@netacea/cloudfront 7.0.13 → 7.0.14

package/dist/index.js

@@ -1,2 +1,2 @@
-"use strict";var e=require("node:crypto"),t=require("node:buffer"),a=require("aws4"),i=require("jose"),s=require("uuid");function o(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(a){if("default"!==a){var i=Object.getOwnPropertyDescriptor(e,a);Object.defineProperty(t,a,i.get?i:{enumerable:!0,get:function(){return e[a]}})}})),t.default=e,Object.freeze(t)}var n,r,c,d=o(i),h=o(s);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(n||(n={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(r||(r={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(c||(c={}));const u=3e3;const l="_/@#/",p={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},g={0:p.none,1:p.block,2:p.none,3:p.block,4:p.none},f={1:p.captcha,2:p.captchaPass,3:p.captcha,4:p.allow,5:p.captcha,6:p.allow,7:p.captcha,a:p.captcha,b:p.captchaPass,c:p.captcha,d:p.allow,e:p.captcha};var y=Object.freeze({__proto__:null,COOKIEDELIMITER:l,bestMitigationCaptchaMap:f,bestMitigationMap:g,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post",a:"checkpoint_serve",b:"checkpoint_pass",c:"checkpoint_fail",d:"checkpoint_cookiepass",e:"checkpoint_cookiefail"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7,checkpointServe:"a",checkpointPass:"b",checkpointFail:"c",checkpointCookiePass:"d",checkpointCookieFail:"e"},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"flagged"},mitigationTypes:p,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const m="ignored",S="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),k=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d|[a-z]))$/i;function C(e){if(void 0===e)return;const t=e.match(k);if(null!=t){const[,e,a,i,s,o,n,r,c]=t;return{signature:e,expiry:a,userId:i,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function v(t=16,a=S){const i=e.randomBytes(t-1);return`c${Array.from(i).map((e=>a[e%a.length])).join("")}`}function b(a,i){const s=e.createHmac("sha256",i);return s.update(a),t.Buffer.from(s.digest("hex")).toString("base64")}function I(e,t,a){const i={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return i;const s=C(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(l),i=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<i,n=["1","3","5","a","c","e"].includes(s.captcha),r="3"===s.mitigate,c=n||r,d=b(t+"|"+s.expiry,a),h=s.ipHash===d;return{mitata:s,requiresReissue:o||!h,isExpired:o,shouldExpire:c,isSameIP:h,isPrimaryHashValid:s.signature===b(e,a),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return i}function w(e,t){const a=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==a&&a.length>0?a?.replace(`${t}=`,""):void 0}function A(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":N(e.split(";"),t).join("; ")}function N(e,t=!1){if(t)return N(e.reverse()).reverse();const a=new Set,i=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();a.has(e)||(a.add(e),i.push(t))}return i}var q=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let a=e=A(e??"",!0),i=t=A(t??"",!0);if(void 0!==e&&void 0!==t){const s=w(e,"Domain"),o=w(t,"Domain");void 0!==s&&void 0!==o?i=t.replace(o,s):void 0!==s&&void 0===o?i=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(a=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=w(e,"Domain");void 0!==t&&(i=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=w(t,"Domain");void 0!==e&&(a=`Domain=${e}`)}return{cookieAttributes:""!==a?a:void 0,captchaCookieAttributes:""!==i?i:void 0}},extractAndRemoveCookieAttr:function(e,t){const a=w(e,t);if(void 0!==a){return{extractedAttribute:a,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${a}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:w,removeDuplicateAttrs:A});var T=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const a=e.slice(0,t),i=e.slice(t+1),s=i.indexOf(";");if(s<0){return{name:a,value:i,attributes:""}}return{name:a,value:i.slice(0,s),attributes:i.slice(s).trimStart()}}});const E={cookie:{parse:T,attributes:q}};class P{constructor(e){this.crypto=e}async hashString(e,t,a=!1){const i=a?[...t].sort():[...t],s=(new TextEncoder).encode(i.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(a?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const a=P.filterHeaderNames(e);if(0===a.length)return"";try{return await this.hashString("SHA-256",a,t)}catch(e){return console.error(e),""}}}const R=globalThis.fetch.bind(globalThis);var x="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},O={},_={};Object.defineProperty(_,"__esModule",{value:!0}),_.validateRedirectLocation=void 0,_.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var L={},K={};function H(e,t){for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const i=e[a]??"",s=D("string"==typeof i?i:i.join("; "),t);if(void 0!==s)return s}}function M(e,t){const a=[];for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const s=e[i]??"",o="string"==typeof s?s:s.join("; ");a.push(...j(o,t))}return a}function D(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(a)))}function j(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(a)))}Object.defineProperty(K,"__esModule",{value:!0}),K.findAllInCookieString=K.findFirstInCookieString=K.findAllInHeaders=K.findFirstInHeaders=K.findOnlyValueInHeaders=K.findAllValuesInHeaders=K.findFirstValueInHeaders=void 0,K.findFirstValueInHeaders=function(e,t){const a=H(e,t);if(void 0!==a)return a.slice(t.length+1)},K.findAllValuesInHeaders=function(e,t){return M(e,t).map((e=>e.slice(t.length+1)))},K.findOnlyValueInHeaders=function(e,t){const a=M(e,t);if(a.length>1)throw new Error(`Found more than one cookie with name ${t}`);return a[0]?.slice(t.length+1)},K.findFirstInHeaders=H,K.findAllInHeaders=M,K.findFirstInCookieString=D,K.findAllInCookieString=j;var F={};function B(e){return"set-cookie"===e||"Set-Cookie"===e}function V(e,t){const a=t+"=";return e.startsWith(a)}function U(e,t){if(!V(e,t))throw new Error(`Cookie '${t}' not found in '${e}'`);return e.slice(t.length+1).split(";")[0]}function $(e,t){const a=e[t]??[];return"string"==typeof a?[a]:a}function z(e,t){for(const a of Object.keys(e)){if(!B(a))continue;const i=G($(e,a),t);if(void 0!==i)return i}}function G(e,t){return e.map((e=>e.trimStart())).find((e=>V(e,t)))}function Q(e,t){const a=[];for(const i of Object.keys(e)){if(!B(i))continue;const s=$(e,i);a.push(...W(s,t))}return a}function W(e,t){return e.map((e=>e.trimStart())).filter((e=>V(e,t)))}Object.defineProperty(F,"__esModule",{value:!0}),F.findAllInSetCookieStrings=F.findAllInHeaders=F.findValueInSetCookieStrings=F.findFirstInSetCookieStrings=F.findFirstInHeaders=F.findOnlyValueInHeaders=F.findFirstValueInHeaders=F.parseValueFromString=void 0,F.parseValueFromString=U,F.findFirstValueInHeaders=function(e,t){const a=z(e,t);return void 0!==a?U(a,t):void 0},F.findOnlyValueInHeaders=function(e,t){const a=Q(e,t);if(a.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return void 0!==a[0]?U(a[0],t):void 0},F.findFirstInHeaders=z,F.findFirstInSetCookieStrings=G,F.findValueInSetCookieStrings=function(e,t){const a=G(e,t);if(void 0!==a)return U(a,t)},F.findAllInHeaders=Q,F.findAllInSetCookieStrings=W;var J=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),X=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Y=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&J(t,e,a);return X(t,e),t};Object.defineProperty(L,"__esModule",{value:!0}),L.setCookie=L.cookie=void 0,L.cookie=Y(K),L.setCookie=Y(F);var Z={},ee={},te={};Object.defineProperty(te,"__esModule",{value:!0}),te.KINESIS_URL=te.API_VERSION=te.REGION=te.PAYLOAD_TYPE=te.STATE=void 0,te.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},te.PAYLOAD_TYPE="string",te.REGION="eu-west-1",te.API_VERSION="2013-12-02",te.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com";var ae={};Object.defineProperty(ae,"__esModule",{value:!0}),ae.headersToRecord=ae.increaseBatchSize=ae.handleFailedLogs=ae.batchArrayForKinesis=ae.sleep=void 0,ae.sleep=async function(e){await new Promise((t=>{setTimeout(t,e)}))},ae.batchArrayForKinesis=function(e,t,a){const i=[];for(let s=0;s<e.length;s+=t){const o=e.slice(s,s+t);i.push({Data:a.from(JSON.stringify(o)).toString("base64"),PartitionKey:Date.now().toString()})}return i},ae.handleFailedLogs=function(e,t,a){const i=2*a,s=[...e,...t],o=s.length-i;return o>0&&(console.error(`Netacea Error :: failed to send ${o} log(s) to Kinesis ingest.`),s.splice(0,o)),s},ae.increaseBatchSize=function(e,t){return e!==t?Math.min(t,2*e):e},ae.headersToRecord=function(e){const t={};return e.forEach(((e,a)=>{t[a]=e})),t},Object.defineProperty(ee,"__esModule",{value:!0}),ee.WebStandardKinesis=void 0;const ie=te,se=ae;ee.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){if(this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,void 0===t.kinesisAccessKey)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===t.kinesisSecretKey)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),a=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:(0,se.headersToRecord)(a.headers),host:ie.KINESIS_URL,method:"POST",path:"/",body:a.body}),this.logBatchSize=(0,se.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,se.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,se.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,se.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}async signRequest(e,t,a,i){const s={Records:(0,se.batchArrayForKinesis)(a,i,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(ie.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var oe={};Object.defineProperty(oe,"__esModule",{value:!0}),oe.Kinesis=void 0;const ne=te,re=ae;oe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize=(0,re.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,re.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,re.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,re.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,a){const{accessKeyId:i,secretAccessKey:s}=e,o={Records:(0,re.batchArrayForKinesis)(t,a,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ne.REGION},{accessKeyId:i,secretAccessKey:s})}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ee;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var a=oe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return a.Kinesis}})}(Z);var ce={};function de(e,t){let a=null;if("number"==typeof e)a=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(a=t)}if(null===a){if("number"!=typeof t.defaultValue)return t.defaultValue;a=t.defaultValue}return void 0!==t.minValue&&(a=Math.max(t.minValue,a)),void 0!==t.maxValue&&(a=Math.min(t.maxValue,a)),a}Object.defineProperty(ce,"__esModule",{value:!0}),ce.parseHttpHeaderName=ce.stringOrDefault=ce.parseIntOrDefault=ce.parseNumberOrDefault=void 0,ce.parseNumberOrDefault=de,ce.parseIntOrDefault=function(e,t){const a=de(e,t);return"number"==typeof a?Math.floor(a):a},ce.stringOrDefault=function(e,t){return"string"==typeof e&&""!==e?e:"number"==typeof e?e.toString():t},ce.parseHttpHeaderName=function(e){if("string"!=typeof e)return;return/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(e)?e:void 0};var he={};Object.defineProperty(he,"__esModule",{value:!0}),he.searchParamsFromRecord=void 0,he.searchParamsFromRecord=function(e){const t=new URLSearchParams;for(const[a,i]of Object.entries(e))t.append(a,i);return t};var ue={},le={},pe=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),ge=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),fe=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&pe(t,e,a);return ge(t,e),t};Object.defineProperty(le,"__esModule",{value:!0}),le.isJweEncrypted=le.decrypt=le.encrypt=void 0;const ye=fe(i);le.encrypt=async function(e,t){const a=ye.base64url.decode(t),i=(new TextEncoder).encode(e);return await new ye.CompactEncrypt(i).setProtectedHeader({alg:"dir",enc:"A128CBC-HS256"}).encrypt(a)},le.decrypt=async function(e,t){const a=ye.base64url.decode(t),{plaintext:i}=await ye.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(i)},le.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var me=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),Se=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ke=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&me(t,e,a);return Se(t,e),t};Object.defineProperty(ue,"__esModule",{value:!0}),ue.jwe=void 0,ue.jwe=ke(le);var Ce,ve,be={};function Ie(){if(ve)return O;ve=1;var e=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),t=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),a=x&&x.__importStar||function(a){if(a&&a.__esModule)return a;var i={};if(null!=a)for(var s in a)"default"!