@layerzerolabs/vm-tooling 0.2.22 → 0.2.23

package/dist/7O5SJUXT.cjs

@@ -1,354 +0,0 @@
-'use strict';
-
-var QEUMSA6O_cjs = require('./QEUMSA6O.cjs');
-var _3NXVR3DC_cjs = require('./3NXVR3DC.cjs');
-var GVS7FGYI_cjs = require('./GVS7FGYI.cjs');
-var _24WEKBY3_cjs = require('./24WEKBY3.cjs');
-var fs = require('fs');
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/index.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-// ../../node_modules/.pnpm/@smithy+property-provider@4.2.5/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js
-_24WEKBY3_cjs.init_cjs_shims();
-var TokenProviderError = class _TokenProviderError extends GVS7FGYI_cjs.ProviderError {
-  static {
-    _24WEKBY3_cjs.__name(this, "TokenProviderError");
-  }
-  name = "TokenProviderError";
-  constructor(message, options = true) {
-    super(message, options);
-    Object.setPrototypeOf(this, _TokenProviderError.prototype);
-  }
-};
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js
-_24WEKBY3_cjs.init_cjs_shims();
-var isSsoProfile = /* @__PURE__ */ _24WEKBY3_cjs.__name((arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string"), "isSsoProfile");
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js
-_24WEKBY3_cjs.init_cjs_shims();
-var EXPIRE_WINDOW_MS = 5 * 60 * 1e3;
-var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js
-_24WEKBY3_cjs.init_cjs_shims();
-var getSsoOidcClient = /* @__PURE__ */ _24WEKBY3_cjs.__name(async (ssoRegion, init = {}) => {
-  const { SSOOIDCClient } = await import('./634Q3MUX.cjs');
-  const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
-    region: ssoRegion ?? init.clientConfig?.region,
-    logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger
-  }));
-  return ssoOidcClient;
-}, "getSsoOidcClient");
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js
-var getNewSsoOidcToken = /* @__PURE__ */ _24WEKBY3_cjs.__name(async (ssoToken, ssoRegion, init = {}) => {
-  const { CreateTokenCommand } = await import('./634Q3MUX.cjs');
-  const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);
-  return ssoOidcClient.send(new CreateTokenCommand({
-    clientId: ssoToken.clientId,
-    clientSecret: ssoToken.clientSecret,
-    refreshToken: ssoToken.refreshToken,
-    grantType: "refresh_token"
-  }));
-}, "getNewSsoOidcToken");
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js
-_24WEKBY3_cjs.init_cjs_shims();
-var validateTokenExpiry = /* @__PURE__ */ _24WEKBY3_cjs.__name((token) => {
-  if (token.expiration && token.expiration.getTime() < Date.now()) {
-    throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);
-  }
-}, "validateTokenExpiry");
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js
-_24WEKBY3_cjs.init_cjs_shims();
-var validateTokenKey = /* @__PURE__ */ _24WEKBY3_cjs.__name((key, value, forRefresh = false) => {
-  if (typeof value === "undefined") {
-    throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);
-  }
-}, "validateTokenKey");
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js
-_24WEKBY3_cjs.init_cjs_shims();
-var { writeFile } = fs.promises;
-var writeSSOTokenToFile = /* @__PURE__ */ _24WEKBY3_cjs.__name((id, ssoToken) => {
-  const tokenFilepath = QEUMSA6O_cjs.getSSOTokenFilepath(id);
-  const tokenString = JSON.stringify(ssoToken, null, 2);
-  return writeFile(tokenFilepath, tokenString);
-}, "writeSSOTokenToFile");
-
-// ../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js
-var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0);
-var fromSso = /* @__PURE__ */ _24WEKBY3_cjs.__name((_init = {}) => async ({ callerClientConfig } = {}) => {
-  const init = {
-    ..._init,
-    parentClientConfig: {
-      ...callerClientConfig,
-      ..._init.parentClientConfig
-    }
-  };
-  init.logger?.debug("@aws-sdk/token-providers - fromSso");
-  const profiles = await QEUMSA6O_cjs.parseKnownFiles(init);
-  const profileName = QEUMSA6O_cjs.getProfileName({
-    profile: init.profile ?? callerClientConfig?.profile
-  });
-  const profile = profiles[profileName];
-  if (!profile) {
-    throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);
-  } else if (!profile["sso_session"]) {
-    throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);
-  }
-  const ssoSessionName = profile["sso_session"];
-  const ssoSessions = await QEUMSA6O_cjs.loadSsoSessionData(init);
-  const ssoSession = ssoSessions[ssoSessionName];
-  if (!ssoSession) {
-    throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);
-  }
-  for (const ssoSessionRequiredKey of [
-    "sso_start_url",
-    "sso_region"
-  ]) {
-    if (!ssoSession[ssoSessionRequiredKey]) {
-      throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);
-    }
-  }
-  ssoSession["sso_start_url"];
-  const ssoRegion = ssoSession["sso_region"];
-  let ssoToken;
-  try {
-    ssoToken = await QEUMSA6O_cjs.getSSOTokenFromFile(ssoSessionName);
-  } catch (e) {
