@interopio/gateway-server 0.19.3 → 0.20.0

package/dist/index.js

@@ -1,3 +1,8 @@
-var Vt=Object.defineProperty;var Jt=(t,e)=>{for(var r in e)Vt(t,r,{get:e[r],enumerable:!0})};var jt={};Jt(jt,{Factory:()=>Ze});import Pn from"node:http";import Rn from"node:https";import{readFileSync as Xe}from"node:fs";import{AsyncLocalStorage as Tn}from"node:async_hooks";import{IOGateway as kn}from"@interopio/gateway";import{networkInterfaces as Qt}from"node:os";var Yt=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function ke(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*et(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Yt.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=ke(o);i<ke(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield ke(t)}var tt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(Qt()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function U(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}import*as Oe from"@interopio/gateway/logging/core";function b(t){return Oe.getLogger(`gateway.server.${t}`)}function rt(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Kt}from"@interopio/gateway";import{AsyncLocalStorage as Zt}from"node:async_hooks";var Xt=Kt.Encoding,M=b("ws"),er=Xt.json();function tr(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function rr(t,e,r){let n=U(r),o=r?.address??"<unknown>",s={key:n,host:o,codec:er,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:tr(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function nr(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw`);let i=rr.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?Zt.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var nt=nr;function ot(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,l=await a(i,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,g??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
-	 You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{isIP as or}from"node:net";import{Cookie as Me}from"tough-cookie";function ir(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function sr(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function ar(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():sr(t)?"https":e}function cr(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:or(o)===6?"IPv6":"IPv4"}}var oe=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ie=class t extends oe{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return ur(this.headers)}parseHost(e){return ir(this.headers,e)}parseProtocol(e){return ar(this.headers,e)}parseRemoteAddress(e){return cr(this.URL,this.headers,e)}},se=class extends oe{get cookies(){return lr(this.headers)}setCookieValue(e){return new Me({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function dr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function it(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...dr(r));return e}function ur(t){return t.list("cookie").map(e=>e.split(";").map(r=>Me.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function lr(t){return t.list("set-cookie").map(e=>{let r=Me.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var Z=class{constructor(){}toList(e){let r=this.get(e);return it(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return it(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var We=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},f=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function st(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=f.resolve(t);return e!==void 0?e:new We(t)}return t}import $e from"node:http";var ae=class extends $e.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},q=class extends $e.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},ce=class extends ie{},de=class extends se{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:st(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},_=class extends ce{#e;#r;#t;constructor(e){super(new Ie(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return $e.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},Ie=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},Le=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},ue=class extends de{#e;constructor(e){super(new Le(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},le=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof ce)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof de)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},pe=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},he=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[at]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(at);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},at="io.interop.gateway.server.log_id";import{getHeapStatistics as pr,writeHeapSnapshot as hr}from"node:v8";import{access as fr,mkdir as gr,rename as ct,unlink as mr}from"node:fs/promises";var y=b("monitoring"),yr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function Sr(){return pr()}async function dt(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await Ne(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location  ${t.dumpLocation} does not exists. Will try to create it`);try{await gr(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=hr(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await Ne(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await mr(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await Ne(a).then(async()=>{try{await ct(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await ct(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function Ne(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await fr(t)}async function wr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await dt(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function ut(t){let e={...yr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=Sr();await wr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await dt(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function br({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function lt(t){return await br(t,"stop")}import pt from"@interopio/gateway-server/package.json"with{type:"json"};var xr=t=>(t??=`${pt.name} - v${pt.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),ht=t=>xr(t);import{IOGateway as fe}from"@interopio/gateway";var Fe=b("gateway.ws.client-verify");function Er(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Cr(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&fe.Filtering.valuesMatch(r,e))return Fe.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&fe.Filtering.valuesMatch(n,e))return Fe.enabledFor("debug")&&Fe.debug(`origin ${e} matches allow filter`),!0}function Ar(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function ft(t,e){if(!e)return!0;if(t){let r=Cr(e,t);return r||Ar(e)}else return Er(e)}function gt(t){if(t){let e=(t.block??t.blacklist??[]).map(fe.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(fe.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var mt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},G=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},yt=t=>async e=>(await t(e)).match?E:A(),ee=async t=>A();ee.toString=()=>"any-exchange";var St=Object.freeze({}),E=Object.freeze({match:!1,variables:St}),A=(t=St)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},Be=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},B=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;B.toString=()=>"websocket upgrade";import{IOGateway as wt}from"@interopio/gateway";async function De(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(wt.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(wt.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(l,g)=>{let{match:h,variables:p}=await d(l);h?await c(l,p):await g()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:gt(c?.origins)})}}};await t(o,e)}import{IOGateway as qe}from"@interopio/gateway";function Pr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Rr(t){return t.headers.has("origin")&&!Pr(t)}function vt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var bt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],Tr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",bt.join(", "));else{let i=o.list("Vary");for(let a of bt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Rr(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),te(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=vt(r);return e?Or(t,e,s):s?(te(n),!1):!0},me=["*"],Ue=["GET","HEAD","POST"],xt={allowOrigins:me,allowMethods:Ue,allowHeaders:me,maxAge:1800};function ye(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Ct(t),At(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=qe.Filtering.regexify(n),typeof n=="string")?Ht(n).toLowerCase():n)}),t}}function ge(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==me||t===Ue)return e===S?