==s&&Object.prototype.hasOwnProperty.call(a,s)&&e(i,a,s);return t(i,a),i};return Object.defineProperty(O,"__esModule",{value:!0}),O.graphql=O.webcrypto=O.url=O.parsing=O.ingest=O.headers=O.configValidation=void 0,O.configValidation=a(_),O.headers=a(L),O.ingest=a(Z),O.parsing=a(ce),O.url=a(he),O.webcrypto=a(ue),O.graphql=a(function(){if(Ce)return be;Ce=1,Object.defineProperty(be,"__esModule",{value:!0}),be.truncateLongFields=be.parseGraphQl=be.parseGraphQlRequestBody=be.getGraphQLParserConfig=void 0;const e=Ie();function t(e,t){const a=e.parserRegex;return t.match(a)?.groups??{}}function a(e,t){const a=e.maxValueLength;for(const e of Object.keys(t)){const o=t[e];t[e]=(s=a,(i=o).length<=s?i:i.slice(0,s)+"…")}var i,s;return t}return be.getGraphQLParserConfig=function(t){const a={includePaths:[],maxParsableBytes:e.parsing.parseIntOrDefault(t?.maxParsableBytes,{defaultValue:1e6,minValue:1e3}),maxValueLength:e.parsing.parseIntOrDefault(t?.maxValueLength,{defaultValue:256,minValue:8}),parserRegex:/^\s*(?<OpType>query|mutation|subscription)\s+(?<OpName>[_A-Za-z][_0-9A-Za-z]+)?/};if(Array.isArray(t?.includePaths))for(const e of t.includePaths)"string"==typeof e&&a.includePaths.push(e);try{if(t?.parserRegex instanceof RegExp)a.parserRegex=t?.parserRegex;else if("object"==typeof t?.parserRegex){const{regex:e,flags:i}=t?.parserRegex;"string"==typeof e&&(a.parserRegex=new RegExp(e,i))}}catch{}return a},be.parseGraphQlRequestBody=function(e,i){if(""===i)throw new Error("Netacea Error: Empty GraphQL body received");const s=JSON.parse(i);if("object"!=typeof s)throw new Error("Netacea Error: Invalid GraphQL JSON");const o={...t(e,s?.query??"")},n=(s?.operationName??"").trim();return""!==n&&(o.OpName=n),a(e,o)},be.parseGraphQl=t,be.truncateLongFields=a,be}()),O}var we=Ie();async function Ae(e,t){const a=d.base64url.decode(t),i=(new TextEncoder).encode(e);return await new d.CompactEncrypt(i).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(a)}async function Ne(e,t){const a=d.base64url.decode(t),{plaintext:i}=await d.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(i)}function qe(e){const t={"set-cookie":[]};for(const a of e)t["set-cookie"]?.push({key:"set-cookie",value:a});return t}function Te(e,t,a){return e===a&&"post"===t.toLowerCase()}function Ee(e,t,a){let i=e;try{i=new URL(e).pathname}catch(e){}return void 0!==a&&a.length>0&&i===a&&"get"===t.toLowerCase()}function Pe(e,t){const a=e[t];return"string"==typeof a?a:a?.[0]}function Re(e,t){const a=Pe(e,t);if(void 0!==a)return parseInt(a,10)}const{configureCookiesDomain:xe}=E.cookie.attributes;class Oe{static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaCaptchaVerificationPath;captchaFeedbackHeaderName;graphQL;netaceaBlockedResponseRedirectLocation;netaceaBlockedResponseStatus=403;netaceaBlockedResponseBody="Forbidden";netaceaBlockedResponseContentType="text/plain; charset=utf-8";constructor(e){if(e.ingestType=n.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??r.INGEST,this.ingestType=e.ingestType??n.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?u:t,this.netaceaCookieName=_e(e.netaceaCookieName)??"_mitata",this.netaceaCaptchaCookieName=_e(e.netaceaCaptchaCookieName)??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const a=xe(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var i,s;if(this.netaceaCookieAttributes=a.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=a.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(i=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?i===r.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=_e(e.netaceaBlockedResponseRedirectLocation),void 0!==e.netaceaBlockedResponseStatus){const t=we.parsing.parseNumberOrDefault(e.netaceaBlockedResponseStatus,{defaultValue:403});!isNaN(t)&&t>=100&&t<=599&&(this.netaceaBlockedResponseStatus=t)}void 0!==e.netaceaBlockedResponseBody&&(this.netaceaBlockedResponseBody=e.netaceaBlockedResponseBody);const o=e.netaceaBlockedResponseContentType;void 0!==o&&""!==o&&(this.netaceaBlockedResponseContentType=o),this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath,this.netaceaCaptchaVerificationPath=e.netaceaCaptchaVerificationPath??"/AtaVerifyCaptcha",""===this.netaceaCaptchaVerificationPath&&(this.netaceaCaptchaVerificationPath="/AtaVerifyCaptcha"),this.netaceaCaptchaVerificationPath?.startsWith("/")||(this.netaceaCaptchaVerificationPath="/"+this.netaceaCaptchaVerificationPath),this.captchaFeedbackHeaderName=we.parsing.parseHttpHeaderName(e.captchaFeedbackHeaderName),this.graphQL=we.graphql.getGraphQLParserConfig(e.graphQL)}}function _e(e){if("string"==typeof e&&""!==e){const t=e.trim();if(t.length>0)return t}}const Le="unknown";function Ke(e,t,a,i,s,o=!1){i=function(e,t){let a=e;return t||("2"===e?a="4":"3"===e?a="5":"b"===e?a="d":"c"===e&&(a="e")),a}(i,s),o&&(i="6");let n=y.matchMap[t]??Le+"_";n+=y.mitigateMap[a]??Le;let c=y.bestMitigationMap[a];if("0"!==i){n+=","+(y.captchaMap[i]??Le);const e=y.bestMitigationCaptchaMap[i];void 0!==e&&(c=e)}return e===r.INJECT&&(c=y.mitigationTypes.none),{sessionStatus:n,mitigation:c,parts:{match:t,mitigate:a,captcha:i}}}function He(e){if(void 0===e)return;const t={...e.headers??{}};if(""!==(e.body??"")){void 0===Object.entries(t).find((([e])=>"content-type"===e.toLowerCase()))&&(t["content-type"]=[{key:"content-type",value:"text/html; charset=UTF-8"}])}return{...e,headers:t}}function Me(e,t){return{"x-netacea-match":e.match,"x-netacea-mitigate":e.mitigate,"x-netacea-captcha":e.captcha}}const De=we.headers.setCookie;function je(e,t,a){"/"!==t[0]&&(t=`/${t}`);const i=t.split("?");return`${e} ${i[0]}${(i.length>1?`?${i[1]}`:void 0)??""}`}async function Fe({config:e,request:t,requestState:a,requestDetails:i},s,o){const n=await async function(e,t,a){const i=t?.["set-cookie"]??[],s=i.map((e=>e.value)),o=De.findValueInSetCookieStrings(s,a);if(void 0===o)return;const{cookieEncryptionKey:n,encryptedCookies:r}=e,c=r.includes(a);if(void 0===n||!c)return o;try{return await Ne(o,n)}catch{return o}}(e,s.headers,e.netaceaCookieName)??"",c=""!==n?n:i.sessionDetails.sessionCookie;let d="0",h="0",u="0";const l=C(c);void 0!==l&&(d=l.match,h=l.mitigate,u=l.captcha);const p=a.sessionStatus,g=a.protectorApiLatency,f=a.protectorApiStatus,y=Date.now()-a.requestStartTimestamp,m=function(e,t,a){if(Te(t.uri,t.method,e.netaceaCaptchaVerificationPath))return!0;if(void 0===a)return!1;const i=null!=a.headers?a.headers["set-cookie"]:void 0,s=i?.find((t=>t.value.split("=")[0]===e.netaceaCaptchaCookieName)),o=void 0!==s;return e.mitigationType===r.INJECT&&o}(e,t,s),S=Ee(t.uri,t.method,e.netaceaCheckpointSignalPath),k=void 0!==a.sessionStatus?void 0:Ke(e.mitigationType,d,h,u,m,S).sessionStatus,{sessionCookieStatus:v}=i.sessionDetails,b=t.headers[Oe.NetaceaTrueUserAgentHeader]?.[0]?.value??i.headers.userAgent,I=t.headers.referer?.[0]?.value,w=void 0!==a.resHandlerStartTime?Date.now()-a.resHandlerStartTime:0;return{BytesSent:t.headers["content-length"]?.[0]?.value??"0",GraphQL:i.graphQL,HeaderHash:a.headerFingerprint??"-",IntegrationType:"@netacea/cloudfront".replace("@netacea/","")??"",IntegrationVersion:"7.0.13",NetaceaMitigationApplied:p??k??"",NetaceaUserIdCookie:c??"",NetaceaUserIdCookieStatus:v,ProtectionMode:e.mitigationType,ProtectorLatencyMs:g,ProtectorStatus:f,Query:t.querystring,RealIp:i.clientIp,Referer:""===I?"-":I,ReqHandlerId:a.reqHandlerId,ReqHandlerMs:a.reqHandlerMs??y,Request:je(i.method,i.url),RequestHost:t.headers.host?.[0]?.value,RequestId:i.requestId??"",RequestTime:y?.toString(),ResHandlerId:o,ResHandlerMs:w,Status:s.status,TimeLocal:(new Date).toUTCString(),TimeUnixMsUTC:Date.now(),UserAgent:b,WorkerInstanceId:o,XForwardedFor:t.headers["x-forwarded-for"]?.[0]?.value}}class Be extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}const Ve="x-netacea-integration-state";function Ue(e){return we.parsing.parseIntOrDefault(e,{defaultValue:void 0})}function $e(e){return"string"==typeof e?e:void 0}class ze{constructor(e){this.sessionCookieMaxAge=e.sessionCookieMaxAge,this.protectorApiLatency=e.protectorApiLatency,this.protectorApiStatus=e.protectorApiStatus,this.reqHandlerId=e.reqHandlerId,this.reqHandlerMs=e.reqHandlerMs,this.requestStartTimestamp=e.requestStartTimestamp??Date.now(),this.resHandlerId=e.resHandlerId,this.resHandlerStartTime=e.resHandlerStartTime,this.sessionStatus=e.sessionStatus,this.setCookies=e.setCookie??[],this.sessionCodes=e.sessionCodes??{match:"",mitigate:"",captcha:""},this.shouldSetSessionCookie=e.shouldSetSessionCookie??!1,this.eventId=e.eventId,this.headerFingerprint=e.headerFingerprint,this.bytesReceived=e.bytesReceived,this.graphQLFields=e.graphQLFields}async saveToRequest(e,t){const a=JSON.stringify({protectorApiLatency:this.protectorApiLatency,protectorApiStatus:this.protectorApiStatus,reqHandlerId:this.reqHandlerId,reqHandlerMs:this.reqHandlerMs,requestStartTimestamp:this.requestStartTimestamp,resHandlerId:this.resHandlerId,resHandlerStartTime:this.resHandlerStartTime,sessionStatus:this.sessionStatus,setCookies:this.setCookies,sessionCodes:this.sessionCodes,sessionCookieMaxAge:this.sessionCookieMaxAge,shouldSetSessionCookie:this.shouldSetSessionCookie,eventId:this.eventId,headerFingerprint:this.headerFingerprint,bytesReceived:this.bytesReceived,graphQLFields:this.graphQLFields});e.headers[Ve]=void 0!==t?[{key:Ve,value:await Ae(a,t)}]:[{key:Ve,value:Buffer.from(a).toString("base64")}]}recordProtectorApiError(e){this.sessionStatus="error_open",this.protectorApiLatency=e.latencyMs,this.protectorApiStatus=e.protectorApiResponse.status}static async fromRequest(e,t){let a=e.headers[Ve]?.[0]?.value;if(void 0===a)return new ze({});try{a=void 0!==t?await Ne(a,t):Buffer.from(a,"base64").toString();const e=JSON.parse(a);if("object"==typeof e&&null!==e)return new ze({requestStartTimestamp:"requestStartTimestamp"in e?we.parsing.parseIntOrDefault(e.requestStartTimestamp,{defaultValue:Date.now()}):Date.now(),sessionStatus:"sessionStatus"in e?$e(e.sessionStatus):void 0,protectorApiLatency:"protectorApiLatency"in e?Ue(e.protectorApiLatency):void 0,protectorApiStatus:"protectorApiStatus"in e?Ue(e.protectorApiStatus):void 0,reqHandlerId:"reqHandlerId"in e?$e(e.reqHandlerId):void 0,reqHandlerMs:"reqHandlerMs"in e?Ue(e.reqHandlerMs):void 0,resHandlerId:"resHandlerId"in e?$e(e.resHandlerId):void 0,resHandlerStartTime:"resHandlerStartTime"in e?Ue(e.resHandlerStartTime):void 0,setCookie:"setCookies"in e&&Array.isArray(e.setCookies)?e.setCookies.filter((e=>"string"==typeof e)):[],sessionCodes:"sessionCodes"in e&&"object"==typeof e.sessionCodes&&null!==e.sessionCodes?{match:$e(e.sessionCodes.match)??"0",mitigate:$e(e.sessionCodes.mitigate)??"0",captcha:$e(e.sessionCodes.captcha)??"0"}:{match:"",mitigate:"",captcha:""},sessionCookieMaxAge:"sessionCookieMaxAge"in e?Ue(e.sessionCookieMaxAge):void 0,shouldSetSessionCookie:"shouldSetSessionCookie"in e&&Boolean(e.shouldSetSessionCookie),eventId:"eventId"in e?$e(e.eventId):void 0,headerFingerprint:"headerFingerprint"in e?$e(e.headerFingerprint):void 0,bytesReceived:"bytesReceived"in e?Ue(e.bytesReceived):void 0,graphQLFields:"graphQLFields"in e&&"object"==typeof e.graphQLFields&&null!==e.graphQLFields?e.graphQLFields:void 0})}catch{}return new ze({})}static getFreshState(e){return delete e.headers["x-netacea-integration-state"],new ze({})}}var Ge;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(Ge||(Ge={}));class Qe{config;constructor(e){this.config=e}async getNetaceaRequestDetails(t,a){const{request:i}=t.cf,{uri:s,method:o}=i,n=await this.readCookie(i,this.config.sessionCookieName),c=await this.readCookie(i,this.config.captchaCookieName),d=function(e,t){const{clientIp:a}=e;if(void 0===t||""===t)return a;const i=e.headers[t]?.[0]?.value;return void 0===i||""===i?a:"x-forwarded-for"===t?i.split(/, ?/).pop()??a:i}(i,this.config.ipHeaderName),h=we.parsing.parseIntOrDefault(i.headers["content-length"]?.[0]?.value,{defaultValue:0}),{sessionCookieDetails:u,sessionCookieStatus:l,sessionStatus:p,userId:g}=function(e,t,a,i,s){const o=I(i,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const i=o.userId,{isExpired:s,shouldExpire:n,isSameIP:c}=o,d=s||n||!c&&e.mitigationType!==r.INGEST?Ge.RENEW_SESSION:Ge.EXISTING_SESSION,{sessionStatus:h}=Ke(e.mitigationType,o.match,o.mitigate,o.captcha,Te(t,a,e.netaceaCaptchaVerificationPath));return{userId:i,sessionCookieStatus:d,sessionStatus:h,sessionCookieDetails:o}}return{sessionStatus:"",userId:v(),sessionCookieStatus:Ge.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,s,o,n,d);let f=a.headerFingerprint;void 0===f&&(f=await async function(t){const a=new P(e),i=t.headers[Oe.HeadersInOriginalOrderHeader]?.[0].value??"";let s="";if(""!==i)s=await a.hashHeaders(i.split(":"));else{const e=Object.entries(t.