@interopio/gateway-server 0.19.2 → 0.19.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/changelog.md +5 -0
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.cjs.map +4 -4
  4. package/dist/index.js +2 -2
  5. package/dist/index.js.map +4 -4
  6. package/package.json +2 -2
package/dist/index.cjs.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
- "sources": ["../src/index.ts", "../src/server.ts", "../src/logger.ts", "../src/gateway/ws/core.ts", "../src/common/compose.ts", "../src/http/exchange.ts", "../src/http/status.ts", "../src/server/exchange.ts", "../src/server/address.ts", "../src/server/monitoring.ts", "../src/server/server-header.ts", "../src/server/ws-client-verify.ts", "../src/server/util/matchers.ts", "../src/app/route.ts", "../src/server/cors.ts", "../src/app/cors.ts", "../src/server/security/types.ts", "../src/server/security/http-headers.ts", "../src/server/security/entry-point-failure-handler.ts", "../src/server/security/http-basic-entry-point.ts", "../src/server/security/http-basic-converter.ts", "../src/server/security/security-context.ts", "../src/server/security/authentication-filter.ts", "../src/server/security/http-status-entry-point.ts", "../src/server/security/delegating-entry-point.ts", "../src/server/security/delegating-success-handler.ts", "../src/server/security/http-basic.ts", "../src/server/security/oauth2/token-error.ts", "../src/server/security/oauth2/token-converter.ts", "../src/server/security/oauth2/token-entry-point.ts", "../src/server/security/oauth2/jwt-auth-manager.ts", "../src/server/security/oauth2-resource-server.ts", "../src/server/security/config.ts", "../src/server/security/error-filter.ts", "../src/server/security/delegating-authorization-manager.ts", "../src/server/security/authorization-filter.ts", "../src/server/security/exchange-filter.ts", "../src/app/auth.ts", "../src/server/handler.ts", "../src/server/ws.ts", "../src/server/socket.ts", "../src/server/ws-pings.ts"],
4
- "sourcesContent": ["import * as GatewayServer from './server.js';\nexport {GatewayServer};\nexport default GatewayServer.Factory;\n", "import http from 'node:http';\nimport https from 'node:https';\nimport {SecureContextOptions} from 'node:tls';\nimport type {AddressInfo, Socket} from 'node:net';\nimport {readFileSync} from 'node:fs';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport {IOGateway} from '@interopio/gateway';\nimport wsGateway from './gateway/ws/core.js';\nimport {compose} from './common/compose.js';\nimport {\n ExtendedHttpIncomingMessage,\n ExtendedHttpServerResponse,\n HttpServerRequest,\n HttpServerResponse\n} from './server/exchange.js';\nimport getLogger from './logger.js';\nimport {localIp, portRange} from './server/address.js';\nimport * as monitoring from './server/monitoring.js';\nimport {GatewayServer} from '../gateway-server';\nimport serverHeader from './server/server-header.js';\nimport {configure, type RouteConfig} from './app/route.js';\nimport {httpSecurity} from './app/auth.js';\nimport {ServerConfigurer, ServerHttpResponse, ServerWebExchange} from '../types/web/server';\nimport {HttpHeadResponseDecorator, WebHttpHandlerBuilder} from \"./server/handler.ts\";\nimport {initRoute} from './server/ws.ts';\nimport {SocketRoute, webSockets} from \"./server/socket.ts\";\nimport {HttpStatus} from \"./http/status.ts\";\n\nconst logger = getLogger('app');\n\nfunction secureContextOptions(ssl: GatewayServer.SslConfig): SecureContextOptions {\n const options: SecureContextOptions = {};\n if (ssl.key) options.key = readFileSync(ssl.key);\n if (ssl.cert) options.cert = readFileSync(ssl.cert);\n if (ssl.ca) options.ca = readFileSync(ssl.ca);\n return options;\n}\n\ntype RequestListener<\n Request extends typeof ExtendedHttpIncomingMessage = typeof ExtendedHttpIncomingMessage,\n Response extends typeof ExtendedHttpServerResponse<InstanceType<Request>> = typeof ExtendedHttpServerResponse,\n> = (req: InstanceType<Request>, resOrUpgradeHead: (InstanceType<Response> & { req: InstanceType<Request> }) | Buffer<ArrayBufferLike>) => void;\n\ntype ServerOptions = http.ServerOptions<typeof ExtendedHttpIncomingMessage, typeof ExtendedHttpServerResponse>;\n\nasync function createListener(builder: WebHttpHandlerBuilder,\n onSocketError: (err: Error) => void): Promise<RequestListener> {\n\n const httpHandler = builder.build();\n return async (req: ExtendedHttpIncomingMessage, resOrUpgradeHead: ExtendedHttpServerResponse | Buffer<ArrayBufferLike>) => {\n req.socket.addListener('error', onSocketError);\n let res: ExtendedHttpServerResponse;\n if (resOrUpgradeHead instanceof ExtendedHttpServerResponse) {\n res = resOrUpgradeHead;\n }\n else {\n req.upgradeHead = resOrUpgradeHead;\n res = new ExtendedHttpServerResponse(req);\n res.assignSocket(req.socket);\n }\n const request = new HttpServerRequest(req);\n const response = new HttpServerResponse(res);\n const decoratedResponse: ServerHttpResponse = request.method === 'HEAD' ? new HttpHeadResponseDecorator(response) : response;\n\n await httpHandler(request, decoratedResponse)\n\n };\n}\n\nfunction promisify<T>(fn: (callback?: (err?: Error) => void) => T): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n const r = fn((err?: Error) => {\n if (err) {\n reject(err);\n } else {\n resolve(r);\n }\n });\n });\n}\n\nfunction memoryMonitor(config?: GatewayServer.ServerConfig['memory']) {\n if (config) {\n return monitoring.start({\n memoryLimit: config.memory_limit,\n dumpLocation: config.dump_location,\n dumpPrefix: config.dump_prefix,\n reportInterval: config.report_interval,\n maxBackups: config.max_backups\n });\n }\n}\n\nasync function initBuilder(context: RouteConfig) {\n const storage = context.storage;\n const security = await httpSecurity(context);\n // websocket upgrade handler\n const sockets = webSockets(context);\n const handler = compose<ServerWebExchange>(\n serverHeader(context.serverHeader),\n ...security,\n ...sockets,\n ...context.middleware,\n // health check\n async ({request, response}, next) => {\n if (request.method === 'GET' && request.path === '/health') {\n response.setStatusCode(HttpStatus.OK);\n const buffer = Buffer.from('UP', 'utf-8');\n response.headers.set('Content-Type', 'text/plain; charset=utf-8');\n await response.body(buffer);\n } else {\n await next();\n }\n },\n // home page\n async ({request, response}, next) => {\n if (request.method === 'GET' && request.path === '/') {\n response.setStatusCode(HttpStatus.OK);\n const buffer = Buffer.from('io.Gateway Server', 'utf-8');\n response.headers.set('Content-Type', 'text/plain; charset=utf-8');\n await response.body(buffer);\n } else {\n await next();\n }\n },\n // not found\n async ({response}, _next) => {\n response.setStatusCode(HttpStatus.NOT_FOUND);\n await response.end();\n }\n );\n\n return new WebHttpHandlerBuilder(handler).storage(storage);\n}\n\nexport const Factory = async (options: GatewayServer.ServerConfig): Promise<GatewayServer.Server> => {\n const ssl = options.ssl;\n const createServer = ssl\n ? (options: ServerOptions, handler: RequestListener) => https.createServer({...options, ...secureContextOptions(ssl)}, handler)\n : (options: ServerOptions, handler: RequestListener) => http.createServer(options, handler);\n const monitor = memoryMonitor(options.memory);\n const context: RouteConfig = {\n middleware: [],\n corsConfig: options.cors,\n cors: [],\n authConfig: options.auth,\n authorize: [],\n storage: new AsyncLocalStorage<{ exchange: ServerWebExchange }>(),\n sockets: new Map<string, SocketRoute>()\n };\n const gw = IOGateway.Factory({...options.gateway});\n if (options.gateway) {\n const config = options.gateway;\n\n await configure(async (configurer: ServerConfigurer) => {\n configurer.socket({path: config.route, factory: wsGateway.bind(gw), options: config})\n }, options, context);\n\n }\n if (options.app) {\n await configure(options.app, options, context)\n }\n\n const ports = portRange(options.port ?? 0);\n const host = options.host;\n const onSocketError = (err: Error) => logger.error(`socket error: ${err}`, err);\n const builder = await initBuilder(context);\n\n const listener = await createListener(builder, onSocketError);\n\n const serverP = new Promise<http.Server<typeof ExtendedHttpIncomingMessage, typeof ExtendedHttpServerResponse>>((resolve, reject) => {\n\n const server = createServer({\n IncomingMessage: ExtendedHttpIncomingMessage,\n ServerResponse: ExtendedHttpServerResponse,\n ...options.http\n }, listener);\n\n server.on('error', (e: Error) => {\n if (e['code'] === 'EADDRINUSE') {\n logger.debug(`port ${e['port']} already in use on address ${e['address']}`);\n const {value: port} = ports.next();\n if (port) {\n logger.info(`retry starting server on port ${port} and host ${host ?? '<unspecified>'}`);\n server.close();\n server.listen(port, host);\n } else {\n logger.warn(`all configured port(s) ${options.port} are in use. closing...`);\n server.close();\n reject(e);\n }\n } else {\n logger.error(`server error: ${e.message}`, e);\n reject(e);\n }\n });\n server\n .on('listening', async () => {\n const info = server.address() as AddressInfo;\n\n for (const [path, route] of context.sockets) {\n const endpoint = `${ssl ? 'wss' : 'ws'}://${localIp}:${info.port}${path}`;\n await initRoute(path, route, endpoint, context.storage, onSocketError);\n }\n logger.info(`http server listening on ${info.address}:${info.port}`);\n resolve(server);\n });\n server\n .on('upgrade', (req: ExtendedHttpIncomingMessage, _socket: Socket, head: Buffer<ArrayBufferLike>) => {\n try {\n listener(req, head);\n } catch (err) {\n logger.error(`upgrade error: ${err}`, err);\n }\n })\n .on('close', async () => {\n logger.info(`http server closed.`);\n });\n try {\n const {value: port} = ports.next();\n server.listen(port, host);\n } catch (e) {\n logger.error(`error starting web socket server`, e);\n reject(e instanceof Error ? e : new Error(`listen failed: ${e}`));\n }\n });\n const server = await serverP;\n return new class implements GatewayServer.Server {\n readonly gateway = gw;\n\n async close(): Promise<void> {\n for (const [path, route] of context.sockets) {\n try {\n if (route.close !== undefined) {\n await route.close();\n }\n } catch (e) {\n logger.warn(`error closing route ${path}`, e);\n }\n }\n await promisify(cb => {\n server.closeAllConnections();\n server.close(cb);\n });\n if (monitor) {\n await monitoring.stop(monitor);\n }\n if (gw) {\n await gw.stop();\n }\n }\n }\n}\n", "import * as GatewayLogging from '@interopio/gateway/logging/core';\n\nexport import Logger = GatewayLogging.Logger;\n\nexport default function getLogger(name: string): Logger {\n return GatewayLogging.getLogger(`gateway.server.${name}`);\n}\n\n// This function is used to ensure that RegExp objects are displayed correctly when logging.\nexport function regexAwareReplacer<T>(_key: string, value: T): string | T {\n return value instanceof RegExp ? value.toString() : value;\n}\n", "import type {WebSocket} from 'ws';\nimport getLogger from '../../logger.js';\nimport type {Authentication} from '../../server/security/types.ts';\nimport {IOGateway} from '@interopio/gateway';\n\nimport GatewayEncoders = IOGateway.Encoding;\nimport type {ServerWebSocketHandler} from '../../../types/web/server';\nimport type {AddressInfo} from 'node:net';\nimport {AsyncLocalStorage} from 'node:async_hooks';\n\nconst log = getLogger('ws');\nconst codec = GatewayEncoders.json<IOGateway.Message>();\n\nfunction principalName(authentication: Authentication): string | undefined {\n let name: string | undefined;\n if (authentication.authenticated) {\n name = authentication.name;\n if (name === undefined) {\n if (authentication['principal'] !== undefined) {\n const principal = authentication['principal'];\n if (typeof principal === 'object') {\n name = principal.name;\n }\n if (name === undefined) {\n if (principal === undefined) {\n name = '';\n }\n else {\n name = String(principal);\n }\n }\n }\n }\n }\n return name;\n}\n\nfunction initClient(this: IOGateway.Gateway,\n socket: WebSocket,\n authenticationPromise: () => Promise<Authentication | undefined>,\n remoteAddress?: AddressInfo\n): IOGateway.GatewayClient<string> | undefined {\n const key = `${remoteAddress?.address}:${remoteAddress?.port}`;\n const host = remoteAddress?.address ?? '<unknown>';\n const opts = {\n key,\n host,\n codec,\n onAuthenticate: async (): Promise<IOGateway.Auth.AuthenticationSuccess> => {\n const authentication = (await authenticationPromise());\n if (authentication?.authenticated) {\n return {type: 'success', user: principalName(authentication)};\n }\n throw new Error(`no valid client authentication ${key}`);\n },\n onPing: () => {\n socket.ping((err?: Error) => {\n if (err) {\n log.warn(`failed to ping ${key}`, err);\n }\n else {\n log.info(`ping sent to ${key}`);\n }\n });\n },\n onDisconnect: (reason: 'inactive' | 'shutdown') => {\n switch (reason) {\n case 'inactive': {\n log.warn(`no heartbeat (ping) received from ${key}, closing socket`);\n socket.close(4001, 'ping expected');\n break;\n }\n case 'shutdown': {\n socket.close(1001, 'shutdown');\n break;\n }\n }\n }\n };\n try {\n return this.client((data) => socket.send(data), opts as IOGateway.GatewayClientOptions<string>);\n } catch (err) {\n log.warn(`${key} failed to create client`, err);\n }\n}\n\nasync function create(this: IOGateway.Gateway, environment: {\n endpoint: string,\n storage?: AsyncLocalStorage<{ }>\n}): Promise<ServerWebSocketHandler> {\n log.info(`starting gateway on ${environment.endpoint}`);\n await this.start(environment);\n\n\n return async ({socket, handshake}) => {\n const {logPrefix, remoteAddress, principal: principalPromise} = handshake;\n log.info(`${logPrefix}connected on gw using ${remoteAddress?.address}`);\n const client = initClient.call(this, socket, principalPromise, remoteAddress);\n if (!client) {\n log.error(`${logPrefix}gw client init failed`);\n socket.terminate();\n return;\n }\n socket.on('error', (err: Error) => {\n log.error(`${logPrefix}websocket error: ${err}`, err);\n });\n\n const contextFn = environment.storage !== undefined ? AsyncLocalStorage.snapshot() : undefined;\n socket.on('message', (data, _isBinary) => {\n if (Array.isArray(data)) {\n data = Buffer.concat(data);\n }\n // JSON.parse will invoke abstract operation ToString (coerce it) prior parsing (https://262.ecma-international.org/5.1/#sec-15.12.2)\n if (contextFn !== undefined) {\n contextFn(() => client.send(data as unknown as string))\n }\n else {\n client.send(data as unknown as string);\n }\n\n });\n socket.on('close', (code) => {\n log.info(`${logPrefix}disconnected from gw. code: ${code}`);\n client.close();\n });\n }\n}\n\nexport default create;\n", "type MiddlewareFunction<T> = ((ctx: T, next: (ctx?: T) => Promise<void>) => Promise<void>) | ((ctx: T) => Promise<void>);\n\n// https://github.com/koajs/compose/blob/master/index.js\n/**\n * @typeParam T - Type of context passed through the middleware\n * @param middleware middleware stack\n * @return {MiddlewareFunction}\n */\nexport function compose<T>(...middleware: MiddlewareFunction<T>[]): (ctx: T) => Promise<void> {\n if (!Array.isArray(middleware)) {\n throw new Error('middleware must be array!');\n }\n const fns = middleware.flat();\n for (const fn of fns) {\n if (typeof fn !== 'function') {\n throw new Error('middleware must be compose of functions!');\n }\n }\n return async function (ctx: T, next?: (ctx?: T) => Promise<void>) {\n const dispatch = async (i: number, dispatchedCtx: T): Promise<void> => {\n const fn = i === fns.length ? next : fns[i];\n if (fn === undefined) {\n return;\n }\n let nextCalled = false;\n let nextResolved = false;\n const nextFn = async (nextCtx?: T) => {\n if (nextCalled) {\n throw new Error('next() called multiple times');\n }\n nextCalled = true;\n try {\n return await dispatch(i + 1, nextCtx ?? dispatchedCtx);\n }\n finally {\n nextResolved = true;\n }\n };\n const result = await fn(dispatchedCtx, nextFn);\n if (nextCalled && !nextResolved) {\n throw new Error('middleware resolved before downstream.\\n\\t You are probably missing an await or return statement in your middleware function.');\n }\n return result;\n }\n\n return dispatch(0, ctx);\n }\n}\n", "import type {\n HeaderValues,\n HttpCookie,\n HttpHeaders,\n MutableHttpHeaders,\n ReadonlyHeaderValues,\n ResponseCookie\n} from '../../types/web/http';\nimport { type AddressInfo, isIP } from 'node:net';\nimport { Cookie } from 'tough-cookie';\n\nfunction parseHost(headers: HttpHeaders, defaultHost?: string): string | undefined {\n let host = headers.get('x-forwarded-host');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host) {\n const port = headers.one('x-forwarded-port');\n if (port) {\n host = `${host}:${port}`;\n }\n }\n host ??= headers.one('host');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host) {\n return (host as string).split(',', 1)[0].trim();\n }\n\n return defaultHost;\n}\n\nfunction isForwardedSsl(headers: HttpHeaders): boolean {\n const v = headers.one('x-forwarded-ssl');\n return (typeof v === 'string') && (v.toLowerCase() === 'on');\n}\n\nfunction parseProtocol(headers: HttpHeaders, defaultProtocol: string): string {\n let proto = headers.get('x-forwarded-proto');\n\n if (Array.isArray(proto)) {\n proto = proto[0];\n }\n if (proto !== undefined) {\n return (proto as string).split(',', 1)[0].trim();\n }\n else if (isForwardedSsl(headers)) {\n return 'https';\n }\n return defaultProtocol;\n}\n\nfunction parseRemoteAddress(url: URL, headers: HttpHeaders, remoteAddress?: AddressInfo) : AddressInfo | undefined {\n const port = remoteAddress ? remoteAddress.port : 'https:' === url.protocol ? 443 : 80;\n\n let host = headers.one('x-forwarded-for');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host !== undefined) {\n host = (host as string).split(',', 1)[0].trim();\n return { address: host, port: Number(port), family: isIP(host) === 6 ? 'IPv6' : 'IPv4' };\n }\n}\n\nexport abstract class AbstractHttpMessage<Headers extends HttpHeaders = HttpHeaders> {\n readonly #headers: Headers;\n protected constructor(headers: Headers) {\n this.#headers = headers;\n }\n get headers(): Headers {\n return this.#headers;\n }\n}\n\nexport abstract class AbstractHttpRequest<Headers extends HttpHeaders = HttpHeaders> extends AbstractHttpMessage<Headers> {\n private static logIdCounter = 0;\n #id?: string\n\n get id(): string {\n if (this.#id === undefined) {\n this.#id = `${this.initId()}-${++AbstractHttpRequest.logIdCounter}`;\n\n }\n return this.#id;\n }\n\n protected initId(): string {\n return 'request';\n }\n\n get cookies(): HttpCookie[] {\n return parseCookies(this.headers);\n }\n\n protected parseHost(defaultHost?: string): string | undefined {\n return parseHost(this.headers, defaultHost);\n }\n\n protected parseProtocol(defaultProtocol: string): string {\n return parseProtocol(this.headers, defaultProtocol);\n }\n\n abstract get URL(): URL;\n\n protected parseRemoteAddress(remoteAddress?: AddressInfo) {\n return parseRemoteAddress(this.URL, this.headers, remoteAddress);\n }\n}\n\nexport abstract class AbstractHttpResponse<Headers extends HttpHeaders = HttpHeaders> extends AbstractHttpMessage<Headers> {\n get cookies(): ResponseCookie[] {\n return parseResponseCookies(this.headers);\n }\n\n protected setCookieValue(responseCookie: ResponseCookie): string {\n const cookie = new Cookie({\n key: responseCookie.name,\n value: responseCookie.value,\n maxAge: responseCookie.maxAge,\n domain: responseCookie.domain,\n path: responseCookie.path,\n secure: responseCookie.secure,\n httpOnly: responseCookie.httpOnly,\n sameSite: responseCookie.sameSite\n });\n return cookie.toString();\n }\n\n}\n\nfunction parseHeader(value: string): string[] {\n const list: string[] = [];\n {\n let start = 0;\n let end = 0;\n\n for (let i = 0; i < value.length; i++) {\n switch (value.charCodeAt(i)) {\n case 0x20: // space\n if (start === end) {\n start = end = i + 1;\n }\n break;\n case 0x2c: // comma\n list.push(value.slice(start, end));\n start = end = i + 1;\n break;\n default:\n end = end + 1;\n break;\n }\n }\n list.push(value.slice(start, end));\n }\n\n return list;\n}\n\nfunction toList(values: number | string | (readonly string[]) | undefined): string[] {\n if (typeof values === 'string') {\n values = [values];\n }\n if (typeof values === 'number') {\n values = [String(values)];\n }\n const list: string[] = [];\n if (values) {\n for (const value of values) {\n if (value) {\n list.push(...parseHeader(value));\n }\n }\n }\n return list;\n}\n\nfunction parseCookies(headers: HttpHeaders): HttpCookie[] {\n return headers.list('cookie')\n .map(s => s.split(';').map((cs) => Cookie.parse(cs)))\n .flat(1)\n .filter((tc) => tc !== undefined)\n .map((tc) => {\n const result: HttpCookie = Object.freeze({name: tc.key, value: tc.value});\n return result;\n });\n}\n\ntype Mutable<T> = {-readonly [K in keyof T]: T[K]};\n\nfunction parseResponseCookies(headers: HttpHeaders): ResponseCookie[] {\n return headers.list('set-cookie').map((cookie) => {\n const parsed = Cookie.parse(cookie);\n if (parsed) {\n const result: Mutable<ResponseCookie> = {name: parsed.key, value: parsed.value, maxAge: Number(parsed.maxAge ?? -1)};\n if (parsed.httpOnly) result.httpOnly = true;\n if (parsed.domain) result.domain = parsed.domain;\n if (parsed.path) result.path = parsed.path;\n if (parsed.secure) result.secure = true;\n if (parsed.httpOnly) result.httpOnly = true;\n if (parsed.sameSite) result.sameSite = parsed.sameSite as 'strict' | 'lax' | 'none';\n return Object.freeze(result);\n }\n }).filter((cookie): cookie is ResponseCookie => cookie !== undefined);\n}\n\n\nexport abstract class AbstractHttpHeaders<Values extends HeaderValues | ReadonlyHeaderValues> {\n protected constructor() {}\n abstract get(name: string): Values\n\n toList(name: string): string[] {\n const values = this.get(name);\n return toList(values);\n }\n}\n\nexport class MapHttpHeaders extends Map<string, (readonly string[])> implements MutableHttpHeaders {\n\n get(name: string) {\n return super.get(name.toLowerCase());\n }\n\n one(name: string): string | undefined {\n return this.get(name)?.[0];\n }\n\n list(name: string) {\n const values = super.get(name.toLowerCase());\n return toList(values);\n }\n\n set(name: string, value: number | string | (readonly string[]) | undefined): this {\n if (typeof value === 'number') {\n value = String(value);\n }\n if (typeof value === 'string') {\n value = [value];\n }\n if (value) {\n return super.set(name.toLowerCase(), value);\n }\n else {\n super.delete(name.toLowerCase());\n return this;\n }\n }\n\n add(name: string, value: string | (readonly string[])) {\n const prev = super.get(name.toLowerCase());\n if (typeof value === 'string') {\n value = [value];\n }\n if (prev) {\n value = prev.concat(value);\n }\n this.set(name, value);\n return this;\n }\n}\n", "import type {HttpStatusCode} from '../../types/web/http';\n\nclass DefaultHttpStatusCode implements HttpStatusCode {\n readonly #value: number;\n constructor(value: number) {\n this.#value = value;\n }\n get value(): number {\n return this.#value;\n }\n\n toString(): string {\n return this.#value.toString();\n }\n}\n\nexport class HttpStatus implements HttpStatusCode {\n static readonly CONTINUE = new HttpStatus(100, 'Continue');\n static readonly SWITCHING_PROTOCOLS = new HttpStatus(101, 'Switching Protocols');\n\n // 2xx Success\n\n static readonly OK = new HttpStatus(200, 'OK');\n static readonly CREATED = new HttpStatus(201, 'Created');\n static readonly ACCEPTED = new HttpStatus(202, 'Accepted');\n static readonly NON_AUTHORITATIVE_INFORMATION = new HttpStatus(203, 'Non-Authoritative Information');\n static readonly NO_CONTENT = new HttpStatus(204, 'No Content');\n static readonly RESET_CONTENT = new HttpStatus(205, 'Reset Content');\n static readonly PARTIAL_CONTENT = new HttpStatus(206, 'Partial Content');\n static readonly MULTI_STATUS = new HttpStatus(207, 'Multi-Status');\n\n static readonly IM_USED = new HttpStatus(226, 'IM Used');\n\n\n // 3xx Redirection\n static readonly MULTIPLE_CHOICES = new HttpStatus(300, 'Multiple Choices');\n static readonly MOVED_PERMANENTLY = new HttpStatus(301, 'Moved Permanently');\n\n // 4xx Client Error\n\n static readonly BAD_REQUEST = new HttpStatus(400, 'Bad Request');\n static readonly UNAUTHORIZED = new HttpStatus(401, 'Unauthorized');\n static readonly FORBIDDEN = new HttpStatus(403, 'Forbidden');\n static readonly NOT_FOUND = new HttpStatus(404, 'Not Found');\n static readonly METHOD_NOT_ALLOWED = new HttpStatus(405, 'Method Not Allowed');\n static readonly NOT_ACCEPTABLE = new HttpStatus(406, 'Not Acceptable');\n static readonly PROXY_AUTHENTICATION_REQUIRED = new HttpStatus(407, 'Proxy Authentication Required');\n static readonly REQUEST_TIMEOUT = new HttpStatus(408, 'Request Timeout');\n static readonly CONFLICT = new HttpStatus(409, 'Conflict');\n static readonly GONE = new HttpStatus(410, 'Gone');\n static readonly LENGTH_REQUIRED = new HttpStatus(411, 'Length Required');\n static readonly PRECONDITION_FAILED = new HttpStatus(412, 'Precondition Failed');\n static readonly PAYLOAD_TOO_LARGE = new HttpStatus(413, 'Payload Too Large');\n static readonly URI_TOO_LONG = new HttpStatus(414, 'URI Too Long');\n static readonly UNSUPPORTED_MEDIA_TYPE = new HttpStatus(415, 'Unsupported Media Type');\n\n static readonly EXPECTATION_FAILED = new HttpStatus(417, 'Expectation Failed');\n static readonly IM_A_TEAPOT = new HttpStatus(418, 'I\\'m a teapot');\n\n static readonly TOO_EARLY = new HttpStatus(425, 'Too Early');\n static readonly UPGRADE_REQUIRED = new HttpStatus(426, 'Upgrade Required');\n static readonly PRECONDITION_REQUIRED = new HttpStatus(428, 'Precondition Required');\n static readonly TOO_MANY_REQUESTS = new HttpStatus(429, 'Too Many Requests');\n static readonly REQUEST_HEADER_FIELDS_TOO_LARGE = new HttpStatus(431, 'Request Header Fields Too Large');\n static readonly UNAVAILABLE_FOR_LEGAL_REASONS = new HttpStatus(451, 'Unavailable For Legal Reasons');\n\n // 5xx Server Error\n static readonly INTERNAL_SERVER_ERROR = new HttpStatus(500, 'Internal Server Error');\n static readonly NOT_IMPLEMENTED = new HttpStatus(501, 'Not Implemented');\n static readonly BAD_GATEWAY = new HttpStatus(502, 'Bad Gateway');\n static readonly SERVICE_UNAVAILABLE = new HttpStatus(503, 'Service Unavailable');\n static readonly GATEWAY_TIMEOUT = new HttpStatus(504, 'Gateway Timeout');\n static readonly HTTP_VERSION_NOT_SUPPORTED = new HttpStatus(505, 'HTTP Version Not Supported');\n static readonly VARIANT_ALSO_NEGOTIATES = new HttpStatus(506, 'Variant Also Negotiates');\n static readonly INSUFFICIENT_STORAGE = new HttpStatus(507, 'Insufficient Storage');\n static readonly LOOP_DETECTED = new HttpStatus(508, 'Loop Detected');\n static readonly NOT_EXTENDED = new HttpStatus(510, 'Not Extended');\n static readonly NETWORK_AUTHENTICATION_REQUIRED = new HttpStatus(511, 'Network Authentication Required');\n\n static readonly #VALUES: HttpStatus[] = [];\n static {\n Object.keys(HttpStatus)\n .filter(key => key !== 'VALUES' && key !== 'resolve')\n .forEach(key => {\n const value = HttpStatus[key];\n if (value instanceof HttpStatus) {\n Object.defineProperty(value, 'name', {enumerable: true, value: key, writable: false});\n HttpStatus.#VALUES.push(value);\n }\n })\n\n }\n\n static resolve(code: number): HttpStatus | undefined {\n for (const status of HttpStatus.#VALUES) {\n if (status.value === code) {\n return status;\n }\n }\n }\n\n readonly #value: number;\n readonly #phrase: string;\n\n private constructor(value: number, phrase: string) {\n this.#value = value;\n this.#phrase = phrase;\n }\n\n get value(): number {\n return this.#value;\n }\n get phrase(): string {\n return this.#phrase;\n }\n\n toString() {\n return `${this.#value} ${this['name']}`;\n }\n}\n\n\nexport function httpStatusCode(value: number | HttpStatusCode): HttpStatusCode {\n if (typeof value === 'number') {\n if (value < 100 || value > 999) {\n throw new Error(`status code ${value} should be in range 100-999`);\n }\n const status = HttpStatus.resolve(value);\n if (status !== undefined) {\n return status;\n }\n return new DefaultHttpStatusCode(value);\n }\n return value;\n}\n", "import type { Principal } from '../../types/auth';\nimport type {\n BodyChunk,\n HeaderValue,\n HeaderValues,\n HttpCookie,\n HttpMethod,\n HttpStatusCode,\n MutableHttpHeaders,\n ReadonlyHeaderValues,\n ReadonlyHttpHeaders,\n ResponseCookie\n} from '../../types/web/http'\n\nimport type {\n ServerHttpRequest,\n ServerHttpResponse,\n ServerWebExchange\n} from '../../types/web/server';\nimport { AbstractHttpHeaders, AbstractHttpRequest, AbstractHttpResponse } from '../http/exchange.ts';\nimport { httpStatusCode } from '../http/status.ts';\nimport net from 'node:net';\nimport http from 'node:http';\nimport http2 from 'node:http2';\n\nexport class ExtendedHttpIncomingMessage extends http.IncomingMessage {\n // circular reference to the exchange\n exchange?: ServerWebExchange;\n\n upgradeHead?: Buffer<ArrayBufferLike>\n\n\n get urlBang(): string {\n return this.url!;\n }\n\n get socketEncrypted(): boolean {\n // see tls.TLSSocket#encrypted\n return this.socket['encrypted'] === true;\n }\n}\n\nexport class ExtendedHttpServerResponse<Request extends ExtendedHttpIncomingMessage = ExtendedHttpIncomingMessage> extends http.ServerResponse<Request> {\n\n markHeadersSent(): void {\n this['_header'] = true; // prevent response from being sent\n }\n\n getRawHeaderNames(): string[] {\n return super['getRawHeaderNames']();\n }\n}\n\nabstract class AbstractServerHttpRequest extends AbstractHttpRequest<ReadonlyHttpHeaders> {\n abstract getNativeRequest<T>(): T;\n}\n\nexport abstract class AbstractServerHttpResponse extends AbstractHttpResponse<MutableHttpHeaders> {\n #cookies: ResponseCookie[] = [];\n #statusCode?: HttpStatusCode;\n #state: 'new' | 'committing' | 'commit-action-failed' | 'committed' = 'new';\n #commitActions: (() => Promise<void>)[] = [];\n\n setStatusCode(statusCode?: HttpStatusCode): boolean {\n if (this.#state === 'committed') {\n return false;\n }\n else {\n this.#statusCode = statusCode;\n return true;\n }\n }\n\n setRawStatusCode(statusCode?: number): boolean {\n return this.setStatusCode(statusCode === undefined ? undefined : httpStatusCode(statusCode));\n };\n\n get statusCode(): HttpStatusCode | undefined {\n return this.#statusCode;\n }\n\n addCookie(cookie: ResponseCookie): this {\n if (this.#state === 'committed') {\n throw new Error(`Cannot add cookie ${JSON.stringify(cookie)} because HTTP response has already been committed`);\n }\n this.#cookies.push(cookie);\n return this;\n }\n\n abstract getNativeResponse<T>(): T;\n\n beforeCommit(action: () => Promise<void>): void {\n this.#commitActions.push(action);\n }\n\n get commited(): boolean {\n const state = this.#state;\n return state !== 'new' && state !== 'commit-action-failed';\n }\n\n async body(body: ReadableStream<BodyChunk> | Promise<BodyChunk | void> | BodyChunk): Promise<boolean> {\n if (body instanceof ReadableStream) {\n throw new Error('ReadableStream body not supported yet');\n }\n const buffer = await body;\n try {\n // touch buffers if needed\n\n return await this.doCommit(async () => {\n\n return await this.bodyInternal(Promise.resolve(buffer));\n\n }).catch(error => {\n // release buffers\n throw error;\n });\n }\n catch (error) {\n // clear content headers\n throw error;\n }\n }\n\n abstract bodyInternal(body: Promise<BodyChunk | void>): Promise<boolean>;\n\n async end(): Promise<boolean> {\n if (!this.commited) {\n return this.doCommit(async () => {\n return await this.bodyInternal(Promise.resolve());\n });\n }\n else {\n return Promise.resolve(false);\n }\n }\n\n protected doCommit(writeAction?: () => Promise<boolean>): Promise<boolean> {\n const state = this.#state;\n let allActions = Promise.resolve();\n if (state === 'new') {\n this.#state = 'committing';\n if (this.#commitActions.length > 0) {\n allActions = this.#commitActions\n .reduce(\n (acc, cur) => acc.then(() => cur()),\n Promise.resolve())\n .catch((_error) => {\n const state = this.#state;\n if (state === 'committing') {\n this.#state = 'commit-action-failed';\n // clear content headers\n }\n });\n }\n }\n else if (state === 'commit-action-failed') {\n this.#state = 'committing';\n // skip commit actions\n } else {\n return Promise.resolve(false);\n }\n\n allActions = allActions.then(() => {\n this.applyStatusCode();\n this.applyHeaders();\n this.applyCookies();\n this.#state = 'committed';\n });\n\n\n return allActions.then(async () => {\n return writeAction !== undefined ? await writeAction() : true;\n });\n }\n\n protected applyStatusCode(): void {}\n protected applyHeaders(): void {}\n protected applyCookies(): void {}\n}\nexport class HttpServerRequest extends AbstractServerHttpRequest implements ServerHttpRequest {\n\n #url?: URL;\n #cookies?: HttpCookie[];\n readonly #req: ExtendedHttpIncomingMessage;\n\n constructor(req: ExtendedHttpIncomingMessage) {\n super(new IncomingMessageHeaders(req));\n this.#req = req;\n }\n\n getNativeRequest<T>(): T {\n return this.#req as T;\n }\n\n get upgrade() {\n return this.#req['upgrade'];\n }\n\n get http2(): boolean {\n return this.#req.httpVersionMajor >= 2;\n }\n\n get path() {\n return this.URL?.pathname;\n }\n\n get URL() {\n this.#url ??= new URL(this.#req.urlBang, `${this.protocol}://${this.host}`);\n return this.#url;\n }\n\n get query() {\n return this.URL?.search;\n }\n\n get method() {\n return this.#req.method as HttpMethod;\n }\n\n get host() {\n let dh: string | undefined = undefined;\n if (this.#req.httpVersionMajor >= 2) {\n dh = (this.#req.headers as http2.IncomingHttpHeaders)[':authority'];\n }\n dh ??= this.#req.socket.remoteAddress;\n return super.parseHost(dh);\n }\n\n get protocol() {\n let dp: string | undefined = undefined;\n if (this.#req.httpVersionMajor > 2) {\n dp = (this.#req.headers as http2.IncomingHttpHeaders)[':scheme'];\n }\n dp ??= this.#req.socketEncrypted ? 'https' : 'http';\n return super.parseProtocol(dp);\n }\n\n get socket() {\n return this.#req.socket;\n }\n\n get remoteAddress(): net.AddressInfo | undefined {\n const family = this.#req.socket.remoteFamily;\n const address = this.#req.socket.remoteAddress;\n const port = this.#req.socket.remotePort;\n const remoteAddress = (!family || !address || !port) ? undefined : { family, address, port };\n return super.parseRemoteAddress(remoteAddress) ?? remoteAddress;\n }\n\n get cookies(): HttpCookie[] {\n this.#cookies ??= super.cookies\n return this.#cookies;\n }\n\n get body(): ReadableStream<BodyChunk> {\n return http.IncomingMessage.toWeb(this.#req) as ReadableStream<BodyChunk>;\n }\n\n async blob() {\n const chunks: BodyChunk[] = [];\n if (this.body !== undefined) {\n for await (const chunk of this.body) {\n chunks.push(chunk);\n }\n }\n return new Blob(chunks, {type: this.headers.one('content-type') as string || 'application/octet-stream'});\n }\n\n\n async text() {\n const blob = await this.blob();\n return await blob.text();\n }\n\n async formData() {\n const blob = await this.blob();\n const text = await blob.text();\n return new URLSearchParams(text);\n }\n\n async json() {\n const blob = await this.blob();\n if (blob.size === 0) {\n return undefined;\n }\n const text = await blob.text();\n return JSON.parse(text);\n }\n\n\n protected initId(): string {\n const remoteIp = this.#req.socket.remoteAddress;\n if (!remoteIp) {\n throw new Error('Socket has no remote address');\n }\n return `${remoteIp}:${this.#req.socket.remotePort}`;\n }\n}\n\nclass IncomingMessageHeaders extends AbstractHttpHeaders<ReadonlyHeaderValues> implements ReadonlyHttpHeaders {\n readonly #msg: ExtendedHttpIncomingMessage;\n\n constructor(msg: ExtendedHttpIncomingMessage) {\n super();\n this.#msg = msg;\n }\n\n has(name: string): boolean {\n return this.#msg.headers[name] !== undefined;\n }\n\n get(name: string): string | (readonly string[]) | undefined {\n return this.#msg.headers[name];\n }\n\n list(name: string): string[] {\n return super.toList(name);\n }\n\n one(name: string): string | undefined {\n const value = this.#msg.headers[name];\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n }\n\n keys() {\n return Object.keys(this.#msg.headers).values();\n }\n}\n\nclass OutgoingMessageHeaders extends AbstractHttpHeaders<HeaderValues> implements MutableHttpHeaders {\n readonly #msg: ExtendedHttpServerResponse;\n\n constructor(msg: ExtendedHttpServerResponse) {\n super();\n this.#msg = msg;\n }\n\n has(name: string): boolean {\n return this.#msg.hasHeader(name);\n }\n\n keys() {\n return this.#msg.getHeaderNames().values();\n }\n\n get(name: string): HeaderValues {\n return this.#msg.getHeader(name);\n }\n\n one(name: string): HeaderValue {\n const value = this.#msg.getHeader(name);\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n }\n\n set(name: string, value: HeaderValues): this {\n if (!this.#msg.headersSent) {\n if (Array.isArray(value)) {\n value = value.map(v => typeof v === 'number' ? String(v) : v);\n } else if (typeof value === 'number') {\n value = String(value);\n }\n\n if (value) {\n this.#msg.setHeader(name, value);\n }\n else {\n this.#msg.removeHeader(name);\n }\n }\n return this;\n }\n\n add(name: string, value: string | (readonly string[])): this {\n if (!this.#msg.headersSent) {\n this.#msg.appendHeader(name, value);\n }\n return this;\n }\n\n list(name: string): string[] {\n return super.toList(name);\n }\n}\n\nexport class HttpServerResponse extends AbstractServerHttpResponse implements ServerHttpResponse {\n readonly #res: ExtendedHttpServerResponse;\n\n constructor(res: ExtendedHttpServerResponse) {\n super(new OutgoingMessageHeaders(res));\n this.#res = res;\n }\n\n getNativeResponse<T>(): T {\n return this.#res as T;\n }\n\n get statusCode(): HttpStatusCode {\n const status = super.statusCode;\n return status ?? {value: this.#res.statusCode};\n }\n\n applyStatusCode() {\n const status = super.statusCode;\n if (status !== undefined) {\n this.#res.statusCode = status.value;\n }\n }\n\n addCookie(cookie: ResponseCookie): this {\n this.headers.add('Set-Cookie', super.setCookieValue(cookie));\n return this;\n }\n\n async bodyInternal(body: Promise<BodyChunk | void>): Promise<boolean> {\n if (!this.#res.headersSent) {\n if (body instanceof ReadableStream) {\n // http.IncomingMessage.fromWeb(body)\n throw new Error('ReadableStream body not supported in response');\n }\n else {\n const chunk = await body;\n return await new Promise<boolean>((resolve, reject) => {\n try {\n if (chunk === undefined) {\n this.#res.end(() => {\n resolve(true);\n });\n } else {\n if (!this.headers.has('content-length')) {\n // set content-length if not already set\n if (typeof chunk === 'string') {\n this.headers.set('content-length', Buffer.byteLength(chunk));\n }\n else if (chunk instanceof Blob) {\n this.headers.set('content-length', chunk.size);\n }\n else {\n this.headers.set('content-length', chunk.byteLength);\n }\n }\n this.#res.end(chunk, () => {\n resolve(true);\n });\n }\n } catch (e) {\n reject(e instanceof Error ? e : new Error(`end failed: ${e}`));\n }\n });\n }\n }\n else {\n return false; // already ended\n }\n }\n}\n\nexport class ServerHttpRequestDecorator implements ServerHttpRequest {\n readonly #delegate: ServerHttpRequest;\n\n constructor(request: ServerHttpRequest) {\n this.#delegate = request;\n }\n\n get delegate(): ServerHttpRequest {\n return this.#delegate;\n }\n\n get id(): string {\n return this.#delegate.id;\n }\n\n get method(): HttpMethod {\n return this.#delegate.method;\n }\n\n get path(): string {\n return this.#delegate.path;\n }\n\n get protocol() {\n return this.#delegate.protocol;\n }\n\n get host(): string | undefined {\n return this.#delegate.host;\n }\n\n get URL(): URL {\n return this.#delegate.URL;\n }\n\n get headers(): ReadonlyHttpHeaders {\n return this.#delegate.headers;\n }\n\n get cookies(): HttpCookie[] {\n return this.#delegate.cookies;\n }\n\n get remoteAddress() {\n return this.#delegate.remoteAddress;\n }\n\n get upgrade() {\n return this.#delegate.upgrade;\n }\n\n get body(): ReadableStream<BodyChunk> | undefined {\n return this.#delegate.body;\n }\n async blob(): Promise<Blob> {\n return await this.#delegate.blob();\n }\n async text(): Promise<string> {\n return await this.#delegate.text();\n }\n async formData(): Promise<URLSearchParams> {\n return await this.#delegate.formData();\n }\n async json(): Promise<unknown> {\n return await this.#delegate.json();\n }\n\n toString(): string {\n return `${ServerHttpRequestDecorator.name} [delegate: ${this.delegate.toString()}]`;\n }\n\n public static getNativeRequest<T>(request: ServerHttpRequest): T {\n if (request instanceof AbstractServerHttpRequest) {\n return request.getNativeRequest<T>();\n }\n else if (request instanceof ServerHttpRequestDecorator) {\n return ServerHttpRequestDecorator.getNativeRequest<T>(request.delegate);\n }\n else {\n throw new Error(`Cannot get native request from ${request.constructor.name}`);\n }\n }\n}\nexport class ServerHttpResponseDecorator implements ServerHttpResponse {\n readonly #delegate: ServerHttpResponse;\n\n constructor(response: ServerHttpResponse) {\n this.#delegate = response;\n }\n\n get delegate(): ServerHttpResponse {\n return this.#delegate;\n }\n\n setStatusCode(statusCode: HttpStatusCode): boolean {\n return this.delegate.setStatusCode(statusCode);\n }\n\n setRawStatusCode(statusCode?: number): boolean {\n return this.delegate.setRawStatusCode(statusCode);\n }\n\n get statusCode(): HttpStatusCode {\n return this.delegate.statusCode;\n }\n\n get cookies(): ResponseCookie[] {\n return this.delegate.cookies;\n }\n\n addCookie(cookie: ResponseCookie): this {\n this.delegate.addCookie(cookie);\n return this;\n }\n\n async end(): Promise<boolean> {\n return await this.delegate.end();\n }\n\n async body(body: ReadableStream<BodyChunk> | Promise<BodyChunk | void> | BodyChunk): Promise<boolean> {\n return await this.#delegate.body(body);\n }\n\n get headers(): MutableHttpHeaders {\n return this.#delegate.headers;\n }\n\n toString(): string {\n return `${ServerHttpResponseDecorator.name} [delegate: ${this.delegate.toString()}]`;\n }\n\n public static getNativeResponse<T>(response: ServerHttpResponse): T {\n if (response instanceof AbstractServerHttpResponse) {\n return response.getNativeResponse<T>();\n }\n else if (response instanceof ServerHttpResponseDecorator) {\n return ServerHttpResponseDecorator.getNativeResponse<T>(response.delegate);\n }\n else {\n throw new Error(`Cannot get native response from ${response.constructor.name}`);\n }\n }\n}\n\nexport class ServerWebExchangeDecorator implements ServerWebExchange {\n readonly #delegate: ServerWebExchange;\n\n protected constructor(exchange: ServerWebExchange) {\n this.#delegate = exchange;\n }\n\n get delegate(): ServerWebExchange {\n return this.#delegate;\n }\n\n get request(): ServerHttpRequest {\n return this.#delegate.request;\n }\n\n get response(): ServerHttpResponse {\n return this.#delegate.response;\n }\n\n attribute<T>(name: string): T | undefined {\n return this.#delegate.attribute(name);\n }\n\n principal<P extends Principal>(): Promise<P | undefined> {\n return this.#delegate.principal();\n }\n\n get logPrefix(): string {\n return this.#delegate.logPrefix;\n }\n\n toString() {\n return `${ServerWebExchangeDecorator.name} [delegate: ${this.delegate}]`;\n }\n}\n\nexport class DefaultWebExchange<Request extends ServerHttpRequest, Response extends ServerHttpResponse> {\n readonly request: Request;\n readonly response: Response;\n readonly #attributes: Record<string, unknown> = {};\n #logId?: unknown;\n #logPrefix: string = '';\n\n constructor(request: Request, response: Response) {\n this.#attributes[LOG_ID_ATTRIBUTE] = request.id;\n this.request = request;\n this.response = response;\n }\n\n get method(): HttpMethod {\n return this.request.method;\n }\n\n get path(): string | null | undefined {\n return this.request.path;\n }\n\n get attributes(): Record<string, unknown> {\n return this.#attributes;\n }\n\n attribute<T>(name: string): T | undefined {\n return this.attributes[name] as T;\n }\n\n principal<P extends Principal>(): Promise<P | undefined> {\n return Promise.resolve(undefined);\n }\n\n get logPrefix(): string {\n const value = this.attribute(LOG_ID_ATTRIBUTE);\n if (this.#logId !== value) {\n this.#logId = value;\n this.#logPrefix = value !== undefined ? `[${value}] ` : '';\n }\n return this.#logPrefix;\n }\n}\n\nexport const LOG_ID_ATTRIBUTE = 'io.interop.gateway.server.log_id';\n\n", "import {type NetworkInterfaceInfo, networkInterfaces} from 'node:os';\n\nconst PORT_RANGE_MATCHER = /^(\\d+|(0x[\\da-f]+))(-(\\d+|(0x[\\da-f]+)))?$/i;\nfunction validPort(port: number) {\n if (port > 0xFFFF) throw new Error(`bad port ${port}`);\n return port;\n}\n\n/**\n * parse port range. port can be number or string representing comma separated\n * list of port ranges for e.g. \"3434,8380-8385\"\n * @param port\n */\nexport function* portRange(port: number | string): Generator<number> {\n if (typeof port === 'string') {\n for (const portRange of port.split(',')) {\n const trimmed = portRange.trim();\n const matchResult = PORT_RANGE_MATCHER.exec(trimmed);\n if (matchResult) {\n const start = parseInt(matchResult[1]);\n const end = parseInt(matchResult[4] ?? matchResult[1]);\n for (let i = validPort(start); i < validPort(end) + 1; i++) {\n yield i;\n }\n }\n else {\n throw new Error(`'${portRange}' is not a valid port or range.`);\n }\n }\n } else {\n yield validPort(port);\n }\n}\n\nexport const localIp = (() => {\n function first<T>(a: T[]): T | undefined {\n return a.length > 0 ? a[0] : undefined;\n }\n const addresses = Object.values(networkInterfaces())\n .flatMap((details?: NetworkInterfaceInfo[]) => {\n return (details ?? []).filter((info) => info.family === 'IPv4');\n }).reduce((acc, info) => {\n acc[info.internal ? 'internal' : 'external'].push(info);\n return acc;\n }, {internal: [] as NetworkInterfaceInfo[], external: [] as NetworkInterfaceInfo[]});\n return (first(addresses.internal) ?? first(addresses.external))?.address;\n})();\n", "import getLogger from '../logger.js';\nimport {getHeapStatistics, writeHeapSnapshot, HeapInfo} from 'node:v8';\nimport {PathLike} from 'node:fs';\nimport {access, mkdir, rename, unlink} from 'node:fs/promises';\n\nconst log = getLogger('monitoring');\n\nexport type Options = typeof DEFAULT_OPTIONS;\n\nexport type Command = 'run' | 'dump' | 'stop';\nexport type Channel = (command?: Command) => Promise<boolean>;\n\nconst DEFAULT_OPTIONS = {\n memoryLimit: 1024 * 1024 * 1024, // 1GB\n reportInterval: 10 * 60 * 1000, // 10 min\n dumpLocation: '.', // current folder\n maxBackups: 10,\n dumpPrefix: 'Heap'\n}\n\nfunction fetchStats(): HeapInfo {\n return getHeapStatistics();\n}\n\nasync function dumpHeap(opts: Options) {\n const prefix = opts.dumpPrefix ?? 'Heap';\n const target = `${opts.dumpLocation}/${prefix}.heapsnapshot`;\n if (log.enabledFor('debug')) {\n log.debug(`starting heap dump in ${target}`);\n }\n\n await fileExists(opts.dumpLocation)\n .catch(async (_) => {\n if (log.enabledFor('debug')) {\n log.debug(`dump location ${opts.dumpLocation} does not exists. Will try to create it`);\n }\n try {\n await mkdir(opts.dumpLocation, {recursive: true});\n log.info(`dump location dir ${opts.dumpLocation} successfully created`);\n } catch (e) {\n log.error(`failed to create dump location ${opts.dumpLocation}`);\n }\n });\n const dumpFileName = writeHeapSnapshot(target);\n log.info(`heap dumped`);\n try {\n log.debug(`rolling snapshot backups`);\n const lastFileName = `${opts.dumpLocation}/${prefix}.${opts.maxBackups}.heapsnapshot`;\n await fileExists(lastFileName)\n .then(async () => {\n if (log.enabledFor('debug')) {\n log.debug(`deleting ${lastFileName}`);\n }\n try {\n await unlink(lastFileName);\n } catch (e) {\n log.warn(`failed to delete ${lastFileName}`, e);\n }\n })\n .catch(() => {\n /* do nothing*/\n });\n for (let i = opts.maxBackups - 1; i > 0; i--) {\n const currentFileName = `${opts.dumpLocation}/${prefix}.${i}.heapsnapshot`;\n const nextFileName = `${opts.dumpLocation}/${prefix}.${i + 1}.heapsnapshot`;\n await fileExists(currentFileName)\n .then(async () => {\n try {\n await rename(currentFileName, nextFileName);\n } catch (e) {\n log.warn(`failed to rename ${currentFileName} to ${nextFileName}`, e);\n }\n })\n .catch(() => {\n /* do nothing*/\n });\n }\n const firstFileName = `${opts.dumpLocation}/${prefix}.${1}.heapsnapshot`;\n try {\n await rename(dumpFileName, firstFileName);\n } catch (e) {\n log.warn(`failed to rename ${dumpFileName} to ${firstFileName}`, e);\n }\n log.debug('snapshots rolled');\n } catch (e) {\n log.error('error rolling backups', e);\n throw e;\n }\n}\n\nasync function fileExists(path: PathLike): Promise<void> {\n if (log.enabledFor('trace')) {\n log.debug(`checking file ${path}`);\n }\n await access(path);\n}\n\nasync function processStats(stats: HeapInfo, state: {\n memoryLimitExceeded: boolean,\n snapshot?: boolean\n}, opts: Options) {\n if (log.enabledFor('debug')) {\n log.debug(`processing heap stats ${JSON.stringify(stats)}`);\n }\n const limit = Math.min(opts.memoryLimit, (0.95 * stats.heap_size_limit));\n const used = stats.used_heap_size;\n log.info(`heap stats ${JSON.stringify(stats)}`);\n if (used >= limit) {\n log.warn(`used heap ${used} bytes exceeds memory limit ${limit} bytes`);\n if (state.memoryLimitExceeded) {\n delete state.snapshot;\n } else {\n state.memoryLimitExceeded = true;\n state.snapshot = true;\n }\n await dumpHeap(opts);\n } else {\n state.memoryLimitExceeded = false;\n delete state.snapshot;\n }\n}\n\nexport function start(opts?: Partial<Options>): Options & { channel: Channel } {\n const merged: Options = {...DEFAULT_OPTIONS, ...opts};\n\n let stopped = false;\n const state = {memoryLimitExceeded: false};\n const report = async () => {\n const stats = fetchStats();\n await processStats(stats, state, merged);\n }\n const interval = setInterval(report, merged.reportInterval);\n const channel = async (command?: Command) => {\n if (!stopped) {\n command ??= 'run';\n switch (command) {\n case 'run': {\n await report();\n break;\n }\n case 'dump': {\n await dumpHeap(merged);\n break;\n }\n case 'stop': {\n stopped = true;\n clearInterval(interval);\n log.info('exit memory diagnostic');\n break;\n }\n }\n\n }\n return stopped;\n }\n\n return {...merged, channel};\n}\n\nasync function run({channel}: { channel: Channel }, command?: Command) {\n if (!await channel(command)) {\n log.warn(`cannot execute command \"${command}\" already closed`)\n }\n}\n\n\nexport async function stop(m: { channel: Channel }) {\n return await run(m, 'stop');\n}\n", "import type {ServerWebExchange} from '../../types/web/server';\n\nimport info from '@interopio/gateway-server/package.json' with {type: 'json'};\n\nconst serverHeader = (server?: string | false) => {\n server ??= `${info.name} - v${info.version}`;\n return async ({response}: ServerWebExchange, next: () => Promise<void>) => {\n if (server !== false && !response.headers.has('server')) {\n response.headers.set('Server', server);\n }\n await next();\n }\n};\n\nexport default (server?: string | false) => serverHeader(server);\n", "import {IOGateway} from '@interopio/gateway';\nimport {OriginFilters} from '../../types/web/server';\nimport getLogger from '../logger.js';\n\nconst log = getLogger('gateway.ws.client-verify');\n\nexport type ProcessedOriginFilters\n = Required<Omit<OriginFilters, 'blacklist' | 'whitelist'>>\n //| Required<Omit<GatewayServer.OriginFilters, 'block' | 'allow'>>\n ;\n\nfunction acceptsMissing(originFilters: ProcessedOriginFilters): boolean {\n switch (originFilters.missing) {\n case 'allow': // fall-through\n case 'whitelist':\n return true;\n case 'block': // fall-through\n case 'blacklist':\n return false;\n default:\n return false;\n }\n}\n\nfunction tryMatch(originFilters: ProcessedOriginFilters, origin: string): boolean | undefined {\n const block = originFilters.block ?? originFilters['blacklist'];\n const allow = originFilters.allow ?? originFilters['whitelist'];\n if (block.length > 0 && IOGateway.Filtering.valuesMatch(block, origin)) {\n log.warn(`origin ${origin} matches block filter`);\n return false;\n } else if (allow.length > 0 && IOGateway.Filtering.valuesMatch(allow, origin)) {\n if (log.enabledFor('debug')) {\n log.debug(`origin ${origin} matches allow filter`);\n }\n return true;\n }\n}\n\nfunction acceptsNonMatched(originFilters: ProcessedOriginFilters): boolean {\n switch (originFilters.non_matched) {\n case 'allow': // fall-through\n case 'whitelist':\n return true;\n case 'block': // fall-through\n case 'blacklist':\n return false;\n default:\n return false;\n }\n}\n\nexport function acceptsOrigin(origin?: string, originFilters?: ProcessedOriginFilters): boolean {\n if (!originFilters) {\n return true;\n }\n if (!origin) {\n return acceptsMissing(originFilters);\n } else {\n const matchResult: boolean | undefined = tryMatch(originFilters, origin);\n if (matchResult) {\n return matchResult;\n } else {\n return acceptsNonMatched(originFilters);\n }\n }\n}\n\nexport function regexifyOriginFilters(originFilters?: OriginFilters): ProcessedOriginFilters | undefined {\n if (originFilters) {\n const block = (originFilters.block ?? originFilters.blacklist ?? []).map(IOGateway.Filtering.regexify);\n const allow = (originFilters.allow ?? originFilters.whitelist ?? []).map(IOGateway.Filtering.regexify);\n return {\n non_matched: originFilters.non_matched ?? 'allow',\n missing: originFilters.missing ?? 'allow',\n allow,\n block,\n }\n }\n}\n", "import type {ServerWebExchange} from '../../../types/web/server';\n\nexport type MatchResult = Readonly<{ match: boolean, variables: Readonly<Record<string, string>> }>;\n\nexport interface ServerWebExchangeMatcher {\n /**\n * Matches the given exchange against the matcher.\n * @param exchange The web exchange to match.\n * @returns A promise that resolves to true if the exchange matches, false otherwise.\n */\n (exchange: ServerWebExchange): Promise<MatchResult>;\n\n /**\n * Returns a string representation of the matcher.\n * @returns A string representation of the matcher.\n */\n toString(): string;\n}\n\nexport type ServerWebExchangeMatcherEntry<T> = Readonly<[ServerWebExchangeMatcher, T]>\n\nexport const or: (matchers: ServerWebExchangeMatcher[]) => ServerWebExchangeMatcher = (matchers: ServerWebExchangeMatcher[]): ServerWebExchangeMatcher => {\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n for (const matcher of matchers) {\n const result = await matcher(exchange);\n if (result.match) {\n return match();\n }\n }\n return NO_MATCH;\n };\n}\n\nexport const and: (matchers: ServerWebExchangeMatcher[]) => ServerWebExchangeMatcher = (matchers: ServerWebExchangeMatcher[]) => {\n const matcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n for (const matcher of matchers) {\n const result = await matcher(exchange);\n if (!result.match) {\n return NO_MATCH;\n }\n }\n return match();\n };\n matcher.toString = () => `and(${matchers.map(m => m.toString()).join(', ')})`;\n return matcher;\n}\n\n\nexport const not: (matcher: ServerWebExchangeMatcher) => ServerWebExchangeMatcher = (matcher: ServerWebExchangeMatcher): ServerWebExchangeMatcher => {\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const result = await matcher(exchange);\n return result.match ? NO_MATCH : match();\n };\n}\n\nexport const anyExchange: ServerWebExchangeMatcher = async (_exchange: ServerWebExchange): Promise<MatchResult> => {\n return match();\n}\nanyExchange.toString = () => 'any-exchange';\n\nconst EMPTY_OBJECT = Object.freeze({});\nexport const NO_MATCH: MatchResult = Object.freeze({match: false, variables: EMPTY_OBJECT});\nexport const match = (variables: Record<string, string> = EMPTY_OBJECT): MatchResult => {\n return {match: true, variables};\n}\n\nexport const pattern: ((pattern: string | RegExp, opts?: {method?: string}) => ServerWebExchangeMatcher) = (pattern, opts) => {\n const method = opts?.method;\n const matcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const request = exchange.request;\n const path = request.path;\n if (method !