, body, SERVICE_LABEL));\n });\n\n // ---------- Authorization callback ----------\n\n app.post(\"/oauth2/v2.0/authorize/callback\", async (c) => {\n const body = await c.req.parseBody();\n const email = bodyStr(body.email);\n const redirect_uri = bodyStr(body.redirect_uri);\n const scope = bodyStr(body.scope);\n const state = bodyStr(body.state);\n const client_id = bodyStr(body.client_id);\n const nonce = bodyStr(body.nonce);\n const response_mode = bodyStr(body.response_mode) || \"query\";\n const code_challenge = bodyStr(body.code_challenge);\n const code_challenge_method = bodyStr(body.code_challenge_method);\n\n // Validate redirect_uri against registered client\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n }\n\n const code = randomBytes(20).toString(\"hex\");\n\n getPendingCodes(store).set(code, {\n email,\n scope,\n redirectUri: redirect_uri,\n clientId: client_id,\n nonce: nonce || null,\n codeChallenge: code_challenge || null,\n codeChallengeMethod: code_challenge_method || null,\n created_at: Date.now(),\n });\n\n debug(\"microsoft.oauth\", `[Microsoft callback] code=${code.slice(0, 8)}... email=${email}`);\n\n if (response_mode === \"form_post\") {\n const html = `<!DOCTYPE html>\n<html>\n<head><title>Submit</title></head>\n<body onload=\"document.forms[0].submit()\">\n<form method=\"POST\" action=\"${escapeAttr(redirect_uri)}\">\n<input type=\"hidden\" name=\"code\" value=\"${escapeAttr(code)}\" />\n<input type=\"hidden\" name=\"state\" value=\"${escapeAttr(state)}\" />\n</form>\n</body>\n</html>`;\n return c.html(html);\n }\n\n // Default: query mode redirect\n const url = new URL(redirect_uri);\n url.searchParams.set(\"code\", code);\n if (state) url.searchParams.set(\"state\", state);\n\n return c.redirect(url.toString(), 302);\n });\n\n // ---------- Token exchange ----------\n\n app.post(\"/oauth2/v2.0/token\", async (c) => {\n const contentType = c.req.header(\"Content-Type\") ?? \"\";\n const rawText = await c.req.text();\n\n let body: Record<string, unknown>;\n if (contentType.includes(\"application/json\")) {\n try { body = JSON.parse(rawText); } catch { body = {}; }\n } else {\n body = Object.fromEntries(new URLSearchParams(rawText));\n }\n\n const grant_type = typeof body.grant_type === \"string\" ? body.grant_type : \"\";\n const code = typeof body.code === \"string\" ? body.code : \"\";\n let client_id = typeof body.client_id === \"string\" ? body.client_id : \"\";\n let client_secret = typeof body.client_secret === \"string\" ? body.client_secret : \"\";\n const refresh_token = typeof body.refresh_token === \"string\" ? body.refresh_token : \"\";\n const redirect_uri = typeof body.redirect_uri === \"string\" ? body.redirect_uri : \"\";\n const code_verifier = typeof body.code_verifier === \"string\" ? body.code_verifier : undefined;\n const scope = typeof body.scope === \"string\" ? body.scope : \"\";\n\n // Support client_secret_basic: credentials in Authorization header\n const authHeader = c.req.header(\"Authorization\") ?? \"\";\n if (authHeader.startsWith(\"Basic \")) {\n const decoded = Buffer.from(authHeader.slice(6), \"base64\").toString();\n const sep = decoded.indexOf(\":\");\n if (sep !== -1) {\n const headerId = decodeURIComponent(decoded.slice(0, sep));\n const headerSecret = decodeURIComponent(decoded.slice(sep + 1));\n if (!client_id) client_id = headerId;\n if (!client_secret) client_secret = headerSecret;\n }\n }\n\n if (grant_type === \"authorization_code\") {\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_id is incorrect.\" }, 401);\n }\n if (!constantTimeSecretEqual(client_secret, client.client_secret)) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_secret is incorrect.\" }, 401);\n }\n }\n\n const pendingMap = getPendingCodes(store);\n const pending = pendingMap.get(code);\n if (!pending) {\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n if (isPendingCodeExpired(pending)) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n\n // Verify redirect_uri matches the one used in the authorization request (RFC 6749 §4.1.3)\n if (pending.redirectUri && redirect_uri && pending.redirectUri !== redirect_uri) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The redirect_uri does not match the one used in the authorization request.\" }, 400);\n }\n\n // PKCE verification\n if (pending.codeChallenge !== null) {\n if (code_verifier === undefined) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n const method = (pending.codeChallengeMethod ?? \"plain\").toLowerCase();\n if (method === \"s256\") {\n const expected = createHash(\"sha256\").update(code_verifier).digest(\"base64url\");\n if (expected !== pending.codeChallenge) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n } else if (method === \"plain\") {\n if (code_verifier !== pending.codeChallenge) {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n } else {\n return c.json({ error: \"invalid_grant\", error_description: \"PKCE verification failed.\" }, 400);\n }\n }\n\n // Single-use: delete immediately\n pendingMap.delete(code);\n\n const user = ms.users.findOneBy(\"email\", pending.email as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const refreshToken = \"r_microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = pending.scope ? pending.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Store refresh token\n getRefreshTokens(store).set(refreshToken, {\n email: user.email,\n clientId: pending.clientId,\n scope: pending.scope,\n nonce: pending.nonce,\n });\n\n const idToken = await createIdToken(user, pending.clientId, pending.nonce, baseUrl);\n\n debug(\"microsoft.oauth\", `[Microsoft token] issued token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: pending.scope || \"openid email profile\",\n refresh_token: refreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"refresh_token\") {\n const refreshMap = getRefreshTokens(store);\n const stored = refreshMap.get(refresh_token);\n if (!stored) {\n return c.json({ error: \"invalid_grant\", error_description: \"The refresh_token is invalid.\" }, 400);\n }\n\n const user = ms.users.findOneBy(\"email\", stored.email as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const newRefreshToken = \"r_microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = stored.scope ? stored.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Rotate refresh token\n refreshMap.delete(refresh_token);\n refreshMap.set(newRefreshToken, {\n email: stored.email,\n clientId: stored.clientId,\n scope: stored.scope,\n nonce: stored.nonce,\n });\n\n const idToken = await createIdToken(user, stored.clientId || client_id, stored.nonce, baseUrl);\n\n debug(\"microsoft.oauth\", `[Microsoft refresh] issued new token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: stored.scope || \"openid email profile\",\n refresh_token: newRefreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"client_credentials\") {\n const clientsConfigured = ms.oauthClients.all().length > 0;\n if (clientsConfigured) {\n const client = ms.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_id is incorrect.\" }, 401);\n }\n if (!constantTimeSecretEqual(client_secret, client.client_secret)) {\n return c.json({ error: \"invalid_client\", error_description: \"The client_secret is incorrect.\" }, 401);\n }\n }\n\n const accessToken = \"microsoft_\" + randomBytes(20).toString(\"base64url\");\n const scopes = scope ? scope.split(/\\s+/).filter(Boolean) : [\".default\"];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: client_id, id: 0, scopes });\n }\n\n debug(\"microsoft.oauth\", `[Microsoft client_credentials] issued token for ${client_id}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n scope: scope || \".default\",\n });\n }\n\n return c.json({ error: \"unsupported_grant_type\", error_description: \"Only authorization_code, refresh_token, and client_credentials are supported.\" }, 400);\n });\n\n // ---------- UserInfo (Microsoft Graph /oidc/userinfo) ----------\n\n app.get(\"/oidc/userinfo\", (c) => {\n const authUser = c.get(\"authUser\");\n if (!authUser) {\n return c.json({ error: \"invalid_token\", error_description: \"Authentication required.