-    throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);
-  }
-  validateTokenKey("accessToken", ssoToken.accessToken);
-  validateTokenKey("expiresAt", ssoToken.expiresAt);
-  const { accessToken, expiresAt } = ssoToken;
-  const existingToken = {
-    token: accessToken,
-    expiration: new Date(expiresAt)
-  };
-  if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {
-    return existingToken;
-  }
-  if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) {
-    validateTokenExpiry(existingToken);
-    return existingToken;
-  }
-  validateTokenKey("clientId", ssoToken.clientId, true);
-  validateTokenKey("clientSecret", ssoToken.clientSecret, true);
-  validateTokenKey("refreshToken", ssoToken.refreshToken, true);
-  try {
-    lastRefreshAttemptTime.setTime(Date.now());
-    const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);
-    validateTokenKey("accessToken", newSsoOidcToken.accessToken);
-    validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);
-    const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3);
-    try {
-      await writeSSOTokenToFile(ssoSessionName, {
-        ...ssoToken,
-        accessToken: newSsoOidcToken.accessToken,
-        expiresAt: newTokenExpiration.toISOString(),
-        refreshToken: newSsoOidcToken.refreshToken
-      });
-    } catch (error) {
-    }
-    return {
-      token: newSsoOidcToken.accessToken,
-      expiration: newTokenExpiration
-    };
-  } catch (error) {
-    validateTokenExpiry(existingToken);
-    return existingToken;
-  }
-}, "fromSso");
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js
-var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
-var resolveSSOCredentials = /* @__PURE__ */ _24WEKBY3_cjs.__name(async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger }) => {
-  let token;
-  const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
-  if (ssoSession) {
-    try {
-      const _token = await fromSso({
-        profile
-      })();
-      token = {
-        accessToken: _token.token,
-        expiresAt: new Date(_token.expiration).toISOString()
-      };
-    } catch (e) {
-      throw new GVS7FGYI_cjs.CredentialsProviderError(e.message, {
-        tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
-        logger
-      });
-    }
-  } else {
-    try {
-      token = await QEUMSA6O_cjs.getSSOTokenFromFile(ssoStartUrl);
-    } catch (e) {
-      throw new GVS7FGYI_cjs.CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
-        tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
-        logger
-      });
-    }
-  }
-  if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
-    throw new GVS7FGYI_cjs.CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
-      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
-      logger
-    });
-  }
-  const { accessToken } = token;
-  const { SSOClient, GetRoleCredentialsCommand } = await import('./5IOOBAVX.cjs');
-  const sso = ssoClient || new SSOClient(Object.assign({}, clientConfig ?? {}, {
-    logger: clientConfig?.logger ?? parentClientConfig?.logger,
-    region: clientConfig?.region ?? ssoRegion
-  }));
-  let ssoResp;
-  try {
-    ssoResp = await sso.send(new GetRoleCredentialsCommand({
-      accountId: ssoAccountId,
-      roleName: ssoRoleName,
-      accessToken
-    }));
-  } catch (e) {
-    throw new GVS7FGYI_cjs.CredentialsProviderError(e, {
-      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
-      logger
-    });
-  }
-  const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} } = ssoResp;
-  if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
-    throw new GVS7FGYI_cjs.CredentialsProviderError("SSO returns an invalid temporary credential.", {
-      tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
-      logger
-    });
-  }
-  const credentials = {
-    accessKeyId,
-    secretAccessKey,
-    sessionToken,
-    expiration: new Date(expiration),
-    ...credentialScope && {
-      credentialScope
-    },
-    ...accountId && {
-      accountId
-    }
-  };
-  if (ssoSession) {
-    _3NXVR3DC_cjs.setCredentialFeature(credentials, "CREDENTIALS_SSO", "s");
-  } else {
-    _3NXVR3DC_cjs.setCredentialFeature(credentials, "CREDENTIALS_SSO_LEGACY", "u");
-  }
-  return credentials;
-}, "resolveSSOCredentials");
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js
-_24WEKBY3_cjs.init_cjs_shims();
-var validateSsoProfile = /* @__PURE__ */ _24WEKBY3_cjs.__name((profile, logger) => {
-  const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
-  if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
-    throw new GVS7FGYI_cjs.CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}
-Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, {
-      tryNextLink: false,
-      logger
-    });
-  }
-  return profile;
-}, "validateSsoProfile");
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js