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));s=await a.hashHeaders(e,!0)}return s}(i),a.headerFingerprint=f);const y={bytesReceived:Math.max(h,i.body?.data.length??0),clientIp:d,graphQL:void 0,method:o,requestId:t.cf.config.requestId,url:s,headerFingerprint:f,headers:{accept:i.headers.accept?.[0]?.value,contentType:i.headers["content-type"]?.[0]?.value,host:i.headers.host?.[0]?.value,userAgent:i.headers["user-agent"]?.[0]?.value??""},sessionDetails:{sessionCookie:n,sessionStatus:p,captchaToken:c,sessionCookieDetails:u,sessionCookieStatus:l,userId:g}};""===a.sessionCodes.match&&(a.sessionCodes.match=u?.match??"0"),""===a.sessionCodes.mitigate&&(a.sessionCodes.mitigate=u?.mitigate??"0"),""===a.sessionCodes.captcha&&(a.sessionCodes.captcha=u?.captcha??"0"),void 0!==a.bytesReceived&&(y.bytesReceived=a.bytesReceived),void 0!==a.graphQLFields&&(y.graphQL=a.graphQLFields);const m=t?.cf?.config?.eventType?.toLowerCase();if(m?.includes("response"))return y;if(void 0===y.graphQL)try{const e=function(e,t){const a=e.includePaths;return t.bytesReceived<=e.maxParsableBytes&&a.includes(t.url)&&"POST"===t.method&&void 0!==t.headers.accept&&t.headers.accept.toLocaleLowerCase().includes("graphql")&&"application/json"===t.headers.contentType}(this.config.graphQL,y);if(e){const{graphQL:e,bytesReceived:t}=await async function(e,t){const a="base64"===t.body?.encoding?Buffer.from(t.body?.data??"","base64").toString():t.body?.data??"";if(""===a)throw new Error("Netacea Error: No GraphQL Body");return{bytesReceived:a.length,graphQL:we.graphql.parseGraphQlRequestBody(e,a)}}(this.config.graphQL,i);y.bytesReceived=t,a.bytesReceived=t,y.graphQL=e,a.graphQLFields=e}}catch(e){if(console.error(e),e instanceof Je){const t=e.bodySize;t>y.bytesReceived&&(y.bytesReceived=t)}}return y}async readCookie(e,t){const a=We(e.headers,t,"set-cookie"),i=""!==a?a:We(e.headers,t,"cookie");if(null==i)return;const s=i.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const a=e.slice(o.length),i=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&i.includes(t))try{return await Ne(a,this.config.cookieEncryptionKey)}catch(e){return}return a}}}function We(e,t,a,i=""){if(void 0!==e?.[a]){const i=e[a];if(void 0!==i){const e=i.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return i}class Je extends Error{bodySize;constructor(e,t){super(e),this.bodySize=t}}function Xe(e){return new Qe({captchaCookieName:e.netaceaCaptchaCookieName,cookieEncryptionKey:e.cookieEncryptionKey,encryptedCookies:e.encryptedCookies,graphQL:e.graphQL,ipHeaderName:e.ipHeaderName,mitigationType:e.mitigationType,netaceaCaptchaVerificationPath:e.netaceaCaptchaVerificationPath,secretKey:e.secretKey,sessionCookieName:e.netaceaCookieName})}const{extractCookieAttr:Ye,extractAndRemoveCookieAttr:Ze,removeDuplicateAttrs:et}=E.cookie.attributes,tt=E.cookie.parse.parseSetCookie,{mitigationTypes:at,netaceaHeaders:it}=y;exports.Cloudfront=class{workerInstanceId;config;kinesis;constructor(e){this.config=new Oe(e),this.config.ingestType===n.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new we.ingest.Kinesis({deps:{aws4:a,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.workerInstanceId=h.v4()}async handleRequest(e){let t;try{t=await async function(e,t){const a=t.Records[0],i=ze.getFreshState(a.cf.request),s=Xe(e),o=await s.getNetaceaRequestDetails(a,i);return{config:e,request:a.cf.request,requestState:i,requestDetails:o}}(this.config,e),t.requestState.reqHandlerId=this.workerInstanceId;const a=await this.handleNetaceaRoutes(t),{respondWith:i}=a;if(void 0!==i){const{shouldSetSessionCookie:e}=t.requestState;if(e){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);void 0===i.headers&&(i.headers={});const a=i.headers["set-cookie"]??[];a.push({key:"set-cookie",value:e}),i.headers["set-cookie"]=a}this.ingestUsingContext(t,i)}return a}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==t?.request&&e instanceof Be&&t?.requestState.recordProtectorApiError(e),{}}finally{try{if(void 0!==t){const e=t.requestState.requestStartTimestamp;void 0!==e&&(t.requestState.reqHandlerMs=Date.now()-e),await t.requestState.saveToRequest(t.request,this.config.cookieEncryptionKey)}}catch(e){console.error("Netacea Error:",e)}}}async handleResponse(e){try{const t=await async function(e,t){const a=Date.now(),{request:i}=t.Records[0].cf,s=await ze.fromRequest(i,e.cookieEncryptionKey);s.resHandlerStartTime=a;const o=Xe(e);return{config:e,request:i,requestState:s,requestDetails:await o.getNetaceaRequestDetails(t.Records[0],s)}}(this.config,e);try{const a=e.Records[0].cf.response;await this.handleCaptchaFeedback(t,a)}catch(e){console.error("Netacea Error: captcha feedback failed",e)}if(t.requestState.shouldSetSessionCookie){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);t.requestState.setCookies.push(e)}const{response:a}=e.Records[0].cf;this.setNetaceaCookies(a,t.requestState),this.ingestUsingContext(t,a)}catch(e){console.error("Netacea Error:",e)}}async handleCaptchaFeedback(e,t){const{captchaFeedbackHeaderName:a}=this.config;if(void 0===a)return;const i=t.headers,s=i[a]?.[0].value??"";if(delete t.headers[a],""===s)return;const o=JSON.parse(s),n=o?.status;if(!["pass","fail"].includes(n))throw new Error("Netacea Error: Invalid captcha feedback status "+String(n));const r=await this.makeRequest({host:this.config.mitigationServiceUrl,method:"POST",path:"/UpdateCaptcha",headers:{"content-type":"application/json; charset=utf-8","x-netacea-api-key":e.config.apiKey,"x-netacea-client-ip":e.requestDetails.clientIp,"x-netacea-userid":e.requestDetails.sessionDetails.userId},body:JSON.stringify({result:"pass"===o.status})});if(200!==r.status)throw new Error(`Netacea Error: Got status ${r.status} for /UpdateCaptcha`);const c=await this.createMitataCaptcha(r.headers);void 0!==c&&e.requestState.setCookies.push(c);let d=r.headers["x-netacea-captcha"];d=Array.isArray(d)?d[0]:d;let h=Re(r.headers,it.mitataExpiry)??NaN;isNaN(h)&&(h=86400);const u=e.requestState;u.sessionCodes.captcha=d,u.sessionCookieMaxAge=h,u.shouldSetSessionCookie=!0;const l=y.captchaMap[d]??"unknown",[p]=e.requestState.sessionStatus?.split(",")??"";e.requestState.sessionStatus=p+","+l}async handleNetaceaRoutes(e){const{uri:t,method:a}=e.request;if(Ee(t,a,this.config.netaceaCheckpointSignalPath)){return{respondWith:He({status:"200",headers:{}})}}if(function(e,t,a){return void 0!==a&&e.toLowerCase().includes(a.toLowerCase())&&"get"===t.toLowerCase()}(t,a,this.config.netaceaCaptchaPath)){return{respondWith:He(await this.handleCaptchaGetRequest(e))}}const i=function(e,t){if(void 0===t)return!1;const a=e.uri;if(t.startsWith("/"))return t===a;try{const i=e.headers.host?.[0]?.value,s=new URL(t);return s.host===i&&s.pathname===a}catch{return!1}}(e.request,this.config.netaceaBlockedResponseRedirectLocation);let s={injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""};return i||(s=await this.runMitigation(e)),void 0!==s&&"injectHeaders"in s&&(this.addNetaceaInjectHeadersToRequest(e.request,s?.injectHeaders),e.requestState.setCookies.push(...s.setCookie??[])),e.request.headers[Oe.NetaceaTrueUserAgentHeader]=[{key:Oe.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(e.request.headers,"user-agent","-")}],void 0!==s&&(void 0!==s.apiCallLatency&&(e.requestState.protectorApiLatency=s.apiCallLatency),void 0!==s.apiCallStatus&&(e.requestState.protectorApiStatus=s.apiCallStatus),void 0!==s.sessionStatus&&(e.requestState.sessionStatus=s.sessionStatus),void 0!==s.setCookie&&(e.requestState.setCookies=s.setCookie)),{respondWith:He(s?.response)}}async makeRequest({host:e,method:t,path:a,headers:i,body:s,params:o}){const n=new URL(e);n.pathname=a,void 0!==o&&(o instanceof URLSearchParams?n.search=o.toString():"object"==typeof o&&null!==o&&(n.search=we.url.searchParamsFromRecord(o).toString()));const r=n.toString(),c=new Request(r,{...{method:t,body:s,headers:i},duplex:"half"}),d=await R(r,c),h={};return d.headers.forEach(((e,t)=>{null!==e&&(h[t]=e)})),{status:d.status,body:await d.text(),headers:h}}async mitigate(e){const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath);try{const i=t?await this.handleCaptchaPostRequest(e):await this.check(e),s=Ke(this.config.mitigationType,i.match,i.mitigate,i.captcha,t);let o;if([at.block,at.captcha,at.captchaPass].includes(s.mitigation)){const r={"cache-control":[{key:"cache-control",value:["no-store","no-cache","must-revalidate","max-age=0"].join(", ")}],pragma:[{key:"pragma",value:"no-cache"}],"set-cookie":[]};for(const e of i.setCookie)r["set-cookie"]=r["set-cookie"]??[],r["set-cookie"].push({key:"set-cookie",value:e});const c="captcha"===s.mitigation;c&&void 0!==this.config.captchaHeader&&(r[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);let d={status:"200",statusDescription:"OK",body:""};if(t||(d={status:String(this.config.netaceaBlockedResponseStatus),statusDescription:"Forbidden",body:this.config.netaceaBlockedResponseBody},r["content-type"]=[{key:"content-type",value:this.config.netaceaBlockedResponseContentType}]),o={headers:r,...d},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!c&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e.request)&&(o.status="303",r.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]),c&&void 0!==i.body&&i.body.length>0){const e=(a=i.body).includes("captchaRelativeURL")&&a.includes("captchaAbsoluteURL");o.status=e?"403":"200",o.statusDescription=e?"Forbidden":"OK",o.body=i.body,o.bodyEncoding="text",r["content-type"]=e?[{key:"content-type",value:"application/json"}]:[{key:"content-type",value:"text/html; charset=UTF-8"}]}this.config.ingestType===n.KINESIS&&(e.requestState.protectorApiLatency=i.apiCallLatency,e.requestState.protectorApiStatus=i.apiCallStatus,e.requestState.sessionStatus=s.sessionStatus)}return"4"===s.parts.mitigate&&this.addNetaceaInjectHeadersToRequest(e.request,Me(s.parts)),{response:o,sessionStatus:s.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(a){if(a instanceof Be&&e.requestState.recordProtectorApiError(a),t){return{response:{status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},sessionStatus:"error_open"}}return console.error("Netacea FailOpen Error: ",a),{sessionStatus:"error_open"}}var a}async inject(e){try{const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath),a=t?await this.handleCaptchaPostRequest(e):await this.check(e),i=Ke(this.config.mitigationType,a.match,a.mitigate,a.captcha,t);return{injectHeaders:this.config.mitigationType===r.INJECT||"4"===i.parts.mitigate?Me(i.parts):void 0,sessionStatus:i.sessionStatus,setCookie:a.setCookie,apiCallLatency:a.apiCallLatency,apiCallStatus:a.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingestUsingContext(e,t=void 0){if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const a=await Fe(e,t,this.workerInstanceId);await this.callIngest(a)}setNetaceaCookies(e,t){if(void 0===e)throw new Error("Response required to add cookies to response");if(null!=e.headers){let a=!1;if(a=void 0!==(e.headers["set-cookie"]??[]).find((e=>!!e.value.startsWith(`${this.config.netaceaCookieName}=`)||!!e.value.startsWith(`${this.config.netaceaCaptchaCookieName}=`))),!a&&t.setCookies.length>0){void 0===e.headers["set-cookie"]&&(e.headers["set-cookie"]=[]);for(const a of t.setCookies)e.headers["set-cookie"].push({key:"set-cookie",value:a})}}}getValueFromHeaderOrDefault(e,t,a=""){if(void 0!==e?.[t]){const a=e[t];if(void 0!==a)return a[0].value}return a}async handleCaptchaPostRequest(e){const{status:t,match:a,mitigate:i,captcha:s,body:o,setCookie:n,latency:c,mitataMaxAge:d}=await this.makeCaptchaAPICall(e),h=e.requestState;h.sessionCodes={match:a,mitigate:i,captcha:s},h.sessionCookieMaxAge=d,h.shouldSetSessionCookie=String(s)!==String(y.captchaStatusCodes.checkpointPost);const u=Ke(this.config.mitigationType,a,i,s,!0),l={body:o,apiCallStatus:t,apiCallLatency:c,setCookie:n,sessionStatus:u.sessionStatus,mitigation:u.mitigation,injectHeaders:void 0,match:a,mitigate:i,captcha:s};return(this.config.mitigationType===r.INJECT||"4"===u.parts.mitigate)&&(l.injectHeaders=Me(u.parts)),l}async handleCaptchaGetRequest(e){const{querystring:t}=e.request,a=t.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),i=await this.makeMitigateAPICall(e,{isCaptchaGet:!0,defaultMitataCodes:{match:"0",mitigate:"0",captcha:"1"},trackingId:a}),{match:s,mitigate:o,captcha:n}=i,c=Ke(e.config.mitigationType,s,o,n,!1),d={body:i.body,apiCallStatus:i.status,apiCallLatency:i.latency,setCookie:i.setCookie,sessionStatus:c.sessionStatus,injectHeaders:void 0,mitigated:[at.block,at.captcha,at.captchaPass].includes(c.mitigation)};(e.config.mitigationType===r.INJECT||"4"===c.parts.mitigate)&&(d.injectHeaders=Me(c.parts));const h=e.requestState;h.sessionStatus=d.sessionStatus,h.protectorApiLatency=d.apiCallLatency,h.protectorApiStatus=d.apiCallStatus;return{headers:qe(d.setCookie),status:"403",body:d.body,statusDescription:"Forbidden"}}addNetaceaInjectHeadersToRequest(e,t){if(void 0===t)return e;for(const[a,i]of Object.entries(t))e.headers[a]=[{key:a,value:i}];return e}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ae(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ne(e,this.config.cookieEncryptionKey):e}async runMitigation(e){try{switch(this.config.mitigationType){case r.MITIGATE:return await this.mitigate(e);case r.INJECT:return await this.inject(e);case r.