[S]:e;if(e==me||e===Ue)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var re=(t,e)=>e===void 0?t:{allowOrigins:ge(t.allowOrigins,e?.allowOrigins),allowMethods:ge(t.allowMethods,e?.allowMethods),allowHeaders:ge(t.allowHeaders,e?.allowHeaders),exposeHeaders:ge(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},kr=t=>{let e=t.corsConfigSource,r=t.corsProcessor??Tr;return async(n,o)=>{let s=await e(n);!r(n,s)||vt(n.request)||await o()}},Et=kr,P=b("cors");function te(t){t.setStatusCode(f.FORBIDDEN)}function Or(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=Wr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),te(o),!1;let c=$r(n,r),d=Ir(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),te(o),!1;let u=Nr(n,r),l=Lr(e,u);if(r&&l===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),te(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&s.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&s.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Mr=["GET","HEAD"];function Ct(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function At(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function Wr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Ct(t),At(t),S;let n=Ht(e.toLowerCase());for(let o of r)if(o===S||qe.Filtering.valueMatches(o,n))return e}}}function Ir(t,e){if(e){let r=t.allowMethods??Mr;if(r===S)return[e];if(qe.Filtering.valuesMatch(r,e))return r}}function Lr(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function Ht(t){return t.endsWith("/")?t.slice(0,-1):t}function $r(t,e){return e?t.headers.one("access-control-request-method"):t.method}function Nr(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Pt=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as Fr}from"@interopio/gateway";function Rt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:re(xt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,l]of r)Fr.Filtering.valueMatches(u,i)&&(l===void 0?c=void 0:c=c===void 0?l:re(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:re(c,d),o.push([G([B,H(i)]),ye(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:re(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),ye(a)]);return o.push([H(/\/api\/.*/),ye(n)]),Pt({mappings:o})}function Tt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Se=class extends C{},we=class extends C{};var D=class extends Error{},W=class{constructor(e){this.granted=e}granted},$=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new D("Access denied")}async authorize(e,r){return await this.#e(e,r)}},j=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Br=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Dr=()=>R(new v().add("x-content-type-options","nosniff")),Ur=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},qr=t=>R(new v().add("x-frame-options",t)),_r=t=>R(new v().add("x-xss-protection",t)),zr=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},Gr=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},jr=(t="no-referrer")=>R(new v().add("referer-policy",t)),Vr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},Qr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Yr=(...t)=>async e=>{for(let r of t)await r(e)};function _e(t){let e=[];t?.cache?.disabled||e.push(Br()),t?.contentType?.disabled||e.push(Dr()),t?.hsts?.disabled||e.push(Ur(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(qr(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(_r(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(zr(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(Gr(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(jr(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(Vr(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Jr(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(Qr(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Yr(...e);return async(n,o)=>{await r(n),await o()}}var V=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof j))return e(n,o);throw o}};var Kr="Realm",Xr=t=>`Basic realm="${t}"`,J=t=>{let e=Xr(t?.realm??Kr);return async(r,n)=>{let{response:o}=r;o.setStatusCode(f.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var kt="Basic ",be=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=kt.length?"":n.substring(kt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};import{AsyncLocalStorage as Zr}from"node:async_hooks";var N=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Zr)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function en(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await tn(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function tn(t,e,r,n){N.withAuthentication(t)(n),await r(e,t)}function Q(t){let e={matcher:ee,successHandler:async({next:n})=>{await n()},converter:be({}),failureHandler:V({entryPoint:J({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await en(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var Ot=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Y=b("auth.entry-point"),ve=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(f.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Y.enabledFor("debug")&&Y.debug(`trying to match using: ${o}`),(await o(r)).match)return Y.enabledFor("debug")&&Y.debug(`match found. using default entry point ${s}`),s(r,n);return Y.enabledFor("debug")&&Y.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Mt=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function ze(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=ve({entryPoints:[[e,Ot({httpStatus:f.UNAUTHORIZED})]],defaultEntryPoint:J({})}),n=t.entryPoint??r,o=t.manager,s=Be({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=yt(Be({mediaTypes:["text/html"]})),a=G([i,s]),c=mt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??V({entryPoint:n}),u=Mt(t.successHandlers??t.defaultSuccessHandlers),l=be({});return Q({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var Wt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},It="https://tools.ietf.org/html/rfc6750#section-3.1";function xe(t){return{errorCode:Wt.invalid_token,httpStatus:f.UNAUTHORIZED,description:t,uri:It}}function Ge(t){return{errorCode:Wt.invalid_request,httpStatus:f.BAD_REQUEST,description:t,uri:It}}var rn="access_token",nn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Lt=t=>t.type==="BearerToken",on=t=>async e=>{let{request:r}=e;return Promise.all([an(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),cn(r,t?.uriQueryParameter),dn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(sn).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function sn(t){if(t.length===0)return;if(t.length>1){let r=Ge("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=Ge("The requested access token parameter is an empty string");throw new k(r)}return e}async function an(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=nn.exec(r);if(n===null){let o=xe("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function $t(t){let e=t.getAll(rn);if(e.length!==0)return e}async function cn(t,e=!1){if(!(!e||t.method!=="GET"))return $t(t.URL.searchParams)}async function dn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return $t(n)}var Ee=on;function un(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var Nt=t=>t.httpStatus!==void 0;function ln(t){if(t instanceof k){let{error:e}=t;if(Nt(e))return e.httpStatus}return f.UNAUTHORIZED}function pn(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),Nt(n)&&n.scope&&r.set("scope",n.scope)}return r}var hn=t=>async(e,r)=>{let n=ln(r),o=pn(r,t?.realmName),s=un(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Ce=hn;var fn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},gn=t=>async e=>t(e),K=class extends Error{},ne=class extends K{};function mn(t){if(t instanceof ne)return new k(xe(t.message),t.message,{cause:t});throw new j(t.message,{cause:t})}function je(t){let e=t.decoder,r=t.authConverter??gn(fn({}));return async n=>{if(Lt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof K?mn(s):s}}}}function Ve(t){let e=t.entryPoint??Ce({}),r=t?.converter??Ee({}),n=t.failureHandler??V({entryPoint:e});if(t.managerResolver!==void 0)return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??je(t.jwt);return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as wn,JwtVerifyError as bn}from"@interopio/gateway/jose/jwt";async function Ft(t,e,r){let n=new Se("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function yn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Bt=t=>{let e=yn(f.FORBIDDEN),r=t.authenticationEntryPoint??J();return async(n,o)=>{try{await o()}catch(s){if(s instanceof D){let i=await n.principal();Tt(i)?(i.authenticated||await e(n,s),await Ft(n,i,r)):await Ft(n,void 0,r);return}throw s}}};var Sn=b("security.auth");function Je(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){Sn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new W(!1),o};return new $(e)}var Ae=b("security.auth");function Qe(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=N.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Ae.enabledFor("debug")&&Ae.debug("authorization successful")}catch(i){throw i instanceof D&&Ae.enabledFor("debug")&&Ae.debug(`authorization failed: ${i.message}`),i}await o()}}var Ye=class extends pe{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Dt=t=>{let e=t.storage;return async(r,n)=>{await n(new Ye(r,async()=>await N.getContext(e)))}};var I={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},L=Symbol.for("filterOrder"),Ut=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:ve({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=_e(t.headers);a[L]=I.