@okta/okta-auth-js 7.14.1 → 7.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/cjs/http/OktaUserAgent.js +2 -2
  3. package/cjs/idx/authenticator/WebauthnEnrollment.js +6 -2
  4. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  5. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
  6. package/cjs/idx/types/idx-js.js.map +1 -1
  7. package/cjs/idx/webauthn.js +22 -4
  8. package/cjs/idx/webauthn.js.map +1 -1
  9. package/dist/okta-auth-js.authn.min.analyzer.html +2 -2
  10. package/dist/okta-auth-js.authn.min.js +1 -1
  11. package/dist/okta-auth-js.core.min.analyzer.html +2 -2
  12. package/dist/okta-auth-js.core.min.js +1 -1
  13. package/dist/okta-auth-js.idx.min.analyzer.html +2 -2
  14. package/dist/okta-auth-js.idx.min.js +1 -1
  15. package/dist/okta-auth-js.idx.min.js.map +1 -1
  16. package/dist/okta-auth-js.min.analyzer.html +2 -2
  17. package/dist/okta-auth-js.min.js +1 -1
  18. package/dist/okta-auth-js.min.js.map +1 -1
  19. package/dist/okta-auth-js.myaccount.min.analyzer.html +2 -2
  20. package/dist/okta-auth-js.myaccount.min.js +1 -1
  21. package/esm/browser/http/OktaUserAgent.js +2 -2
  22. package/esm/browser/idx/authenticator/WebauthnEnrollment.js +3 -5
  23. package/esm/browser/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  24. package/esm/browser/idx/authenticator/WebauthnVerification.js.map +1 -1
  25. package/esm/browser/idx/types/idx-js.js.map +1 -1
  26. package/esm/browser/idx/webauthn.js +18 -15
  27. package/esm/browser/idx/webauthn.js.map +1 -1
  28. package/esm/browser/package.json +1 -1
  29. package/esm/node/http/OktaUserAgent.js +2 -2
  30. package/esm/node/idx/authenticator/WebauthnEnrollment.js +3 -5
  31. package/esm/node/idx/authenticator/WebauthnEnrollment.js.map +1 -1
  32. package/esm/node/idx/authenticator/WebauthnVerification.js.map +1 -1
  33. package/esm/node/idx/types/idx-js.js.map +1 -1
  34. package/esm/node/idx/webauthn.js +18 -15
  35. package/esm/node/idx/webauthn.js.map +1 -1
  36. package/esm/node/package.json +1 -1
  37. package/package.json +3 -3
  38. package/types/lib/idx/authenticator/WebauthnEnrollment.d.ts +2 -0
  39. package/types/lib/idx/authenticator/WebauthnVerification.d.ts +1 -0
  40. package/types/lib/idx/types/idx-js.d.ts +3 -0
  41. package/types/lib/idx/webauthn.d.ts +3 -12
  42. package/umd/authn.js +1 -1
  43. package/umd/core.js +1 -1
  44. package/umd/default.js +1 -1
  45. package/umd/default.js.map +1 -1
  46. package/umd/idx.js +1 -1
  47. package/umd/idx.js.map +1 -1
  48. package/umd/myaccount.js +1 -1
package/dist/okta-auth-js.min.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"okta-auth-js.min.js","mappings":";uJAoBA,UAEaA,GAAoB,cA0B/B,WAAYC,EAA4BC,GAAmE,IAA1CC,EAAoC,UAAH,6CAAG,MAAI,+4BACvGC,KAAKC,UAAOC,EACZF,KAAKG,YAASD,EACVH,IACFC,KAAKC,KAAOF,EAGZK,OAAOC,OAAOL,MAAM,EAAAM,EAAAA,iBAAgBT,EAAKC,EAAIC,EAAKA,EAAK,CAAC,WACjDC,KAAKO,WAMO,uBAAfR,EAAII,QAAoCJ,EAAIS,SAC9CR,KAAKS,OAAS,WACZ,OAAOC,QAAQC,QAAQb,EAAGc,oBAC5B,GAGN,IAAC,mHCvBI,SAA0Bf,EAA4BC,EAAyBe,GACpF,IAAKA,IAASA,EAAKN,WAAY,CAC7B,IAAIA,EAAaO,EAAmBjB,GACpC,IAAIU,EAKF,OAAOG,QAAQK,OAAO,IAAIC,EAAAA,QAAa,+BAJvCH,EAAO,CACLN,WAAYA,EAKlB,CACA,OAAOU,EAAgBpB,EAAKgB,GACzBK,MAAK,SAAUnB,GACd,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAaO,SAA2BF,EAA4BC,EAAyBqB,EAAaN,EAAMO,GAExG,OADAA,EAAUhB,OAAOC,OAAO,CAAEgB,iBAAiB,GAAQD,IAC5C,EAAAE,EAAAA,MAAKzB,EAAKsB,EAAKN,EAAMO,GACzBF,MAAK,SAASnB,GACb,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAnDO,SAA2BF,EAA4BC,EAAyBe,GACrF,IAAKA,IAASA,EAAKN,WAAY,CAC7B,IAAIA,EAAaO,EAAmBjB,GACpC,IAAIU,EAKF,OAAOG,QAAQK,OAAO,IAAIC,EAAAA,QAAa,6BAJvCH,EAAO,CACLN,WAAYA,EAKlB,CACA,OAAOgB,EAAkB1B,EAAKgB,GAC3BK,MAAK,SAASnB,GACb,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAyBO,SAA2BF,GAEhC,QAASiB,EAAmBjB,EAC9B,4CAzDA,cACA,aACA,UAGA,UAIO,SAAS0B,EAAkB1B,EAA4BgB,GAE5D,OADAA,GAAO,EAAAW,EAAAA,eAAc3B,EAAKgB,IACnB,EAAAS,EAAAA,MAAKzB,EAAKA,EAAI4B,kBAAoB,gBAAiBZ,EAAM,CAAEQ,iBAAiB,GACrF,CAoCO,SAASJ,EAAgBpB,EAA4BgB,GAG1D,OAFAA,GAAO,EAAAW,EAAAA,eAAc3B,EAAKgB,IAEnB,EAAAS,EAAAA,MAAKzB,EAAKA,EAAI4B,kBAAoB,2BAA4BZ,EAAM,CAAEQ,iBAAiB,GAChG,CAeO,SAASP,EAAmBjB,GAG/B,OADgBA,EAAIuB,QAAQM,YAAaC,QAC1BC,IAAIC,EAAAA,qBACvB,iEC5DO,SAAmChC,GACxC,IAAMC,EAA0B,CAC9BK,OAAQoB,EAAAA,kBAAkBO,KAAK,KAAMjC,GACrCkC,OAAM,SAAClB,GACL,OAAO,EAAAmB,EAAAA,mBAAkBnC,EAAKC,EAAIe,EACpC,EACAoB,OAAQC,EAAAA,kBAAkBJ,KAAK,KAAMjC,GACrCsC,WAAU,SAACtB,GACT,OAAO,EAAAuB,EAAAA,iBAAgBvC,EAAKC,EAAIe,EAClC,EACAD,kBAAmB,SAACb,GAClB,OAAO,IAAIH,EAAAA,qBAAqBC,EAAKC,EAAIC,EAC3C,EACAsC,kBAAmB,SAAClB,EAAaN,EAAoBO,GACnD,OAAO,EAAAiB,EAAAA,mBAAkBxC,EAAKC,EAAIqB,EAAKN,EAAMO,EAC/C,GAEF,OAAOtB,CACT,EA7BA,cAOA,2CCrBA,oLACA,oLACA,kPCgCO,SAONwC,GAEC,OAAO,SAAP,0BAdiB,IA8Cd,EApBA,EAZH,GAdiB,EAcjB,EAdiB,kbAmBf,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAM+B,OALhD,+BAASA,KAAM,+IAEf,EAAK0B,MAAQ,EAAKzC,IAAK,EAAA0C,EAAAA,4BAAyB,iBAGhD,EAAKC,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CA6CC,OA7CA,qEAGD,WAAaY,GAAmB,oFAK7B,GAJDA,GAAO,EAAAC,EAAAA,OAAMD,GAAQ,CAAC,GAChBE,EAAqB,SAACxB,GAE1B,cADOsB,EAAKG,gBACL,EAAK/C,GAAGuC,kBAAkB,gBAAiBK,EAAMtB,EAC1D,EACKsB,EAAKG,gBAAiB,CAAF,wCAChBD,KAAoB,gCAEtB5C,KAAKyC,cACXvB,MAAK,SAASuB,GACb,OAAOG,EAAmB,CACxBE,QAAS,CACP,uBAAwBL,IAG9B,KAAE,gDACH,kHAGD,WAA4BC,GAAkC,gGACrD1C,KAAK+C,OAAOL,IAAK,gDACzB,0EAGD,SAAeA,GACb,OAAO1C,KAAKF,GAAGuC,kBAAkB,kCAAmCK,EACtE,GAAC,2BAGD,SAAcA,GACZ,OAAO1C,KAAKF,GAAGuC,kBAAkB,gCAAiCK,EACpE,GAAC,iCAGD,SAAoBA,GAClB,IAAQM,EAAuCN,EAAvCM,0BAA8BnC,GAAI,aAAK6B,EAAI,GAKnD,OAJIM,IAEDnC,EAAaO,QAAU,CAAE4B,0BAAAA,IAErBhD,KAAKF,GAAGuC,kBAAkB,+BAAgCxB,EACnE,KAAC,EAzDI,CAAyByB,EA4DlC,uIAzFA,SAGA,aAUA,UAEmB,uGCvBZ,SAAShC,EAAgBT,EAA4BC,EAAyBC,EAAKkD,EAAKC,GAI7F,GAHAD,EAAMA,GAAOlD,EACbkD,GAAM,EAAAN,EAAAA,OAAMM,GAERE,MAAMC,QAAQH,GAAM,CAEtB,IADA,IAAII,EAAS,GACJC,EAAI,EAAGC,EAAKN,EAAIO,OAAQF,EAAIC,EAAID,IACvCD,EAAOI,KAAKnD,EAAgBT,EAAKC,EAAIC,EAAKkD,EAAIK,GAAIJ,IAEpD,OAAOG,CACT,CAEA,IAAIK,EAAWT,EAAIU,WAAa,CAAC,EAEjC,IAAK,IAAIC,KAAOF,EACTtD,OAAOyD,UAAUC,eAAeC,KAAKL,EAAUE,MAKhD,EAAAI,EAAAA,UAASN,EAASE,KAAST,MAAMC,QAAQM,EAASE,OACpDF,EAASE,GAAOtD,EAAgBT,EAAKC,EAAIC,EAAK2D,EAASE,GAAMV,IAKjE,IAAIe,GAAM,EAAAC,EAAAA,WAAUrE,EAAKC,EAAIC,EAAKkD,EAAKC,GAKvC,OAJA9C,OAAOC,OAAOqD,EAAUO,GAExBhB,GAAM,EAAAkB,EAAAA,MAAKlB,EAAK,YAAa,UAC7B7C,OAAOC,OAAO4C,EAAKS,GACZT,CACT,EApCA,aAEA,qECaO,SAASmB,EAAQvE,EAA4BC,EAAyBC,EAAKkD,EAAKoB,EAAMnB,GAC3F,GAAIC,MAAMC,QAAQiB,GAChB,OAAO,SAASC,EAAM5B,GACpB,IAAK4B,EACH,MAAM,IAAItD,EAAAA,QAAa,4BAGzB,IAAIuD,GAAK,EAAAC,EAAAA,MAAKH,EAAM,CAACC,KAAMA,IAC3B,IAAKC,EACH,MAAM,IAAIvD,EAAAA,QAAa,+BAGzB,OAAOoD,EAAQvE,EAAKC,EAAIC,EAAKkD,EAAKsB,EAAIrB,EAA/BkB,CAAoC1B,EAC7C,EAEK,GAAI2B,EAAKI,OACZJ,EAAKI,MAAMC,OACiB,IAA5BL,EAAKI,MAAMC,MAAMlB,OAEnB,OADaa,EAAKI,MAAMC,MAAM,IAG5B,IAAK,MACH,OAAO,WACL,OAAO,EAAA9C,EAAAA,KAAI/B,EAAKwE,EAAKM,KAAM,CAAEtD,iBAAiB,GAChD,EAEF,IAAK,OAEH,OAAO,SAASqB,GACVQ,GAAOA,EAAI0B,YACb1B,EAAI0B,WAAY,GAGlB,IAAI3E,GAAO,EAAAuB,EAAAA,eAAczB,EAAK2C,GAEX,eAAf3C,EAAII,QAA0C,kBAAfJ,EAAII,QAErCC,OAAOC,OAAOJ,EAAM,CAClB4E,WAAY5B,EAAI4B,WAChBC,SAAU7B,EAAI6B,WAIlB,IAAIC,EAAS,CAAC,EACVC,EAAW/E,EAAK+E,SACpB,QAAiB9E,IAAb8E,EAAwB,CAC1B,GAAwB,mBAAbA,EACT,IACED,EAAOC,WAAaA,GACtB,CACA,MAAOC,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,kCACzC,MAEoB,OAAbgE,IACPD,EAAOC,WAAaA,GAEtB/E,GAAO,EAAAkE,EAAAA,MAAKlE,EAAM,WACpB,CAEA,IAAIiF,EAAiBjF,EAAKiF,eAC1B,QAAuBhF,IAAnBgF,EAA8B,CAChC,GAA8B,mBAAnBA,EACT,IACEH,EAAOG,iBAAmBA,GAC5B,CACA,MAAOD,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,wCACzC,MAE0B,OAAnBkE,IACPH,EAAOG,iBAAmBA,GAE5BjF,GAAO,EAAAkE,EAAAA,MAAKlE,EAAM,iBAEpB,MAAWA,EAAKkF,cACuBjF,IAA7BD,EAAKkF,QAAQC,cACjBnF,EAAKkF,QAAQC,cACfL,EAAOK,aAAc,GAEvBnF,EAAKkF,SAAU,EAAAhB,EAAAA,MAAKlE,EAAKkF,QAAS,gBAEpC,IAAIR,EAAON,EAAKM,MAAO,EAAAU,EAAAA,eAAcN,GACrC,OAAO,EAAA1C,EAAAA,mBAAkBxC,EAAKC,EAAI6E,EAAM1E,EAC1C,EAGR,EAvGA,aACA,aACA,UAEA,UACA,yDCDO,SAAmBJ,EAA4BC,EAAyBC,EAAKkD,EAAKC,GACvF,IAAIe,EAAM,CAAC,EACX,IAAK,IAAIqB,KAAYrC,EAAIzC,OACvB,GAAKJ,OAAOyD,UAAUC,eAAeC,KAAKd,EAAIzC,OAAQ8E,GAAtD,CAIA,IAAIjB,EAAOpB,EAAIzC,OAAO8E,GAMtB,GAJiB,SAAbA,IACFA,EAAWjB,EAAKC,MAGdD,EAAKkB,KACPtB,EAAIqB,GAAYjB,OAIlB,GAGO,SAHCiB,EAIJrB,EAAIuB,MAAO,EAAAC,EAAAA,WAAU5F,EAAKE,EAAKmD,OAGjC,CACE,IAAIwC,GAAK,EAAAtB,EAAAA,SAAQvE,EAAKC,EAAIC,EAAKkD,EAAKoB,EAAMnB,GACtCwC,IACFzB,EAAIqB,GAAYI,EAClB,CAxBJ,CA2BF,OAAOzB,CACT,EApCA,cACA,uECyBO,SAAmBpE,EAAKE,EAA4BmD,GACzD,OAAO,SAAU9B,GACf,IAAIuE,EACAT,EACAF,EACAY,GAEA,EAAAC,EAAAA,UAASzE,GACXuE,EAAQvE,GACC,EAAA4C,EAAAA,UAAS5C,KAElBuE,EAAQvE,EAAQuE,MAChBT,EAAiB9D,EAAQ8D,eACzBF,EAAW5D,EAAQ4D,SACnBY,EAAsBxE,EAAQwE,qBAG3BD,GAAmB,IAAVA,IACZA,EAAQG,EAAAA,uBAIV,IAAIC,GAAW,EAAAC,EAAAA,SAAQjG,EAAK,OAAQ,QAmCpCmD,EAAI0B,WAAY,EAEhB,IAAIqB,EAAa,EA+CjB,OA9CoB,SAAhBC,IAEF,OAAKhD,EAAI0B,UAtCX,WACE,IAAIlC,EAAO,CAAC,EACZ,GAAwB,mBAAbsC,EACT,IACEtC,EAAKsC,WAAaA,GACpB,CACA,MAAOC,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,kCACzC,MAEOgE,UACPtC,EAAKsC,WAAaA,GAEpB,GAA8B,mBAAnBE,EACT,IACExC,EAAKwC,iBAAmBA,GAC1B,CACA,MAAOD,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,wCACzC,MAEOkE,UACPxC,EAAKwC,iBAAmBA,GAG1B,IAAIP,EAAOoB,EAASpB,MAAO,EAAAU,EAAAA,eAAc3C,GACzC,OAAO,EAAApB,EAAAA,MAAKzB,EAAK8E,GAAM,EAAAwB,EAAAA,eAAcpG,GAAM,CACzCqG,gBAAgB,EAChB/E,iBAAiB,EACjBgF,eAAe,GAEnB,CAWSC,GACJpF,MAAK,SAAUqF,GAKd,GAHAN,EAAa,EAGTM,EAAQC,cAAyC,YAAzBD,EAAQC,aAA4B,CAG9D,IAAKtD,EAAI0B,UACP,MAAM,IAAI6B,EAAAA,QAQZ,MALmC,mBAAxBb,GACTA,EAAoBW,IAIf,EAAAG,EAAAA,OAAQf,GAAOzE,KAAKgF,EAE7B,CAIE,OADAhD,EAAI0B,WAAY,EACT/E,EAAIC,GAAGc,kBAAkB2F,EAEpC,IACCI,OAAM,SAASC,GAEd,GAAIA,EAAIC,MACgB,IAAnBD,EAAIC,IAAI1G,QAAmC,MAAnByG,EAAIC,IAAI1G,SACjC8F,GAAc,EAAG,CACnB,IAAIa,EAAwC,IAA1BC,KAAKC,IAAI,EAAGf,GAE9B,OADAA,KACO,EAAAS,EAAAA,OAAQI,GACZ5F,KAAKgF,EACV,CACA,MAAMU,CACR,IAzCOlG,QAAQK,OAAO,IAAI0F,EAAAA,QA0C9B,CACOP,GACJS,OAAM,SAASC,GAEd,MADA1D,EAAI0B,WAAY,EACVgC,CACR,GACJ,CACF,EA/HA,cACA,SACA,UACA,aACA,aAEA,GADA,QACA,0CCHO,SAASpF,EAAczB,EAAKqB,GACjC,IAAI6F,EAAY,CAAC,EAQjB,OAPA7G,OAAOC,OAAO4G,EAAW7F,IAGpB6F,EAAU1G,YAAcR,EAAIQ,aAC/B0G,EAAU1G,WAAaR,EAAIQ,YAGtB0G,CACT,mCAEO,SAAuBlH,GAC5B,OAAOyB,EAAczB,EACvB,kFCRO,SAKLmH,GAEF,IACQC,GAAY,cAQhB,cAA4B,qIAC1B,IAAM/F,EAAU,IAAI8F,EAAmB,UAAK1D,SAAS,0CAAgB,CAAC,GACtExD,KAAKoB,SAAU,EAAAgG,EAAAA,YAAWhG,GAC1BpB,KAAKqH,QAAU,IAAIC,EAAAA,QACnBtH,KAAKuH,SAAWA,CAClB,IAWF,OAXG,aAbGJ,EAAY,WAKeI,IAAQ,aALnCJ,EAAY,YAMGK,GAWrBL,EAAaI,SAAWJ,EAAatD,UAAU0D,SAAWA,EAG1DnH,OAAOC,OAAO8G,EAAc,CAC1BK,UAAAA,IAGKL,CACT,6CApDA,SAEA,YACA,aAKA,aAAmC,8lBCXnC,oLACA,oLACA,oQCYO,WAEL,OAAO,EAAP,YAGE,WAAYtG,IAAW,0DACrBb,KAAKyH,UAAY5G,EAAK4G,OACxB,GAGJ,iICVA,gBACA,aAQA,SACA,SAsBI/F,EAAkC,CAIpCgG,uBAAwB,WACtB,IACE,IAAI/F,EAAU3B,KAAK2H,kBACnB,OAAO3H,KAAK4H,YAAYjG,EAC1B,CAAE,MAAOsD,GACP,OAAO,CACT,CACF,EAEA4C,yBAA0B,WACxB,IACE,IAAIlG,EAAU3B,KAAK8H,oBACnB,OAAO9H,KAAK4H,YAAYjG,EAC1B,CAAE,MAAOsD,GACP,OAAO,CACT,CACF,EAEA8C,gBAAiB,SAASC,GACxB,IAAIC,GAAY,EAChB,OAAQD,GACN,IAAK,iBACHC,EAAYjI,KAAK6H,2BACjB,MACF,IAAK,eACHI,EAAYjI,KAAK0H,yBACjB,MACF,IAAK,SACL,IAAK,SACHO,GAAY,EACZ,MACF,QACEA,GAAY,EAGhB,OAAOA,CACT,EAEAC,iBAAkB,SAASF,EAA0B5G,GACnD,IAAI+G,EACJ,OAAQH,GACN,IAAK,iBACHG,EAAkBnI,KAAK8H,oBACvB,MACF,IAAK,eACHK,EAAkBnI,KAAK2H,kBACvB,MACF,IAAK,SACHQ,EAAkBnI,KAAKoI,iBAAiBhH,GACxC,MACF,IAAK,SACH+G,EAAkBnI,KAAKqI,qBACvB,MACF,QACE,MAAM,IAAIrH,EAAAA,QAAa,gCAAD,OAAiCgH,IAG3D,OAAOG,CACT,EAEAG,gBAAiB,SAASC,GACxB,IAAIC,EACAC,EAKJ,OAFAD,GADAD,EAAQA,EAAMG,SACEC,SAChBF,EAAWF,EAAM/E,OAAS+E,EAAM,GAAK,MAKjCvI,KAAK+H,gBAAgBS,GAChBA,IAIT,EAAAI,EAAAA,MAAI,uCAAiCJ,EAAO,0BAAkBC,EAAQ,MAG/DzI,KAAKsI,gBAAgBC,IAXnBC,CAYX,EAEAb,gBAAiB,WAMf,OAJI,EAAAkB,EAAAA,kBAAmBC,OAAOC,YAC5BD,OAAOC,UAAY,WAAY,GAG1BC,YACT,EAEAlB,kBAAmB,WACjB,OAAOmB,cACT,EAGAb,iBAAkB,SAAShH,GAAwB,WAC3C8H,EAAS9H,EAAS8H,OAClBC,EAAW/H,EAAS+H,SACpBC,EAAgBhI,EAASgI,cAC/B,QAAsB,IAAXF,QAA8C,IAAbC,EAC1C,MAAM,IAAInI,EAAAA,QAAa,sEAEzB,IAAMW,EAAyB,CAC7B0H,QAASrJ,KAAK2B,QAAQC,IACtB0H,QAAS,SAAC1F,EAAK2F,GAAkD,IAA3CC,EAAY,UAAH,6CAAG,2BAEhCA,EAAaJ,EAAgB,KAAOI,EACpC,EAAK7H,QAAQ8H,IAAI7F,EAAK2F,EAAOC,EAAW,CACtCN,OAAQA,EACRC,SAAUA,GAEd,EACAO,WAAY,SAAC9F,GACX,EAAKjC,QAAQgI,OAAO/F,EACtB,GAGF,OAAKxC,EAASwI,mBAOP,CACLP,QAAS,SAASzF,GAChB,IAAI3D,EAAO0B,EAAQ0H,UACfE,EAAQ,CAAC,EAMb,OALAnJ,OAAOyJ,KAAK5J,GAAM6J,SAAQ,SAAAC,GACA,IAApBA,EAAEC,QAAQpG,KACZ2F,EAAMQ,EAAEE,QAAQ,GAAD,OAAIrG,EAAG,KAAK,KAAOsG,KAAKC,MAAMlK,EAAK8J,IAEtD,IACOG,KAAKE,UAAUb,EACxB,EACAD,QAAS,SAAS1F,EAAK2F,GACrB,IAAIc,EAAiBH,KAAKC,MAAMnK,KAAKqJ,QAAQzF,IAC7C2F,EAAQW,KAAKC,MAAMZ,GAEnBnJ,OAAOyJ,KAAKN,GAAOO,SAAQ,SAAAC,GACzB,IAAIO,EAAa1G,EAAM,IAAMmG,EACzBQ,EAAeL,KAAKE,UAAUb,EAAMQ,IACxCpI,EAAQ2H,QAAQgB,EAAYC,UACrBF,EAAeN,EACxB,IAEA3J,OAAOyJ,KAAKQ,GAAgBP,SAAQ,SAAAC,GAClCpI,EAAQ+H,WAAW9F,EAAM,IAAMmG,EACjC,GACF,EACAL,WAAY,SAAS9F,GACnB,IAAIyG,EAAiBH,KAAKC,MAAMnK,KAAKqJ,QAAQzF,IAC7CxD,OAAOyJ,KAAKQ,GAAgBP,SAAQ,SAAAC,GAClCpI,EAAQ+H,WAAW9F,EAAM,IAAMmG,EACjC,GACF,GArCOpI,CAuCX,EAGA6I,cAAe,CAAC,EAChBnC,mBAAoB,WAAW,WAC7B,MAAO,CACLgB,QAAS,SAACzF,GACR,OAAO,EAAK4G,cAAc5G,EAC5B,EACA0F,QAAS,SAAC1F,EAAK2F,GACb,EAAKiB,cAAc5G,GAAO2F,CAC5B,EAEJ,EAEA3B,YAAa,SAASjG,GACpB,IAAIiC,EAAM,oBACV,IAGE,OAFAjC,EAAQ2H,QAAQ1F,EAAKA,GACrBjC,EAAQ+H,WAAW9F,IACZ,CACT,CAAE,MAAOqB,GACP,OAAO,CACT,CACF,EAEAtD,QAAS,CACP8H,IAAK,SAASnF,EAAciF,EAAeC,EAAmBpI,GAC5D,IAAQ+H,EAAqB/H,EAArB+H,SAAUD,EAAW9H,EAAX8H,OAClB,QAAsB,IAAXA,QAA8C,IAAbC,EAC1C,MAAM,IAAInI,EAAAA,QAAa,iEAEzB,IAAIyJ,EAA+B,CACjCC,KAAMtJ,EAAQsJ,MAAQ,IACtBxB,OAAAA,EACAC,SAAAA,GAaF,OATOwB,KAAKR,MAAMX,KAKhBiB,EAAcG,QAAU,IAAID,KAAKnB,IAGnCqB,EAAAA,QAAQpB,IAAInF,EAAMiF,EAAOkB,GAClBzK,KAAK4B,IAAI0C,EAClB,EAEA1C,IAAK,SAAS0C,GAEZ,OAAKwG,UAAUtH,OAGRqH,EAAAA,QAAQjJ,IAAI0C,GAFVuG,EAAAA,QAAQjJ,KAGnB,EAEA+H,OAAQ,SAASrF,GACf,OAAOuG,EAAAA,QAAQE,OAAOzG,EAAM,CAAEoG,KAAM,KACtC,IAEF,EAEahJ,EAAW,6ECxPX,SAAqB7B,EAA4BuB,GAA+C,MAC7G,KAAK,EAAA4J,EAAAA,0BACH,OAAOtK,QAAQK,OAAO,IAAIC,EAAAA,aAAa,mDAGzC,IACIiK,EACAC,EACAC,EAHEC,EAA8B,QAArB,EAAGhK,aAAO,EAAPA,EAASgK,iBAAS,QAAIC,SAASC,KAiDjD,OA7CgB,IAAI5K,SAAQ,SAAUC,EAASI,IAC7CmK,EAASG,SAASE,cAAc,WACzBC,MAAMC,QAAU,OAGvBN,EAAW,SAAkBlG,GAC3B,GAAKyG,EAA2BR,EAAQjG,IAInCA,GAAMA,EAAEhF,MAAQgF,EAAE0G,SAAW9L,EAAI4B,kBAAtC,CAIA,IAAImK,EAa+C,IAZnD,IACEA,EAAM1B,KAAKC,MAAMlF,EAAEhF,KACrB,CAAE,MAAO2G,GAIP,MACF,CAEA,GAAKgF,EACL,MAAiB,yBAAbA,EAAIrG,KACC5E,EAAQiL,EAAInJ,aACG,4BAAbmJ,EAAIrG,KAKNxE,EAAO,IAAIC,EAAAA,aAAa,iBAJzB,QAAN,EAAAkK,SAAM,OAAe,QAAf,EAAN,EAAQW,qBAAa,OAArB,EAAuBC,YAAY5B,KAAKE,UAAU,CAChD7E,KAAM,mBACJN,EAAE0G,QAlBR,CAsBF,GACA,EAAAI,EAAAA,aAAYjD,OAAQ,UAAWqC,GAE/BD,EAAOc,IAAMnM,EAAI4B,kBAAoB,mCACrC2J,EAAUa,YAAYf,GAEtBD,EAAUiB,YAAW,WACnBnL,EAAO,IAAIC,EAAAA,aAAa,4BAC1B,IAAGI,aAAO,EAAPA,EAAS6J,UAAW,KACzB,IAEekB,SAAQ,WAGW,MAFhCC,aAAanB,IACb,EAAAoB,EAAAA,gBAAevD,OAAQ,UAAWqC,GAC9BC,EAAUkB,SAASpB,KACD,QAApB,EAAAA,EAAOqB,qBAAa,OAApB,EAAsBC,YAAYtB,GAEtC,GACF,EAzEA,cACA,SACA,UAOMQ,EAA6B,SAACR,EAA2BuB,GAAmB,OACrEA,EAAMC,SAAWxB,EAAOW,aAAa,EA+DjD,iIC1EoBc,EAAQ,WAG3B,WAAYC,IAAa,8DAEvB5M,KAAK4M,YAAcC,SAASD,GAAe,EAC7C,CAOC,OAPA,iCAUD,WAEE,OADWjC,KAAKmC,MAAQ9M,KAAK4M,aAAe,GAE9C,IAAC,qBAVD,WAGE,OAAO,IAAID,EADO,EAEpB,KAAC,EAb0B,GAa1B,0jBCbkD,uBAAjB,iBACK,wBAAJ,IACA,sBAAF,EACO,yBAAJ,IACM,yBAAN,MACiB,qBAArB,qBACqB,qBAArB,qBACmB,oBAApB,oBACkC,2BAA3B,2BACyC,kCAAlC,kCACsB,4BAA5B,4BAC4B,4BAA5B,4BACa,2BAAd,cACO,uBAAV,UACoB,4BAAf,eACc,4BAAf,eAIH,sBAAH,GACI,sBAAJ,IACiB,gCAAP,OAEN,kBAAR,6KCpB/B,aACA,UACA,UAYA,SAAmD,2kBAEZ,qBAAL,KAClC,IAAMI,EAAkB,CACtBC,uBAAwB,KACxBC,cAAe,GAEXC,EAA0B,kBAiBnBC,EAAgB,WAiB3B,WAAYtN,GAAsC,WAChD,IADgD,wQAC3CA,EAAIwH,QACP,MAAM,IAAIrG,EAAAA,aAAa,yDAGzBhB,KAAKoN,KAAOvN,EACZG,KAAKqN,SAAW,EAAH,GAAQN,GACrB/M,KAAKsN,WA9CyB,KA+C9BtN,KAAKuN,YAAc,CAAC,EACpBvN,KAAKwN,eAAiB,KACtBxN,KAAKyN,gBAAkB,IAAIC,EAAAA,aAAa,CACtCC,OAAO,IAMT9N,EAAI+N,aAAaC,GAAGC,EAAAA,aAAa,SAAClK,EAAKmK,GACrC,EAAKC,eAAe,CAAEvB,MAAOqB,EAAAA,YAAalK,IAAAA,EAAKmK,MAAAA,IAC/C,EAAKE,iBACP,IACApO,EAAI+N,aAAaC,GAAGK,EAAAA,eAAe,SAACtK,EAAKmK,GACvC,EAAKC,eAAe,CAAEvB,MAAOyB,EAAAA,cAAetK,IAAAA,EAAKmK,MAAAA,IACjD,EAAKE,iBACP,GACF,CAYC,MAkHA,OA9HA,4CAED,SAAe7M,GACbpB,KAAKuN,YAAcnM,CACrB,GAAC,0BAED,WACE,OAAOpB,KAAKsN,UACd,GAAC,kCAED,WACE,OAAOtN,KAAKwN,cACd,GAAC,8DAED,6GAkCG,GAlCH,EAC0CxN,KAAKoN,KAAKhM,QAA1C+M,EAAkB,EAAlBA,mBAAoB1G,EAAO,EAAPA,QAEtB2G,EAAM,SAACjO,GACX,MAA8B,EAAKoN,YAA3Bd,EAAK,EAALA,MAAO7I,EAAG,EAAHA,IAAKmK,EAAK,EAALA,OACpB,EAAAM,EAAAA,cAAaC,MAAM,uCAAD,OAAwC7B,EAAK,mBAAWtM,KAC1E,EAAAkO,EAAAA,cAAaD,IAAIxK,EAAKmK,IACtB,EAAAM,EAAAA,cAAaD,IAAI,oBAAqB,EAAKd,aAC3C,EAAAe,EAAAA,cAAaE,WAGb,EAAKhB,YAAc,CAAC,CACtB,EAEMiB,EAAsB,SAACC,GAnFT,IAACC,EAA6BC,IAoFXF,GApFlBC,EAoFC,EAAKpB,aA9EtBoB,EAAUE,kBAAoBD,EAAMC,iBACtC1E,KAAKE,UAAUsE,EAAUG,WAAa3E,KAAKE,UAAUuE,EAAME,UAC3D3E,KAAKE,UAAUsE,EAAUI,eAAiB5E,KAAKE,UAAUuE,EAAMG,cAC/DJ,EAAUK,QAAUJ,EAAMI,MA4EzBtH,GAAW2G,EAAI,cAGjB,EAAKZ,eAAiB,EAAKF,WAC3B,EAAKA,WAAamB,EAElB,EAAKrB,KAAK/F,QAAQ2H,KAAK9B,EAAyB,EAAF,GAAOuB,IACrDhH,GAAW2G,EAAI,WACjB,EAEMa,EAAe,SAAfA,EAAgBC,GACpB,OAAO,EAAK7B,SAASL,uBAAuB9L,MAAK,WAC/C,IAAMiO,EAAa,EAAK9B,SAASL,uBACjC,OAAImC,GAAcA,IAAeD,EACxBD,EAAaE,GAEf,EAAKC,cACd,GACF,GAEIpP,KAAKqN,SAASL,uBAAwB,CAAF,qBAClChN,KAAKqN,SAASJ,eA7GS,IA6GgC,iBAG5B,OAA7BxF,GAAW2G,EAAI,cAAc,kBACtBa,EAAajP,KAAKqN,SAASL,yBAAuB,QAEzDhN,KAAKqN,SAASL,uBAAuBvM,SAAS,QA0DO,OArDnD4O,EAAoB,IAAIC,EAAAA,SAAY,SAAC3O,EAAS4O,EAAGC,GACrDA,EAASC,cAAe,EACxBD,GAAS,WACP,EAAKnC,SAASL,uBAAyB,KACvC,EAAKK,SAASJ,cAAgB,EAAKI,SAASJ,cAAgB,EAC5DxF,GAAW2G,EAAI,WACjB,IAEA,IAAMsB,EAAiB,SAACjB,GAClBY,EAAkBM,WACpBhP,KAIF6N,EAAoBC,GACpB9N,IAGA,EAAK0M,SAAW,EAAH,GAAQN,GACvB,EAEA,EAAKK,KAAKwB,kBACP1N,MAAK,WACJ,GAAImO,EAAkBM,WACpBhP,QADF,CAKA,MAA+C,EAAKyM,KAAKQ,aAAagC,gBAA9Dd,EAAW,EAAXA,YAAaD,EAAO,EAAPA,QAASgB,EAAY,EAAZA,aACxBpB,EAAY,CAChBK,YAAAA,EACAD,QAAAA,EACAgB,aAAAA,EACAjB,mBAAoBE,IAAeD,KAIDV,EAChC,EAAKV,gBAAgBhK,KAAK0K,EAAoB,KAAM,EAAKf,KAAMqB,GAC/D/N,QAAQC,QAAQ8N,IAGjBvN,MAAK,SAAAuN,GAAS,OAAIiB,EAAejB,EAAU,IAC3C9H,OAAM,SAAAoI,GAAK,OAAIW,EAAe,CAC7BZ,YAAAA,EACAD,QAAAA,EACAgB,aAAAA,EACAjB,iBAAiB,EACjBG,MAAAA,GACA,GAvBJ,CAwBF,GACJ,IAEA/O,KAAKqN,SAASL,uBAAyBqC,EAAkB,kBAElDJ,EAAaI,IAAkB,iDACvC,oEAED,SAAUS,GACR9P,KAAKoN,KAAK/F,QAAQwG,GAAGX,EAAyB4C,EAChD,GAAC,yBAED,SAAYA,GACV9P,KAAKoN,KAAK/F,QAAQ0I,IAAI7C,EAAyB4C,EACjD,KAAC,EAxK0B,GAwK1B,4LCpMH,UAKA,SAAwC,klDAExC,IAAME,EAAa,YACbC,EAAe,cACfC,EAAkB,iBAClBC,EAA0B,uBAEnBC,EAAc,WAuBzB,WAAYvQ,GAA0E,WAArCuB,EAAiC,UAAH,6CAAG,CAAC,GAAC,sKAClFpB,KAAKH,IAAMA,EACXG,KAAKqQ,SAAWrQ,KAAKqQ,SAASvO,KAAK9B,MAGnC,MAA+CH,EAAI+N,aAAa0C,aAAxDC,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAAYC,EAAW,EAAXA,YAC/BrP,EAAQsP,oBAAsBtP,EAAQsP,qBAAuBtP,EAAQuP,qBACrE3Q,KAAKoB,QAAUhB,OAAOC,OAAO,CAAC,EAC5B+P,EAAeQ,eACf,CAAEL,UAAAA,EAAWC,WAAAA,EAAYC,YAAAA,GACzB,CACEC,oBAAqB,GAAF,OAAK7Q,EAAIuB,QAAQyP,SAAQ,aAC5CC,gBAAiB,GAAF,OAAKjR,EAAIuB,QAAQyP,SAAQ,WAE1C,EAAAzJ,EAAAA,YAAWhG,IAGbpB,KAAK+Q,SAAU,EACf/Q,KAAKgR,SAAW,IAAIC,IAEpBb,EAAec,cAAcpH,SAAQ,SAAAxF,GACnC,IAAM6M,EAAM,EAAKC,cAAc9M,GAC3B6M,GACF,EAAKH,SAASvH,IAAInF,EAAM6M,EAE5B,GACF,CAwCC,MARA,EATA,EARA,EAfA,EAiFA,OAjFA,uEAED,wFACMnR,KAAK+Q,QAAS,CAAF,+BAER/Q,KAAKqR,gBAAe,gDAE7B,mEAED,WAAW,MACT,OAAwC,QAAhC,EAAArR,KAAKsR,WAAWpB,UAAgB,aAAjC,EAA6DqB,UACtE,GAAC,8BAED,WACE,OAAO,aAAIvR,KAAKgR,SAASQ,UAAUC,MAAK,SAAAC,GAAG,OAAIA,EAAIC,YAAcD,EAAIE,oBAAoB,GAC3F,GAAC,oDAED,wFACM5R,KAAK+Q,QAAS,CAAF,gEAGV/Q,KAAKqR,gBAAe,OAC1BrR,KAAK+Q,SAAU,EAAK,gDACrB,gGAED,oGACQ/Q,KAAK6R,eAAc,OACzB7R,KAAK+Q,SAAU,EAAM,gDACtB,qEAED,SAAWzM,GACT,OAAOtE,KAAKgR,SAASpP,IAAI0C,EAC3B,GAAC,4DAED,sGAC4BtE,KAAKgR,SAASc,WAAS,yDAA5B,GAA4B,2BAArCxN,EAAI,KAAEoN,EAAG,MACf1R,KAAK+R,gBAAgBzN,EAAMoN,GAAM,CAAF,+BAC3BA,EAAIM,QAAO,sMAGtB,wGAED,kGACoBhS,KAAKgR,SAASQ,UAAQ,wDAA1B,OAAHE,EAAG,iBACNA,EAAIO,OAAM,qMAEnB,0EAGD,SAAwB3N,EAAcoN,GACpC,IAAIC,EAAWD,EAAIC,aAAeD,EAAIQ,YAOtC,OALI5N,IAAS4L,EACXyB,IAAAA,EAAa3R,KAAKmS,oBACTT,EAAIE,sBACbD,IAAAA,EAAa3R,KAAKuR,YAEbI,CACT,GAAC,2BAED,SAAsBrN,GACpB,IAEI8N,EAFExE,EAAe5N,KAAKH,IAAI+N,aAG9B,OAAQtJ,GACN,KAAK4L,EACHkC,EAAU,IAAIC,EAAAA,sBAAsB,EAAD,KAAKrS,KAAKoB,SAAO,IAAEiP,SAAUrQ,KAAKqQ,YACrE,MACF,KAAKL,EACHoC,EAAU,IAAIE,EAAAA,iBAAiB1E,EAAc,EAAF,GAAM5N,KAAKoB,UACtD,MACF,KAAK6O,EACHmC,EAAU,IAAIG,EAAAA,mBAAmB3E,EAAc,EAAF,GAAM5N,KAAKoB,UACxD,MACF,KAAK+O,EACHiC,EAAU,IAAII,EAAAA,4BAA4B5E,EAAc,EAAF,GAAM5N,KAAKoB,UACjE,MACF,QACE,MAAM,IAAIqR,MAAM,mBAAD,OAAoBnO,IAEvC,OAAO8N,CACT,KAAC,EAlIwB,GAkIxB,iCAlIUhC,EAAc,gBAaM,CAACJ,EAAYC,EAAcC,EAAiBC,KAAwB,aAbxFC,EAAc,iBAe8B,CACrDG,WAAW,EACXC,YAAY,EACZC,aAAa,EACbiC,sBAAsB,EACtBC,sBAAuB,0CC3C3B,4OCGO,SAMLC,EACA1L,EACA2L,GAGA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GACjCI,GAAY,EAAAC,EAAAA,YAAwBH,EAAaN,GAEvD,OADa,EAAAU,EAAAA,WAAuBF,EAEtC,EA/BA,cACA,SACA,UACA,SAOA,UACA,6CCfA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,iPCSO,SASN/Q,GAEC,OAAO,SAAP,0BAbuC,IA6CpC,EAJA,EANA,EATA,EAbH,GAbuC,EAavC,EAbuC,kbAkBrC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAO8D,OAN/E,+BAASA,KAAM,iHAGf,EAAK2S,iBAAmB,IAAIrG,EAAAA,kBAAgB,iBAG5C,EAAKsG,eAAiB,IAAIrD,EAAAA,gBAAc,gBAAgB,EAAKhP,QAAQ4P,UAAU,CACjF,CAsEC,OAtEA,oEAED,oGACQhR,KAAKyT,eAAezB,QAAO,OAEP,GAA1BhS,KAAK4N,aAAaoE,QACbhS,KAAK+N,MAAM2F,kBAAmB,CAAF,+BACzB1T,KAAKwT,iBAAiBvF,kBAAiB,gDAEhD,gGAED,oFAE2B,OAAzBjO,KAAK4N,aAAaqE,OAAO,SACnBjS,KAAKyT,eAAexB,OAAM,gDACjC,0GAED,WAAqB0B,GAAoB,uFACjC3T,KAAK4T,yBAAoB1T,EAAWyT,GAAY,gDACvD,gHAGD,WAA0BE,EAAiBF,GAAoB,iFAC/B,GAA1BhF,EAAQ3O,KAAKoB,QAAQuN,OAGrBkF,EAAQ,CAAF,eACR7T,KAAK4N,aAAakG,UAAUD,GAC5BF,EAAcA,GAAe3T,KAAK+T,eAAe/T,KAAKoB,QAAQuN,OAAO,2BAC5D3O,KAAK0T,kBAAmB,CAAF,2CAGD,EAAAM,EAAAA,2BAA0BhU,KAAM,CAAC,GAAE,QAEP,OAFlDiU,EAAgB,EAAH,KACnBtF,EAAQsF,EAActF,MACtBgF,EAAcA,GAAe3T,KAAK+T,eAAepF,GAAO,UAClD3O,KAAKkU,0BAAyB,2EAG9BlU,KAAKwT,iBAAiBvF,kBAAiB,sGAQ3CjO,KAAKwT,iBAAiBvF,kBAAiB,QAMnB,GAH1BjO,KAAKmU,kBAAkBxF,KAGfyF,EAAuBpU,KAAKoB,QAA5BgT,oBACgB,CAAF,iCACdA,EAAmBpU,KAAM2T,GAAY,gCAClCA,GACT7K,OAAOuL,SAASpK,QAAQ0J,GACzB,0DACF,oFAED,WAAoD,IAA5BxS,EAAM,UAAH,6CAAG2H,OAAOuL,SAAS1P,KACtC5E,GAAM,EAAAiU,EAAAA,2BAA0BhU,KAAM,CAAEsU,aAAc,QAASnT,IAAAA,IACrE,IAAIpB,EAAI4O,MAMN,MAAM,IAAI3N,EAAAA,aAAa,oCALvB,IAAMuT,EAAU,IAAIC,iBAAiB,kBAAD,OAAmBzU,EAAI4O,QAC3D4F,EAAQzI,YAAY/L,GACpBwU,EAAQE,OAKZ,KAAC,EAnFI,CAA2BnS,EAqFpC,2HA/GA,UAUA,UACA,UAEA,0FCGO,WAGL,OAAO,SAAP,0BAPsD,IAOtD,GAPsD,EAOtD,EAPsD,kbAcpD,WAAYlB,GAAc,MAG6B,OAH7B,qBACxB,cAAMA,IAAS,6GACf,EAAK4P,SAAW5P,EAAQ4P,SACxB,EAAK7C,mBAAqB/M,EAAQ+M,mBAAmB,CACvD,CAAC,uBAXI,EADyB,EAAAuG,EAAAA,iCAclC,iGApBA,wECTO,WACL,OAAO,EAAAC,EAAAA,4BACT,EALA,uGCAA,oLACA,oLACA,2SCgEO,SAA2BC,GAChC,OAAOC,WAAWC,KAAKC,EAAgBH,IAAO,SAACI,GAAS,OAAKA,EAAEC,WAAW,EAAE,GAC9E,sBArCO,SAA2BL,GAChC,IAAIM,EAAMC,EAAkBP,GAC5B,OAAQM,EAAI1R,OAAS,GACnB,KAAK,EACH,MACF,KAAK,EACH0R,GAAO,KACP,MACF,KAAK,EACHA,GAAO,IACP,MACF,QACE,MAAM,IAAIlU,EAAAA,aAAa,yBAE3B,IAAIoU,GAAO,EAAAC,EAAAA,MAAKH,GAChB,IACE,OAAOI,mBAAmBC,OAAOH,GACnC,CAAE,MAAOnQ,GACP,OAAOmQ,CACT,CACF,sBAoBO,SAA2BI,GAChC,OAAO,EAAAC,EAAAA,MAAK,IAAIZ,WAAWW,GAAKE,QAAO,SAACC,EAAGC,GAAI,OAAKD,EAAIE,OAAOC,aAAaF,EAAK,GAAE,IACrF,sBAzDO,SAA2BG,GAEhC,OAAOC,GADG,EAAAP,EAAAA,MAAKM,GAEjB,mBAkCO,SAAwBA,GAE7B,IADA,IAAIE,EAAS,IAAIpB,WAAWkB,EAAIvS,QACvB0S,EAAI,EAAGA,EAAIH,EAAIvS,OAAQ0S,IAC9BD,EAAOC,GAAKH,EAAId,WAAWiB,GAE7B,OAAOD,CACT,EA/CA,cACA,OASO,SAASD,EAAkBd,GAChC,OAAOA,EAAIjL,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,GACpE,CAGO,SAASkL,EAAkBP,GAChC,OAAOA,EAAK3K,QAAQ,KAAM,KAAKA,QAAQ,KAAM,IAC/C,CAgCO,SAAS8K,EAAgBgB,GAC9B,OAAO,EAAAV,EAAAA,MAAKF,EAAkBY,GAChC,oECjD8C,OAApC,SAASA,GAAO,OAAOV,KAAKU,EAAM,EACG,OAArC,SAAUA,GAAO,OAAON,KAAKM,EAAM,EAC7C,IAAMf,EAAsB,oBAAXmB,OAAyB,KAAOA,OAAO,iDCHxD,oLACA,oLACA,oLACA,oLACA,kOCDO,SAAqBJ,GAC1B,IAAIE,GAAS,IAAIG,aAAcC,OAAON,GACtC,OAAOO,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAQ/U,MAAK,SAASuV,GAC9D,IACIC,EADY,IAAI7B,WAAW4B,GACL/N,MAAM,EAAG,IAC/BiO,EAAOd,OAAOC,aAAac,MAAM,KAAMF,GAE3C,OADW,EAAAG,EAAAA,mBAAkBF,EAE/B,GACF,EAZA,cACA,0ECEO,SAAqB9H,EAASjL,GACnCA,GAAM,EAAAjB,EAAAA,OAAMiB,GAEZ,IACIkT,EAAO,CACTxS,KAAM,oBACNqS,KAAM,CAAErS,KAAM,YAYhB,cAJOV,EAAImT,IAIJT,EAAAA,UAAUC,OAAOS,UAfX,MAiBXpT,EACAkT,GAbgB,EACL,CAAC,WAgBb5V,MAAK,SAAS+V,GACb,IAAIC,EAAMrI,EAAQsI,MAAM,KACpBC,GAAU,EAAAC,EAAAA,gBAAeH,EAAI,GAAK,IAAMA,EAAI,IAC5CI,GAAe,EAAAvC,EAAAA,iBAAgBmC,EAAI,IACnCK,GAAY,EAAAF,EAAAA,gBAAeC,GAE/B,OAAOhB,EAAAA,UAAUC,OAAOiB,OACtBV,EACAG,EACAM,EACAH,EAEJ,GACF,EA1CA,aACA,UACA,uCCAA,qVCFwC,IAInBK,EAAY,mCAJO,IAIP,GAJO,EAIP,EAJO,kbAatC,WAAY7Q,EAAeC,EAAoB6Q,GAAwC,4BACrF,IAAMC,EAAU/Q,EAAIgR,aAgBnB,OAfD,cAAMD,IAAS,4VAEf,EAAKrT,KAAO,eACZ,EAAKsT,aAAehR,EAAIgR,aACxB,EAAKC,UAAYjR,EAAIiR,UACrB,EAAKC,UAAYlR,EAAIkR,UACrB,EAAKC,QAAUnR,EAAImR,QACnB,EAAKC,YAAcpR,EAAIoR,YAEnBnR,IACF,EAAKA,IAAMA,GAGT6Q,IACF,EAAKA,KAAOA,GACb,CACH,CAAC,uBA3B8B,CAJjC,UAI0CO,SAAW,uKCJb,IAEnBxR,EAAiB,mCAFE,IAEF,GAFE,EAEF,EAFE,kbAGtC,aACoD,OADtC,qBACsC,YAAlC,kCAElB,CAAC,uBAJmC,CAFtC,UAE+CwR,SAAW,iMCFlB,IAGnBjX,EAAY,mCAHO,IAGP,GAHO,EAGP,EAHO,kbAWtC,WAAY4K,EAAa/E,GAAsB,MAU5C,OAV4C,qBAC7C,cAAM+E,IAAK,8SACX,EAAKtH,KAAO,eACZ,EAAKuT,UAAY,WACjB,EAAKD,aAAehM,EACpB,EAAKkM,UAAY,WACjB,EAAKC,QAAU,WACf,EAAKC,YAAc,GACfnR,IACF,EAAKA,IAAMA,GACZ,CACH,CAAC,uBAnB8B,CAHjC,UAG0CoR,SAAW,uLCHhCA,EAAW,geAC9B,WAAYN,GAAiB,MAGuB,OAHvB,qBAE3B,cAAMA,GACNvX,OAAO8X,gBAAe,EAAD,eAAO,2CAAWrU,WAAW,CACpD,CAAC,uBAL6B,EAK7B,sBALsC4O,QAAK,iMCCN,IAGnB0F,EAAU,mCAHS,IAGT,GAHS,EAGT,EAHS,kbAatC,WAAYN,EAAmBO,EAAiBC,GAAqB,MAelE,OAfkE,qBACnE,cAAMD,IAAS,wPAHW,MAK1B,EAAK9T,KAAO,aACZ,EAAKuT,UAAYA,EACjB,EAAKD,aAAeQ,EAGpB,EAAKrJ,MAAQ8I,EACb,EAAKS,kBAAoBF,EAIrBC,IACF,EAAKA,KAAOA,GACb,CACH,CAAC,uBA1B4B,CAH/B,UAGwCJ,SAAW,iMCFnD,YACA,SAAqC,IAKhBM,EAAY,mCALI,IAKJ,GALI,EAKJ,EALI,kbAcnC,WAAYC,EAAgBC,EAAoCJ,GAAqB,QASlF,OATkF,qBAGnF,cAAsB,QAAtB,EAAMI,EAAW1J,aAAK,QAAIwJ,EAAaG,gBAAe,yIAPjD,iBAAc,qCAEO,MAM1B,EAAKF,OAASA,EACd,EAAKC,WAAaA,EAEdJ,IACF,EAAKA,KAAOA,GACb,CACH,CA+CC,OA/CA,iCAGD,WAAuB,OAAOrY,KAAKyY,WAAW1J,KAAO,GAAC,qBACtD,WAA2B,OAAO/O,KAAK+O,KAAO,GAAC,6BAE/C,WAAmC,OAAO/O,KAAKyY,WAAWH,iBAAmB,GAAC,4BAE9E,WAAkC,OAAOtY,KAAKsY,iBAAmB,GAAC,wBAClE,WAA8B,OAAOtY,KAAK2Y,gBAAkB,GAAC,iBAC7D,WAAuB,OAAO3Y,KAAKyY,WAAWG,KAAO,IAAC,0BAGtD,SAAoBC,GAElB,IAAKA,EACH,OAAO,KAiBT,IAVA,IASIC,EATEC,EAAQ,qHACRC,EAAaH,EAAO7O,QAAQ,KAC5BwO,EAASK,EAAOnQ,MAAM,EAAGsQ,GACzBC,EAAYJ,EAAOnQ,MAAMsQ,EAAa,GACtCjU,EAAS,CAAC,EAM2B,QAAnC+T,EAAQC,EAAMG,KAAKD,KAAsB,OAC/ClU,EAAO+T,EAAM,IAAe,QAAR,EAAAA,EAAM,UAAE,QAAIA,EAAM,EACxC,CAEA,OAAO,IAAIP,EAAaC,EAAQzT,EAClC,GAAC,sCAID,WAA2E,MAA1CjC,EAAuB,UAAH,6CAAG,CAAC,EACvD,OAAI,EAAAqW,EAAAA,YAAYrW,aAAO,EAAPA,EAAqBlB,KAC3BkB,EAAoBlB,IAAI,oBAEA,QAAlC,EAAOkB,EAAQ,2BAAmB,QAAIA,EAAQ,mBAChD,KAAC,EAlE8B,CAASmV,EAAAA,SAAW,0BAAhCM,EAAY,gBACR,0BAAwB,iqBCFjD,SAAwBtV,GACtB,OAAQA,aAAewU,EAAAA,OACzB,iBAEA,SAAsBxU,GACpB,OAAQA,aAAekV,EAAAA,OACzB,mBAEA,SAAwBlV,GACtB,OAAQA,aAAesV,EAAAA,OACzB,EAhBA,iBACA,aACA,aACA,aACA,aAyBA,iSC1CA,IAAsC,EAAtC,QAGea,SAAQ,+GCHvB,MAWwB,qbAXxB,UAAoC,WAGpC,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,aAAwB,+HAAxB,mXCPA,UAmCA,iNAzBA,aA0BA,iNAzBA,cA0BA,iNAHA,+NAjBA,IAAMlS,GAAkE,EAAAmS,EAAAA,+BAClEC,GAA+C,EAAAC,EAAAA,2BAC/CC,GAAuD,EAAAC,EAAAA,+BAGvDC,GAAU,EAAAC,EAAAA,mBAAkBL,EAAgBpS,EAAoBsS,GAChEI,GAAgB,EAAAC,EAAAA,gBAAeH,GAG/BN,EAAQ,mCAQW,IARX,GAQW,EARX,EAQW,kbAPvB,WAAYhY,GAA0B,wCAC9BA,EACR,CAAC,uBAHW,EAFI,EAAA0Y,EAAAA,YAAWF,IAEG,mBAMjBR,EAAQ,kHCgDhB,WACL,OAAQvQ,UACsB,IAArBC,OAAOiR,WACdC,KACAC,GACJ,2BAtDO,WACL,IAAMC,EAAQC,IACd,OAAOD,IAAUE,EAAeC,KAAKH,EACvC,YAiCO,WACL,QAAKI,KAG+B,WAA7BxR,OAAOuL,SAASkG,QACzB,2BAeO,WAEL,OAAOD,KAAoC,oBAAdE,gBAA4D,IAAxBA,UAAUC,WAExE,mBAAmBJ,KAAKG,UAAUC,aAAe3R,OAAO4R,QAC7D,gBAlBO,WAEL,OAAOJ,KAA4C,cAA7BxR,OAAOuL,SAASsG,QACxC,oBAdO,WACL,OAAOC,KAA4BZ,GACrC,gCA7BO,WACL,IAAKM,IACH,OAAO,EAET,IAAMO,EAAgBxP,SAAiBwP,aACnCC,EAAWD,GAAgBA,EAAe,GAC9C,YAAkC,IAAvB/R,OAAOgD,cAAgCgP,CAIpD,6BAnCA,cAEMV,EAAiB,oCAEhB,SAASE,IACd,MAA2B,oBAAbjP,UAA8C,oBAAXvC,MACnD,CAEO,SAASD,IACd,IAAKyR,IACH,OAAO,EAET,IAAMO,EAAgBxP,SAAiBwP,aACvC,QAASA,GAAgBA,GAAgB,EAC3C,CAEO,SAASV,IACd,OAAOK,UAAUC,SACnB,CAmBA,SAASR,IACP,YAA4B,IAAd3D,EAAAA,WACK,OAAdA,EAAAA,gBAC4B,IAArBA,EAAAA,UAAUC,QACK,oBAAf1B,UACd,CAEO,SAAS+F,IACd,OAAOX,GACT,CAEO,SAASD,IACd,MAA8B,oBAAhB5D,WAChB,kGCrDA,aAAqC,0GAIrC,IAAM2E,EAA0B,0BAoFL,UA9C3B,SAAsBC,EAAgB7Z,EAAaN,GACjD,IAAIyK,EAAOzK,EAAKZ,KACZ6C,EAAUjC,EAAKiC,SAAW,CAAC,EAC3BmY,EAAenY,EAAQ,iBAAmBA,EAAQ,iBAAmB,GAErEwI,GAAwB,iBAATA,IAEbyP,EAAwBV,KAAKY,GAC/B3P,EAAOpB,KAAKE,UAAUkB,GAEC,sCAAhB2P,IACP3P,EAAOlL,OAAO0R,QAAQxG,GACrB4P,KAAK,qCAAEC,EAAK,KAAE5R,EAAK,qBAAS4R,EAAK,YAAIC,mBAAmB7R,GAAM,IAC9D8R,KAAK,OAIV,IACIC,GADQC,EAAAA,EAAOC,OAASC,EAAAA,SACHta,EAAK,CAC5B6Z,OAAQA,EACRlY,QAASjC,EAAKiC,QACdwI,KAAMA,EACNoQ,YAAa7a,EAAKQ,gBAAkB,UAAY,SAOlD,OAJKia,EAAanP,UAChBmP,EAAe5a,QAAQC,QAAQ2a,IAG1BA,EAAapa,MAAK,SAASya,GAChC,IAAI5M,GAAS4M,EAASC,GAClBzb,EAASwb,EAASxb,OACtB,OApEJ,SAAkBwb,GAChB,OAAIA,EAAS7Y,QAAQlB,IAAI,iBAEvB+Z,EAAS7Y,QAAQlB,IAAI,gBAAiBia,cAAc7R,QAAQ,qBAAuB,EAC9E2R,EAASG,OAEbnV,OAAM,SAAA1B,GACL,MAAO,CACL8J,MAAO9J,EACP2S,aAAc,kCAElB,IAEO+D,EAASI,MAEpB,CAqDWC,CAASL,GACbza,MAAK,SAAAjB,GACJ,OArDR,SAAsBE,EAAgBF,EAAuB0b,GAC3D,IAEsD,EAFhD3X,EAA2B,YAAhB,aAAO/D,GAClB6C,EAAU,CAAC,EAAE,EAzBgB,25BAyBhB,CACC6Y,EAAS7Y,QAAgBgP,WAAS,IAAtD,IAAK,EAAL,qBAAwD,KAA7CmK,EAAI,QACbnZ,EAAQmZ,EAAK,IAAMA,EAAK,EAC1B,CAAC,+BACD,IAAMC,EAAuB,CAC3BC,aAAcnY,EAAWkG,KAAKE,UAAUnK,GAAQA,EAChDE,OAAQA,EACR2C,QAAAA,GAMF,OAJIkB,IACFkY,EAAOE,aAAe,OACtBF,EAAOG,aAAepc,GAEjBic,CACT,CAqCeI,CAAanc,EAAQF,EAAM0b,EACpC,IACCza,MAAK,SAAAgb,GAAU,MACd,GAAInN,GAA4B,QAAvB,EAAImN,EAAOG,oBAAY,OAAnB,EAAqBtN,MAEhC,MAAMmN,EAER,OAAOA,CACT,GACJ,GACF,EAE2B,sICrF3B,SACaK,EAAa,WAGxB,cAAc,+DAEZvc,KAAKwc,aAAe,CAAC,gBAAD,OAAiBC,WACrCzc,KAAK0c,yBACP,CAoBC,OApBA,4CAED,SAAeC,GACb3c,KAAKwc,aAAa/Y,KAAKkZ,EACzB,GAAC,2BAED,WACE,MAAO,CAAE,6BAA8B3c,KAAKwc,aAAanB,KAAK,KAChE,GAAC,wBAED,WACE,MAAOoB,QACT,GAAC,qCAED,WACE,KAAI,EAAAnC,EAAAA,cAAgBsC,SAAYA,QAAQC,SAAxC,CAGA,IAAcC,EAAYF,QAAQC,SAA1BE,KACR/c,KAAKwc,aAAa/Y,KAAK,UAAD,OAAWqZ,GAFjC,CAGF,KAAC,EA3BuB,GA2BvB,sEC7BI,SAA0BE,EAAmCC,EAAYC,GAC9EF,EAAW5b,QAAQ0B,QAAUka,EAAW5b,QAAQ0B,SAAW,CAAC,EAC5Dka,EAAW5b,QAAQ0B,QAAQma,GAAcC,CAC3C,qCCjBA,oLACA,mLACA,oLACA,oLACA,oLACA,iPCOO,SAON5a,GAEC,OAAO,SAAP,0BAX8B,IAW9B,GAX8B,EAW9B,EAX8B,kbAgB5B,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAQf,OAPF,+BAASA,KAAM,qGAEf,EAAKsc,eAAiB,IAAIZ,EAAAA,cAG1B,EAAKa,KAAO,CACVC,iBAAkBA,EAAAA,iBAAiBvb,KAAK,MAAM,EAAF,gBAC5C,CACJ,CAoBC,OApBA,wCAED,SAAWgB,GACT9C,KAAKoB,QAAQ0B,QAAU1C,OAAOC,OAAO,CAAC,EAAGL,KAAKoB,QAAQ0B,QAASA,EACjE,GAAC,6BAED,WAGE,OAAO9C,KAAKoB,QAAQkc,OAAQnG,MAAM,YAAY,EAChD,GAAC,uBAED,SAAUzU,GACR,IAAIvB,EAAM,0BAA2B,EAAAkE,EAAAA,eAAc3C,GAMnD,OAAO,EAAAd,EAAAA,KAAI5B,KAAMmB,EALH,CACZ2B,QAAS,CACP,OAAU,yBAIhB,KAAC,EAlCI,CAA2BR,EAoCpC,iGAlDA,SACA,UACA,SACA,0FCMO,WAEL,OAAO,SAAP,0BAJ+C,IAI/C,GAJ+C,EAI/C,EAJ+C,kbAY7C,WAAYzB,GAAW,MAOW,OAPX,qBACrB,cAAMA,IAAM,0UACZ,EAAKyc,OAASzc,EAAKyc,OACnB,EAAKC,kBAAoB1c,EAAK0c,kBAC9B,EAAKza,QAAUjC,EAAKiC,QACpB,EAAK0a,kBAAoB3c,EAAK2c,mBAAqBC,EAAAA,QACnD,EAAKC,wBAA0B7c,EAAK6c,wBACpC,EAAKC,UAAY9c,EAAK8c,UAAU,CAClC,CAAC,uBAhBI,EAD2B,EAAAC,EAAAA,mCAmBpC,iGAxBA,UAEA,oEC0QO,SAAa/d,EAA4BsB,EAAaC,GAE3D,IAAIkP,EAAa,CACfnP,IAFFA,GAAM,EAAA0c,EAAAA,eAAc1c,GAAOA,EAAMtB,EAAI4B,kBAAoBN,EAGvD6Z,OAAQ,OAGV,OADA5a,OAAOC,OAAOiQ,EAAYlP,GACnB0c,EAAYje,EAAKyQ,EAC1B,yBAEO,SAAczQ,EAA4BsB,EAAaN,EAAoBO,GAEhF,IAAI2c,EAAc,CAChB5c,IAFFA,GAAM,EAAA0c,EAAAA,eAAc1c,GAAOA,EAAMtB,EAAI4B,kBAAoBN,EAGvD6Z,OAAQ,OACRna,KAAMA,EACNuF,gBAAgB,GAGlB,OADAhG,OAAOC,OAAO0d,EAAa3c,GACpB0c,EAAYje,EAAKke,EAC1B,gCA7RA,SACA,UAYA,UACA,SAAwC,qrBAIxC,IACIC,EADAC,EAA4B,GAE5B,EAAA3D,EAAAA,eACF2D,EAA4BtT,KAAKmC,MACjCkR,EAAiC,WAC1B3S,SAAS6S,SACZD,EAA4BtT,KAAKmC,MAErC,EACAzB,SAAS8S,iBAAiB,mBAAoBH,IAGhD,IAAMI,EAAc,SAACve,EAA4BkP,GAA2D,YAC1G,GAAIA,aAAiB0D,MAGnB,OAAO,IAAIgF,EAAAA,aAAa,CACtBG,aAAc7I,EAAM4I,UAIxB,IACI/Q,EADAyR,EAAqBtJ,EAErBsP,EAAiC,CAAC,EACtC,GAAIhG,EAAK8D,eAAgB,EAAAmC,EAAAA,UAASjG,EAAK8D,cACrC,IACEkC,EAAYnU,KAAKC,MAAMkO,EAAK8D,aAC9B,CAAE,MAAOlX,GACPoZ,EAAY,CACVzG,aAAc,gBAElB,CAGES,EAAKlY,QAAU,MACjBke,EAAUzG,aAAe,iBAGvB/X,EAAIuB,QAAQmc,oBACdlF,EAAOxY,EAAIuB,QAAQmc,mBAAkB,EAAA5a,EAAAA,OAAM0V,KAI7C,IAAMkG,EAAoE,QAAvD,EAAGhG,EAAAA,aAAaiG,yBAA6B,QAAL,EAACnG,SAAI,aAAJ,EAAMvV,gBAAQ,QAAI,GAQ9E,GALE8D,EADEyX,EAAUtP,OAASsP,EAAU/F,kBACzB,IAAIH,EAAAA,WAAWkG,EAAUtP,MAAOsP,EAAU/F,kBAAmBD,GAE7D,IAAIZ,EAAAA,aAAa4G,EAAuBhG,EAAM,CAAEkG,cAAAA,IAGpDA,IAAqB,QAAJ,EAAAlG,SAAI,aAAJ,EAAMlY,SAAU,MAAW,QAAJ,EAAAkY,SAAI,aAAJ,EAAMlY,QAAS,IAAK,CAC9D,IAAMse,EAAalG,EAAAA,aAAamG,YAAYH,GAE5C,GAAoB,MAAhBlG,EAAKlY,QAAwC,yCAAtBse,aAAU,EAAVA,EAAY1P,OAAiD,CAEtF,MAAgC0P,EAAWhG,WAAnCkG,EAAO,EAAPA,QAASC,EAAU,EAAVA,WACjBhY,EAAM,IAAI6Q,EAAAA,aACR,CACEG,aAAc6G,EAAW1P,MACzBiJ,YAAa,CAAC,CAAEJ,aAAc6G,EAAW9F,oBAE3CN,EAAI,GAGFsG,SAAUA,GAENC,GAAc,CAAEA,WAAAA,IAG1B,KACgC,UAAvBH,aAAU,EAAVA,EAAYjG,UACnB5R,EAAM6X,EAMV,CAEA,OAAO7X,CACT,EAGO,SAASkX,EAAYje,EAA4BuB,GAAuC,MAG7F,GAFAA,EAAUA,GAAW,CAAC,EAElBvB,EAAIuB,QAAQsc,wBAAyB,KACsB,EADtB,EA3FH,25BA2FG,CACb7d,EAAIuB,QAAQsc,yBAAuB,IAA7D,IAAK,EAAL,sBACEmB,EADoB,SACRzd,EACb,+BACH,CAEA,IAAID,EAAMC,EAAQD,IACd6Z,EAAS5Z,EAAQ4Z,OACjBna,EAAOO,EAAQP,KACfuF,EAAiBhF,EAAQgF,eACzB0I,EAAc1N,EAAQ0N,YACtBzN,GAA8C,IAA5BD,EAAQC,gBAE1BM,EADc9B,EAAIuB,QAAQM,YACHC,QACvBmd,EAAYjf,EAAIkf,eAAeC,aAAanf,EAAIuB,QAAQ6d,SACxD5Y,EAAgBjF,EAAQiF,cACxBsX,EAAiC,QAAxB,EAAG9d,EAAIuB,QAAQuc,iBAAS,QAAI,EAEzC,GAAIvc,EAAQ8d,cAAe,CACzB,IACIC,EADgBL,EAAUM,aACKje,GACnC,GAAIge,GAAkBxU,KAAKmC,MAAM,IAAOqS,EAAe3V,UACrD,OAAO9I,QAAQC,QAAQwe,EAAexD,SAE1C,CAEA,IACI7Y,EAAuB,EAAH,CACtB,OAAU,mBACV,eAAgB,oBAHQjD,EAAIsd,eAAekC,iBAM7Cjf,OAAOC,OAAOyC,EAASjD,EAAIuB,QAAQ0B,QAAS1B,EAAQ0B,SACpDA,GAAU,EAAAsE,EAAAA,YAAWtE,GAEjBgM,IAAe,EAAAwP,EAAAA,UAASxP,KAC1BhM,EAAuB,cAAI,UAAYgM,GAGzC,IAMIlI,EAAK7G,EAAKuf,EANVC,EAA4B,CAC9Bzc,QAAAA,EACA7C,KAAMY,QAAQX,EACdmB,gBAAAA,GAKF,GAAIgF,IAAiB,EAAAiU,EAAAA,cAAeqD,EAAY,EAAG,CACjD,IAAI6B,EACAC,EACAC,EACAzZ,EAAa,EAKjBwZ,EAAwB,WACtB,IAAME,EAA6BhV,KAAKmC,MAAQmR,EAChD,OAAI0B,EAA6BhC,EACxB,IAAIjd,SAAc,SAACC,GAAO,OAAKuL,YAAW,WAC1Cb,SAAS6S,OAGZvd,EAAQ6e,KAFR7e,GAIJ,GAAGgd,EAAYgC,EAA2B,IAEnCjf,QAAQC,SAEnB,EAGA6e,EAAkC,WAE9B,IAAII,EADN,OAAIvU,SAAS6S,OAEJ,IAAIxd,SAAc,SAACC,GACxBif,EAAwB,WACjBvU,SAAS6S,SACZ7S,SAASwU,oBAAoB,mBAAoBD,GACjDjf,EAAQ8e,KAEZ,EACApU,SAAS8S,iBAAiB,mBAAoByB,EAChD,IAEOH,GAEX,EAKA,IAAMK,EAAiB,WACrB,OAAOjgB,EAAIuB,QAAQoc,kBAAmBxC,EAAS7Z,EAAMoe,GAAa5Y,OAAM,SAACC,GAEvE,GADwC,iBAAjBA,aAAG,EAAHA,EAAK+Q,UACN1R,EAAa8Z,EAAAA,oBAEjC,OADA9Z,IACOyZ,IAET,MAAM9Y,CACR,GACF,EAQA0Y,GAJAI,EAAiB,WACf,OAAOF,IAAkCte,KAAK4e,EAChD,IAGF,MACER,EAAUzf,EAAIuB,QAAQoc,kBAAmBxC,EAAS7Z,EAAMoe,GAG1D,OAAOD,EACJpe,MAAK,SAASmX,GAgCb,OA/BAtY,EAAMsY,EAAK8D,gBACA,EAAAmC,EAAAA,UAASve,KAClBA,EAAMmK,KAAKC,MAAMpK,KACS,YAAf,aAAOA,KAAqBA,EAAI+C,UACrCK,MAAMC,QAAQrD,GAChBA,EAAI+J,SAAQ,SAAAkW,GACVA,EAAKld,QAAUuV,EAAKvV,OACtB,IAEA/C,EAAI+C,QAAUuV,EAAKvV,SAKrBsD,IACGrG,EAAIQ,YACPoB,EAAQgI,OAAO9H,EAAAA,uBAIf9B,GAAOA,EAAIQ,YAAcR,EAAIyJ,WAC/B7H,EAAQ8H,IAAI5H,EAAAA,qBAAsB9B,EAAIQ,WAAYR,EAAIyJ,UAAW3J,EAAIuB,QAAQ6d,SAG3Elf,GAAOqB,EAAQ8d,eACjBJ,EAAUmB,cAAc9e,EAAM,CAC5BqI,UAAWzC,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAAQqT,EAAAA,uBACzCxE,SAAU5b,IAIPA,CACT,IACC4G,OAAM,SAAS0R,GAOd,KAJsB,cAFtBzR,EAAMwX,EAAYve,EAAKwY,IAEfR,WACNlW,EAAQgI,OAAO9H,EAAAA,sBAGX+E,CACR,GACJ,mGChRO,WAQL,OAAO,SAAP,0BAXgD,IAWhD,GAXgD,EAWhD,EAXgD,kbAa9C,WAAYxF,GAAoC,wCACxCA,EACR,CAuDC,OAvDA,mCAED,WAAiD,IAA3CA,EAAuC,UAAH,6CAAG,CAAC,GAC5C,gEAAYA,IAEqB,IAA7BA,EAAQgf,kBACVpgB,KAAKogB,kBAET,GAAC,6BAED,SAAgBngB,GACd,GAAKD,KAAKqgB,iBAAV,CAGA,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBAC/B3e,GAGLA,EAAQ4e,WAAWtgB,EALnB,CAMF,GAAC,6BAGD,SAAgBmB,GACd,IAAKpB,KAAKqgB,iBACR,OAAO,KAET,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBACpC,IAAK3e,EACH,OAAO,KAET,IAAM6e,EAAc7e,EAAQyd,aAC5B,IAAKoB,KAAgB,EAAAC,EAAAA,kBAAiBD,EAAYE,gBAChD,OAAO,KAGT,GAAItf,EAAS,CACX,IAAQuf,EAAmCvf,EAAnCuf,YAAaC,EAAsBxf,EAAtBwf,kBAErB,IAAKxf,EAAQyf,sBAAwBF,GAAeH,EAAYG,cAAgBA,EAC9E,OAAO,KAET,GAAIC,GAAqBJ,EAAYI,oBAAsBA,EACzD,OAAO,IAEX,CAEA,OAAOJ,CACT,GAAC,8BAED,WACE,GAAKxgB,KAAKqgB,iBAAV,CAGA,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBACpC3e,SAAAA,EAASmf,cAFT,CAGF,KAAC,EA3DI,EADoB,EAAAC,EAAAA,4BA8D7B,oFA1EA,SAEA,yECgB4B,SAEO,GAAD,2EARlC,UAMA,UAA4B,2kBAEM,aAUjC,OAViC,gCAA3B,WACL/D,GAAgC,yFAI/B,OAJiC5b,EAAiC,EAAH,6BAAG,CAAC,GAExD4f,WAAa5f,EAAQ6f,gBAC/B7f,EAAQ6f,cAAgBC,EAAAA,iBAAiBC,eAC1C,mBACM,EAAAC,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAM,mBACN,2CACH,4ICxBqBC,GAAa,cAGjC,WAAYL,IAAiC,uDAC3CjhB,KAAK0X,KAAOuJ,CACd,IAAC,2KCZ0D,+kBAUhDM,EAAY,mCAVoC,IAUpC,GAVoC,EAUpC,EAVoC,kbAUpC,iEAmCtB,OAnCsB,uCACvB,SAAU/P,GACR,SAAUA,EAAOkK,aAAelK,EAAOwP,UAAYxP,EAAOgQ,SAC5D,GAAC,4BAED,SAAehQ,GACb,IAAQkK,EAAoDlK,EAApDkK,YAAasF,EAAuCxP,EAAvCwP,SAAUQ,EAA6BhQ,EAA7BgQ,SAAUC,EAAmBjQ,EAAnBiQ,eACzC,GAAK/F,GAAgBsF,GAAaQ,EAGlC,OAAO9F,GAAe,CACpB8F,SAAUA,GAAYR,EACtBS,eAAAA,EAEJ,GAAC,uBAED,SAAUC,GAAqB,QACvBC,EAAS,CAAC,EAAD,KACc,QADd,EACVD,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM,IAAE,IACrCjF,KAAM,WACNiB,KAAM,SACNsc,SAAUH,EAAoBG,YAahC,OAX+C,QAA3B,EAAGH,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM/E,MACrD,SAAAsd,GAAK,MAAmB,mBAAfA,EAAMxd,IAAyB,MAGxCqd,EAAOle,KAAK,CACVa,KAAM,iBACNiB,KAAM,UACNwc,MAAO,mCACPF,UAAU,IAGPF,CACT,KAAC,EAnCsB,CAVzB,QAUkCL,eAAa,+JCTiC,IAMnEU,EAAc,mCANqD,IAMrD,GANqD,EAMrD,EANqD,kbAMrD,iEAOxB,OAPwB,4CACzB,SAAexQ,GACb,IAAQyQ,EAAqBzQ,EAArByQ,iBACR,GAAKA,EAGL,MAAO,CAAEC,KAAMD,EACjB,KAAC,EAPwB,CAN3B,QAMoCE,+BAA6B,6KCPJ,IAShDC,EAA0B,mCATsB,IAStB,GATsB,EAStB,EATsB,kbAStB,iEA4BpC,OA5BoC,uCACrC,SAAU5Q,GACR,IAAQkK,EAAgBlK,EAAhBkK,YACR,GAAIA,GAAeA,EAAY2G,aAAe3G,EAAY4G,OACxD,OAAO,EAET,IAAQD,EAAkC7Q,EAAlC6Q,YAAaE,EAAqB/Q,EAArB+Q,SAAUD,EAAW9Q,EAAX8Q,OAC/B,SAAUD,IAAeC,OAAcC,IAAYD,EACrD,GAAC,4BAED,SAAe9Q,GACb,IAAQ6Q,EAAkC7Q,EAAlC6Q,YAAaE,EAAqB/Q,EAArB+Q,SAAUD,EAAW9Q,EAAX8Q,OAC/B,GAAKA,IAAYD,GAAgBE,GAGjC,MAAO,CACLF,YAAaE,EAAW,SAAWF,EACnCE,SAAAA,EACAD,OAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAEhe,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,GACjD,CAAEvd,KAAM,WAAYiB,KAAM,SAAUwc,MAAO,8BAC3C,CAAEzd,KAAM,SAAUiB,KAAM,SAAUwc,MAAO,SAAUF,UAAU,GAEjE,KAAC,EA5BoC,CATvC,QASgDP,eAAa,2LCRA,IAOhDkB,EAA4B,mCAPoB,IAOpB,GAPoB,EAOpB,EAPoB,kbAOpB,iEAyBtC,OAzBsC,uCACvC,SAAUhR,GACR,IAAQkK,EAAgBlK,EAAhBkK,YACR,SAAIA,IAAeA,EAAY4G,WAGZ9Q,EAAX8Q,MAEV,GAAC,4BAED,SAAe9Q,GACb,IAAQ8Q,EAAW9Q,EAAX8Q,OACR,GAAKA,EAGL,MAAO,CACLD,YAAariB,KAAK0X,KAAK+K,eAAgBC,iBAAkBL,YACzDC,OAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAEhe,KAAM,SAAUiB,KAAM,SAAUwc,MAAO,SAAUF,UAAU,GAEjE,KAAC,EAzBsC,CAPzC,QAOkDP,eAAa,2MCRF,+kBAehDa,EAA6B,mCAfmB,IAenB,GAfmB,EAenB,EAfmB,kbAenB,iEAoBvC,OApBuC,uCACxC,SAAU3Q,GACR,SAAUA,EAAOkK,aAAclK,EAAOyQ,kBAAoBzQ,EAAOmR,IACnE,GAAC,4BAED,SAAenR,GACb,IAAQkK,EAAuClK,EAAvCkK,YAAauG,EAA0BzQ,EAA1ByQ,iBAAkBU,EAAQnR,EAARmR,IACvC,GAAKjH,GAAgBuG,GAAqBU,EAG1C,OAAOjH,GAAe,CAAE8F,SAAUS,GAAoBU,EACxD,GAAC,uBAED,SAAUjB,GAAqB,MAC7B,OAAO,EAAP,KAC6B,QAD7B,EACKA,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM,IAAE,IACrCjF,KAAM,mBACNiB,KAAM,SACNsc,SAAUH,EAAoBG,UAElC,KAAC,EApBuC,CAf1C,QAemDP,eAAa,oLCfH,IAQhDsB,EAAkB,mCAR8B,IAQ9B,GAR8B,EAQ9B,EAR8B,kbAQ9B,iEAwB5B,OAxB4B,uCAC7B,SAAUpR,GACR,IACMvO,EADkBuO,EAAhBkK,aACmBlK,EACnBqR,EAA4B5f,EAA5B4f,WAAYC,EAAgB7f,EAAhB6f,YACpB,SAAUD,IAAcC,EAC1B,GAAC,4BAED,SAAetR,GACb,IAAQkK,EAAyClK,EAAzCkK,YAAamH,EAA4BrR,EAA5BqR,WAAYC,EAAgBtR,EAAhBsR,YACjC,GAAKpH,GAAgBmH,GAAeC,EAGpC,OAAOpH,GAAgB,CACrBmH,WAAAA,EACAC,YAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAExe,KAAM,aAAciB,KAAM,SAAUsc,UAAU,EAAMkB,SAAS,EAAOhB,MAAO,eAC7E,CAAEzd,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,EAAMkB,SAAS,EAAOhB,MAAO,eAElF,KAAC,EAxB4B,CAR/B,QAQwCT,eAAa,2KCRQ,IAShD0B,EAAoB,mCAT4B,IAS5B,GAT4B,EAS5B,EAT4B,kbAS5B,iEA0B9B,OA1B8B,uCAC/B,SAAUxR,GACR,IACMvO,EADkBuO,EAAhBkK,aACmBlK,EACnBqR,EAAiD5f,EAAjD4f,WAAYI,EAAqChgB,EAArCggB,kBAAmBC,EAAkBjgB,EAAlBigB,cACvC,SAAUL,GAAcI,GAAqBC,EAC/C,GAAC,4BAED,SAAe1R,GACb,IAAQkK,EAA8DlK,EAA9DkK,YAAauH,EAAiDzR,EAAjDyR,kBAAmBJ,EAA8BrR,EAA9BqR,WAAYK,EAAkB1R,EAAlB0R,cACpD,GAAKxH,GAAgBuH,GAAsBJ,GAAeK,EAG1D,OAAOxH,GAAgB,CACrBuH,kBAAAA,EACAJ,WAAAA,EACAK,cAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAE5e,KAAM,oBAAqBiB,KAAM,SAAUwc,MAAO,qBAAsBF,UAAU,EAAMkB,SAAS,GACnG,CAAEze,KAAM,aAAciB,KAAM,SAAUwc,MAAO,cAAeF,UAAU,EAAMkB,SAAS,GACrF,CAAEze,KAAM,gBAAiBiB,KAAM,SAAUwc,MAAO,iBAAkBF,UAAU,EAAMkB,SAAS,GAE/F,KAAC,EA1B8B,CATjC,QAS0CzB,eAAa,+ECGhD,SAA0B6B,GAAiD,QAC1EC,EAAYD,EAAYC,UACxB7Z,GAAQ6Z,aAAS,EAATA,EAAW7Z,QAAS,CAAC,EACnC,OAAQA,EAAM3F,KACZ,KAAKsd,EAAAA,iBAAiBC,cACpB,OAAO,IAAII,EAAAA,aAAahY,GAC1B,KAAK2X,EAAAA,iBAAiBmC,kBACpB,OAAwB,QAAxB,EAAI9Z,EAAMkZ,sBAAc,OAApB,EAAsBC,iBACjB,IAAIF,EAAAA,6BAA6BjZ,GAEjC,IAAI6Y,EAAAA,2BAA2B7Y,GAE1C,KAAK2X,EAAAA,iBAAiBoC,YACpB,OAAO,IAAItB,EAAAA,eAAezY,GAC5B,KAAK2X,EAAAA,iBAAiBqC,SACpB,OAAwB,QAAxB,EAAIha,EAAMkZ,sBAAc,OAApB,EAAsBe,cACjB,IAAIR,EAAAA,qBAAqBzZ,GAEzB,IAAIqZ,EAAAA,mBAAmBrZ,GAElC,QACE,OAAO,IAAI4Y,EAAAA,8BAA8B5Y,GAE/C,EAnCA,cAEA,UACA,UACA,UACA,UACA,UACA,UAEA,6CCTA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,+OCUO,SAA+Bka,EAAOC,GAC3C,SAAKD,IAAUC,KAIXD,EAAME,IAAMD,EAAMC,GACZF,EAAME,KAAOD,EAAMC,MAGzBF,EAAM7f,MAAO8f,EAAM9f,MACb6f,EAAM7f,MAAQ8f,EAAM9f,IAGhC,sBAGO,SAA2BggB,EAAgBxiB,GAChD,IAAIyiB,EACoC,EAD7B,EAlC6C,03BAkC7C,CACeD,GAAc,yBAA/B3C,EAAa,QAGpB,GAFA4C,EAASziB,EACNoD,MAAK,gBAAG4e,EAAS,EAATA,UAAS,OAAOA,EAAUxf,KAAOwf,EAAUxf,MAAQqd,EAAcrd,GAAG,IAE7E,aACD,EALH,IAAK,EAAL,qBAA0C,gBAMzC,+BACD,OAAOigB,CACT,wBAzCO,SAA6BC,GAClC,IAAI7C,EACJ,IAAK,EAAA8C,EAAAA,iBAAgBD,GACnB7C,EAAgB6C,MACX,IAAwB,iBAAbA,EAKhB,MAAM,IAAIrR,MAAM,oCAJhBwO,EAAgB,CACdrd,IAAKkgB,EAIT,CACA,OAAO7C,CACT,EAdA,cAA0D,qKCcZ,SAElB,gFAH5B,UACA,UAA8C,2kBAElB,aAQ3B,OAR2B,gCAArB,WAAuBjE,EAAkC5b,GAAuB,+EAEzB,OADtDsW,EAAOsF,EAAWgH,mBAAmBC,OACrCC,GAAW,EAAAC,EAAAA,sBAAqBnH,EAAYtF,EAAK2J,MAAK,mBACrD,EAAAD,EAAAA,KAAIpE,EAAY,EAAF,OAChB5b,GACA8iB,GAAQ,IACXE,QAAS,CAAC,cACV,4CACH,sICmBA,SAE+C,EAAD,0FAdxC,SAAoCrV,GACzC,MAAuB,6BAAfA,EAAMzK,IAChB,wJAlBA,YACA,UAA4D,IAG/C+f,EAAwB,mCAHuB,IAGvB,GAHuB,EAGvB,EAHuB,kbAO1D,WAAY1V,EAAegU,GAAa,MAIvB,OAJuB,qBACtC,sEAAuDA,KAAO,2FAC9D,EAAKre,KAAO,2BACZ,EAAKqK,MAAQA,EACb,EAAKgU,IAAMA,EAAI,CACjB,CAAC,uBATkC,CAAS1K,EAAAA,SAiBvC,SAASqM,EAAuBC,GACrC,MAAO,UAAUlK,KAAKkK,IAAY,YAAYlK,KAAKkK,EACrD,CAGO,SAASC,EAAyBD,GACvC,OAAO,EAAAE,EAAAA,mBAAkBF,EAC3B,CAE+C,aAW9C,OAX8C,gCAAxC,WAAyCvH,EAAkC0H,GAAc,qFAC1FJ,EAAsBI,GAAS,CAAF,eACb,GADa,EACRF,EAAyBE,GAAxC/V,EAAK,EAALA,MAAOgU,EAAG,EAAHA,KACX3F,EAAW2H,IAAIC,WAAW,CAAEjW,MAAAA,IAAU,CAAF,+BAEzBqO,EAAW2H,IAAIE,QAAQ,CAAElW,MAAAA,EAAOgU,IAAAA,IAAM,qDAG7C,IAAI0B,EAAyB1V,EAAOgU,GAAI,4CAGnD,sBArCwD,0FCLlD,SAML/P,EACA1L,EACA2L,GAMA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GACjCI,GAAY,EAAAyR,EAAAA,mBAA+B3R,EAAaN,GAG9D,OADgB,EAAAkS,EAAAA,iBAAgB1R,EAElC,EA7BA,cACA,UACA,SACA,UACA,UACA,iECDO,SAMLT,EACA1L,EACA2L,GAIA,IAAMmS,GAAO,EAAAC,EAAAA,oBACXrS,EACA1L,EACA2L,GAGF,OADgB,EAAAqS,EAAAA,UAASF,EAE3B,EA9BA,cAOA,0ECuCO,SAAsBnlB,IAC3B,EAAAslB,EAAAA,mBAAkB,CAChBC,YAAAA,EACAjB,qBAAAA,EAAAA,uBAEF,IAAMkB,EAAwBC,EAAAA,iBAAiBxjB,KAAK,KAAMjC,GA2C1D,MA1CY,CACV0lB,SAAUA,EAAAA,SAASzjB,KAAK,KAAMjC,GAC9BsC,WAAYA,EAAAA,WAAWL,KAAK,KAAMjC,GAClC2lB,gBAAiBC,EAAAA,aAAa3jB,KAAK,KAAMjC,GAEzC6lB,aAAcA,EAAAA,aAAa5jB,KAAK,KAAMjC,GACtC8lB,SAAUA,EAAAA,SAAS7jB,KAAK,KAAMjC,GAC9BmS,MAAOqT,EACPC,iBAAkBD,EAClB7f,KAAMA,EAAAA,KAAK1D,KAAK,KAAMjC,GACtBglB,QAASA,EAAAA,QAAQ/iB,KAAK,KAAMjC,GAC5BY,OAAQA,EAAAA,OAAOqB,KAAK,KAAMjC,GAC1B+lB,gBAAiBA,EAAAA,gBAAgB9jB,KAAK,KAAMjC,GAG5CgmB,8BAA+BA,EAAAA,8BAA8B/jB,KAAK,KAAMjC,GAGxEimB,sBAAuBA,EAAAA,sBAAsBhkB,KAAK,KAAMjC,GACxDkmB,2BAAAA,EAAAA,2BAGAC,0BAA2BA,EAAAA,0BAA0BlkB,KAAK,KAAMjC,GAChEykB,sBAAAA,EAAAA,sBACAE,yBAAAA,EAAAA,yBACAyB,2BAAAA,EAAAA,2BAEAC,wBAAyBA,EAAAA,wBAAwBpkB,KAAK,KAAMjC,GAC5DsmB,sBAAuBA,EAAAA,sBAAsBrkB,KAAK,KAAMjC,GACxDumB,mBAAoBA,EAAAA,mBAAmBtkB,KAAK,KAAMjC,GAClDwmB,oBAAqBA,EAAAA,oBAAoBvkB,KAAK,KAAMjC,GACpDymB,qBAAsBA,EAAAA,qBAAqBxkB,KAAK,KAAMjC,GACtD0mB,uBAAAA,EAAAA,uBACAC,QAAS,SAACnF,GACRxhB,EAAIuB,QAAQigB,KAAOA,CACrB,EACAoF,QAAS,WACP,OAAO5mB,EAAIuB,QAAQigB,IACrB,EACAuD,WAAYA,EAAAA,WAAW9iB,KAAK,KAAMjC,GAClC6mB,cAAeA,EAAAA,cAAc5kB,KAAK,KAAMjC,GAG5C,EAlFA,cACA,UACA,UACA,UAMA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UASA,UACA,EAE4C,qbAF5C,UACA,UACA,UAA4C,mKC3C5C,oLACA,oLACA,4OCyBO,SAA6B8mB,GAClC,IAAM9mB,EAAM8mB,EACNtB,EAAwBC,EAAAA,iBAAiBxjB,KAAK,KAAMjC,GAgB1D,MAfY,CACV2lB,gBAAiBC,EAAAA,aAAa3jB,KAAK,KAAMjC,GAEzCmS,MAAOqT,EACPC,iBAAkBD,EAClBR,QAASA,EAAAA,QAAQ/iB,KAAK,KAAMjC,GAC5B+kB,WAAYA,EAAAA,WAAW9iB,KAAK,KAAMjC,GAElCqmB,wBAAyBA,EAAAA,wBAAwBpkB,KAAK,KAAMjC,GAC5DsmB,sBAAuBA,EAAAA,sBAAsBrkB,KAAK,KAAMjC,GACxDumB,mBAAoBA,EAAAA,mBAAmBtkB,KAAK,KAAMjC,GAClDwmB,oBAAqBA,EAAAA,oBAAoBvkB,KAAK,KAAMjC,GACpDymB,qBAAsBA,EAAAA,qBAAqBxkB,KAAK,KAAMjC,GACtD0mB,uBAAAA,EAAAA,uBAGJ,EAjCA,cACA,UACA,UACA,wECFA,cAUaK,EAAqC,CAChD,SAAYC,EAAAA,SAIZ,sCAAuCC,EAAAA,iCACvC,oCAAqCC,EAAAA,gCACrC,0BAA2BC,EAAAA,uBAC3B,iBAAkBC,EAAAA,cAClB,kCAAmCC,EAAAA,8BACnC,iCAAkCC,EAAAA,8BAClC,qFCrBF,cAkBaC,EAAsC,CACjD,SAAYP,EAAAA,SACZ,oCAAqCE,EAAAA,gCACrC,8BAA+BM,EAAAA,0BAC/B,gCAAiCC,EAAAA,4BACjC,kCAAmCJ,EAAAA,8BACnC,uBAAwBK,EAAAA,oBACxB,0BAA2BP,EAAAA,uBAC3B,iBAAkBC,EAAAA,cAClB,yBAA0BO,EAAAA,sBAC1B,iCAAkCL,EAAAA,6BAClC,cAAeM,EAAAA,WACf,4BAA6BC,EAAAA,wBAC7B,0BAA2BC,EAAAA,sBAC3B,eAAgBC,EAAAA,YAChB,KAAQC,EAAAA,MACR,iFCzCK,SACLC,GAEmB,IACf1C,EAAahB,EAFjB/C,EAAuB,UAAH,6CAAG,UAEGhgB,GAAkB,EAC5C,OAAQggB,GACN,IAAK,WACL,IAAK,SACL,IAAK,gBACH+D,EAAc2C,EAAAA,iBACd1mB,GAAkB,EAClB,MACF,IAAK,kBACL,IAAK,gBACH+jB,EAAc4C,EAAAA,qBACd5D,EAAU,CACR,+BACA,0CAEF/iB,GAAkB,EAClB,MACF,IAAK,gBACH+jB,EAAcwB,EAAAA,kBACdvlB,GAAkB,EAClB+iB,EAAU,CACR,kBAEF,MAMF,QAEEgB,EAAcgC,EAAAA,mBAGlB,MAAO,CAAE/F,KAAAA,EAAM+D,YAAAA,EAAahB,QAAAA,EAAS/iB,gBAAAA,EACvC,EA7CA,cACA,UACA,UACA,2ECUA,cAaa2mB,EAAwC,CACnD,SAAYnB,EAAAA,SACZ,oBAAqBA,EAAAA,SACrB,oCAAqCE,EAAAA,gCACrC,8BAA+BM,EAAAA,0BAC/B,0BAA2BL,EAAAA,uBAC3B,kCAAmCE,EAAAA,8BACnC,gCAAiCI,EAAAA,4BACjC,sBAAuBW,EAAAA,mBACvB,yBAA0BT,EAAAA,sBAC1B,iCAAkCL,EAAAA,6BAClC,cAAeM,EAAAA,YACf,sFCzBF,cAYaM,EAAoC,CAC/C,wBAAyBG,EAAAA,oBACzB,iBAAkBC,EAAAA,cAClB,gCAAiCb,EAAAA,4BACjC,8BAA+BD,EAAAA,0BAC/B,cAAeI,EAAAA,WACf,4BAA6BC,EAAAA,wBAC7B,0BAA2BC,EAAAA,sBAC3B,uBAAwBJ,EAAAA,oBACxB,KAAQM,EAAAA,MACR,0ECxBF,oLACA,oLACA,oLACA,oLACA,oLACA,qQCJqD,SAID,EAAD,iEAJnD,UAImD,aAqClD,OArCkD,gCAA5C,WACL7K,EACA7b,GAAW,+FAEsC,GAA3CuW,EAAOsF,EAAWgH,mBAAmBC,OAChC,CAAF,qBACD,IAAIjjB,EAAAA,aAAa,4CAA2C,OAgB7B,GAZrConB,EAEE1Q,EAFF0Q,aACOC,EACL3Q,EADF/I,MAAK,EAMH,IAAI2Z,IAAInnB,GAHVonB,EAAY,EAAZA,aAII5Z,EAAQ4Z,EAAa3mB,IAAI,SACzB4mB,EAAkBD,EAAa3mB,IAAI,sBAGnCmN,EAAQwZ,EAAa3mB,IAAI,UACpB,CAAF,sBAED,IAAIuW,EAAAA,WAAWpJ,EAAOwZ,EAAa3mB,IAAI,sBAAsB,WAEjE+M,IAAU0Z,EAAU,uBAChB,IAAIrnB,EAAAA,aAAa,+DAA8D,WAElFwnB,EAAiB,CAAF,sBACZ,IAAIxnB,EAAAA,aAAa,iDAAgD,yBAIhDgc,EAAWjP,MAAM0a,sBAAsB,CAAED,gBAAAA,EAAiBJ,aAAAA,IAAe,iBAA1FvU,EAAM,EAANA,OACRmJ,EAAWpP,aAAakG,UAAUD,GAAQ,6CAC3C,uFCvBM,SACLmJ,EACA0D,EACAgI,EACAC,GACa,MACP7L,EAAiC,QAA1B,EAAG4D,aAAc,EAAdA,EAAgB5D,eAAO,QAAI8L,EAAAA,gBAI3C,OAHAC,EAAsB/L,IAGf2I,EADkBqD,EAAkBhM,GAAnC2I,cACYzI,EAAY0D,EAAgBgI,EAAWC,EAC7D,uDAxCA,cACA,YAGaG,EAAoB,SAA4BhM,GAC3D,OAAQA,GACN,IAAK,QACH,OAAOiM,EAAAA,QACT,UAAK7oB,EACL,KAAK,KACH,MAAM,IAAIuS,MAAM,2BAClB,QACE,MAAM,IAAIA,MAAM,wBAAD,OAAyBqK,EAAO,oCAErD,EAEO,SAAS+L,EAAsB/L,GACpC,IAAMA,EACJ,MAAM,IAAIrK,MAAM,uBAIlB,IADsBqK,QAAAA,EAAW,IAAI7S,QAAQ,kBAAmB,MAC1C6S,IAAYA,EAChC,MAAM,IAAIrK,MAAM,yEAGlBqW,EAAkBhM,EACpB,CAbE,qmCCFF,IAAMkM,EAAiB,SAAwBC,GAE7C,OAA2B,IAAlBA,EAAMC,OACjB,EAEMC,EAAuC,SAA+CC,GAC1F,IAAMC,EAAyB,CAAC,EAC1BC,EAAwB,GACxBC,EAA2B,CAAC,EAIlC,IAAKH,EAAO7f,MAEV,OADA+f,EAAsB7lB,KAAK2lB,GACpB,CAAEC,uBAAAA,EAAwBC,sBAAAA,EAAuBC,yBAAAA,GACzD,IAE8B,EAF9B,IAEkBH,EAAO7f,OAAK,IAA/B,IAAK,EAAL,qBAAkC,KAED,EAQxB,EAVC0f,EAAK,QAERD,EAAgBC,IAEnBK,EAAsB7lB,KAAKwlB,GAEX,QAAhB,EAAKA,EAAM1f,aAAK,WACd8f,EAAuBJ,EAAM3kB,MAAQ2kB,EAAM1f,QAI7CggB,EAAyBN,EAAM3kB,MAAmB,QAAd,EAAG2kB,EAAM1f,aAAK,QAAI,EAE1D,CAAC,+BACD,MAAO,CAAE8f,uBAAAA,EAAwBC,sBAAAA,EAAuBC,yBAAAA,EAC1D,EAqBE,iCAnB4C,SAAyCC,GAGrF,IAI8B,EAJxBC,EAAe,GACfC,EAAgB,CAAC,EACjBC,EAAkB,CAAC,EAAE,IAH3BH,EAAarmB,MAAMC,QAAQomB,GAAcA,EAAa,CAAEA,IAK1B,IAA9B,IAAK,EAAL,qBAAiC,KAAvBJ,EAAM,QACd,EAIID,EAAqCC,GAHvCC,EAAsB,EAAtBA,uBACAC,EAAqB,EAArBA,sBACAC,EAAwB,EAAxBA,yBAEFE,EAAahmB,KAAK6lB,GAClBI,EAAcN,EAAO9kB,MAAQ+kB,EAC7BM,EAAgBP,EAAO9kB,MAAQilB,CACjC,CAAC,+BAED,MAAO,CAAEG,cAAAA,EAAeD,aAAAA,EAAcE,gBAAAA,EACxC,+GCtDA,UAGA,SACA,aAAwD,2kBAExD,IAAMC,EAAsB,SAA6B5M,EAAkC,GAKrE,IAJpB6M,EAAgB,EAAhBA,iBAAgB,IAChBR,uBAAAA,OAAsB,IAAG,GAAC,EAAC,MAC3BE,yBAAAA,OAAwB,IAAG,GAAC,EAAC,MAC7Bb,UAAAA,OAAS,IAAG,GAAC,EAAC,EAERoB,EAASD,EAAiBllB,KAChC,OAAO,EAAP,2BAAO,0HAsBF,OAtBiBI,EAA0B,EAAH,6BAAG,CAAC,EACzCjC,EAAU,CACd,eAAgB,mBAChB,OAAU+mB,EAAiBE,SAAW,wBAElCze,EAAOpB,KAAKE,UAAU,EAAD,OACtBif,GACAtkB,GACAwkB,IACH,SAGMnoB,EAA0B,CAC9BD,IAAK2oB,EACL9O,OAAQ6O,EAAiB7O,OACzBlY,QAAAA,EACAjC,KAAMyK,EACNjK,gBAA2C,QAA5B,EAAEqnB,aAAS,EAATA,EAAWrnB,uBAAe,WAED,SAA1BwoB,EAAiBvlB,OAAwC,QAAzB,EAAIulB,EAAiBvlB,YAAI,aAArB,EAAuB0lB,SAAS,aAEpF5oB,EAAQiF,eAAgB,GACzB,UACsB,EAAAyX,EAAAA,aAAYd,EAAY5b,GAAQ,OAAzC,OAARua,EAAW,EAAH,uBAEPqB,EAAW2H,IAAIa,gBAAgB,EAAD,GAAM7J,GAAY+M,GAAW,IAAK,qCAGjE,gBAAejR,EAAAA,SAAiB,4BAAC,KAAK5Q,IAAG,oCAe9C,OAXK8U,EAAW,KAAI9U,IACfuQ,EAAUuE,EAASU,cAAgBnS,KAAKC,MAAMwR,EAASQ,cACvDoC,EAAgB5C,EAAS7Y,QAAQ,qBAAuB6Y,EAAS7Y,QAAQ,oBAEzEmnB,EAAcjN,EAAW2H,IAAIa,gBAAgB,EAAD,GAAMpO,GAAWsR,GAAW,GACtD,MAApB/M,EAASxb,QAAoC,sCAAlBoe,IAK7B0L,EAAYC,QAAS,GACtB,kBAEMD,GAAW,yDAGxB,EAmCgC,UAhBN,SAA4BjN,EAAkC6M,EAAkBnB,GAGxG,IAAMyB,EAAYP,EAClB,GAAyD,EAAAQ,EAAAA,gCAAgCP,GAAjFH,EAAa,EAAbA,cAAeD,EAAY,EAAZA,aAAcE,EAAe,EAAfA,gBAE/BP,EAASe,EAAUnN,EAAY,CACnC6M,iBAAAA,EACAR,uBAAwBK,EAAcG,EAAiBvlB,MACvDilB,yBAA0BI,EAAgBE,EAAiBvlB,MAC3DokB,UAAAA,IAGF,OADAU,EAAOK,aAAeA,EACfL,CACT,EAEgC,4KC7FhC,UACA,aACA,UACA,UAA+C,8lBAE/C,IAAMiB,EAAc,CAClB,aAAe,EACf,SAAW,GAGAC,EAAuB,SAA+BtN,EAAkCiN,GAA2C,IAAjBvB,EAAY,UAAH,6CAAG,CAAC,EACpItE,EAAU,CAAC,EACXmG,EAAU,CAAC,EA4CjB,OA1CAnqB,OAAOyJ,KAAKogB,GACTO,QAAQ,SAAAvB,GAAK,OAAKoB,EAAYpB,EAAM,IACpCnf,SAAS,SAAAmf,GAGR,GAFoD,YAA9B,aAAOgB,EAAYhB,KAAyBgB,EAAYhB,GAQ9E,GAAKgB,EAAYhB,GAAOwB,IAEtBrG,EAAQ6F,EAAYhB,GAAO3kB,OAAQ,EAAAomB,EAAAA,SAAkB1N,EAAYiN,EAAYhB,GAAQP,OAFvF,CAMA,MAA4CuB,EAAYhB,GAAzC0B,EAAU,EAAjBphB,MAAmBhE,EAAI,EAAJA,KAASqlB,GAAI,kBACxCL,EAAQtB,GAAS,EAAH,CAAK1jB,KAAAA,GAASqlB,GAEd,WAATrlB,GAOLglB,EAAQtB,GAAO1f,MAAQ,CAAC,EACxBnJ,OAAO0R,QAAwB6Y,GAC5B7gB,SAAS,YAAuB,yBAArB+gB,EAAQ,KAAEthB,EAAK,KACrBA,EAAMkhB,IAIRrG,EAAQ,GAAD,OAAI6E,EAAK,YAAI4B,EAASvmB,MAAQumB,KAAc,EAAAH,EAAAA,SAAkB1N,EAAYzT,EAAOmf,GAGxF6B,EAAQtB,GAAO1f,MAAMshB,GAAYthB,CAErC,KAjBAghB,EAAQtB,GAAO1f,MAAQohB,CAPzB,MAREJ,EAAQtB,GAASgB,EAAYhB,EAiCjC,IAEK,CAAEsB,QAAAA,EAASnG,QAAAA,EACpB,EAAE,yBAEF,IAAM0G,EAAkB,SAAlBA,EAAmBb,EAAa1gB,GACpCnJ,OAAOyJ,KAAKN,GAAOO,SAAQ,SAAAC,GACzB,GAAU,cAANA,EAAmB,CACrB,IAAMghB,EAAQ5nB,MAAMC,QAAQmG,EAAMQ,IAAMR,EAAMQ,GAAG,GAAKR,EAAMQ,GAC5D,GAAqB,iBAAVghB,EAAoB,CAC7B,IAAM7O,GAAS,EAAA8O,EAAAA,UAAS,CAAEtgB,KAAMqgB,EAAOjP,KAAMmO,IAC7C,GAAI/N,EAEF,YADA3S,EAAMQ,GAAKmS,GAGX,MAAM,IAAIlb,EAAAA,aAAa,6BAAD,OAA8B+pB,GAExD,CACF,CACI5nB,MAAMC,QAAQmG,EAAMQ,KACtBR,EAAMQ,GAAGD,SAAQ,SAAAmhB,GAAU,OAAIH,EAAgBb,EAAagB,EAAW,GAE3E,GACF,EA+CE,mBA/B8B,SAA2BjO,EAAkCiN,GAI3F,MAJwGvB,EAAY,UAAH,6CAAG,CAAC,EAK/GwC,GAAyC,QAAvB,EAAAjB,EAAY9G,mBAAW,aAAvB,EAAyB5Z,QAAS,GAE1D2hB,EAAgBphB,SACd,SAAAqZ,GAAe,MAEb,GAAyB,yBAArBA,EAAY7e,MACkB,4BAAhC6e,SAAsB,QAAX,EAAXA,EAAaC,iBAAS,WAAX,EAAX,EAAyB,KACxB6G,SAAAA,EAAakB,uBAMhB,OAAOL,EAAgBb,EAAa9G,UAJ3BA,EAAYC,SAKvB,IAGF,IAAMgI,EAAeF,EAAgBhQ,KAAI,SAAAiI,GAAW,OApCrB,SAACnG,EAAkCmG,EAAauF,GAE/E,GAAIvF,EAAYsH,IAAK,CACnB,IACMY,GADqB,EAAAC,EAAAA,8BAA8BtO,EAAY,CAACmG,GAAcuF,GAChDvF,EAAY7e,MAChD,OAAO,EAAP,KACK6e,GAAW,IACdiG,OAAQiC,GAEZ,CAEA,OAAOlI,CACT,CAwB0DoI,CAA0BvO,EAAYmG,EAAauF,EAAW,IAEtH,EAA6B4B,EAAsBtN,EAAYiN,EAAavB,GAE5E,MAAO,CACL0C,aAAAA,EACAb,QAJa,EAAPA,QAKNnG,QALsB,EAAPA,QAOnB,kEC5HO,SACLpH,EACAiN,EACAvB,EACAC,GACa,UAKwB,EAJ/BjI,EAAkBuJ,EACxB,GAA2C,EAAAuB,EAAAA,kBAAkBxO,EAAYiN,EAAavB,GAA9E0C,EAAY,EAAZA,aAAcb,EAAO,EAAPA,QAASnG,EAAO,EAAPA,QACzBqH,GAAkB,EAAH,WAAOL,GAEtBvG,GAA+B,gCAAG,WAAgB6G,GAAiB,2FAOmC,GAPjCC,EAAiB,EAAH,6BAAG,CAAC,EAOrFC,EAA0BR,EAAa5mB,MAAK,SAAC2e,GAAW,OAAKA,EAAY7e,OAASonB,CAAiB,IAC5E,yCACpBhrB,QAAQK,OAAO,gCAAD,OAAiC2qB,EAAiB,OAAI,OAG9B,GACvB,mBADPE,EAAwBxC,OACP,yCACzB1oB,QAAQK,OAAO,wDAAD,OAAyD2qB,EAAiB,OAAI,gCAG9FE,EAAwBxC,OAAQuC,IAAkC,2CAC1E,SAlBoC,oCAuBrC,MAAO,CACL9G,QAAAA,EACA4G,gBAAAA,EACArH,QAAAA,EACAmG,QAAAA,EACAsB,YAAanL,EACb8H,gBAR+D,QAA5C,EAAG9H,EAAeoL,kCAA0B,OAAO,QAAP,EAAzC,EAA2CviB,aAAK,OAAkB,QAAlB,EAAhD,EAAkD/E,MADzD,SAAAwb,GAAI,MAAkB,qBAAdA,EAAK1b,IAA2B,WACiC,WAAzB,EAAzC,EAAoEiF,MAS1Fmf,UAAAA,EACAC,kBAAAA,EAEJ,4CA7CA,4DCFA,IAA8C,EAE/B,CACblD,aAHF,QAGEA,cACD,wICHD,aAAoD,2kBAWlD,+BAT0C,SAC1CzI,EACA+O,GAEA,IADArD,EAAY,UAAH,6CAAG,CAAC,EAEb,OAAOqD,EAAiBrW,QAAO,SAACzS,EAAKkgB,GAAW,cAC3ClgB,GAAG,oBACLkgB,EAAY7e,MAAO,EAAAomB,EAAAA,SAAkB1N,EAAYmG,EAAauF,IAAU,GACvE,CAAC,EACP,24DCXA,cACA,UACA,UAMA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,2NACA,+NACA,+NACA,+NACA,+NACA,+NACA,2RCOC,SAG6B,8EAhC9B,UACA,UACA,SACA,UAAsC,2kBAoBtC,SAASsD,EAAYtU,GACnB,MAAO,CACLA,KAAAA,EACAkJ,kBAAmBlJ,EAAKkJ,kBACxBjS,MAAO+I,EAAK/I,MAEhB,CAG8B,aAkF7B,OAlF6B,gCAAvB,WACLqO,GAAgC,yIAKuB,GAJvD5b,EAA2B,EAAH,6BAAG,CAAC,EAE5BA,GAAU,EAAAgG,EAAAA,YAAWhG,GAEjBsW,GAAO,EAAAwO,EAAAA,yBAAwBlJ,EAAY5b,GAGvC,QAH+C,EAGnDsW,SAAI,QAAJ,EAAMkJ,kBAAiB,yCAClBoL,EAAYtU,IAAK,wBAIb,EAAAyO,EAAAA,uBAAsBnJ,EAAY,EAAF,KAAOtF,GAAStW,IAAU,OA0CtE,OA1CDsW,EAAO,EAAH,KACEuU,GAAU,EAAAC,EAAAA,iBAAgBlP,GAE9BnM,GAFyC,EAcvC6G,GAZF7G,SACAsb,EAAW,EAAXA,YACAxd,EAAK,EAALA,MACAyd,EAAM,EAANA,OACA/qB,EAAe,EAAfA,gBACAgrB,EAAa,EAAbA,cACAC,EAAmB,EAAnBA,oBACAC,EAAe,EAAfA,gBACAC,EAAa,EAAbA,cACAC,EAAM,EAANA,OACAC,EAAS,EAATA,UACAC,EAAK,EAALA,MAEIC,EAAexrB,EAAQwrB,cAAgB5P,EAAW5b,QAAQwrB,aAChEvrB,EAAiC,QAAlB,EAAGA,SAAe,SAG3BF,EAAM,GAAH,OAAM8qB,EAAO,gBAChBlnB,EAAS,EAAH,WACV8nB,UAAWhc,EACXic,MAAOV,EAAQ/Q,KAAK,KACpB0R,aAAcZ,EACda,eAAgBX,EAChBY,sBAAuBX,EACvB3d,MAAAA,GACI4d,GAAmB,CAAEW,iBAAkBX,IACvCC,GAAiB,CAAEW,eAAgBX,IAInCI,GAAgB,CAAEQ,cAAeR,IACjCH,GAAU,CAAE9N,QAAS8N,IACrBC,GAAa,CAAE9N,WAAY8N,IAC3BC,GAAS,CAAEA,MAAAA,IAIX7pB,EAAU,CACd,eAAgB,qCACjB,WAEkB,EAAAgb,EAAAA,aAAYd,EAAY,CACzChC,OAAQ,OACR7Z,IAAAA,EACA2B,QAAAA,EACAzB,gBAAAA,EACAR,KAAMkE,IACN,QAeuC,OArBnCsT,EAAO,EAAH,KAOJuI,EAAoBvI,EAAKgV,mBAEzBC,EAAU,EAAH,KACR5V,GAAI,IACPkJ,kBAAAA,EAGAvf,gBAAAA,EACAsN,MAAAA,EACAyd,OAAAA,EACAI,cAAAA,EACAD,gBAAAA,KAGF,EAAAlG,EAAAA,qBAAoBrJ,EAAYsQ,GAAS,kBAElCtB,EAAYsB,IAAQ,4CAC5B,uFC7G0C,SAEX,iEARhC,UAEA,SACA,UACA,UACA,UACA,UAEgC,aAgD/B,OAhD+B,gCAAzB,WACLtQ,GAAgC,mHAW/B,GAVD5b,EAA6B,EAAH,6BAAG,CAAC,GAMxBmsB,EAAmBvQ,EAAWgH,mBAAmBwJ,gBAAgBpsB,MAErEsf,EAAiB6M,EAAiB7M,eAClCiI,EAAoB4E,EAAiB5E,mBAIlCjI,EAAgB,CAAF,gBAad,OAZG5D,EAAU1b,EAAQ0b,SAAW8L,EAAAA,gBAC7B6E,GAAS,EAAAC,EAAAA,gBAAe1Q,GACtB4D,EAAmCxf,EAAnCwf,kBAAmBD,EAAgBvf,EAAhBuf,YACrBtf,EAAyC,QAA1B,EAAGD,EAAQC,uBAAe,SAAQ,SAErDsnB,GAAoB,GACpB,EAAAE,EAAAA,uBAAsB/L,GAChB3b,EAAM,GAAH,OAAMssB,EAAM,uBACfniB,EAAOqV,EAAc,CAAEpgB,WAAYogB,GAAgB,CAAEC,kBAAAA,GACrD9d,EAAU,CACd,eAAgB,sCAAF,OAAwCga,GACtD6Q,OAAQ,sCAAF,OAAwC7Q,IAC/C,WACsB,EAAAgB,EAAAA,aAAYd,EAAY,CAC7ChC,OAAQ,OACR7Z,IAAAA,EACA2B,QAAAA,EACAzB,gBAAAA,EACAR,KAAMyK,IACN,QANFoV,EAAiB,EAAH,6DAQV,EAAAkN,EAAAA,gBAAc,OAAS,KAAI/mB,MAAO,EAAA4Z,EAAAA,kBAAiB,KAAI5Z,IAAIwV,eAAa,iBAC1EqE,EAAiB,KAAI7Z,IAAIwV,aACzBsM,GAAoB,EAAM,2CAOT,OAAftnB,EAAoBD,EAApBC,gBAAe,mBAChB,EAAAokB,EAAAA,cAAazI,EAAY0D,EAAgB,CAAErf,gBAAAA,GAAmBsnB,IAAkB,0DACxF,+FCrDM,SASNrmB,GACD,MACE,OAAO,EAAP,mCAbqC,IAarC,GAbqC,EAarC,EAbqC,kbAmBnC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAG+B,OAFhD,+BAASA,KAAM,iGACf,EAAK8jB,KAAM,EAAAkJ,EAAAA,eAAY,iBACvB,EAAKprB,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CAAC,uBAVH,CAAiCQ,IAAI,0BAIJwrB,GAAQ,CAQ3C,iGA3BA,UACA,aACA,EAAuC,qbAAvC,UAAuC,6MCEhC,SAULxrB,GAEF,MACE,OAAO,EAAP,mCAfqC,IAerC,GAfqC,EAerC,EAfqC,kbAqBnC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAG+B,OAFhD,+BAASA,KAAM,iGACf,EAAK8jB,KAAM,EAAAoJ,EAAAA,sBAAmB,iBAC9B,EAAKtrB,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CAAC,uBAVH,CAAiCQ,IAAI,0BAIJwrB,GAAQ,CAQ3C,iGA7BA,UACA,aACA,EAAuC,qbAAvC,UAAuC,+MCGhC,WAEL,OAAO,SAAP,0BAP6D,IAO7D,GAP6D,EAO7D,EAP6D,kbAqB3D,WAAY1sB,GAAc,MAMD,OANC,qBACxB,cAAMA,IAAS,0MAEf,EAAKigB,KAAOjgB,EAAQigB,KACpB,EAAKkL,gBAAkBnrB,EAAQmrB,gBAC/B,EAAKC,cAAgBprB,EAAQorB,cAC7B,EAAK7H,IAAMvjB,EAAQujB,IAAI,CACzB,CAAC,uBArBI,EADwB,EAAAqJ,EAAAA,gCAyBjC,iGA/BA,kGCAA,UAOA,UACA,SAA+B,SAETxoB,EAAK,GAAD,4CAkCzB,OAlCyB,gCAAnB,WAAoBwX,GAAgC,qGACX,OAAtC3b,GADmDD,EAA0B,EAAH,6BAAG,CAAC,GAC9EC,gBAAiBonB,EAA0BrnB,EAA1BqnB,sBAAqB,UACtB,EAAA5D,EAAAA,SAAQ7H,EAAY,CAC1CiR,cAAc,EACd5sB,gBAAAA,EACAonB,sBAAAA,IACA,OAMD,GAVGyF,EAAc,EAAH,KAMTxW,GAAO,EAAAwO,EAAAA,yBAAwBlJ,GAEhCmR,OADDA,EAA+BzW,SAAkB,QAAd,EAAJA,EAAM0T,oBAAY,WAAd,EAAJ,EAAoB5mB,MAAK,SAAA2e,GAAW,OAAIA,EAAYiL,SAAS,OAAO,MAClGD,EAA8B3qB,SACjC,EAAAoF,EAAAA,MAAK,oEAGHylB,OAAOC,UAAUltB,EAAQmtB,SAAU,CAAF,yCAC5B,IAAI7tB,SAAQ,SAAUC,EAASI,GACpCmL,YAAW,EAAD,2BAAC,8FACT,IACQqiB,EAA8B,QAAvB,EAAGL,EAAYM,gBAAQ,OAAM,QAAN,EAApB,EAAsBhpB,YAAI,WAAN,EAApB,EAA4B+oB,QAE1C5tB,EADE4tB,EACM/oB,EAAKwX,EAAY,CACvBuR,QAAAA,IAGML,EAEZ,CAAE,MAAOtnB,GACP7F,EAAO6F,EACT,CAAC,2CACAxF,EAAQmtB,QACb,KAAE,iCAGGL,GAAW,4CACnB,mGC/BA,SAE6B,GAAD,2EAT7B,UACA,UACA,UAAyC,2kBAElC,SAAStJ,EAAW5H,GAAyE,IAAvC5b,EAA0B,UAAH,6CAAG,CAAC,EAEtF,UADa,EAAA8kB,EAAAA,yBAAwBlJ,EAAY5b,KAC/BA,EAAQuf,YAC5B,CAE6B,aAmB5B,OAnB4B,gCAAtB,WACL3D,GAAgC,+FACJ,GAGvB4H,EAAW5H,EAHhB5b,EAA0B,EAAH,6BAAG,CAAC,GAGW,CAAF,qBAC5B,IAAIJ,EAAAA,aAAa,4DAA2D,OAOnF,OAJKqgB,EAAgBjgB,EAAhBigB,KAAM1S,EAAUvN,EAAVuN,MACP0S,IACG3J,GAAO,EAAAwO,EAAAA,yBAAwBlJ,EAAY,CAAErO,MAAAA,IACnD0S,EAAO3J,aAAI,EAAJA,EAAM2J,MACd,mBAEM,EAAAD,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAAA,MACA,2CACH,4FChC6C,SAOR,GAAD,2EARrC,UACA,UAA8C,2kBAOT,aAWpC,OAXoC,gCAA9B,WACLrE,GAAgC,2FAEoC,OAFlC5b,EAAmC,EAAH,6BAAG,CAAC,EAEhE8iB,GAAW,EAAAC,EAAAA,sBAAqBnH,EAAY,mBAAkB,mBAC7D,EAAAoE,EAAAA,KACLpE,EAAY,EAAF,KAEL5b,GACA8iB,KAEN,2CACF,qFCVgB,SAEc,GAAD,2EAX9B,UACA,UACA,UACA,UACA,UAKiB,2kBAEa,aAoB7B,OApB6B,gCAAvB,WACLlH,GAAgC,6FAAmC,GAAjC5b,EAA+B,EAAH,6BAAG,CAAC,GAI7D,EAAAqtB,EAAAA,2BAA0BzR,GAAa,CAAF,gCACN,EAAAsI,EAAAA,kBAAiBtI,EAAY,EAAF,KACxD5b,GAAO,IACVigB,KAAM,WACNqN,eAAe,KACf,OAJqB,GAIrB,SAJMC,EAAe,EAAfA,gBAKHvtB,EAAQmrB,kBAAmBoC,GAAoBA,EAAgBP,SAASQ,EAAAA,WAAWC,cAAa,sBAC7F,IAAI7tB,EAAAA,aAAa,0EAAyE,iCAI7F,EAAAogB,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAM,eACN,2CACH,2JC9BD,UAOA,UAMgB,klDAUhB,SAASyN,EAAoBtd,EAA2ByY,GAEtD,OAAO7pB,OAAOyJ,KAAKogB,EAAY7F,SAAS5f,MAAK,SAAA4kB,GAAM,QAAM5X,EAAOud,QAAU3F,EAAOgF,SAAS,UAAU,GACtG,CAEA,SAASY,EAAuBxd,GAE9B,OAAO,EAAP,KACKA,GAAM,IACTud,YAAQ7uB,GAEZ,CAEA,SAAS+uB,EAAwB7tB,EAA2B8tB,GAC1D,IAAI9K,EAAUhjB,EAAQgjB,SAAW,GAQjC,OAPAA,EAAUA,EAAQoG,QAAO,SAAA2E,GACvB,MAAqB,iBAAVA,EACFA,IAAUD,EAEZC,EAAM7qB,OAAS4qB,CACxB,IAEO,EAAP,KAAY9tB,GAAO,IAAEgjB,QAAAA,GACvB,CAAC,SAGqBgL,EAAU,EAAD,mDA4H9B,OA5H8B,gCAAxB,WACLpS,EACAiN,EACAzY,EACApQ,GAAyB,+GAGb,GADNqqB,GAFmB,EAEkBxB,GAArCwB,gBAAiBjD,EAAe,EAAfA,gBACfnH,EAASjgB,EAATigB,MAGJmH,EAAiB,CAAF,wCACV,CAAEyB,YAAAA,IAAa,OAU0B,GAP5CoF,GAAa,EAAAC,EAAAA,eAAcrF,EAAazY,EAAQpQ,GAGhDmuB,EAAmBT,EAAoBtd,EAAQyY,GAC/CuF,EAAoBpuB,EAAQgjB,SAAW,KACvCA,EAAU,GAAH,qBACRoL,IAAiB,aAChBD,GAAoB,CAACA,IAAqB,MAEnC,CAAF,oBACUnL,GAAO,4HAQmD,GARpEgF,EAAM,QAETrkB,EAA0B,CAAC,EACT,iBAAXqkB,IACTrkB,EAASqkB,EAAOrkB,QAAU,CAAC,EAC3BqkB,EAASA,EAAO9kB,MAEdmrB,EAA8BT,EAAuBxd,GACrDke,EAA+BT,EAAwB7tB,EAASgoB,GAEzB,mBAAhCa,EAAY7F,QAAQgF,GAAsB,iCAC/Ba,EAAY7F,QAAQgF,GAAQrkB,GAAO,OAA5C,IAC2B,KADtCklB,EAAc,EAAH,MACKtB,kBAA2B,8CAClC,EAAAgH,EAAAA,sBAAqB3S,EAAYiN,EAAa7oB,KAAQ,WAEhD,WAAXgoB,EAAmB,6CACd,CAAEa,YAAAA,EAAa2F,UAAU,KAAM,oCAEjCR,EACLpS,EACAiN,EACAwF,EACAC,KACD,QAI0E,IAAnDjE,EAAgBjnB,MAAK,YAAO,SAAJF,OAAoB8kB,CAAM,IACrD,CAAF,iCACCa,EAAYpF,QAAQuE,EAAQrkB,GAAO,QAA5C,IAC2B,KADtCklB,EAAc,EAAH,MACKtB,kBAA2B,8CAClC,EAAAgH,EAAAA,sBAAqB3S,EAAYiN,EAAa7oB,KAAQ,oCAExDguB,EAAUpS,EAAYiN,EAAazY,EAAQke,KAA6B,8WAMrC,KAA1CG,GAAW,EAAAC,EAAAA,oBAAmB7F,IACtB,CAAF,yCACH,CAAEA,YAAAA,EAAa4F,SAAAA,IAAU,WAG7BR,EAAY,CAAF,oBAETjuB,EAAQ2uB,KAAM,CAAF,gBACyD,OAAvEve,GAAS,EAAAwe,EAAAA,4BAA2B/F,EAAa7oB,EAAQ2uB,KAAMve,GAAQ,UACnDyY,EAAYpF,QAAQzjB,EAAQ2uB,KAAMve,GAAO,QAAlD,IAC2B,KADtCyY,EAAc,EAAH,MACKtB,kBAA2B,2CAClC,EAAAgH,EAAAA,sBAAqB3S,EAAYiN,EAAa7oB,IAAQ,iCAExD,CAAE6oB,YAAAA,IAAa,WAIX,YAAT5I,EAAkB,0CACb,CAAE4I,YAAAA,IAAa,cAElB,IAAIjpB,EAAAA,aAAa,2GAAD,OAEHyqB,EAAgB/V,QAAO,SAACua,EAAKC,GAAI,OAAKD,EAAMA,EAAM,KAAOC,EAAK5rB,KAAO4rB,EAAK5rB,IAAI,GAAE,IAAG,YACpG,WAIC+qB,EAAWc,eAAgB,CAAF,gBACqC,OAA3D3B,GAAW,EAAA4B,EAAAA,aAAYpT,EAAYqS,EAAYpF,GAAY,kBAC1D,CACLA,YAAAA,EACAuE,SAAAA,IACD,QAI8B,OAD3BlqB,EAAO+qB,EAAWgB,UAClBpwB,EAAOovB,EAAWiB,UAAS,UAEbrG,EAAYpF,QAAQvgB,EAAMrE,GAAK,QAAxC,IAC2B,KADtCgqB,EAAc,EAAH,MACKtB,kBAA2B,2CAClC,EAAAgH,EAAAA,sBAAqB3S,EAAYiN,EAAa7oB,IAAQ,QAKrB,GAD1CoQ,EAAS6d,EAAWkB,0BACpBnvB,EAAU,EAAH,KAAQA,GAAO,IAAE2uB,UAAM7vB,KAIlB2gB,sBAAyBoJ,EAAYzB,kBAAoB,EAAAsH,EAAAA,oBAAmB7F,GAAY,iBAGzC,OADnDuG,GAAK,EAAAlB,EAAAA,eAAcrF,EAAazY,EAAQpQ,GACxCotB,GAAW,EAAA4B,EAAAA,aAAYpT,EAAYwT,EAAIvG,GAAY,kBAClD,CACLA,YAAAA,EACAuE,SAAAA,IACD,iCAGIY,EAAUpS,EAAYiN,EAAazY,EAAQpQ,IAAQ,kEAE3D,4MC7KD,UACA,UAAyD,+kBAM5CkmB,EAA2B,mCANiB,IAMjB,GANiB,EAMjB,EANiB,kbAMjB,iEAqCrC,OArCqC,8CAGtC,WACE,IAAMrE,EAAoBjjB,KAAKywB,uBAE/B,MAAO,CACL9M,IAFmC,EAAA+M,EAAAA,iCAAgC1wB,KAAKmjB,aAEvCvB,KAAMrY,MACpC/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAGiF,MACtConB,WAAY1N,EAAmB0N,WAC/BC,YAAa3N,EAAmB2N,YAEpC,GAAC,mCAED,SAAsBzN,GACpB,MAAO,CACL,CAAE7e,KAAM,aAAciB,KAAM,UAC5B,CAAEjB,KAAM,cAAeyd,MAAO,eAAgBxc,KAAM,WACpD2V,KAAI,SAAA8E,GAEJ,OAAO,EAAP,KADcmD,EAAYvB,KAAKrY,MAAM/E,MAAK,SAAAqsB,GAAG,OAAIA,EAAIvsB,OAAS0b,EAAK1b,IAAI,KACjD0b,EACxB,GACF,GAAC,4CAED,SAAyC/f,GAEvCA,GAAO,EAAH,uFAAwCA,GAE5C,IAAQ2wB,EAAgB5wB,KAAKwR,OAArBof,YACR,GAAK3wB,GAAS2wB,EAId,OAAO,EAAP,KACM3wB,GAAQA,GACR2wB,GAAe,CAAEA,YAAAA,GAEzB,KAAC,EArCqC,CAASE,EAAAA,mBAAiB,8CAArDxJ,EAA2B,kBACb,oOCT2D,+kBAIzEJ,EAA6B,mCAJ4C,IAI5C,GAJ4C,EAI5C,EAJ4C,kbAI5C,iEA4BvC,OA5BuC,8CAGxC,WACE,OAAOlnB,KAAKywB,sBACd,GAAC,mCAED,WACE,IAAMxP,EAAgBjhB,KAAK0wB,kCACrBC,EAAa1P,EAAcW,KAAMrY,MAAM/E,MAAK,YAAO,MAAgB,eAAhB,EAAJF,IAAgC,IAErF,OAAIqsB,GAAcA,EAAWvvB,QACpB,CACLkD,KAAM,aACNiB,KAAM,SACNsc,UAAU,EACVzgB,QAASuvB,EAAWvvB,UAIT,EAAH,WAAO6f,EAAcW,KAAMrY,MAEzC,GAAC,mCAED,WAA6D,WAG3D,OAFAvJ,KAAKwR,QAAS,EAAH,+EACSpR,OAAOyJ,KAAK7J,KAAKwR,QAAQgZ,QAAO,SAAAuG,GAAQ,MAAiB,kBAAbA,CAA4B,IACvErb,QAAO,SAAClE,EAAQuf,GAAQ,cAAUvf,GAAM,oBAAGuf,EAAW,EAAKvf,OAAOuf,IAAS,GAAI,CAAC,EACvG,KAAC,EA5BuC,CAJ1C,QAImDD,mBAAiB,gDAAvD5J,EAA6B,kBACf,2NCL3B,UAEA,UACA,UAAiE,+kBAOpD4J,EAAiB,mCAPmC,IAOnC,GAPmC,EAOnC,EAPmC,kbAU/D,WAAY3N,GAAkD,MAArB3R,EAAY,UAAH,6CAAG,CAAC,EAMrB,OANsB,qBACrD,cAAM2R,EAAa3R,IAAQ,sDAG3B,EAAKyP,cAAgB,EAAK+P,mBAE1B,EAAKC,0BAA0B,CACjC,CA2DC,OA3DA,qDAED,WAAoC,WAElC,GAD0BjxB,KAAKywB,uBAE7BzwB,KAAKwR,OAAO0f,mBAAqBlxB,KAAKwR,OAAO0f,mBAAoBhW,KAAI,SAAAjb,GACnE,OAAI,EAAAkxB,EAAAA,uBAAsB,EAAKlQ,cAAehhB,GACrC,EAAKmxB,+BAA+BnxB,GAEtCA,CACT,QACK,CACL,IAAMA,EAAOD,KAAKoxB,iCACdnxB,GACFD,KAAKwR,OAAO0f,mBAAoBztB,KAAKxD,EAEzC,CACF,GAAC,kCAED,WAAiC,WAC/B,OAAOD,KAAKwR,OAAO0f,mBAChB1sB,MAAK,SAACvE,GAAI,OAAK,EAAAkxB,EAAAA,uBAAsB,EAAKlQ,cAAehhB,EAAK,GACnE,GAAC,0BAED,WAAe,WACb,OAAOD,KAAKwR,OAAO0f,mBAChBzf,MAAK,SAAAxR,GAAI,OAAI,EAAAkxB,EAAAA,uBAAsB,EAAKlQ,cAAehhB,EAAK,GACjE,GAAC,4CAED,SAAyCgjB,GAEvC,MAAoCjjB,KAAKwR,OAAnCmf,EAAU,EAAVA,WAAY1P,EAAa,EAAbA,eACb0P,IAAc,EAAA5M,EAAAA,iBAAgB9C,KAClC0P,EAAa1P,aAAa,EAAbA,EAAe0P,YAG7B,MAA6B3wB,KAAKihB,cAC5BhhB,EAAO,EAAH,GACR0jB,GAFQ,EAAFA,GAGN0N,aAHsB,EAAZA,cAINpO,GAAqBA,GACrB0N,GAAc,CAAEA,WAAAA,IAGtB,OAAO1wB,EAAK0wB,WAAa1wB,EAAO,IAClC,GAAC,6CAED,WAGE,OAFsBD,KAAKmjB,YAAY5Z,MACpC/E,MAAK,YAAO,MAAgB,kBAAhB,EAAJF,IAAmC,GAEhD,GAAC,mCAED,WAA2B,WACzBtE,KAAKwR,QAAS,EAAH,+EAEX,IAAM0f,EAAqBlxB,KAAKwR,OAAO0f,mBACpC1G,QAAO,SAAAvqB,GAAI,OAAwD,KAApD,EAAAkxB,EAAAA,uBAAsB,EAAKlQ,cAAehhB,EAAc,IAC1E,OAAO,EAAP,KAAYD,KAAKwR,QAAM,IAAE0f,mBAAAA,GAC3B,KAAC,EArE2B,CAAsEI,EAAAA,YAAU,+JCN9G,UACA,UAAsF,yrBAuBzEA,EAAU,WAQrB,WACEnO,GAGA,IAFA3R,EAAY,UAAH,6CAAG,CAAC,EACbpQ,EAA4B,UAAH,6CAAG,CAAC,GAAC,wKAG9BpB,KAAKwR,OAAS,EAAH,GAAQA,GACnBxR,KAAKoB,QAAU,EAAH,GAAQA,GACpBpB,KAAKuxB,uBACLvxB,KAAKmjB,YAAcA,CACrB,CA8JC,OA9JA,kDAED,WASE,GARAnjB,KAAKwR,OAAOoS,eAAkB5jB,KAAKwR,OAAOoS,gBAAkB,GAG5D5jB,KAAKwR,OAAOoS,eAAiB5jB,KAAKwR,OAAOoS,eAAe1I,KAAI,SAAA+F,GAC1D,OAAO,EAAAuQ,EAAAA,qBAAoBvQ,EAC7B,IAGIjhB,KAAKwR,OAAOyP,cAAe,CAC7B,IAAMA,GAAgB,EAAAuQ,EAAAA,qBAAoBxxB,KAAKwR,OAAOyP,eACvBjhB,KAAKwR,OAAOoS,eAAenS,MAAK,SAAAggB,GAC7D,OAAO,EAAAN,EAAAA,uBAAsBlQ,EAAewQ,EAC9C,KAEEzxB,KAAKwR,OAAOoS,eAAengB,KAAKwd,EAEpC,CAIAjhB,KAAKwR,OAAO0f,mBAAqBlxB,KAAKwR,OAAOoS,eAAelO,QAAO,SAACua,EAAKhP,GAKvE,MAJ6B,YAAzB,aAAOA,IAA8B7gB,OAAOyJ,KAAKoX,GAAezd,OAAS,GAE3EysB,EAAIxsB,KAAKwd,GAEJgP,CACT,GAAGjwB,KAAKwR,OAAO0f,oBAAsB,GACvC,GAAC,qBAED,WACE,OAAOlxB,KAAKmjB,YAAY7e,IAC1B,GAAC,0BAID,SAAaimB,GAA+B,WAG1C,QAFiB,EAAAmH,EAAAA,mBAAkB1xB,KAAKmjB,aACf3e,MAAK,SAACZ,GAAG,OAAM,EAAK+tB,QAAQ/tB,EAAI,GAK3D,GAAC,qBAGD,SAAQA,GAAc,WACpB,IAAKA,EAAK,CACR,IACI7D,GADY,EAAA6xB,EAAAA,cAAa5xB,KAAKmjB,aACbzN,QAAO,SAACzV,EAAM2D,GAEjC,OADA3D,EAAK2D,GAAO,EAAK0sB,QAAQ1sB,GAClB3D,CACT,GAAG,CAAC,GACJ,OAAOF,CACT,CAGA,GAA4C,mBAAjCC,KAAK,MAAD,QAAO,EAAA6xB,EAAAA,WAAUjuB,KAAwB,CACtD,IAAMitB,EAAM7wB,KAAK,MAAD,QAAO,EAAA6xB,EAAAA,WAAUjuB,KAC/B5D,KAAKmjB,YAAY5Z,MAAO/E,MAAK,YAAM,SAAJF,OAAmBV,CAAG,KAEvD,GAAIitB,EACF,OAAOA,CAEX,CAGA,GAAI7wB,KAAKkb,KAAOlb,KAAKkb,IAAItX,GAEvB,IADA,IAAMurB,EAAQnvB,KAAKkb,IAAItX,GACdsS,EAAI,EAAGA,EAAIiZ,EAAM3rB,OAAQ0S,IAAK,CACrC,IAAI2a,EAAM7wB,KAAKwR,OAAO2d,EAAMjZ,IAC5B,GAAI2a,EACF,OAAOA,CAEX,CAIF,OAAO7wB,KAAKwR,OAAO5N,EACrB,GAAC,qBAED,SACEA,GAIA,QAAS5D,KAAKswB,QAAQ1sB,EACxB,GAAC,yBAED,SAAYkuB,EAAmCC,GAC7C,IAAMztB,EAAOtE,KAAKqwB,UACZ1O,EAAS3hB,KAAKgyB,YACd/Q,EAAgBjhB,KAAKgxB,mBAGrBzrB,EAAO0b,aAAa,EAAbA,EAAe1b,KAC5B,OAAO,EAAP,GACEjB,KAAAA,EACAqd,OAAAA,GACIpc,GAAQ,CAAEA,KAAAA,IACV0b,GAAiB,CAAEA,cAAAA,GAE3B,GAAC,uBAGD,WAAqB,WACbU,EAAkB,GAqCxB,OApC8B3hB,KAAKmjB,YAAY5Z,OAAS,IAClCO,SAAQ,SAAAmoB,GAC5B,IAAInQ,EACExd,EAAkC2tB,EAAlC3tB,KAAMiB,EAA4B0sB,EAA5B1sB,KAAMwd,EAAsBkP,EAAtBlP,QAASmP,EAAaD,EAAbC,SAC3B,IAAgB,IAAZnP,EAAJ,CAGA,GAAkD,mBAAvC,EAAK,WAAD,QAAY,EAAA8O,EAAAA,WAAUvtB,KACnCwd,EAAQ,EAAK,WAAD,QAAY,EAAA+P,EAAAA,WAAUvtB,KAAS2tB,QACtC,GAAa,WAAT1sB,EAAmB,CAE5B,IAAI4sB,EACEC,GAAW,EAAKlX,IAAM,EAAKA,IAAI5W,GAAQ,OAAS,GAEpD6tB,EADqB,IAAnBC,EAAQ5uB,OACF4uB,EAAQ,GAGRA,EAAQ5tB,MAAK,SAAAF,GAAI,OAAIlE,OAAOyJ,KAAK,EAAK2H,QAAQ4c,SAAS9pB,EAAK,IAElE6tB,IACFrQ,EAAQ,EAAH,KAAQmQ,GAAoB,IAAE3tB,KAAM6tB,IAE7C,CACKrQ,IACHA,EAAQmQ,GAEN9uB,MAAMC,QAAQ0e,GAChBA,EAAMhY,SAAQ,SAAAoM,GAAC,OAAIyL,EAAOle,KAAKyS,EAAE,KAG7Bgc,IACFpQ,EAAMoQ,SAAWA,GAEnBvQ,EAAOle,KAAKqe,GA3Bd,CA6BF,IACOH,CACT,GAAC,mCAiBD,WACE,IAO0B,EAPpB0Q,EAAwBryB,KAAKmjB,YAAY5Z,OAAS,GAClD+oB,EAAuBtyB,KAAKgyB,YAIhC,EAlNgF,25BAkNhF,CAHa,GAAH,qBACPK,IAAqB,aACrBC,KAGqB,IAA1B,IAAK,EAAL,qBAA4B,KAAjBxQ,EAAK,eACP9hB,KAAKwR,OAAOsQ,EAAMxd,KAC3B,CAAC,+BACD,OAAOtE,KAAKwR,MACd,GAAC,8BAED,WAA2D,QAEnD4R,EAAsC,QAA7B,EAAGpjB,KAAKmjB,YAAYC,iBAAS,aAA1B,EAA4B7Z,MAC9C,GAAK6Z,EAAL,CAIA,IAAMmP,GAA+B,EAAA7B,EAAAA,iCAAgC1wB,KAAKmjB,aAC1E,IAAKoP,EAEH,OAAOnP,EAKT,IAAMO,EAAK4O,EAA6B3Q,KAAMrY,MAC3C/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAGiF,MAChC8nB,EACwC,QAD5B,EAAGkB,EAA6B3Q,KAAMrY,MACrD/E,MAAK,YAAO,MAAgB,iBAAhB,EAAJF,IAAkC,WAAC,aADzB,EAC2BiF,MAEhD,OAAO,EAAP,KACK6Z,GAAS,IACZO,GAAAA,EACA0N,aAAAA,GAlBF,CAoBF,IAAC,0BAtDD,SAAmBlO,GAAuD,QACxE,GAAKA,EAAY5Z,MAGjB,OAA2B,QAA3B,EAAO4Z,EAAY5Z,MAAM,UAAE,OAAM,QAAN,EAApB,EAAsBqY,YAAI,WAAN,EAApB,EAA4BrY,MAAMmM,QAAO,SAACwc,EAAwBjJ,GAIvE,OAHIA,EAAMiJ,WACRA,EAAW,GAAH,qBAAOA,IAAQ,aAAKjJ,EAAMiJ,SAAS3oB,SAEtC2oB,CACT,GAAG,GACL,KAAC,EAhLoB,GAgLpB,6BAhLUZ,EAAU,oNC3BvB,UACA,UAEA,UACA,UAAmF,yrBAOtEkB,EAAmB,mCAPmD,IAOnD,GAPmD,EAOnD,EAPmD,kbAOnD,oRAmF7B,OAnF6B,+CAM9B,SAAkB5O,EAAgBxiB,GAChC,IAAIyiB,EACoC,EADN,EAd6C,25BAc7C,CACRD,GAAc,yBAA/B3C,EAAa,QAGpB,GAFA4C,EAASziB,EACNoD,MAAK,gBAAG4e,EAAS,EAATA,UAAS,OAAOA,EAAUxf,KAAOwf,EAAUxf,MAAQqd,EAAcrd,GAAG,IAE7E,aACD,EALH,IAAK,EAAL,qBAA0C,gBAMzC,+BACD,OAAOigB,CACT,GAAC,0BAGD,SAAa0G,GACX,MAA0CvqB,KAAKwR,OAAvCoS,EAAc,EAAdA,eAAgB3C,EAAa,EAAbA,cAEhB7f,GAD6B,EAAAsvB,EAAAA,iCAAgC1wB,KAAKmjB,aAClE/hB,QAER,IAAKwiB,IAAmBA,EAAepgB,OACrC,OAAO,EAIT,IAAI,EAAAugB,EAAAA,iBAAgB9C,IAAkBA,EAAc0C,GAClD,OAAO,EAIT,IAAM8O,EAAgBzyB,KAAK0yB,kBAAkB9O,EAAgBxiB,GAC7D,GAAIqxB,EAAe,SAEXE,GAAyBpI,aAAO,EAAPA,EAASqI,wBACnCrI,aAAO,EAAPA,EAASqI,qBAAqBrpB,MAAMoa,OAA8B,QAA5B,EAAK8O,EAAcrP,iBAAS,aAAvB,EAAyBO,IACnEkP,GAAmCtI,aAAO,EAAPA,EAASuI,kCAC7CvI,aAAO,EAAPA,EAASuI,+BAA+BvpB,MAAMoa,OAA8B,QAA5B,EAAK8O,EAAcrP,iBAAS,aAAvB,EAAyBO,IACnF,OAAQgP,IAA2BE,CACrC,CAEA,OAAO,CACT,GAAC,8BAED,SAAiB9G,GACf,MAA0C/rB,KAAKwR,OAAvCoS,EAAc,EAAdA,eAAgB3C,EAAa,EAAbA,cAGxB,IAAI,EAAA8C,EAAAA,iBAAgB9C,IAAkBA,EAAc0C,GAElD,OADA3jB,KAAK+yB,sBAAwB9R,EACtBA,EAGT,IAAQ7f,EAAY2qB,EAAZ3qB,QACF4xB,GAAiB,EAAAN,EAAAA,mBAAkB9O,EAAgBxiB,GAGzD,OAFApB,KAAK+yB,sBAAwBC,EAAe5P,UAC5CpjB,KAAKgzB,eAAiBA,EACf,CACLrP,GAAIqP,aAAc,EAAdA,EAAgBzpB,MAAMqY,KAAKrY,MAAM/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAEiF,MAE3E,GAAC,mCAED,SAAsB4Z,GAOpB,MAAO,CAAE7e,KAAM,gBAAiBiB,KAAM,SAAUnE,QANhC+hB,EAAY/hB,QAAQ8Z,KAAI,YACtC,MAAO,CACL6G,MAF4C,EAALA,MAGvCxY,MAHuD,EAAT6Z,UAG7Bxf,IAErB,IAEF,GAAC,mCAED,WAA2B,WACzB5D,KAAKwR,QAAS,EAAH,+EAEX,IAAMoS,EAAkB5jB,KAAKwR,OAAOoS,eACjC4G,QAAO,SAAAvJ,GACN,OAA4E,KAArE,EAAAkQ,EAAAA,uBAAsBlQ,EAAe,EAAK8R,sBACnD,IACF,OAAO,EAAP,KAAY/yB,KAAKwR,QAAM,IAAEoS,eAAAA,GAC3B,KAAC,EAnF6B,CACtB0N,EAAAA,YAAU,kNCbpB,UACA,UAA2F,+kBAO9E2B,EAAmB,mCAP2D,IAO3D,GAP2D,EAO3D,EAP2D,kbAYzF,WAAY9P,GAAkD,MAArB3R,EAAY,UAAH,6CAAG,CAAC,EAED,OAFE,qBACrD,cAAM2R,EAAa3R,IAAQ,sDAC3B,EAAKyP,eAAgB,EAAA+P,EAAAA,kBAAiB7N,GAAa,CACrD,CA4BC,OA5BA,yCAED,SAAYnG,EAAkCuN,GAAgC,MACtEiE,GAAW,EAAH,oEAAqBxR,EAAYuN,GACzC2I,EAA2B3I,SAAiC,QAA1B,EAAPA,EAAS2I,gCAAwB,WAA1B,EAAP,EAAmC3pB,MAEpE,OAAO,EAAP,KACKilB,GAAQ,IACX0E,yBAAAA,GAEJ,GAAC,0BAED,WACE,OAAOlzB,KAAKihB,cAAckS,UAAUnzB,KAAKwR,OAC3C,GAAC,4BAED,WACE,OAAOxR,KAAKihB,cAAcmS,eAAepzB,KAAKwR,OAChD,GAAC,iCAED,SAAoBsQ,GAClB,OAAO9hB,KAAKihB,cAAc+Q,UAAUlQ,EACtC,GAAC,mCAED,WAA2B,WAGzB,OAFA9hB,KAAKwR,QAAS,EAAH,+EACSpR,OAAOyJ,KAAK7J,KAAKwR,QAAQgZ,QAAO,SAAAuG,GAAQ,MAAiB,gBAAbA,CAA0B,IACrErb,QAAO,SAAClE,EAAQuf,GAAQ,cAAUvf,GAAM,oBAAGuf,EAAW,EAAKvf,OAAOuf,IAAS,GAAI,CAAC,EACvG,KAAC,EApC6B,CACtBO,EAAAA,YAAU,2LCVwE,IAI/EtK,EAAsB,mCAJyD,IAIzD,GAJyD,EAIzD,EAJyD,kbAIzD,yFAJnC,QAI4CiM,qBAAmB,yCAAlDjM,EAAsB,kBACR,qLCLe,IAE7BC,EAAa,mCAFgB,IAEhB,GAFgB,EAEhB,EAFgB,kbAEhB,iEAKvB,OALuB,0CAGxB,WACE,QAASjnB,KAAKwR,OAAOyc,cAAsC,mBAAtBjuB,KAAKoB,QAAQ2uB,IACpD,KAAC,EALuB,CAF1B,QAEmCtI,YAAU,gCAAhCR,EAAa,kBACC,kLCFiE,IAI/EM,EAAmB,mCAJ4D,IAI5D,GAJ4D,EAI5D,EAJ4D,kbAI5D,yFAJhC,QAIyC0L,qBAAmB,sCAA/C1L,EAAmB,kBACL,4LCLuC,+kBAQrDE,EAAU,mCAR2C,IAQ3C,GAR2C,EAQ3C,EAR2C,kbAQ3C,iEA0BpB,OA1BoB,0CAGrB,WACE,QAASznB,KAAKwR,OAAOyc,cAAsC,gBAAtBjuB,KAAKoB,QAAQ2uB,IACpD,GAAC,yBAED,SAAY/S,EAAkCuN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBrW,EAAYuN,GACzCtJ,EAAgBjhB,KAAKgxB,mBAIzB,OAHK/P,GAAD,MAAkBsJ,GAAAA,EAASqI,uBAC7B3R,EAAgBsJ,EAAQqI,qBAAqBrpB,OAExC,EAAP,KACK8pB,GAAM,IACTpS,cAAAA,EACAzb,KAAM,CACJqc,UAAU,EACV0M,QAASvuB,KAAKmjB,YAAYoL,UAGhC,GAAC,mCAED,WAA0C,WAExC,OADoBnuB,OAAOyJ,KAAK7J,KAAKwR,QAAQgZ,QAAO,SAAAuG,GAAQ,MAAiB,iBAAbA,CAA2B,IACtErb,QAAO,SAAClE,EAAQuf,GAAQ,cAAUvf,GAAM,oBAAGuf,EAAW,EAAKvf,OAAOuf,IAAS,GAAI,CAAC,EACvG,KAAC,EA1BoB,CARvB,QAQgCO,YAAU,6BAA7B7J,EAAU,kBACI,kMCN3B,UACA,UAA4E,+kBAW/DU,EAAa,mCAXkD,IAWlD,GAXkD,EAWlD,EAXkD,kbAgB1E,WACEhF,GAGA,MAFA3R,EAA8B,UAAH,6CAAG,CAAC,EAC/BpQ,EAA4B,UAAH,6CAAG,CAAC,EAU5B,OAV6B,qBAE9B,cAAM+hB,EAAa3R,EAAQpQ,IAAS,8CAPK,MAYrB,EAAKkyB,kCAEvB,EAAKrS,cAAgB,EAAKA,cAAgB,IAAIM,EAAAA,aAAa,CAAC,IAC7D,CACH,CA8DC,OA9DA,0CAED,WAEE,GAAIvhB,KAAKihB,gBAAkBjhB,KAAKihB,cAAckS,UAAUnzB,KAAKwR,QAC3D,OAAO,EAGT,IAAM+hB,EAAwBvzB,KAAKswB,UAAUkD,YAC7C,QAAKD,GAI8BvzB,KAAKmjB,YAAY5Z,MAAO/E,MAAK,YAAO,MAAgB,gBAAhB,EAAJF,IAAiC,IAClEsd,KAAMrY,MAAMmM,QAAO,SAACya,EAAcD,GAIlE,OAHIA,EAAKrO,WACPsO,EAAeA,KAAkBoD,EAAsBrD,EAAK5rB,OAEvD6rB,CACT,IAAG,EACL,GAAC,2CAED,WACE,OAAOnwB,KAAKmjB,YAAY5Z,MAAO/E,MAAK,YAAO,MAAgB,gBAAhB,EAAJF,IAAiC,GAC1E,GAAC,4BAED,YAAqD,WAE7CrE,EAFwC,EAAhC2hB,KAAQrY,MACmB2R,KAAI,YAAM,SAAJ5W,IAAc,IACjCoR,QAAO,SAAC+d,EAAiBC,GAAa,OAChE,EAAKliB,OAAOkiB,GAAiB,EAAH,KACvBD,GAAe,oBACjBC,EAAgB,EAAKliB,OAAOkiB,KAC3BD,CAAe,GAAG,CAAC,GACvB,GAAiC,IAA7BrzB,OAAOyJ,KAAK5J,GAAMuD,OAGtB,OAAOvD,CACT,GAAC,4BAED,WACE,IAAM4wB,EAAM7wB,KAAKihB,eAAiBjhB,KAAKihB,cAAcmS,eAAepzB,KAAKwR,QACzE,GAAKqf,EAGL,OAAOA,CACT,GAAC,iCAED,SAAoB/O,GAClB,OAAO,EAAP,WAAWA,EAAMF,KAAKrY,MACxB,GAAC,iCAED,SAAoBuY,GAClB,OAAO,EAAP,WAAWA,EAAMF,KAAKrY,MACxB,GAAC,8BAED,SAAiBoqB,GACf,OAAOA,EAAiBpqB,MAAM,GAAGqY,KAAKrY,MAAMmM,QAAO,SAACke,EAAQ3K,GAI1D,OAHIA,EAAMiJ,UACR0B,EAAOnwB,KAAKwlB,EAAMiJ,SAAS3oB,MAAM,GAAGoO,SAE/Bic,CACT,GAAG,GACL,KAAC,EAjFuB,CAAStC,EAAAA,YAAU,gCAAhCnJ,EAAa,kBACC,iMChBuC,+kBAUrDR,EAAqB,mCAVgC,IAUhC,GAVgC,EAUhC,EAVgC,kbAUhC,iEAuC/B,OAvC+B,2CAGhC,WACE,MAAO,CACL,CAAErjB,KAAM,QAASiB,KAAM,SAAUsc,UAAU,EAAME,MAAO,SAE5D,GAAC,iCAED,WACE,MAAO,CACL,CAAEzd,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,EAAME,MAAO,gBAElE,GAAC,0BAED,WACE,OAAO8R,QAAQ7zB,KAAKwR,OAAOsiB,OAAS9zB,KAAKwR,OAAOof,YAClD,GAAC,yBAED,SAAY5T,EAAkCuN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBrW,EAAYuN,GACvCtJ,EAAgBsJ,EAAQqI,qBAAqBrpB,MACnD,OAAO,EAAP,KACK8pB,GAAM,IACTpS,cAAAA,GAEJ,GAAC,qBAED,WACE,MAAO,CACLN,YAAa3gB,KAAKwR,OAAOmP,YACzBmT,MAAO9zB,KAAKwR,OAAOsiB,MACnBlD,YAAa5wB,KAAKwR,OAAOof,YAE7B,GAAC,mCAED,WAAqD,WAEnD,OADoBxwB,OAAOyJ,KAAK7J,KAAKwR,QAAQgZ,QAAO,SAAAuG,GAAQ,OAAK,CAAC,QAAS,eAAe3C,SAAS2C,EAAS,IACvFrb,QAAO,SAAClE,EAAQuf,GAAQ,cAAUvf,GAAM,oBAAGuf,EAAW,EAAKvf,OAAOuf,IAAS,GAAI,CAAC,EACvG,KAAC,EAvC+B,CAVlC,QAU2CO,YAAU,wCAAxC3J,EAAqB,kBACP,8NCvB3B,UACA,UAAyC,+oBAE5BoM,EAAiB,mCAFW,IAEX,GAFW,EAEX,EAFW,kbAEX,iEAmF3B,OAnF2B,0CAC5B,WAEE,QAAuC,mBAA5B/zB,KAAKmjB,YAAYiG,QAWE,SAA1BppB,KAAKmjB,YAAY7e,OAAmBtE,KAAKmjB,YAAY7e,KAAK0lB,SAAS,WAInEhqB,KAAKoB,QAAQ2uB,KAMnB,GAAC,qBAED,WAAU,WAKR,OAJa/vB,KAAKgyB,YAAYtc,QAAO,SAACua,EAAK,GAAa,IAAX3rB,EAAI,EAAJA,KAE3C,OADA2rB,EAAI3rB,GAAQ,EAAKkN,OAAOlN,GACjB2rB,CACT,GAAG,CAAC,EAEN,GAAC,yBAED,SAAYjT,EAAkC+U,GAC5C,IAyBU,EAzBJztB,EAAOtE,KAAKqwB,UACZ1O,EAAS3hB,KAAKgyB,YAIpB,EAYIhyB,KAAKmjB,YAFPiG,GARI,EAAJzkB,KACM,EAANqW,OACG,EAAHyP,IACO,EAAPV,QACQ,EAARiK,SAEK,EAALzqB,MAEM,EAAN6f,QACG6K,GAAI,kBAKT,OAAI7K,EACK,EAAP,OACK6K,KACGtS,EAAOne,QAAU,CAAEme,OAAAA,IAAQ,IACjCyH,QAAM,gCAAE,WAAOrkB,GAAO,gGACbiY,EAAW2H,IAAIE,QAAQ,EAAD,CAC3BkL,KAAMzrB,GACHS,KACH,2CACH,+CAKE,EAAP,GAAY/E,KAAKmjB,YAEnB,GAAC,uBAED,WACE,OAAQnjB,KAAKmjB,YAAY5Z,OAAS,IAC/BihB,QAAO,YAAO,MAAgB,gBAAhB,EAAJlmB,IAAiC,IAC3C4W,IAAIgZ,EAAAA,iBACJhZ,KAAI,SAAA4G,GAGH,OADAA,EAAMvc,KAAOuc,EAAMvc,MAAQ,SACpBuc,CACT,GACJ,KAAC,EAnF2B,CAASwP,EAAAA,YAAU,yDCJjD,yPCiDO,SAA4BxP,EAAOtQ,GA+DxC,OA9DW,SAAL9L,EAAMoc,EAAOtQ,EAAQ2iB,GACzB,IAAQ7vB,EAAyCwd,EAAzCxd,KAAMiF,EAAmCuY,EAAnCvY,MAAOhE,EAA4Buc,EAA5Bvc,KAAMnE,EAAsB0gB,EAAtB1gB,QAASygB,EAAaC,EAAbD,SAC9BuS,EAAavS,GAAYsS,EAG/B,GAAIhxB,MAAMC,QAAQmG,GAChB,OAAOA,EAAMmM,QAAO,SAACua,EAAKjQ,GACxB,OAAOiQ,GAAOvqB,EAAGsa,EAAMxO,EAAOlN,GAAO8vB,EACvC,IAAG,GAOL,GAAIhzB,EAAS,CAEX,GAAa,WAATmE,EAAmB,CACrB,IAAMytB,EAAiBxhB,EAAOlN,GAC9B,IAAK0uB,EACH,OAAO,EAET,IAAKA,EAAerP,GAElB,OAAO,EAET,IAAM0Q,EAAejzB,EAAQoD,MAAK,SAACqf,GAEjC,OADiBA,EAAOta,MAAM/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAC9CiF,QAAUypB,EAAerP,EAC3C,IACA,QAAK0Q,GAGEA,EAAa9qB,MACjBihB,QAAO,YAAW,UAAR3I,QAAyB,IACnCnM,QAAO,SAACua,EAAK,GAAa,IAAX3rB,EAAI,EAAJA,KACd,OAAO2rB,KAAS+C,EAAe1uB,EACjC,IAAG,EACP,CAGA,IAAiB,IAAbud,EACF,OAAO,EAIT,IAAiB,IAAbA,EACF,QAASrQ,EAAOlN,GAIlB,MAAM,IAAItD,EAAAA,aAAa,yBAAD,OAA0BkJ,KAAKE,UAAU0X,IACjE,CAGA,OAAKsS,MAIK5iB,IAAUA,EAAOlN,GAC7B,CAEOoB,CAAGoc,EAAOtQ,GAAQ,EAC3B,oBA7GO,SAAS0iB,EAAgB/Q,GAC9B,GAAIhgB,MAAMC,QAAQ+f,GAChB,OAAOA,EACJjI,KAAI,SAAA8E,GACH,MAAoB,iBAATA,GAAqC,iBAATA,GAAqC,kBAATA,EAC1DA,EAEFkU,EAAgBlU,EACzB,IAIJ,IADA,IAAMjgB,EAAM,CAAC,EACb,MAA2BK,OAAO0R,QAAQqR,GAAY,eAAE,CAAnD,4BAAOvf,EAAG,KAAE2F,EAAK,KACpB,GAAIA,QAIJ,GAAqB,YAAjB,aAAOA,GAAoB,CAC7B,IAAM+qB,EAAWl0B,OAAOyJ,KAAKN,GAG7B,GAAI,CAAC,QAAS,QAAQ6kB,SAASxqB,IACN,IAApB0wB,EAAS9wB,QACT,CAAC,QAAS,QAAQ4qB,SAASkG,EAAS,IACvC,CAEA,IAAMC,EAAgBL,EAAgB3qB,GACtCnJ,OAAO0R,QAAQyiB,GAAezqB,SAAQ,YAAkB,yBAAhBlG,EAAG,KAAE2F,EAAK,KAChDxJ,EAAI6D,GAAO2F,CACb,GACF,MAEExJ,EAAI6D,GAAOswB,EAAgB3qB,EAE/B,MAEExJ,EAAI6D,GAAO2F,CAEf,CAEA,OAAOxJ,CACT,gCA5CA,4KCakE,+kBASrD8mB,EAAQ,mCAT6C,IAS7C,GAT6C,EAS7C,EAT6C,kbAS7C,iHAKlB,OALkB,wEAGb,CACJ,WAAc,CAAC,cAChB,EAqBA,OArBA,0CAED,WAEE,QADuB7mB,KAAKswB,UAApBkE,UAEV,GAAC,4BAED,WACE,MAAkCx0B,KAAKwR,OAA/BkK,EAAW,EAAXA,YAAasF,EAAQ,EAARA,SACrB,GAAKtF,GAAgBsF,EAGrB,OAAOtF,GAAe,CAAE8F,SAAUR,EACpC,GAAC,iCAED,SAAoBc,GAClB,OAAO,EAAP,KACKA,EAAMF,KAAKrY,MAAM,IAAE,IACtBjF,KAAM,WACNud,SAAUC,EAAMD,UAEpB,KAAC,EA1BkB,CATrB,QAS8ByP,YAAU,2BAA3BzK,EAAQ,kBACM,8KCXuC,+kBAMrDW,EAAqB,mCANgC,IAMhC,GANgC,EAMhC,EANgC,kbAMhC,iEAqB/B,OArB+B,4CAGhC,WACE,IAAQiN,EAAgBz0B,KAAKwR,OAArBijB,YACR,GAAKA,EAGL,MAAO,CACLjT,SAAUiT,EAEd,GAAC,iCAED,SAAoB3S,GAElB,IACMxd,EAAyB,aADTtE,KAAKgxB,mBAAoBzrB,KACH,cAAgB,mBAC5D,OAAO,EAAP,KACKuc,EAAMF,KAAKrY,MAAM,IAAE,IACtBjF,KAAAA,GAEJ,KAAC,EArB+B,CANlC,QAM2CgtB,YAAU,wCAAxC9J,EAAqB,kBACP,mMCPqC,IAEnDL,EAA4B,mCAFuB,IAEvB,GAFuB,EAEvB,EAFuB,kbAEvB,yFAFzC,QAEkDK,uBAAqB,+CAA1DL,EAA4B,kBACd,0LCHoB,IAElCS,EAAW,mCAFuB,IAEvB,GAFuB,EAEvB,EAFuB,kbAEvB,iEAerB,OAfqB,0CAGtB,WACE,OAAO,CACT,GAAC,yBAED,WACE,MAAkC5nB,KAAKmjB,YACvC,MAAO,CACL7e,KAFU,EAAJA,KAGNiB,KAHgB,EAAJA,KAIZmvB,IAJqB,EAAHA,IAKlB/vB,KAL2B,EAAJA,KAO3B,KAAC,EAfqB,CAFxB,QAEiC2sB,YAAU,8BAA9B1J,EAAW,kBACG,+KCHiE,IAI/EK,EAAkB,mCAJ6D,IAI7D,GAJ6D,EAI7D,EAJ6D,kbAI7D,yFAJ/B,QAIwCgL,qBAAmB,qCAA9ChL,EAAkB,kBACJ,+MCL3B,UACA,UAEA,UAA6E,IAMhElB,EAA+B,mCANiC,IAMjC,GANiC,EAMjC,EANiC,kbAS3E,WACE5D,GAGA,QAFA3R,EAAoC,UAAH,6CAAG,CAAC,EACrCpQ,EAA4B,UAAH,6CAAG,CAAC,GAAC,qBAK9B,IAAMuzB,EAAuC,qBAH7C,cAAMxR,EAAa3R,EAAQpQ,IAGCA,QAAQigB,KAQnC,OANS,QADgB,GAAG,EAAAqP,EAAAA,iCAAgCvN,GAC1D/hB,eAAO,aADmB,EACjBqQ,MAAK,gBAAG2R,EAAS,EAATA,UAAS,OAAOA,aAAS,EAATA,EAAWxf,OAAQsd,EAAAA,iBAAiBC,aAAa,OACxDwT,GAAkB,EAAKnjB,OAAOwP,YACzD,EAAKxP,OAAOoS,eAAiB,GAAH,qBACrB,EAAKpS,OAAOoS,gBAAkB,IAAE,CACnC,CAAEhgB,IAAKsd,EAAAA,iBAAiBC,kBAE3B,CACH,CAAC,uBApByC,CAASqR,EAAAA,qBAAmB,kDAA3DzL,EAA+B,kBACjB,2MCViE,IAI/EM,EAAyB,mCAJsD,IAItD,GAJsD,EAItD,EAJsD,kbAItD,yFAJtC,QAI+CmL,qBAAmB,4CAArDnL,EAAyB,kBACX,sOCLiE,+kBAU/EP,EAAgC,mCAV+C,IAU/C,GAV+C,EAU/C,EAV+C,kbAU/C,iHAM1C,OAN0C,+HAIrC,CACJ0N,WAAY,CAAC,cACd,EA6BA,OA7BA,0CAED,WAEE,QADmBx0B,KAAKswB,QAAQ,gBACT,EAAJ,qEACrB,GAAC,8BAED,SAAiBvE,GAAuC,UAChD6I,GAAmB,EAAH,yEAA0B7I,GAC1C8I,EAAsC,QAAtB,EAAG70B,KAAKgzB,sBAAc,aAAnB,EAAqBzpB,MAAMqY,KAAKrY,MAAM/E,MAAK,YAAO,MAAgB,eAAhB,EAAJF,IAAgC,IAKjGwwB,EAAkB90B,KAAKwR,OAAOmf,aAClCkE,aAAgB,EAAhBA,EAAkBtrB,SAAmBsrB,SAAyB,QAAT,EAAhBA,EAAkBzzB,eAAO,OAAK,QAAL,EAAzB,EAA4B,UAAE,WAAd,EAAhB,EAAgCmI,OAEvE,OAAIurB,EACK,EAAP,KACKF,GAAgB,IACnBjE,WAAYmE,IAITF,CACT,GAAC,8BAED,WACE,MAAO,CAAEtwB,KAAM,WAAYiB,KAAM,SACnC,KAAC,EAnC0C,CAV7C,QAUsDitB,qBAAmB,mDAA5D1L,EAAgC,kBAClB,uMCXuC,IAKrDoB,EAAmB,mCALkC,IAKlC,GALkC,EAKlC,EALkC,kbAKlC,iEAK7B,OAL6B,0CAG9B,WACE,OAAO,CACT,KAAC,EAL6B,CALhC,QAKyCoJ,YAAU,sCAAtCpJ,EAAmB,kBACL,0MCNuC,+kBASrDR,EAAuB,mCAT8B,IAS9B,GAT8B,EAS9B,EAT8B,kbAS9B,iEA8CjC,OA9CiC,0CAGlC,WACE,GAAI1nB,KAAKwR,OAAO+C,QACd,OAAO,EAGT,GAAIvU,KAAKwR,OAAOyP,cAAe,CAC7B,MAAwBjhB,KAAKwR,OAAOyP,cAA5B0C,EAAE,EAAFA,GAAIpP,EAAO,EAAPA,QACZ,GAAMoP,GAAQpP,EACZ,OAAO,CAEX,CAEA,OAAO,CACT,GAAC,yBAED,SAAYyI,EAAkCuN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBrW,EAAYuN,GACvCtJ,EAAgBsJ,EAAQqI,qBAAqBrpB,MACnD,OAAO,EAAP,KACK8pB,GAAM,IACTpS,cAAAA,GAEJ,GAAC,qBAED,WAAU,MAGR,MAAO,CACLA,cAAe,CACb0C,GAHqB3jB,KAAKmjB,YAAa5Z,MAAO,GAAGA,MAG5BqY,KAAKrY,MAAM,GAAGA,MACnCgL,SAAmC,QAA1B,EAACvU,KAAKwR,OAAOyP,qBAAa,aAA1B,EAA8C1M,UAAWvU,KAAKwR,OAAO+C,SAEhFoM,YAAa3gB,KAAKwR,OAAOmP,YAG7B,GAAC,mCAED,WAAuD,WACrD3gB,KAAKwR,QAAS,EAAH,sFACJxR,KAAKwR,OAAOoS,eACnB,IAAMmR,EAAY/0B,KAAKwR,OAAO+C,QAAU,UAAY,gBAEpD,OADoBnU,OAAOyJ,KAAK7J,KAAKwR,QAAQgZ,QAAO,SAAAuG,GAAQ,OAAIA,IAAagE,CAAS,IACjErf,QAAO,SAAClE,EAAQuf,GAAQ,cAAUvf,GAAM,oBAAGuf,EAAW,EAAKvf,OAAOuf,IAAS,GAAI,CAAC,EACvG,KAAC,EA9CiC,CATpC,QAS6CO,YAAU,0CAA1C5J,EAAuB,kBACT,8KCVuC,IAMrDG,EAAI,mCANiD,IAMjD,GANiD,EAMjD,EANiD,kbAMjD,iEAKd,OALc,0CAGf,WACE,QAAS7nB,KAAKwR,OAAOwjB,MAA8B,SAAtBh1B,KAAKoB,QAAQ2uB,IAC5C,KAAC,EALc,CANjB,QAM0BuB,YAAU,uBAAvBzJ,EAAI,kBACU,2CCP3B,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oOCnBO,SAAsBoN,GAAgC,MAC3D,OAA2B,QAA3B,EAAOA,EAAe1rB,aAAK,aAApB,EAAsB2R,KAAI,SAAAga,GAAC,OAAIA,EAAE5wB,IAAI,GAC9C,oCAeO,SACL6e,GAGA,OAAOA,EAAY5Z,MAAO/E,MAAK,YAAO,MAAgB,kBAAhB,EAAJF,IAAmC,GACvE,sBAlBO,SAA2B2wB,GAAgC,MAChE,OAA2B,QAA3B,EAAOA,EAAe1rB,aAAK,aAApB,EAAsBmM,QAAO,SAACmM,EAAUsT,GAI7C,OAHIA,EAAItT,UACNA,EAASpe,KAAK0xB,EAAI7wB,MAEbud,CACT,GAAG,GACL,cAEO,SAAmB9L,GACxB,OAAOA,EAAIqf,OAAO,GAAGC,cAAgBtf,EAAIuf,UAAU,EACrD,yDCkRC,SAEyB,GAAD,2EAlSzB,UACA,UACA,SAEA,UAUA,UACA,UAMgB,2kBAuBhB,SAASC,EAAiBn0B,GAExB,IASMoQ,EAAS,EAAH,GAAQpQ,GAIpB,MAbqB,CACnB,OACA,cACA,UACA,kBACA,OACA,uBACA,yBAGW0I,SAAQ,SAAA+Z,UACZrS,EAAOqS,EAChB,IACOrS,CACT,CAEA,SAASgkB,EAAexY,EAAkC/c,GAAwB,QAC1EmB,EAAYnB,EAAZmB,QAKN,EAJAA,EAAU,EAAH,KACF4b,EAAW5b,QAAQujB,KACnBvjB,GAGHigB,EAAI,EAAJA,KACAhgB,EAAe,EAAfA,gBACA+jB,EAAW,EAAXA,YACAhB,EAAO,EAAPA,QAGIjkB,EAASs1B,EAAAA,UAAUC,QAIzB,GADArU,EAAOA,IAA8B,QAA1B,GAAI,EAAArE,EAAW2H,KAAI8B,eAAO,aAAtB,YAA8B,UACnC,SACc,QAAtB,KAAAzJ,EAAW2H,KAAI6B,eAAO,OAAtB,SAAyBnF,GACzB,IAAM6C,GAAW,EAAAC,EAAAA,sBAAqBnH,EAAYqE,GAElDhgB,OAA8C,IAApBA,EAAmCA,EAAkB6iB,EAAS7iB,gBACxF+jB,EAAcA,GAAelB,EAASkB,YACtChB,EAAUA,GAAWF,EAASE,OAChC,CAEA,OAAO,EAAP,KACKnkB,GAAI,IACPmB,QAAS,EAAF,KACFA,GAAO,IACVigB,KAAAA,EACAhgB,gBAAAA,EACA+jB,YAAAA,EACAhB,QAAAA,IAEFjkB,OAAAA,GAEJ,CAAC,SAEcw1B,EAAsB,EAAD,+CA4CnC,OA5CmC,gCAApC,WAAqC3Y,EAAkC/c,GAAa,6GAiBO,GAhBjFmB,EAAYnB,EAAZmB,QAENuf,EAWEvf,EAXFuf,YACAtf,EAUED,EAVFC,gBACAyb,EASE1b,EATF0b,QACAnO,EAQEvN,EARFuN,MACAyd,EAOEhrB,EAPFgrB,OACAI,EAMEprB,EANForB,cACAD,EAKEnrB,EALFmrB,gBACAE,EAIErrB,EAJFqrB,OACAC,EAGEtrB,EAHFsrB,UACAC,EAEEvrB,EAFFurB,MACA9L,EACEzf,EADFyf,qBAIEnJ,GAAO,EAAAwO,EAAAA,yBAAwBlJ,EAAY,CAAErO,MAAAA,EAAO6d,cAAAA,EAAeD,gBAAAA,KAEnE5L,EAAa,CAAF,gCACO,EAAAxe,EAAAA,YAAW6a,EAAY,CAAE3b,gBAAAA,EAAiByb,QAAAA,EAAS6D,YAAAA,EAAaE,qBAAAA,IAAuB,OAA3GoJ,EAAc,EAAH,4BAEoC,GAA3CrJ,EAAwB,QAAP,EAAGlJ,SAAI,aAAJ,EAAMkJ,kBACN,CAAF,gBAEkB,OAAtC5D,EAAWgH,mBAAmB4R,QAAQ,WACP,EAAArQ,EAAAA,UAASvI,EAAY,CAClD3b,gBAAAA,EACAsN,MAAAA,EACAyd,OAAAA,EACAG,gBAAAA,EACAC,cAAAA,EACAC,OAAAA,EACAC,UAAAA,EACAC,MAAAA,IACA,QATIkJ,EAAmB,EAAH,KAUtBjV,EAAoBiV,EAAiBjV,kBACrClJ,EAAOme,EAAiBne,KAAK,0BAIX,EAAAvV,EAAAA,YAAW6a,EAAY,CAAE3b,gBAAAA,EAAiByb,QAAAA,EAAS8D,kBAAAA,EAAmBC,qBAAAA,IAAuB,QAAjHoJ,EAAc,EAAH,6CAEDhqB,GAAI,IAAEgqB,YAAAA,EAAavS,KAAAA,KAAI,6CACpC,+BAEcoe,EAAqB,EAAD,+CA8ClC,OA9CkC,gCAAnC,WAAoC9Y,EAAkC/c,GAAa,qGAgBG,GAdlFgqB,EAGEhqB,EAHFgqB,YACA7oB,EAEEnB,EAFFmB,QACAoQ,EACEvR,EADFuR,OAIAkd,EAMEttB,EANFstB,cACAtJ,EAKEhkB,EALFgkB,YACAhB,EAIEhjB,EAJFgjB,QACA/C,EAGEjgB,EAHFigB,KACA0O,EAEE3uB,EAFF2uB,KACAlP,EACEzf,EADFyf,sBAGyC,IAAlB6N,IAA4BtJ,GAAehB,GAAW2L,GACzD,CAAF,wCACX9vB,GAAI,OAMX,OAHFuR,EAAS,EAAH,KACDA,GAAM,IACTmP,YAAasJ,EAAa4B,YAAYlL,cACtC,UAOQ,EAAAyO,EAAAA,WACRpS,EACAiN,EACAzY,EACA,CACE4T,YAAAA,EACAhB,QAAAA,EACA/C,KAAAA,EACA0O,KAAAA,EACAlP,qBAAAA,IAEH,OACwC,OADxC,SAdckV,EAA0B,EAAvC9L,YACAuE,EAAQ,EAARA,SACAoB,EAAQ,EAARA,SAaF3F,EAAc8L,EAA2B,yBAE7B91B,GAAI,IAAEgqB,YAAAA,EAAauE,SAAAA,EAAUoB,SAAAA,KAAQ,6CAClD,+BAEcoG,EAAU,EAAD,+CAoBvB,OApBuB,gCAAxB,WAAyBhZ,EAAkC/c,GAAa,iGAS9D,OARFyX,EAAsBzX,EAAtByX,KAAMuS,EAAgBhqB,EAAhBgqB,YACJzB,EAAoByB,EAApBzB,gBAEN3X,GAFqB,EAQnB6G,GANF7G,SACAuX,EAAY,EAAZA,aACA6N,EAAe,EAAfA,gBACA9J,EAAW,EAAXA,YACA+J,EAAI,EAAJA,KACA9J,EAAM,EAANA,OAAM,SAEoBpP,EAAWjP,MAAM0a,sBAAsB,CACjED,gBAAAA,EACA3X,SAAAA,EACAuX,aAAAA,EACA6N,gBAAAA,EACA9J,YAAAA,EACAC,OAAAA,GACC8J,GAAK,OAPW,OAAbC,EAAgB,EAAH,uBAQZA,EAActiB,QAAM,4CAC5B,+BAEcuiB,EAAa,EAAD,+CAuE1B,OAvE0B,gCAA3B,WAA4BpZ,EAAkC/c,GAAa,2GAwBxE,GAtBCmB,EAIEnB,EAJFmB,QACA6oB,EAGEhqB,EAHFgqB,YACA2F,EAEE3vB,EAFF2vB,SACAzvB,EACEF,EADFE,OAEMsoB,EAA0BrnB,EAA1BqnB,sBACJ4N,GAAqB,EACrBC,GAAyB,EACzBC,GAAqB,EAQrBtM,IACFoM,KAAwBpM,EAAYtB,oBAAqBsB,EAAYC,QACrEyE,GAAkB,EAAA6H,EAAAA,oBAAmBvM,GACrCwM,GAAiB,EAAAC,EAAAA,mBAAkB1Z,EAAYiN,EAAa7oB,EAAQyf,sBACpEqR,GAAW,EAAAyE,EAAAA,yBAAwB1M,EAAa7oB,GAChDyuB,GAAW,EAAAC,EAAAA,oBAAmB7F,KAG5B4F,EAAU,CAAF,gBACV1vB,EAASs1B,EAAAA,UAAUmB,SAMbC,EAAaz2B,OAAOyJ,KAAKogB,EAAa7F,SAAS5gB,OAAS,EACxDszB,IAAc5E,EAAS1tB,MAAK,SAAAoH,GAAG,MAAkB,UAAdA,EAAImrB,KAAiB,IACnCF,GAAeC,IAAgD,IAAnC7M,EAAatB,kBAKlE0N,IAAuBQ,EAHvBP,GAAyB,EAM3BC,GAAqB,EAAM,4BAClB3G,EAAU,CAAF,gBACjBzvB,EAASs1B,EAAAA,UAAUuB,SACnBV,GAAyB,EAAK,2BACrBrM,UAAAA,EAAazB,gBAAe,iBACS,GAA9CA,EAAkByB,EAAYzB,iBACA,IAA1BC,EAA+B,iBACjCtoB,EAASs1B,EAAAA,UAAUwB,QACnBX,GAAyB,EAAM,yCAEhBN,EAAUhZ,EAAY/c,GAAK,QAA1C4T,EAAS,EAAH,KACN1T,EAASs1B,EAAAA,UAAUwB,QACnBX,GAAyB,EAAK,wCAI7Br2B,GAAI,IACPE,OAAAA,EACAqoB,gBAAAA,EACA3U,OAAAA,EACAwiB,mBAAAA,EACAC,uBAAAA,EACAC,mBAAAA,EACA5H,gBAAAA,EACA8H,eAAAA,EACAvE,SAAAA,EACArC,SAAAA,KAAQ,6CAEX,sBAEwB,aAuExB,OAvEwB,gCAAlB,WACL7S,GAAgC,+IAQQ,OALpC/c,EAAgB,CAClBmB,QAHFA,EAAsB,EAAH,6BAAG,CAAC,EAIrBoQ,OAAQ+jB,EAAiBn0B,IAG3BnB,EAAOu1B,EAAexY,EAAY/c,GAAM,SAC3B01B,EAAsB3Y,EAAY/c,GAAK,OAAhD,OAAJA,EAAO,EAAH,cACS61B,EAAqB9Y,EAAY/c,GAAK,OAA/C,OAAJA,EAAO,EAAH,eACSm2B,EAAapZ,EAAY/c,GAAK,QAsC+C,OAtC1FA,EAAO,EAAH,KAGFgqB,GAHE,EAgBAhqB,GAbFgqB,YACAvS,EAAI,EAAJA,KACA2e,EAAkB,EAAlBA,mBACAC,EAAsB,EAAtBA,uBACAC,EAAkB,EAAlBA,mBACAp2B,EAAM,EAANA,OACAwuB,EAAe,EAAfA,gBACA8H,EAAc,EAAdA,eACA5iB,EAAM,EAANA,OACA2a,EAAQ,EAARA,SACA0D,EAAQ,EAARA,SACAnjB,EAAK,EAALA,MACAyZ,EAAe,EAAfA,gBAGE8N,EACFtZ,EAAWgH,mBAAmB4R,MAAM,CAAEW,mBAAAA,MAItC,EAAAlQ,EAAAA,qBAAoBrJ,EAAY,EAAF,GAAOtF,IAEjC2e,IAEmB3V,GAFC,EAEqCuJ,GAAnD4B,YAA6BlD,EAAiB,EAAjBA,kBACrC3L,EAAWgH,mBAAmBkT,gBAAgB,CAC5CxW,eAAAA,EACAiI,kBAAAA,EACAhI,YAAiC,QAAtB,EAAEsJ,EAAaM,eAAO,aAApB,EAAsB5J,YACnCC,kBAAmBlJ,aAAI,EAAJA,EAAMkJ,sBAMvBwD,GAHP,EAG8F6F,GAAe,CAAC,GAAvG7F,QAASmG,EAAO,EAAPA,QAASkB,EAAe,EAAfA,gBAAiB5G,EAAO,EAAPA,QAASgH,EAAW,EAAXA,YAAalD,EAAiB,EAAjBA,kBAAmBuB,EAAM,EAANA,OAAM,qCAExF/pB,OAAQA,GACJuX,GAAQ,CAAEA,KAAAA,IACViX,GAAmB,CAAEA,gBAAAA,IACrB8H,GAAkB,CAAEA,eAAAA,IACpB5iB,GAAU,CAAEA,OAAAA,IACZ2a,GAAY,CAAEA,SAAAA,IACd0D,GAAYA,EAAS1uB,QAAU,CAAE0uB,SAAAA,IACjCnjB,GAAS,CAAEA,MAAAA,IACXmb,GAAU,CAAEA,OAAAA,IAAQ,IACxB1B,gBAAAA,EAGApE,QAASA,EACTmG,QAASA,EACTkB,gBAAiBA,EACjB5G,QAASA,EACTgH,YAAaA,EACblD,kBAAAA,KAAiB,4CAEpB,6FC3W2B,SAGW,GAAD,2EAHtC,UAA4B,2kBAGU,aAWrC,OAXqC,gCAA/B,WACL3L,GAAgC,yFAIM,OAHtC5b,EAAwB,EAAH,6BAAG,CAAC,EAGzB4b,EAAWgH,mBAAmB4R,QAAQ,mBAE/B,EAAAxU,EAAAA,KAAIpE,EAAY,EAAF,CACnByL,uBAAuB,GACpBrnB,KACH,2CACH,oGCjBM,WAGL,OAAO,SAAP,0BALgD,IAKhD,GALgD,EAKhD,EALgD,kbAO9C,WAAY+1B,EAA8C1sB,EAA8B/I,GAA0B,wCAC1Gy1B,EAAuB1sB,EAAe/I,EAC9C,CAqDC,OArDA,mDAKD,SAAsBN,GACpB,IAAIO,EACJ,IAAI,EAAA2Y,EAAAA,aAEF,IACE3Y,EAAU3B,KAAK0B,YAAYwG,iBAAiB,SAAU9G,EACxD,CAAE,MAAO6D,IAGP,EAAA2D,EAAAA,MAAK,0IACP,KACK,CAEL,IAAMwuB,EAAqBp3B,KAAKq3B,sBAAsBj2B,GAClDg2B,IACFz1B,EAAU,CACR0H,QAAS,SAACzF,GACR,IAAMsqB,EAAckJ,EAAmBhY,aACvC,OAAI8O,GAAeA,EAAYtqB,GACtBsqB,EAAYtqB,GAEd,IACT,EACA0F,QAAS,SAAC1F,EAAKitB,GACb,IAAM3C,EAAckJ,EAAmBhY,aACvC,IAAK8O,EACH,MAAM,IAAIltB,EAAAA,QAAa,yDAEzBktB,EAAYtqB,GAAOitB,EACnBuG,EAAmB7W,WAAW2N,EAChC,EACAxkB,WAAY,SAAC9F,GACX,IAAMsqB,EAAckJ,EAAmBhY,aAClC8O,WAGEA,EAAYtqB,GACnBwzB,EAAmB7W,WAAW2N,GAChC,GAGN,CAEA,OAAKvsB,EAIE,IAAI21B,EAAAA,YAAY31B,EAAS41B,EAAAA,2BAHvB,IAIX,KAAC,EAzDI,EADoB,EAAAC,EAAAA,4BA4D7B,uEAtEA,UACA,UACA,UAEA,SACA,SACA,qFCiGO,SAA+Bxa,GACpCA,EAAWgH,mBAAmB4R,OAChC,6EAvBC,SAEwC,EAAD,+DAzCjC,SACL5Y,EACA5b,GAEA,IAAMq2B,EAAYvR,EAAwBlJ,EAAY5b,GACtD,QAAIq2B,UAAAA,EAAW7W,kBAIjB,0HA+CO,SAA8B5D,EAAkCtF,GACrEsF,EAAWgH,mBAAmB0T,KAAKhgB,EAAM,CAAEigB,aAAa,GAC1D,6CAzFA,SACA,UAA+D,olBAGzCxR,EAAsB,GAAD,4CAyB1C,OAzB0C,gCAApC,WACLnJ,GAAgC,yHACO,OAAvC5b,EAAqC,EAAH,6BAAG,CAAC,EAAC,SAEb4b,EAAWjP,MAAM6pB,mBAAmBx2B,GAAQ,OAkB3D,OAlBLy2B,EAAc,EAAH,KACXC,GAAW,EAAAC,EAAAA,iBAAgB/a,EAAY6a,GAAY,SAQhD7a,EAAW5b,SAAYA,GAAO,IANrCigB,KAAAA,OAAI,IAAG,YAAS,MAChBhgB,gBAAAA,OAAe,IAAG,GAAI,MACtBkrB,gBAAAA,OAAe,IAAG,OAAArsB,EAAS,MAC3BssB,cAAAA,OAAa,IAAG,OAAAtsB,EAAS,MACzBusB,OAAAA,OAAM,IAAG,OAAAvsB,EAAS,MAClBwsB,UAAAA,OAAS,IAAG,OAAAxsB,EAAS,EAGjBwX,EAA2B,EAAH,KACzBogB,GAAQ,IACXzW,KAAAA,EACAhgB,gBAAAA,EACAkrB,gBAAAA,EACAC,cAAAA,EACAC,OAAAA,EACAC,UAAAA,IAAS,kBAEJhV,GAAI,2CACZ,wBAcM,SAASwO,EACdlJ,EACA5b,GAIA,IAAIq2B,EAFJr2B,GAAU,EAAAgG,EAAAA,YAAWhG,GACrBA,EAAU,EAAH,KAAQ4b,EAAW5b,SAAYA,GAEtC,IACEq2B,EAAYza,EAAWgH,mBAAmBC,KAAK7iB,EACjD,CAAE,MAAO6D,GAET,CAEA,GAAKwyB,EAIL,OAAIlR,EAAuBkR,EAAWr2B,GAC7Bq2B,OAMT,EAAA7uB,EAAAA,MAAK,8HAGP,CAEwC,aAavC,OAbuC,gCAAjC,WACLoU,EACA5b,GAAmC,6EAKmC,GAHtEA,GAAU,EAAAgG,EAAAA,YAAWhG,GACrBA,EAAU,EAAH,KAAQ4b,EAAW5b,SAAYA,KAEhC42B,EAAoB9R,EAAwBlJ,EAAY5b,IACvC,CAAF,wCACZ42B,GAAiB,gCAGnB7R,EAAsBnJ,EAAY5b,IAAQ,4CAClD,sBAUM,SAASmlB,EAAwB7O,GAAyD,IAAnDtW,EAAkC,uDAAI,CAAC,EAYnF,OAA8D,IAA1D62B,EAAiCvgB,EAAMtW,EAV9B,CACX,SACA,WACA,cACA,QACA,gBACA,sBACA,kBACA,oBAQgD,IAA9C82B,EAA8BxgB,EADjBtW,EAATigB,KAMV,CAEO,SAAS6W,EAA8BxgB,EAAM2J,GAGlD,QAD2BA,GAAiB,YAATA,GAA+B,YAATA,IAEnDA,IAAS3J,EAAK2J,IAMtB,CAEO,SAAS4W,EAAiCvgB,EAAMtW,EAASyI,GAS9D,OANiBA,EAAK4H,MAAK,SAAA7N,GACzB,IAAM2F,EAAQnI,EAAQwC,GACtB,GAAI2F,GAASA,IAAUmO,EAAK9T,GAC1B,OAAO,CAEX,GAEF,uCCjGY6xB,EAQAvU,EAmDA0N,uEAsCL,SAAyB3rB,GAC9B,OAAOA,IAAQA,EAAIW,KAAOX,EAAI0gB,GAChC,EAnGqB,uBAAT8R,GAAAA,EAAS,kBAATA,EAAS,kBAATA,EAAS,kBAATA,EAAS,oBAATA,EAAS,qBAATA,IAAS,YAATA,EAAS,KAQO,8BAAhBvU,GAAAA,EAAgB,8BAAhBA,EAAgB,wBAAhBA,EAAgB,4BAAhBA,EAAgB,kCAAhBA,EAAgB,sCAAhBA,EAAgB,0BAAhBA,EAAgB,qBAAhBA,IAAgB,mBAAhBA,EAAgB,KAmDN,wBAAV0N,GAAAA,EAAU,qCAAVA,EAAU,8BAAVA,EAAU,0BAAVA,EAAU,iCAAVA,IAAU,aAAVA,EAAU,qCCwHf,SAASnO,EAAiBxd,GAC/B,OAAOA,GAAOA,EAAI6Z,OACpB,iBAgCO,SAAuB7Z,GAC5B,OAAOA,GAAOwd,EAAiBxd,EAAI4oB,YACrC,0DCrQA,oLACA,oLAeA,oLAKA,2SCZiB,SAEmB,GAAD,2EAXnC,UACA,UACA,UACA,UACA,UAKiB,2kBAEkB,aAgBlC,OAhBkC,gCAA5B,WACL7O,GAAgC,6FAED,IAFG5b,EAAgC,EAAH,6BAAG,CAAC,GAE3DigB,KAAO,iBAGV,EAAAoN,EAAAA,2BAA0BzR,GAAa,CAAF,gCACN,EAAAsI,EAAAA,kBAAiBtI,EAAY,EAAF,KAAO5b,GAAO,IAAEstB,eAAe,KAAQ,OAA7E,GAA6E,WAA5FC,EAAe,EAAfA,kBACgBA,EAAgBP,SAASQ,EAAAA,WAAWuJ,gBAAe,sBACnE,IAAIn3B,EAAAA,aACR,yFACD,iCAIE,EAAAogB,EAAAA,KAAIpE,EAAY,EAAF,GAAO5b,KAAU,4CACvC,qICoKM,SACL6oB,EACAmO,EACA5mB,GAEA,IACM2R,GADe8G,EAAYwB,iBAAmB,IACnBjnB,MAAK,SAAA0wB,GAAC,OAAIA,EAAE5wB,OAAS8zB,CAAe,IACrE,OAAKjV,EAOwBA,EAAY5Z,MAAOmM,QAAO,SAAC3V,EAAKovB,GAC3D,IAAQ7qB,EAAgB6qB,EAAhB7qB,KAAMiF,EAAU4lB,EAAV5lB,MAMd,OAJExJ,EAAIuE,GADO,gBAATA,EACUiF,EAEAiI,EAAOlN,GAEdvE,CACT,GAAG,CAAC,KAbF,EAAA6I,EAAAA,MAAI,uCAAiCwvB,EAAe,qCAC7C5mB,EAcX,sBAnFO,SACLwL,EACAiN,EACApJ,GAEA,IAWmD,EAX7C9gB,EAAkB,GAElBs4B,EAAuDj4B,OAAOoR,OAAO8mB,EAAIlT,aAC5E1P,QAAO,SAACwF,EAAKqd,GAKZ,OAHIA,EAAgBH,kBAClBld,EAAIqd,EAAgBH,iBAAmBG,GAElCrd,CACT,GAAG,CAAC,GAAG,IAEe+O,EAAYwB,iBAAe,IAAnD,IAAK,EAAL,qBAAqD,KAA5CtI,EAAW,QACZqV,EAAIC,EAAmBtV,EAAa,CAAEtC,qBAAAA,EAAsBuE,YAAaiT,IAC/E,GAAIG,EAAG,CACL,IAAMnJ,EAAyB,IAAImJ,EAAErV,GACrCpjB,EAAI0D,KAAM4rB,EAAWe,YAAYpT,EAAYiN,EAAYM,SAC3D,CACF,CAAC,+BAED,IAFC,iBAEI,IAGK,EAHEjmB,GAAP,qBAAW,GACVo0B,EAAU,CACZp0B,KAAAA,EACA8kB,QAAM,gCAAE,WAAOrkB,GAAO,gGACbiY,EAAW2H,IAAIE,QAAQ,CAC5BT,QAAS,CAAC,CAAE9f,KAAAA,EAAMS,OAAAA,OAClB,2CACH,8CAEH,GAAIT,EAAKq0B,WAAW,wBAAyB,OAC3C,GAAuB,EAAAC,EAAAA,QAAOt0B,EAAM,KAAI,qBAAjCu0B,EAAK,KAAEC,EAAK,KACbC,EAAY9O,EAAY4B,YAAYgN,GAAOtvB,MAAMuvB,GAQlD7E,GACD8E,EANFp0B,KAMEo0B,EALF/d,OAKE+d,EAJFtO,IAIEsO,EAHFhP,QAGEgP,EAFF/E,UACO,aACL+E,EAAS,IAEPxvB,EAAuB,QAAlB,EAAGwvB,EAAUxvB,aAAK,aAAf,EAAiBihB,QAAO,SAAAxK,GAAI,MAAkB,gBAAdA,EAAK1b,IAAsB,IACzEo0B,EAAU,EAAH,OACFzE,GACC1qB,GAAS,CAAEA,MAAAA,IACZmvB,EAEP,CACA34B,EAAI0D,KAAKi1B,EAAS,EA7BpB,MAAqBt4B,OAAO0R,QAASmY,EAAY7F,SAAW,CAAC,GAAG,eAAE,IAgClE,OAAOrkB,CACT,uBAhFO,SAA4BkqB,GACjC,IAAMlqB,EAAM,GACJqkB,EAA6B6F,EAA7B7F,QAASqH,EAAoBxB,EAApBwB,gBAkBjB,OAhBIrH,EAAQ,iCACVrkB,EAAI0D,KAAKmrB,EAAAA,WAAWoK,mBAGlBvN,EAAgBha,MAAK,YAAO,MAAgB,0BAAhB,EAAJnN,IAA2C,KACrEvE,EAAI0D,KAAKmrB,EAAAA,WAAWC,cAGlBpD,EAAgBha,MAAK,YAAO,MAAgB,iBAAhB,EAAJnN,IAAkC,KAC5DvE,EAAI0D,KAAKmrB,EAAAA,WAAWqK,YAGlBxN,EAAgBha,MAAK,YAAO,MAAgB,mBAAhB,EAAJnN,IAAoC,KAC9DvE,EAAI0D,KAAKmrB,EAAAA,WAAWuJ,gBAGfp4B,CACT,yBAzGO,SAA8B+nB,GAAkE,IAAlCzG,EAAuB,UAAH,6CAAG,UAC1F,OAAOiX,EAAInU,qBAAqB2D,EAAUzG,EAC5C,8HAiRO,SACLrE,EACAiN,GAEqB,IADrB7oB,EAAU,UAAH,6CAAG,CAAC,EAELyuB,EAAWC,EAAmB7F,GAC9BiI,EAAWyE,EAAwB1M,EAAa7oB,GACtD,GAAIyuB,EACF,MAAO,CAAE5F,YAAAA,EAAa4F,SAAAA,EAAUqC,SAAAA,GAEhC,IAAM7C,EAAaC,EAAcrF,EAAa,CAAC,EAAG7oB,GAC5CotB,EAAWa,GAAce,EAAYpT,EAAYqS,EAAYpF,GACnE,OAAO,EAAP,CACEA,YAAAA,EACAiI,SAAAA,GACI1D,GAAY,CAAEA,SAAAA,GAIxB,6CA1SO,SAA2B0K,GAChC94B,OAAOC,OAAOi4B,EAAKY,EACrB,kFApCA,SAEA,UACA,UASiB,ioDAQjB,IAAMZ,EAGF,CAEFlT,YAAa,CAAC,EACdjB,qBAAsB,SAASgV,GAC7B,MAAO,CACL/T,YAAa,CAAC,EAElB,GAYK,SAAS0K,EAAmB7F,GACjC,IAAQwB,EAAqCxB,EAArCwB,gBAAiBjD,EAAoByB,EAApBzB,gBACzB,OAAQiD,EAAgBjoB,SAAWglB,CACrC,CAEO,SAAS4Q,EAAUnP,GACxB,OAAOA,EAAYwB,gBAAgBha,MAAK,YAAO,MAAgB,SAAhB,EAAJnN,IAA0B,GACvE,CAEO,SAAS+0B,EAAYpP,GAC1B,OAAO7pB,OAAOyJ,KAAKogB,EAAY7F,SAAS3S,MAAK,SAAAyd,GAAU,OAAIA,EAAWd,SAAS,SAAS,GAC1F,CAEO,SAASkL,EACd/vB,GAEA,GAAKA,GAAUpG,MAAMC,QAAQmG,GAG7B,OAAOA,EAAMmM,QAAO,SAACwc,EAAU3oB,GAI7B,GAHIA,EAAM2oB,WACRA,EAAW,GAAH,qBAAOA,IAAQ,aAAK3oB,EAAM2oB,SAAS3oB,SAEzCA,EAAMqY,KAAM,CACd,IAAM2X,EAAmBD,EAAmC/vB,EAAMqY,KAAKrY,QAAU,GACjF2oB,EAAW,GAAH,qBAAOA,IAAQ,aAAKqH,GAC9B,CACA,GAAIhwB,EAAMnI,QAAS,CACjB,IAAIo4B,EAAe,GACnBjwB,EAAMnI,QAAQ0I,SAAQ,SAAA+Z,GACfA,EAAOta,OAAiC,iBAAjBsa,EAAOta,QAGnCiwB,EAAe,GAAH,qBAAOA,GAAY,CAAE3V,EAAOta,QAC1C,IACA,IAAMkwB,EAAsBH,EAAmCE,IAAiB,GAChFtH,EAAW,GAAH,qBAAOA,IAAQ,aAAKuH,GAC9B,CACA,OAAOvH,CACT,GAAG,GACL,CAEO,SAASyE,EAAwB1M,EAA0B7oB,GAAmC,MAC/F8wB,EAAyB,GACrBrG,EAAiC5B,EAAjC4B,YAAaJ,EAAoBxB,EAApBwB,gBAGfiO,EAAqC,QAAvB,EAAG7N,EAAYqG,gBAAQ,aAApB,EAAsB3oB,MAAM2R,KAAI,SAAAvD,GAAO,OAAIA,CAAO,IAQzE,GAPI+hB,IACFxH,EAAW,GAAH,qBAAOA,IAAQ,aAAKwH,MAMzBt4B,EAAQyf,qBAAsB,KACM,EADN,IACT4K,GAAe,IAAvC,IAAK,EAAL,qBAAyC,KACjCkO,EAAgBL,EADJ,QACmD/vB,OACjEowB,IACFzH,EAAW,GAAH,qBAAOA,IAAQ,aAAKyH,IAEhC,CAAC,+BACH,CAGA,IAAMC,EAAO,CAAC,EAWd,OAVW1H,EAASxc,QAAO,SAACmkB,EAAUliB,GAAY,MAC1C/T,EAAkB,QAAf,EAAG+T,EAAQmiB,YAAI,aAAZ,EAAcl2B,IAC1B,OAAIA,GAAOg2B,EAAKh2B,IAAQ+T,EAAQA,UAAYiiB,EAAKh2B,GAAK+T,QAC7CkiB,GAETD,EAAKh2B,GAAO+T,EACZkiB,EAAW,GAAH,qBAAOA,GAAQ,CAAEliB,IAE3B,GAAG,GAGL,CA+GA,SAAS8gB,EAAmBtV,EAA6B/hB,GACvD,IAAQyf,EAAsCzf,EAAtCyf,qBAAsBuE,EAAgBhkB,EAAhBgkB,YAE9B,GAAKjC,EAIL,OAAItC,EACKkT,EAAAA,kBAIF3O,EAAajC,EAAY7e,KAClC,CAIO,SAASgrB,EACdrF,EACAzY,EACApQ,GAGA,IAIIiuB,EAJEjK,EAAchkB,EAAQgkB,YACtBvE,EAAuBzf,EAAQyf,qBACbkZ,EAA4B9P,EAA7CwB,gBAAkClB,EAAWN,EAAXM,QAIzC,IAAInpB,EAAQ2uB,KAAZ,CAaA,IAAMiK,EAAqC,GAC3C,GAAInZ,EAEFmZ,EAAqBv2B,KAAK,IAAIswB,EAAAA,kBAAkBgG,EAAgB,GAAIvoB,EAAQpQ,QACvE,KACkC,EADlC,IACmB24B,GAAe,IAAvC,IAAK,EAAL,qBAAyC,KAAhC5W,EAAW,QAElB,GAD2B/iB,OAAOyJ,KAAKub,GAAuBgJ,SAASjL,EAAY7e,MACnF,CAOA,IADA+qB,EAAa,IADHoJ,EAAmBtV,EAAa/hB,GAC7B,CAAM+hB,EAAa3R,EAAQpQ,IACzB+uB,aAAa5F,GAE1B,OAAO8E,EAIT2K,EAAqBv2B,KAAK4rB,EAX1B,CAYF,CAAC,+BACH,CAEA,OAAO2K,EAAqB,EA1B5B,CATE,IAAM7W,EAAc4W,EAAgBv1B,MAAK,YAAO,SAAJF,OAAoBlD,EAAQ2uB,IAAI,IAC5E,GAAI5M,EAAa,CACf,IAAMqV,EAAIC,EAAmBtV,EAAa/hB,GAC1C,OAAOo3B,EAAI,IAAIA,EAAErV,EAAa3R,EAAQpQ,QAAWlB,CACnD,EAEE,EAAA0I,EAAAA,MAAI,gBAAUxH,EAAQ2uB,KAAI,oCA8BhC,CAGO,SAASK,EACdpT,EAAkCqS,EAAwBpF,GAE1D,IAAMuE,EAAWa,EAAWe,YAAYpT,EAAYiN,EAAYM,SAC1D0P,EAAUb,EAAUnP,GACpBiQ,EAAYb,EAAYpP,GAC9B,OAAO,EAAP,OACKuE,GACCyL,GAAW,CAACA,QAAAA,IACZC,GAAa,CAACA,UAAAA,GAEtB,4KC3SA,UAAwE,2kBASxE,IAAMC,EAAyB,WAAuD,IAC9Eze,EAA+C,GASrD,OAV6E,UAAH,6CAAG,IAEpD5R,SAAQ,SAACswB,GACR,aAApBA,EAAYx2B,KACd8X,EAAYjY,KAAK,CACf8B,KAAM,aACNoe,IAAI,EAAA0W,EAAAA,mBAAkBD,EAAYE,eAGxC,IACO5e,CACT,EAsBE,iCAlB4C,SAC5C6e,EAAgCrH,GAEhC,MAAO,CACLsH,UAAW,CACTC,GAAIF,EAAeE,GACnBC,KAAM,CACJ/W,IAAI,EAAA0W,EAAAA,mBAAkBE,EAAeG,KAAK/W,IAC1Crf,KAAMi2B,EAAeG,KAAKp2B,KAC1Bq2B,YAAaJ,EAAeG,KAAKC,aAEnCC,WAAW,EAAAP,EAAAA,mBAAkBE,EAAeK,WAC5CC,iBAAkBN,EAAeM,iBACjC/X,YAAayX,EAAezX,YAC5BgY,uBAAwBP,EAAeO,uBACvCC,mBAAoBZ,EAAuBjH,IAGjD,EAgBE,gCAX2C,SAC3C1P,EAA8B0P,GAE9B,MAAO,CACLsH,UAAW,EAAF,CACPI,WAAW,EAAAP,EAAAA,mBAAkB7W,EAAcoX,WAC3CI,iBAAkBxX,EAAcwX,iBAChCC,iBAAkBd,EAAuBjH,IACrC1P,EAAc0X,MAAQ,CAAEA,KAAM1X,EAAc0X,OAGtD,EAcE,iBAV4B,SAACC,GAC7B,IAAMxf,EAAWwf,EAAWxf,SAI5B,MAAO,CACLgI,GAJSwX,EAAWxX,GAKpBd,YAJiB,EAAAuY,EAAAA,mBAAkBzf,EAAS0f,gBAK5CvY,aAJkB,EAAAsY,EAAAA,mBAAkBzf,EAAS2f,mBAMjD,EAgBE,eAZ0B,SAACH,GAC3B,IAAMxf,EAAWwf,EAAWxf,SAK5B,MAAO,CACLgI,GALSwX,EAAWxX,GAMpBd,YALiB,EAAAuY,EAAAA,mBAAkBzf,EAAS0f,gBAM5CpY,mBALwB,EAAAmY,EAAAA,mBAAkBzf,EAASsH,mBAMnDC,eALoB,EAAAkY,EAAAA,mBAAkBzf,EAASpE,WAOnD,qCCrFA,oLACA,oLACA,oLACA,gWCPwD,4BAXxD,SAEA,UASagkB,GAA2C,gCAAG,WACzDzT,EACA1mB,GAAQ,8FAEkB,EAAAo6B,EAAAA,aAAwC1T,EAAU,CAC1E3mB,IAAK,wBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrB2sB,EAAAA,kBAAiB,OAJH,OAAXvN,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVuD,sCAUtD,cAKK,IAA8C,EAAxCwN,GAAwC,gCAAG,WACtD5T,EACA1mB,GAAO,mFAEgB,OAAfuiB,GAFD,EAEqBviB,GAApBuiB,GAAI7U,EAAW,EAAXA,YAAW,UACG,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,GAC9B3I,OAAQ,MACRlM,YAAAA,GACC2sB,EAAAA,kBAAiB,OAJH,OAAXvN,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXoD,sCAWnD,aAKK,IAA8C,EAAxCyN,GAAwC,gCAAG,WACtD7T,EACA1mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAokB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,wBACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACC2sB,EAAAA,kBAAiB,OALH,OAAXvN,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZoD,sCAYnD,aAKK,IAAgD,EAA1C0N,GAA0C,gCAAG,WACxD9T,EACA1mB,GAAO,mFAEgB,OAAfuiB,GAFD,EAEqBviB,GAApBuiB,GAAI7U,EAAW,EAAXA,YAAW,UACG,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,GAC9B3I,OAAQ,SACRlM,YAAAA,IACA,OAJe,OAAXof,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsD,sCAWrD,gBAKK,IAAiE,EAA3D2N,GAA2D,gCAAG,WACzE/T,EACA1mB,GAAO,mFAEgB,OAAfuiB,GAFD,EAEqBviB,GAApBuiB,GAAI7U,EAAW,EAAXA,YAAW,UACG,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,EAAE,cAChC3I,OAAQ,OACRlM,YAAAA,GACCgtB,EAAAA,2BAA0B,OAJZ,OAAX5N,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXuE,sCAWtE,uBAKK,IAAgE,EAA1D6N,GAA0D,gCAAG,WACxEjU,EACA1mB,GAAO,qFAEkC,OAAjC46B,GAFD,EAEuC56B,GAAtC46B,QAASC,EAAW,EAAXA,YAAantB,EAAW,EAAXA,YAAW,UACf,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2B66B,EAAO,sBAAcC,GACnDjhB,OAAQ,OACRlM,YAAAA,GACCgtB,EAAAA,2BAA0B,OAJZ,OAAX5N,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsE,sCAWrE,sBAKK,IAAyD,EAAnDgO,GAAmD,gCAAG,WACjEpU,EACA1mB,GAAO,uFAE2C,OAA1C46B,GAFD,EAEgD56B,GAA/C46B,QAASC,EAAW,EAAXA,YAAa7kB,EAAO,EAAPA,QAAStI,EAAW,EAAXA,YAAW,UACxB,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2B66B,EAAO,sBAAcC,EAAW,WAC9DjhB,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXof,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ+D,sCAY9D,sFC1GK,SAQLtb,EACA1L,EACAsS,GAIA,IAAMwL,GAAO,EAAAC,EAAAA,oBAA4BrS,EAA2B1L,EAAoBsS,GAExF,OADsB,EAAAK,EAAAA,gBAAwBmL,EAEhD,EAtBA,cAEA,4CCGA,oLACA,oLACA,oLACA,gQCJO,SAQN1iB,GAEC,OAAO,SAAP,0BAZwC,IAYxC,GAZwC,EAYxC,EAZwC,kbAgBtC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAQR,OAPT,+BAASA,KAAM,kDAEf,EAAKs7B,UAAY/7B,OAAO0R,QAAQsqB,GAC7B5R,QAAO,YAAO,MAAgB,aAAvB,kBAAO,EAAyB,IACvC9U,QAAO,SAACua,EAAK,GAAe,yBAAd3rB,EAAI,KAAEoB,EAAE,KAErB,OADAuqB,EAAI3rB,GAASoB,EAAW5D,KAAK,MAAM,EAAF,eAC1BmuB,CACT,GAAG,CAAC,GAAG,CACX,CAAC,uBAbI,CAAgC3tB,EAezC,8GA3BA,EAA0C,qbAA1C,UAA0C,6PCAiB,4BAV3D,SAEA,UAQa+5B,GAA8C,gCAAG,WAC5DvU,EACA1mB,GAAO,8FAEmB,EAAAo6B,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,0BACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrBwtB,EAAAA,qBAAoB,OAJN,OAAXpO,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAV0D,sCAUzD,gBAKK,IAAuD,EAAjDqO,GAAiD,gCAAG,WAC/DzU,EACA1mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAokB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,0BACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACCwtB,EAAAA,qBAAoB,OALN,OAAXpO,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,mBAKK,IAAuD,EAAjDsO,GAAiD,gCAAG,WAC/D1U,EACA1mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAokB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,0BACL6Z,OAAQ,MACR5D,QAAAA,EACAtI,YAAAA,GACCwtB,EAAAA,qBAAoB,OALN,OAAXpO,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,mBAKK,IAAmD,EAA7CuO,GAA6C,gCAAG,WAC3D3U,EACA1mB,GAAQ,8FAEkB,EAAAo6B,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,0BACL6Z,OAAQ,SACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,cACtB,OAJe,OAAXof,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVyD,sCAUxD,2KC3DsD,4BAVxD,SAEA,UAQawO,GAA2C,gCAAG,WACzD5U,EACA1mB,GAAQ,8FAEkB,EAAAo6B,EAAAA,aAAwC1T,EAAU,CAC1E3mB,IAAK,wBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrB6tB,EAAAA,kBAAiB,OAJH,OAAXzO,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVuD,sCAUtD,cAKK,IAA8C,EAAxC0O,GAAwC,gCAAG,WACtD9U,EACA1mB,GAAO,mFAEgB,OAAf0N,GAFD,EAEqB1N,GAApB0N,YAAa6U,EAAE,EAAFA,GAAE,UACG,EAAA6X,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,GAC9B3I,OAAQ,MACRlM,YAAAA,GACC6tB,EAAAA,kBAAiB,OAJH,OAAXzO,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXoD,sCAWnD,aAKK,IAA8C,EAAxC2O,GAAwC,gCAAG,WACtD/U,EACA1mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAokB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,wBACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACC6tB,EAAAA,kBAAiB,OALH,OAAXzO,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZoD,sCAYnD,aAKK,IAAgD,EAA1C4O,GAA0C,gCAAG,WACxDhV,EACA1mB,GAAO,mFAEgB,OAAfuiB,GAFD,EAEqBviB,GAApBuiB,GAAI7U,EAAW,EAAXA,YAAW,UACG,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,GAC9B3I,OAAQ,SACRlM,YAAAA,IACA,OAJe,OAAXof,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsD,sCAWrD,gBAKK,IAAuD,EAAjD6O,GAAiD,gCAAG,WAC/DjV,EACA1mB,GAAO,qFAEyB,OAAxB0N,GAFD,EAE8B1N,GAA7B0N,YAAa6U,EAAE,EAAFA,GAAIvM,EAAO,EAAPA,QAAO,UACN,EAAAokB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,EAAE,cAChC3I,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXof,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,uBAKK,IAAyD,EAAnD8O,GAAmD,gCAAG,WACjElV,EACA1mB,GAAO,qFAEyB,OAAxBuiB,GAFD,EAE8BviB,GAA7BuiB,GAAIvM,EAAO,EAAPA,QAAStI,EAAW,EAAXA,YAAW,UACN,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBAAF,OAA2BwiB,EAAE,WAChC3I,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXof,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ+D,sCAY9D,qIC7FuD,4BAVzD,SAEA,UAQa+O,GAA4C,gCAAG,WAAOnV,EAAU1mB,GAAQ,8FACzD,EAAAo6B,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrBouB,EAAAA,oBAAmB,OAJL,OAAXhP,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAPwD,sCAOvD,eAKK,IAAqD,EAA/CiP,GAA+C,gCAAG,WAC7DrV,EACA1mB,GAAO,mFAEqB,OAApBgW,GAFD,EAE0BhW,GAAzBgW,QAAStI,EAAW,EAAXA,YAAW,UACF,EAAA0sB,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,yBACL6Z,OAAQ,MACR5D,QAAAA,EACAtI,YAAAA,GACCouB,EAAAA,oBAAmB,OALL,OAAXhP,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ2D,sCAY1D,kBAKK,IAA8D,EAAxDkP,GAAwD,gCAAG,WACtEtV,EACA1mB,GAAQ,8FAEkB,EAAAo6B,EAAAA,aAAY1T,EAAU,CAC9C3mB,IAAK,gCACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrBuuB,EAAAA,0BAAyB,OAJX,OAAXnP,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVoE,sCAUnE,kGC4CK,SAAmC,GASxC,IADwB,IANtBpG,EAAQ,EAARA,SACAhZ,EAAW,EAAXA,YACAwuB,EAAU,EAAVA,WACAC,EAAK,EAALA,MAEFC,EAAuC,UAAH,6CAAGC,EAAAA,QAAe,aAEjD,IAGD,EAHOziB,EAAM,KACf,GAAIA,EAAOa,gBAAkByhB,EAAY,CACvC,IAAMj5B,EAAOk5B,EAAMG,KACnB,MAAO,CAAP,mCAAQ,WAAOtmB,GAAQ,gGAAKokB,EAAyB1T,EAAU,CAC7DhZ,YAAAA,EACA3N,IAAKkD,EAAKM,KACVqW,OAAAA,EACA5D,QAAAA,GACComB,IAAiB,wFACtB,CAAC,EATH,MAAqB,CAAC,MAAO,OAAQ,MAAO,UAAS,eAAE,oDAUvD,CAEA,IAKA,EALMn5B,EAAOk5B,EAAMD,GACnB,IAAKj5B,EACH,MAAM,IAAIrD,EAAAA,aAAa,qCAAD,OAAsCs8B,IAG9D,uCAAQ,WAAOlmB,GAAQ,gGAAKokB,EAAyB1T,EAAU,CAC7DhZ,YAAAA,EACA3N,IAAKkD,EAAKM,KACVqW,OAAQ3W,EAAKI,MAAOC,MAAO,GAC3B0S,QAAAA,GACComB,IAAiB,sFACtB,0EA7HA,aAKA,UACA,UAAyC,olBAWnBhC,EAAW,iDAgEhC,OAhEgC,gCAA1B,WAKL1T,EACA1mB,GAA2B,uHAUyC,GATpEo8B,EAAuC,EAAH,6BAAGC,EAAAA,QAAe,EAIlD3V,EAASla,aAAagC,gBADX+tB,EAAc,EAA3B7uB,YAGI8uB,EAAUx8B,EAAQ0N,aAAe6uB,EACjCrgB,EAASwK,EAASrmB,kBAChBN,EAAyBC,EAAzBD,IAAK6Z,EAAoB5Z,EAApB4Z,OAAQ5D,EAAYhW,EAAZgW,QACfymB,EAAa18B,EAAIw3B,WAAWrb,GAAWnc,EAAM,GAAH,OAAMmc,GAAM,OAAGnc,GAE1Dy8B,EAAS,CAAF,qBACJ,IAAI58B,EAAAA,aAAa,+DAA8D,OASrD,GAN9B8N,EAAoC8uB,EAElCE,EAAkC,EAAH,CACnCh7B,QAAS,CAAE,OAAU,0BACrB3B,IAAK08B,EACL7iB,OAAAA,GACI5D,GAAW,CAAEvW,KAAMuW,KAGrB0Q,EAAS1mB,QAAQ28B,KAAM,CAAF,mBACI,iBAAhBjvB,EAAwB,uBAC3B,IAAI9N,EAAAA,aAAa,uDAAsD,yBAGzC8mB,EAASkW,4BAA4B,CACzEhjB,OAAAA,EACA7Z,IAAK08B,EACL/uB,YAAAA,IACA,iBAJMmvB,EAAa,EAAbA,cAAeC,EAAI,EAAJA,KAKvBJ,EAAYh7B,QAASm7B,cAAgBA,EACrCH,EAAYh7B,QAASo7B,KAAOA,EAAK,wBAGjCpvB,EAAqC,iBAAhBA,EAA2BA,EAAcA,EAAYA,YAC1EgvB,EAAYhvB,YAAcA,EAAY,0BAGtB,EAAAgP,EAAAA,aAAYgK,EAAUgW,GAAY,QAanD,OAbK/9B,EAAM,EAAH,KAIPo+B,EADEh7B,MAAMC,QAAQrD,GACVA,EAAImb,KAAI,SAAA8E,GAAI,OAAI,IAAIwd,EAAiB1V,EAAU,CACnD/nB,IAAKigB,EACLlR,YAAAA,GACA,IAEI,IAAI0uB,EAAiB1V,EAAU,CACnC/nB,IAAAA,EACA+O,YAAAA,IAEH,kBACMqvB,GAAG,4CACX,gKCxDoBV,GAAe,cAIlC,WAAY3V,EAAiC1mB,GAA6B,sEACxE,IAAQrB,EAAQqB,EAARrB,IACA+C,EAAqB/C,EAArB+C,QAAYmxB,GAAI,aAAKl0B,EAAG,GAG5B+C,IACF9C,KAAK8C,QAAUA,GAIjB1C,OAAOyJ,KAAKoqB,GAAMnqB,SAAQ,SAAAlG,GACZ,WAARA,IAGJ,EAAKA,GAAOqwB,EAAKrwB,GACnB,GACF,IAAC,2NC7CH,aAMA,aACA,SAAwD,IAEnCk4B,EAAyB,mCAFU,IAEV,GAFU,EAEV,EAFU,kbAYtD,WAAYhU,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,6RAEzB,IAkBW,EAlBH0N,EAAqB1N,EAArB0N,YAAa/O,EAAQqB,EAARrB,IAEb4jB,EAA2C5jB,EAA3C4jB,GAAIna,EAAuCzJ,EAAvCyJ,UAAWrE,EAA4BpF,EAA5BoF,QAAShF,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OAwBtC,OAvBF,EAAKmjB,GAAKA,EACV,EAAKna,UAAYA,EACjB,EAAKrE,QAAUA,EACf,EAAKhF,OAASA,EAGd,EAAKqF,MAAO,EAAH,2BAAG,0FAMgB,OALpBE,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,OACZC,MAAO/8B,GACN69B,EAAAA,SAAuB,SACb34B,IAAI,mFAEnB,EAAK8R,QAAM,gCAAG,WAAOJ,GAAO,6EAMG,OALvB1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,GACNs7B,GAA0B,SAChBp2B,EAAG0R,GAAQ,mFACzB,6CAAC,CACJ,CAAC,uBAxC2C,CAASqmB,EAAAA,SAAe,iMCRjC,IAEhBY,EAAsB,mCAFN,IAEM,GAFN,EAEM,EAFN,kbAQnC,WAAYvW,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,+LAEzB,IAAQrB,EAAQqB,EAARrB,IAEA4jB,EAAmC5jB,EAAnC4jB,GAAIxe,EAA+BpF,EAA/BoF,QAASqE,EAAsBzJ,EAAtByJ,UAAWrJ,EAAWJ,EAAXI,OAIX,OAHrB,EAAKwjB,GAAKA,EACV,EAAKna,UAAYA,EACjB,EAAKrE,QAAUA,EACf,EAAKhF,OAASA,EAAO,CACvB,CAAC,uBAhBwC,CAF3C,WAEoDs9B,SAAe,2NCHnE,aACA,aAEA,aACA,SAAwD,IAEnChC,EAAgB,mCAFmB,IAEnB,GAFmB,EAEnB,EAFmB,kbAetD,WAAY3T,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,yaAEzB,IAgDa,EAhDL0N,EAAqB1N,EAArB0N,YAAa/O,EAAQqB,EAARrB,IAEb4jB,EAAuC5jB,EAAvC4jB,GAAIxe,EAAmCpF,EAAnCoF,QAASm5B,EAA0Bv+B,EAA1Bu+B,MAAOn+B,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OAuDnC,OAtDD,EAAKmjB,GAAKA,EACV,EAAKxe,QAAUA,EACf,EAAKm5B,MAAQA,EACb,EAAKn+B,OAASA,EAGd,EAAKyB,KAAM,EAAH,2BAAG,0FAMW,OALd8D,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,MACZC,MAAO/8B,GACNi7B,GAAiB,SACP/1B,IAAI,mFAEnB,EAAKiE,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,IACP,SACWkF,IAAI,mFAEnB,EAAKk1B,WAAY,EAAH,2BAAG,0FAMc,OALvBl1B,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,YACZC,MAAO/8B,GACNs7B,EAAAA,SAA0B,SAChBp2B,IAAI,mFAEflF,EAAOgF,OACT,EAAKA,MAAO,EAAH,2BAAG,0FAMgB,OALpBE,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,OACZC,MAAO/8B,GACN69B,EAAAA,SAAuB,SACb34B,IAAI,oFAGjBlF,EAAOgX,SACT,EAAKA,QAAM,gCAAG,WAAOJ,GAA4B,6EAM7C,OALI1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,8CACF,CACH,CAAC,uBA1EkC,CAASqmB,EAAAA,SAAe,2NCN7D,UACA,aACA,SAAwD,IAEnCnB,EAAmB,mCAFgB,IAEhB,GAFgB,EAEhB,EAFgB,kbAgBtD,WAAYxU,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,8XAEzB,IA+Ba,EArBA,EAVLrB,EAAqBqB,EAArBrB,IAAK+O,EAAgB1N,EAAhB0N,YAEL6U,EAA6C5jB,EAA7C4jB,GAAIxjB,EAAyCJ,EAAzCI,OAAQo+B,EAAiCx+B,EAAjCw+B,QAASC,EAAwBz+B,EAAxBy+B,YAAah+B,EAAWT,EAAXS,OAgDzC,OA/CD,EAAKmjB,GAAKA,EACV,EAAKxjB,OAASA,EACd,EAAKo+B,QAAUA,EACf,EAAKC,YAAcA,EAGf,EAAKr+B,QAAUs+B,EAAAA,eAAeC,aAChC,EAAKC,QAAM,gCAAG,WAAOvnB,GAAO,6EAMH,OALjB1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,GACN87B,GAAoB,SACV52B,EAAG0R,GAAQ,mFACzB,8CAGD,EAAKxV,KAAM,EAAH,2BAAG,0FAMc,OALjB8D,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,MACZC,MAAO/8B,GACN87B,GAAoB,SACV52B,IAAI,mFAGnB,EAAKk5B,QAAM,gCAAG,WAAOxnB,GAAO,6EAMH,OALjB1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,MACZC,MAAO/8B,GACN87B,GAAoB,SACV52B,EAAG0R,GAAQ,mFACzB,6CAED,EAAKzN,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,IACP,SACWkF,IAAI,oFAEpB,CACH,CAAC,uBApEqC,CAAS+3B,EAAAA,SAAe,2NCHhE,aACA,SAAwD,IAEnCd,EAAgB,mCAFmB,IAEnB,GAFmB,EAEnB,EAFmB,kbAatD,WAAY7U,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,4UAEzB,IA0Bc,EAUD,EApCLrB,EAAqBqB,EAArBrB,IAAK+O,EAAgB1N,EAAhB0N,YAEL6U,EAAgC5jB,EAAhC4jB,GAAIxe,EAA4BpF,EAA5BoF,QAAShF,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OA2C5B,OA1CD,EAAKmjB,GAAKA,EACV,EAAKxe,QAAUA,EACf,EAAKhF,OAASA,EAGd,EAAKyB,KAAM,EAAH,2BAAG,0FAMW,OALd8D,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,MACZC,MAAO/8B,GACNm8B,GAAiB,SACPj3B,IAAI,mFAEnB,EAAKiE,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,IACP,SACWkF,IAAI,mFAEnB,EAAKk1B,WAAS,gCAAG,WAAOxjB,GAAO,6EAM3B,OALI1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,YACZC,MAAO/8B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,6CACG5W,EAAOgX,SACT,EAAKA,QAAM,gCAAG,WAAOJ,GAAO,6EAMxB,OALI1R,GAAK,EAAA04B,EAAAA,4BAA2B,CACpCtW,SAAAA,EACAhZ,YAAAA,EACAwuB,WAAY,SACZC,MAAO/8B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,8CACF,CACH,CAAC,uBA5DkC,CAASqmB,EAAAA,SAAe,iMCJxB,IAEhBJ,EAAwB,mCAFR,IAEQ,GAFR,EAEQ,EAFR,kbAKnC,WAAYvV,EAAU1mB,GAAS,MAGY,OAHZ,qBAC7B,cAAM0mB,EAAU1mB,IAAS,mDAEzB,EAAKy9B,WAAaz9B,EAAQrB,IAAI8+B,WAAW,CAC3C,CAAC,uBAP0C,CAF7C,WAEsDpB,SAAe,iMCFhC,IAEhBP,EAAkB,mCAFF,IAEE,GAFF,EAEE,EAFF,kbAOnC,WAAYpV,EAAU1mB,GAAS,4BAC7B,cAAM0mB,EAAU1mB,IAAS,uJAEzB,MAA2CA,EAAQrB,IAA3C++B,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAAY55B,EAAO,EAAPA,QAGR,OAFvB,EAAK25B,UAAYA,EACjB,EAAKC,WAAaA,EAClB,EAAK55B,QAAUA,EAAQ,CACzB,CAAC,uBAZoC,CAFvC,WAEgDs4B,SAAe,o1BCF/D,iBACA,aACA,aACA,aACA,aACA,aACA,aACA,kDCaYuB,EAKAC,EAKAR,+CAVS,uBAATO,GAAAA,EAAS,kBAATA,EAAS,uBAATA,IAAS,YAATA,EAAS,KAKH,oBAANC,GAAAA,EAAM,oBAANA,EAAM,yBAANA,IAAM,SAANA,EAAM,KAKQ,4BAAdR,GAAAA,EAAc,4BAAdA,EAAc,iBAAdA,IAAc,iBAAdA,EAAc,8JClB1B,SACA,UACA,UACA,SACA,aACA,UA2BA,UAA6E,2kBAI7E,IAAMS,EAAkB,CAEtB3uB,WAAW,EACXC,YAAY,EACZC,aAAa,EAEb0uB,0BAA0B,EAC1Bx9B,aAASzB,EACTk/B,mBAAoB,GACpB90B,WAAY+0B,EAAAA,oBAcDC,EAAY,WAmCvB,WAAYz/B,GAAgE,IAAnCuB,EAA+B,UAAH,6CAAG,CAAC,EAGvE,IAHwE,2OACxEpB,KAAKH,IAAMA,EACXG,KAAKqH,QAAWxH,EAAYwH,SACvBrH,KAAKqH,QACR,MAAM,IAAIrG,EAAAA,aAAa,qDAGzBI,EAAUhB,OAAOC,OAAO,CAAC,EAAG6+B,GAAiB,EAAA93B,EAAAA,YAAWhG,KACnD,EAAAm+B,EAAAA,iBACHn+B,EAAQg+B,mBAAqBF,EAAgBE,oBAG/Cp/B,KAAKoB,QAAUA,EAEf,IAAMo+B,GAAiC,EAAAp4B,EAAAA,YAAW,CAChDkD,WAAYlJ,EAAQkJ,WACpBpB,OAAQ9H,EAAQ8H,SAEa,YAA3B,aAAO9H,EAAQO,SAEjB69B,EAAer3B,gBAAkB/G,EAAQO,QAChCP,EAAQO,UACjB69B,EAAex3B,YAAc5G,EAAQO,SAGvC3B,KAAK2B,QAAU9B,EAAIkf,eAAe0gB,gBAAgB,EAAD,KAAKD,GAAc,IAAE51B,oBAAoB,KAC1F5J,KAAK0/B,MAAQ/yB,EAAAA,QAASgzB,SACtB3/B,KAAK2O,MAnEA,CACLixB,eAAgB,CAAC,EACjBC,aAAc,KAkEhB,CA8QC,MAjIA,EApBA,EAiRA,OA1YA,gCAlDD,SAAGpzB,EAA6BqD,EAAsCya,GAChEA,EACFvqB,KAAKqH,QAAQwG,GAAGpB,EAAOqD,EAASya,GAEhCvqB,KAAKqH,QAAQwG,GAAGpB,EAAOqD,EAE3B,GAAC,iBAOD,SAAIrD,EAA6BqD,GAC3BA,EACF9P,KAAKqH,QAAQ0I,IAAItD,EAAOqD,GAExB9P,KAAKqH,QAAQ0I,IAAItD,EAErB,GAAC,mBAiCD,WACMzM,KAAKoB,QAAQ+9B,0BACfn/B,KAAKm/B,2BAEPn/B,KAAK8/B,2BACL9/B,KAAK2O,MAAMoC,SAAU,CACvB,GAAC,kBAED,WACE/Q,KAAK+/B,6BACL//B,KAAK2O,MAAMoC,SAAU,CACvB,GAAC,uBAED,WACE,QAAS/Q,KAAK2O,MAAMoC,OACtB,GAAC,wBAED,WACE,OAAO,EAAApO,EAAAA,OAAM3C,KAAKoB,QACpB,GAAC,2BAED,SAAc2M,GACZ,IAAMqxB,EAAqBp/B,KAAKoB,QAAQg+B,oBAAsB,EAE9D,OADiBrxB,EAAMvE,UAAY41B,CAErC,GAAC,wBAED,SAAWrxB,GAET,OADiB/N,KAAKggC,cAAcjyB,IACf/N,KAAK0/B,MAAM5yB,KAClC,GAAC,yBAED,SAAYlJ,EAAKmK,GACf/N,KAAKqH,QAAQ2H,KAAKixB,EAAAA,cAAer8B,EAAKmK,EACxC,GAAC,yBAED,SAAYnK,EAAKs8B,EAAYC,GAC3BngC,KAAKqH,QAAQ2H,KAAKoxB,EAAAA,cAAex8B,EAAKs8B,EAAYC,EACpD,GAAC,uBAED,SAAUv8B,EAAKmK,GACb/N,KAAKqH,QAAQ2H,KAAKlB,EAAAA,YAAalK,EAAKmK,EACtC,GAAC,yBAED,SAAYnK,EAAKmK,GACf/N,KAAKqH,QAAQ2H,KAAKd,EAAAA,cAAetK,EAAKmK,EACxC,GAAC,uBAED,SAAUgB,GACR/O,KAAKqH,QAAQ2H,KAAKqxB,EAAAA,YAAatxB,EACjC,GAAC,qCAED,SAAwBnL,GACtBwI,aAAapM,KAAK2O,MAAMixB,eAAeh8B,WAChC5D,KAAK2O,MAAMixB,eAAeh8B,GAGjC5D,KAAK2O,MAAMkxB,aAAe,IAC5B,GAAC,wCAED,WACE,IAAID,EAAiB5/B,KAAK2O,MAAMixB,eAChC,IAAK,IAAIh8B,KAAOg8B,EACTx/B,OAAOyD,UAAUC,eAAeC,KAAK67B,EAAgBh8B,IAG1D5D,KAAKsgC,wBAAwB18B,EAEjC,GAAC,mCAED,SAAsBA,EAAKmK,GAAO,WAChC,KAAI,EAAAwyB,EAAAA,gBAAexyB,GAAnB,CAIA,IAAIyyB,EAAaxgC,KAAKggC,cAAcjyB,GAChC0yB,EAA+D,IAA7C15B,KAAK25B,IAAIF,EAAaxgC,KAAK0/B,MAAM5yB,MAAO,GAG9D9M,KAAKsgC,wBAAwB18B,GAE7B,IAAI+8B,EAAqBz0B,YAAW,WAClC,EAAK00B,YAAYh9B,EAAKmK,EACxB,GAAG0yB,GAGHzgC,KAAK2O,MAAMixB,eAAeh8B,GAAO+8B,CAbjC,CAcF,GAAC,sCAED,WACE,IAAIE,EAAe7gC,KAAK2B,QAAQyd,aAChC,IAAI,IAAIxb,KAAOi9B,EACb,GAAKzgC,OAAOyD,UAAUC,eAAeC,KAAK88B,EAAcj9B,GAAxD,CAGA,IAAImK,EAAQ8yB,EAAaj9B,GACzB5D,KAAK8gC,sBAAsBl9B,EAAKmK,EAFhC,CAIJ,GAAC,wCAGD,WACE/N,KAAK+/B,6BACL//B,KAAK8/B,0BACP,GAAC,iBAED,SAAIl8B,EAAKmK,GACP,IAAI8yB,EAAe7gC,KAAK2B,QAAQyd,cAChC,EAAA2hB,EAAAA,eAAchzB,GACd8yB,EAAaj9B,GAAOmK,EACpB/N,KAAK2B,QAAQ4e,WAAWsgB,GACxB7gC,KAAKghC,sBACLhhC,KAAKihC,UAAUr9B,EAAKmK,GACpB/N,KAAK8gC,sBAAsBl9B,EAAKmK,EAClC,GAAC,qBAED,SAAQnK,GAEN,OADmB5D,KAAK2B,QAAQyd,aACZxb,EACtB,GAAC,kDAED,WAAUA,GAAG,gGACJ5D,KAAKkhC,QAAQt9B,IAAI,gDACzB,yEAED,WACE,IAAMiQ,EAAS,CAAC,EACVgtB,EAAe7gC,KAAK2B,QAAQyd,aAWlC,OAVAhf,OAAOyJ,KAAKg3B,GAAc/2B,SAAQ,SAAAlG,GAChC,IAAMmK,EAAQ8yB,EAAaj9B,IACvB,EAAAu9B,EAAAA,eAAcpzB,GAChB8F,EAAO/E,YAAcf,GACZ,EAAAqzB,EAAAA,WAAUrzB,GACnB8F,EAAOhF,QAAUd,GACR,EAAAwyB,EAAAA,gBAAexyB,KACxB8F,EAAOhE,aAAe9B,EAE1B,IACO8F,CACT,GAAC,wDAED,6GACS7T,KAAK4P,iBAAe,gDAC5B,8EAED,SAAoBrK,GAClB,IAAMs7B,EAAe7gC,KAAK2B,QAAQyd,aAOlC,OANYhf,OAAOyJ,KAAKg3B,GAAcrW,QAAO,SAAA5mB,GAC3C,IAAMmK,EAAQ8yB,EAAaj9B,GAC3B,OAAQ,EAAAu9B,EAAAA,eAAcpzB,IAAmB,gBAATxI,IAC1B,EAAA67B,EAAAA,WAAUrzB,IAAmB,YAATxI,IACpB,EAAAg7B,EAAAA,gBAAexyB,IAAmB,iBAATxI,CACjC,IAAG,EAEL,GAAC,0BAED,SAAqBwI,GACnB,IAAI,EAAAozB,EAAAA,eAAcpzB,GAChB,MAAO,cAET,IAAI,EAAAqzB,EAAAA,WAAUrzB,GACZ,MAAO,UAET,IAAG,EAAAwyB,EAAAA,gBAAexyB,GAChB,MAAO,eAET,MAAM,IAAI/M,EAAAA,aAAa,qBACzB,GAAC,iCAGD,WACE,IAAI,EAAA6H,EAAAA,gBAAgB,CAClB,IAAMlH,EAAU3B,KAAK2B,QAAQyd,aAC7Bpf,KAAKqH,QAAQ2H,KAAKqyB,EAAAA,kBAAmB1/B,EACvC,CACF,GAAC,wBAGD,WACE,OAAO3B,KAAK2B,OACd,GAAC,uBAED,SACEkS,EAEAytB,EACAC,EACAC,GACM,WACAC,EAAsB,SAAC79B,EAAKmK,GAChC,IAAMxI,EAAO,EAAKm8B,aAAa3zB,GAClB,gBAATxI,EACF+7B,GAAiBA,EAAc19B,EAAKmK,GAClB,YAATxI,EACTg8B,GAAaA,EAAU39B,EAAKmK,GACV,iBAATxI,GACTi8B,GAAkBA,EAAe59B,EAAKmK,EAE1C,EACM4zB,EAAc,SAAC/9B,EAAKmK,GACxB,EAAKkzB,UAAUr9B,EAAKmK,GACpB,EAAK+yB,sBAAsBl9B,EAAKmK,GAChC0zB,EAAoB79B,EAAKmK,EAC3B,EAOM6zB,EAAgB,SAACh+B,EAAKmK,GAC1B,EAAKuyB,wBAAwB18B,GAC7B,EAAKi+B,YAAYj+B,EAAKmK,GACtB0zB,EAAoB79B,EAAKmK,EAC3B,EAEMxF,EAAqB,CAAC,UAAW,cAAe,gBAChDu5B,EAAiB9hC,KAAK4P,gBAG5BrH,EAAMuB,SAAQ,SAACvE,GACb,IAAMwI,EAAQ8F,EAAOtO,GACjBwI,IACF,EAAAgzB,EAAAA,eAAchzB,EAAOxI,EAEzB,IAGA,IAAM5D,EAAU4G,EAAMmN,QAAO,SAAC/T,EAAS4D,GACrC,IAAMwI,EAAQ8F,EAAOtO,GAKrB,OAJIwI,IAEFpM,EADmB,EAAKogC,oBAAoBx8B,IAASA,GAC/BwI,GAEjBpM,CACT,GAAG,CAAC,GACJ3B,KAAK2B,QAAQ4e,WAAW5e,GACxB3B,KAAKghC,sBAGLz4B,EAAMuB,SAAQ,SAAAvE,GACZ,IArCqB3B,EAAKmK,EAAOoyB,EAqC3B6B,EAAWnuB,EAAOtO,GAClB08B,EAAgBH,EAAev8B,GAC/B+E,EAAa,EAAKy3B,oBAAoBx8B,IAASA,EACjDy8B,GAAYC,GAEdL,EAAct3B,EAAY23B,GAC1BN,EAAYr3B,EAAY03B,GA3CLp+B,EA4CL0G,EA5CUyD,EA4CEi0B,EA5CK7B,EA4CK8B,EA3CtC,EAAKC,YAAYt+B,EAAKmK,EAAOoyB,GAC7B,EAAKG,wBAAwB18B,GAC7B,EAAKk9B,sBAAsBl9B,EAAKmK,GAChC0zB,EAAoB79B,EAAKmK,IAyCdi0B,EACTL,EAAYr3B,EAAY03B,GACfC,GACTL,EAAct3B,EAAY23B,EAE9B,GACF,GAAC,oBAED,SAAOr+B,GAEL5D,KAAKsgC,wBAAwB18B,GAE7B,IAAIi9B,EAAe7gC,KAAK2B,QAAQyd,aAC5B+iB,EAAetB,EAAaj9B,UACzBi9B,EAAaj9B,GACpB5D,KAAK2B,QAAQ4e,WAAWsgB,GACxB7gC,KAAKghC,sBAELhhC,KAAK6hC,YAAYj+B,EAAKu+B,EACxB,GAAC,yDAGD,WAAiBp0B,GAAK,sGACC,QADD,EACb/N,KAAKH,IAAIkO,aAAK,aAAd,EAAgBq0B,MAAMr0B,IAAM,gDACpC,yEAED,SAAcA,GACZ,OAAO,EAAAgzB,EAAAA,eAAchzB,EACvB,GAAC,mBAGD,SAAMnK,GAAiC,WAErC,GAAI5D,KAAK2O,MAAMkxB,aACb,OAAO7/B,KAAK2O,MAAMkxB,aAGpB,IACE,IAAI9xB,EAAQ/N,KAAKkhC,QAAQt9B,GACrBy+B,OAAwBniC,IAAV6N,EAElB,IAAKA,GAAiB,gBAARnK,EAAuB,CAEnC,IAAM0+B,EAAatiC,KAAK+hC,oBAAoB,gBAE5CM,OAA+BniC,IADVF,KAAKkhC,QAAQoB,EAEpC,CAEA,IAAKD,EACH,MAAM,IAAIrhC,EAAAA,aAAa,8CAAgD4C,EAE3E,CACA,MAAOgD,GAEL,OADA5G,KAAKuiC,UAAU37B,GACRlG,QAAQK,OAAO6F,EACxB,CAmCA,OAhCA5G,KAAKsgC,wBAAwB18B,GAIR5D,KAAK2O,MAAMkxB,aAAe7/B,KAAKH,IAAIkO,MAAMy0B,cAC3DthC,MAAK,SAAA2S,GAKJ,GAJA,EAAKC,UAAUD,IAIV9F,GAAiB,gBAARnK,EAAuB,CACnC,IAAMkL,EAAc+E,EAAoB,YAExC,OADA,EAAKquB,YAAYt+B,EAAKkL,EAAa,MAC5BA,CACT,CAIA,OAAO+E,EADW,EAAK6tB,aAAa3zB,GAEtC,IACCpH,OAAM,SAAAC,GAKL,MAHA,EAAKmE,OAAOnH,GACZgD,EAAI67B,SAAW7+B,EACf,EAAK2+B,UAAU37B,GACTA,CACR,IACCuF,SAAQ,WAEP,EAAKwC,MAAMkxB,aAAe,IAC5B,GAGJ,GAAC,mBAED,WAAQ,WACAhsB,EAAS7T,KAAK4P,gBACpB5P,KAAK+/B,6BACL//B,KAAK2B,QAAQmf,eACb9gB,KAAKghC,sBAEL5gC,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1B,EAAKi+B,YAAYj+B,EAAKiQ,EAAOjQ,GAC/B,GACF,GAAC,sCAED,WAA2B,WACnBi9B,EAAe7gC,KAAK2B,QAAQyd,aAC5BsjB,EAAgB,CAAC,EACvBtiC,OAAOyJ,KAAKg3B,GAAc/2B,SAAQ,SAAAlG,GAC5Bi9B,EAAaj9B,GAAK++B,gBACpBD,EAAc9+B,GAAOi9B,EAAaj9B,UAC3Bi9B,EAAaj9B,GAExB,IACA5D,KAAK2B,QAAQ4e,WAAWsgB,GACxB7gC,KAAKghC,sBACL5gC,OAAOyJ,KAAK64B,GAAe54B,SAAQ,SAAAlG,GACjC,EAAK08B,wBAAwB18B,GAC7B,EAAKi+B,YAAYj+B,EAAK8+B,EAAc9+B,GACtC,GACF,GAAC,gCAED,SAAmBmK,GACjB,IAAMnK,EAAM5D,KAAK+hC,oBAAoB,iBAAmBa,EAAAA,0BAGpD/B,EAAe7gC,KAAK2B,QAAQyd,cAChC,EAAA2hB,EAAAA,eAAchzB,GACd8yB,EAAaj9B,GAAOmK,EACpB/N,KAAK2B,QAAQ4e,WAAWsgB,GACxB7gC,KAAKghC,qBACP,GAAC,gCAED,WACE,IAAMp9B,EAAM5D,KAAK+hC,oBAAoB,iBAAmBa,EAAAA,0BACxD5iC,KAAK+K,OAAOnH,EACd,GAAC,mCAED,WACE,IAAMiQ,EAAS7T,KAAK4P,gBACpBxP,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1BiQ,EAAOjQ,GAAK++B,eAAgB,CAC9B,IACA3iC,KAAK8T,UAAUD,EACjB,KAAC,EAzcsB,GAyctB,4FC/eI,WAOL,OAAO,WAOL,WAAYzS,IAAoC,qMAE9CpB,KAAK+e,eAAiB3d,EAAQ2d,eAC9B/e,KAAK6iC,qBAAsD,IAAhCzhC,EAAQyhC,oBACnC7iC,KAAKqgB,kBAAgD,IAA7Bjf,EAAQif,iBAChCrgB,KAAKoB,QAAUA,CACjB,CA2EC,OA3EA,mCAGD,WAAiD,IAA3CA,EAAuC,UAAH,6CAAG,CAAC,EACtCg2B,EAAsCp3B,KAAK+e,eAAesY,wBAC1D3f,EAAO0f,EAAmBhY,aAMhC,GAHAgY,EAAmBtW,eAGf9gB,KAAK6iC,sBAAsD,IAA/BzhC,EAAQm1B,mBAA8B,CACpE,IAAM5nB,EAAQvN,EAAQuN,QAAS+I,aAAI,EAAJA,EAAM/I,OACjCA,IACF,EAAAm0B,EAAAA,mCAAkC9iC,KAAK+e,eAAgBpQ,EAE3D,CACF,GAAC,kBAGD,SAAK+I,GAA+C,IAAtCtW,EAAkC,UAAH,6CAAG,CAAC,EAK3CO,EAA2B3B,KAAK+e,eAAesY,wBAC7Cp0B,EAAMtB,EAAQyd,cAIhB,EAAA2jB,EAAAA,mBAAkB9/B,KAAS7B,EAAQu2B,cAErC,EAAA/uB,EAAAA,MAAK,2GAGPjH,EAAQ4e,WAAW7I,GAGf1X,KAAK6iC,qBAAuBnrB,EAAK/I,QACnC,EAAAq0B,EAAAA,gCAA+BhjC,KAAK+e,eAAgBrH,EAAK/I,MAAO+I,EAEpE,GAAC,oBAED,WAAsD,IAA/CtW,EAAkC,UAAH,6CAAG,CAAC,EACxC,IAEE,QADapB,KAAKikB,KAAK7iB,EAEzB,CAAE,SACA,OAAO,CACT,CACF,GAAC,kBAID,WAAmE,IAE7DsW,EAFDtW,EAAkC,UAAH,6CAAG,CAAC,EAKtC,OAAIpB,KAAK6iC,qBAAuBzhC,EAAQuN,SACtC,EAAAs0B,EAAAA,oBAAmBjjC,KAAK+e,gBACxBrH,GAAO,EAAAwrB,EAAAA,kCAAiCljC,KAAK+e,eAAgB3d,EAAQuN,QACjE,EAAAo0B,EAAAA,mBAAkBrrB,IACbA,GAKXA,EAD+B1X,KAAK+e,eAAesY,wBACpCjY,cACX,EAAA2jB,EAAAA,mBAAkBrrB,GAEbA,EAGF,KACT,KAAC,EAxFI,EA2FT,6CAtHA,UAWA,SACA,2DCTO,SAAqB3J,GAC1B,IACIo1B,EADAjsB,EAAMnJ,EAAMoJ,MAAM,KAGtB,IACEgsB,EAAe,CACbtqB,OAAQ3O,KAAKC,OAAM,EAAAi5B,EAAAA,mBAAkBlsB,EAAI,KACzCE,QAASlN,KAAKC,OAAM,EAAAi5B,EAAAA,mBAAkBlsB,EAAI,KAC1CK,UAAWL,EAAI,GAEnB,CAAE,MAAOjS,GACP,MAAM,IAAIjE,EAAAA,aAAa,kBACzB,CAEA,OAAOmiC,CACT,EAnBA,cAEA,kFCsJC,WAEyC,mFAUzC,SAIgD,yDAZhD,WAGsC,kFAxBtC,SAGgC,iEA8EhC,SAGgD,gGAjM1C,SAA0BlgC,GAC/B,QACG,EAAAogC,EAAAA,cAAapgC,KAAQ,EAAAqgC,EAAAA,gBAAergC,KACnB,mBAAlBA,EAAI4U,SAER,4CAvCA,UAQA,UAuBM0rB,EAAiB,aACjBC,EAAS,WAOd,SAIqBC,EAAU,EAAD,iDAO9B,OAP8B,gCAAxB,WAAyB5qB,EAAgB6qB,EAAgBC,GAAqB,iFAE7B,OADhDC,GAAO,EAAA/sB,EAAAA,mBAAkB3M,KAAKE,UAAUyO,IACxCvN,GAAO,EAAAuL,EAAAA,mBAAkB3M,KAAKE,UAAUs5B,IAAQ,SAC9BptB,EAAAA,UAAUC,OAAOstB,KACvC,CAAEv/B,KAAMq/B,EAAWG,UAAUx/B,MAAQq/B,GAAY,EAAAtsB,EAAAA,gBAAc,UAAIusB,EAAI,YAAIt4B,KAC5E,OAFc,OAATiM,EAAY,EAAH,iCAGLqsB,EAAI,YAAIt4B,EAAI,aAAI,EAAA0K,EAAAA,oBAAkB,EAAAolB,EAAAA,mBAAkB7jB,MAAW,4CAC1E,sBAEM,SAASwsB,IAAiC,IAAdC,EAAU,UAAH,6CAAG,GAC3C,OAAO,aAAI1tB,EAAAA,UAAU2tB,gBAAgB,IAAIpvB,WAAWmvB,KAAW9oB,KAAI,SAAAgpB,GAAC,OAAIA,EAAEC,SAAS,GAAG,IAAE9oB,KAAK,GAC/F,CAAC,SAEqB+oB,IAAe,4CAWpC,OAXoC,gCAA9B,0FAMJ,OALKN,EAAY,CAChBx/B,KAAM,oBACNqS,KAAM,UACN0tB,cAAe,KACfC,eAAgB,IAAIzvB,WAAW,CAAC,EAAM,EAAM,KAC7C,kBAIMyB,EAAAA,UAAUC,OAAOguB,YAAYT,GAAW,EAAO,CAAC,OAAQ,YAAU,4CAC1E,+BAEcU,EAAe,+CAM7B,OAN6B,gCAA9B,WAAgC11B,GAAmB,+EACG,OAA9CmH,GAAS,IAAIG,aAAcC,OAAOvH,GAAY,SACjCwH,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAO,OAAnD,OAAJU,EAAO,EAAH,wBAEH,EAAAlB,EAAAA,MAAKI,OAAOC,aAAac,MAAM,KAAM,IAAI/B,WAAW8B,KACxD1M,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAG,4CAC9D,sBA8CA,SAGcw6B,EAAiB,+CAc/B,OAd+B,gCAAhC,WAAkCzpB,GAAmB,8GAAKna,EAAI,iCAAJA,EAAI,0BAtCrD,IAAIH,SAAQ,SAACC,EAASI,GAC3B,IACE,IACM2jC,EADY57B,OAAOiR,UACH4qB,KAAKpB,EAAgB,GAE3CmB,EAAIE,QAAU,WACZ7jC,EAAO2jC,EAAI31B,MACb,EAEA21B,EAAIG,gBAAkB,WACTH,EAAIxoB,OACZ4oB,kBAAkBtB,EACvB,EAEAkB,EAAIK,UAAY,WACd,IAAMC,EAAKN,EAAIxoB,OACTpc,EAAKklC,EAAG9W,YAAYsV,EAAQ,aAElC1jC,EAAG8kC,QAAU,WACX7jC,EAAOjB,EAAGiP,MACZ,EAEA,IAAMk2B,EAAQnlC,EAAGolC,YAAY1B,GAE7B7iC,EAAQskC,GAERnlC,EAAGqlC,WAAa,WACdH,EAAGvwB,OACL,CACF,CACF,CACA,MAAO7N,GACL7F,EAAO6F,EACT,CACF,IAK8B,OAAnB,OAALq+B,EAAQ,EAAH,uBACJ,IAAIvkC,SAAQ,SAACC,EAASI,GAI3B,IAAM2jC,EAAMO,EAAMjqB,GAAO,MAAbiqB,EAAiBpkC,GAC7B6jC,EAAIK,UAAY,WACdpkC,EAAQ+jC,EACV,EACAA,EAAIE,QAAU,WACZ7jC,EAAO2jC,EAAI31B,MACb,CACF,KAAE,2CACH,iCAEcq2B,EAAY,iDAG1B,OAH0B,gCAA3B,WAA6BC,EAAgBC,GAAsB,uFAC3Db,EAAkB,MAAOa,EAASD,GAAO,gCACxCC,GAAO,4CACf,sBAGgC,aAUhC,OAVgC,gCAA1B,WAA4BD,GAAe,iFAC5CA,EAAQ,CAAF,+BACUZ,EAAkB,MAAOY,GAAO,OAAzC,KAAHX,EAAM,EAAH,MACDxoB,OAAQ,CAAF,wCACLwoB,EAAIxoB,QAAM,aAKf,IAAIlb,EAAAA,aAAa,sDAAD,OAAuDqkC,EAAS,KAAH,OAAQA,EAAM,KAAM,KAAK,4CAC7G,+BAEqBE,EAAgB,+CAErC,OAFqC,gCAA/B,WAAiCF,GAAc,uFAC9CZ,EAAkB,SAAUY,GAAO,4CAC1C,sBAEyC,aAEzC,OAFyC,gCAAnC,oGACCZ,EAAkB,SAAQ,4CACjC,sBAGsC,aAKtC,OALsC,gCAAhC,4FACiC,OAAhCe,EAAYzB,EAAkB,GAAE,SAChBK,IAAiB,OAA1B,OAAPkB,EAAU,EAAH,cACPF,EAAaI,EAAWF,GAAQ,gCAC/B,CAAEA,QAAAA,EAASE,UAAAA,IAAW,4CAC9B,sBAIgD,aAmBhD,OAnBgD,gCAA1C,WAA4CC,EAAoC5xB,GAAc,qFAejC,GAd9D6xB,GAAc,EAEV52B,EAA8B+E,EAA9B/E,YAAae,EAAiBgE,EAAjBhE,aAGA,WAAjB41B,GAA6B32B,GAAyC,SAA1BA,EAAY62B,YAAyB91B,IACnF61B,GAAc,GAIK,YAAjBD,GAA8B51B,IAAiBf,IACjD42B,GAAc,GAGVL,EAAgC,QAA1B,EAAGv2B,aAAW,EAAXA,EAAa82B,kBAAU,QAAI/1B,aAAY,EAAZA,EAAc+1B,YACpDF,IAAeL,EAAM,gCACjBE,EAAiBF,GAAO,4CAEjC,+BAIqBQ,EAAiB,+CAyBtC,OAzBsC,gCAAhC,qHAA4E,OAAxCP,EAAO,EAAPA,QAASnkC,EAAG,EAAHA,IAAK6Z,EAAM,EAANA,OAAQ2R,EAAK,EAALA,MAAO7d,EAAW,EAAXA,YAAW,SAC1CwH,EAAAA,UAAUC,OAAOuvB,UAAU,MAAOR,EAAQ9K,WAAU,OAgB1F,GAhB0F,SAAnFuL,EAAG,EAAHA,IAAKC,EAAG,EAAHA,IAAK/gC,EAAC,EAADA,EAAGghC,EAAC,EAADA,EAAGC,EAAC,EAADA,EAAGC,EAAC,EAADA,EACrBttB,EAAS,CACbutB,IAAK,QACLC,IAAK,WACLC,IAAK,CAAEP,IAAAA,EAAKC,IAAAA,EAAK/gC,EAAAA,EAAGghC,EAAAA,EAAGC,EAAAA,EAAGC,EAAAA,IAGtBzC,EAAqB,CACzB6C,IAAKvrB,EACLwrB,IAAKrlC,EACLslC,IAAK1/B,KAAKmZ,MAAMvV,KAAKmC,MAAQ,KAC7B45B,IAAK3C,KAGHpX,IACF+W,EAAO/W,MAAQA,IAIb7d,EAAa,CAAF,iCACM01B,EAAgB11B,GAAY,QAA/C40B,EAAOiD,IAAM,EAAH,sCAGLlD,EAAU5qB,EAAQ6qB,EAAQ4B,EAAQsB,aAAW,6CACrD,sBAGgD,aAOhD,OAPgD,gCAA1C,mGAIJ,OAJkDtB,EAAO,EAAPA,QAASnkC,EAAG,EAAHA,IAAK6Z,EAAM,EAANA,OAAQ2R,EAAK,EAALA,MACnE5nB,EAA0B,CAAEugC,QAAAA,EAASnkC,IAAAA,EAAK6Z,OAAAA,GAC5C2R,IACF5nB,EAAO4nB,MAAQA,GAChB,kBAEMkZ,EAAkB9gC,IAAO,4CACjC,+FC5KM,SAA8B8yB,GACnC,IAAIgP,EAAmBC,EAAgCjP,GACvD,OAAO,EAAAxyB,EAAAA,eAAa,OACfwhC,GACChP,EAAYkP,aAAe,EAAJ,GAASlP,EAAYkP,cAEpD,uDA1DA,SACA,UAA4C,2kBAGrC,SAASD,EAAgCjP,GAE9C,IAAKA,EAAYhnB,SACf,MAAM,IAAI7P,EAAAA,aAAa,2EAGzB,IAAI,EAAAsd,EAAAA,UAASuZ,EAAYzb,gBAA4D,IAA3Cyb,EAAYzb,aAAapS,QAAQ,KACzE,MAAM,IAAIhJ,EAAAA,aAAa,4DAIzB,IAAIgmC,EAA2B,CAC7B,UAAanP,EAAYhnB,SACzB,eAAkBgnB,EAAYxL,cAC9B,sBAAyBwL,EAAYvL,oBACrC,QAAWuL,EAAYpsB,QACvB,IAAOosB,EAAYnD,IACnB,UAAamD,EAAYoP,SACzB,WAAcpP,EAAYqP,UAC1B,QAAWrP,EAAYpL,OACvB,MAASoL,EAAYlL,MACrB,OAAUkL,EAAYsP,OACtB,aAAgBtP,EAAY1L,YAC5B,cAAiB0L,EAAYvjB,aAC7B,cAAiBujB,EAAYzb,aAC7B,aAAgByb,EAAYuP,aAC5B,MAASvP,EAAYlpB,MACrB,WAAckpB,EAAYnL,UAC1B,kBAAqBmL,EAAYwP,iBAUnC,GARAL,GAAc,EAAA5/B,EAAAA,YAAW4/B,GAEzB,CAAC,YAAa,gBAAiB,qBAAqBl9B,SAAQ,SAAUw9B,GAChEnkC,MAAMC,QAAQ4jC,EAAYM,MAC5BN,EAAYM,GAAcN,EAAYM,GAAYjsB,KAAK,KAE3D,KAEuD,IAAnDwc,EAAYzb,aAAcpS,QAAQ,cACO,IAA3C6tB,EAAYzL,OAAQpiB,QAAQ,UAC5B,MAAM,IAAIhJ,EAAAA,aAAa,qFAKzB,OAJW62B,EAAYzL,SACrB4a,EAAYla,MAAQ+K,EAAYzL,OAAQ/Q,KAAK,MAGxC2rB,CACT,qCCnDA,oLACA,oLACA,sPC+GC,SAEsC,EAAD,2DAhBrC,SAGyC,EAAD,gFAtGzC,UAEA,SACA,UACA,UAaA,SAASO,EAAgBnmC,GAEvB,IAAKA,EAAQyP,SACX,MAAM,IAAI7P,EAAAA,aAAa,2EAGzB,IAAKI,EAAQ+qB,YACX,MAAM,IAAInrB,EAAAA,aAAa,sEAGzB,IAAKI,EAAQomC,oBAAsBpmC,EAAQonB,gBACzC,MAAM,IAAIxnB,EAAAA,aAAa,6EAGzB,IAAKI,EAAQgnB,aACX,MAAM,IAAIpnB,EAAAA,aAAa,gFAE3B,CAEA,SAASymC,EAAY5nC,EAAKuB,GAExB,IAAI2D,GAAsB,EAAAqC,EAAAA,YAAW,CACnC,UAAahG,EAAQyP,SACrB,aAAgBzP,EAAQ+qB,YACxB,WAAc/qB,EAAQonB,gBAAkB,mBAAqB,qBAC7D,cAAiBpnB,EAAQgnB,eAGvBhnB,EAAQonB,gBACVzjB,EAAyB,iBAAI3D,EAAQonB,gBAC5BpnB,EAAQomC,oBACjBziC,EAAO2iC,KAAOtmC,EAAQomC,mBAGxB,IAAQ5a,EAAiB/sB,EAAIuB,QAArBwrB,aAMR,OALIA,IACF7nB,EAAsB,cAAI6nB,IAIrB,EAAAvnB,EAAAA,eAAcN,GAAQ2D,MAAM,EACrC,CAAC,SAGci/B,EAAgB,iDAsC9B,OAtC8B,gCAA/B,WAAiC9nC,EAAK,GAAF,iGAIjC,GAJqCsB,EAAG,EAAHA,IAAKlB,EAAI,EAAJA,KAAM0sB,EAAK,EAALA,MAAOib,EAAW,EAAXA,YAClD5sB,EAAS,OACTlY,EAAe,CACnB,eAAgB,sCAGdjD,EAAIuB,QAAQ28B,KAAM,CAAF,mBACb6J,EAAa,CAAF,qBACR,IAAI5mC,EAAAA,aAAa,mDAAkD,wBAGvD,EAAA6mC,EAAAA,6BAA4B,CAAE1mC,IAAAA,EAAK6Z,OAAAA,EAAQ2R,MAAAA,EAAO2Y,QAASsC,IAAc,OAAvFE,EAAQ,EAAH,KACXhlC,EAAQilC,KAAOD,EAAM,oCAIF,EAAAhqB,EAAAA,aAAYje,EAAK,CAClCsB,IAAAA,EACA6Z,OAAAA,EACAna,KAAMZ,EACN6C,QAAAA,IACA,QALQ,OAAJuV,EAAO,EAAH,uBAMHA,GAAI,wCAGP,EAAA2vB,EAAAA,kBAAgB,OAAUrb,EAAK,iBACgB,GAA3Csb,EAAoB,QAAX,EAAG,KAAI5vB,YAAI,aAAR,EAAUvV,QAAQ,cACpB,CAAF,sBAEN,IAAI2U,EAAAA,aACR,CAACG,aAAc,8CACP,QADoD,EAC5D,KAAIS,YAAI,aAAInY,GACb,iCAEIynC,EAAiB9nC,EAAK,CAAEsB,IAAAA,EAAKlB,KAAAA,EAAM2nC,YAAAA,EAAajb,MAAOsb,KAAY,+EAI/E,sBAGwC,aAWxC,OAXwC,gCAAlC,WAAmCpoC,EAAKuB,EAA8B80B,GAAgB,+EAQ1F,OAPDqR,EAAgBnmC,GACZnB,EAAOwnC,EAAY5nC,EAAKuB,GAEtB2D,EAA6B,CACjC5D,IAAK+0B,EAAKgS,SACVjoC,KAAAA,EACA2nC,YAAaxmC,aAAO,EAAPA,EAASwmC,aACvB,kBAEMD,EAAiB9nC,EAAKkF,IAAO,4CACrC,sBAEqC,aA2BrC,OA3BqC,gCAA/B,WACLlF,EACAuB,EACAyO,GAA0B,iFAqBzB,OAnBK5P,EAAOG,OAAO0R,QAAQ,CAC1B+a,UAAWzrB,EAAQyP,SACnBs3B,WAAY,gBACZrb,MAAOjd,EAAauc,OAAO/Q,KAAK,KAChC+sB,cAAev4B,EAAaA,eAC3BqL,KAAI,SAAU,GAAe,yBAAd5W,EAAI,KAAEiF,EAAK,KAE3B,OAAOjF,EAAO,IAAM8W,mBAAmB7R,EACzC,IAAG8R,KAAK,KAEJla,EAAM0O,EAAaq4B,SACnB9mC,EAAQ2lC,aAAe3mC,OAAOyJ,KAAKzI,EAAQ2lC,aAAavjC,QAAU,IACpErC,IAAO,EAAAkE,EAAAA,eAAcjE,EAAQ2lC,cAGzBhiC,EAA6B,CACjC5D,IAAAA,EACAlB,KAAAA,EACA2nC,YAAaxmC,aAAO,EAAPA,EAASwmC,aACvB,kBAEMD,EAAiB9nC,EAAKkF,IAAO,4CACrC,+ECnIM,SAAgBlF,EAA6Byd,EAAgB+qB,GAClE,IAAIvpB,EAAYjf,EAAIkf,eAAeC,aAAanf,EAAIuB,QAAQ6d,SAE5D,OAAOqpB,EAAazoC,EAAKyd,GACxBpc,MAAK,SAASqnC,GACb,IAAIC,EAAUD,EAAoB,SAI9BppB,EADgBL,EAAUM,aACKopB,GACnC,GAAIrpB,GAAkBxU,KAAKmC,MAAM,IAAOqS,EAAe3V,UAAW,CAChE,IAAIi/B,GAAY,EAAAjkC,EAAAA,MAAK2a,EAAexD,SAAS9R,KAAM,CACjDw+B,IAAKA,IAGP,GAAII,EACF,OAAOA,CAEX,CAMA,OAHA3pB,EAAUgC,aAAa0nB,IAGhB,EAAA5mC,EAAAA,KAAI/B,EAAK2oC,EAAS,CACvBtpB,eAAe,IAEhBhe,MAAK,SAASnB,GACb,IAAI6D,GAAM,EAAAY,EAAAA,MAAKzE,EAAI8J,KAAM,CACvBw+B,IAAKA,IAGP,GAAIzkC,EACF,OAAOA,EAGT,MAAM,IAAI5C,EAAAA,QAAa,eAAiBqnC,EAAM,uCAChD,GACF,GACF,mBAnDA,cACA,SAEA,aAEO,SAASC,EAAazoC,EAA6Byd,GACxD,IAAIorB,EAAiBprB,GAAUzd,EAAIuB,QAAQkc,OAC3C,OAAO,EAAA1b,EAAAA,KAAI/B,EAAK6oC,EAAgB,oCAAqC,CACnExpB,eAAe,GAEnB,2DCJO,SACLrf,EACAuB,GAEAA,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAE7B,IAAM2D,GAAS,EAAA4jC,EAAAA,kCAAiC9oC,EAAKuB,GAC/CsW,GAAO,EAAAkxB,EAAAA,+BAA8B/oC,EAAKkF,GAC1C84B,EAAanmB,EAAKwe,KAAK2S,cAAe,EAAAC,EAAAA,sBAAqB/jC,GACjElF,EAAImkB,mBAAmB0T,KAAKhgB,GACxB7X,EAAIuB,QAAQ2nC,YACdlpC,EAAIuB,QAAQ2nC,YAAYlL,GAExB/0B,OAAOuL,SAAShU,OAAOw9B,EAE3B,EAnBA,aACA,UACA,mFCGwD,SAGZ,EAAD,mEAP3C,UACA,SACA,UACA,UACA,UAG2C,aA2E1C,OA3E0C,gCAApC,WAAqCh+B,EAA6Bg4B,EAA0B3B,GAAiB,uHA8CjH,GA7CDA,EAAOA,IAAQ,EAAA8S,EAAAA,cAAanpC,EAAKg4B,GAEjCA,EAAcz3B,OAAOC,OAAO,CAAC,GAAG,EAAA4oC,EAAAA,uBAAsBppC,IAAM,EAAA8C,EAAAA,OAAMk1B,IAGhE2P,GAH8E,EAe5E3P,GAZF2P,kBACAhf,EAAe,EAAfA,gBACAJ,EAAY,EAAZA,aACAvX,EAAQ,EAARA,SACAsb,EAAW,EAAXA,YACAC,EAAM,EAANA,OACA6J,EAAe,EAAfA,gBACAtnB,EAAK,EAALA,MACA+d,EAAS,EAATA,UACAqR,EAAI,EAAJA,KACA6H,EAAU,EAAVA,WACAmB,EAAW,EAAXA,YAIImC,EAAuC,CAC3Cr4B,SAAAA,EACAsb,YAAAA,EACAqb,kBAAAA,EACAhf,gBAAAA,EACAJ,aAAAA,EACA2V,KAAAA,GAMI3hB,EAAoC,CAAC,UACR,IAA/BgQ,EAAQpiB,QAAQ,WAClBoS,EAAa3Y,KAAK,YAGd0lC,EAAqC,CACzCt4B,SAAAA,EACAsb,YAAAA,EACAC,OAAAA,EACAhQ,aAAAA,EACA6Z,gBAAAA,EACAvJ,UAAAA,EACAqa,YAAAA,GACD,UAGKhJ,EAAM,CAAF,oBAEF6H,EAAY,CAAF,kCACU,EAAAwD,EAAAA,aAAYxD,GAAW,QAAvCN,EAAU,EAAH,KACb4D,EAAgBtB,YAActC,EAC9B6D,EAAsBpL,KAAOA,EAC7BoL,EAAsBvD,WAAaA,EAAW,0CAGT,EAAAyD,EAAAA,qBAAmB,iBAAhD/D,EAAO,EAAPA,QAASE,EAAS,EAATA,UACjB0D,EAAgBtB,YAActC,EAC9B6D,EAAsBpL,KAAOA,EAC7BoL,EAAsBvD,WAAaJ,EAAU,0BAIN,EAAA8D,EAAAA,qBAAoBzpC,EAAKqpC,EAAiBhT,GAAK,QAAxD,OAA5BqT,EAA+B,EAAH,gBAES,EAAAC,EAAAA,qBAAoB3pC,EAAKspC,EAAuBI,EAAerT,GAAM,QAEnF,OAFvBC,EAA+B,EAAH,MACpBuR,KAAOF,EACrBrR,EAAcxnB,MAAQA,EAAO,kBACtBwnB,GAAa,QAGW,OAHX,UAGpBt2B,EAAImkB,mBAAmB4R,QAAQ,4EAElC,gFC/EM,SAQLhjB,EACA1L,EACA2L,GAGA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GAEvC,OADkB,EAAAK,EAAAA,YAAwBH,EAAaN,EAEzD,EAlCA,cACA,SACA,UACA,UACA,8DCsGO,SAAyBhT,GAC9B,MAAO,CACL4pC,UAAW,CACTC,oBAAqBA,EAAAA,oBAAoB5nC,KAAK,KAAMjC,IAG1D,mBAzEO,SAAwBA,EAA6B8pC,GAC1D,IAAMC,EAAW,SAAC5uB,GAChB,OAAOtN,EAAAA,aAAa7J,UAAUJ,KAAK3B,KAAK6nC,EAAO3uB,EAAQ,KACzD,EAEM6uB,EAAoBD,EAASE,EAAAA,gBAAgBhoC,KAAK,KAAMjC,IAGxDkqC,EAAiBH,EAASI,EAAAA,aAAaloC,KAAK,KAAMjC,IAClDoqC,EAAyC7pC,OAAOC,OAAO0pC,EAAgB,CAE3EG,YAAa,WACX,OAAOphC,OAAOqhC,OAChB,EAGAC,aAAc,WACZ,OAAOthC,OAAOuL,QAChB,EAGAg2B,aAAc,WACZ,OAAOvhC,OAAOuC,QAChB,IAGI0C,EAAiB,CACrB6pB,mBAAoBA,EAAAA,mBAAmB91B,KAAK,KAAMjC,GAClD4oB,sBAAuBA,EAAAA,sBAAsB3mB,KAAK,KAAMjC,GACxDyqC,iBAAkBA,EAAAA,iBAAiBxoC,KAAK,KAAMjC,GAC9C0qC,aAAcA,EAAAA,aAAazoC,KAAK,KAAMjC,GACtC2qC,gBAAiBA,EAAAA,gBAAgB1oC,KAAK,KAAMjC,GAC5CiqC,gBAAiBD,EACjBG,aAAcC,EACdQ,OAAQC,EAAAA,YACRC,OAAQC,EAAAA,YAAY9oC,KAAK,KAAMjC,GAC/BuiC,MAAOyI,EAAAA,WAAW/oC,KAAK,KAAMjC,GAC7BirC,uBAAwBA,EAAAA,uBAAuBhpC,KAAK,KAAMjC,GAC1D2iC,YAAaA,EAAAA,YAAY1gC,KAAK,KAAMjC,GACpCkrC,YAAa,SACXC,EACAC,GAEA,OAAO,EAAAF,EAAAA,aAAYlrC,EAAKmrC,EAAmBC,EAC7C,EACAzzB,OAAQ0zB,EAAAA,YAAYppC,KAAK,KAAMjC,GAC/B6T,gBAAiBA,EAAAA,gBAAgB5R,KAAK,KAAMjC,GAC5CsC,WAAYgpC,EAAAA,eAAerpC,KAAK,KAAMjC,IAiBxC,MAZe,CACb,mBACA,eACA,SACA,QACA,yBACA,eAEKiK,SAAQ,SAAAlG,GACbmK,EAAMnK,GAAOgmC,EAAS77B,EAAMnK,GAC9B,IAEOmK,CACT,EA9FA,aACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,SACA,UACA,UAYA,UACA,UACA,kECjBO,SAA4BlO,GAOjC,MAN4B,CAC1B+3B,mBAAoBA,EAAAA,mBAAmB91B,KAAK,KAAMjC,GAClD4oB,sBAAuBA,EAAAA,sBAAsB3mB,KAAK,KAAMjC,GACxD4qC,OAAQC,EAAAA,YAIZ,EAjBA,cACA,UAKA,6CCnBA,oLACA,gPCmFO,SAAkB7qC,EAA6BuB,GACpD,GAAI0J,UAAUtH,OAAS,EACrB,OAAO9C,QAAQK,OAAO,IAAIC,EAAAA,QAAa,qEAOzC,IAAMoqC,GAJNhqC,EAAUA,GAAW,CAAC,GAIMgqC,YAG5B,OAFAhqC,EAAQgqC,iBAAclrC,GAEf,EAAA03B,EAAAA,oBAAmB/3B,EAAKuB,GAC5BF,MAAK,SAAU22B,GAGd,IAiBIgG,EAEF3H,EAoBF,OA7BI90B,EAAQgmC,aACVhnC,OAAOC,OAAOw3B,EAXY,CAC1BsP,OAAQ,OACR7yB,aAAc,oBACd7I,QAAS,OASArK,EAAQszB,KACjBt0B,OAAOC,OAAOw3B,EAPG,CACjBpsB,QAAS,UAeXyqB,GAAO,EAAA8S,EAAAA,cAAanpC,EAAKg4B,GAEzBgG,GADWz8B,EAAQgnB,aAAe8N,EAAKgS,SAAWhS,EAAK2S,eAC/B,EAAAC,EAAAA,sBAAqBjR,GAIzCA,EAAYuP,cAAwC,OAAxBvP,EAAYpsB,QAC/B,SAEoB,UAAxBosB,EAAYpsB,QACRrK,EAAQiqC,SAAW,YAAc,QAGjC,YAKX,IAAK,SACH,IAAIC,GAAgB,EAAAC,EAAAA,wBAAuB1rC,EAAKuB,EAAQ6J,QAAS4sB,EAAYlpB,OACzE68B,GAAW,EAAAC,EAAAA,WAAU5N,GACzB,OAAOyN,EACJpqC,MAAK,SAAUnB,GACd,OAAO,EAAAypC,EAAAA,qBAAoB3pC,EAAKg4B,EAAa93B,EAAsBm2B,EACrE,IACC/pB,SAAQ,WAC+B,MAAlCd,SAASC,KAAKgB,SAASk/B,KACH,QAAtB,EAAAA,EAASj/B,qBAAa,OAAtB,EAAwBC,YAAYg/B,GAExC,IAEJ,IAAK,QACH,IAAIE,EAIJ,GAAiC,sBAA7B7T,EAAYvjB,aAAsC,CACpD,IAAKzU,EAAI0H,SAASokC,8BAChB,MAAM,IAAI3qC,EAAAA,QAAa,sDAEzB0qC,GAAe,EAAAH,EAAAA,wBAAuB1rC,EAAKuB,EAAQ6J,QAAS4sB,EAAYlpB,MAC1E,CA6BA,OAzBIy8B,GACFA,EAAY/2B,SAAShU,OAAOw9B,GAIX,IAAIn9B,SAAQ,SAAUC,EAASI,GAChD,IAAI6qC,EAAcC,aAAY,WACvBT,IAAeA,EAAYU,SAC9BC,cAAcH,GACd7qC,EAAO,IAAIC,EAAAA,QAAa,wCAE5B,GAAG,KAGH0qC,EACGxqC,MAAK,SAAUnB,GACdgsC,cAAcH,GACdjrC,EAAQZ,EACV,IACC4G,OAAM,SAAUC,GACfmlC,cAAcH,GACd7qC,EAAO6F,EACT,GACJ,IAGG1F,MAAK,SAAUnB,GACd,OAAO,EAAAypC,EAAAA,qBAAoB3pC,EAAKg4B,EAAa93B,EAAsBm2B,EACrE,IACC/pB,SAAQ,WACHi/B,IAAgBA,EAAYU,QAC9BV,EAAY32B,OAEhB,IAEJ,IAAK,YAEH,IAAIu3B,GAAa,EAAAC,EAAAA,qBAAoBpsC,EAAKuB,EAAQ6J,QAAS7J,EAAQmT,QAAUsjB,EAAYlpB,OAIzF,IAAIy8B,EAIF,MAAM,IAAIpqC,EAAAA,QAAa,+BAGzB,OANEoqC,EAAY/2B,SAAShU,OAAOw9B,GAMvBmO,EACN9qC,MAAK,SAAUnB,GACd,OAAO,EAAAypC,EAAAA,qBAAoB3pC,EAAKg4B,EAAa93B,EAAsBm2B,EACrE,IAEF,QACE,MAAM,IAAIl1B,EAAAA,QAAa,gDAE7B,GACJ,EAjNA,cAOA,aASA,UACA,UACA,yEClBuG,SAEtE,kFAJjC,UACA,UACA,UAAuG,2kBAEtE,aA8DhC,OA9DgC,gCAA1B,WACLnB,EAAKmrC,EACLC,GAAsB,kFAGjBD,EAAmB,CAAF,+BACOnrC,EAAI+N,aAAaooB,YAAW,OAAvDgV,EAAoB,EAAH,KAAwCl8B,YAAW,UAEjEm8B,EAAe,CAAF,+BACOprC,EAAI+N,aAAaooB,YAAW,OAAnDiV,EAAgB,EAAH,KAAwCp8B,QAAO,UAGzDm8B,IAAsB,EAAA7J,EAAAA,eAAc6J,GAAkB,0CAClDtqC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,iDAA+C,WAGnFiqC,IAAkB,EAAA7J,EAAAA,WAAU6J,GAAc,0CACtCvqC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,6CAA2C,QAOnF,GAJKI,EAAe,CACnBD,IAAK6pC,EAAkBkB,YACvBlxB,OAAQ,MACRlM,YAAak8B,EAAkBl8B,cAG7BjP,EAAIuB,QAAQ28B,KAAM,CAAF,iCACIl+B,EAAIm+B,4BAA4B,EAAD,KAAK58B,GAAO,IAAE0N,YAAak8B,KAAoB,QAA9FloC,EAAU,EAAH,KACb1B,EAAQ0B,QAAUA,SACX1B,EAAQ0N,YAAY,kCAGtB,EAAAgP,EAAAA,aAAYje,EAAKuB,GACrBF,MAAK,SAAAirC,GAEJ,OAAIA,EAASC,MAAQnB,EAAcvH,OAAO0I,IACjCD,EAEFzrC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,0DACzC,IACC2F,OAAM,SAAUC,GAEf,GAAIA,aAAe2R,EAAAA,eAAiB1Y,EAAIuB,QAAQ28B,KAAM,CACpD,IAAQhvB,EAA4BnI,EAA5BmI,MAAO4J,EAAqB/R,EAArB+R,iBACf,MAAM,IAAIR,EAAAA,WAAWpJ,EAAO4J,EAC9B,CAGA,IAAK9Y,EAAIuB,QAAQ28B,KAAM,OACjB94B,EAAI2B,EAKR,GAJIA,aAAe6Q,EAAAA,cAAf7Q,MAA+BA,GAAS,QAAN,EAAHA,EAAK8Q,YAAI,OAAT,EAAW6G,gBAC5CtZ,EAAIsT,EAAAA,aAAamG,YAAY9X,EAAI8Q,KAAK6G,gBAGpCtZ,aAAasT,EAAAA,aAAc,CAC7B,MAAoCtT,EAA5B8J,EAAK,EAALA,MAAO4J,EAAgB,EAAhBA,iBACf,MAAM,IAAIR,EAAAA,WAAWpJ,EAAO4J,EAC9B,CACF,CAEA,MAAM/R,CACR,KAAE,6CACL,0FCtCM,SACL/G,EACAuB,GAED,IAEE,IAAKoT,iBACJ,MAAM,IAAIxT,EAAAA,aAAa,iFAGzB,IAAKI,EAAQ+qB,YACX,MAAM,IAAInrB,EAAAA,aAAa,2DAGpBI,EAAQuN,QACXvN,EAAQuN,OAAQ,EAAA09B,EAAAA,kBAMlB,IAaIC,EAbElB,GAAc,EAAAmB,EAAAA,WAAU,IAAKnrC,GAE7BmT,EAAU,IAAIC,iBAAiB,kBAAD,OAAmBpT,EAAQuN,QAwB/D,OAtBAvN,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAC7BhB,OAAOC,OAAOe,EAAS,CACrBqK,QAAS,QACT6I,aAAc,QACd82B,YAAAA,EACAC,UAAU,EACV92B,QAAAA,IAgBK,CACL+K,QAbc,IAAI5e,SAAuB,SAACC,EAASI,GAEnD,OADAurC,EAAgBvrC,GACT,EAAAyrC,EAAAA,UAAS3sC,EAAKuB,GACpBF,MAAK,SAACnB,GAAG,OAAKY,EAAQZ,EAAI,IAC1B4G,OAAM,SAAAC,GAAG,OAAI7F,EAAO6F,EAAI,GAC3B,IASEnG,OAPa,WACb8T,EAAQE,QACR63B,EAAc,IAAItrC,EAAAA,aAAa,uBACjC,EAMD,CACA,MAAO4F,GACN,MAAO,CACL0Y,QAAS5e,QAAQK,OAAO6F,GACxBnG,OAAQ,WAAO,EAElB,CACD,iBAjFO,SACLZ,EACAuB,GAEA,GAAI0J,UAAUtH,OAAS,EACrB,OAAO9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,yEAGzC,MAAmCI,EAA3BqrC,EAAW,EAAXA,YAAgB1nC,GAAM,kBAKxBqmC,GAAc,EAAAmB,EAAAA,WAAUE,QAAAA,EAAe,IAAK1nC,GAOlD,OANA3D,GAAU,EAAAuB,EAAAA,OAAMoC,IAAW,CAAC,EAC5B3E,OAAOC,OAAO0E,EAAQ,CACpB0G,QAAS,QACT6I,aAAc,oBACd82B,YAAAA,KAEK,EAAAoB,EAAAA,UAAS3sC,EAAKkF,EACvB,kBA3BA,UAEA,SACA,UACA,UAAkD,qFCCW,SAEvB,EAAD,iEANrC,UAEA,SACA,UACA,UAEqC,aAgBpC,OAhBoC,gCAA9B,WAA+BlF,EAA6BuB,GAAqB,kGAClF,EAAUoC,OAAS,GAAC,yCACf9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,6EAA2E,OAGrF,OAA/BI,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAAE,UAEL,EAAAw2B,EAAAA,oBAAmB/3B,EAAKuB,GAAQ,OAApDy2B,EAAc,EAAH,KACXngB,GAAO,EAAAqgB,EAAAA,iBAAgBl4B,EAAKg4B,GAC5BgG,EAAanmB,EAAKwe,KAAK2S,cAAe,EAAAC,EAAAA,sBAAqBjR,GACjEh4B,EAAImkB,mBAAmB0T,KAAKhgB,GACxB7X,EAAIuB,QAAQ2nC,YACdlpC,EAAIuB,QAAQ2nC,YAAYlL,GAExB/0B,OAAOuL,SAAShU,OAAOw9B,GACxB,4CACF,+EClBM,SAA0Bh+B,EAA6BuB,GAC5D,OAAI0J,UAAUtH,OAAS,EACd9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,8EAGzCI,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAC7BhB,OAAOC,OAAOe,EAAS,CACrB+lC,OAAQ,OACR7yB,aAAc,oBACd7I,QAAS,QAEJ,EAAA+gC,EAAAA,UAAS3sC,EAAKuB,GACvB,EAjBA,cAEA,SACA,iFC0BC,SAEyC,EAAD,qEA5BzC,SACA,UAGA,UAWA,UACA,UAEA,SAASsrC,EAAiB3sC,EAAoBinC,GAC5C,GAAIjnC,EAAW,OAAKA,EAAuB,kBACzC,MAAM,IAAIoY,EAAAA,WAAWpY,EAAW,MAAGA,EAAuB,mBAG5D,GAAIA,EAAI4O,QAAUq4B,EAAYr4B,MAC5B,MAAM,IAAI3N,EAAAA,aAAa,wDAE3B,CAEyC,aAiJxC,OAjJwC,gCAAlC,WACLnB,EACAg4B,EACA93B,EACAm2B,GAAiB,2GAEsB,IAAL,IAArBr2B,EAAIuB,QAAQurC,OAIZ5sC,EAAI2nC,OAAQ3nC,EAAI6sC,iBAAiB,yCACrC/sC,EAAIkO,MAAM0a,sBAAsBroB,OAAOC,OAAO,CAAC,EAAGw3B,EAAa,CACpE2P,kBAAmBznC,EAAI2nC,KACvBlf,gBAAiBzoB,EAAI6sC,mBACnB1W,IAAK,OAoBwB,GAjBnC2B,EAAcA,IAAe,EAAAoR,EAAAA,uBAAsBppC,GACnDq2B,EAAOA,IAAQ,EAAA8S,EAAAA,cAAanpC,EAAKg4B,GAE7Bzb,EAAeyb,EAAYzb,cAAgB,GAC1CjZ,MAAMC,QAAQgZ,IAAkC,SAAjBA,IAClCA,EAAe,CAACA,IAKhBgQ,EADErsB,EAAI+sB,MACG/sB,EAAI+sB,MAAM3V,MAAM,MAEhB,EAAAxU,EAAAA,OAAMk1B,EAAYzL,QAEvBvb,EAAWgnB,EAAYhnB,UAAYhR,EAAIuB,QAAQyP,SAGrD67B,EAAiB3sC,EAAK83B,IAElBA,EAAYkG,KAAM,CAAF,gBACO,IAA6B,QADpC,EACuB,QADvB,EACYl+B,EAAIuB,eAAO,aAAX,EAAayrC,mBAAW,QAAI,CAAEC,mBAAmB,IAAvEA,mBAIqC,SAAnB/sC,EAAIgtC,WAAqB,uBAC3C,IAAI/rC,EAAAA,aAAa,0FAAyF,QAoDnH,GAhDKgsC,EAAY,CAAC,EACbC,EAAYltC,EAAImtC,WAChBvH,EAAY5lC,EAAIgtC,WAChBj+B,EAAc/O,EAAIotC,aAClBt+B,EAAU9O,EAAIqtC,SACdv9B,EAAe9P,EAAIqoC,cACnBt7B,EAAM/F,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAE9BgC,IACIu+B,EAAYxtC,EAAIkO,MAAM08B,OAAO37B,GACnCk+B,EAAUl+B,YAAc,CACtBA,YAAaA,EACb40B,OAAQ2J,EAAUj2B,QAClB5N,UAAW6kB,OAAO4e,GAAangC,EAC/B64B,UAAWA,EACXvZ,OAAQA,EACRyc,aAAc3S,EAAK2S,aACnBqD,YAAahW,EAAKgW,aAGhBrU,EAAY+N,aACdoH,EAAUl+B,YAAY82B,WAAa/N,EAAY+N,YAG7C/N,EAAYkP,cACdiG,EAAUl+B,YAAYi4B,YAAclP,EAAYkP,cAIhDl3B,IACFm9B,EAAUn9B,aAAe,CACvBA,aAAcA,EAGdrG,UAAW6kB,OAAO4e,GAAangC,EAC/Bsf,OAAQA,EACR8b,SAAUhS,EAAKgS,SACfW,aAAc3S,EAAK2S,aACnBvrB,OAAQ4Y,EAAK5Y,QAGXua,EAAY+N,aACdoH,EAAUn9B,aAAa+1B,WAAa/N,EAAY+N,YAG9C/N,EAAYkP,cACdiG,EAAUn9B,aAAak3B,YAAclP,EAAYkP,eAIjDl4B,EAAS,CAAF,gBA0BR,OAzBKy+B,EAAQztC,EAAIkO,MAAM08B,OAAO57B,GACzB0+B,EAAsB,CAC1B1+B,QAASA,EACT60B,OAAQ4J,EAAMl2B,QACd5N,UAAW8jC,EAAMl2B,QAAQo2B,IAAOF,EAAMl2B,QAAQqvB,IAAO35B,EACrDsf,OAAQA,EACRyc,aAAc3S,EAAK2S,aACnBvrB,OAAQ4Y,EAAK5Y,OACbzM,SAAUA,GAGRgnB,EAAYkP,cACdwG,EAAWxG,YAAclP,EAAYkP,aAGjC0G,EAAsC,CAC1C58B,SAAUA,EACVyM,OAAQ4Y,EAAK5Y,OACbqP,MAAOkL,EAAYlL,MACnB7d,YAAaA,EACb4d,UAAWmL,EAAYnL,gBAGWxsB,IAAhC23B,EAAY5B,kBACdwX,EAAiBxX,gBAAkB4B,EAAY5B,iBAChD,WAEK,EAAAiV,EAAAA,aAAYrrC,EAAK0tC,EAAYE,GAAiB,QACpDT,EAAUn+B,QAAU0+B,EAAW,YAIM,IAAnCnxB,EAAapS,QAAQ,UAAoBgjC,EAAUl+B,YAAW,uBAE1D,IAAI9N,EAAAA,aAAa,iHAAgH,YAE/F,IAAtCob,EAAapS,QAAQ,aAAuBgjC,EAAUn+B,QAAO,uBAEzD,IAAI7N,EAAAA,aAAa,gHAA+G,iCAGjI,CACL6S,OAAQm5B,EACRr+B,MAAO5O,EAAI4O,MACX+4B,KAAM3nC,EAAI2nC,KACVtrB,aAAAA,IACD,6CAEF,m3DChLD,+NACA,8NACA,+NACA,+NACA,+NACA,+NACA,+NACA,8NACA,+NAEA,cACA,UACA,UACA,SACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,4ECZE,SAGkC,qEAdpC,UACA,QACA,UACA,SACA,UACA,UAEMsxB,EAAU,CACd5+B,YAAa,eACbD,QAAS,WACTgB,aAAc,iBAIoB,aAyCnC,OAzCmC,gCAA7B,WAA+BhQ,EAAK8tC,EAAiB5/B,GAAa,+FAOtE,GALG8C,EAAmBhR,EAAIuB,QAAQyP,SAC/B+b,EAAmC/sB,EAAIuB,QAAQwrB,aAE9C7e,IACHA,EAAQlO,EAAI+N,aAAaooB,YAAY2X,IAGlC5/B,EAAO,CAAF,qBACF,IAAI/M,EAAAA,aAAa,kBAAD,OAAmB2sC,EAAI,6BAA2B,OASpC,GAAtCrwB,GALEA,EADEqwB,IAASC,EAAAA,UAAUC,OACN,QAAL,EAAA9/B,SAAK,aAAN,EAAgBuP,OAGV,QAAL,EAAAvP,SAAK,OAAgB,QAAhB,EAAN,EAAgB21B,cAAM,WAAhB,EAAN,EAAwBoK,MAEhBjuC,EAAIuB,QAAQkc,OAE1BzM,EAAU,CAAF,qBACL,IAAI7P,EAAAA,aAAa,kFAAiF,UAErGsc,EAAQ,CAAF,sBACH,IAAItc,EAAAA,aAAa,yBAAwB,0BAGQ,EAAAsnC,EAAAA,cAAazoC,EAAKyd,GAAO,QAMvE,OANuE,SAAlDywB,EAAa,EAArCC,uBACFC,EAAarhB,GAAe,EAAAnX,EAAAA,MAAI,UAAI5E,EAAQ,YAAI+b,KAAkB,EAAAnX,EAAAA,MAAK5E,GACvEhQ,GAAO,EAAAwE,EAAAA,eAAc,CAEzB6oC,gBAAiBR,EAAQC,GACzB5/B,MAAOA,EAAM4/B,KACZjlC,MAAM,GAAE,mBACJ,EAAApH,EAAAA,MAAKzB,EAAKkuC,EAAeltC,EAAM,CACpCiC,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAAWmrC,MAE9B,6CACH,6FCxDM,SAQNE,GACC,OAAO,SAAP,0BApBwD,IAoBxD,GApBwD,EAoBxD,EApBwD,kbAoBxD,yCAAO,EAAP,sBAyCG,OAzCH,4CACE,SAAex6B,EAAqBhF,GAEXy/B,EAAAA,QAAetmC,oBACvBwB,QAAQ+kC,EAAAA,0BAA2B16B,IAGlDhF,EAAQA,GAAS3O,KAAKoB,QAAQuN,QAEN3O,KAAK+e,eAAeuvB,wBAC5BhlC,QAAQqF,EAAOgF,EAEjC,GAAC,4BAED,SAAehF,GAGb,GADAA,EAAQA,GAAS3O,KAAKoB,QAAQuN,MACnB,CACT,IACMgF,EADgB3T,KAAK+e,eAAeuvB,wBACRjlC,QAAQsF,GAC1C,GAAIgF,EACF,OAAOA,CAEX,CAGA,IAAMhS,EAAUysC,EAAAA,QAAetmC,oBAC/B,OAAOnG,GAAUA,EAAQ0H,QAAQglC,EAAAA,iCAA0CnuC,CAC7E,GAAC,+BAED,SAAkByO,GAOhB,GALgBy/B,EAAAA,QAAetmC,oBACvB4B,WAAW2kC,EAAAA,2BAGnB1/B,EAAQA,GAAS3O,KAAKoB,QAAQuN,MACnB,CACT,IAAM4/B,EAAgBvuC,KAAK+e,eAAeuvB,wBAC1CC,EAAc7kC,YAAc6kC,EAAc7kC,WAAWiF,EACvD,CACF,KAAC,EAzCI,CAA8Bw/B,EA2CvC,uEAhEA,UACA,oFC+CO,SAUL7rC,EACAuQ,GAEF,MAEE,OAAO,EAAP,mCAhB0C,IA6WvC,EAtBA,EA/EA,EAjDA,EAnBA,EATA,EA1BA,EAhBA,EApBA,EAxBA,EAzCA,EA5CH,GAhB0C,EAgB1C,EAhB0C,kbA6BxC,aAA4B,uDAAbhS,EAAI,yBAAJA,EAAI,gBAsBsB,OArBvC,+BAASA,KAAM,wWAEf,EAAKmjB,mBAAqB,IAAInR,EAA8BzS,OAAOC,OAAO,CACxE0e,eAAgB,EAAKA,gBACpB,EAAK3d,QAAQ4iB,qBAEhB,EAAK2oB,KAAO,CACV6B,8BAA+BC,EAAAA,QAAKD,8BACpCE,iBAAkBD,EAAAA,QAAKC,iBACvBC,iBAAkBF,EAAAA,QAAKE,kBAGzB,EAAKthC,SAAW,CAAEuhC,aAAa,GAE/B,EAAKC,YAAc,IAAInhC,EAAAA,aAEvB,EAAKK,OAAQ,EAAA+gC,EAAAA,iBAAc,gBAAO,EAAKD,aAGvC,EAAKjhC,aAAe,IAAI0xB,EAAAA,cAAa,EAAD,cAAO,EAAKl+B,QAAQwM,cAExD,EAAKmhC,WAAY,EAAAC,EAAAA,kBAAe,iBAAO,CACzC,CAqVC,OArVA,0CAGD,YACE,wEAGAhvC,KAAK4N,aAAagoB,OACpB,GAAC,8DAKD,wHAOmB,GAPGx0B,EAAkC,EAAH,6BAAG,CAAC,EAAC,EAEtBpB,KAAK4N,aAAa0C,aAA5CC,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAEb6xB,EAAcjhC,EAAQ6tC,eAA4C,UAA3B7tC,EAAQ6tC,eAA6B1+B,EAC5E2+B,EAAe9tC,EAAQ6tC,eAA4C,WAA3B7tC,EAAQ6tC,eAA8Bz+B,EAAU,EAExExQ,KAAK4N,aAAagC,kBAAlCd,EAAW,EAAXA,eACa9O,KAAK4N,aAAauhC,WAAWrgC,GAAY,iBAClC,GAAxBA,OAAc5O,GACVmiC,EAAa,CAAF,0CAESriC,KAAK4N,aAAaw0B,MAAM,eAAc,QAA1DtzB,EAAc,EAAH,uFAIJogC,GACTlvC,KAAK4N,aAAa7C,OAAO,eAC1B,QAGU,GAHV,EAGe/K,KAAK4N,aAAagC,kBAA9Bf,EAAO,EAAPA,WACS7O,KAAK4N,aAAauhC,WAAWtgC,GAAQ,iBAC9B,GAApBA,OAAU3O,GACNmiC,EAAa,CAAF,2CAEKriC,KAAK4N,aAAaw0B,MAAM,WAAU,QAAlDvzB,EAAU,EAAH,wFAIAqgC,GACTlvC,KAAK4N,aAAa7C,OAAO,WAC1B,oCAGO+D,IAAeD,IAAQ,kEAClC,8GAGD,4GACmD,GAAzC8E,GADejR,EAAkC,EAAH,6BAAG,CAAC,GAClDiR,YAAgBy7B,GAAgB,aAAK1sC,EAAI,IAC9C1C,KAAKqN,SAASuhC,YAAa,CAAF,gDAcN,OATtB5uC,KAAKqN,SAASuhC,aAAc,EAAK,SAG3Bj7B,GACF3T,KAAKqvC,eAAe17B,GAEhB5O,EAAS3E,OAAOC,OAAO,CAE3B+rB,OAAQpsB,KAAKoB,QAAQgrB,QAAU,CAAC,SAAU,QAAS,YAClDgjB,GAAiB,UACdpvC,KAAK+N,MAAM+7B,gBAAgB/kC,GAAO,QAEN,OAFM,UAExC/E,KAAKqN,SAASuhC,aAAc,EAAM,2EAErC,mGAED,8FAC8B,OAD9B,EACmC5uC,KAAK4N,aAAagC,gBAA3Cf,EAAO,EAAPA,QAASC,EAAW,EAAXA,YAAW,kBACrB9O,KAAK+N,MAAMg9B,YAAYj8B,EAAaD,IAAQ,gDACpD,qEAED,WACE,IAAQA,EAAY7O,KAAK4N,aAAagC,gBAA9Bf,QACR,OAAOA,EAAUA,EAAQA,aAAU3O,CACrC,GAAC,4BAED,WACE,IAAQ4O,EAAgB9O,KAAK4N,aAAagC,gBAAlCd,YACR,OAAOA,EAAcA,EAAYA,iBAAc5O,CACjD,GAAC,6BAED,WACE,IAAQ2P,EAAiB7P,KAAK4N,aAAagC,gBAAnCC,aACR,OAAOA,EAAeA,EAAaA,kBAAe3P,CACpD,GAAC,oEAED,kGACqB,GADrB,EAC0BF,KAAK4N,aAAagC,kBAAlCd,EAAW,EAAXA,cACY9O,KAAK4N,aAAauhC,WAAWrgC,GAAY,yCACpDA,EAAYA,aAAW,OAGkC,OAHlC,SAGxBlL,EAAM5D,KAAK4N,aAAam0B,oBAAoB,eAAc,SAC5C/hC,KAAK4N,aAAaw0B,MAAMx+B,QAAAA,EAAO,eAAc,OAAtD,OAALmK,EAAQ,EAAH,uBAC+B,QAD/B,EACHA,aAAK,EAALA,EAAuBe,mBAAW,QAAI,MAAI,QAGlB,OAHkB,0BAGlD9O,KAAKqH,QAAQ2H,KAAK,QAAS,EAAF,IAAO,kBACzB,MAAI,0DAEd,mHAKD,4GACyChP,KAAK+N,MAAMi8B,eAAc,gBAAxDn2B,EAAM,EAANA,OACa,SADO,EAAZuI,cAEdpc,KAAK4N,aAAakG,UAAUD,GAC7B,gDACF,0EAED,WACE,OAAO,EAAAH,EAAAA,iBAAgB1T,KACzB,GAAC,oBAED,WACE,QAASA,KAAKoB,QAAQurC,IACxB,GAAC,6BAED,SAAgBvwB,GACd,OAAO,EAAAkzB,EAAAA,iBAAgBlzB,EAAcpc,KAAKoB,QAC5C,GAAC,qCAED,WACE,OAAOpB,KAAKsvC,gBAAgB,OAC9B,GAAC,8DAGD,WAAsBluC,GAAuB,gFACtCA,EAAQ0N,YAAa,CAAF,+BACK9O,KAAK4N,aAAaooB,YAAW,OAAlDlnB,EAAc,EAAH,KAAyCA,YAC1D1N,EAAQ0N,YAAcA,aAAW,EAAXA,EAAaA,YAAY,iCAE1C,EAAAgP,EAAAA,aAAY9d,KAAMoB,IAAQ,gDAClC,8GAGD,WAAwB0N,GAAyB,kFAC1CA,EAAa,CAAF,gCACO9O,KAAK4N,aAAaooB,YAAW,OAGT,GAHnCniB,EAAS,EAAH,KACZ/E,EAAc+E,EAAO/E,YACfygC,EAAiBvvC,KAAK4N,aAAam0B,oBAAoB,eAC7D/hC,KAAK4N,aAAa7C,OAAOwkC,IAErBvvC,KAAKoB,QAAQ28B,KAAM,CAAF,kCACb,EAAAyR,EAAAA,6BAA4B,SAAU37B,GAAO,WAIlD/E,EAAa,CAAF,yCACPpO,QAAQC,QAAQ,OAAK,iCAEvBX,KAAK+N,MAAM48B,OAAO77B,IAAY,iDACtC,+GAGD,WAAyBe,GAA2B,kFAC7CA,EAAc,CAAF,gCACM7P,KAAK4N,aAAaooB,YAAW,OAGR,GAHpCniB,EAAS,EAAH,KACZhE,EAAegE,EAAOhE,aAChB4/B,EAAkBzvC,KAAK4N,aAAam0B,oBAAoB,gBAC9D/hC,KAAK4N,aAAa7C,OAAO0kC,IAErBzvC,KAAKoB,QAAQ28B,KAAM,CAAF,kCACb,EAAAyR,EAAAA,6BAA4