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(t){return console.error("Netacea FAILOPEN Error:",t),{injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const a=`${e}=`;for(const i of t){const t=i.split(";")[0].trimStart();if(t.startsWith(a)){const i=t.slice(a.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(i)}catch(e){return}return i}}}async makeCaptchaAPICall(e){const t=e.requestDetails.sessionDetails.userId,a=this.getValueFromHeaderOrDefault(e.request.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),i={"X-Netacea-UserId":t,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"user-agent":e.requestDetails.headers.userAgent,"Content-Type":a};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(i["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,i["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const s=new URLSearchParams,o=e.requestState.headerFingerprint??"";""!==o&&s.append("headerFP",o),s.append("netaceaHeaders","request-id");const n=function(e,t){if(void 0!==e&&""!==e&&0!==e.trim().length){if(!t.includes("application/json"))return e;try{return JSON.parse(e),e}catch(t){return console.warn("Invalid JSON in captcha data, attempting to serialize:",t),JSON.stringify({data:e})}}}(function(e){if(void 0===e.body?.data||0===e.body.data.length)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");let t;if("text"===e.body.encoding)t=e.body.data;else try{t=Buffer.from(e.body.data,"base64").toString("utf-8")}catch(a){console.warn("Failed to decode base64 request body:",a),t=e.body.data}if((e.headers["content-type"]?.[0]?.value?.toLowerCase()??"").includes("application/json"))try{JSON.parse(t)}catch(e){console.warn("Request body is not valid JSON despite content-type header:",e)}return t}(e.request),a),r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:i,method:"POST",body:n,timeout:this.config.timeout,params:s}),d=Date.now()-r;return await this.getApiCallResponseFromResponse(c,d,void 0)}async getApiCallResponseFromResponse(e,t,a){if(200!==e.status)throw new Be(e,t);const i=Pe(e.headers,it.match)??a?.match??"0",s=Pe(e.headers,it.mitigate)??a?.mitigate??"0",o=Pe(e.headers,it.captcha)??a?.captcha??"0";let n=Re(e.headers,it.mitataExpiry)??NaN;isNaN(n)&&(n=86400);const r=[];if(String(o)!==String(y.captchaStatusCodes.checkpointPost)){const t=await this.createMitataCaptcha(e.headers);void 0!==t&&r.push(t)}const c=Pe(e.headers,it.eventId);return{status:e.status,match:i,mitigate:s,captcha:o,setCookie:r,body:e.body,eventId:c,mitataMaxAge:n,latency:t}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createSetSessionCookie(e,t,a,i,s,o=86400,n=void 0){const r=["1","3","5","a","c","e"].includes(s)||"3"===i?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const d=[a,i,s].join(""),h=function(e,t,a,i,s="000"){void 0===t&&(t=v());const o=[a,t,b(e+"|"+String(a),i),s].join(l);return`${b(o,i)}${l}${o}`}(e,t,c,this.config.secretKey,d);let u,p,g=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=Ze(this.config.netaceaCookieAttributes,"Max-Age");g=void 0!==e?Number(e):o;const{extractedAttribute:a,cookieAttributes:i}=Ze(t,"Path");u=a??"/",p=i??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,h,g,p,u)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const a=t.find((e=>e.startsWith("_mitatacaptcha=")));let i,s="86400";if(void 0!==a&&""!==a)try{const e=tt(a);i=e.value,s=Ye(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===i||void 0===i)return;const o=et([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return i=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(i):i,`${this.config.netaceaCaptchaCookieName}=${i}; ${o}`}async buildCookieFromValues(e,t,a,i,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${a}; Path=${s}`;return void 0!==i&&""!==i?`${o}; ${i}`:o}async callIngest(e){if(this.config.ingestType===n.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:a}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===a)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...e,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const t={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},a=await this.makeIngestApiCall(t,e);if(200!==a.status&&202!==a.status)throw this.APIError(a)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.request.headers.cookie?.[0].value??"",a=I(await this.readCookie(this.config.netaceaCookieName,t),m,this.config.secretKey);return a.isPrimaryHashValid?a.requiresReissue?await this.setIngestOnlyMitataCookie(a.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createSetSessionCookie(m,e,"0","0","0",86400)]}}async check(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const t=e.requestDetails.sessionDetails.sessionCookieDetails;if(void 0===t||!t.isPrimaryHashValid||t.requiresReissue){const t=await this.makeMitigateAPICall(e,{}),a=e.requestState,{match:i,mitigate:s,captcha:o}=t;return a.sessionCodes={match:i,mitigate:s,captcha:o},a.sessionCookieMaxAge=t.mitataMaxAge,a.shouldSetSessionCookie=!0,{body:t.body,apiCallStatus:t.status,apiCallLatency:t.latency,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}return{body:void 0,apiCallStatus:void 0,apiCallLatency:void 0,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}async makeMitigateAPICall(e,{isCaptchaGet:t=!1,defaultMitataCodes:a,trackingId:i}){const s={"user-agent":e.requestDetails.headers.userAgent,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"X-Netacea-UserId":e.requestDetails.sessionDetails.userId,cookie:this.buildCookieHeader({_mitatacaptcha:e.requestDetails.sessionDetails.captchaToken})};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(s["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,s["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(s["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",a=t?.includes("text/html")||t?.includes("application/html"),i=t?.includes("application/json");return i&&!a?"application/json":"text/html"}(e.requestDetails.headers.accept??"text/html"));const o="application/json"===s["X-Netacea-Captcha-Content-Type"],n=new URLSearchParams,r=e.requestState.headerFingerprint;"string"==typeof r&&n.set("headerFP",r),n.append("netaceaHeaders","request-id"),t&&void 0!==i&&n.append("trackingId",i);const c=Date.now(),d=await this.makeRequest({host:this.config.mitigationServiceUrl,path:t?"/captcha":"/",headers:s,method:"GET",timeout:this.config.timeout,params:n}),h=Date.now()-c;return o&&void 0!==this.config.netaceaCaptchaPath&&(d.body=function(e,t,a){let i;if(void 0===e||""===e)return"";if("string"==typeof e&&(i=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.trackingId}(i))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${a}?trackingId=${i.trackingId}`,o=void 0!==t?`https://${t}${s}`:void 0;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(d.body,e.requestDetails.headers.host,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(d,h,a)}buildCookieHeader(e){let t="",a="";for(const i in e){const s=e[i];void 0!==s&&(t=`${t}${a}${i}=${s}`,a="; ")}return t}};
+"use strict";var e=require("node:crypto"),t=require("node:buffer"),a=require("aws4"),i=require("jose"),s=require("uuid");function o(e){var t=Object.create(null);return e&&Object.keys(e).forEach((function(a){if("default"!==a){var i=Object.getOwnPropertyDescriptor(e,a);Object.defineProperty(t,a,i.get?i:{enumerable:!0,get:function(){return e[a]}})}})),t.default=e,Object.freeze(t)}var n,r,c,d=o(i),h=o(s);!function(e){e.ORIGIN="ORIGIN",e.HTTP="HTTP",e.KINESIS="KINESIS",e.NATIVE="NATIVE"}(n||(n={})),function(e){e.MITIGATE="MITIGATE",e.INJECT="INJECT",e.INGEST="INGEST"}(r||(r={})),function(e){e.CAPTCHA_GET="captcha_get",e.CAPTCHA_POST="captcha_post",e.EXPIRED_SESSION="expired_session",e.FORCED_REVALIDATION="forced_revalidation",e.INVALID_SESSION="invalid_session",e.IP_CHANGE="ip_change",e.NO_SESSION="no_session"}(c||(c={}));const u=3e3;const l="_/@#/",p={none:"",block:"block",captcha:"captcha",allow:"allow",captchaPass:"captchapass"},g={0:p.none,1:p.block,2:p.none,3:p.block,4:p.none},f={1:p.captcha,2:p.captchaPass,3:p.captcha,4:p.allow,5:p.captcha,6:p.allow,7:p.captcha,a:p.captcha,b:p.captchaPass,c:p.captcha,d:p.allow,e:p.captcha};var y=Object.freeze({__proto__:null,COOKIEDELIMITER:l,bestMitigationCaptchaMap:f,bestMitigationMap:g,captchaMap:{0:"",1:"captcha_serve",2:"captcha_pass",3:"captcha_fail",4:"captcha_cookiepass",5:"captcha_cookiefail",6:"checkpoint_signal",7:"checkpoint_post",a:"checkpoint_serve",b:"checkpoint_pass",c:"checkpoint_fail",d:"checkpoint_cookiepass",e:"checkpoint_cookiefail"},captchaStatusCodes:{"":0,captchaServe:1,captchaPass:2,captchaFail:3,captchaCookiePass:4,captchaCookieFail:5,checkpointSignal:6,checkpointPost:7,checkpointServe:"a",checkpointPass:"b",checkpointFail:"c",checkpointCookiePass:"d",checkpointCookieFail:"e"},matchMap:{0:"",1:"ua_",2:"ip_",3:"visitor_",4:"datacenter_",5:"sev_",6:"organisation_",7:"asn_",8:"country_",9:"combination_",b:"headerFP_"},mitigateMap:{0:"",1:"blocked",2:"allow",3:"hardblocked",4:"flagged"},mitigationTypes:p,netaceaCookieV3KeyMap:{clientIP:"cip",userId:"uid",gracePeriod:"grp",cookieId:"cid",match:"mat",mitigate:"mit",captcha:"cap",issueTimestamp:"ist",issueReason:"isr"},netaceaCookieV3OptionalKeyMap:{checkAllPostRequests:"fCAPR"},netaceaHeaders:{match:"x-netacea-match",mitigate:"x-netacea-mitigate",captcha:"x-netacea-captcha",mitata:"x-netacea-mitata-value",mitataExpiry:"x-netacea-mitata-expiry",mitataCaptcha:"x-netacea-mitatacaptcha-value",mitataCaptchaExpiry:"x-netacea-mitatacaptcha-expiry",eventId:"x-netacea-event-id"},netaceaSettingsMap:{checkAllPostRequests:"checkAllPostRequests"}});const m="ignored",S="1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".split(""),k=/^(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/(.*)_\/@#\/((\d|[a-z])(\d)(\d|[a-z]))$/i;function C(e){if(void 0===e)return;const t=e.match(k);if(null!=t){const[,e,a,i,s,o,n,r,c]=t;return{signature:e,expiry:a,userId:i,ipHash:s,mitigationType:o,match:n,mitigate:r,captcha:c}}}function v(t=16,a=S){const i=e.randomBytes(t-1);return`c${Array.from(i).map((e=>a[e%a.length])).join("")}`}function b(a,i){const s=e.createHmac("sha256",i);return s.update(a),t.Buffer.from(s.digest("hex")).toString("base64")}function I(e,t,a){const i={mitata:void 0,requiresReissue:!1,isExpired:!1,shouldExpire:!1,isSameIP:!1,isPrimaryHashValid:!1,captcha:"0",match:"0",mitigate:"0"};if("string"!=typeof e||""===e)return i;const s=C(e);if(void 0!==s){const e=[s.expiry,s.userId,s.ipHash,s.mitigationType].join(l),i=Math.floor(Date.now()/1e3),o=parseInt(s.expiry)<i,n=["1","3","5","a","c","e"].includes(s.captcha),r="3"===s.mitigate,c=n||r,d=b(t+"|"+s.expiry,a),h=s.ipHash===d;return{mitata:s,requiresReissue:o||!h,isExpired:o,shouldExpire:c,isSameIP:h,isPrimaryHashValid:s.signature===b(e,a),match:s.match,mitigate:s.mitigate,captcha:s.captcha,userId:s.userId}}return i}function w(e,t){const a=e.split(";").map((e=>e.trim())).filter((e=>e.toLowerCase().startsWith(t.toLowerCase())))[0];return void 0!==a&&a.length>0?a?.replace(`${t}=`,""):void 0}function A(e,t=!1){return"string"!=typeof e&&(e=e.join("; ")),""===e?"":N(e.split(";"),t).join("; ")}function N(e,t=!1){if(t)return N(e.reverse()).reverse();const a=new Set,i=[];for(let t of e){if(t=t.trimStart(),""===t.trim())continue;const e=t.split("=")[0].toUpperCase();a.has(e)||(a.add(e),i.push(t))}return i}var q=Object.freeze({__proto__:null,configureCookiesDomain:function(e,t){let a=e=A(e??"",!0),i=t=A(t??"",!0);if(void 0!==e&&void 0!==t){const s=w(e,"Domain"),o=w(t,"Domain");void 0!==s&&void 0!==o?i=t.replace(o,s):void 0!==s&&void 0===o?i=t+(""!==t?`; Domain=${s}`:`Domain=${s}`):void 0===s&&void 0!==o&&(a=e+(""!==e?`; Domain=${o}`:`Domain=${o}`))}else if(void 0!==e&&void 0===t){const t=w(e,"Domain");void 0!==t&&(i=`Domain=${t}`)}else if(void 0===e&&void 0!==t){const e=w(t,"Domain");void 0!==e&&(a=`Domain=${e}`)}return{cookieAttributes:""!==a?a:void 0,captchaCookieAttributes:""!==i?i:void 0}},extractAndRemoveCookieAttr:function(e,t){const a=w(e,t);if(void 0!