\" }, 401);\n }\n\n const user = ms.users.findOneBy(\"email\", authUser.login as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_token\", error_description: \"User not found.\" }, 401);\n }\n\n return c.json({\n sub: user.oid,\n email: user.email,\n name: user.name,\n given_name: user.given_name,\n family_name: user.family_name,\n preferred_username: user.preferred_username,\n });\n });\n\n // ---------- Microsoft Graph /me endpoint ----------\n\n app.get(\"/v1.0/me\", (c) => {\n const authUser = c.get(\"authUser\");\n if (!authUser) {\n return c.json({ error: { code: \"InvalidAuthenticationToken\", message: \"Authentication required.\" } }, 401);\n }\n\n const user = ms.users.findOneBy(\"email\", authUser.login as MicrosoftUser[\"email\"]);\n if (!user) {\n return c.json({ error: { code: \"Request_ResourceNotFound\", message: \"User not found.\" } }, 404);\n }\n\n return c.json({\n \"@odata.context\": `${baseUrl}/v1.0/$metadata#users/$entity`,\n id: user.oid,\n displayName: user.name,\n givenName: user.given_name,\n surname: user.family_name,\n mail: user.email,\n userPrincipalName: user.preferred_username,\n });\n });\n\n // ---------- v1 OAuth token endpoint (legacy) ----------\n // Azure AD v1 applications use /{tenant}/oauth2/token instead of /oauth2/v2.0/token.\n // The v1 endpoint accepts a `resource` body parameter instead of `scope`.\n // We translate `resource` to `scope` format and delegate to the same token logic.\n\n app.post(\"/:tenant/oauth2/token\", async (c) => {\n const contentType = c.req.header(\"Content-Type\") ?? \"\";\n const rawText = await c.req.text();\n\n let body: Record<string, unknown>;\n if (contentType.includes(\"application/json\")) {\n try { body = JSON.parse(rawText); } catch { body = {}; }\n } else {\n body = Object.fromEntries(new URLSearchParams(rawText));\n }\n\n // Translate v1 `resource` parameter to v2 `scope` format.\n // e.g. resource=https://graph.microsoft.com → scope=https://graph.microsoft.com/.default\n const resource = typeof body.resource === \"string\" ? body.resource : \"\";\n if (resource && !body.scope) {\n const normalized = resource.endsWith(\"/\") ? resource : resource + \"/\";\n body.scope = normalized + \".default\";\n }\n\n // Rebuild as URL-encoded form data for the v2 handler\n const params = new URLSearchParams();\n for (const [key, value] of Object.entries(body)) {\n if (key !== \"resource\" && typeof value === \"string\") {\n params.set(key, value);\n }\n }\n\n // Forward to the v2 token endpoint by making an internal request\n const v2Req = new Request(`${baseUrl}/oauth2/v2.0/token`, {\n method: \"POST\",\n headers: new Headers({\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n ...(c.req.header(\"Authorization\") ? { Authorization: c.req.header(\"Authorization\")! } : {}),\n }),\n body: params.toString(),\n });\n\n return app.fetch(v2Req);\n });\n\n // ---------- Microsoft Graph /v1.0/users/:id endpoint ----------\n // Service-to-service calls (e.g. with client_credentials tokens) use\n // /v1.0/users/{id} to look up any user by their object ID (oid).\n\n app.get(\"/v1.0/users/:id\", (c) => {\n const userId = c.req.param(\"id\");\n\n // Look up by oid (the Microsoft object ID)\n const user = ms.users.findOneBy(\"oid\", userId);\n if (!user) {\n return c.json({\n error: {\n code: \"Request_ResourceNotFound\",\n message: `Resource '${userId}' does not exist or one of its queried reference-property objects are not present.`,\n },\n }, 404);\n }\n\n return c.json({\n \"@odata.context\": `${baseUrl}/v1.0/$metadata#users/$entity`,\n id: user.oid,\n displayName: user.name,\n givenName: user.given_name,\n surname: user.family_name,\n mail: user.email,\n userPrincipalName: user.preferred_username,\n });\n });\n\n // ---------- Logout ----------\n\n app.get(\"/oauth2/v2.0/logout\", (c) => {\n const post_logout_redirect_uri = c.req.query(\"post_logout_redirect_uri\");\n if (post_logout_redirect_uri) {\n // Validate against registered client redirect URIs\n const allClients = ms.oauthClients.all();\n if (allClients.length > 0) {\n const allowed = allClients.some((client) =>\n matchesRedirectUri(post_logout_redirect_uri, client.redirect_uris),\n );\n if (!allowed) {\n return c.text(\"Invalid post_logout_redirect_uri\", 400);\n }\n }\n return c.redirect(post_logout_redirect_uri, 302);\n }\n return c.text(\"Logged out\", 200);\n });\n\n // ---------- Token revocation ----------\n\n app.post(\"/oauth2/v2.0/revoke\", async (c) => {\n const contentType = c.req.header(\"Content-Type\") ?? \"\";\n const rawText = await c.req.text();\n\n let token: string;\n if (contentType.includes(\"application/json\")) {\n try {\n const parsed = JSON.parse(rawText);\n token = typeof parsed.token === \"string\" ? parsed.token : \"\";\n } catch {\n token = \"\";\n }\n } else {\n const params = new URLSearchParams(rawText);\n token = params.get(\"token\") ?? \"\";\n }\n\n if (token && tokenMap) {\n tokenMap.delete(token);\n }\n\n // Also check refresh tokens\n if (token) {\n getRefreshTokens(store).delete(token);\n }\n\n return c.body(null, 200);\n });\n}\n","export interface Entity {\n id: number;\n created_at: string;\n updated_at: string;\n}\n\nexport type InsertInput<T extends Entity> = Omit<T, \"id\" | \"created_at\" | \"updated_at\"> & { id?: number };\n\nexport type FilterFn<T> = (item: T) => boolean;\nexport type SortFn<T> = (a: T, b: T) => number;\n\nexport interface QueryOptions<T> {\n filter?: FilterFn<T>;\n sort?: SortFn<T>;\n page?: number;\n per_page?: number;\n}\n\nexport interface PaginatedResult<T> {\n items: T[];\n total_count: number;\n page: number;\n per_page: number;\n has_next: boolean;\n has_prev: boolean;\n}\n\nexport interface CollectionSnapshot<T extends Entity = Entity> {\n items: T[];\n autoId: number;\n indexFields: string[];\n}\n\nexport interface StoreSnapshot {\n collections: Record<string, CollectionSnapshot>;\n data: Record<string, unknown>;\n}\n\nexport function serializeValue(value: unknown): unknown {\n if (value instanceof Map) {\n return { __type: \"Map\" as const, entries: [...value.entries()].map(([k, v]) => [k, serializeValue(v)]) };\n }\n if (value instanceof Set) {\n return { __type: \"Set\" as const, values: [...value.values()] };\n }\n return value;\n}\n\nexport function deserializeValue(value: unknown): unknown {\n if (value !== null && typeof value === \"object\" && \"__type\" in value) {\n const tagged = value as Record<string, unknown>;\n if (tagged.__type === \"Map\") {\n const entries = tagged.entries as [unknown, unknown][];\n return new Map(entries.map(([k, v]) => [k, deserializeValue(v)]));\n }\n if (tagged.__type === \"Set\") {\n return new Set(tagged.values as unknown[]);\n }\n }\n return value;\n}\n\nexport class Collection<T extends Entity> {\n private items = new Map<number, T>();\n private indexes = new Map<string, Map<string | number, Set<number>>>();\n private autoId = 1;\n readonly fieldNames: string[];\n\n constructor(private indexFields: (keyof T)[] = []) {\n this.fieldNames = indexFields.map(String).sort();\n for (const field of indexFields) {\n this.indexes.set(String(field), new Map());\n }\n }\n\n private addToIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n if (!indexMap.has(key)) {\n indexMap.set(key, new Set());\n }\n indexMap.get(key)!.add(item.id);\n }\n }\n\n private removeFromIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n indexMap.get(key)?.delete(item.id);\n }\n }\n\n insert(data: InsertInput<T>): T {\n const now = new Date().toISOString();\n const explicitId = data.id != null && data.id > 0 ? data.id : undefined;\n const id = explicitId ?? this.autoId++;\n if (id >= this.autoId) {\n this.autoId = id + 1;\n }\n const item = {\n ...data,\n id,\n created_at: now,\n updated_at: now,\n } as unknown as T;\n this.items.set(id, item);\n this.addToIndex(item);\n return item;\n }\n\n get(id: number): T | undefined {\n return this.items.get(id);\n }\n\n findBy(field: keyof T, value: T[keyof T] | string | number): T[] {\n if (this.indexes.has(String(field))) {\n const ids = this.indexes.get(String(field))!.get(String(value));\n if (!ids) return [];\n return Array.from(ids).map((id) => this.items.get(id)!).filter(Boolean);\n }\n return this.all().filter((item) => item[field] === value);\n }\n\n findOneBy(field: keyof T, value: T[keyof T] | string | number): T | undefined {\n return this.findBy(field, value)[0];\n }\n\n update(id: number, data: Partial<T>): T | undefined {\n const existing = this.items.get(id);\n if (!existing) return undefined;\n this.removeFromIndex(existing);\n const updated = {\n ...existing,\n ...data,\n id,\n updated_at: new Date().toISOString(),\n } as T;\n this.items.set(id, updated);\n this.addToIndex(updated);\n return updated;\n }\n\n delete(id: number): boolean {\n const existing = this.items.get(id);\n if (!existing) return false;\n this.removeFromIndex(existing);\n return this.items.delete(id);\n }\n\n all(): T[] {\n return Array.from(this.items.values());\n }\n\n query(options: QueryOptions<T> = {}): PaginatedResult<T> {\n let results = this.all();\n\n if (options.filter) {\n results = results.filter(options.filter);\n }\n\n const total_count = results.length;\n\n if (options.sort) {\n results.sort(options.sort);\n }\n\n const page = options.page ?? 