== undefined && request.method !== method) {\n return NO_MATCH;\n }\n if (typeof pattern === 'string') {\n if (path === pattern) {\n return match();\n }\n return NO_MATCH;\n }\n else {\n const match = pattern.exec(path);\n if (match === null) {\n return NO_MATCH;\n }\n return {match: true, variables: {...match.groups}};\n }\n };\n matcher.toString = () => {\n return `pattern(${pattern.toString()}, method=${method ?? '<any>'})`;\n }\n return matcher\n\n}\nexport const mediaType : ((opts: {mediaTypes: string[], ignoredMediaTypes?: string[], useEquality?: boolean}) => ServerWebExchangeMatcher) = (opts): ServerWebExchangeMatcher => {\n\n const shouldIgnore = (requestedMediaType: string): boolean => {\n if (opts.ignoredMediaTypes !== undefined) {\n for (const ignoredMediaType of opts.ignoredMediaTypes) {\n if (requestedMediaType === ignoredMediaType || ignoredMediaType === '*/*') {\n return true;\n }\n }\n }\n return false;\n }\n\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const request = exchange.request;\n let requestMediaTypes: string[];\n try {\n requestMediaTypes = request.headers.list('accept');\n }\n catch (e) {\n return NO_MATCH;\n }\n for (const requestedMediaType of requestMediaTypes) {\n if (shouldIgnore(requestedMediaType)) {\n continue;\n }\n for (const mediaType of opts.mediaTypes) {\n if (requestedMediaType.startsWith(mediaType)) {\n return match();\n }\n }\n }\n\n return NO_MATCH;\n };\n}\n\nexport const upgradeMatcher: ServerWebExchangeMatcher = async ({request}: ServerWebExchange): Promise<MatchResult> => {\n const upgrade = request.upgrade && request.headers.one('upgrade')?.toLowerCase() === 'websocket';\n return upgrade ? match() : NO_MATCH;\n};\nupgradeMatcher.toString = () => 'websocket upgrade';\n", "import {regexifyOriginFilters} from '../server/ws-client-verify.js';\nimport type {SecurityContext} from '../server/security/security-context.js';\nimport {pattern, ServerWebExchangeMatcher} from '../server/util/matchers.js';\nimport type {CorsConfig} from '../server/cors.js';\nimport type {Middleware} from '../server/types.ts';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\nimport type {SocketRoute} from '../server/socket.js';\nimport {GatewayServer} from '../../gateway-server';\nimport type {\n ServerConfigurer,\n ServerConfigurerHandlerSpec,\n ServerConfigurerSocketSpec,\n ServerExchangeOptions,\n ServerWebExchange\n} from '../../types/web/server';\nimport type {AuthorizationRule} from '../../types/auth';\nimport {IOGateway} from '@interopio/gateway';\nexport type PathPattern = string | RegExp;\nexport type RouteConfig = Readonly<{\n readonly storage: AsyncLocalStorage<{\n exchange: ServerWebExchange,\n securityContext?: Promise<SecurityContext>\n }>,\n readonly serverHeader?: string | false\n readonly corsConfig?: GatewayServer.ServerConfig['cors'],\n readonly authConfig?: GatewayServer.ServerConfig['auth'],\n readonly middleware: Middleware,\n readonly cors: Array<[PathPattern, CorsConfig | undefined]>,\n readonly authorize: Array<[ServerWebExchangeMatcher, AuthorizationRule]>\n readonly sockets: Map<string, SocketRoute>\n}>\n\nexport async function configure(app: GatewayServer.ServerCustomizer, config: GatewayServer.ServerConfig, routes: RouteConfig): Promise<void> {\n const applyCors = (request: ServerConfigurerHandlerSpec['request'], options?: ServerExchangeOptions) => {\n // // disable CORS for this route\n // if (options?.cors === false) {\n // const path = request.path as (PathPattern);\n // routes.cors.push([request.path, undefined]);\n // }\n if (options?.cors) {\n const cors: CorsConfig = options.cors === true ? {\n allowOrigins: options.origins?.allow?.map(IOGateway.Filtering.regexify),\n allowMethods: request.method === undefined ? ['*'] : [request.method],\n allowCredentials: options.authorize?.access !== 'permitted' ? true : undefined,\n } : options.cors;\n const path = request.path as (PathPattern);\n routes.cors.push([path, cors]);\n }\n }\n\n const configurer = new class implements ServerConfigurer {\n\n handle(...handlers: Array<ServerConfigurerHandlerSpec>) {\n handlers.forEach(({request, options, handler}) => {\n const matcher = pattern(IOGateway.Filtering.regexify(request.path) as string | RegExp, {method: request.method});\n if (options?.authorize) {\n routes.authorize.push([matcher, options.authorize]);\n }\n\n applyCors(request, options);\n const middleware = async (exchange: ServerWebExchange, next: () => Promise<void>): Promise<void> => {\n const {match, variables} = await matcher(exchange);\n if (match) {\n await handler(exchange, variables);\n } else {\n await next();\n }\n };\n routes.middleware.push(middleware);\n });\n }\n\n socket(...sockets: Array<ServerConfigurerSocketSpec>) {\n for (const {path, factory, options} of sockets) {\n const route = path ?? '/';\n\n // cors and authorize are currently handled for ws\n routes.sockets.set(route, {\n default: path === undefined,\n ping: options?.ping,\n factory: factory,\n maxConnections: options?.maxConnections,\n authorize: options?.authorize,\n originFilters: regexifyOriginFilters(options?.origins)\n });\n }\n }\n };\n await app(configurer, config);\n}\n", "import {ServerWebExchangeMatcher} from './util/matchers.js';\nimport {HttpStatus} from '../http/status.js';\nimport getLogger from '../logger.js';\nimport type {HttpRequest, ReadonlyHttpHeaders} from '../../types/web/http';\nimport type {ServerHttpResponse, ServerWebExchange} from '../../types/web/server';\nimport {IOGateway} from '@interopio/gateway';\n\nfunction isSameOrigin(request: HttpRequest<ReadonlyHttpHeaders>) {\n const origin = request.headers.one('origin');\n if (origin === undefined) {\n return true;\n }\n const url = request.URL;\n const actualProtocol = url.protocol;\n const actualHost = url.host;\n\n const originUrl = URL.parse(origin);\n\n const originHost = originUrl?.host;\n const originProtocol = originUrl?.protocol;\n return actualProtocol === originProtocol\n && actualHost === originHost;\n}\n\n/**\n * Returns `true` if the request is a valid CORS one by checking `Origin` header presence and ensuring origins differ.\n */\nexport function isCorsRequest(request: HttpRequest<ReadonlyHttpHeaders>): boolean {\n return request.headers.has('origin') && !isSameOrigin(request);\n\n}\n\nexport function isPreFlightRequest(request: HttpRequest): boolean {\n return request.method === 'OPTIONS'\n && request.headers.has('origin')\n && request.headers.has('access-control-request-method');\n}\n\nconst VARY_HEADERS: readonly string[] = ['Origin', 'Access-Control-Request-Method', 'Access-Control-Request-Headers'];\n\n/**\n * Processes a request given a {@link CorsConfig}.\n *\n * @param exchange the current exchange\n * @param config the CORS configuration to use, possibly `undefined` in which case pre-flight requests are rejected, but all others allowed\n * @returns `false` if the request is rejected, `true` otherwise\n */\nexport const processRequest: CorsProcessor = (exchange: ServerWebExchange, config?: CorsConfig): boolean => {\n const {request, response} = exchange;\n const responseHeaders = response.headers;\n\n if (!responseHeaders.has('Vary')) {\n responseHeaders.set('Vary', VARY_HEADERS.join(', '));\n }\n else {\n const varyHeaders = responseHeaders.list('Vary');\n for (const header of VARY_HEADERS) {\n if (!varyHeaders.find(h => h === header)) {\n varyHeaders.push(header);\n }\n }\n responseHeaders.set('Vary', varyHeaders.join(', '));\n }\n\n try {\n if (!isCorsRequest(request)) {\n return true;\n }\n }\n catch (e) {\n if(logger.enabledFor('debug')) {\n logger.debug(`reject: origin is malformed`);\n }\n rejectRequest(response);\n return false;\n }\n\n if (responseHeaders.has('access-control-allow-origin')) {\n if (logger.enabledFor('trace')) {\n logger.debug(`skip: already contains \"Access-Control-Allow-Origin\"`);\n }\n return true;\n }\n\n const preFlightRequest = isPreFlightRequest(request);\n\n if (config) {\n return handleInternal(exchange, config, preFlightRequest);\n }\n if (preFlightRequest) {\n rejectRequest(response);\n return false;\n }\n return true;\n}\n\nexport type CorsConfig = Readonly<{\n allowOrigins?: '*' | IOGateway.Filtering.Matcher[]\n allowMethods?:'*' | string[]\n allowHeaders?: '*' | string[]\n exposeHeaders?: string[]\n allowCredentials?: boolean\n allowPrivateNetwork?: boolean\n maxAge?: number\n}>;\n\nconst DEFAULT_PERMIT_ALL = ['*'];\nconst DEFAULT_PERMIT_METHODS = ['GET', 'HEAD', 'POST'];\nexport const PERMIT_DEFAULT_CONFIG: CorsConfig = {\n allowOrigins: DEFAULT_PERMIT_ALL,\n allowMethods: DEFAULT_PERMIT_METHODS,\n allowHeaders: DEFAULT_PERMIT_ALL,\n maxAge: 1800 // 30 minutes\n}\nexport /*testing*/ function validateCorsConfig(config?: CorsConfig): CorsConfig | undefined {\n if (config) {\n const allowHeaders = config.allowHeaders;\n if (allowHeaders && allowHeaders !== ALL) {\n config = {\n ...config,\n allowHeaders: allowHeaders.map(header => header.toLowerCase())\n };\n }\n const allowOrigins = config.allowOrigins;\n if (allowOrigins) {\n if (allowOrigins === '*') {\n validateAllowCredentials(config);\n validateAllowPrivateNetwork(config);\n }\n else {\n config = {\n ...config,\n allowOrigins: allowOrigins.map(origin => {\n if (typeof origin === 'string' && origin !== ALL) {\n origin = IOGateway.Filtering.regexify(origin);\n if (typeof origin === 'string') {\n // exact match\n return trimTrailingSlash(origin).toLowerCase();\n }\n }\n return origin;\n })\n };\n }\n }\n return config;\n }\n}\n\nfunction combine<T = (string | IOGateway.Filtering.Matcher)>(source?: '*' | T[], other?: '*' | T[]): T[] | undefined {\n if (other === undefined) {\n return source !== undefined ? (source === ALL ? [ALL as T] : source) : [];\n }\n if (source === undefined) {\n return other === ALL ? [ALL as T] : other;\n }\n if (source == DEFAULT_PERMIT_ALL || source === DEFAULT_PERMIT_METHODS) {\n return other === ALL ? [ALL as T] : other;\n }\n if (other == DEFAULT_PERMIT_ALL || other === DEFAULT_PERMIT_METHODS) {\n return source === ALL ? [ALL as T] : source;\n }\n if (source === ALL || source.includes(ALL as T) || other === ALL || other.includes(ALL as T)) {\n return [ALL as T];\n }\n const combined = new Set<T>();\n source.forEach((v) => combined.add(v));\n other.forEach((v) => combined.add(v));\n return Array.from(combined);\n}\nexport const combineCorsConfig = (source: CorsConfig, other?: CorsConfig): CorsConfig => {\n if (other === undefined) {\n return source;\n }\n const config: CorsConfig = {\n allowOrigins: combine(source.allowOrigins, other?.allowOrigins),\n allowMethods: combine(source.allowMethods, other?.allowMethods),\n allowHeaders: combine(source.allowHeaders, other?.allowHeaders),\n exposeHeaders: combine(source.exposeHeaders, other?.exposeHeaders),\n allowCredentials: other?.allowCredentials ?? source.allowCredentials,\n allowPrivateNetwork: other?.allowPrivateNetwork ?? source.allowPrivateNetwork,\n maxAge: other?.maxAge ?? source.maxAge\n }\n return config;\n\n}\n\nexport type CorsConfigSource = (exchange: ServerWebExchange) => Promise<CorsConfig | undefined>;\nexport type CorsProcessor = (exchange: ServerWebExchange, config?: CorsConfig) => boolean;\n\nconst corsFilter = (opts: {corsConfigSource: CorsConfigSource, corsProcessor?: CorsProcessor}) => {\n const source = opts.corsConfigSource;\n const processor = opts.corsProcessor ?? processRequest;\n return async (ctx: ServerWebExchange, next: () => Promise<void>) => {\n const config = await source(ctx);\n const isValid = processor(ctx, config);\n if (!isValid || isPreFlightRequest(ctx.request)) {\n return;\n } else {\n await next();\n }\n };\n}\n\nexport default corsFilter;\n\n\nconst logger = getLogger('cors');\n\nfunction rejectRequest(response: ServerHttpResponse) {\n response.setStatusCode(HttpStatus.FORBIDDEN);\n}\n\nfunction handleInternal(exchange: ServerWebExchange,\n config: CorsConfig, preFlightRequest: boolean): boolean {\n const {request, response} = exchange;\n const responseHeaders = response.headers;\n\n const requestOrigin = request.headers.one('origin');\n const allowOrigin = checkOrigin(config, requestOrigin);\n\n if (allowOrigin === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: '${requestOrigin}' origin is not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n const requestMethod = getMethodToUse(request, preFlightRequest);\n const allowMethods = checkMethods(config, requestMethod);\n if (allowMethods === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: HTTP '${requestMethod}' is not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n const requestHeaders = getHeadersToUse(request, preFlightRequest);\n const allowHeaders = checkHeaders(config, requestHeaders);\n if (preFlightRequest && allowHeaders === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: headers '${requestHeaders}' are not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n responseHeaders.set('Access-Control-Allow-Origin', allowOrigin);\n\n if (preFlightRequest) {\n responseHeaders.set('Access-Control-Allow-Methods', allowMethods.join(','));\n\n }\n if (preFlightRequest && allowHeaders !== undefined && allowHeaders.length > 0) {\n responseHeaders.set('Access-Control-Allow-Headers', allowHeaders.join(', '));\n }\n const exposeHeaders = config.exposeHeaders;\n if (exposeHeaders && exposeHeaders.length > 0) {\n responseHeaders.set('Access-Control-Expose-Headers', exposeHeaders.join(', '));\n }\n if (config.allowCredentials) {\n responseHeaders.set('Access-Control-Allow-Credentials', 'true');\n }\n if (config.allowPrivateNetwork && request.headers.one('access-control-request-private-network') === 'true') {\n responseHeaders.set('Access-Control-Allow-Private-Network', 'true');\n }\n\n if (preFlightRequest && config.maxAge !== undefined) {\n responseHeaders.set('Access-Control-Max-Age', config.maxAge.toString());\n }\n return true;\n}\n\nconst ALL = '*';\nconst DEFAULT_METHODS = ['GET', 'HEAD'];\n\nfunction validateAllowCredentials(config: CorsConfig) {\n if (config.allowCredentials === true && config.allowOrigins === ALL) {\n throw new Error(`when allowCredentials is true allowOrigins cannot be \"*\"`);\n }\n}\n\nfunction validateAllowPrivateNetwork(config: CorsConfig) {\n if (config.allowPrivateNetwork === true && config.allowOrigins === ALL) {\n throw new Error(`when allowPrivateNetwork is true allowOrigins cannot be \"*\"`);\n }\n}\n\nfunction checkOrigin(config: CorsConfig, origin? :string): string | undefined {\n if (origin) {\n const allowedOrigins = config.allowOrigins;\n if (allowedOrigins) {\n if (allowedOrigins === ALL) {\n validateAllowCredentials(config);\n validateAllowPrivateNetwork(config);\n return ALL;\n }\n const originToCheck = trimTrailingSlash(origin.toLowerCase());\n\n for (const allowedOrigin of allowedOrigins) {\n if ((allowedOrigin === ALL) || IOGateway.Filtering.valueMatches(allowedOrigin, originToCheck)) {\n return origin;\n }\n }\n }\n }\n}\n\nfunction checkMethods(config: CorsConfig, requestMethod?: string): string[] | undefined {\n if (requestMethod) {\n const allowedMethods = config.allowMethods ?? DEFAULT_METHODS;\n if (allowedMethods === ALL) {\n return [requestMethod];\n }\n if (IOGateway.Filtering.valuesMatch(allowedMethods, requestMethod)) {\n return allowedMethods;\n }\n }\n}\n\nfunction checkHeaders(config: CorsConfig, requestHeaders?: string[]): string[] | undefined {\n if (requestHeaders === undefined) {\n return;\n }\n if (requestHeaders.length == 0) {\n return [];\n }\n const allowedHeaders = config.allowHeaders;\n if (allowedHeaders === undefined) {\n return;\n }\n const allowAnyHeader = allowedHeaders === ALL || allowedHeaders.includes(ALL);\n const result: string[] = [];\n for (const requestHeader of requestHeaders) {\n const value = requestHeader?.trim();\n if (value) {\n if (allowAnyHeader) {\n result.push(value);\n }\n else {\n for (const allowedHeader of allowedHeaders) {\n if (value.toLowerCase() === allowedHeader) {\n result.push(value);\n break;\n }\n }\n }\n }\n }\n if (result.length > 0) {\n return result;\n }\n}\n\nfunction trimTrailingSlash(origin: string): string {\n return origin.endsWith('/') ? origin.slice(0, -1) : origin;\n}\n\nfunction getMethodToUse(request: HttpRequest<ReadonlyHttpHeaders>, isPreFlight: boolean): string | undefined {\n return (isPreFlight ? request.headers.one('access-control-request-method') : request.method);\n}\n\nfunction getHeadersToUse(request: HttpRequest, isPreFlight: boolean): string[] {\n const headers = request.headers;\n return (isPreFlight ? headers.list('access-control-request-headers') : Array.from(headers.keys()));\n}\n\nexport const matchingCorsConfigSource = (opts: {mappings: Array<[ServerWebExchangeMatcher, CorsConfig | undefined]>}): CorsConfigSource => {\n return async (exchange: ServerWebExchange) => {\n for (const [matcher, config] of opts.mappings) {\n if ((await matcher(exchange)).match) {\n logger.debug(`resolved cors config on '${exchange.request.path}' using ${matcher}: ${JSON.stringify(config)}`);\n return config;\n }\n }\n }\n}\n", "import type {RouteConfig, PathPattern} from './route.js';\nimport {\n combineCorsConfig,\n CorsConfig,\n CorsConfigSource,\n matchingCorsConfigSource,\n PERMIT_DEFAULT_CONFIG,\n validateCorsConfig\n} from '../server/cors.js';\nimport {and, pattern, type ServerWebExchangeMatcher, upgradeMatcher} from '../server/util/matchers.js';\nimport {IOGateway} from '@interopio/gateway';\n\nexport function createCorsConfigSource(context: Pick<RouteConfig, 'sockets' | 'cors' | 'corsConfig'>): CorsConfigSource {\n const {sockets: routes, cors} = context;\n\n // create a default CORS config that allows all origins and methods and then combine it with the provided corsConfig\n const defaultCorsConfig: CorsConfig | undefined = context.corsConfig === false ? undefined : combineCorsConfig(PERMIT_DEFAULT_CONFIG, context.corsConfig);\n\n const validatedConfigs: Array<[ServerWebExchangeMatcher, CorsConfig | undefined]> = [];\n\n // for each socket route, combine the default CORS config, then any app CORS config that match, and finally the route CORS config\n for (const [path, route] of routes) {\n let routeCorsConfig: CorsConfig | undefined = defaultCorsConfig;\n for (const [matcher, config] of cors) {\n if (IOGateway.Filtering.valueMatches(matcher, path)) {\n if (config === undefined) {\n routeCorsConfig = undefined;\n }\n else {\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n }\n }\n }\n const config = context.corsConfig === false ? undefined : {\n allowOrigins: route.originFilters?.allow,\n allowMethods: ['GET', 'CONNECT', 'OPTIONS'],\n allowHeaders: [\n 'Upgrade',\n 'Connection',\n 'Origin',\n 'Sec-Websocket-Key',\n 'Sec-Websocket-Version',\n 'Sec-Websocket-Protocol',\n 'Sec-Websocket-Extensions'\n ],\n exposeHeaders: ['Sec-Websocket-Accept', 'Sec-Websocket-Protocol', 'Sec-Websocket-Extensions'],\n allowCredentials: route.authorize?.access !== 'permitted' ? true : undefined,\n };\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n\n validatedConfigs.push([\n and([upgradeMatcher, pattern(path)]),\n validateCorsConfig(routeCorsConfig)]);\n }\n\n const appConfigs: Array<[PathPattern, CorsConfig | undefined]> = [];\n // add app CORS configs\n for (const [matcher, config] of cors) {\n let [, routeCorsConfig] = appConfigs.find(([m]) => String(m) === String(matcher)) ?? [matcher, defaultCorsConfig];\n\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n let added = false;\n for (const entry of appConfigs) {\n if (String(entry[0]) === String(matcher)) {\n entry[1] = routeCorsConfig;\n added = true;\n break;\n }\n }\n if (!added) {\n appConfigs.push([matcher, routeCorsConfig]);\n }\n }\n for (const [matcher, config] of appConfigs) {\n validatedConfigs.push([pattern(matcher), validateCorsConfig(config)]);\n }\n\n validatedConfigs.push([pattern(/\\/api\\/.*/), validateCorsConfig(defaultCorsConfig)]);\n\n\n return matchingCorsConfigSource({mappings: validatedConfigs});\n}\n", "import type {Principal} from '../../../types/auth';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nexport type Authentication = Principal & {\n type: string;\n readonly name?: string;\n authenticated: boolean;\n}\n\nexport function isAuthentication(principal?: Principal): principal is Authentication {\n return principal !== undefined && typeof principal['type'] === 'string' && typeof principal['authenticated'] === 'boolean';\n}\n\nexport type AuthenticationConverter = (exchange: ServerWebExchange) => Promise<Authentication | undefined>;\n\nexport class AuthenticationError extends Error {\n private _authentication?: Authentication;\n\n get authentication(): Authentication | undefined {\n return this._authentication;\n }\n\n set authentication(value: Authentication) {\n if (value === undefined) {\n throw new TypeError(\"Authentication cannot be undefined\");\n }\n this._authentication = value;\n }\n}\n\nexport class InsufficientAuthenticationError extends AuthenticationError {}\n\nexport class BadCredentialsError extends AuthenticationError {}\n\nexport class AuthenticationCredentialsNotFoundError extends AuthenticationError {}\n\nexport class AccessDeniedError extends Error {}\n\nexport type AuthenticationManager = (authentication: Authentication) => Promise<Authentication | undefined>;\n\nexport type AuthorizationManager<T> = {\n\n /**\n * Determines if access should be granted to the given object for the provided authentication.\n * @param authentication\n * @param object\n */\n verify(authentication: Promise<Authentication | undefined>, object: T): Promise<void>,\n /**\n * Checks if the authentication is authorized to access the given object.\n * @param authentication\n * @param object\n */\n authorize: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationResult | undefined>;\n}\nexport interface AuthorizationResult {readonly granted: boolean;}\nexport class AuthorizationDecision implements AuthorizationResult {\n constructor(granted: boolean) {\n this.granted = granted;\n }\n\n readonly granted: boolean;\n}\nexport class DefaultAuthorizationManager<T> implements AuthorizationManager<T> {\n readonly #check: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationDecision | undefined>;\n\n constructor(check: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationDecision>) {\n this.#check = check;\n }\n\n async verify(authentication: Promise<Authentication | undefined>, object: T): Promise<void> {\n const decision = await this.#check(authentication, object);\n if (!decision?.granted) {\n throw new AccessDeniedError(\"Access denied\");\n }\n }\n\n async authorize(authentication: Promise<Authentication | undefined>, object: T) {\n return await this.#check(authentication, object);\n }\n}\n\nexport class AuthenticationServiceError extends AuthenticationError {}\nexport type ServerAuthenticationSuccessHandler = (filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>}, authentication: Authentication) => Promise<void>;\nexport type ServerAuthenticationFailureHandler = (filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>}, error: AuthenticationError) => Promise<void>;\nexport type ServerAuthenticationEntryPoint = (exchange: ServerWebExchange, error: AuthenticationError) => Promise<void>;\nexport type ServerAccessDeniedHandler = (exchange: ServerWebExchange, error: AccessDeniedError) => Promise<void>;\n", "import {MapHttpHeaders} from '../../http/exchange.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\ntype ServerHttpHeadersWriter = (exchange: ServerWebExchange) => Promise<void>;\n\nconst staticServerHttpHeadersWriter = (headers: MapHttpHeaders): ServerHttpHeadersWriter => {\n return async (exchange: ServerWebExchange) => {\n let containsNoHeaders = true;\n const {response} = exchange;\n for (const name of headers.keys()) {\n if (response.headers.has(name)) {\n containsNoHeaders = false;\n }\n }\n if (containsNoHeaders) {\n for (const [name, value] of headers) {\n response.headers.set(name, value);\n }\n }\n }\n}\n\nconst cacheControlServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cache-control', 'no-cache, no-store, max-age=0, must-revalidate')\n .add('pragma', 'no-cache')\n .add('expires', '0'));\n\nconst contentTypeServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-content-type-options', 'nosniff'));\n\nconst strictTransportSecurityServerHttpHeadersWriter = (maxAgeInSeconds: number, includeSubDomains: boolean, preload: boolean) => {\n let headerValue = `max-age=${maxAgeInSeconds}`;\n if (includeSubDomains) {\n headerValue += ' ; includeSubDomains';\n }\n if (preload) {\n headerValue += ' ; preload';\n }\n const delegate = staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('strict-transport-security', headerValue))\n\n const isSecure = (exchange: ServerWebExchange) => {\n const protocol = exchange.request.URL.protocol;\n return protocol === 'https:';\n }\n\n return async (exchange: ServerWebExchange) => {\n if (isSecure(exchange)) {\n await delegate(exchange);\n }\n }\n};\n\ntype FrameOptionsMode = 'DENY' | 'SAMEORIGIN';\nconst frameOptionsServerHttpHeadersWriter = (mode: FrameOptionsMode) => {\n return staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-frame-options', mode))\n};\n\ntype XssProtectionHeaderValue = '0' | '1' | '1; mode=block';\nconst xssProtectionServerHttpHeadersWriter = (headerValue: XssProtectionHeaderValue) => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-xss-protection', headerValue));\n\n\nconst permissionsPolicyServerHttpHeadersWriter = (policyDirectives?: string) => {\n\n const delegate = policyDirectives === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('permissions-policy', policyDirectives));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\nconst contentSecurityPolicyServerHttpHeadersWriter = (policyDirectives?: string, reportOnly?: boolean) => {\n const headerName = reportOnly ? 'content-security-policy-report-only' : 'content-security-policy';\n const delegate = policyDirectives === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add(headerName, policyDirectives));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n};\n\ntype ReferrerPolicy =\n 'no-referrer'\n | 'no-referrer-when-downgrade'\n | 'origin'\n | 'origin-when-cross-origin'\n | 'same-origin'\n | 'strict-origin'\n | 'strict-origin-when-cross-origin'\n | 'unsafe-url';\nconst refererPolicyServerHttpHeadersWriter = (policy: ReferrerPolicy = 'no-referrer') => {\n return staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('referer-policy', policy));\n}\n\ntype CrossOriginOpenerPolicy = 'unsafe-none' | 'same-origin' | 'same-origin-allow-popups';\nconst crossOriginOpenerPolicyServerHttpHeadersWriter = (policy?: CrossOriginOpenerPolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-opener-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\ntype CrossOriginEmbedderPolicy = 'unsafe-none' | 'require-corp';\nconst crossOriginEmbedderPolicyServerHttpHeadersWriter = (policy?: CrossOriginEmbedderPolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-embedder-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\ntype CrossOriginResourcePolicy = 'same-origin' | 'same-site' | 'cross-origin';\nconst crossOriginResourcePolicyServerHttpHeadersWriter = (policy?: CrossOriginResourcePolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-resource-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\nconst compositeServerHttpHeadersWriter = (\n ...writers: ServerHttpHeadersWriter[]\n): ServerHttpHeadersWriter => {\n return async (exchange: ServerWebExchange) => {\n for (const writer of writers) {\n await writer(exchange);\n }\n }\n}\n\nexport default function headers(opts?: {\n cache?: { disabled?: boolean }\n contentType?: { disabled?: boolean },\n frameOptions?: { disabled?: boolean, mode?: FrameOptionsMode },\n hsts?: { disabled?: boolean, maxAge?: number, includeSubDomains?: boolean, preload?: boolean },\n xss?: { disabled?: boolean, headerValue?: XssProtectionHeaderValue },\n permissionsPolicy?: { disabled?: boolean, policyDirectives?: string },\n contentSecurityPolicy?: { disabled?: boolean, policyDirectives?: string, reportOnly?: boolean },\n refererPolicy?: { disabled?: boolean, policy?: ReferrerPolicy },\n crossOriginOpenerPolicy?: { disabled?: boolean, policy?: CrossOriginOpenerPolicy },\n crossOriginEmbedderPolicy?: { disabled?: boolean, policy?: CrossOriginEmbedderPolicy },\n crossOriginResourcePolicy?: { disabled?: boolean, policy?: CrossOriginResourcePolicy }\n writers?: ServerHttpHeadersWriter[]\n}) {\n const writers: ServerHttpHeadersWriter[] = [];\n if (!opts?.cache?.disabled) {\n writers.push(cacheControlServerHttpHeadersWriter());\n }\n if (!opts?.contentType?.disabled) {\n writers.push(contentTypeServerHttpHeadersWriter());\n }\n if (!opts?.hsts?.disabled) {\n writers.push(strictTransportSecurityServerHttpHeadersWriter(opts?.hsts?.maxAge ?? 365 * 24 * 60 * 60, opts?.hsts?.includeSubDomains ?? true, opts?.hsts?.preload ?? false));\n }\n if (!opts?.frameOptions?.disabled) {\n writers.push(frameOptionsServerHttpHeadersWriter(opts?.frameOptions?.mode ?? 'DENY'));\n }\n if (!opts?.xss?.disabled) {\n writers.push(xssProtectionServerHttpHeadersWriter(opts?.xss?.headerValue ?? '0'));\n }\n if (!opts?.permissionsPolicy?.disabled) {\n writers.push(permissionsPolicyServerHttpHeadersWriter(opts?.permissionsPolicy?.policyDirectives));\n }\n if (!opts?.contentSecurityPolicy?.disabled) {\n writers.push(contentSecurityPolicyServerHttpHeadersWriter(opts?.contentSecurityPolicy?.policyDirectives ?? \"default-src 'self'\", opts?.contentSecurityPolicy?.reportOnly));\n }\n if (!opts?.refererPolicy?.disabled) {\n writers.push(refererPolicyServerHttpHeadersWriter(opts?.refererPolicy?.policy ?? 'no-referrer'));\n }\n if (!opts?.crossOriginOpenerPolicy?.disabled) {\n writers.push(crossOriginOpenerPolicyServerHttpHeadersWriter(opts?.crossOriginOpenerPolicy?.policy));\n }\n if (!opts?.crossOriginEmbedderPolicy?.disabled) {\n writers.push(crossOriginEmbedderPolicyServerHttpHeadersWriter(opts?.crossOriginEmbedderPolicy?.policy));\n }\n if (!opts?.crossOriginResourcePolicy?.disabled) {\n writers.push(crossOriginResourcePolicyServerHttpHeadersWriter(opts?.crossOriginResourcePolicy?.policy));\n }\n if (opts?.writers) {\n writers.push(...opts.writers);\n }\n const writer = compositeServerHttpHeadersWriter(...writers);\n\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n await writer(exchange);\n await next();\n }\n}\n", "import {\n AuthenticationServiceError,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler\n} from './types.js';\n\nexport const serverAuthenticationEntryPointFailureHandler = (opts: {\n entryPoint: ServerAuthenticationEntryPoint,\n rethrowAuthenticationServiceError?: boolean\n}): ServerAuthenticationFailureHandler => {\n const entryPoint = opts.entryPoint;\n const rethrowAuthenticationServiceError = opts?.rethrowAuthenticationServiceError ?? true;\n return async ({exchange}, error) => {\n if (!rethrowAuthenticationServiceError) {\n return entryPoint(exchange, error);\n }\n if (!(error instanceof AuthenticationServiceError)) {\n return entryPoint(exchange, error);\n }\n throw error;\n\n };\n\n\n}\n", "import {ServerAuthenticationEntryPoint} from './types.js';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nconst DEFAULT_REALM = \"Realm\";\nconst createHeaderValue = (realm: string): string => {\n return `Basic realm=\"${realm}\"`;\n}\n\nexport const httpBasicEntryPoint = (opts?: { realm?: string }): ServerAuthenticationEntryPoint => {\n const headerValue = createHeaderValue(opts?.realm ?? DEFAULT_REALM);\n return async (exchange, _error) => {\n const {response} = exchange;\n response.setStatusCode(HttpStatus.UNAUTHORIZED);\n response.headers.set(\"WWW-Authenticate\", headerValue);\n };\n}\n", "import {AuthenticationConverter} from './types.js';\n\nconst BASIC = 'Basic ';\n\nexport const httpBasicAuthenticationConverter = (opts?: {credentialsEncoding?: BufferEncoding}): AuthenticationConverter => {\n return async (exchange) => {\n const {request} = exchange;\n const authorization = request.headers.one(\"authorization\");\n if (!authorization || !(/basic/i).test(authorization.substring(0,))) {\n return;\n }\n const credentials = authorization.length <= BASIC.length ? '' : authorization.substring(BASIC.length);\n const decoded = Buffer.from(credentials, 'base64').toString(opts?.credentialsEncoding ?? 'utf-8');\n const parts = decoded.split(\":\", 2);\n if (parts.length !== 2) {\n return undefined;\n }\n return {\n type: 'UsernamePassword',\n authenticated: false,\n principal: parts[0],\n credentials: parts[1]\n };\n }\n\n}\n", "import {Authentication} from './types';\nimport {AsyncLocalStorage} from 'node:async_hooks';\n\nexport interface SecurityContext {\n authentication?: Authentication;\n}\n\nexport class AsyncStorageSecurityContextHolder {\n private static hasSecurityContext(storage: AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>): boolean {\n return storage.getStore()?.securityContext !== undefined;\n }\n\n private static async getSecurityContext(storage: AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>): Promise<SecurityContext | undefined> {\n return await storage.getStore()?.securityContext;\n }\n\n public static clearSecurityContext(storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>) {\n delete storage.getStore()?.securityContext;\n }\n\n public static withSecurityContext(securityContext: Promise<SecurityContext>) {\n return (storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }> = new AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>()) => {\n storage.getStore()!.securityContext = securityContext;\n return storage;\n };\n }\n\n public static withAuthentication(authentication: Authentication) {\n return AsyncStorageSecurityContextHolder.withSecurityContext(Promise.resolve({authentication}));\n }\n\n public static async getContext(storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<SecurityContext | undefined> {\n if (AsyncStorageSecurityContextHolder.hasSecurityContext(storage)) {\n return AsyncStorageSecurityContextHolder.getSecurityContext(storage);\n }\n }\n}\n\n", "import {type Authentication} from './types.js';\nimport {\n AuthenticationConverter,\n AuthenticationError,\n AuthenticationManager,\n ServerAuthenticationFailureHandler, ServerAuthenticationSuccessHandler\n} from './types.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {httpBasicAuthenticationConverter} from './http-basic-converter.js';\nimport {anyExchange, type ServerWebExchangeMatcher} from '../util/matchers.js';\nimport {AsyncStorageSecurityContextHolder, type SecurityContext} from './security-context.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server'\n\nasync function authenticate(exchange: ServerWebExchange,\n next: () => Promise<void>,\n token: Authentication,\n managerResolver: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n successHandler: ServerAuthenticationSuccessHandler,\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<void> {\n const authManager = await managerResolver(exchange);\n const authentication = await authManager?.(token);\n if (authentication === undefined) {\n throw new Error(\"No authentication manager found for the exchange\");\n }\n try {\n await onAuthenticationSuccess(authentication, {exchange, next}, successHandler, storage);\n } catch (e) {\n if (e instanceof AuthenticationError) {\n // todo debug log\n }\n throw e;\n }\n}\n\nasync function onAuthenticationSuccess(authentication: Authentication,\n filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>},\n successHandler: ServerAuthenticationSuccessHandler,\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<void> {\n AsyncStorageSecurityContextHolder.withAuthentication(authentication)(storage);\n await successHandler(filterExchange, authentication);\n\n}\n\nexport type AuthenticationFilterOptions = {\n storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>\n managerResolver?: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n manager?: AuthenticationManager,\n successHandler?: ServerAuthenticationSuccessHandler,\n // converter is a function that converts the exchange to an authentication object\n converter?: AuthenticationConverter,\n failureHandler?: ServerAuthenticationFailureHandler\n // matcher is a function that checks if the exchange must be authenticated\n matcher?: ServerWebExchangeMatcher,\n};\n\nexport default function authenticationFilter(opts: AuthenticationFilterOptions) {\n const auth = {\n matcher: anyExchange,\n successHandler: async({next}) => {\n await next();\n },\n converter: httpBasicAuthenticationConverter({}),\n failureHandler: serverAuthenticationEntryPointFailureHandler({entryPoint: httpBasicEntryPoint({})}),\n ...opts\n };\n let managerResolver = auth.managerResolver;\n if (managerResolver === undefined && auth.manager !== undefined) {\n const manager: AuthenticationManager = auth.manager;\n managerResolver = async (_exchange: ServerWebExchange) => {\n return manager;\n };\n }\n if (managerResolver === undefined) {\n throw new Error(\"Authentication filter requires a managerResolver or a manager\");\n }\n return async (exchange: ServerWebExchange, next: () => Promise<void>): Promise<void> => {\n const matchResult = await auth.matcher(exchange);\n const token = matchResult.match ? await auth.converter(exchange) : undefined;\n if (token === undefined) {\n await next();\n return;\n }\n\n try {\n await authenticate(exchange, next, token, managerResolver, auth.successHandler, auth.storage);\n\n } catch (error) {\n if (error instanceof AuthenticationError) {\n await auth.failureHandler({exchange, next}, error);\n return;\n }\n throw error; // Re-throw the error to be handled by the next middleware or error handler\n }\n };\n}\n", "import type { AuthenticationError, ServerAuthenticationEntryPoint} from './types.js';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nexport const httpStatusEntryPoint = (opts: {\n httpStatus: HttpStatus\n}): ServerAuthenticationEntryPoint => {\n return async (exchange, _error: AuthenticationError) => {\n const response = exchange.response;\n response.setStatusCode(opts.httpStatus);\n };\n}\n", "import {AuthenticationError, type ServerAuthenticationEntryPoint} from './types.js';\nimport {type ServerWebExchangeMatcher} from '../util/matchers.js';\nimport {HttpStatus} from '../../http/status.js';\nimport getLogger from '../../logger.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nconst logger = getLogger('auth.entry-point');\n\nexport const delegatingEntryPoint = (opts: {\n entryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]>;\n defaultEntryPoint: ServerAuthenticationEntryPoint;\n}): ServerAuthenticationEntryPoint => {\n const defaultEntryPoint = opts.defaultEntryPoint ?? (async ({response}, _error) => {\n response.setStatusCode(HttpStatus.UNAUTHORIZED);\n await response.end();\n });\n return async (exchange: ServerWebExchange, error: AuthenticationError) => {\n for (const [matcher, entryPoint] of opts.entryPoints) {\n if (logger.enabledFor('debug')) {\n logger.debug(`trying to match using: ${matcher}`);\n }\n const match = await matcher(exchange);\n if (match.match) {\n if (logger.enabledFor('debug')) {\n logger.debug(`match found. using default entry point ${entryPoint}`);\n }\n return entryPoint(exchange, error);\n }\n }\n if (logger.enabledFor('debug')) {\n logger.debug(`no match found. using default entry point ${defaultEntryPoint}`);\n }\n return defaultEntryPoint(exchange, error);\n };\n}\n", "import type {Authentication, ServerAuthenticationSuccessHandler} from './types.js';\n\nexport const delegatingSuccessHandler = (handlers: Array<ServerAuthenticationSuccessHandler>) => {\n\n return async ({exchange, next}, authentication: Authentication) => {\n for (const handler of handlers) {\n await handler({exchange, next}, authentication);\n }\n };\n}\n", "import authenticationFilter from './authentication-filter.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport {\n AuthenticationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler,\n ServerAuthenticationSuccessHandler\n} from './types.js';\nimport {httpStatusEntryPoint} from './http-status-entry-point.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {delegatingEntryPoint} from './delegating-entry-point.js';\nimport {httpBasicAuthenticationConverter} from './http-basic-converter.js';\nimport {delegatingSuccessHandler} from './delegating-success-handler.js';\nimport {type SecurityContext} from './security-context.js';\nimport {MatchResult, ServerWebExchangeMatcher} from '../util/matchers.js';\nimport * as matchers from '../util/matchers.js';\nimport {HttpStatus} from '../../http/status.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nexport default function httpBasic(opts: {\n readonly storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>\n readonly manager: AuthenticationManager;\n readonly entryPoint?: ServerAuthenticationEntryPoint;\n readonly failureHandler?: ServerAuthenticationFailureHandler;\n readonly successHandlers?: ServerAuthenticationSuccessHandler[];\n defaultEntryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]>;\n defaultSuccessHandlers: ServerAuthenticationSuccessHandler[];\n}) {\n\n const xhrMatcher: ServerWebExchangeMatcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const headers = exchange.request.headers;\n const h = headers.list('X-Requested-With');\n if (h.includes('XMLHttpRequest')) {\n return matchers.match();\n }\n return matchers.NO_MATCH;\n }\n\n const defaultEntryPoint = delegatingEntryPoint({\n entryPoints: [[xhrMatcher, httpStatusEntryPoint({httpStatus: HttpStatus.UNAUTHORIZED})]],\n defaultEntryPoint: httpBasicEntryPoint({})\n });\n\n const entryPoint = opts.entryPoint ?? defaultEntryPoint;\n\n const manager = opts.manager;\n\n const restMatcher = matchers.mediaType({\n mediaTypes: [\n 'application/atom+xml',\n 'application/x-www-form-urlencoded',\n 'application/json',\n 'application/octet-stream',\n 'application/xml',\n 'multipart/form-data',\n 'text/xml'\n ],\n ignoredMediaTypes: ['*/*']\n });\n\n const notHtmlMatcher = matchers.not(matchers.mediaType({mediaTypes: ['text/html']}));\n const restNoHtmlMatcher = matchers.and([notHtmlMatcher, restMatcher]);\n const preferredMatcher = matchers.or([xhrMatcher, restNoHtmlMatcher]);\n opts.defaultEntryPoints.push([preferredMatcher, entryPoint]);\n const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({entryPoint});\n const successHandler = delegatingSuccessHandler(opts.successHandlers ?? opts.defaultSuccessHandlers);\n const converter = httpBasicAuthenticationConverter({});\n return authenticationFilter({\n storage: opts.storage,\n manager,\n failureHandler,\n successHandler,\n converter\n });\n}\n\n", "import {HttpStatus} from '../../../http/status.js';\n\nexport type OAuth2Error = {\n readonly errorCode: string\n readonly description?: string\n readonly uri?: string\n}\n\nexport type BearerTokenError = OAuth2Error & {\n readonly httpStatus: HttpStatus\n readonly scope?: string\n}\n\nexport const BearerTokenErrorCodes = {\n invalid_request: 'invalid_request',\n invalid_token: 'invalid_token',\n insufficient_scope: 'insufficient_scope',\n}\n\nconst DEFAULT_URI = \"https://tools.ietf.org/html/rfc6750#section-3.1\";\n\nexport function invalidToken(message: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.invalid_token,\n httpStatus: HttpStatus.UNAUTHORIZED,\n description: message,\n uri: DEFAULT_URI\n };\n}\n\nexport function invalidRequest(message: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.invalid_request,\n httpStatus: HttpStatus.BAD_REQUEST,\n description: message,\n uri: DEFAULT_URI\n };\n}\n\nexport function insufficientScope(message: string, scope?: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.insufficient_scope,\n httpStatus: HttpStatus.FORBIDDEN,\n description: message,\n uri: DEFAULT_URI,\n scope\n };\n}\n", "import {type Authentication, type AuthenticationConverter, AuthenticationError} from '../types.js';\nimport {invalidRequest, invalidToken, OAuth2Error} from './token-error.js';\nimport type {ReadonlyHttpHeaders} from '../../../../types/web/http';\nimport type {ServerHttpRequest, ServerWebExchange} from '../../../../types/web/server';\n\nconst ACCESS_TOKEN_PARAMETER_NAME = 'access_token';\nconst authorizationPattern = /^Bearer\\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i;\n\nexport class Oauth2AuthenticationError extends AuthenticationError {\n readonly error: OAuth2Error;\n\n constructor(error: string | OAuth2Error, message?: string, options?: ErrorOptions) {\n super(message ?? (typeof error === 'string' ? undefined : error.description), options);\n this.error = typeof error === 'string' ? {errorCode: error} : error;\n }\n}\n\nexport type BearerTokenAuthenticationToken = Authentication & {\n type: 'BearerToken';\n token: string;\n}\n\nexport const isBearerTokenAuthenticationToken = (authentication: Authentication): authentication is BearerTokenAuthenticationToken => {\n return authentication.type === 'BearerToken';\n}\n\nconst serverBearerTokenAuthenticationConverter = (opts?: {headerName?: string, uriQueryParameter?: boolean, formEncodedBodyParameter?: boolean }): AuthenticationConverter => {\n return async (exchange: ServerWebExchange) => {\n const {request} = exchange;\n return Promise.all<string[] | undefined>([\n resolveFromAuthorizationHeader(request.headers, opts?.headerName).then((token?: string) => token !== undefined ? [token] : undefined),\n resolveFromQueryString(request, opts?.uriQueryParameter),\n resolveFromBody(exchange, opts?.formEncodedBodyParameter)\n ])\n .then(rs => rs.filter(r => r !== undefined).flat(1))\n .then(resolveToken)\n .then(token => {\n if (token) return {authenticated: false, type: 'BearerToken', token};\n });\n }\n}\n\nasync function resolveToken(accessTokens: string[]) {\n if (accessTokens.length === 0) {\n return;\n }\n if (accessTokens.length > 1) {\n const error = invalidRequest('Found multiple access tokens in the request');\n throw new Oauth2AuthenticationError(error);\n }\n\n const accessToken = accessTokens[0];\n if (!accessToken || accessToken.length === 0) {\n const error = invalidRequest('The requested access token parameter is an empty string');\n throw new Oauth2AuthenticationError(error);\n }\n return accessToken;\n}\n\nasync function resolveFromAuthorizationHeader(headers: ReadonlyHttpHeaders, headerName: string = 'authorization'): Promise<string | undefined> {\n const authorization = headers.one(headerName);\n if (!authorization || !(/bearer/i).test(authorization.substring(0,))) {\n return;\n }\n const match = authorizationPattern.exec(authorization);\n if (match === null) {\n const error = invalidToken('Bearer token is malformed');\n throw new Oauth2AuthenticationError(error);\n }\n return match.groups?.token;\n}\n\nasync function resolveTokens(parameters: URLSearchParams): Promise<string[] | undefined> {\n const accessTokens = parameters.getAll(ACCESS_TOKEN_PARAMETER_NAME);\n if (accessTokens.length === 0) {\n return;\n }\n return accessTokens;\n}\n\nasync function resolveFromQueryString(request: ServerHttpRequest, allow = false): Promise<string[] | undefined> {\n if (!allow || request.method !== 'GET') {\n return;\n }\n return resolveTokens(request.URL.searchParams);\n}\n\nasync function resolveFromBody(exchange: ServerWebExchange, allow = false): Promise<string[] | undefined> {\n const {request} = exchange;\n if (!allow\n || ('application/x-www-form-urlencoded' !== request.headers.one('content-type'))\n || request.method !== 'POST') {\n return;\n }\n const parameters = await exchange.request.formData();\n if (parameters) {\n return resolveTokens(parameters);\n }\n}\n\nexport default serverBearerTokenAuthenticationConverter;\n", "import {AuthenticationError, type ServerAuthenticationEntryPoint} from '../types.js';\nimport {Oauth2AuthenticationError} from './token-converter.js';\nimport type {BearerTokenError, OAuth2Error} from './token-error.js';\nimport {HttpStatus} from '../../../http/status.js';\n\nfunction computeWWWAuthenticate(parameters: Map<string, string>) {\n let wwwAuthenticate = 'Bearer';\n if (parameters.size !== 0) {\n wwwAuthenticate += ' ';\n let i = 0;\n for (const [key, value] of parameters) {\n wwwAuthenticate += `${key}=\"${value}\"`;\n if (i !== parameters.size - 1) {\n wwwAuthenticate += ', ';\n }\n i++;\n }\n }\n return wwwAuthenticate;\n}\n\nconst isBearerTokenError = (error: OAuth2Error): error is BearerTokenError => {\n return (error as BearerTokenError).httpStatus !== undefined;\n}\n\nfunction getStatus(authError: AuthenticationError): HttpStatus {\n if (authError instanceof Oauth2AuthenticationError) {\n const {error} = authError;\n if (isBearerTokenError(error)) {\n return error.httpStatus;\n }\n }\n return HttpStatus.UNAUTHORIZED;\n}\n\nfunction createParameters(authError: AuthenticationError, realm?: string) {\n const parameters = new Map<string, string>();\n if (realm) {\n parameters.set('realm', realm);\n }\n if (authError instanceof Oauth2AuthenticationError) {\n const {error} = authError;\n parameters.set('error', error.errorCode);\n if (error.description) {\n parameters.set('error_description', error.description);\n }\n if (error.uri) {\n parameters.set('error_uri', error.uri);\n }\n if (isBearerTokenError(error) && error.scope) {\n parameters.set('scope', error.scope);\n }\n }\n return parameters;\n}\n\nconst bearerTokenServerAuthenticationEntryPoint = (opts?: { realmName?: string }): ServerAuthenticationEntryPoint => {\n return async (exchange, error) => {\n const status = getStatus(error);\n const parameters = createParameters(error, opts?.realmName)\n const wwwAuthenticate = computeWWWAuthenticate(parameters);\n const {response} = exchange;\n response.headers.set('WWW-Authenticate', wwwAuthenticate);\n response.setStatusCode(status);\n await response.end();\n };\n}\n\nexport default bearerTokenServerAuthenticationEntryPoint;\n", "import {type Authentication, type AuthenticationManager, AuthenticationServiceError} from '../types.js';\nimport {invalidToken} from './token-error.js';\nimport {isBearerTokenAuthenticationToken, Oauth2AuthenticationError} from './token-converter.js';\n\nexport interface Jwt {\n readonly subject?: string\n\n getClaimAsString(claim: string): string | undefined\n}\n\nconst jwtAuthConverter = (opts?: { principalClaimName?: string}): (jwt: Jwt) => Authentication => {\n const principalClaimName = opts?.principalClaimName ?? 'sub';\n\n return (jwt: Jwt) => {\n const name = jwt.getClaimAsString(principalClaimName);\n return {type: 'JwtToken', authenticated: true, name};\n };\n}\n\nconst asyncJwtConverter = (converter: (jwt: Jwt) => Authentication): (jwt: Jwt) => Promise<Authentication> => {\n return async (jwt: Jwt) => {\n return converter(jwt);\n };\n};\n\nexport class JwtError extends Error {}\nexport class BadJwtError extends JwtError {}\n\n\nfunction onError(error: JwtError) {\n if (error instanceof BadJwtError) {\n return new Oauth2AuthenticationError(invalidToken(error.message), error.message, {cause: error});\n }\n throw new AuthenticationServiceError(error.message, {cause: error});\n\n}\n\nexport default function jwtAuthManager(opts: {\n decoder: (token: string) => Promise<Jwt>\n authConverter?: (jwt: Jwt) => Promise<Authentication>\n}): AuthenticationManager {\n const decoder = opts.decoder;\n const authConverter = opts.authConverter ?? asyncJwtConverter(jwtAuthConverter({}));\n return async (authentication) => {\n if (isBearerTokenAuthenticationToken(authentication)) {\n const token = authentication.token;\n try {\n const jwt = await decoder(token);\n return await authConverter(jwt);\n } catch (e) {\n if (e instanceof JwtError) {\n throw onError(e);\n }\n throw e;\n }\n }\n }\n}\n", "import authenticationFilter from './authentication-filter.js';\nimport type {\n Authentication,\n AuthenticationConverter,\n AuthenticationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler\n} from './types.js';\nimport serverBearerTokenAuthenticationConverter from './oauth2/token-converter.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport bearerTokenServerAuthenticationEntryPoint from './oauth2/token-entry-point.js';\nimport jwtAuthManager, {Jwt} from './oauth2/jwt-auth-manager.js';\nimport type {SecurityContext} from './security-context.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport {ServerWebExchange} from '../../../types/web/server';\n\nexport default function resourceServer(opts: {\n readonly storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>,\n converter?: AuthenticationConverter,\n failureHandler?: ServerAuthenticationFailureHandler,\n entryPoint?: ServerAuthenticationEntryPoint,\n managerResolver?: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n jwt?: {\n manager?: AuthenticationManager,\n decoder: (token: string) => Promise<Jwt>,\n authConverter?: (jwt: Jwt) => Promise<Authentication>\n }\n}): (exchange: ServerWebExchange, next: () => Promise<void>) => Promise<void> {\n const entryPoint = opts.entryPoint ?? bearerTokenServerAuthenticationEntryPoint({});\n const converter = opts?.converter ?? serverBearerTokenAuthenticationConverter({});\n const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({entryPoint})\n if (opts.managerResolver!== undefined) {\n return authenticationFilter({\n storage: opts.storage,\n converter,\n failureHandler,\n managerResolver: opts.managerResolver,\n });\n }\n if (opts.jwt !== undefined) {\n\n const manager = opts.jwt.manager ?? jwtAuthManager(opts.jwt);\n return authenticationFilter({\n storage: opts.storage,\n converter,\n failureHandler,\n managerResolver: async (_exchange: ServerWebExchange) => {\n return manager;\n },\n });\n }\n throw new Error(\"Invalid resource server configuration: either managerResolver or jwt must be provided\");\n}\n", "import {\n Authentication,\n AuthenticationManager,\n AuthorizationDecision,\n BadCredentialsError,\n DefaultAuthorizationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationSuccessHandler\n} from './types.js';\nimport headers from './http-headers.js';\nimport httpBasic from './http-basic.js';\nimport resourceServer from './oauth2-resource-server.js';\nimport serverBearerTokenAuthenticationConverter from './oauth2/token-converter.js';\nimport bearerTokenServerAuthenticationEntryPoint from './oauth2/token-entry-point.js';\nimport {BadJwtError, Jwt, JwtError} from './oauth2/jwt-auth-manager.js';\nimport {jwtVerifier, JwtVerifyError} from '@interopio/gateway/jose/jwt';\nimport {anyExchange, ServerWebExchangeMatcher, ServerWebExchangeMatcherEntry, match, NO_MATCH} from '../util/matchers.js';\nimport {errorFilter} from './error-filter.js';\nimport {delegatingEntryPoint} from './delegating-entry-point.js';\nimport delegatingAuthorizationManager from './delegating-authorization-manager.js';\nimport authorizationFilter from './authorization-filter.js';\nimport {exchangeFilter} from './exchange-filter.js';\nimport {SecurityContext} from './security-context.js';\nimport cors, { type CorsConfigSource} from '../cors.js';\nimport type {Middleware} from '../types.js';\nimport {type AsyncLocalStorage} from 'node:async_hooks';\nimport type { ServerWebExchange} from '../../../types/web/server';\n\nexport type HttpSecurityConfig = {\n authorize?: Array<[\n 'any-exchange' | ServerWebExchangeMatcher,\n ( { access: 'permitted' | 'denied' | 'authenticated' }\n | { access: 'has-any-authority', authorities: string[] }\n | { access: 'has-ip-address', address: string })\n ]>,\n headers?: {\n disabled?: boolean;\n xss?: { disabled?: boolean };\n },\n cors?: {\n disabled?: boolean;\n }\n basic?: {\n disabled?: boolean;\n realm?: string;\n user?: {\n name: string,\n password?: string // generated password, if not provided\n authorities?: string[]\n }\n },\n jwt?: {\n disabled?: boolean;\n issuerUri?: string; // base URI for the issuer, e.g. 'https://example.com'\n issuer?: string;\n audience?: string | string[]; // audience for the JWT, e.g. 