==a){return{extractedAttribute:a,cookieAttributes:e.replace(/ /g,"").replace(`${t}=${a}`,"").split(";").filter((e=>e.length>0)).join("; ")}}return{extractedAttribute:void 0,cookieAttributes:e}},extractCookieAttr:w,removeDuplicateAttrs:A});var T=Object.freeze({__proto__:null,parseSetCookie:function(e){const t=e.indexOf("=");if(t<0)throw new Error("Could not parse the given set-cookie value.");const a=e.slice(0,t),i=e.slice(t+1),s=i.indexOf(";");if(s<0){return{name:a,value:i,attributes:""}}return{name:a,value:i.slice(0,s),attributes:i.slice(s).trimStart()}}});const E={cookie:{parse:T,attributes:q}};class P{constructor(e){this.crypto=e}async hashString(e,t,a=!1){const i=a?[...t].sort():[...t],s=(new TextEncoder).encode(i.join(",")),o=await this.crypto.subtle.digest(e,s),n=Array.from(new Uint8Array(o)).map((e=>e.toString(16).padStart(2,"0"))).join("").substring(0,12);return"h"+(a?"s":"")+`_${t.length}_${n}`}static filterHeaderNames(e){return e.filter((e=>{const t=e.toLowerCase();return!["","cookie","referer"].includes(t)&&null===t.match(/^(x-netacea-|cloudfront-)/i)}))}async hashHeaders(e,t=!1){const a=P.filterHeaderNames(e);if(0===a.length)return"";try{return await this.hashString("SHA-256",a,t)}catch(e){return console.error(e),""}}}const R=globalThis.fetch.bind(globalThis);var x="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},O={},_={};Object.defineProperty(_,"__esModule",{value:!0}),_.validateRedirectLocation=void 0,_.validateRedirectLocation=function(e){if(""!==(e=e??""))try{return new URL(e).toString()}catch{if(/^https?:\/\//i.test(e))return;return e.startsWith("/")?e:`/${e}`}};var L={},K={};function H(e,t){for(const a of Object.keys(e)){if("cookie"!==a&&"Cookie"!==a)continue;const i=e[a]??"",s=D("string"==typeof i?i:i.join("; "),t);if(void 0!==s)return s}}function M(e,t){const a=[];for(const i of Object.keys(e)){if("cookie"!==i&&"Cookie"!==i)continue;const s=e[i]??"",o="string"==typeof s?s:s.join("; ");a.push(...j(o,t))}return a}function D(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).find((e=>e.startsWith(a)))}function j(e,t){const a=t+"=";return e.split(";").map((e=>e.trimStart())).filter((e=>e.startsWith(a)))}Object.defineProperty(K,"__esModule",{value:!0}),K.findAllInCookieString=K.findFirstInCookieString=K.findAllInHeaders=K.findFirstInHeaders=K.findOnlyValueInHeaders=K.findAllValuesInHeaders=K.findFirstValueInHeaders=void 0,K.findFirstValueInHeaders=function(e,t){const a=H(e,t);if(void 0!==a)return a.slice(t.length+1)},K.findAllValuesInHeaders=function(e,t){return M(e,t).map((e=>e.slice(t.length+1)))},K.findOnlyValueInHeaders=function(e,t){const a=M(e,t);if(a.length>1)throw new Error(`Found more than one cookie with name ${t}`);return a[0]?.slice(t.length+1)},K.findFirstInHeaders=H,K.findAllInHeaders=M,K.findFirstInCookieString=D,K.findAllInCookieString=j;var F={};function B(e){return"set-cookie"===e||"Set-Cookie"===e}function V(e,t){const a=t+"=";return e.startsWith(a)}function U(e,t){if(!V(e,t))throw new Error(`Cookie '${t}' not found in '${e}'`);return e.slice(t.length+1).split(";")[0]}function $(e,t){const a=e[t]??[];return"string"==typeof a?[a]:a}function z(e,t){for(const a of Object.keys(e)){if(!B(a))continue;const i=G($(e,a),t);if(void 0!==i)return i}}function G(e,t){return e.map((e=>e.trimStart())).find((e=>V(e,t)))}function Q(e,t){const a=[];for(const i of Object.keys(e)){if(!B(i))continue;const s=$(e,i);a.push(...W(s,t))}return a}function W(e,t){return e.map((e=>e.trimStart())).filter((e=>V(e,t)))}Object.defineProperty(F,"__esModule",{value:!0}),F.findAllInSetCookieStrings=F.findAllInHeaders=F.findValueInSetCookieStrings=F.findFirstInSetCookieStrings=F.findFirstInHeaders=F.findOnlyValueInHeaders=F.findFirstValueInHeaders=F.parseValueFromString=void 0,F.parseValueFromString=U,F.findFirstValueInHeaders=function(e,t){const a=z(e,t);return void 0!==a?U(a,t):void 0},F.findOnlyValueInHeaders=function(e,t){const a=Q(e,t);if(a.length>1)throw new Error(`Found more than one set-cookie with name ${t}`);return void 0!==a[0]?U(a[0],t):void 0},F.findFirstInHeaders=z,F.findFirstInSetCookieStrings=G,F.findValueInSetCookieStrings=function(e,t){const a=G(e,t);if(void 0!==a)return U(a,t)},F.findAllInHeaders=Q,F.findAllInSetCookieStrings=W;var J=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),X=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),Y=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&J(t,e,a);return X(t,e),t};Object.defineProperty(L,"__esModule",{value:!0}),L.setCookie=L.cookie=void 0,L.cookie=Y(K),L.setCookie=Y(F);var Z={},ee={},te={};Object.defineProperty(te,"__esModule",{value:!0}),te.KINESIS_URL=te.API_VERSION=te.REGION=te.PAYLOAD_TYPE=te.STATE=void 0,te.STATE={ACTIVE:"ACTIVE",UPDATING:"UPDATING",CREATING:"CREATING",DELETING:"DELETING"},te.PAYLOAD_TYPE="string",te.REGION="eu-west-1",te.API_VERSION="2013-12-02",te.KINESIS_URL="https://kinesis.eu-west-1.amazonaws.com";var ae={};Object.defineProperty(ae,"__esModule",{value:!0}),ae.headersToRecord=ae.increaseBatchSize=ae.handleFailedLogs=ae.batchArrayForKinesis=ae.sleep=void 0,ae.sleep=async function(e){await new Promise((t=>{setTimeout(t,e)}))},ae.batchArrayForKinesis=function(e,t,a){const i=[];for(let s=0;s<e.length;s+=t){const o=e.slice(s,s+t);i.push({Data:a.from(JSON.stringify(o)).toString("base64"),PartitionKey:Date.now().toString()})}return i},ae.handleFailedLogs=function(e,t,a){const i=2*a,s=[...e,...t],o=s.length-i;return o>0&&(console.error(`Netacea Error :: failed to send ${o} log(s) to Kinesis ingest.`),s.splice(0,o)),s},ae.increaseBatchSize=function(e,t){return e!==t?Math.min(t,2*e):e},ae.headersToRecord=function(e){const t={};return e.forEach(((e,a)=>{t[a]=e})),t},Object.defineProperty(ee,"__esModule",{value:!0}),ee.WebStandardKinesis=void 0;const ie=te,se=ae;ee.WebStandardKinesis=class{constructor({deps:e,kinesisIngestArgs:t}){if(this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,void 0===t.kinesisAccessKey)throw new Error("kinesisAccessKey is required for kinesis ingest");if(void 0===t.kinesisSecretKey)throw new Error("kinesisSecretKey is required for kinesis ingest");this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=new this.deps.AwsClient({accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey}),a=await this.signRequest(t,{streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);await this.deps.makeRequest({headers:(0,se.headersToRecord)(a.headers),host:ie.KINESIS_URL,method:"POST",path:"/",body:a.body}),this.logBatchSize=(0,se.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,se.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,se.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,se.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}async signRequest(e,t,a,i){const s={Records:(0,se.batchArrayForKinesis)(a,i,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:t.streamName};return await e.sign(ie.KINESIS_URL,{body:JSON.stringify(s),method:"POST",headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"}})}};var oe={};Object.defineProperty(oe,"__esModule",{value:!0}),oe.Kinesis=void 0;const ne=te,re=ae;oe.Kinesis=class{constructor({deps:e,kinesisIngestArgs:t}){this.maxLogBatchSize=20,this.maxLogAgeSeconds=10,this.logBatchSize=20,this.logCache=[],this.intervalSet=!1,this.deps=e,this.kinesisStreamName=t.kinesisStreamName,this.kinesisAccessKey=t.kinesisAccessKey,this.kinesisSecretKey=t.kinesisSecretKey,this.maxAwaitTimePerIngestCallMs=t.maxAwaitTimePerIngestCallMs,void 0!==t.maxLogAgeSeconds&&t.maxLogAgeSeconds<this.maxLogAgeSeconds&&t.maxLogAgeSeconds>0&&(this.maxLogAgeSeconds=t.maxLogAgeSeconds),void 0!==t.logBatchSize&&(this.maxLogBatchSize=t.logBatchSize),this.logBatchSize=!0===t.rampUpBatchSize?1:this.maxLogBatchSize}async putToKinesis(){if(0===this.logCache.length)return;const e=[...this.logCache];this.logCache=[];try{const t=this.signRequest({streamName:this.kinesisStreamName,accessKeyId:this.kinesisAccessKey,secretAccessKey:this.kinesisSecretKey},e,this.logBatchSize);if("POST"!==t.method)throw new Error(`Unexpected method. Expected POST but got ${t.method}`);await this.deps.makeRequest({headers:t.headers??{},host:`https://${t.hostname}`,method:t.method,path:t.path??"/",body:t.body}),this.logBatchSize=(0,re.increaseBatchSize)(this.logBatchSize,this.maxLogBatchSize)}catch(t){this.logCache=(0,re.handleFailedLogs)(this.logCache,e,this.maxLogBatchSize)}}async ingest(e){if(this.logCache.push(e),this.logCache.length>=this.logBatchSize){const e=[];e.push(this.putToKinesis()),void 0!==this.maxAwaitTimePerIngestCallMs&&e.push((0,re.sleep)(this.maxAwaitTimePerIngestCallMs)),await Promise.race(e)}else if(!this.intervalSet){this.intervalSet=!0;const e=(0,re.sleep)(1e3*this.maxLogAgeSeconds).then((async()=>{await this.putToKinesis(),this.intervalSet=!1})).catch((()=>{}));void 0===this.maxAwaitTimePerIngestCallMs&&await e}}signRequest(e,t,a){const{accessKeyId:i,secretAccessKey:s}=e,o={Records:(0,re.batchArrayForKinesis)(t,a,this.deps.Buffer),PartitionKey:Date.now().toString(),StreamName:e.streamName};return this.deps.aws4.sign({service:"kinesis",body:JSON.stringify(o),headers:{"Content-Type":"application/x-amz-json-1.1","X-Amz-Target":"Kinesis_20131202.PutRecords"},region:ne.REGION},{accessKeyId:i,secretAccessKey:s})}},function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.Kinesis=e.WebStandardKinesis=void 0;var t=ee;Object.defineProperty(e,"WebStandardKinesis",{enumerable:!0,get:function(){return t.WebStandardKinesis}});var a=oe;Object.defineProperty(e,"Kinesis",{enumerable:!0,get:function(){return a.Kinesis}})}(Z);var ce={};function de(e,t){let a=null;if("number"==typeof e)a=e;else if("string"==typeof e){const t=parseFloat(e);isNaN(t)||(a=t)}if(null===a){if("number"!=typeof t.defaultValue)return t.defaultValue;a=t.defaultValue}return void 0!==t.minValue&&(a=Math.max(t.minValue,a)),void 0!==t.maxValue&&(a=Math.min(t.maxValue,a)),a}Object.defineProperty(ce,"__esModule",{value:!0}),ce.parseHttpHeaderName=ce.stringOrDefault=ce.parseIntOrDefault=ce.parseNumberOrDefault=void 0,ce.parseNumberOrDefault=de,ce.parseIntOrDefault=function(e,t){const a=de(e,t);return"number"==typeof a?Math.floor(a):a},ce.stringOrDefault=function(e,t){return"string"==typeof e&&""!==e?e:"number"==typeof e?e.toString():t},ce.parseHttpHeaderName=function(e){if("string"!=typeof e)return;return/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(e)?e:void 0};var he={};Object.defineProperty(he,"__esModule",{value:!0}),he.searchParamsFromRecord=void 0,he.searchParamsFromRecord=function(e){const t=new URLSearchParams;for(const[a,i]of Object.entries(e))t.append(a,i);return t};var ue={},le={},pe=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),ge=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),fe=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&pe(t,e,a);return ge(t,e),t};Object.defineProperty(le,"__esModule",{value:!0}),le.isJweEncrypted=le.decrypt=le.encrypt=void 0;const ye=fe(i);le.encrypt=async function(e,t,a="A128CBC-HS256"){const i=ye.base64url.decode(t),s=(new TextEncoder).encode(e);return await new ye.CompactEncrypt(s).setProtectedHeader({alg:"dir",enc:a}).encrypt(i)},le.decrypt=async function(e,t){const a=ye.base64url.decode(t),{plaintext:i}=await ye.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM","A128CBC-HS256"]});return(new TextDecoder).decode(i)},le.isJweEncrypted=function(e){return 5===e.split(".").length&&e.includes("..")};var me=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),Se=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),ke=x&&x.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var a in e)"default"!==a&&Object.prototype.hasOwnProperty.call(e,a)&&me(t,e,a);return Se(t,e),t};Object.defineProperty(ue,"__esModule",{value:!0}),ue.jwe=void 0,ue.jwe=ke(le);var Ce,ve,be={};function Ie(){if(ve)return O;ve=1;var e=x&&x.__createBinding||(Object.create?function(e,t,a,i){void 0===i&&(i=a);var s=Object.getOwnPropertyDescriptor(t,a);s&&!("get"in s?!t.__esModule:s.writable||s.configurable)||(s={enumerable:!0,get:function(){return t[a]}}),Object.defineProperty(e,i,s)}:function(e,t,a,i){void 0===i&&(i=a),e[i]=t[a]}),t=x&&x.__setModuleDefault||(Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:function(e,t){e.default=t}),a=x&&x.__importStar||function(a){if(a&&a.__esModule)return a;var i={};if(null!=a)for(var s in a)"default"!==s&&Object.prototype.hasOwnProperty.call(a,s)&&e(i,a,s);return t(i,a),i};return Object.defineProperty(O,"__esModule",{value:!0}),O.graphql=O.webcrypto=O.url=O.parsing=O.ingest=O.headers=O.configValidation=void 0,O.configValidation=a(_),O.headers=a(L),O.ingest=a(Z),O.parsing=a(ce),O.url=a(he),O.webcrypto=a(ue),O.graphql=a(function(){if(Ce)return be;Ce=1,Object.defineProperty(be,"__esModule",{value:!0}),be.truncateLongFields=be.parseGraphQl=be.parseGraphQlRequestBody=be.getGraphQLParserConfig=void 0;const e=Ie();function t(e,t){const a=e.parserRegex;return t.match(a)?.groups??