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=Et({corsConfigSource:e.corsConfigSource});a[L]=I.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async h=>{let p=h.principal,w=h.credentials;if(p.toLowerCase()!==a||w!==c)throw new we("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:p,credentials:w,authorities:[...d]}},l=[async({exchange:h,next:p},w)=>p()],g=ze({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:l});g[L]=I.http_basic,r.push(g)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=wn({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async h=>{try{let{payload:p}=await a(h);return{subject:p.sub,getClaimAsString(w){return p[w]}}}catch(p){throw p instanceof bn?new ne(p.message,{cause:p}):new K("error occurred while attempting to decoding jwt",{cause:p})}},d=Ee({uriQueryParameter:!0}),u=async h=>{try{return await d(h)===void 0?E:A()}catch{return E}},l=Ce({});this.#r.push([u,l]);let g=Ve({storage:e.storage,entryPoint:l,converter:d,jwt:{decoder:c}});g[L]=I.authentication,r.push(g)}let i=Dt({storage:e.storage});if(r.push(i),i[L]=I.security_context_server_web_exchange,t.authorize!==void 0){let a=Bt({authenticationEntryPoint:this.authenticationEntryPoint});a[L]=I.error_translation,r.push(a);let d=(l=>{let g=[],h=!1;for(let[p,w]of l??[]){let m;if(p==="any-exchange")h=!0,m=ee;else{if(h)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=p}let x;if(w.access==="permitted")x=new $(async()=>new W(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new $(async()=>new W(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new $(async X=>{let F=await X;return F!==void 0?new W(F.authenticated):new W(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);g.push([m,x])}return Je({mappings:g})})(t.authorize),u=Qe({manager:d,storage:e.storage});u[L]=I.authorization,r.push(u)}r.sort((a,c)=>{let d=a[L]??I.last,u=c[L]??I.last;return d-u})}}return new n().build(),r};function vn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=G([B,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function qt(t){let e=Rt(t),r=vn(t),{storage:n}=t;return Ut(r,{storage:n,corsConfigSource:e})}import{AsyncLocalStorage as xn}from"node:async_hooks";var He=class extends z{},Ke=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new he(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(f.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},Pe=class{#e;#r=new xn;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new Ke(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};import{WebSocketServer as Cn}from"ws";function _t(t,e){let r=t?.exchange,n=r?.request??new _(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function zt(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await B(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(f.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as En}from"ws";var Re=class extends En{constructor(e,r,n){super(null,void 0,n)}connected},Te=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client ${U(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client ${U(e.remoteAddress)} ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client ${U(e.remoteAddress)} high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function An(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=le.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=i.headers.one("origin");if(!ft(l,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,h)=>{r.emit("connection",g,h)})}}function Hn(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(f.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function Gt(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,rt):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new Cn({noServer:!0,WebSocket:Re,autoPong:!1}),i=new Te(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;Hn(c,u)}}).on("connection",(c,d)=>{let u=_t(d,c.protocol);c.on("pong",l=>{i.handlePong(u,c,l)}),c.on("ping",l=>{i.handlePing(u,c,l)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=An(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function On(t){let e={};return t.key&&(e.key=Xe(t.key)),t.cert&&(e.cert=Xe(t.cert)),t.ca&&(e.ca=Xe(t.ca)),e}async function Mn(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof q?s=o:(n.upgradeHead=o,s=new q(n),s.assignSocket(n.socket));let i=new _(n),a=new ue(s),c=i.method==="HEAD"?new He(a):a;await r(i,c)}}function Wn(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function In(t){if(t)return ut({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function Ln(t){let e=t.storage,r=await qt(t),n=zt(t),o=ot(ht(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(f.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(f.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(f.NOT_FOUND),await s.end()});return new Pe(o).storage(e)}var Ze=async t=>{let e=t.ssl,r=e?(h,p)=>Rn.createServer({...h,...On(e)},p):(h,p)=>Pn.createServer(h,p),n=In(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new Tn,sockets:new Map},s=kn.Factory({...t.gateway});if(t.gateway){let h=t.gateway;await De(async p=>{p.socket({path:h.route,factory:nt.bind(s),options:h})},t,o)}t.app&&await De(t.app,t,o);let i=et(t.port??0),a=t.host,c=h=>O.error(`socket error: ${h}`,h),d=await Ln(o),u=await Mn(d,c),g=await new Promise((h,p)=>{let w=r({IncomingMessage:ae,ServerResponse:q,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),p(m))}else O.error(`server error: ${m.message}`,m),p(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,X]of o.sockets){let F=`${e?"wss":"ws"}://${tt}:${m.port}${x}`;await Gt(x,X,F,o.storage,c)}O.info(`http server listening on ${m.address}:${m.port}`),h(w)}),w.on("upgrade",(m,x,X)=>{try{u(m,X)}catch(F){O.error(`upgrade error: ${F}`,F)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),p(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;async close(){for(let[h,p]of o.sockets)try{p.close!==void 0&&await p.close()}catch(w){O.warn(`error closing route ${h}`,w)}await Wn(h=>{g.closeAllConnections(),g.close(h)}),n&&await lt(n),s&&await s.stop()}}};var sa=Ze;export{jt as GatewayServer,sa as default};
+var Or=Object.defineProperty;var Mr=(t,e)=>{for(var r in e)Or(t,r,{get:e[r],enumerable:!0})};var Tr={};Mr(Tr,{Factory:()=>Pt,VERSION:()=>Rr});import wo from"node:http";import So from"node:https";import{AsyncLocalStorage as bo}from"node:async_hooks";import{networkInterfaces as Ir}from"node:os";var Lr=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function tt(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*kt(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Lr.exec(r);if(n){let o=parseInt(n[1]),i=parseInt(n[4]??n[1]);for(let s=tt(o);s<tt(i)+1;s++)yield s}else throw new Error(`'${e}' is not a valid port or range.`)}else yield tt(t)}var Rt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(Ir()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function B(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}import*as Tt from"@interopio/gateway/logging/core";function y(t){return Tt.getLogger(`gateway.server.${t}`)}function Ot(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Dr}from"@interopio/gateway";import{AsyncLocalStorage as $r}from"node:async_hooks";var N=y("ws"),Wr=Dr.Encoding.json();function Ur(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&r!==null&&("username"in r||"name"in r)&&(e=r.username??r.name),e===void 0&&(r==null?e="":e=String(r))}return e}function Nr(t,e,r,n){let o=B(n),i=n?.address??"<unknown>",s={key:o,host:i,codec:Wr,onAuthenticate:async()=>{let a=await r();if(a?.authenticated)return{type:"success",user:Ur(a)};throw new Error(`no valid client authentication ${o}`)},onPing:()=>{e.ping(a=>{a?N.warn(`failed to ping ${o}`,a):N.info(`ping sent to ${o}`)})},onDisconnect:a=>{switch(a){case"inactive":{N.warn(`no heartbeat (ping) received from ${o}, closing socket`),e.close(4001,"ping expected");break}case"shutdown":{e.close(1001,"shutdown");break}}}};try{return t.client(a=>e.send(a),s)}catch(a){N.warn(`${o} failed to create client`,a)}}async function Fr(t){return N.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:i}=r,s=(await i())?.name;N.info(`${n}connected on gw as ${s??"<anonymous>"}`);let a=await this.getGateway(s),c=Nr(a,e,i,o);if(!c){N.error(`${n}gw client init failed`),e.terminate();return}e.on("error",u=>{N.error(`${n}websocket error: ${u}`,u)});let d=t.storage!==void 0?$r.snapshot():void 0;e.on("message",(u,l)=>{Array.isArray(u)&&(u=Buffer.concat(u)),d!==void 0?d(()=>c.send(u)):c.send(u)}),e.on("close",u=>{N.info(`${n}disconnected from gw. code: ${u}`),c.close()})}}var Mt=Fr;import{IOGateway as It}from"@interopio/gateway";var E=y("gateway-manager");function Lt(){return globalThis.crypto.randomUUID().replaceAll("-","")}var Se=class{#e;#r;#t=new Map;#n=new Map;#i;#s=!1;#o;constructor(e){this.#i={baseConfig:e.baseConfig,scope:e.scope??"principal"},this.#e=e.baseConfig.node??Lt(),E.enabledFor("debug")&&E.debug(`creating default gateway with gateway id: ${this.#e}`),this.#r=It.Factory({...e.baseConfig,node:this.#e})}async start(e){return this.#s?this:(this.#o=e,E.debug("starting default gateway"),await this.#r.start(e),this.#s=!0,this)}async getGateway(e){if(this.#i.scope==="singleton"||!e)return this.#r;let r=this.#n.get(e),n=r?this.