'https://example.com/api'\n }\n}\n\nconst filterOrder = {\n first: Number.MAX_SAFE_INTEGER,\n http_headers: 1 * 100,\n https_redirect: 2 * 100,\n cors: 3 * 100,\n http_basic: 6 * 100,\n authentication: 8 * 100,\n security_context_server_web_exchange: 15 * 100,\n error_translation: 18 * 100,\n authorization: 19 * 100,\n last: Number.MAX_SAFE_INTEGER\n}\nconst filterOrderSymbol = Symbol.for(\"filterOrder\");\n\nexport default (config: HttpSecurityConfig,\n context: {\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>\n corsConfigSource?: CorsConfigSource,\n }): Middleware => {\n const middleware: Middleware = [];\n\n class ServerHttpSecurity {\n #authenticationEntryPoint?: ServerAuthenticationEntryPoint;\n readonly #defaultEntryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]> = [];\n manager?: AuthenticationManager;\n\n get authenticationEntryPoint(): ServerAuthenticationEntryPoint | undefined {\n if (this.#authenticationEntryPoint !== undefined || this.#defaultEntryPoints.length === 0) {\n return this.#authenticationEntryPoint!;\n }\n if (this.#defaultEntryPoints.length === 1) {\n return this.#defaultEntryPoints[0][1];\n }\n return delegatingEntryPoint({\n entryPoints: this.#defaultEntryPoints,\n defaultEntryPoint: this.#defaultEntryPoints[this.#defaultEntryPoints.length - 1][1]\n });\n }\n\n\n build() {\n if (config.headers !== undefined && config.headers.disabled !== true) {\n const writer = headers(config.headers);\n writer[filterOrderSymbol] = filterOrder.http_headers;\n middleware.push(writer);\n }\n if (config.cors?.disabled !== true && context.corsConfigSource !== undefined) {\n const filter: (ctx: ServerWebExchange, next: () => Promise<void>) => Promise<void> = cors({corsConfigSource: context.corsConfigSource });\n filter[filterOrderSymbol] = filterOrder.cors;\n middleware.push(filter);\n }\n\n if (config.basic !== undefined && config.basic?.disabled !== true) {\n const username = config.basic.user?.name.toLowerCase();\n const password = config.basic.user?.password ?? '';\n const authorities = config.basic.user?.authorities ?? [];\n const manager: AuthenticationManager = async (auth) => {\n const principal = auth['principal'];\n const credentials = auth['credentials'];\n if (principal.toLowerCase() !== username || credentials !== password) {\n throw new BadCredentialsError('Invalid username or password');\n }\n return {type: 'UsernamePassword', authenticated: true, principal, credentials, authorities: [...authorities]} as Authentication;\n }\n\n const defaultSuccessHandlers: ServerAuthenticationSuccessHandler[] = [\n async ({exchange: _, next}, _authentication) => {\n return next();\n }\n ];\n\n\n const filter = httpBasic({\n storage: context.storage,\n manager,\n defaultEntryPoints: this.#defaultEntryPoints,\n defaultSuccessHandlers,\n });\n filter[filterOrderSymbol] = filterOrder.http_basic;\n middleware.push(filter);\n }\n if (config.jwt !== undefined && config.jwt.disabled !== true) {\n\n const verifier = jwtVerifier({\n issuerBaseUri: config.jwt.issuerUri,\n issuer: config.jwt.issuer,\n audience: config.jwt.audience\n });\n const decoder = async (token: string): Promise<Jwt> => {\n try {\n const {payload} = await verifier(token);\n return {\n subject: payload.sub,\n getClaimAsString(claim: string): string | undefined {\n return payload[claim] as string | undefined;\n }\n };\n } catch (e) {\n if (e instanceof JwtVerifyError) {\n throw new BadJwtError(e.message, {cause: e});\n }\n throw new JwtError(\"error occurred while attempting to decoding jwt\", {cause: e});\n }\n }\n\n\n const authenticationConverter = serverBearerTokenAuthenticationConverter({uriQueryParameter: true});\n const authenticationConverterMatcher: ServerWebExchangeMatcher = async (exchange) => {\n try {\n const a = await authenticationConverter(exchange)\n if (a === undefined) {\n return NO_MATCH;\n }\n return match();\n }\n catch (e) {\n return NO_MATCH;\n }\n }\n\n const entryPoint = bearerTokenServerAuthenticationEntryPoint({});\n\n this.#defaultEntryPoints.push([authenticationConverterMatcher, entryPoint]);\n\n const filter = resourceServer({\n storage: context.storage,\n entryPoint: entryPoint,\n converter: authenticationConverter,\n jwt: {decoder}});\n filter[filterOrderSymbol] = filterOrder.authentication;\n middleware.push(filter);\n\n }\n const exchangeF = exchangeFilter({storage: context.storage});\n middleware.push(exchangeF);\n exchangeF[filterOrderSymbol] = filterOrder.security_context_server_web_exchange;\n\n\n if (config.authorize !== undefined) {\n const errorFf = errorFilter({authenticationEntryPoint: this.authenticationEntryPoint});\n errorFf[filterOrderSymbol] = filterOrder.error_translation;\n middleware.push(errorFf)\n const buildAuthorizationManager = (authorize: HttpSecurityConfig['authorize']) => {\n const mappings: ServerWebExchangeMatcherEntry<DefaultAuthorizationManager<{\n exchange: ServerWebExchange\n }>>[] = [];\n let anyExchangeRegistered = false;\n for (const [matcher, access] of authorize ?? []) {\n let serverMatcher: ServerWebExchangeMatcher;\n if (matcher === 'any-exchange') {\n anyExchangeRegistered = true;\n serverMatcher = anyExchange;\n } else if (anyExchangeRegistered) {\n throw new Error(\"Cannot register other matchers after 'any-exchange' matcher\");\n } else {\n serverMatcher = matcher;\n }\n let manager: DefaultAuthorizationManager<{ exchange: ServerWebExchange }>;\n if (access.access === 'permitted') {\n manager = new DefaultAuthorizationManager(async () => new AuthorizationDecision(true));\n manager.toString = () => 'AuthorizationManager[permitted]';\n } else if (access.access === 'denied') {\n manager = new DefaultAuthorizationManager(async () => new AuthorizationDecision(false));\n manager.toString = () => 'AuthorizationManager[denied]';\n } else if (access.access === 'authenticated') {\n manager = new DefaultAuthorizationManager(async (p: Promise<Authentication | undefined>) => {\n const authentication = await p;\n if (authentication !== undefined) {\n return new AuthorizationDecision(authentication.authenticated);\n }\n return new AuthorizationDecision(false);\n });\n manager.toString = () => 'AuthorizationManager[authenticated]';\n } else {\n throw new Error(`Unknown access type: ${JSON.stringify(access)}`);\n }\n mappings.push([serverMatcher, manager]);\n }\n return delegatingAuthorizationManager({mappings});\n }\n const manager = buildAuthorizationManager(config.authorize);\n const filter = authorizationFilter({manager, storage: context.storage});\n filter[filterOrderSymbol] = filterOrder.authorization;\n middleware.push(filter);\n\n }\n\n middleware.sort((a, b) => {\n const aOrder = a[filterOrderSymbol] ?? filterOrder.last;\n const bOrder = b[filterOrderSymbol] ?? filterOrder.last;\n return aOrder - bOrder;\n });\n }\n }\n\n\n const security = new ServerHttpSecurity();\n security.build();\n\n\n return middleware;\n};\n", "import {\n type Authentication,\n AccessDeniedError,\n AuthenticationError,\n InsufficientAuthenticationError,\n type ServerAuthenticationEntryPoint,\n isAuthentication\n} from './types.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {ServerWebExchange} from '../../../types/web/server';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nasync function commenceAuthentication(exchange: ServerWebExchange, authentication: Authentication | undefined, entryPoint: ServerAuthenticationEntryPoint) {\n const cause = new InsufficientAuthenticationError(`Full authentication is required to access this resource.`);\n const e: AuthenticationError = new AuthenticationError(\"Access Denied\", {cause});\n if (authentication) {\n e.authentication = authentication;\n }\n await entryPoint(exchange, e);\n}\nexport function httpStatusAccessDeniedHandler(httpStatus: HttpStatus) {\n return async (exchange: ServerWebExchange, _error: AccessDeniedError) => {\n exchange.response.setStatusCode(httpStatus);\n exchange.response.headers.set(\"Content-Type\", \"text/plain; charset=utf-8\");\n const buffer = Buffer.from(\"Access Denied\", \"utf-8\");\n exchange.response.headers.set('Content-Length', buffer.length);\n await exchange.response.body(buffer);\n };\n}\n\nexport const errorFilter = (opts: {\n authenticationEntryPoint?: ServerAuthenticationEntryPoint\n}) => {\n const accessDeniedHandler = httpStatusAccessDeniedHandler(HttpStatus.FORBIDDEN);\n const authenticationEntryPoint = opts.authenticationEntryPoint ?? httpBasicEntryPoint();\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n try {\n await next();\n } catch (error) {\n if (error instanceof AccessDeniedError) {\n const principal = await exchange.principal();\n if (!isAuthentication(principal)) {\n await commenceAuthentication(exchange, undefined, authenticationEntryPoint);\n }\n else {\n if (!principal.authenticated) {\n await accessDeniedHandler(exchange, error);\n }\n await commenceAuthentication(exchange, principal, authenticationEntryPoint);\n }\n return;\n }\n throw error;\n }\n };\n}\n", "import type {ServerWebExchangeMatcherEntry} from '../util/matchers.js';\nimport {type Authentication, AuthorizationDecision, type AuthorizationManager, DefaultAuthorizationManager} from './types.js';\nimport getLogger from '../../logger.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nconst logger = getLogger('security.auth');\n\nexport default function delegatingAuthorizationManager(opts: {mappings: Array<ServerWebExchangeMatcherEntry<AuthorizationManager<{ exchange: ServerWebExchange }>>>}) {\n const check = async (authentication: Promise<Authentication | undefined>, exchange: ServerWebExchange): Promise<AuthorizationDecision> => {\n let decision: AuthorizationDecision;\n for (const [matcher, manager] of opts.mappings) {\n if ((await matcher(exchange))?.match) {\n logger.debug(`checking authorization on '${exchange.request.path}' using [${matcher}, ${manager}]`);\n const checkResult = await manager.authorize(authentication, {exchange});\n if (checkResult !== undefined) {\n decision = checkResult;\n break;\n }\n }\n }\n decision ??= new AuthorizationDecision(false);\n return decision;\n\n }\n return new DefaultAuthorizationManager(check);\n}\n", "import {AccessDeniedError, type AuthorizationManager} from './types.js';\nimport {AsyncStorageSecurityContextHolder, type SecurityContext} from './security-context.js';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nimport getLogger from '../../logger.js';\n\nconst logger = getLogger('security.auth');\n\nexport default function authorizationFilter(opts: {\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>,\n manager: AuthorizationManager<ServerWebExchange>\n}) {\n const {manager, storage} = opts;\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n const promise = AsyncStorageSecurityContextHolder.getContext(storage)\n .then(c => c?.authentication);\n try {\n await manager.verify(promise, exchange);\n if (logger.enabledFor('debug')) {\n logger.debug('authorization successful')\n }\n } catch (error) {\n if (error instanceof AccessDeniedError) {\n if (logger.enabledFor('debug')) {\n logger.debug(`authorization failed: ${error.message}`);\n }\n }\n throw error;\n }\n await next();\n };\n}\n", "import {AsyncStorageSecurityContextHolder, SecurityContext} from './security-context.js';\nimport {ServerWebExchangeDecorator} from '../exchange.js';\nimport {ServerWebExchange} from '../../../types/web/server';\nimport {Principal} from '../../../types/auth';\nimport {AsyncLocalStorage} from \"node:async_hooks\";\n\n\nexport class SecurityContextServerWebExchange extends ServerWebExchangeDecorator {\n readonly #context: () => Promise<SecurityContext | undefined>;\n constructor(exchange: ServerWebExchange, context: () => Promise<SecurityContext | undefined>) {\n super(exchange);\n this.#context = context;\n }\n\n async principal<T extends Principal>(): Promise<T | undefined> {\n const context = await this.#context();\n return context?.authentication as (T | undefined);\n }\n}\n\nexport const exchangeFilter = (opts: {storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>}) => {\n const storage = opts.storage;\n return async (exchange: ServerWebExchange, next: (exchange: ServerWebExchange) => Promise<void>) => {\n await next(new SecurityContextServerWebExchange(exchange, async () => await AsyncStorageSecurityContextHolder.getContext(storage)));\n }\n}\n", "import {createCorsConfigSource} from './cors.js';\nimport type {RouteConfig} from './route.js';\nimport security, {HttpSecurityConfig} from '../server/security/config.js';\nimport {and, pattern, type ServerWebExchangeMatcher, upgradeMatcher} from '../server/util/matchers.js';\nimport type {CorsConfigSource} from '../server/cors.js';\nimport type {Middleware} from '../server/types.js';\nimport type {AuthorizationRule} from '../../types/auth';\n\nexport function createSecurityConfig(context: RouteConfig): HttpSecurityConfig {\n const authorize: HttpSecurityConfig['authorize'] = [];\n const defaultAccess: AuthorizationRule = {access: context.authConfig?.type !== 'none' ? 'authenticated' : 'permitted'};\n\n for (const [path, route] of context.sockets) {\n const rule = route.authorize ?? defaultAccess;\n let matcher: ServerWebExchangeMatcher = pattern(path, {method: 'GET'});\n matcher = and([upgradeMatcher, matcher]);\n authorize.push([matcher, rule]);\n }\n authorize.push([pattern('/', {method: 'GET'}), {access: 'permitted'}]);\n authorize.push([pattern('/favicon.ico', {method: 'GET'}), {access: 'permitted'}]);\n authorize.push([pattern('/health', {method: 'GET'}), {access: 'permitted'}]);\n if (context.authorize.length > 0) {\n authorize.push(...context.authorize);\n }\n\n authorize.push(['any-exchange', defaultAccess]); // default rule for all other exchanges\n return {\n authorize,\n cors: {\n disabled: context.corsConfig === false,\n },\n basic: {\n disabled: context.authConfig?.type !== 'basic',\n ...context.authConfig?.basic,\n },\n jwt: {\n disabled: context.authConfig?.type !== 'oauth2',\n ...context.authConfig?.oauth2?.jwt\n }\n }\n}\n\nexport async function httpSecurity(context: RouteConfig): Promise<Middleware> {\n const corsConfigSource: CorsConfigSource = createCorsConfigSource(context);\n const config = createSecurityConfig(context);\n const {storage} = context;\n return security(config, {storage, corsConfigSource})\n}\n", "import type { HttpHandler, WebHandler } from './types';\nimport { DefaultWebExchange, ServerHttpResponseDecorator } from './exchange.ts';\nimport { AsyncLocalStorage } from 'node:async_hooks';\nimport type { Logger } from '@interopio/gateway/logging/api';\nimport type { HttpHeaders } from '../../types/web/http';\nimport type {\n ServerHttpRequest,\n ServerHttpResponse,\n ServerWebExchange\n} from '../../types/web/server';\nimport getLogger from '../logger.ts';\nimport { HttpStatus } from '../http/status.ts';\n\nexport class HttpHeadResponseDecorator extends ServerHttpResponseDecorator {\n\n}\n\nclass HandlerAdapter {\n\n readonly #logger: Logger\n #enableLoggingRequestDetails: boolean = false;\n readonly #delegate: WebHandler;\n #storage?: AsyncLocalStorage<{ exchange: ServerWebExchange }>;\n\n constructor(logger: Logger, delegate: WebHandler) {\n this.#logger = logger;\n this.#delegate = delegate;\n }\n\n protected createExchange(request: ServerHttpRequest, response: ServerHttpResponse): ServerWebExchange {\n\n const exchange = new DefaultWebExchange(request, response);\n return exchange;\n }\n\n set storage(storage: AsyncLocalStorage<{ exchange: ServerWebExchange }>) {\n this.#storage = storage;\n }\n\n set enableLoggingRequestDetails(value: boolean) {\n this.#enableLoggingRequestDetails = value;\n }\n\n formatHeaders(headers: HttpHeaders): string {\n let result = '{';\n\n for (const key of headers.keys()) {\n if (!this.#enableLoggingRequestDetails) {\n result += 'masked, ';\n break;\n } else {\n const value = headers.get(key);\n result += `\"${key}\": \"${value}\", `;\n }\n }\n if (result.endsWith(', ')) {\n result = result.slice(0, -2);\n }\n result += '}';\n return result;\n\n }\n\n formatRequest(request: ServerHttpRequest): string {\n const query = request.URL.search;\n return `HTTP ${request.method} \"${request.path}${query}`;\n }\n\n logRequest(exchange: ServerWebExchange) {\n if (this.#logger.enabledFor('debug')) {\n const trace = this.#logger.enabledFor('trace');\n this.#logger.debug(`${exchange.logPrefix}${this.formatRequest(exchange.request)}${trace ? `, headers: ${this.formatHeaders(exchange.request.headers)}` : ''}\"`);\n\n }\n }\n\n logResponse(exchange: ServerWebExchange) {\n if (this.#logger.enabledFor('debug')) {\n const trace = this.#logger.enabledFor('trace');\n const status = exchange.response.statusCode;\n this.#logger.debug(`${exchange.logPrefix}Completed ${status ?? '200 OK'}${trace ? `, headers: ${this.formatHeaders(exchange.response.headers)}` : ''}\"`);\n }\n }\n\n handleUnresolvedError(exchange: ServerWebExchange, error: Error) {\n const {request, response, logPrefix} = exchange;\n\n if (response.setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR)) {\n this.#logger.error(`${logPrefix}500 Server Error for ${this.formatRequest(request)}`, error);\n return;\n }\n // todo if client disconnected, we should not log an error\n\n this.#logger.error(`${logPrefix}Error [${error.message} for ${this.formatRequest(request)}, but already ended (${response.statusCode})`, error);\n throw error;\n\n }\n\n async web(exchange: ServerWebExchange): Promise<void> {\n return await this.#delegate(exchange);\n }\n\n async http(request: ServerHttpRequest, response: ServerHttpResponse): Promise<void> {\n\n const exchange = this.createExchange(request, response);\n const callback = () => {\n this.logRequest(exchange);\n return this.web(exchange)\n .then(() => {\n this.logResponse(exchange);\n })\n .catch((error: Error) => {\n this.handleUnresolvedError(exchange, error)\n })\n .then(async () => {\n await exchange.response.end();\n });\n };\n\n await new Promise<void>((resolve, reject) => {\n if (this.#storage !== undefined) {\n this.#storage.run({exchange}, () => {\n callback().then(() => resolve()).catch((error) => reject(error));\n });\n } else {\n callback().then(() => resolve()).catch((error) => reject(error));\n }\n });\n }\n}\n\nexport class WebHttpHandlerBuilder {\n readonly #webHandler: WebHandler;\n #storage?: AsyncLocalStorage<{ exchange: ServerWebExchange }> = new AsyncLocalStorage();\n #handlerDecorator?: (handler: HttpHandler) => HttpHandler;\n\n storage(storage: AsyncLocalStorage<{ exchange: ServerWebExchange }>): this {\n this.#storage = storage;\n return this;\n }\n\n httpHandlerDecorator(decorator: (handler: HttpHandler) => HttpHandler): this {\n if (this.#handlerDecorator === undefined) {\n this.#handlerDecorator = decorator;\n } else {\n const previousDecorator = this.#handlerDecorator;\n this.#handlerDecorator = (handler: HttpHandler) => {\n handler = previousDecorator(handler);\n return decorator(handler);\n }\n }\n return this;\n }\n\n constructor(webHandler: WebHandler) {\n this.#webHandler = webHandler;\n }\n\n build(): HttpHandler {\n const logger = getLogger('http');\n\n const adapter = new HandlerAdapter(logger, this.#webHandler);\n if (this.#storage !== undefined) adapter.storage = this.#storage;\n adapter.enableLoggingRequestDetails = false;\n const adapted: HttpHandler = async (request, response) => adapter.http(request, response);\n\n\n return this.#handlerDecorator ? this.#handlerDecorator(adapted) : adapted;\n }\n}\n", "import type { AsyncLocalStorage } from \"node:async_hooks\";\nimport { WebSocketServer } from 'ws';\nimport type { ServerHttpResponse, ServerWebExchange } from '../../types/web/server';\nimport { HttpStatus } from '../http/status.ts';\nimport getLogger, { regexAwareReplacer } from '../logger.ts';\nimport {\n ExtendedHttpIncomingMessage,\n ExtendedHttpServerResponse,\n ServerHttpRequestDecorator,\n ServerHttpResponseDecorator\n} from './exchange.ts';\nimport { createHandshakeInfo, type SocketRoute } from './socket.ts';\nimport { acceptsOrigin } from './ws-client-verify.ts';\nimport { ExtendedWebSocket, PingManager } from './ws-pings.ts';\n\nconst logger = getLogger('ws');\n\nfunction upgradeStrategy(path: string, route: SocketRoute, wss: WebSocketServer, onSocketError: (err: Error) => void) {\n return (exchange: ServerWebExchange) => {\n\n const { logPrefix, request } = exchange;\n const req = ServerHttpRequestDecorator.getNativeRequest<ExtendedHttpIncomingMessage>(request);\n req.exchange = exchange;\n const { socket, upgradeHead } = req;\n\n const host = request.host;\n socket.removeListener('error', onSocketError);\n if (route.maxConnections !== undefined && wss.clients?.size >= route.maxConnections) {\n logger.warn(`${logPrefix}dropping ws connection request on ${host}${path}. max connections exceeded.`);\n socket.destroy();\n return;\n }\n\n const origin = request.headers.one('origin');\n if (!acceptsOrigin(origin, route.originFilters)) {\n if (logger.enabledFor('info')) {\n logger.info(`${logPrefix}dropping ws connection request on ${host}${path}. origin ${origin ?? '<missing>'}`);\n }\n socket.destroy();\n return;\n }\n if (logger.enabledFor('debug')) {\n logger.debug(`${logPrefix}accepted new ws connection request on ${host}${path}`);\n }\n\n wss.handleUpgrade(req, socket, upgradeHead!, (client, req) => {\n wss.emit('connection', client, req);\n });\n }\n}\n\nfunction applyHandshakeHeaders(headers: string[], response: ServerHttpResponse) {\n const seen = new Set<string>(); // track headers we've taken care of\n headers.forEach((header, index) => {\n if (index === 0 && header.startsWith('HTTP/1.1 101 ')) {\n response.setStatusCode(HttpStatus.SWITCHING_PROTOCOLS);\n return;\n }\n const [name, value] = header.split(': ');\n if (response.headers.has(name)) {\n headers[index] = `${name}: ${response.headers.one(name)}`;\n }\n else {\n response.headers.set(name, value);\n }\n seen.add(name.toLowerCase());\n });\n const nativeResponse = ServerHttpResponseDecorator.getNativeResponse<ExtendedHttpServerResponse>(response);\n for (const name of nativeResponse.getRawHeaderNames()) {\n // if we have already set this header, skip it\n const nameLowerCase = name.toLowerCase();\n if (!seen.has(nameLowerCase)) {\n const value = response.headers.get(nameLowerCase);\n if (value !== undefined) {\n headers.push(`${name}: ${value}`);\n }\n }\n }\n nativeResponse.markHeadersSent();\n}\n\nexport async function initRoute(path: string,\n route: SocketRoute,\n endpoint: string,\n storage: AsyncLocalStorage<{ securityContext? }>,\n onSocketError: (err: Error) => void): Promise<void> {\n try {\n logger.info(`creating ws server for [${path}]. max connections: ${route.maxConnections ?? '<unlimited>'}, origin filters: ${route.originFilters ? JSON.stringify(route.originFilters, regexAwareReplacer) : '<none>'}, ping: ${typeof route.ping === 'number' ? route.ping + 'ms' : route.ping ? JSON.stringify(route.ping) : '<none>'}`);\n const wss = new WebSocketServer<typeof ExtendedWebSocket, typeof ExtendedHttpIncomingMessage>({\n noServer: true,\n WebSocket: ExtendedWebSocket,\n autoPong: false\n });\n\n const pings = new PingManager(logger.child('pings'), () => [path, wss.clients], route.ping);\n\n const handler = await route.factory({ endpoint, storage });\n wss\n .on('error', (err: Error) => {\n logger.error(`error starting the ws server for [${path}]`, err);\n })\n .on('listening', () => {\n logger.info(`ws server for [${path}] is listening`);\n })\n .on('headers', (headers, request) => {\n if (request.exchange !== undefined) {\n const { response } = request.exchange;\n applyHandshakeHeaders(headers, response);\n }\n })\n .on('connection', (socket, request) => {\n\n const handshake = createHandshakeInfo(request, socket.protocol);\n\n socket.on('pong', (data) => {\n pings.handlePong(handshake, socket, data);\n });\n socket.on('ping', (data: Buffer) => {\n pings.handlePing(handshake, socket, data);\n });\n handler({ socket, handshake });\n });\n wss.on('close', () => {\n pings.close();\n });\n\n route.upgradeStrategy = upgradeStrategy(path, route, wss, onSocketError);\n route.close = async () => {\n await handler.close?.call(handler);\n logger.info(`stopping ws server for [${path}]. clients: ${wss.clients?.size ?? 0}`);\n wss.clients?.forEach(client => {\n client.terminate();\n });\n wss.close();\n }\n }\n catch (e) {\n logger.warn(`failed to init route ${path}`, e);\n }\n\n}\n", "import {type ExtendedHttpIncomingMessage, HttpServerRequest} from './exchange.js';\nimport {MapHttpHeaders} from '../http/exchange.js';\nimport type {AuthorizationRule, Principal} from '../../types/auth';\nimport type {WebSocketHandshakeInfo} from '../../types/web/socket';\nimport type {Middleware} from './types.js';\nimport type {ServerWebExchange, ServerWebSocketHandler} from '../../types/web/server';\nimport {upgradeMatcher} from './util/matchers.ts';\nimport {ProcessedOriginFilters} from './ws-client-verify.js';\nimport {HttpStatus} from '../http/status.js';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\n\nexport function createHandshakeInfo(req: ExtendedHttpIncomingMessage, protocol?: string): WebSocketHandshakeInfo {\n const exchange = req?.exchange;\n const request = exchange?.request ?? new HttpServerRequest(req);\n const principalPromiseProvider = exchange?.principal;\n const principal = principalPromiseProvider ? principalPromiseProvider.bind(exchange) : async function principal<P extends Principal> (): Promise<P | undefined> { return undefined; };\n const url = request.URL;\n const headers = new MapHttpHeaders();\n for (const key of request.headers.keys()) {\n headers.set(key, request.headers.list(key));\n }\n const cookies = request.cookies;\n const logPrefix = exchange?.logPrefix ?? `[${request.id}] `;\n const remoteAddress = request.remoteAddress;\n const handshake: WebSocketHandshakeInfo = {\n url,\n headers,\n cookies,\n principal,\n protocol,\n remoteAddress,\n logPrefix,\n };\n return handshake;\n}\n\nexport function webSockets(context: { sockets: Map<string, SocketRoute> }): Middleware {\n // websocket upgrade handler\n const sockets = async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n const request = exchange.request;\n const path = request.path ?? '/';\n\n const routes = context.sockets;\n const route = (routes.get(path) ?? Array.from(routes.values()).find(route => {\n if (path === '/' && route.default === true) {\n return true;\n }\n }));\n\n if (route !== undefined) {\n const {request, response} = exchange;\n const upgradeMatchResult = await upgradeMatcher(exchange);\n if ((request.method === 'GET' || request.method === 'CONNECT') && upgradeMatchResult.match) {\n if (route.upgradeStrategy !== undefined) {\n route.upgradeStrategy(exchange);\n return;\n }\n else {\n throw new Error(`No upgrade strategy defined for route on ${path}`);\n }\n\n } else {\n if (route.default) {\n // allow default route to pass through\n await next();\n return;\n }\n\n response.setStatusCode(HttpStatus.UPGRADE_REQUIRED);\n response.headers\n .set('Upgrade', 'websocket')\n .set('Connection', 'Upgrade')\n .set('Content-Type', 'text/plain');\n\n const buffer = Buffer.from(`This service [${request.path}] requires use of the websocket protocol.`, 'utf-8');\n await response.body(buffer);\n }\n } else {\n await next();\n }\n };\n return [sockets];\n}\n\nexport type SocketRoute = {\n readonly default?: boolean,\n readonly ping?: number | {interval: number, data?: 'timestamp' | 'empty'},\n readonly maxConnections?: number\n readonly authorize?: AuthorizationRule,\n readonly originFilters?: ProcessedOriginFilters\n readonly factory: (server: { endpoint: string, storage?: AsyncLocalStorage<{ exchange?, securityContext? }> }) => Promise<ServerWebSocketHandler>,\n // set later in listening\n upgradeStrategy?: (exchange: ServerWebExchange) => void,\n close?: () => Promise<void>\n}\n", "import type { Logger } from '../logger.ts';\nimport { WebSocket } from 'ws';\nimport type { WebSocketHandshakeInfo } from '../../types/web/socket';\n\nexport class ExtendedWebSocket extends WebSocket {\n constructor(_first: unknown, _second?: unknown, options?: unknown) {\n /* eslint-disable @typescript-eslint/no-explicit-any */\n super(null as unknown as any, undefined, options as any);\n }\n\n connected?: boolean;\n}\n\nexport type PingConfig = { interval: number, data?: 'timestamp' | 'empty' };\n\nexport class PingManager {\n static readonly #EMPTY_BUFFER = Buffer.alloc(0);\n static #LAST_TIMESTAMP_BUFFER: [number, Buffer] = [0, Buffer.alloc(8)];\n\n readonly #pingData: () => Buffer;\n readonly #pingInterval: number | undefined;\n readonly #pingIntervalId?: ReturnType<typeof setInterval>;\n readonly #mask = false;\n readonly #logger: Logger;\n\n constructor(logger: Logger, supplier: () => [string, Set<ExtendedWebSocket>], ping?: number | PingConfig) {\n this.#logger = logger;\n this.#pingInterval = typeof ping === 'number' ? ping : ping?.interval;\n this.#pingData =\n typeof ping === 'number' || ping?.data === 'timestamp'\n ? () => PingManager.#createBufferFromTimestamp(Date.now())\n : () => PingManager.#EMPTY_BUFFER;\n\n if (this.#pingInterval) {\n this.#pingIntervalId = setInterval(() => {\n const [path, clients] = supplier();\n for (const client of clients) {\n if (this.#terminateIfDisconnected(client, path)) {\n continue;\n }\n this.#markAndSendPing(client, path);\n }\n }, this.#pingInterval);\n\n }\n }\n\n #terminateIfDisconnected(client: ExtendedWebSocket, path: string) {\n if (client.connected === false) {\n if (this.#logger.enabledFor('debug')) {\n this.#logger.debug(`terminating unresponsive ws client on [${path}]`);\n }\n client.terminate();\n return true;\n }\n return false;\n }\n\n #markAndSendPing(client: ExtendedWebSocket, path: string) {\n client.connected = false;\n const data = this.#pingData();\n if (this.#logger.enabledFor('trace')) {\n this.#logger.debug(`pinging ws client on [${path}]`);\n }\n client.ping(data, this.#mask, (err: Error) => {\n if (err && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`failed to ping ws client on [${path}]`, err);\n }\n });\n }\n\n static #createBufferFromTimestamp(now = Date.now()): Buffer {\n if (now - PingManager.#LAST_TIMESTAMP_BUFFER[0] > 0) {\n const buffer = Buffer.allocUnsafe(8);\n buffer.writeBigInt64BE(BigInt(now), 0);\n PingManager.#LAST_TIMESTAMP_BUFFER = [now, buffer];\n }\n return PingManager.#LAST_TIMESTAMP_BUFFER[1];\n }\n\n static #createTimestampFromBuffer(data: Buffer): number {\n if (data.length === 8) {\n return Number(data.readBigInt64BE(0));\n }\n return 0;\n }\n\n close() {\n clearInterval(this.#pingIntervalId);\n }\n\n handlePing(handshake: WebSocketHandshakeInfo, socket: ExtendedWebSocket, data: Buffer): void {\n socket.connected = true;\n socket.pong(data, false, (err: Error) => {\n if (err && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`${handshake.logPrefix}failed to pong ws client [${handshake.remoteAddress?.address}:${handshake.remoteAddress?.port}]`, err);\n }\n });\n }\n\n handlePong(handshake: WebSocketHandshakeInfo, socket: ExtendedWebSocket, data: Buffer): void {\n socket.connected = true;\n if (this.#logger.enabledFor('warn')) {\n const sent = PingManager.#createTimestampFromBuffer(data);\n if (sent > 0) {\n const latency = Date.now() - sent;\n if (this.#logger.enabledFor('debug')) {\n this.#logger.debug(`${handshake.logPrefix}ws client [${handshake.remoteAddress?.address}:${handshake.remoteAddress?.port}] ping-pong latency: ${latency}ms`);\n }\n if (this.#pingInterval && latency > this.#pingInterval / 2 && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`${handshake.logPrefix}ws client [${handshake.remoteAddress?.address}:${handshake.remoteAddress?.port}] high ping-pong latency: ${latency}ms`);\n }\n }\n }\n }\n}\n"],
5
- "mappings": "8kBAAA,IAAAA,GAAA,GAAAC,GAAAD,GAAA,mBAAAE,GAAA,YAAAC,KAAA,eAAAC,GAAAJ,ICAA,IAAAK,GAAA,GAAAC,GAAAD,GAAA,aAAAE,KAAA,IAAAC,GAAiB,0BACjBC,GAAkB,2BAGlBC,GAA2B,mBAC3BC,GAAgC,4BAChCC,GAAwB,8BCNxB,IAAAC,GAAgC,gDAIjB,SAARC,EAA2BC,EAAsB,CACpD,OAAsB,aAAU,kBAAkBA,CAAI,EAAE,CAC5D,CAGO,SAASC,GAAsBC,EAAcC,EAAsB,CACtE,OAAOA,aAAiB,OAASA,EAAM,SAAS,EAAIA,CACxD,CCRA,IAAAC,GAAwB,8BAKxBC,GAAgC,4BAHzBC,GAAkB,aAAU,SAK7BC,EAAMC,EAAU,IAAI,EACpBC,GAAQH,GAAgB,KAAwB,EAEtD,SAASI,GAAcC,EAAoD,CACvE,IAAIC,EACJ,GAAID,EAAe,gBACfC,EAAOD,EAAe,KAClBC,IAAS,QACLD,EAAe,YAAiB,QAAW,CAC3C,IAAME,EAAYF,EAAe,UAC7B,OAAOE,GAAc,WACrBD,EAAOC,EAAU,MAEjBD,IAAS,SACLC,IAAc,OACdD,EAAO,GAGPA,EAAO,OAAOC,CAAS,EAGnC,CAGR,OAAOD,CACX,CAEA,SAASE,GACWC,EACAC,EACAC,EAC2B,CAC3C,IAAMC,EAAM,GAAGD,GAAe,OAAO,IAAIA,GAAe,IAAI,GACtDE,EAAOF,GAAe,SAAW,YACjCG,EAAO,CACT,IAAAF,EACA,KAAAC,EACA,MAAAV,GACA,eAAgB,SAA2D,CACvE,IAAME,EAAkB,MAAMK,EAAsB,EACpD,GAAIL,GAAgB,cAChB,MAAO,CAAC,KAAM,UAAW,KAAMD,GAAcC,CAAc,CAAC,EAEhE,MAAM,IAAI,MAAM,kCAAkCO,CAAG,EAAE,CAC3D,EACA,OAAQ,IAAM,CACVH,EAAO,KAAMM,GAAgB,CACrBA,EACAd,EAAI,KAAK,kBAAkBW,CAAG,GAAIG,CAAG,EAGrCd,EAAI,KAAK,gBAAgBW,CAAG,EAAE,CAEtC,CAAC,CACL,EACA,aAAeI,GAAoC,CAC/C,OAAQA,EAAQ,CACZ,IAAK,WAAY,CACbf,EAAI,KAAK,qCAAqCW,CAAG,kBAAkB,EACnEH,EAAO,MAAM,KAAM,eAAe,EAClC,KACJ,CACA,IAAK,WAAY,CACbA,EAAO,MAAM,KAAM,UAAU,EAC7B,KACJ,CACJ,CACJ,CACJ,EACA,GAAI,CACA,OAAO,KAAK,OAAQQ,GAASR,EAAO,KAAKQ,CAAI,EAAGH,CAA8C,CAClG,OAASC,EAAK,CACVd,EAAI,KAAK,GAAGW,CAAG,2BAA4BG,CAAG,CAClD,CACJ,CAEA,eAAeG,GAAgCC,EAGX,CAChC,OAAAlB,EAAI,KAAK,uBAAuBkB,EAAY,QAAQ,EAAE,EACtD,MAAM,KAAK,MAAMA,CAAW,EAGrB,MAAO,CAAC,OAAAV,EAAQ,UAAAW,CAAS,IAAM,CAClC,GAAM,CAAC,UAAAC,EAAW,cAAAV,EAAe,UAAWW,CAAgB,EAAIF,EAChEnB,EAAI,KAAK,GAAGoB,CAAS,yBAAyBV,GAAe,OAAO,EAAE,EACtE,IAAMY,EAASf,GAAW,KAAK,KAAMC,EAAQa,EAAkBX,CAAa,EAC5E,GAAI,CAACY,EAAQ,CACTtB,EAAI,MAAM,GAAGoB,CAAS,uBAAuB,EAC7CZ,EAAO,UAAU,EACjB,MACJ,CACAA,EAAO,GAAG,QAAUM,GAAe,CAC/Bd,EAAI,MAAM,GAAGoB,CAAS,oBAAoBN,CAAG,GAAIA,CAAG,CACxD,CAAC,EAED,IAAMS,EAAYL,EAAY,UAAY,OAAY,qBAAkB,SAAS,EAAI,OACrFV,EAAO,GAAG,UAAW,CAACQ,EAAMQ,IAAc,CAClC,MAAM,QAAQR,CAAI,IAClBA,EAAO,OAAO,OAAOA,CAAI,GAGzBO,IAAc,OACdA,EAAU,IAAMD,EAAO,KAAKN,CAAyB,CAAC,EAGtDM,EAAO,KAAKN,CAAyB,CAG7C,CAAC,EACDR,EAAO,GAAG,QAAUiB,GAAS,CACzBzB,EAAI,KAAK,GAAGoB,CAAS,+BAA+BK,CAAI,EAAE,EAC1DH,EAAO,MAAM,CACjB,CAAC,CACL,CACJ,CAEA,IAAOI,GAAQT,GCxHR,SAASU,MAAcC,EAAgE,CAC1F,GAAI,CAAC,MAAM,QAAQA,CAAU,EACzB,MAAM,IAAI,MAAM,2BAA2B,EAE/C,IAAMC,EAAMD,EAAW,KAAK,EAC5B,QAAWE,KAAMD,EACb,GAAI,OAAOC,GAAO,WACd,MAAM,IAAI,MAAM,0CAA0C,EAGlE,OAAO,eAAgBC,EAAQC,EAAmC,CAC9D,IAAMC,EAAW,MAAOC,EAAWC,IAAoC,CACnE,IAAML,EAAKI,IAAML,EAAI,OAASG,EAAOH,EAAIK,CAAC,EAC1C,GAAIJ,IAAO,OACP,OAEJ,IAAIM,EAAa,GACbC,EAAe,GAabC,EAAS,MAAMR,EAAGK,EAZT,MAAOI,GAAgB,CAClC,GAAIH,EACA,MAAM,IAAI,MAAM,8BAA8B,EAElDA,EAAa,GACb,GAAI,CACA,OAAO,MAAMH,EAASC,EAAI,EAAGK,GAAWJ,CAAa,CACzD,QACA,CACIE,EAAe,EACnB,CACJ,CAC6C,EAC7C,GAAID,GAAc,CAACC,EACf,MAAM,IAAI,MAAM;AAAA,qFAA+H,EAEnJ,OAAOC,CACX,EAEA,OAAOL,EAAS,EAAGF,CAAG,CAC1B,CACJ,CCvCA,IAAAS,GAAuC,oBACvCC,GAAuB,wBAEvB,SAASC,GAAUC,EAAsBC,EAA0C,CAC/E,IAAIC,EAAOF,EAAQ,IAAI,kBAAkB,EAIzC,GAHI,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,EAAM,CACN,IAAMC,EAAOH,EAAQ,IAAI,kBAAkB,EACvCG,IACAD,EAAO,GAAGA,CAAI,IAAIC,CAAI,GAE9B,CAKA,OAJAD,IAASF,EAAQ,IAAI,MAAM,EACvB,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,EACQA,EAAgB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAG3CD,CACX,CAEA,SAASG,GAAeJ,EAA+B,CACnD,IAAMK,EAAIL,EAAQ,IAAI,iBAAiB,EACvC,OAAQ,OAAOK,GAAM,UAAcA,EAAE,YAAY,IAAM,IAC3D,CAEA,SAASC,GAAcN,EAAsBO,EAAiC,CAC1E,IAAIC,EAAQR,EAAQ,IAAI,mBAAmB,EAK3C,OAHI,MAAM,QAAQQ,CAAK,IACnBA,EAAQA,EAAM,CAAC,GAEfA,IAAU,OACFA,EAAiB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAE1CJ,GAAeJ,CAAO,EACpB,QAEJO,CACX,CAEA,SAASE,GAAmBC,EAAUV,EAAsBW,EAAuD,CAC/G,IAAMR,EAAOQ,EAAgBA,EAAc,KAAoBD,EAAI,WAAjB,SAA4B,IAAM,GAEhFR,EAAOF,EAAQ,IAAI,iBAAiB,EAIxC,GAHI,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,IAAS,OACT,OAAAA,EAAQA,EAAgB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EACvC,CAAE,QAASA,EAAM,KAAM,OAAOC,CAAI,EAAG,UAAQ,SAAKD,CAAI,IAAM,EAAI,OAAS,MAAO,CAE/F,CAEO,IAAeU,GAAf,KAA8E,CACxEC,GACC,YAAYb,EAAkB,CACpC,KAAKa,GAAWb,CACpB,CACA,IAAI,SAAmB,CACnB,OAAO,KAAKa,EAChB,CACJ,EAEsBC,GAAf,MAAeC,UAAuEH,EAA6B,CACtH,OAAe,aAAe,EAC9BI,GAEA,IAAI,IAAa,CACb,OAAI,KAAKA,KAAQ,SACb,KAAKA,GAAM,GAAG,KAAK,OAAO,CAAC,IAAI,EAAED,EAAoB,YAAY,IAG9D,KAAKC,EAChB,CAEU,QAAiB,CACvB,MAAO,SACX,CAEA,IAAI,SAAwB,CACxB,OAAOC,GAAa,KAAK,OAAO,CACpC,CAEU,UAAUhB,EAA0C,CAC1D,OAAOF,GAAU,KAAK,QAASE,CAAW,CAC9C,CAEU,cAAcM,EAAiC,CACrD,OAAOD,GAAc,KAAK,QAASC,CAAe,CACtD,CAIU,mBAAmBI,EAA6B,CACtD,OAAOF,GAAmB,KAAK,IAAK,KAAK,QAASE,CAAa,CACnE,CACJ,EAEsBO,GAAf,cAAuFN,EAA6B,CACvH,IAAI,SAA4B,CAC5B,OAAOO,GAAqB,KAAK,OAAO,CAC5C,CAEU,eAAeC,EAAwC,CAW7D,OAVe,IAAI,UAAO,CACtB,IAAKA,EAAe,KACpB,MAAOA,EAAe,MACtB,OAAQA,EAAe,OACvB,OAAQA,EAAe,OACvB,KAAMA,EAAe,KACrB,OAAQA,EAAe,OACvB,SAAUA,EAAe,SACzB,SAAUA,EAAe,QAC7B,CAAC,EACa,SAAS,CAC3B,CAEJ,EAEA,SAASC,GAAYC,EAAyB,CAC1C,IAAMC,EAAiB,CAAC,EACxB,CACI,IAAIC,EAAQ,EACRC,EAAM,EAEV,QAASC,EAAI,EAAGA,EAAIJ,EAAM,OAAQI,IAC9B,OAAQJ,EAAM,WAAWI,CAAC,EAAG,CACzB,IAAK,IACGF,IAAUC,IACVD,EAAQC,EAAMC,EAAI,GAEtB,MACJ,IAAK,IACDH,EAAK,KAAKD,EAAM,MAAME,EAAOC,CAAG,CAAC,EACjCD,EAAQC,EAAMC,EAAI,EAClB,MACJ,QACID,EAAMA,EAAM,EACZ,KACR,CAEJF,EAAK,KAAKD,EAAM,MAAME,EAAOC,CAAG,CAAC,CACrC,CAEA,OAAOF,CACX,CAEA,SAASI,GAAOC,EAAqE,CAC7E,OAAOA,GAAW,WAClBA,EAAS,CAACA,CAAM,GAEhB,OAAOA,GAAW,WAClBA,EAAS,CAAC,OAAOA,CAAM,CAAC,GAE5B,IAAML,EAAiB,CAAC,EACxB,GAAIK,EACA,QAAWN,KAASM,EACZN,GACAC,EAAK,KAAK,GAAGF,GAAYC,CAAK,CAAC,EAI3C,OAAOC,CACX,CAEA,SAASN,GAAajB,EAAoC,CACtD,OAAOA,EAAQ,KAAK,QAAQ,EACvB,IAAI6B,GAAKA,EAAE,MAAM,GAAG,EAAE,IAAKC,GAAO,UAAO,MAAMA,CAAE,CAAC,CAAC,EACnD,KAAK,CAAC,EACN,OAAQC,GAAOA,IAAO,MAAS,EAC/B,IAAKA,GACyB,OAAO,OAAO,CAAC,KAAMA,EAAG,IAAK,MAAOA,EAAG,KAAK,CAAC,CAE3E,CACT,CAIA,SAASZ,GAAqBnB,EAAwC,CAClE,OAAOA,EAAQ,KAAK,YAAY,EAAE,IAAKgC,GAAW,CAC9C,IAAMC,EAAS,UAAO,MAAMD,CAAM,EAClC,GAAIC,EAAQ,CACR,IAAMC,EAAkC,CAAC,KAAMD,EAAO,IAAK,MAAOA,EAAO,MAAO,OAAQ,OAAOA,EAAO,QAAU,EAAE,CAAC,EACnH,OAAIA,EAAO,WAAUC,EAAO,SAAW,IACnCD,EAAO,SAAQC,EAAO,OAASD,EAAO,QACtCA,EAAO,OAAMC,EAAO,KAAOD,EAAO,MAClCA,EAAO,SAAQC,EAAO,OAAS,IAC/BD,EAAO,WAAUC,EAAO,SAAW,IACnCD,EAAO,WAAUC,EAAO,SAAWD,EAAO,UACvC,OAAO,OAAOC,CAAM,CAC/B,CACJ,CAAC,EAAE,OAAQF,GAAqCA,IAAW,MAAS,CACxE,CAGO,IAAeG,GAAf,KAAuF,CAChF,aAAc,CAAC,CAGzB,OAAOC,EAAwB,CAC3B,IAAMR,EAAS,KAAK,IAAIQ,CAAI,EAC5B,OAAOT,GAAOC,CAAM,CACxB,CACJ,EAEaS,EAAN,cAA6B,GAA+D,CAE/F,IAAID,EAAc,CACd,OAAO,MAAM,IAAIA,EAAK,YAAY,CAAC,CACvC,CAEA,IAAIA,EAAkC,CAClC,OAAO,KAAK,IAAIA,CAAI,IAAI,CAAC,CAC7B,CAEA,KAAKA,EAAc,CACf,IAAMR,EAAS,MAAM,IAAIQ,EAAK,YAAY,CAAC,EAC3C,OAAOT,GAAOC,CAAM,CACxB,CAEA,IAAIQ,EAAcd,EAAgE,CAO9E,OANI,OAAOA,GAAU,WACjBA,EAAQ,OAAOA,CAAK,GAEpB,OAAOA,GAAU,WACjBA,EAAQ,CAACA,CAAK,GAEdA,EACO,MAAM,IAAIc,EAAK,YAAY,EAAGd,CAAK,GAG1C,MAAM,OAAOc,EAAK,YAAY,CAAC,EACxB,KAEf,CAEA,IAAIA,EAAcd,EAAqC,CACnD,IAAMgB,EAAO,MAAM,IAAIF,EAAK,YAAY,CAAC,EACzC,OAAI,OAAOd,GAAU,WACjBA,EAAQ,CAACA,CAAK,GAEdgB,IACAhB,EAAQgB,EAAK,OAAOhB,CAAK,GAE7B,KAAK,IAAIc,EAAMd,CAAK,EACb,IACX,CACJ,EClQA,IAAMiB,GAAN,KAAsD,CACzCC,GACT,YAAYC,EAAe,CACvB,KAAKD,GAASC,CAClB,CACA,IAAI,OAAgB,CAChB,OAAO,KAAKD,EAChB,CAEA,UAAmB,CACf,OAAO,KAAKA,GAAO,SAAS,CAChC,CACJ,EAEaE,EAAN,MAAMC,CAAqC,CAC9C,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAI/E,OAAgB,GAAK,IAAIA,EAAW,IAAK,IAAI,EAC7C,OAAgB,QAAU,IAAIA,EAAW,IAAK,SAAS,EACvD,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAiB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EACpG,OAAgB,WAAa,IAAIA,EAAW,IAAK,YAAY,EAC7D,OAAgB,cAAgB,IAAIA,EAAW,IAAK,eAAe,EACnE,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EAEjE,OAAgB,QAAU,IAAIA,EAAW,IAAK,SAAS,EAIvD,OAAgB,iBAAmB,IAAIA,EAAW,IAAK,kBAAkB,EACzE,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAI3E,OAAgB,YAAc,IAAIA,EAAW,IAAK,aAAa,EAC/D,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,mBAAqB,IAAIA,EAAW,IAAK,oBAAoB,EAC7E,OAAgB,eAAiB,IAAIA,EAAW,IAAK,gBAAgB,EACrE,OAAgB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EACnG,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAgB,KAAO,IAAIA,EAAW,IAAK,MAAM,EACjD,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAC/E,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAC3E,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,uBAAyB,IAAIA,EAAW,IAAK,wBAAwB,EAErF,OAAgB,mBAAqB,IAAIA,EAAW,IAAK,oBAAoB,EAC7E,OAAgB,YAAc,IAAIA,EAAW,IAAK,cAAe,EAEjE,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,iBAAmB,IAAIA,EAAW,IAAK,kBAAkB,EACzE,OAAgB,sBAAwB,IAAIA,EAAW,IAAK,uBAAuB,EACnF,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAC3E,OAAgB,gCAAkC,IAAIA,EAAW,IAAK,iCAAiC,EACvG,OAAgB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EAGnG,OAAgB,sBAAwB,IAAIA,EAAW,IAAK,uBAAuB,EACnF,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,YAAc,IAAIA,EAAW,IAAK,aAAa,EAC/D,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAC/E,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,2BAA6B,IAAIA,EAAW,IAAK,4BAA4B,EAC7F,OAAgB,wBAA0B,IAAIA,EAAW,IAAK,yBAAyB,EACvF,OAAgB,qBAAuB,IAAIA,EAAW,IAAK,sBAAsB,EACjF,OAAgB,cAAgB,IAAIA,EAAW,IAAK,eAAe,EACnE,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,gCAAkC,IAAIA,EAAW,IAAK,iCAAiC,EAEvG,MAAgBC,GAAwB,CAAC,EACzC,MAAO,CACH,OAAO,KAAKD,CAAU,EACjB,OAAOE,GAAOA,IAAQ,UAAYA,IAAQ,SAAS,EACnD,QAAQA,GAAO,CACZ,IAAMJ,EAAQE,EAAWE,CAAG,EACxBJ,aAAiBE,IACjB,OAAO,eAAeF,EAAO,OAAQ,CAAC,WAAY,GAAM,MAAOI,EAAK,SAAU,EAAK,CAAC,EACpFF,EAAWC,GAAQ,KAAKH,CAAK,EAErC,CAAC,CAET,CAEA,OAAO,QAAQK,EAAsC,CACjD,QAAWC,KAAUJ,EAAWC,GAC5B,GAAIG,EAAO,QAAUD,EACjB,OAAOC,CAGnB,CAESP,GACAQ,GAED,YAAYP,EAAeQ,EAAgB,CAC/C,KAAKT,GAASC,EACd,KAAKO,GAAUC,CACnB,CAEA,IAAI,OAAgB,CAChB,OAAO,KAAKT,EAChB,CACA,IAAI,QAAiB,CACjB,OAAO,KAAKQ,EAChB,CAEA,UAAW,CACP,MAAO,GAAG,KAAKR,EAAM,IAAI,KAAK,IAAO,EACzC,CACJ,EAGO,SAASU,GAAeT,EAAgD,CAC3E,GAAI,OAAOA,GAAU,SAAU,CAC3B,GAAIA,EAAQ,KAAOA,EAAQ,IACvB,MAAM,IAAI,MAAM,eAAeA,CAAK,6BAA6B,EAErE,IAAMM,EAASL,EAAW,QAAQD,CAAK,EACvC,OAAIM,IAAW,OACJA,EAEJ,IAAIR,GAAsBE,CAAK,CAC1C,CACA,OAAOA,CACX,CChHA,IAAAU,GAAiB,0BAGJC,GAAN,cAA0C,GAAAC,QAAK,eAAgB,CAElE,SAEA,YAGA,IAAI,SAAkB,CAClB,OAAO,KAAK,GAChB,CAEA,IAAI,iBAA2B,CAE3B,OAAO,KAAK,OAAO,YAAiB,EACxC,CACJ,EAEaC,EAAN,cAAoH,GAAAD,QAAK,cAAwB,CAEpJ,iBAAwB,CACpB,KAAK,QAAa,EACtB,CAEA,mBAA8B,CAC1B,OAAO,MAAM,kBAAqB,CACtC,CACJ,EAEeE,GAAf,cAAiDC,EAAyC,CAE1F,EAEsBC,GAAf,cAAkDC,EAAyC,CAC9FC,GAA6B,CAAC,EAC9BC,GACAC,GAAsE,MACtEC,GAA0C,CAAC,EAE3C,cAAcC,EAAsC,CAChD,OAAI,KAAKF,KAAW,YACV,IAGN,KAAKD,GAAcG,EACZ,GAEf,CAEA,iBAAiBA,EAA8B,CAC3C,OAAO,KAAK,cAAcA,IAAe,OAAY,OAAYC,GAAeD,CAAU,CAAC,CAC/F,CAEA,IAAI,YAAyC,CACzC,OAAO,KAAKH,EAChB,CAEA,UAAUK,EAA8B,CACpC,GAAI,KAAKJ,KAAW,YAChB,MAAM,IAAI,MAAM,qBAAqB,KAAK,UAAUI,CAAM,CAAC,mDAAmD,EAElH,YAAKN,GAAS,KAAKM,CAAM,EAClB,IACX,CAIA,aAAaC,EAAmC,CAC5C,KAAKJ,GAAe,KAAKI,CAAM,CACnC,CAEA,IAAI,UAAoB,CACpB,IAAMC,EAAQ,KAAKN,GACnB,OAAOM,IAAU,OAASA,IAAU,sBACxC,CAEA,MAAM,KAAKC,EAA2F,CAClG,GAAIA,aAAgB,eAChB,MAAM,IAAI,MAAM,uCAAuC,EAE3D,IAAMC,EAAS,MAAMD,EACrB,GAAI,CAGA,OAAO,MAAM,KAAK,SAAS,SAEhB,MAAM,KAAK,aAAa,QAAQ,QAAQC,CAAM,CAAC,CAEzD,EAAE,MAAMC,GAAS,CAEd,MAAMA,CACV,CAAC,CACL,OACOA,EAAO,CAEV,MAAMA,CACV,CACJ,CAIA,MAAM,KAAwB,CAC1B,OAAK,KAAK,SAMC,QAAQ,QAAQ,EAAK,EALrB,KAAK,SAAS,SACV,MAAM,KAAK,aAAa,QAAQ,QAAQ,CAAC,CACnD,CAKT,CAEU,SAASC,EAAwD,CACvE,IAAMJ,EAAQ,KAAKN,GACfW,EAAa,QAAQ,QAAQ,EACjC,GAAIL,IAAU,MACV,KAAKN,GAAS,aACV,KAAKC,GAAe,OAAS,IAC7BU,EAAa,KAAKV,GACb,OACG,CAACW,EAAKC,IAAQD,EAAI,KAAK,IAAMC,EAAI,CAAC,EAClC,QAAQ,QAAQ,CAAC,EACpB,MAAOC,GAAW,CACD,KAAKd,KACL,eACV,KAAKA,GAAS,uBAGtB,CAAC,WAGJM,IAAU,uBACf,KAAKN,GAAS,iBAGd,QAAO,QAAQ,QAAQ,EAAK,EAGhC,OAAAW,EAAaA,EAAW,KAAK,IAAM,CAC/B,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAKX,GAAS,WAClB,CAAC,EAGMW,EAAW,KAAK,SACZD,IAAgB,OAAY,MAAMA,EAAY,EAAI,EAC5D,CACL,CAEU,iBAAwB,CAAC,CACzB,cAAqB,CAAC,CACtB,cAAqB,CAAC,CACpC,EACaK,EAAN,cAAgCrB,EAAuD,CAE1FsB,GACAlB,GACSmB,GAET,YAAYC,EAAkC,CAC1C,MAAM,IAAIC,GAAuBD,CAAG,CAAC,EACrC,KAAKD,GAAOC,CAChB,CAEA,kBAAyB,CACrB,OAAO,KAAKD,EAChB,CAEA,IAAI,SAAU,CACV,OAAO,KAAKA,GAAK,OACrB,CAEA,IAAI,OAAiB,CACjB,OAAO,KAAKA,GAAK,kBAAoB,CACzC,CAEA,IAAI,MAAO,CACP,OAAO,KAAK,KAAK,QACrB,CAEA,IAAI,KAAM,CACN,YAAKD,KAAS,IAAI,IAAI,KAAKC,GAAK,QAAS,GAAG,KAAK,QAAQ,MAAM,KAAK,IAAI,EAAE,EACnE,KAAKD,EAChB,CAEA,IAAI,OAAQ,CACR,OAAO,KAAK,KAAK,MACrB,CAEA,IAAI,QAAS,CACT,OAAO,KAAKC,GAAK,MACrB,CAEA,IAAI,MAAO,CACP,IAAIG,EACJ,OAAI,KAAKH,GAAK,kBAAoB,IAC9BG,EAAM,KAAKH,GAAK,QAAsC,YAAY,GAEtEG,IAAO,KAAKH,GAAK,OAAO,cACjB,MAAM,UAAUG,CAAE,CAC7B,CAEA,IAAI,UAAW,CACX,IAAIC,EACJ,OAAI,KAAKJ,GAAK,iBAAmB,IAC7BI,EAAM,KAAKJ,GAAK,QAAsC,SAAS,GAEnEI,IAAO,KAAKJ,GAAK,gBAAkB,QAAU,OACtC,MAAM,cAAcI,CAAE,CACjC,CAEA,IAAI,QAAS,CACT,OAAO,KAAKJ,GAAK,MACrB,CAEA,IAAI,eAA6C,CAC7C,IAAMK,EAAS,KAAKL,GAAK,OAAO,aAC1BM,EAAU,KAAKN,GAAK,OAAO,cAC3BO,EAAO,KAAKP,GAAK,OAAO,WACxBQ,EAAiB,CAACH,GAAU,CAACC,GAAW,CAACC,EAAQ,OAAY,CAAE,OAAAF,EAAQ,QAAAC,EAAS,KAAAC,CAAK,EAC3F,OAAO,MAAM,mBAAmBC,CAAa,GAAKA,CACtD,CAEA,IAAI,SAAwB,CACxB,YAAK3B,KAAa,MAAM,QACjB,KAAKA,EAChB,CAEA,IAAI,MAAkC,CAClC,OAAO,GAAAN,QAAK,gBAAgB,MAAM,KAAKyB,EAAI,CAC/C,CAEA,MAAM,MAAO,CACT,IAAMS,EAAsB,CAAC,EAC7B,GAAI,KAAK,OAAS,OACd,cAAiBC,KAAS,KAAK,KAC3BD,EAAO,KAAKC,CAAK,EAGzB,OAAO,IAAI,KAAKD,EAAQ,CAAC,KAAM,KAAK,QAAQ,IAAI,cAAc,GAAe,0BAA0B,CAAC,CAC5G,CAGA,MAAM,MAAO,CAET,OAAO,MADM,MAAM,KAAK,KAAK,GACX,KAAK,CAC3B,CAEA,MAAM,UAAW,CAEb,IAAME,EAAO,MADA,MAAM,KAAK,KAAK,GACL,KAAK,EAC7B,OAAO,IAAI,gBAAgBA,CAAI,CACnC,CAEA,MAAM,MAAO,CACT,IAAMC,EAAO,MAAM,KAAK,KAAK,EAC7B,GAAIA,EAAK,OAAS,EACd,OAEJ,IAAMD,EAAO,MAAMC,EAAK,KAAK,EAC7B,OAAO,KAAK,MAAMD,CAAI,CAC1B,CAGU,QAAiB,CACvB,IAAME,EAAW,KAAKb,GAAK,OAAO,cAClC,GAAI,CAACa,EACD,MAAM,IAAI,MAAM,8BAA8B,EAElD,MAAO,GAAGA,CAAQ,IAAI,KAAKb,GAAK,OAAO,UAAU,EACrD,CACJ,EAEME,GAAN,cAAqCY,EAAyE,CACjGC,GAET,YAAYC,EAAkC,CAC1C,MAAM,EACN,KAAKD,GAAOC,CAChB,CAEA,IAAIC,EAAuB,CACvB,OAAO,KAAKF,GAAK,QAAQE,CAAI,IAAM,MACvC,CAEA,IAAIA,EAAwD,CACxD,OAAO,KAAKF,GAAK,QAAQE,CAAI,CACjC,CAEA,KAAKA,EAAwB,CACzB,OAAO,MAAM,OAAOA,CAAI,CAC5B,CAEA,IAAIA,EAAkC,CAClC,IAAMC,EAAQ,KAAKH,GAAK,QAAQE,CAAI,EACpC,OAAI,MAAM,QAAQC,CAAK,EACZA,EAAM,CAAC,EAEXA,CACX,CAEA,MAAO,CACH,OAAO,OAAO,KAAK,KAAKH,GAAK,OAAO,EAAE,OAAO,CACjD,CACJ,EAEMI,GAAN,cAAqCL,EAAgE,CACxFC,GAET,YAAYC,EAAiC,CACzC,MAAM,EACN,KAAKD,GAAOC,CAChB,CAEA,IAAIC,EAAuB,CACvB,OAAO,KAAKF,GAAK,UAAUE,CAAI,CACnC,CAEA,MAAO,CACH,OAAO,KAAKF,GAAK,eAAe,EAAE,OAAO,CAC7C,CAEA,IAAIE,EAA4B,CAC5B,OAAO,KAAKF,GAAK,UAAUE,CAAI,CACnC,CAEA,IAAIA,EAA2B,CAC3B,IAAMC,EAAQ,KAAKH,GAAK,UAAUE,CAAI,EACtC,OAAI,MAAM,QAAQC,CAAK,EACZA,EAAM,CAAC,EAEXA,CACX,CAEA,IAAID,EAAcC,EAA2B,CACzC,OAAK,KAAKH,GAAK,cACP,MAAM,QAAQG,CAAK,EACnBA,EAAQA,EAAM,IAAIE,GAAK,OAAOA,GAAM,SAAW,OAAOA,CAAC,EAAIA,CAAC,EACrD,OAAOF,GAAU,WACxBA,EAAQ,OAAOA,CAAK,GAGpBA,EACA,KAAKH,GAAK,UAAUE,EAAMC,CAAK,EAG/B,KAAKH,GAAK,aAAaE,CAAI,GAG5B,IACX,CAEA,IAAIA,EAAcC,EAA2C,CACzD,OAAK,KAAKH,GAAK,aACX,KAAKA,GAAK,aAAaE,EAAMC,CAAK,EAE/B,IACX,CAEA,KAAKD,EAAwB,CACzB,OAAO,MAAM,OAAOA,CAAI,CAC5B,CACJ,EAEaI,GAAN,cAAiC1C,EAAyD,CACpF2C,GAET,YAAYC,EAAiC,CACzC,MAAM,IAAIJ,GAAuBI,CAAG,CAAC,EACrC,KAAKD,GAAOC,CAChB,CAEA,mBAA0B,CACtB,OAAO,KAAKD,EAChB,CAEA,IAAI,YAA6B,CAE7B,OADe,MAAM,YACJ,CAAC,MAAO,KAAKA,GAAK,UAAU,CACjD,CAEA,iBAAkB,CACd,IAAME,EAAS,MAAM,WACjBA,IAAW,SACX,KAAKF,GAAK,WAAaE,EAAO,MAEtC,CAEA,UAAUrC,EAA8B,CACpC,YAAK,QAAQ,IAAI,aAAc,MAAM,eAAeA,CAAM,CAAC,EACpD,IACX,CAEA,MAAM,aAAaG,EAAmD,CAClE,GAAK,KAAKgC,GAAK,YAqCX,MAAO,GApCP,GAAIhC,aAAgB,eAEhB,MAAM,IAAI,MAAM,+CAA+C,EAE9D,CACD,IAAMoB,EAAQ,MAAMpB,EACpB,OAAO,MAAM,IAAI,QAAiB,CAACmC,EAASC,IAAW,CACnD,GAAI,CACIhB,IAAU,OACV,KAAKY,GAAK,IAAI,IAAM,CAChBG,EAAQ,EAAI,CAChB,CAAC,GAEI,KAAK,QAAQ,IAAI,gBAAgB,IAE9B,OAAOf,GAAU,SACjB,KAAK,QAAQ,IAAI,iBAAkB,OAAO,WAAWA,CAAK,CAAC,EAEtDA,aAAiB,KACtB,KAAK,QAAQ,IAAI,iBAAkBA,EAAM,IAAI,EAG7C,KAAK,QAAQ,IAAI,iBAAkBA,EAAM,UAAU,GAG3D,KAAKY,GAAK,IAAIZ,EAAO,IAAM,CACvBe,EAAQ,EAAI,CAChB,CAAC,EAET,OAASE,EAAG,CACRD,EAAOC,aAAa,MAAQA,EAAI,IAAI,MAAM,eAAeA,CAAC,EAAE,CAAC,CACjE,CACJ,CAAC,CACL,CAKR,CACJ,EAEaC,GAAN,MAAMC,CAAwD,CACxDC,GAET,YAAYC,EAA4B,CACpC,KAAKD,GAAYC,CACrB,CAEA,IAAI,UAA8B,CAC9B,OAAO,KAAKD,EAChB,CAEA,IAAI,IAAa,CACb,OAAO,KAAKA,GAAU,EAC1B,CAEA,IAAI,QAAqB,CACrB,OAAO,KAAKA,GAAU,MAC1B,CAEA,IAAI,MAAe,CACf,OAAO,KAAKA,GAAU,IAC1B,CAEA,IAAI,UAAW,CACX,OAAO,KAAKA,GAAU,QAC1B,CAEA,IAAI,MAA2B,CAC3B,OAAO,KAAKA,GAAU,IAC1B,CAEA,IAAI,KAAW,CACX,OAAO,KAAKA,GAAU,GAC1B,CAEA,IAAI,SAA+B,CAC/B,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,SAAwB,CACxB,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,eAAgB,CAChB,OAAO,KAAKA,GAAU,aAC1B,CAEA,IAAI,SAAU,CACV,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,MAA8C,CAC9C,OAAO,KAAKA,GAAU,IAC1B,CACA,MAAM,MAAsB,CACxB,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CACA,MAAM,MAAwB,CAC1B,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CACA,MAAM,UAAqC,CACvC,OAAO,MAAM,KAAKA,GAAU,SAAS,CACzC,CACA,MAAM,MAAyB,CAC3B,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CAEA,UAAmB,CACf,MAAO,GAAGD,EAA2B,IAAI,eAAe,KAAK,SAAS,SAAS,CAAC,GACpF,CAEA,OAAc,iBAAoBE,EAA+B,CAC7D,GAAIA,aAAmBtD,GACnB,OAAOsD,EAAQ,iBAAoB,EAElC,GAAIA,aAAmBF,EACxB,OAAOA,EAA2B,iBAAoBE,EAAQ,QAAQ,EAGtE,MAAM,IAAI,MAAM,kCAAkCA,EAAQ,YAAY,IAAI,EAAE,CAEpF,CACJ,EACaC,EAAN,MAAMC,CAA0D,CAC1DH,GAET,YAAYI,EAA8B,CACtC,KAAKJ,GAAYI,CACrB,CAEA,IAAI,UAA+B,CAC/B,OAAO,KAAKJ,EAChB,CAEA,cAAc7C,EAAqC,CAC/C,OAAO,KAAK,SAAS,cAAcA,CAAU,CACjD,CAEA,iBAAiBA,EAA8B,CAC3C,OAAO,KAAK,SAAS,iBAAiBA,CAAU,CACpD,CAEA,IAAI,YAA6B,CAC7B,OAAO,KAAK,SAAS,UACzB,CAEA,IAAI,SAA4B,CAC5B,OAAO,KAAK,SAAS,OACzB,CAEA,UAAUE,EAA8B,CACpC,YAAK,SAAS,UAAUA,CAAM,EACvB,IACX,CAEA,MAAM,KAAwB,CAC1B,OAAO,MAAM,KAAK,SAAS,IAAI,CACnC,CAEA,MAAM,KAAKG,EAA2F,CAClG,OAAO,MAAM,KAAKwC,GAAU,KAAKxC,CAAI,CACzC,CAEA,IAAI,SAA8B,CAC9B,OAAO,KAAKwC,GAAU,OAC1B,CAEA,UAAmB,CACf,MAAO,GAAGG,EAA4B,IAAI,eAAe,KAAK,SAAS,SAAS,CAAC,GACrF,CAEA,OAAc,kBAAqBC,EAAiC,CAChE,GAAIA,aAAoBvD,GACpB,OAAOuD,EAAS,kBAAqB,EAEpC,GAAIA,aAAoBD,EACzB,OAAOA,EAA4B,kBAAqBC,EAAS,QAAQ,EAGzE,MAAM,IAAI,MAAM,mCAAmCA,EAAS,YAAY,IAAI,EAAE,CAEtF,CACJ,EAEaC,GAAN,MAAMC,CAAwD,CACxDN,GAEC,YAAYO,EAA6B,CAC/C,KAAKP,GAAYO,CACrB,CAEA,IAAI,UAA8B,CAC9B,OAAO,KAAKP,EAChB,CAEA,IAAI,SAA6B,CAC7B,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,UAA+B,CAC/B,OAAO,KAAKA,GAAU,QAC1B,CAEA,UAAab,EAA6B,CACtC,OAAO,KAAKa,GAAU,UAAUb,CAAI,CACxC,CAEA,WAAyD,CACrD,OAAO,KAAKa,GAAU,UAAU,CACpC,CAEA,IAAI,WAAoB,CACpB,OAAO,KAAKA,GAAU,SAC1B,CAEA,UAAW,CACP,MAAO,GAAGM,EAA2B,IAAI,eAAe,KAAK,QAAQ,GACzE,CACJ,EAEaE,GAAN,KAAiG,CAC3F,QACA,SACAC,GAAuC,CAAC,EACjDC,GACAC,GAAqB,GAErB,YAAYV,EAAkBG,EAAoB,CAC9C,KAAKK,GAAYG,EAAgB,EAAIX,EAAQ,GAC7C,KAAK,QAAUA,EACf,KAAK,SAAWG,CACpB,CAEA,IAAI,QAAqB,CACrB,OAAO,KAAK,QAAQ,MACxB,CAEA,IAAI,MAAkC,CAClC,OAAO,KAAK,QAAQ,IACxB,CAEA,IAAI,YAAsC,CACtC,OAAO,KAAKK,EAChB,CAEA,UAAatB,EAA6B,CACtC,OAAO,KAAK,WAAWA,CAAI,CAC/B,CAEA,WAAyD,CACrD,OAAO,QAAQ,QAAQ,MAAS,CACpC,CAEA,IAAI,WAAoB,CACpB,IAAMC,EAAQ,KAAK,UAAUwB,EAAgB,EAC7C,OAAI,KAAKF,KAAWtB,IAChB,KAAKsB,GAAStB,EACd,KAAKuB,GAAavB,IAAU,OAAY,IAAIA,CAAK,KAAO,IAErD,KAAKuB,EAChB,CACJ,EAEaC,GAAmB,mCC7qBhC,IAAAC,GAA2D,mBAErDC,GAAqB,8CAC3B,SAASC,GAAUC,EAAc,CAC7B,GAAIA,EAAO,MAAQ,MAAM,IAAI,MAAM,YAAYA,CAAI,EAAE,EACrD,OAAOA,CACX,CAOO,SAAUC,GAAUD,EAA0C,CACjE,GAAI,OAAOA,GAAS,SAChB,QAAWC,KAAaD,EAAK,MAAM,GAAG,EAAG,CACrC,IAAME,EAAUD,EAAU,KAAK,EACzBE,EAAcL,GAAmB,KAAKI,CAAO,EACnD,GAAIC,EAAa,CACb,IAAMC,EAAQ,SAASD,EAAY,CAAC,CAAC,EAC/BE,EAAM,SAASF,EAAY,CAAC,GAAKA,EAAY,CAAC,CAAC,EACrD,QAAS,EAAIJ,GAAUK,CAAK,EAAG,EAAIL,GAAUM,CAAG,EAAI,EAAG,IACnD,MAAM,CAEd,KAEI,OAAM,IAAI,MAAM,IAAIJ,CAAS,iCAAiC,CAEtE,MAEA,MAAMF,GAAUC,CAAI,CAE5B,CAEO,IAAMM,IAAW,IAAM,CAC1B,SAASC,EAASC,EAAuB,CACrC,OAAOA,EAAE,OAAS,EAAIA,EAAE,CAAC,EAAI,MACjC,CACA,IAAMC,EAAY,OAAO,UAAO,sBAAkB,CAAC,EAC9C,QAASC,IACEA,GAAW,CAAC,GAAG,OAAQC,GAASA,EAAK,SAAW,MAAM,CACjE,EAAE,OAAO,CAACC,EAAKD,KACZC,EAAID,EAAK,SAAW,WAAa,UAAU,EAAE,KAAKA,CAAI,EAC/CC,GACR,CAAC,SAAU,CAAC,EAA6B,SAAU,CAAC,CAA2B,CAAC,EACvF,OAAQL,EAAME,EAAU,QAAQ,GAAMF,EAAME,EAAU,QAAQ,IAAI,OACtE,GAAG,EC7CH,IAAAI,GAA6D,mBAE7DC,EAA4C,4BAEtCC,EAAMC,EAAU,YAAY,EAO5BC,GAAkB,CACpB,YAAa,KAAO,KAAO,KAC3B,eAAgB,IAAU,IAC1B,aAAc,IACd,WAAY,GACZ,WAAY,MAChB,EAEA,SAASC,IAAuB,CAC5B,SAAO,sBAAkB,CAC7B,CAEA,eAAeC,GAASC,EAAe,CACnC,IAAMC,EAASD,EAAK,YAAc,OAC5BE,EAAS,GAAGF,EAAK,YAAY,IAAIC,CAAM,gBACzCN,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,yBAAyBO,CAAM,EAAE,EAG/C,MAAMC,GAAWH,EAAK,YAAY,EAC7B,MAAM,MAAOI,GAAM,CACZT,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,kBAAkBK,EAAK,YAAY,yCAAyC,EAE1F,GAAI,CACA,QAAM,SAAMA,EAAK,aAAc,CAAC,UAAW,EAAI,CAAC,EAChDL,EAAI,KAAK,qBAAqBK,EAAK,YAAY,uBAAuB,CAC1E,MAAY,CACRL,EAAI,MAAM,kCAAkCK,EAAK,YAAY,EAAE,CACnE,CACJ,CAAC,EACL,IAAMK,KAAe,sBAAkBH,CAAM,EAC7CP,EAAI,KAAK,aAAa,EACtB,GAAI,CACAA,EAAI,MAAM,0BAA0B,EACpC,IAAMW,EAAe,GAAGN,EAAK,YAAY,IAAIC,CAAM,IAAID,EAAK,UAAU,gBACtE,MAAMG,GAAWG,CAAY,EACxB,KAAK,SAAY,CACVX,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,YAAYW,CAAY,EAAE,EAExC,GAAI,CACA,QAAM,UAAOA,CAAY,CAC7B,OAASC,EAAG,CACRZ,EAAI,KAAK,oBAAoBW,CAAY,GAAIC,CAAC,CAClD,CACJ,CAAC,EACA,MAAM,IAAM,CAEb,CAAC,EACL,QAAS,EAAIP,EAAK,WAAa,EAAG,EAAI,EAAG,IAAK,CAC1C,IAAMQ,EAAkB,GAAGR,EAAK,YAAY,IAAIC,CAAM,IAAI,CAAC,gBACrDQ,EAAe,GAAGT,EAAK,YAAY,IAAIC,CAAM,IAAI,EAAI,CAAC,gBAC5D,MAAME,GAAWK,CAAe,EAC3B,KAAK,SAAY,CACd,GAAI,CACA,QAAM,UAAOA,EAAiBC,CAAY,CAC9C,OAASF,EAAG,CACRZ,EAAI,KAAK,oBAAoBa,CAAe,OAAOC,CAAY,GAAIF,CAAC,CACxE,CACJ,CAAC,EACA,MAAM,IAAM,CAEb,CAAC,CACT,CACA,IAAMG,EAAgB,GAAGV,EAAK,YAAY,IAAIC,CAAM,kBACpD,GAAI,CACA,QAAM,UAAOI,EAAcK,CAAa,CAC5C,OAASH,EAAG,CACRZ,EAAI,KAAK,oBAAoBU,CAAY,OAAOK,CAAa,GAAIH,CAAC,CACtE,CACAZ,EAAI,MAAM,kBAAkB,CAChC,OAASY,EAAG,CACR,MAAAZ,EAAI,MAAM,wBAAyBY,CAAC,EAC9BA,CACV,CACJ,CAEA,eAAeJ,GAAWQ,EAA+B,CACjDhB,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,iBAAiBgB,CAAI,EAAE,EAErC,QAAM,UAAOA,CAAI,CACrB,CAEA,eAAeC,GAAaC,EAAiBC,EAG1Cd,EAAe,CACVL,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,yBAAyB,KAAK,UAAUkB,CAAK,CAAC,EAAE,EAE9D,IAAME,EAAQ,KAAK,IAAIf,EAAK,YAAc,IAAOa,EAAM,eAAgB,EACjEG,EAAOH,EAAM,eACnBlB,EAAI,KAAK,cAAc,KAAK,UAAUkB,CAAK,CAAC,EAAE,EAC1CG,GAAQD,GACRpB,EAAI,KAAK,aAAaqB,CAAI,+BAA+BD,CAAK,QAAQ,EAClED,EAAM,oBACN,OAAOA,EAAM,UAEbA,EAAM,oBAAsB,GAC5BA,EAAM,SAAW,IAErB,MAAMf,GAASC,CAAI,IAEnBc,EAAM,oBAAsB,GAC5B,OAAOA,EAAM,SAErB,CAEO,SAASG,GAAMjB,EAAyD,CAC3E,IAAMkB,EAAkB,CAAC,GAAGrB,GAAiB,GAAGG,CAAI,EAEhDmB,EAAU,GACRL,EAAQ,CAAC,oBAAqB,EAAK,EACnCM,EAAS,SAAY,CACvB,IAAMP,EAAQf,GAAW,EACzB,MAAMc,GAAaC,EAAOC,EAAOI,CAAM,CAC3C,EACMG,EAAW,YAAYD,EAAQF,EAAO,cAAc,EAyB1D,MAAO,CAAC,GAAGA,EAAQ,QAxBH,MAAOI,GAAsB,CACzC,GAAI,CAACH,EAED,OADAG,IAAY,MACJA,EAAS,CACb,IAAK,MAAO,CACR,MAAMF,EAAO,EACb,KACJ,CACA,IAAK,OAAQ,CACT,MAAMrB,GAASmB,CAAM,EACrB,KACJ,CACA,IAAK,OAAQ,CACTC,EAAU,GACV,cAAcE,CAAQ,EACtB1B,EAAI,KAAK,wBAAwB,EACjC,KACJ,CACJ,CAGJ,OAAOwB,CACX,CAE0B,CAC9B,CAEA,eAAeI,GAAI,CAAC,QAAAC,CAAO,EAAyBF,EAAmB,CAC9D,MAAME,EAAQF,CAAO,GACtB3B,EAAI,KAAK,2BAA2B2B,CAAO,kBAAkB,CAErE,CAGA,eAAsBG,GAAKC,EAAyB,CAChD,OAAO,MAAMH,GAAIG,EAAG,MAAM,CAC9B,CCtKA,IAAAC,GAAiB,uDAEXC,GAAgBC,IAClBA,IAAW,GAAG,GAAAC,QAAK,IAAI,OAAO,GAAAA,QAAK,OAAO,GACnC,MAAO,CAAC,SAAAC,CAAQ,EAAsBC,IAA8B,CACnEH,IAAW,IAAS,CAACE,EAAS,QAAQ,IAAI,QAAQ,GAClDA,EAAS,QAAQ,IAAI,SAAUF,CAAM,EAEzC,MAAMG,EAAK,CACf,GAGGC,GAASJ,GAA4BD,GAAaC,CAAM,ECd/D,IAAAK,GAAwB,8BAIxB,IAAMC,GAAMC,EAAU,0BAA0B,EAOhD,SAASC,GAAeC,EAAgD,CACpE,OAAQA,EAAc,QAAS,CAC3B,IAAK,QACL,IAAK,YACD,MAAO,GACX,IAAK,QACL,IAAK,YACD,MAAO,GACX,QACI,MAAO,EACf,CACJ,CAEA,SAASC,GAASD,EAAuCE,EAAqC,CAC1F,IAAMC,EAAQH,EAAc,OAASA,EAAc,UAC7CI,EAAQJ,EAAc,OAASA,EAAc,UACnD,GAAIG,EAAM,OAAS,GAAK,aAAU,UAAU,YAAYA,EAAOD,CAAM,EACjE,OAAAL,GAAI,KAAK,UAAUK,CAAM,uBAAuB,EACzC,GACJ,GAAIE,EAAM,OAAS,GAAK,aAAU,UAAU,YAAYA,EAAOF,CAAM,EACxE,OAAIL,GAAI,WAAW,OAAO,GACtBA,GAAI,MAAM,UAAUK,CAAM,uBAAuB,EAE9C,EAEf,CAEA,SAASG,GAAkBL,EAAgD,CACvE,OAAQA,EAAc,YAAa,CAC/B,IAAK,QACL,IAAK,YACD,MAAO,GACX,IAAK,QACL,IAAK,YACD,MAAO,GACX,QACI,MAAO,EACf,CACJ,CAEO,SAASM,GAAcJ,EAAiBF,EAAiD,CAC5F,GAAI,CAACA,EACD,MAAO,GAEX,GAAKE,EAEE,CACH,IAAMK,EAAmCN,GAASD,EAAeE,CAAM,EACvE,OAAIK,GAGOF,GAAkBL,CAAa,CAE9C,KARI,QAAOD,GAAeC,CAAa,CAS3C,CAEO,SAASQ,GAAsBR,EAAmE,CACrG,GAAIA,EAAe,CACf,IAAMG,GAASH,EAAc,OAASA,EAAc,WAAa,CAAC,GAAG,IAAI,aAAU,UAAU,QAAQ,EAC/FI,GAASJ,EAAc,OAASA,EAAc,WAAa,CAAC,GAAG,IAAI,aAAU,UAAU,QAAQ,EACrG,MAAO,CACH,YAAaA,EAAc,aAAe,QAC1C,QAASA,EAAc,SAAW,QAClC,MAAAI,EACA,MAAAD,CACJ,CACJ,CACJ,CCzDO,IAAMM,GAA0EC,GAC5E,MAAOC,GAAsD,CAChE,QAAWC,KAAWF,EAElB,IADe,MAAME,EAAQD,CAAQ,GAC1B,MACP,OAAOE,EAAM,EAGrB,OAAOC,CACX,EAGSC,EAA2EL,GAA0C,CAC9H,IAAME,EAAU,MAAOD,GAAsD,CACzE,QAAWC,KAAWF,EAElB,GAAI,EADW,MAAME,EAAQD,CAAQ,GACzB,MACR,OAAOG,EAGf,OAAOD,EAAM,CACjB,EACA,OAAAD,EAAQ,SAAW,IAAM,OAAOF,EAAS,IAAIM,GAAKA,EAAE,SAAS,CAAC,EAAE,KAAK,IAAI,CAAC,IACnEJ,CACX,EAGaK,GAAwEL,GAC1E,MAAOD,IACK,MAAMC,EAAQD,CAAQ,GACvB,MAAQG,EAAWD,EAAM,EAIlCK,GAAwC,MAAOC,GACjDN,EAAM,EAEjBK,GAAY,SAAW,IAAM,eAE7B,IAAME,GAAe,OAAO,OAAO,CAAC,CAAC,EACxBN,EAAwB,OAAO,OAAO,CAAC,MAAO,GAAO,UAAWM,EAAY,CAAC,EAC7EP,EAAQ,CAACQ,EAAoCD,MAC/C,CAAC,MAAO,GAAM,UAAAC,CAAS,GAGrBC,EAA8F,CAACA,EAASC,IAAS,CAC1H,IAAMC,EAASD,GAAM,OACfX,EAAU,MAAOD,GAAsD,CACzE,IAAMc,EAAUd,EAAS,QACnBe,EAAOD,EAAQ,KACrB,GAAID,IAAW,QAAaC,EAAQ,SAAWD,EAC3C,OAAOV,EAEX,GAAI,OAAOQ,GAAY,SACnB,OAAII,IAASJ,EACFT,EAAM,EAEVC,EAEN,CACD,IAAMD,EAAQS,EAAQ,KAAKI,CAAI,EAC/B,OAAIb,IAAU,KACHC,EAEJ,CAAC,MAAO,GAAM,UAAW,CAAC,GAAGD,EAAM,MAAM,CAAC,CACrD,CACJ,EACA,OAAAD,EAAQ,SAAW,IACR,WAAWU,EAAQ,SAAS,CAAC,YAAYE,GAAU,OAAO,IAE9DZ,CAEX,EACae,GAAiIJ,GAAmC,CAE7K,IAAMK,EAAgBC,GAAwC,CAC1D,GAAIN,EAAK,oBAAsB,QAC3B,QAAWO,KAAoBP,EAAK,kBAChC,GAAIM,IAAuBC,GAAoBA,IAAqB,MAChE,MAAO,GAInB,MAAO,EACX,EAEA,MAAO,OAAOnB,GAAsD,CAChE,IAAMc,EAAUd,EAAS,QACrBoB,EACJ,GAAI,CACAA,EAAoBN,EAAQ,QAAQ,KAAK,QAAQ,CACrD,MACU,CACN,OAAOX,CACX,CACA,QAAWe,KAAsBE,EAC7B,GAAI,CAAAH,EAAaC,CAAkB,GAGnC,QAAWF,KAAaJ,EAAK,WACzB,GAAIM,EAAmB,WAAWF,CAAS,EACvC,OAAOd,EAAM,EAKzB,OAAOC,CACX,CACJ,EAEakB,EAA2C,MAAO,CAAC,QAAAP,CAAO,IACnDA,EAAQ,SAAWA,EAAQ,QAAQ,IAAI,SAAS,GAAG,YAAY,IAAM,YACpEZ,EAAM,EAAIC,EAE/BkB,EAAe,SAAW,IAAM,oBCvHhC,IAAAC,GAAwB,8BAgBxB,eAAsBC,GAAUC,EAAqCC,EAAoCC,EAAoC,CACzI,IAAMC,EAAY,CAACC,EAAiDC,IAAoC,CAMpG,GAAIA,GAAS,KAAM,CACf,IAAMC,EAAmBD,EAAQ,OAAS,GAAO,CAC7C,aAAcA,EAAQ,SAAS,OAAO,IAAI,aAAU,UAAU,QAAQ,EACtE,aAAcD,EAAQ,SAAW,OAAY,CAAC,GAAG,EAAI,CAACA,EAAQ,MAAM,EACpE,iBAAkBC,EAAQ,WAAW,SAAW,YAAc,GAAO,MACzE,EAAIA,EAAQ,KACNE,EAAOH,EAAQ,KACrBF,EAAO,KAAK,KAAK,CAACK,EAAMD,CAAI,CAAC,CACjC,CACJ,EAEME,EAAa,IAAI,KAAkC,CAErD,UAAUC,EAA8C,CACpDA,EAAS,QAAQ,CAAC,CAAC,QAAAL,EAAS,QAAAC,EAAS,QAAAK,CAAO,IAAM,CAC9C,IAAMC,EAAUC,EAAQ,aAAU,UAAU,SAASR,EAAQ,IAAI,EAAsB,CAAC,OAAQA,EAAQ,MAAM,CAAC,EAC3GC,GAAS,WACTH,EAAO,UAAU,KAAK,CAACS,EAASN,EAAQ,SAAS,CAAC,EAGtDF,EAAUC,EAASC,CAAO,EAC1B,IAAMQ,EAAa,MAAOC,EAA6BC,IAA6C,CAChG,GAAM,CAAC,MAAAC,EAAO,UAAAC,CAAS,EAAI,MAAMN,EAAQG,CAAQ,EAC7CE,EACA,MAAMN,EAAQI,EAAUG,CAAS,EAEjC,MAAMF,EAAK,CAEnB,EACAb,EAAO,WAAW,KAAKW,CAAU,CACrC,CAAC,CACL,CAEA,UAAUK,EAA4C,CAClD,OAAW,CAAC,KAAAX,EAAM,QAAAY,EAAS,QAAAd,CAAO,IAAKa,EAAS,CAC5C,IAAME,EAAQb,GAAQ,IAGtBL,EAAO,QAAQ,IAAIkB,EAAO,CACtB,QAASb,IAAS,OAClB,KAAMF,GAAS,KACf,QAASc,EACT,eAAgBd,GAAS,eACzB,UAAWA,GAAS,UACpB,cAAegB,GAAsBhB,GAAS,OAAO,CACzD,CAAC,CACL,CACJ,CACJ,EACA,MAAML,EAAIQ,EAAYP,CAAM,CAChC,CCpFA,IAAAqB,GAAwB,8BAExB,SAASC,GAAaC,EAA2C,CAC7D,IAAMC,EAASD,EAAQ,QAAQ,IAAI,QAAQ,EAC3C,GAAIC,IAAW,OACX,MAAO,GAEX,IAAMC,EAAMF,EAAQ,IACdG,EAAiBD,EAAI,SACrBE,EAAaF,EAAI,KAEjBG,EAAY,IAAI,MAAMJ,CAAM,EAE5BK,EAAaD,GAAW,KACxBE,EAAiBF,GAAW,SAClC,OAAOF,IAAmBI,GACnBH,IAAeE,CAC1B,CAKO,SAASE,GAAcR,EAAoD,CAC9E,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,GAAK,CAACD,GAAaC,CAAO,CAEjE,CAEO,SAASS,GAAmBT,EAA+B,CAC9D,OAAOA,EAAQ,SAAW,WACnBA,EAAQ,QAAQ,IAAI,QAAQ,GAC5BA,EAAQ,QAAQ,IAAI,+BAA+B,CAC9D,CAEA,IAAMU,GAAkC,CAAC,SAAU,gCAAiC,gCAAgC,EASvGC,GAAgC,CAACC,EAA6BC,IAAiC,CACxG,GAAM,CAAC,QAAAb,EAAS,SAAAc,CAAQ,EAAIF,EACtBG,EAAkBD,EAAS,QAEjC,GAAI,CAACC,EAAgB,IAAI,MAAM,EAC3BA,EAAgB,IAAI,OAAQL,GAAa,KAAK,IAAI,CAAC,MAElD,CACD,IAAMM,EAAcD,EAAgB,KAAK,MAAM,EAC/C,QAAWE,KAAUP,GACZM,EAAY,KAAKE,GAAKA,IAAMD,CAAM,GACnCD,EAAY,KAAKC,CAAM,EAG/BF,EAAgB,IAAI,OAAQC,EAAY,KAAK,IAAI,CAAC,CACtD,CAEA,GAAI,CACA,GAAI,CAACR,GAAcR,CAAO,EACtB,MAAO,EAEf,MACU,CACN,OAAGmB,EAAO,WAAW,OAAO,GACxBA,EAAO,MAAM,6BAA6B,EAE9CC,GAAcN,CAAQ,EACf,EACX,CAEA,GAAIC,EAAgB,IAAI,6BAA6B,EACjD,OAAII,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,sDAAsD,EAEhE,GAGX,IAAME,EAAmBZ,GAAmBT,CAAO,EAEnD,OAAIa,EACOS,GAAeV,EAAUC,EAAQQ,CAAgB,EAExDA,GACAD,GAAcN,CAAQ,EACf,IAEJ,EACX,EAYMS,GAAqB,CAAC,GAAG,EACzBC,GAAyB,CAAC,MAAO,OAAQ,MAAM,EACxCC,GAAoC,CAC7C,aAAcF,GACd,aAAcC,GACd,aAAcD,GACd,OAAQ,IACZ,EACmB,SAASG,GAAmBb,EAA6C,CACxF,GAAIA,EAAQ,CACR,IAAMc,EAAed,EAAO,aACxBc,GAAgBA,IAAiBC,IACjCf,EAAS,CACL,GAAGA,EACH,aAAcc,EAAa,IAAIV,GAAUA,EAAO,YAAY,CAAC,CACjE,GAEJ,IAAMY,EAAehB,EAAO,aAC5B,OAAIgB,IACIA,IAAiB,KACjBC,GAAyBjB,CAAM,EAC/BkB,GAA4BlB,CAAM,GAGlCA,EAAS,CACL,GAAGA,EACH,aAAcgB,EAAa,IAAI5B,GACvB,OAAOA,GAAW,UAAYA,IAAW2B,IACzC3B,EAAS,aAAU,UAAU,SAASA,CAAM,EACxC,OAAOA,GAAW,UAEX+B,GAAkB/B,CAAM,EAAE,YAAY,EAG9CA,CACV,CACL,GAGDY,CACX,CACJ,CAEA,SAASoB,GAAoDC,EAAoBC,EAAoC,CACjH,GAAIA,IAAU,OACV,OAAOD,IAAW,OAAaA,IAAWN,EAAM,CAACA,CAAQ,EAAIM,EAAU,CAAC,EAE5E,GAAIA,IAAW,OACX,OAAOC,IAAUP,EAAM,CAACA,CAAQ,EAAIO,EAExC,GAAID,GAAUX,IAAsBW,IAAWV,GAC3C,OAAOW,IAAUP,EAAM,CAACA,CAAQ,EAAIO,EAExC,GAAIA,GAASZ,IAAsBY,IAAUX,GACzC,OAAOU,IAAWN,EAAM,CAACA,CAAQ,EAAIM,EAEzC,GAAIA,IAAWN,GAAOM,EAAO,SAASN,CAAQ,GAAKO,IAAUP,GAAOO,EAAM,SAASP,CAAQ,EACvF,MAAO,CAACA,CAAQ,EAEpB,IAAMQ,EAAW,IAAI,IACrB,OAAAF,EAAO,QAASG,GAAMD,EAAS,IAAIC,CAAC,CAAC,EACrCF,EAAM,QAASE,GAAMD,EAAS,IAAIC,CAAC,CAAC,EAC7B,MAAM,KAAKD,CAAQ,CAC9B,CACO,IAAME,GAAoB,CAACJ,EAAoBC,IAC9CA,IAAU,OACHD,EAEgB,CACvB,aAAcD,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,aAAcF,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,aAAcF,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,cAAeF,GAAQC,EAAO,cAAeC,GAAO,aAAa,EACjE,iBAAkBA,GAAO,kBAAoBD,EAAO,iBACpD,oBAAqBC,GAAO,qBAAuBD,EAAO,oBAC1D,OAAQC,GAAO,QAAUD,EAAO,MACpC,EAQEK,GAAcC,GAA8E,CAC9F,IAAMN,EAASM,EAAK,iBACdC,EAAYD,EAAK,eAAiB7B,GACxC,MAAO,OAAO+B,EAAwBC,IAA8B,CAChE,IAAM9B,EAAS,MAAMqB,EAAOQ,CAAG,EAE3B,CADYD,EAAUC,EAAK7B,CAAM,GACrBJ,GAAmBiC,EAAI,OAAO,GAG1C,MAAMC,EAAK,CAEnB,CACJ,EAEOC,GAAQL,GAGTpB,EAAS0B,EAAU,MAAM,EAE/B,SAASzB,GAAcN,EAA8B,CACjDA,EAAS,cAAcgC,EAAW,SAAS,CAC/C,CAEA,SAASxB,GAAeV,EACAC,EAAoBQ,EAAoC,CAC5E,GAAM,CAAC,QAAArB,EAAS,SAAAc,CAAQ,EAAIF,EACtBG,EAAkBD,EAAS,QAE3BiC,EAAgB/C,EAAQ,QAAQ,IAAI,QAAQ,EAC5CgD,EAAcC,GAAYpC,EAAQkC,CAAa,EAErD,GAAIC,IAAgB,OAChB,OAAI7B,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,YAAY4B,CAAa,yBAAyB,EAEnE3B,GAAcN,CAAQ,EACf,GAGX,IAAMoC,EAAgBC,GAAenD,EAASqB,CAAgB,EACxD+B,EAAeC,GAAaxC,EAAQqC,CAAa,EACvD,GAAIE,IAAiB,OACjB,OAAIjC,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,iBAAiB+B,CAAa,kBAAkB,EAEjE9B,GAAcN,CAAQ,EACf,GAGX,IAAMwC,EAAiBC,GAAgBvD,EAASqB,CAAgB,EAC1DM,EAAe6B,GAAa3C,EAAQyC,CAAc,EACxD,GAAIjC,GAAoBM,IAAiB,OACrC,OAAIR,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,oBAAoBmC,CAAc,mBAAmB,EAEtElC,GAAcN,CAAQ,EACf,GAGXC,EAAgB,IAAI,8BAA+BiC,CAAW,EAE1D3B,GACAN,EAAgB,IAAI,+BAAgCqC,EAAa,KAAK,GAAG,CAAC,EAG1E/B,GAAoBM,IAAiB,QAAaA,EAAa,OAAU,GACzEZ,EAAgB,IAAI,+BAAgCY,EAAa,KAAK,IAAI,CAAC,EAE/E,IAAM8B,EAAgB5C,EAAO,cAC7B,OAAI4C,GAAiBA,EAAc,OAAS,GACxC1C,EAAgB,IAAI,gCAAiC0C,EAAc,KAAK,IAAI,CAAC,EAE7E5C,EAAO,kBACPE,EAAgB,IAAI,mCAAoC,MAAM,EAE9DF,EAAO,qBAAuBb,EAAQ,QAAQ,IAAI,wCAAwC,IAAM,QAChGe,EAAgB,IAAI,uCAAwC,MAAM,EAGlEM,GAAoBR,EAAO,SAAW,QACtCE,EAAgB,IAAI,yBAA0BF,EAAO,OAAO,SAAS,CAAC,EAEnE,EACX,CAEA,IAAMe,EAAM,IACN8B,GAAkB,CAAC,MAAO,MAAM,EAEtC,SAAS5B,GAAyBjB,EAAoB,CAClD,GAAIA,EAAO,mBAAqB,IAAQA,EAAO,eAAiBe,EAC5D,MAAM,IAAI,MAAM,0DAA0D,CAElF,CAEA,SAASG,GAA4BlB,EAAoB,CACrD,GAAIA,EAAO,sBAAwB,IAAQA,EAAO,eAAiBe,EAC/D,MAAM,IAAI,MAAM,6DAA6D,CAErF,CAEA,SAASqB,GAAYpC,EAAoBZ,EAAqC,CAC1E,GAAIA,EAAQ,CACR,IAAM0D,EAAiB9C,EAAO,aAC9B,GAAI8C,EAAgB,CAChB,GAAIA,IAAmB/B,EACnB,OAAAE,GAAyBjB,CAAM,EAC/BkB,GAA4BlB,CAAM,EAC3Be,EAEX,IAAMgC,EAAgB5B,GAAkB/B,EAAO,YAAY,CAAC,EAE5D,QAAW4D,KAAiBF,EACxB,GAAKE,IAAmBjC,GAAQ,aAAU,UAAU,aAAaiC,EAAeD,CAAa,EACzF,OAAO3D,CAGnB,CACJ,CACJ,CAEA,SAASoD,GAAaxC,EAAoBqC,EAA8C,CACpF,GAAIA,EAAe,CACf,IAAMY,EAAiBjD,EAAO,cAAgB6C,GAC9C,GAAII,IAAmBlC,EACnB,MAAO,CAACsB,CAAa,EAEzB,GAAI,aAAU,UAAU,YAAYY,EAAgBZ,CAAa,EAC7D,OAAOY,CAEf,CACJ,CAEA,SAASN,GAAa3C,EAAoByC,EAAiD,CACvF,GAAIA,IAAmB,OACnB,OAEJ,GAAIA,EAAe,QAAU,EACzB,MAAO,CAAC,EAEZ,IAAMS,EAAiBlD,EAAO,aAC9B,GAAIkD,IAAmB,OACnB,OAEJ,IAAMC,EAAiBD,IAAmBnC,GAAOmC,EAAe,SAASnC,CAAG,EACtEqC,EAAmB,CAAC,EAC1B,QAAWC,KAAiBZ,EAAgB,CACxC,IAAMa,EAAQD,GAAe,KAAK,EAClC,GAAIC,GACA,GAAIH,EACAC,EAAO,KAAKE,CAAK,MAGjB,SAAWC,KAAiBL,EACxB,GAAII,EAAM,YAAY,IAAMC,EAAe,CACvCH,EAAO,KAAKE,CAAK,EACjB,KACJ,EAIhB,CACA,GAAIF,EAAO,OAAS,EAChB,OAAOA,CAEf,CAEA,SAASjC,GAAkB/B,EAAwB,CAC/C,OAAOA,EAAO,SAAS,GAAG,EAAIA,EAAO,MAAM,EAAG,EAAE,EAAIA,CACxD,CAEA,SAASkD,GAAenD,EAA2CqE,EAA0C,CACzG,OAAQA,EAAcrE,EAAQ,QAAQ,IAAI,+BAA+B,EAAIA,EAAQ,MACzF,CAEA,SAASuD,GAAgBvD,EAAsBqE,EAAgC,CAC3E,IAAMC,EAAUtE,EAAQ,QACxB,OAAQqE,EAAcC,EAAQ,KAAK,gCAAgC,EAAI,MAAM,KAAKA,EAAQ,KAAK,CAAC,CACpG,CAEO,IAAMC,GAA4B/B,GAC9B,MAAO5B,GAAgC,CAC1C,OAAW,CAAC4D,EAAS3D,CAAM,IAAK2B,EAAK,SACjC,IAAK,MAAMgC,EAAQ5D,CAAQ,GAAG,MAC1B,OAAAO,EAAO,MAAM,4BAA4BP,EAAS,QAAQ,IAAI,WAAW4D,CAAO,KAAK,KAAK,UAAU3D,CAAM,CAAC,EAAE,EACtGA,CAGnB,EC/WJ,IAAA4D,GAAwB,8BAEjB,SAASC,GAAuBC,EAAiF,CACpH,GAAM,CAAC,QAASC,EAAQ,KAAAC,CAAI,EAAIF,EAG1BG,EAA4CH,EAAQ,aAAe,GAAQ,OAAYI,GAAkBC,GAAuBL,EAAQ,UAAU,EAElJM,EAA8E,CAAC,EAGrF,OAAW,CAACC,EAAMC,CAAK,IAAKP,EAAQ,CAChC,IAAIQ,EAA0CN,EAC9C,OAAW,CAACO,EAASC,CAAM,IAAKT,EACxB,aAAU,UAAU,aAAaQ,EAASH,CAAI,IAC1CI,IAAW,OACXF,EAAkB,OAGlBA,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,GAIhH,IAAMA,EAASX,EAAQ,aAAe,GAAQ,OAAY,CACtD,aAAcQ,EAAM,eAAe,MACnC,aAAc,CAAC,MAAO,UAAW,SAAS,EAC1C,aAAc,CACV,UACA,aACA,SACA,oBACA,wBACA,yBACA,0BACJ,EACA,cAAe,CAAC,uBAAwB,yBAA0B,0BAA0B,EAC5F,iBAAkBA,EAAM,WAAW,SAAW,YAAc,GAAO,MACvE,EACAC,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,EAEpGL,EAAiB,KAAK,CAClBM,EAAI,CAACC,EAAgBC,EAAQP,CAAI,CAAC,CAAC,EACnCQ,GAAmBN,CAAe,CAAC,CAAC,CAC5C,CAEA,IAAMO,EAA2D,CAAC,EAElE,OAAW,CAACN,EAASC,CAAM,IAAKT,EAAM,CAClC,GAAI,CAAC,CAAEO,CAAe,EAAIO,EAAW,KAAK,CAAC,CAACC,CAAC,IAAM,OAAOA,CAAC,IAAM,OAAOP,CAAO,CAAC,GAAK,CAACA,EAASP,CAAiB,EAEhHM,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,EACpG,IAAIO,EAAQ,GACZ,QAAWC,KAASH,EAChB,GAAI,OAAOG,EAAM,CAAC,CAAC,IAAM,OAAOT,CAAO,EAAG,CACtCS,EAAM,CAAC,EAAIV,EACXS,EAAQ,GACR,KACJ,CAECA,GACDF,EAAW,KAAK,CAACN,EAASD,CAAe,CAAC,CAElD,CACA,OAAW,CAACC,EAASC,CAAM,IAAKK,EAC5BV,EAAiB,KAAK,CAACQ,EAAQJ,CAAO,EAAGK,GAAmBJ,CAAM,CAAC,CAAC,EAGxE,OAAAL,EAAiB,KAAK,CAACQ,EAAQ,WAAW,EAAGC,GAAmBZ,CAAiB,CAAC,CAAC,EAG5EiB,GAAyB,CAAC,SAAUd,CAAgB,CAAC,CAChE,CCxEO,SAASe,GAAiBC,EAAoD,CACjF,OAAOA,IAAc,QAAa,OAAOA,EAAU,MAAY,UAAY,OAAOA,EAAU,eAAqB,SACrH,CAIO,IAAMC,EAAN,cAAkC,KAAM,CACnC,gBAER,IAAI,gBAA6C,CAC7C,OAAO,KAAK,eAChB,CAEA,IAAI,eAAeC,EAAuB,CACtC,GAAIA,IAAU,OACV,MAAM,IAAI,UAAU,oCAAoC,EAE5D,KAAK,gBAAkBA,CAC3B,CACJ,EAEaC,GAAN,cAA8CF,CAAoB,CAAC,EAE7DG,GAAN,cAAkCH,CAAoB,CAAC,EAIvD,IAAMI,EAAN,cAAgC,KAAM,CAAC,EAoBjCC,EAAN,KAA2D,CAC9D,YAAYC,EAAkB,CAC1B,KAAK,QAAUA,CACnB,CAES,OACb,EACaC,EAAN,KAAwE,CAClEC,GAET,YAAYC,EAA2G,CACnH,KAAKD,GAASC,CAClB,CAEA,MAAM,OAAOC,EAAqDC,EAA0B,CAExF,GAAI,EADa,MAAM,KAAKH,GAAOE,EAAgBC,CAAM,IAC1C,QACX,MAAM,IAAIP,EAAkB,eAAe,CAEnD,CAEA,MAAM,UAAUM,EAAqDC,EAAW,CAC5E,OAAO,MAAM,KAAKH,GAAOE,EAAgBC,CAAM,CACnD,CACJ,EAEaC,EAAN,cAAyCC,CAAoB,CAAC,EC7ErE,IAAMC,EAAiCC,GAC5B,MAAOC,GAAgC,CAC1C,IAAIC,EAAoB,GAClB,CAAC,SAAAC,CAAQ,EAAIF,EACnB,QAAWG,KAAQJ,EAAQ,KAAK,EACxBG,EAAS,QAAQ,IAAIC,CAAI,IACzBF,EAAoB,IAG5B,GAAIA,EACA,OAAW,CAACE,EAAMC,CAAK,IAAKL,EACxBG,EAAS,QAAQ,IAAIC,EAAMC,CAAK,CAG5C,EAGEC,GAAsC,IAAMP,EAC9C,IAAIQ,EAAe,EACd,IAAI,gBAAiB,gDAAgD,EACrE,IAAI,SAAU,UAAU,EACxB,IAAI,UAAW,GAAG,CAAC,EAEtBC,GAAqC,IAAMT,EAC7C,IAAIQ,EAAe,EACd,IAAI,yBAA0B,SAAS,CAAC,EAE3CE,GAAiD,CAACC,EAAyBC,EAA4BC,IAAqB,CAC9H,IAAIC,EAAc,WAAWH,CAAe,GACxCC,IACAE,GAAe,wBAEfD,IACAC,GAAe,cAEnB,IAAMC,EAAWf,EACb,IAAIQ,EAAe,EACd,IAAI,4BAA6BM,CAAW,CAAC,EAEhDE,EAAYd,GACGA,EAAS,QAAQ,IAAI,WAClB,SAGxB,MAAO,OAAOA,GAAgC,CACtCc,EAASd,CAAQ,GACjB,MAAMa,EAASb,CAAQ,CAE/B,CACJ,EAGMe,GAAuCC,GAClClB,EACH,IAAIQ,EAAe,EACd,IAAI,kBAAmBU,CAAI,CAAC,EAInCC,GAAwCL,GAA0Cd,EACpF,IAAIQ,EAAe,EACd,IAAI,mBAAoBM,CAAW,CAAC,EAGvCM,GAA4CC,GAA8B,CAE5E,IAAMN,EAAWM,IAAqB,OAAY,OAAYrB,EAC1D,IAAIQ,EAAe,EACd,IAAI,qBAAsBa,CAAgB,CAAC,EACpD,MAAO,OAAOnB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EACMoB,GAA+C,CAACD,EAA2BE,IAAyB,CACtG,IAAMC,EAAaD,EAAa,sCAAwC,0BAClER,EAAWM,IAAqB,OAAY,OAAYrB,EAC1D,IAAIQ,EAAe,EACd,IAAIgB,EAAYH,CAAgB,CAAC,EAC1C,MAAO,OAAOnB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAWMuB,GAAuC,CAACC,EAAyB,gBAC5D1B,EACH,IAAIQ,EAAe,EACd,IAAI,iBAAkBkB,CAAM,CAAC,EAIpCC,GAAkDD,GAAqC,CACzF,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,6BAA8BkB,CAAM,CAAC,EAClD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAGM0B,GAAoDF,GAAuC,CAC7F,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,+BAAgCkB,CAAM,CAAC,EACpD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAGM2B,GAAoDH,GAAuC,CAC7F,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,+BAAgCkB,CAAM,CAAC,EACpD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAEM4B,GAAmC,IAClCC,IAEI,MAAO7B,GAAgC,CAC1C,QAAW8B,KAAUD,EACjB,MAAMC,EAAO9B,CAAQ,CAE7B,EAGW,SAARD,GAAyBgC,EAa7B,CACC,IAAMF,EAAqC,CAAC,EACvCE,GAAM,OAAO,UACdF,EAAQ,KAAKxB,GAAoC,CAAC,EAEjD0B,GAAM,aAAa,UACpBF,EAAQ,KAAKtB,GAAmC,CAAC,EAEhDwB,GAAM,MAAM,UACbF,EAAQ,KAAKrB,GAA+CuB,GAAM,MAAM,QAAU,IAAM,GAAK,GAAK,GAAIA,GAAM,MAAM,mBAAqB,GAAMA,GAAM,MAAM,SAAW,EAAK,CAAC,EAEzKA,GAAM,cAAc,UACrBF,EAAQ,KAAKd,GAAoCgB,GAAM,cAAc,MAAQ,MAAM,CAAC,EAEnFA,GAAM,KAAK,UACZF,EAAQ,KAAKZ,GAAqCc,GAAM,KAAK,aAAe,GAAG,CAAC,EAE/EA,GAAM,mBAAmB,UAC1BF,EAAQ,KAAKX,GAAyCa,GAAM,mBAAmB,gBAAgB,CAAC,EAE/FA,GAAM,uBAAuB,UAC9BF,EAAQ,KAAKT,GAA6CW,GAAM,uBAAuB,kBAAoB,qBAAsBA,GAAM,uBAAuB,UAAU,CAAC,EAExKA,GAAM,eAAe,UACtBF,EAAQ,KAAKN,GAAqCQ,GAAM,eAAe,QAAU,aAAa,CAAC,EAE9FA,GAAM,yBAAyB,UAChCF,EAAQ,KAAKJ,GAA+CM,GAAM,yBAAyB,MAAM,CAAC,EAEjGA,GAAM,2BAA2B,UAClCF,EAAQ,KAAKH,GAAiDK,GAAM,2BAA2B,MAAM,CAAC,EAErGA,GAAM,2BAA2B,UAClCF,EAAQ,KAAKF,GAAiDI,GAAM,2BAA2B,MAAM,CAAC,EAEtGA,GAAM,SACNF,EAAQ,KAAK,GAAGE,EAAK,OAAO,EAEhC,IAAMD,EAASF,GAAiC,GAAGC,CAAO,EAE1D,MAAO,OAAO7B,EAA6BgC,IAA8B,CACrE,MAAMF,EAAO9B,CAAQ,EACrB,MAAMgC,EAAK,CACf,CACJ,CC5MO,IAAMC,EAAgDC,GAGnB,CACtC,IAAMC,EAAaD,EAAK,WAClBE,EAAoCF,GAAM,mCAAqC,GACrF,MAAO,OAAO,CAAC,SAAAG,CAAQ,EAAGC,IAAU,CAIhC,GAHI,CAACF,GAGD,EAAEE,aAAiBC,GACnB,OAAOJ,EAAWE,EAAUC,CAAK,EAErC,MAAMA,CAEV,CAGJ,ECrBA,IAAME,GAAgB,QAChBC,GAAqBC,GAChB,gBAAgBA,CAAK,IAGnBC,EAAuBC,GAA8D,CAC9F,IAAMC,EAAcJ,GAAkBG,GAAM,OAASJ,EAAa,EAClE,MAAO,OAAOM,EAAUC,IAAW,CAC/B,GAAM,CAAC,SAAAC,CAAQ,EAAIF,EACnBE,EAAS,cAAcC,EAAW,YAAY,EAC9CD,EAAS,QAAQ,IAAI,mBAAoBH,CAAW,CACxD,CACJ,ECbA,IAAMK,GAAQ,SAEDC,GAAoCC,GACtC,MAAOC,GAAa,CACvB,GAAM,CAAC,QAAAC,CAAO,EAAID,EACZE,EAAgBD,EAAQ,QAAQ,IAAI,eAAe,EACzD,GAAI,CAACC,GAAiB,CAAE,SAAU,KAAKA,EAAc,UAAU,CAAE,CAAC,EAC9D,OAEJ,IAAMC,EAAcD,EAAc,QAAUL,GAAM,OAAS,GAAKK,EAAc,UAAUL,GAAM,MAAM,EAE9FO,EADU,OAAO,KAAKD,EAAa,QAAQ,EAAE,SAASJ,GAAM,qBAAuB,OAAO,EAC1E,MAAM,IAAK,CAAC,EAClC,GAAIK,EAAM,SAAW,EAGrB,MAAO,CACH,KAAM,mBACN,cAAe,GACf,UAAWA,EAAM,CAAC,EAClB,YAAaA,EAAM,CAAC,CACxB,CACJ,ECtBJ,IAAAC,GAAgC,4BAMnBC,EAAN,MAAMC,CAAkC,CAC3C,OAAe,mBAAmBC,EAErB,CACT,OAAOA,EAAQ,SAAS,GAAG,kBAAoB,MACnD,CAEA,aAAqB,mBAAmBA,EAEE,CACtC,OAAO,MAAMA,EAAQ,SAAS,GAAG,eACrC,CAEA,OAAc,qBAAqBA,EAA4E,CAC3G,OAAOA,EAAQ,SAAS,GAAG,eAC/B,CAEA,OAAc,oBAAoBC,EAA2C,CACzE,MAAO,CAACD,EAA6E,IAAI,wBAGrFA,EAAQ,SAAS,EAAG,gBAAkBC,EAC/BD,EAEf,CAEA,OAAc,mBAAmBE,EAAgC,CAC7D,OAAOH,EAAkC,oBAAoB,QAAQ,QAAQ,CAAC,eAAAG,CAAc,CAAC,CAAC,CAClG,CAEA,aAAoB,WAAWF,EAAkH,CAC7I,GAAID,EAAkC,mBAAmBC,CAAO,EAC5D,OAAOD,EAAkC,mBAAmBC,CAAO,CAE3E,CACJ,EC3BA,eAAeG,GAAaC,EACAC,EACAC,EACAC,EACAC,EACAC,EAA2F,CAEnH,IAAMC,EAAiB,MADH,MAAMH,EAAgBH,CAAQ,KACPE,CAAK,EAChD,GAAII,IAAmB,OACnB,MAAM,IAAI,MAAM,kDAAkD,EAEtE,GAAI,CACA,MAAMC,GAAwBD,EAAgB,CAAC,SAAAN,EAAU,KAAAC,CAAI,EAAGG,EAAgBC,CAAO,CAC3F,OAASG,EAAG,CACR,MAAIA,aAAaC,EAGXD,CACV,CACJ,CAEA,eAAeD,GAAwBD,EACAI,EACAN,EACAC,EAA2F,CAC9HM,EAAkC,mBAAmBL,CAAc,EAAED,CAAO,EAC5E,MAAMD,EAAeM,EAAgBJ,CAAc,CAEvD,CAce,SAARM,EAAsCC,EAAmC,CAC5E,IAAMC,EAAO,CACT,QAASC,GACT,eAAgB,MAAM,CAAC,KAAAd,CAAI,IAAM,CAC7B,MAAMA,EAAK,CACf,EACA,UAAWe,GAAiC,CAAC,CAAC,EAC9C,eAAgBC,EAA6C,CAAC,WAAYC,EAAoB,CAAC,CAAC,CAAC,CAAC,EAClG,GAAGL,CACP,EACIV,EAAkBW,EAAK,gBAC3B,GAAIX,IAAoB,QAAaW,EAAK,UAAY,OAAW,CAC7D,IAAMK,EAAiCL,EAAK,QAC5CX,EAAkB,MAAOiB,GACdD,CAEf,CACA,GAAIhB,IAAoB,OACpB,MAAM,IAAI,MAAM,+DAA+D,EAEnF,MAAO,OAAOH,EAA6BC,IAA6C,CAEpF,IAAMC,GADc,MAAMY,EAAK,QAAQd,CAAQ,GACrB,MAAQ,MAAMc,EAAK,UAAUd,CAAQ,EAAI,OACnE,GAAIE,IAAU,OAAW,CACrB,MAAMD,EAAK,EACX,MACJ,CAEA,GAAI,CACA,MAAMF,GAAaC,EAAUC,EAAMC,EAAOC,EAAiBW,EAAK,eAAgBA,EAAK,OAAO,CAEhG,OAASO,EAAO,CACZ,GAAIA,aAAiBZ,EAAqB,CACtC,MAAMK,EAAK,eAAe,CAAC,SAAAd,EAAU,KAAAC,CAAI,EAAGoB,CAAK,EACjD,MACJ,CACA,MAAMA,CACV,CACJ,CACJ,CC7FO,IAAMC,GAAwBC,GAG1B,MAAOC,EAAUC,IAAgC,CACnCD,EAAS,SACjB,cAAcD,EAAK,UAAU,CAC1C,ECHJ,IAAMG,EAASC,EAAU,kBAAkB,EAE9BC,GAAwBC,GAGC,CAClC,IAAMC,EAAoBD,EAAK,oBAAsB,MAAO,CAAC,SAAAE,CAAQ,EAAGC,IAAW,CAC/ED,EAAS,cAAcE,EAAW,YAAY,EAC9C,MAAMF,EAAS,IAAI,CACvB,GACA,MAAO,OAAOG,EAA6BC,IAA+B,CACtE,OAAW,CAACC,EAASC,CAAU,IAAKR,EAAK,YAKrC,GAJIH,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,0BAA0BU,CAAO,EAAE,GAEtC,MAAMA,EAAQF,CAAQ,GAC1B,MACN,OAAIR,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,0CAA0CW,CAAU,EAAE,EAEhEA,EAAWH,EAAUC,CAAK,EAGzC,OAAIT,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,6CAA6CI,CAAiB,EAAE,EAE1EA,EAAkBI,EAAUC,CAAK,CAC5C,CACJ,EChCO,IAAMG,GAA4BC,GAE9B,MAAO,CAAC,SAAAC,EAAU,KAAAC,CAAI,EAAGC,IAAmC,CAC/D,QAAWC,KAAWJ,EAClB,MAAMI,EAAQ,CAAC,SAAAH,EAAU,KAAAC,CAAI,EAAGC,CAAc,CAEtD,ECYW,SAARE,GAA2BC,EAQ/B,CAEC,IAAMC,EAAuC,MAAOC,GAChCA,EAAS,QAAQ,QACf,KAAK,kBAAkB,EACnC,SAAS,gBAAgB,EACXC,EAAM,EAEVC,EAGdC,EAAoBC,GAAqB,CAC3C,YAAa,CAAC,CAACL,EAAYM,GAAqB,CAAC,WAAYC,EAAW,YAAY,CAAC,CAAC,CAAC,EACvF,kBAAmBC,EAAoB,CAAC,CAAC,CAC7C,CAAC,EAEKC,EAAaV,EAAK,YAAcK,EAEhCM,EAAUX,EAAK,QAEfY,EAAuBC,GAAU,CACnC,WAAY,CACR,uBACA,oCACA,mBACA,2BACA,kBACA,sBACA,UACJ,EACA,kBAAmB,CAAC,KAAK,CAC7B,CAAC,EAEKC,EAA0BC,GAAaF,GAAU,CAAC,WAAY,CAAC,WAAW,CAAC,CAAC,CAAC,EAC7EG,EAA6BC,EAAI,CAACH,EAAgBF,CAAW,CAAC,EAC9DM,EAA4BC,GAAG,CAAClB,EAAYe,CAAiB,CAAC,EACpEhB,EAAK,mBAAmB,KAAK,CAACkB,EAAkBR,CAAU,CAAC,EAC3D,IAAMU,EAAiBpB,EAAK,gBAAkBqB,EAA6C,CAAC,WAAAX,CAAU,CAAC,EACjGY,EAAiBC,GAAyBvB,EAAK,iBAAmBA,EAAK,sBAAsB,EAC7FwB,EAAYC,GAAiC,CAAC,CAAC,EACrD,OAAOC,EAAqB,CACxB,QAAS1B,EAAK,QACd,QAAAW,EACA,eAAAS,EACA,eAAAE,EACA,UAAAE,CACJ,CAAC,CACL,CC9DO,IAAMG,GAAwB,CACjC,gBAAiB,kBACjB,cAAe,gBACf,mBAAoB,oBACxB,EAEMC,GAAc,kDAEb,SAASC,GAAaC,EAAmC,CAC5D,MAAO,CACH,UAAWH,GAAsB,cACjC,WAAYI,EAAW,aACvB,YAAaD,EACb,IAAKF,EACT,CACJ,CAEO,SAASI,GAAeF,EAAmC,CAC9D,MAAO,CACH,UAAWH,GAAsB,gBACjC,WAAYI,EAAW,YACvB,YAAaD,EACb,IAAKF,EACT,CACJ,CChCA,IAAMK,GAA8B,eAC9BC,GAAuB,6CAEhBC,EAAN,cAAwCC,CAAoB,CACtD,MAET,YAAYC,EAA6BC,EAAkBC,EAAwB,CAC/E,MAAMD,IAAY,OAAOD,GAAU,SAAW,OAAYA,EAAM,aAAcE,CAAO,EACrF,KAAK,MAAQ,OAAOF,GAAU,SAAW,CAAC,UAAWA,CAAK,EAAIA,CAClE,CACJ,EAOaG,GAAoCC,GACtCA,EAAe,OAAS,cAG7BC,GAA4CC,GACvC,MAAOC,GAAgC,CAC1C,GAAM,CAAC,QAAAC,CAAO,EAAID,EAClB,OAAO,QAAQ,IAA0B,CACrCE,GAA+BD,EAAQ,QAASF,GAAM,UAAU,EAAE,KAAMI,GAAmBA,IAAU,OAAY,CAACA,CAAK,EAAI,MAAS,EACpIC,GAAuBH,EAASF,GAAM,iBAAiB,EACvDM,GAAgBL,EAAUD,GAAM,wBAAwB,CAC5D,CAAC,EACI,KAAKO,GAAMA,EAAG,OAAOC,GAAKA,IAAM,MAAS,EAAE,KAAK,CAAC,CAAC,EAClD,KAAKC,EAAY,EACjB,KAAKL,GAAS,CACX,GAAIA,EAAO,MAAO,CAAC,cAAe,GAAO,KAAM,cAAe,MAAAA,CAAK,CACvE,CAAC,CACT,EAGJ,eAAeK,GAAaC,EAAwB,CAChD,GAAIA,EAAa,SAAW,EACxB,OAEJ,GAAIA,EAAa,OAAS,EAAG,CACzB,IAAMhB,EAAQiB,GAAe,6CAA6C,EAC1E,MAAM,IAAInB,EAA0BE,CAAK,CAC7C,CAEA,IAAMkB,EAAcF,EAAa,CAAC,EAClC,GAAI,CAACE,GAAeA,EAAY,SAAW,EAAG,CAC1C,IAAMlB,EAAQiB,GAAe,yDAAyD,EACtF,MAAM,IAAInB,EAA0BE,CAAK,CAC7C,CACA,OAAOkB,CACX,CAEA,eAAeT,GAA+BU,EAA8BC,EAAqB,gBAA8C,CAC3I,IAAMC,EAAgBF,EAAQ,IAAIC,CAAU,EAC5C,GAAI,CAACC,GAAiB,CAAE,UAAW,KAAKA,EAAc,UAAU,CAAE,CAAC,EAC/D,OAEJ,IAAMC,EAAQzB,GAAqB,KAAKwB,CAAa,EACrD,GAAIC,IAAU,KAAM,CAChB,IAAMtB,EAAQuB,GAAa,2BAA2B,EACtD,MAAM,IAAIzB,EAA0BE,CAAK,CAC7C,CACA,OAAOsB,EAAM,QAAQ,KACzB,CAEA,eAAeE,GAAcC,EAA4D,CACrF,IAAMT,EAAeS,EAAW,OAAO7B,EAA2B,EAClE,GAAIoB,EAAa,SAAW,EAG5B,OAAOA,CACX,CAEA,eAAeL,GAAuBH,EAA4BkB,EAAQ,GAAsC,CAC5G,GAAI,GAACA,GAASlB,EAAQ,SAAW,OAGjC,OAAOgB,GAAchB,EAAQ,IAAI,YAAY,CACjD,CAEA,eAAeI,GAAgBL,EAA6BmB,EAAQ,GAAsC,CACtG,GAAM,CAAC,QAAAlB,CAAO,EAAID,EAClB,GAAI,CAACmB,GAC2ClB,EAAQ,QAAQ,IAAI,cAAc,IAA1E,qCACDA,EAAQ,SAAW,OACtB,OAEJ,IAAMiB,EAAa,MAAMlB,EAAS,QAAQ,SAAS,EACnD,GAAIkB,EACA,OAAOD,GAAcC,CAAU,CAEvC,CAEA,IAAOE,GAAQtB,GC/Ff,SAASuB,GAAuBC,EAAiC,CAC7D,IAAIC,EAAkB,SACtB,GAAID,EAAW,OAAS,EAAG,CACvBC,GAAmB,IACnB,IAAIC,EAAI,EACR,OAAW,CAACC,EAAKC,CAAK,IAAKJ,EACvBC,GAAmB,GAAGE,CAAG,KAAKC,CAAK,IAC/BF,IAAMF,EAAW,KAAO,IACxBC,GAAmB,MAEvBC,GAER,CACA,OAAOD,CACX,CAEA,IAAMI,GAAsBC,GAChBA,EAA2B,aAAe,OAGtD,SAASC,GAAUC,EAA4C,CAC3D,GAAIA,aAAqBC,EAA2B,CAChD,GAAM,CAAC,MAAAH,CAAK,EAAIE,EAChB,GAAIH,GAAmBC,CAAK,EACxB,OAAOA,EAAM,UAErB,CACA,OAAOI,EAAW,YACtB,CAEA,SAASC,GAAiBH,EAAgCI,EAAgB,CACtE,IAAMZ,EAAa,IAAI,IAIvB,GAHIY,GACAZ,EAAW,IAAI,QAASY,CAAK,EAE7BJ,aAAqBC,EAA2B,CAChD,GAAM,CAAC,MAAAH,CAAK,EAAIE,EAChBR,EAAW,IAAI,QAASM,EAAM,SAAS,EACnCA,EAAM,aACNN,EAAW,IAAI,oBAAqBM,EAAM,WAAW,EAErDA,EAAM,KACNN,EAAW,IAAI,YAAcM,EAAM,GAAG,EAEtCD,GAAmBC,CAAK,GAAKA,EAAM,OACnCN,EAAW,IAAI,QAASM,EAAM,KAAK,CAE3C,CACA,OAAON,CACX,CAEA,IAAMa,GAA6CC,GACxC,MAAOC,EAAUT,IAAU,CAC9B,IAAMU,EAAST,GAAUD,CAAK,EACxBN,EAAaW,GAAiBL,EAAOQ,GAAM,SAAS,EACpDb,EAAkBF,GAAuBC,CAAU,EACnD,CAAC,SAAAiB,CAAQ,EAAIF,EACnBE,EAAS,QAAQ,IAAI,mBAAoBhB,CAAe,EACxDgB,EAAS,cAAcD,CAAM,EAC7B,MAAMC,EAAS,IAAI,CACvB,EAGGC,GAAQL,GC1Df,IAAMM,GAAoBC,GAAwE,CAC9F,IAAMC,EAAqBD,GAAM,oBAAsB,MAEvD,OAAQE,IAEG,CAAC,KAAM,WAAY,cAAe,GAAM,KADlCA,EAAI,iBAAiBD,CAAkB,CACD,EAE3D,EAEME,GAAqBC,GAChB,MAAOF,GACHE,EAAUF,CAAG,EAIfG,EAAN,cAAuB,KAAM,CAAC,EACxBC,GAAN,cAA0BD,CAAS,CAAC,EAG3C,SAASE,GAAQC,EAAiB,CAC9B,GAAIA,aAAiBF,GACjB,OAAO,IAAIG,EAA0BC,GAAaF,EAAM,OAAO,EAAGA,EAAM,QAAS,CAAC,MAAOA,CAAK,CAAC,EAEnG,MAAM,IAAIG,EAA2BH,EAAM,QAAS,CAAC,MAAOA,CAAK,CAAC,CAEtE,CAEe,SAARI,GAAgCZ,EAGb,CACtB,IAAMa,EAAUb,EAAK,QACfc,EAAgBd,EAAK,eAAiBG,GAAkBJ,GAAiB,CAAC,CAAC,CAAC,EAClF,MAAO,OAAOgB,GAAmB,CAC7B,GAAIC,GAAiCD,CAAc,EAAG,CAClD,IAAME,EAAQF,EAAe,MAC7B,GAAI,CACA,IAAMb,EAAM,MAAMW,EAAQI,CAAK,EAC/B,OAAO,MAAMH,EAAcZ,CAAG,CAClC,OAASgB,EAAG,CACR,MAAIA,aAAab,EACPE,GAAQW,CAAC,EAEbA,CACV,CACJ,CACJ,CACJ,CCzCe,SAARC,GAAgCC,EAWuC,CAC1E,IAAMC,EAAaD,EAAK,YAAcE,GAA0C,CAAC,CAAC,EAC5EC,EAAYH,GAAM,WAAaI,GAAyC,CAAC,CAAC,EAC1EC,EAAiBL,EAAK,gBAAkBM,EAA6C,CAAC,WAAAL,CAAU,CAAC,EACvG,GAAID,EAAK,kBAAmB,OACxB,OAAOO,EAAqB,CACxB,QAASP,EAAK,QACd,UAAAG,EACA,eAAAE,EACA,gBAAiBL,EAAK,eAC1B,CAAC,EAEL,GAAIA,EAAK,MAAQ,OAAW,CAExB,IAAMQ,EAAUR,EAAK,IAAI,SAAWS,GAAeT,EAAK,GAAG,EAC3D,OAAOO,EAAqB,CACxB,QAASP,EAAK,QACd,UAAAG,EACA,eAAAE,EACA,gBAAiB,MAAOK,GACbF,CAEf,CAAC,CACL,CACA,MAAM,IAAI,MAAM,uFAAuF,CAC3G,CCrCA,IAAAG,GAA0C,uCCH1C,eAAeC,GAAuBC,EAA6BC,EAA4CC,EAA4C,CACvJ,IAAMC,EAAQ,IAAIC,GAAgC,0DAA0D,EACtGC,EAAyB,IAAIC,EAAoB,gBAAiB,CAAC,MAAAH,CAAK,CAAC,EAC3EF,IACAI,EAAE,eAAiBJ,GAEvB,MAAMC,EAAWF,EAAUK,CAAC,CAChC,CACO,SAASE,GAA8BC,EAAwB,CAClE,MAAO,OAAOR,EAA6BS,IAA8B,CACrET,EAAS,SAAS,cAAcQ,CAAU,EAC1CR,EAAS,SAAS,QAAQ,IAAI,eAAgB,2BAA2B,EACzE,IAAMU,EAAS,OAAO,KAAK,gBAAiB,OAAO,EACnDV,EAAS,SAAS,QAAQ,IAAI,iBAAkBU,EAAO,MAAM,EAC7D,MAAMV,EAAS,SAAS,KAAKU,CAAM,CACvC,CACJ,CAEO,IAAMC,GAAeC,GAEtB,CACF,IAAMC,EAAsBN,GAA8BO,EAAW,SAAS,EACxEC,EAA2BH,EAAK,0BAA4BI,EAAoB,EACtF,MAAO,OAAOhB,EAA6BiB,IAA8B,CACrE,GAAI,CACA,MAAMA,EAAK,CACf,OAASC,EAAO,CACZ,GAAIA,aAAiBC,EAAmB,CACpC,IAAMC,EAAY,MAAMpB,EAAS,UAAU,EACtCqB,GAAiBD,CAAS,GAItBA,EAAU,eACX,MAAMP,EAAoBb,EAAUkB,CAAK,EAE7C,MAAMnB,GAAuBC,EAAUoB,EAAWL,CAAwB,GAN1E,MAAMhB,GAAuBC,EAAU,OAAWe,CAAwB,EAQ9E,MACJ,CACA,MAAMG,CACV,CACJ,CACJ,EClDA,IAAMI,GAASC,EAAU,eAAe,EAEzB,SAARC,GAAgDC,EAA+G,CAClK,IAAMC,EAAQ,MAAOC,EAAqDC,IAAgE,CACtI,IAAIC,EACJ,OAAW,CAACC,EAASC,CAAO,IAAKN,EAAK,SAClC,IAAK,MAAMK,EAAQF,CAAQ,IAAI,MAAO,CAClCN,GAAO,MAAM,8BAA8BM,EAAS,QAAQ,IAAI,YAAYE,CAAO,KAAKC,CAAO,GAAG,EAClG,IAAMC,EAAc,MAAMD,EAAQ,UAAUJ,EAAgB,CAAC,SAAAC,CAAQ,CAAC,EACtE,GAAII,IAAgB,OAAW,CAC3BH,EAAWG,EACX,KACJ,CACJ,CAEJ,OAAAH,IAAa,IAAII,EAAsB,EAAK,EACrCJ,CAEX,EACA,OAAO,IAAIK,EAA4BR,CAAK,CAChD,CClBA,IAAMS,GAASC,EAAU,eAAe,EAEzB,SAARC,GAAqCC,EAGzC,CACC,GAAM,CAAC,QAAAC,EAAS,QAAAC,CAAO,EAAIF,EAC3B,MAAO,OAAOG,EAA6BC,IAA8B,CACrE,IAAMC,EAAUC,EAAkC,WAAWJ,CAAO,EAC/D,KAAKK,GAAKA,GAAG,cAAc,EAChC,GAAI,CACA,MAAMN,EAAQ,OAAOI,EAASF,CAAQ,EAClCN,GAAO,WAAW,OAAO,GACzBA,GAAO,MAAM,0BAA0B,CAE/C,OAASW,EAAO,CACZ,MAAIA,aAAiBC,GACbZ,GAAO,WAAW,OAAO,GACzBA,GAAO,MAAM,yBAAyBW,EAAM,OAAO,EAAE,EAGvDA,CACV,CACA,MAAMJ,EAAK,CACf,CACJ,CCzBO,IAAMM,GAAN,cAA+CC,EAA2B,CACpEC,GACT,YAAYC,EAA6BC,EAAqD,CAC1F,MAAMD,CAAQ,EACd,KAAKD,GAAWE,CACpB,CAEA,MAAM,WAAyD,CAE3D,OADgB,MAAM,KAAKF,GAAS,IACpB,cACpB,CACJ,EAEaG,GAAkBC,GAAuF,CAClH,IAAMC,EAAUD,EAAK,QACrB,MAAO,OAAOH,EAA6BK,IAAyD,CAChG,MAAMA,EAAK,IAAIR,GAAiCG,EAAU,SAAY,MAAMM,EAAkC,WAAWF,CAAO,CAAC,CAAC,CACtI,CACJ,EJkCA,IAAMG,EAAc,CAChB,MAAO,OAAO,iBACd,aAAc,IACd,eAAgB,IAChB,KAAM,IACN,WAAY,IACZ,eAAgB,IAChB,qCAAsC,KACtC,kBAAmB,KACnB,cAAe,KACf,KAAM,OAAO,gBACjB,EACMC,EAAoB,OAAO,IAAI,aAAa,EAE3CC,GAAQ,CAACC,EACAC,IAGkB,CAC9B,IAAMC,EAAyB,CAAC,EAEhC,MAAMC,CAAmB,CACrBC,GACSC,GAAyF,CAAC,EACnG,QAEA,IAAI,0BAAuE,CACvE,OAAI,KAAKD,KAA8B,QAAa,KAAKC,GAAoB,SAAW,EAC7E,KAAKD,GAEZ,KAAKC,GAAoB,SAAW,EAC7B,KAAKA,GAAoB,CAAC,EAAE,CAAC,EAEjCC,GAAqB,CACxB,YAAa,KAAKD,GAClB,kBAAmB,KAAKA,GAAoB,KAAKA,GAAoB,OAAS,CAAC,EAAE,CAAC,CACtF,CAAC,CACL,CAGA,OAAQ,CACJ,GAAIL,EAAO,UAAY,QAAaA,EAAO,QAAQ,WAAa,GAAM,CAClE,IAAMO,EAASC,GAAQR,EAAO,OAAO,EACrCO,EAAOT,CAAiB,EAAID,EAAY,aACxCK,EAAW,KAAKK,CAAM,CAC1B,CACA,GAAIP,EAAO,MAAM,WAAa,IAAQC,EAAQ,mBAAqB,OAAW,CAC1E,IAAMQ,EAA+EC,GAAK,CAAC,iBAAkBT,EAAQ,gBAAiB,CAAC,EACvIQ,EAAOX,CAAiB,EAAID,EAAY,KACxCK,EAAW,KAAKO,CAAM,CAC1B,CAEA,GAAIT,EAAO,QAAU,QAAaA,EAAO,OAAO,WAAa,GAAM,CAC/D,IAAMW,EAAWX,EAAO,MAAM,MAAM,KAAK,YAAY,EAC/CY,EAAWZ,EAAO,MAAM,MAAM,UAAY,GAC1Ca,EAAcb,EAAO,MAAM,MAAM,aAAe,CAAC,EACjDc,EAAiC,MAAOC,GAAS,CACnD,IAAMC,EAAYD,EAAK,UACjBE,EAAcF,EAAK,YACzB,GAAIC,EAAU,YAAY,IAAML,GAAYM,IAAgBL,EACxD,MAAM,IAAIM,GAAoB,8BAA8B,EAEhE,MAAO,CAAC,KAAM,mBAAoB,cAAe,GAAM,UAAAF,EAAW,YAAAC,EAAa,YAAa,CAAC,GAAGJ,CAAW,CAAC,CAChH,EAEMM,EAA+D,CACjE,MAAO,CAAC,SAAUC,EAAG,KAAAC,CAAI,EAAGC,IACjBD,EAAK,CAEpB,EAGMZ,EAASc,GAAU,CACrB,QAAStB,EAAQ,QACjB,QAAAa,EACA,mBAAoB,KAAKT,GACzB,uBAAAc,CACJ,CAAC,EACDV,EAAOX,CAAiB,EAAID,EAAY,WACxCK,EAAW,KAAKO,CAAM,CAC1B,CACA,GAAIT,EAAO,MAAQ,QAAaA,EAAO,IAAI,WAAa,GAAM,CAE1D,IAAMwB,KAAW,gBAAY,CACzB,cAAexB,EAAO,IAAI,UAC1B,OAAQA,EAAO,IAAI,OACnB,SAAUA,EAAO,IAAI,QACzB,CAAC,EACKyB,EAAU,MAAOC,GAAgC,CACnD,GAAI,CACA,GAAM,CAAC,QAAAC,CAAO,EAAI,MAAMH,EAASE,CAAK,EACtC,MAAO,CACH,QAASC,EAAQ,IACjB,iBAAiBC,EAAmC,CAChD,OAAOD,EAAQC,CAAK,CACxB,CACJ,CACJ,OAASC,EAAG,CACR,MAAIA,aAAa,kBACP,IAAIC,GAAYD,EAAE,QAAS,CAAC,MAAOA,CAAC,CAAC,EAEzC,IAAIE,EAAS,kDAAmD,CAAC,MAAOF,CAAC,CAAC,CACpF,CACJ,EAGMG,EAA0BC,GAAyC,CAAC,kBAAmB,EAAI,CAAC,EAC5FC,EAA2D,MAAOC,GAAa,CACjF,GAAI,CAEA,OADU,MAAMH,EAAwBG,CAAQ,IACtC,OACCC,EAEJC,EAAM,CACjB,MACU,CACN,OAAOD,CACX,CACJ,EAEME,EAAaC,GAA0C,CAAC,CAAC,EAE/D,KAAKlC,GAAoB,KAAK,CAAC6B,EAAgCI,CAAU,CAAC,EAE1E,IAAM7B,EAAS+B,GAAe,CAC1B,QAASvC,EAAQ,QACjB,WAAYqC,EACZ,UAAWN,EACX,IAAK,CAAC,QAAAP,CAAO,CAAC,CAAC,EACnBhB,EAAOX,CAAiB,EAAID,EAAY,eACxCK,EAAW,KAAKO,CAAM,CAE1B,CACA,IAAMgC,EAAYC,GAAe,CAAC,QAASzC,EAAQ,OAAO,CAAC,EAK3D,GAJAC,EAAW,KAAKuC,CAAS,EACzBA,EAAU3C,CAAiB,EAAID,EAAY,qCAGvCG,EAAO,YAAc,OAAW,CAChC,IAAM2C,EAAUC,GAAY,CAAC,yBAA0B,KAAK,wBAAwB,CAAC,EACrFD,EAAQ7C,CAAiB,EAAID,EAAY,kBACzCK,EAAW,KAAKyC,CAAO,EAuCvB,IAAM7B,GAtC6B+B,GAA+C,CAC9E,IAAMC,EAEE,CAAC,EACLC,EAAwB,GAC5B,OAAW,CAACC,EAASC,CAAM,IAAKJ,GAAa,CAAC,EAAG,CAC7C,IAAIK,EACJ,GAAIF,IAAY,eACZD,EAAwB,GACxBG,EAAgBC,OACb,IAAIJ,EACP,MAAM,IAAI,MAAM,6DAA6D,EAE7EG,EAAgBF,EAEpB,IAAIlC,EACJ,GAAImC,EAAO,SAAW,YAClBnC,EAAU,IAAIsC,EAA4B,SAAY,IAAIC,EAAsB,EAAI,CAAC,EACrFvC,EAAQ,SAAW,IAAM,0CAClBmC,EAAO,SAAW,SACzBnC,EAAU,IAAIsC,EAA4B,SAAY,IAAIC,EAAsB,EAAK,CAAC,EACtFvC,EAAQ,SAAW,IAAM,uCAClBmC,EAAO,SAAW,gBACzBnC,EAAU,IAAIsC,EAA4B,MAAOE,GAA2C,CACxF,IAAMC,EAAiB,MAAMD,EAC7B,OAAIC,IAAmB,OACZ,IAAIF,EAAsBE,EAAe,aAAa,EAE1D,IAAIF,EAAsB,EAAK,CAC1C,CAAC,EACDvC,EAAQ,SAAW,IAAM,0CAEzB,OAAM,IAAI,MAAM,wBAAwB,KAAK,UAAUmC,CAAM,CAAC,EAAE,EAEpEH,EAAS,KAAK,CAACI,EAAepC,CAAO,CAAC,CAC1C,CACA,OAAO0C,GAA+B,CAAC,SAAAV,CAAQ,CAAC,CACpD,GAC0C9C,EAAO,SAAS,EACpDS,EAASgD,GAAoB,CAAC,QAAA3C,EAAS,QAASb,EAAQ,OAAO,CAAC,EACtEQ,EAAOX,CAAiB,EAAID,EAAY,cACxCK,EAAW,KAAKO,CAAM,CAE1B,CAEAP,EAAW,KAAK,CAAC,EAAGwD,IAAM,CACtB,IAAMC,EAAS,EAAE7D,CAAiB,GAAKD,EAAY,KAC7C+D,EAASF,EAAE5D,CAAiB,GAAKD,EAAY,KACnD,OAAO8D,EAASC,CACpB,CAAC,CACL,CACJ,CAIA,OADiB,IAAIzD,EAAmB,EAC/B,MAAM,EAGRD,CACX,EK5PO,SAAS2D,GAAqBC,EAA0C,CAC3E,IAAMC,EAA6C,CAAC,EAC9CC,EAAmC,CAAC,OAAQF,EAAQ,YAAY,OAAS,OAAS,gBAAkB,WAAW,EAErH,OAAW,CAACG,EAAMC,CAAK,IAAKJ,EAAQ,QAAS,CACzC,IAAMK,EAAOD,EAAM,WAAaF,EAC5BI,EAAoCC,EAAQJ,EAAM,CAAC,OAAQ,KAAK,CAAC,EACrEG,EAAUE,EAAI,CAACC,EAAgBH,CAAO,CAAC,EACvCL,EAAU,KAAK,CAACK,EAASD,CAAI,CAAC,CAClC,CACA,OAAAJ,EAAU,KAAK,CAACM,EAAQ,IAAK,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EACrEN,EAAU,KAAK,CAACM,EAAQ,eAAgB,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EAChFN,EAAU,KAAK,CAACM,EAAQ,UAAW,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EACvEP,EAAQ,UAAU,OAAS,GAC3BC,EAAU,KAAK,GAAGD,EAAQ,SAAS,EAGvCC,EAAU,KAAK,CAAC,eAAgBC,CAAa,CAAC,EACvC,CACH,UAAAD,EACA,KAAM,CACF,SAAUD,EAAQ,aAAe,EACrC,EACA,MAAO,CACH,SAAUA,EAAQ,YAAY,OAAS,QACvC,GAAGA,EAAQ,YAAY,KAC3B,EACA,IAAK,CACD,SAAUA,EAAQ,YAAY,OAAS,SACvC,GAAGA,EAAQ,YAAY,QAAQ,GACnC,CACJ,CACJ,CAEA,eAAsBU,GAAaV,EAA2C,CAC1E,IAAMW,EAAqCC,GAAuBZ,CAAO,EACnEa,EAASd,GAAqBC,CAAO,EACrC,CAAC,QAAAc,CAAO,EAAId,EAClB,OAAOe,GAASF,EAAQ,CAAC,QAAAC,EAAS,iBAAAH,CAAgB,CAAC,CACvD,CC7CA,IAAAK,GAAkC,4BAW3B,IAAMC,GAAN,cAAwCC,CAA4B,CAE3E,EAEMC,GAAN,KAAqB,CAERC,GACTC,GAAwC,GAC/BC,GACTC,GAEA,YAAYC,EAAgBC,EAAsB,CAC9C,KAAKL,GAAUI,EACf,KAAKF,GAAYG,CACrB,CAEU,eAAeC,EAA4BC,EAAiD,CAGlG,OADiB,IAAIC,GAAmBF,EAASC,CAAQ,CAE7D,CAEA,IAAI,QAAQE,EAA6D,CACrE,KAAKN,GAAWM,CACpB,CAEA,IAAI,4BAA4BC,EAAgB,CAC5C,KAAKT,GAA+BS,CACxC,CAEA,cAAcC,EAA8B,CACxC,IAAIC,EAAS,IAEb,QAAWC,KAAOF,EAAQ,KAAK,EAC3B,GAAK,KAAKV,GAGH,CACH,IAAMS,EAAQC,EAAQ,IAAIE,CAAG,EAC7BD,GAAU,IAAIC,CAAG,OAAOH,CAAK,KACjC,KANwC,CACpCE,GAAU,WACV,KACJ,CAKJ,OAAIA,EAAO,SAAS,IAAI,IACpBA,EAASA,EAAO,MAAM,EAAG,EAAE,GAE/BA,GAAU,IACHA,CAEX,CAEA,cAAcN,EAAoC,CAC9C,IAAMQ,EAAQR,EAAQ,IAAI,OAC1B,MAAO,QAAQA,EAAQ,MAAM,KAAKA,EAAQ,IAAI,GAAGQ,CAAK,EAC1D,CAEA,WAAWC,EAA6B,CACpC,GAAI,KAAKf,GAAQ,WAAW,OAAO,EAAG,CAClC,IAAMgB,EAAQ,KAAKhB,GAAQ,WAAW,OAAO,EAC7C,KAAKA,GAAQ,MAAM,GAAGe,EAAS,SAAS,GAAG,KAAK,cAAcA,EAAS,OAAO,CAAC,GAAGC,EAAQ,cAAc,KAAK,cAAcD,EAAS,QAAQ,OAAO,CAAC,GAAK,EAAE,GAAG,CAElK,CACJ,CAEA,YAAYA,EAA6B,CACrC,GAAI,KAAKf,GAAQ,WAAW,OAAO,EAAG,CAClC,IAAMgB,EAAQ,KAAKhB,GAAQ,WAAW,OAAO,EACvCiB,EAASF,EAAS,SAAS,WACjC,KAAKf,GAAQ,MAAM,GAAGe,EAAS,SAAS,aAAaE,GAAU,QAAQ,GAAGD,EAAQ,cAAc,KAAK,cAAcD,EAAS,SAAS,OAAO,CAAC,GAAK,EAAE,GAAG,CAC3J,CACJ,CAEA,sBAAsBA,EAA6BG,EAAc,CAC7D,GAAM,CAAC,QAAAZ,EAAS,SAAAC,EAAU,UAAAY,CAAS,EAAIJ,EAEvC,GAAIR,EAAS,cAAca,EAAW,qBAAqB,EAAG,CAC1D,KAAKpB,GAAQ,MAAM,GAAGmB,CAAS,wBAAwB,KAAK,cAAcb,CAAO,CAAC,GAAIY,CAAK,EAC3F,MACJ,CAGA,WAAKlB,GAAQ,MAAM,GAAGmB,CAAS,UAAUD,EAAM,OAAO,QAAQ,KAAK,cAAcZ,CAAO,CAAC,wBAAwBC,EAAS,UAAU,IAAKW,CAAK,EACxIA,CAEV,CAEA,MAAM,IAAIH,EAA4C,CAClD,OAAO,MAAM,KAAKb,GAAUa,CAAQ,CACxC,CAEA,MAAM,KAAKT,EAA4BC,EAA6C,CAEhF,IAAMQ,EAAW,KAAK,eAAeT,EAASC,CAAQ,EAChDc,EAAW,KACb,KAAK,WAAWN,CAAQ,EACjB,KAAK,IAAIA,CAAQ,EACnB,KAAK,IAAM,CACR,KAAK,YAAYA,CAAQ,CAC7B,CAAC,EACA,MAAOG,GAAiB,CACrB,KAAK,sBAAsBH,EAAUG,CAAK,CAC9C,CAAC,EACA,KAAK,SAAY,CACd,MAAMH,EAAS,SAAS,IAAI,CAChC,CAAC,GAGT,MAAM,IAAI,QAAc,CAACO,EAASC,IAAW,CACrC,KAAKpB,KAAa,OAClB,KAAKA,GAAS,IAAI,CAAC,SAAAY,CAAQ,EAAG,IAAM,CAChCM,EAAS,EAAE,KAAK,IAAMC,EAAQ,CAAC,EAAE,MAAOJ,GAAUK,EAAOL,CAAK,CAAC,CACnE,CAAC,EAEDG,EAAS,EAAE,KAAK,IAAMC,EAAQ,CAAC,EAAE,MAAOJ,GAAUK,EAAOL,CAAK,CAAC,CAEvE,CAAC,CACL,CACJ,EAEaM,GAAN,KAA4B,CACtBC,GACTtB,GAAgE,IAAI,qBACpEuB,GAEA,QAAQjB,EAAmE,CACvE,YAAKN,GAAWM,EACT,IACX,CAEA,qBAAqBkB,EAAwD,CACzE,GAAI,KAAKD,KAAsB,OAC3B,KAAKA,GAAoBC,MACtB,CACH,IAAMC,EAAoB,KAAKF,GAC/B,KAAKA,GAAqBG,IACtBA,EAAUD,EAAkBC,CAAO,EAC5BF,EAAUE,CAAO,EAEhC,CACA,OAAO,IACX,CAEA,YAAYC,EAAwB,CAChC,KAAKL,GAAcK,CACvB,CAEA,OAAqB,CACjB,IAAM1B,EAAS2B,EAAU,MAAM,EAEzBC,EAAU,IAAIjC,GAAeK,EAAQ,KAAKqB,EAAW,EACvD,KAAKtB,KAAa,SAAW6B,EAAQ,QAAU,KAAK7B,IACxD6B,EAAQ,4BAA8B,GACtC,IAAMC,EAAuB,MAAO3B,EAASC,IAAayB,EAAQ,KAAK1B,EAASC,CAAQ,EAGxF,OAAO,KAAKmB,GAAoB,KAAKA,GAAkBO,CAAO,EAAIA,CACtE,CACJ,ECxKA,IAAAC,GAAgC,cCUzB,SAASC,GAAoBC,EAAkCC,EAA2C,CAC7G,IAAMC,EAAWF,GAAK,SAChBG,EAAUD,GAAU,SAAW,IAAIE,EAAkBJ,CAAG,EACxDK,EAA2BH,GAAU,UACrCI,EAAYD,EAA2BA,EAAyB,KAAKH,CAAQ,EAAI,gBAAyE,CAAoB,EAC9KK,EAAMJ,EAAQ,IACdK,EAAU,IAAIC,EACpB,QAAWC,KAAOP,EAAQ,QAAQ,KAAK,EACnCK,EAAQ,IAAIE,EAAKP,EAAQ,QAAQ,KAAKO,CAAG,CAAC,EAE9C,IAAMC,EAAUR,EAAQ,QAClBS,EAAYV,GAAU,WAAa,IAAIC,EAAQ,EAAE,KACjDU,EAAgBV,EAAQ,cAU9B,MAT0C,CACtC,IAAAI,EACA,QAAAC,EACA,QAAAG,EACA,UAAAL,EACA,SAAAL,EACA,cAAAY,EACA,UAAAD,CACJ,CAEJ,CAEO,SAASE,GAAWC,EAA4D,CA6CnF,MAAO,CA3CS,MAAOb,EAA6Bc,IAA8B,CAE9E,IAAMC,EADUf,EAAS,QACJ,MAAQ,IAEvBgB,EAASH,EAAQ,QACjBI,EAASD,EAAO,IAAID,CAAI,GAAK,MAAM,KAAKC,EAAO,OAAO,CAAC,EAAE,KAAKC,GAAS,CACzE,GAAIF,IAAS,KAAOE,EAAM,UAAY,GAClC,MAAO,EAEf,CAAC,EAED,GAAIA,IAAU,OAAW,CACrB,GAAM,CAAC,QAAAhB,EAAS,SAAAiB,CAAQ,EAAIlB,EACtBmB,EAAqB,MAAMC,EAAepB,CAAQ,EACxD,IAAKC,EAAQ,SAAW,OAASA,EAAQ,SAAW,YAAckB,EAAmB,MACjF,GAAIF,EAAM,kBAAoB,OAAW,CACrCA,EAAM,gBAAgBjB,CAAQ,EAC9B,MACJ,KAEI,OAAM,IAAI,MAAM,4CAA4Ce,CAAI,EAAE,MAGnE,CACH,GAAIE,EAAM,QAAS,CAEf,MAAMH,EAAK,EACX,MACJ,CAEAI,EAAS,cAAcG,EAAW,gBAAgB,EAClDH,EAAS,QACJ,IAAI,UAAW,WAAW,EAC1B,IAAI,aAAc,SAAS,EAC3B,IAAI,eAAgB,YAAY,EAErC,IAAMI,EAAS,OAAO,KAAK,iBAAiBrB,EAAQ,IAAI,4CAA6C,OAAO,EAC5G,MAAMiB,EAAS,KAAKI,CAAM,CAC9B,CACJ,MACI,MAAMR,EAAK,CAEnB,CACe,CACnB,CCjFA,IAAAS,GAA0B,cAGbC,GAAN,cAAgC,YAAU,CAC7C,YAAYC,EAAiBC,EAAmBC,EAAmB,CAE/D,MAAM,KAAwB,OAAWA,CAAc,CAC3D,CAEA,SACJ,EAIaC,GAAN,MAAMC,CAAY,CACrB,MAAgBC,GAAgB,OAAO,MAAM,CAAC,EAC9C,MAAOC,GAA2C,CAAC,EAAG,OAAO,MAAM,CAAC,CAAC,EAE5DC,GACAC,GACAC,GACAC,GAAQ,GACRC,GAET,YAAYC,EAAgBC,EAAkDC,EAA4B,CACtG,KAAKH,GAAUC,EACf,KAAKJ,GAAgB,OAAOM,GAAS,SAAWA,EAAOA,GAAM,SAC7D,KAAKP,GACD,OAAOO,GAAS,UAAYA,GAAM,OAAS,YACrC,IAAMV,EAAYW,GAA2B,KAAK,IAAI,CAAC,EACvD,IAAMX,EAAYC,GAExB,KAAKG,KACL,KAAKC,GAAkB,YAAY,IAAM,CACrC,GAAM,CAACO,EAAMC,CAAO,EAAIJ,EAAS,EACjC,QAAWK,KAAUD,EACb,KAAKE,GAAyBD,EAAQF,CAAI,GAG9C,KAAKI,GAAiBF,EAAQF,CAAI,CAE1C,EAAG,KAAKR,EAAa,EAG7B,CAEAW,GAAyBD,EAA2BF,EAAc,CAC9D,OAAIE,EAAO,YAAc,IACjB,KAAKP,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,0CAA0CK,CAAI,GAAG,EAExEE,EAAO,UAAU,EACV,IAEJ,EACX,CAEAE,GAAiBF,EAA2BF,EAAc,CACtDE,EAAO,UAAY,GACnB,IAAMG,EAAO,KAAKd,GAAU,EACxB,KAAKI,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,yBAAyBK,CAAI,GAAG,EAEvDE,EAAO,KAAKG,EAAM,KAAKX,GAAQY,GAAe,CACtCA,GAAO,KAAKX,GAAQ,WAAW,MAAM,GACrC,KAAKA,GAAQ,KAAK,gCAAgCK,CAAI,IAAKM,CAAG,CAEtE,CAAC,CACL,CAEA,MAAOP,GAA2BQ,EAAM,KAAK,IAAI,EAAW,CACxD,GAAIA,EAAMnB,EAAYE,GAAuB,CAAC,EAAI,EAAG,CACjD,IAAMkB,EAAS,OAAO,YAAY,CAAC,EACnCA,EAAO,gBAAgB,OAAOD,CAAG,EAAG,CAAC,EACrCnB,EAAYE,GAAyB,CAACiB,EAAKC,CAAM,CACrD,CACA,OAAOpB,EAAYE,GAAuB,CAAC,CAC/C,CAEA,MAAOmB,GAA2BJ,EAAsB,CACpD,OAAIA,EAAK,SAAW,EACT,OAAOA,EAAK,eAAe,CAAC,CAAC,EAEjC,CACX,CAEA,OAAQ,CACJ,cAAc,KAAKZ,EAAe,CACtC,CAEA,WAAWiB,EAAmCC,EAA2BN,EAAoB,CACzFM,EAAO,UAAY,GACnBA,EAAO,KAAKN,EAAM,GAAQC,GAAe,CACjCA,GAAO,KAAKX,GAAQ,WAAW,MAAM,GACrC,KAAKA,GAAQ,KAAK,GAAGe,EAAU,SAAS,6BAA6BA,EAAU,eAAe,OAAO,IAAIA,EAAU,eAAe,IAAI,IAAKJ,CAAG,CAEtJ,CAAC,CACL,CAEA,WAAWI,EAAmCC,EAA2BN,EAAoB,CAEzF,GADAM,EAAO,UAAY,GACf,KAAKhB,GAAQ,WAAW,MAAM,EAAG,CACjC,IAAMiB,EAAOxB,EAAYqB,GAA2BJ,CAAI,EACxD,GAAIO,EAAO,EAAG,CACV,IAAMC,EAAU,KAAK,IAAI,EAAID,EACzB,KAAKjB,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,GAAGe,EAAU,SAAS,cAAcA,EAAU,eAAe,OAAO,IAAIA,EAAU,eAAe,IAAI,wBAAwBG,CAAO,IAAI,EAE3J,KAAKrB,IAAiBqB,EAAU,KAAKrB,GAAgB,GAAK,KAAKG,GAAQ,WAAW,MAAM,GACxF,KAAKA,GAAQ,KAAK,GAAGe,EAAU,SAAS,cAAcA,EAAU,eAAe,OAAO,IAAIA,EAAU,eAAe,IAAI,6BAA6BG,CAAO,IAAI,CAEvK,CACJ,CACJ,CACJ,EFpGA,IAAMC,EAASC,EAAU,IAAI,EAE7B,SAASC,GAAgBC,EAAcC,EAAoBC,EAAsBC,EAAqC,CAClH,OAAQC,GAAgC,CAEpC,GAAM,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EAAIF,EACzBG,EAAMC,GAA2B,iBAA8CF,CAAO,EAC5FC,EAAI,SAAWH,EACf,GAAM,CAAE,OAAAK,EAAQ,YAAAC,CAAY,EAAIH,EAE1BI,EAAOL,EAAQ,KAErB,GADAG,EAAO,eAAe,QAASN,CAAa,EACxCF,EAAM,iBAAmB,QAAaC,EAAI,SAAS,MAAQD,EAAM,eAAgB,CACjFJ,EAAO,KAAK,GAAGQ,CAAS,qCAAqCM,CAAI,GAAGX,CAAI,6BAA6B,EACrGS,EAAO,QAAQ,EACf,MACJ,CAEA,IAAMG,EAASN,EAAQ,QAAQ,IAAI,QAAQ,EAC3C,GAAI,CAACO,GAAcD,EAAQX,EAAM,aAAa,EAAG,CACzCJ,EAAO,WAAW,MAAM,GACxBA,EAAO,KAAK,GAAGQ,CAAS,qCAAqCM,CAAI,GAAGX,CAAI,YAAYY,GAAU,WAAW,EAAE,EAE/GH,EAAO,QAAQ,EACf,MACJ,CACIZ,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,GAAGQ,CAAS,yCAAyCM,CAAI,GAAGX,CAAI,EAAE,EAGnFE,EAAI,cAAcK,EAAKE,EAAQC,EAAc,CAACI,EAAQP,IAAQ,CAC1DL,EAAI,KAAK,aAAcY,EAAQP,CAAG,CACtC,CAAC,CACL,CACJ,CAEA,SAASQ,GAAsBC,EAAmBC,EAA8B,CAC5E,IAAMC,EAAO,IAAI,IACjBF,EAAQ,QAAQ,CAACG,EAAQC,IAAU,CAC/B,GAAIA,IAAU,GAAKD,EAAO,WAAW,eAAe,EAAG,CACnDF,EAAS,cAAcI,EAAW,mBAAmB,EACrD,MACJ,CACA,GAAM,CAACC,EAAMC,CAAK,EAAIJ,EAAO,MAAM,IAAI,EACnCF,EAAS,QAAQ,IAAIK,CAAI,EACzBN,EAAQI,CAAK,EAAI,GAAGE,CAAI,KAAKL,EAAS,QAAQ,IAAIK,CAAI,CAAC,GAGvDL,EAAS,QAAQ,IAAIK,EAAMC,CAAK,EAEpCL,EAAK,IAAII,EAAK,YAAY,CAAC,CAC/B,CAAC,EACD,IAAME,EAAiBC,EAA4B,kBAA8CR,CAAQ,EACzG,QAAWK,KAAQE,EAAe,kBAAkB,EAAG,CAEnD,IAAME,EAAgBJ,EAAK,YAAY,EACvC,GAAI,CAACJ,EAAK,IAAIQ,CAAa,EAAG,CAC1B,IAAMH,EAAQN,EAAS,QAAQ,IAAIS,CAAa,EAC5CH,IAAU,QACVP,EAAQ,KAAK,GAAGM,CAAI,KAAKC,CAAK,EAAE,CAExC,CACJ,CACAC,EAAe,gBAAgB,CACnC,CAEA,eAAsBG,GAAU3B,EACAC,EACA2B,EACAC,EACA1B,EAAoD,CAChF,GAAI,CACAN,EAAO,KAAK,2BAA2BG,CAAI,uBAAuBC,EAAM,gBAAkB,aAAa,qBAAqBA,EAAM,cAAgB,KAAK,UAAUA,EAAM,cAAe6B,EAAkB,EAAI,QAAQ,WAAW,OAAO7B,EAAM,MAAS,SAAWA,EAAM,KAAO,KAAOA,EAAM,KAAO,KAAK,UAAUA,EAAM,IAAI,EAAI,QAAQ,EAAE,EACxU,IAAMC,EAAM,IAAI,mBAA8E,CAC1F,SAAU,GACV,UAAW6B,GACX,SAAU,EACd,CAAC,EAEKC,EAAQ,IAAIC,GAAYpC,EAAO,MAAM,OAAO,EAAG,IAAM,CAACG,EAAME,EAAI,OAAO,EAAGD,EAAM,IAAI,EAEpFiC,EAAU,MAAMjC,EAAM,QAAQ,CAAE,SAAA2B,EAAU,QAAAC,CAAQ,CAAC,EACzD3B,EACK,GAAG,QAAUiC,GAAe,CACzBtC,EAAO,MAAM,qCAAqCG,CAAI,IAAKmC,CAAG,CAClE,CAAC,EACA,GAAG,YAAa,IAAM,CACnBtC,EAAO,KAAK,kBAAkBG,CAAI,gBAAgB,CACtD,CAAC,EACA,GAAG,UAAW,CAACgB,EAASV,IAAY,CACjC,GAAIA,EAAQ,WAAa,OAAW,CAChC,GAAM,CAAE,SAAAW,CAAS,EAAIX,EAAQ,SAC7BS,GAAsBC,EAASC,CAAQ,CAC3C,CACJ,CAAC,EACA,GAAG,aAAc,CAACR,EAAQH,IAAY,CAEnC,IAAM8B,EAAYC,GAAoB/B,EAASG,EAAO,QAAQ,EAE9DA,EAAO,GAAG,OAAS6B,GAAS,CACxBN,EAAM,WAAWI,EAAW3B,EAAQ6B,CAAI,CAC5C,CAAC,EACD7B,EAAO,GAAG,OAAS6B,GAAiB,CAChCN,EAAM,WAAWI,EAAW3B,EAAQ6B,CAAI,CAC5C,CAAC,EACDJ,EAAQ,CAAE,OAAAzB,EAAQ,UAAA2B,CAAU,CAAC,CACjC,CAAC,EACLlC,EAAI,GAAG,QAAS,IAAM,CAClB8B,EAAM,MAAM,CAChB,CAAC,EAED/B,EAAM,gBAAkBF,GAAgBC,EAAMC,EAAOC,EAAKC,CAAa,EACvEF,EAAM,MAAQ,SAAY,CACtB,MAAMiC,EAAQ,OAAO,KAAKA,CAAO,EACjCrC,EAAO,KAAK,2BAA2BG,CAAI,eAAeE,EAAI,SAAS,MAAQ,CAAC,EAAE,EAClFA,EAAI,SAAS,QAAQY,GAAU,CAC3BA,EAAO,UAAU,CACrB,CAAC,EACDZ,EAAI,MAAM,CACd,CACJ,OACOqC,EAAG,CACN1C,EAAO,KAAK,wBAAwBG,CAAI,GAAIuC,CAAC,CACjD,CAEJ,CtChHA,IAAMC,EAASC,EAAU,KAAK,EAE9B,SAASC,GAAqBC,EAAoD,CAC9E,IAAMC,EAAgC,CAAC,EACvC,OAAID,EAAI,MAAKC,EAAQ,OAAM,iBAAaD,EAAI,GAAG,GAC3CA,EAAI,OAAMC,EAAQ,QAAO,iBAAaD,EAAI,IAAI,GAC9CA,EAAI,KAAIC,EAAQ,MAAK,iBAAaD,EAAI,EAAE,GACrCC,CACX,CASA,eAAeC,GAAeC,EACAC,EAA+D,CAEzF,IAAMC,EAAcF,EAAQ,MAAM,EAClC,MAAO,OAAOG,EAAkCC,IAA2E,CACvHD,EAAI,OAAO,YAAY,QAASF,CAAa,EAC7C,IAAII,EACAD,aAA4BE,EAC5BD,EAAMD,GAGND,EAAI,YAAcC,EAClBC,EAAM,IAAIC,EAA2BH,CAAG,EACxCE,EAAI,aAAaF,EAAI,MAAM,GAE/B,IAAMI,EAAU,IAAIC,EAAkBL,CAAG,EACnCM,EAAW,IAAIC,GAAmBL,CAAG,EACrCM,EAAwCJ,EAAQ,SAAW,OAAS,IAAIK,GAA0BH,CAAQ,EAAIA,EAEpH,MAAMP,EAAYK,EAASI,CAAiB,CAEhD,CACJ,CAEA,SAASE,GAAaC,EAAyD,CAC3E,OAAO,IAAI,QAAW,CAACC,EAASC,IAAW,CACvC,IAAMC,EAAIH,EAAII,GAAgB,CACtBA,EACAF,EAAOE,CAAG,EAEVH,EAAQE,CAAC,CAEjB,CAAC,CACL,CAAC,CACL,CAEA,SAASE,GAAcC,EAA+C,CAClE,GAAIA,EACA,OAAkBC,GAAM,CACpB,YAAaD,EAAO,aACpB,aAAcA,EAAO,cACrB,WAAYA,EAAO,YACnB,eAAgBA,EAAO,gBACvB,WAAYA,EAAO,WACvB,CAAC,CAET,CAEA,eAAeE,GAAYC,EAAsB,CAC7C,IAAMC,EAAUD,EAAQ,QAClBE,EAAW,MAAMC,GAAaH,CAAO,EAErCI,EAAUC,GAAWL,CAAO,EAC5BM,EAAUC,GACZC,GAAaR,EAAQ,YAAY,EACjC,GAAGE,EACH,GAAGE,EACH,GAAGJ,EAAQ,WAEX,MAAO,CAAC,QAAAhB,EAAS,SAAAE,CAAQ,EAAGuB,IAAS,CACjC,GAAIzB,EAAQ,SAAW,OAASA,EAAQ,OAAS,UAAW,CACxDE,EAAS,cAAcwB,EAAW,EAAE,EACpC,IAAMC,EAAS,OAAO,KAAK,KAAM,OAAO,EACxCzB,EAAS,QAAQ,IAAI,eAAgB,2BAA2B,EAChE,MAAMA,EAAS,KAAKyB,CAAM,CAC9B,MACI,MAAMF,EAAK,CAEnB,EAEA,MAAO,CAAC,QAAAzB,EAAS,SAAAE,CAAQ,EAAGuB,IAAS,CACjC,GAAIzB,EAAQ,SAAW,OAASA,EAAQ,OAAS,IAAK,CAClDE,EAAS,cAAcwB,EAAW,EAAE,EACpC,IAAMC,EAAS,OAAO,KAAK,oBAAqB,OAAO,EACvDzB,EAAS,QAAQ,IAAI,eAAgB,2BAA2B,EAChE,MAAMA,EAAS,KAAKyB,CAAM,CAC9B,MACI,MAAMF,EAAK,CAEnB,EAEA,MAAO,CAAC,SAAAvB,CAAQ,EAAG0B,IAAU,CACzB1B,EAAS,cAAcwB,EAAW,SAAS,EAC3C,MAAMxB,EAAS,IAAI,CACvB,CACJ,EAEA,OAAO,IAAI2B,GAAsBP,CAAO,EAAE,QAAQL,CAAO,CAC7D,CAEO,IAAMa,GAAU,MAAOvC,GAAuE,CACjG,IAAMD,EAAMC,EAAQ,IACdwC,EAAezC,EACf,CAACC,EAAwB+B,IAA6B,GAAAU,QAAM,aAAa,CAAC,GAAGzC,EAAS,GAAGF,GAAqBC,CAAG,CAAC,EAAGgC,CAAO,EAC5H,CAAC/B,EAAwB+B,IAA6B,GAAAW,QAAK,aAAa1C,EAAS+B,CAAO,EACxFY,EAAUtB,GAAcrB,EAAQ,MAAM,EACtCyB,EAAuB,CACzB,WAAY,CAAC,EACb,WAAYzB,EAAQ,KACpB,KAAM,CAAC,EACP,WAAYA,EAAQ,KACpB,UAAW,CAAC,EACZ,QAAS,IAAI,qBACb,QAAS,IAAI,GACjB,EACM4C,EAAK,aAAU,QAAQ,CAAC,GAAG5C,EAAQ,OAAO,CAAC,EACjD,GAAIA,EAAQ,QAAS,CACjB,IAAMsB,EAAStB,EAAQ,QAEvB,MAAM6C,GAAU,MAAOC,GAAiC,CACpDA,EAAW,OAAO,CAAC,KAAMxB,EAAO,MAAO,QAASyB,GAAU,KAAKH,CAAE,EAAG,QAAStB,CAAM,CAAC,CACxF,EAAGtB,EAASyB,CAAO,CAEvB,CACIzB,EAAQ,KACR,MAAM6C,GAAU7C,EAAQ,IAAKA,EAASyB,CAAO,EAGjD,IAAMuB,EAAQC,GAAUjD,EAAQ,MAAQ,CAAC,EACnCkD,EAAOlD,EAAQ,KACfG,EAAiBiB,GAAexB,EAAO,MAAM,iBAAiBwB,CAAG,GAAIA,CAAG,EACxElB,EAAU,MAAMsB,GAAYC,CAAO,EAEnC0B,EAAW,MAAMlD,GAAeC,EAASC,CAAa,EA0DtDiD,EAAS,MAxDC,IAAI,QAA4F,CAACnC,EAASC,IAAW,CAEjI,IAAMkC,EAASZ,EAAa,CACxB,gBAAiBa,GACjB,eAAgB7C,EAChB,GAAGR,EAAQ,IACf,EAAGmD,CAAQ,EAEXC,EAAO,GAAG,QAAUE,GAAa,CAC7B,GAAIA,EAAE,OAAY,aAAc,CAC5B1D,EAAO,MAAM,QAAQ0D,EAAE,IAAO,8BAA8BA,EAAE,OAAU,EAAE,EAC1E,GAAM,CAAC,MAAOC,CAAI,EAAIP,EAAM,KAAK,EAC7BO,GACA3D,EAAO,KAAK,iCAAiC2D,CAAI,aAAaL,GAAQ,eAAe,EAAE,EACvFE,EAAO,MAAM,EACbA,EAAO,OAAOG,EAAML,CAAI,IAExBtD,EAAO,KAAK,0BAA0BI,EAAQ,IAAI,yBAAyB,EAC3EoD,EAAO,MAAM,EACblC,EAAOoC,CAAC,EAEhB,MACI1D,EAAO,MAAM,iBAAiB0D,EAAE,OAAO,GAAIA,CAAC,EAC5CpC,EAAOoC,CAAC,CAEhB,CAAC,EACDF,EACK,GAAG,YAAa,SAAY,CACzB,IAAMI,EAAOJ,EAAO,QAAQ,EAE5B,OAAW,CAACK,EAAMC,CAAK,IAAKjC,EAAQ,QAAS,CACzC,IAAMkC,EAAW,GAAG5D,EAAM,MAAQ,IAAI,MAAM6D,EAAO,IAAIJ,EAAK,IAAI,GAAGC,CAAI,GACvE,MAAMI,GAAUJ,EAAMC,EAAOC,EAAUlC,EAAQ,QAAStB,CAAa,CACzE,CACAP,EAAO,KAAK,4BAA4B4D,EAAK,OAAO,IAAIA,EAAK,IAAI,EAAE,EACnEvC,EAAQmC,CAAM,CAClB,CAAC,EACLA,EACK,GAAG,UAAW,CAAC/C,EAAkCyD,EAAiBC,IAAkC,CACjG,GAAI,CACAZ,EAAS9C,EAAK0D,CAAI,CACtB,OAAS3C,EAAK,CACVxB,EAAO,MAAM,kBAAkBwB,CAAG,GAAIA,CAAG,CAC7C,CACJ,CAAC,EACA,GAAG,QAAS,SAAY,CACrBxB,EAAO,KAAK,qBAAqB,CACrC,CAAC,EACL,GAAI,CACA,GAAM,CAAC,MAAO2D,CAAI,EAAIP,EAAM,KAAK,EACjCI,EAAO,OAAOG,EAAML,CAAI,CAC5B,OAASI,EAAG,CACR1D,EAAO,MAAM,mCAAoC0D,CAAC,EAClDpC,EAAOoC,aAAa,MAAQA,EAAI,IAAI,MAAM,kBAAkBA,CAAC,EAAE,CAAC,CACpE,CACJ,CAAC,EAED,OAAO,IAAI,KAAsC,CACpC,QAAUV,EAEnB,MAAM,OAAuB,CACzB,OAAW,CAACa,EAAMC,CAAK,IAAKjC,EAAQ,QAChC,GAAI,CACIiC,EAAM,QAAU,QAChB,MAAMA,EAAM,MAAM,CAE1B,OAASJ,EAAG,CACR1D,EAAO,KAAK,uBAAuB6D,CAAI,GAAIH,CAAC,CAChD,CAEJ,MAAMvC,GAAUiD,GAAM,CAClBZ,EAAO,oBAAoB,EAC3BA,EAAO,MAAMY,CAAE,CACnB,CAAC,EACGrB,GACA,MAAiBsB,GAAKtB,CAAO,EAE7BC,GACA,MAAMA,EAAG,KAAK,CAEtB,CACJ,CACJ,ED1PA,IAAOsB,GAAsBC",
6
- "names": ["index_exports", "__export", "server_exports", "index_default", "__toCommonJS", "server_exports", "__export", "Factory", "import_node_http", "import_node_https", "import_node_fs", "import_node_async_hooks", "import_gateway", "GatewayLogging", "getLogger", "name", "regexAwareReplacer", "_key", "value", "import_gateway", "import_node_async_hooks", "GatewayEncoders", "log", "getLogger", "codec", "principalName", "authentication", "name", "principal", "initClient", "socket", "authenticationPromise", "remoteAddress", "key", "host", "opts", "err", "reason", "data", "create", "environment", "handshake", "logPrefix", "principalPromise", "client", "contextFn", "_isBinary", "code", "core_default", "compose", "middleware", "fns", "fn", "ctx", "next", "dispatch", "i", "dispatchedCtx", "nextCalled", "nextResolved", "result", "nextCtx", "import_node_net", "import_tough_cookie", "parseHost", "headers", "defaultHost", "host", "port", "isForwardedSsl", "v", "parseProtocol", "defaultProtocol", "proto", "parseRemoteAddress", "url", "remoteAddress", "AbstractHttpMessage", "#headers", "AbstractHttpRequest", "_AbstractHttpRequest", "#id", "parseCookies", "AbstractHttpResponse", "parseResponseCookies", "responseCookie", "parseHeader", "value", "list", "start", "end", "i", "toList", "values", "s", "cs", "tc", "cookie", "parsed", "result", "AbstractHttpHeaders", "name", "MapHttpHeaders", "prev", "DefaultHttpStatusCode", "#value", "value", "HttpStatus", "_HttpStatus", "#VALUES", "key", "code", "status", "#phrase", "phrase", "httpStatusCode", "import_node_http", "ExtendedHttpIncomingMessage", "http", "ExtendedHttpServerResponse", "AbstractServerHttpRequest", "AbstractHttpRequest", "AbstractServerHttpResponse", "AbstractHttpResponse", "#cookies", "#statusCode", "#state", "#commitActions", "statusCode", "httpStatusCode", "cookie", "action", "state", "body", "buffer", "error", "writeAction", "allActions", "acc", "cur", "_error", "HttpServerRequest", "#url", "#req", "req", "IncomingMessageHeaders", "dh", "dp", "family", "address", "port", "remoteAddress", "chunks", "chunk", "text", "blob", "remoteIp", "AbstractHttpHeaders", "#msg", "msg", "name", "value", "OutgoingMessageHeaders", "v", "HttpServerResponse", "#res", "res", "status", "resolve", "reject", "e", "ServerHttpRequestDecorator", "_ServerHttpRequestDecorator", "#delegate", "request", "ServerHttpResponseDecorator", "_ServerHttpResponseDecorator", "response", "ServerWebExchangeDecorator", "_ServerWebExchangeDecorator", "exchange", "DefaultWebExchange", "#attributes", "#logId", "#logPrefix", "LOG_ID_ATTRIBUTE", "import_node_os", "PORT_RANGE_MATCHER", "validPort", "port", "portRange", "trimmed", "matchResult", "start", "end", "localIp", "first", "a", "addresses", "details", "info", "acc", "import_node_v8", "import_promises", "log", "getLogger", "DEFAULT_OPTIONS", "fetchStats", "dumpHeap", "opts", "prefix", "target", "fileExists", "_", "dumpFileName", "lastFileName", "e", "currentFileName", "nextFileName", "firstFileName", "path", "processStats", "stats", "state", "limit", "used", "start", "merged", "stopped", "report", "interval", "command", "run", "channel", "stop", "m", "import_package", "serverHeader", "server", "info", "response", "next", "server_header_default", "import_gateway", "log", "getLogger", "acceptsMissing", "originFilters", "tryMatch", "origin", "block", "allow", "acceptsNonMatched", "acceptsOrigin", "matchResult", "regexifyOriginFilters", "or", "matchers", "exchange", "matcher", "match", "NO_MATCH", "and", "m", "not", "anyExchange", "_exchange", "EMPTY_OBJECT", "variables", "pattern", "opts", "method", "request", "path", "mediaType", "shouldIgnore", "requestedMediaType", "ignoredMediaType", "requestMediaTypes", "upgradeMatcher", "import_gateway", "configure", "app", "config", "routes", "applyCors", "request", "options", "cors", "path", "configurer", "handlers", "handler", "matcher", "pattern", "middleware", "exchange", "next", "match", "variables", "sockets", "factory", "route", "regexifyOriginFilters", "import_gateway", "isSameOrigin", "request", "origin", "url", "actualProtocol", "actualHost", "originUrl", "originHost", "originProtocol", "isCorsRequest", "isPreFlightRequest", "VARY_HEADERS", "processRequest", "exchange", "config", "response", "responseHeaders", "varyHeaders", "header", "h", "logger", "rejectRequest", "preFlightRequest", "handleInternal", "DEFAULT_PERMIT_ALL", "DEFAULT_PERMIT_METHODS", "PERMIT_DEFAULT_CONFIG", "validateCorsConfig", "allowHeaders", "ALL", "allowOrigins", "validateAllowCredentials", "validateAllowPrivateNetwork", "trimTrailingSlash", "combine", "source", "other", "combined", "v", "combineCorsConfig", "corsFilter", "opts", "processor", "ctx", "next", "cors_default", "getLogger", "HttpStatus", "requestOrigin", "allowOrigin", "checkOrigin", "requestMethod", "getMethodToUse", "allowMethods", "checkMethods", "requestHeaders", "getHeadersToUse", "checkHeaders", "exposeHeaders", "DEFAULT_METHODS", "allowedOrigins", "originToCheck", "allowedOrigin", "allowedMethods", "allowedHeaders", "allowAnyHeader", "result", "requestHeader", "value", "allowedHeader", "isPreFlight", "headers", "matchingCorsConfigSource", "matcher", "import_gateway", "createCorsConfigSource", "context", "routes", "cors", "defaultCorsConfig", "combineCorsConfig", "PERMIT_DEFAULT_CONFIG", "validatedConfigs", "path", "route", "routeCorsConfig", "matcher", "config", "and", "upgradeMatcher", "pattern", "validateCorsConfig", "appConfigs", "m", "added", "entry", "matchingCorsConfigSource", "isAuthentication", "principal", "AuthenticationError", "value", "InsufficientAuthenticationError", "BadCredentialsError", "AccessDeniedError", "AuthorizationDecision", "granted", "DefaultAuthorizationManager", "#check", "check", "authentication", "object", "AuthenticationServiceError", "AuthenticationError", "staticServerHttpHeadersWriter", "headers", "exchange", "containsNoHeaders", "response", "name", "value", "cacheControlServerHttpHeadersWriter", "MapHttpHeaders", "contentTypeServerHttpHeadersWriter", "strictTransportSecurityServerHttpHeadersWriter", "maxAgeInSeconds", "includeSubDomains", "preload", "headerValue", "delegate", "isSecure", "frameOptionsServerHttpHeadersWriter", "mode", "xssProtectionServerHttpHeadersWriter", "permissionsPolicyServerHttpHeadersWriter", "policyDirectives", "contentSecurityPolicyServerHttpHeadersWriter", "reportOnly", "headerName", "refererPolicyServerHttpHeadersWriter", "policy", "crossOriginOpenerPolicyServerHttpHeadersWriter", "crossOriginEmbedderPolicyServerHttpHeadersWriter", "crossOriginResourcePolicyServerHttpHeadersWriter", "compositeServerHttpHeadersWriter", "writers", "writer", "opts", "next", "serverAuthenticationEntryPointFailureHandler", "opts", "entryPoint", "rethrowAuthenticationServiceError", "exchange", "error", "AuthenticationServiceError", "DEFAULT_REALM", "createHeaderValue", "realm", "httpBasicEntryPoint", "opts", "headerValue", "exchange", "_error", "response", "HttpStatus", "BASIC", "httpBasicAuthenticationConverter", "opts", "exchange", "request", "authorization", "credentials", "parts", "import_node_async_hooks", "AsyncStorageSecurityContextHolder", "_AsyncStorageSecurityContextHolder", "storage", "securityContext", "authentication", "authenticate", "exchange", "next", "token", "managerResolver", "successHandler", "storage", "authentication", "onAuthenticationSuccess", "e", "AuthenticationError", "filterExchange", "AsyncStorageSecurityContextHolder", "authenticationFilter", "opts", "auth", "anyExchange", "httpBasicAuthenticationConverter", "serverAuthenticationEntryPointFailureHandler", "httpBasicEntryPoint", "manager", "_exchange", "error", "httpStatusEntryPoint", "opts", "exchange", "_error", "logger", "getLogger", "delegatingEntryPoint", "opts", "defaultEntryPoint", "response", "_error", "HttpStatus", "exchange", "error", "matcher", "entryPoint", "delegatingSuccessHandler", "handlers", "exchange", "next", "authentication", "handler", "httpBasic", "opts", "xhrMatcher", "exchange", "match", "NO_MATCH", "defaultEntryPoint", "delegatingEntryPoint", "httpStatusEntryPoint", "HttpStatus", "httpBasicEntryPoint", "entryPoint", "manager", "restMatcher", "mediaType", "notHtmlMatcher", "not", "restNoHtmlMatcher", "and", "preferredMatcher", "or", "failureHandler", "serverAuthenticationEntryPointFailureHandler", "successHandler", "delegatingSuccessHandler", "converter", "httpBasicAuthenticationConverter", "authenticationFilter", "BearerTokenErrorCodes", "DEFAULT_URI", "invalidToken", "message", "HttpStatus", "invalidRequest", "ACCESS_TOKEN_PARAMETER_NAME", "authorizationPattern", "Oauth2AuthenticationError", "AuthenticationError", "error", "message", "options", "isBearerTokenAuthenticationToken", "authentication", "serverBearerTokenAuthenticationConverter", "opts", "exchange", "request", "resolveFromAuthorizationHeader", "token", "resolveFromQueryString", "resolveFromBody", "rs", "r", "resolveToken", "accessTokens", "invalidRequest", "accessToken", "headers", "headerName", "authorization", "match", "invalidToken", "resolveTokens", "parameters", "allow", "token_converter_default", "computeWWWAuthenticate", "parameters", "wwwAuthenticate", "i", "key", "value", "isBearerTokenError", "error", "getStatus", "authError", "Oauth2AuthenticationError", "HttpStatus", "createParameters", "realm", "bearerTokenServerAuthenticationEntryPoint", "opts", "exchange", "status", "response", "token_entry_point_default", "jwtAuthConverter", "opts", "principalClaimName", "jwt", "asyncJwtConverter", "converter", "JwtError", "BadJwtError", "onError", "error", "Oauth2AuthenticationError", "invalidToken", "AuthenticationServiceError", "jwtAuthManager", "decoder", "authConverter", "authentication", "isBearerTokenAuthenticationToken", "token", "e", "resourceServer", "opts", "entryPoint", "token_entry_point_default", "converter", "token_converter_default", "failureHandler", "serverAuthenticationEntryPointFailureHandler", "authenticationFilter", "manager", "jwtAuthManager", "_exchange", "import_jwt", "commenceAuthentication", "exchange", "authentication", "entryPoint", "cause", "InsufficientAuthenticationError", "e", "AuthenticationError", "httpStatusAccessDeniedHandler", "httpStatus", "_error", "buffer", "errorFilter", "opts", "accessDeniedHandler", "HttpStatus", "authenticationEntryPoint", "httpBasicEntryPoint", "next", "error", "AccessDeniedError", "principal", "isAuthentication", "logger", "getLogger", "delegatingAuthorizationManager", "opts", "check", "authentication", "exchange", "decision", "matcher", "manager", "checkResult", "AuthorizationDecision", "DefaultAuthorizationManager", "logger", "getLogger", "authorizationFilter", "opts", "manager", "storage", "exchange", "next", "promise", "AsyncStorageSecurityContextHolder", "c", "error", "AccessDeniedError", "SecurityContextServerWebExchange", "ServerWebExchangeDecorator", "#context", "exchange", "context", "exchangeFilter", "opts", "storage", "next", "AsyncStorageSecurityContextHolder", "filterOrder", "filterOrderSymbol", "config_default", "config", "context", "middleware", "ServerHttpSecurity", "#authenticationEntryPoint", "#defaultEntryPoints", "delegatingEntryPoint", "writer", "headers", "filter", "cors_default", "username", "password", "authorities", "manager", "auth", "principal", "credentials", "BadCredentialsError", "defaultSuccessHandlers", "_", "next", "_authentication", "httpBasic", "verifier", "decoder", "token", "payload", "claim", "e", "BadJwtError", "JwtError", "authenticationConverter", "token_converter_default", "authenticationConverterMatcher", "exchange", "NO_MATCH", "match", "entryPoint", "token_entry_point_default", "resourceServer", "exchangeF", "exchangeFilter", "errorFf", "errorFilter", "authorize", "mappings", "anyExchangeRegistered", "matcher", "access", "serverMatcher", "anyExchange", "DefaultAuthorizationManager", "AuthorizationDecision", "p", "authentication", "delegatingAuthorizationManager", "authorizationFilter", "b", "aOrder", "bOrder", "createSecurityConfig", "context", "authorize", "defaultAccess", "path", "route", "rule", "matcher", "pattern", "and", "upgradeMatcher", "httpSecurity", "corsConfigSource", "createCorsConfigSource", "config", "storage", "config_default", "import_node_async_hooks", "HttpHeadResponseDecorator", "ServerHttpResponseDecorator", "HandlerAdapter", "#logger", "#enableLoggingRequestDetails", "#delegate", "#storage", "logger", "delegate", "request", "response", "DefaultWebExchange", "storage", "value", "headers", "result", "key", "query", "exchange", "trace", "status", "error", "logPrefix", "HttpStatus", "callback", "resolve", "reject", "WebHttpHandlerBuilder", "#webHandler", "#handlerDecorator", "decorator", "previousDecorator", "handler", "webHandler", "getLogger", "adapter", "adapted", "import_ws", "createHandshakeInfo", "req", "protocol", "exchange", "request", "HttpServerRequest", "principalPromiseProvider", "principal", "url", "headers", "MapHttpHeaders", "key", "cookies", "logPrefix", "remoteAddress", "webSockets", "context", "next", "path", "routes", "route", "response", "upgradeMatchResult", "upgradeMatcher", "HttpStatus", "buffer", "import_ws", "ExtendedWebSocket", "_first", "_second", "options", "PingManager", "_PingManager", "#EMPTY_BUFFER", "#LAST_TIMESTAMP_BUFFER", "#pingData", "#pingInterval", "#pingIntervalId", "#mask", "#logger", "logger", "supplier", "ping", "#createBufferFromTimestamp", "path", "clients", "client", "#terminateIfDisconnected", "#markAndSendPing", "data", "err", "now", "buffer", "#createTimestampFromBuffer", "handshake", "socket", "sent", "latency", "logger", "getLogger", "upgradeStrategy", "path", "route", "wss", "onSocketError", "exchange", "logPrefix", "request", "req", "ServerHttpRequestDecorator", "socket", "upgradeHead", "host", "origin", "acceptsOrigin", "client", "applyHandshakeHeaders", "headers", "response", "seen", "header", "index", "HttpStatus", "name", "value", "nativeResponse", "ServerHttpResponseDecorator", "nameLowerCase", "initRoute", "endpoint", "storage", "regexAwareReplacer", "ExtendedWebSocket", "pings", "PingManager", "handler", "err", "handshake", "createHandshakeInfo", "data", "e", "logger", "getLogger", "secureContextOptions", "ssl", "options", "createListener", "builder", "onSocketError", "httpHandler", "req", "resOrUpgradeHead", "res", "ExtendedHttpServerResponse", "request", "HttpServerRequest", "response", "HttpServerResponse", "decoratedResponse", "HttpHeadResponseDecorator", "promisify", "fn", "resolve", "reject", "r", "err", "memoryMonitor", "config", "start", "initBuilder", "context", "storage", "security", "httpSecurity", "sockets", "webSockets", "handler", "compose", "server_header_default", "next", "HttpStatus", "buffer", "_next", "WebHttpHandlerBuilder", "Factory", "createServer", "https", "http", "monitor", "gw", "configure", "configurer", "core_default", "ports", "portRange", "host", "listener", "server", "ExtendedHttpIncomingMessage", "e", "port", "info", "path", "route", "endpoint", "localIp", "initRoute", "_socket", "head", "cb", "stop", "index_default", "Factory"]
3