{}}function a(e,t){const a=e.maxValueLength;for(const e of Object.keys(t)){const o=t[e];t[e]=(s=a,(i=o).length<=s?i:i.slice(0,s)+"…")}var i,s;return t}return be.getGraphQLParserConfig=function(t){const a={includePaths:[],maxParsableBytes:e.parsing.parseIntOrDefault(t?.maxParsableBytes,{defaultValue:1e6,minValue:1e3}),maxValueLength:e.parsing.parseIntOrDefault(t?.maxValueLength,{defaultValue:256,minValue:8}),parserRegex:/^\s*(?<OpType>query|mutation|subscription)\s+(?<OpName>[_A-Za-z][_0-9A-Za-z]+)?/};if(Array.isArray(t?.includePaths))for(const e of t.includePaths)"string"==typeof e&&a.includePaths.push(e);try{if(t?.parserRegex instanceof RegExp)a.parserRegex=t?.parserRegex;else if("object"==typeof t?.parserRegex){const{regex:e,flags:i}=t?.parserRegex;"string"==typeof e&&(a.parserRegex=new RegExp(e,i))}}catch{}return a},be.parseGraphQlRequestBody=function(e,i){if(""===i)throw new Error("Netacea Error: Empty GraphQL body received");const s=JSON.parse(i);if("object"!=typeof s)throw new Error("Netacea Error: Invalid GraphQL JSON");const o={...t(e,s?.query??"")},n=(s?.operationName??"").trim();return""!==n&&(o.OpName=n),a(e,o)},be.parseGraphQl=t,be.truncateLongFields=a,be}()),O}var we=Ie();async function Ae(e,t){const a=d.base64url.decode(t),i=(new TextEncoder).encode(e);return await new d.CompactEncrypt(i).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(a)}async function Ne(e,t){const a=d.base64url.decode(t),{plaintext:i}=await d.compactDecrypt(e,a,{keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:["A256GCM"]});return(new TextDecoder).decode(i)}function qe(e){const t={"set-cookie":[]};for(const a of e)t["set-cookie"]?.push({key:"set-cookie",value:a});return t}function Te(e,t,a){return e===a&&"post"===t.toLowerCase()}function Ee(e,t,a){let i=e;try{i=new URL(e).pathname}catch(e){}return void 0!==a&&a.length>0&&i===a&&"get"===t.toLowerCase()}function Pe(e,t){const a=e[t];return"string"==typeof a?a:a?.[0]}function Re(e,t){const a=Pe(e,t);if(void 0!==a)return parseInt(a,10)}const{configureCookiesDomain:xe}=E.cookie.attributes;class Oe{static NetaceaTrueUserAgentHeader="x-netacea-true-useragent-header";static HeadersInOriginalOrderHeader="cloudfront-viewer-header-order";cookieEncryptionKey;ingestEnabled=!0;netaceaCaptchaPath;netaceaCheckpointSignalPath;captchaHeader;dynamicCaptchaContentType;ipHeaderName;mitataCookieExpirySeconds;apiKey;secretKey;mitigationServiceUrl="https://mitigations.netacea.net";ingestServiceUrl;timeout;captchaSiteKey;captchaSecretKey;ingestType;mitigationType;kinesisConfigArgs;encryptedCookies=[];netaceaCookieName;netaceaCaptchaCookieName;netaceaCookieAttributes;netaceaCaptchaCookieAttributes;netaceaCaptchaVerificationPath;captchaFeedbackHeaderName;graphQL;netaceaBlockedResponseRedirectLocation;netaceaBlockedResponseStatus=403;netaceaBlockedResponseBody="Forbidden";netaceaBlockedResponseContentType="text/plain; charset=utf-8";constructor(e){if(e.ingestType=n.KINESIS,this.kinesisConfigArgs=e.kinesis,void 0===e.kinesis&&(console.warn(['NETACEA :: Please move kinesis params to "kinesis" object in config.',"Backwards compatibility will soon be removed."].join(" ")),this.kinesisConfigArgs={kinesisStreamName:e.kinesisStreamName,kinesisAccessKey:e.kinesisAccessKey,kinesisSecretKey:e.kinesisSecretKey,maxLogAgeSeconds:1},void 0!==e.logBatchSize&&(this.kinesisConfigArgs.logBatchSize=e.logBatchSize)),null===e.apiKey||void 0===e.apiKey)throw new Error("apiKey is a required parameter");if(this.apiKey=e.apiKey,this.secretKey=e.secretKey,void 0!==e.mitigationServiceUrl){const t=e.mitigationServiceUrl;this.mitigationServiceUrl=t.endsWith("/")?t.slice(0,-1):t}var t;this.ingestServiceUrl=e.ingestServiceUrl??"https://ingest.netacea.net",this.mitigationType=e.mitigationType??r.INGEST,this.ingestType=e.ingestType??n.HTTP,void 0===e.captchaSiteKey&&void 0===e.captchaSecretKey||(this.captchaSiteKey=e.captchaSiteKey,this.captchaSecretKey=e.captchaSecretKey),this.timeout=(t=e.timeout??3e3)<=0?u:t,this.netaceaCookieName=_e(e.netaceaCookieName)??"_mitata",this.netaceaCaptchaCookieName=_e(e.netaceaCaptchaCookieName)??"_mitatacaptcha",this.netaceaCaptchaPath=e.netaceaCaptchaPath,this.dynamicCaptchaContentType=e.dynamicCaptchaContentType??!1;const a=xe(e.netaceaCookieAttributes??"",e.netaceaCaptchaCookieAttributes??"");var i,s;if(this.netaceaCookieAttributes=a.cookieAttributes??"",this.netaceaCaptchaCookieAttributes=a.captchaCookieAttributes??"",this.captchaHeader=e.captchaHeader,this.ipHeaderName=e.ipHeaderName?.toLowerCase()?.trim(),this.encryptedCookies=[this.netaceaCookieName,this.netaceaCaptchaCookieName],this.mitataCookieExpirySeconds=(i=this.mitigationType,void 0===(s=e.netaceaCookieExpirySeconds??e.mitataCookieExpirySeconds)?i===r.INGEST?3600:60:s),this.ingestEnabled=e.ingestEnabled??!0,this.cookieEncryptionKey=e.cookieEncryptionKey,this.netaceaBlockedResponseRedirectLocation=_e(e.netaceaBlockedResponseRedirectLocation),void 0!==e.netaceaBlockedResponseStatus){const t=we.parsing.parseNumberOrDefault(e.netaceaBlockedResponseStatus,{defaultValue:403});!isNaN(t)&&t>=100&&t<=599&&(this.netaceaBlockedResponseStatus=t)}void 0!==e.netaceaBlockedResponseBody&&(this.netaceaBlockedResponseBody=e.netaceaBlockedResponseBody);const o=e.netaceaBlockedResponseContentType;void 0!==o&&""!==o&&(this.netaceaBlockedResponseContentType=o),this.netaceaCheckpointSignalPath=e.netaceaCheckpointSignalPath,this.netaceaCaptchaVerificationPath=e.netaceaCaptchaVerificationPath??"/AtaVerifyCaptcha",""===this.netaceaCaptchaVerificationPath&&(this.netaceaCaptchaVerificationPath="/AtaVerifyCaptcha"),this.netaceaCaptchaVerificationPath?.startsWith("/")||(this.netaceaCaptchaVerificationPath="/"+this.netaceaCaptchaVerificationPath),this.captchaFeedbackHeaderName=we.parsing.parseHttpHeaderName(e.captchaFeedbackHeaderName),this.graphQL=we.graphql.getGraphQLParserConfig(e.graphQL)}}function _e(e){if("string"==typeof e&&""!==e){const t=e.trim();if(t.length>0)return t}}const Le="unknown";function Ke(e,t,a,i,s,o=!1){i=function(e,t){let a=e;return t||("2"===e?a="4":"3"===e?a="5":"b"===e?a="d":"c"===e&&(a="e")),a}(i,s),o&&(i="6");let n=y.matchMap[t]??Le+"_";n+=y.mitigateMap[a]??Le;let c=y.bestMitigationMap[a];if("0"!==i){n+=","+(y.captchaMap[i]??Le);const e=y.bestMitigationCaptchaMap[i];void 0!==e&&(c=e)}return e===r.INJECT&&(c=y.mitigationTypes.none),{sessionStatus:n,mitigation:c,parts:{match:t,mitigate:a,captcha:i}}}function He(e){if(void 0===e)return;const t={...e.headers??{}};if(""!==(e.body??"")){void 0===Object.entries(t).find((([e])=>"content-type"===e.toLowerCase()))&&(t["content-type"]=[{key:"content-type",value:"text/html; charset=UTF-8"}])}return{...e,headers:t}}function Me(e,t){return{"x-netacea-match":e.match,"x-netacea-mitigate":e.mitigate,"x-netacea-captcha":e.captcha}}const De=we.headers.setCookie;function je(e,t,a){"/"!==t[0]&&(t=`/${t}`);const i=t.split("?");return`${e} ${i[0]}${(i.length>1?`?${i[1]}`:void 0)??""}`}async function Fe({config:e,request:t,requestState:a,requestDetails:i},s,o){const n=await async function(e,t,a){const i=t?.["set-cookie"]??[],s=i.map((e=>e.value)),o=De.findValueInSetCookieStrings(s,a);if(void 0===o)return;const{cookieEncryptionKey:n,encryptedCookies:r}=e,c=r.includes(a);if(void 0===n||!c)return o;try{return await Ne(o,n)}catch{return o}}(e,s.headers,e.netaceaCookieName)??"",c=""!==n?n:i.sessionDetails.sessionCookie;let d="0",h="0",u="0";const l=C(c);void 0!==l&&(d=l.match,h=l.mitigate,u=l.captcha);const p=a.sessionStatus,g=a.protectorApiLatency,f=a.protectorApiStatus,y=Date.now()-a.requestStartTimestamp,m=function(e,t,a){if(Te(t.uri,t.method,e.netaceaCaptchaVerificationPath))return!0;if(void 0===a)return!1;const i=null!=a.headers?a.headers["set-cookie"]:void 0,s=i?.find((t=>t.value.split("=")[0]===e.netaceaCaptchaCookieName)),o=void 0!==s;return e.mitigationType===r.INJECT&&o}(e,t,s),S=Ee(t.uri,t.method,e.netaceaCheckpointSignalPath),k=void 0!==a.sessionStatus?void 0:Ke(e.mitigationType,d,h,u,m,S).sessionStatus,{sessionCookieStatus:v}=i.sessionDetails,b=t.headers[Oe.NetaceaTrueUserAgentHeader]?.[0]?.value??i.headers.userAgent,I=t.headers.referer?.[0]?.value,w=void 0!==a.resHandlerStartTime?Date.now()-a.resHandlerStartTime:0;return{BytesSent:t.headers["content-length"]?.[0]?.value??"0",GraphQL:i.graphQL,HeaderHash:a.headerFingerprint??"-",IntegrationType:"@netacea/cloudfront".replace("@netacea/","")??"",IntegrationVersion:"7.0.14",NetaceaMitigationApplied:p??k??"",NetaceaUserIdCookie:c??"",NetaceaUserIdCookieStatus:v,ProtectionMode:e.mitigationType,ProtectorLatencyMs:g,ProtectorStatus:f,Query:t.querystring,RealIp:i.clientIp,Referer:""===I?"-":I,ReqHandlerId:a.reqHandlerId,ReqHandlerMs:a.reqHandlerMs??y,Request:je(i.method,i.url),RequestHost:t.headers.host?.[0]?.value,RequestId:i.requestId??"",RequestTime:y?.toString(),ResHandlerId:o,ResHandlerMs:w,Status:s.status,TimeLocal:(new Date).toUTCString(),TimeUnixMsUTC:Date.now(),UserAgent:b,WorkerInstanceId:o,XForwardedFor:t.headers["x-forwarded-for"]?.[0]?.value}}class Be extends Error{protectorApiResponse;latencyMs;constructor(e,t){super(`Got status ${e.status} when calling protector API with ${t}ms latency.`),this.protectorApiResponse=e,this.latencyMs=t}}const Ve="x-netacea-integration-state";function Ue(e){return we.parsing.parseIntOrDefault(e,{defaultValue:void 0})}function $e(e){return"string"==typeof e?e:void 0}class ze{constructor(e){this.sessionCookieMaxAge=e.sessionCookieMaxAge,this.protectorApiLatency=e.protectorApiLatency,this.protectorApiStatus=e.protectorApiStatus,this.reqHandlerId=e.reqHandlerId,this.reqHandlerMs=e.reqHandlerMs,this.requestStartTimestamp=e.requestStartTimestamp??Date.now(),this.resHandlerId=e.resHandlerId,this.resHandlerStartTime=e.resHandlerStartTime,this.sessionStatus=e.sessionStatus,this.setCookies=e.setCookie??[],this.sessionCodes=e.sessionCodes??{match:"",mitigate:"",captcha:""},this.shouldSetSessionCookie=e.shouldSetSessionCookie??!1,this.eventId=e.eventId,this.headerFingerprint=e.headerFingerprint,this.bytesReceived=e.bytesReceived,this.graphQLFields=e.graphQLFields}async saveToRequest(e,t){const a=JSON.stringify({protectorApiLatency:this.protectorApiLatency,protectorApiStatus:this.protectorApiStatus,reqHandlerId:this.reqHandlerId,reqHandlerMs:this.reqHandlerMs,requestStartTimestamp:this.requestStartTimestamp,resHandlerId:this.resHandlerId,resHandlerStartTime:this.resHandlerStartTime,sessionStatus:this.sessionStatus,setCookies:this.setCookies,sessionCodes:this.sessionCodes,sessionCookieMaxAge:this.sessionCookieMaxAge,shouldSetSessionCookie:this.shouldSetSessionCookie,eventId:this.eventId,headerFingerprint:this.headerFingerprint,bytesReceived:this.bytesReceived,graphQLFields:this.graphQLFields});e.headers[Ve]=void 0!==t?[{key:Ve,value:await Ae(a,t)}]:[{key:Ve,value:Buffer.from(a).toString("base64")}]}recordProtectorApiError(e){this.sessionStatus="error_open",this.protectorApiLatency=e.latencyMs,this.protectorApiStatus=e.protectorApiResponse.status}static async fromRequest(e,t){let a=e.headers[Ve]?.[0]?.value;if(void 0===a)return new ze({});try{a=void 0!==t?await Ne(a,t):Buffer.from(a,"base64").toString();const e=JSON.parse(a);if("object"==typeof e&&null!==e)return new ze({requestStartTimestamp:"requestStartTimestamp"in e?we.parsing.parseIntOrDefault(e.requestStartTimestamp,{defaultValue:Date.now()}):Date.now(),sessionStatus:"sessionStatus"in e?$e(e.sessionStatus):void 0,protectorApiLatency:"protectorApiLatency"in e?Ue(e.protectorApiLatency):void 0,protectorApiStatus:"protectorApiStatus"in e?Ue(e.protectorApiStatus):void 0,reqHandlerId:"reqHandlerId"in e?$e(e.reqHandlerId):void 0,reqHandlerMs:"reqHandlerMs"in e?Ue(e.reqHandlerMs):void 0,resHandlerId:"resHandlerId"in e?$e(e.resHandlerId):void 0,resHandlerStartTime:"resHandlerStartTime"in e?Ue(e.resHandlerStartTime):void 0,setCookie:"setCookies"in e&&Array.isArray(e.setCookies)?e.setCookies.filter((e=>"string"==typeof e)):[],sessionCodes:"sessionCodes"in e&&"object"==typeof e.sessionCodes&&null!==e.sessionCodes?{match:$e(e.sessionCodes.match)??"0",mitigate:$e(e.sessionCodes.mitigate)??"0",captcha:$e(e.sessionCodes.captcha)??"0"}:{match:"",mitigate:"",captcha:""},sessionCookieMaxAge:"sessionCookieMaxAge"in e?Ue(e.sessionCookieMaxAge):void 0,shouldSetSessionCookie:"shouldSetSessionCookie"in e&&Boolean(e.shouldSetSessionCookie),eventId:"eventId"in e?$e(e.eventId):void 0,headerFingerprint:"headerFingerprint"in e?$e(e.headerFingerprint):void 0,bytesReceived:"bytesReceived"in e?Ue(e.bytesReceived):void 0,graphQLFields:"graphQLFields"in e&&"object"==typeof e.graphQLFields&&null!