#t.get(r):void 0;return n?E.enabledFor("debug")&&E.debug(`reusing existing gateway for principal '${e}'`):(E.enabledFor("debug")&&E.debug(`no existing gateway for principal '${e}', creating new one`),n=await this.createPrincipalGateway(e)),n}async createPrincipalGateway(e){let r=Lt(),n={...this.#i.baseConfig,node:r};E.enabledFor("debug")&&E.debug(`creating gateway for principal '${e}' with gateway id: ${n.node}`);let o=It.Factory(n);return this.#n.set(e,r),this.#t.set(r,o),await o.start(this.#o),o}getGateways(){let e=new Map(this.#t);return e.set(this.#e,this.#r),e}info(e){if(e&&this.#e!==e){let r=this.#t.get(e);if(r)return r.info();throw new Error(`no gateway found with ID: ${e}`)}return e===this.#e?this.#r.info():{...this.#r.info(),managedGateways:this.#t.size,scope:this.#i.scope}}async stop(e){if(e&&this.#e!==e){let r=this.#t.get(e);if(r){E.info(`stopping gateway with ID: ${e}`),await r.stop(),this.#t.delete(e);for(let[n,o]of this.#n.entries())if(o===e){this.#n.delete(n);break}return r}else throw new Error(`no gateway found with ID: ${e}`)}if(e===this.#e)return E.debug("stopping default gateway (managed gateways will continue running)"),await this.#r.stop(),this.#s=!1,this.#r;E.info(`stopping all gateways (1 default + ${this.#t.size} managed)`);for(let[r,n]of this.#t.entries())E.enabledFor("debug")&&E.debug(`stopping gateway with ID: ${r}`),await n.stop();return this.#t.clear(),this.#n.clear(),E.debug("stopping default gateway"),await this.#r.stop(),this.#s=!1,this.#r}getPrincipalGatewayId(e){return this.#n.get(e)}getPrincipalGatewayIds(){return new Map(this.#n)}getDefaultGateway(){return this.#r}client(e,r){return this.#r.client(e,r)}async connect(e){return this.#r.connect(e)}getPrincipalCount(){return this.#t.size}};function Dt(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(i,s)=>{let a=i===e.length?n:e[i];if(a===void 0)return;let c=!1,d=!1,l=await a(s,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(i+1,g??s)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
+	 You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{isIP as Gr}from"node:net";import{Cookie as rt}from"tough-cookie";function Br(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function _r(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function qr(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():_r(t)?"https":e}function zr(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:Gr(o)===6?"IPv6":"IPv4"}}var be=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ve=class t extends be{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return Vr(this.headers)}parseHost(e){return Br(this.headers,e)}parseProtocol(e){return qr(this.headers,e)}parseRemoteAddress(e){return zr(this.URL,this.headers,e)}},xe=class extends be{get cookies(){return Xr(this.headers)}setCookieValue(e){return new rt({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function jr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function $t(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...jr(r));return e}function Vr(t){return t.list("cookie").map(e=>e.split(";").map(r=>rt.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function Xr(t){return t.list("set-cookie").map(e=>{let r=rt.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var ue=class{constructor(){}toList(e){let r=this.get(e);return $t(r)}},x=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return $t(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var nt=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},w=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function Wt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=w.resolve(t);return e!==void 0?e:new nt(t)}return t}import at from"node:http";var Ee=class extends at.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},Y=class extends at.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},Ae=class extends ve{#e;get sslInfo(){return this.#e===void 0&&(this.#e=this.initSslInfo()),this.#e}},Ce=class extends xe{#e=[];#r;#t="new";#n=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:Wt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#n.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#n.length>0&&(n=this.#n.reduce((o,i)=>o.then(()=>i()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},Q=class extends Ae{#e;#r;#t;constructor(e){super(new it(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}initSslInfo(){if(this.#t.socketEncrypted)return new ot(this.#t.socket)}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return at.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},ot=class{peerCertificate;constructor(e){this.peerCertificate=e.getPeerX509Certificate()}},it=class extends ue{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},st=class extends ue{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},Pe=class extends Ce{#e;constructor(e){super(new st(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(i){o(i instanceof Error?i:new Error(`end failed: ${i}`))}})}}},He=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get sslInfo(){return this.#e.sslInfo}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof Ae)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},Z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof Ce)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},ke=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},Re=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[Ut]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(Ut);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},Ut="io.interop.gateway.server.log_id";import{getHeapStatistics as Jr,writeHeapSnapshot as Kr}from"node:v8";import{access as Yr,mkdir as Qr,rename as Nt,unlink as Zr}from"node:fs/promises";var S=y("monitoring"),en={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function tn(){return Jr()}async function Ft(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;S.enabledFor("debug")&&S.debug(`starting heap dump in ${r}`),await ct(t.dumpLocation).catch(async o=>{S.enabledFor("debug")&&S.debug(`dump location  ${t.dumpLocation} does not exists. Will try to create it`);try{await Qr(t.dumpLocation,{recursive:!0}),S.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{S.error(`failed to create dump location ${t.dumpLocation}`)}});let n=Kr(r);S.info("heap dumped");try{S.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await ct(o).then(async()=>{S.enabledFor("debug")&&S.debug(`deleting ${o}`);try{await Zr(o)}catch(s){S.warn(`failed to delete ${o}`,s)}}).catch(()=>{});for(let s=t.maxBackups-1;s>0;s--){let a=`${t.dumpLocation}/${e}.${s}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${s+1}.heapsnapshot`;await ct(a).then(async()=>{try{await Nt(a,c)}catch(d){S.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let i=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await Nt(n,i)}catch(s){S.warn(`failed to rename ${n} to ${i}`,s)}S.debug("snapshots rolled")}catch(o){throw S.error("error rolling backups",o),o}}async function ct(t){S.enabledFor("trace")&&S.debug(`checking file ${t}`),await Yr(t)}async function rn(t,e,r){S.enabledFor("debug")&&S.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;S.info(`heap stats ${JSON.stringify(t)}`),o>=n?(S.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await Ft(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function Gt(t){let e={...en,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=tn();await rn(a,n,e)},i=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await Ft(e);break}case"stop":{r=!0,clearInterval(i),S.info("exit memory diagnostic");break}}return r}}}async function nn({channel:t},e){await t(e)||S.warn(`cannot execute command "${e}" already closed`)}async function Bt(t){return await nn(t,"stop")}var sn=(t,e)=>(e??=t,async({response:r},n)=>{e!==!1&&!r.headers.has("server")&&r.headers.set("Server",e),await n()}),_t=(t,e)=>sn(t,e);import{IOGateway as Te}from"@interopio/gateway";var dt=y("gateway.ws.client-verify");function an(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function cn(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&Te.Filtering.valuesMatch(r,e))return dt.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&Te.Filtering.valuesMatch(n,e))return dt.enabledFor("debug")&&dt.debug(`origin ${e} matches allow filter`),!0}function dn(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function qt(t,e){if(!e)return!0;if(t){let r=cn(e,t);return r||dn(e)}else return an(e)}function zt(t){if(t){let e=(t.block??t.blacklist??[]).map(Te.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(Te.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var jt=t=>async e=>{for(let r of t)if((await r(e)).match)return T();return C},ee=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return C;return T()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},Vt=t=>async e=>(await t(e)).match?C:T(),le=async t=>T();le.toString=()=>"any-exchange";var Xt=Object.freeze({}),C=Object.freeze({match:!1,variables:Xt}),T=(t=Xt)=>({match:!0,variables:t}),O=(t,e)=>{let r=e?.method,n=async o=>{let i=o.request,s=i.path;if(r!==void 0&&i.method!