1;\n const per_page = Math.min(options.per_page ?? 30, 100);\n const start = (page - 1) * per_page;\n const paged = results.slice(start, start + per_page);\n\n return {\n items: paged,\n total_count,\n page,\n per_page,\n has_next: start + per_page < total_count,\n has_prev: page > 1,\n };\n }\n\n count(filter?: FilterFn<T>): number {\n if (!filter) return this.items.size;\n return this.all().filter(filter).length;\n }\n\n clear(): void {\n this.items.clear();\n for (const indexMap of this.indexes.values()) {\n indexMap.clear();\n }\n this.autoId = 1;\n }\n\n snapshot(): CollectionSnapshot<T> {\n return {\n items: this.all(),\n autoId: this.autoId,\n indexFields: this.fieldNames,\n };\n }\n\n restore(snap: CollectionSnapshot<T>): void {\n this.clear();\n this.autoId = snap.autoId;\n for (const item of snap.items) {\n this.items.set(item.id, item);\n this.addToIndex(item);\n }\n }\n}\n\nexport class Store {\n private collections = new Map<string, Collection<any>>();\n private _data = new Map<string, unknown>();\n\n collection<T extends Entity>(name: string, indexFields: (keyof T)[] = []): Collection<T> {\n const existing = this.collections.get(name);\n if (existing) {\n if (indexFields.length > 0) {\n const requested = indexFields.map(String).sort();\n if (existing.fieldNames.length !== requested.length || existing.fieldNames.some((f, i) => f !== requested[i])) {\n throw new Error(\n `Collection \"${name}\" already exists with indexes [${existing.fieldNames}] but was requested with [${requested}]`\n );\n }\n }\n return existing as Collection<T>;\n }\n const col = new Collection<T>(indexFields);\n this.collections.set(name, col);\n return col;\n }\n\n getData<V>(key: string): V | undefined {\n return this._data.get(key) as V | undefined;\n }\n\n setData<V>(key: string, value: V): void {\n this._data.set(key, value);\n }\n\n reset(): void {\n for (const collection of this.collections.values()) {\n collection.clear();\n }\n this._data.clear();\n }\n\n snapshot(): StoreSnapshot {\n const collections: Record<string, CollectionSnapshot> = {};\n for (const [name, col] of this.collections) {\n collections[name] = col.snapshot();\n }\n const data: Record<string, unknown> = {};\n for (const [key, value] of this._data) {\n data[key] = serializeValue(value);\n }\n return { collections, data };\n }\n\n restore(snap: StoreSnapshot): void {\n const snapshotNames = new Set(Object.keys(snap.collections));\n for (const name of this.collections.keys()) {\n if (!snapshotNames.has(name)) {\n this.collections.delete(name);\n }\n }\n for (const [name, colSnap] of Object.entries(snap.collections)) {\n const indexFields = colSnap.indexFields as (keyof Entity)[];\n const col = this.collection(name, indexFields);\n col.restore(colSnap as CollectionSnapshot<any>);\n }\n this._data.clear();\n for (const [key, value] of Object.entries(snap.data)) {\n this._data.set(key, deserializeValue(value));\n }\n }\n}\n","import { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport { Store } from \"./store.js\";\nimport { WebhookDispatcher } from \"./webhooks.js\";\nimport { createApiErrorHandler, createErrorHandler } from \"./middleware/error-handler.js\";\nimport { authMiddleware, type AuthFallback, type TokenMap, type AppKeyResolver, type AppEnv } from \"./middleware/auth.js\";\nimport type { ServicePlugin } from \"./plugin.js\";\nimport { registerFontRoutes } from \"./fonts.js\";\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n docsUrl?: string;\n tokens?: Record<string, { login: string; id: number; scopes?: string[] }>;\n appKeyResolver?: AppKeyResolver;\n fallbackUser?: AuthFallback;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4000;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<AppEnv>();\n const store = new Store();\n const webhooks = new WebhookDispatcher();\n\n const tokenMap: TokenMap = new Map();\n if (options.tokens) {\n for (const [token, user] of Object.entries(options.tokens)) {\n tokenMap.set(token, {\n login: user.login,\n id: user.id,\n scopes: user.scopes ?? [\"repo\", \"user\", \"admin:org\", \"admin:repo_hook\"],\n });\n }\n }\n\n const docsUrl = options.docsUrl ?? `https://emulate.dev/${plugin.name}`;\n\n registerFontRoutes(app);\n\n app.onError(createApiErrorHandler(docsUrl));\n app.use(\"*\", cors());\n app.use(\"*\", createErrorHandler(docsUrl));\n app.use(\"*\", authMiddleware(tokenMap, options.appKeyResolver, options.fallbackUser));\n\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use(\"*\", async (c, next) => {\n const token = c.get(\"authToken\") ?? \"__anonymous__\";\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [key, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(key);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(token);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 5000, resetAt: now + 3600 };\n rateLimitCounters.set(token, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header(\"X-RateLimit-Limit\", \"5000\");\n c.header(\"X-RateLimit-Remaining\", String(counter.remaining));\n c.header(\"X-RateLimit-Reset\", String(counter.resetAt));\n c.header(\"X-RateLimit-Resource\", \"core\");\n\n if (counter.remaining === 0) {\n return c.json(\n {\n message: \"API rate limit exceeded\",\n documentation_url: docsUrl,\n },\n 403\n );\n }\n\n await next();\n });\n\n plugin.register(app, store, webhooks, baseUrl, tokenMap);\n\n app.notFound((c) =>\n c.json(\n {\n message: \"Not Found\",\n documentation_url: docsUrl,\n },\n 404\n )\n );\n\n return { app, store, webhooks, port, baseUrl, tokenMap };\n}\n","import { createHmac } from \"crypto\";\n\nexport interface WebhookSubscription {\n id: number;\n url: string;\n events: string[];\n active: boolean;\n secret?: string;\n owner: string;\n repo?: string;\n}\n\nexport interface WebhookDelivery {\n id: number;\n hook_id: number;\n event: string;\n action?: string;\n payload: unknown;\n status_code: number | null;\n delivered_at: string;\n duration: number | null;\n success: boolean;\n}\n\nconst MAX_DELIVERIES = 1000;\n\nexport class WebhookDispatcher {\n private subscriptions: WebhookSubscription[] = [];\n private deliveries: WebhookDelivery[] = [];\n private subscriptionIdCounter = 1;\n private deliveryIdCounter = 1;\n\n register(sub: Omit<WebhookSubscription, \"id\"> & { id?: number }): WebhookSubscription {\n const { id: explicitId, ...rest } = sub;\n const id = explicitId !== undefined ? explicitId : this.subscriptionIdCounter++;\n if (id >= this.subscriptionIdCounter) {\n this.subscriptionIdCounter = id + 1;\n }\n const subscription: WebhookSubscription = { ...rest, id };\n this.subscriptions.push(subscription);\n return subscription;\n }\n\n unregister(id: number): boolean {\n const idx = this.subscriptions.findIndex((s) => s.id === id);\n if (idx === -1) return false;\n this.subscriptions.splice(idx, 1);\n return true;\n }\n\n getSubscription(id: number): WebhookSubscription | undefined {\n return this.subscriptions.find((s) => s.id === id);\n }\n\n getSubscriptions(owner?: string, repo?: string): WebhookSubscription[] {\n return this.subscriptions.filter((s) => {\n if (owner && s.owner !