==e.graphQLFields?e.graphQLFields:void 0})}catch{}return new ze({})}static getFreshState(e){return delete e.headers["x-netacea-integration-state"],new ze({})}}var Ge;!function(e){e[e.NEW_SESSION=1]="NEW_SESSION",e[e.EXISTING_SESSION=2]="EXISTING_SESSION",e[e.RENEW_SESSION=3]="RENEW_SESSION"}(Ge||(Ge={}));class Qe{config;constructor(e){this.config=e}async getNetaceaRequestDetails(t,a){const{request:i}=t.cf,{uri:s,method:o}=i,n=await this.readCookie(i,this.config.sessionCookieName),c=await this.readCookie(i,this.config.captchaCookieName),d=function(e,t){const{clientIp:a}=e;if(void 0===t||""===t)return a;const i=e.headers[t]?.[0]?.value;return void 0===i||""===i?a:"x-forwarded-for"===t?i.split(/, ?/).pop()??a:i}(i,this.config.ipHeaderName),h=we.parsing.parseIntOrDefault(i.headers["content-length"]?.[0]?.value,{defaultValue:0}),{sessionCookieDetails:u,sessionCookieStatus:l,sessionStatus:p,userId:g}=function(e,t,a,i,s){const o=I(i,s,e.secretKey);if(void 0!==o.userId&&o.isPrimaryHashValid){const i=o.userId,{isExpired:s,shouldExpire:n,isSameIP:c}=o,d=s||n||!c&&e.mitigationType!==r.INGEST?Ge.RENEW_SESSION:Ge.EXISTING_SESSION,{sessionStatus:h}=Ke(e.mitigationType,o.match,o.mitigate,o.captcha,Te(t,a,e.netaceaCaptchaVerificationPath));return{userId:i,sessionCookieStatus:d,sessionStatus:h,sessionCookieDetails:o}}return{sessionStatus:"",userId:v(),sessionCookieStatus:Ge.NEW_SESSION,sessionCookieDetails:void 0}}(this.config,s,o,n,d);let f=a.headerFingerprint;void 0===f&&(f=await async function(t){const a=new P(e),i=t.headers[Oe.HeadersInOriginalOrderHeader]?.[0].value??"";let s="";if(""!==i)s=await a.hashHeaders(i.split(":"));else{const e=Object.entries(t.headers).flatMap((([e,t])=>t.map((({key:t})=>t??e))));s=await a.hashHeaders(e,!0)}return s}(i),a.headerFingerprint=f);const y={bytesReceived:Math.max(h,i.body?.data.length??0),clientIp:d,graphQL:void 0,method:o,requestId:t.cf.config.requestId,url:s,headerFingerprint:f,headers:{accept:i.headers.accept?.[0]?.value,contentType:i.headers["content-type"]?.[0]?.value,host:i.headers.host?.[0]?.value,userAgent:i.headers["user-agent"]?.[0]?.value??""},sessionDetails:{sessionCookie:n,sessionStatus:p,captchaToken:c,sessionCookieDetails:u,sessionCookieStatus:l,userId:g}};""===a.sessionCodes.match&&(a.sessionCodes.match=u?.match??"0"),""===a.sessionCodes.mitigate&&(a.sessionCodes.mitigate=u?.mitigate??"0"),""===a.sessionCodes.captcha&&(a.sessionCodes.captcha=u?.captcha??"0"),void 0!==a.bytesReceived&&(y.bytesReceived=a.bytesReceived),void 0!==a.graphQLFields&&(y.graphQL=a.graphQLFields);const m=t?.cf?.config?.eventType?.toLowerCase();if(m?.includes("response"))return y;if(void 0===y.graphQL)try{const e=function(e,t){const a=e.includePaths;return t.bytesReceived<=e.maxParsableBytes&&a.includes(t.url)&&"POST"===t.method&&void 0!==t.headers.accept&&t.headers.accept.toLocaleLowerCase().includes("graphql")&&"application/json"===t.headers.contentType}(this.config.graphQL,y);if(e){const{graphQL:e,bytesReceived:t}=await async function(e,t){const a="base64"===t.body?.encoding?Buffer.from(t.body?.data??"","base64").toString():t.body?.data??"";if(""===a)throw new Error("Netacea Error: No GraphQL Body");return{bytesReceived:a.length,graphQL:we.graphql.parseGraphQlRequestBody(e,a)}}(this.config.graphQL,i);y.bytesReceived=t,a.bytesReceived=t,y.graphQL=e,a.graphQLFields=e}}catch(e){if(console.error(e),e instanceof Je){const t=e.bodySize;t>y.bytesReceived&&(y.bytesReceived=t)}}return y}async readCookie(e,t){const a=We(e.headers,t,"set-cookie"),i=""!==a?a:We(e.headers,t,"cookie");if(null==i)return;const s=i.split(/; ?/g),o=`${t}=`;for(const e of s)if(e.startsWith(o)){const a=e.slice(o.length),i=this.config.encryptedCookies??[];if(void 0!==this.config.cookieEncryptionKey&&i.includes(t))try{return await Ne(a,this.config.cookieEncryptionKey)}catch(e){return}return a}}}function We(e,t,a,i=""){if(void 0!==e?.[a]){const i=e[a];if(void 0!==i){const e=i.find((e=>e.value.includes(t)));if(void 0!==e)return e.value}}return i}class Je extends Error{bodySize;constructor(e,t){super(e),this.bodySize=t}}function Xe(e){return new Qe({captchaCookieName:e.netaceaCaptchaCookieName,cookieEncryptionKey:e.cookieEncryptionKey,encryptedCookies:e.encryptedCookies,graphQL:e.graphQL,ipHeaderName:e.ipHeaderName,mitigationType:e.mitigationType,netaceaCaptchaVerificationPath:e.netaceaCaptchaVerificationPath,secretKey:e.secretKey,sessionCookieName:e.netaceaCookieName})}const{extractCookieAttr:Ye,extractAndRemoveCookieAttr:Ze,removeDuplicateAttrs:et}=E.cookie.attributes,tt=E.cookie.parse.parseSetCookie,{mitigationTypes:at,netaceaHeaders:it}=y;exports.Cloudfront=class{workerInstanceId;config;kinesis;constructor(e){this.config=new Oe(e),this.config.ingestType===n.KINESIS&&(void 0===this.config.kinesisConfigArgs?console.warn(`NETACEA WARN: no kinesis args provided, when ingestType is ${this.config.ingestType}`):this.kinesis=new we.ingest.Kinesis({deps:{aws4:a,Buffer:t.Buffer,makeRequest:this.makeRequest.bind(this)},kinesisIngestArgs:{...this.config.kinesisConfigArgs,apiKey:this.config.apiKey,rampUpBatchSize:!0,maxAwaitTimePerIngestCallMs:0}})),this.workerInstanceId=h.v4()}async handleRequest(e){let t;try{t=await async function(e,t){const a=t.Records[0],i=ze.getFreshState(a.cf.request),s=Xe(e),o=await s.getNetaceaRequestDetails(a,i);return{config:e,request:a.cf.request,requestState:i,requestDetails:o}}(this.config,e),t.requestState.reqHandlerId=this.workerInstanceId;const a=await this.handleNetaceaRoutes(t),{respondWith:i}=a;if(void 0!==i){const{shouldSetSessionCookie:e}=t.requestState;if(e){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);void 0===i.headers&&(i.headers={});const a=i.headers["set-cookie"]??[];a.push({key:"set-cookie",value:e}),i.headers["set-cookie"]=a}this.ingestUsingContext(t,i)}return a}catch(e){return console.error("Netacea FailOpen - ",e.message),void 0!==t?.request&&e instanceof Be&&t?.requestState.recordProtectorApiError(e),{}}finally{try{if(void 0!==t){const e=t.requestState.requestStartTimestamp;void 0!==e&&(t.requestState.reqHandlerMs=Date.now()-e),await t.requestState.saveToRequest(t.request,this.config.cookieEncryptionKey)}}catch(e){console.error("Netacea Error:",e)}}}async handleResponse(e){try{const t=await async function(e,t){const a=Date.now(),{request:i}=t.Records[0].cf,s=await ze.fromRequest(i,e.cookieEncryptionKey);s.resHandlerStartTime=a;const o=Xe(e);return{config:e,request:i,requestState:s,requestDetails:await o.getNetaceaRequestDetails(t.Records[0],s)}}(this.config,e);try{const a=e.Records[0].cf.response;await this.handleCaptchaFeedback(t,a)}catch(e){console.error("Netacea Error: captcha feedback failed",e)}if(t.requestState.shouldSetSessionCookie){const e=await this.createSetSessionCookie(t.requestDetails.clientIp,t.requestDetails.sessionDetails.userId,t.requestState.sessionCodes.match,t.requestState.sessionCodes.mitigate,t.requestState.sessionCodes.captcha,t.requestState.sessionCookieMaxAge);t.requestState.setCookies.push(e)}const{response:a}=e.Records[0].cf;this.setNetaceaCookies(a,t.requestState),this.ingestUsingContext(t,a)}catch(e){console.error("Netacea Error:",e)}}async handleCaptchaFeedback(e,t){const{captchaFeedbackHeaderName:a}=this.config;if(void 0===a)return;const i=t.headers,s=i[a]?.[0].value??"";if(delete t.headers[a],""===s)return;const o=JSON.parse(s),n=o?.status;if(!["pass","fail"].includes(n))throw new Error("Netacea Error: Invalid captcha feedback status "+String(n));const r=await this.makeRequest({host:this.config.mitigationServiceUrl,method:"POST",path:"/UpdateCaptcha",headers:{"content-type":"application/json; charset=utf-8","x-netacea-api-key":e.config.apiKey,"x-netacea-client-ip":e.requestDetails.clientIp,"x-netacea-userid":e.requestDetails.sessionDetails.userId},body:JSON.stringify({result:"pass"===o.status})});if(200!==r.status)throw new Error(`Netacea Error: Got status ${r.status} for /UpdateCaptcha`);const c=await this.createMitataCaptcha(r.headers);void 0!==c&&e.requestState.setCookies.push(c);let d=r.headers["x-netacea-captcha"];d=Array.isArray(d)?d[0]:d;let h=Re(r.headers,it.mitataExpiry)??NaN;isNaN(h)&&(h=86400);const u=e.requestState;u.sessionCodes.captcha=d,u.sessionCookieMaxAge=h,u.shouldSetSessionCookie=!0;const l=y.captchaMap[d]??"unknown",[p]=e.requestState.sessionStatus?.split(",")??"";e.requestState.sessionStatus=p+","+l}async handleNetaceaRoutes(e){const{uri:t,method:a}=e.request;if(Ee(t,a,this.config.netaceaCheckpointSignalPath)){return{respondWith:He({status:"200",headers:{}})}}if(function(e,t,a){return void 0!==a&&e.toLowerCase().includes(a.toLowerCase())&&"get"===t.toLowerCase()}(t,a,this.config.netaceaCaptchaPath)){return{respondWith:He(await this.handleCaptchaGetRequest(e))}}const i=function(e,t){if(void 0===t)return!1;const a=e.uri;if(t.startsWith("/"))return t===a;try{const i=e.headers.host?.[0]?.value,s=new URL(t);return s.host===i&&s.pathname===a}catch{return!1}}(e.request,this.config.netaceaBlockedResponseRedirectLocation);let s={injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""};return i||(s=await this.runMitigation(e)),void 0!==s&&"injectHeaders"in s&&(this.addNetaceaInjectHeadersToRequest(e.request,s?.injectHeaders),e.requestState.setCookies.push(...s.setCookie??[])),e.request.headers[Oe.NetaceaTrueUserAgentHeader]=[{key:Oe.NetaceaTrueUserAgentHeader,value:this.getValueFromHeaderOrDefault(e.request.headers,"user-agent","-")}],void 0!==s&&(void 0!==s.apiCallLatency&&(e.requestState.protectorApiLatency=s.apiCallLatency),void 0!==s.apiCallStatus&&(e.requestState.protectorApiStatus=s.apiCallStatus),void 0!==s.sessionStatus&&(e.requestState.sessionStatus=s.sessionStatus),void 0!==s.setCookie&&(e.requestState.setCookies=s.setCookie)),{respondWith:He(s?.response)}}async makeRequest({host:e,method:t,path:a,headers:i,body:s,params:o}){const n=new URL(e);n.pathname=a,void 0!==o&&(o instanceof URLSearchParams?n.search=o.toString():"object"==typeof o&&null!==o&&(n.search=we.url.searchParamsFromRecord(o).toString()));const r=n.toString(),c=new Request(r,{...{method:t,body:s,headers:i},duplex:"half"}),d=await R(r,c),h={};return d.headers.forEach(((e,t)=>{null!==e&&(h[t]=e)})),{status:d.status,body:await d.text(),headers:h}}async mitigate(e){const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath);try{const i=t?await this.handleCaptchaPostRequest(e):await this.check(e),s=Ke(this.config.mitigationType,i.match,i.mitigate,i.captcha,t);let o;if([at.block,at.captcha,at.captchaPass].includes(s.mitigation)){const r={"cache-control":[{key:"cache-control",value:["no-store","no-cache","must-revalidate","max-age=0"].join(", ")}],pragma:[{key:"pragma",value:"no-cache"}],"set-cookie":[]};for(const e of i.setCookie)r["set-cookie"]=r["set-cookie"]??[],r["set-cookie"].push({key:"set-cookie",value:e});const c="captcha"===s.mitigation;c&&void 0!==this.config.captchaHeader&&(r[this.config.captchaHeader.name]=[{key:this.config.captchaHeader.name,value:this.config.captchaHeader.value}]);let d={status:"200",statusDescription:"OK",body:""};if(t||(d={status:String(this.config.netaceaBlockedResponseStatus),statusDescription:"Forbidden",body:this.config.netaceaBlockedResponseBody},r["content-type"]=[{key:"content-type",value:this.config.netaceaBlockedResponseContentType}]),o={headers:r,...d},void 0!==this.config.netaceaBlockedResponseRedirectLocation&&!c&&function(e){if("GET"!==e.method?.toUpperCase())return!1;const t=(e.headers["sec-fetch-mode"]??[]).map((e=>e.value));return!(t.length>0&&!t.includes("navigate"))&&(e.headers.accept??[]).map((e=>e.value.split(/, ?/))).flat().includes("text/html")}(e.request)&&(o.status="303",r.Location=[{key:"Location",value:this.config.netaceaBlockedResponseRedirectLocation}]),c&&void 0!==i.body&&i.body.length>0){const e=(a=i.body).includes("captchaRelativeURL")&&a.includes("captchaAbsoluteURL");o.status=e?"403":"200",o.statusDescription=e?"Forbidden":"OK",o.body=i.body,o.bodyEncoding="text",r["content-type"]=e?[{key:"content-type",value:"application/json"}]:[{key:"content-type",value:"text/html; charset=UTF-8"}]}this.config.ingestType===n.KINESIS&&(e.requestState.protectorApiLatency=i.apiCallLatency,e.requestState.protectorApiStatus=i.apiCallStatus,e.requestState.sessionStatus=s.sessionStatus)}return"4"===s.parts.mitigate&&this.addNetaceaInjectHeadersToRequest(e.request,Me(s.parts)),{response:o,sessionStatus:s.sessionStatus,setCookie:i.setCookie,apiCallLatency:i.apiCallLatency,apiCallStatus:i.apiCallStatus}}catch(a){if(a instanceof Be&&e.requestState.recordProtectorApiError(a),t){return{response:{status:"500",statusDescription:"Internal Server Error",body:"",headers:{}},sessionStatus:"error_open"}}return console.error("Netacea FailOpen Error: ",a),{sessionStatus:"error_open"}}var a}async inject(e){try{const t=Te(e.request.uri,e.request.method,this.config.netaceaCaptchaVerificationPath),a=t?await this.handleCaptchaPostRequest(e):await this.check(e),i=Ke(this.config.mitigationType,a.match,a.mitigate,a.captcha,t);return{injectHeaders:this.config.mitigationType===r.INJECT||"4"===i.parts.mitigate?Me(i.parts):void 0,sessionStatus:i.sessionStatus,setCookie:a.setCookie,apiCallLatency:a.apiCallLatency,apiCallStatus:a.apiCallStatus}}catch(e){return console.error("Netacea FailOpen Error: ",e),{sessionStatus:"",injectHeaders:void 0,setCookie:void 0}}}async ingestUsingContext(e,t=void 0){if(!this.config.ingestEnabled)return;if(null==t)throw new Error("Cloudfront response is required to ingest");const a=await Fe(e,t,this.workerInstanceId);await this.callIngest(a)}setNetaceaCookies(e,t){if(void 0===e)throw new Error("Response required to add cookies to response");if(null!