==r)return C;if(typeof t=="string")return s===t?T():C;{let a=t.exec(s);return a===null?C:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},ut=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return C}for(let i of o)if(!e(i)){for(let s of t.mediaTypes)if(i.startsWith(s))return T()}return C}},V=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?T():C;V.toString=()=>"websocket upgrade";import{IOGateway as Jt}from"@interopio/gateway";async function lt(t,e,r){let n=(i,s)=>{if(s?.cors){let a=s.cors===!0?{allowOrigins:s.origins?.allow?.map(Jt.Filtering.regexify),allowMethods:i.method===void 0?["*"]:[i.method],allowCredentials:s.authorize?.access!=="permitted"?!0:void 0}:s.cors,c=i.path;r.cors.push([c,a])}},o=new class{handle(...i){i.forEach(({request:s,options:a,handler:c})=>{let d=O(Jt.Filtering.regexify(s.path),{method:s.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(s,a);let u=async(l,g)=>{let{match:v,variables:p}=await d(l);v?await c(l,p):await g()};r.middleware.push(u)})}socket(...i){for(let{path:s,factory:a,options:c}of i){let d=s??"/";r.sockets.set(d,{default:s===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:zt(c?.origins)})}}};await t(o,e)}import{IOGateway as ht}from"@interopio/gateway";function ln(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,i=URL.parse(e),s=i?.host,a=i?.protocol;return n===a&&o===s}function pn(t){return t.headers.has("origin")&&!ln(t)}function Yt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var Kt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],hn=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",Kt.join(", "));else{let s=o.list("Vary");for(let a of Kt)s.find(c=>c===a)||s.push(a);o.set("Vary",s.join(", "))}try{if(!pn(r))return!0}catch{return M.enabledFor("debug")&&M.debug("reject: origin is malformed"),pe(n),!1}if(o.has("access-control-allow-origin"))return M.enabledFor("trace")&&M.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let i=Yt(r);return e?gn(t,e,i):i?(pe(n),!1):!0},Me=["*"],pt=["GET","HEAD","POST"],Qt={allowOrigins:Me,allowMethods:pt,allowHeaders:Me,maxAge:1800};function Ie(t){if(t){let e=t.allowHeaders;e&&e!==b&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(er(t),tr(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==b&&(n=ht.Filtering.regexify(n),typeof n=="string")?rr(n).toLowerCase():n)}),t}}function Oe(t,e){if(e===void 0)return t!==void 0?t===b?[b]:t:[];if(t===void 0)return e===b?[b]:e;if(t==Me||t===pt)return e===b?[b]:e;if(e==Me||e===pt)return t===b?[b]:t;if(t===b||t.includes(b)||e===b||e.includes(b))return[b];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var he=(t,e)=>e===void 0?t:{allowOrigins:Oe(t.allowOrigins,e?.allowOrigins),allowMethods:Oe(t.allowMethods,e?.allowMethods),allowHeaders:Oe(t.allowHeaders,e?.allowHeaders),exposeHeaders:Oe(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},fn=t=>{let e=t.corsConfigSource,r=t.corsProcessor??hn;if(e===void 0)throw new Error("corsConfigSource is required");if(r===void 0)throw new Error("corsProcessor is required");return async(n,o)=>{let i=await e(n);!r(n,i)||Yt(n.request)||await o()}},Zt=fn,M=y("cors");function pe(t){t.setStatusCode(w.FORBIDDEN)}function gn(t,e,r){let{request:n,response:o}=t,i=o.headers,s=n.headers.one("origin"),a=yn(e,s);if(a===void 0)return M.enabledFor("debug")&&M.debug(`reject: '${s}' origin is not allowed`),pe(o),!1;let c=bn(n,r),d=wn(e,c);if(d===void 0)return M.enabledFor("debug")&&M.debug(`reject: HTTP '${c}' is not allowed`),pe(o),!1;let u=vn(n,r),l=Sn(e,u);if(r&&l===void 0)return M.enabledFor("debug")&&M.debug(`reject: headers '${u}' are not allowed`),pe(o),!1;i.set("Access-Control-Allow-Origin",a),r&&i.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&i.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&i.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&i.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&i.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&i.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var b="*",mn=["GET","HEAD"];function er(t){if(t.allowCredentials===!0&&t.allowOrigins===b)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function tr(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===b)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function yn(t,e){if(e){let r=t.allowOrigins;if(r){if(r===b)return er(t),tr(t),b;let n=rr(e.toLowerCase());for(let o of r)if(o===b||ht.Filtering.valueMatches(o,n))return e}}}function wn(t,e){if(e){let r=t.allowMethods??mn;if(r===b)return[e];if(ht.Filtering.valuesMatch(r,e))return r}}function Sn(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===b||r.includes(b),o=[];for(let i of e){let s=i?.trim();if(s){if(n)o.push(s);else for(let a of r)if(s.toLowerCase()===a){o.push(s);break}}}if(o.length>0)return o}function rr(t){return t.endsWith("/")?t.slice(0,-1):t}function bn(t,e){return e?t.headers.one("access-control-request-method"):t.method}function vn(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var nr=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return M.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as xn}from"@interopio/gateway";function or(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:he(Qt,t.corsConfig),o=[];for(let[s,a]of e){let c=n;for(let[u,l]of r)xn.Filtering.valueMatches(u,s)&&(l===void 0?c=void 0:c=c===void 0?l:he(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:he(c,d),o.push([ee([V,O(s)]),Ie(c)])}let i=[];for(let[s,a]of r){let[,c]=i.find(([u])=>String(u)===String(s))??[s,n];c=c===void 0?a:he(c,a);let d=!1;for(let u of i)if(String(u[0])===String(s)){u[1]=c,d=!0;break}d||i.push([s,c])}for(let[s,a]of i)o.push([O(s),Ie(a)]);return o.push([O(/\/api\/.*/),Ie(n)]),nr({mappings:o})}function ir(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var A=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Le=class extends A{},te=class extends A{},re=class extends A{constructor(e){super(e)}},fe=class extends re{constructor(e){super(e)}},ge=class extends re{constructor(e){super(e)}},me=class extends re{constructor(e){super(e)}},ye=class extends re{constructor(e){super(e)}};var X=class extends Error{},F=class{constructor(e){this.granted=e}granted},_=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new X("Access denied")}async authorize(e,r){return await this.#e(e,r)}},ne=class extends A{};var I=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,i]of t)n.headers.set(o,i)},En=()=>I(new x().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),An=()=>I(new x().add("x-content-type-options","nosniff")),Cn=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=I(new x().add("strict-transport-security",n)),i=s=>s.request.URL.protocol==="https:";return async s=>{i(s)&&await o(s)}},Pn=t=>I(new x().add("x-frame-options",t)),Hn=t=>I(new x().add("x-xss-protection",t)),kn=t=>{let e=t===void 0?void 0:I(new x().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},Rn=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:I(new x().add(r,t));return async o=>{n!==void 0&&await n(o)}},Tn=(t="no-referrer")=>I(new x().add("referer-policy",t)),On=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Mn=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},In=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Ln=(...t)=>async e=>{for(let r of t)await r(e)};function ft(t){let e=[];t?.cache?.disabled||e.push(En()),t?.contentType?.disabled||e.push(An()),t?.hsts?.disabled||e.push(Cn(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(Pn(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(Hn(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(kn(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(Rn(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(Tn(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(On(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Mn(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(In(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Ln(...e);return async(n,o)=>{await r(n),await o()}}var oe=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof ne))return e(n,o);throw o}};var Dn="Realm",$n=t=>`Basic realm="${t}"`,ie=t=>{let e=$n(t?.realm??Dn);return async(r,n)=>{let{response:o}=r;o.setStatusCode(w.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var sr="Basic ",De=t=>{let e=t?.credentialsEncoding??"utf-8";return async r=>{let{request:n}=r,o=n.headers.one("authorization");if(!o||!/basic/i.test(o.substring(0)))return;let i=o.length<=sr.length?"":o.substring(sr.length),a=Buffer.from(i,"base64").toString(e).split(":",2);if(a.length!==2)return;let c=a[0],d=a[1];return{type:"UsernamePassword",authenticated:!1,principal:c,credentials:d,name:c,eraseCredentials:()=>{d=null}}}};import{AsyncLocalStorage as Wn}from"node:async_hooks";var q=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Wn)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function Un(t,e,r,n,o,i){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await Nn(a,{exchange:t,next:e},o,i)}catch(c){throw c instanceof A,c}}async function Nn(t,e,r,n){q.withAuthentication(t)(n),await r(e,t)}function z(t){let e={matcher:le,successHandler:async({next:n})=>{await n()},converter:De({}),failureHandler:oe({entryPoint:ie({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let s=(await e.matcher(n)).match?await e.converter(n):void 0;if(s===void 0){await o();return}try{await Un(n,o,s,r,e.successHandler,e.storage)}catch(a){if(a instanceof A){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var ar=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var se=y("auth.entry-point"),$e=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(w.