== owner) return false;\n if (repo !== undefined && s.repo !== repo) return false;\n return true;\n });\n }\n\n updateSubscription(\n id: number,\n data: Partial<Pick<WebhookSubscription, \"url\" | \"events\" | \"active\" | \"secret\">>\n ): WebhookSubscription | undefined {\n const sub = this.subscriptions.find((s) => s.id === id);\n if (!sub) return undefined;\n Object.assign(sub, data);\n return sub;\n }\n\n async dispatch(event: string, action: string | undefined, payload: unknown, owner: string, repo?: string): Promise<void> {\n const matchingSubs = this.subscriptions.filter((s) => {\n if (!s.active) return false;\n if (s.owner !== owner) return false;\n if (repo !== undefined) {\n if (s.repo !== repo) return false;\n } else if (s.repo !== undefined) {\n return false;\n }\n return (\n event === \"ping\" ||\n s.events.includes(\"*\") ||\n s.events.includes(event)\n );\n });\n\n for (const sub of matchingSubs) {\n const delivery: WebhookDelivery = {\n id: this.deliveryIdCounter++,\n hook_id: sub.id,\n event,\n action,\n payload,\n status_code: null,\n delivered_at: new Date().toISOString(),\n duration: null,\n success: false,\n };\n\n const body = JSON.stringify(payload);\n\n const signatureHeaders: Record<string, string> = {};\n if (sub.secret) {\n const hmac = createHmac(\"sha256\", sub.secret).update(body).digest(\"hex\");\n signatureHeaders[\"X-Hub-Signature-256\"] = `sha256=${hmac}`;\n }\n\n try {\n const start = Date.now();\n const response = await fetch(sub.url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"X-GitHub-Event\": event,\n \"X-GitHub-Delivery\": String(delivery.id),\n ...signatureHeaders,\n },\n body,\n signal: AbortSignal.timeout(10000),\n });\n delivery.duration = Date.now() - start;\n delivery.status_code = response.status;\n delivery.success = response.ok;\n } catch {\n delivery.duration = 0;\n delivery.success = false;\n }\n\n this.deliveries.push(delivery);\n if (this.deliveries.length > MAX_DELIVERIES) {\n this.deliveries.splice(0, this.deliveries.length - MAX_DELIVERIES);\n }\n }\n }\n\n getDeliveries(hookId?: number): WebhookDelivery[] {\n if (hookId !== undefined) {\n return this.deliveries.filter((d) => d.hook_id === hookId);\n }\n return [...this.deliveries];\n }\n\n clear(): void {\n this.subscriptions.length = 0;\n this.deliveries.length = 0;\n this.subscriptionIdCounter = 1;\n this.deliveryIdCounter = 1;\n }\n}\n","import type { Context, ErrorHandler, MiddlewareHandler } from \"hono\";\nimport type { ContentfulStatusCode } from \"hono/utils/http-status\";\n\nconst DEFAULT_DOCS_URL = \"https://emulate.dev\";\n\nfunction getDocsUrl(c: Context): string {\n return (c.get(\"docsUrl\") as string | undefined) ?? DEFAULT_DOCS_URL;\n}\n\nfunction errorStatus(err: unknown): number {\n if (err && typeof err === \"object\" && \"status\" in err) {\n const s = (err as { status: unknown }).status;\n if (typeof s === \"number\" && Number.isFinite(s)) return s;\n }\n return 500;\n}\n\n/**\n * Use with `app.onError(...)`. Hono routes handler throws to the app error handler, not to outer middleware try/catch.\n */\nexport function createApiErrorHandler(documentationUrl?: string): ErrorHandler {\n return (err, c) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n const status = errorStatus(err);\n const message = err instanceof Error ? err.message : \"Internal Server Error\";\n return c.json(\n {\n message,\n documentation_url: getDocsUrl(c),\n },\n status as ContentfulStatusCode\n );\n };\n}\n\n/** Sets `docsUrl` on the context for successful responses; register `createApiErrorHandler` for thrown `ApiError`s. */\nexport function createErrorHandler(documentationUrl?: string): MiddlewareHandler {\n return async (c, next) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n await next();\n };\n}\n\nexport const errorHandler: MiddlewareHandler = createErrorHandler();\n\nexport class ApiError extends Error {\n constructor(\n public status: number,\n message: string,\n public errors?: Array<{ resource: string; field: string; code: string }>\n ) {\n super(message);\n this.name = \"ApiError\";\n }\n}\n\nexport function notFound(resource?: string): ApiError {\n return new ApiError(404, resource ? `${resource} not found` : \"Not Found\");\n}\n\nexport function validationError(message: string, errors?: ApiError[\"errors\"]): ApiError {\n return new ApiError(422, message, errors);\n}\n\nexport function unauthorized(): ApiError {\n return new ApiError(401, \"Requires authentication\");\n}\n\nexport function forbidden(): ApiError {\n return new ApiError(403, \"Forbidden\");\n}\n\nexport async function parseJsonBody(c: Context): Promise<Record<string, unknown>> {\n try {\n const body = await c.req.json();\n if (body && typeof body === \"object\" && !Array.isArray(body)) {\n return body as Record<string, unknown>;\n }\n return {};\n } catch {\n throw new ApiError(400, \"Problems parsing JSON\");\n }\n}\n","import type { Context, Next } from \"hono\";\nimport { jwtVerify, importPKCS8 } from \"jose\";\nimport { debug } from \"../debug.js\";\n\nexport interface AuthUser {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport interface AuthApp {\n appId: number;\n slug: string;\n name: string;\n}\n\nexport interface AuthInstallation {\n installationId: number;\n appId: number;\n permissions: Record<string, string>;\n repositoryIds: number[];\n repositorySelection: \"all\" | \"selected\";\n}\n\nexport type TokenMap = Map<string, AuthUser>;\n\nexport interface TokenEntry {\n token: string;\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function serializeTokenMap(tokenMap: TokenMap): TokenEntry[] {\n return [...tokenMap.entries()].map(([token, user]) => ({\n token,\n login: user.login,\n id: user.id,\n scopes: user.scopes,\n }));\n}\n\nexport function restoreTokenMap(tokenMap: TokenMap, tokens: TokenEntry[]): void {\n tokenMap.clear();\n for (const t of tokens) {\n tokenMap.set(t.token, { login: t.login, id: t.id, scopes: t.scopes });\n }\n}\n\nexport type AppEnv = {\n Variables: {\n authUser?: AuthUser;\n authApp?: AuthApp;\n authToken?: string;\n authScopes?: string[];\n docsUrl?: string;\n };\n};\n\nexport interface AppKeyResolver {\n (appId: number): { privateKey: string; slug: string; name: string } | null;\n}\n\nexport interface AuthFallback {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function authMiddleware(tokens: TokenMap, appKeyResolver?: AppKeyResolver, fallbackUser?: AuthFallback) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header(\"Authorization\");\n if (authHeader) {\n const token = authHeader.replace(/^(Bearer|token)\\s+/i, \"\").trim();\n\n if (token.startsWith(\"eyJ\") && appKeyResolver) {\n try {\n const [, payloadB64] = token.split(\".\");\n const payload = JSON.parse(\n Buffer.from(payloadB64, \"base64url\").toString()\n );\n const appId = typeof payload.iss === \"string\" ? parseInt(payload.iss, 10) : payload.iss;\n\n if (typeof appId === \"number\" && !isNaN(appId)) {\n const appInfo = appKeyResolver(appId);\n if (appInfo) {\n const key = await importPKCS8(appInfo.privateKey, \"RS256\");\n await jwtVerify(token, key, { algorithms: [\"RS256\"] });\n c.set(\"authApp\", {\n appId,\n slug: appInfo.slug,\n name: appInfo.name,\n } satisfies AuthApp);\n }\n }\n } catch {\n // JWT verification failed\n }\n } else {\n let user = tokens.get(token);\n if (!user && fallbackUser && token.length > 0) {\n debug(\"auth\", \"fallback user for unknown token\", { login: fallbackUser.login, id: fallbackUser.id });\n user = { login: fallbackUser.login, id: fallbackUser.id, scopes: fallbackUser.scopes };\n }\n if (user) {\n c.set(\"authUser\", user);\n c.set(\"authToken\", token);\n c.set(\"authScopes\", user.scopes);\n }\n }\n }\n await next();\n };\n}\n\nexport function requireAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authUser\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"Requires authentication\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n\nexport function requireAppAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authApp\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"A JSON web token could not be decoded\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n","const isDebug = typeof process !