B,UAAW37B,GAAO,WAInDhE,EAAc,CAAF,yCACRnP,QAAQC,QAAQ,OAAK,iCAEvBX,KAAK+N,MAAM48B,OAAO96B,IAAa,iDACvC,iFAED,WAA+D,IAAzCzO,EAAqC,UAAH,6CAAG,CAAC,EAExDyN,EAGEzN,EAHFyN,QACA6gC,EAEEtuC,EAFFsuC,sBACA/gC,EACEvN,EADFuN,MAKF,GAHKE,IACHA,EAAU7O,KAAK4N,aAAagC,gBAAgBf,UAEzCA,EACH,MAAO,QAEqB3O,IAA1BwvC,IACFA,EAAwB1vC,KAAKoB,QAAQsuC,uBAGvC,IAAMC,GAAY,EAAA3G,EAAAA,cAAahpC,MAAM2vC,UAC/BC,EAAc/gC,EAAQA,QACxBghC,EAAYF,EAAY,kBAAoBv0B,mBAAmBw0B,GASnE,OARIF,IACFG,GAAa,6BAA+Bz0B,mBAAmBs0B,IAG7D/gC,IACFkhC,GAAa,UAAYz0B,mBAAmBzM,IAGvCkhC,CACT,GAAC,sDAID,WAAczuC,GAAwB,2GAgCnC,GA/BDA,EAAUhB,OAAOC,OAAO,CAAC,EAAGe,GAGtB0uC,EAAahnC,OAAOuL,SAAS1I,OAC7BokC,EAAajnC,OAAOuL,SAAS1P,KAK7B+qC,EAA0D,OAAlCtuC,EAAQsuC,sBAAiC,KACpEtuC,EAAQsuC,uBACN1vC,KAAKoB,QAAQsuC,uBACbI,EACCnhC,EAAe,QAAV,EAAGvN,SAAO,aAAP,EAASuN,MAGnBG,EAAc1N,EAAQ0N,YACtBe,EAAezO,EAAQyO,aACrBmgC,GAAkD,IAA9B5uC,EAAQ4uC,mBAC5BC,GAAoD,IAA/B7uC,EAAQ6uC,0BAEe,IAAjBpgC,IAC/BA,EAAe7P,KAAK4N,aAAagC,gBAAgBC,cAG/CmgC,QAA4C,IAAhBlhC,IAC9BA,EAAc9O,KAAK4N,aAAagC,gBAAgBd,aAG7C1N,EAAQyN,UACXzN,EAAQyN,QAAU7O,KAAK4N,aAAagC,gBAAgBf,UAGlDohC,IAAsBpgC,EAAY,kCAC9B7P,KAAKiwC,mBAAmBpgC,GAAa,YAGzCmgC,IAAqBlhC,EAAW,kCAC5B9O,KAAKgwC,kBAAkBlhC,GAAY,QAG2B,GAAhE82B,EAAoC,QAA1B,EAAc,QAAd,EAAG92B,SAAW,aAAX,EAAa82B,kBAAU,QAAgB,QAAhB,EAAI/1B,SAAY,aAAZ,EAAc+1B,YACxD5lC,KAAKoB,QAAQ28B,OAAQ6H,EAAU,mCAC3B,EAAAL,EAAAA,kBAAiBK,GAAW,QAG+C,GAA7EiK,EAAY7vC,KAAKkwC,sBAAsB,EAAD,KAAM9uC,GAAO,IAAEsuC,sBAAAA,KAG3C,CAAF,iCAEgB1vC,KAAKmwC,eAAc,QAU9C,OAVKC,EAAgB,EAAH,KACbjkB,EAAc,IAAI7D,IAAIonB,GAAyBI,GACjDnhC,GACFwd,EAAY5D,aAAa8nB,OAAO,QAAS1hC,GAEvC+gC,IAA0BK,EAE5BjnC,OAAOuL,SAAS1P,KAAOwnB,EAAYxnB,KAEnCmE,OAAOuL,SAAShU,OAAO8rB,EAAYxnB,MACpC,kBACMyrC,GAAa,QASc,OAP9BhvC,EAAQkvC,0BAEVtwC,KAAK4N,aAAagoB,QAElB51B,KAAK4N,aAAa2iC,wBAGpBznC,OAAOuL,SAAShU,OAAOwvC,GAAW,mBAC3B,GAAI,iDAEd,wHAED,WAAmC9qC,GAAmB,sFAC/C/E,KAAKoB,QAAQ28B,KAAM,CAAF,qBACd,IAAI/8B,EAAAA,aAAa,mDAAkD,OAM1E,IAHK8N,EAAgB/J,EAAhB+J,eAEJA,EAAe9O,KAAK4N,aAAagC,gBAAiBd,aAG/CA,EAAa,CAAF,qBACR,IAAI9N,EAAAA,aAAa,oDAAmD,wBAGtD,EAAAooC,EAAAA,aAAuB,QAAZ,EAACt6B,SAAW,aAAX,EAAa82B,YAAW,OAA7C,OAAPN,EAAU,EAAH,gBACO,EAAAO,EAAAA,mBAAiB,OAAK9gC,GAAM,IAAEugC,QAAAA,EAASx2B,YAAaA,EAAYA,eAAa,QAAtF,OAALg5B,EAAQ,EAAH,uBACJ,CACL7J,cAAe,QAAF,OAAUnvB,EAAYA,aACnCovB,KAAM4J,IACP,iDACF,6GAED,4GAAsC,KAAN,iCAChB,CAAF,yCACH,EAAA0I,EAAAA,yBAAsB,uBAGVxwC,KAAK4N,aAAaooB,YAAW,OAC+B,GAD3EniB,EAAS,EAAH,OACNyxB,GAA4B,QAAlB,EAAAzxB,EAAO/E,mBAAW,aAAlB,EAAoB82B,cAAiC,QAAvB,EAAI/xB,EAAOhE,oBAAY,aAAnB,EAAqB+1B,aAE1D,CAAF,kCACH,EAAAL,EAAAA,kBAAiBD,GAAQ,iDAElC,iFAED,SAAwBxiC,GACtB,IAAM2tC,EAAUl4B,EAAAA,aAAaiG,yBAAyB1b,GAChD4tC,EAASn4B,EAAAA,aAAamG,YAAY+xB,QAAAA,EAAW,IACnD,IAAI,EAAAzI,EAAAA,kBAAiB0I,GAAS,SACxB/jB,EAAuB,KAK3B,OAJI,EAAAxT,EAAAA,YAAYrW,aAAO,EAAPA,EAAqBlB,OACnC+qB,EAAS7pB,EAAoBlB,IAAI,eAEG,QAAjC,EAAQ,QAAR,EAAG+qB,SAAK,QAAI7pB,EAAQ,qBAAa,QAAIA,EAAQ,aAEpD,CAEA,OAAO,IACT,KAAC,EAzXH,EADwB,EAAA6tC,EAAAA,oBAAmBruC,KACO,wBAGrB6T,GAAM,CAyXrC,oJA3bA,UAEA,SAKA,EAwC4C,qbAxC5C,UAyBA,aACA,UACA,UACA,UACA,UAQA,UAGA,UAA4C,kyBC9BrC,SAUL7T,EACAuQ,GAGA,OAAO,SAAP,0BAjByD,IAiBzD,GAjByD,EAiBzD,EAjByD,kbAsBvD,aAA4B,uDAAbhS,EAAI,yBAAJA,EAAI,gBAO4B,OAN7C,+BAASA,KAAM,0GAEf,EAAKmjB,mBAAqB,IAAInR,EAA8BzS,OAAOC,OAAO,CACxE0e,eAAgB,EAAKA,gBACpB,EAAK3d,QAAQ4iB,qBAEhB,EAAKjW,OAAQ,EAAA6iC,EAAAA,qBAAkB,iBAAc,CAC/C,CAgBC,OAhBA,6CAED,WACE,OAAO,EAAAl9B,EAAAA,iBAAgB1T,KACzB,GAAC,oBAED,WACE,QAASA,KAAKoB,QAAQurC,IACxB,GAAC,6BAED,SAAgBvwB,GACd,OAAO,EAAAkzB,EAAAA,iBAAgBlzB,EAAcpc,KAAKoB,QAC5C,GAAC,qCAED,WACE,OAAOpB,KAAKsvC,gBAAgB,OAC9B,KAAC,EA7BI,CAA4BhtC,EAiCrC,iGAnDA,UACA,2FC2CO,WAEL,OAAO,SAAP,0BAhCmD,IAgCnD,GAhCmD,EAgCnD,EAhCmD,kbA4EjD,WAAYlB,GAAc,MA0DvB,OA1DuB,qBACxB,cAAMA,IAAS,28CA3ErB,SAA2BP,GAGzB,IAAIurB,GAFJvrB,EAAOA,GAAQ,CAAC,GAEEurB,OAClB,GAAIA,IAAWjpB,MAAMC,QAAQgpB,GAC3B,MAAM,IAAIprB,EAAAA,QAAa,kGAKzB,IAAIsc,EAASzc,EAAKyc,OAClB,IAAKA,EACH,MAAM,IAAItc,EAAAA,QAAa,iIAKzB,IADiB,IAAI6vC,OAAO,iBACZx2B,KAAKiD,GACnB,MAAM,IAAItc,EAAAA,QAAa,4HAIzB,IAAuC,IAAnCsc,EAAOtT,QAAQ,eACjB,MAAM,IAAIhJ,EAAAA,QAAa,yIAG3B,CAmDM8vC,CAAkB1vC,GAElB,EAAKkc,QAAS,EAAAyzB,EAAAA,qBAAoB3vC,EAAQkc,QAC1C,EAAK4qB,UAAW,EAAA6I,EAAAA,qBAAoB3vC,EAAQ8mC,UAC5C,EAAKW,cAAe,EAAAkI,EAAAA,qBAAoB3vC,EAAQynC,cAChD,EAAKqD,aAAc,EAAA6E,EAAAA,qBAAoB3vC,EAAQ8qC,aAC/C,EAAK8E,WAAY,EAAAD,EAAAA,qBAAoB3vC,EAAQ4vC,WAC7C,EAAKrB,WAAY,EAAAoB,EAAAA,qBAAoB3vC,EAAQuuC,WAE7C,EAAKhD,MAAwB,IAAjBvrC,EAAQurC,KACpB,EAAK97B,SAAWzP,EAAQyP,SACxB,EAAKsb,YAAc/qB,EAAQ+qB,aACvB,EAAA7R,EAAAA,eACF,EAAK6R,aAAc,EAAA8kB,EAAAA,eAAc7vC,EAAQ+qB,YAAarjB,OAAOuL,SAAS1I,SAExE,EAAKyQ,aAAehb,EAAQgb,aAC5B,EAAK9H,aAAelT,EAAQkT,aAC5B,EAAK3F,MAAQvN,EAAQuN,MACrB,EAAKyd,OAAShrB,EAAQgrB,OAEtB,EAAK6J,kBAAoB70B,EAAQ60B,gBACjC,EAAK5J,cAAgBjrB,EAAQirB,cAC7B,EAAKC,oBAAsBlrB,EAAQkrB,oBACnC,EAAKI,UAAYtrB,EAAQsrB,UACzB,EAAKD,OAASrrB,EAAQqrB,OACtB,EAAKsR,MAAwB,IAAjB38B,EAAQ28B,KACpB,EAAK8O,YAAc,EAAH,CACdC,mBAAmB,GAChB1rC,EAAQyrC,aAGb,EAAKj/B,aAAexM,EAAQwM,aAC5B,EAAK8hC,sBAAwBtuC,EAAQsuC,sBACrC,EAAKt7B,mBAAqBhT,EAAQgT,mBAClC,EAAK4P,mBAAqB,EAAH,CAAK6e,oBAAAA,EAAAA,qBAAwBzhC,EAAQ4iB,oBAE5D,EAAK4I,aAAexrB,EAAQwrB,aAC5B,EAAKmc,YAAc3nC,EAAQ2nC,YAK3B,EAAKmI,iBAAmB9vC,EAAQ8vC,eAS3B9vC,EAAQ+vC,cAAyC,IAAzB/vC,EAAQ+vC,aAGnC,EAAKA,aAAe/vC,EAAQ+vC,aAF5B,EAAKA,aAAeC,EAAAA,uBAGrB,CAEH,CAAC,uBAxGI,EADwB,EAAAC,EAAAA,gCA2GjC,iGAzJA,UACA,UACA,SACA,UAWA,UACA,aAAqD,0oBC3Bb,uBAAL,qCCAnC,sSCoFC,SAEkC,EAAD,+FAzElC,UACA,UAQA,SACA,UAwBO,SAASC,EAAgBzxC,GAE9B,IAAI0xC,EAAsB1xC,EAAIuB,QAAQurC,KAAO,QAAU,WAEvD,OADmB9sC,EAAIuB,QAAQkT,cAAgBi9B,CAEjD,CAEO,SAASv9B,EAA0BnU,EAAKuB,GAC7CA,EAAUA,GAAW,CAAC,GAClB,EAAAkd,EAAAA,UAASld,KACXA,EAAU,CAAED,IAAKC,IAKnB,IAGIowC,EAHArwC,EAAMC,EAAQD,IACdmT,EAAelT,EAAQkT,cAAgBg9B,EAAgBzxC,GACvD4xC,EAAY5xC,EAAIkO,MAAMi8B,aAAaI,eASvC,KALEoH,EADmB,UAAjBl9B,EACSnT,EAAMA,EAAIm0B,UAAUn0B,EAAI6I,QAAQ,MAAQynC,EAAU/sB,OAElDvjB,EAAMA,EAAIm0B,UAAUn0B,EAAI6I,QAAQ,MAAQynC,EAAU96B,MAI7D,MAAM,IAAI3V,EAAAA,aAAa,wCAGzB,OAAO,EAAAyjB,EAAAA,mBAAkB+sB,EAC3B,CAEO,SAASE,EAA0B7xC,EAAKuB,GAG5B,WADIA,EAAQkT,cAAgBg9B,EAAgBzxC,IA9C/D,SAAsBA,GACpB,IAAI8xC,EAAgB9xC,EAAIkO,MAAMi8B,aAAaE,cACvC0H,EAAY/xC,EAAIkO,MAAMi8B,aAAaK,eACnCoH,EAAY5xC,EAAIkO,MAAMi8B,aAAaI,eACnCuH,GAAiBA,EAAcE,aACjCF,EAAcE,aAAa,KAAMD,EAAUE,MAAOL,EAAUM,SAAWN,EAAU96B,MAEjF86B,EAAU/sB,OAAS,EAEvB,CAsC6BstB,CAAanyC,GA1D1C,SAAoBA,GAClB,IAAI8xC,EAAgB9xC,EAAIkO,MAAMi8B,aAAaE,cACvC0H,EAAY/xC,EAAIkO,MAAMi8B,aAAaK,eACnCoH,EAAY5xC,EAAIkO,MAAMi8B,aAAaI,eACnCuH,GAAiBA,EAAcE,aACjCF,EAAcE,aAAa,KAAMD,EAAUE,MAAOL,EAAUM,SAAWN,EAAU/sB,QAEjF+sB,EAAU96B,KAAO,EAErB,CAiDiDs7B,CAAWpyC,EAC5D,CAEkC,aA4CjC,OA5CiC,gCAA3B,WAA4BA,EAAKuB,GAAsC,mFAY1E,GAXFA,EAAUA,GAAW,CAAC,GAClB,EAAAkd,EAAAA,UAASld,KACXA,EAAU,CAAED,IAAKC,IAKbrB,EAAqBiU,EAA0BnU,EAAKuB,GACpDuN,EAAQ5O,EAAI4O,MACZq4B,EAA+BnnC,EAAImkB,mBAAmBC,KAAK,CAC/DtV,MAAAA,IAEgB,CAAF,mBACV9O,EAAIuB,QAAQurC,KAAM,CAAF,qBAEZ,IAAI3rC,EAAAA,aAAa,+JAA2Jd,GAAU,aAExL,IAAIc,EAAAA,aAAa,yDAAwD,OAQhF,OANKk1B,EAAmB8Q,EAAY9Q,YAC9B8Q,EAAY9Q,KAEd90B,EAAQD,KAEXuwC,EAA0B7xC,EAAKuB,GAChC,mBAEM,EAAAooC,EAAAA,qBAAoB3pC,EAAKmnC,EAAajnC,EAAKm2B,GAC/CvvB,OAAM,SAAAC,GAML,MALK,EAAAmf,EAAAA,4BAA2Bnf,IAC9B/G,EAAImkB,mBAAmB4R,MAAM,CAC3BjnB,MAAAA,IAGE/H,CACR,IACC1F,MAAK,SAAAnB,GAIJ,OAHAF,EAAImkB,mBAAmB4R,MAAM,CAC3BjnB,MAAAA,IAEK5O,CACT,KAAE,6CAEL,qFClGA,SAGgC,EAAD,iEAvBhC,UACA,UACA,UACA,SAEA,SAASmyC,IACP,MAAM,IAAIlxC,EAAAA,aACR,qFAEJ,CAGA,SAASmxC,EAAeC,EAAsBv+B,GAC5C,OAAI,EAAAutB,EAAAA,WAAUgR,GACLv+B,EAAOhF,SAEZ,EAAAsyB,EAAAA,eAAciR,GACTv+B,EAAO/E,iBAEhBojC,GACF,CAGgC,aAmC/B,OAnC+B,gCAAzB,WAA0BryC,EAA6BkO,GAAY,6FAK3B,IAJxC,EAAAqzB,EAAAA,WAAUrzB,KAAW,EAAAozB,EAAAA,eAAcpzB,IACtCmkC,MAGEr+B,EAAShU,EAAI+N,aAAagC,iBACnBC,aAAc,CAAF,gCACN,EAAAi7B,EAAAA,wBAAuBjrC,EAAK,CACzCusB,OAAQre,EAAMqe,QACbvY,EAAOhE,cAAa,OAFjB,OAANgE,EAAS,EAAH,uBAGCs+B,EAAepkC,EAAO8F,IAAO,OAYoC,OAPxEuI,EADEvc,EAAIuB,QAAQurC,KACC,QACN,EAAAxL,EAAAA,eAAcpzB,GACR,QAEA,WAGTqe,GAFP,EAE8Ere,GAAvEqe,OAAQyc,EAAY,EAAZA,aAAcqD,EAAW,EAAXA,YAAa5uB,EAAM,EAANA,OAAQsoB,EAAU,EAAVA,WAAYmB,EAAW,EAAXA,YAAW,mBACnE,EAAAuD,EAAAA,kBAAiBzqC,EAAK,CAC3Buc,aAAAA,EACAgQ,OAAAA,EACAyc,aAAAA,EACAqD,YAAAA,EACA5uB,OAAAA,EACAsoB,WAAAA,EACAmB,YAAAA,IAEC7lC,MAAK,SAAUnB,GACd,OAAOoyC,EAAepkC,EAAOhO,EAAI8T,OACnC,KAAE,6CACL,sFCtD8C,SAIb,EAAD,iEARjC,UAEA,UACA,SACA,UAIiC,aA6ChC,OA7CgC,gCAA1B,WAA2BhU,EAAKuB,GAA2B,qGACE,KAA5DyS,EAAwB,QAAlB,EAAU,QAAV,EAAGzS,SAAO,aAAP,EAASyS,cAAM,QAAIhU,EAAI+N,aAAagC,iBACxCC,aAAc,CAAF,yCACd,EAAAi7B,EAAAA,wBAAuBjrC,EAAKuB,GAAW,CAAC,EAAGyS,EAAOhE,eAAa,UAGnEgE,EAAO/E,aAAgB+E,EAAOhF,QAAO,sBAClC,IAAI7N,EAAAA,aAAa,2DAA0D,OAKhC,GAF7C8N,EAAc+E,EAAO/E,aAAe,CAAC,EACrCD,EAAUgF,EAAOhF,SAAW,CAAC,EAC7Bud,EAAStd,EAAYsd,QAAUvd,EAAQud,OAChC,CAAF,sBACH,IAAIprB,EAAAA,aAAa,sDAAqD,QAET,GAA/D6nC,EAAe/5B,EAAY+5B,cAAgBh6B,EAAQg6B,aACtC,CAAF,sBACT,IAAI7nC,EAAAA,aAAa,4DAA2D,QAsBnF,OApBKkrC,EAAcp9B,EAAYo9B,aAAersC,EAAIuB,QAAQ8qC,YACrD5uB,EAASzO,EAAQyO,QAAUzd,EAAIuB,QAAQkc,OACvCsoB,EAAa92B,aAAW,EAAXA,EAAa82B,WAC1BmB,GAAcj4B,aAAW,EAAXA,EAAai4B,eAAel4B,aAAO,EAAPA,EAASk4B,aAGzD3lC,EAAUhB,OAAOC,OAAO,CACtB+rB,OAAAA,EACAyc,aAAAA,EACAqD,YAAAA,EACA5uB,OAAAA,EACAsoB,WAAAA,EACAmB,YAAAA,GACC3lC,GAECvB,EAAIuB,QAAQurC,KACdvrC,EAAQgb,aAAe,QAClB,GACoB,EAAA6sB,EAAAA,uBAAsBppC,GAAvCuc,EAAY,EAAZA,aACRhb,EAAQgb,aAAeA,GACxB,mBAEM,EAAAkuB,EAAAA,kBAAiBzqC,EAAKuB,GAC1BF,MAAK,SAAAnB,GAAG,OAAIA,EAAI8T,MAAM,KAAC,6CAE3B,gGC9C0D,SAGd,EAAD,gFAV5C,UACA,UACA,UAEA,UACA,UACA,UACA,UAA2D,2kBAGf,aA6C3C,OA7C2C,gCAArC,WACLhU,EACAg4B,EACAwa,GAAgC,iGAEV,GAFU,EAELxyC,EAAIuB,QAAvByP,EAAQ,EAARA,SAAUktB,EAAI,EAAJA,KACbltB,EAAU,CAAF,qBACL,IAAI7P,EAAAA,aAAa,4EAA2E,OAUlC,GAVkC,SAI5FsxC,EAAgClyC,OAAOC,OAAO,CAAC,EAAGw3B,EAAa,CAAEhnB,SAAAA,IAEnEwhC,EAAmBtL,cACrBuL,EAAiBvL,YAAcsL,EAAmBtL,aAG9CwL,EAAsC,EAAH,GAAOD,IAE5CvU,EAAM,CAAF,kCACgB,EAAAqL,EAAAA,aAAYiJ,aAAkB,EAAlBA,EAAoBzM,YAAW,QAA3DN,EAAU,EAAH,KACbiN,EAAe3K,YAActC,EAC7BgN,EAAiBvU,KAAOA,EACxBuU,EAAiB1M,WAAayM,EAAmBzM,WAAW,0BAGlC,EAAA4M,EAAAA,kBAAiB3yC,EAAK0yC,EAAgBF,GAAmB,QAC1C,OADrClc,EAAgB,EAAH,KACbD,GAAO,EAAA8S,EAAAA,cAAanpC,EAAKg4B,GAAY,WAClB,EAAA2R,EAAAA,qBAAoB3pC,EAAKyyC,EAAkBnc,EAAeD,GAAK,QAMvF,OANuF,SAAhFriB,EAAM,EAANA,QAGAhE,EAAiBgE,EAAjBhE,iBACa,EAAA4iC,EAAAA,oBAAmB5iC,EAAcwiC,IACpDxyC,EAAI+N,aAAa8kC,mBAAmB7iC,GACrC,kBAEMgE,GAAM,QAMZ,MANY,2BAGT,EAAA8+B,EAAAA,4BAA0B,OAE5B9yC,EAAI+N,aAAaglC,qBAClB,gEAGJ,sFC/CiD,SAShB,EAAD,iEAfjC,UACA,SACA,UAGA,UACA,aASiC,aA6BhC,OA7BgC,gCAA1B,WAA2B/yC,EAA6BkO,GAAqB,yFAMjF,GALGe,EAAc,GACde,EAAe,GACf9B,IACAe,EAAef,EAAsBe,YACrCe,EAAgB9B,EAAuB8B,cAEvCf,GAAgBe,EAAY,sBACxB,IAAI7O,EAAAA,QAAa,sDAAqD,OAGnC,GADvC6P,EAAWhR,EAAIuB,QAAQyP,SACvB+b,EAAe/sB,EAAIuB,QAAQwrB,aAC1B/b,EAAU,CAAF,qBACL,IAAI7P,EAAAA,QAAa,8EAA6E,OASvB,OAN3EgwC,GAAY,EAAAhI,EAAAA,cAAanpC,GAAKmxC,UAC9BnwC,GAAO,EAAAwE,EAAAA,eAAc,CAEvB6oC,gBAAiBr+B,EAAe,gBAAkB,eAClD9B,MAAO8B,GAAgBf,IACtBpG,MAAM,GACLmqC,EAAQjmB,GAAe,EAAAnX,EAAAA,MAAI,UAAI5E,EAAQ,YAAI+b,KAAkB,EAAAnX,EAAAA,MAAK5E,GAAS,mBACxE,EAAAvP,EAAAA,MAAKzB,EAAKmxC,EAAWnwC,EAAM,CAChCiC,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAAW+vC,MAE9B,6CACH,oGC9CM,WAEL,OAAO,SAAP,0BALkH,IAKlH,GALkH,EAKlH,EALkH,kbAShH,WAAY1b,EAA8C1sB,EAA8B/I,GAA0B,wCAC1Gy1B,EAAuB1sB,EAAe/I,EAC9C,CAwBC,OAxBA,mDAED,SAAsBN,GACpBA,EAAUpB,KAAK8yC,qBAAqB,cAAe1xC,IACnD,EAAA2xC,EAAAA,mCAAkC3xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc0oC,EAAAA,yBACzC,OAAO,IAAI1b,EAAAA,YAAY31B,EAAS2I,EAClC,GAAC,wCAED,SAA2BlJ,GACzBA,EAAUpB,KAAK8yC,qBAAqB,qBAAsB1xC,IAC1D,EAAA2xC,EAAAA,mCAAkC3xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc2oC,EAAAA,gCACzC,OAAO,IAAI3b,EAAAA,YAAY31B,EAAS2I,EAClC,GAAC,mCAED,SAAsBlJ,GACpBA,EAAUpB,KAAK8yC,qBAAqB,eAAgB1xC,IACpD,EAAA2xC,EAAAA,mCAAkC3xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc4oC,EAAAA,0BACzC,OAAO,IAAI5b,EAAAA,YAAY31B,EAAS2I,EAClC,KAAC,EA9BI,CACG6oC,EAAAA,mBAgCZ,uEAzCA,UAEA,UACA,iECuCYvF,qCAeL,SAAuB3qC,GAC5B,OAAOA,GAAOA,EAAI6L,WACpB,cAEO,SAAmB7L,GACxB,OAAOA,GAAOA,EAAI4L,OACpB,mBAEO,SAAwB5L,GAC7B,OAAOA,GAAOA,EAAI4M,YACpB,YAnBO,SAAiB5M,GACtB,SAAIA,IACCA,EAAI6L,aAAe7L,EAAI4L,SAAW5L,EAAI4M,eACvC1M,MAAMC,QAAQH,EAAImpB,QAIxB,EAbqB,uBAATwhB,GAAAA,EAAS,qBAATA,EAAS,aAATA,EAAS,wBAATA,IAAS,YAATA,EAAS,6IC/BkB,gBAAV,UACU,gBAAV,UACM,cAAR,QACY,gBAAV,UACM,cAAR,QACoB,oBAAd,sHCoC1B,SAA8B3qC,GACnC,QAAKmwC,EAAsBnwC,MAGjBA,EAAY2d,iBACxB,2EAUO,SAA2B3d,GAChC,SAAIowC,EAAuBpwC,KAAQqwC,EAA4BrwC,GAIjE,mBAzCA,SAASswC,EAAuBtwC,GAC9B,SAAKA,GAAsB,YAAf,aAAOA,IAAkD,IAA9B7C,OAAOoR,OAAOvO,GAAKO,OAI5D,CAEO,SAAS6vC,EAAuBpwC,GACrC,SAAKswC,EAAuBtwC,KAGnBA,EAAIkpB,cAAiBlpB,EAAImZ,aACpC,CAEO,SAASg3B,EAAsBnwC,GACpC,QAAKowC,EAAuBpwC,MAGlBA,EAAYmlB,YACxB,CASO,SAASkrB,EAA4BrwC,GAC1C,QAAKswC,EAAuBtwC,SAGkE/C,IAApEE,OAAOoR,OAAOvO,GAAKuB,MAAK,SAAC+E,GAAK,MAAuB,iBAAVA,CAAkB,GAEzF,6GC3DA,oLACA,oLACA,oLACA,oLACA,oLACA,mLACA,oLACA,oLACA,oLACA,oLACA,oLACA,kUC8DO,SACL1J,EACAoL,EACAsJ,EACA5F,GAEA,IAAI6kC,EAqBJ,OAnBgB,IAAI9yC,SAAQ,SAACC,EAASI,GACpCwT,EAAQk/B,UAAY,SAAChnC,GAEnB,GAAKA,EAAMinC,WAAcjnC,EAAMxM,KAI/B,MAA0B,YAAtB,aAAOwM,EAAMxM,OAAqB0O,IAAUlC,EAAMxM,KAAK0O,MAClDhO,EAvF6B,2WAuFrB,CAAD,GAAM8L,EAAMxM,YAG5Bc,EAAO,IAAIC,EAAAA,aAAa,yCAC1B,EAEAwyC,EAAYtnC,YAAW,WACrBnL,EAAO,IAAIC,EAAAA,aAAa,wBAC1B,GAAGiK,GAAW0oC,EAChB,IAGCxnC,SAAQ,WACPC,aAAaonC,GACbj/B,EAAQE,OACV,GACF,2CAnEO,SAAgC5U,EAA6BoL,EAAS0D,GAC3E,IAAIilC,EACAJ,EA0BJ,OAzB2B,IAAI9yC,SAAQ,SAAUC,EAASI,GAExD6yC,EAAkB,SAAyB3uC,GACzC,GAAKA,EAAEhF,MAAQgF,EAAEhF,KAAK0O,QAAUA,EAShC,OAAI1J,EAAE0G,SAAW9L,EAAI4B,kBACZV,EAAO,IAAIC,EAAAA,aAAa,yDAEjCL,EAAQsE,EAAEhF,KACZ,EAEA8L,EAAYjD,OAAQ,UAAW8qC,GAE/BJ,EAAYtnC,YAAW,WACrBnL,EAAO,IAAIC,EAAAA,aAAa,wBAC1B,GAAGiK,GAAW0oC,EAChB,IAGGxnC,SAAQ,WACPC,aAAaonC,GACbnnC,EAAevD,OAAQ,UAAW8qC,EACpC,GACJ,cAhDO,SAAmB5nC,GACxB,IAAId,EAASG,SAASE,cAAc,UAIpC,OAHAL,EAAOM,MAAMC,QAAU,OACvBP,EAAOc,IAAMA,EAENX,SAASC,KAAKW,YAAYf,EACnC,cAEO,SAAmBc,EAAK5K,GAC7B,IAAI0wC,EAAQ1wC,EAAQyyC,YAAc,iDAGlC,OAAO/qC,OAAO67B,KAAK34B,EAAK8lC,EAFP,sFAGnB,mDAlCA,UAA4C,8NAG5C,IAAM6B,EAAkB,KAEjB,SAAS5nC,EAAY+nC,EAAaxvC,EAAMoB,GACzCouC,EAAY31B,iBACd21B,EAAY31B,iBAAiB7Z,EAAMoB,GAEnCouC,EAAYC,YAAY,KAAOzvC,EAAMoB,EAEzC,CAEO,SAAS2G,EAAeynC,EAAaxvC,EAAMoB,GAC5CouC,EAAYj0B,oBACdi0B,EAAYj0B,oBAAoBvb,EAAMoB,GAEtCouC,EAAYE,YAAY,KAAO1vC,EAAMoB,EAEzC,2ECdO,SAA6C7F,GAClD,MAKIA,EAAIuB,QAJNyP,EAAQ,EAARA,SACAsb,EAAW,EAAXA,YACA7X,EAAY,EAAZA,aACA3F,EAAK,EAALA,MAEIslC,GAAqB,EAAA35B,EAAAA,aAAcxR,OAAOuL,SAAS1P,UAAOzE,EAChE,OAAO,EAAAkH,EAAAA,YAAW,CAChByJ,SAAAA,EACAsb,YAAaA,GAAe8nB,EAC5B3/B,aAAAA,EACA3F,MAAOA,IAAS,EAAA09B,EAAAA,iBAChBjwB,aAAc,OACd+qB,OAAQ,wBAEZ,EArBA,cAEA,SACA,oECEO,SAA+BtnC,GACpC,MAYIA,EAAIuB,QAXNurC,EAAI,EAAJA,KACA97B,EAAQ,EAARA,SACAsb,EAAW,EAAXA,YACA/P,EAAY,EAAZA,aACA9H,EAAY,EAAZA,aACA8X,EAAM,EAANA,OACAM,EAAS,EAATA,UACAD,EAAM,EAANA,OACA9d,EAAK,EAALA,MACAsnB,EAAe,EAAfA,gBACA8H,EAAI,EAAJA,KAEIkW,GAAqB,EAAA35B,EAAAA,aAAcxR,OAAOuL,SAAS1P,UAAOzE,EAChE,OAAO,EAAAkH,EAAAA,YAAW,CAChBulC,KAAAA,EACA97B,SAAAA,EACAsb,YAAaA,GAAe8nB,EAC5B73B,aAAcA,GAAgB,CAAC,QAAS,YACxC9H,aAAAA,EACA3F,MAAOA,IAAS,EAAA09B,EAAAA,iBAChB1f,OAAO,EAAAunB,EAAAA,iBACP9nB,OAAQA,GAAU,CAAC,SAAU,SAC7BM,UAAAA,EACAD,OAAAA,EACAwJ,gBAAAA,EACA8H,KAAAA,GAEJ,EAlCA,cAEA,SACA,4ECbO,SACLl+B,EACAkF,GAgBA,MAZwC,CACtCuY,OAHazd,EAAIuB,QAAQkc,OAIzB4Y,MAHW,EAAA8S,EAAAA,cAAanpC,EAAKkF,GAI7B8L,SAAU9L,EAAO8L,SACjBsb,YAAapnB,EAAOonB,YACpB/P,aAAcrX,EAAOqX,aACrB9H,aAAcvP,EAAOuP,aACrB3F,MAAO5J,EAAO4J,MACd+d,UAAW3nB,EAAO2nB,UAClB2a,gBAAiBtiC,EAAOsiC,gBAI5B,EArBA,4ECsBO,SAAkCxnC,EAA6BkP,GACpE,GAAmB,iBAAfA,EAAMzK,KACR,OAAO,EAET,IAEM6vC,EAFeplC,EAEclI,IAC7BwV,EAAe83B,aAAa,EAAbA,EAAe93B,aACpC,OAAOxc,EAAIuB,QAAQurC,MAA2C,mBAAlCtwB,aAAY,EAAZA,EAActN,MAC5C,+BAjBO,SAAoCA,GACzC,MAAmB,eAAfA,EAAMzK,MAIuB,yBADdyK,EACA8I,SACrB,+BAaO,SAAoC9I,GAEzC,OAAO,EAAAs0B,EAAAA,cAAat0B,IACE,kBAApBA,EAAM8I,WACiB,6CAAvB9I,EAAM6I,YACV,EA1BA,4JCAA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,iBAEA,2NACA,+NACA,+NACA,+NACA,+NACA,gQCbO,SAASw8B,EAAgBz9B,GAC9B,MAAO,0BAA0B0D,KAAK1D,EACxC,CAGO,SAAS09B,EAAqBC,GACnC,MAAO,aAAaj6B,KAAKi6B,EAC3B,CAGO,SAASC,EAAmBD,GACjC,MAAO,yBAAyBj6B,KAAKi6B,EACvC,CAEO,SAASE,EAAcF,GAC5B,MAAO,cAAcj6B,KAAKi6B,IAAiB,yBAAyBj6B,KAAKi6B,EAC3E,CAEO,SAASG,EAAcC,EAAa70C,GACzC,IAAI80C,EAAa90C,EAAIuB,QACrB,SAAKszC,IAAQC,EAAWxoB,cAGuB,IAAxCuoB,EAAI1qC,QAAQ2qC,EAAWxoB,YAChC,CAEO,SAASyoB,EAAWxzC,GACzB,OAAOA,EAAQurC,MAAiC,SAAzBvrC,EAAQgb,cAAoD,UAAzBhb,EAAQkT,YACpE,CAYO,SAASugC,EAAgBzzC,GAG9B,OAFewzC,EAAWxzC,IAC0B,aAAzBA,EAAQkT,aACjBxL,OAAOuL,SAASqQ,OAAS5b,OAAOuL,SAASsC,IAC7D,CAMO,SAASjD,EAAiB7T,GAE/B,IAAK40C,EAAc3rC,OAAOuL,SAAS1P,KAAM9E,GACvC,OAAO,EAIT,IAAIi1C,EAAWF,EAAW/0C,EAAIuB,SAC1BkzC,EAAeO,EAAgBh1C,EAAIuB,SAEvC,QAAIozC,EAAcF,KAIdQ,EACaT,EAAqBC,IAAiBC,EAAmBD,GAKnEF,EAAgBtrC,OAAOuL,SAASsC,MACzC,yGAzCO,SAAyByF,EAAiChb,GAO/D,OALI+B,MAAMC,QAAQhC,EAAQgb,eAAiBhb,EAAQgb,aAAa5Y,OAC5CpC,EAAQgb,aAAapS,QAAQoS,IAAiB,EAE9Chb,EAAQgb,eAAiBA,CAG/C,6DAuCO,SAAgCvc,EAA6By0C,GAClE,IAAKA,EAAc,CAEjB,IAAK5gC,EAAgB7T,GACnB,OAAO,EAGTy0C,EAAeO,EAAgBh1C,EAAIuB,QACrC,CACA,MAAO,gCAAgCiZ,KAAKi6B,EAC9C,yGClFO,WACL,OAAO,EAAAS,EAAAA,iBAAgB,GACzB,kBANO,WACL,OAAO,EAAAA,EAAAA,iBAAgB,GACzB,uCAiBO,SAAwBl1C,GAG7B,OAFem1C,EAAUn1C,EADuD,UAAH,6CAAG,CAAC,GAE3DsX,MAAM,WAAW,EAEzC,iBAEO,SAAsBtX,EAA6BuB,GACxD,GAAI0J,UAAUtH,OAAS,EACrB,MAAM,IAAIxC,EAAAA,QAAa,wEAEzBI,EAAUA,GAAW,CAAC,EAGtB,IAAIynC,GAAe,EAAAkI,EAAAA,qBAAoB3vC,EAAQynC,eAAiBhpC,EAAIuB,QAAQynC,aACxEvrB,EAAS03B,EAAUn1C,EAAKuB,GACxB8qC,GAAc,EAAA6E,EAAAA,qBAAoB3vC,EAAQ8qC,cAAgBrsC,EAAIuB,QAAQ8qC,YACtEhE,GAAW,EAAA6I,EAAAA,qBAAoB3vC,EAAQ8mC,WAAaroC,EAAIuB,QAAQ8mC,SAChEyH,GAAY,EAAAoB,EAAAA,qBAAoB3vC,EAAQuuC,YAAc9vC,EAAIuB,QAAQuuC,UAClEqB,GAAY,EAAAD,EAAAA,qBAAoB3vC,EAAQ4vC,YAAcnxC,EAAIuB,QAAQ4vC,UAElE/kB,EAAUC,EAAgBrsB,EAAKuB,GAQnC,MAAO,CACLkc,OAAQA,EACRurB,aARFA,EAAeA,GAAgB5c,EAAU,gBASvCigB,YARFA,EAAcA,GAAejgB,EAAU,eASrCic,SARFA,EAAWA,GAAYjc,EAAU,YAS/B+kB,UARFA,EAAYA,GAAa/kB,EAAU,aASjC0jB,UARFA,EAAYA,GAAa1jB,EAAU,aAUrC,EA3DA,aACA,aAWA,SAAS+oB,EAAUn1C,GAAuD,IAA1BuB,EAAsB,UAAH,6CAAG,CAAC,EAErE,OADe,EAAA2vC,EAAAA,qBAAoB3vC,EAAQkc,SAAWzd,EAAIuB,QAAQkc,MAEpE,CAEO,SAAS4O,EAAgBrsB,GAAuD,IAC/Eyd,EAAS03B,EAAUn1C,EADwD,UAAH,6CAAG,CAAC,GAGlF,OADgByd,EAAOtT,QAAQ,WAAa,EAAIsT,EAASA,EAAS,SAEpE,qEC9BO,SACLzd,EACAg4B,GAEA,IAEMod,EAAkC,CACtC33B,OAHazd,EAAIuB,QAAQkc,OAIzB4Y,MAHW,EAAA8S,EAAAA,cAAanpC,EAAKg4B,GAI7BhnB,SAAUgnB,EAAYhnB,SACtBsb,YAAa0L,EAAY1L,YACzB/P,aAAcyb,EAAYzb,aAC1B9H,aAAcujB,EAAYvjB,aAC1B8X,OAAQyL,EAAYzL,OACpBzd,MAAOkpB,EAAYlpB,MACnBge,MAAOkL,EAAYlL,MACnBsJ,gBAAiB4B,EAAY5B,gBAC7BvJ,UAAWmL,EAAYnL,UACvBqa,YAAalP,EAAYkP,aAG3B,OAAyB,IAArBlP,EAAY8U,KAEPsI,EAG6B,EAAH,KAC9BA,GAAS,IACZ7sB,aAAcyP,EAAYzP,aAC1BkE,oBAAqBuL,EAAYvL,oBACjCD,cAAewL,EAAYxL,eAI/B,mBApCA,UAAuC,goBCYvC,cACA,UAEA,SAAS6oB,EAASC,GAChB,OAAQ,IAAMA,EAAIhR,SAAS,KAAKiR,QAAQ,EAC1C,CAwBC,MAEc,CACb5G,8BAAAA,EAAAA,8BACAE,iBAnBF,SAA0B2G,GACxB,IARuB7xC,EACnB8xC,EAOAC,EAAWF,GAAU,GAIzB,OAHIE,EAAS/xC,OAASgyC,EAAAA,sBACpBD,IAVqB/xC,EAUiBgyC,EAAAA,oBAAsBD,EAAS/xC,OATnE8xC,EAAI,IAAIzgC,WAAW9N,KAAK0uC,KAAKjyC,EAAS,IAC1C8S,EAAAA,UAAU2tB,gBAAgBqR,GAChBnyC,MAAM2R,KAAKwgC,EAAGJ,GAAS75B,KAAK,IAC3B3S,MAAM,EAAGlF,KAQb4X,mBAAmBm6B,GAAU7sC,MAAM,EAAGgtC,EAAAA,oBAC/C,EAcE/G,iBAZF,SAA0B54B,GACxB,IAAIE,GAAS,IAAIG,aAAcC,OAAON,GACtC,OAAOO,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAQ/U,MAAK,SAASuV,GAC9D,IAAIE,EAAOd,OAAOC,aAAac,MAAM,KAAM,IAAI/B,WAAW4B,IAE1D,OADW,EAAAI,EAAAA,mBAAkBF,EAE/B,GACF,GAMC,oHCJM,SACL9W,EACAuB,GAEA,OAhCF,SACE2D,GAUA,KARAA,EAAS,EAAH,KACDA,GAAM,IAETqX,aAAc,OACd+qB,OAAQ,uBACR1a,OAAQ,KAGE4a,gBACV,MAAM,IAAIrmC,EAAAA,aAAa,uCAEzB,IAAK+D,EAAO2nB,UAGV,MAAM,IAAI1rB,EAAAA,aAAa,gCAOzB,cAHO+D,EAAOqnB,cACPrnB,EAAO4nB,MAEP5nB,CACT,CAOS4wC,CAAc,EAAD,MACf,EAAAC,EAAAA,qCAAoC/1C,IACpCuB,GAEP,mBAxCA,UAEA,UAAyF,wrBC+DxF,SAGwC,GAAD,2GApExC,QACA,UAEA,UACA,UACA,aAA0B,2kBAGnB,SAASy0C,EAAkBh2C,GAChC,IAAKA,EAAI0H,SAASuuC,kBAAmB,CACnC,IAAIC,EAAe,sFASnB,MARKl2C,EAAI0H,SAASyuC,YAEhBD,GAAgB,oGAEbl2C,EAAI0H,SAASyS,mBAEhB+7B,GAAgB,0GAEZ,IAAI/0C,EAAAA,aAAa+0C,EACzB,CACF,CAAC,SAEqBE,EAA4B,EAAD,+CAWhD,OAXgD,gCAA1C,WAA2Cp2C,EAA6BysB,GAA4B,uEAEK,OAA9GA,EAAsBA,GAAuBzsB,EAAIuB,QAAQkrB,qBAAuBkiB,EAAAA,8BAA8B,UAG9E,EAAAlG,EAAAA,cAAazoC,GAAI,OACwB,IAC3B,KAFpB,EAAH,KAC2C,kCAAK,IAC3DmK,QAAQsiB,GAA2B,sBACvC,IAAItrB,EAAAA,aAAa,iCAAgC,gCAElDsrB,GAAmB,4CAC3B,+BAEqB4pB,EAAY,EAAD,+CA6BhC,OA7BgC,gCAA1B,WACLr2C,EACAg4B,GAAwB,mFASmC,GANzDzP,GAHsB,EAMpByP,GAHFzP,aACAiE,EAAa,EAAbA,cACAC,EAAmB,EAAnBA,oBAIFD,EAAgBA,GAAiBxsB,EAAIuB,QAAQirB,cACzB,CAAF,eAEuC,OADvDwpB,EAAkBh2C,GAClBuoB,EAAeA,GAAgBqmB,EAAAA,QAAKC,mBAAmB,SACjCD,EAAAA,QAAKE,iBAAiBvmB,GAAa,OAAzDiE,EAAgB,EAAH,6BAEa4pB,EAA4Bp2C,EAAKysB,GAAoB,QAS/E,OATFA,EAAsB,EAAH,KAGnBuL,EAAc,EAAH,KACNA,GAAW,IACdzb,aAAc,OACdgM,aAAAA,EACAiE,cAAAA,EACAC,oBAAAA,IACA,kBAEKuL,GAAW,6CACnB,sBAGuC,aAkBvC,OAlBuC,gCAAjC,WACLh4B,GAA2B,2FAKmB,GAJ9Cg4B,EAA2B,EAAH,6BAAG,CAAC,EAGtBse,GAAW,EAAAlN,EAAAA,uBAAsBppC,KACvCg4B,EAAc,EAAH,KAAQse,GAAate,IAEhBkG,MAASl+B,EAAI0H,SAAS6uC,kBAAiB,sBAC/C,IAAIp1C,EAAAA,aAAa,6DAA4D,WAG5D,IAArB62B,EAAY8U,KAAc,yCAErB9U,GAAW,gCAGbqe,EAAYr2C,EAAKg4B,IAAY,2CACrC,kFC5FM,SAA6BjxB,GAClC,SAAK,EAAAgnB,EAAAA,gBAAehnB,QAIfA,EAAIC,MAAQD,EAAIC,IAAIwV,eAKE,kBADFzV,EAAIC,IAArBwV,aACStN,MAKnB,uBAnBO,SAA4BumC,EAAiBe,GAClD,OAAQf,EAAEzlC,eAAiBwmC,EAAExmC,YAC/B,EAJA,qFCyCO,SACLkP,EAAiDpQ,GAEjD,IAAM4/B,EAAgBxvB,EAAeu3B,6BAC/BxkC,EAAUy8B,EAAcnvB,oBACvBtN,EAAQnD,GACf4/B,EAAchuB,WAAWzO,EAC3B,qCAnBO,SACLiN,EAAiDpQ,GAEjD,IAEMwgB,EAFgBpQ,EAAeu3B,6BACPl3B,aACRzQ,GACtB,OAAIwgB,GAASA,EAAMjB,cAAe,EAAA6U,EAAAA,mBAAkB5T,EAAMjB,aACjDiB,EAAMjB,YAER,IACT,uBApCO,SAA4DnP,GACjE,IAAMwvB,EAAgBxvB,EAAeu3B,6BAC/BxkC,EAAUy8B,EAAcnvB,aAC9Bhf,OAAOyJ,KAAKiI,GAAShI,SAAQ,SAAA6E,GAC3B,IAAMwgB,EAAQrd,EAAQnD,GACVhE,KAAKmC,MAAQqiB,EAAMonB,YACrBC,UACD1kC,EAAQnD,EAEnB,IACA4/B,EAAchuB,WAAWzO,EAC3B,mCAEO,SACLiN,EAAiDpQ,EAAe+I,GAEhE,IAAM62B,EAAgBxvB,EAAeu3B,6BAC/BxkC,EAAUy8B,EAAcnvB,aAC9BtN,EAAQnD,GAAS,CACf4nC,YAAa5rC,KAAKmC,MAClBohB,YAAaxW,GAEf62B,EAAchuB,WAAWzO,EAC3B,EA3BA,cAEM0kC,EAAqB,0DCYpB,SAA2BlC,GAEhC,IAAImC,EAAa,MACbC,EAAa,qBACbC,EAAWrC,GAAgB,GAGJ,MAAvBqC,EAASvhB,OAAO,IAAqC,MAAvBuhB,EAASvhB,OAAO,KAChDuhB,EAAWA,EAASrhB,UAAU,IAIL,MAAvBqhB,EAASvhB,OAAO,IAAqC,MAAvBuhB,EAASvhB,OAAO,KAChDuhB,EAAWA,EAASrhB,UAAU,IAQhC,IAJA,IAGIna,EAHAlY,EAAM,CAAC,EAKTkY,EAAQu7B,EAAWx9B,KAAKy9B,IADb,CAIX,IAAI/yC,EAAMuX,EAAM,GACZ5R,EAAQ4R,EAAM,GAIhBlY,EAAIW,GADM,aAARA,GAA8B,iBAARA,GAAkC,SAARA,EACvC2F,EAEA+L,mBAAmB/L,EAAMU,QAAQwsC,EAAY,KAE5D,CACA,OAAOxzC,CACT,oEChCO,SAAwBpD,EAA6B6jC,EAAoB+J,GAC9E,IAAMmJ,EAAMnJ,EAAiB58B,SACvBi9B,EAAML,EAAiBnwB,OACvBqP,EAAQ8gB,EAAiB9gB,MACzBkqB,EAAMpJ,EAAiB/gB,UAE7B,IAAKgX,IAAWoK,IAAQ8I,EACtB,MAAM,IAAI51C,EAAAA,QAAa,oDAGzB,GAAI2rB,GAAS+W,EAAO/W,QAAUA,EAC5B,MAAM,IAAI3rB,EAAAA,QAAa,yDAGzB,IAAM8L,EAAM/F,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAElC,GAAI42B,EAAOoK,MAAQA,EACjB,MAAM,IAAI9sC,EAAAA,QAAa,eAAiB0iC,EAAOoK,IAAxB,qBACAA,EAAM,KAG/B,GAAK3qC,MAAMC,QAAQsgC,EAAOkT,MAAQlT,EAAOkT,IAAI5sC,QAAQ4sC,GAAO,IACxDzzC,MAAMC,QAAQsgC,EAAOkT,MAAQlT,EAAOkT,MAAQA,EAE9C,MAAM,IAAI51C,EAAAA,QAAa,iBAAmB0iC,EAAOkT,IAA1B,qBACAA,EAAM,KAG/B,GAAIC,GAAOnT,EAAOmT,MAAQA,EACxB,MAAM,IAAI71C,EAAAA,QAAa,YAAc0iC,EAAOmT,IAArB,gCACWA,EAAM,KAG1C,GAAInT,EAAO+C,IAAO/C,EAAO8J,IACvB,MAAM,IAAIxsC,EAAAA,QAAa,wCAGzB,IAAKnB,EAAIuB,QAAQ8vC,eAAgB,CAC/B,GAAKpkC,EAAMjN,EAAIuB,QAAQ+vC,aAAiBzN,EAAO8J,IAC7C,MAAM,IAAIxsC,EAAAA,QAAa,0CAGzB,GAAI0iC,EAAO+C,IAAQ35B,EAAMjN,EAAIuB,QAAQ+vC,aACnC,MAAM,IAAInwC,EAAAA,QAAa,mCAE3B,CACF,EAjDA,oECVO,SAAuB+M,EAAcxI,GAC1C,KAAK,EAAA67B,EAAAA,WAAUrzB,MAAW,EAAAozB,EAAAA,eAAcpzB,MAAW,EAAAwyB,EAAAA,gBAAexyB,GAChE,MAAM,IAAI/M,EAAAA,aACR,iHAIJ,GAAa,gBAATuE,KAA2B,EAAA47B,EAAAA,eAAcpzB,GAC3C,MAAM,IAAI/M,EAAAA,aAAa,uBAEzB,GAAa,YAATuE,KAAuB,EAAA67B,EAAAA,WAAUrzB,GACnC,MAAM,IAAI/M,EAAAA,aAAa,mBAGzB,GAAa,iBAATuE,KAA4B,EAAAg7B,EAAAA,gBAAexyB,GAC7C,MAAM,IAAI/M,EAAAA,aAAa,uBAE3B,EApBA,cACA,mFCgBuC,SAGL,EAAD,mEARjC,QACA,UACA,UAEA,UACA,EAAuC,qbAAvC,UAAuC,+HAGN,aA4ChC,OA5CgC,gCAA1B,WAA2BnB,EAA6BkO,EAAgB0/B,GAAmC,0FAC3G1/B,GAAUA,EAAMc,QAAO,sBACpB,IAAI7N,EAAAA,aAAa,iCAAgC,OAQc,OAJjEkW,GAAM,EAAAwzB,EAAAA,aAAY38B,EAAMc,SAIxBioC,GAAmBrJ,aAAgB,EAAhBA,EAAkBnwB,SAAUzd,EAAIuB,QAAQkc,OAAM,UAC9C,EAAAgrB,EAAAA,cAAazoC,EAAKi3C,GAAiB,OAYR,GAZQ,SAApDx5B,EAAM,EAANA,OAEFy5B,EAAuC32C,OAAOC