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,i]of t.entryPoints)if(se.enabledFor("debug")&&se.debug(`trying to match using: ${o}`),(await o(r)).match)return se.enabledFor("debug")&&se.debug(`match found. using default entry point ${i}`),i(r,n);return se.enabledFor("debug")&&se.debug(`no match found. using default entry point ${e}`),e(r,n)}};var cr=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function gt(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?T():C,r=$e({entryPoints:[[e,ar({httpStatus:w.UNAUTHORIZED})]],defaultEntryPoint:ie({})}),n=t.entryPoint??r,o=t.manager,i=ut({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),s=Vt(ut({mediaTypes:["text/html"]})),a=ee([s,i]),c=jt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??oe({entryPoint:n}),u=cr(t.successHandlers??t.defaultSuccessHandlers),l=De({});return z({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var dr={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},ur="https://tools.ietf.org/html/rfc6750#section-3.1";function We(t){return{errorCode:dr.invalid_token,httpStatus:w.UNAUTHORIZED,description:t,uri:ur}}function mt(t){return{errorCode:dr.invalid_request,httpStatus:w.BAD_REQUEST,description:t,uri:ur}}var Fn="access_token",Gn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,D=class extends A{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},lr=t=>t.type==="BearerToken",Bn=t=>async e=>{let{request:r}=e;return Promise.all([qn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),zn(r,t?.uriQueryParameter),jn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(_n).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function _n(t){if(t.length===0)return;if(t.length>1){let r=mt("Found multiple access tokens in the request");throw new D(r)}let e=t[0];if(!e||e.length===0){let r=mt("The requested access token parameter is an empty string");throw new D(r)}return e}async function qn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=Gn.exec(r);if(n===null){let o=We("Bearer token is malformed");throw new D(o)}return n.groups?.token}async function pr(t){let e=t.getAll(Fn);if(e.length!==0)return e}async function zn(t,e=!1){if(!(!e||t.method!=="GET"))return pr(t.URL.searchParams)}async function jn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return pr(n)}var Ue=Bn;function Vn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var hr=t=>t.httpStatus!==void 0;function Xn(t){if(t instanceof D){let{error:e}=t;if(hr(e))return e.httpStatus}return w.UNAUTHORIZED}function Jn(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof D){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),hr(n)&&n.scope&&r.set("scope",n.scope)}return r}var Kn=t=>async(e,r)=>{let n=Xn(r),o=Jn(r,t?.realmName),i=Vn(o),{response:s}=e;s.headers.set("WWW-Authenticate",i),s.setStatusCode(n),await s.end()},Ne=Kn;var Yn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},Qn=t=>async e=>t(e),ae=class extends Error{},we=class extends ae{};function Zn(t){if(t instanceof we)return new D(We(t.message),t.message,{cause:t});throw new ne(t.message,{cause:t})}function yt(t){let e=t.decoder,r=t.authConverter??Qn(Yn({}));return async n=>{if(lr(n)){let o=n.token;try{let i=await e(o);return await r(i)}catch(i){throw i instanceof ae?Zn(i):i}}}}function wt(t){let e=t.entryPoint??Ne({}),r=t?.converter??Ue({}),n=t.failureHandler??oe({entryPoint:e});if(t.managerResolver!==void 0)return z({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??yt(t.jwt);return z({storage:t.storage,converter:r,failureHandler:n,managerResolver:async i=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as io,JwtVerifyError as so}from"@interopio/gateway/jose/jwt";async function fr(t,e,r){let n=new Le("Full authentication is required to access this resource."),o=new A("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function eo(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var gr=t=>{let e=eo(w.FORBIDDEN),r=t.authenticationEntryPoint??ie();return async(n,o)=>{try{await o()}catch(i){if(i instanceof X){let s=await n.principal();ir(s)?(s.authenticated||await e(n,i),await fr(n,s,r)):await fr(n,void 0,r);return}throw i}}};var to=y("security.auth");function St(t){let e=async(r,n)=>{let o;for(let[i,s]of t.mappings)if((await i(n))?.match){to.debug(`checking authorization on '${n.request.path}' using [${i}, ${s}]`);let a=await s.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new F(!1),o};return new _(e)}var Fe=y("security.auth");function bt(t){let{manager:e,storage:r}=t;return async(n,o)=>{let i=q.getContext(r).then(s=>s?.authentication);try{await e.verify(i,n),Fe.enabledFor("debug")&&Fe.debug("authorization successful")}catch(s){throw s instanceof X&&Fe.enabledFor("debug")&&Fe.debug(`authorization failed: ${s.message}`),s}await o()}}var vt=class extends ke{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},mr=t=>{let e=t.storage;return async(r,n)=>{await n(new vt(r,async()=>await q.getContext(e)))}};var yr=t=>{let{principalExtractor:e}=t;return async r=>{let n=r.request.sslInfo;if(n===void 0||n.peerCertificate===void 0)return;let o=n.peerCertificate,i=e(o);return{type:"PreAuthenticated",authenticated:!1,principal:i,name:i??"",credentials:o}}};var Ge=t=>{let e=t?.principalAltName==="email",r=/CN=(.*?)(?:,|$)/mi;return n=>{if(e){let s=n.subjectAltName?.split(", ").find(a=>a.startsWith("email:"));if(s)return s.replace("email:","")}let o=r.exec(n.subject);if(o===null)throw new te(`Cannot extract principal from subject DN: ${n.subject}`);return o[1]}};var J=class{async encode(e){if(e!=null)return await this.encodeDefinedPassword(e.toString())}async matches(e,r){return!e||!r?!1:await this.matchesDefined(e.toString(),r)}upgradeEncoding(e){return e?this.upgradeEncodingDefined(e):!1}upgradeEncodingDefined(e){return!1}},ce=class t extends J{static DEFAULT_ID_PREFIX="{";static DEFAULT_ID_SUFFIX="}";#e;#r;#t;#n;#i;#s=new class extends J{#c;constructor(e){super(),this.#c=e}async encodeDefinedPassword(e){throw new Error("encode is not supported")}async matchesDefined(e,r){let n=this.#c.#o(r);if(!n)throw new Error(`No password encoder mapped for id ${n}`);if(r){let o=r.indexOf(this.#c.#e),i=r.indexOf(this.#c.#r,o+this.#c.#e.length);if(o===-1&&i===-1)throw new Error("No prefix found in encoded password")}throw new Error("malformed password encoder prefix")}}(this);constructor(e,r,n=t.DEFAULT_ID_PREFIX,o=t.DEFAULT_ID_SUFFIX){if(e==null)throw new Error("idForEncode cannot be null or undefined");if(n==null)throw new Error("idPrefix cannot be null or undefined");if(!o)throw new Error("idSuffix cannot be empty");if(n.indexOf(o)!==-1)throw new Error(`idPrefix "${n}" cannot contain idSuffix "${o}"`);if(!r.has(e))throw new Error(`No PasswordEncoder mapped for id "${e}"`);for(let i of r.keys())if(i!==null){if(n&&i.includes(n))throw new Error(`id "${i}" cannot include ${n}`);if(o&&i.includes(o))throw new Error(`id "${i}" cannot include ${o}`)}super(),this.#t=e,this.#n=r.get(e),this.#i=new Map(r),this.#e=n,this.#r=o}set defaultPasswordEncoderForMatches(e){if(e==null)throw new Error("defaultPasswordEncoderForMatches cannot be null or undefined");this.#s=e}async encodeDefinedPassword(e){let r=await this.#n.encode(e);return`${this.#e}${this.#t}${this.#r}${r}`}async matchesDefined(e,r){let n=this.#o(r),o=n?this.#i.get(n):void 0;if(o===void 0)return await this.#s.matches(e,r);{let i=this.#a(r);return await o.matches(e,i)}}#o(e){if(e===void 0)return;let r=e.indexOf(this.#e);if(r!==0)return;let n=e.indexOf(this.#r,r+this.#e.length);if(n!==-1)return e.substring(r+this.#e.length,n)}upgradeEncodingDefined(e){let r=this.#o(e);if(this.#t!==r)return!0;{let n=this.#a(e);return this.#n.upgradeEncoding?.(n)??!1}}#a(e){let r=e.indexOf(this.#r);return e.substring(r+this.#r.length)}},Be=class t extends J{static#e=new t;static get instance(){return t.#e}constructor(){super()}async encodeDefinedPassword(e){return e.toString()}async matchesDefined(e,r){return e.toString()===r}};import{argon2 as H,keygen as ro}from"@interopio/gateway-server/tools";function no(t,e){if(t.length!==e.length)return!1;let r=0;for(let n=0;n<t.length;n++)r|=t[n]^e[n];return r===0}var _e=class extends J{#e;#r;#t;#n;#i;constructor(e=H.DEFAULT_SALT_LENGTH,r=H.DEFAULT_HASH_LENGTH,n=H.DEFAULT_PARALLELISM,o=H.DEFAULT_MEMORY,i=H.DEFAULT_PASSES){super(),this.#e=e,this.#r=r,this.#t=n,this.#n=o,this.#i=i}async matchesDefined(e,r){try{let n=H.decode(r),o=await H.createHash(n.algorithm,e,n.hash.length,n.parameters);return no(n.hash,o)}catch{return!1}}async encodeDefinedPassword(e){let r=ro.createSalt(this.#e),n={memory:this.#n,passes:this.#i,parallelism:this.#t,nonce:r},o=await H.createHash("argon2id",e,this.#r,n);return H.encode({algorithm:"argon2id",version:H.ARGON2_VERSION,parameters:n,hash:o})}upgradeEncodingDefined(e){let r=H.decode(e);return r.version<H.ARGON2_VERSION||r.parameters.memory<this.#n||r.parameters.passes<this.