== \"undefined\" && (process.env.DEBUG === \"1\" || process.env.DEBUG === \"true\" || process.env.EMULATE_DEBUG === \"1\");\n\nexport function debug(label: string, ...args: unknown[]): void {\n if (isDebug) {\n console.log(`[${label}]`, ...args);\n }\n}\n","import { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, join } from \"node:path\";\nimport type { Hono } from \"hono\";\nimport type { AppEnv } from \"./middleware/auth.js\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\n\nconst FONTS: Record<string, Buffer> = {\n \"geist-sans.woff2\": readFileSync(join(__dirname, \"fonts\", \"geist-sans.woff2\")),\n \"GeistPixel-Square.woff2\": readFileSync(join(__dirname, \"fonts\", \"GeistPixel-Square.woff2\")),\n};\n\nexport function registerFontRoutes(app: Hono<AppEnv>): void {\n app.get(\"/_emulate/fonts/:name\", (c) => {\n const name = c.req.param(\"name\");\n const buf = FONTS[name];\n if (!buf) return c.notFound();\n return new Response(buf, {\n headers: {\n \"Content-Type\": \"font/woff2\",\n \"Cache-Control\": \"public, max-age=31536000, immutable\",\n \"Access-Control-Allow-Origin\": \"*\",\n },\n });\n });\n}\n","import type { Context } from \"hono\";\n\nexport interface PaginationParams {\n page: number;\n per_page: number;\n}\n\nexport function parsePagination(c: Context): PaginationParams {\n const page = Math.max(1, parseInt(c.req.query(\"page\") ?? \"1\", 10) || 1);\n const per_page = Math.min(100, Math.max(1, parseInt(c.req.query(\"per_page\") ?? \"30\", 10) || 30));\n return { page, per_page };\n}\n\nexport function setLinkHeader(\n c: Context,\n totalCount: number,\n page: number,\n perPage: number\n): void {\n const lastPage = Math.max(1, Math.ceil(totalCount / perPage));\n const baseUrl = new URL(c.req.url);\n const links: string[] = [];\n\n const makeLink = (p: number, rel: string) => {\n baseUrl.searchParams.set(\"page\", String(p));\n baseUrl.searchParams.set(\"per_page\", String(perPage));\n return `<${baseUrl.toString()}>; rel=\"${rel}\"`;\n };\n\n if (page < lastPage) {\n links.push(makeLink(page + 1, \"next\"));\n links.push(makeLink(lastPage, \"last\"));\n }\n if (page > 1) {\n links.push(makeLink(1, \"first\"));\n links.push(makeLink(page - 1, \"prev\"));\n }\n\n if (links.length > 0) {\n c.header(\"Link\", links.join(\", \"));\n }\n}\n","export function escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\")\n .replace(/\"/g, \""\");\n}\n\nexport function escapeAttr(s: string): string {\n return escapeHtml(s).replace(/'/g, \"'\");\n}\n\nconst CSS = `\n@font-face{\n font-family:'Geist';font-style:normal;font-weight:100 900;font-display:swap;\n src:url('/_emulate/fonts/geist-sans.woff2') format('woff2');\n}\n@font-face{\n font-family:'Geist Pixel';font-style:normal;font-weight:400;font-display:swap;\n src:url('/_emulate/fonts/GeistPixel-Square.woff2') format('woff2');\n}\n*{box-sizing:border-box;margin:0;padding:0}\nbody{\n font-family:'Geist',-apple-system,BlinkMacSystemFont,sans-serif;\n background:#000;color:#33ff00;min-height:100vh;\n -webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;\n}\n.emu-bar{\n border-bottom:1px solid #0a3300;padding:10px 20px;\n display:flex;align-items:center;gap:10px;font-size:.8125rem;color:#1a8c00;\n}\n.emu-bar-title{font-weight:600;color:#33ff00;font-family:'Geist Pixel',monospace;}\n.emu-bar-links{margin-left:auto;display:flex;gap:16px;}\n.emu-bar-links a{\n color:#1a8c00;font-size:.75rem;text-decoration:none;transition:color .15s;\n}\n.emu-bar-links a:hover{color:#33ff00;}\n.emu-bar-links a .full{display:inline;}\n.emu-bar-links a .short{display:none;}\n@media(max-width:600px){\n .emu-bar-links a .full{display:none;}\n .emu-bar-links a .short{display:inline;}\n}\n\n.content{\n display:flex;align-items:center;justify-content:center;\n min-height:calc(100vh - 42px);padding:24px 16px;\n}\n.content-inner{width:100%;max-width:420px;}\n.card-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.125rem;font-weight:600;margin-bottom:4px;color:#33ff00;\n}\n.card-subtitle{color:#1a8c00;font-size:.8125rem;margin-bottom:18px;line-height:1.45;}\n.powered-by{\n position:fixed;bottom:0;left:0;right:0;\n text-align:center;padding:12px;font-size:.6875rem;color:#0a3300;\n font-family:'Geist Pixel',monospace;\n}\n.powered-by a{color:#1a8c00;text-decoration:none;transition:color .15s;}\n.powered-by a:hover{color:#33ff00;}\n\n.error-title{\n font-family:'Geist Pixel',monospace;\n color:#ff4444;font-size:1.125rem;font-weight:600;margin-bottom:8px;\n}\n.error-msg{color:#1a8c00;font-size:.875rem;line-height:1.5;}\n.error-card{text-align:center;}\n\n.user-form{margin-bottom:8px;}\n.user-form:last-of-type{margin-bottom:0;}\n.user-btn{\n width:100%;display:flex;align-items:center;gap:12px;\n padding:10px 12px;border:1px solid #0a3300;border-radius:8px;\n background:#000;color:inherit;cursor:pointer;text-align:left;\n font:inherit;transition:border-color .15s;\n}\n.user-btn:hover{border-color:#33ff00;}\n.avatar{\n width:36px;height:36px;border-radius:50%;\n background:#0a3300;color:#33ff00;font-weight:600;font-size:.875rem;\n display:flex;align-items:center;justify-content:center;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.user-text{min-width:0;}\n.user-login{font-weight:600;font-size:.875rem;display:block;color:#33ff00;}\n.user-meta{color:#1a8c00;font-size:.75rem;margin-top:1px;}\n.user-email{font-size:.6875rem;color:#116600;word-break:break-all;margin-top:1px;}\n\n.settings-layout{\n max-width:920px;margin:0 auto;padding:28px 20px;\n display:flex;gap:28px;\n}\n.settings-sidebar{width:200px;flex-shrink:0;}\n.settings-sidebar a{\n display:block;padding:6px 10px;border-radius:6px;color:#1a8c00;\n text-decoration:none;font-size:.8125rem;transition:color .15s;\n}\n.settings-sidebar a:hover{color:#33ff00;}\n.settings-sidebar a.active{color:#33ff00;font-weight:600;}\n.settings-main{flex:1;min-width:0;}\n\n.s-card{\n padding:18px 0;margin-bottom:14px;border-bottom:1px solid #0a3300;\n}\n.s-card:last-child{border-bottom:none;}\n.s-card-header{display:flex;align-items:center;gap:14px;margin-bottom:14px;}\n.s-icon{\n width:42px;height:42px;border-radius:8px;\n background:#0a3300;display:flex;align-items:center;justify-content:center;\n font-size:1.125rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.s-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.25rem;font-weight:600;color:#33ff00;\n}\n.s-subtitle{font-size:.75rem;color:#1a8c00;margin-top:2px;}\n.section-heading{\n font-size:.9375rem;font-weight:600;margin-bottom:10px;color:#33ff00;\n display:flex;align-items:center;justify-content:space-between;\n}\n.perm-list{list-style:none;}\n.perm-list li{padding:5px 0;font-size:.8125rem;display:flex;align-items:center;gap:6px;color:#1a8c00;}\n.check{color:#33ff00;}\n.org-row{\n display:flex;align-items:center;gap:8px;padding:7px 0;\n border-bottom:1px solid #0a3300;font-size:.8125rem;\n}\n.org-row:last-child{border-bottom:none;}\n.org-icon{\n width:22px;height:22px;border-radius:4px;background:#0a3300;\n display:flex;align-items:center;justify-content:center;\n font-size:.625rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.org-name{font-weight:600;color:#33ff00;}\n.badge{font-size:.6875rem;padding:1px 7px;border-radius:999px;font-weight:500;}\n.badge-granted{background:#0a3300;color:#33ff00;}\n.badge-denied{background:#1a0a0a;color:#ff4444;}\n.badge-requested{background:#0a3300;color:#1a8c00;}\n.btn-revoke{\n display:inline-block;padding:5px 14px;border-radius:6px;\n border:1px solid #0a3300;background:transparent;color:#ff4444;\n font-size:.75rem;font-weight:600;cursor:pointer;transition:border-color .15s;\n}\n.btn-revoke:hover{border-color:#ff4444;}\n.info-text{color:#1a8c00;font-size:.75rem;line-height:1.5;margin-top:10px;}\n.app-link{\n display:flex;align-items:center;gap:12px;padding:12px;\n border:1px solid #0a3300;border-radius:8px;background:#000;\n text-decoration:none;color:inherit;margin-bottom:8px;transition:border-color .15s;\n}\n.app-link:hover{border-color:#33ff00;}\n.app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}\n.app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}\n.empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}\n`;\n\nconst POWERED_BY = `<div class=\"powered-by\">Powered by <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\">emulate</a></div>`;\n\nfunction emuBar(service?: string): string {\n const title = service ? `${escapeHtml(service)} Emulator` : \"Emulator\";\n return `<div class=\"emu-bar\">\n <span class=\"emu-bar-title\">${title}</span>\n <nav class=\"emu-bar-links\">\n <a href=\"https://github.com/vercel-labs/emulate/issues\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Report Issue</span><span class=\"short\">Report</span></a>\n <a href=\"https://github.com/vercel-labs/emulate\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Source Code</span><span class=\"short\">Source</span></a>\n <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Learn More</span><span class=\"short\">Learn</span></a>\n </nav>\n</div>`;\n}\n\nfunction head(title: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\"/>\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/>\n<title>${escapeHtml(title)} | emulate</title>\n<style>${CSS}</style>\n</head>`;\n}\n\nexport function renderCardPage(\n title: string,\n subtitle: string,\n body: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner\">\n <div class=\"card-title\">${escapeHtml(title)}</div>\n <div class=\"card-subtitle\">${subtitle}</div>\n ${body}\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderErrorPage(title: string, message: string, service?: string): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner error-card\">\n <div class=\"error-title\">${escapeHtml(title)}</div>\n <div class=\"error-msg\">${escapeHtml(message)}</div>\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderSettingsPage(\n title: string,\n sidebarHtml: string,\n bodyHtml: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"settings-layout\">\n <nav class=\"settings-sidebar\">${sidebarHtml}</nav>\n <div class=\"settings-main\">${bodyHtml}</div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport interface UserButtonOptions {\n letter: string;\n login: string;\n name?: string;\n email?: string;\n formAction: string;\n hiddenFields: Record<string, string>;\n}\n\nexport function renderUserButton(opts: UserButtonOptions): string {\n const hiddens = Object.entries(opts.hiddenFields)\n .map(([k, v]) => `<input type=\"hidden\" name=\"${escapeAttr(k)}\" value=\"${escapeAttr(v)}\"/>`)\n .join(\"\");\n\n const nameLine = opts.name\n ? `<div class=\"user-meta\">${escapeHtml(opts.name)}</div>`\n : \"\";\n const emailLine = opts.email\n ? `<div class=\"user-email\">${escapeHtml(opts.email)}</div>`\n : \"\";\n\n return `<form class=\"user-form\" method=\"post\" action=\"${escapeAttr(opts.formAction)}\">\n${hiddens}\n<button type=\"submit\" class=\"user-btn\">\n <span class=\"avatar\">${escapeHtml(opts.letter)}</span>\n <span class=\"user-text\">\n <span class=\"user-login\">${escapeHtml(opts.login)}</span>\n ${nameLine}${emailLine}\n </span>\n</button>\n</form>`;\n}\n","import { timingSafeEqual } from \"crypto\";\n\nexport function normalizeUri(uri: string): string {\n try {\n const u = new URL(uri);\n return `${u.origin}${u.pathname.replace(/\\/+$/, \"\")}`;\n } catch {\n return uri.replace(/\\/+$/, \"\").split(\"?\")[0];\n }\n}\n\nexport function matchesRedirectUri(incoming: string, registered: string[]): boolean {\n const normalized = normalizeUri(incoming);\n return registered.some((r) => normalizeUri(r) === normalized);\n}\n\nexport function constantTimeSecretEqual(a: string, b: string): boolean {\n const bufA = Buffer.from(a, \"utf-8\");\n const bufB = Buffer.from(b, \"utf-8\");\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n\nexport function bodyStr(v: unknown): string {\n if (typeof v === \"string\") return v;\n if (Array.isArray(v) && typeof v[0] === \"string\") return v[0];\n return \"\";\n}\n\nexport function parseCookies(header: string): Record<string, string> {\n const cookies: Record<string, string> = {};\n for (const part of header.split(\";\")) {\n const [k, ...v] = part.split(\"=\");\n if (k) cookies[k.trim()] = v.join(\"=\").trim();\n }\n return cookies;\n}\n","import { readFile, writeFile, mkdir } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\n\nexport interface PersistenceAdapter {\n load(): Promise<string | null>;\n save(data: string): Promise<void>;\n}\n\nexport function filePersistence(path: string): PersistenceAdapter {\n return {\n async load() {\n try {\n return await readFile(path, \"utf-8\");\n } catch {\n return null;\n }\n },\n async save(data: string) {\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, data, \"utf-8\");\n },\n };\n}\n","import type { Hono } from \"hono\";\nimport type { ServicePlugin, Store, WebhookDispatcher, TokenMap, AppEnv, RouteContext } from \"@emulators/core\";\nimport { getMicrosoftStore } from \"./store.js\";\nimport { generateOid, DEFAULT_TENANT_ID } from \"./helpers.js\";\nimport { oauthRoutes } from \"./routes/oauth.js\";\n\nexport { getMicrosoftStore, type MicrosoftStore } from \"./store.js\";\nexport * from \"./entities.js\";\n\n\nexport interface MicrosoftSeedConfig {\n users?: Array<{\n email: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n tenant_id?: string;\n }>;\n oauth_clients?: Array<{\n client_id: string;\n client_secret: string;\n name: string;\n redirect_uris: string[];\n tenant_id?: string;\n }>;\n}\n\nfunction seedDefaults(store: Store, _baseUrl: string): void {\n const ms = getMicrosoftStore(store);\n\n ms.users.insert({\n oid: generateOid(),\n email: \"testuser@outlook.com\",\n name: \"Test User\",\n given_name: \"Test\",\n family_name: \"User\",\n email_verified: true,\n tenant_id: DEFAULT_TENANT_ID,\n preferred_username: \"testuser@outlook.com\",\n });\n}\n\nexport function seedFromConfig(store: Store, _baseUrl: string, config: MicrosoftSeedConfig): void {\n const ms = getMicrosoftStore(store);\n\n if (config.users) {\n for (const u of config.users) {\n const existing = ms.users.findOneBy(\"email\", u.email);\n if (existing) continue;\n\n const nameParts = (u.name ?? \"\").split(/\\s+/);\n ms.users.insert({\n oid: generateOid(),\n email: u.email,\n name: u.name ?? u.email.split(\"@\")[0],\n given_name: u.given_name ?? nameParts[0] ?? \"\",\n family_name: u.family_name ?? nameParts.slice(1).join(\" \") ?? \"\",\n email_verified: true,\n tenant_id: u.tenant_id ?? DEFAULT_TENANT_ID,\n preferred_username: u.email,\n });\n }\n }\n\n if (config.oauth_clients) {\n for (const client of config.oauth_clients) {\n const existing = ms.oauthClients.findOneBy(\"client_id\", client.client_id);\n if (existing) continue;\n ms.oauthClients.insert({\n client_id: client.client_id,\n client_secret: client.client_secret,\n name: client.name,\n redirect_uris: client.redirect_uris,\n tenant_id: client.tenant_id ?? DEFAULT_TENANT_ID,\n });\n }\n }\n}\n\nexport const microsoftPlugin: ServicePlugin = {\n name: \"microsoft\",\n register(app: Hono<AppEnv>, store: Store, webhooks: WebhookDispatcher, baseUrl: string, tokenMap?: TokenMap): void {\n const ctx: RouteContext = { app, store, webhooks, baseUrl, tokenMap };\n oauthRoutes(ctx);\n },\n seed(store: Store, baseUrl: string): void {\n seedDefaults(store, baseUrl);\n },\n};\n\nexport default