+ "sources": ["../src/index.ts", "../src/server.ts", "../src/server/address.ts", "../src/logger.ts", "../src/gateway/ws/core.ts", "../src/common/compose.ts", "../src/http/exchange.ts", "../src/http/status.ts", "../src/server/exchange.ts", "../src/server/monitoring.ts", "../src/server/server-header.ts", "../src/server/ws-client-verify.ts", "../src/server/util/matchers.ts", "../src/app/route.ts", "../src/server/cors.ts", "../src/app/cors.ts", "../src/server/security/types.ts", "../src/server/security/http-headers.ts", "../src/server/security/entry-point-failure-handler.ts", "../src/server/security/http-basic-entry-point.ts", "../src/server/security/http-basic-converter.ts", "../src/server/security/security-context.ts", "../src/server/security/authentication-filter.ts", "../src/server/security/http-status-entry-point.ts", "../src/server/security/delegating-entry-point.ts", "../src/server/security/delegating-success-handler.ts", "../src/server/security/http-basic.ts", "../src/server/security/oauth2/token-error.ts", "../src/server/security/oauth2/token-converter.ts", "../src/server/security/oauth2/token-entry-point.ts", "../src/server/security/oauth2/jwt-auth-manager.ts", "../src/server/security/oauth2-resource-server.ts", "../src/server/security/config.ts", "../src/server/security/error-filter.ts", "../src/server/security/delegating-authorization-manager.ts", "../src/server/security/authorization-filter.ts", "../src/server/security/exchange-filter.ts", "../src/app/auth.ts", "../src/server/handler.ts", "../src/server/ws.ts", "../src/server/socket.ts", "../src/server/ws-pings.ts"],
4
+ "sourcesContent": ["import * as GatewayServer from './server.js';\nexport {GatewayServer};\nexport default GatewayServer.Factory;\n", "import http from 'node:http';\nimport https from 'node:https';\nimport {SecureContextOptions} from 'node:tls';\nimport type {AddressInfo, Socket} from 'node:net';\nimport {readFileSync} from 'node:fs';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport {IOGateway} from '@interopio/gateway';\nimport wsGateway from './gateway/ws/core.js';\nimport {compose} from './common/compose.js';\nimport {\n ExtendedHttpIncomingMessage,\n ExtendedHttpServerResponse,\n HttpServerRequest,\n HttpServerResponse\n} from './server/exchange.js';\nimport getLogger from './logger.js';\nimport {localIp, portRange} from './server/address.js';\nimport * as monitoring from './server/monitoring.js';\nimport {GatewayServer} from '../gateway-server';\nimport serverHeader from './server/server-header.js';\nimport {configure, type RouteConfig} from './app/route.js';\nimport {httpSecurity} from './app/auth.js';\nimport {ServerConfigurer, ServerHttpResponse, ServerWebExchange} from '../types/web/server';\nimport {HttpHeadResponseDecorator, WebHttpHandlerBuilder} from \"./server/handler.ts\";\nimport {initRoute} from './server/ws.ts';\nimport {SocketRoute, webSockets} from \"./server/socket.ts\";\nimport {HttpStatus} from \"./http/status.ts\";\n\nconst logger = getLogger('app');\n\nfunction secureContextOptions(ssl: GatewayServer.SslConfig): SecureContextOptions {\n const options: SecureContextOptions = {};\n if (ssl.key) options.key = readFileSync(ssl.key);\n if (ssl.cert) options.cert = readFileSync(ssl.cert);\n if (ssl.ca) options.ca = readFileSync(ssl.ca);\n return options;\n}\n\ntype RequestListener<\n Request extends typeof ExtendedHttpIncomingMessage = typeof ExtendedHttpIncomingMessage,\n Response extends typeof ExtendedHttpServerResponse<InstanceType<Request>> = typeof ExtendedHttpServerResponse,\n> = (req: InstanceType<Request>, resOrUpgradeHead: (InstanceType<Response> & { req: InstanceType<Request> }) | Buffer<ArrayBufferLike>) => void;\n\ntype ServerOptions = http.ServerOptions<typeof ExtendedHttpIncomingMessage, typeof ExtendedHttpServerResponse>;\n\nasync function createListener(builder: WebHttpHandlerBuilder,\n onSocketError: (err: Error) => void): Promise<RequestListener> {\n\n const httpHandler = builder.build();\n return async (req: ExtendedHttpIncomingMessage, resOrUpgradeHead: ExtendedHttpServerResponse | Buffer<ArrayBufferLike>) => {\n req.socket.addListener('error', onSocketError);\n let res: ExtendedHttpServerResponse;\n if (resOrUpgradeHead instanceof ExtendedHttpServerResponse) {\n res = resOrUpgradeHead;\n }\n else {\n req.upgradeHead = resOrUpgradeHead;\n res = new ExtendedHttpServerResponse(req);\n res.assignSocket(req.socket);\n }\n const request = new HttpServerRequest(req);\n const response = new HttpServerResponse(res);\n const decoratedResponse: ServerHttpResponse = request.method === 'HEAD' ? new HttpHeadResponseDecorator(response) : response;\n\n await httpHandler(request, decoratedResponse)\n\n };\n}\n\nfunction promisify<T>(fn: (callback?: (err?: Error) => void) => T): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n const r = fn((err?: Error) => {\n if (err) {\n reject(err);\n } else {\n resolve(r);\n }\n });\n });\n}\n\nfunction memoryMonitor(config?: GatewayServer.ServerConfig['memory']) {\n if (config) {\n return monitoring.start({\n memoryLimit: config.memory_limit,\n dumpLocation: config.dump_location,\n dumpPrefix: config.dump_prefix,\n reportInterval: config.report_interval,\n maxBackups: config.max_backups\n });\n }\n}\n\nasync function initBuilder(context: RouteConfig) {\n const storage = context.storage;\n const security = await httpSecurity(context);\n // websocket upgrade handler\n const sockets = webSockets(context);\n const handler = compose<ServerWebExchange>(\n serverHeader(context.serverHeader),\n ...security,\n ...sockets,\n ...context.middleware,\n // health check\n async ({request, response}, next) => {\n if (request.method === 'GET' && request.path === '/health') {\n response.setStatusCode(HttpStatus.OK);\n const buffer = Buffer.from('UP', 'utf-8');\n response.headers.set('Content-Type', 'text/plain; charset=utf-8');\n await response.body(buffer);\n } else {\n await next();\n }\n },\n // home page\n async ({request, response}, next) => {\n if (request.method === 'GET' && request.path === '/') {\n response.setStatusCode(HttpStatus.OK);\n const buffer = Buffer.from('io.Gateway Server', 'utf-8');\n response.headers.set('Content-Type', 'text/plain; charset=utf-8');\n await response.body(buffer);\n } else {\n await next();\n }\n },\n // not found\n async ({response}, _next) => {\n response.setStatusCode(HttpStatus.NOT_FOUND);\n await response.end();\n }\n );\n\n return new WebHttpHandlerBuilder(handler).storage(storage);\n}\n\nexport const Factory = async (options: GatewayServer.ServerConfig): Promise<GatewayServer.Server> => {\n const ssl = options.ssl;\n const createServer = ssl\n ? (options: ServerOptions, handler: RequestListener) => https.createServer({...options, ...secureContextOptions(ssl)}, handler)\n : (options: ServerOptions, handler: RequestListener) => http.createServer(options, handler);\n const monitor = memoryMonitor(options.memory);\n const context: RouteConfig = {\n middleware: [],\n corsConfig: options.cors,\n cors: [],\n authConfig: options.auth,\n authorize: [],\n storage: new AsyncLocalStorage<{ exchange: ServerWebExchange }>(),\n sockets: new Map<string, SocketRoute>()\n };\n const gw = IOGateway.Factory({...options.gateway});\n if (options.gateway) {\n const config = options.gateway;\n\n await configure(async (configurer: ServerConfigurer) => {\n configurer.socket({path: config.route, factory: wsGateway.bind(gw), options: config})\n }, options, context);\n\n }\n if (options.app) {\n await configure(options.app, options, context)\n }\n\n const ports = portRange(options.port ?? 0);\n const host = options.host;\n const onSocketError = (err: Error) => logger.error(`socket error: ${err}`, err);\n const builder = await initBuilder(context);\n\n const listener = await createListener(builder, onSocketError);\n\n const serverP = new Promise<http.Server<typeof ExtendedHttpIncomingMessage, typeof ExtendedHttpServerResponse>>((resolve, reject) => {\n\n const server = createServer({\n IncomingMessage: ExtendedHttpIncomingMessage,\n ServerResponse: ExtendedHttpServerResponse,\n ...options.http\n }, listener);\n\n server.on('error', (e: Error) => {\n if (e['code'] === 'EADDRINUSE') {\n logger.debug(`port ${e['port']} already in use on address ${e['address']}`);\n const {value: port} = ports.next();\n if (port) {\n logger.info(`retry starting server on port ${port} and host ${host ?? '<unspecified>'}`);\n server.close();\n server.listen(port, host);\n } else {\n logger.warn(`all configured port(s) ${options.port} are in use. closing...`);\n server.close();\n reject(e);\n }\n } else {\n logger.error(`server error: ${e.message}`, e);\n reject(e);\n }\n });\n server\n .on('listening', async () => {\n const info = server.address() as AddressInfo;\n\n for (const [path, route] of context.sockets) {\n const endpoint = `${ssl ? 'wss' : 'ws'}://${localIp}:${info.port}${path}`;\n await initRoute(path, route, endpoint, context.storage, onSocketError);\n }\n logger.info(`http server listening on ${info.address}:${info.port}`);\n resolve(server);\n });\n server\n .on('upgrade', (req: ExtendedHttpIncomingMessage, _socket: Socket, head: Buffer<ArrayBufferLike>) => {\n try {\n listener(req, head);\n } catch (err) {\n logger.error(`upgrade error: ${err}`, err);\n }\n })\n .on('close', async () => {\n logger.info(`http server closed.`);\n });\n try {\n const {value: port} = ports.next();\n server.listen(port, host);\n } catch (e) {\n logger.error(`error starting web socket server`, e);\n reject(e instanceof Error ? e : new Error(`listen failed: ${e}`));\n }\n });\n const server = await serverP;\n return new class implements GatewayServer.Server {\n readonly gateway = gw;\n\n async close(): Promise<void> {\n for (const [path, route] of context.sockets) {\n try {\n if (route.close !== undefined) {\n await route.close();\n }\n } catch (e) {\n logger.warn(`error closing route ${path}`, e);\n }\n }\n await promisify(cb => {\n server.closeAllConnections();\n server.close(cb);\n });\n if (monitor) {\n await monitoring.stop(monitor);\n }\n if (gw) {\n await gw.stop();\n }\n }\n }\n}\n", "import type { AddressInfo } from 'node:net';\nimport { type NetworkInterfaceInfo, networkInterfaces } from 'node:os';\n\nconst PORT_RANGE_MATCHER = /^(\\d+|(0x[\\da-f]+))(-(\\d+|(0x[\\da-f]+)))?$/i;\nfunction validPort(port: number) {\n if (port > 0xFFFF) throw new Error(`bad port ${port}`);\n return port;\n}\n\n/**\n * parse port range. port can be number or string representing comma separated\n * list of port ranges for e.g. \"3434,8380-8385\"\n * @param port\n */\nexport function* portRange(port: number | string): Generator<number> {\n if (typeof port === 'string') {\n for (const portRange of port.split(',')) {\n const trimmed = portRange.trim();\n const matchResult = PORT_RANGE_MATCHER.exec(trimmed);\n if (matchResult) {\n const start = parseInt(matchResult[1]);\n const end = parseInt(matchResult[4] ?? matchResult[1]);\n for (let i = validPort(start); i < validPort(end) + 1; i++) {\n yield i;\n }\n }\n else {\n throw new Error(`'${portRange}' is not a valid port or range.`);\n }\n }\n } else {\n yield validPort(port);\n }\n}\n\nexport const localIp = (() => {\n function first<T>(a: T[]): T | undefined {\n return a.length > 0 ? a[0] : undefined;\n }\n const addresses = Object.values(networkInterfaces())\n .flatMap((details?: NetworkInterfaceInfo[]) => {\n return (details ?? []).filter((info) => info.family === 'IPv4');\n }).reduce((acc, info) => {\n acc[info.internal ? 'internal' : 'external'].push(info);\n return acc;\n }, {internal: [] as NetworkInterfaceInfo[], external: [] as NetworkInterfaceInfo[]});\n return (first(addresses.internal) ?? first(addresses.external))?.address;\n})();\n\nexport function addressAndPort(address?: AddressInfo) {\n if (address) {\n if (address.family === 'IPv6') {\n return `[${address.address}]:${address.port}`;\n }\n return `${address.address}:${address.port}`;\n }\n}\n", "import * as GatewayLogging from '@interopio/gateway/logging/core';\n\nexport import Logger = GatewayLogging.Logger;\n\nexport default function getLogger(name: string): Logger {\n return GatewayLogging.getLogger(`gateway.server.${name}`);\n}\n\n// This function is used to ensure that RegExp objects are displayed correctly when logging.\nexport function regexAwareReplacer<T>(_key: string, value: T): string | T {\n return value instanceof RegExp ? value.toString() : value;\n}\n", "import { addressAndPort } from '../../server/address.ts';\nimport type { WebSocket } from 'ws';\nimport getLogger from '../../logger.ts';\nimport type { Authentication } from '../../server/security/types.ts';\nimport { IOGateway } from '@interopio/gateway';\n\nimport GatewayEncoders = IOGateway.Encoding;\nimport type {ServerWebSocketHandler} from '../../../types/web/server';\nimport type {AddressInfo} from 'node:net';\nimport {AsyncLocalStorage} from 'node:async_hooks';\n\nconst log = getLogger('ws');\nconst codec = GatewayEncoders.json<IOGateway.Message>();\n\nfunction principalName(authentication: Authentication): string | undefined {\n let name: string | undefined;\n if (authentication.authenticated) {\n name = authentication.name;\n if (name === undefined) {\n if (authentication['principal'] !== undefined) {\n const principal = authentication['principal'];\n if (typeof principal === 'object') {\n name = principal.name;\n }\n if (name === undefined) {\n if (principal === undefined) {\n name = '';\n }\n else {\n name = String(principal);\n }\n }\n }\n }\n }\n return name;\n}\n\nfunction initClient(this: IOGateway.Gateway,\n socket: WebSocket,\n authenticationPromise: () => Promise<Authentication | undefined>,\n remoteAddress?: AddressInfo\n): IOGateway.GatewayClient<string> | undefined {\n const key = addressAndPort(remoteAddress);\n const host = remoteAddress?.address ?? '<unknown>';\n const opts = {\n key,\n host,\n codec,\n onAuthenticate: async (): Promise<IOGateway.Auth.AuthenticationSuccess> => {\n const authentication = (await authenticationPromise());\n if (authentication?.authenticated) {\n return {type: 'success', user: principalName(authentication)};\n }\n throw new Error(`no valid client authentication ${key}`);\n },\n onPing: () => {\n socket.ping((err?: Error) => {\n if (err) {\n log.warn(`failed to ping ${key}`, err);\n }\n else {\n log.info(`ping sent to ${key}`);\n }\n });\n },\n onDisconnect: (reason: 'inactive' | 'shutdown') => {\n switch (reason) {\n case 'inactive': {\n log.warn(`no heartbeat (ping) received from ${key}, closing socket`);\n socket.close(4001, 'ping expected');\n break;\n }\n case 'shutdown': {\n socket.close(1001, 'shutdown');\n break;\n }\n }\n }\n };\n try {\n return this.client((data) => socket.send(data), opts as IOGateway.GatewayClientOptions<string>);\n } catch (err) {\n log.warn(`${key} failed to create client`, err);\n }\n}\n\nasync function create(this: IOGateway.Gateway, environment: {\n endpoint: string,\n storage?: AsyncLocalStorage<{ }>\n}): Promise<ServerWebSocketHandler> {\n log.info(`starting gateway on ${environment.endpoint}`);\n await this.start(environment);\n\n\n return async ({socket, handshake}) => {\n const {logPrefix, remoteAddress, principal: principalPromise} = handshake;\n log.info(`${logPrefix}connected on gw`);\n const client = initClient.call(this, socket, principalPromise, remoteAddress);\n if (!client) {\n log.error(`${logPrefix}gw client init failed`);\n socket.terminate();\n return;\n }\n socket.on('error', (err: Error) => {\n log.error(`${logPrefix}websocket error: ${err}`, err);\n });\n\n const contextFn = environment.storage !== undefined ? AsyncLocalStorage.snapshot() : undefined;\n socket.on('message', (data, _isBinary) => {\n if (Array.isArray(data)) {\n data = Buffer.concat(data);\n }\n // JSON.parse will invoke abstract operation ToString (coerce it) prior parsing (https://262.ecma-international.org/5.1/#sec-15.12.2)\n if (contextFn !== undefined) {\n contextFn(() => client.send(data as unknown as string))\n }\n else {\n client.send(data as unknown as string);\n }\n\n });\n socket.on('close', (code) => {\n log.info(`${logPrefix}disconnected from gw. code: ${code}`);\n client.close();\n });\n }\n}\n\nexport default create;\n", "type MiddlewareFunction<T> = ((ctx: T, next: (ctx?: T) => Promise<void>) => Promise<void>) | ((ctx: T) => Promise<void>);\n\n// https://github.com/koajs/compose/blob/master/index.js\n/**\n * @typeParam T - Type of context passed through the middleware\n * @param middleware middleware stack\n * @return {MiddlewareFunction}\n */\nexport function compose<T>(...middleware: MiddlewareFunction<T>[]): (ctx: T) => Promise<void> {\n if (!Array.isArray(middleware)) {\n throw new Error('middleware must be array!');\n }\n const fns = middleware.flat();\n for (const fn of fns) {\n if (typeof fn !== 'function') {\n throw new Error('middleware must be compose of functions!');\n }\n }\n return async function (ctx: T, next?: (ctx?: T) => Promise<void>) {\n const dispatch = async (i: number, dispatchedCtx: T): Promise<void> => {\n const fn = i === fns.length ? next : fns[i];\n if (fn === undefined) {\n return;\n }\n let nextCalled = false;\n let nextResolved = false;\n const nextFn = async (nextCtx?: T) => {\n if (nextCalled) {\n throw new Error('next() called multiple times');\n }\n nextCalled = true;\n try {\n return await dispatch(i + 1, nextCtx ?? dispatchedCtx);\n }\n finally {\n nextResolved = true;\n }\n };\n const result = await fn(dispatchedCtx, nextFn);\n if (nextCalled && !nextResolved) {\n throw new Error('middleware resolved before downstream.\\n\\t You are probably missing an await or return statement in your middleware function.');\n }\n return result;\n }\n\n return dispatch(0, ctx);\n }\n}\n", "import type {\n HeaderValues,\n HttpCookie,\n HttpHeaders,\n MutableHttpHeaders,\n ReadonlyHeaderValues,\n ResponseCookie\n} from '../../types/web/http';\nimport { type AddressInfo, isIP } from 'node:net';\nimport { Cookie } from 'tough-cookie';\n\nfunction parseHost(headers: HttpHeaders, defaultHost?: string): string | undefined {\n let host = headers.get('x-forwarded-host');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host) {\n const port = headers.one('x-forwarded-port');\n if (port) {\n host = `${host}:${port}`;\n }\n }\n host ??= headers.one('host');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host) {\n return (host as string).split(',', 1)[0].trim();\n }\n\n return defaultHost;\n}\n\nfunction isForwardedSsl(headers: HttpHeaders): boolean {\n const v = headers.one('x-forwarded-ssl');\n return (typeof v === 'string') && (v.toLowerCase() === 'on');\n}\n\nfunction parseProtocol(headers: HttpHeaders, defaultProtocol: string): string {\n let proto = headers.get('x-forwarded-proto');\n\n if (Array.isArray(proto)) {\n proto = proto[0];\n }\n if (proto !== undefined) {\n return (proto as string).split(',', 1)[0].trim();\n }\n else if (isForwardedSsl(headers)) {\n return 'https';\n }\n return defaultProtocol;\n}\n\nfunction parseRemoteAddress(url: URL, headers: HttpHeaders, remoteAddress?: AddressInfo) : AddressInfo | undefined {\n const port = remoteAddress ? remoteAddress.port : 'https:' === url.protocol ? 443 : 80;\n\n let host = headers.one('x-forwarded-for');\n if (Array.isArray(host)) {\n host = host[0];\n }\n if (host !== undefined) {\n host = (host as string).split(',', 1)[0].trim();\n return { address: host, port: Number(port), family: isIP(host) === 6 ? 'IPv6' : 'IPv4' };\n }\n}\n\nexport abstract class AbstractHttpMessage<Headers extends HttpHeaders = HttpHeaders> {\n readonly #headers: Headers;\n protected constructor(headers: Headers) {\n this.#headers = headers;\n }\n get headers(): Headers {\n return this.#headers;\n }\n}\n\nexport abstract class AbstractHttpRequest<Headers extends HttpHeaders = HttpHeaders> extends AbstractHttpMessage<Headers> {\n private static logIdCounter = 0;\n #id?: string\n\n get id(): string {\n if (this.#id === undefined) {\n this.#id = `${this.initId()}-${++AbstractHttpRequest.logIdCounter}`;\n\n }\n return this.#id;\n }\n\n protected initId(): string {\n return 'request';\n }\n\n get cookies(): HttpCookie[] {\n return parseCookies(this.headers);\n }\n\n protected parseHost(defaultHost?: string): string | undefined {\n return parseHost(this.headers, defaultHost);\n }\n\n protected parseProtocol(defaultProtocol: string): string {\n return parseProtocol(this.headers, defaultProtocol);\n }\n\n abstract get URL(): URL;\n\n protected parseRemoteAddress(remoteAddress?: AddressInfo) {\n return parseRemoteAddress(this.URL, this.headers, remoteAddress);\n }\n}\n\nexport abstract class AbstractHttpResponse<Headers extends HttpHeaders = HttpHeaders> extends AbstractHttpMessage<Headers> {\n get cookies(): ResponseCookie[] {\n return parseResponseCookies(this.headers);\n }\n\n protected setCookieValue(responseCookie: ResponseCookie): string {\n const cookie = new Cookie({\n key: responseCookie.name,\n value: responseCookie.value,\n maxAge: responseCookie.maxAge,\n domain: responseCookie.domain,\n path: responseCookie.path,\n secure: responseCookie.secure,\n httpOnly: responseCookie.httpOnly,\n sameSite: responseCookie.sameSite\n });\n return cookie.toString();\n }\n\n}\n\nfunction parseHeader(value: string): string[] {\n const list: string[] = [];\n {\n let start = 0;\n let end = 0;\n\n for (let i = 0; i < value.length; i++) {\n switch (value.charCodeAt(i)) {\n case 0x20: // space\n if (start === end) {\n start = end = i + 1;\n }\n break;\n case 0x2c: // comma\n list.push(value.slice(start, end));\n start = end = i + 1;\n break;\n default:\n end = end + 1;\n break;\n }\n }\n list.push(value.slice(start, end));\n }\n\n return list;\n}\n\nfunction toList(values: number | string | (readonly string[]) | undefined): string[] {\n if (typeof values === 'string') {\n values = [values];\n }\n if (typeof values === 'number') {\n values = [String(values)];\n }\n const list: string[] = [];\n if (values) {\n for (const value of values) {\n if (value) {\n list.push(...parseHeader(value));\n }\n }\n }\n return list;\n}\n\nfunction parseCookies(headers: HttpHeaders): HttpCookie[] {\n return headers.list('cookie')\n .map(s => s.split(';').map((cs) => Cookie.parse(cs)))\n .flat(1)\n .filter((tc) => tc !== undefined)\n .map((tc) => {\n const result: HttpCookie = Object.freeze({name: tc.key, value: tc.value});\n return result;\n });\n}\n\ntype Mutable<T> = {-readonly [K in keyof T]: T[K]};\n\nfunction parseResponseCookies(headers: HttpHeaders): ResponseCookie[] {\n return headers.list('set-cookie').map((cookie) => {\n const parsed = Cookie.parse(cookie);\n if (parsed) {\n const result: Mutable<ResponseCookie> = {name: parsed.key, value: parsed.value, maxAge: Number(parsed.maxAge ?? -1)};\n if (parsed.httpOnly) result.httpOnly = true;\n if (parsed.domain) result.domain = parsed.domain;\n if (parsed.path) result.path = parsed.path;\n if (parsed.secure) result.secure = true;\n if (parsed.httpOnly) result.httpOnly = true;\n if (parsed.sameSite) result.sameSite = parsed.sameSite as 'strict' | 'lax' | 'none';\n return Object.freeze(result);\n }\n }).filter((cookie): cookie is ResponseCookie => cookie !== undefined);\n}\n\n\nexport abstract class AbstractHttpHeaders<Values extends HeaderValues | ReadonlyHeaderValues> {\n protected constructor() {}\n abstract get(name: string): Values\n\n toList(name: string): string[] {\n const values = this.get(name);\n return toList(values);\n }\n}\n\nexport class MapHttpHeaders extends Map<string, (readonly string[])> implements MutableHttpHeaders {\n\n get(name: string) {\n return super.get(name.toLowerCase());\n }\n\n one(name: string): string | undefined {\n return this.get(name)?.[0];\n }\n\n list(name: string) {\n const values = super.get(name.toLowerCase());\n return toList(values);\n }\n\n set(name: string, value: number | string | (readonly string[]) | undefined): this {\n if (typeof value === 'number') {\n value = String(value);\n }\n if (typeof value === 'string') {\n value = [value];\n }\n if (value) {\n return super.set(name.toLowerCase(), value);\n }\n else {\n super.delete(name.toLowerCase());\n return this;\n }\n }\n\n add(name: string, value: string | (readonly string[])) {\n const prev = super.get(name.toLowerCase());\n if (typeof value === 'string') {\n value = [value];\n }\n if (prev) {\n value = prev.concat(value);\n }\n this.set(name, value);\n return this;\n }\n}\n", "import type {HttpStatusCode} from '../../types/web/http';\n\nclass DefaultHttpStatusCode implements HttpStatusCode {\n readonly #value: number;\n constructor(value: number) {\n this.#value = value;\n }\n get value(): number {\n return this.#value;\n }\n\n toString(): string {\n return this.#value.toString();\n }\n}\n\nexport class HttpStatus implements HttpStatusCode {\n static readonly CONTINUE = new HttpStatus(100, 'Continue');\n static readonly SWITCHING_PROTOCOLS = new HttpStatus(101, 'Switching Protocols');\n\n // 2xx Success\n\n static readonly OK = new HttpStatus(200, 'OK');\n static readonly CREATED = new HttpStatus(201, 'Created');\n static readonly ACCEPTED = new HttpStatus(202, 'Accepted');\n static readonly NON_AUTHORITATIVE_INFORMATION = new HttpStatus(203, 'Non-Authoritative Information');\n static readonly NO_CONTENT = new HttpStatus(204, 'No Content');\n static readonly RESET_CONTENT = new HttpStatus(205, 'Reset Content');\n static readonly PARTIAL_CONTENT = new HttpStatus(206, 'Partial Content');\n static readonly MULTI_STATUS = new HttpStatus(207, 'Multi-Status');\n\n static readonly IM_USED = new HttpStatus(226, 'IM Used');\n\n\n // 3xx Redirection\n static readonly MULTIPLE_CHOICES = new HttpStatus(300, 'Multiple Choices');\n static readonly MOVED_PERMANENTLY = new HttpStatus(301, 'Moved Permanently');\n\n // 4xx Client Error\n\n static readonly BAD_REQUEST = new HttpStatus(400, 'Bad Request');\n static readonly UNAUTHORIZED = new HttpStatus(401, 'Unauthorized');\n static readonly FORBIDDEN = new HttpStatus(403, 'Forbidden');\n static readonly NOT_FOUND = new HttpStatus(404, 'Not Found');\n static readonly METHOD_NOT_ALLOWED = new HttpStatus(405, 'Method Not Allowed');\n static readonly NOT_ACCEPTABLE = new HttpStatus(406, 'Not Acceptable');\n static readonly PROXY_AUTHENTICATION_REQUIRED = new HttpStatus(407, 'Proxy Authentication Required');\n static readonly REQUEST_TIMEOUT = new HttpStatus(408, 'Request Timeout');\n static readonly CONFLICT = new HttpStatus(409, 'Conflict');\n static readonly GONE = new HttpStatus(410, 'Gone');\n static readonly LENGTH_REQUIRED = new HttpStatus(411, 'Length Required');\n static readonly PRECONDITION_FAILED = new HttpStatus(412, 'Precondition Failed');\n static readonly PAYLOAD_TOO_LARGE = new HttpStatus(413, 'Payload Too Large');\n static readonly URI_TOO_LONG = new HttpStatus(414, 'URI Too Long');\n static readonly UNSUPPORTED_MEDIA_TYPE = new HttpStatus(415, 'Unsupported Media Type');\n\n static readonly EXPECTATION_FAILED = new HttpStatus(417, 'Expectation Failed');\n static readonly IM_A_TEAPOT = new HttpStatus(418, 'I\\'m a teapot');\n\n static readonly TOO_EARLY = new HttpStatus(425, 'Too Early');\n static readonly UPGRADE_REQUIRED = new HttpStatus(426, 'Upgrade Required');\n static readonly PRECONDITION_REQUIRED = new HttpStatus(428, 'Precondition Required');\n static readonly TOO_MANY_REQUESTS = new HttpStatus(429, 'Too Many Requests');\n static readonly REQUEST_HEADER_FIELDS_TOO_LARGE = new HttpStatus(431, 'Request Header Fields Too Large');\n static readonly UNAVAILABLE_FOR_LEGAL_REASONS = new HttpStatus(451, 'Unavailable For Legal Reasons');\n\n // 5xx Server Error\n static readonly INTERNAL_SERVER_ERROR = new HttpStatus(500, 'Internal Server Error');\n static readonly NOT_IMPLEMENTED = new HttpStatus(501, 'Not Implemented');\n static readonly BAD_GATEWAY = new HttpStatus(502, 'Bad Gateway');\n static readonly SERVICE_UNAVAILABLE = new HttpStatus(503, 'Service Unavailable');\n static readonly GATEWAY_TIMEOUT = new HttpStatus(504, 'Gateway Timeout');\n static readonly HTTP_VERSION_NOT_SUPPORTED = new HttpStatus(505, 'HTTP Version Not Supported');\n static readonly VARIANT_ALSO_NEGOTIATES = new HttpStatus(506, 'Variant Also Negotiates');\n static readonly INSUFFICIENT_STORAGE = new HttpStatus(507, 'Insufficient Storage');\n static readonly LOOP_DETECTED = new HttpStatus(508, 'Loop Detected');\n static readonly NOT_EXTENDED = new HttpStatus(510, 'Not Extended');\n static readonly NETWORK_AUTHENTICATION_REQUIRED = new HttpStatus(511, 'Network Authentication Required');\n\n static readonly #VALUES: HttpStatus[] = [];\n static {\n Object.keys(HttpStatus)\n .filter(key => key !== 'VALUES' && key !== 'resolve')\n .forEach(key => {\n const value = HttpStatus[key];\n if (value instanceof HttpStatus) {\n Object.defineProperty(value, 'name', {enumerable: true, value: key, writable: false});\n HttpStatus.#VALUES.push(value);\n }\n })\n\n }\n\n static resolve(code: number): HttpStatus | undefined {\n for (const status of HttpStatus.#VALUES) {\n if (status.value === code) {\n return status;\n }\n }\n }\n\n readonly #value: number;\n readonly #phrase: string;\n\n private constructor(value: number, phrase: string) {\n this.#value = value;\n this.#phrase = phrase;\n }\n\n get value(): number {\n return this.#value;\n }\n get phrase(): string {\n return this.#phrase;\n }\n\n toString() {\n return `${this.#value} ${this['name']}`;\n }\n}\n\n\nexport function httpStatusCode(value: number | HttpStatusCode): HttpStatusCode {\n if (typeof value === 'number') {\n if (value < 100 || value > 999) {\n throw new Error(`status code ${value} should be in range 100-999`);\n }\n const status = HttpStatus.resolve(value);\n if (status !== undefined) {\n return status;\n }\n return new DefaultHttpStatusCode(value);\n }\n return value;\n}\n", "import type { Principal } from '../../types/auth';\nimport type {\n BodyChunk,\n HeaderValue,\n HeaderValues,\n HttpCookie,\n HttpMethod,\n HttpStatusCode,\n MutableHttpHeaders,\n ReadonlyHeaderValues,\n ReadonlyHttpHeaders,\n ResponseCookie\n} from '../../types/web/http'\n\nimport type {\n ServerHttpRequest,\n ServerHttpResponse,\n ServerWebExchange\n} from '../../types/web/server';\nimport { AbstractHttpHeaders, AbstractHttpRequest, AbstractHttpResponse } from '../http/exchange.ts';\nimport { httpStatusCode } from '../http/status.ts';\nimport net from 'node:net';\nimport http from 'node:http';\nimport http2 from 'node:http2';\n\nexport class ExtendedHttpIncomingMessage extends http.IncomingMessage {\n // circular reference to the exchange\n exchange?: ServerWebExchange;\n\n upgradeHead?: Buffer<ArrayBufferLike>\n\n\n get urlBang(): string {\n return this.url!;\n }\n\n get socketEncrypted(): boolean {\n // see tls.TLSSocket#encrypted\n return this.socket['encrypted'] === true;\n }\n}\n\nexport class ExtendedHttpServerResponse<Request extends ExtendedHttpIncomingMessage = ExtendedHttpIncomingMessage> extends http.ServerResponse<Request> {\n\n markHeadersSent(): void {\n this['_header'] = true; // prevent response from being sent\n }\n\n getRawHeaderNames(): string[] {\n return super['getRawHeaderNames']();\n }\n}\n\nabstract class AbstractServerHttpRequest extends AbstractHttpRequest<ReadonlyHttpHeaders> {\n abstract getNativeRequest<T>(): T;\n}\n\nexport abstract class AbstractServerHttpResponse extends AbstractHttpResponse<MutableHttpHeaders> {\n #cookies: ResponseCookie[] = [];\n #statusCode?: HttpStatusCode;\n #state: 'new' | 'committing' | 'commit-action-failed' | 'committed' = 'new';\n #commitActions: (() => Promise<void>)[] = [];\n\n setStatusCode(statusCode?: HttpStatusCode): boolean {\n if (this.#state === 'committed') {\n return false;\n }\n else {\n this.#statusCode = statusCode;\n return true;\n }\n }\n\n setRawStatusCode(statusCode?: number): boolean {\n return this.setStatusCode(statusCode === undefined ? undefined : httpStatusCode(statusCode));\n };\n\n get statusCode(): HttpStatusCode | undefined {\n return this.#statusCode;\n }\n\n addCookie(cookie: ResponseCookie): this {\n if (this.#state === 'committed') {\n throw new Error(`Cannot add cookie ${JSON.stringify(cookie)} because HTTP response has already been committed`);\n }\n this.#cookies.push(cookie);\n return this;\n }\n\n abstract getNativeResponse<T>(): T;\n\n beforeCommit(action: () => Promise<void>): void {\n this.#commitActions.push(action);\n }\n\n get commited(): boolean {\n const state = this.#state;\n return state !== 'new' && state !== 'commit-action-failed';\n }\n\n async body(body: ReadableStream<BodyChunk> | Promise<BodyChunk | void> | BodyChunk): Promise<boolean> {\n if (body instanceof ReadableStream) {\n throw new Error('ReadableStream body not supported yet');\n }\n const buffer = await body;\n try {\n // touch buffers if needed\n\n return await this.doCommit(async () => {\n\n return await this.bodyInternal(Promise.resolve(buffer));\n\n }).catch(error => {\n // release buffers\n throw error;\n });\n }\n catch (error) {\n // clear content headers\n throw error;\n }\n }\n\n abstract bodyInternal(body: Promise<BodyChunk | void>): Promise<boolean>;\n\n async end(): Promise<boolean> {\n if (!this.commited) {\n return this.doCommit(async () => {\n return await this.bodyInternal(Promise.resolve());\n });\n }\n else {\n return Promise.resolve(false);\n }\n }\n\n protected doCommit(writeAction?: () => Promise<boolean>): Promise<boolean> {\n const state = this.#state;\n let allActions = Promise.resolve();\n if (state === 'new') {\n this.#state = 'committing';\n if (this.#commitActions.length > 0) {\n allActions = this.#commitActions\n .reduce(\n (acc, cur) => acc.then(() => cur()),\n Promise.resolve())\n .catch((_error) => {\n const state = this.#state;\n if (state === 'committing') {\n this.#state = 'commit-action-failed';\n // clear content headers\n }\n });\n }\n }\n else if (state === 'commit-action-failed') {\n this.#state = 'committing';\n // skip commit actions\n } else {\n return Promise.resolve(false);\n }\n\n allActions = allActions.then(() => {\n this.applyStatusCode();\n this.applyHeaders();\n this.applyCookies();\n this.#state = 'committed';\n });\n\n\n return allActions.then(async () => {\n return writeAction !== undefined ? await writeAction() : true;\n });\n }\n\n protected applyStatusCode(): void {}\n protected applyHeaders(): void {}\n protected applyCookies(): void {}\n}\nexport class HttpServerRequest extends AbstractServerHttpRequest implements ServerHttpRequest {\n\n #url?: URL;\n #cookies?: HttpCookie[];\n readonly #req: ExtendedHttpIncomingMessage;\n\n constructor(req: ExtendedHttpIncomingMessage) {\n super(new IncomingMessageHeaders(req));\n this.#req = req;\n }\n\n getNativeRequest<T>(): T {\n return this.#req as T;\n }\n\n get upgrade() {\n return this.#req['upgrade'];\n }\n\n get http2(): boolean {\n return this.#req.httpVersionMajor >= 2;\n }\n\n get path() {\n return this.URL?.pathname;\n }\n\n get URL() {\n this.#url ??= new URL(this.#req.urlBang, `${this.protocol}://${this.host}`);\n return this.#url;\n }\n\n get query() {\n return this.URL?.search;\n }\n\n get method() {\n return this.#req.method as HttpMethod;\n }\n\n get host() {\n let dh: string | undefined = undefined;\n if (this.#req.httpVersionMajor >= 2) {\n dh = (this.#req.headers as http2.IncomingHttpHeaders)[':authority'];\n }\n dh ??= this.#req.socket.remoteAddress;\n return super.parseHost(dh);\n }\n\n get protocol() {\n let dp: string | undefined = undefined;\n if (this.#req.httpVersionMajor > 2) {\n dp = (this.#req.headers as http2.IncomingHttpHeaders)[':scheme'];\n }\n dp ??= this.#req.socketEncrypted ? 'https' : 'http';\n return super.parseProtocol(dp);\n }\n\n get socket() {\n return this.#req.socket;\n }\n\n get remoteAddress(): net.AddressInfo | undefined {\n const family = this.#req.socket.remoteFamily;\n const address = this.#req.socket.remoteAddress;\n const port = this.#req.socket.remotePort;\n const remoteAddress = (!family || !address || !port) ? undefined : { family, address, port };\n return super.parseRemoteAddress(remoteAddress) ?? remoteAddress;\n }\n\n get cookies(): HttpCookie[] {\n this.#cookies ??= super.cookies\n return this.#cookies;\n }\n\n get body(): ReadableStream<BodyChunk> {\n return http.IncomingMessage.toWeb(this.#req) as ReadableStream<BodyChunk>;\n }\n\n async blob() {\n const chunks: BodyChunk[] = [];\n if (this.body !== undefined) {\n for await (const chunk of this.body) {\n chunks.push(chunk);\n }\n }\n return new Blob(chunks, {type: this.headers.one('content-type') as string || 'application/octet-stream'});\n }\n\n\n async text() {\n const blob = await this.blob();\n return await blob.text();\n }\n\n async formData() {\n const blob = await this.blob();\n const text = await blob.text();\n return new URLSearchParams(text);\n }\n\n async json() {\n const blob = await this.blob();\n if (blob.size === 0) {\n return undefined;\n }\n const text = await blob.text();\n return JSON.parse(text);\n }\n\n\n protected initId(): string {\n const remoteIp = this.#req.socket.remoteAddress;\n if (!remoteIp) {\n throw new Error('Socket has no remote address');\n }\n return `${remoteIp}:${this.#req.socket.remotePort}`;\n }\n}\n\nclass IncomingMessageHeaders extends AbstractHttpHeaders<ReadonlyHeaderValues> implements ReadonlyHttpHeaders {\n readonly #msg: ExtendedHttpIncomingMessage;\n\n constructor(msg: ExtendedHttpIncomingMessage) {\n super();\n this.#msg = msg;\n }\n\n has(name: string): boolean {\n return this.#msg.headers[name] !== undefined;\n }\n\n get(name: string): string | (readonly string[]) | undefined {\n return this.#msg.headers[name];\n }\n\n list(name: string): string[] {\n return super.toList(name);\n }\n\n one(name: string): string | undefined {\n const value = this.#msg.headers[name];\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n }\n\n keys() {\n return Object.keys(this.#msg.headers).values();\n }\n}\n\nclass OutgoingMessageHeaders extends AbstractHttpHeaders<HeaderValues> implements MutableHttpHeaders {\n readonly #msg: ExtendedHttpServerResponse;\n\n constructor(msg: ExtendedHttpServerResponse) {\n super();\n this.#msg = msg;\n }\n\n has(name: string): boolean {\n return this.#msg.hasHeader(name);\n }\n\n keys() {\n return this.#msg.getHeaderNames().values();\n }\n\n get(name: string): HeaderValues {\n return this.#msg.getHeader(name);\n }\n\n one(name: string): HeaderValue {\n const value = this.#msg.getHeader(name);\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n }\n\n set(name: string, value: HeaderValues): this {\n if (!this.#msg.headersSent) {\n if (Array.isArray(value)) {\n value = value.map(v => typeof v === 'number' ? String(v) : v);\n } else if (typeof value === 'number') {\n value = String(value);\n }\n\n if (value) {\n this.#msg.setHeader(name, value);\n }\n else {\n this.#msg.removeHeader(name);\n }\n }\n return this;\n }\n\n add(name: string, value: string | (readonly string[])): this {\n if (!this.#msg.headersSent) {\n this.#msg.appendHeader(name, value);\n }\n return this;\n }\n\n list(name: string): string[] {\n return super.toList(name);\n }\n}\n\nexport class HttpServerResponse extends AbstractServerHttpResponse implements ServerHttpResponse {\n readonly #res: ExtendedHttpServerResponse;\n\n constructor(res: ExtendedHttpServerResponse) {\n super(new OutgoingMessageHeaders(res));\n this.#res = res;\n }\n\n getNativeResponse<T>(): T {\n return this.#res as T;\n }\n\n get statusCode(): HttpStatusCode {\n const status = super.statusCode;\n return status ?? {value: this.#res.statusCode};\n }\n\n applyStatusCode() {\n const status = super.statusCode;\n if (status !== undefined) {\n this.#res.statusCode = status.value;\n }\n }\n\n addCookie(cookie: ResponseCookie): this {\n this.headers.add('Set-Cookie', super.setCookieValue(cookie));\n return this;\n }\n\n async bodyInternal(body: Promise<BodyChunk | void>): Promise<boolean> {\n if (!this.#res.headersSent) {\n if (body instanceof ReadableStream) {\n // http.IncomingMessage.fromWeb(body)\n throw new Error('ReadableStream body not supported in response');\n }\n else {\n const chunk = await body;\n return await new Promise<boolean>((resolve, reject) => {\n try {\n if (chunk === undefined) {\n this.#res.end(() => {\n resolve(true);\n });\n } else {\n if (!this.headers.has('content-length')) {\n // set content-length if not already set\n if (typeof chunk === 'string') {\n this.headers.set('content-length', Buffer.byteLength(chunk));\n }\n else if (chunk instanceof Blob) {\n this.headers.set('content-length', chunk.size);\n }\n else {\n this.headers.set('content-length', chunk.byteLength);\n }\n }\n this.#res.end(chunk, () => {\n resolve(true);\n });\n }\n } catch (e) {\n reject(e instanceof Error ? e : new Error(`end failed: ${e}`));\n }\n });\n }\n }\n else {\n return false; // already ended\n }\n }\n}\n\nexport class ServerHttpRequestDecorator implements ServerHttpRequest {\n readonly #delegate: ServerHttpRequest;\n\n constructor(request: ServerHttpRequest) {\n this.#delegate = request;\n }\n\n get delegate(): ServerHttpRequest {\n return this.#delegate;\n }\n\n get id(): string {\n return this.#delegate.id;\n }\n\n get method(): HttpMethod {\n return this.#delegate.method;\n }\n\n get path(): string {\n return this.#delegate.path;\n }\n\n get protocol() {\n return this.#delegate.protocol;\n }\n\n get host(): string | undefined {\n return this.#delegate.host;\n }\n\n get URL(): URL {\n return this.#delegate.URL;\n }\n\n get headers(): ReadonlyHttpHeaders {\n return this.#delegate.headers;\n }\n\n get cookies(): HttpCookie[] {\n return this.#delegate.cookies;\n }\n\n get remoteAddress() {\n return this.#delegate.remoteAddress;\n }\n\n get upgrade() {\n return this.#delegate.upgrade;\n }\n\n get body(): ReadableStream<BodyChunk> | undefined {\n return this.#delegate.body;\n }\n async blob(): Promise<Blob> {\n return await this.#delegate.blob();\n }\n async text(): Promise<string> {\n return await this.#delegate.text();\n }\n async formData(): Promise<URLSearchParams> {\n return await this.#delegate.formData();\n }\n async json(): Promise<unknown> {\n return await this.#delegate.json();\n }\n\n toString(): string {\n return `${ServerHttpRequestDecorator.name} [delegate: ${this.delegate.toString()}]`;\n }\n\n public static getNativeRequest<T>(request: ServerHttpRequest): T {\n if (request instanceof AbstractServerHttpRequest) {\n return request.getNativeRequest<T>();\n }\n else if (request instanceof ServerHttpRequestDecorator) {\n return ServerHttpRequestDecorator.getNativeRequest<T>(request.delegate);\n }\n else {\n throw new Error(`Cannot get native request from ${request.constructor.name}`);\n }\n }\n}\nexport class ServerHttpResponseDecorator implements ServerHttpResponse {\n readonly #delegate: ServerHttpResponse;\n\n constructor(response: ServerHttpResponse) {\n this.#delegate = response;\n }\n\n get delegate(): ServerHttpResponse {\n return this.#delegate;\n }\n\n setStatusCode(statusCode: HttpStatusCode): boolean {\n return this.delegate.setStatusCode(statusCode);\n }\n\n setRawStatusCode(statusCode?: number): boolean {\n return this.delegate.setRawStatusCode(statusCode);\n }\n\n get statusCode(): HttpStatusCode {\n return this.delegate.statusCode;\n }\n\n get cookies(): ResponseCookie[] {\n return this.delegate.cookies;\n }\n\n addCookie(cookie: ResponseCookie): this {\n this.delegate.addCookie(cookie);\n return this;\n }\n\n async end(): Promise<boolean> {\n return await this.delegate.end();\n }\n\n async body(body: ReadableStream<BodyChunk> | Promise<BodyChunk | void> | BodyChunk): Promise<boolean> {\n return await this.#delegate.body(body);\n }\n\n get headers(): MutableHttpHeaders {\n return this.#delegate.headers;\n }\n\n toString(): string {\n return `${ServerHttpResponseDecorator.name} [delegate: ${this.delegate.toString()}]`;\n }\n\n public static getNativeResponse<T>(response: ServerHttpResponse): T {\n if (response instanceof AbstractServerHttpResponse) {\n return response.getNativeResponse<T>();\n }\n else if (response instanceof ServerHttpResponseDecorator) {\n return ServerHttpResponseDecorator.getNativeResponse<T>(response.delegate);\n }\n else {\n throw new Error(`Cannot get native response from ${response.constructor.name}`);\n }\n }\n}\n\nexport class ServerWebExchangeDecorator implements ServerWebExchange {\n readonly #delegate: ServerWebExchange;\n\n protected constructor(exchange: ServerWebExchange) {\n this.#delegate = exchange;\n }\n\n get delegate(): ServerWebExchange {\n return this.#delegate;\n }\n\n get request(): ServerHttpRequest {\n return this.#delegate.request;\n }\n\n get response(): ServerHttpResponse {\n return this.#delegate.response;\n }\n\n attribute<T>(name: string): T | undefined {\n return this.#delegate.attribute(name);\n }\n\n principal<P extends Principal>(): Promise<P | undefined> {\n return this.#delegate.principal();\n }\n\n get logPrefix(): string {\n return this.#delegate.logPrefix;\n }\n\n toString() {\n return `${ServerWebExchangeDecorator.name} [delegate: ${this.delegate}]`;\n }\n}\n\nexport class DefaultWebExchange<Request extends ServerHttpRequest, Response extends ServerHttpResponse> {\n readonly request: Request;\n readonly response: Response;\n readonly #attributes: Record<string, unknown> = {};\n #logId?: unknown;\n #logPrefix: string = '';\n\n constructor(request: Request, response: Response) {\n this.#attributes[LOG_ID_ATTRIBUTE] = request.id;\n this.request = request;\n this.response = response;\n }\n\n get method(): HttpMethod {\n return this.request.method;\n }\n\n get path(): string | null | undefined {\n return this.request.path;\n }\n\n get attributes(): Record<string, unknown> {\n return this.#attributes;\n }\n\n attribute<T>(name: string): T | undefined {\n return this.attributes[name] as T;\n }\n\n principal<P extends Principal>(): Promise<P | undefined> {\n return Promise.resolve(undefined);\n }\n\n get logPrefix(): string {\n const value = this.attribute(LOG_ID_ATTRIBUTE);\n if (this.#logId !== value) {\n this.#logId = value;\n this.#logPrefix = value !== undefined ? `[${value}] ` : '';\n }\n return this.#logPrefix;\n }\n}\n\nexport const LOG_ID_ATTRIBUTE = 'io.interop.gateway.server.log_id';\n\n", "import getLogger from '../logger.js';\nimport {getHeapStatistics, writeHeapSnapshot, HeapInfo} from 'node:v8';\nimport {PathLike} from 'node:fs';\nimport {access, mkdir, rename, unlink} from 'node:fs/promises';\n\nconst log = getLogger('monitoring');\n\nexport type Options = typeof DEFAULT_OPTIONS;\n\nexport type Command = 'run' | 'dump' | 'stop';\nexport type Channel = (command?: Command) => Promise<boolean>;\n\nconst DEFAULT_OPTIONS = {\n memoryLimit: 1024 * 1024 * 1024, // 1GB\n reportInterval: 10 * 60 * 1000, // 10 min\n dumpLocation: '.', // current folder\n maxBackups: 10,\n dumpPrefix: 'Heap'\n}\n\nfunction fetchStats(): HeapInfo {\n return getHeapStatistics();\n}\n\nasync function dumpHeap(opts: Options) {\n const prefix = opts.dumpPrefix ?? 'Heap';\n const target = `${opts.dumpLocation}/${prefix}.heapsnapshot`;\n if (log.enabledFor('debug')) {\n log.debug(`starting heap dump in ${target}`);\n }\n\n await fileExists(opts.dumpLocation)\n .catch(async (_) => {\n if (log.enabledFor('debug')) {\n log.debug(`dump location ${opts.dumpLocation} does not exists. Will try to create it`);\n }\n try {\n await mkdir(opts.dumpLocation, {recursive: true});\n log.info(`dump location dir ${opts.dumpLocation} successfully created`);\n } catch (e) {\n log.error(`failed to create dump location ${opts.dumpLocation}`);\n }\n });\n const dumpFileName = writeHeapSnapshot(target);\n log.info(`heap dumped`);\n try {\n log.debug(`rolling snapshot backups`);\n const lastFileName = `${opts.dumpLocation}/${prefix}.${opts.maxBackups}.heapsnapshot`;\n await fileExists(lastFileName)\n .then(async () => {\n if (log.enabledFor('debug')) {\n log.debug(`deleting ${lastFileName}`);\n }\n try {\n await unlink(lastFileName);\n } catch (e) {\n log.warn(`failed to delete ${lastFileName}`, e);\n }\n })\n .catch(() => {\n /* do nothing*/\n });\n for (let i = opts.maxBackups - 1; i > 0; i--) {\n const currentFileName = `${opts.dumpLocation}/${prefix}.${i}.heapsnapshot`;\n const nextFileName = `${opts.dumpLocation}/${prefix}.${i + 1}.heapsnapshot`;\n await fileExists(currentFileName)\n .then(async () => {\n try {\n await rename(currentFileName, nextFileName);\n } catch (e) {\n log.warn(`failed to rename ${currentFileName} to ${nextFileName}`, e);\n }\n })\n .catch(() => {\n /* do nothing*/\n });\n }\n const firstFileName = `${opts.dumpLocation}/${prefix}.${1}.heapsnapshot`;\n try {\n await rename(dumpFileName, firstFileName);\n } catch (e) {\n log.warn(`failed to rename ${dumpFileName} to ${firstFileName}`, e);\n }\n log.debug('snapshots rolled');\n } catch (e) {\n log.error('error rolling backups', e);\n throw e;\n }\n}\n\nasync function fileExists(path: PathLike): Promise<void> {\n if (log.enabledFor('trace')) {\n log.debug(`checking file ${path}`);\n }\n await access(path);\n}\n\nasync function processStats(stats: HeapInfo, state: {\n memoryLimitExceeded: boolean,\n snapshot?: boolean\n}, opts: Options) {\n if (log.enabledFor('debug')) {\n log.debug(`processing heap stats ${JSON.stringify(stats)}`);\n }\n const limit = Math.min(opts.memoryLimit, (0.95 * stats.heap_size_limit));\n const used = stats.used_heap_size;\n log.info(`heap stats ${JSON.stringify(stats)}`);\n if (used >= limit) {\n log.warn(`used heap ${used} bytes exceeds memory limit ${limit} bytes`);\n if (state.memoryLimitExceeded) {\n delete state.snapshot;\n } else {\n state.memoryLimitExceeded = true;\n state.snapshot = true;\n }\n await dumpHeap(opts);\n } else {\n state.memoryLimitExceeded = false;\n delete state.snapshot;\n }\n}\n\nexport function start(opts?: Partial<Options>): Options & { channel: Channel } {\n const merged: Options = {...DEFAULT_OPTIONS, ...opts};\n\n let stopped = false;\n const state = {memoryLimitExceeded: false};\n const report = async () => {\n const stats = fetchStats();\n await processStats(stats, state, merged);\n }\n const interval = setInterval(report, merged.reportInterval);\n const channel = async (command?: Command) => {\n if (!stopped) {\n command ??= 'run';\n switch (command) {\n case 'run': {\n await report();\n break;\n }\n case 'dump': {\n await dumpHeap(merged);\n break;\n }\n case 'stop': {\n stopped = true;\n clearInterval(interval);\n log.info('exit memory diagnostic');\n break;\n }\n }\n\n }\n return stopped;\n }\n\n return {...merged, channel};\n}\n\nasync function run({channel}: { channel: Channel }, command?: Command) {\n if (!await channel(command)) {\n log.warn(`cannot execute command \"${command}\" already closed`)\n }\n}\n\n\nexport async function stop(m: { channel: Channel }) {\n return await run(m, 'stop');\n}\n", "import type {ServerWebExchange} from '../../types/web/server';\n\nimport info from '@interopio/gateway-server/package.json' with {type: 'json'};\n\nconst serverHeader = (server?: string | false) => {\n server ??= `${info.name} - v${info.version}`;\n return async ({response}: ServerWebExchange, next: () => Promise<void>) => {\n if (server !== false && !response.headers.has('server')) {\n response.headers.set('Server', server);\n }\n await next();\n }\n};\n\nexport default (server?: string | false) => serverHeader(server);\n", "import {IOGateway} from '@interopio/gateway';\nimport {OriginFilters} from '../../types/web/server';\nimport getLogger from '../logger.js';\n\nconst log = getLogger('gateway.ws.client-verify');\n\nexport type ProcessedOriginFilters\n = Required<Omit<OriginFilters, 'blacklist' | 'whitelist'>>\n //| Required<Omit<GatewayServer.OriginFilters, 'block' | 'allow'>>\n ;\n\nfunction acceptsMissing(originFilters: ProcessedOriginFilters): boolean {\n switch (originFilters.missing) {\n case 'allow': // fall-through\n case 'whitelist':\n return true;\n case 'block': // fall-through\n case 'blacklist':\n return false;\n default:\n return false;\n }\n}\n\nfunction tryMatch(originFilters: ProcessedOriginFilters, origin: string): boolean | undefined {\n const block = originFilters.block ?? originFilters['blacklist'];\n const allow = originFilters.allow ?? originFilters['whitelist'];\n if (block.length > 0 && IOGateway.Filtering.valuesMatch(block, origin)) {\n log.warn(`origin ${origin} matches block filter`);\n return false;\n } else if (allow.length > 0 && IOGateway.Filtering.valuesMatch(allow, origin)) {\n if (log.enabledFor('debug')) {\n log.debug(`origin ${origin} matches allow filter`);\n }\n return true;\n }\n}\n\nfunction acceptsNonMatched(originFilters: ProcessedOriginFilters): boolean {\n switch (originFilters.non_matched) {\n case 'allow': // fall-through\n case 'whitelist':\n return true;\n case 'block': // fall-through\n case 'blacklist':\n return false;\n default:\n return false;\n }\n}\n\nexport function acceptsOrigin(origin?: string, originFilters?: ProcessedOriginFilters): boolean {\n if (!originFilters) {\n return true;\n }\n if (!origin) {\n return acceptsMissing(originFilters);\n } else {\n const matchResult: boolean | undefined = tryMatch(originFilters, origin);\n if (matchResult) {\n return matchResult;\n } else {\n return acceptsNonMatched(originFilters);\n }\n }\n}\n\nexport function regexifyOriginFilters(originFilters?: OriginFilters): ProcessedOriginFilters | undefined {\n if (originFilters) {\n const block = (originFilters.block ?? originFilters.blacklist ?? []).map(IOGateway.Filtering.regexify);\n const allow = (originFilters.allow ?? originFilters.whitelist ?? []).map(IOGateway.Filtering.regexify);\n return {\n non_matched: originFilters.non_matched ?? 'allow',\n missing: originFilters.missing ?? 'allow',\n allow,\n block,\n }\n }\n}\n", "import type {ServerWebExchange} from '../../../types/web/server';\n\nexport type MatchResult = Readonly<{ match: boolean, variables: Readonly<Record<string, string>> }>;\n\nexport interface ServerWebExchangeMatcher {\n /**\n * Matches the given exchange against the matcher.\n * @param exchange The web exchange to match.\n * @returns A promise that resolves to true if the exchange matches, false otherwise.\n */\n (exchange: ServerWebExchange): Promise<MatchResult>;\n\n /**\n * Returns a string representation of the matcher.\n * @returns A string representation of the matcher.\n */\n toString(): string;\n}\n\nexport type ServerWebExchangeMatcherEntry<T> = Readonly<[ServerWebExchangeMatcher, T]>\n\nexport const or: (matchers: ServerWebExchangeMatcher[]) => ServerWebExchangeMatcher = (matchers: ServerWebExchangeMatcher[]): ServerWebExchangeMatcher => {\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n for (const matcher of matchers) {\n const result = await matcher(exchange);\n if (result.match) {\n return match();\n }\n }\n return NO_MATCH;\n };\n}\n\nexport const and: (matchers: ServerWebExchangeMatcher[]) => ServerWebExchangeMatcher = (matchers: ServerWebExchangeMatcher[]) => {\n const matcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n for (const matcher of matchers) {\n const result = await matcher(exchange);\n if (!result.match) {\n return NO_MATCH;\n }\n }\n return match();\n };\n matcher.toString = () => `and(${matchers.map(m => m.toString()).join(', ')})`;\n return matcher;\n}\n\n\nexport const not: (matcher: ServerWebExchangeMatcher) => ServerWebExchangeMatcher = (matcher: ServerWebExchangeMatcher): ServerWebExchangeMatcher => {\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const result = await matcher(exchange);\n return result.match ? NO_MATCH : match();\n };\n}\n\nexport const anyExchange: ServerWebExchangeMatcher = async (_exchange: ServerWebExchange): Promise<MatchResult> => {\n return match();\n}\nanyExchange.toString = () => 'any-exchange';\n\nconst EMPTY_OBJECT = Object.freeze({});\nexport const NO_MATCH: MatchResult = Object.freeze({match: false, variables: EMPTY_OBJECT});\nexport const match = (variables: Record<string, string> = EMPTY_OBJECT): MatchResult => {\n return {match: true, variables};\n}\n\nexport const pattern: ((pattern: string | RegExp, opts?: {method?: string}) => ServerWebExchangeMatcher) = (pattern, opts) => {\n const method = opts?.method;\n const matcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const request = exchange.request;\n const path = request.path;\n if (method !== undefined && request.method !