#i}};var xt=4096;function wr(){let t="argon2id",e=new Map([[t,new _e],["noop",Be.instance]]);return new ce(t,e,ce.DEFAULT_ID_PREFIX,ce.DEFAULT_ID_SUFFIX)}var Sr={async updatePassword(t,e){return t}},qe=class extends A{username;constructor(e,r,n){super(e,n),this.username=r}},ze=class t{#e;#r;#t=[];#n;#i;#s;#o;#a=e=>e;constructor(){}static ofUsername(e){return new t().username(e)}static ofUserDetails(e){let r=t.ofUsername(e.username).accountExpired(e.accountExpired??!1).accountLocked(e.accountLocked??!1).authorities(e.authorities).credentialsExpired(e.credentialsExpired??!1).disabled(e.disabled??!1);return e.password!==void 0&&r.password(e.password),r}username(e){if(!e)throw new TypeError("username cannot be empty");return this.#e=e,this}password(e){return this.#r=e,this}passwordEncoder(e){if(!e)throw new TypeError("password encoder cannot be null or undefined");return this.#a=e,this}roles(...e){return this.authorities(e.map(r=>{if(r.startsWith("role:"))throw new Error(`${r}  must not start with 'role:' (it is automatically added)`);return{authority:`role:${r}`}}))}authorities(e){return this.#t=[...e],this}accountExpired(e){return this.#n=e,this}accountLocked(e){return this.#i=e,this}credentialsExpired(e){return this.#s=e,this}disabled(e){return this.#o=e,this}build(){if(!this.#e)throw new TypeError("username is required");let e=this.#r!==void 0?this.#a(this.#r):void 0;return{username:this.#e,password:e,authorities:this.#t,accountExpired:this.#n,accountLocked:this.#i,credentialsExpired:this.#s,disabled:this.#o,eraseCredentials(){e=null},toString(){return`User(username=${this.username}, password=[PROTECTED], authorities=${JSON.stringify(this.authorities)}, accountExpired=${this.accountExpired}, accountLocked=${this.accountLocked}, credentialsExpired=${this.credentialsExpired}, disabled=${this.disabled})`}}}};var j=y("security.users");function br(t,e){let r=e?.preAuthenticationChecks??(a=>{if(a.accountLocked)throw j.debug("user account is locked"),new fe("User account is locked");if(a.disabled)throw j.debug("user account is disabled"),new ge("User is disabled");if(a.accountExpired)throw j.debug("user account is expired"),new me("User account has expired")}),n=e?.postAuthenticationChecks??(a=>{if(a.credentialsExpired)throw j.debug("user credentials have expired"),new ye("User credentials have expired")}),o=e?.passwordEncoder??wr(),i=e?.userDetailsPasswordService??Sr,s=async(a,c)=>{let d=a.password;if(d!==void 0&&o.upgradeEncoding?.(d)){let l=await o.encode(c);return await i.updatePassword(a,l)}return a};return async a=>{let c=a.name,d=a.credentials!==void 0&&a.credentials!==null?a.credentials.toString():void 0,u=await t.findByUsername(c);if(!u)throw new Error(`User not found: ${c}`);if(r(u),!await o.matches(d,u.password))throw new te("Invalid Credentials");let l=await s(u,d);n(l);let g=l.password;return{type:"UsernamePassword",principal:l,credentials:g,authorities:l.authorities,authenticated:!0,name:l.username,eraseCredentials(){g=null}}}}function oo(){return t=>{if(t.accountLocked)throw j.debug("failed to authenticate since user account is locked"),new fe("User account is locked");if(t.disabled)throw j.debug("failed to authenticate user account is disabled"),new ge("User is disabled");if(t.accountExpired)throw j.debug("failed to authenticate since user account is expired"),new me("User account has expired");if(t.credentialsExpired)throw j.debug("failed to authenticate since user credentials have expired"),new ye("User credentials have expired")}}function vr(t){let e=t.userDetailsService,r=t.userDetailsChecker??oo(),n=o=>o.type==="PreAuthenticated"&&o.name!==void 0;return async o=>{let i=n(o)&&await e.findByUsername(o.name);if(!i)throw new qe("user not found",o.name);r(i);let s=o.credentials;return{type:"PreAuthenticated",principal:i,credentials:s,authorities:i.authorities,authenticated:!0,details:i,name:i.username,eraseCredentials(){s=null}}}}function Et(t){let e=t.manager??vr({userDetailsService:t.getService("UserDetailsService")}),r=t.extractor??Ge(),n=t.converter??yr({principalExtractor:r});return z({storage:t.storage,manager:e,converter:n})}var $={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},W=Symbol.for("filterOrder"),xr=(t,e)=>{let r=(a,c)=>{if(e===void 0)return c;if(a==="UserDetailsService"&&e.userDetailsService!==void 0)return e.userDetailsService;if(a==="AuthenticationManager"&&e.authenticationManager!==void 0)return e.authenticationManager;if(c!==void 0)return c;throw new Error(`No service registered with name: ${a}`)},n=()=>{if(e.authenticationManager!==void 0)return e.authenticationManager;if(e.userDetailsService!==void 0)return br(e.userDetailsService,{userDetailsPasswordService:e.userDetailsPasswordService})},o=[];class i{#e;#r=[];#t;set authenticationManager(c){this.#t=c}get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:$e({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let d=ft(t.headers);d[W]=$.http_headers,o.push(d)}if(t.x509!==void 0&&t.x509.disabled!==!0){let d=Et({storage:e.storage,getService:r,extractor:Ge({principalAltName:t.x509.principalAltName})});d[W]=$.authentication,o.push(d)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let d=Zt({corsConfigSource:e.corsConfigSource});d[W]=$.cors,o.push(d)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let d=[async({exchange:l,next:g},v)=>g()],u=gt({storage:e.storage,manager:this.#t,defaultEntryPoints:this.#r,defaultSuccessHandlers:d});u[W]=$.http_basic,o.push(u)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let d=io({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),u=async f=>{try{let{payload:h}=await d(f);return{tokenValue:f,subject:h.sub,getClaimAsString(m){return h[m]}}}catch(h){throw h instanceof so?new we(h.message,{cause:h}):new ae("error occurred while attempting to decoding jwt",{cause:h})}},l=Ue({uriQueryParameter:!0}),g=async f=>{try{return await l(f)===void 0?C:T()}catch{return C}},v=Ne({});this.#r.push([g,v]);let p=wt({storage:e.storage,entryPoint:v,converter:l,jwt:{decoder:u}});p[W]=$.authentication,o.push(p)}let c=mr({storage:e.storage});if(o.push(c),c[W]=$.security_context_server_web_exchange,t.authorize!==void 0){let d=gr({authenticationEntryPoint:this.authenticationEntryPoint});d[W]=$.error_translation,o.push(d);let l=(v=>{let p=[],f=!1;for(let[h,m]of v??[]){let k;if(h==="any-exchange")f=!0,k=le;else{if(f)throw new Error("Cannot register other matchers after 'any-exchange' matcher");k=h}let R;if(m.access==="permitted")R=new _(async()=>new F(!0)),R.toString=()=>"AuthorizationManager[permitted]";else if(m.access==="denied")R=new _(async()=>new F(!1)),R.toString=()=>"AuthorizationManager[denied]";else if(m.access==="authenticated")R=new _(async K=>{let Ht=await K;return Ht!==void 0?new F(Ht.authenticated):new F(!1)}),R.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(m)}`);p.push([k,R])}return St({mappings:p})})(t.authorize),g=bt({manager:l,storage:e.storage});g[W]=$.authorization,o.push(g)}o.sort((d,u)=>{let l=d[W]??$.last,g=u[W]??$.last;return l-g})}}let s=new i;return s.authenticationManager=n(),s.build(),o};var je=class{#e=new Map;constructor(...e){for(let r of e)this.#e.set(this.#r(r.username),r)}async findByUsername(e){let r=this.#r(e),n=this.#e.get(r);return n!==void 0?{...n}:void 0}async updatePassword(e,r){let n={...e,password:r};if(n){let o=this.#r(e.username);this.#e.set(o,n)}return n}#r(e){return e.toLowerCase()}};import{randomUUID as ao}from"node:crypto";var Ve=y("auth");function co(t){let e=[],r=t.authConfig?.type,n={access:r!=="none"?"authenticated":"permitted"};Ve.enabledFor("info")&&Ve.info(`using auth type: ${r??"none"}, default access: ${n.access}`);for(let[o,i]of t.sockets){let s=i.authorize??n,a=O(o,{method:"GET"});a=ee([V,a]),e.push([a,s])}return e.push([O("/",{method:"GET"}),{access:"permitted"}]),e.push([O("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([O("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",n]),{authorize:e,cors:{disabled:t.corsConfig===!1},x509:{disabled:r!=="x509",...t.authConfig?.x509},basic:{disabled:r!=="basic",...t.authConfig?.basic},jwt:{disabled:r!=="oauth2",...t.authConfig?.oauth2?.jwt}}}function uo(t){function e(s,a){let c=s.password;if(c===void 0){let d=ao().replaceAll("-","");Ve.enabledFor("info")&&Ve.info(`
+
+ using generated password: ${d}
+
+This generated password is for development only. Your authentication configuration should be updated before running in production.