-var fromSSO = /* @__PURE__ */ _24WEKBY3_cjs.__name((init = {}) => async ({ callerClientConfig } = {}) => {
-  init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");
-  const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
-  const { ssoClient } = init;
-  const profileName = QEUMSA6O_cjs.getProfileName({
-    profile: init.profile ?? callerClientConfig?.profile
-  });
-  if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
-    const profiles = await QEUMSA6O_cjs.parseKnownFiles(init);
-    const profile = profiles[profileName];
-    if (!profile) {
-      throw new GVS7FGYI_cjs.CredentialsProviderError(`Profile ${profileName} was not found.`, {
-        logger: init.logger
-      });
-    }
-    if (!isSsoProfile(profile)) {
-      throw new GVS7FGYI_cjs.CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
-        logger: init.logger
-      });
-    }
-    if (profile?.sso_session) {
-      const ssoSessions = await QEUMSA6O_cjs.loadSsoSessionData(init);
-      const session = ssoSessions[profile.sso_session];
-      const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
-      if (ssoRegion && ssoRegion !== session.sso_region) {
-        throw new GVS7FGYI_cjs.CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
-          tryNextLink: false,
-          logger: init.logger
-        });
-      }
-      if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
-        throw new GVS7FGYI_cjs.CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
-          tryNextLink: false,
-          logger: init.logger
-        });
-      }
-      profile.sso_region = session.sso_region;
-      profile.sso_start_url = session.sso_start_url;
-    }
-    const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);
-    return resolveSSOCredentials({
-      ssoStartUrl: sso_start_url,
-      ssoSession: sso_session,
-      ssoAccountId: sso_account_id,
-      ssoRegion: sso_region,
-      ssoRoleName: sso_role_name,
-      ssoClient,
-      clientConfig: init.clientConfig,
-      parentClientConfig: init.parentClientConfig,
-      profile: profileName
-    });
-  } else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
-    throw new GVS7FGYI_cjs.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', {
-      tryNextLink: false,
-      logger: init.logger
-    });
-  } else {
-    return resolveSSOCredentials({
-      ssoStartUrl,
-      ssoSession,
-      ssoAccountId,
-      ssoRegion,
-      ssoRoleName,
-      ssoClient,
-      clientConfig: init.clientConfig,
-      parentClientConfig: init.parentClientConfig,
-      profile: profileName
-    });
-  }
-}, "fromSSO");
-
-// ../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/types.js
-_24WEKBY3_cjs.init_cjs_shims();
-
-exports.fromSSO = fromSSO;
-exports.isSsoProfile = isSsoProfile;
-exports.validateSsoProfile = validateSsoProfile;
-//# sourceMappingURL=7O5SJUXT.cjs.map
-//# sourceMappingURL=7O5SJUXT.cjs.map

package/dist/7O5SJUXT.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/index.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js","../../../node_modules/.pnpm/@smithy+property-provider@4.2.5/node_modules/@smithy/property-provider/dist-es/TokenProviderError.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/fromSso.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/constants.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js","../../../node_modules/.pnpm/@aws-sdk+token-providers@3.879.0/node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js","../../../node_modules/.pnpm/@aws-sdk+credential-provider-sso@3.879.0/node_modules/@aws-sdk/credential-provider-sso/dist-es/types.js"],"names":["init_cjs_shims","TokenProviderError","ProviderError","name","message","options","Object","setPrototypeOf","prototype","isSsoProfile","arg","sso_start_url","sso_account_id","sso_session","sso_region","sso_role_name","EXPIRE_WINDOW_MS","REFRESH_MESSAGE","getSsoOidcClient","__name","ssoRegion","init","SSOOIDCClient","ssoOidcClient","assign","clientConfig","region","logger","parentClientConfig","getNewSsoOidcToken","ssoToken","CreateTokenCommand","send","clientId","clientSecret","refreshToken","grantType","validateTokenExpiry","token","expiration","getTime","Date","now","validateTokenKey","key","value","forRefresh","writeFile","fsPromises","writeSSOTokenToFile","id","tokenFilepath","getSSOTokenFilepath","tokenString","JSON","stringify","lastRefreshAttemptTime","fromSso","_init","callerClientConfig","debug","profiles","parseKnownFiles","profileName","getProfileName","profile","ssoSessionName","ssoSessions","loadSsoSessionData","ssoSession","ssoSessionRequiredKey","getSSOTokenFromFile","e","accessToken","expiresAt","existingToken","setTime","newSsoOidcToken","expiresIn","newTokenExpiration","toISOString","error","SHOULD_FAIL_CREDENTIAL_CHAIN","resolveSSOCredentials","ssoStartUrl","ssoAccountId","ssoRoleName","ssoClient","refreshMessage","_token","getSsoTokenProvider","CredentialsProviderError","tryNextLink","SSOClient","GetRoleCredentialsCommand","sso","ssoResp","accountId","roleName","roleCredentials","accessKeyId","secretAccessKey","sessionToken","credentialScope","credentials","setCredentialFeature","validateSsoProfile","keys","join","fromSSO","session","conflictMsg"],"mappings":";;;;;;;;;AAAAA,4BAAA,EAAA;;;ACAAA,4BAAA,EAAA;;;ACAAA,4BAAA,EAAA;AACO,IAAMC,kBAAAA,GAAN,MAAMA,mBAAAA,SAA2BC,0BAAAA,CAAAA;EADxC;;;EAEIC,IAAAA,GAAO,oBAAA;EACP,WAAA,CAAYC,OAAAA,EAASC,UAAU,IAAA,EAAM;AACjC,IAAA,KAAA,CAAMD,SAASC,OAAAA,CAAAA;AACfC,IAAAA,MAAAA,CAAOC,cAAAA,CAAe,IAAA,EAAMN,mBAAAA,CAAmBO,SAAS,CAAA;AAC5D,EAAA;AACJ,CAAA;;;ACPAR,4BAAA,EAAA;AAAO,IAAMS,YAAAA,yCAAgBC,GAAAA,KAAQA,GAAAA,KAChC,OAAOA,GAAAA,CAAIC,aAAAA,KAAkB,QAAA,IAC1B,OAAOD,GAAAA,CAAIE,cAAAA,KAAmB,YAC9B,OAAOF,GAAAA,CAAIG,WAAAA,KAAgB,QAAA,IAC3B,OAAOH,GAAAA,CAAII,eAAe,QAAA,IAC1B,OAAOJ,GAAAA,CAAIK,aAAAA,KAAkB,QAAA,CAAA,EALT,cAAA;;;ACA5Bf,4BAAA,EAAA;;;ACAAA,4BAAA,EAAA;;;ACAAA,4BAAA,EAAA;AAAO,IAAMgB,gBAAAA,GAAmB,IAAI,EAAA,GAAK,GAAA;AAClC,IAAMC,eAAAA,GAAkB,CAAA,+EAAA,CAAA;;;ACD/BjB,4BAAA,EAAA;;;ACAAA,4BAAA,EAAA;AAAO,IAAMkB,gBAAAA,mBAAmBC,oBAAA,CAAA,OAAOC,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACvD,EAAA,MAAM,EAAEC,aAAAA,EAAa,GAAK,MAAM,OAAO,gBAAA,CAAA;AACvC,EAAA,MAAMC,aAAAA,GAAgB,IAAID,aAAAA,CAAchB,MAAAA,CAAOkB,MAAAA,CAAO,EAAC,EAAGH,IAAAA,CAAKI,YAAAA,IAAgB,EAAC,EAAG;IAC/EC,MAAAA,EAAQN,SAAAA,IAAaC,KAAKI,YAAAA,EAAcC,MAAAA;AACxCC,IAAAA,MAAAA,EAAQN,IAAAA,CAAKI,YAAAA,EAAcE,MAAAA,IAAUN,IAAAA,CAAKO,kBAAAA,EAAoBD;AAClE,GAAA,CAAA,CAAA;AACA,EAAA,OAAOJ,aAAAA;AACX,CAAA,EAPgC,kBAAA,CAAA;;;ADCzB,IAAMM,qCAAqBV,oBAAA,CAAA,OAAOW,QAAAA,EAAUV,SAAAA,EAAWC,IAAAA,GAAO,EAAC,KAAC;AACnE,EAAA,MAAM,EAAEU,kBAAAA,EAAkB,GAAK,MAAM,OAAO,gBAAA,CAAA;AAC5C,EAAA,MAAMR,aAAAA,GAAgB,MAAML,gBAAAA,CAAiBE,SAAAA,EAAWC,IAAAA,CAAAA;AACxD,EAAA,OAAOE,aAAAA,CAAcS,IAAAA,CAAK,IAAID,kBAAAA,CAAmB;AAC7CE,IAAAA,QAAAA,EAAUH,QAAAA,CAASG,QAAAA;AACnBC,IAAAA,YAAAA,EAAcJ,QAAAA,CAASI,YAAAA;AACvBC,IAAAA,YAAAA,EAAcL,QAAAA,CAASK,YAAAA;IACvBC,SAAAA,EAAW;AACf,GAAA,CAAA,CAAA;AACJ,CAAA,EATkC,oBAAA,CAAA;;;AEDlCpC,4BAAA,EAAA;AAEO,IAAMqC,mBAAAA,yCAAuBC,KAAAA,KAAAA;AAChC,EAAA,IAAIA,KAAAA,CAAMC,cAAcD,KAAAA,CAAMC,UAAAA,CAAWC,SAAO,GAAKC,IAAAA,CAAKC,KAAG,EAAI;AAC7D,IAAA,MAAM,IAAIzC,kBAAAA,CAAmB,CAAA,kBAAA,EAAqBgB,eAAAA,IAAmB,KAAA,CAAA;AACzE,EAAA;AACJ,CAAA,EAJmC,qBAAA,CAAA;;;ACFnCjB,4BAAA,EAAA;AAEO,IAAM2C,gBAAAA,mBAAmBxB,oBAAA,CAAA,CAACyB,GAAAA,EAAKC,KAAAA,EAAOC,aAAa,KAAA,KAAK;AAC3D,EAAA,IAAI,OAAOD,UAAU,WAAA,EAAa;AAC9B,IAAA,MAAM,IAAI5C,kBAAAA,CAAmB,CAAA,uBAAA,EAA0B2C,GAAAA,CAAAA,cAAAA,EAAoBE,UAAAA,GAAa,kBAAA,GAAqB,EAAA,CAAA,EAAA,EAAO7B,eAAAA,CAAAA,CAAAA,EAAmB,KAAA,CAAA;AAC3I,EAAA;AACJ,CAAA,EAJgC,kBAAA,CAAA;;;ACFhCjB,4BAAA,EAAA;AAEA,IAAM,EAAE+C,WAAS,GAAKC,WAAAA;AACf,IAAMC,mBAAAA,mBAAsB9B,oBAAA,CAAA,CAAC+B,EAAAA,EAAIpB,QAAAA,KAAAA;AACpC,EAAA,MAAMqB,aAAAA,GAAgBC,iCAAoBF,EAAAA,CAAAA;AAC1C,EAAA,MAAMG,WAAAA,GAAcC,IAAAA,CAAKC,SAAAA,CAAUzB,QAAAA,EAAU,MAAM,CAAA,CAAA;AACnD,EAAA,OAAOiB,SAAAA,CAAUI,eAAeE,WAAAA,CAAAA;AACpC,CAAA,EAJmC,qBAAA,CAAA;;;ANInC,IAAMG,sBAAAA,mBAAyB,IAAIf,IAAAA,CAAK,CAAA,CAAA;AACjC,IAAMgB,OAAAA,mBAAUtC,oBAAA,CAAA,CAACuC,KAAAA,GAAQ,EAAC,KAAM,OAAO,EAAEC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACrE,EAAA,MAAMtC,IAAAA,GAAO;IACT,GAAGqC,KAAAA;IACH9B,kBAAAA,EAAoB;MAChB,GAAG+B,kBAAAA;AACH,MAAA,GAAGD,KAAAA,CAAM9B;AACb;AACJ,GAAA;AACAP,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,oCAAA,CAAA;AACnB,EAAA,MAAMC,QAAAA,GAAW,MAAMC,4BAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,EAAA,MAAM0C,cAAcC,2BAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,MAAMA,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,EAAA,IAAI,CAACE,OAAAA,EAAS;AACV,IAAA,MAAM,IAAIhE,kBAAAA,CAAmB,CAAA,SAAA,EAAY8D,WAAAA,oDAA+D,KAAA,CAAA;EAC5G,CAAA,MAAA,IACS,CAACE,OAAAA,CAAQ,aAAA,CAAA,EAAgB;AAC9B,IAAA,MAAM,IAAIhE,kBAAAA,CAAmB,CAAA,SAAA,EAAY8D,WAAAA,CAAAA,6CAAAA,CAA0D,CAAA;AACvG,EAAA;AACA,EAAA,MAAMG,cAAAA,GAAiBD,QAAQ,aAAA,CAAA;AAC/B,EAAA,MAAME,WAAAA,GAAc,MAAMC,+BAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,EAAA,MAAMgD,UAAAA,GAAaF,YAAYD,cAAAA,CAAAA;AAC/B,EAAA,IAAI,CAACG,UAAAA,EAAY;AACb,IAAA,MAAM,IAAIpE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBiE,cAAAA,oDAAkE,KAAA,CAAA;AACnH,EAAA;AACA,EAAA,KAAA,MAAWI,qBAAAA,IAAyB;AAAC,IAAA,eAAA;AAAiB,IAAA;AAAe,GAAA,EAAA;AACjE,IAAA,IAAI,CAACD,UAAAA,CAAWC,qBAAAA,CAAAA,EAAwB;AACpC,MAAA,MAAM,IAAIrE,kBAAAA,CAAmB,CAAA,aAAA,EAAgBiE,cAAAA,CAAAA,gCAAAA,EAAiDI,qBAAAA,MAA2B,KAAA,CAAA;AAC7H,IAAA;AACJ,EAAA;AACA,EAAoBD,WAAW,eAAA;AAC/B,EAAA,MAAMjD,SAAAA,GAAYiD,WAAW,YAAA,CAAA;AAC7B,EAAA,IAAIvC,QAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,QAAAA,GAAW,MAAMyC,iCAAoBL,cAAAA,CAAAA;AACzC,EAAA,CAAA,CAAA,OACOM,CAAAA,EAAG;AACN,IAAA,MAAM,IAAIvE,kBAAAA,CAAmB,CAAA,8CAAA,EAAiD8D,WAAAA,CAAAA,8BAAAA,EAA4C9C,eAAAA,IAAmB,KAAA,CAAA;AACjJ,EAAA;AACA0B,EAAAA,gBAAAA,CAAiB,aAAA,EAAeb,SAAS2C,WAAW,CAAA;AACpD9B,EAAAA,