microsoftPlugin;\n"],"mappings":";AAQO,SAAS,kBAAkB,OAA8B;AAC9D,SAAO;AAAA,IACL,OAAO,MAAM,WAA0B,mBAAmB,CAAC,OAAO,OAAO,CAAC;AAAA,IAC1E,cAAc,MAAM,WAAiC,2BAA2B,CAAC,WAAW,CAAC;AAAA,EAC/F;AACF;;;ACbA,SAAS,kBAAkB;AAGpB,IAAM,oBAAoB;AAK1B,SAAS,cAAsB;AACpC,SAAO,WAAW;AACpB;;;ACVA,SAAS,YAAY,mBAAmB;AACxC,SAAS,SAAS,WAAW,uBAAuB;;;AEDpD,SAAS,YAAY;AACrB,SAAS,YAAY;AGArB,SAAS,WAAW,mBAAmB;AEDvC,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,YAAY;AGF9B,SAAS,uBAAuB;ANsCzB,SAAS,mBAAmB,kBAA8C;AAC/E,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,kBAAkB;AACpB,QAAE,IAAI,WAAW,gBAAgB;IACnC;AACA,UAAM,KAAK;EACb;AACF;AAEO,IAAM,eAAkC,mBAAmB;AE/ClE,IAAM,UAAU,OAAO,YAAY,gBAAgB,QAAQ,IAAI,UAAU,OAAO,QAAQ,IAAI,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AAEvI,SAAS,MAAM,UAAkB,MAAuB;AAC7D,MAAI,SAAS;AACX,YAAQ,IAAI,IAAI,KAAK,KAAK,GAAG,IAAI;EACnC;AACF;ACAA,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AAExD,IAAM,QAAgC;EACpC,oBAAoB,aAAa,KAAK,WAAW,SAAS,kBAAkB,CAAC;EAC7E,2BAA2B,aAAa,KAAK,WAAW,SAAS,yBAAyB,CAAC;AAC7F;AEXO,SAAS,WAAW,GAAmB;AAC5C,SAAO,EACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ;AAC3B;AAEO,SAAS,WAAW,GAAmB;AAC5C,SAAO,WAAW,CAAC,EAAE,QAAQ,MAAM,OAAO;AAC5C;AAEA,IAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmJZ,IAAM,aAAa;AAEnB,SAAS,OAAO,SAA0B;AACxC,QAAM,QAAQ,UAAU,GAAG,WAAW,OAAO,CAAC,cAAc;AAC5D,SAAO;gCACuB,KAAK;;;;;;;AAOrC;AAEA,SAAS,KAAK,OAAuB;AACnC,SAAO;;;;;SAKA,WAAW,KAAK,CAAC;SACjB,GAAG;;AAEZ;AAEO,SAAS,eACd,OACA,UACA,MACA,SACQ;AACR,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;8BAGa,WAAW,KAAK,CAAC;iCACd,QAAQ;MACnC,IAAI;;;EAGR,UAAU;;AAEZ;AAEO,SAAS,gBAAgB,OAAe,SAAiB,SAA0B;AACxF,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;+BAGc,WAAW,KAAK,CAAC;6BACnB,WAAW,OAAO,CAAC;;;EAG9C,UAAU;;AAEZ;AA4BO,SAAS,iBAAiB,MAAiC;AAChE,QAAM,UAAU,OAAO,QAAQ,KAAK,YAAY,EAC7C,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,8BAA8B,WAAW,CAAC,CAAC,YAAY,WAAW,CAAC,CAAC,KAAK,EACzF,KAAK,EAAE;AAEV,QAAM,WAAW,KAAK,OAClB,0BAA0B,WAAW,KAAK,IAAI,CAAC,WAC/C;AACJ,QAAM,YAAY,KAAK,QACnB,2BAA2B,WAAW,KAAK,KAAK,CAAC,WACjD;AAEJ,SAAO,iDAAiD,WAAW,KAAK,UAAU,CAAC;EACnF,OAAO;;yBAEgB,WAAW,KAAK,MAAM,CAAC;;+BAEjB,WAAW,KAAK,KAAK,CAAC;MAC/C,QAAQ,GAAG,SAAS;;;;AAI1B;ACxQO,SAAS,aAAa,KAAqB;AAChD,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,GAAG;AACrB,WAAO,GAAG,EAAE,MAAM,GAAG,EAAE,SAAS,QAAQ,QAAQ,EAAE,CAAC;EACrD,QAAQ;AACN,WAAO,IAAI,QAAQ,QAAQ,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;EAC7C;AACF;AAEO,SAAS,mBAAmB,UAAkB,YAA+B;AAClF,QAAM,aAAa,aAAa,QAAQ;AACxC,SAAO,WAAW,KAAK,CAAC,MAAM,aAAa,CAAC,MAAM,UAAU;AAC9D;AAEO,SAAS,wBAAwB,GAAW,GAAoB;AACrE,QAAM,OAAO,OAAO,KAAK,GAAG,OAAO;AACnC,QAAM,OAAO,OAAO,KAAK,GAAG,OAAO;AACnC,MAAI,KAAK,WAAW,KAAK,OAAQ,QAAO;AACxC,SAAO,gBAAgB,MAAM,IAAI;AACnC;AAEO,SAAS,QAAQ,GAAoB;AAC1C,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,MAAM,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC,MAAM,SAAU,QAAO,EAAE,CAAC;AAC5D,SAAO;AACT;;;AVPA,IAAM,iBAAiB,gBAAgB,OAAO;AAC9C,IAAM,MAAM;AAoBZ,IAAM,sBAAsB,KAAK,KAAK;AAEtC,SAAS,gBAAgB,OAAwC;AAC/D,MAAI,MAAM,MAAM,QAAkC,8BAA8B;AAChF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,gCAAgC,GAAG;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAA+C;AACvE,MAAI,MAAM,MAAM,QAAyC,+BAA+B;AACxF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,iCAAiC,GAAG;AAAA,EACpD;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,GAAyB;AACrD,SAAO,KAAK,IAAI,IAAI,EAAE,aAAa;AACrC;AAEA,IAAM,gBAAgB;AAEtB,eAAe,cACb,MACA,UACA,OACA,SACiB;AACjB,QAAM,EAAE,WAAW,IAAI,MAAM;AAC7B,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,QAAM,UAAU,IAAI,QAAQ;AAAA,IAC1B,KAAK,KAAK;AAAA,IACV,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,YAAY,KAAK;AAAA,IACjB,aAAa,KAAK;AAAA,IAClB,oBAAoB,KAAK;AAAA,IACzB,KAAK,KAAK;AAAA,IACV,KAAK,KAAK;AAAA,IACV,KAAK;AAAA,IACL,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,EAC3B,CAAC,EACE,mBAAmB,EAAE,KAAK,SAAS,KAAK,KAAK,KAAK,MAAM,CAAC,EACzD,UAAU,GAAG,OAAO,IAAI,KAAK,SAAS,OAAO,EAC7C,YAAY,QAAQ,EACpB,YAAY,GAAG,EACf,kBAAkB,IAAI;AAEzB,SAAO,QAAQ,KAAK,UAAU;AAChC;AAEO,SAAS,YAAY,EAAE,KAAK,OAAO,SAAS,SAAS,GAAuB;AACjF,QAAM,KAAK,kBAAkB,KAAK;AAMlC,QAAM,aAAa,CAAC,cAAsB;AAAA,IACxC,QAAQ,GAAG,OAAO,IAAI,QAAQ;AAAA,IAC9B,wBAAwB,GAAG,OAAO;AAAA,IAClC,gBAAgB,GAAG,OAAO;AAAA,IAC1B,mBAAmB,GAAG,OAAO;AAAA,IAC7B,sBAAsB,GAAG,OAAO;AAAA,IAChC,UAAU,GAAG,OAAO;AAAA,IACpB,0BAA0B,CAAC,MAAM;AAAA,IACjC,0BAA0B,CAAC,SAAS,YAAY,WAAW;AAAA,IAC3D,yBAAyB,CAAC,UAAU;AAAA,IACpC,uCAAuC,CAAC,OAAO;AAAA,IAC/C,kBAAkB,CAAC,UAAU,SAAS,WAAW,kBAAkB,aAAa,UAAU;AAAA,IAC1F,uBAAuB,CAAC,sBAAsB,iBAAiB,oBAAoB;AAAA,IACnF,uCAAuC,CAAC,sBAAsB,qBAAqB;AAAA,IACnF,kBAAkB;AAAA,MAChB;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MAAO;AAAA,MACnC;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAc;AAAA,MAC/B;AAAA,MAAsB;AAAA,MAAO;AAAA,MAAO;AAAA,IACtC;AAAA,IACA,kCAAkC,CAAC,SAAS,MAAM;AAAA,EACpD;AAEA,MAAI,IAAI,qCAAqC,CAAC,MAAM;AAClD,WAAO,EAAE,KAAK,WAAW,iBAAiB,CAAC;AAAA,EAC7C,CAAC;AAED,MAAI,IAAI,kDAAkD,CAAC,MAAM;AAC/D,UAAM,SAAS,EAAE,IAAI,MAAM,QAAQ;AACnC,WAAO,EAAE,KAAK,WAAW,WAAW,YAAY,WAAW,mBAAmB,WAAW,cAAc,oBAAoB,MAAM,CAAC;AAAA,EACpI,CAAC;AAID,MAAI,IAAI,wBAAwB,OAAO,MAAM;AAC3C,UAAM,EAAE,UAAU,IAAI,MAAM;AAC5B,UAAM,MAAM,MAAM,UAAU,SAAS;AACrC,WAAO,EAAE,KAAK;AAAA,MACZ,MAAM,CAAC;AAAA,QACL,GAAG;AAAA,QACH,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,0BAA0B,CAAC,MAAM;AACvC,UAAM,YAAY,EAAE,IAAI,MAAM,WAAW,KAAK;AAC9C,UAAM,eAAe,EAAE,IAAI,MAAM,cAAc,KAAK;AACpD,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,gBAAgB,EAAE,IAAI,MAAM,eAAe,KAAK;AACtD,UAAM,iBAAiB,EAAE,IAAI,MAAM,gBAAgB,KAAK;AACxD,UAAM,wBAAwB,EAAE,IAAI,MAAM,uBAAuB,KAAK;AAEtE,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,aAAa;AACjB,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AACA,mBAAa,OAAO;AAAA,IACtB;AAEA,UAAM,eAAe,aACjB,sBAAsB,WAAW,UAAU,CAAC,2CAC5C;AAEJ,UAAM,QAAQ,GAAG,MAAM,IAAI;AAC3B,UAAM,cAAc,MACjB,IAAI,CAAC,SAAS;AACb,aAAO,iBAAiB;AAAA,QACtB,SAAS,KAAK,MAAM,CAAC,KAAK,KAAK,YAAY;AAAA,QAC3C,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,YAAY;AAAA,QACZ,cAAc;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,KAAK,IAAI;AAEZ,UAAM,OAAO,MAAM,WAAW,IAC1B,yDACA;AAEJ,WAAO,EAAE,KAAK,eAAe,0BAA0B,cAAc,MAAM,aAAa,CAAC;AAAA,EAC3F,CAAC;AAID,MAAI,KAAK,mCAAmC,OAAO,MAAM;AACvD,UAAM,OAAO,MAAM,EAAE,IAAI,UAAU;AACnC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,eAAe,QAAQ,KAAK,YAAY;AAC9C,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,YAAY,QAAQ,KAAK,SAAS;AACxC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,gBAAgB,QAAQ,KAAK,aAAa,KAAK;AACrD,UAAM,iBAAiB,QAAQ,KAAK,cAAc;AAClD,UAAM,wBAAwB,QAAQ,KAAK,qBAAqB;AAGhE,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AAE3C,oBAAgB,KAAK,EAAE,IAAI,MAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,UAAU;AAAA,MACV,OAAO,SAAS;AAAA,MAChB,eAAe,kBAAkB;AAAA,MACjC,qBAAqB,yBAAyB;AAAA,MAC9C,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAED,UAAM,mBAAmB,6BAA6B,KAAK,MAAM,GAAG,CAAC,CAAC,aAAa,KAAK,EAAE;AAE1F,QAAI,kBAAkB,aAAa;AACjC,YAAM,OAAO;AAAA;AAAA;AAAA;AAAA,8BAIW,WAAW,YAAY,CAAC;AAAA,0CACZ,WAAW,IAAI,CAAC;AAAA,2CACf,WAAW,KAAK,CAAC;AAAA;AAAA;AAAA;AAItD,aAAO,EAAE,KAAK,IAAI;AAAA,IACpB;AAGA,UAAM,MAAM,IAAI,IAAI,YAAY;AAChC,QAAI,aAAa,IAAI,QAAQ,IAAI;AACjC,QAAI,MAAO,KAAI,aAAa,IAAI,SAAS,KAAK;AAE9C,WAAO,EAAE,SAAS,IAAI,SAAS,GAAG,GAAG;AAAA,EACvC,CAAC;AAID,MAAI,KAAK,sBAAsB,OAAO,MAAM;AAC1C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AAEjC,QAAI;AACJ,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI;AAAE,eAAO,KAAK,MAAM,OAAO;AAAA,MAAG,QAAQ;AAAE,eAAO,CAAC;AAAA,MAAG;AAAA,IACzD,OAAO;AACL,aAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAAA,IACxD;AAEA,UAAM,aAAa,OAAO,KAAK,eAAe,WAAW,KAAK,aAAa;AAC3E,UAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,OAAO;AACzD,QAAI,YAAY,OAAO,KAAK,cAAc,WAAW,KAAK,YAAY;AACtE,QAAI,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AAClF,UAAM,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AACpF,UAAM,eAAe,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;AACjF,UAAM,gBAAgB,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;AACpF,UAAM,QAAQ,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ;AAG5D,UAAM,aAAa,EAAE,IAAI,OAAO,eAAe,KAAK;AACpD,QAAI,WAAW,WAAW,QAAQ,GAAG;AACnC,YAAM,UAAU,OAAO,KAAK,WAAW,MAAM,CAAC,GAAG,QAAQ,EAAE,SAAS;AACpE,YAAM,MAAM,QAAQ,QAAQ,GAAG;AAC/B,UAAI,QAAQ,IAAI;AACd,cAAM,WAAW,mBAAmB,QAAQ,MAAM,GAAG,GAAG,CAAC;AACzD,cAAM,eAAe,mBAAmB,QAAQ,MAAM,MAAM,CAAC,CAAC;AAC9D,YAAI,CAAC,UAAW,aAAY;AAC5B,YAAI,CAAC,cAAe,iBAAgB;AAAA,MACtC;AAAA,IACF;AAEA,QAAI,eAAe,sBAAsB;AACvC,YAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,UAAI,mBAAmB;AACrB,cAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,YAAI,CAAC,QAAQ;AACX,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,8BAA8B,GAAG,GAAG;AAAA,QAClG;AACA,YAAI,CAAC,wBAAwB,eAAe,OAAO,aAAa,GAAG;AACjE,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,kCAAkC,GAAG,GAAG;AAAA,QACtG;AAAA,MACF;AAEA,YAAM,aAAa,gBAAgB,KAAK;AACxC,YAAM,UAAU,WAAW,IAAI,IAAI;AACnC,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AACA,UAAI,qBAAqB,OAAO,GAAG;AACjC,