+`),c=d}if(c.length>xt)throw new Error(`Password length exceeds maximum length of ${xt} characters`);return a!=null||/^\{.+}.*$/.test(c)?c:`{noop}${c}`}let r={name:"dev-user",roles:[],...t.authConfig?.user},n=e(r),o=r.roles,i=ze.ofUsername(r.name).password(n).roles(...o).build();return new je(i)}async function Er(t){let e=or(t),r=uo(t),n=co(t),{storage:o}=t;return xr(n,{storage:o,corsConfigSource:e,userDetailsService:r,userDetailsPasswordService:r})}import{AsyncLocalStorage as lo}from"node:async_hooks";var Xe=class extends Z{},At=class{#e;#r=!1;#t;#n;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new Re(e,r)}set storage(e){this.#n=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:i}=e;if(o.setStatusCode(w.INTERNAL_SERVER_ERROR)){this.#e.error(`${i}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${i}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(i=>{this.handleUnresolvedError(n,i)}).then(async()=>{await n.response.end()}));await new Promise((i,s)=>{this.#n!==void 0?this.#n.run({exchange:n},()=>{o().then(()=>i()).catch(a=>s(a))}):o().then(()=>i()).catch(a=>s(a))})}},Je=class{#e;#r=new lo;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=y("http"),r=new At(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,i)=>r.http(o,i);return this.#t?this.#t(n):n}};import{WebSocketServer as ho}from"ws";function Ar(t,e){let r=t?.exchange,n=r?.request??new Q(t),o=r?.principal,i=o?o.bind(r):async function(){},s=n.URL,a=new x;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:s,headers:a,cookies:c,principal:i,protocol:e,remoteAddress:u,logPrefix:d}}function Cr(t){return[async(r,n)=>{let i=r.request.path??"/",s=t.sockets,a=s.get(i)??Array.from(s.values()).find(c=>{if(i==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await V(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${i}`);else{if(a.default){await n();return}d.setStatusCode(w.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as po}from"ws";var Ke=class extends po{constructor(e,r,n){super(null,void 0,n)}connected},Ye=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#n;#i;#s=!1;#o;constructor(e,r,n){this.#o=e,this.#n=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#n&&(this.#i=setInterval(()=>{let[o,i]=r();for(let s of i)this.#a(s,o)||this.#c(s,o)},this.#n))}#a(e,r){return e.connected===!1?(this.#o.enabledFor("debug")&&this.#o.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#o.enabledFor("trace")&&this.#o.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#o.enabledFor("warn")&&this.#o.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#o.enabledFor("warn")&&this.#o.warn(`${e.logPrefix}failed to pong ws client ${B(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#o.enabledFor("warn")){let o=t.#u(n);if(o>0){let i=Date.now()-o;this.#o.enabledFor("debug")&&this.#o.debug(`${e.logPrefix}ws client ${B(e.remoteAddress)} ping-pong latency: ${i}ms`),this.#n&&i>this.#n/2&&this.#o.enabledFor("warn")&&this.#o.warn(`${e.logPrefix}ws client ${B(e.remoteAddress)} high ping-pong latency: ${i}ms`)}}}};var L=y("ws");function fo(t,e,r,n){return o=>{let{logPrefix:i,request:s}=o,a=He.getNativeRequest(s);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=s.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){L.warn(`${i}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=s.headers.one("origin");if(!qt(l,e.originFilters)){L.enabledFor("info")&&L.info(`${i}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}L.enabledFor("debug")&&L.debug(`${i}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,v)=>{r.emit("connection",g,v)})}}function go(t,e){let r=new Set;t.forEach((o,i)=>{if(i===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(w.SWITCHING_PROTOCOLS);return}let[s,a]=o.split(": ");e.headers.has(s)?t[i]=`${s}: ${e.headers.one(s)}`:e.headers.set(s,a),r.add(s.toLowerCase())});let n=Z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let i=o.toLowerCase();if(!r.has(i)){let s=e.headers.get(i);s!==void 0&&t.push(`${o}: ${s}`)}}n.markHeadersSent()}async function Pr(t,e,r,n,o){try{L.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,Ot):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let i=new ho({noServer:!0,WebSocket:Ke,autoPong:!1}),s=new Ye(L.child("pings"),()=>[t,i.clients],e.ping),a=await e.factory({endpoint:r,storage:n});i.on("error",c=>{L.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{L.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;go(c,u)}}).on("connection",(c,d)=>{let u=Ar(d,c.protocol);c.on("pong",l=>{s.handlePong(u,c,l)}),c.on("ping",l=>{s.handlePing(u,c,l)}),a({socket:c,handshake:u})}),i.on("close",()=>{s.close()}),e.upgradeStrategy=fo(t,e,i,o),e.close=async()=>{await a.close?.call(a),L.info(`stopping ws server for [${t}]. clients: ${i.clients?.size??0}`),i.clients?.forEach(c=>{c.terminate()}),i.close()}}catch(i){L.warn(`failed to init route ${t}`,i)}}import{existsSync as P,readFileSync as G,writeFileSync as Qe,mkdirSync as Ze}from"node:fs";import{dirname as et}from"node:path";import{KEYUTIL as mo,X509 as yo}from"jsrsasign";import{mkcert as Ct}from"@interopio/gateway-server/tools";var de=y("ssl");function Hr(t,e){let r={};if(t.requestCert!==void 0&&(r.requestCert=t.requestCert),t.rejectUnauthorized!==void 0&&(r.rejectUnauthorized=t.rejectUnauthorized),t.key&&t.cert&&P(t.key)&&P(t.cert)){de.info(`using SSL/TLS certificate ${t.cert} with private key in ${t.key}${t.passphrase?" (password-protected)":""}`);let p={key:G(t.key),cert:G(t.cert),...r};return t.passphrase&&(p.passphrase=t.passphrase),t.requestCert&&t.ca&&P(t.ca)&&(p.ca=G(t.ca)),p}if(!t.key&&!t.cert){let p="./gateway-server.key",f="./gateway-server.crt";if(P(p)&&P(f)){de.info(`using SSL/TLS certificate ${f} with private key in ${p}${t.passphrase?" (password-protected)":""}`);let h={key:G(p),cert:G(f),...r};return t.passphrase&&(h.passphrase=t.passphrase),t.requestCert&&t.ca&&P(t.ca)&&(h.ca=G(t.ca)),h}}if(!e)throw new Error("SSL/TLS enabled but no server certificate provided. Either provide ssl.key and ssl.cert, or configure auth.x509.key for auto-generation.");let n=e.key??"gateway-ca.key",o=t.ca??`${n.replace(/\.key$/,".crt")}`,i=e.passphrase??t.passphrase;if(!P(n)){if(P(o))throw new Error(`CA key file not found: ${n} (CA certificate exists: ${o})`);let p=Ct.generateRootCA({name:Ct.DEFAULT_CA_NAME,passphrase:i}),f=et(n);f&&f!=="."&&!P(f)&&Ze(f,{recursive:!0});let h=et(o);h&&h!=="."&&h!==f&&!P(h)&&Ze(h,{recursive:!0}),Qe(n,p.key,{mode:256}),Qe(o,p.cert,{mode:420}),de.info(`created new local Root CA in ${o}, ${n}${i?" (password-protected)":""}`)}let s=G(n,"utf8"),a=mo.getKey(s,i),c=G(o,"utf8"),d=new yo;d.readCertPEM(c);let u=d.getSubjectString(),l=e.host;de.debug(`generating server certificate signed by: ${u} for host: ${l}`);let g=Ct.generateCert(a,u,[l],!1);if(t.key||t.cert){let p=t.key||"./gateway-server.key",f=t.cert||"./gateway-server.crt",h=et(p);h&&h!=="."&&!P(h)&&Ze(h,{recursive:!0});let m=et(f);m&&m!=="."&&m!==h&&!P(m)&&Ze(m,{recursive:!0}),Qe(p,g.key,{mode:384}),Qe(f,g.cert,{mode:420}),de.info(`generated server certificate saved to ${f} with private key in ${p}${i?" (password-protected)":""}`)}else de.info(`using in-memory server certificate for host: ${l}`);let v={key:g.key,cert:g.cert,...r};return t.requestCert&&t.ca&&P(o)&&(v.ca=G(o)),v}import kr from"@interopio/gateway-server/package.json"with{type:"json"};var U=y("app");async function vo(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let i;o instanceof Y?i=o:(n.upgradeHead=o,i=new Y(n),i.assignSocket(n.socket));let s=new Q(n),a=new Pe(i),c=s.method==="HEAD"?new Xe(a):a;await r(s,c)}}function xo(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function Eo(t){if(t)return Gt({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}var Rr=`${kr.name} - v${kr.version}`;async function Ao(t){let e=t.storage,r=await Er(t),n=Cr(t),o=Dt(_t(Rr,t.serverHeader),...r,...n,...t.middleware,async({request:i,response:s},a)=>{if(i.method==="GET"&&i.path==="/health"){s.setStatusCode(w.OK);let c=Buffer.from("UP","utf-8");s.headers.set("Content-Type","text/plain; charset=utf-8"),await s.body(c)}else await a()},async({request:i,response:s},a)=>{if(i.method==="GET"&&i.path==="/"){s.setStatusCode(w.OK);let c=Buffer.from("io.Gateway Server","utf-8");s.headers.set("Content-Type","text/plain; charset=utf-8"),await s.body(c)}else await a()},async({response:i},s)=>{i.setStatusCode(w.NOT_FOUND),await i.end()});return new Je(o).storage(e)}var Pt=async t=>{let e=t.ssl,r=t.host,n=t.auth?.x509?.key?{host:r??"localhost",key:t.auth.x509.key,passphrase:t.auth.x509.passphrase}:void 0,o=e?(p,f)=>So.createServer({...p,...Hr(e,n)},f):(p,f)=>wo.createServer(p,f),i=Eo(t.memory),s={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new bo,sockets:new Map},a=new Se({baseConfig:{...t.gateway},scope:t.gateway?.scope??"principal"});if(t.gateway){let p=t.gateway;await lt(async f=>{f.socket({path:p.route,factory:Mt.bind(a),options:p})},t,s)}t.app&&await lt(t.app,t,s);let c=kt(t.port??0),d=p=>U.error(`socket error: ${p}`,p),u=await Ao(s),l=await vo(u,d),v=await new Promise((p,f)=>{let h=o({IncomingMessage:Ee,ServerResponse:Y,...t.http},l);h.on("error",m=>{if(m.code==="EADDRINUSE"){U.debug(`port ${m.port} already in use on address ${m.address}`);let{value:k}=c.next();k?(U.info(`retry starting server on port ${k} and host ${r??"<unspecified>"}`),h.close(),h.listen(k,r)):(U.warn(`all configured port(s) ${t.port} are in use. closing...`),h.close(),f(m))}else U.error(`server error: ${m.message}`,m),f(m)}),h.on("listening",async()=>{let m=h.address();for(let[k,R]of s.sockets){let K=`${e?"wss":"ws"}://${Rt}:${m.port}${k}`;await Pr(k,R,K,s.storage,d)}U.info(`http server listening on ${e?"https":"http"}://${B(m)}`),p(h)}),h.on("upgrade",(m,k,R)=>{try{l(m,R)}catch(K){U.error(`upgrade error: ${K}`,K)}}).on("close",async()=>{U.info("http server closed.")});try{let{value:m}=c.next();h.listen(m,r)}catch(m){U.error("error starting web socket server",m),f(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=a;get address(){let p=v.address();return typeof p=="object"?p:null}async close(){for(let[p,f]of s.sockets)try{f.close!==void 0&&await f.close()}catch(h){U.warn(`error closing route ${p}`,h)}await xo(p=>{v.closeAllConnections(),v.close(p)}),i&&await Bt(i),await a.stop()}}};var hc=Pt;export{Tr as GatewayServer,hc as default};
 //# sourceMappingURL=index.js.map