gBAAAA,CAAiB,WAAA,EAAab,SAAS4C,SAAS,CAAA;AAChD,EAAA,MAAM,EAAED,WAAAA,EAAaC,SAAAA,EAAS,GAAK5C,QAAAA;AACnC,EAAA,MAAM6C,aAAAA,GAAgB;IAAErC,KAAAA,EAAOmC,WAAAA;IAAalC,UAAAA,EAAY,IAAIE,KAAKiC,SAAAA;AAAW,GAAA;AAC5E,EAAA,IAAIC,cAAcpC,UAAAA,CAAWC,OAAAA,KAAYC,IAAAA,CAAKC,GAAAA,KAAQ1B,gBAAAA,EAAkB;AACpE,IAAA,OAAO2D,aAAAA;AACX,EAAA;AACA,EAAA,IAAIlC,KAAKC,GAAAA,EAAG,GAAKc,uBAAuBhB,OAAAA,EAAO,GAAK,KAAK,GAAA,EAAM;AAC3DH,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACAhC,EAAAA,gBAAAA,CAAiB,UAAA,EAAYb,QAAAA,CAASG,QAAAA,EAAU,IAAA,CAAA;AAChDU,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASI,YAAAA,EAAc,IAAA,CAAA;AACxDS,EAAAA,gBAAAA,CAAiB,cAAA,EAAgBb,QAAAA,CAASK,YAAAA,EAAc,IAAA,CAAA;AACxD,EAAA,IAAI;AACAqB,IAAAA,sBAAAA,CAAuBoB,OAAAA,CAAQnC,IAAAA,CAAKC,GAAAA,EAAG,CAAA;AACvC,IAAA,MAAMmC,eAAAA,GAAkB,MAAMhD,kBAAAA,CAAmBC,QAAAA,EAAUV,WAAWC,IAAAA,CAAAA;AACtEsB,IAAAA,gBAAAA,CAAiB,aAAA,EAAekC,gBAAgBJ,WAAW,CAAA;AAC3D9B,IAAAA,gBAAAA,CAAiB,WAAA,EAAakC,gBAAgBC,SAAS,CAAA;AACvD,IAAA,MAAMC,kBAAAA,GAAqB,IAAItC,IAAAA,CAAKA,IAAAA,CAAKC,KAAG,GAAKmC,eAAAA,CAAgBC,YAAY,GAAA,CAAA;AAC7E,IAAA,IAAI;AACA,MAAA,MAAM7B,oBAAoBiB,cAAAA,EAAgB;QACtC,GAAGpC,QAAAA;AACH2C,QAAAA,WAAAA,EAAaI,eAAAA,CAAgBJ,WAAAA;AAC7BC,QAAAA,SAAAA,EAAWK,mBAAmBC,WAAAA,EAAW;AACzC7C,QAAAA,YAAAA,EAAc0C,eAAAA,CAAgB1C;OAClC,CAAA;AACJ,IAAA,CAAA,CAAA,OACO8C,KAAAA,EAAO;AACd,IAAA;AACA,IAAA,OAAO;AACH3C,MAAAA,KAAAA,EAAOuC,eAAAA,CAAgBJ,WAAAA;MACvBlC,UAAAA,EAAYwC;AAChB,KAAA;AACJ,EAAA,CAAA,CAAA,OACOE,KAAAA,EAAO;AACV5C,IAAAA,mBAAAA,CAAoBsC,aAAAA,CAAAA;AACpB,IAAA,OAAOA,aAAAA;AACX,EAAA;AACJ,CAAA,EA/EuB,SAAA,CAAA;;;ADJvB,IAAMO,4BAAAA,GAA+B,KAAA;AAC9B,IAAMC,qBAAAA,mBAAwBhE,oBAAA,CAAA,OAAO,EAAEiE,WAAAA,EAAaf,UAAAA,EAAYgB,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAaC,SAAAA,EAAW9D,YAAAA,EAAcG,kBAAAA,EAAoBqC,OAAAA,EAAStC,QAAM,KAAG;AACxK,EAAA,IAAIW,KAAAA;AACJ,EAAA,MAAMkD,cAAAA,GAAiB,CAAA,6EAAA,CAAA;AACvB,EAAA,IAAInB,UAAAA,EAAY;AACZ,IAAA,IAAI;AACA,MAAA,MAAMoB,MAAAA,GAAS,MAAMC,OAAAA,CAAoB;AAAEzB,QAAAA;AAAQ,OAAA,CAAA,EAAA;AACnD3B,MAAAA,KAAAA,GAAQ;AACJmC,QAAAA,WAAAA,EAAagB,MAAAA,CAAOnD,KAAAA;AACpBoC,QAAAA,SAAAA,EAAW,IAAIjC,IAAAA,CAAKgD,MAAAA,CAAOlD,UAAU,EAAEyC,WAAAA;AAC3C,OAAA;AACJ,IAAA,CAAA,CAAA,OACOR,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,qCAAAA,CAAyBnB,CAAAA,CAAEpE,OAAAA,EAAS;QAC1CwF,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;EACJ,CAAA,MACK;AACD,IAAA,IAAI;AACAW,MAAAA,KAAAA,GAAQ,MAAMiC,iCAAoBa,WAAAA,CAAAA;AACtC,IAAA,CAAA,CAAA,OACOZ,CAAAA,EAAG;AACN,MAAA,MAAM,IAAImB,qCAAAA,CAAyB,CAAA,yDAAA,EAA4DH,cAAAA,CAAAA,CAAAA,EAAkB;QAC7GI,WAAAA,EAAaV,4BAAAA;AACbvD,QAAAA;OACJ,CAAA;AACJ,IAAA;AACJ,EAAA;AACA,EAAA,IAAI,IAAIc,IAAAA,CAAKH,KAAAA,CAAMoC,SAAS,CAAA,CAAElC,SAAO,GAAKC,IAAAA,CAAKC,GAAAA,EAAG,IAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAIiD,qCAAAA,CAAyB,CAAA,0DAAA,EAA6DH,cAAAA,CAAAA,CAAAA,EAAkB;MAC9GI,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAE8C,aAAW,GAAKnC,KAAAA;AACxB,EAAA,MAAM,EAAEuD,SAAAA,EAAWC,yBAAAA,EAAyB,GAAK,MAAM,OAAO,gBAAA,CAAA;AAC9D,EAAA,MAAMC,GAAAA,GAAMR,SAAAA,IACR,IAAIM,SAAAA,CAAUvF,MAAAA,CAAOkB,OAAO,EAAC,EAAGC,YAAAA,IAAgB,EAAC,EAAG;IAChDE,MAAAA,EAAQF,YAAAA,EAAcE,UAAUC,kBAAAA,EAAoBD,MAAAA;AACpDD,IAAAA,MAAAA,EAAQD,cAAcC,MAAAA,IAAUN;AACpC,GAAA,CAAA,CAAA;AACJ,EAAA,IAAI4E,OAAAA;AACJ,EAAA,IAAI;AACAA,IAAAA,OAAAA,GAAU,MAAMD,GAAAA,CAAI/D,IAAAA,CAAK,IAAI8D,yBAAAA,CAA0B;MACnDG,SAAAA,EAAWZ,YAAAA;MACXa,QAAAA,EAAUZ,WAAAA;AACVb,MAAAA;AACJ,KAAA,CAAA,CAAA;AACJ,EAAA,CAAA,CAAA,OACOD,CAAAA,EAAG;AACN,IAAA,MAAM,IAAImB,sCAAyBnB,CAAAA,EAAG;MAClCoB,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM,EAAEwE,eAAAA,EAAiB,EAAEC,WAAAA,EAAaC,eAAAA,EAAiBC,YAAAA,EAAc/D,UAAAA,EAAYgE,eAAAA,EAAiBN,SAAAA,EAAS,GAAK,EAAC,EAAC,GAAMD,OAAAA;AAC1H,EAAA,IAAI,CAACI,WAAAA,IAAe,CAACC,mBAAmB,CAACC,YAAAA,IAAgB,CAAC/D,UAAAA,EAAY;AAClE,IAAA,MAAM,IAAIoD,sCAAyB,8CAAA,EAAgD;MAC/EC,WAAAA,EAAaV,4BAAAA;AACbvD,MAAAA;KACJ,CAAA;AACJ,EAAA;AACA,EAAA,MAAM6E,WAAAA,GAAc;AAChBJ,IAAAA,WAAAA;AACAC,IAAAA,eAAAA;AACAC,IAAAA,YAAAA;IACA/D,UAAAA,EAAY,IAAIE,KAAKF,UAAAA,CAAAA;AACrB,IAAA,GAAIgE,eAAAA,IAAmB;AAAEA,MAAAA;AAAgB,KAAA;AACzC,IAAA,GAAIN,SAAAA,IAAa;AAAEA,MAAAA;AAAU;AACjC,GAAA;AACA,EAAA,IAAI5B,UAAAA,EAAY;AACZoC,IAAAA,kCAAAA,CAAqBD,WAAAA,EAAa,mBAAmB,GAAA,CAAA;EACzD,CAAA,MACK;AACDC,IAAAA,kCAAAA,CAAqBD,WAAAA,EAAa,0BAA0B,GAAA,CAAA;AAChE,EAAA;AACA,EAAA,OAAOA,WAAAA;AACX,CAAA,EA9EqC,uBAAA,CAAA;;;AQLrCxG,4BAAA,EAAA;AACO,IAAM0G,kBAAAA,mBAAqBvF,oBAAA,CAAA,CAAC8C,OAAAA,EAAStC,MAAAA,KAAAA;AACxC,EAAA,MAAM,EAAEhB,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,eAAa,GAAKkD,OAAAA;AACrE,EAAA,IAAI,CAACtD,aAAAA,IAAiB,CAACC,kBAAkB,CAACE,UAAAA,IAAc,CAACC,aAAAA,EAAe;AACpE,IAAA,MAAM,IAAI4E,sCAAyB,CAAA,8IAAA,EACwBrF,MAAAA,CAAOqG,KAAK1C,OAAAA,CAAAA,CAAS2C,IAAAA,CAAK,IAAA,CAAA;AAA6F,kFAAA,CAAA,EAAA;MAAEhB,WAAAA,EAAa,KAAA;AAAOjE,MAAAA;KAAO,CAAA;AACnN,EAAA;AACA,EAAA,OAAOsC,OAAAA;AACX,CAAA,EAPkC,oBAAA;;;AXI3B,IAAM4C,OAAAA,mBAAU1F,oBAAA,CAAA,CAACE,IAAAA,GAAO,EAAC,KAAM,OAAO,EAAEsC,kBAAAA,EAAkB,GAAK,EAAC,KAAC;AACpEtC,EAAAA,IAAAA,CAAKM,MAAAA,EAAQiC,MAAM,4CAAA,CAAA;AACnB,EAAA,MAAM,EAAEwB,WAAAA,EAAaC,YAAAA,EAAcjE,SAAAA,EAAWkE,WAAAA,EAAajB,YAAU,GAAKhD,IAAAA;AAC1E,EAAA,MAAM,EAAEkE,WAAS,GAAKlE,IAAAA;AACtB,EAAA,MAAM0C,cAAcC,2BAAAA,CAAe;IAC/BC,OAAAA,EAAS5C,IAAAA,CAAK4C,WAAWN,kBAAAA,EAAoBM;GACjD,CAAA;AACA,EAAA,IAAI,CAACmB,eAAe,CAACC,YAAAA,IAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,IAAe,CAACjB,UAAAA,EAAY;AAC5E,IAAA,MAAMR,QAAAA,GAAW,MAAMC,4BAAAA,CAAgBzC,IAAAA,CAAAA;AACvC,IAAA,MAAM4C,OAAAA,GAAUJ,SAASE,WAAAA,CAAAA;AACzB,IAAA,IAAI,CAACE,OAAAA,EAAS;AACV,MAAA,MAAM,IAAI0B,qCAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,eAAAA,CAAAA,EAA8B;AAAEpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OAAO,CAAA;AACtG,IAAA;AACA,IAAA,IAAI,CAAClB,YAAAA,CAAawD,OAAAA,CAAAA,EAAU;AACxB,MAAA,MAAM,IAAI0B,qCAAAA,CAAyB,CAAA,QAAA,EAAW5B,WAAAA,CAAAA,wCAAAA,CAAAA,EAAuD;AACjGpC,QAAAA,MAAAA,EAAQN,IAAAA,CAAKM;OACjB,CAAA;AACJ,IAAA;AACA,IAAA,IAAIsC,SAASpD,WAAAA,EAAa;AACtB,MAAA,MAAMsD,WAAAA,GAAc,MAAMC,+BAAAA,CAAmB/C,IAAAA,CAAAA;AAC7C,MAAA,MAAMyF,OAAAA,GAAU3C,WAAAA,CAAYF,OAAAA,CAAQpD,WAAW,CAAA;AAC/C,MAAA,MAAMkG,WAAAA,GAAc,CAAA,2BAAA,EAA8BhD,WAAAA,CAAAA,iBAAAA,EAA+BE,QAAQpD,WAAW,CAAA,CAAA;AACpG,MAAA,IAAIO,SAAAA,IAAaA,SAAAA,KAAc0F,OAAAA,CAAQhG,UAAAA,EAAY;AAC/C,QAAA,MAAM,IAAI6E,qCAAAA,CAAyB,CAAA,sBAAA,CAAA,GAA2BoB,WAAAA,EAAa;UACvEnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACA,MAAA,IAAIyD,WAAAA,IAAeA,WAAAA,KAAgB0B,OAAAA,CAAQnG,aAAAA,EAAe;AACtD,QAAA,MAAM,IAAIgF,qCAAAA,CAAyB,CAAA,yBAAA,CAAA,GAA8BoB,WAAAA,EAAa;UAC1EnB,WAAAA,EAAa,KAAA;AACbjE,UAAAA,MAAAA,EAAQN,IAAAA,CAAKM;SACjB,CAAA;AACJ,MAAA;AACAsC,MAAAA,OAAAA,CAAQnD,aAAagG,OAAAA,CAAQhG,UAAAA;AAC7BmD,MAAAA,OAAAA,CAAQtD,gBAAgBmG,OAAAA,CAAQnG,aAAAA;AACpC,IAAA;AACA,IAAA,MAAM,EAAEA,aAAAA,EAAeC,cAAAA,EAAgBE,UAAAA,EAAYC,aAAAA,EAAeF,aAAW,GAAK6F,kBAAAA,CAAmBzC,OAAAA,EAAS5C,IAAAA,CAAKM,MAAM,CAAA;AACzH,IAAA,OAAOwD,qBAAAA,CAAsB;MACzBC,WAAAA,EAAazE,aAAAA;MACb0D,UAAAA,EAAYxD,WAAAA;MACZwE,YAAAA,EAAczE,cAAAA;MACdQ,SAAAA,EAAWN,UAAAA;MACXwE,WAAAA,EAAavE,aAAAA;AACbwE,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA,CAAA,MAAA,IACS,CAACqB,WAAAA,IAAe,CAACC,gBAAgB,CAACjE,SAAAA,IAAa,CAACkE,WAAAA,EAAa;AAClE,IAAA,MAAM,IAAIK,sCAAyB,8HAAA,EAC8B;MAAEC,WAAAA,EAAa,KAAA;AAAOjE,MAAAA,MAAAA,EAAQN,IAAAA,CAAKM;KAAO,CAAA;EAC/G,CAAA,MACK;AACD,IAAA,OAAOwD,qBAAAA,CAAsB;AACzBC,MAAAA,WAAAA;AACAf,MAAAA,UAAAA;AACAgB,MAAAA,YAAAA;AACAjE,MAAAA,SAAAA;AACAkE,MAAAA,WAAAA;AACAC,MAAAA,SAAAA;AACA9D,MAAAA,YAAAA,EAAcJ,IAAAA,CAAKI,YAAAA;AACnBG,MAAAA,kBAAAA,EAAoBP,IAAAA,CAAKO,kBAAAA;MACzBqC,OAAAA,EAASF;KACb,CAAA;AACJ,EAAA;AACJ,CAAA,EAnEuB,SAAA;;;AYLvB/D,4BAAA,EAAA","file":"7O5SJUXT.cjs","sourcesContent":["export * from \"./fromSSO\";\nexport * from \"./isSsoProfile\";\nexport * from \"./types\";\nexport * from \"./validateSsoProfile\";\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, loadSsoSessionData, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { isSsoProfile } from \"./isSsoProfile\";\nimport { resolveSSOCredentials } from \"./resolveSSOCredentials\";\nimport { validateSsoProfile } from \"./validateSsoProfile\";\nexport const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {\n    init.logger?.debug(\"@aws-sdk/credential-provider-sso - fromSSO\");\n    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;\n    const { ssoClient } = init;\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {\n        const profiles = await parseKnownFiles(init);\n        const profile = profiles[profileName];\n        if (!profile) {\n            throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });\n        }\n        if (!isSsoProfile(profile)) {\n            throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {\n                logger: init.logger,\n            });\n        }\n        if (profile?.sso_session) {\n            const ssoSessions = await loadSsoSessionData(init);\n            const session = ssoSessions[profile.sso_session];\n            const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;\n            if (ssoRegion && ssoRegion !== session.sso_region) {\n                throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {\n                throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {\n                    tryNextLink: false,\n                    logger: init.logger,\n                });\n            }\n            profile.sso_region = session.sso_region;\n            profile.sso_start_url = session.sso_start_url;\n        }\n        const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);\n        return resolveSSOCredentials({\n            ssoStartUrl: sso_start_url,\n            ssoSession: sso_session,\n            ssoAccountId: sso_account_id,\n            ssoRegion: sso_region,\n            ssoRoleName: sso_role_name,\n            ssoClient: ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n    else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {\n        