=e.headers){let a=!1;if(a=void 0!==(e.headers["set-cookie"]??[]).find((e=>!!e.value.startsWith(`${this.config.netaceaCookieName}=`)||!!e.value.startsWith(`${this.config.netaceaCaptchaCookieName}=`))),!a&&t.setCookies.length>0){void 0===e.headers["set-cookie"]&&(e.headers["set-cookie"]=[]);for(const a of t.setCookies)e.headers["set-cookie"].push({key:"set-cookie",value:a})}}}getValueFromHeaderOrDefault(e,t,a=""){if(void 0!==e?.[t]){const a=e[t];if(void 0!==a)return a[0].value}return a}async handleCaptchaPostRequest(e){const{status:t,match:a,mitigate:i,captcha:s,body:o,setCookie:n,latency:c,mitataMaxAge:d}=await this.makeCaptchaAPICall(e),h=e.requestState;h.sessionCodes={match:a,mitigate:i,captcha:s},h.sessionCookieMaxAge=d,h.shouldSetSessionCookie=String(s)!==String(y.captchaStatusCodes.checkpointPost);const u=Ke(this.config.mitigationType,a,i,s,!0),l={body:o,apiCallStatus:t,apiCallLatency:c,setCookie:n,sessionStatus:u.sessionStatus,mitigation:u.mitigation,injectHeaders:void 0,match:a,mitigate:i,captcha:s};return(this.config.mitigationType===r.INJECT||"4"===u.parts.mitigate)&&(l.injectHeaders=Me(u.parts)),l}async handleCaptchaGetRequest(e){const{querystring:t}=e.request,a=t.split("&").find((e=>e.includes("trackingId=")))?.replace("trackingId=",""),i=await this.makeMitigateAPICall(e,{isCaptchaGet:!0,defaultMitataCodes:{match:"0",mitigate:"0",captcha:"1"},trackingId:a}),{match:s,mitigate:o,captcha:n}=i,c=Ke(e.config.mitigationType,s,o,n,!1),d={body:i.body,apiCallStatus:i.status,apiCallLatency:i.latency,setCookie:i.setCookie,sessionStatus:c.sessionStatus,injectHeaders:void 0,mitigated:[at.block,at.captcha,at.captchaPass].includes(c.mitigation)};(e.config.mitigationType===r.INJECT||"4"===c.parts.mitigate)&&(d.injectHeaders=Me(c.parts));const h=e.requestState;h.sessionStatus=d.sessionStatus,h.protectorApiLatency=d.apiCallLatency,h.protectorApiStatus=d.apiCallStatus;return{headers:qe(d.setCookie),status:"403",body:d.body,statusDescription:"Forbidden"}}addNetaceaInjectHeadersToRequest(e,t){if(void 0===t)return e;for(const[a,i]of Object.entries(t))e.headers[a]=[{key:a,value:i}];return e}async encryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ae(e,this.config.cookieEncryptionKey):e}async decryptCookieValue(e){return void 0!==this.config.cookieEncryptionKey?await Ne(e,this.config.cookieEncryptionKey):e}async runMitigation(e){try{switch(this.config.mitigationType){case r.MITIGATE:return await this.mitigate(e);case r.INJECT:return await this.inject(e);case r.INGEST:return await this.processIngest(e);default:throw new Error(`Netacea Error: Mitigation type ${this.config.mitigationType} not recognised`)}}catch(t){return console.error("Netacea FAILOPEN Error:",t),{injectHeaders:Me(e.requestState.sessionCodes),sessionStatus:""}}}async readCookie(e,t){if(null==t)return;if("string"==typeof t)return await this.readCookie(e,t.split(";"));const a=`${e}=`;for(const i of t){const t=i.split(";")[0].trimStart();if(t.startsWith(a)){const i=t.slice(a.length);if(this.config.encryptedCookies.includes(e))try{return await this.decryptCookieValue(i)}catch(e){return}return i}}}async makeCaptchaAPICall(e){const t=e.requestDetails.sessionDetails.userId,a=this.getValueFromHeaderOrDefault(e.request.headers,"content-type","application/x-www-form-urlencoded; charset=UTF-8"),i={"X-Netacea-UserId":t,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"user-agent":e.requestDetails.headers.userAgent,"Content-Type":a};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(i["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,i["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey);const s=new URLSearchParams,o=e.requestState.headerFingerprint??"";""!==o&&s.append("headerFP",o),s.append("netaceaHeaders","request-id");const n=function(e,t){if(void 0!==e&&""!==e&&0!==e.trim().length){if(!t.includes("application/json"))return e;try{return JSON.parse(e),e}catch(t){return console.warn("Invalid JSON in captcha data, attempting to serialize:",t),JSON.stringify({data:e})}}}(function(e){if(void 0===e.body?.data||0===e.body.data.length)return"";if(e.body?.inputTruncated)throw new Error("Netacea Error :: Request body is too large.");let t;if("text"===e.body.encoding)t=e.body.data;else try{t=Buffer.from(e.body.data,"base64").toString("utf-8")}catch(a){console.warn("Failed to decode base64 request body:",a),t=e.body.data}if((e.headers["content-type"]?.[0]?.value?.toLowerCase()??"").includes("application/json"))try{JSON.parse(t)}catch(e){console.warn("Request body is not valid JSON despite content-type header:",e)}return t}(e.request),a),r=Date.now(),c=await this.makeRequest({host:this.config.mitigationServiceUrl,path:"/AtaVerifyCaptcha",headers:i,method:"POST",body:n,timeout:this.config.timeout,params:s}),d=Date.now()-r;return await this.getApiCallResponseFromResponse(c,d,void 0)}async getApiCallResponseFromResponse(e,t,a){if(200!==e.status)throw new Be(e,t);const i=Pe(e.headers,it.match)??a?.match??"0",s=Pe(e.headers,it.mitigate)??a?.mitigate??"0",o=Pe(e.headers,it.captcha)??a?.captcha??"0";let n=Re(e.headers,it.mitataExpiry)??NaN;isNaN(n)&&(n=86400);const r=[];if(String(o)!==String(y.captchaStatusCodes.checkpointPost)){const t=await this.createMitataCaptcha(e.headers);void 0!==t&&r.push(t)}const c=Pe(e.headers,it.eventId);return{status:e.status,match:i,mitigate:s,captcha:o,setCookie:r,body:e.body,eventId:c,mitataMaxAge:n,latency:t}}APIError(e){let t="Unknown error";switch(e.status){case 403:t="Invalid credentials";break;case 500:t="Server error";break;case 502:t="Bad Gateway";break;case 503:t="Service Unavailable";break;case 400:t="Invalid request"}return new Error(`Error reaching Netacea API (${t}), status: ${e.status}`)}async createSetSessionCookie(e,t,a,i,s,o=86400,n=void 0){const r=["1","3","5","a","c","e"].includes(s)||"3"===i?-60:this.config.mitataCookieExpirySeconds,c=n??Math.floor(Date.now()/1e3)+r;if(void 0===this.config.secretKey)throw new Error("Cannot build cookie without secret key.");const d=[a,i,s].join(""),h=function(e,t,a,i,s="000"){void 0===t&&(t=v());const o=[a,t,b(e+"|"+String(a),i),s].join(l);return`${b(o,i)}${l}${o}`}(e,t,c,this.config.secretKey,d);let u,p,g=o;if(""!==this.config.netaceaCookieAttributes){const{extractedAttribute:e,cookieAttributes:t}=Ze(this.config.netaceaCookieAttributes,"Max-Age");g=void 0!==e?Number(e):o;const{extractedAttribute:a,cookieAttributes:i}=Ze(t,"Path");u=a??"/",p=i??void 0}return await this.buildCookieFromValues(this.config.netaceaCookieName,h,g,p,u)}async createMitataCaptcha(e){let t=e["set-cookie"]??[];t="string"==typeof t?[t]:t;const a=t.find((e=>e.startsWith("_mitatacaptcha=")));let i,s="86400";if(void 0!==a&&""!==a)try{const e=tt(a);i=e.value,s=Ye(e.attributes,"Max-Age")??"86400"}catch(e){return}if(""===i||void 0===i)return;const o=et([this.config.netaceaCaptchaCookieAttributes,"Path=/",`Max-Age=${s}`]);return i=this.config.encryptedCookies.includes(this.config.netaceaCaptchaCookieName)?await this.encryptCookieValue(i):i,`${this.config.netaceaCaptchaCookieName}=${i}; ${o}`}async buildCookieFromValues(e,t,a,i,s="/"){const o=`${e}=${this.config.encryptedCookies.includes(e)?await this.encryptCookieValue(t):t}; Max-Age=${a}; Path=${s}`;return void 0!==i&&""!==i?`${o}; ${i}`:o}async callIngest(e){if(this.config.ingestType===n.KINESIS){if(void 0===this.kinesis)return void console.error("Netacea Error: Unable to log as Kinesis has not been defined.");if(void 0!==this.config.kinesisConfigArgs){const{kinesisStreamName:e,kinesisAccessKey:t,kinesisSecretKey:a}=this.config.kinesisConfigArgs;if(void 0===e||void 0===t||void 0===a)return void console.error("Netacea Error: Unable to log as Kinesis configuration misses credentials.")}try{await this.kinesis.ingest({...e,apiKey:this.config.apiKey})}catch(e){console.error("NETACEA Error: ",e.message)}}else{const t={"X-Netacea-API-Key":this.config.apiKey,"content-type":"application/json"},a=await this.makeIngestApiCall(t,e);if(200!==a.status&&202!==a.status)throw this.APIError(a)}}async makeIngestApiCall(e,t){return await this.makeRequest({host:this.config.ingestServiceUrl,method:"POST",path:"/",headers:e,body:JSON.stringify(t),timeout:this.config.timeout})}async processIngest(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required for ingest");const t=e.request.headers.cookie?.[0].value??"",a=I(await this.readCookie(this.config.netaceaCookieName,t),m,this.config.secretKey);return a.isPrimaryHashValid?a.requiresReissue?await this.setIngestOnlyMitataCookie(a.mitata?.userId):{sessionStatus:"",setCookie:[]}:await this.setIngestOnlyMitataCookie(void 0)}async setIngestOnlyMitataCookie(e){return{sessionStatus:"",setCookie:[await this.createSetSessionCookie(m,e,"0","0","0",86400)]}}async check(e){if(void 0===this.config.secretKey)throw new Error("Secret key is required to mitigate");const t=e.requestDetails.sessionDetails.sessionCookieDetails;if(void 0===t||!t.isPrimaryHashValid||t.requiresReissue){const t=await this.makeMitigateAPICall(e,{}),a=e.requestState,{match:i,mitigate:s,captcha:o}=t;return a.sessionCodes={match:i,mitigate:s,captcha:o},a.sessionCookieMaxAge=t.mitataMaxAge,a.shouldSetSessionCookie=!0,{body:t.body,apiCallStatus:t.status,apiCallLatency:t.latency,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}return{body:void 0,apiCallStatus:void 0,apiCallLatency:void 0,setCookie:[],match:t.match,mitigate:t.mitigate,captcha:t.captcha}}async makeMitigateAPICall(e,{isCaptchaGet:t=!1,defaultMitataCodes:a,trackingId:i}){const s={"user-agent":e.requestDetails.headers.userAgent,"X-Netacea-API-Key":this.config.apiKey,"X-Netacea-Client-IP":e.requestDetails.clientIp,"X-Netacea-Request-Id":e.requestDetails.requestId,"X-Netacea-UserId":e.requestDetails.sessionDetails.userId,cookie:this.buildCookieHeader({_mitatacaptcha:e.requestDetails.sessionDetails.captchaToken})};void 0!==this.config.captchaSiteKey&&void 0!==this.config.captchaSecretKey&&(s["X-Netacea-Captcha-Site-Key"]=this.config.captchaSiteKey,s["X-Netacea-Captcha-Secret-Key"]=this.config.captchaSecretKey),this.config.dynamicCaptchaContentType&&void 0!==this.config.netaceaCaptchaPath&&(s["X-Netacea-Captcha-Content-Type"]=function(e){const t=e?.toLowerCase()??"text/html",a=t?.includes("text/html")||t?.includes("application/html"),i=t?.includes("application/json");return i&&!a?"application/json":"text/html"}(e.requestDetails.headers.accept??"text/html"));const o="application/json"===s["X-Netacea-Captcha-Content-Type"],n=new URLSearchParams,r=e.requestState.headerFingerprint;"string"==typeof r&&n.set("headerFP",r),n.append("netaceaHeaders","request-id"),t&&void 0!==i&&n.append("trackingId",i);const c=Date.now(),d=await this.makeRequest({host:this.config.mitigationServiceUrl,path:t?"/captcha":"/",headers:s,method:"GET",timeout:this.config.timeout,params:n}),h=Date.now()-c;return o&&void 0!==this.config.netaceaCaptchaPath&&(d.body=function(e,t,a){let i;if(void 0===e||""===e)return"";if("string"==typeof e&&(i=JSON.parse(e)),!function(e){if(null==e)return!1;const t=e;return void 0!==t?.trackingId}(i))throw new Error("Body is not a Mitigation Service JSON response!");const s=`${a}?trackingId=${i.trackingId}`,o=void 0!==t?`https://${t}${s}`:void 0;return JSON.stringify({captchaRelativeURL:s,captchaAbsoluteURL:o})}(d.body,e.requestDetails.headers.host,this.config.netaceaCaptchaPath)),await this.getApiCallResponseFromResponse(d,h,a)}buildCookieHeader(e){let t="",a="";for(const i in e){const s=e[i];void 0!==s&&(t=`${t}${a}${i}=${s}`,a="; ")}return t}};
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@netacea/cloudfront",
-    "version": "7.0.13",
+    "version": "7.0.14",
     "description": "Netacea Cloudfront CDN integration",
     "files": [
         "dist/index.js",
@@ -23,5 +23,5 @@
         "jose": "^4.11.2",
         "uuid": "^10.0.0"
     },
-    "gitHead": "1e3f889b8a9df68ddc27ba41ec5730a186587ed4"
+    "gitHead": "07c0f02a76344c2b0d9db2af7f2eb8f6e5255330"
 }