== method) {\n return NO_MATCH;\n }\n if (typeof pattern === 'string') {\n if (path === pattern) {\n return match();\n }\n return NO_MATCH;\n }\n else {\n const match = pattern.exec(path);\n if (match === null) {\n return NO_MATCH;\n }\n return {match: true, variables: {...match.groups}};\n }\n };\n matcher.toString = () => {\n return `pattern(${pattern.toString()}, method=${method ?? '<any>'})`;\n }\n return matcher\n\n}\nexport const mediaType : ((opts: {mediaTypes: string[], ignoredMediaTypes?: string[], useEquality?: boolean}) => ServerWebExchangeMatcher) = (opts): ServerWebExchangeMatcher => {\n\n const shouldIgnore = (requestedMediaType: string): boolean => {\n if (opts.ignoredMediaTypes !== undefined) {\n for (const ignoredMediaType of opts.ignoredMediaTypes) {\n if (requestedMediaType === ignoredMediaType || ignoredMediaType === '*/*') {\n return true;\n }\n }\n }\n return false;\n }\n\n return async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const request = exchange.request;\n let requestMediaTypes: string[];\n try {\n requestMediaTypes = request.headers.list('accept');\n }\n catch (e) {\n return NO_MATCH;\n }\n for (const requestedMediaType of requestMediaTypes) {\n if (shouldIgnore(requestedMediaType)) {\n continue;\n }\n for (const mediaType of opts.mediaTypes) {\n if (requestedMediaType.startsWith(mediaType)) {\n return match();\n }\n }\n }\n\n return NO_MATCH;\n };\n}\n\nexport const upgradeMatcher: ServerWebExchangeMatcher = async ({request}: ServerWebExchange): Promise<MatchResult> => {\n const upgrade = request.upgrade && request.headers.one('upgrade')?.toLowerCase() === 'websocket';\n return upgrade ? match() : NO_MATCH;\n};\nupgradeMatcher.toString = () => 'websocket upgrade';\n", "import {regexifyOriginFilters} from '../server/ws-client-verify.js';\nimport type {SecurityContext} from '../server/security/security-context.js';\nimport {pattern, ServerWebExchangeMatcher} from '../server/util/matchers.js';\nimport type {CorsConfig} from '../server/cors.js';\nimport type {Middleware} from '../server/types.ts';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\nimport type {SocketRoute} from '../server/socket.js';\nimport {GatewayServer} from '../../gateway-server';\nimport type {\n ServerConfigurer,\n ServerConfigurerHandlerSpec,\n ServerConfigurerSocketSpec,\n ServerExchangeOptions,\n ServerWebExchange\n} from '../../types/web/server';\nimport type {AuthorizationRule} from '../../types/auth';\nimport {IOGateway} from '@interopio/gateway';\nexport type PathPattern = string | RegExp;\nexport type RouteConfig = Readonly<{\n readonly storage: AsyncLocalStorage<{\n exchange: ServerWebExchange,\n securityContext?: Promise<SecurityContext>\n }>,\n readonly serverHeader?: string | false\n readonly corsConfig?: GatewayServer.ServerConfig['cors'],\n readonly authConfig?: GatewayServer.ServerConfig['auth'],\n readonly middleware: Middleware,\n readonly cors: Array<[PathPattern, CorsConfig | undefined]>,\n readonly authorize: Array<[ServerWebExchangeMatcher, AuthorizationRule]>\n readonly sockets: Map<string, SocketRoute>\n}>\n\nexport async function configure(app: GatewayServer.ServerCustomizer, config: GatewayServer.ServerConfig, routes: RouteConfig): Promise<void> {\n const applyCors = (request: ServerConfigurerHandlerSpec['request'], options?: ServerExchangeOptions) => {\n // // disable CORS for this route\n // if (options?.cors === false) {\n // const path = request.path as (PathPattern);\n // routes.cors.push([request.path, undefined]);\n // }\n if (options?.cors) {\n const cors: CorsConfig = options.cors === true ? {\n allowOrigins: options.origins?.allow?.map(IOGateway.Filtering.regexify),\n allowMethods: request.method === undefined ? ['*'] : [request.method],\n allowCredentials: options.authorize?.access !== 'permitted' ? true : undefined,\n } : options.cors;\n const path = request.path as (PathPattern);\n routes.cors.push([path, cors]);\n }\n }\n\n const configurer = new class implements ServerConfigurer {\n\n handle(...handlers: Array<ServerConfigurerHandlerSpec>) {\n handlers.forEach(({request, options, handler}) => {\n const matcher = pattern(IOGateway.Filtering.regexify(request.path) as string | RegExp, {method: request.method});\n if (options?.authorize) {\n routes.authorize.push([matcher, options.authorize]);\n }\n\n applyCors(request, options);\n const middleware = async (exchange: ServerWebExchange, next: () => Promise<void>): Promise<void> => {\n const {match, variables} = await matcher(exchange);\n if (match) {\n await handler(exchange, variables);\n } else {\n await next();\n }\n };\n routes.middleware.push(middleware);\n });\n }\n\n socket(...sockets: Array<ServerConfigurerSocketSpec>) {\n for (const {path, factory, options} of sockets) {\n const route = path ?? '/';\n\n // cors and authorize are currently handled for ws\n routes.sockets.set(route, {\n default: path === undefined,\n ping: options?.ping,\n factory: factory,\n maxConnections: options?.maxConnections,\n authorize: options?.authorize,\n originFilters: regexifyOriginFilters(options?.origins)\n });\n }\n }\n };\n await app(configurer, config);\n}\n", "import {ServerWebExchangeMatcher} from './util/matchers.js';\nimport {HttpStatus} from '../http/status.js';\nimport getLogger from '../logger.js';\nimport type {HttpRequest, ReadonlyHttpHeaders} from '../../types/web/http';\nimport type {ServerHttpResponse, ServerWebExchange} from '../../types/web/server';\nimport {IOGateway} from '@interopio/gateway';\n\nfunction isSameOrigin(request: HttpRequest<ReadonlyHttpHeaders>) {\n const origin = request.headers.one('origin');\n if (origin === undefined) {\n return true;\n }\n const url = request.URL;\n const actualProtocol = url.protocol;\n const actualHost = url.host;\n\n const originUrl = URL.parse(origin);\n\n const originHost = originUrl?.host;\n const originProtocol = originUrl?.protocol;\n return actualProtocol === originProtocol\n && actualHost === originHost;\n}\n\n/**\n * Returns `true` if the request is a valid CORS one by checking `Origin` header presence and ensuring origins differ.\n */\nexport function isCorsRequest(request: HttpRequest<ReadonlyHttpHeaders>): boolean {\n return request.headers.has('origin') && !isSameOrigin(request);\n\n}\n\nexport function isPreFlightRequest(request: HttpRequest): boolean {\n return request.method === 'OPTIONS'\n && request.headers.has('origin')\n && request.headers.has('access-control-request-method');\n}\n\nconst VARY_HEADERS: readonly string[] = ['Origin', 'Access-Control-Request-Method', 'Access-Control-Request-Headers'];\n\n/**\n * Processes a request given a {@link CorsConfig}.\n *\n * @param exchange the current exchange\n * @param config the CORS configuration to use, possibly `undefined` in which case pre-flight requests are rejected, but all others allowed\n * @returns `false` if the request is rejected, `true` otherwise\n */\nexport const processRequest: CorsProcessor = (exchange: ServerWebExchange, config?: CorsConfig): boolean => {\n const {request, response} = exchange;\n const responseHeaders = response.headers;\n\n if (!responseHeaders.has('Vary')) {\n responseHeaders.set('Vary', VARY_HEADERS.join(', '));\n }\n else {\n const varyHeaders = responseHeaders.list('Vary');\n for (const header of VARY_HEADERS) {\n if (!varyHeaders.find(h => h === header)) {\n varyHeaders.push(header);\n }\n }\n responseHeaders.set('Vary', varyHeaders.join(', '));\n }\n\n try {\n if (!isCorsRequest(request)) {\n return true;\n }\n }\n catch (e) {\n if(logger.enabledFor('debug')) {\n logger.debug(`reject: origin is malformed`);\n }\n rejectRequest(response);\n return false;\n }\n\n if (responseHeaders.has('access-control-allow-origin')) {\n if (logger.enabledFor('trace')) {\n logger.debug(`skip: already contains \"Access-Control-Allow-Origin\"`);\n }\n return true;\n }\n\n const preFlightRequest = isPreFlightRequest(request);\n\n if (config) {\n return handleInternal(exchange, config, preFlightRequest);\n }\n if (preFlightRequest) {\n rejectRequest(response);\n return false;\n }\n return true;\n}\n\nexport type CorsConfig = Readonly<{\n allowOrigins?: '*' | IOGateway.Filtering.Matcher[]\n allowMethods?:'*' | string[]\n allowHeaders?: '*' | string[]\n exposeHeaders?: string[]\n allowCredentials?: boolean\n allowPrivateNetwork?: boolean\n maxAge?: number\n}>;\n\nconst DEFAULT_PERMIT_ALL = ['*'];\nconst DEFAULT_PERMIT_METHODS = ['GET', 'HEAD', 'POST'];\nexport const PERMIT_DEFAULT_CONFIG: CorsConfig = {\n allowOrigins: DEFAULT_PERMIT_ALL,\n allowMethods: DEFAULT_PERMIT_METHODS,\n allowHeaders: DEFAULT_PERMIT_ALL,\n maxAge: 1800 // 30 minutes\n}\nexport /*testing*/ function validateCorsConfig(config?: CorsConfig): CorsConfig | undefined {\n if (config) {\n const allowHeaders = config.allowHeaders;\n if (allowHeaders && allowHeaders !== ALL) {\n config = {\n ...config,\n allowHeaders: allowHeaders.map(header => header.toLowerCase())\n };\n }\n const allowOrigins = config.allowOrigins;\n if (allowOrigins) {\n if (allowOrigins === '*') {\n validateAllowCredentials(config);\n validateAllowPrivateNetwork(config);\n }\n else {\n config = {\n ...config,\n allowOrigins: allowOrigins.map(origin => {\n if (typeof origin === 'string' && origin !== ALL) {\n origin = IOGateway.Filtering.regexify(origin);\n if (typeof origin === 'string') {\n // exact match\n return trimTrailingSlash(origin).toLowerCase();\n }\n }\n return origin;\n })\n };\n }\n }\n return config;\n }\n}\n\nfunction combine<T = (string | IOGateway.Filtering.Matcher)>(source?: '*' | T[], other?: '*' | T[]): T[] | undefined {\n if (other === undefined) {\n return source !== undefined ? (source === ALL ? [ALL as T] : source) : [];\n }\n if (source === undefined) {\n return other === ALL ? [ALL as T] : other;\n }\n if (source == DEFAULT_PERMIT_ALL || source === DEFAULT_PERMIT_METHODS) {\n return other === ALL ? [ALL as T] : other;\n }\n if (other == DEFAULT_PERMIT_ALL || other === DEFAULT_PERMIT_METHODS) {\n return source === ALL ? [ALL as T] : source;\n }\n if (source === ALL || source.includes(ALL as T) || other === ALL || other.includes(ALL as T)) {\n return [ALL as T];\n }\n const combined = new Set<T>();\n source.forEach((v) => combined.add(v));\n other.forEach((v) => combined.add(v));\n return Array.from(combined);\n}\nexport const combineCorsConfig = (source: CorsConfig, other?: CorsConfig): CorsConfig => {\n if (other === undefined) {\n return source;\n }\n const config: CorsConfig = {\n allowOrigins: combine(source.allowOrigins, other?.allowOrigins),\n allowMethods: combine(source.allowMethods, other?.allowMethods),\n allowHeaders: combine(source.allowHeaders, other?.allowHeaders),\n exposeHeaders: combine(source.exposeHeaders, other?.exposeHeaders),\n allowCredentials: other?.allowCredentials ?? source.allowCredentials,\n allowPrivateNetwork: other?.allowPrivateNetwork ?? source.allowPrivateNetwork,\n maxAge: other?.maxAge ?? source.maxAge\n }\n return config;\n\n}\n\nexport type CorsConfigSource = (exchange: ServerWebExchange) => Promise<CorsConfig | undefined>;\nexport type CorsProcessor = (exchange: ServerWebExchange, config?: CorsConfig) => boolean;\n\nconst corsFilter = (opts: {corsConfigSource: CorsConfigSource, corsProcessor?: CorsProcessor}) => {\n const source = opts.corsConfigSource;\n const processor = opts.corsProcessor ?? processRequest;\n return async (ctx: ServerWebExchange, next: () => Promise<void>) => {\n const config = await source(ctx);\n const isValid = processor(ctx, config);\n if (!isValid || isPreFlightRequest(ctx.request)) {\n return;\n } else {\n await next();\n }\n };\n}\n\nexport default corsFilter;\n\n\nconst logger = getLogger('cors');\n\nfunction rejectRequest(response: ServerHttpResponse) {\n response.setStatusCode(HttpStatus.FORBIDDEN);\n}\n\nfunction handleInternal(exchange: ServerWebExchange,\n config: CorsConfig, preFlightRequest: boolean): boolean {\n const {request, response} = exchange;\n const responseHeaders = response.headers;\n\n const requestOrigin = request.headers.one('origin');\n const allowOrigin = checkOrigin(config, requestOrigin);\n\n if (allowOrigin === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: '${requestOrigin}' origin is not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n const requestMethod = getMethodToUse(request, preFlightRequest);\n const allowMethods = checkMethods(config, requestMethod);\n if (allowMethods === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: HTTP '${requestMethod}' is not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n const requestHeaders = getHeadersToUse(request, preFlightRequest);\n const allowHeaders = checkHeaders(config, requestHeaders);\n if (preFlightRequest && allowHeaders === undefined) {\n if (logger.enabledFor('debug')) {\n logger.debug(`reject: headers '${requestHeaders}' are not allowed`);\n }\n rejectRequest(response);\n return false;\n }\n\n responseHeaders.set('Access-Control-Allow-Origin', allowOrigin);\n\n if (preFlightRequest) {\n responseHeaders.set('Access-Control-Allow-Methods', allowMethods.join(','));\n\n }\n if (preFlightRequest && allowHeaders !== undefined && allowHeaders.length > 0) {\n responseHeaders.set('Access-Control-Allow-Headers', allowHeaders.join(', '));\n }\n const exposeHeaders = config.exposeHeaders;\n if (exposeHeaders && exposeHeaders.length > 0) {\n responseHeaders.set('Access-Control-Expose-Headers', exposeHeaders.join(', '));\n }\n if (config.allowCredentials) {\n responseHeaders.set('Access-Control-Allow-Credentials', 'true');\n }\n if (config.allowPrivateNetwork && request.headers.one('access-control-request-private-network') === 'true') {\n responseHeaders.set('Access-Control-Allow-Private-Network', 'true');\n }\n\n if (preFlightRequest && config.maxAge !== undefined) {\n responseHeaders.set('Access-Control-Max-Age', config.maxAge.toString());\n }\n return true;\n}\n\nconst ALL = '*';\nconst DEFAULT_METHODS = ['GET', 'HEAD'];\n\nfunction validateAllowCredentials(config: CorsConfig) {\n if (config.allowCredentials === true && config.allowOrigins === ALL) {\n throw new Error(`when allowCredentials is true allowOrigins cannot be \"*\"`);\n }\n}\n\nfunction validateAllowPrivateNetwork(config: CorsConfig) {\n if (config.allowPrivateNetwork === true && config.allowOrigins === ALL) {\n throw new Error(`when allowPrivateNetwork is true allowOrigins cannot be \"*\"`);\n }\n}\n\nfunction checkOrigin(config: CorsConfig, origin? :string): string | undefined {\n if (origin) {\n const allowedOrigins = config.allowOrigins;\n if (allowedOrigins) {\n if (allowedOrigins === ALL) {\n validateAllowCredentials(config);\n validateAllowPrivateNetwork(config);\n return ALL;\n }\n const originToCheck = trimTrailingSlash(origin.toLowerCase());\n\n for (const allowedOrigin of allowedOrigins) {\n if ((allowedOrigin === ALL) || IOGateway.Filtering.valueMatches(allowedOrigin, originToCheck)) {\n return origin;\n }\n }\n }\n }\n}\n\nfunction checkMethods(config: CorsConfig, requestMethod?: string): string[] | undefined {\n if (requestMethod) {\n const allowedMethods = config.allowMethods ?? DEFAULT_METHODS;\n if (allowedMethods === ALL) {\n return [requestMethod];\n }\n if (IOGateway.Filtering.valuesMatch(allowedMethods, requestMethod)) {\n return allowedMethods;\n }\n }\n}\n\nfunction checkHeaders(config: CorsConfig, requestHeaders?: string[]): string[] | undefined {\n if (requestHeaders === undefined) {\n return;\n }\n if (requestHeaders.length == 0) {\n return [];\n }\n const allowedHeaders = config.allowHeaders;\n if (allowedHeaders === undefined) {\n return;\n }\n const allowAnyHeader = allowedHeaders === ALL || allowedHeaders.includes(ALL);\n const result: string[] = [];\n for (const requestHeader of requestHeaders) {\n const value = requestHeader?.trim();\n if (value) {\n if (allowAnyHeader) {\n result.push(value);\n }\n else {\n for (const allowedHeader of allowedHeaders) {\n if (value.toLowerCase() === allowedHeader) {\n result.push(value);\n break;\n }\n }\n }\n }\n }\n if (result.length > 0) {\n return result;\n }\n}\n\nfunction trimTrailingSlash(origin: string): string {\n return origin.endsWith('/') ? origin.slice(0, -1) : origin;\n}\n\nfunction getMethodToUse(request: HttpRequest<ReadonlyHttpHeaders>, isPreFlight: boolean): string | undefined {\n return (isPreFlight ? request.headers.one('access-control-request-method') : request.method);\n}\n\nfunction getHeadersToUse(request: HttpRequest, isPreFlight: boolean): string[] {\n const headers = request.headers;\n return (isPreFlight ? headers.list('access-control-request-headers') : Array.from(headers.keys()));\n}\n\nexport const matchingCorsConfigSource = (opts: {mappings: Array<[ServerWebExchangeMatcher, CorsConfig | undefined]>}): CorsConfigSource => {\n return async (exchange: ServerWebExchange) => {\n for (const [matcher, config] of opts.mappings) {\n if ((await matcher(exchange)).match) {\n logger.debug(`resolved cors config on '${exchange.request.path}' using ${matcher}: ${JSON.stringify(config)}`);\n return config;\n }\n }\n }\n}\n", "import type {RouteConfig, PathPattern} from './route.js';\nimport {\n combineCorsConfig,\n CorsConfig,\n CorsConfigSource,\n matchingCorsConfigSource,\n PERMIT_DEFAULT_CONFIG,\n validateCorsConfig\n} from '../server/cors.js';\nimport {and, pattern, type ServerWebExchangeMatcher, upgradeMatcher} from '../server/util/matchers.js';\nimport {IOGateway} from '@interopio/gateway';\n\nexport function createCorsConfigSource(context: Pick<RouteConfig, 'sockets' | 'cors' | 'corsConfig'>): CorsConfigSource {\n const {sockets: routes, cors} = context;\n\n // create a default CORS config that allows all origins and methods and then combine it with the provided corsConfig\n const defaultCorsConfig: CorsConfig | undefined = context.corsConfig === false ? undefined : combineCorsConfig(PERMIT_DEFAULT_CONFIG, context.corsConfig);\n\n const validatedConfigs: Array<[ServerWebExchangeMatcher, CorsConfig | undefined]> = [];\n\n // for each socket route, combine the default CORS config, then any app CORS config that match, and finally the route CORS config\n for (const [path, route] of routes) {\n let routeCorsConfig: CorsConfig | undefined = defaultCorsConfig;\n for (const [matcher, config] of cors) {\n if (IOGateway.Filtering.valueMatches(matcher, path)) {\n if (config === undefined) {\n routeCorsConfig = undefined;\n }\n else {\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n }\n }\n }\n const config = context.corsConfig === false ? undefined : {\n allowOrigins: route.originFilters?.allow,\n allowMethods: ['GET', 'CONNECT', 'OPTIONS'],\n allowHeaders: [\n 'Upgrade',\n 'Connection',\n 'Origin',\n 'Sec-Websocket-Key',\n 'Sec-Websocket-Version',\n 'Sec-Websocket-Protocol',\n 'Sec-Websocket-Extensions'\n ],\n exposeHeaders: ['Sec-Websocket-Accept', 'Sec-Websocket-Protocol', 'Sec-Websocket-Extensions'],\n allowCredentials: route.authorize?.access !== 'permitted' ? true : undefined,\n };\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n\n validatedConfigs.push([\n and([upgradeMatcher, pattern(path)]),\n validateCorsConfig(routeCorsConfig)]);\n }\n\n const appConfigs: Array<[PathPattern, CorsConfig | undefined]> = [];\n // add app CORS configs\n for (const [matcher, config] of cors) {\n let [, routeCorsConfig] = appConfigs.find(([m]) => String(m) === String(matcher)) ?? [matcher, defaultCorsConfig];\n\n routeCorsConfig = routeCorsConfig === undefined ? config : combineCorsConfig(routeCorsConfig, config);\n let added = false;\n for (const entry of appConfigs) {\n if (String(entry[0]) === String(matcher)) {\n entry[1] = routeCorsConfig;\n added = true;\n break;\n }\n }\n if (!added) {\n appConfigs.push([matcher, routeCorsConfig]);\n }\n }\n for (const [matcher, config] of appConfigs) {\n validatedConfigs.push([pattern(matcher), validateCorsConfig(config)]);\n }\n\n validatedConfigs.push([pattern(/\\/api\\/.*/), validateCorsConfig(defaultCorsConfig)]);\n\n\n return matchingCorsConfigSource({mappings: validatedConfigs});\n}\n", "import type {Principal} from '../../../types/auth';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nexport type Authentication = Principal & {\n type: string;\n readonly name?: string;\n authenticated: boolean;\n}\n\nexport function isAuthentication(principal?: Principal): principal is Authentication {\n return principal !== undefined && typeof principal['type'] === 'string' && typeof principal['authenticated'] === 'boolean';\n}\n\nexport type AuthenticationConverter = (exchange: ServerWebExchange) => Promise<Authentication | undefined>;\n\nexport class AuthenticationError extends Error {\n private _authentication?: Authentication;\n\n get authentication(): Authentication | undefined {\n return this._authentication;\n }\n\n set authentication(value: Authentication) {\n if (value === undefined) {\n throw new TypeError(\"Authentication cannot be undefined\");\n }\n this._authentication = value;\n }\n}\n\nexport class InsufficientAuthenticationError extends AuthenticationError {}\n\nexport class BadCredentialsError extends AuthenticationError {}\n\nexport class AuthenticationCredentialsNotFoundError extends AuthenticationError {}\n\nexport class AccessDeniedError extends Error {}\n\nexport type AuthenticationManager = (authentication: Authentication) => Promise<Authentication | undefined>;\n\nexport type AuthorizationManager<T> = {\n\n /**\n * Determines if access should be granted to the given object for the provided authentication.\n * @param authentication\n * @param object\n */\n verify(authentication: Promise<Authentication | undefined>, object: T): Promise<void>,\n /**\n * Checks if the authentication is authorized to access the given object.\n * @param authentication\n * @param object\n */\n authorize: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationResult | undefined>;\n}\nexport interface AuthorizationResult {readonly granted: boolean;}\nexport class AuthorizationDecision implements AuthorizationResult {\n constructor(granted: boolean) {\n this.granted = granted;\n }\n\n readonly granted: boolean;\n}\nexport class DefaultAuthorizationManager<T> implements AuthorizationManager<T> {\n readonly #check: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationDecision | undefined>;\n\n constructor(check: (authentication: Promise<Authentication | undefined>, object: T) => Promise<AuthorizationDecision>) {\n this.#check = check;\n }\n\n async verify(authentication: Promise<Authentication | undefined>, object: T): Promise<void> {\n const decision = await this.#check(authentication, object);\n if (!decision?.granted) {\n throw new AccessDeniedError(\"Access denied\");\n }\n }\n\n async authorize(authentication: Promise<Authentication | undefined>, object: T) {\n return await this.#check(authentication, object);\n }\n}\n\nexport class AuthenticationServiceError extends AuthenticationError {}\nexport type ServerAuthenticationSuccessHandler = (filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>}, authentication: Authentication) => Promise<void>;\nexport type ServerAuthenticationFailureHandler = (filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>}, error: AuthenticationError) => Promise<void>;\nexport type ServerAuthenticationEntryPoint = (exchange: ServerWebExchange, error: AuthenticationError) => Promise<void>;\nexport type ServerAccessDeniedHandler = (exchange: ServerWebExchange, error: AccessDeniedError) => Promise<void>;\n", "import {MapHttpHeaders} from '../../http/exchange.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\ntype ServerHttpHeadersWriter = (exchange: ServerWebExchange) => Promise<void>;\n\nconst staticServerHttpHeadersWriter = (headers: MapHttpHeaders): ServerHttpHeadersWriter => {\n return async (exchange: ServerWebExchange) => {\n let containsNoHeaders = true;\n const {response} = exchange;\n for (const name of headers.keys()) {\n if (response.headers.has(name)) {\n containsNoHeaders = false;\n }\n }\n if (containsNoHeaders) {\n for (const [name, value] of headers) {\n response.headers.set(name, value);\n }\n }\n }\n}\n\nconst cacheControlServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cache-control', 'no-cache, no-store, max-age=0, must-revalidate')\n .add('pragma', 'no-cache')\n .add('expires', '0'));\n\nconst contentTypeServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-content-type-options', 'nosniff'));\n\nconst strictTransportSecurityServerHttpHeadersWriter = (maxAgeInSeconds: number, includeSubDomains: boolean, preload: boolean) => {\n let headerValue = `max-age=${maxAgeInSeconds}`;\n if (includeSubDomains) {\n headerValue += ' ; includeSubDomains';\n }\n if (preload) {\n headerValue += ' ; preload';\n }\n const delegate = staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('strict-transport-security', headerValue))\n\n const isSecure = (exchange: ServerWebExchange) => {\n const protocol = exchange.request.URL.protocol;\n return protocol === 'https:';\n }\n\n return async (exchange: ServerWebExchange) => {\n if (isSecure(exchange)) {\n await delegate(exchange);\n }\n }\n};\n\ntype FrameOptionsMode = 'DENY' | 'SAMEORIGIN';\nconst frameOptionsServerHttpHeadersWriter = (mode: FrameOptionsMode) => {\n return staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-frame-options', mode))\n};\n\ntype XssProtectionHeaderValue = '0' | '1' | '1; mode=block';\nconst xssProtectionServerHttpHeadersWriter = (headerValue: XssProtectionHeaderValue) => staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('x-xss-protection', headerValue));\n\n\nconst permissionsPolicyServerHttpHeadersWriter = (policyDirectives?: string) => {\n\n const delegate = policyDirectives === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('permissions-policy', policyDirectives));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\nconst contentSecurityPolicyServerHttpHeadersWriter = (policyDirectives?: string, reportOnly?: boolean) => {\n const headerName = reportOnly ? 'content-security-policy-report-only' : 'content-security-policy';\n const delegate = policyDirectives === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add(headerName, policyDirectives));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n};\n\ntype ReferrerPolicy =\n 'no-referrer'\n | 'no-referrer-when-downgrade'\n | 'origin'\n | 'origin-when-cross-origin'\n | 'same-origin'\n | 'strict-origin'\n | 'strict-origin-when-cross-origin'\n | 'unsafe-url';\nconst refererPolicyServerHttpHeadersWriter = (policy: ReferrerPolicy = 'no-referrer') => {\n return staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('referer-policy', policy));\n}\n\ntype CrossOriginOpenerPolicy = 'unsafe-none' | 'same-origin' | 'same-origin-allow-popups';\nconst crossOriginOpenerPolicyServerHttpHeadersWriter = (policy?: CrossOriginOpenerPolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-opener-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\ntype CrossOriginEmbedderPolicy = 'unsafe-none' | 'require-corp';\nconst crossOriginEmbedderPolicyServerHttpHeadersWriter = (policy?: CrossOriginEmbedderPolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-embedder-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\ntype CrossOriginResourcePolicy = 'same-origin' | 'same-site' | 'cross-origin';\nconst crossOriginResourcePolicyServerHttpHeadersWriter = (policy?: CrossOriginResourcePolicy) => {\n const delegate = policy === undefined ? undefined : staticServerHttpHeadersWriter(\n new MapHttpHeaders()\n .add('cross-origin-resource-policy', policy));\n return async (exchange: ServerWebExchange) => {\n if (delegate !== undefined) {\n await delegate(exchange);\n }\n }\n}\n\nconst compositeServerHttpHeadersWriter = (\n ...writers: ServerHttpHeadersWriter[]\n): ServerHttpHeadersWriter => {\n return async (exchange: ServerWebExchange) => {\n for (const writer of writers) {\n await writer(exchange);\n }\n }\n}\n\nexport default function headers(opts?: {\n cache?: { disabled?: boolean }\n contentType?: { disabled?: boolean },\n frameOptions?: { disabled?: boolean, mode?: FrameOptionsMode },\n hsts?: { disabled?: boolean, maxAge?: number, includeSubDomains?: boolean, preload?: boolean },\n xss?: { disabled?: boolean, headerValue?: XssProtectionHeaderValue },\n permissionsPolicy?: { disabled?: boolean, policyDirectives?: string },\n contentSecurityPolicy?: { disabled?: boolean, policyDirectives?: string, reportOnly?: boolean },\n refererPolicy?: { disabled?: boolean, policy?: ReferrerPolicy },\n crossOriginOpenerPolicy?: { disabled?: boolean, policy?: CrossOriginOpenerPolicy },\n crossOriginEmbedderPolicy?: { disabled?: boolean, policy?: CrossOriginEmbedderPolicy },\n crossOriginResourcePolicy?: { disabled?: boolean, policy?: CrossOriginResourcePolicy }\n writers?: ServerHttpHeadersWriter[]\n}) {\n const writers: ServerHttpHeadersWriter[] = [];\n if (!opts?.cache?.disabled) {\n writers.push(cacheControlServerHttpHeadersWriter());\n }\n if (!opts?.contentType?.disabled) {\n writers.push(contentTypeServerHttpHeadersWriter());\n }\n if (!opts?.hsts?.disabled) {\n writers.push(strictTransportSecurityServerHttpHeadersWriter(opts?.hsts?.maxAge ?? 365 * 24 * 60 * 60, opts?.hsts?.includeSubDomains ?? true, opts?.hsts?.preload ?? false));\n }\n if (!opts?.frameOptions?.disabled) {\n writers.push(frameOptionsServerHttpHeadersWriter(opts?.frameOptions?.mode ?? 'DENY'));\n }\n if (!opts?.xss?.disabled) {\n writers.push(xssProtectionServerHttpHeadersWriter(opts?.xss?.headerValue ?? '0'));\n }\n if (!opts?.permissionsPolicy?.disabled) {\n writers.push(permissionsPolicyServerHttpHeadersWriter(opts?.permissionsPolicy?.policyDirectives));\n }\n if (!opts?.contentSecurityPolicy?.disabled) {\n writers.push(contentSecurityPolicyServerHttpHeadersWriter(opts?.contentSecurityPolicy?.policyDirectives ?? \"default-src 'self'\", opts?.contentSecurityPolicy?.reportOnly));\n }\n if (!opts?.refererPolicy?.disabled) {\n writers.push(refererPolicyServerHttpHeadersWriter(opts?.refererPolicy?.policy ?? 'no-referrer'));\n }\n if (!opts?.crossOriginOpenerPolicy?.disabled) {\n writers.push(crossOriginOpenerPolicyServerHttpHeadersWriter(opts?.crossOriginOpenerPolicy?.policy));\n }\n if (!opts?.crossOriginEmbedderPolicy?.disabled) {\n writers.push(crossOriginEmbedderPolicyServerHttpHeadersWriter(opts?.crossOriginEmbedderPolicy?.policy));\n }\n if (!opts?.crossOriginResourcePolicy?.disabled) {\n writers.push(crossOriginResourcePolicyServerHttpHeadersWriter(opts?.crossOriginResourcePolicy?.policy));\n }\n if (opts?.writers) {\n writers.push(...opts.writers);\n }\n const writer = compositeServerHttpHeadersWriter(...writers);\n\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n await writer(exchange);\n await next();\n }\n}\n", "import {\n AuthenticationServiceError,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler\n} from './types.js';\n\nexport const serverAuthenticationEntryPointFailureHandler = (opts: {\n entryPoint: ServerAuthenticationEntryPoint,\n rethrowAuthenticationServiceError?: boolean\n}): ServerAuthenticationFailureHandler => {\n const entryPoint = opts.entryPoint;\n const rethrowAuthenticationServiceError = opts?.rethrowAuthenticationServiceError ?? true;\n return async ({exchange}, error) => {\n if (!rethrowAuthenticationServiceError) {\n return entryPoint(exchange, error);\n }\n if (!(error instanceof AuthenticationServiceError)) {\n return entryPoint(exchange, error);\n }\n throw error;\n\n };\n\n\n}\n", "import {ServerAuthenticationEntryPoint} from './types.js';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nconst DEFAULT_REALM = \"Realm\";\nconst createHeaderValue = (realm: string): string => {\n return `Basic realm=\"${realm}\"`;\n}\n\nexport const httpBasicEntryPoint = (opts?: { realm?: string }): ServerAuthenticationEntryPoint => {\n const headerValue = createHeaderValue(opts?.realm ?? DEFAULT_REALM);\n return async (exchange, _error) => {\n const {response} = exchange;\n response.setStatusCode(HttpStatus.UNAUTHORIZED);\n response.headers.set(\"WWW-Authenticate\", headerValue);\n };\n}\n", "import {AuthenticationConverter} from './types.js';\n\nconst BASIC = 'Basic ';\n\nexport const httpBasicAuthenticationConverter = (opts?: {credentialsEncoding?: BufferEncoding}): AuthenticationConverter => {\n return async (exchange) => {\n const {request} = exchange;\n const authorization = request.headers.one(\"authorization\");\n if (!authorization || !(/basic/i).test(authorization.substring(0,))) {\n return;\n }\n const credentials = authorization.length <= BASIC.length ? '' : authorization.substring(BASIC.length);\n const decoded = Buffer.from(credentials, 'base64').toString(opts?.credentialsEncoding ?? 'utf-8');\n const parts = decoded.split(\":\", 2);\n if (parts.length !== 2) {\n return undefined;\n }\n return {\n type: 'UsernamePassword',\n authenticated: false,\n principal: parts[0],\n credentials: parts[1]\n };\n }\n\n}\n", "import {Authentication} from './types';\nimport {AsyncLocalStorage} from 'node:async_hooks';\n\nexport interface SecurityContext {\n authentication?: Authentication;\n}\n\nexport class AsyncStorageSecurityContextHolder {\n private static hasSecurityContext(storage: AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>): boolean {\n return storage.getStore()?.securityContext !== undefined;\n }\n\n private static async getSecurityContext(storage: AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>): Promise<SecurityContext | undefined> {\n return await storage.getStore()?.securityContext;\n }\n\n public static clearSecurityContext(storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>) {\n delete storage.getStore()?.securityContext;\n }\n\n public static withSecurityContext(securityContext: Promise<SecurityContext>) {\n return (storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }> = new AsyncLocalStorage<{\n securityContext?: Promise<SecurityContext>\n }>()) => {\n storage.getStore()!.securityContext = securityContext;\n return storage;\n };\n }\n\n public static withAuthentication(authentication: Authentication) {\n return AsyncStorageSecurityContextHolder.withSecurityContext(Promise.resolve({authentication}));\n }\n\n public static async getContext(storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<SecurityContext | undefined> {\n if (AsyncStorageSecurityContextHolder.hasSecurityContext(storage)) {\n return AsyncStorageSecurityContextHolder.getSecurityContext(storage);\n }\n }\n}\n\n", "import {type Authentication} from './types.js';\nimport {\n AuthenticationConverter,\n AuthenticationError,\n AuthenticationManager,\n ServerAuthenticationFailureHandler, ServerAuthenticationSuccessHandler\n} from './types.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {httpBasicAuthenticationConverter} from './http-basic-converter.js';\nimport {anyExchange, type ServerWebExchangeMatcher} from '../util/matchers.js';\nimport {AsyncStorageSecurityContextHolder, type SecurityContext} from './security-context.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server'\n\nasync function authenticate(exchange: ServerWebExchange,\n next: () => Promise<void>,\n token: Authentication,\n managerResolver: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n successHandler: ServerAuthenticationSuccessHandler,\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<void> {\n const authManager = await managerResolver(exchange);\n const authentication = await authManager?.(token);\n if (authentication === undefined) {\n throw new Error(\"No authentication manager found for the exchange\");\n }\n try {\n await onAuthenticationSuccess(authentication, {exchange, next}, successHandler, storage);\n } catch (e) {\n if (e instanceof AuthenticationError) {\n // todo debug log\n }\n throw e;\n }\n}\n\nasync function onAuthenticationSuccess(authentication: Authentication,\n filterExchange: {exchange: ServerWebExchange, next: () => Promise<void>},\n successHandler: ServerAuthenticationSuccessHandler,\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>): Promise<void> {\n AsyncStorageSecurityContextHolder.withAuthentication(authentication)(storage);\n await successHandler(filterExchange, authentication);\n\n}\n\nexport type AuthenticationFilterOptions = {\n storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>\n managerResolver?: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n manager?: AuthenticationManager,\n successHandler?: ServerAuthenticationSuccessHandler,\n // converter is a function that converts the exchange to an authentication object\n converter?: AuthenticationConverter,\n failureHandler?: ServerAuthenticationFailureHandler\n // matcher is a function that checks if the exchange must be authenticated\n matcher?: ServerWebExchangeMatcher,\n};\n\nexport default function authenticationFilter(opts: AuthenticationFilterOptions) {\n const auth = {\n matcher: anyExchange,\n successHandler: async({next}) => {\n await next();\n },\n converter: httpBasicAuthenticationConverter({}),\n failureHandler: serverAuthenticationEntryPointFailureHandler({entryPoint: httpBasicEntryPoint({})}),\n ...opts\n };\n let managerResolver = auth.managerResolver;\n if (managerResolver === undefined && auth.manager !== undefined) {\n const manager: AuthenticationManager = auth.manager;\n managerResolver = async (_exchange: ServerWebExchange) => {\n return manager;\n };\n }\n if (managerResolver === undefined) {\n throw new Error(\"Authentication filter requires a managerResolver or a manager\");\n }\n return async (exchange: ServerWebExchange, next: () => Promise<void>): Promise<void> => {\n const matchResult = await auth.matcher(exchange);\n const token = matchResult.match ? await auth.converter(exchange) : undefined;\n if (token === undefined) {\n await next();\n return;\n }\n\n try {\n await authenticate(exchange, next, token, managerResolver, auth.successHandler, auth.storage);\n\n } catch (error) {\n if (error instanceof AuthenticationError) {\n await auth.failureHandler({exchange, next}, error);\n return;\n }\n throw error; // Re-throw the error to be handled by the next middleware or error handler\n }\n };\n}\n", "import type { AuthenticationError, ServerAuthenticationEntryPoint} from './types.js';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nexport const httpStatusEntryPoint = (opts: {\n httpStatus: HttpStatus\n}): ServerAuthenticationEntryPoint => {\n return async (exchange, _error: AuthenticationError) => {\n const response = exchange.response;\n response.setStatusCode(opts.httpStatus);\n };\n}\n", "import {AuthenticationError, type ServerAuthenticationEntryPoint} from './types.js';\nimport {type ServerWebExchangeMatcher} from '../util/matchers.js';\nimport {HttpStatus} from '../../http/status.js';\nimport getLogger from '../../logger.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nconst logger = getLogger('auth.entry-point');\n\nexport const delegatingEntryPoint = (opts: {\n entryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]>;\n defaultEntryPoint: ServerAuthenticationEntryPoint;\n}): ServerAuthenticationEntryPoint => {\n const defaultEntryPoint = opts.defaultEntryPoint ?? (async ({response}, _error) => {\n response.setStatusCode(HttpStatus.UNAUTHORIZED);\n await response.end();\n });\n return async (exchange: ServerWebExchange, error: AuthenticationError) => {\n for (const [matcher, entryPoint] of opts.entryPoints) {\n if (logger.enabledFor('debug')) {\n logger.debug(`trying to match using: ${matcher}`);\n }\n const match = await matcher(exchange);\n if (match.match) {\n if (logger.enabledFor('debug')) {\n logger.debug(`match found. using default entry point ${entryPoint}`);\n }\n return entryPoint(exchange, error);\n }\n }\n if (logger.enabledFor('debug')) {\n logger.debug(`no match found. using default entry point ${defaultEntryPoint}`);\n }\n return defaultEntryPoint(exchange, error);\n };\n}\n", "import type {Authentication, ServerAuthenticationSuccessHandler} from './types.js';\n\nexport const delegatingSuccessHandler = (handlers: Array<ServerAuthenticationSuccessHandler>) => {\n\n return async ({exchange, next}, authentication: Authentication) => {\n for (const handler of handlers) {\n await handler({exchange, next}, authentication);\n }\n };\n}\n", "import authenticationFilter from './authentication-filter.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport {\n AuthenticationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler,\n ServerAuthenticationSuccessHandler\n} from './types.js';\nimport {httpStatusEntryPoint} from './http-status-entry-point.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {delegatingEntryPoint} from './delegating-entry-point.js';\nimport {httpBasicAuthenticationConverter} from './http-basic-converter.js';\nimport {delegatingSuccessHandler} from './delegating-success-handler.js';\nimport {type SecurityContext} from './security-context.js';\nimport {MatchResult, ServerWebExchangeMatcher} from '../util/matchers.js';\nimport * as matchers from '../util/matchers.js';\nimport {HttpStatus} from '../../http/status.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nexport default function httpBasic(opts: {\n readonly storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>\n readonly manager: AuthenticationManager;\n readonly entryPoint?: ServerAuthenticationEntryPoint;\n readonly failureHandler?: ServerAuthenticationFailureHandler;\n readonly successHandlers?: ServerAuthenticationSuccessHandler[];\n defaultEntryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]>;\n defaultSuccessHandlers: ServerAuthenticationSuccessHandler[];\n}) {\n\n const xhrMatcher: ServerWebExchangeMatcher = async (exchange: ServerWebExchange): Promise<MatchResult> => {\n const headers = exchange.request.headers;\n const h = headers.list('X-Requested-With');\n if (h.includes('XMLHttpRequest')) {\n return matchers.match();\n }\n return matchers.NO_MATCH;\n }\n\n const defaultEntryPoint = delegatingEntryPoint({\n entryPoints: [[xhrMatcher, httpStatusEntryPoint({httpStatus: HttpStatus.UNAUTHORIZED})]],\n defaultEntryPoint: httpBasicEntryPoint({})\n });\n\n const entryPoint = opts.entryPoint ?? defaultEntryPoint;\n\n const manager = opts.manager;\n\n const restMatcher = matchers.mediaType({\n mediaTypes: [\n 'application/atom+xml',\n 'application/x-www-form-urlencoded',\n 'application/json',\n 'application/octet-stream',\n 'application/xml',\n 'multipart/form-data',\n 'text/xml'\n ],\n ignoredMediaTypes: ['*/*']\n });\n\n const notHtmlMatcher = matchers.not(matchers.mediaType({mediaTypes: ['text/html']}));\n const restNoHtmlMatcher = matchers.and([notHtmlMatcher, restMatcher]);\n const preferredMatcher = matchers.or([xhrMatcher, restNoHtmlMatcher]);\n opts.defaultEntryPoints.push([preferredMatcher, entryPoint]);\n const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({entryPoint});\n const successHandler = delegatingSuccessHandler(opts.successHandlers ?? opts.defaultSuccessHandlers);\n const converter = httpBasicAuthenticationConverter({});\n return authenticationFilter({\n storage: opts.storage,\n manager,\n failureHandler,\n successHandler,\n converter\n });\n}\n\n", "import {HttpStatus} from '../../../http/status.js';\n\nexport type OAuth2Error = {\n readonly errorCode: string\n readonly description?: string\n readonly uri?: string\n}\n\nexport type BearerTokenError = OAuth2Error & {\n readonly httpStatus: HttpStatus\n readonly scope?: string\n}\n\nexport const BearerTokenErrorCodes = {\n invalid_request: 'invalid_request',\n invalid_token: 'invalid_token',\n insufficient_scope: 'insufficient_scope',\n}\n\nconst DEFAULT_URI = \"https://tools.ietf.org/html/rfc6750#section-3.1\";\n\nexport function invalidToken(message: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.invalid_token,\n httpStatus: HttpStatus.UNAUTHORIZED,\n description: message,\n uri: DEFAULT_URI\n };\n}\n\nexport function invalidRequest(message: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.invalid_request,\n httpStatus: HttpStatus.BAD_REQUEST,\n description: message,\n uri: DEFAULT_URI\n };\n}\n\nexport function insufficientScope(message: string, scope?: string): BearerTokenError {\n return {\n errorCode: BearerTokenErrorCodes.insufficient_scope,\n httpStatus: HttpStatus.FORBIDDEN,\n description: message,\n uri: DEFAULT_URI,\n scope\n };\n}\n", "import {type Authentication, type AuthenticationConverter, AuthenticationError} from '../types.js';\nimport {invalidRequest, invalidToken, OAuth2Error} from './token-error.js';\nimport type {ReadonlyHttpHeaders} from '../../../../types/web/http';\nimport type {ServerHttpRequest, ServerWebExchange} from '../../../../types/web/server';\n\nconst ACCESS_TOKEN_PARAMETER_NAME = 'access_token';\nconst authorizationPattern = /^Bearer\\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i;\n\nexport class Oauth2AuthenticationError extends AuthenticationError {\n readonly error: OAuth2Error;\n\n constructor(error: string | OAuth2Error, message?: string, options?: ErrorOptions) {\n super(message ?? (typeof error === 'string' ? undefined : error.description), options);\n this.error = typeof error === 'string' ? {errorCode: error} : error;\n }\n}\n\nexport type BearerTokenAuthenticationToken = Authentication & {\n type: 'BearerToken';\n token: string;\n}\n\nexport const isBearerTokenAuthenticationToken = (authentication: Authentication): authentication is BearerTokenAuthenticationToken => {\n return authentication.type === 'BearerToken';\n}\n\nconst serverBearerTokenAuthenticationConverter = (opts?: {headerName?: string, uriQueryParameter?: boolean, formEncodedBodyParameter?: boolean }): AuthenticationConverter => {\n return async (exchange: ServerWebExchange) => {\n const {request} = exchange;\n return Promise.all<string[] | undefined>([\n resolveFromAuthorizationHeader(request.headers, opts?.headerName).then((token?: string) => token !== undefined ? [token] : undefined),\n resolveFromQueryString(request, opts?.uriQueryParameter),\n resolveFromBody(exchange, opts?.formEncodedBodyParameter)\n ])\n .then(rs => rs.filter(r => r !== undefined).flat(1))\n .then(resolveToken)\n .then(token => {\n if (token) return {authenticated: false, type: 'BearerToken', token};\n });\n }\n}\n\nasync function resolveToken(accessTokens: string[]) {\n if (accessTokens.length === 0) {\n return;\n }\n if (accessTokens.length > 1) {\n const error = invalidRequest('Found multiple access tokens in the request');\n throw new Oauth2AuthenticationError(error);\n }\n\n const accessToken = accessTokens[0];\n if (!accessToken || accessToken.length === 0) {\n const error = invalidRequest('The requested access token parameter is an empty string');\n throw new Oauth2AuthenticationError(error);\n }\n return accessToken;\n}\n\nasync function resolveFromAuthorizationHeader(headers: ReadonlyHttpHeaders, headerName: string = 'authorization'): Promise<string | undefined> {\n const authorization = headers.one(headerName);\n if (!authorization || !(/bearer/i).test(authorization.substring(0,))) {\n return;\n }\n const match = authorizationPattern.exec(authorization);\n if (match === null) {\n const error = invalidToken('Bearer token is malformed');\n throw new Oauth2AuthenticationError(error);\n }\n return match.groups?.token;\n}\n\nasync function resolveTokens(parameters: URLSearchParams): Promise<string[] | undefined> {\n const accessTokens = parameters.getAll(ACCESS_TOKEN_PARAMETER_NAME);\n if (accessTokens.length === 0) {\n return;\n }\n return accessTokens;\n}\n\nasync function resolveFromQueryString(request: ServerHttpRequest, allow = false): Promise<string[] | undefined> {\n if (!allow || request.method !== 'GET') {\n return;\n }\n return resolveTokens(request.URL.searchParams);\n}\n\nasync function resolveFromBody(exchange: ServerWebExchange, allow = false): Promise<string[] | undefined> {\n const {request} = exchange;\n if (!allow\n || ('application/x-www-form-urlencoded' !== request.headers.one('content-type'))\n || request.method !== 'POST') {\n return;\n }\n const parameters = await exchange.request.formData();\n if (parameters) {\n return resolveTokens(parameters);\n }\n}\n\nexport default serverBearerTokenAuthenticationConverter;\n", "import {AuthenticationError, type ServerAuthenticationEntryPoint} from '../types.js';\nimport {Oauth2AuthenticationError} from './token-converter.js';\nimport type {BearerTokenError, OAuth2Error} from './token-error.js';\nimport {HttpStatus} from '../../../http/status.js';\n\nfunction computeWWWAuthenticate(parameters: Map<string, string>) {\n let wwwAuthenticate = 'Bearer';\n if (parameters.size !== 0) {\n wwwAuthenticate += ' ';\n let i = 0;\n for (const [key, value] of parameters) {\n wwwAuthenticate += `${key}=\"${value}\"`;\n if (i !== parameters.size - 1) {\n wwwAuthenticate += ', ';\n }\n i++;\n }\n }\n return wwwAuthenticate;\n}\n\nconst isBearerTokenError = (error: OAuth2Error): error is BearerTokenError => {\n return (error as BearerTokenError).httpStatus !== undefined;\n}\n\nfunction getStatus(authError: AuthenticationError): HttpStatus {\n if (authError instanceof Oauth2AuthenticationError) {\n const {error} = authError;\n if (isBearerTokenError(error)) {\n return error.httpStatus;\n }\n }\n return HttpStatus.UNAUTHORIZED;\n}\n\nfunction createParameters(authError: AuthenticationError, realm?: string) {\n const parameters = new Map<string, string>();\n if (realm) {\n parameters.set('realm', realm);\n }\n if (authError instanceof Oauth2AuthenticationError) {\n const {error} = authError;\n parameters.set('error', error.errorCode);\n if (error.description) {\n parameters.set('error_description', error.description);\n }\n if (error.uri) {\n parameters.set('error_uri', error.uri);\n }\n if (isBearerTokenError(error) && error.scope) {\n parameters.set('scope', error.scope);\n }\n }\n return parameters;\n}\n\nconst bearerTokenServerAuthenticationEntryPoint = (opts?: { realmName?: string }): ServerAuthenticationEntryPoint => {\n return async (exchange, error) => {\n const status = getStatus(error);\n const parameters = createParameters(error, opts?.realmName)\n const wwwAuthenticate = computeWWWAuthenticate(parameters);\n const {response} = exchange;\n response.headers.set('WWW-Authenticate', wwwAuthenticate);\n response.setStatusCode(status);\n await response.end();\n };\n}\n\nexport default bearerTokenServerAuthenticationEntryPoint;\n", "import {type Authentication, type AuthenticationManager, AuthenticationServiceError} from '../types.js';\nimport {invalidToken} from './token-error.js';\nimport {isBearerTokenAuthenticationToken, Oauth2AuthenticationError} from './token-converter.js';\n\nexport interface Jwt {\n readonly subject?: string\n\n getClaimAsString(claim: string): string | undefined\n}\n\nconst jwtAuthConverter = (opts?: { principalClaimName?: string}): (jwt: Jwt) => Authentication => {\n const principalClaimName = opts?.principalClaimName ?? 'sub';\n\n return (jwt: Jwt) => {\n const name = jwt.getClaimAsString(principalClaimName);\n return {type: 'JwtToken', authenticated: true, name};\n };\n}\n\nconst asyncJwtConverter = (converter: (jwt: Jwt) => Authentication): (jwt: Jwt) => Promise<Authentication> => {\n return async (jwt: Jwt) => {\n return converter(jwt);\n };\n};\n\nexport class JwtError extends Error {}\nexport class BadJwtError extends JwtError {}\n\n\nfunction onError(error: JwtError) {\n if (error instanceof BadJwtError) {\n return new Oauth2AuthenticationError(invalidToken(error.message), error.message, {cause: error});\n }\n throw new AuthenticationServiceError(error.message, {cause: error});\n\n}\n\nexport default function jwtAuthManager(opts: {\n decoder: (token: string) => Promise<Jwt>\n authConverter?: (jwt: Jwt) => Promise<Authentication>\n}): AuthenticationManager {\n const decoder = opts.decoder;\n const authConverter = opts.authConverter ?? asyncJwtConverter(jwtAuthConverter({}));\n return async (authentication) => {\n if (isBearerTokenAuthenticationToken(authentication)) {\n const token = authentication.token;\n try {\n const jwt = await decoder(token);\n return await authConverter(jwt);\n } catch (e) {\n if (e instanceof JwtError) {\n throw onError(e);\n }\n throw e;\n }\n }\n }\n}\n", "import authenticationFilter from './authentication-filter.js';\nimport type {\n Authentication,\n AuthenticationConverter,\n AuthenticationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationFailureHandler\n} from './types.js';\nimport serverBearerTokenAuthenticationConverter from './oauth2/token-converter.js';\nimport {serverAuthenticationEntryPointFailureHandler} from './entry-point-failure-handler.js';\nimport bearerTokenServerAuthenticationEntryPoint from './oauth2/token-entry-point.js';\nimport jwtAuthManager, {Jwt} from './oauth2/jwt-auth-manager.js';\nimport type {SecurityContext} from './security-context.js';\nimport {AsyncLocalStorage} from 'node:async_hooks';\nimport {ServerWebExchange} from '../../../types/web/server';\n\nexport default function resourceServer(opts: {\n readonly storage: AsyncLocalStorage<{securityContext?: Promise<SecurityContext>}>,\n converter?: AuthenticationConverter,\n failureHandler?: ServerAuthenticationFailureHandler,\n entryPoint?: ServerAuthenticationEntryPoint,\n managerResolver?: (exchange: ServerWebExchange) => Promise<AuthenticationManager | undefined>,\n jwt?: {\n manager?: AuthenticationManager,\n decoder: (token: string) => Promise<Jwt>,\n authConverter?: (jwt: Jwt) => Promise<Authentication>\n }\n}): (exchange: ServerWebExchange, next: () => Promise<void>) => Promise<void> {\n const entryPoint = opts.entryPoint ?? bearerTokenServerAuthenticationEntryPoint({});\n const converter = opts?.converter ?? serverBearerTokenAuthenticationConverter({});\n const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({entryPoint})\n if (opts.managerResolver!== undefined) {\n return authenticationFilter({\n storage: opts.storage,\n converter,\n failureHandler,\n managerResolver: opts.managerResolver,\n });\n }\n if (opts.jwt !== undefined) {\n\n const manager = opts.jwt.manager ?? jwtAuthManager(opts.jwt);\n return authenticationFilter({\n storage: opts.storage,\n converter,\n failureHandler,\n managerResolver: async (_exchange: ServerWebExchange) => {\n return manager;\n },\n });\n }\n throw new Error(\"Invalid resource server configuration: either managerResolver or jwt must be provided\");\n}\n", "import {\n Authentication,\n AuthenticationManager,\n AuthorizationDecision,\n BadCredentialsError,\n DefaultAuthorizationManager,\n ServerAuthenticationEntryPoint,\n ServerAuthenticationSuccessHandler\n} from './types.js';\nimport headers from './http-headers.js';\nimport httpBasic from './http-basic.js';\nimport resourceServer from './oauth2-resource-server.js';\nimport serverBearerTokenAuthenticationConverter from './oauth2/token-converter.js';\nimport bearerTokenServerAuthenticationEntryPoint from './oauth2/token-entry-point.js';\nimport {BadJwtError, Jwt, JwtError} from './oauth2/jwt-auth-manager.js';\nimport {jwtVerifier, JwtVerifyError} from '@interopio/gateway/jose/jwt';\nimport {anyExchange, ServerWebExchangeMatcher, ServerWebExchangeMatcherEntry, match, NO_MATCH} from '../util/matchers.js';\nimport {errorFilter} from './error-filter.js';\nimport {delegatingEntryPoint} from './delegating-entry-point.js';\nimport delegatingAuthorizationManager from './delegating-authorization-manager.js';\nimport authorizationFilter from './authorization-filter.js';\nimport {exchangeFilter} from './exchange-filter.js';\nimport {SecurityContext} from './security-context.js';\nimport cors, { type CorsConfigSource} from '../cors.js';\nimport type {Middleware} from '../types.js';\nimport {type AsyncLocalStorage} from 'node:async_hooks';\nimport type { ServerWebExchange} from '../../../types/web/server';\n\nexport type HttpSecurityConfig = {\n authorize?: Array<[\n 'any-exchange' | ServerWebExchangeMatcher,\n ( { access: 'permitted' | 'denied' | 'authenticated' }\n | { access: 'has-any-authority', authorities: string[] }\n | { access: 'has-ip-address', address: string })\n ]>,\n headers?: {\n disabled?: boolean;\n xss?: { disabled?: boolean };\n },\n cors?: {\n disabled?: boolean;\n }\n basic?: {\n disabled?: boolean;\n realm?: string;\n user?: {\n name: string,\n password?: string // generated password, if not provided\n authorities?: string[]\n }\n },\n jwt?: {\n disabled?: boolean;\n issuerUri?: string; // base URI for the issuer, e.g. 'https://example.com'\n issuer?: string;\n audience?: string | string[]; // audience for the JWT, e.g. 