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AAGA,UAAI,QAAQ,eAAe,gBAAgB,QAAQ,gBAAgB,cAAc;AAC/E,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,6EAA6E,GAAG,GAAG;AAAA,MAChJ;AAGA,UAAI,QAAQ,kBAAkB,MAAM;AAClC,YAAI,kBAAkB,QAAW;AAC/B,iBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,QAC/F;AACA,cAAM,UAAU,QAAQ,uBAAuB,SAAS,YAAY;AACpE,YAAI,WAAW,QAAQ;AACrB,gBAAM,WAAW,WAAW,QAAQ,EAAE,OAAO,aAAa,EAAE,OAAO,WAAW;AAC9E,cAAI,aAAa,QAAQ,eAAe;AACtC,mBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,UAC/F;AAAA,QACF,WAAW,WAAW,SAAS;AAC7B,cAAI,kBAAkB,QAAQ,eAAe;AAC3C,mBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,UAC/F;AAAA,QACF,OAAO;AACL,iBAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,4BAA4B,GAAG,GAAG;AAAA,QAC/F;AAAA,MACF;AAGA,iBAAW,OAAO,IAAI;AAEtB,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,QAAQ,KAA+B;AAChF,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,eAAe,iBAAiB,YAAY,EAAE,EAAE,SAAS,WAAW;AAC1E,YAAM,SAAS,QAAQ,QAAQ,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE7E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,uBAAiB,KAAK,EAAE,IAAI,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,MACjB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,QAAQ,UAAU,QAAQ,OAAO,OAAO;AAElF,YAAM,mBAAmB,sCAAsC,KAAK,KAAK,EAAE;AAE3E,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,QAAQ,SAAS;AAAA,QACxB,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,iBAAiB;AAClC,YAAM,aAAa,iBAAiB,KAAK;AACzC,YAAM,SAAS,WAAW,IAAI,aAAa;AAC3C,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,gCAAgC,GAAG,GAAG;AAAA,MACnG;AAEA,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,OAAO,KAA+B;AAC/E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,kBAAkB,iBAAiB,YAAY,EAAE,EAAE,SAAS,WAAW;AAC7E,YAAM,SAAS,OAAO,QAAQ,OAAO,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE3E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,iBAAW,OAAO,aAAa;AAC/B,iBAAW,IAAI,iBAAiB;AAAA,QAC9B,OAAO,OAAO;AAAA,QACd,UAAU,OAAO;AAAA,QACjB,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,OAAO,YAAY,WAAW,OAAO,OAAO,OAAO;AAE7F,YAAM,mBAAmB,4CAA4C,KAAK,KAAK,EAAE;AAEjF,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,OAAO,SAAS;AAAA,QACvB,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,sBAAsB;AACvC,YAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,UAAI,mBAAmB;AACrB,cAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,YAAI,CAAC,QAAQ;AACX,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,8BAA8B,GAAG,GAAG;AAAA,QAClG;AACA,YAAI,CAAC,wBAAwB,eAAe,OAAO,aAAa,GAAG;AACjE,iBAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,mBAAmB,kCAAkC,GAAG,GAAG;AAAA,QACtG;AAAA,MACF;AAEA,YAAM,cAAc,eAAe,YAAY,EAAE,EAAE,SAAS,WAAW;AACvE,YAAM,SAAS,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC,UAAU;AAEvE,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,WAAW,IAAI,GAAG,OAAO,CAAC;AAAA,MAC/D;AAEA,YAAM,mBAAmB,mDAAmD,SAAS,EAAE;AAEvF,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,OAAO,SAAS;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,mBAAmB,gFAAgF,GAAG,GAAG;AAAA,EAC5J,CAAC;AAID,MAAI,IAAI,kBAAkB,CAAC,MAAM;AAC/B,UAAM,WAAW,EAAE,IAAI,UAAU;AACjC,QAAI,CAAC,UAAU;AACb,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,2BAA2B,GAAG,GAAG;AAAA,IAC9F;AAEA,UAAM,OAAO,GAAG,MAAM,UAAU,SAAS,SAAS,KAA+B;AACjF,QAAI,CAAC,MAAM;AACT,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,IACrF;AAEA,WAAO,EAAE,KAAK;AAAA,MACZ,KAAK,KAAK;AAAA,MACV,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,YAAY,KAAK;AAAA,MACjB,aAAa,KAAK;AAAA,MAClB,oBAAoB,KAAK;AAAA,IAC3B,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,YAAY,CAAC,MAAM;AACzB,UAAM,WAAW,EAAE,IAAI,UAAU;AACjC,QAAI,CAAC,UAAU;AACb,aAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,8BAA8B,SAAS,2BAA2B,EAAE,GAAG,GAAG;AAAA,IAC3G;AAEA,UAAM,OAAO,GAAG,MAAM,UAAU,SAAS,SAAS,KAA+B;AACjF,QAAI,CAAC,MAAM;AACT,aAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,SAAS,kBAAkB,EAAE,GAAG,GAAG;AAAA,IAChG;AAEA,WAAO,EAAE,KAAK;AAAA,MACZ,kBAAkB,GAAG,OAAO;AAAA,MAC5B,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,mBAAmB,KAAK;AAAA,IAC1B,CAAC;AAAA,EACH,CAAC;AAOD,MAAI,KAAK,yBAAyB,OAAO,MAAM;AAC7C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AAEjC,QAAI;AACJ,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI;AAAE,eAAO,KAAK,MAAM,OAAO;AAAA,MAAG,QAAQ;AAAE,eAAO,CAAC;AAAA,MAAG;AAAA,IACzD,OAAO;AACL,aAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAAA,IACxD;AAIA,UAAM,WAAW,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW;AACrE,QAAI,YAAY,CAAC,KAAK,OAAO;AAC3B,YAAM,aAAa,SAAS,SAAS,GAAG,IAAI,WAAW,WAAW;AAClE,WAAK,QAAQ,aAAa;AAAA,IAC5B;AAGA,UAAM,SAAS,IAAI,gBAAgB;AACnC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,UAAI,QAAQ,cAAc,OAAO,UAAU,UAAU;AACnD,eAAO,IAAI,KAAK,KAAK;AAAA,MACvB;AAAA,IACF;AAGA,UAAM,QAAQ,IAAI,QAAQ,GAAG,OAAO,sBAAsB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,IAAI,QAAQ;AAAA,QACnB,gBAAgB;AAAA,QAChB,GAAI,EAAE,IAAI,OAAO,eAAe,IAAI,EAAE,eAAe,EAAE,IAAI,OAAO,eAAe,EAAG,IAAI,CAAC;AAAA,MAC3F,CAAC;AAAA,MACD,MAAM,OAAO,SAAS;AAAA,IACxB,CAAC;AAED,WAAO,IAAI,MAAM,KAAK;AAAA,EACxB,CAAC;AAMD,MAAI,IAAI,mBAAmB,CAAC,MAAM;AAChC,UAAM,SAAS,EAAE,IAAI,MAAM,IAAI;AAG/B,UAAM,OAAO,GAAG,MAAM,UAAU,OAAO,MAAM;AAC7C,QAAI,CAAC,MAAM;AACT,aAAO,EAAE,KAAK;AAAA,QACZ,OAAO;AAAA,UACL,MAAM;AAAA,UACN,SAAS,aAAa,MAAM;AAAA,QAC9B;AAAA,MACF,GAAG,GAAG;AAAA,IACR;AAEA,WAAO,EAAE,KAAK;AAAA,MACZ,kBAAkB,GAAG,OAAO;AAAA,MAC5B,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,mBAAmB,KAAK;AAAA,IAC1B,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,uBAAuB,CAAC,MAAM;AACpC,UAAM,2BAA2B,EAAE,IAAI,MAAM,0BAA0B;AACvE,QAAI,0BAA0B;AAE5B,YAAM,aAAa,GAAG,aAAa,IAAI;AACvC,UAAI,WAAW,SAAS,GAAG;AACzB,cAAM,UAAU,WAAW;AAAA,UAAK,CAAC,WAC/B,mBAAmB,0BAA0B,OAAO,aAAa;AAAA,QACnE;AACA,YAAI,CAAC,SAAS;AACZ,iBAAO,EAAE,KAAK,oCAAoC,GAAG;AAAA,QACvD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,0BAA0B,GAAG;AAAA,IACjD;AACA,WAAO,EAAE,KAAK,cAAc,GAAG;AAAA,EACjC,CAAC;AAID,MAAI,KAAK,uBAAuB,OAAO,MAAM;AAC3C,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AAEjC,QAAI;AACJ,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,OAAO;AACjC,gBAAQ,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ;AAAA,MAC5D,QAAQ;AACN,gBAAQ;AAAA,MACV;AAAA,IACF,OAAO;AACL,YAAM,SAAS,IAAI,gBAAgB,OAAO;AAC1C,cAAQ,OAAO,IAAI,OAAO,KAAK;AAAA,IACjC;AAEA,QAAI,SAAS,UAAU;AACrB,eAAS,OAAO,KAAK;AAAA,IACvB;AAGA,QAAI,OAAO;AACT,uBAAiB,KAAK,EAAE,OAAO,KAAK;AAAA,IACtC;AAEA,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AACH;;;AYjnBA,SAAS,aAAa,OAAc,UAAwB;AAC1D,QAAM,KAAK,kBAAkB,KAAK;AAElC,KAAG,MAAM,OAAO;AAAA,IACd,KAAK,YAAY;AAAA,IACjB,OAAO;AAAA,IACP,MAAM;AAAA,IACN,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,WAAW;AAAA,IACX,oBAAoB;AAAA,EACtB,CAAC;AACH;AAEO,SAAS,eAAe,OAAc,UAAkB,QAAmC;AAChG,QAAM,KAAK,kBAAkB,KAAK;AAElC,MAAI,OAAO,OAAO;AAChB,eAAW,KAAK,OAAO,OAAO;AAC5B,YAAM,WAAW,GAAG,MAAM,UAAU,SAAS,EAAE,KAAK;AACpD,UAAI,SAAU;AAEd,YAAM,aAAa,EAAE,QAAQ,IAAI,MAAM,KAAK;AAC5C,SAAG,MAAM,OAAO;AAAA,QACd,KAAK,YAAY;AAAA,QACjB,OAAO,EAAE;AAAA,QACT,MAAM,EAAE,QAAQ,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AAAA,QACpC,YAAY,EAAE,cAAc,UAAU,CAAC,KAAK;AAAA,QAC5C,aAAa,EAAE,eAAe,UAAU,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK;AAAA,QAC9D,gBAAgB;AAAA,QAChB,WAAW,EAAE,aAAa;AAAA,QAC1B,oBAAoB,EAAE;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,eAAe;AACxB,eAAW,UAAU,OAAO,eAAe;AACzC,YAAM,WAAW,GAAG,aAAa,UAAU,aAAa,OAAO,SAAS;AACxE,UAAI,SAAU;AACd,SAAG,aAAa,OAAO;AAAA,QACrB,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,MAAM,OAAO;AAAA,QACb,eAAe,OAAO;AAAA,QACtB,WAAW,OAAO,aAAa;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEO,IAAM,kBAAiC;AAAA,EAC5C,MAAM;AAAA,EACN,SAAS,KAAmB,OAAc,UAA6B,SAAiB,UAA2B;AACjH,UAAM,MAAoB,EAAE,KAAK,OAAO,UAAU,SAAS,SAAS;AACpE,gBAAY,GAAG;AAAA,EACjB;AAAA,EACA,KAAK,OAAc,SAAuB;AACxC,iBAAa,OAAO,OAAO;AAAA,EAC7B;AACF;AAEA,IAAO,gBAAQ;","names":[]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@emulators/microsoft",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"license": "Apache-2.0",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
"dependencies": {
|
|
30
30
|
"hono": "^4",
|
|
31
31
|
"jose": "^6",
|
|
32
|
-
"@emulators/core": "0.
|
|
32
|
+
"@emulators/core": "0.4.0"
|
|
33
33
|
},
|
|
34
34
|
"devDependencies": {
|
|
35
35
|
"tsup": "^8",
|