throw new CredentialsProviderError(\"Incomplete configuration. The fromSSO() argument hash must include \" +\n            '\"ssoStartUrl\", \"ssoAccountId\", \"ssoRegion\", \"ssoRoleName\"', { tryNextLink: false, logger: init.logger });\n    }\n    else {\n        return resolveSSOCredentials({\n            ssoStartUrl,\n            ssoSession,\n            ssoAccountId,\n            ssoRegion,\n            ssoRoleName,\n            ssoClient,\n            clientConfig: init.clientConfig,\n            parentClientConfig: init.parentClientConfig,\n            profile: profileName,\n        });\n    }\n};\n","import { ProviderError } from \"./ProviderError\";\nexport class TokenProviderError extends ProviderError {\n    name = \"TokenProviderError\";\n    constructor(message, options = true) {\n        super(message, options);\n        Object.setPrototypeOf(this, TokenProviderError.prototype);\n    }\n}\n","export const isSsoProfile = (arg) => arg &&\n    (typeof arg.sso_start_url === \"string\" ||\n        typeof arg.sso_account_id === \"string\" ||\n        typeof arg.sso_session === \"string\" ||\n        typeof arg.sso_region === \"string\" ||\n        typeof arg.sso_role_name === \"string\");\n","import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromSso as getSsoTokenProvider } from \"@aws-sdk/token-providers\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getSSOTokenFromFile } from \"@smithy/shared-ini-file-loader\";\nconst SHOULD_FAIL_CREDENTIAL_CHAIN = false;\nexport const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger, }) => {\n    let token;\n    const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;\n    if (ssoSession) {\n        try {\n            const _token = await getSsoTokenProvider({ profile })();\n            token = {\n                accessToken: _token.token,\n                expiresAt: new Date(_token.expiration).toISOString(),\n            };\n        }\n        catch (e) {\n            throw new CredentialsProviderError(e.message, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    else {\n        try {\n            token = await getSSOTokenFromFile(ssoStartUrl);\n        }\n        catch (e) {\n            throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {\n                tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n                logger,\n            });\n        }\n    }\n    if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {\n        throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { accessToken } = token;\n    const { SSOClient, GetRoleCredentialsCommand } = await import(\"./loadSso\");\n    const sso = ssoClient ||\n        new SSOClient(Object.assign({}, clientConfig ?? {}, {\n            logger: clientConfig?.logger ?? parentClientConfig?.logger,\n            region: clientConfig?.region ?? ssoRegion,\n        }));\n    let ssoResp;\n    try {\n        ssoResp = await sso.send(new GetRoleCredentialsCommand({\n            accountId: ssoAccountId,\n            roleName: ssoRoleName,\n            accessToken,\n        }));\n    }\n    catch (e) {\n        throw new CredentialsProviderError(e, {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;\n    if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {\n        throw new CredentialsProviderError(\"SSO returns an invalid temporary credential.\", {\n            tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n            logger,\n        });\n    }\n    const credentials = {\n        accessKeyId,\n        secretAccessKey,\n        sessionToken,\n        expiration: new Date(expiration),\n        ...(credentialScope && { credentialScope }),\n        ...(accountId && { accountId }),\n    };\n    if (ssoSession) {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO\", \"s\");\n    }\n    else {\n        setCredentialFeature(credentials, \"CREDENTIALS_SSO_LEGACY\", \"u\");\n    }\n    return credentials;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from \"@smithy/shared-ini-file-loader\";\nimport { EXPIRE_WINDOW_MS, REFRESH_MESSAGE } from \"./constants\";\nimport { getNewSsoOidcToken } from \"./getNewSsoOidcToken\";\nimport { validateTokenExpiry } from \"./validateTokenExpiry\";\nimport { validateTokenKey } from \"./validateTokenKey\";\nimport { writeSSOTokenToFile } from \"./writeSSOTokenToFile\";\nconst lastRefreshAttemptTime = new Date(0);\nexport const fromSso = (_init = {}) => async ({ callerClientConfig } = {}) => {\n    const init = {\n        ..._init,\n        parentClientConfig: {\n            ...callerClientConfig,\n            ..._init.parentClientConfig,\n        },\n    };\n    init.logger?.debug(\"@aws-sdk/token-providers - fromSso\");\n    const profiles = await parseKnownFiles(init);\n    const profileName = getProfileName({\n        profile: init.profile ?? callerClientConfig?.profile,\n    });\n    const profile = profiles[profileName];\n    if (!profile) {\n        throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);\n    }\n    else if (!profile[\"sso_session\"]) {\n        throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);\n    }\n    const ssoSessionName = profile[\"sso_session\"];\n    const ssoSessions = await loadSsoSessionData(init);\n    const ssoSession = ssoSessions[ssoSessionName];\n    if (!ssoSession) {\n        throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);\n    }\n    for (const ssoSessionRequiredKey of [\"sso_start_url\", \"sso_region\"]) {\n        if (!ssoSession[ssoSessionRequiredKey]) {\n            throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);\n        }\n    }\n    const ssoStartUrl = ssoSession[\"sso_start_url\"];\n    const ssoRegion = ssoSession[\"sso_region\"];\n    let ssoToken;\n    try {\n        ssoToken = await getSSOTokenFromFile(ssoSessionName);\n    }\n    catch (e) {\n        throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);\n    }\n    validateTokenKey(\"accessToken\", ssoToken.accessToken);\n    validateTokenKey(\"expiresAt\", ssoToken.expiresAt);\n    const { accessToken, expiresAt } = ssoToken;\n    const existingToken = { token: accessToken, expiration: new Date(expiresAt) };\n    if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {\n        return existingToken;\n    }\n    if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n    validateTokenKey(\"clientId\", ssoToken.clientId, true);\n    validateTokenKey(\"clientSecret\", ssoToken.clientSecret, true);\n    validateTokenKey(\"refreshToken\", ssoToken.refreshToken, true);\n    try {\n        lastRefreshAttemptTime.setTime(Date.now());\n        const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);\n        validateTokenKey(\"accessToken\", newSsoOidcToken.accessToken);\n        validateTokenKey(\"expiresIn\", newSsoOidcToken.expiresIn);\n        const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);\n        try {\n            await writeSSOTokenToFile(ssoSessionName, {\n                ...ssoToken,\n                accessToken: newSsoOidcToken.accessToken,\n                expiresAt: newTokenExpiration.toISOString(),\n                refreshToken: newSsoOidcToken.refreshToken,\n            });\n        }\n        catch (error) {\n        }\n        return {\n            token: newSsoOidcToken.accessToken,\n            expiration: newTokenExpiration,\n        };\n    }\n    catch (error) {\n        validateTokenExpiry(existingToken);\n        return existingToken;\n    }\n};\n","export const EXPIRE_WINDOW_MS = 5 * 60 * 1000;\nexport const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;\n","import { getSsoOidcClient } from \"./getSsoOidcClient\";\nexport const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {\n    const { CreateTokenCommand } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);\n    return ssoOidcClient.send(new CreateTokenCommand({\n        clientId: ssoToken.clientId,\n        clientSecret: ssoToken.clientSecret,\n        refreshToken: ssoToken.refreshToken,\n        grantType: \"refresh_token\",\n    }));\n};\n","export const getSsoOidcClient = async (ssoRegion, init = {}) => {\n    const { SSOOIDCClient } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n    const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {\n        region: ssoRegion ?? init.clientConfig?.region,\n        logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger,\n    }));\n    return ssoOidcClient;\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenExpiry = (token) => {\n    if (token.expiration && token.expiration.getTime() < Date.now()) {\n        throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenKey = (key, value, forRefresh = false) => {\n    if (typeof value === \"undefined\") {\n        throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? \". Cannot refresh\" : \"\"}. ${REFRESH_MESSAGE}`, false);\n    }\n};\n","import { getSSOTokenFilepath } from \"@smithy/shared-ini-file-loader\";\nimport { promises as fsPromises } from \"fs\";\nconst { writeFile } = fsPromises;\nexport const writeSSOTokenToFile = (id, ssoToken) => {\n    const tokenFilepath = getSSOTokenFilepath(id);\n    const tokenString = JSON.stringify(ssoToken, null, 2);\n    return writeFile(tokenFilepath, tokenString);\n};\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport const validateSsoProfile = (profile, logger) => {\n    const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;\n    if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {\n        throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", ` +\n            `\"sso_region\", \"sso_role_name\", \"sso_start_url\". Got ${Object.keys(profile).join(\", \")}\\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });\n    }\n    return profile;\n};\n","export {};\n"]}