'https://example.com/api'\n }\n}\n\nconst filterOrder = {\n first: Number.MAX_SAFE_INTEGER,\n http_headers: 1 * 100,\n https_redirect: 2 * 100,\n cors: 3 * 100,\n http_basic: 6 * 100,\n authentication: 8 * 100,\n security_context_server_web_exchange: 15 * 100,\n error_translation: 18 * 100,\n authorization: 19 * 100,\n last: Number.MAX_SAFE_INTEGER\n}\nconst filterOrderSymbol = Symbol.for(\"filterOrder\");\n\nexport default (config: HttpSecurityConfig,\n context: {\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>\n corsConfigSource?: CorsConfigSource,\n }): Middleware => {\n const middleware: Middleware = [];\n\n class ServerHttpSecurity {\n #authenticationEntryPoint?: ServerAuthenticationEntryPoint;\n readonly #defaultEntryPoints: Array<[ServerWebExchangeMatcher, ServerAuthenticationEntryPoint]> = [];\n manager?: AuthenticationManager;\n\n get authenticationEntryPoint(): ServerAuthenticationEntryPoint | undefined {\n if (this.#authenticationEntryPoint !== undefined || this.#defaultEntryPoints.length === 0) {\n return this.#authenticationEntryPoint!;\n }\n if (this.#defaultEntryPoints.length === 1) {\n return this.#defaultEntryPoints[0][1];\n }\n return delegatingEntryPoint({\n entryPoints: this.#defaultEntryPoints,\n defaultEntryPoint: this.#defaultEntryPoints[this.#defaultEntryPoints.length - 1][1]\n });\n }\n\n\n build() {\n if (config.headers !== undefined && config.headers.disabled !== true) {\n const writer = headers(config.headers);\n writer[filterOrderSymbol] = filterOrder.http_headers;\n middleware.push(writer);\n }\n if (config.cors?.disabled !== true && context.corsConfigSource !== undefined) {\n const filter: (ctx: ServerWebExchange, next: () => Promise<void>) => Promise<void> = cors({corsConfigSource: context.corsConfigSource });\n filter[filterOrderSymbol] = filterOrder.cors;\n middleware.push(filter);\n }\n\n if (config.basic !== undefined && config.basic?.disabled !== true) {\n const username = config.basic.user?.name.toLowerCase();\n const password = config.basic.user?.password ?? '';\n const authorities = config.basic.user?.authorities ?? [];\n const manager: AuthenticationManager = async (auth) => {\n const principal = auth['principal'];\n const credentials = auth['credentials'];\n if (principal.toLowerCase() !== username || credentials !== password) {\n throw new BadCredentialsError('Invalid username or password');\n }\n return {type: 'UsernamePassword', authenticated: true, principal, credentials, authorities: [...authorities]} as Authentication;\n }\n\n const defaultSuccessHandlers: ServerAuthenticationSuccessHandler[] = [\n async ({exchange: _, next}, _authentication) => {\n return next();\n }\n ];\n\n\n const filter = httpBasic({\n storage: context.storage,\n manager,\n defaultEntryPoints: this.#defaultEntryPoints,\n defaultSuccessHandlers,\n });\n filter[filterOrderSymbol] = filterOrder.http_basic;\n middleware.push(filter);\n }\n if (config.jwt !== undefined && config.jwt.disabled !== true) {\n\n const verifier = jwtVerifier({\n issuerBaseUri: config.jwt.issuerUri,\n issuer: config.jwt.issuer,\n audience: config.jwt.audience\n });\n const decoder = async (token: string): Promise<Jwt> => {\n try {\n const {payload} = await verifier(token);\n return {\n subject: payload.sub,\n getClaimAsString(claim: string): string | undefined {\n return payload[claim] as string | undefined;\n }\n };\n } catch (e) {\n if (e instanceof JwtVerifyError) {\n throw new BadJwtError(e.message, {cause: e});\n }\n throw new JwtError(\"error occurred while attempting to decoding jwt\", {cause: e});\n }\n }\n\n\n const authenticationConverter = serverBearerTokenAuthenticationConverter({uriQueryParameter: true});\n const authenticationConverterMatcher: ServerWebExchangeMatcher = async (exchange) => {\n try {\n const a = await authenticationConverter(exchange)\n if (a === undefined) {\n return NO_MATCH;\n }\n return match();\n }\n catch (e) {\n return NO_MATCH;\n }\n }\n\n const entryPoint = bearerTokenServerAuthenticationEntryPoint({});\n\n this.#defaultEntryPoints.push([authenticationConverterMatcher, entryPoint]);\n\n const filter = resourceServer({\n storage: context.storage,\n entryPoint: entryPoint,\n converter: authenticationConverter,\n jwt: {decoder}});\n filter[filterOrderSymbol] = filterOrder.authentication;\n middleware.push(filter);\n\n }\n const exchangeF = exchangeFilter({storage: context.storage});\n middleware.push(exchangeF);\n exchangeF[filterOrderSymbol] = filterOrder.security_context_server_web_exchange;\n\n\n if (config.authorize !== undefined) {\n const errorFf = errorFilter({authenticationEntryPoint: this.authenticationEntryPoint});\n errorFf[filterOrderSymbol] = filterOrder.error_translation;\n middleware.push(errorFf)\n const buildAuthorizationManager = (authorize: HttpSecurityConfig['authorize']) => {\n const mappings: ServerWebExchangeMatcherEntry<DefaultAuthorizationManager<{\n exchange: ServerWebExchange\n }>>[] = [];\n let anyExchangeRegistered = false;\n for (const [matcher, access] of authorize ?? []) {\n let serverMatcher: ServerWebExchangeMatcher;\n if (matcher === 'any-exchange') {\n anyExchangeRegistered = true;\n serverMatcher = anyExchange;\n } else if (anyExchangeRegistered) {\n throw new Error(\"Cannot register other matchers after 'any-exchange' matcher\");\n } else {\n serverMatcher = matcher;\n }\n let manager: DefaultAuthorizationManager<{ exchange: ServerWebExchange }>;\n if (access.access === 'permitted') {\n manager = new DefaultAuthorizationManager(async () => new AuthorizationDecision(true));\n manager.toString = () => 'AuthorizationManager[permitted]';\n } else if (access.access === 'denied') {\n manager = new DefaultAuthorizationManager(async () => new AuthorizationDecision(false));\n manager.toString = () => 'AuthorizationManager[denied]';\n } else if (access.access === 'authenticated') {\n manager = new DefaultAuthorizationManager(async (p: Promise<Authentication | undefined>) => {\n const authentication = await p;\n if (authentication !== undefined) {\n return new AuthorizationDecision(authentication.authenticated);\n }\n return new AuthorizationDecision(false);\n });\n manager.toString = () => 'AuthorizationManager[authenticated]';\n } else {\n throw new Error(`Unknown access type: ${JSON.stringify(access)}`);\n }\n mappings.push([serverMatcher, manager]);\n }\n return delegatingAuthorizationManager({mappings});\n }\n const manager = buildAuthorizationManager(config.authorize);\n const filter = authorizationFilter({manager, storage: context.storage});\n filter[filterOrderSymbol] = filterOrder.authorization;\n middleware.push(filter);\n\n }\n\n middleware.sort((a, b) => {\n const aOrder = a[filterOrderSymbol] ?? filterOrder.last;\n const bOrder = b[filterOrderSymbol] ?? filterOrder.last;\n return aOrder - bOrder;\n });\n }\n }\n\n\n const security = new ServerHttpSecurity();\n security.build();\n\n\n return middleware;\n};\n", "import {\n type Authentication,\n AccessDeniedError,\n AuthenticationError,\n InsufficientAuthenticationError,\n type ServerAuthenticationEntryPoint,\n isAuthentication\n} from './types.js';\nimport {httpBasicEntryPoint} from './http-basic-entry-point.js';\nimport {ServerWebExchange} from '../../../types/web/server';\nimport {HttpStatus} from \"../../http/status.ts\";\n\nasync function commenceAuthentication(exchange: ServerWebExchange, authentication: Authentication | undefined, entryPoint: ServerAuthenticationEntryPoint) {\n const cause = new InsufficientAuthenticationError(`Full authentication is required to access this resource.`);\n const e: AuthenticationError = new AuthenticationError(\"Access Denied\", {cause});\n if (authentication) {\n e.authentication = authentication;\n }\n await entryPoint(exchange, e);\n}\nexport function httpStatusAccessDeniedHandler(httpStatus: HttpStatus) {\n return async (exchange: ServerWebExchange, _error: AccessDeniedError) => {\n exchange.response.setStatusCode(httpStatus);\n exchange.response.headers.set(\"Content-Type\", \"text/plain; charset=utf-8\");\n const buffer = Buffer.from(\"Access Denied\", \"utf-8\");\n exchange.response.headers.set('Content-Length', buffer.length);\n await exchange.response.body(buffer);\n };\n}\n\nexport const errorFilter = (opts: {\n authenticationEntryPoint?: ServerAuthenticationEntryPoint\n}) => {\n const accessDeniedHandler = httpStatusAccessDeniedHandler(HttpStatus.FORBIDDEN);\n const authenticationEntryPoint = opts.authenticationEntryPoint ?? httpBasicEntryPoint();\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n try {\n await next();\n } catch (error) {\n if (error instanceof AccessDeniedError) {\n const principal = await exchange.principal();\n if (!isAuthentication(principal)) {\n await commenceAuthentication(exchange, undefined, authenticationEntryPoint);\n }\n else {\n if (!principal.authenticated) {\n await accessDeniedHandler(exchange, error);\n }\n await commenceAuthentication(exchange, principal, authenticationEntryPoint);\n }\n return;\n }\n throw error;\n }\n };\n}\n", "import type {ServerWebExchangeMatcherEntry} from '../util/matchers.js';\nimport {type Authentication, AuthorizationDecision, type AuthorizationManager, DefaultAuthorizationManager} from './types.js';\nimport getLogger from '../../logger.js';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nconst logger = getLogger('security.auth');\n\nexport default function delegatingAuthorizationManager(opts: {mappings: Array<ServerWebExchangeMatcherEntry<AuthorizationManager<{ exchange: ServerWebExchange }>>>}) {\n const check = async (authentication: Promise<Authentication | undefined>, exchange: ServerWebExchange): Promise<AuthorizationDecision> => {\n let decision: AuthorizationDecision;\n for (const [matcher, manager] of opts.mappings) {\n if ((await matcher(exchange))?.match) {\n logger.debug(`checking authorization on '${exchange.request.path}' using [${matcher}, ${manager}]`);\n const checkResult = await manager.authorize(authentication, {exchange});\n if (checkResult !== undefined) {\n decision = checkResult;\n break;\n }\n }\n }\n decision ??= new AuthorizationDecision(false);\n return decision;\n\n }\n return new DefaultAuthorizationManager(check);\n}\n", "import {AccessDeniedError, type AuthorizationManager} from './types.js';\nimport {AsyncStorageSecurityContextHolder, type SecurityContext} from './security-context.js';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\nimport type {ServerWebExchange} from '../../../types/web/server';\n\nimport getLogger from '../../logger.js';\n\nconst logger = getLogger('security.auth');\n\nexport default function authorizationFilter(opts: {\n storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>,\n manager: AuthorizationManager<ServerWebExchange>\n}) {\n const {manager, storage} = opts;\n return async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n const promise = AsyncStorageSecurityContextHolder.getContext(storage)\n .then(c => c?.authentication);\n try {\n await manager.verify(promise, exchange);\n if (logger.enabledFor('debug')) {\n logger.debug('authorization successful')\n }\n } catch (error) {\n if (error instanceof AccessDeniedError) {\n if (logger.enabledFor('debug')) {\n logger.debug(`authorization failed: ${error.message}`);\n }\n }\n throw error;\n }\n await next();\n };\n}\n", "import {AsyncStorageSecurityContextHolder, SecurityContext} from './security-context.js';\nimport {ServerWebExchangeDecorator} from '../exchange.js';\nimport {ServerWebExchange} from '../../../types/web/server';\nimport {Principal} from '../../../types/auth';\nimport {AsyncLocalStorage} from \"node:async_hooks\";\n\n\nexport class SecurityContextServerWebExchange extends ServerWebExchangeDecorator {\n readonly #context: () => Promise<SecurityContext | undefined>;\n constructor(exchange: ServerWebExchange, context: () => Promise<SecurityContext | undefined>) {\n super(exchange);\n this.#context = context;\n }\n\n async principal<T extends Principal>(): Promise<T | undefined> {\n const context = await this.#context();\n return context?.authentication as (T | undefined);\n }\n}\n\nexport const exchangeFilter = (opts: {storage: AsyncLocalStorage<{ securityContext?: Promise<SecurityContext> }>}) => {\n const storage = opts.storage;\n return async (exchange: ServerWebExchange, next: (exchange: ServerWebExchange) => Promise<void>) => {\n await next(new SecurityContextServerWebExchange(exchange, async () => await AsyncStorageSecurityContextHolder.getContext(storage)));\n }\n}\n", "import {createCorsConfigSource} from './cors.js';\nimport type {RouteConfig} from './route.js';\nimport security, {HttpSecurityConfig} from '../server/security/config.js';\nimport {and, pattern, type ServerWebExchangeMatcher, upgradeMatcher} from '../server/util/matchers.js';\nimport type {CorsConfigSource} from '../server/cors.js';\nimport type {Middleware} from '../server/types.js';\nimport type {AuthorizationRule} from '../../types/auth';\n\nexport function createSecurityConfig(context: RouteConfig): HttpSecurityConfig {\n const authorize: HttpSecurityConfig['authorize'] = [];\n const defaultAccess: AuthorizationRule = {access: context.authConfig?.type !== 'none' ? 'authenticated' : 'permitted'};\n\n for (const [path, route] of context.sockets) {\n const rule = route.authorize ?? defaultAccess;\n let matcher: ServerWebExchangeMatcher = pattern(path, {method: 'GET'});\n matcher = and([upgradeMatcher, matcher]);\n authorize.push([matcher, rule]);\n }\n authorize.push([pattern('/', {method: 'GET'}), {access: 'permitted'}]);\n authorize.push([pattern('/favicon.ico', {method: 'GET'}), {access: 'permitted'}]);\n authorize.push([pattern('/health', {method: 'GET'}), {access: 'permitted'}]);\n if (context.authorize.length > 0) {\n authorize.push(...context.authorize);\n }\n\n authorize.push(['any-exchange', defaultAccess]); // default rule for all other exchanges\n return {\n authorize,\n cors: {\n disabled: context.corsConfig === false,\n },\n basic: {\n disabled: context.authConfig?.type !== 'basic',\n ...context.authConfig?.basic,\n },\n jwt: {\n disabled: context.authConfig?.type !== 'oauth2',\n ...context.authConfig?.oauth2?.jwt\n }\n }\n}\n\nexport async function httpSecurity(context: RouteConfig): Promise<Middleware> {\n const corsConfigSource: CorsConfigSource = createCorsConfigSource(context);\n const config = createSecurityConfig(context);\n const {storage} = context;\n return security(config, {storage, corsConfigSource})\n}\n", "import type { HttpHandler, WebHandler } from './types';\nimport { DefaultWebExchange, ServerHttpResponseDecorator } from './exchange.ts';\nimport { AsyncLocalStorage } from 'node:async_hooks';\nimport type { Logger } from '@interopio/gateway/logging/api';\nimport type { HttpHeaders } from '../../types/web/http';\nimport type {\n ServerHttpRequest,\n ServerHttpResponse,\n ServerWebExchange\n} from '../../types/web/server';\nimport getLogger from '../logger.ts';\nimport { HttpStatus } from '../http/status.ts';\n\nexport class HttpHeadResponseDecorator extends ServerHttpResponseDecorator {\n\n}\n\nclass HandlerAdapter {\n\n readonly #logger: Logger\n #enableLoggingRequestDetails: boolean = false;\n readonly #delegate: WebHandler;\n #storage?: AsyncLocalStorage<{ exchange: ServerWebExchange }>;\n\n constructor(logger: Logger, delegate: WebHandler) {\n this.#logger = logger;\n this.#delegate = delegate;\n }\n\n protected createExchange(request: ServerHttpRequest, response: ServerHttpResponse): ServerWebExchange {\n\n const exchange = new DefaultWebExchange(request, response);\n return exchange;\n }\n\n set storage(storage: AsyncLocalStorage<{ exchange: ServerWebExchange }>) {\n this.#storage = storage;\n }\n\n set enableLoggingRequestDetails(value: boolean) {\n this.#enableLoggingRequestDetails = value;\n }\n\n formatHeaders(headers: HttpHeaders): string {\n let result = '{';\n\n for (const key of headers.keys()) {\n if (!this.#enableLoggingRequestDetails) {\n result += 'masked, ';\n break;\n } else {\n const value = headers.get(key);\n result += `\"${key}\": \"${value}\", `;\n }\n }\n if (result.endsWith(', ')) {\n result = result.slice(0, -2);\n }\n result += '}';\n return result;\n\n }\n\n formatRequest(request: ServerHttpRequest): string {\n const query = request.URL.search;\n return `HTTP ${request.method} \"${request.path}${query}`;\n }\n\n logRequest(exchange: ServerWebExchange) {\n if (this.#logger.enabledFor('debug')) {\n const trace = this.#logger.enabledFor('trace');\n this.#logger.debug(`${exchange.logPrefix}${this.formatRequest(exchange.request)}${trace ? `, headers: ${this.formatHeaders(exchange.request.headers)}` : ''}\"`);\n\n }\n }\n\n logResponse(exchange: ServerWebExchange) {\n if (this.#logger.enabledFor('debug')) {\n const trace = this.#logger.enabledFor('trace');\n const status = exchange.response.statusCode;\n this.#logger.debug(`${exchange.logPrefix}Completed ${status ?? '200 OK'}${trace ? `, headers: ${this.formatHeaders(exchange.response.headers)}` : ''}\"`);\n }\n }\n\n handleUnresolvedError(exchange: ServerWebExchange, error: Error) {\n const {request, response, logPrefix} = exchange;\n\n if (response.setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR)) {\n this.#logger.error(`${logPrefix}500 Server Error for ${this.formatRequest(request)}`, error);\n return;\n }\n // todo if client disconnected, we should not log an error\n\n this.#logger.error(`${logPrefix}Error [${error.message} for ${this.formatRequest(request)}, but already ended (${response.statusCode})`, error);\n throw error;\n\n }\n\n async web(exchange: ServerWebExchange): Promise<void> {\n return await this.#delegate(exchange);\n }\n\n async http(request: ServerHttpRequest, response: ServerHttpResponse): Promise<void> {\n\n const exchange = this.createExchange(request, response);\n const callback = () => {\n this.logRequest(exchange);\n return this.web(exchange)\n .then(() => {\n this.logResponse(exchange);\n })\n .catch((error: Error) => {\n this.handleUnresolvedError(exchange, error)\n })\n .then(async () => {\n await exchange.response.end();\n });\n };\n\n await new Promise<void>((resolve, reject) => {\n if (this.#storage !== undefined) {\n this.#storage.run({exchange}, () => {\n callback().then(() => resolve()).catch((error) => reject(error));\n });\n } else {\n callback().then(() => resolve()).catch((error) => reject(error));\n }\n });\n }\n}\n\nexport class WebHttpHandlerBuilder {\n readonly #webHandler: WebHandler;\n #storage?: AsyncLocalStorage<{ exchange: ServerWebExchange }> = new AsyncLocalStorage();\n #handlerDecorator?: (handler: HttpHandler) => HttpHandler;\n\n storage(storage: AsyncLocalStorage<{ exchange: ServerWebExchange }>): this {\n this.#storage = storage;\n return this;\n }\n\n httpHandlerDecorator(decorator: (handler: HttpHandler) => HttpHandler): this {\n if (this.#handlerDecorator === undefined) {\n this.#handlerDecorator = decorator;\n } else {\n const previousDecorator = this.#handlerDecorator;\n this.#handlerDecorator = (handler: HttpHandler) => {\n handler = previousDecorator(handler);\n return decorator(handler);\n }\n }\n return this;\n }\n\n constructor(webHandler: WebHandler) {\n this.#webHandler = webHandler;\n }\n\n build(): HttpHandler {\n const logger = getLogger('http');\n\n const adapter = new HandlerAdapter(logger, this.#webHandler);\n if (this.#storage !== undefined) adapter.storage = this.#storage;\n adapter.enableLoggingRequestDetails = false;\n const adapted: HttpHandler = async (request, response) => adapter.http(request, response);\n\n\n return this.#handlerDecorator ? this.#handlerDecorator(adapted) : adapted;\n }\n}\n", "import type { AsyncLocalStorage } from \"node:async_hooks\";\nimport { WebSocketServer } from 'ws';\nimport type { ServerHttpResponse, ServerWebExchange } from '../../types/web/server';\nimport { HttpStatus } from '../http/status.ts';\nimport getLogger, { regexAwareReplacer } from '../logger.ts';\nimport {\n ExtendedHttpIncomingMessage,\n ExtendedHttpServerResponse,\n ServerHttpRequestDecorator,\n ServerHttpResponseDecorator\n} from './exchange.ts';\nimport { createHandshakeInfo, type SocketRoute } from './socket.ts';\nimport { acceptsOrigin } from './ws-client-verify.ts';\nimport { ExtendedWebSocket, PingManager } from './ws-pings.ts';\n\nconst logger = getLogger('ws');\n\nfunction upgradeStrategy(path: string, route: SocketRoute, wss: WebSocketServer, onSocketError: (err: Error) => void) {\n return (exchange: ServerWebExchange) => {\n\n const { logPrefix, request } = exchange;\n const req = ServerHttpRequestDecorator.getNativeRequest<ExtendedHttpIncomingMessage>(request);\n req.exchange = exchange;\n const { socket, upgradeHead } = req;\n\n const host = request.host;\n socket.removeListener('error', onSocketError);\n if (route.maxConnections !== undefined && wss.clients?.size >= route.maxConnections) {\n logger.warn(`${logPrefix}dropping ws connection request on ${host}${path}. max connections exceeded.`);\n socket.destroy();\n return;\n }\n\n const origin = request.headers.one('origin');\n if (!acceptsOrigin(origin, route.originFilters)) {\n if (logger.enabledFor('info')) {\n logger.info(`${logPrefix}dropping ws connection request on ${host}${path}. origin ${origin ?? '<missing>'}`);\n }\n socket.destroy();\n return;\n }\n if (logger.enabledFor('debug')) {\n logger.debug(`${logPrefix}accepted new ws connection request on ${host}${path}`);\n }\n\n wss.handleUpgrade(req, socket, upgradeHead!, (client, req) => {\n wss.emit('connection', client, req);\n });\n }\n}\n\nfunction applyHandshakeHeaders(headers: string[], response: ServerHttpResponse) {\n const seen = new Set<string>(); // track headers we've taken care of\n headers.forEach((header, index) => {\n if (index === 0 && header.startsWith('HTTP/1.1 101 ')) {\n response.setStatusCode(HttpStatus.SWITCHING_PROTOCOLS);\n return;\n }\n const [name, value] = header.split(': ');\n if (response.headers.has(name)) {\n headers[index] = `${name}: ${response.headers.one(name)}`;\n }\n else {\n response.headers.set(name, value);\n }\n seen.add(name.toLowerCase());\n });\n const nativeResponse = ServerHttpResponseDecorator.getNativeResponse<ExtendedHttpServerResponse>(response);\n for (const name of nativeResponse.getRawHeaderNames()) {\n // if we have already set this header, skip it\n const nameLowerCase = name.toLowerCase();\n if (!seen.has(nameLowerCase)) {\n const value = response.headers.get(nameLowerCase);\n if (value !== undefined) {\n headers.push(`${name}: ${value}`);\n }\n }\n }\n nativeResponse.markHeadersSent();\n}\n\nexport async function initRoute(path: string,\n route: SocketRoute,\n endpoint: string,\n storage: AsyncLocalStorage<{ securityContext? }>,\n onSocketError: (err: Error) => void): Promise<void> {\n try {\n logger.info(`creating ws server for [${path}]. max connections: ${route.maxConnections ?? '<unlimited>'}, origin filters: ${route.originFilters ? JSON.stringify(route.originFilters, regexAwareReplacer) : '<none>'}, ping: ${typeof route.ping === 'number' ? route.ping + 'ms' : route.ping ? JSON.stringify(route.ping) : '<none>'}`);\n const wss = new WebSocketServer<typeof ExtendedWebSocket, typeof ExtendedHttpIncomingMessage>({\n noServer: true,\n WebSocket: ExtendedWebSocket,\n autoPong: false\n });\n\n const pings = new PingManager(logger.child('pings'), () => [path, wss.clients], route.ping);\n\n const handler = await route.factory({ endpoint, storage });\n wss\n .on('error', (err: Error) => {\n logger.error(`error starting the ws server for [${path}]`, err);\n })\n .on('listening', () => {\n logger.info(`ws server for [${path}] is listening`);\n })\n .on('headers', (headers, request) => {\n if (request.exchange !== undefined) {\n const { response } = request.exchange;\n applyHandshakeHeaders(headers, response);\n }\n })\n .on('connection', (socket, request) => {\n\n const handshake = createHandshakeInfo(request, socket.protocol);\n\n socket.on('pong', (data) => {\n pings.handlePong(handshake, socket, data);\n });\n socket.on('ping', (data: Buffer) => {\n pings.handlePing(handshake, socket, data);\n });\n handler({ socket, handshake });\n });\n wss.on('close', () => {\n pings.close();\n });\n\n route.upgradeStrategy = upgradeStrategy(path, route, wss, onSocketError);\n route.close = async () => {\n await handler.close?.call(handler);\n logger.info(`stopping ws server for [${path}]. clients: ${wss.clients?.size ?? 0}`);\n wss.clients?.forEach(client => {\n client.terminate();\n });\n wss.close();\n }\n }\n catch (e) {\n logger.warn(`failed to init route ${path}`, e);\n }\n\n}\n", "import {type ExtendedHttpIncomingMessage, HttpServerRequest} from './exchange.js';\nimport {MapHttpHeaders} from '../http/exchange.js';\nimport type {AuthorizationRule, Principal} from '../../types/auth';\nimport type {WebSocketHandshakeInfo} from '../../types/web/socket';\nimport type {Middleware} from './types.js';\nimport type {ServerWebExchange, ServerWebSocketHandler} from '../../types/web/server';\nimport {upgradeMatcher} from './util/matchers.ts';\nimport {ProcessedOriginFilters} from './ws-client-verify.js';\nimport {HttpStatus} from '../http/status.js';\nimport type {AsyncLocalStorage} from 'node:async_hooks';\n\nexport function createHandshakeInfo(req: ExtendedHttpIncomingMessage, protocol?: string): WebSocketHandshakeInfo {\n const exchange = req?.exchange;\n const request = exchange?.request ?? new HttpServerRequest(req);\n const principalPromiseProvider = exchange?.principal;\n const principal = principalPromiseProvider ? principalPromiseProvider.bind(exchange) : async function principal<P extends Principal> (): Promise<P | undefined> { return undefined; };\n const url = request.URL;\n const headers = new MapHttpHeaders();\n for (const key of request.headers.keys()) {\n headers.set(key, request.headers.list(key));\n }\n const cookies = request.cookies;\n const logPrefix = exchange?.logPrefix ?? `[${request.id}] `;\n const remoteAddress = request.remoteAddress;\n const handshake: WebSocketHandshakeInfo = {\n url,\n headers,\n cookies,\n principal,\n protocol,\n remoteAddress,\n logPrefix,\n };\n return handshake;\n}\n\nexport function webSockets(context: { sockets: Map<string, SocketRoute> }): Middleware {\n // websocket upgrade handler\n const sockets = async (exchange: ServerWebExchange, next: () => Promise<void>) => {\n const request = exchange.request;\n const path = request.path ?? '/';\n\n const routes = context.sockets;\n const route = (routes.get(path) ?? Array.from(routes.values()).find(route => {\n if (path === '/' && route.default === true) {\n return true;\n }\n }));\n\n if (route !== undefined) {\n const {request, response} = exchange;\n const upgradeMatchResult = await upgradeMatcher(exchange);\n if ((request.method === 'GET' || request.method === 'CONNECT') && upgradeMatchResult.match) {\n if (route.upgradeStrategy !== undefined) {\n route.upgradeStrategy(exchange);\n return;\n }\n else {\n throw new Error(`No upgrade strategy defined for route on ${path}`);\n }\n\n } else {\n if (route.default) {\n // allow default route to pass through\n await next();\n return;\n }\n\n response.setStatusCode(HttpStatus.UPGRADE_REQUIRED);\n response.headers\n .set('Upgrade', 'websocket')\n .set('Connection', 'Upgrade')\n .set('Content-Type', 'text/plain');\n\n const buffer = Buffer.from(`This service [${request.path}] requires use of the websocket protocol.`, 'utf-8');\n await response.body(buffer);\n }\n } else {\n await next();\n }\n };\n return [sockets];\n}\n\nexport type SocketRoute = {\n readonly default?: boolean,\n readonly ping?: number | {interval: number, data?: 'timestamp' | 'empty'},\n readonly maxConnections?: number\n readonly authorize?: AuthorizationRule,\n readonly originFilters?: ProcessedOriginFilters\n readonly factory: (server: { endpoint: string, storage?: AsyncLocalStorage<{ exchange?, securityContext? }> }) => Promise<ServerWebSocketHandler>,\n // set later in listening\n upgradeStrategy?: (exchange: ServerWebExchange) => void,\n close?: () => Promise<void>\n}\n", "import { addressAndPort } from './address.ts';\nimport type { Logger } from '../logger.ts';\nimport { WebSocket } from 'ws';\nimport type { WebSocketHandshakeInfo } from '../../types/web/socket';\n\nexport class ExtendedWebSocket extends WebSocket {\n constructor(_first: unknown, _second?: unknown, options?: unknown) {\n /* eslint-disable @typescript-eslint/no-explicit-any */\n super(null as unknown as any, undefined, options as any);\n }\n\n connected?: boolean;\n}\n\nexport type PingConfig = { interval: number, data?: 'timestamp' | 'empty' };\n\nexport class PingManager {\n static readonly #EMPTY_BUFFER = Buffer.alloc(0);\n static #LAST_TIMESTAMP_BUFFER: [number, Buffer] = [0, Buffer.alloc(8)];\n\n readonly #pingData: () => Buffer;\n readonly #pingInterval: number | undefined;\n readonly #pingIntervalId?: ReturnType<typeof setInterval>;\n readonly #mask = false;\n readonly #logger: Logger;\n\n constructor(logger: Logger, supplier: () => [string, Set<ExtendedWebSocket>], ping?: number | PingConfig) {\n this.#logger = logger;\n this.#pingInterval = typeof ping === 'number' ? ping : ping?.interval;\n this.#pingData =\n typeof ping === 'number' || ping?.data === 'timestamp'\n ? () => PingManager.#createBufferFromTimestamp(Date.now())\n : () => PingManager.#EMPTY_BUFFER;\n\n if (this.#pingInterval) {\n this.#pingIntervalId = setInterval(() => {\n const [path, clients] = supplier();\n for (const client of clients) {\n if (this.#terminateIfDisconnected(client, path)) {\n continue;\n }\n this.#markAndSendPing(client, path);\n }\n }, this.#pingInterval);\n\n }\n }\n\n #terminateIfDisconnected(client: ExtendedWebSocket, path: string) {\n if (client.connected === false) {\n if (this.#logger.enabledFor('debug')) {\n this.#logger.debug(`terminating unresponsive ws client on [${path}]`);\n }\n client.terminate();\n return true;\n }\n return false;\n }\n\n #markAndSendPing(client: ExtendedWebSocket, path: string) {\n client.connected = false;\n const data = this.#pingData();\n if (this.#logger.enabledFor('trace')) {\n this.#logger.debug(`pinging ws client on [${path}]`);\n }\n client.ping(data, this.#mask, (err: Error) => {\n if (err && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`failed to ping ws client on [${path}]`, err);\n }\n });\n }\n\n static #createBufferFromTimestamp(now = Date.now()): Buffer {\n if (now - PingManager.#LAST_TIMESTAMP_BUFFER[0] > 0) {\n const buffer = Buffer.allocUnsafe(8);\n buffer.writeBigInt64BE(BigInt(now), 0);\n PingManager.#LAST_TIMESTAMP_BUFFER = [now, buffer];\n }\n return PingManager.#LAST_TIMESTAMP_BUFFER[1];\n }\n\n static #createTimestampFromBuffer(data: Buffer): number {\n if (data.length === 8) {\n return Number(data.readBigInt64BE(0));\n }\n return 0;\n }\n\n close() {\n clearInterval(this.#pingIntervalId);\n }\n\n handlePing(handshake: WebSocketHandshakeInfo, socket: ExtendedWebSocket, data: Buffer): void {\n socket.connected = true;\n socket.pong(data, false, (err: Error) => {\n if (err && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`${handshake.logPrefix}failed to pong ws client ${addressAndPort(handshake.remoteAddress)}`, err);\n }\n });\n }\n\n handlePong(handshake: WebSocketHandshakeInfo, socket: ExtendedWebSocket, data: Buffer): void {\n socket.connected = true;\n if (this.#logger.enabledFor('warn')) {\n const sent = PingManager.#createTimestampFromBuffer(data);\n if (sent > 0) {\n const latency = Date.now() - sent;\n if (this.#logger.enabledFor('debug')) {\n this.#logger.debug(`${handshake.logPrefix}ws client ${addressAndPort(handshake.remoteAddress)} ping-pong latency: ${latency}ms`);\n }\n if (this.#pingInterval && latency > this.#pingInterval / 2 && this.#logger.enabledFor('warn')) {\n this.#logger.warn(`${handshake.logPrefix}ws client ${addressAndPort(handshake.remoteAddress)} high ping-pong latency: ${latency}ms`);\n }\n }\n }\n }\n}\n"],
5
+ "mappings": "+kBAAA,IAAAA,GAAA,GAAAC,GAAAD,GAAA,mBAAAE,GAAA,YAAAC,KAAA,eAAAC,GAAAJ,ICAA,IAAAK,GAAA,GAAAC,GAAAD,GAAA,aAAAE,KAAA,IAAAC,GAAiB,2BACjBC,GAAkB,4BAGlBC,GAA2B,mBAC3BC,GAAgC,4BAChCC,GAAwB,8BCLxB,IAAAC,GAA6D,mBAEvDC,GAAqB,8CAC3B,SAASC,GAAUC,EAAc,CAC7B,GAAIA,EAAO,MAAQ,MAAM,IAAI,MAAM,YAAYA,CAAI,EAAE,EACrD,OAAOA,CACX,CAOO,SAAUC,GAAUD,EAA0C,CACjE,GAAI,OAAOA,GAAS,SAChB,QAAWC,KAAaD,EAAK,MAAM,GAAG,EAAG,CACrC,IAAME,EAAUD,EAAU,KAAK,EACzBE,EAAcL,GAAmB,KAAKI,CAAO,EACnD,GAAIC,EAAa,CACb,IAAMC,EAAQ,SAASD,EAAY,CAAC,CAAC,EAC/BE,EAAM,SAASF,EAAY,CAAC,GAAKA,EAAY,CAAC,CAAC,EACrD,QAAS,EAAIJ,GAAUK,CAAK,EAAG,EAAIL,GAAUM,CAAG,EAAI,EAAG,IACnD,MAAM,CAEd,KAEI,OAAM,IAAI,MAAM,IAAIJ,CAAS,iCAAiC,CAEtE,MAEA,MAAMF,GAAUC,CAAI,CAE5B,CAEO,IAAMM,IAAW,IAAM,CAC1B,SAASC,EAASC,EAAuB,CACrC,OAAOA,EAAE,OAAS,EAAIA,EAAE,CAAC,EAAI,MACjC,CACA,IAAMC,EAAY,OAAO,UAAO,sBAAkB,CAAC,EAC9C,QAASC,IACEA,GAAW,CAAC,GAAG,OAAQC,GAASA,EAAK,SAAW,MAAM,CACjE,EAAE,OAAO,CAACC,EAAKD,KACZC,EAAID,EAAK,SAAW,WAAa,UAAU,EAAE,KAAKA,CAAI,EAC/CC,GACR,CAAC,SAAU,CAAC,EAA6B,SAAU,CAAC,CAA2B,CAAC,EACvF,OAAQL,EAAME,EAAU,QAAQ,GAAMF,EAAME,EAAU,QAAQ,IAAI,OACtE,GAAG,EAEI,SAASI,EAAeC,EAAuB,CAClD,GAAIA,EACA,OAAIA,EAAQ,SAAW,OACZ,IAAIA,EAAQ,OAAO,KAAKA,EAAQ,IAAI,GAExC,GAAGA,EAAQ,OAAO,IAAIA,EAAQ,IAAI,EAEjD,CCxDA,IAAAC,GAAgC,iDAIjB,SAARC,EAA2BC,EAAsB,CACpD,OAAsB,aAAU,kBAAkBA,CAAI,EAAE,CAC5D,CAGO,SAASC,GAAsBC,EAAcC,EAAsB,CACtE,OAAOA,aAAiB,OAASA,EAAM,SAAS,EAAIA,CACxD,CCPA,IAAAC,GAA0B,8BAK1BC,GAAgC,4BAHzBC,GAAkB,aAAU,SAK7BC,EAAMC,EAAU,IAAI,EACpBC,GAAQH,GAAgB,KAAwB,EAEtD,SAASI,GAAcC,EAAoD,CACvE,IAAIC,EACJ,GAAID,EAAe,gBACfC,EAAOD,EAAe,KAClBC,IAAS,QACLD,EAAe,YAAiB,QAAW,CAC3C,IAAME,EAAYF,EAAe,UAC7B,OAAOE,GAAc,WACrBD,EAAOC,EAAU,MAEjBD,IAAS,SACLC,IAAc,OACdD,EAAO,GAGPA,EAAO,OAAOC,CAAS,EAGnC,CAGR,OAAOD,CACX,CAEA,SAASE,GACWC,EACAC,EACAC,EAC2B,CAC3C,IAAMC,EAAMC,EAAeF,CAAa,EAClCG,EAAOH,GAAe,SAAW,YACjCI,EAAO,CACT,IAAAH,EACA,KAAAE,EACA,MAAAX,GACA,eAAgB,SAA2D,CACvE,IAAME,EAAkB,MAAMK,EAAsB,EACpD,GAAIL,GAAgB,cAChB,MAAO,CAAC,KAAM,UAAW,KAAMD,GAAcC,CAAc,CAAC,EAEhE,MAAM,IAAI,MAAM,kCAAkCO,CAAG,EAAE,CAC3D,EACA,OAAQ,IAAM,CACVH,EAAO,KAAMO,GAAgB,CACrBA,EACAf,EAAI,KAAK,kBAAkBW,CAAG,GAAII,CAAG,EAGrCf,EAAI,KAAK,gBAAgBW,CAAG,EAAE,CAEtC,CAAC,CACL,EACA,aAAeK,GAAoC,CAC/C,OAAQA,EAAQ,CACZ,IAAK,WAAY,CACbhB,EAAI,KAAK,qCAAqCW,CAAG,kBAAkB,EACnEH,EAAO,MAAM,KAAM,eAAe,EAClC,KACJ,CACA,IAAK,WAAY,CACbA,EAAO,MAAM,KAAM,UAAU,EAC7B,KACJ,CACJ,CACJ,CACJ,EACA,GAAI,CACA,OAAO,KAAK,OAAQS,GAAST,EAAO,KAAKS,CAAI,EAAGH,CAA8C,CAClG,OAASC,EAAK,CACVf,EAAI,KAAK,GAAGW,CAAG,2BAA4BI,CAAG,CAClD,CACJ,CAEA,eAAeG,GAAgCC,EAGX,CAChC,OAAAnB,EAAI,KAAK,uBAAuBmB,EAAY,QAAQ,EAAE,EACtD,MAAM,KAAK,MAAMA,CAAW,EAGrB,MAAO,CAAC,OAAAX,EAAQ,UAAAY,CAAS,IAAM,CAClC,GAAM,CAAC,UAAAC,EAAW,cAAAX,EAAe,UAAWY,CAAgB,EAAIF,EAChEpB,EAAI,KAAK,GAAGqB,CAAS,iBAAiB,EACtC,IAAME,EAAShB,GAAW,KAAK,KAAMC,EAAQc,EAAkBZ,CAAa,EAC5E,GAAI,CAACa,EAAQ,CACTvB,EAAI,MAAM,GAAGqB,CAAS,uBAAuB,EAC7Cb,EAAO,UAAU,EACjB,MACJ,CACAA,EAAO,GAAG,QAAUO,GAAe,CAC/Bf,EAAI,MAAM,GAAGqB,CAAS,oBAAoBN,CAAG,GAAIA,CAAG,CACxD,CAAC,EAED,IAAMS,EAAYL,EAAY,UAAY,OAAY,qBAAkB,SAAS,EAAI,OACrFX,EAAO,GAAG,UAAW,CAACS,EAAMQ,IAAc,CAClC,MAAM,QAAQR,CAAI,IAClBA,EAAO,OAAO,OAAOA,CAAI,GAGzBO,IAAc,OACdA,EAAU,IAAMD,EAAO,KAAKN,CAAyB,CAAC,EAGtDM,EAAO,KAAKN,CAAyB,CAG7C,CAAC,EACDT,EAAO,GAAG,QAAUkB,GAAS,CACzB1B,EAAI,KAAK,GAAGqB,CAAS,+BAA+BK,CAAI,EAAE,EAC1DH,EAAO,MAAM,CACjB,CAAC,CACL,CACJ,CAEA,IAAOI,GAAQT,GCzHR,SAASU,MAAcC,EAAgE,CAC1F,GAAI,CAAC,MAAM,QAAQA,CAAU,EACzB,MAAM,IAAI,MAAM,2BAA2B,EAE/C,IAAMC,EAAMD,EAAW,KAAK,EAC5B,QAAWE,KAAMD,EACb,GAAI,OAAOC,GAAO,WACd,MAAM,IAAI,MAAM,0CAA0C,EAGlE,OAAO,eAAgBC,EAAQC,EAAmC,CAC9D,IAAMC,EAAW,MAAOC,EAAWC,IAAoC,CACnE,IAAML,EAAKI,IAAML,EAAI,OAASG,EAAOH,EAAIK,CAAC,EAC1C,GAAIJ,IAAO,OACP,OAEJ,IAAIM,EAAa,GACbC,EAAe,GAabC,EAAS,MAAMR,EAAGK,EAZT,MAAOI,GAAgB,CAClC,GAAIH,EACA,MAAM,IAAI,MAAM,8BAA8B,EAElDA,EAAa,GACb,GAAI,CACA,OAAO,MAAMH,EAASC,EAAI,EAAGK,GAAWJ,CAAa,CACzD,QACA,CACIE,EAAe,EACnB,CACJ,CAC6C,EAC7C,GAAID,GAAc,CAACC,EACf,MAAM,IAAI,MAAM;AAAA,qFAA+H,EAEnJ,OAAOC,CACX,EAEA,OAAOL,EAAS,EAAGF,CAAG,CAC1B,CACJ,CCvCA,IAAAS,GAAuC,oBACvCC,GAAuB,wBAEvB,SAASC,GAAUC,EAAsBC,EAA0C,CAC/E,IAAIC,EAAOF,EAAQ,IAAI,kBAAkB,EAIzC,GAHI,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,EAAM,CACN,IAAMC,EAAOH,EAAQ,IAAI,kBAAkB,EACvCG,IACAD,EAAO,GAAGA,CAAI,IAAIC,CAAI,GAE9B,CAKA,OAJAD,IAASF,EAAQ,IAAI,MAAM,EACvB,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,EACQA,EAAgB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAG3CD,CACX,CAEA,SAASG,GAAeJ,EAA+B,CACnD,IAAMK,EAAIL,EAAQ,IAAI,iBAAiB,EACvC,OAAQ,OAAOK,GAAM,UAAcA,EAAE,YAAY,IAAM,IAC3D,CAEA,SAASC,GAAcN,EAAsBO,EAAiC,CAC1E,IAAIC,EAAQR,EAAQ,IAAI,mBAAmB,EAK3C,OAHI,MAAM,QAAQQ,CAAK,IACnBA,EAAQA,EAAM,CAAC,GAEfA,IAAU,OACFA,EAAiB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EAE1CJ,GAAeJ,CAAO,EACpB,QAEJO,CACX,CAEA,SAASE,GAAmBC,EAAUV,EAAsBW,EAAuD,CAC/G,IAAMR,EAAOQ,EAAgBA,EAAc,KAAoBD,EAAI,WAAjB,SAA4B,IAAM,GAEhFR,EAAOF,EAAQ,IAAI,iBAAiB,EAIxC,GAHI,MAAM,QAAQE,CAAI,IAClBA,EAAOA,EAAK,CAAC,GAEbA,IAAS,OACT,OAAAA,EAAQA,EAAgB,MAAM,IAAK,CAAC,EAAE,CAAC,EAAE,KAAK,EACvC,CAAE,QAASA,EAAM,KAAM,OAAOC,CAAI,EAAG,UAAQ,SAAKD,CAAI,IAAM,EAAI,OAAS,MAAO,CAE/F,CAEO,IAAeU,GAAf,KAA8E,CACxEC,GACC,YAAYb,EAAkB,CACpC,KAAKa,GAAWb,CACpB,CACA,IAAI,SAAmB,CACnB,OAAO,KAAKa,EAChB,CACJ,EAEsBC,GAAf,MAAeC,UAAuEH,EAA6B,CACtH,OAAe,aAAe,EAC9BI,GAEA,IAAI,IAAa,CACb,OAAI,KAAKA,KAAQ,SACb,KAAKA,GAAM,GAAG,KAAK,OAAO,CAAC,IAAI,EAAED,EAAoB,YAAY,IAG9D,KAAKC,EAChB,CAEU,QAAiB,CACvB,MAAO,SACX,CAEA,IAAI,SAAwB,CACxB,OAAOC,GAAa,KAAK,OAAO,CACpC,CAEU,UAAUhB,EAA0C,CAC1D,OAAOF,GAAU,KAAK,QAASE,CAAW,CAC9C,CAEU,cAAcM,EAAiC,CACrD,OAAOD,GAAc,KAAK,QAASC,CAAe,CACtD,CAIU,mBAAmBI,EAA6B,CACtD,OAAOF,GAAmB,KAAK,IAAK,KAAK,QAASE,CAAa,CACnE,CACJ,EAEsBO,GAAf,cAAuFN,EAA6B,CACvH,IAAI,SAA4B,CAC5B,OAAOO,GAAqB,KAAK,OAAO,CAC5C,CAEU,eAAeC,EAAwC,CAW7D,OAVe,IAAI,UAAO,CACtB,IAAKA,EAAe,KACpB,MAAOA,EAAe,MACtB,OAAQA,EAAe,OACvB,OAAQA,EAAe,OACvB,KAAMA,EAAe,KACrB,OAAQA,EAAe,OACvB,SAAUA,EAAe,SACzB,SAAUA,EAAe,QAC7B,CAAC,EACa,SAAS,CAC3B,CAEJ,EAEA,SAASC,GAAYC,EAAyB,CAC1C,IAAMC,EAAiB,CAAC,EACxB,CACI,IAAIC,EAAQ,EACRC,EAAM,EAEV,QAASC,EAAI,EAAGA,EAAIJ,EAAM,OAAQI,IAC9B,OAAQJ,EAAM,WAAWI,CAAC,EAAG,CACzB,IAAK,IACGF,IAAUC,IACVD,EAAQC,EAAMC,EAAI,GAEtB,MACJ,IAAK,IACDH,EAAK,KAAKD,EAAM,MAAME,EAAOC,CAAG,CAAC,EACjCD,EAAQC,EAAMC,EAAI,EAClB,MACJ,QACID,EAAMA,EAAM,EACZ,KACR,CAEJF,EAAK,KAAKD,EAAM,MAAME,EAAOC,CAAG,CAAC,CACrC,CAEA,OAAOF,CACX,CAEA,SAASI,GAAOC,EAAqE,CAC7E,OAAOA,GAAW,WAClBA,EAAS,CAACA,CAAM,GAEhB,OAAOA,GAAW,WAClBA,EAAS,CAAC,OAAOA,CAAM,CAAC,GAE5B,IAAML,EAAiB,CAAC,EACxB,GAAIK,EACA,QAAWN,KAASM,EACZN,GACAC,EAAK,KAAK,GAAGF,GAAYC,CAAK,CAAC,EAI3C,OAAOC,CACX,CAEA,SAASN,GAAajB,EAAoC,CACtD,OAAOA,EAAQ,KAAK,QAAQ,EACvB,IAAI6B,GAAKA,EAAE,MAAM,GAAG,EAAE,IAAKC,GAAO,UAAO,MAAMA,CAAE,CAAC,CAAC,EACnD,KAAK,CAAC,EACN,OAAQC,GAAOA,IAAO,MAAS,EAC/B,IAAKA,GACyB,OAAO,OAAO,CAAC,KAAMA,EAAG,IAAK,MAAOA,EAAG,KAAK,CAAC,CAE3E,CACT,CAIA,SAASZ,GAAqBnB,EAAwC,CAClE,OAAOA,EAAQ,KAAK,YAAY,EAAE,IAAKgC,GAAW,CAC9C,IAAMC,EAAS,UAAO,MAAMD,CAAM,EAClC,GAAIC,EAAQ,CACR,IAAMC,EAAkC,CAAC,KAAMD,EAAO,IAAK,MAAOA,EAAO,MAAO,OAAQ,OAAOA,EAAO,QAAU,EAAE,CAAC,EACnH,OAAIA,EAAO,WAAUC,EAAO,SAAW,IACnCD,EAAO,SAAQC,EAAO,OAASD,EAAO,QACtCA,EAAO,OAAMC,EAAO,KAAOD,EAAO,MAClCA,EAAO,SAAQC,EAAO,OAAS,IAC/BD,EAAO,WAAUC,EAAO,SAAW,IACnCD,EAAO,WAAUC,EAAO,SAAWD,EAAO,UACvC,OAAO,OAAOC,CAAM,CAC/B,CACJ,CAAC,EAAE,OAAQF,GAAqCA,IAAW,MAAS,CACxE,CAGO,IAAeG,GAAf,KAAuF,CAChF,aAAc,CAAC,CAGzB,OAAOC,EAAwB,CAC3B,IAAMR,EAAS,KAAK,IAAIQ,CAAI,EAC5B,OAAOT,GAAOC,CAAM,CACxB,CACJ,EAEaS,EAAN,cAA6B,GAA+D,CAE/F,IAAID,EAAc,CACd,OAAO,MAAM,IAAIA,EAAK,YAAY,CAAC,CACvC,CAEA,IAAIA,EAAkC,CAClC,OAAO,KAAK,IAAIA,CAAI,IAAI,CAAC,CAC7B,CAEA,KAAKA,EAAc,CACf,IAAMR,EAAS,MAAM,IAAIQ,EAAK,YAAY,CAAC,EAC3C,OAAOT,GAAOC,CAAM,CACxB,CAEA,IAAIQ,EAAcd,EAAgE,CAO9E,OANI,OAAOA,GAAU,WACjBA,EAAQ,OAAOA,CAAK,GAEpB,OAAOA,GAAU,WACjBA,EAAQ,CAACA,CAAK,GAEdA,EACO,MAAM,IAAIc,EAAK,YAAY,EAAGd,CAAK,GAG1C,MAAM,OAAOc,EAAK,YAAY,CAAC,EACxB,KAEf,CAEA,IAAIA,EAAcd,EAAqC,CACnD,IAAMgB,EAAO,MAAM,IAAIF,EAAK,YAAY,CAAC,EACzC,OAAI,OAAOd,GAAU,WACjBA,EAAQ,CAACA,CAAK,GAEdgB,IACAhB,EAAQgB,EAAK,OAAOhB,CAAK,GAE7B,KAAK,IAAIc,EAAMd,CAAK,EACb,IACX,CACJ,EClQA,IAAMiB,GAAN,KAAsD,CACzCC,GACT,YAAYC,EAAe,CACvB,KAAKD,GAASC,CAClB,CACA,IAAI,OAAgB,CAChB,OAAO,KAAKD,EAChB,CAEA,UAAmB,CACf,OAAO,KAAKA,GAAO,SAAS,CAChC,CACJ,EAEaE,EAAN,MAAMC,CAAqC,CAC9C,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAI/E,OAAgB,GAAK,IAAIA,EAAW,IAAK,IAAI,EAC7C,OAAgB,QAAU,IAAIA,EAAW,IAAK,SAAS,EACvD,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAiB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EACpG,OAAgB,WAAa,IAAIA,EAAW,IAAK,YAAY,EAC7D,OAAgB,cAAgB,IAAIA,EAAW,IAAK,eAAe,EACnE,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EAEjE,OAAgB,QAAU,IAAIA,EAAW,IAAK,SAAS,EAIvD,OAAgB,iBAAmB,IAAIA,EAAW,IAAK,kBAAkB,EACzE,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAI3E,OAAgB,YAAc,IAAIA,EAAW,IAAK,aAAa,EAC/D,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,mBAAqB,IAAIA,EAAW,IAAK,oBAAoB,EAC7E,OAAgB,eAAiB,IAAIA,EAAW,IAAK,gBAAgB,EACrE,OAAgB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EACnG,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,SAAW,IAAIA,EAAW,IAAK,UAAU,EACzD,OAAgB,KAAO,IAAIA,EAAW,IAAK,MAAM,EACjD,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAC/E,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAC3E,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,uBAAyB,IAAIA,EAAW,IAAK,wBAAwB,EAErF,OAAgB,mBAAqB,IAAIA,EAAW,IAAK,oBAAoB,EAC7E,OAAgB,YAAc,IAAIA,EAAW,IAAK,cAAe,EAEjE,OAAgB,UAAY,IAAIA,EAAW,IAAK,WAAW,EAC3D,OAAgB,iBAAmB,IAAIA,EAAW,IAAK,kBAAkB,EACzE,OAAgB,sBAAwB,IAAIA,EAAW,IAAK,uBAAuB,EACnF,OAAgB,kBAAoB,IAAIA,EAAW,IAAK,mBAAmB,EAC3E,OAAgB,gCAAkC,IAAIA,EAAW,IAAK,iCAAiC,EACvG,OAAgB,8BAAgC,IAAIA,EAAW,IAAK,+BAA+B,EAGnG,OAAgB,sBAAwB,IAAIA,EAAW,IAAK,uBAAuB,EACnF,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,YAAc,IAAIA,EAAW,IAAK,aAAa,EAC/D,OAAgB,oBAAsB,IAAIA,EAAW,IAAK,qBAAqB,EAC/E,OAAgB,gBAAkB,IAAIA,EAAW,IAAK,iBAAiB,EACvE,OAAgB,2BAA6B,IAAIA,EAAW,IAAK,4BAA4B,EAC7F,OAAgB,wBAA0B,IAAIA,EAAW,IAAK,yBAAyB,EACvF,OAAgB,qBAAuB,IAAIA,EAAW,IAAK,sBAAsB,EACjF,OAAgB,cAAgB,IAAIA,EAAW,IAAK,eAAe,EACnE,OAAgB,aAAe,IAAIA,EAAW,IAAK,cAAc,EACjE,OAAgB,gCAAkC,IAAIA,EAAW,IAAK,iCAAiC,EAEvG,MAAgBC,GAAwB,CAAC,EACzC,MAAO,CACH,OAAO,KAAKD,CAAU,EACjB,OAAOE,GAAOA,IAAQ,UAAYA,IAAQ,SAAS,EACnD,QAAQA,GAAO,CACZ,IAAMJ,EAAQE,EAAWE,CAAG,EACxBJ,aAAiBE,IACjB,OAAO,eAAeF,EAAO,OAAQ,CAAC,WAAY,GAAM,MAAOI,EAAK,SAAU,EAAK,CAAC,EACpFF,EAAWC,GAAQ,KAAKH,CAAK,EAErC,CAAC,CAET,CAEA,OAAO,QAAQK,EAAsC,CACjD,QAAWC,KAAUJ,EAAWC,GAC5B,GAAIG,EAAO,QAAUD,EACjB,OAAOC,CAGnB,CAESP,GACAQ,GAED,YAAYP,EAAeQ,EAAgB,CAC/C,KAAKT,GAASC,EACd,KAAKO,GAAUC,CACnB,CAEA,IAAI,OAAgB,CAChB,OAAO,KAAKT,EAChB,CACA,IAAI,QAAiB,CACjB,OAAO,KAAKQ,EAChB,CAEA,UAAW,CACP,MAAO,GAAG,KAAKR,EAAM,IAAI,KAAK,IAAO,EACzC,CACJ,EAGO,SAASU,GAAeT,EAAgD,CAC3E,GAAI,OAAOA,GAAU,SAAU,CAC3B,GAAIA,EAAQ,KAAOA,EAAQ,IACvB,MAAM,IAAI,MAAM,eAAeA,CAAK,6BAA6B,EAErE,IAAMM,EAASL,EAAW,QAAQD,CAAK,EACvC,OAAIM,IAAW,OACJA,EAEJ,IAAIR,GAAsBE,CAAK,CAC1C,CACA,OAAOA,CACX,CChHA,IAAAU,GAAiB,2BAGJC,GAAN,cAA0C,GAAAC,QAAK,eAAgB,CAElE,SAEA,YAGA,IAAI,SAAkB,CAClB,OAAO,KAAK,GAChB,CAEA,IAAI,iBAA2B,CAE3B,OAAO,KAAK,OAAO,YAAiB,EACxC,CACJ,EAEaC,EAAN,cAAoH,GAAAD,QAAK,cAAwB,CAEpJ,iBAAwB,CACpB,KAAK,QAAa,EACtB,CAEA,mBAA8B,CAC1B,OAAO,MAAM,kBAAqB,CACtC,CACJ,EAEeE,GAAf,cAAiDC,EAAyC,CAE1F,EAEsBC,GAAf,cAAkDC,EAAyC,CAC9FC,GAA6B,CAAC,EAC9BC,GACAC,GAAsE,MACtEC,GAA0C,CAAC,EAE3C,cAAcC,EAAsC,CAChD,OAAI,KAAKF,KAAW,YACV,IAGN,KAAKD,GAAcG,EACZ,GAEf,CAEA,iBAAiBA,EAA8B,CAC3C,OAAO,KAAK,cAAcA,IAAe,OAAY,OAAYC,GAAeD,CAAU,CAAC,CAC/F,CAEA,IAAI,YAAyC,CACzC,OAAO,KAAKH,EAChB,CAEA,UAAUK,EAA8B,CACpC,GAAI,KAAKJ,KAAW,YAChB,MAAM,IAAI,MAAM,qBAAqB,KAAK,UAAUI,CAAM,CAAC,mDAAmD,EAElH,YAAKN,GAAS,KAAKM,CAAM,EAClB,IACX,CAIA,aAAaC,EAAmC,CAC5C,KAAKJ,GAAe,KAAKI,CAAM,CACnC,CAEA,IAAI,UAAoB,CACpB,IAAMC,EAAQ,KAAKN,GACnB,OAAOM,IAAU,OAASA,IAAU,sBACxC,CAEA,MAAM,KAAKC,EAA2F,CAClG,GAAIA,aAAgB,eAChB,MAAM,IAAI,MAAM,uCAAuC,EAE3D,IAAMC,EAAS,MAAMD,EACrB,GAAI,CAGA,OAAO,MAAM,KAAK,SAAS,SAEhB,MAAM,KAAK,aAAa,QAAQ,QAAQC,CAAM,CAAC,CAEzD,EAAE,MAAMC,GAAS,CAEd,MAAMA,CACV,CAAC,CACL,OACOA,EAAO,CAEV,MAAMA,CACV,CACJ,CAIA,MAAM,KAAwB,CAC1B,OAAK,KAAK,SAMC,QAAQ,QAAQ,EAAK,EALrB,KAAK,SAAS,SACV,MAAM,KAAK,aAAa,QAAQ,QAAQ,CAAC,CACnD,CAKT,CAEU,SAASC,EAAwD,CACvE,IAAMJ,EAAQ,KAAKN,GACfW,EAAa,QAAQ,QAAQ,EACjC,GAAIL,IAAU,MACV,KAAKN,GAAS,aACV,KAAKC,GAAe,OAAS,IAC7BU,EAAa,KAAKV,GACb,OACG,CAACW,EAAKC,IAAQD,EAAI,KAAK,IAAMC,EAAI,CAAC,EAClC,QAAQ,QAAQ,CAAC,EACpB,MAAOC,GAAW,CACD,KAAKd,KACL,eACV,KAAKA,GAAS,uBAGtB,CAAC,WAGJM,IAAU,uBACf,KAAKN,GAAS,iBAGd,QAAO,QAAQ,QAAQ,EAAK,EAGhC,OAAAW,EAAaA,EAAW,KAAK,IAAM,CAC/B,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAKX,GAAS,WAClB,CAAC,EAGMW,EAAW,KAAK,SACZD,IAAgB,OAAY,MAAMA,EAAY,EAAI,EAC5D,CACL,CAEU,iBAAwB,CAAC,CACzB,cAAqB,CAAC,CACtB,cAAqB,CAAC,CACpC,EACaK,EAAN,cAAgCrB,EAAuD,CAE1FsB,GACAlB,GACSmB,GAET,YAAYC,EAAkC,CAC1C,MAAM,IAAIC,GAAuBD,CAAG,CAAC,EACrC,KAAKD,GAAOC,CAChB,CAEA,kBAAyB,CACrB,OAAO,KAAKD,EAChB,CAEA,IAAI,SAAU,CACV,OAAO,KAAKA,GAAK,OACrB,CAEA,IAAI,OAAiB,CACjB,OAAO,KAAKA,GAAK,kBAAoB,CACzC,CAEA,IAAI,MAAO,CACP,OAAO,KAAK,KAAK,QACrB,CAEA,IAAI,KAAM,CACN,YAAKD,KAAS,IAAI,IAAI,KAAKC,GAAK,QAAS,GAAG,KAAK,QAAQ,MAAM,KAAK,IAAI,EAAE,EACnE,KAAKD,EAChB,CAEA,IAAI,OAAQ,CACR,OAAO,KAAK,KAAK,MACrB,CAEA,IAAI,QAAS,CACT,OAAO,KAAKC,GAAK,MACrB,CAEA,IAAI,MAAO,CACP,IAAIG,EACJ,OAAI,KAAKH,GAAK,kBAAoB,IAC9BG,EAAM,KAAKH,GAAK,QAAsC,YAAY,GAEtEG,IAAO,KAAKH,GAAK,OAAO,cACjB,MAAM,UAAUG,CAAE,CAC7B,CAEA,IAAI,UAAW,CACX,IAAIC,EACJ,OAAI,KAAKJ,GAAK,iBAAmB,IAC7BI,EAAM,KAAKJ,GAAK,QAAsC,SAAS,GAEnEI,IAAO,KAAKJ,GAAK,gBAAkB,QAAU,OACtC,MAAM,cAAcI,CAAE,CACjC,CAEA,IAAI,QAAS,CACT,OAAO,KAAKJ,GAAK,MACrB,CAEA,IAAI,eAA6C,CAC7C,IAAMK,EAAS,KAAKL,GAAK,OAAO,aAC1BM,EAAU,KAAKN,GAAK,OAAO,cAC3BO,EAAO,KAAKP,GAAK,OAAO,WACxBQ,EAAiB,CAACH,GAAU,CAACC,GAAW,CAACC,EAAQ,OAAY,CAAE,OAAAF,EAAQ,QAAAC,EAAS,KAAAC,CAAK,EAC3F,OAAO,MAAM,mBAAmBC,CAAa,GAAKA,CACtD,CAEA,IAAI,SAAwB,CACxB,YAAK3B,KAAa,MAAM,QACjB,KAAKA,EAChB,CAEA,IAAI,MAAkC,CAClC,OAAO,GAAAN,QAAK,gBAAgB,MAAM,KAAKyB,EAAI,CAC/C,CAEA,MAAM,MAAO,CACT,IAAMS,EAAsB,CAAC,EAC7B,GAAI,KAAK,OAAS,OACd,cAAiBC,KAAS,KAAK,KAC3BD,EAAO,KAAKC,CAAK,EAGzB,OAAO,IAAI,KAAKD,EAAQ,CAAC,KAAM,KAAK,QAAQ,IAAI,cAAc,GAAe,0BAA0B,CAAC,CAC5G,CAGA,MAAM,MAAO,CAET,OAAO,MADM,MAAM,KAAK,KAAK,GACX,KAAK,CAC3B,CAEA,MAAM,UAAW,CAEb,IAAME,EAAO,MADA,MAAM,KAAK,KAAK,GACL,KAAK,EAC7B,OAAO,IAAI,gBAAgBA,CAAI,CACnC,CAEA,MAAM,MAAO,CACT,IAAMC,EAAO,MAAM,KAAK,KAAK,EAC7B,GAAIA,EAAK,OAAS,EACd,OAEJ,IAAMD,EAAO,MAAMC,EAAK,KAAK,EAC7B,OAAO,KAAK,MAAMD,CAAI,CAC1B,CAGU,QAAiB,CACvB,IAAME,EAAW,KAAKb,GAAK,OAAO,cAClC,GAAI,CAACa,EACD,MAAM,IAAI,MAAM,8BAA8B,EAElD,MAAO,GAAGA,CAAQ,IAAI,KAAKb,GAAK,OAAO,UAAU,EACrD,CACJ,EAEME,GAAN,cAAqCY,EAAyE,CACjGC,GAET,YAAYC,EAAkC,CAC1C,MAAM,EACN,KAAKD,GAAOC,CAChB,CAEA,IAAIC,EAAuB,CACvB,OAAO,KAAKF,GAAK,QAAQE,CAAI,IAAM,MACvC,CAEA,IAAIA,EAAwD,CACxD,OAAO,KAAKF,GAAK,QAAQE,CAAI,CACjC,CAEA,KAAKA,EAAwB,CACzB,OAAO,MAAM,OAAOA,CAAI,CAC5B,CAEA,IAAIA,EAAkC,CAClC,IAAMC,EAAQ,KAAKH,GAAK,QAAQE,CAAI,EACpC,OAAI,MAAM,QAAQC,CAAK,EACZA,EAAM,CAAC,EAEXA,CACX,CAEA,MAAO,CACH,OAAO,OAAO,KAAK,KAAKH,GAAK,OAAO,EAAE,OAAO,CACjD,CACJ,EAEMI,GAAN,cAAqCL,EAAgE,CACxFC,GAET,YAAYC,EAAiC,CACzC,MAAM,EACN,KAAKD,GAAOC,CAChB,CAEA,IAAIC,EAAuB,CACvB,OAAO,KAAKF,GAAK,UAAUE,CAAI,CACnC,CAEA,MAAO,CACH,OAAO,KAAKF,GAAK,eAAe,EAAE,OAAO,CAC7C,CAEA,IAAIE,EAA4B,CAC5B,OAAO,KAAKF,GAAK,UAAUE,CAAI,CACnC,CAEA,IAAIA,EAA2B,CAC3B,IAAMC,EAAQ,KAAKH,GAAK,UAAUE,CAAI,EACtC,OAAI,MAAM,QAAQC,CAAK,EACZA,EAAM,CAAC,EAEXA,CACX,CAEA,IAAID,EAAcC,EAA2B,CACzC,OAAK,KAAKH,GAAK,cACP,MAAM,QAAQG,CAAK,EACnBA,EAAQA,EAAM,IAAIE,GAAK,OAAOA,GAAM,SAAW,OAAOA,CAAC,EAAIA,CAAC,EACrD,OAAOF,GAAU,WACxBA,EAAQ,OAAOA,CAAK,GAGpBA,EACA,KAAKH,GAAK,UAAUE,EAAMC,CAAK,EAG/B,KAAKH,GAAK,aAAaE,CAAI,GAG5B,IACX,CAEA,IAAIA,EAAcC,EAA2C,CACzD,OAAK,KAAKH,GAAK,aACX,KAAKA,GAAK,aAAaE,EAAMC,CAAK,EAE/B,IACX,CAEA,KAAKD,EAAwB,CACzB,OAAO,MAAM,OAAOA,CAAI,CAC5B,CACJ,EAEaI,GAAN,cAAiC1C,EAAyD,CACpF2C,GAET,YAAYC,EAAiC,CACzC,MAAM,IAAIJ,GAAuBI,CAAG,CAAC,EACrC,KAAKD,GAAOC,CAChB,CAEA,mBAA0B,CACtB,OAAO,KAAKD,EAChB,CAEA,IAAI,YAA6B,CAE7B,OADe,MAAM,YACJ,CAAC,MAAO,KAAKA,GAAK,UAAU,CACjD,CAEA,iBAAkB,CACd,IAAME,EAAS,MAAM,WACjBA,IAAW,SACX,KAAKF,GAAK,WAAaE,EAAO,MAEtC,CAEA,UAAUrC,EAA8B,CACpC,YAAK,QAAQ,IAAI,aAAc,MAAM,eAAeA,CAAM,CAAC,EACpD,IACX,CAEA,MAAM,aAAaG,EAAmD,CAClE,GAAK,KAAKgC,GAAK,YAqCX,MAAO,GApCP,GAAIhC,aAAgB,eAEhB,MAAM,IAAI,MAAM,+CAA+C,EAE9D,CACD,IAAMoB,EAAQ,MAAMpB,EACpB,OAAO,MAAM,IAAI,QAAiB,CAACmC,EAASC,IAAW,CACnD,GAAI,CACIhB,IAAU,OACV,KAAKY,GAAK,IAAI,IAAM,CAChBG,EAAQ,EAAI,CAChB,CAAC,GAEI,KAAK,QAAQ,IAAI,gBAAgB,IAE9B,OAAOf,GAAU,SACjB,KAAK,QAAQ,IAAI,iBAAkB,OAAO,WAAWA,CAAK,CAAC,EAEtDA,aAAiB,KACtB,KAAK,QAAQ,IAAI,iBAAkBA,EAAM,IAAI,EAG7C,KAAK,QAAQ,IAAI,iBAAkBA,EAAM,UAAU,GAG3D,KAAKY,GAAK,IAAIZ,EAAO,IAAM,CACvBe,EAAQ,EAAI,CAChB,CAAC,EAET,OAASE,EAAG,CACRD,EAAOC,aAAa,MAAQA,EAAI,IAAI,MAAM,eAAeA,CAAC,EAAE,CAAC,CACjE,CACJ,CAAC,CACL,CAKR,CACJ,EAEaC,GAAN,MAAMC,CAAwD,CACxDC,GAET,YAAYC,EAA4B,CACpC,KAAKD,GAAYC,CACrB,CAEA,IAAI,UAA8B,CAC9B,OAAO,KAAKD,EAChB,CAEA,IAAI,IAAa,CACb,OAAO,KAAKA,GAAU,EAC1B,CAEA,IAAI,QAAqB,CACrB,OAAO,KAAKA,GAAU,MAC1B,CAEA,IAAI,MAAe,CACf,OAAO,KAAKA,GAAU,IAC1B,CAEA,IAAI,UAAW,CACX,OAAO,KAAKA,GAAU,QAC1B,CAEA,IAAI,MAA2B,CAC3B,OAAO,KAAKA,GAAU,IAC1B,CAEA,IAAI,KAAW,CACX,OAAO,KAAKA,GAAU,GAC1B,CAEA,IAAI,SAA+B,CAC/B,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,SAAwB,CACxB,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,eAAgB,CAChB,OAAO,KAAKA,GAAU,aAC1B,CAEA,IAAI,SAAU,CACV,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,MAA8C,CAC9C,OAAO,KAAKA,GAAU,IAC1B,CACA,MAAM,MAAsB,CACxB,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CACA,MAAM,MAAwB,CAC1B,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CACA,MAAM,UAAqC,CACvC,OAAO,MAAM,KAAKA,GAAU,SAAS,CACzC,CACA,MAAM,MAAyB,CAC3B,OAAO,MAAM,KAAKA,GAAU,KAAK,CACrC,CAEA,UAAmB,CACf,MAAO,GAAGD,EAA2B,IAAI,eAAe,KAAK,SAAS,SAAS,CAAC,GACpF,CAEA,OAAc,iBAAoBE,EAA+B,CAC7D,GAAIA,aAAmBtD,GACnB,OAAOsD,EAAQ,iBAAoB,EAElC,GAAIA,aAAmBF,EACxB,OAAOA,EAA2B,iBAAoBE,EAAQ,QAAQ,EAGtE,MAAM,IAAI,MAAM,kCAAkCA,EAAQ,YAAY,IAAI,EAAE,CAEpF,CACJ,EACaC,EAAN,MAAMC,CAA0D,CAC1DH,GAET,YAAYI,EAA8B,CACtC,KAAKJ,GAAYI,CACrB,CAEA,IAAI,UAA+B,CAC/B,OAAO,KAAKJ,EAChB,CAEA,cAAc7C,EAAqC,CAC/C,OAAO,KAAK,SAAS,cAAcA,CAAU,CACjD,CAEA,iBAAiBA,EAA8B,CAC3C,OAAO,KAAK,SAAS,iBAAiBA,CAAU,CACpD,CAEA,IAAI,YAA6B,CAC7B,OAAO,KAAK,SAAS,UACzB,CAEA,IAAI,SAA4B,CAC5B,OAAO,KAAK,SAAS,OACzB,CAEA,UAAUE,EAA8B,CACpC,YAAK,SAAS,UAAUA,CAAM,EACvB,IACX,CAEA,MAAM,KAAwB,CAC1B,OAAO,MAAM,KAAK,SAAS,IAAI,CACnC,CAEA,MAAM,KAAKG,EAA2F,CAClG,OAAO,MAAM,KAAKwC,GAAU,KAAKxC,CAAI,CACzC,CAEA,IAAI,SAA8B,CAC9B,OAAO,KAAKwC,GAAU,OAC1B,CAEA,UAAmB,CACf,MAAO,GAAGG,EAA4B,IAAI,eAAe,KAAK,SAAS,SAAS,CAAC,GACrF,CAEA,OAAc,kBAAqBC,EAAiC,CAChE,GAAIA,aAAoBvD,GACpB,OAAOuD,EAAS,kBAAqB,EAEpC,GAAIA,aAAoBD,EACzB,OAAOA,EAA4B,kBAAqBC,EAAS,QAAQ,EAGzE,MAAM,IAAI,MAAM,mCAAmCA,EAAS,YAAY,IAAI,EAAE,CAEtF,CACJ,EAEaC,GAAN,MAAMC,CAAwD,CACxDN,GAEC,YAAYO,EAA6B,CAC/C,KAAKP,GAAYO,CACrB,CAEA,IAAI,UAA8B,CAC9B,OAAO,KAAKP,EAChB,CAEA,IAAI,SAA6B,CAC7B,OAAO,KAAKA,GAAU,OAC1B,CAEA,IAAI,UAA+B,CAC/B,OAAO,KAAKA,GAAU,QAC1B,CAEA,UAAab,EAA6B,CACtC,OAAO,KAAKa,GAAU,UAAUb,CAAI,CACxC,CAEA,WAAyD,CACrD,OAAO,KAAKa,GAAU,UAAU,CACpC,CAEA,IAAI,WAAoB,CACpB,OAAO,KAAKA,GAAU,SAC1B,CAEA,UAAW,CACP,MAAO,GAAGM,EAA2B,IAAI,eAAe,KAAK,QAAQ,GACzE,CACJ,EAEaE,GAAN,KAAiG,CAC3F,QACA,SACAC,GAAuC,CAAC,EACjDC,GACAC,GAAqB,GAErB,YAAYV,EAAkBG,EAAoB,CAC9C,KAAKK,GAAYG,EAAgB,EAAIX,EAAQ,GAC7C,KAAK,QAAUA,EACf,KAAK,SAAWG,CACpB,CAEA,IAAI,QAAqB,CACrB,OAAO,KAAK,QAAQ,MACxB,CAEA,IAAI,MAAkC,CAClC,OAAO,KAAK,QAAQ,IACxB,CAEA,IAAI,YAAsC,CACtC,OAAO,KAAKK,EAChB,CAEA,UAAatB,EAA6B,CACtC,OAAO,KAAK,WAAWA,CAAI,CAC/B,CAEA,WAAyD,CACrD,OAAO,QAAQ,QAAQ,MAAS,CACpC,CAEA,IAAI,WAAoB,CACpB,IAAMC,EAAQ,KAAK,UAAUwB,EAAgB,EAC7C,OAAI,KAAKF,KAAWtB,IAChB,KAAKsB,GAAStB,EACd,KAAKuB,GAAavB,IAAU,OAAY,IAAIA,CAAK,KAAO,IAErD,KAAKuB,EAChB,CACJ,EAEaC,GAAmB,mCC5qBhC,IAAAC,GAA6D,mBAE7DC,EAA4C,4BAEtCC,EAAMC,EAAU,YAAY,EAO5BC,GAAkB,CACpB,YAAa,KAAO,KAAO,KAC3B,eAAgB,IAAU,IAC1B,aAAc,IACd,WAAY,GACZ,WAAY,MAChB,EAEA,SAASC,IAAuB,CAC5B,SAAO,sBAAkB,CAC7B,CAEA,eAAeC,GAASC,EAAe,CACnC,IAAMC,EAASD,EAAK,YAAc,OAC5BE,EAAS,GAAGF,EAAK,YAAY,IAAIC,CAAM,gBACzCN,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,yBAAyBO,CAAM,EAAE,EAG/C,MAAMC,GAAWH,EAAK,YAAY,EAC7B,MAAM,MAAOI,GAAM,CACZT,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,kBAAkBK,EAAK,YAAY,yCAAyC,EAE1F,GAAI,CACA,QAAM,SAAMA,EAAK,aAAc,CAAC,UAAW,EAAI,CAAC,EAChDL,EAAI,KAAK,qBAAqBK,EAAK,YAAY,uBAAuB,CAC1E,MAAY,CACRL,EAAI,MAAM,kCAAkCK,EAAK,YAAY,EAAE,CACnE,CACJ,CAAC,EACL,IAAMK,KAAe,sBAAkBH,CAAM,EAC7CP,EAAI,KAAK,aAAa,EACtB,GAAI,CACAA,EAAI,MAAM,0BAA0B,EACpC,IAAMW,EAAe,GAAGN,EAAK,YAAY,IAAIC,CAAM,IAAID,EAAK,UAAU,gBACtE,MAAMG,GAAWG,CAAY,EACxB,KAAK,SAAY,CACVX,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,YAAYW,CAAY,EAAE,EAExC,GAAI,CACA,QAAM,UAAOA,CAAY,CAC7B,OAASC,EAAG,CACRZ,EAAI,KAAK,oBAAoBW,CAAY,GAAIC,CAAC,CAClD,CACJ,CAAC,EACA,MAAM,IAAM,CAEb,CAAC,EACL,QAAS,EAAIP,EAAK,WAAa,EAAG,EAAI,EAAG,IAAK,CAC1C,IAAMQ,EAAkB,GAAGR,EAAK,YAAY,IAAIC,CAAM,IAAI,CAAC,gBACrDQ,EAAe,GAAGT,EAAK,YAAY,IAAIC,CAAM,IAAI,EAAI,CAAC,gBAC5D,MAAME,GAAWK,CAAe,EAC3B,KAAK,SAAY,CACd,GAAI,CACA,QAAM,UAAOA,EAAiBC,CAAY,CAC9C,OAASF,EAAG,CACRZ,EAAI,KAAK,oBAAoBa,CAAe,OAAOC,CAAY,GAAIF,CAAC,CACxE,CACJ,CAAC,EACA,MAAM,IAAM,CAEb,CAAC,CACT,CACA,IAAMG,EAAgB,GAAGV,EAAK,YAAY,IAAIC,CAAM,kBACpD,GAAI,CACA,QAAM,UAAOI,EAAcK,CAAa,CAC5C,OAASH,EAAG,CACRZ,EAAI,KAAK,oBAAoBU,CAAY,OAAOK,CAAa,GAAIH,CAAC,CACtE,CACAZ,EAAI,MAAM,kBAAkB,CAChC,OAASY,EAAG,CACR,MAAAZ,EAAI,MAAM,wBAAyBY,CAAC,EAC9BA,CACV,CACJ,CAEA,eAAeJ,GAAWQ,EAA+B,CACjDhB,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,iBAAiBgB,CAAI,EAAE,EAErC,QAAM,UAAOA,CAAI,CACrB,CAEA,eAAeC,GAAaC,EAAiBC,EAG1Cd,EAAe,CACVL,EAAI,WAAW,OAAO,GACtBA,EAAI,MAAM,yBAAyB,KAAK,UAAUkB,CAAK,CAAC,EAAE,EAE9D,IAAME,EAAQ,KAAK,IAAIf,EAAK,YAAc,IAAOa,EAAM,eAAgB,EACjEG,EAAOH,EAAM,eACnBlB,EAAI,KAAK,cAAc,KAAK,UAAUkB,CAAK,CAAC,EAAE,EAC1CG,GAAQD,GACRpB,EAAI,KAAK,aAAaqB,CAAI,+BAA+BD,CAAK,QAAQ,EAClED,EAAM,oBACN,OAAOA,EAAM,UAEbA,EAAM,oBAAsB,GAC5BA,EAAM,SAAW,IAErB,MAAMf,GAASC,CAAI,IAEnBc,EAAM,oBAAsB,GAC5B,OAAOA,EAAM,SAErB,CAEO,SAASG,GAAMjB,EAAyD,CAC3E,IAAMkB,EAAkB,CAAC,GAAGrB,GAAiB,GAAGG,CAAI,EAEhDmB,EAAU,GACRL,EAAQ,CAAC,oBAAqB,EAAK,EACnCM,EAAS,SAAY,CACvB,IAAMP,EAAQf,GAAW,EACzB,MAAMc,GAAaC,EAAOC,EAAOI,CAAM,CAC3C,EACMG,EAAW,YAAYD,EAAQF,EAAO,cAAc,EAyB1D,MAAO,CAAC,GAAGA,EAAQ,QAxBH,MAAOI,GAAsB,CACzC,GAAI,CAACH,EAED,OADAG,IAAY,MACJA,EAAS,CACb,IAAK,MAAO,CACR,MAAMF,EAAO,EACb,KACJ,CACA,IAAK,OAAQ,CACT,MAAMrB,GAASmB,CAAM,EACrB,KACJ,CACA,IAAK,OAAQ,CACTC,EAAU,GACV,cAAcE,CAAQ,EACtB1B,EAAI,KAAK,wBAAwB,EACjC,KACJ,CACJ,CAGJ,OAAOwB,CACX,CAE0B,CAC9B,CAEA,eAAeI,GAAI,CAAC,QAAAC,CAAO,EAAyBF,EAAmB,CAC9D,MAAME,EAAQF,CAAO,GACtB3B,EAAI,KAAK,2BAA2B2B,CAAO,kBAAkB,CAErE,CAGA,eAAsBG,GAAKC,EAAyB,CAChD,OAAO,MAAMH,GAAIG,EAAG,MAAM,CAC9B,CCtKA,IAAAC,GAAiB,wDAEXC,GAAgBC,IAClBA,IAAW,GAAG,GAAAC,QAAK,IAAI,OAAO,GAAAA,QAAK,OAAO,GACnC,MAAO,CAAC,SAAAC,CAAQ,EAAsBC,IAA8B,CACnEH,IAAW,IAAS,CAACE,EAAS,QAAQ,IAAI,QAAQ,GAClDA,EAAS,QAAQ,IAAI,SAAUF,CAAM,EAEzC,MAAMG,EAAK,CACf,GAGGC,GAASJ,GAA4BD,GAAaC,CAAM,ECd/D,IAAAK,GAAwB,8BAIxB,IAAMC,GAAMC,EAAU,0BAA0B,EAOhD,SAASC,GAAeC,EAAgD,CACpE,OAAQA,EAAc,QAAS,CAC3B,IAAK,QACL,IAAK,YACD,MAAO,GACX,IAAK,QACL,IAAK,YACD,MAAO,GACX,QACI,MAAO,EACf,CACJ,CAEA,SAASC,GAASD,EAAuCE,EAAqC,CAC1F,IAAMC,EAAQH,EAAc,OAASA,EAAc,UAC7CI,EAAQJ,EAAc,OAASA,EAAc,UACnD,GAAIG,EAAM,OAAS,GAAK,aAAU,UAAU,YAAYA,EAAOD,CAAM,EACjE,OAAAL,GAAI,KAAK,UAAUK,CAAM,uBAAuB,EACzC,GACJ,GAAIE,EAAM,OAAS,GAAK,aAAU,UAAU,YAAYA,EAAOF,CAAM,EACxE,OAAIL,GAAI,WAAW,OAAO,GACtBA,GAAI,MAAM,UAAUK,CAAM,uBAAuB,EAE9C,EAEf,CAEA,SAASG,GAAkBL,EAAgD,CACvE,OAAQA,EAAc,YAAa,CAC/B,IAAK,QACL,IAAK,YACD,MAAO,GACX,IAAK,QACL,IAAK,YACD,MAAO,GACX,QACI,MAAO,EACf,CACJ,CAEO,SAASM,GAAcJ,EAAiBF,EAAiD,CAC5F,GAAI,CAACA,EACD,MAAO,GAEX,GAAKE,EAEE,CACH,IAAMK,EAAmCN,GAASD,EAAeE,CAAM,EACvE,OAAIK,GAGOF,GAAkBL,CAAa,CAE9C,KARI,QAAOD,GAAeC,CAAa,CAS3C,CAEO,SAASQ,GAAsBR,EAAmE,CACrG,GAAIA,EAAe,CACf,IAAMG,GAASH,EAAc,OAASA,EAAc,WAAa,CAAC,GAAG,IAAI,aAAU,UAAU,QAAQ,EAC/FI,GAASJ,EAAc,OAASA,EAAc,WAAa,CAAC,GAAG,IAAI,aAAU,UAAU,QAAQ,EACrG,MAAO,CACH,YAAaA,EAAc,aAAe,QAC1C,QAASA,EAAc,SAAW,QAClC,MAAAI,EACA,MAAAD,CACJ,CACJ,CACJ,CCzDO,IAAMM,GAA0EC,GAC5E,MAAOC,GAAsD,CAChE,QAAWC,KAAWF,EAElB,IADe,MAAME,EAAQD,CAAQ,GAC1B,MACP,OAAOE,EAAM,EAGrB,OAAOC,CACX,EAGSC,EAA2EL,GAA0C,CAC9H,IAAME,EAAU,MAAOD,GAAsD,CACzE,QAAWC,KAAWF,EAElB,GAAI,EADW,MAAME,EAAQD,CAAQ,GACzB,MACR,OAAOG,EAGf,OAAOD,EAAM,CACjB,EACA,OAAAD,EAAQ,SAAW,IAAM,OAAOF,EAAS,IAAIM,GAAKA,EAAE,SAAS,CAAC,EAAE,KAAK,IAAI,CAAC,IACnEJ,CACX,EAGaK,GAAwEL,GAC1E,MAAOD,IACK,MAAMC,EAAQD,CAAQ,GACvB,MAAQG,EAAWD,EAAM,EAIlCK,GAAwC,MAAOC,GACjDN,EAAM,EAEjBK,GAAY,SAAW,IAAM,eAE7B,IAAME,GAAe,OAAO,OAAO,CAAC,CAAC,EACxBN,EAAwB,OAAO,OAAO,CAAC,MAAO,GAAO,UAAWM,EAAY,CAAC,EAC7EP,EAAQ,CAACQ,EAAoCD,MAC/C,CAAC,MAAO,GAAM,UAAAC,CAAS,GAGrBC,EAA8F,CAACA,EAASC,IAAS,CAC1H,IAAMC,EAASD,GAAM,OACfX,EAAU,MAAOD,GAAsD,CACzE,IAAMc,EAAUd,EAAS,QACnBe,EAAOD,EAAQ,KACrB,GAAID,IAAW,QAAaC,EAAQ,SAAWD,EAC3C,OAAOV,EAEX,GAAI,OAAOQ,GAAY,SACnB,OAAII,IAASJ,EACFT,EAAM,EAEVC,EAEN,CACD,IAAMD,EAAQS,EAAQ,KAAKI,CAAI,EAC/B,OAAIb,IAAU,KACHC,EAEJ,CAAC,MAAO,GAAM,UAAW,CAAC,GAAGD,EAAM,MAAM,CAAC,CACrD,CACJ,EACA,OAAAD,EAAQ,SAAW,IACR,WAAWU,EAAQ,SAAS,CAAC,YAAYE,GAAU,OAAO,IAE9DZ,CAEX,EACae,GAAiIJ,GAAmC,CAE7K,IAAMK,EAAgBC,GAAwC,CAC1D,GAAIN,EAAK,oBAAsB,QAC3B,QAAWO,KAAoBP,EAAK,kBAChC,GAAIM,IAAuBC,GAAoBA,IAAqB,MAChE,MAAO,GAInB,MAAO,EACX,EAEA,MAAO,OAAOnB,GAAsD,CAChE,IAAMc,EAAUd,EAAS,QACrBoB,EACJ,GAAI,CACAA,EAAoBN,EAAQ,QAAQ,KAAK,QAAQ,CACrD,MACU,CACN,OAAOX,CACX,CACA,QAAWe,KAAsBE,EAC7B,GAAI,CAAAH,EAAaC,CAAkB,GAGnC,QAAWF,KAAaJ,EAAK,WACzB,GAAIM,EAAmB,WAAWF,CAAS,EACvC,OAAOd,EAAM,EAKzB,OAAOC,CACX,CACJ,EAEakB,EAA2C,MAAO,CAAC,QAAAP,CAAO,IACnDA,EAAQ,SAAWA,EAAQ,QAAQ,IAAI,SAAS,GAAG,YAAY,IAAM,YACpEZ,EAAM,EAAIC,EAE/BkB,EAAe,SAAW,IAAM,oBCvHhC,IAAAC,GAAwB,8BAgBxB,eAAsBC,GAAUC,EAAqCC,EAAoCC,EAAoC,CACzI,IAAMC,EAAY,CAACC,EAAiDC,IAAoC,CAMpG,GAAIA,GAAS,KAAM,CACf,IAAMC,EAAmBD,EAAQ,OAAS,GAAO,CAC7C,aAAcA,EAAQ,SAAS,OAAO,IAAI,aAAU,UAAU,QAAQ,EACtE,aAAcD,EAAQ,SAAW,OAAY,CAAC,GAAG,EAAI,CAACA,EAAQ,MAAM,EACpE,iBAAkBC,EAAQ,WAAW,SAAW,YAAc,GAAO,MACzE,EAAIA,EAAQ,KACNE,EAAOH,EAAQ,KACrBF,EAAO,KAAK,KAAK,CAACK,EAAMD,CAAI,CAAC,CACjC,CACJ,EAEME,EAAa,IAAI,KAAkC,CAErD,UAAUC,EAA8C,CACpDA,EAAS,QAAQ,CAAC,CAAC,QAAAL,EAAS,QAAAC,EAAS,QAAAK,CAAO,IAAM,CAC9C,IAAMC,EAAUC,EAAQ,aAAU,UAAU,SAASR,EAAQ,IAAI,EAAsB,CAAC,OAAQA,EAAQ,MAAM,CAAC,EAC3GC,GAAS,WACTH,EAAO,UAAU,KAAK,CAACS,EAASN,EAAQ,SAAS,CAAC,EAGtDF,EAAUC,EAASC,CAAO,EAC1B,IAAMQ,EAAa,MAAOC,EAA6BC,IAA6C,CAChG,GAAM,CAAC,MAAAC,EAAO,UAAAC,CAAS,EAAI,MAAMN,EAAQG,CAAQ,EAC7CE,EACA,MAAMN,EAAQI,EAAUG,CAAS,EAEjC,MAAMF,EAAK,CAEnB,EACAb,EAAO,WAAW,KAAKW,CAAU,CACrC,CAAC,CACL,CAEA,UAAUK,EAA4C,CAClD,OAAW,CAAC,KAAAX,EAAM,QAAAY,EAAS,QAAAd,CAAO,IAAKa,EAAS,CAC5C,IAAME,EAAQb,GAAQ,IAGtBL,EAAO,QAAQ,IAAIkB,EAAO,CACtB,QAASb,IAAS,OAClB,KAAMF,GAAS,KACf,QAASc,EACT,eAAgBd,GAAS,eACzB,UAAWA,GAAS,UACpB,cAAegB,GAAsBhB,GAAS,OAAO,CACzD,CAAC,CACL,CACJ,CACJ,EACA,MAAML,EAAIQ,EAAYP,CAAM,CAChC,CCpFA,IAAAqB,GAAwB,8BAExB,SAASC,GAAaC,EAA2C,CAC7D,IAAMC,EAASD,EAAQ,QAAQ,IAAI,QAAQ,EAC3C,GAAIC,IAAW,OACX,MAAO,GAEX,IAAMC,EAAMF,EAAQ,IACdG,EAAiBD,EAAI,SACrBE,EAAaF,EAAI,KAEjBG,EAAY,IAAI,MAAMJ,CAAM,EAE5BK,EAAaD,GAAW,KACxBE,EAAiBF,GAAW,SAClC,OAAOF,IAAmBI,GACnBH,IAAeE,CAC1B,CAKO,SAASE,GAAcR,EAAoD,CAC9E,OAAOA,EAAQ,QAAQ,IAAI,QAAQ,GAAK,CAACD,GAAaC,CAAO,CAEjE,CAEO,SAASS,GAAmBT,EAA+B,CAC9D,OAAOA,EAAQ,SAAW,WACnBA,EAAQ,QAAQ,IAAI,QAAQ,GAC5BA,EAAQ,QAAQ,IAAI,+BAA+B,CAC9D,CAEA,IAAMU,GAAkC,CAAC,SAAU,gCAAiC,gCAAgC,EASvGC,GAAgC,CAACC,EAA6BC,IAAiC,CACxG,GAAM,CAAC,QAAAb,EAAS,SAAAc,CAAQ,EAAIF,EACtBG,EAAkBD,EAAS,QAEjC,GAAI,CAACC,EAAgB,IAAI,MAAM,EAC3BA,EAAgB,IAAI,OAAQL,GAAa,KAAK,IAAI,CAAC,MAElD,CACD,IAAMM,EAAcD,EAAgB,KAAK,MAAM,EAC/C,QAAWE,KAAUP,GACZM,EAAY,KAAKE,GAAKA,IAAMD,CAAM,GACnCD,EAAY,KAAKC,CAAM,EAG/BF,EAAgB,IAAI,OAAQC,EAAY,KAAK,IAAI,CAAC,CACtD,CAEA,GAAI,CACA,GAAI,CAACR,GAAcR,CAAO,EACtB,MAAO,EAEf,MACU,CACN,OAAGmB,EAAO,WAAW,OAAO,GACxBA,EAAO,MAAM,6BAA6B,EAE9CC,GAAcN,CAAQ,EACf,EACX,CAEA,GAAIC,EAAgB,IAAI,6BAA6B,EACjD,OAAII,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,sDAAsD,EAEhE,GAGX,IAAME,EAAmBZ,GAAmBT,CAAO,EAEnD,OAAIa,EACOS,GAAeV,EAAUC,EAAQQ,CAAgB,EAExDA,GACAD,GAAcN,CAAQ,EACf,IAEJ,EACX,EAYMS,GAAqB,CAAC,GAAG,EACzBC,GAAyB,CAAC,MAAO,OAAQ,MAAM,EACxCC,GAAoC,CAC7C,aAAcF,GACd,aAAcC,GACd,aAAcD,GACd,OAAQ,IACZ,EACmB,SAASG,GAAmBb,EAA6C,CACxF,GAAIA,EAAQ,CACR,IAAMc,EAAed,EAAO,aACxBc,GAAgBA,IAAiBC,IACjCf,EAAS,CACL,GAAGA,EACH,aAAcc,EAAa,IAAIV,GAAUA,EAAO,YAAY,CAAC,CACjE,GAEJ,IAAMY,EAAehB,EAAO,aAC5B,OAAIgB,IACIA,IAAiB,KACjBC,GAAyBjB,CAAM,EAC/BkB,GAA4BlB,CAAM,GAGlCA,EAAS,CACL,GAAGA,EACH,aAAcgB,EAAa,IAAI5B,GACvB,OAAOA,GAAW,UAAYA,IAAW2B,IACzC3B,EAAS,aAAU,UAAU,SAASA,CAAM,EACxC,OAAOA,GAAW,UAEX+B,GAAkB/B,CAAM,EAAE,YAAY,EAG9CA,CACV,CACL,GAGDY,CACX,CACJ,CAEA,SAASoB,GAAoDC,EAAoBC,EAAoC,CACjH,GAAIA,IAAU,OACV,OAAOD,IAAW,OAAaA,IAAWN,EAAM,CAACA,CAAQ,EAAIM,EAAU,CAAC,EAE5E,GAAIA,IAAW,OACX,OAAOC,IAAUP,EAAM,CAACA,CAAQ,EAAIO,EAExC,GAAID,GAAUX,IAAsBW,IAAWV,GAC3C,OAAOW,IAAUP,EAAM,CAACA,CAAQ,EAAIO,EAExC,GAAIA,GAASZ,IAAsBY,IAAUX,GACzC,OAAOU,IAAWN,EAAM,CAACA,CAAQ,EAAIM,EAEzC,GAAIA,IAAWN,GAAOM,EAAO,SAASN,CAAQ,GAAKO,IAAUP,GAAOO,EAAM,SAASP,CAAQ,EACvF,MAAO,CAACA,CAAQ,EAEpB,IAAMQ,EAAW,IAAI,IACrB,OAAAF,EAAO,QAASG,GAAMD,EAAS,IAAIC,CAAC,CAAC,EACrCF,EAAM,QAASE,GAAMD,EAAS,IAAIC,CAAC,CAAC,EAC7B,MAAM,KAAKD,CAAQ,CAC9B,CACO,IAAME,GAAoB,CAACJ,EAAoBC,IAC9CA,IAAU,OACHD,EAEgB,CACvB,aAAcD,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,aAAcF,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,aAAcF,GAAQC,EAAO,aAAcC,GAAO,YAAY,EAC9D,cAAeF,GAAQC,EAAO,cAAeC,GAAO,aAAa,EACjE,iBAAkBA,GAAO,kBAAoBD,EAAO,iBACpD,oBAAqBC,GAAO,qBAAuBD,EAAO,oBAC1D,OAAQC,GAAO,QAAUD,EAAO,MACpC,EAQEK,GAAcC,GAA8E,CAC9F,IAAMN,EAASM,EAAK,iBACdC,EAAYD,EAAK,eAAiB7B,GACxC,MAAO,OAAO+B,EAAwBC,IAA8B,CAChE,IAAM9B,EAAS,MAAMqB,EAAOQ,CAAG,EAE3B,CADYD,EAAUC,EAAK7B,CAAM,GACrBJ,GAAmBiC,EAAI,OAAO,GAG1C,MAAMC,EAAK,CAEnB,CACJ,EAEOC,GAAQL,GAGTpB,EAAS0B,EAAU,MAAM,EAE/B,SAASzB,GAAcN,EAA8B,CACjDA,EAAS,cAAcgC,EAAW,SAAS,CAC/C,CAEA,SAASxB,GAAeV,EACAC,EAAoBQ,EAAoC,CAC5E,GAAM,CAAC,QAAArB,EAAS,SAAAc,CAAQ,EAAIF,EACtBG,EAAkBD,EAAS,QAE3BiC,EAAgB/C,EAAQ,QAAQ,IAAI,QAAQ,EAC5CgD,EAAcC,GAAYpC,EAAQkC,CAAa,EAErD,GAAIC,IAAgB,OAChB,OAAI7B,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,YAAY4B,CAAa,yBAAyB,EAEnE3B,GAAcN,CAAQ,EACf,GAGX,IAAMoC,EAAgBC,GAAenD,EAASqB,CAAgB,EACxD+B,EAAeC,GAAaxC,EAAQqC,CAAa,EACvD,GAAIE,IAAiB,OACjB,OAAIjC,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,iBAAiB+B,CAAa,kBAAkB,EAEjE9B,GAAcN,CAAQ,EACf,GAGX,IAAMwC,EAAiBC,GAAgBvD,EAASqB,CAAgB,EAC1DM,EAAe6B,GAAa3C,EAAQyC,CAAc,EACxD,GAAIjC,GAAoBM,IAAiB,OACrC,OAAIR,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,oBAAoBmC,CAAc,mBAAmB,EAEtElC,GAAcN,CAAQ,EACf,GAGXC,EAAgB,IAAI,8BAA+BiC,CAAW,EAE1D3B,GACAN,EAAgB,IAAI,+BAAgCqC,EAAa,KAAK,GAAG,CAAC,EAG1E/B,GAAoBM,IAAiB,QAAaA,EAAa,OAAU,GACzEZ,EAAgB,IAAI,+BAAgCY,EAAa,KAAK,IAAI,CAAC,EAE/E,IAAM8B,EAAgB5C,EAAO,cAC7B,OAAI4C,GAAiBA,EAAc,OAAS,GACxC1C,EAAgB,IAAI,gCAAiC0C,EAAc,KAAK,IAAI,CAAC,EAE7E5C,EAAO,kBACPE,EAAgB,IAAI,mCAAoC,MAAM,EAE9DF,EAAO,qBAAuBb,EAAQ,QAAQ,IAAI,wCAAwC,IAAM,QAChGe,EAAgB,IAAI,uCAAwC,MAAM,EAGlEM,GAAoBR,EAAO,SAAW,QACtCE,EAAgB,IAAI,yBAA0BF,EAAO,OAAO,SAAS,CAAC,EAEnE,EACX,CAEA,IAAMe,EAAM,IACN8B,GAAkB,CAAC,MAAO,MAAM,EAEtC,SAAS5B,GAAyBjB,EAAoB,CAClD,GAAIA,EAAO,mBAAqB,IAAQA,EAAO,eAAiBe,EAC5D,MAAM,IAAI,MAAM,0DAA0D,CAElF,CAEA,SAASG,GAA4BlB,EAAoB,CACrD,GAAIA,EAAO,sBAAwB,IAAQA,EAAO,eAAiBe,EAC/D,MAAM,IAAI,MAAM,6DAA6D,CAErF,CAEA,SAASqB,GAAYpC,EAAoBZ,EAAqC,CAC1E,GAAIA,EAAQ,CACR,IAAM0D,EAAiB9C,EAAO,aAC9B,GAAI8C,EAAgB,CAChB,GAAIA,IAAmB/B,EACnB,OAAAE,GAAyBjB,CAAM,EAC/BkB,GAA4BlB,CAAM,EAC3Be,EAEX,IAAMgC,EAAgB5B,GAAkB/B,EAAO,YAAY,CAAC,EAE5D,QAAW4D,KAAiBF,EACxB,GAAKE,IAAmBjC,GAAQ,aAAU,UAAU,aAAaiC,EAAeD,CAAa,EACzF,OAAO3D,CAGnB,CACJ,CACJ,CAEA,SAASoD,GAAaxC,EAAoBqC,EAA8C,CACpF,GAAIA,EAAe,CACf,IAAMY,EAAiBjD,EAAO,cAAgB6C,GAC9C,GAAII,IAAmBlC,EACnB,MAAO,CAACsB,CAAa,EAEzB,GAAI,aAAU,UAAU,YAAYY,EAAgBZ,CAAa,EAC7D,OAAOY,CAEf,CACJ,CAEA,SAASN,GAAa3C,EAAoByC,EAAiD,CACvF,GAAIA,IAAmB,OACnB,OAEJ,GAAIA,EAAe,QAAU,EACzB,MAAO,CAAC,EAEZ,IAAMS,EAAiBlD,EAAO,aAC9B,GAAIkD,IAAmB,OACnB,OAEJ,IAAMC,EAAiBD,IAAmBnC,GAAOmC,EAAe,SAASnC,CAAG,EACtEqC,EAAmB,CAAC,EAC1B,QAAWC,KAAiBZ,EAAgB,CACxC,IAAMa,EAAQD,GAAe,KAAK,EAClC,GAAIC,GACA,GAAIH,EACAC,EAAO,KAAKE,CAAK,MAGjB,SAAWC,KAAiBL,EACxB,GAAII,EAAM,YAAY,IAAMC,EAAe,CACvCH,EAAO,KAAKE,CAAK,EACjB,KACJ,EAIhB,CACA,GAAIF,EAAO,OAAS,EAChB,OAAOA,CAEf,CAEA,SAASjC,GAAkB/B,EAAwB,CAC/C,OAAOA,EAAO,SAAS,GAAG,EAAIA,EAAO,MAAM,EAAG,EAAE,EAAIA,CACxD,CAEA,SAASkD,GAAenD,EAA2CqE,EAA0C,CACzG,OAAQA,EAAcrE,EAAQ,QAAQ,IAAI,+BAA+B,EAAIA,EAAQ,MACzF,CAEA,SAASuD,GAAgBvD,EAAsBqE,EAAgC,CAC3E,IAAMC,EAAUtE,EAAQ,QACxB,OAAQqE,EAAcC,EAAQ,KAAK,gCAAgC,EAAI,MAAM,KAAKA,EAAQ,KAAK,CAAC,CACpG,CAEO,IAAMC,GAA4B/B,GAC9B,MAAO5B,GAAgC,CAC1C,OAAW,CAAC4D,EAAS3D,CAAM,IAAK2B,EAAK,SACjC,IAAK,MAAMgC,EAAQ5D,CAAQ,GAAG,MAC1B,OAAAO,EAAO,MAAM,4BAA4BP,EAAS,QAAQ,IAAI,WAAW4D,CAAO,KAAK,KAAK,UAAU3D,CAAM,CAAC,EAAE,EACtGA,CAGnB,EC/WJ,IAAA4D,GAAwB,8BAEjB,SAASC,GAAuBC,EAAiF,CACpH,GAAM,CAAC,QAASC,EAAQ,KAAAC,CAAI,EAAIF,EAG1BG,EAA4CH,EAAQ,aAAe,GAAQ,OAAYI,GAAkBC,GAAuBL,EAAQ,UAAU,EAElJM,EAA8E,CAAC,EAGrF,OAAW,CAACC,EAAMC,CAAK,IAAKP,EAAQ,CAChC,IAAIQ,EAA0CN,EAC9C,OAAW,CAACO,EAASC,CAAM,IAAKT,EACxB,aAAU,UAAU,aAAaQ,EAASH,CAAI,IAC1CI,IAAW,OACXF,EAAkB,OAGlBA,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,GAIhH,IAAMA,EAASX,EAAQ,aAAe,GAAQ,OAAY,CACtD,aAAcQ,EAAM,eAAe,MACnC,aAAc,CAAC,MAAO,UAAW,SAAS,EAC1C,aAAc,CACV,UACA,aACA,SACA,oBACA,wBACA,yBACA,0BACJ,EACA,cAAe,CAAC,uBAAwB,yBAA0B,0BAA0B,EAC5F,iBAAkBA,EAAM,WAAW,SAAW,YAAc,GAAO,MACvE,EACAC,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,EAEpGL,EAAiB,KAAK,CAClBM,EAAI,CAACC,EAAgBC,EAAQP,CAAI,CAAC,CAAC,EACnCQ,GAAmBN,CAAe,CAAC,CAAC,CAC5C,CAEA,IAAMO,EAA2D,CAAC,EAElE,OAAW,CAACN,EAASC,CAAM,IAAKT,EAAM,CAClC,GAAI,CAAC,CAAEO,CAAe,EAAIO,EAAW,KAAK,CAAC,CAACC,CAAC,IAAM,OAAOA,CAAC,IAAM,OAAOP,CAAO,CAAC,GAAK,CAACA,EAASP,CAAiB,EAEhHM,EAAkBA,IAAoB,OAAYE,EAASP,GAAkBK,EAAiBE,CAAM,EACpG,IAAIO,EAAQ,GACZ,QAAWC,KAASH,EAChB,GAAI,OAAOG,EAAM,CAAC,CAAC,IAAM,OAAOT,CAAO,EAAG,CACtCS,EAAM,CAAC,EAAIV,EACXS,EAAQ,GACR,KACJ,CAECA,GACDF,EAAW,KAAK,CAACN,EAASD,CAAe,CAAC,CAElD,CACA,OAAW,CAACC,EAASC,CAAM,IAAKK,EAC5BV,EAAiB,KAAK,CAACQ,EAAQJ,CAAO,EAAGK,GAAmBJ,CAAM,CAAC,CAAC,EAGxE,OAAAL,EAAiB,KAAK,CAACQ,EAAQ,WAAW,EAAGC,GAAmBZ,CAAiB,CAAC,CAAC,EAG5EiB,GAAyB,CAAC,SAAUd,CAAgB,CAAC,CAChE,CCxEO,SAASe,GAAiBC,EAAoD,CACjF,OAAOA,IAAc,QAAa,OAAOA,EAAU,MAAY,UAAY,OAAOA,EAAU,eAAqB,SACrH,CAIO,IAAMC,EAAN,cAAkC,KAAM,CACnC,gBAER,IAAI,gBAA6C,CAC7C,OAAO,KAAK,eAChB,CAEA,IAAI,eAAeC,EAAuB,CACtC,GAAIA,IAAU,OACV,MAAM,IAAI,UAAU,oCAAoC,EAE5D,KAAK,gBAAkBA,CAC3B,CACJ,EAEaC,GAAN,cAA8CF,CAAoB,CAAC,EAE7DG,GAAN,cAAkCH,CAAoB,CAAC,EAIvD,IAAMI,EAAN,cAAgC,KAAM,CAAC,EAoBjCC,EAAN,KAA2D,CAC9D,YAAYC,EAAkB,CAC1B,KAAK,QAAUA,CACnB,CAES,OACb,EACaC,EAAN,KAAwE,CAClEC,GAET,YAAYC,EAA2G,CACnH,KAAKD,GAASC,CAClB,CAEA,MAAM,OAAOC,EAAqDC,EAA0B,CAExF,GAAI,EADa,MAAM,KAAKH,GAAOE,EAAgBC,CAAM,IAC1C,QACX,MAAM,IAAIP,EAAkB,eAAe,CAEnD,CAEA,MAAM,UAAUM,EAAqDC,EAAW,CAC5E,OAAO,MAAM,KAAKH,GAAOE,EAAgBC,CAAM,CACnD,CACJ,EAEaC,EAAN,cAAyCC,CAAoB,CAAC,EC7ErE,IAAMC,EAAiCC,GAC5B,MAAOC,GAAgC,CAC1C,IAAIC,EAAoB,GAClB,CAAC,SAAAC,CAAQ,EAAIF,EACnB,QAAWG,KAAQJ,EAAQ,KAAK,EACxBG,EAAS,QAAQ,IAAIC,CAAI,IACzBF,EAAoB,IAG5B,GAAIA,EACA,OAAW,CAACE,EAAMC,CAAK,IAAKL,EACxBG,EAAS,QAAQ,IAAIC,EAAMC,CAAK,CAG5C,EAGEC,GAAsC,IAAMP,EAC9C,IAAIQ,EAAe,EACd,IAAI,gBAAiB,gDAAgD,EACrE,IAAI,SAAU,UAAU,EACxB,IAAI,UAAW,GAAG,CAAC,EAEtBC,GAAqC,IAAMT,EAC7C,IAAIQ,EAAe,EACd,IAAI,yBAA0B,SAAS,CAAC,EAE3CE,GAAiD,CAACC,EAAyBC,EAA4BC,IAAqB,CAC9H,IAAIC,EAAc,WAAWH,CAAe,GACxCC,IACAE,GAAe,wBAEfD,IACAC,GAAe,cAEnB,IAAMC,EAAWf,EACb,IAAIQ,EAAe,EACd,IAAI,4BAA6BM,CAAW,CAAC,EAEhDE,EAAYd,GACGA,EAAS,QAAQ,IAAI,WAClB,SAGxB,MAAO,OAAOA,GAAgC,CACtCc,EAASd,CAAQ,GACjB,MAAMa,EAASb,CAAQ,CAE/B,CACJ,EAGMe,GAAuCC,GAClClB,EACH,IAAIQ,EAAe,EACd,IAAI,kBAAmBU,CAAI,CAAC,EAInCC,GAAwCL,GAA0Cd,EACpF,IAAIQ,EAAe,EACd,IAAI,mBAAoBM,CAAW,CAAC,EAGvCM,GAA4CC,GAA8B,CAE5E,IAAMN,EAAWM,IAAqB,OAAY,OAAYrB,EAC1D,IAAIQ,EAAe,EACd,IAAI,qBAAsBa,CAAgB,CAAC,EACpD,MAAO,OAAOnB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EACMoB,GAA+C,CAACD,EAA2BE,IAAyB,CACtG,IAAMC,EAAaD,EAAa,sCAAwC,0BAClER,EAAWM,IAAqB,OAAY,OAAYrB,EAC1D,IAAIQ,EAAe,EACd,IAAIgB,EAAYH,CAAgB,CAAC,EAC1C,MAAO,OAAOnB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAWMuB,GAAuC,CAACC,EAAyB,gBAC5D1B,EACH,IAAIQ,EAAe,EACd,IAAI,iBAAkBkB,CAAM,CAAC,EAIpCC,GAAkDD,GAAqC,CACzF,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,6BAA8BkB,CAAM,CAAC,EAClD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAGM0B,GAAoDF,GAAuC,CAC7F,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,+BAAgCkB,CAAM,CAAC,EACpD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAGM2B,GAAoDH,GAAuC,CAC7F,IAAMX,EAAWW,IAAW,OAAY,OAAY1B,EAChD,IAAIQ,EAAe,EACd,IAAI,+BAAgCkB,CAAM,CAAC,EACpD,MAAO,OAAOxB,GAAgC,CACtCa,IAAa,QACb,MAAMA,EAASb,CAAQ,CAE/B,CACJ,EAEM4B,GAAmC,IAClCC,IAEI,MAAO7B,GAAgC,CAC1C,QAAW8B,KAAUD,EACjB,MAAMC,EAAO9B,CAAQ,CAE7B,EAGW,SAARD,GAAyBgC,EAa7B,CACC,IAAMF,EAAqC,CAAC,EACvCE,GAAM,OAAO,UACdF,EAAQ,KAAKxB,GAAoC,CAAC,EAEjD0B,GAAM,aAAa,UACpBF,EAAQ,KAAKtB,GAAmC,CAAC,EAEhDwB,GAAM,MAAM,UACbF,EAAQ,KAAKrB,GAA+CuB,GAAM,MAAM,QAAU,IAAM,GAAK,GAAK,GAAIA,GAAM,MAAM,mBAAqB,GAAMA,GAAM,MAAM,SAAW,EAAK,CAAC,EAEzKA,GAAM,cAAc,UACrBF,EAAQ,KAAKd,GAAoCgB,GAAM,cAAc,MAAQ,MAAM,CAAC,EAEnFA,GAAM,KAAK,UACZF,EAAQ,KAAKZ,GAAqCc,GAAM,KAAK,aAAe,GAAG,CAAC,EAE/EA,GAAM,mBAAmB,UAC1BF,EAAQ,KAAKX,GAAyCa,GAAM,mBAAmB,gBAAgB,CAAC,EAE/FA,GAAM,uBAAuB,UAC9BF,EAAQ,KAAKT,GAA6CW,GAAM,uBAAuB,kBAAoB,qBAAsBA,GAAM,uBAAuB,UAAU,CAAC,EAExKA,GAAM,eAAe,UACtBF,EAAQ,KAAKN,GAAqCQ,GAAM,eAAe,QAAU,aAAa,CAAC,EAE9FA,GAAM,yBAAyB,UAChCF,EAAQ,KAAKJ,GAA+CM,GAAM,yBAAyB,MAAM,CAAC,EAEjGA,GAAM,2BAA2B,UAClCF,EAAQ,KAAKH,GAAiDK,GAAM,2BAA2B,MAAM,CAAC,EAErGA,GAAM,2BAA2B,UAClCF,EAAQ,KAAKF,GAAiDI,GAAM,2BAA2B,MAAM,CAAC,EAEtGA,GAAM,SACNF,EAAQ,KAAK,GAAGE,EAAK,OAAO,EAEhC,IAAMD,EAASF,GAAiC,GAAGC,CAAO,EAE1D,MAAO,OAAO7B,EAA6BgC,IAA8B,CACrE,MAAMF,EAAO9B,CAAQ,EACrB,MAAMgC,EAAK,CACf,CACJ,CC5MO,IAAMC,EAAgDC,GAGnB,CACtC,IAAMC,EAAaD,EAAK,WAClBE,EAAoCF,GAAM,mCAAqC,GACrF,MAAO,OAAO,CAAC,SAAAG,CAAQ,EAAGC,IAAU,CAIhC,GAHI,CAACF,GAGD,EAAEE,aAAiBC,GACnB,OAAOJ,EAAWE,EAAUC,CAAK,EAErC,MAAMA,CAEV,CAGJ,ECrBA,IAAME,GAAgB,QAChBC,GAAqBC,GAChB,gBAAgBA,CAAK,IAGnBC,EAAuBC,GAA8D,CAC9F,IAAMC,EAAcJ,GAAkBG,GAAM,OAASJ,EAAa,EAClE,MAAO,OAAOM,EAAUC,IAAW,CAC/B,GAAM,CAAC,SAAAC,CAAQ,EAAIF,EACnBE,EAAS,cAAcC,EAAW,YAAY,EAC9CD,EAAS,QAAQ,IAAI,mBAAoBH,CAAW,CACxD,CACJ,ECbA,IAAMK,GAAQ,SAEDC,GAAoCC,GACtC,MAAOC,GAAa,CACvB,GAAM,CAAC,QAAAC,CAAO,EAAID,EACZE,EAAgBD,EAAQ,QAAQ,IAAI,eAAe,EACzD,GAAI,CAACC,GAAiB,CAAE,SAAU,KAAKA,EAAc,UAAU,CAAE,CAAC,EAC9D,OAEJ,IAAMC,EAAcD,EAAc,QAAUL,GAAM,OAAS,GAAKK,EAAc,UAAUL,GAAM,MAAM,EAE9FO,EADU,OAAO,KAAKD,EAAa,QAAQ,EAAE,SAASJ,GAAM,qBAAuB,OAAO,EAC1E,MAAM,IAAK,CAAC,EAClC,GAAIK,EAAM,SAAW,EAGrB,MAAO,CACH,KAAM,mBACN,cAAe,GACf,UAAWA,EAAM,CAAC,EAClB,YAAaA,EAAM,CAAC,CACxB,CACJ,ECtBJ,IAAAC,GAAgC,4BAMnBC,EAAN,MAAMC,CAAkC,CAC3C,OAAe,mBAAmBC,EAErB,CACT,OAAOA,EAAQ,SAAS,GAAG,kBAAoB,MACnD,CAEA,aAAqB,mBAAmBA,EAEE,CACtC,OAAO,MAAMA,EAAQ,SAAS,GAAG,eACrC,CAEA,OAAc,qBAAqBA,EAA4E,CAC3G,OAAOA,EAAQ,SAAS,GAAG,eAC/B,CAEA,OAAc,oBAAoBC,EAA2C,CACzE,MAAO,CAACD,EAA6E,IAAI,wBAGrFA,EAAQ,SAAS,EAAG,gBAAkBC,EAC/BD,EAEf,CAEA,OAAc,mBAAmBE,EAAgC,CAC7D,OAAOH,EAAkC,oBAAoB,QAAQ,QAAQ,CAAC,eAAAG,CAAc,CAAC,CAAC,CAClG,CAEA,aAAoB,WAAWF,EAAkH,CAC7I,GAAID,EAAkC,mBAAmBC,CAAO,EAC5D,OAAOD,EAAkC,mBAAmBC,CAAO,CAE3E,CACJ,EC3BA,eAAeG,GAAaC,EACAC,EACAC,EACAC,EACAC,EACAC,EAA2F,CAEnH,IAAMC,EAAiB,MADH,MAAMH,EAAgBH,CAAQ,KACPE,CAAK,EAChD,GAAII,IAAmB,OACnB,MAAM,IAAI,MAAM,kDAAkD,EAEtE,GAAI,CACA,MAAMC,GAAwBD,EAAgB,CAAC,SAAAN,EAAU,KAAAC,CAAI,EAAGG,EAAgBC,CAAO,CAC3F,OAASG,EAAG,CACR,MAAIA,aAAaC,EAGXD,CACV,CACJ,CAEA,eAAeD,GAAwBD,EACAI,EACAN,EACAC,EAA2F,CAC9HM,EAAkC,mBAAmBL,CAAc,EAAED,CAAO,EAC5E,MAAMD,EAAeM,EAAgBJ,CAAc,CAEvD,CAce,SAARM,EAAsCC,EAAmC,CAC5E,IAAMC,EAAO,CACT,QAASC,GACT,eAAgB,MAAM,CAAC,KAAAd,CAAI,IAAM,CAC7B,MAAMA,EAAK,CACf,EACA,UAAWe,GAAiC,CAAC,CAAC,EAC9C,eAAgBC,EAA6C,CAAC,WAAYC,EAAoB,CAAC,CAAC,CAAC,CAAC,EAClG,GAAGL,CACP,EACIV,EAAkBW,EAAK,gBAC3B,GAAIX,IAAoB,QAAaW,EAAK,UAAY,OAAW,CAC7D,IAAMK,EAAiCL,EAAK,QAC5CX,EAAkB,MAAOiB,GACdD,CAEf,CACA,GAAIhB,IAAoB,OACpB,MAAM,IAAI,MAAM,+DAA+D,EAEnF,MAAO,OAAOH,EAA6BC,IAA6C,CAEpF,IAAMC,GADc,MAAMY,EAAK,QAAQd,CAAQ,GACrB,MAAQ,MAAMc,EAAK,UAAUd,CAAQ,EAAI,OACnE,GAAIE,IAAU,OAAW,CACrB,MAAMD,EAAK,EACX,MACJ,CAEA,GAAI,CACA,MAAMF,GAAaC,EAAUC,EAAMC,EAAOC,EAAiBW,EAAK,eAAgBA,EAAK,OAAO,CAEhG,OAASO,EAAO,CACZ,GAAIA,aAAiBZ,EAAqB,CACtC,MAAMK,EAAK,eAAe,CAAC,SAAAd,EAAU,KAAAC,CAAI,EAAGoB,CAAK,EACjD,MACJ,CACA,MAAMA,CACV,CACJ,CACJ,CC7FO,IAAMC,GAAwBC,GAG1B,MAAOC,EAAUC,IAAgC,CACnCD,EAAS,SACjB,cAAcD,EAAK,UAAU,CAC1C,ECHJ,IAAMG,EAASC,EAAU,kBAAkB,EAE9BC,GAAwBC,GAGC,CAClC,IAAMC,EAAoBD,EAAK,oBAAsB,MAAO,CAAC,SAAAE,CAAQ,EAAGC,IAAW,CAC/ED,EAAS,cAAcE,EAAW,YAAY,EAC9C,MAAMF,EAAS,IAAI,CACvB,GACA,MAAO,OAAOG,EAA6BC,IAA+B,CACtE,OAAW,CAACC,EAASC,CAAU,IAAKR,EAAK,YAKrC,GAJIH,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,0BAA0BU,CAAO,EAAE,GAEtC,MAAMA,EAAQF,CAAQ,GAC1B,MACN,OAAIR,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,0CAA0CW,CAAU,EAAE,EAEhEA,EAAWH,EAAUC,CAAK,EAGzC,OAAIT,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,6CAA6CI,CAAiB,EAAE,EAE1EA,EAAkBI,EAAUC,CAAK,CAC5C,CACJ,EChCO,IAAMG,GAA4BC,GAE9B,MAAO,CAAC,SAAAC,EAAU,KAAAC,CAAI,EAAGC,IAAmC,CAC/D,QAAWC,KAAWJ,EAClB,MAAMI,EAAQ,CAAC,SAAAH,EAAU,KAAAC,CAAI,EAAGC,CAAc,CAEtD,ECYW,SAARE,GAA2BC,EAQ/B,CAEC,IAAMC,EAAuC,MAAOC,GAChCA,EAAS,QAAQ,QACf,KAAK,kBAAkB,EACnC,SAAS,gBAAgB,EACXC,EAAM,EAEVC,EAGdC,EAAoBC,GAAqB,CAC3C,YAAa,CAAC,CAACL,EAAYM,GAAqB,CAAC,WAAYC,EAAW,YAAY,CAAC,CAAC,CAAC,EACvF,kBAAmBC,EAAoB,CAAC,CAAC,CAC7C,CAAC,EAEKC,EAAaV,EAAK,YAAcK,EAEhCM,EAAUX,EAAK,QAEfY,EAAuBC,GAAU,CACnC,WAAY,CACR,uBACA,oCACA,mBACA,2BACA,kBACA,sBACA,UACJ,EACA,kBAAmB,CAAC,KAAK,CAC7B,CAAC,EAEKC,EAA0BC,GAAaF,GAAU,CAAC,WAAY,CAAC,WAAW,CAAC,CAAC,CAAC,EAC7EG,EAA6BC,EAAI,CAACH,EAAgBF,CAAW,CAAC,EAC9DM,EAA4BC,GAAG,CAAClB,EAAYe,CAAiB,CAAC,EACpEhB,EAAK,mBAAmB,KAAK,CAACkB,EAAkBR,CAAU,CAAC,EAC3D,IAAMU,EAAiBpB,EAAK,gBAAkBqB,EAA6C,CAAC,WAAAX,CAAU,CAAC,EACjGY,EAAiBC,GAAyBvB,EAAK,iBAAmBA,EAAK,sBAAsB,EAC7FwB,EAAYC,GAAiC,CAAC,CAAC,EACrD,OAAOC,EAAqB,CACxB,QAAS1B,EAAK,QACd,QAAAW,EACA,eAAAS,EACA,eAAAE,EACA,UAAAE,CACJ,CAAC,CACL,CC9DO,IAAMG,GAAwB,CACjC,gBAAiB,kBACjB,cAAe,gBACf,mBAAoB,oBACxB,EAEMC,GAAc,kDAEb,SAASC,GAAaC,EAAmC,CAC5D,MAAO,CACH,UAAWH,GAAsB,cACjC,WAAYI,EAAW,aACvB,YAAaD,EACb,IAAKF,EACT,CACJ,CAEO,SAASI,GAAeF,EAAmC,CAC9D,MAAO,CACH,UAAWH,GAAsB,gBACjC,WAAYI,EAAW,YACvB,YAAaD,EACb,IAAKF,EACT,CACJ,CChCA,IAAMK,GAA8B,eAC9BC,GAAuB,6CAEhBC,EAAN,cAAwCC,CAAoB,CACtD,MAET,YAAYC,EAA6BC,EAAkBC,EAAwB,CAC/E,MAAMD,IAAY,OAAOD,GAAU,SAAW,OAAYA,EAAM,aAAcE,CAAO,EACrF,KAAK,MAAQ,OAAOF,GAAU,SAAW,CAAC,UAAWA,CAAK,EAAIA,CAClE,CACJ,EAOaG,GAAoCC,GACtCA,EAAe,OAAS,cAG7BC,GAA4CC,GACvC,MAAOC,GAAgC,CAC1C,GAAM,CAAC,QAAAC,CAAO,EAAID,EAClB,OAAO,QAAQ,IAA0B,CACrCE,GAA+BD,EAAQ,QAASF,GAAM,UAAU,EAAE,KAAMI,GAAmBA,IAAU,OAAY,CAACA,CAAK,EAAI,MAAS,EACpIC,GAAuBH,EAASF,GAAM,iBAAiB,EACvDM,GAAgBL,EAAUD,GAAM,wBAAwB,CAC5D,CAAC,EACI,KAAKO,GAAMA,EAAG,OAAOC,GAAKA,IAAM,MAAS,EAAE,KAAK,CAAC,CAAC,EAClD,KAAKC,EAAY,EACjB,KAAKL,GAAS,CACX,GAAIA,EAAO,MAAO,CAAC,cAAe,GAAO,KAAM,cAAe,MAAAA,CAAK,CACvE,CAAC,CACT,EAGJ,eAAeK,GAAaC,EAAwB,CAChD,GAAIA,EAAa,SAAW,EACxB,OAEJ,GAAIA,EAAa,OAAS,EAAG,CACzB,IAAMhB,EAAQiB,GAAe,6CAA6C,EAC1E,MAAM,IAAInB,EAA0BE,CAAK,CAC7C,CAEA,IAAMkB,EAAcF,EAAa,CAAC,EAClC,GAAI,CAACE,GAAeA,EAAY,SAAW,EAAG,CAC1C,IAAMlB,EAAQiB,GAAe,yDAAyD,EACtF,MAAM,IAAInB,EAA0BE,CAAK,CAC7C,CACA,OAAOkB,CACX,CAEA,eAAeT,GAA+BU,EAA8BC,EAAqB,gBAA8C,CAC3I,IAAMC,EAAgBF,EAAQ,IAAIC,CAAU,EAC5C,GAAI,CAACC,GAAiB,CAAE,UAAW,KAAKA,EAAc,UAAU,CAAE,CAAC,EAC/D,OAEJ,IAAMC,EAAQzB,GAAqB,KAAKwB,CAAa,EACrD,GAAIC,IAAU,KAAM,CAChB,IAAMtB,EAAQuB,GAAa,2BAA2B,EACtD,MAAM,IAAIzB,EAA0BE,CAAK,CAC7C,CACA,OAAOsB,EAAM,QAAQ,KACzB,CAEA,eAAeE,GAAcC,EAA4D,CACrF,IAAMT,EAAeS,EAAW,OAAO7B,EAA2B,EAClE,GAAIoB,EAAa,SAAW,EAG5B,OAAOA,CACX,CAEA,eAAeL,GAAuBH,EAA4BkB,EAAQ,GAAsC,CAC5G,GAAI,GAACA,GAASlB,EAAQ,SAAW,OAGjC,OAAOgB,GAAchB,EAAQ,IAAI,YAAY,CACjD,CAEA,eAAeI,GAAgBL,EAA6BmB,EAAQ,GAAsC,CACtG,GAAM,CAAC,QAAAlB,CAAO,EAAID,EAClB,GAAI,CAACmB,GAC2ClB,EAAQ,QAAQ,IAAI,cAAc,IAA1E,qCACDA,EAAQ,SAAW,OACtB,OAEJ,IAAMiB,EAAa,MAAMlB,EAAS,QAAQ,SAAS,EACnD,GAAIkB,EACA,OAAOD,GAAcC,CAAU,CAEvC,CAEA,IAAOE,GAAQtB,GC/Ff,SAASuB,GAAuBC,EAAiC,CAC7D,IAAIC,EAAkB,SACtB,GAAID,EAAW,OAAS,EAAG,CACvBC,GAAmB,IACnB,IAAIC,EAAI,EACR,OAAW,CAACC,EAAKC,CAAK,IAAKJ,EACvBC,GAAmB,GAAGE,CAAG,KAAKC,CAAK,IAC/BF,IAAMF,EAAW,KAAO,IACxBC,GAAmB,MAEvBC,GAER,CACA,OAAOD,CACX,CAEA,IAAMI,GAAsBC,GAChBA,EAA2B,aAAe,OAGtD,SAASC,GAAUC,EAA4C,CAC3D,GAAIA,aAAqBC,EAA2B,CAChD,GAAM,CAAC,MAAAH,CAAK,EAAIE,EAChB,GAAIH,GAAmBC,CAAK,EACxB,OAAOA,EAAM,UAErB,CACA,OAAOI,EAAW,YACtB,CAEA,SAASC,GAAiBH,EAAgCI,EAAgB,CACtE,IAAMZ,EAAa,IAAI,IAIvB,GAHIY,GACAZ,EAAW,IAAI,QAASY,CAAK,EAE7BJ,aAAqBC,EAA2B,CAChD,GAAM,CAAC,MAAAH,CAAK,EAAIE,EAChBR,EAAW,IAAI,QAASM,EAAM,SAAS,EACnCA,EAAM,aACNN,EAAW,IAAI,oBAAqBM,EAAM,WAAW,EAErDA,EAAM,KACNN,EAAW,IAAI,YAAcM,EAAM,GAAG,EAEtCD,GAAmBC,CAAK,GAAKA,EAAM,OACnCN,EAAW,IAAI,QAASM,EAAM,KAAK,CAE3C,CACA,OAAON,CACX,CAEA,IAAMa,GAA6CC,GACxC,MAAOC,EAAUT,IAAU,CAC9B,IAAMU,EAAST,GAAUD,CAAK,EACxBN,EAAaW,GAAiBL,EAAOQ,GAAM,SAAS,EACpDb,EAAkBF,GAAuBC,CAAU,EACnD,CAAC,SAAAiB,CAAQ,EAAIF,EACnBE,EAAS,QAAQ,IAAI,mBAAoBhB,CAAe,EACxDgB,EAAS,cAAcD,CAAM,EAC7B,MAAMC,EAAS,IAAI,CACvB,EAGGC,GAAQL,GC1Df,IAAMM,GAAoBC,GAAwE,CAC9F,IAAMC,EAAqBD,GAAM,oBAAsB,MAEvD,OAAQE,IAEG,CAAC,KAAM,WAAY,cAAe,GAAM,KADlCA,EAAI,iBAAiBD,CAAkB,CACD,EAE3D,EAEME,GAAqBC,GAChB,MAAOF,GACHE,EAAUF,CAAG,EAIfG,EAAN,cAAuB,KAAM,CAAC,EACxBC,GAAN,cAA0BD,CAAS,CAAC,EAG3C,SAASE,GAAQC,EAAiB,CAC9B,GAAIA,aAAiBF,GACjB,OAAO,IAAIG,EAA0BC,GAAaF,EAAM,OAAO,EAAGA,EAAM,QAAS,CAAC,MAAOA,CAAK,CAAC,EAEnG,MAAM,IAAIG,EAA2BH,EAAM,QAAS,CAAC,MAAOA,CAAK,CAAC,CAEtE,CAEe,SAARI,GAAgCZ,EAGb,CACtB,IAAMa,EAAUb,EAAK,QACfc,EAAgBd,EAAK,eAAiBG,GAAkBJ,GAAiB,CAAC,CAAC,CAAC,EAClF,MAAO,OAAOgB,GAAmB,CAC7B,GAAIC,GAAiCD,CAAc,EAAG,CAClD,IAAME,EAAQF,EAAe,MAC7B,GAAI,CACA,IAAMb,EAAM,MAAMW,EAAQI,CAAK,EAC/B,OAAO,MAAMH,EAAcZ,CAAG,CAClC,OAASgB,EAAG,CACR,MAAIA,aAAab,EACPE,GAAQW,CAAC,EAEbA,CACV,CACJ,CACJ,CACJ,CCzCe,SAARC,GAAgCC,EAWuC,CAC1E,IAAMC,EAAaD,EAAK,YAAcE,GAA0C,CAAC,CAAC,EAC5EC,EAAYH,GAAM,WAAaI,GAAyC,CAAC,CAAC,EAC1EC,EAAiBL,EAAK,gBAAkBM,EAA6C,CAAC,WAAAL,CAAU,CAAC,EACvG,GAAID,EAAK,kBAAmB,OACxB,OAAOO,EAAqB,CACxB,QAASP,EAAK,QACd,UAAAG,EACA,eAAAE,EACA,gBAAiBL,EAAK,eAC1B,CAAC,EAEL,GAAIA,EAAK,MAAQ,OAAW,CAExB,IAAMQ,EAAUR,EAAK,IAAI,SAAWS,GAAeT,EAAK,GAAG,EAC3D,OAAOO,EAAqB,CACxB,QAASP,EAAK,QACd,UAAAG,EACA,eAAAE,EACA,gBAAiB,MAAOK,GACbF,CAEf,CAAC,CACL,CACA,MAAM,IAAI,MAAM,uFAAuF,CAC3G,CCrCA,IAAAG,GAA0C,uCCH1C,eAAeC,GAAuBC,EAA6BC,EAA4CC,EAA4C,CACvJ,IAAMC,EAAQ,IAAIC,GAAgC,0DAA0D,EACtGC,EAAyB,IAAIC,EAAoB,gBAAiB,CAAC,MAAAH,CAAK,CAAC,EAC3EF,IACAI,EAAE,eAAiBJ,GAEvB,MAAMC,EAAWF,EAAUK,CAAC,CAChC,CACO,SAASE,GAA8BC,EAAwB,CAClE,MAAO,OAAOR,EAA6BS,IAA8B,CACrET,EAAS,SAAS,cAAcQ,CAAU,EAC1CR,EAAS,SAAS,QAAQ,IAAI,eAAgB,2BAA2B,EACzE,IAAMU,EAAS,OAAO,KAAK,gBAAiB,OAAO,EACnDV,EAAS,SAAS,QAAQ,IAAI,iBAAkBU,EAAO,MAAM,EAC7D,MAAMV,EAAS,SAAS,KAAKU,CAAM,CACvC,CACJ,CAEO,IAAMC,GAAeC,GAEtB,CACF,IAAMC,EAAsBN,GAA8BO,EAAW,SAAS,EACxEC,EAA2BH,EAAK,0BAA4BI,EAAoB,EACtF,MAAO,OAAOhB,EAA6BiB,IAA8B,CACrE,GAAI,CACA,MAAMA,EAAK,CACf,OAASC,EAAO,CACZ,GAAIA,aAAiBC,EAAmB,CACpC,IAAMC,EAAY,MAAMpB,EAAS,UAAU,EACtCqB,GAAiBD,CAAS,GAItBA,EAAU,eACX,MAAMP,EAAoBb,EAAUkB,CAAK,EAE7C,MAAMnB,GAAuBC,EAAUoB,EAAWL,CAAwB,GAN1E,MAAMhB,GAAuBC,EAAU,OAAWe,CAAwB,EAQ9E,MACJ,CACA,MAAMG,CACV,CACJ,CACJ,EClDA,IAAMI,GAASC,EAAU,eAAe,EAEzB,SAARC,GAAgDC,EAA+G,CAClK,IAAMC,EAAQ,MAAOC,EAAqDC,IAAgE,CACtI,IAAIC,EACJ,OAAW,CAACC,EAASC,CAAO,IAAKN,EAAK,SAClC,IAAK,MAAMK,EAAQF,CAAQ,IAAI,MAAO,CAClCN,GAAO,MAAM,8BAA8BM,EAAS,QAAQ,IAAI,YAAYE,CAAO,KAAKC,CAAO,GAAG,EAClG,IAAMC,EAAc,MAAMD,EAAQ,UAAUJ,EAAgB,CAAC,SAAAC,CAAQ,CAAC,EACtE,GAAII,IAAgB,OAAW,CAC3BH,EAAWG,EACX,KACJ,CACJ,CAEJ,OAAAH,IAAa,IAAII,EAAsB,EAAK,EACrCJ,CAEX,EACA,OAAO,IAAIK,EAA4BR,CAAK,CAChD,CClBA,IAAMS,GAASC,EAAU,eAAe,EAEzB,SAARC,GAAqCC,EAGzC,CACC,GAAM,CAAC,QAAAC,EAAS,QAAAC,CAAO,EAAIF,EAC3B,MAAO,OAAOG,EAA6BC,IAA8B,CACrE,IAAMC,EAAUC,EAAkC,WAAWJ,CAAO,EAC/D,KAAKK,GAAKA,GAAG,cAAc,EAChC,GAAI,CACA,MAAMN,EAAQ,OAAOI,EAASF,CAAQ,EAClCN,GAAO,WAAW,OAAO,GACzBA,GAAO,MAAM,0BAA0B,CAE/C,OAASW,EAAO,CACZ,MAAIA,aAAiBC,GACbZ,GAAO,WAAW,OAAO,GACzBA,GAAO,MAAM,yBAAyBW,EAAM,OAAO,EAAE,EAGvDA,CACV,CACA,MAAMJ,EAAK,CACf,CACJ,CCzBO,IAAMM,GAAN,cAA+CC,EAA2B,CACpEC,GACT,YAAYC,EAA6BC,EAAqD,CAC1F,MAAMD,CAAQ,EACd,KAAKD,GAAWE,CACpB,CAEA,MAAM,WAAyD,CAE3D,OADgB,MAAM,KAAKF,GAAS,IACpB,cACpB,CACJ,EAEaG,GAAkBC,GAAuF,CAClH,IAAMC,EAAUD,EAAK,QACrB,MAAO,OAAOH,EAA6BK,IAAyD,CAChG,MAAMA,EAAK,IAAIR,GAAiCG,EAAU,SAAY,MAAMM,EAAkC,WAAWF,CAAO,CAAC,CAAC,CACtI,CACJ,EJkCA,IAAMG,EAAc,CAChB,MAAO,OAAO,iBACd,aAAc,IACd,eAAgB,IAChB,KAAM,IACN,WAAY,IACZ,eAAgB,IAChB,qCAAsC,KACtC,kBAAmB,KACnB,cAAe,KACf,KAAM,OAAO,gBACjB,EACMC,EAAoB,OAAO,IAAI,aAAa,EAE3CC,GAAQ,CAACC,EACAC,IAGkB,CAC9B,IAAMC,EAAyB,CAAC,EAEhC,MAAMC,CAAmB,CACrBC,GACSC,GAAyF,CAAC,EACnG,QAEA,IAAI,0BAAuE,CACvE,OAAI,KAAKD,KAA8B,QAAa,KAAKC,GAAoB,SAAW,EAC7E,KAAKD,GAEZ,KAAKC,GAAoB,SAAW,EAC7B,KAAKA,GAAoB,CAAC,EAAE,CAAC,EAEjCC,GAAqB,CACxB,YAAa,KAAKD,GAClB,kBAAmB,KAAKA,GAAoB,KAAKA,GAAoB,OAAS,CAAC,EAAE,CAAC,CACtF,CAAC,CACL,CAGA,OAAQ,CACJ,GAAIL,EAAO,UAAY,QAAaA,EAAO,QAAQ,WAAa,GAAM,CAClE,IAAMO,EAASC,GAAQR,EAAO,OAAO,EACrCO,EAAOT,CAAiB,EAAID,EAAY,aACxCK,EAAW,KAAKK,CAAM,CAC1B,CACA,GAAIP,EAAO,MAAM,WAAa,IAAQC,EAAQ,mBAAqB,OAAW,CAC1E,IAAMQ,EAA+EC,GAAK,CAAC,iBAAkBT,EAAQ,gBAAiB,CAAC,EACvIQ,EAAOX,CAAiB,EAAID,EAAY,KACxCK,EAAW,KAAKO,CAAM,CAC1B,CAEA,GAAIT,EAAO,QAAU,QAAaA,EAAO,OAAO,WAAa,GAAM,CAC/D,IAAMW,EAAWX,EAAO,MAAM,MAAM,KAAK,YAAY,EAC/CY,EAAWZ,EAAO,MAAM,MAAM,UAAY,GAC1Ca,EAAcb,EAAO,MAAM,MAAM,aAAe,CAAC,EACjDc,EAAiC,MAAOC,GAAS,CACnD,IAAMC,EAAYD,EAAK,UACjBE,EAAcF,EAAK,YACzB,GAAIC,EAAU,YAAY,IAAML,GAAYM,IAAgBL,EACxD,MAAM,IAAIM,GAAoB,8BAA8B,EAEhE,MAAO,CAAC,KAAM,mBAAoB,cAAe,GAAM,UAAAF,EAAW,YAAAC,EAAa,YAAa,CAAC,GAAGJ,CAAW,CAAC,CAChH,EAEMM,EAA+D,CACjE,MAAO,CAAC,SAAUC,EAAG,KAAAC,CAAI,EAAGC,IACjBD,EAAK,CAEpB,EAGMZ,EAASc,GAAU,CACrB,QAAStB,EAAQ,QACjB,QAAAa,EACA,mBAAoB,KAAKT,GACzB,uBAAAc,CACJ,CAAC,EACDV,EAAOX,CAAiB,EAAID,EAAY,WACxCK,EAAW,KAAKO,CAAM,CAC1B,CACA,GAAIT,EAAO,MAAQ,QAAaA,EAAO,IAAI,WAAa,GAAM,CAE1D,IAAMwB,KAAW,gBAAY,CACzB,cAAexB,EAAO,IAAI,UAC1B,OAAQA,EAAO,IAAI,OACnB,SAAUA,EAAO,IAAI,QACzB,CAAC,EACKyB,EAAU,MAAOC,GAAgC,CACnD,GAAI,CACA,GAAM,CAAC,QAAAC,CAAO,EAAI,MAAMH,EAASE,CAAK,EACtC,MAAO,CACH,QAASC,EAAQ,IACjB,iBAAiBC,EAAmC,CAChD,OAAOD,EAAQC,CAAK,CACxB,CACJ,CACJ,OAASC,EAAG,CACR,MAAIA,aAAa,kBACP,IAAIC,GAAYD,EAAE,QAAS,CAAC,MAAOA,CAAC,CAAC,EAEzC,IAAIE,EAAS,kDAAmD,CAAC,MAAOF,CAAC,CAAC,CACpF,CACJ,EAGMG,EAA0BC,GAAyC,CAAC,kBAAmB,EAAI,CAAC,EAC5FC,EAA2D,MAAOC,GAAa,CACjF,GAAI,CAEA,OADU,MAAMH,EAAwBG,CAAQ,IACtC,OACCC,EAEJC,EAAM,CACjB,MACU,CACN,OAAOD,CACX,CACJ,EAEME,EAAaC,GAA0C,CAAC,CAAC,EAE/D,KAAKlC,GAAoB,KAAK,CAAC6B,EAAgCI,CAAU,CAAC,EAE1E,IAAM7B,EAAS+B,GAAe,CAC1B,QAASvC,EAAQ,QACjB,WAAYqC,EACZ,UAAWN,EACX,IAAK,CAAC,QAAAP,CAAO,CAAC,CAAC,EACnBhB,EAAOX,CAAiB,EAAID,EAAY,eACxCK,EAAW,KAAKO,CAAM,CAE1B,CACA,IAAMgC,EAAYC,GAAe,CAAC,QAASzC,EAAQ,OAAO,CAAC,EAK3D,GAJAC,EAAW,KAAKuC,CAAS,EACzBA,EAAU3C,CAAiB,EAAID,EAAY,qCAGvCG,EAAO,YAAc,OAAW,CAChC,IAAM2C,EAAUC,GAAY,CAAC,yBAA0B,KAAK,wBAAwB,CAAC,EACrFD,EAAQ7C,CAAiB,EAAID,EAAY,kBACzCK,EAAW,KAAKyC,CAAO,EAuCvB,IAAM7B,GAtC6B+B,GAA+C,CAC9E,IAAMC,EAEE,CAAC,EACLC,EAAwB,GAC5B,OAAW,CAACC,EAASC,CAAM,IAAKJ,GAAa,CAAC,EAAG,CAC7C,IAAIK,EACJ,GAAIF,IAAY,eACZD,EAAwB,GACxBG,EAAgBC,OACb,IAAIJ,EACP,MAAM,IAAI,MAAM,6DAA6D,EAE7EG,EAAgBF,EAEpB,IAAIlC,EACJ,GAAImC,EAAO,SAAW,YAClBnC,EAAU,IAAIsC,EAA4B,SAAY,IAAIC,EAAsB,EAAI,CAAC,EACrFvC,EAAQ,SAAW,IAAM,0CAClBmC,EAAO,SAAW,SACzBnC,EAAU,IAAIsC,EAA4B,SAAY,IAAIC,EAAsB,EAAK,CAAC,EACtFvC,EAAQ,SAAW,IAAM,uCAClBmC,EAAO,SAAW,gBACzBnC,EAAU,IAAIsC,EAA4B,MAAOE,GAA2C,CACxF,IAAMC,EAAiB,MAAMD,EAC7B,OAAIC,IAAmB,OACZ,IAAIF,EAAsBE,EAAe,aAAa,EAE1D,IAAIF,EAAsB,EAAK,CAC1C,CAAC,EACDvC,EAAQ,SAAW,IAAM,0CAEzB,OAAM,IAAI,MAAM,wBAAwB,KAAK,UAAUmC,CAAM,CAAC,EAAE,EAEpEH,EAAS,KAAK,CAACI,EAAepC,CAAO,CAAC,CAC1C,CACA,OAAO0C,GAA+B,CAAC,SAAAV,CAAQ,CAAC,CACpD,GAC0C9C,EAAO,SAAS,EACpDS,EAASgD,GAAoB,CAAC,QAAA3C,EAAS,QAASb,EAAQ,OAAO,CAAC,EACtEQ,EAAOX,CAAiB,EAAID,EAAY,cACxCK,EAAW,KAAKO,CAAM,CAE1B,CAEAP,EAAW,KAAK,CAAC,EAAGwD,IAAM,CACtB,IAAMC,EAAS,EAAE7D,CAAiB,GAAKD,EAAY,KAC7C+D,EAASF,EAAE5D,CAAiB,GAAKD,EAAY,KACnD,OAAO8D,EAASC,CACpB,CAAC,CACL,CACJ,CAIA,OADiB,IAAIzD,EAAmB,EAC/B,MAAM,EAGRD,CACX,EK5PO,SAAS2D,GAAqBC,EAA0C,CAC3E,IAAMC,EAA6C,CAAC,EAC9CC,EAAmC,CAAC,OAAQF,EAAQ,YAAY,OAAS,OAAS,gBAAkB,WAAW,EAErH,OAAW,CAACG,EAAMC,CAAK,IAAKJ,EAAQ,QAAS,CACzC,IAAMK,EAAOD,EAAM,WAAaF,EAC5BI,EAAoCC,EAAQJ,EAAM,CAAC,OAAQ,KAAK,CAAC,EACrEG,EAAUE,EAAI,CAACC,EAAgBH,CAAO,CAAC,EACvCL,EAAU,KAAK,CAACK,EAASD,CAAI,CAAC,CAClC,CACA,OAAAJ,EAAU,KAAK,CAACM,EAAQ,IAAK,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EACrEN,EAAU,KAAK,CAACM,EAAQ,eAAgB,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EAChFN,EAAU,KAAK,CAACM,EAAQ,UAAW,CAAC,OAAQ,KAAK,CAAC,EAAG,CAAC,OAAQ,WAAW,CAAC,CAAC,EACvEP,EAAQ,UAAU,OAAS,GAC3BC,EAAU,KAAK,GAAGD,EAAQ,SAAS,EAGvCC,EAAU,KAAK,CAAC,eAAgBC,CAAa,CAAC,EACvC,CACH,UAAAD,EACA,KAAM,CACF,SAAUD,EAAQ,aAAe,EACrC,EACA,MAAO,CACH,SAAUA,EAAQ,YAAY,OAAS,QACvC,GAAGA,EAAQ,YAAY,KAC3B,EACA,IAAK,CACD,SAAUA,EAAQ,YAAY,OAAS,SACvC,GAAGA,EAAQ,YAAY,QAAQ,GACnC,CACJ,CACJ,CAEA,eAAsBU,GAAaV,EAA2C,CAC1E,IAAMW,EAAqCC,GAAuBZ,CAAO,EACnEa,EAASd,GAAqBC,CAAO,EACrC,CAAC,QAAAc,CAAO,EAAId,EAClB,OAAOe,GAASF,EAAQ,CAAC,QAAAC,EAAS,iBAAAH,CAAgB,CAAC,CACvD,CC7CA,IAAAK,GAAkC,4BAW3B,IAAMC,GAAN,cAAwCC,CAA4B,CAE3E,EAEMC,GAAN,KAAqB,CAERC,GACTC,GAAwC,GAC/BC,GACTC,GAEA,YAAYC,EAAgBC,EAAsB,CAC9C,KAAKL,GAAUI,EACf,KAAKF,GAAYG,CACrB,CAEU,eAAeC,EAA4BC,EAAiD,CAGlG,OADiB,IAAIC,GAAmBF,EAASC,CAAQ,CAE7D,CAEA,IAAI,QAAQE,EAA6D,CACrE,KAAKN,GAAWM,CACpB,CAEA,IAAI,4BAA4BC,EAAgB,CAC5C,KAAKT,GAA+BS,CACxC,CAEA,cAAcC,EAA8B,CACxC,IAAIC,EAAS,IAEb,QAAWC,KAAOF,EAAQ,KAAK,EAC3B,GAAK,KAAKV,GAGH,CACH,IAAMS,EAAQC,EAAQ,IAAIE,CAAG,EAC7BD,GAAU,IAAIC,CAAG,OAAOH,CAAK,KACjC,KANwC,CACpCE,GAAU,WACV,KACJ,CAKJ,OAAIA,EAAO,SAAS,IAAI,IACpBA,EAASA,EAAO,MAAM,EAAG,EAAE,GAE/BA,GAAU,IACHA,CAEX,CAEA,cAAcN,EAAoC,CAC9C,IAAMQ,EAAQR,EAAQ,IAAI,OAC1B,MAAO,QAAQA,EAAQ,MAAM,KAAKA,EAAQ,IAAI,GAAGQ,CAAK,EAC1D,CAEA,WAAWC,EAA6B,CACpC,GAAI,KAAKf,GAAQ,WAAW,OAAO,EAAG,CAClC,IAAMgB,EAAQ,KAAKhB,GAAQ,WAAW,OAAO,EAC7C,KAAKA,GAAQ,MAAM,GAAGe,EAAS,SAAS,GAAG,KAAK,cAAcA,EAAS,OAAO,CAAC,GAAGC,EAAQ,cAAc,KAAK,cAAcD,EAAS,QAAQ,OAAO,CAAC,GAAK,EAAE,GAAG,CAElK,CACJ,CAEA,YAAYA,EAA6B,CACrC,GAAI,KAAKf,GAAQ,WAAW,OAAO,EAAG,CAClC,IAAMgB,EAAQ,KAAKhB,GAAQ,WAAW,OAAO,EACvCiB,EAASF,EAAS,SAAS,WACjC,KAAKf,GAAQ,MAAM,GAAGe,EAAS,SAAS,aAAaE,GAAU,QAAQ,GAAGD,EAAQ,cAAc,KAAK,cAAcD,EAAS,SAAS,OAAO,CAAC,GAAK,EAAE,GAAG,CAC3J,CACJ,CAEA,sBAAsBA,EAA6BG,EAAc,CAC7D,GAAM,CAAC,QAAAZ,EAAS,SAAAC,EAAU,UAAAY,CAAS,EAAIJ,EAEvC,GAAIR,EAAS,cAAca,EAAW,qBAAqB,EAAG,CAC1D,KAAKpB,GAAQ,MAAM,GAAGmB,CAAS,wBAAwB,KAAK,cAAcb,CAAO,CAAC,GAAIY,CAAK,EAC3F,MACJ,CAGA,WAAKlB,GAAQ,MAAM,GAAGmB,CAAS,UAAUD,EAAM,OAAO,QAAQ,KAAK,cAAcZ,CAAO,CAAC,wBAAwBC,EAAS,UAAU,IAAKW,CAAK,EACxIA,CAEV,CAEA,MAAM,IAAIH,EAA4C,CAClD,OAAO,MAAM,KAAKb,GAAUa,CAAQ,CACxC,CAEA,MAAM,KAAKT,EAA4BC,EAA6C,CAEhF,IAAMQ,EAAW,KAAK,eAAeT,EAASC,CAAQ,EAChDc,EAAW,KACb,KAAK,WAAWN,CAAQ,EACjB,KAAK,IAAIA,CAAQ,EACnB,KAAK,IAAM,CACR,KAAK,YAAYA,CAAQ,CAC7B,CAAC,EACA,MAAOG,GAAiB,CACrB,KAAK,sBAAsBH,EAAUG,CAAK,CAC9C,CAAC,EACA,KAAK,SAAY,CACd,MAAMH,EAAS,SAAS,IAAI,CAChC,CAAC,GAGT,MAAM,IAAI,QAAc,CAACO,EAASC,IAAW,CACrC,KAAKpB,KAAa,OAClB,KAAKA,GAAS,IAAI,CAAC,SAAAY,CAAQ,EAAG,IAAM,CAChCM,EAAS,EAAE,KAAK,IAAMC,EAAQ,CAAC,EAAE,MAAOJ,GAAUK,EAAOL,CAAK,CAAC,CACnE,CAAC,EAEDG,EAAS,EAAE,KAAK,IAAMC,EAAQ,CAAC,EAAE,MAAOJ,GAAUK,EAAOL,CAAK,CAAC,CAEvE,CAAC,CACL,CACJ,EAEaM,GAAN,KAA4B,CACtBC,GACTtB,GAAgE,IAAI,qBACpEuB,GAEA,QAAQjB,EAAmE,CACvE,YAAKN,GAAWM,EACT,IACX,CAEA,qBAAqBkB,EAAwD,CACzE,GAAI,KAAKD,KAAsB,OAC3B,KAAKA,GAAoBC,MACtB,CACH,IAAMC,EAAoB,KAAKF,GAC/B,KAAKA,GAAqBG,IACtBA,EAAUD,EAAkBC,CAAO,EAC5BF,EAAUE,CAAO,EAEhC,CACA,OAAO,IACX,CAEA,YAAYC,EAAwB,CAChC,KAAKL,GAAcK,CACvB,CAEA,OAAqB,CACjB,IAAM1B,EAAS2B,EAAU,MAAM,EAEzBC,EAAU,IAAIjC,GAAeK,EAAQ,KAAKqB,EAAW,EACvD,KAAKtB,KAAa,SAAW6B,EAAQ,QAAU,KAAK7B,IACxD6B,EAAQ,4BAA8B,GACtC,IAAMC,EAAuB,MAAO3B,EAASC,IAAayB,EAAQ,KAAK1B,EAASC,CAAQ,EAGxF,OAAO,KAAKmB,GAAoB,KAAKA,GAAkBO,CAAO,EAAIA,CACtE,CACJ,ECxKA,IAAAC,GAAgC,cCUzB,SAASC,GAAoBC,EAAkCC,EAA2C,CAC7G,IAAMC,EAAWF,GAAK,SAChBG,EAAUD,GAAU,SAAW,IAAIE,EAAkBJ,CAAG,EACxDK,EAA2BH,GAAU,UACrCI,EAAYD,EAA2BA,EAAyB,KAAKH,CAAQ,EAAI,gBAAyE,CAAoB,EAC9KK,EAAMJ,EAAQ,IACdK,EAAU,IAAIC,EACpB,QAAWC,KAAOP,EAAQ,QAAQ,KAAK,EACnCK,EAAQ,IAAIE,EAAKP,EAAQ,QAAQ,KAAKO,CAAG,CAAC,EAE9C,IAAMC,EAAUR,EAAQ,QAClBS,EAAYV,GAAU,WAAa,IAAIC,EAAQ,EAAE,KACjDU,EAAgBV,EAAQ,cAU9B,MAT0C,CACtC,IAAAI,EACA,QAAAC,EACA,QAAAG,EACA,UAAAL,EACA,SAAAL,EACA,cAAAY,EACA,UAAAD,CACJ,CAEJ,CAEO,SAASE,GAAWC,EAA4D,CA6CnF,MAAO,CA3CS,MAAOb,EAA6Bc,IAA8B,CAE9E,IAAMC,EADUf,EAAS,QACJ,MAAQ,IAEvBgB,EAASH,EAAQ,QACjBI,EAASD,EAAO,IAAID,CAAI,GAAK,MAAM,KAAKC,EAAO,OAAO,CAAC,EAAE,KAAKC,GAAS,CACzE,GAAIF,IAAS,KAAOE,EAAM,UAAY,GAClC,MAAO,EAEf,CAAC,EAED,GAAIA,IAAU,OAAW,CACrB,GAAM,CAAC,QAAAhB,EAAS,SAAAiB,CAAQ,EAAIlB,EACtBmB,EAAqB,MAAMC,EAAepB,CAAQ,EACxD,IAAKC,EAAQ,SAAW,OAASA,EAAQ,SAAW,YAAckB,EAAmB,MACjF,GAAIF,EAAM,kBAAoB,OAAW,CACrCA,EAAM,gBAAgBjB,CAAQ,EAC9B,MACJ,KAEI,OAAM,IAAI,MAAM,4CAA4Ce,CAAI,EAAE,MAGnE,CACH,GAAIE,EAAM,QAAS,CAEf,MAAMH,EAAK,EACX,MACJ,CAEAI,EAAS,cAAcG,EAAW,gBAAgB,EAClDH,EAAS,QACJ,IAAI,UAAW,WAAW,EAC1B,IAAI,aAAc,SAAS,EAC3B,IAAI,eAAgB,YAAY,EAErC,IAAMI,EAAS,OAAO,KAAK,iBAAiBrB,EAAQ,IAAI,4CAA6C,OAAO,EAC5G,MAAMiB,EAAS,KAAKI,CAAM,CAC9B,CACJ,MACI,MAAMR,EAAK,CAEnB,CACe,CACnB,CChFA,IAAAS,GAA0B,cAGbC,GAAN,cAAgC,YAAU,CAC7C,YAAYC,EAAiBC,EAAmBC,EAAmB,CAE/D,MAAM,KAAwB,OAAWA,CAAc,CAC3D,CAEA,SACJ,EAIaC,GAAN,MAAMC,CAAY,CACrB,MAAgBC,GAAgB,OAAO,MAAM,CAAC,EAC9C,MAAOC,GAA2C,CAAC,EAAG,OAAO,MAAM,CAAC,CAAC,EAE5DC,GACAC,GACAC,GACAC,GAAQ,GACRC,GAET,YAAYC,EAAgBC,EAAkDC,EAA4B,CACtG,KAAKH,GAAUC,EACf,KAAKJ,GAAgB,OAAOM,GAAS,SAAWA,EAAOA,GAAM,SAC7D,KAAKP,GACD,OAAOO,GAAS,UAAYA,GAAM,OAAS,YACrC,IAAMV,EAAYW,GAA2B,KAAK,IAAI,CAAC,EACvD,IAAMX,EAAYC,GAExB,KAAKG,KACL,KAAKC,GAAkB,YAAY,IAAM,CACrC,GAAM,CAACO,EAAMC,CAAO,EAAIJ,EAAS,EACjC,QAAWK,KAAUD,EACb,KAAKE,GAAyBD,EAAQF,CAAI,GAG9C,KAAKI,GAAiBF,EAAQF,CAAI,CAE1C,EAAG,KAAKR,EAAa,EAG7B,CAEAW,GAAyBD,EAA2BF,EAAc,CAC9D,OAAIE,EAAO,YAAc,IACjB,KAAKP,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,0CAA0CK,CAAI,GAAG,EAExEE,EAAO,UAAU,EACV,IAEJ,EACX,CAEAE,GAAiBF,EAA2BF,EAAc,CACtDE,EAAO,UAAY,GACnB,IAAMG,EAAO,KAAKd,GAAU,EACxB,KAAKI,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,yBAAyBK,CAAI,GAAG,EAEvDE,EAAO,KAAKG,EAAM,KAAKX,GAAQY,GAAe,CACtCA,GAAO,KAAKX,GAAQ,WAAW,MAAM,GACrC,KAAKA,GAAQ,KAAK,gCAAgCK,CAAI,IAAKM,CAAG,CAEtE,CAAC,CACL,CAEA,MAAOP,GAA2BQ,EAAM,KAAK,IAAI,EAAW,CACxD,GAAIA,EAAMnB,EAAYE,GAAuB,CAAC,EAAI,EAAG,CACjD,IAAMkB,EAAS,OAAO,YAAY,CAAC,EACnCA,EAAO,gBAAgB,OAAOD,CAAG,EAAG,CAAC,EACrCnB,EAAYE,GAAyB,CAACiB,EAAKC,CAAM,CACrD,CACA,OAAOpB,EAAYE,GAAuB,CAAC,CAC/C,CAEA,MAAOmB,GAA2BJ,EAAsB,CACpD,OAAIA,EAAK,SAAW,EACT,OAAOA,EAAK,eAAe,CAAC,CAAC,EAEjC,CACX,CAEA,OAAQ,CACJ,cAAc,KAAKZ,EAAe,CACtC,CAEA,WAAWiB,EAAmCC,EAA2BN,EAAoB,CACzFM,EAAO,UAAY,GACnBA,EAAO,KAAKN,EAAM,GAAQC,GAAe,CACjCA,GAAO,KAAKX,GAAQ,WAAW,MAAM,GACrC,KAAKA,GAAQ,KAAK,GAAGe,EAAU,SAAS,4BAA4BE,EAAeF,EAAU,aAAa,CAAC,GAAIJ,CAAG,CAE1H,CAAC,CACL,CAEA,WAAWI,EAAmCC,EAA2BN,EAAoB,CAEzF,GADAM,EAAO,UAAY,GACf,KAAKhB,GAAQ,WAAW,MAAM,EAAG,CACjC,IAAMkB,EAAOzB,EAAYqB,GAA2BJ,CAAI,EACxD,GAAIQ,EAAO,EAAG,CACV,IAAMC,EAAU,KAAK,IAAI,EAAID,EACzB,KAAKlB,GAAQ,WAAW,OAAO,GAC/B,KAAKA,GAAQ,MAAM,GAAGe,EAAU,SAAS,aAAaE,EAAeF,EAAU,aAAa,CAAC,uBAAuBI,CAAO,IAAI,EAE/H,KAAKtB,IAAiBsB,EAAU,KAAKtB,GAAgB,GAAK,KAAKG,GAAQ,WAAW,MAAM,GACxF,KAAKA,GAAQ,KAAK,GAAGe,EAAU,SAAS,aAAaE,EAAeF,EAAU,aAAa,CAAC,4BAA4BI,CAAO,IAAI,CAE3I,CACJ,CACJ,CACJ,EFrGA,IAAMC,EAASC,EAAU,IAAI,EAE7B,SAASC,GAAgBC,EAAcC,EAAoBC,EAAsBC,EAAqC,CAClH,OAAQC,GAAgC,CAEpC,GAAM,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EAAIF,EACzBG,EAAMC,GAA2B,iBAA8CF,CAAO,EAC5FC,EAAI,SAAWH,EACf,GAAM,CAAE,OAAAK,EAAQ,YAAAC,CAAY,EAAIH,EAE1BI,EAAOL,EAAQ,KAErB,GADAG,EAAO,eAAe,QAASN,CAAa,EACxCF,EAAM,iBAAmB,QAAaC,EAAI,SAAS,MAAQD,EAAM,eAAgB,CACjFJ,EAAO,KAAK,GAAGQ,CAAS,qCAAqCM,CAAI,GAAGX,CAAI,6BAA6B,EACrGS,EAAO,QAAQ,EACf,MACJ,CAEA,IAAMG,EAASN,EAAQ,QAAQ,IAAI,QAAQ,EAC3C,GAAI,CAACO,GAAcD,EAAQX,EAAM,aAAa,EAAG,CACzCJ,EAAO,WAAW,MAAM,GACxBA,EAAO,KAAK,GAAGQ,CAAS,qCAAqCM,CAAI,GAAGX,CAAI,YAAYY,GAAU,WAAW,EAAE,EAE/GH,EAAO,QAAQ,EACf,MACJ,CACIZ,EAAO,WAAW,OAAO,GACzBA,EAAO,MAAM,GAAGQ,CAAS,yCAAyCM,CAAI,GAAGX,CAAI,EAAE,EAGnFE,EAAI,cAAcK,EAAKE,EAAQC,EAAc,CAACI,EAAQP,IAAQ,CAC1DL,EAAI,KAAK,aAAcY,EAAQP,CAAG,CACtC,CAAC,CACL,CACJ,CAEA,SAASQ,GAAsBC,EAAmBC,EAA8B,CAC5E,IAAMC,EAAO,IAAI,IACjBF,EAAQ,QAAQ,CAACG,EAAQC,IAAU,CAC/B,GAAIA,IAAU,GAAKD,EAAO,WAAW,eAAe,EAAG,CACnDF,EAAS,cAAcI,EAAW,mBAAmB,EACrD,MACJ,CACA,GAAM,CAACC,EAAMC,CAAK,EAAIJ,EAAO,MAAM,IAAI,EACnCF,EAAS,QAAQ,IAAIK,CAAI,EACzBN,EAAQI,CAAK,EAAI,GAAGE,CAAI,KAAKL,EAAS,QAAQ,IAAIK,CAAI,CAAC,GAGvDL,EAAS,QAAQ,IAAIK,EAAMC,CAAK,EAEpCL,EAAK,IAAII,EAAK,YAAY,CAAC,CAC/B,CAAC,EACD,IAAME,EAAiBC,EAA4B,kBAA8CR,CAAQ,EACzG,QAAWK,KAAQE,EAAe,kBAAkB,EAAG,CAEnD,IAAME,EAAgBJ,EAAK,YAAY,EACvC,GAAI,CAACJ,EAAK,IAAIQ,CAAa,EAAG,CAC1B,IAAMH,EAAQN,EAAS,QAAQ,IAAIS,CAAa,EAC5CH,IAAU,QACVP,EAAQ,KAAK,GAAGM,CAAI,KAAKC,CAAK,EAAE,CAExC,CACJ,CACAC,EAAe,gBAAgB,CACnC,CAEA,eAAsBG,GAAU3B,EACAC,EACA2B,EACAC,EACA1B,EAAoD,CAChF,GAAI,CACAN,EAAO,KAAK,2BAA2BG,CAAI,uBAAuBC,EAAM,gBAAkB,aAAa,qBAAqBA,EAAM,cAAgB,KAAK,UAAUA,EAAM,cAAe6B,EAAkB,EAAI,QAAQ,WAAW,OAAO7B,EAAM,MAAS,SAAWA,EAAM,KAAO,KAAOA,EAAM,KAAO,KAAK,UAAUA,EAAM,IAAI,EAAI,QAAQ,EAAE,EACxU,IAAMC,EAAM,IAAI,mBAA8E,CAC1F,SAAU,GACV,UAAW6B,GACX,SAAU,EACd,CAAC,EAEKC,EAAQ,IAAIC,GAAYpC,EAAO,MAAM,OAAO,EAAG,IAAM,CAACG,EAAME,EAAI,OAAO,EAAGD,EAAM,IAAI,EAEpFiC,EAAU,MAAMjC,EAAM,QAAQ,CAAE,SAAA2B,EAAU,QAAAC,CAAQ,CAAC,EACzD3B,EACK,GAAG,QAAUiC,GAAe,CACzBtC,EAAO,MAAM,qCAAqCG,CAAI,IAAKmC,CAAG,CAClE,CAAC,EACA,GAAG,YAAa,IAAM,CACnBtC,EAAO,KAAK,kBAAkBG,CAAI,gBAAgB,CACtD,CAAC,EACA,GAAG,UAAW,CAACgB,EAASV,IAAY,CACjC,GAAIA,EAAQ,WAAa,OAAW,CAChC,GAAM,CAAE,SAAAW,CAAS,EAAIX,EAAQ,SAC7BS,GAAsBC,EAASC,CAAQ,CAC3C,CACJ,CAAC,EACA,GAAG,aAAc,CAACR,EAAQH,IAAY,CAEnC,IAAM8B,EAAYC,GAAoB/B,EAASG,EAAO,QAAQ,EAE9DA,EAAO,GAAG,OAAS6B,GAAS,CACxBN,EAAM,WAAWI,EAAW3B,EAAQ6B,CAAI,CAC5C,CAAC,EACD7B,EAAO,GAAG,OAAS6B,GAAiB,CAChCN,EAAM,WAAWI,EAAW3B,EAAQ6B,CAAI,CAC5C,CAAC,EACDJ,EAAQ,CAAE,OAAAzB,EAAQ,UAAA2B,CAAU,CAAC,CACjC,CAAC,EACLlC,EAAI,GAAG,QAAS,IAAM,CAClB8B,EAAM,MAAM,CAChB,CAAC,EAED/B,EAAM,gBAAkBF,GAAgBC,EAAMC,EAAOC,EAAKC,CAAa,EACvEF,EAAM,MAAQ,SAAY,CACtB,MAAMiC,EAAQ,OAAO,KAAKA,CAAO,EACjCrC,EAAO,KAAK,2BAA2BG,CAAI,eAAeE,EAAI,SAAS,MAAQ,CAAC,EAAE,EAClFA,EAAI,SAAS,QAAQY,GAAU,CAC3BA,EAAO,UAAU,CACrB,CAAC,EACDZ,EAAI,MAAM,CACd,CACJ,OACOqC,EAAG,CACN1C,EAAO,KAAK,wBAAwBG,CAAI,GAAIuC,CAAC,CACjD,CAEJ,CtChHA,IAAMC,EAASC,EAAU,KAAK,EAE9B,SAASC,GAAqBC,EAAoD,CAC9E,IAAMC,EAAgC,CAAC,EACvC,OAAID,EAAI,MAAKC,EAAQ,OAAM,iBAAaD,EAAI,GAAG,GAC3CA,EAAI,OAAMC,EAAQ,QAAO,iBAAaD,EAAI,IAAI,GAC9CA,EAAI,KAAIC,EAAQ,MAAK,iBAAaD,EAAI,EAAE,GACrCC,CACX,CASA,eAAeC,GAAeC,EACAC,EAA+D,CAEzF,IAAMC,EAAcF,EAAQ,MAAM,EAClC,MAAO,OAAOG,EAAkCC,IAA2E,CACvHD,EAAI,OAAO,YAAY,QAASF,CAAa,EAC7C,IAAII,EACAD,aAA4BE,EAC5BD,EAAMD,GAGND,EAAI,YAAcC,EAClBC,EAAM,IAAIC,EAA2BH,CAAG,EACxCE,EAAI,aAAaF,EAAI,MAAM,GAE/B,IAAMI,EAAU,IAAIC,EAAkBL,CAAG,EACnCM,EAAW,IAAIC,GAAmBL,CAAG,EACrCM,EAAwCJ,EAAQ,SAAW,OAAS,IAAIK,GAA0BH,CAAQ,EAAIA,EAEpH,MAAMP,EAAYK,EAASI,CAAiB,CAEhD,CACJ,CAEA,SAASE,GAAaC,EAAyD,CAC3E,OAAO,IAAI,QAAW,CAACC,EAASC,IAAW,CACvC,IAAMC,EAAIH,EAAII,GAAgB,CACtBA,EACAF,EAAOE,CAAG,EAEVH,EAAQE,CAAC,CAEjB,CAAC,CACL,CAAC,CACL,CAEA,SAASE,GAAcC,EAA+C,CAClE,GAAIA,EACA,OAAkBC,GAAM,CACpB,YAAaD,EAAO,aACpB,aAAcA,EAAO,cACrB,WAAYA,EAAO,YACnB,eAAgBA,EAAO,gBACvB,WAAYA,EAAO,WACvB,CAAC,CAET,CAEA,eAAeE,GAAYC,EAAsB,CAC7C,IAAMC,EAAUD,EAAQ,QAClBE,EAAW,MAAMC,GAAaH,CAAO,EAErCI,EAAUC,GAAWL,CAAO,EAC5BM,EAAUC,GACZC,GAAaR,EAAQ,YAAY,EACjC,GAAGE,EACH,GAAGE,EACH,GAAGJ,EAAQ,WAEX,MAAO,CAAC,QAAAhB,EAAS,SAAAE,CAAQ,EAAGuB,IAAS,CACjC,GAAIzB,EAAQ,SAAW,OAASA,EAAQ,OAAS,UAAW,CACxDE,EAAS,cAAcwB,EAAW,EAAE,EACpC,IAAMC,EAAS,OAAO,KAAK,KAAM,OAAO,EACxCzB,EAAS,QAAQ,IAAI,eAAgB,2BAA2B,EAChE,MAAMA,EAAS,KAAKyB,CAAM,CAC9B,MACI,MAAMF,EAAK,CAEnB,EAEA,MAAO,CAAC,QAAAzB,EAAS,SAAAE,CAAQ,EAAGuB,IAAS,CACjC,GAAIzB,EAAQ,SAAW,OAASA,EAAQ,OAAS,IAAK,CAClDE,EAAS,cAAcwB,EAAW,EAAE,EACpC,IAAMC,EAAS,OAAO,KAAK,oBAAqB,OAAO,EACvDzB,EAAS,QAAQ,IAAI,eAAgB,2BAA2B,EAChE,MAAMA,EAAS,KAAKyB,CAAM,CAC9B,MACI,MAAMF,EAAK,CAEnB,EAEA,MAAO,CAAC,SAAAvB,CAAQ,EAAG0B,IAAU,CACzB1B,EAAS,cAAcwB,EAAW,SAAS,EAC3C,MAAMxB,EAAS,IAAI,CACvB,CACJ,EAEA,OAAO,IAAI2B,GAAsBP,CAAO,EAAE,QAAQL,CAAO,CAC7D,CAEO,IAAMa,GAAU,MAAOvC,GAAuE,CACjG,IAAMD,EAAMC,EAAQ,IACdwC,EAAezC,EACf,CAACC,EAAwB+B,IAA6B,GAAAU,QAAM,aAAa,CAAC,GAAGzC,EAAS,GAAGF,GAAqBC,CAAG,CAAC,EAAGgC,CAAO,EAC5H,CAAC/B,EAAwB+B,IAA6B,GAAAW,QAAK,aAAa1C,EAAS+B,CAAO,EACxFY,EAAUtB,GAAcrB,EAAQ,MAAM,EACtCyB,EAAuB,CACzB,WAAY,CAAC,EACb,WAAYzB,EAAQ,KACpB,KAAM,CAAC,EACP,WAAYA,EAAQ,KACpB,UAAW,CAAC,EACZ,QAAS,IAAI,qBACb,QAAS,IAAI,GACjB,EACM4C,EAAK,aAAU,QAAQ,CAAC,GAAG5C,EAAQ,OAAO,CAAC,EACjD,GAAIA,EAAQ,QAAS,CACjB,IAAMsB,EAAStB,EAAQ,QAEvB,MAAM6C,GAAU,MAAOC,GAAiC,CACpDA,EAAW,OAAO,CAAC,KAAMxB,EAAO,MAAO,QAASyB,GAAU,KAAKH,CAAE,EAAG,QAAStB,CAAM,CAAC,CACxF,EAAGtB,EAASyB,CAAO,CAEvB,CACIzB,EAAQ,KACR,MAAM6C,GAAU7C,EAAQ,IAAKA,EAASyB,CAAO,EAGjD,IAAMuB,EAAQC,GAAUjD,EAAQ,MAAQ,CAAC,EACnCkD,EAAOlD,EAAQ,KACfG,EAAiBiB,GAAexB,EAAO,MAAM,iBAAiBwB,CAAG,GAAIA,CAAG,EACxElB,EAAU,MAAMsB,GAAYC,CAAO,EAEnC0B,EAAW,MAAMlD,GAAeC,EAASC,CAAa,EA0DtDiD,EAAS,MAxDC,IAAI,QAA4F,CAACnC,EAASC,IAAW,CAEjI,IAAMkC,EAASZ,EAAa,CACxB,gBAAiBa,GACjB,eAAgB7C,EAChB,GAAGR,EAAQ,IACf,EAAGmD,CAAQ,EAEXC,EAAO,GAAG,QAAUE,GAAa,CAC7B,GAAIA,EAAE,OAAY,aAAc,CAC5B1D,EAAO,MAAM,QAAQ0D,EAAE,IAAO,8BAA8BA,EAAE,OAAU,EAAE,EAC1E,GAAM,CAAC,MAAOC,CAAI,EAAIP,EAAM,KAAK,EAC7BO,GACA3D,EAAO,KAAK,iCAAiC2D,CAAI,aAAaL,GAAQ,eAAe,EAAE,EACvFE,EAAO,MAAM,EACbA,EAAO,OAAOG,EAAML,CAAI,IAExBtD,EAAO,KAAK,0BAA0BI,EAAQ,IAAI,yBAAyB,EAC3EoD,EAAO,MAAM,EACblC,EAAOoC,CAAC,EAEhB,MACI1D,EAAO,MAAM,iBAAiB0D,EAAE,OAAO,GAAIA,CAAC,EAC5CpC,EAAOoC,CAAC,CAEhB,CAAC,EACDF,EACK,GAAG,YAAa,SAAY,CACzB,IAAMI,EAAOJ,EAAO,QAAQ,EAE5B,OAAW,CAACK,EAAMC,CAAK,IAAKjC,EAAQ,QAAS,CACzC,IAAMkC,EAAW,GAAG5D,EAAM,MAAQ,IAAI,MAAM6D,EAAO,IAAIJ,EAAK,IAAI,GAAGC,CAAI,GACvE,MAAMI,GAAUJ,EAAMC,EAAOC,EAAUlC,EAAQ,QAAStB,CAAa,CACzE,CACAP,EAAO,KAAK,4BAA4B4D,EAAK,OAAO,IAAIA,EAAK,IAAI,EAAE,EACnEvC,EAAQmC,CAAM,CAClB,CAAC,EACLA,EACK,GAAG,UAAW,CAAC/C,EAAkCyD,EAAiBC,IAAkC,CACjG,GAAI,CACAZ,EAAS9C,EAAK0D,CAAI,CACtB,OAAS3C,EAAK,CACVxB,EAAO,MAAM,kBAAkBwB,CAAG,GAAIA,CAAG,CAC7C,CACJ,CAAC,EACA,GAAG,QAAS,SAAY,CACrBxB,EAAO,KAAK,qBAAqB,CACrC,CAAC,EACL,GAAI,CACA,GAAM,CAAC,MAAO2D,CAAI,EAAIP,EAAM,KAAK,EACjCI,EAAO,OAAOG,EAAML,CAAI,CAC5B,OAASI,EAAG,CACR1D,EAAO,MAAM,mCAAoC0D,CAAC,EAClDpC,EAAOoC,aAAa,MAAQA,EAAI,IAAI,MAAM,kBAAkBA,CAAC,EAAE,CAAC,CACpE,CACJ,CAAC,EAED,OAAO,IAAI,KAAsC,CACpC,QAAUV,EAEnB,MAAM,OAAuB,CACzB,OAAW,CAACa,EAAMC,CAAK,IAAKjC,EAAQ,QAChC,GAAI,CACIiC,EAAM,QAAU,QAChB,MAAMA,EAAM,MAAM,CAE1B,OAASJ,EAAG,CACR1D,EAAO,KAAK,uBAAuB6D,CAAI,GAAIH,CAAC,CAChD,CAEJ,MAAMvC,GAAUiD,GAAM,CAClBZ,EAAO,oBAAoB,EAC3BA,EAAO,MAAMY,CAAE,CACnB,CAAC,EACGrB,GACA,MAAiBsB,GAAKtB,CAAO,EAE7BC,GACA,MAAMA,EAAG,KAAK,CAEtB,CACJ,CACJ,ED1PA,IAAOsB,GAAsBC",
6
+ "names": ["index_exports", "__export", "server_exports", "index_default", "__toCommonJS", "server_exports", "__export", "Factory", "import_node_http", "import_node_https", "import_node_fs", "import_node_async_hooks", "import_gateway", "import_node_os", "PORT_RANGE_MATCHER", "validPort", "port", "portRange", "trimmed", "matchResult", "start", "end", "localIp", "first", "a", "addresses", "details", "info", "acc", "addressAndPort", "address", "GatewayLogging", "getLogger", "name", "regexAwareReplacer", "_key", "value", "import_gateway", "import_node_async_hooks", "GatewayEncoders", "log", "getLogger", "codec", "principalName", "authentication", "name", "principal", "initClient", "socket", "authenticationPromise", "remoteAddress", "key", "addressAndPort", "host", "opts", "err", "reason", "data", "create", "environment", "handshake", "logPrefix", "principalPromise", "client", "contextFn", "_isBinary", "code", "core_default", "compose", "middleware", "fns", "fn", "ctx", "next", "dispatch", "i", "dispatchedCtx", "nextCalled", "nextResolved", "result", "nextCtx", "import_node_net", "import_tough_cookie", "parseHost", "headers", "defaultHost", "host", "port", "isForwardedSsl", "v", "parseProtocol", "defaultProtocol", "proto", "parseRemoteAddress", "url", "remoteAddress", "AbstractHttpMessage", "#headers", "AbstractHttpRequest", "_AbstractHttpRequest", "#id", "parseCookies", "AbstractHttpResponse", "parseResponseCookies", "responseCookie", "parseHeader", "value", "list", "start", "end", "i", "toList", "values", "s", "cs", "tc", "cookie", "parsed", "result", "AbstractHttpHeaders", "name", "MapHttpHeaders", "prev", "DefaultHttpStatusCode", "#value", "value", "HttpStatus", "_HttpStatus", "#VALUES", "key", "code", "status", "#phrase", "phrase", "httpStatusCode", "import_node_http", "ExtendedHttpIncomingMessage", "http", "ExtendedHttpServerResponse", "AbstractServerHttpRequest", "AbstractHttpRequest", "AbstractServerHttpResponse", "AbstractHttpResponse", "#cookies", "#statusCode", "#state", "#commitActions", "statusCode", "httpStatusCode", "cookie", "action", "state", "body", "buffer", "error", "writeAction", "allActions", "acc", "cur", "_error", "HttpServerRequest", "#url", "#req", "req", "IncomingMessageHeaders", "dh", "dp", "family", "address", "port", "remoteAddress", "chunks", "chunk", "text", "blob", "remoteIp", "AbstractHttpHeaders", "#msg", "msg", "name", "value", "OutgoingMessageHeaders", "v", "HttpServerResponse", "#res", "res", "status", "resolve", "reject", "e", "ServerHttpRequestDecorator", "_ServerHttpRequestDecorator", "#delegate", "request", "ServerHttpResponseDecorator", "_ServerHttpResponseDecorator", "response", "ServerWebExchangeDecorator", "_ServerWebExchangeDecorator", "exchange", "DefaultWebExchange", "#attributes", "#logId", "#logPrefix", "LOG_ID_ATTRIBUTE", "import_node_v8", "import_promises", "log", "getLogger", "DEFAULT_OPTIONS", "fetchStats", "dumpHeap", "opts", "prefix", "target", "fileExists", "_", "dumpFileName", "lastFileName", "e", "currentFileName", "nextFileName", "firstFileName", "path", "processStats", "stats", "state", "limit", "used", "start", "merged", "stopped", "report", "interval", "command", "run", "channel", "stop", "m", "import_package", "serverHeader", "server", "info", "response", "next", "server_header_default", "import_gateway", "log", "getLogger", "acceptsMissing", "originFilters", "tryMatch", "origin", "block", "allow", "acceptsNonMatched", "acceptsOrigin", "matchResult", "regexifyOriginFilters", "or", "matchers", "exchange", "matcher", "match", "NO_MATCH", "and", "m", "not", "anyExchange", "_exchange", "EMPTY_OBJECT", "variables", "pattern", "opts", "method", "request", "path", "mediaType", "shouldIgnore", "requestedMediaType", "ignoredMediaType", "requestMediaTypes", "upgradeMatcher", "import_gateway", "configure", "app", "config", "routes", "applyCors", "request", "options", "cors", "path", "configurer", "handlers", "handler", "matcher", "pattern", "middleware", "exchange", "next", "match", "variables", "sockets", "factory", "route", "regexifyOriginFilters", "import_gateway", "isSameOrigin", "request", "origin", "url", "actualProtocol", "actualHost", "originUrl", "originHost", "originProtocol", "isCorsRequest", "isPreFlightRequest", "VARY_HEADERS", "processRequest", "exchange", "config", "response", "responseHeaders", "varyHeaders", "header", "h", "logger", "rejectRequest", "preFlightRequest", "handleInternal", "DEFAULT_PERMIT_ALL", "DEFAULT_PERMIT_METHODS", "PERMIT_DEFAULT_CONFIG", "validateCorsConfig", "allowHeaders", "ALL", "allowOrigins", "validateAllowCredentials", "validateAllowPrivateNetwork", "trimTrailingSlash", "combine", "source", "other", "combined", "v", "combineCorsConfig", "corsFilter", "opts", "processor", "ctx", "next", "cors_default", "getLogger", "HttpStatus", "requestOrigin", "allowOrigin", "checkOrigin", "requestMethod", "getMethodToUse", "allowMethods", "checkMethods", "requestHeaders", "getHeadersToUse", "checkHeaders", "exposeHeaders", "DEFAULT_METHODS", "allowedOrigins", "originToCheck", "allowedOrigin", "allowedMethods", "allowedHeaders", "allowAnyHeader", "result", "requestHeader", "value", "allowedHeader", "isPreFlight", "headers", "matchingCorsConfigSource", "matcher", "import_gateway", "createCorsConfigSource", "context", "routes", "cors", "defaultCorsConfig", "combineCorsConfig", "PERMIT_DEFAULT_CONFIG", "validatedConfigs", "path", "route", "routeCorsConfig", "matcher", "config", "and", "upgradeMatcher", "pattern", "validateCorsConfig", "appConfigs", "m", "added", "entry", "matchingCorsConfigSource", "isAuthentication", "principal", "AuthenticationError", "value", "InsufficientAuthenticationError", "BadCredentialsError", "AccessDeniedError", "AuthorizationDecision", "granted", "DefaultAuthorizationManager", "#check", "check", "authentication", "object", "AuthenticationServiceError", "AuthenticationError", "staticServerHttpHeadersWriter", "headers", "exchange", "containsNoHeaders", "response", "name", "value", "cacheControlServerHttpHeadersWriter", "MapHttpHeaders", "contentTypeServerHttpHeadersWriter", "strictTransportSecurityServerHttpHeadersWriter", "maxAgeInSeconds", "includeSubDomains", "preload", "headerValue", "delegate", "isSecure", "frameOptionsServerHttpHeadersWriter", "mode", "xssProtectionServerHttpHeadersWriter", "permissionsPolicyServerHttpHeadersWriter", "policyDirectives", "contentSecurityPolicyServerHttpHeadersWriter", "reportOnly", "headerName", "refererPolicyServerHttpHeadersWriter", "policy", "crossOriginOpenerPolicyServerHttpHeadersWriter", "crossOriginEmbedderPolicyServerHttpHeadersWriter", "crossOriginResourcePolicyServerHttpHeadersWriter", "compositeServerHttpHeadersWriter", "writers", "writer", "opts", "next", "serverAuthenticationEntryPointFailureHandler", "opts", "entryPoint", "rethrowAuthenticationServiceError", "exchange", "error", "AuthenticationServiceError", "DEFAULT_REALM", "createHeaderValue", "realm", "httpBasicEntryPoint", "opts", "headerValue", "exchange", "_error", "response", "HttpStatus", "BASIC", "httpBasicAuthenticationConverter", "opts", "exchange", "request", "authorization", "credentials", "parts", "import_node_async_hooks", "AsyncStorageSecurityContextHolder", "_AsyncStorageSecurityContextHolder", "storage", "securityContext", "authentication", "authenticate", "exchange", "next", "token", "managerResolver", "successHandler", "storage", "authentication", "onAuthenticationSuccess", "e", "AuthenticationError", "filterExchange", "AsyncStorageSecurityContextHolder", "authenticationFilter", "opts", "auth", "anyExchange", "httpBasicAuthenticationConverter", "serverAuthenticationEntryPointFailureHandler", "httpBasicEntryPoint", "manager", "_exchange", "error", "httpStatusEntryPoint", "opts", "exchange", "_error", "logger", "getLogger", "delegatingEntryPoint", "opts", "defaultEntryPoint", "response", "_error", "HttpStatus", "exchange", "error", "matcher", "entryPoint", "delegatingSuccessHandler", "handlers", "exchange", "next", "authentication", "handler", "httpBasic", "opts", "xhrMatcher", "exchange", "match", "NO_MATCH", "defaultEntryPoint", "delegatingEntryPoint", "httpStatusEntryPoint", "HttpStatus", "httpBasicEntryPoint", "entryPoint", "manager", "restMatcher", "mediaType", "notHtmlMatcher", "not", "restNoHtmlMatcher", "and", "preferredMatcher", "or", "failureHandler", "serverAuthenticationEntryPointFailureHandler", "successHandler", "delegatingSuccessHandler", "converter", "httpBasicAuthenticationConverter", "authenticationFilter", "BearerTokenErrorCodes", "DEFAULT_URI", "invalidToken", "message", "HttpStatus", "invalidRequest", "ACCESS_TOKEN_PARAMETER_NAME", "authorizationPattern", "Oauth2AuthenticationError", "AuthenticationError", "error", "message", "options", "isBearerTokenAuthenticationToken", "authentication", "serverBearerTokenAuthenticationConverter", "opts", "exchange", "request", "resolveFromAuthorizationHeader", "token", "resolveFromQueryString", "resolveFromBody", "rs", "r", "resolveToken", "accessTokens", "invalidRequest", "accessToken", "headers", "headerName", "authorization", "match", "invalidToken", "resolveTokens", "parameters", "allow", "token_converter_default", "computeWWWAuthenticate", "parameters", "wwwAuthenticate", "i", "key", "value", "isBearerTokenError", "error", "getStatus", "authError", "Oauth2AuthenticationError", "HttpStatus", "createParameters", "realm", "bearerTokenServerAuthenticationEntryPoint", "opts", "exchange", "status", "response", "token_entry_point_default", "jwtAuthConverter", "opts", "principalClaimName", "jwt", "asyncJwtConverter", "converter", "JwtError", "BadJwtError", "onError", "error", "Oauth2AuthenticationError", "invalidToken", "AuthenticationServiceError", "jwtAuthManager", "decoder", "authConverter", "authentication", "isBearerTokenAuthenticationToken", "token", "e", "resourceServer", "opts", "entryPoint", "token_entry_point_default", "converter", "token_converter_default", "failureHandler", "serverAuthenticationEntryPointFailureHandler", "authenticationFilter", "manager", "jwtAuthManager", "_exchange", "import_jwt", "commenceAuthentication", "exchange", "authentication", "entryPoint", "cause", "InsufficientAuthenticationError", "e", "AuthenticationError", "httpStatusAccessDeniedHandler", "httpStatus", "_error", "buffer", "errorFilter", "opts", "accessDeniedHandler", "HttpStatus", "authenticationEntryPoint", "httpBasicEntryPoint", "next", "error", "AccessDeniedError", "principal", "isAuthentication", "logger", "getLogger", "delegatingAuthorizationManager", "opts", "check", "authentication", "exchange", "decision", "matcher", "manager", "checkResult", "AuthorizationDecision", "DefaultAuthorizationManager", "logger", "getLogger", "authorizationFilter", "opts", "manager", "storage", "exchange", "next", "promise", "AsyncStorageSecurityContextHolder", "c", "error", "AccessDeniedError", "SecurityContextServerWebExchange", "ServerWebExchangeDecorator", "#context", "exchange", "context", "exchangeFilter", "opts", "storage", "next", "AsyncStorageSecurityContextHolder", "filterOrder", "filterOrderSymbol", "config_default", "config", "context", "middleware", "ServerHttpSecurity", "#authenticationEntryPoint", "#defaultEntryPoints", "delegatingEntryPoint", "writer", "headers", "filter", "cors_default", "username", "password", "authorities", "manager", "auth", "principal", "credentials", "BadCredentialsError", "defaultSuccessHandlers", "_", "next", "_authentication", "httpBasic", "verifier", "decoder", "token", "payload", "claim", "e", "BadJwtError", "JwtError", "authenticationConverter", "token_converter_default", "authenticationConverterMatcher", "exchange", "NO_MATCH", "match", "entryPoint", "token_entry_point_default", "resourceServer", "exchangeF", "exchangeFilter", "errorFf", "errorFilter", "authorize", "mappings", "anyExchangeRegistered", "matcher", "access", "serverMatcher", "anyExchange", "DefaultAuthorizationManager", "AuthorizationDecision", "p", "authentication", "delegatingAuthorizationManager", "authorizationFilter", "b", "aOrder", "bOrder", "createSecurityConfig", "context", "authorize", "defaultAccess", "path", "route", "rule", "matcher", "pattern", "and", "upgradeMatcher", "httpSecurity", "corsConfigSource", "createCorsConfigSource", "config", "storage", "config_default", "import_node_async_hooks", "HttpHeadResponseDecorator", "ServerHttpResponseDecorator", "HandlerAdapter", "#logger", "#enableLoggingRequestDetails", "#delegate", "#storage", "logger", "delegate", "request", "response", "DefaultWebExchange", "storage", "value", "headers", "result", "key", "query", "exchange", "trace", "status", "error", "logPrefix", "HttpStatus", "callback", "resolve", "reject", "WebHttpHandlerBuilder", "#webHandler", "#handlerDecorator", "decorator", "previousDecorator", "handler", "webHandler", "getLogger", "adapter", "adapted", "import_ws", "createHandshakeInfo", "req", "protocol", "exchange", "request", "HttpServerRequest", "principalPromiseProvider", "principal", "url", "headers", "MapHttpHeaders", "key", "cookies", "logPrefix", "remoteAddress", "webSockets", "context", "next", "path", "routes", "route", "response", "upgradeMatchResult", "upgradeMatcher", "HttpStatus", "buffer", "import_ws", "ExtendedWebSocket", "_first", "_second", "options", "PingManager", "_PingManager", "#EMPTY_BUFFER", "#LAST_TIMESTAMP_BUFFER", "#pingData", "#pingInterval", "#pingIntervalId", "#mask", "#logger", "logger", "supplier", "ping", "#createBufferFromTimestamp", "path", "clients", "client", "#terminateIfDisconnected", "#markAndSendPing", "data", "err", "now", "buffer", "#createTimestampFromBuffer", "handshake", "socket", "addressAndPort", "sent", "latency", "logger", "getLogger", "upgradeStrategy", "path", "route", "wss", "onSocketError", "exchange", "logPrefix", "request", "req", "ServerHttpRequestDecorator", "socket", "upgradeHead", "host", "origin", "acceptsOrigin", "client", "applyHandshakeHeaders", "headers", "response", "seen", "header", "index", "HttpStatus", "name", "value", "nativeResponse", "ServerHttpResponseDecorator", "nameLowerCase", "initRoute", "endpoint", "storage", "regexAwareReplacer", "ExtendedWebSocket", "pings", "PingManager", "handler", "err", "handshake", "createHandshakeInfo", "data", "e", "logger", "getLogger", "secureContextOptions", "ssl", "options", "createListener", "builder", "onSocketError", "httpHandler", "req", "resOrUpgradeHead", "res", "ExtendedHttpServerResponse", "request", "HttpServerRequest", "response", "HttpServerResponse", "decoratedResponse", "HttpHeadResponseDecorator", "promisify", "fn", "resolve", "reject", "r", "err", "memoryMonitor", "config", "start", "initBuilder", "context", "storage", "security", "httpSecurity", "sockets", "webSockets", "handler", "compose", "server_header_default", "next", "HttpStatus", "buffer", "_next", "WebHttpHandlerBuilder", "Factory", "createServer", "https", "http", "monitor", "gw", "configure", "configurer", "core_default", "ports", "portRange", "host", "listener", "server", "ExtendedHttpIncomingMessage", "e", "port", "info", "path", "route", "endpoint", "localIp", "initRoute", "_socket", "head", "cb", "stop", "index_default", "Factory"]
7
7
  }