,OAAO,CAEzDwQ,SAAUhR,EAAIuB,QAAQyP,SACtBolB,gBAAiBp2B,EAAIuB,QAAQ60B,iBAC5BwX,EAAkB,CAEnBnwB,OAAAA,KAIF,EAAA05B,EAAAA,gBAAen3C,EAAKqX,EAAIE,QAAS2/B,GAIQ,GAArCA,EAAkB9gB,iBAA4Bp2B,EAAI0H,SAASqT,yBAAwB,0CAC9E7M,GAAK,0BAII,EAAAkpC,EAAAA,QAAOp3C,EAAKkO,EAAMuP,OAAQpG,EAAI2B,OAAOwvB,KAAK,QAAnD,OAAHzkC,EAAM,EAAH,eACWszC,EAAUhM,YAAYn9B,EAAMc,QAASjL,GAAI,QAAlD,GAAG,EAAH,KACC,CAAF,sBACF,IAAI5C,EAAAA,aAAa,oCAAmC,aAExDysC,GAAoBA,EAAiB3+B,aAAef,EAAM21B,OAAOyT,SAAO,kCACvDD,EAAUE,YAAY3J,EAAiB3+B,aAAY,QAA5D,GAAG,EAAH,OACGf,EAAM21B,OAAOyT,QAAO,uBACzB,IAAIn2C,EAAAA,aAAa,kCAAiC,iCAGrD+M,GAAK,6CACb,uKCrDD,UAEA,UACA,SAEauE,EAAgB,WAM3B,WAAY1E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,8KAFlE,GAGhBpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EACfpB,KAAKq3C,eAAiB,GACtBr3C,KAAKs3C,sBAAwBt3C,KAAKs3C,sBAAsBx1C,KAAK9B,KAC/D,CAyDC,MAZA,EAwBA,OArEA,iDAED,WACE,IAAID,GAAM,EAEV,GADAC,KAAKq3C,eAAe5zC,KAAKkH,KAAKmC,OAC1B9M,KAAKq3C,eAAe7zC,QAAU,GAAI,CAEpC,IAAM+zC,EAAYv3C,KAAKq3C,eAAe1uC,QAEtC5I,EADiBC,KAAKq3C,eAAer3C,KAAKq3C,eAAe7zC,OAAS,GAChD+zC,EAAa,GACjC,CACA,OAAOx3C,CACT,GAAC,gCAED,WAEE,QAASC,KAAKoB,QAAQqP,cAAe,EAAA6J,EAAAA,YACvC,GAAC,kCAED,WAA+B,WAEvBzG,EADe7T,KAAK4N,aAAawR,aACXA,aAC5Bhf,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1B,IAAMmK,EAAQ8F,EAAOjQ,KAChB,EAAA28B,EAAAA,gBAAexyB,IAAU,EAAKH,aAAauhC,WAAWphC,IACzD,EAAKupC,sBAAsB1zC,EAE/B,GACF,GAAC,mCAED,SAA8BA,GAC5B,GAAI5D,KAAKoB,QAAQmP,UACf,GAAIvQ,KAAKw3C,sBAAuB,CAC9B,IAAMzoC,EAAQ,IAAI/N,EAAAA,aAAa,iCAC/BhB,KAAK4N,aAAa20B,UAAUxzB,EAC9B,MACE/O,KAAK4N,aAAaw0B,MAAMx+B,GAAK+C,OAAM,WAAO,SAEnC3G,KAAKoB,QAAQoP,YACtBxQ,KAAK4N,aAAa7C,OAAOnH,EAE7B,GAAC,sBAED,WACE,SAAU5D,KAAKoB,QAAQmP,YAAevQ,KAAKoB,QAAQoP,YAAgBxQ,KAAK+Q,QAC1E,GAAC,oDAED,oFACM/Q,KAAK2R,aACP3R,KAAK4N,aAAaC,GAAGoyB,EAAAA,cAAejgC,KAAKs3C,uBACrCt3C,KAAK4N,aAAasE,aAGpBlS,KAAKy3C,uBAEPz3C,KAAK+Q,SAAU,GAChB,gDACF,gGAED,oFACM/Q,KAAK+Q,UACP/Q,KAAK4N,aAAamC,IAAIkwB,EAAAA,cAAejgC,KAAKs3C,uBAC1Ct3C,KAAKq3C,eAAiB,GACtBr3C,KAAK+Q,SAAU,GAChB,gDACF,oEAED,WACE,OAAO/Q,KAAK+Q,OACd,KAAC,EAhF0B,GAgF1B,0KCpFH,UAKA,SAOasB,EAAqB,WAMhC,aAA0C,IAA9BjR,EAA0B,UAAH,6CAAG,CAAC,GAAC,kKAFtB,GAGhBpB,KAAKoB,QAAUA,EACfpB,KAAK03C,kBAAoB13C,KAAK03C,kBAAkB51C,KAAK9B,MACrDA,KAAKqQ,SAAWrQ,KAAKqQ,SAASvO,KAAK9B,KACrC,CA0BC,MAXA,EAZA,EAmDA,OAtDA,+CAED,WACA,GAAC,uDAED,4GAC6B,QAD7B,GACQ,EAAAA,KAAKoB,SAAQiP,gBAAQ,aAArB,UAAyB,gDAChC,mEAED,WAAW,MACT,QAAqB,QAAb,EAACrQ,KAAK23C,eAAO,QAAZ,EAAcpmC,SACzB,GAAC,uBAED,WAAY,MACV,QAAqB,QAAb,EAACvR,KAAK23C,eAAO,QAAZ,EAAcC,UACzB,GAAC,oDAED,0FACM53C,KAAK2R,aACCjB,EAAwB1Q,KAAKoB,QAA7BsP,oBACR1Q,KAAKuU,QAAU,IAAIC,EAAAA,iBAAiB9D,GACpC1Q,KAAK23C,SAAU,EAAAE,EAAAA,sBAAqB73C,KAAKuU,SACzCvU,KAAK23C,QAAQG,YAAc93C,KAAK03C,kBAChC13C,KAAK23C,QAAQI,kBAAkB72C,KAAKlB,KAAKqQ,UACzCrQ,KAAK+Q,SAAU,GAChB,gDACF,gGAED,wFACM/Q,KAAK+Q,QAAS,CAAF,oBACV/Q,KAAK23C,QAAS,CAAF,+BACR33C,KAAK23C,QAAQK,MAAK,OACxBh4C,KAAK23C,aAAUz3C,EAAU,WAEvBF,KAAKuU,QAAS,CAAF,gBAE+C,OAA5DvU,KAAKuU,QAAgB0jC,aAAe,kBAAMv3C,QAAQC,SAAS,EAAC,SACvDX,KAAKuU,QAAQE,QAAO,OAC1BzU,KAAKuU,aAAUrU,EAAU,QAE3BF,KAAK+Q,SAAU,EAAM,iDAExB,6EAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAO/Q,KAAK+Q,OACd,GAAC,sBAED,WACE,OAAO,EAAAuJ,EAAAA,eAAgBta,KAAK+Q,OAC9B,KAAC,EAhE+B,GAgE/B,qLCxFH,SAEMmnC,EAAS,WAAH,OAASnxC,KAAKmZ,MAAMvV,KAAKmC,MAAQ,IAAK,EAErC0F,EAA2B,WAOtC,WAAY5E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,6FALlE,IAAK,qEAED,IAAC,kDAIrBpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EAEfpB,KAAKm4C,sBAAwBn4C,KAAKo4C,uBAAuBt2C,KAAK9B,KAChE,CA6BC,MAPA,EA6BA,OAnDA,oDAID,WACE,GAAIqL,SAAS6S,OACXle,KAAKq4C,WAAaH,SAGf,GAAIl4C,KAAKq4C,WAAa,GAAMH,IAAWl4C,KAAKq4C,YAAcr4C,KAAKoB,QAAQuR,sBAAyB,CACnG,MAAiC3S,KAAK4N,aAAagC,gBAA3Cd,EAAW,EAAXA,YAAaD,EAAO,EAAPA,QACrB,GAAMC,GAAe9O,KAAK4N,aAAauhC,WAAWrgC,GAAc,CAC9D,IAAMlL,EAAM5D,KAAK4N,aAAam0B,oBAAoB,eAElD/hC,KAAK4N,aAAaw0B,MAAMx+B,GAAK+C,OAAM,WAAO,GAC5C,MACK,GAAMkI,GAAW7O,KAAK4N,aAAauhC,WAAWtgC,GAAU,CAC3D,IAAMjL,EAAM5D,KAAK4N,aAAam0B,oBAAoB,WAElD/hC,KAAK4N,aAAaw0B,MAAMx+B,GAAK+C,OAAM,WAAO,GAC5C,CACF,CACF,GAAC,oDAED,oFACM3G,KAAK2R,YAAgBtG,WACvBA,SAAS8S,iBAAiB,mBAAoBne,KAAKm4C,uBACnDn4C,KAAK+Q,SAAU,GAChB,gDACF,gGAED,oFACM1F,WACFA,SAASwU,oBAAoB,mBAAoB7f,KAAKm4C,uBACtDn4C,KAAK+Q,SAAU,GAChB,gDACF,mEAED,WACE,OAAO,EAAAuJ,EAAAA,gBACLta,KAAKoB,QAAQmP,aACbvQ,KAAKoB,QAAQsR,uBACd1S,KAAK+Q,OACR,GAAC,gCAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAO/Q,KAAK+Q,OACd,KAAC,EA/DqC,GA+DrC,kLCzDH,UACA,SAIA,UAIA,UASawB,EAAkB,WAO7B,WAAY3E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,uKAHlE,IAAK,uCACK,GAG1BpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EACfpB,KAAKs4C,oBAAsBt4C,KAAKs4C,oBAAoBx2C,KAAK9B,MACzDA,KAAKu4C,sBAAwBv4C,KAAKu4C,sBAAsBz2C,KAAK9B,MAC7DA,KAAKw4C,sBAAwBx4C,KAAKw4C,sBAAsB12C,KAAK9B,MAC7DA,KAAKy4C,oBAAsBz4C,KAAKy4C,oBAAoB32C,KAAK9B,MACzDA,KAAK04C,qBAAuB14C,KAAK04C,qBAAqB52C,KAAK9B,KAC7D,CAiCC,MArBA,EA2GA,OAvHA,gDAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAOA,KAAK+Q,OACd,GAAC,sBAED,WACE,QAAS/Q,KAAKoB,QAAQqP,cAAe,EAAA6J,EAAAA,eAAgBta,KAAK+Q,OAC5D,GAAC,oDAED,6FACO/Q,KAAK2R,WAAY,CAAF,gDAIZb,EAAoB9Q,KAAKoB,QAAzB0P,gBAAe,SAGrB9Q,KAAKuU,QAAU,IAAIC,EAAAA,iBAAiB1D,GAA2B,sDAEzD,IAAI9P,EAAAA,aAAa,2DAA0D,QAGnFhB,KAAK4N,aAAaC,GAAGC,EAAAA,YAAa9N,KAAKs4C,qBACvCt4C,KAAK4N,aAAaC,GAAGK,EAAAA,cAAelO,KAAKu4C,uBACzCv4C,KAAK4N,aAAaC,GAAGuyB,EAAAA,cAAepgC,KAAKw4C,uBACzCx4C,KAAK4N,aAAaC,GAAGwzB,EAAAA,kBAAmBrhC,KAAKy4C,qBAC7Cz4C,KAAKuU,QAAQ4J,iBAAiB,UAAWne,KAAK04C,sBAC9C14C,KAAK+Q,SAAU,EAAK,yDACrB,gGAED,gGACM/Q,KAAK+Q,QAAS,CAAF,gBAK0D,OAJxE/Q,KAAK4N,aAAamC,IAAIjC,EAAAA,YAAa9N,KAAKs4C,qBACxCt4C,KAAK4N,aAAamC,IAAI7B,EAAAA,cAAelO,KAAKu4C,uBAC1Cv4C,KAAK4N,aAAamC,IAAIqwB,EAAAA,cAAepgC,KAAKw4C,uBAC1Cx4C,KAAK4N,aAAamC,IAAIsxB,EAAAA,kBAAmBrhC,KAAKy4C,qBAClC,QAAZ,EAAAz4C,KAAKuU,eAAO,OAAZ,EAAcsL,oBAAoB,UAAW7f,KAAK04C,sBAAsB,SACtD,QADsD,EAClE14C,KAAKuU,eAAO,aAAZ,EAAcE,QAAO,OAC3BzU,KAAKuU,aAAUrU,EACfF,KAAK+Q,SAAU,EAAM,iDAExB,8EAED,SAA4BnN,EAAamK,GAAc,MAChD/N,KAAK24C,oBAGE,QAAZ,EAAA34C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAMuI,EAAAA,YACNlK,IAAAA,EACAmK,MAAAA,IAEJ,GAAC,mCAED,SAA8BnK,EAAamK,GAAc,MAClD/N,KAAK24C,oBAGE,QAAZ,EAAA34C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAM2I,EAAAA,cACNtK,IAAAA,EACAmK,MAAAA,IAEJ,GAAC,mCAED,SAA8BnK,EAAamK,EAAcoyB,GAAkB,MACpEngC,KAAK24C,oBAGE,QAAZ,EAAA34C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAM66B,EAAAA,cACNx8B,IAAAA,EACAmK,MAAAA,EACAoyB,SAAAA,IAEJ,GAAC,iCAED,SAA4Bx+B,GAAiB,MAC/B,QAAZ,EAAA3B,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAM87B,EAAAA,kBACN1/B,QAAAA,GAEJ,GAAC,kCAGD,SAA6BiK,GAU3B,OADA5L,KAAK24C,mBAAoB,EACjB/sC,EAAIrG,MACV,KAAK87B,EAAAA,kBACHrhC,KAAK4N,aAAawR,aAAamB,WAAW3U,EAAIjK,SAC9C,MACF,KAAKmM,EAAAA,YACH9N,KAAK4N,aAAaqzB,UAAUr1B,EAAIhI,IAAMgI,EAAImC,OAC1C/N,KAAK4N,aAAakzB,sBAAsBl1B,EAAIhI,IAAMgI,EAAImC,OACtD,MACF,KAAKG,EAAAA,cACHlO,KAAK4N,aAAa0yB,wBAAwB10B,EAAIhI,KAC9C5D,KAAK4N,aAAai0B,YAAYj2B,EAAIhI,IAAMgI,EAAImC,OAC5C,MACF,KAAKqyB,EAAAA,cACHpgC,KAAK4N,aAAas0B,YAAYt2B,EAAIhI,IAAMgI,EAAImC,MAAQnC,EAAIu0B,UAK5DngC,KAAK24C,mBAAoB,CAC3B,KAAC,EAtI4B,GAsI5B,0DCvJH,oLACA,oLACA,oLACA,sOCkCA,SAAsB94C,GACpB,OAAO,EAAAie,EAAAA,aAAYje,EAAK,CACtBsB,IAAKtB,EAAI4B,kBAAoB,sBAC7BuZ,OAAQ,SACR3Z,iBAAiB,GAErB,eA3BA,SAAoBxB,GAClB,OAAO,EAAA+B,EAAAA,KAAI/B,EAAK,sBAAuB,CAAEwB,iBAAiB,IACzDH,MAAK,SAAS03C,GACb,IAAI74C,GAAM,EAAAoE,EAAAA,MAAKy0C,EAAS,UAUxB,OARA74C,EAAIwuB,QAAU,WACZ,OAAO,EAAAjtB,EAAAA,MAAKzB,GAAK,EAAAmG,EAAAA,SAAQ4yC,EAAS,WAAWj0C,KAAM,CAAC,EAAG,CAAEtD,iBAAiB,GAC5E,EAEAtB,EAAI26B,KAAO,WACT,OAAO,EAAA94B,EAAAA,KAAI/B,GAAK,EAAAmG,EAAAA,SAAQ4yC,EAAS,QAAQj0C,KAAM,CAAEtD,iBAAiB,GACpE,EAEOtB,CACT,IACC4G,OAAM,WAEL,MAAO,CAACxG,OAAQ,WAClB,GACF,mBAUA,SAAwBN,GACtB,OAAO,EAAAyB,EAAAA,MAAKzB,EAAK,wCAAyC,CAAC,EAAG,CAAEwB,iBAAiB,GACnF,kBA5CA,SAAuBxB,GACrB,OAAOA,EAAI+4C,QAAQh3C,MAChBV,MAAK,SAASnB,GACb,MAAmB,WAAfA,EAAII,MAIV,IACCwG,OAAM,WACL,OAAO,CACT,GACJ,yBAmCA,SAA8B9G,EAAKunC,EAAcyR,GAC/CA,EAAcA,GAAe/vC,OAAOuL,SAAS1P,KAC7CmE,OAAOuL,SAAShU,OAAOR,EAAI4B,kBAAoB,gCAC7C,EAAA4D,EAAAA,eAAc,CACZyzC,2BAA2B,EAC3B/qC,MAAOq5B,EACPyR,YAAaA,IAEnB,EAzDA,aACA,gECVO,SAA0Bh5C,GAQ/B,MAPgB,CACd4U,MAAO07B,EAAAA,aAAaruC,KAAK,KAAMjC,GAC/BoC,OAAQ82C,EAAAA,cAAcj3C,KAAK,KAAMjC,GACjC+B,IAAKo3C,EAAAA,WAAWl3C,KAAK,KAAMjC,GAC3B0uB,QAAS0qB,EAAAA,eAAen3C,KAAK,KAAMjC,GACnCq5C,qBAAsBA,EAAAA,qBAAqBp3C,KAAK,KAAMjC,GAG1D,EAZA,iDCDA,oLACA,oLACA,oLACA,oPCKO,SAONyC,GAEC,OAAO,SAAP,0BAf2C,IAe3C,GAf2C,EAe3C,EAf2C,kbAmBzC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAGqB,OAFtC,+BAASA,KAAM,gDAEf,EAAK+3C,SAAU,EAAAO,EAAAA,mBAAgB,iBAAO,CACxC,CAiBC,OAjBA,0CAGD,WAAiC,WAC/B,OAAOn5C,KAAK44C,QAAQnkC,QACnBvT,MAAK,EAAD,2BAAC,oFAEgB,OAApB,EAAK4f,eAAe,mBACb,GAAI,4CAEZna,OAAM,SAAS1B,GACd,GAAe,iBAAXA,EAAEX,MAA2C,aAAhBW,EAAE4S,UAEjC,OAAO,EAET,MAAM5S,CACR,GACF,KAAC,EAzBI,CAA8B3C,EA2BvC,2HA1CA,0LCYA,UAaA,UACA,SACA,SAEO,SAASywC,EAAkC3xC,IAC3C,EAAAkZ,EAAAA,cAAgBlZ,EAAQ+G,iBAAoB/G,EAAQkJ,aAEvD,EAAA1B,EAAAA,MAAK,8KAET,CAAC,IAGYuqC,EAAkB,WAK7B,WAAYhc,EAA8C1sB,EAA8B/I,IAA0B,4JAChH1B,KAAKm3B,sBAAwBA,EAC7Bn3B,KAAKyK,cAAgBA,EACrBzK,KAAK0B,YAAcA,CACrB,CAuDC,OAvDA,kDAGD,SAAqB03C,EAAqBC,GACxC,OAAOj5C,OAAOC,OAAO,CAAC,EAAGL,KAAKm3B,sBAAsBiiB,GAAcC,EACpE,GAAC,wBAID,SAAWj4C,GAGT,IAFAA,EAAUhB,OAAOC,OAAO,CAAC,EAAGL,KAAKyK,cAAerJ,IAEpC+G,gBACV,OAAO/G,EAAQ+G,gBAGjB,MAAoC/G,EAA9B4G,EAAW,EAAXA,YAAasxC,EAAY,EAAZA,aASnB,GAPmB,mBAAhBtxC,IACD5G,EAAQgI,eAAgB,GAMtBpB,GAAesxC,EAAc,CAC/B,IAAM30B,EAAM20B,EAAatvC,QAAQhC,GAC7B2c,GAAO,IACT20B,EAAeA,EAAa5wC,MAAMic,GAClC3c,OAAc9H,EAElB,CAMA,OAJK8H,IAEHA,EAAchI,KAAK0B,YAAY4G,gBAAgBgxC,IAE1Ct5C,KAAK0B,YAAYwG,iBAAiBF,EAAa5G,EACxD,GAAC,6BAGD,SAAgBA,GAEd2xC,EADA3xC,EAAUpB,KAAK8yC,qBAAqB,QAAS1xC,IAE7C,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc+0B,EAAAA,mBACzC,OAAO,IAAI/H,EAAAA,YAAY31B,EAAS2I,EAClC,GAAC,0BAGD,SAAalJ,GACXA,EAAUpB,KAAK8yC,qBAAqB,QAAS1xC,GAC7C,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAcivC,EAAAA,mBACzC,OAAO,IAAIjiB,EAAAA,YAAY31B,EAAS2I,EAClC,KAAC,EAhE4B,GAgE5B,wIC1FH,aAIagtB,EAAW,WAItB,WAAY31B,EAAwB63C,GAClC,IADuD,4GAClD73C,EACH,MAAM,IAAIX,EAAAA,QAAa,yBAGzB,GAA2B,iBAAhBw4C,IAA6BA,EAAYh2C,OAClD,MAAM,IAAIxC,EAAAA,QAAa,6BAGzBhB,KAAKw5C,YAAcA,EACnBx5C,KAAKmI,gBAAkBxG,CACzB,CA6DC,OA7DA,qCAMD,SAAQiC,GACN,OAAO5D,KAAKof,aAAaxb,EAC3B,GAAC,qBAED,SAAQA,EAAa2F,GACnB,OAAOvJ,KAAKigB,cAAcrc,EAAK2F,EACjC,GAAC,wBAED,SAAW3F,GACT,OAAO5D,KAAK8gB,aAAald,EAC3B,GAAC,wBAMD,WACE,IAAI61C,EAAgBz5C,KAAKmI,gBAAgBkB,QAAQrJ,KAAKw5C,aACtDC,EAAgBA,GAAiB,KACjC,IACE,OAAOvvC,KAAKC,MAAMsvC,EACpB,CAAE,MAAMx0C,GACN,MAAM,IAAIjE,EAAAA,QAAa,mCAAqChB,KAAKw5C,YACnE,CACF,GAAC,wBAED,SAAWv2C,GACT,IACE,IAAIw2C,EAAgBx2C,EAAMiH,KAAKE,UAAUnH,GAAO,KAChDjD,KAAKmI,gBAAgBmB,QAAQtJ,KAAKw5C,YAAaC,EACjD,CAAE,MAAMx0C,GACN,MAAM,IAAIjE,EAAAA,QAAa,0BAA4BhB,KAAKw5C,YAC1D,CACF,GAAC,0BAED,SAAa51C,GACX,GAAKA,EAAL,CAUA,IAAIX,EAAMjD,KAAKof,oBACRnc,EAAIW,GACX5D,KAAKugB,WAAWtd,EAJhB,MANMjD,KAAKmI,gBAAgBuB,WACvB1J,KAAKmI,gBAAgBuB,WAAW1J,KAAKw5C,aAErCx5C,KAAKugB,YAQX,GAAC,2BAED,SAAc3c,EAAK2F,GACjB,IAAItG,EAAMjD,KAAKof,aACfnc,EAAIW,GAAO2F,EACXvJ,KAAKugB,WAAWtd,EAClB,KAAC,EA5EqB,GA4ErB,mDC7FH,oLACA,oLACA,mLACA,oLACA,mPCIO,SAOLX,EAAagX,GAGb,OAAO,SAAP,udAGE,aAA4B,uDAAbzY,EAAI,yBAAJA,EAAI,gBACjB,+BAASA,KAAM,uDACf,MAAiD,EAAKO,QAA9C2d,EAAc,EAAdA,eAAgBE,EAAO,EAAPA,QAASvd,EAAW,EAAXA,YACiD,OAAlF,EAAKqd,eAAiB,IAAIzF,EAAeyF,EAAiBE,EAAUvd,GAAc,CACpF,CAGC,OAHA,0CACD,WAEA,KAAC,EAVI,CAA8BY,EAYvC,oLCbO,WAGL,OAAO,SAAP,0BALuC,IAKvC,GALuC,EAKvC,EALuC,kbAUrC,WAAYzB,GAAW,MAIwD,OAJxD,qBACrB,cAAMA,IAAM,6JACZ,EAAKoe,SAAU,EAAAy6B,EAAAA,mBAAkB74C,GAAM,EAAAm1C,EAAAA,YACvC,EAAKt0C,YAAcb,EAAKa,cAAe,EAAA0d,EAAAA,cACvC,EAAKL,eAAiB,EAAH,KAAQ46B,EAAAA,yBAA4B94C,EAAKke,gBAAiB,CAC/E,CAAC,uBAVI,EADwB,EAAA66B,EAAAA,gCAajC,iGApBA,UAEA,UACA,SAAyC,krBC4ClC,WAAgF,IAAlB5D,EAAgB,uCAI/E6D,GAJ2D,UAAH,6CAAG,CAAC,GAItC56B,SAAW,CAAC,EAyBtC,YAxBqC,IAA1B46B,EAAe3wC,SACxB2wC,EAAe3wC,OAAS8sC,QAEa,IAA5B6D,EAAe1wC,WACxB0wC,EAAe1wC,SAAW0wC,EAAe3wC,OAAS,OAAS,OAIzD2wC,EAAe3wC,SAAW8sC,KAE5B,EAAAptC,EAAAA,MACE,2LAIFixC,EAAe3wC,QAAS,GAKM,SAA5B2wC,EAAe1wC,UAAwB0wC,EAAe3wC,SACxD2wC,EAAe1wC,SAAW,OAGrB0wC,CACT,eAvEO,WAIL,OAHoBz5C,OAAOC,OAAO,CAAC,EAAG+tC,EAAAA,QAAgB,CACpD5jC,cAAe,CAAC,GAGpB,EATA,aAEA,aAyCE,0BAhC4D,CAC5DuD,MAAO,CACLurC,aAAc,CACZ,eACA,iBACA,WAGJQ,MAAO,CACLR,aAAc,CACZ,eACA,iBACA,WAGJprB,YAAa,CACXorB,aAAc,CACZ,iBACA,eACA,WAGJ,qBAAsB,CACpBA,aAAc,CACZ,iBAGJ,eAAgB,CACdA,aAAc,CACZ,sJCtCN,UACA,SAaa5rC,EAAY,WAKvB,aAA6D,IAAjDtM,EAA+B,UAAH,6CAAG,CAAEuM,OAAO,IAAO,kIACzD3N,KAAK2pC,MAAQ,GACb3pC,KAAK+5C,SAAU,EACf/5C,KAAKoB,QAAUA,CACjB,CAiDC,OAjDA,kCAKD,SAAK4Z,EAA+Bg/B,GAAiC,kCAAbn5C,EAAI,iCAAJA,EAAI,kBAC1D,OAAO,IAAIH,SAAQ,SAACC,EAASI,GACvB,EAAK4oC,MAAMnmC,OAAS,IAGK,IAAvB,EAAKpC,QAAQuM,QACf,EAAA/E,EAAAA,MACE,iJAKN,EAAK+gC,MAAMlmC,KAAK,CACduX,OAAAA,EACAg/B,WAAAA,EACAn5C,KAAAA,EACAF,QAAAA,EACAI,OAAAA,IAEF,EAAKqgB,KACP,GACF,GAAC,iBAED,WAAM,WACJ,IAAIphB,KAAK+5C,SAGiB,IAAtB/5C,KAAK2pC,MAAMnmC,OAAf,CAGAxD,KAAK+5C,SAAU,EAEf,IAAIE,EAAYj6C,KAAK2pC,MAAMhhC,QACvB5I,EAAMk6C,EAAUj/B,OAAOpE,MAAMqjC,EAAUD,WAAYC,EAAUp5C,OAC7D,EAAAq5C,EAAAA,WAAUn6C,GACXA,EAAyBmB,KAAK+4C,EAAUt5C,QAASs5C,EAAUl5C,QAAQoL,SAAQ,WAC1E,EAAK4tC,SAAU,EACf,EAAK34B,KACP,KAEA64B,EAAUt5C,QAAQZ,GAClBC,KAAK+5C,SAAU,EACf/5C,KAAKohB,MAbP,CAeF,KAAC,EA1DsB,GA0DtB,iDC3EI,SAAS+4B,IACd,MAAsB,oBAAXrxC,OACFA,OAAOsxC,QACc,oBAAZA,QACTA,aAEP,CAEJ,CAEO,SAAS/rC,IACd,IAAIgsC,EAAgBF,IAGpB,OAAIE,GAAiBA,EAAcjsC,IAC1BisC,EAEF,CACLjsC,IAAK,WAAY,EACjBxF,KAAM,WAAY,EAClB0F,MAAO,WAAY,EACnBC,SAAU,WAAY,EAE1B,CAQO,SAAS+rC,EAAUv+B,GAExB1N,IAAazF,KAAK,gCAAkCmT,EAEtD,+BAEO,SAAuBA,EAAMrW,GAClC,OAAO,WAEL,OADA40C,EAAUv+B,GACHrW,EAAGkR,MAAM,KAAM9L,UACxB,CACF,6CAjBO,SAAciR,GAEnB1N,IAAazF,KAAK,yBAA2BmT,EAE/C,oCC7BA,mLACA,oLACA,oLACA,oLACA,oLACA,0PCfO,SAAkB,GAGvB,IAHuC,IAEnCjD,EAFqBpO,EAAI,EAAJA,KAAMoR,EAAI,EAAJA,KACzBy+B,EAAkB,GAEsB,QAAtCzhC,EAAQ0hC,EAActhC,KAAKxO,KAAiB,eAC5CqlB,EAA0B,QAAtB,EAAQ,QAAR,EAAGjX,SAAK,OAAQ,QAAR,EAAL,EAAO2hC,cAAM,WAAR,EAAL,EAAe1qB,YAAI,QAAS,QAAT,EAAIjX,SAAK,OAAQ,QAAR,EAAL,EAAO2hC,cAAM,WAAR,EAAL,EAAeC,MAC/C3qB,GACFwqB,EAAM92C,KAAKssB,EAEf,CAEA,KAAIwqB,EAAM/2C,OAAS,GAAnB,CAQA,IAFA,IAAMm3C,EAAWJ,EAAMK,MACnB1qB,EAAOpU,EACX,MAAmBy+B,EAAK,eAAE,CAArB,IAAMxqB,EAAI,KACb,GAAI3vB,OAAOyD,UAAUC,eAAeC,KAAKmsB,EAAMH,GAAO,CACpD,GAA0B,YAAtB,aAAOG,EAAKH,IACd,OAGFG,EAAOA,EAAKH,EACd,CACF,CAEA,OAAOG,EAAKyqB,EAhBZ,CAiBF,y+BAhCA,IAAMH,EAAgB,4BAAwC,2DC6BvD,SAAeK,GACpB,OAAO,IAAIn6C,SAAQ,SAASC,GAC1BuL,WAAWvL,EAASk6C,EACtB,GACF,oBAbO,SAAyBr3C,GAG9B,IAFA,IACIs3C,EAAS,GACJ9lC,EAAI,EAA8BA,EAAIxR,IAAUwR,EACvD8lC,GAHkB,gEAGM/zC,KAAKmZ,MADV66B,GACgBh0C,KAAK+zC,WAE1C,OAAOA,CACT,mBAfO,SAAwB/kC,GAC7B,IAAIilC,EAAQjlC,EAAI+C,MAAM,QAClBmiC,EAAUtwC,KAAKuwC,IAAIF,EAAM,GAAIA,EAAM,GAAK,EAAGA,EAAM,GAAIA,EAAM,GAAIA,EAAM,GAAIA,EAAM,IAGnF,OAFc,IAAIrwC,KAAKswC,GAERE,aACjB,WAiBO,SAAgBplC,EAAKqlC,GAC1B,IAAMJ,EAAQjlC,EAAIoB,MAAMikC,GACxB,MAAO,CACLJ,EAAM,GACNA,EAAMK,OAAO,EAAGL,EAAMx3C,QAAQ6X,KAAK+/B,GAEvC,mCCUO,SAASz4C,EAAMM,GACpB,GAAIA,EAAK,CACP,IAAI8S,EAAM7L,KAAKE,UAAUnH,GACzB,GAAI8S,EACF,OAAO7L,KAAKC,MAAM4L,EAEtB,CACA,OAAO9S,CACT,QA/CO,SAAcyC,EAAI4yB,GACvB,IAAIgjB,EAAiBn4C,MAAMU,UAAU6E,MAAM3E,KAAK+G,UAAW,GAC3D,OAAO,WACL,IAAIjK,EAAOsC,MAAMU,UAAU6E,MAAM3E,KAAK+G,WAEtC,OADAjK,EAAOy6C,EAAeC,OAAO16C,GACtB6E,EAAGkR,MAAM0hB,EAAKz3B,EACvB,CACF,qBAGO,WAEL,IAAI26C,EAAO1wC,UAAU,GAWrB,MATe,GAAGpC,MAAM3E,KAAK+G,UAAW,GAC/BhB,SAAQ,SAAS7G,GACxB,IAAK,IAAIw4C,KAAQx4C,EAEX7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKw4C,SAAuBv7C,IAAd+C,EAAIw4C,KACzDD,EAAKC,GAAQx4C,EAAIw4C,GAGvB,IACOD,CACT,SAqCO,SAAcE,EAAYnzB,GAE/B,IADA,IAAIvT,EAAI0mC,EAAWl4C,OACZwR,KAAK,CACV,IAAIgL,EAAO07B,EAAW1mC,GAClB2mC,GAAQ,EACZ,IAAK,IAAIF,KAAQlzB,EACf,GAAKnoB,OAAOyD,UAAUC,eAAeC,KAAKwkB,EAAckzB,IAGpDz7B,EAAKy7B,KAAUlzB,EAAakzB,GAAO,CACrCE,GAAQ,EACR,KACF,CAEF,GAAIA,EACF,OAAO37B,CAEX,CACF,YAEO,SAAiB/c,EAAKqC,EAAUs2C,GACrC,GAAK34C,GAAQA,EAAIzC,OAAjB,CAIA,IAAI6D,EAAO1B,EAAMM,EAAIzC,OAAO8E,IAG5B,OAAIjB,GAAQA,EAAKC,MAAQs3C,EACnBv3C,EAAKC,OAASs3C,EACTv3C,OADT,EAIOA,CAVT,CAYF,SA9CO,SAAcpB,GAEH,IAAhB,IAAI44C,EAAS,CAAC,EAAE,mBAFWC,EAAK,iCAALA,EAAK,kBAGhC,IAAK,IAAIC,KAAK94C,EACR7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAK84C,KAA2B,GAArBD,EAAM9xC,QAAQ+xC,KAChEF,EAAOE,GAAK94C,EAAI84C,IAGpB,OAAOp5C,EAAMk5C,EACf,eAjCO,SAAoB54C,GACzB,IAAI+4C,EAAU,CAAC,EACf,IAAK,IAAIP,KAAQx4C,EACf,GAAI7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKw4C,GAAO,CACnD,IAAIlyC,EAAQtG,EAAIw4C,GACZlyC,UACFyyC,EAAQP,GAAQlyC,EAEpB,CAEF,OAAOyyC,CACT,gDCzBO,SAAoBt2C,GACzB,QAASA,GAA+B,sBAAzB,CAAC,EAAEy+B,SAASpgC,KAAK2B,EAClC,aANO,SAAkBzC,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUsgC,SAASpgC,KAAKd,EACxC,aANO,SAAkBA,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUsgC,SAASpgC,KAAKd,EACxC,cAUO,SAAmBA,GACxB,OAAOA,GAAOA,EAAIkJ,SAAmC,mBAAhBlJ,EAAIkJ,OAC3C,aAlBO,SAAkBlJ,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUsgC,SAASpgC,KAAKd,EACxC,mCCFO,SAAS4a,EAAc1c,GAC5B,MAAO,uBAAuBkZ,KAAKlZ,EACrC,CAoCO,SAAS4vC,EAAoBrmC,GAClC,GAAKA,EAAL,CAIA,IAAIuxC,EAAUvxC,EAAKT,QAAQ,cAAc,IAIzC,OAFUgyC,EAAQhyC,QAAQ,OAAQ,GAJlC,CAOF,2DA5CO,WAA0C,IAAnB9I,EAAM,UAAH,6CAAG,GAAI8qB,EAAO,uCAC7C,OAAIpO,EAAc1c,GACTA,GAET8qB,EAAU8kB,EAAoB9kB,GACZ,MAAX9qB,EAAI,GAAa,GAAH,OAAM8qB,GAAO,OAAG9qB,GAAG,UAAQ8qB,EAAO,YAAI9qB,GAC7D,kBAUO,SAAuB8B,GAC5B,IAAI8S,EAAM,GACV,GAAY,OAAR9S,EACF,IAAK,IAAIW,KAAOX,EACV7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKW,SAC7B1D,IAAb+C,EAAIW,IACS,OAAbX,EAAIW,IACNmS,EAAItS,KAAKG,EAAM,IAAMwX,mBAAmBnY,EAAIW,KAIlD,OAAImS,EAAIvS,OACC,IAAMuS,EAAIsF,KAAK,KAEf,EAEX,kBAxBO,WAA0C,IAAnBla,EAAM,UAAH,6CAAG,GAAI8qB,EAAO,uCAK7C,OAJIpO,EAAc1c,KAChBA,EAAMA,EAAIm0B,UAAUrJ,EAAQzoB,SAGZ,MAAXrC,EAAI,GAAaA,EAAM,IAAH,OAAOA,EACpC,wFCxBA,iBAQI,WACoB+6C,GAAA,SAAAA,EARJ,SAAM,IAAIjrC,IAMnB,UAAe,CAGlB,CA2BR,OAzBIkrC,EAAAA,UAAAA,IAAA,SAAI5yC,GACA,OAAO,KAAK2R,IAAIkhC,IAAI7yC,EACxB,EAEA4yC,EAAAA,UAAAA,IAAA,SAAI5yC,GAAJ,WACI,KAAK2R,IAAIzR,IAAIF,EAAOuD,KAQf,KAAKuvC,MACN,KAAKA,KAAM,EACXnwC,YAAW,WACPowC,EAAKD,KAAM,EACXE,EAAmBD,EACvB,GAAG,GAEX,EAEAH,EAAAA,UAAAA,MAAA,WACI,KAAKjhC,IAAI0a,OACb,EACJ,EArCA,GA4CM,SAAU2mB,EACZC,GASA,IAPA,IAAMC,EAAY3vC,IAAQ0vC,EAAaN,IACjCQ,EAAWF,EAAathC,IAAIyhC,OAAOD,cAM5B,CAET,IAAME,EAAOF,EAASE,OAAOrzC,MAE7B,IAAKqzC,EACD,OAEJ,IAAMrzC,EAAQqzC,EAAK,GAEnB,KADaA,EAAK,GACPH,GAIP,OAHAD,EAAathC,IAAIvR,OAAOJ,GAMpC,CAEM,SAAUuD,IACZ,OAAO,IAAInC,MAAOkyC,SACtB,CArCC,oDC3CY,oKAEPC,EAAW,uBAFJ,IAEI,GAFJ,EAEI,EAFJ,+YAGZ,WAAYC,GAAQ,MAEO,OAFP,WACnB,cAAMA,GAAU,yBACXz4C,KAAO,cAAc,CAC3B,CAIC,OAJA,2BAED,WACC,OAAO,CACR,KAAC,EARe,CAFJ,OAUX,CARwBmO,QAWpBnD,EAAW,WAWhB,WAAY0tC,GAAU,qBACrBh9C,KAAKi9C,gBAAkB,GACvBj9C,KAAKk9C,YAAa,EAClBl9C,KAAKm9C,aAAc,EACnBn9C,KAAKo9C,iBAAkB,EAEvBp9C,KAAKq9C,SAAW,IAAI38C,SAAQ,SAACC,EAASI,GACrC,EAAKu8C,QAAUv8C,EAEf,IAYMyO,EAAW,SAAAM,GAChB,IAAK,EAAKotC,WACT,MAAM,IAAIzqC,MAAM,kEAGjB,EAAKwqC,gBAAgBx5C,KAAKqM,EAC3B,EAWA,OATA1P,OAAOm9C,iBAAiB/tC,EAAU,CACjCC,aAAc,CACb7N,IAAK,kBAAM,EAAKw7C,eAAe,EAC/B3zC,IAAK,SAAA+zC,GACJ,EAAKJ,gBAAkBI,CACxB,KAIKR,GA7BW,SAAAzzC,GACZ,EAAK4zC,aAAgB3tC,EAASC,eAClC,EAAKytC,YAAa,EAClBv8C,EAAQ4I,GAEV,IAEiB,SAAAwF,GAChB,EAAKmuC,YAAa,EAClBn8C,EAAOgO,EACR,GAmBqCS,EACtC,GACD,CA1CC,OA0CA,uBAED,SAAKiuC,EAAaC,GAEjB,OAAO19C,KAAKq9C,SAASn8C,KAAKu8C,EAAaC,EACxC,GAAC,mBAED,SAAMA,GACL,OAAO19C,KAAKq9C,SAAS12C,MAAM+2C,EAC5B,GAAC,qBAED,SAAQC,GACP,OAAO39C,KAAKq9C,SAASlxC,QAAQwxC,EAC9B,GAAC,oBAED,SAAOZ,GACN,GAAK/8C,KAAKk9C,aAAcl9C,KAAKm9C,YAA7B,CAMA,GAFAn9C,KAAKm9C,aAAc,EAEfn9C,KAAKi9C,gBAAgBz5C,OAAS,EACjC,IAAI,IACuC,EADvC,EAvFM,25BAuFN,CACmBxD,KAAKi9C,iBAAe,IAA1C,IAAK,EAAL,sBACCntC,EADiB,UAEjB,+BACF,CAAE,MAAOf,GAER,YADA/O,KAAKs9C,QAAQvuC,EAEd,CAGG/O,KAAKo9C,iBACRp9C,KAAKs9C,QAAQ,IAAIR,EAAYC,GAhB9B,CAkBD,GAAC,sBAED,WACC,OAAO/8C,KAAKm9C,WACb,IAAC,iBA1FD,SAAUS,GACT,OAAO,WAAmB,2BAAfC,EAAU,yBAAVA,EAAU,gBACpB,OAAO,IAAIvuC,GAAY,SAAC3O,EAASI,EAAQyO,GACxCquC,EAAWp6C,KAAK+L,GAEhBouC,EAAM,aAAIC,GAAY38C,KAAKP,EAASI,EACrC,GACD,CACD,KAAC,EATe,GA8FjBX,OAAO8X,eAAe5I,EAAYzL,UAAWnD,QAAQmD,WAErDi6C,EAAOC,QAAUzuC,EACjBwuC,EAAOC,QAAQjB,YAAcA,qCC5G7B18C,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQE,wBAA0BF,EAAQvpC,sBAAmB,EAC7DupC,EAAQG,gBA4ER,SAAyB98C,GACvBA,GAAU,EAAI+8C,EAASC,yBAAyBh9C,GAChD,IAAI4Z,GAAS,EAAIqjC,EAAeC,cAAcl9C,GAC9C,MAAoB,SAAhB4Z,EAAOzV,KACFyV,EAAOkjC,kBAAkBh9C,MAAK,WACnC,OAAO,CACT,IAEOq9C,EAAMC,sBAEjB,EArFAT,EAAQU,eA4FR,SAAwBr9C,GACtBs9C,EAAmBt9C,CACrB,EA7FA,IAAIm9C,EAAQ,EAAQ,MAChBF,EAAiB,EAAQ,MACzBF,EAAW,EAAQ,KAKnBF,EAA0B,IAAIU,IAClCZ,EAAQE,wBAA0BA,EAClC,IAiFIS,EAjFAE,EAAS,EACTpqC,EAAmB,SAA0BlQ,EAAMlD,GA2LvD,IAAyBmT,EACnBsqC,EA1LJ7+C,KAAK2jB,GAAKi7B,IACVX,EAAwBa,IAAI9+C,MAC5BA,KAAKsE,KAAOA,EACRo6C,IACFt9C,EAAUs9C,GAEZ1+C,KAAKoB,SAAU,EAAI+8C,EAASC,yBAAyBh9C,GACrDpB,KAAKgb,QAAS,EAAIqjC,EAAeC,cAAct+C,KAAKoB,SAGpDpB,KAAK++C,KAAM,EAOX/+C,KAAKg/C,MAAQ,KAKbh/C,KAAKi/C,OAAS,CACZtnC,QAAS,GACTunC,SAAU,IAQZl/C,KAAKm/C,KAAO,IAAIR,IAOhB3+C,KAAKo/C,MAAQ,GAKbp/C,KAAKq/C,OAAS,KA8IVR,GADmBtqC,EA5IPvU,MA6IWgb,OAAO2kB,OAAOprB,EAAQjQ,KAAMiQ,EAAQnT,UAC3D,EAAIm9C,EAAMrE,WAAW2E,IACvBtqC,EAAQ8qC,OAASR,EACjBA,EAAa39C,MAAK,SAAUyU,GAK1BpB,EAAQ+qC,OAAS3pC,CACnB,KAEApB,EAAQ+qC,OAAST,CAvJrB,EAwHA,SAASU,EAAMC,EAAkBj6C,EAAMqG,GACrC,IACI6zC,EAAS,CACXC,KAFSF,EAAiBxkC,OAAO2kC,eAGjCp6C,KAAMA,EACNtF,KAAM2L,GAGR,OADmB4zC,EAAiBH,OAASG,EAAiBH,OAASd,EAAMqB,uBACzD1+C,MAAK,WACvB,IAAI2+C,EAAcL,EAAiBxkC,OAAOlP,YAAY0zC,EAAiBF,OAAQG,GAO/E,OAJAD,EAAiBL,KAAKL,IAAIe,GAC1BA,EAAmB,QAAI3+C,MAAK,WAC1B,OAAOs+C,EAAiBL,KAAa,OAAEU,EACzC,IACOA,CACT,GACF,CAgBA,SAASC,EAAqBvrC,GAC5B,OAAIA,EAAQ0qC,OAAOtnC,QAAQnU,OAAS,GAChC+Q,EAAQ0qC,OAAOC,SAAS17C,OAAS,CAEvC,CACA,SAASu8C,EAAmBxrC,EAAShP,EAAMtC,GACzCsR,EAAQ0qC,OAAO15C,GAAM9B,KAAKR,GAS5B,SAAyBsR,GACvB,IAAKA,EAAQwqC,KAAOe,EAAqBvrC,GAAU,CAGjD,IAAIyrC,EAAa,SAAoBP,GACnClrC,EAAQ0qC,OAAOQ,EAAOl6C,MAAMuE,SAAQ,SAAUm2C,GAU5C,IACIC,EAAiBD,EAAeP,KADb,IAEnBD,EAAOC,MAAQQ,GACjBD,EAAev6C,GAAG+5C,EAAOx/C,KAE7B,GACF,EACIy/C,EAAOnrC,EAAQyG,OAAO2kC,eACtBprC,EAAQ8qC,OACV9qC,EAAQ8qC,OAAOn+C,MAAK,WAClBqT,EAAQwqC,KAAM,EACdxqC,EAAQyG,OAAOmlC,UAAU5rC,EAAQ+qC,OAAQU,EAAYN,EACvD,KAEAnrC,EAAQwqC,KAAM,EACdxqC,EAAQyG,OAAOmlC,UAAU5rC,EAAQ+qC,OAAQU,EAAYN,GAEzD,CACF,CAzCEU,CAAgB7rC,EAClB,CACA,SAAS8rC,EAAsB9rC,EAAShP,EAAMtC,GAC5CsR,EAAQ0qC,OAAO15C,GAAQgP,EAAQ0qC,OAAO15C,GAAMilB,QAAO,SAAUlnB,GAC3D,OAAOA,IAAML,CACf,IAqCF,SAAwBsR,GACtB,GAAIA,EAAQwqC,MAAQe,EAAqBvrC,GAAU,CAEjDA,EAAQwqC,KAAM,EACd,IAAIW,EAAOnrC,EAAQyG,OAAO2kC,eAC1BprC,EAAQyG,OAAOmlC,UAAU5rC,EAAQ+qC,OAAQ,KAAMI,EACjD,CACF,CA3CEY,CAAe/rC,EACjB,CA/JAwpC,EAAQvpC,iBAAmBA,EAC3BA,EAAiB+rC,SAAU,EA4B3B/rC,EAAiB3Q,UAAY,CAC3BiI,YAAa,SAAqBF,GAChC,GAAI5L,KAAK8rC,OACP,MAAM,IAAIr5B,MAAM,gFAMhBvI,KAAKE,UAAUwB,IAEjB,OAAO2zC,EAAMv/C,KAAM,UAAW4L,EAChC,EACAqsC,aAAc,SAAsBrsC,GAClC,OAAO2zC,EAAMv/C,KAAM,WAAY4L,EACjC,EACI6nC,cAAU/tC,GACZ,IACI86C,EAAY,CACdd,KAFS1/C,KAAKgb,OAAO2kC,eAGrBj6C,GAAIA,GAEN26C,EAAsBrgD,KAAM,UAAWA,KAAKg/C,OACxCt5C,GAAoB,mBAAPA,GACf1F,KAAKg/C,MAAQwB,EACbT,EAAmB//C,KAAM,UAAWwgD,IAEpCxgD,KAAKg/C,MAAQ,IAEjB,EACA7gC,iBAAkB,SAA0B5Y,EAAMG,GAMhDq6C,EAAmB//C,KAAMuF,EAJT,CACdm6C,KAFS1/C,KAAKgb,OAAO2kC,eAGrBj6C,GAAIA,GAGR,EACAma,oBAAqB,SAA6Bta,EAAMG,GAItD26C,EAAsBrgD,KAAMuF,EAHlBvF,KAAKi/C,OAAO15C,GAAMf,MAAK,SAAUvB,GACzC,OAAOA,EAAIyC,KAAOA,CACpB,IAEF,EACA+O,MAAO,WACL,IAAI6nC,EAAQt8C,KACZ,IAAIA,KAAK8rC,OAAT,CAGAmS,EAAgC,OAAEj+C,MAClCA,KAAK8rC,QAAS,EACd,IAAI2U,EAAezgD,KAAKq/C,OAASr/C,KAAKq/C,OAASd,EAAMqB,sBAGrD,OAFA5/C,KAAKg/C,MAAQ,KACbh/C,KAAKi/C,OAAOtnC,QAAU,GACf8oC,EAENv/C,MAAK,WACJ,OAAOR,QAAQggD,IAAIv9C,MAAM2R,KAAKwnC,EAAM6C,MACtC,IAECj+C,MAAK,WACJ,OAAOR,QAAQggD,IAAIpE,EAAM8C,MAAMlkC,KAAI,SAAUxV,GAC3C,OAAOA,GACT,IACF,IAECxE,MAAK,WACJ,OAAOo7C,EAAMthC,OAAOvG,MAAM6nC,EAAMgD,OAClC,GApBA,CAqBF,EACI/5C,WACF,OAAOvF,KAAKgb,OAAOzV,IACrB,EACIo7C,eACF,OAAO3gD,KAAK8rC,MACd,sCCjLF,IAAI8U,EAAS,EAAQ,MAUrB9C,EAAOC,QAAU,CACfvpC,iBAAkBosC,EAAOpsC,iBACzBqjC,qBAAsB+I,EAAO/I,qBAC7BqG,gBAAiB0C,EAAO1C,gBACxBO,eAAgBmC,EAAOnC,eACvBoC,SAAUD,EAAOC,6CCfnBzgD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETnJ,OAAO49C,eAAeD,EAAS,mBAAoB,CACjD+C,YAAY,EACZl/C,IAAK,WACH,OAAOm/C,EAAkBvsC,gBAC3B,IAEFpU,OAAO49C,eAAeD,EAAS,0BAA2B,CACxD+C,YAAY,EACZl/C,IAAK,WACH,OAAOm/C,EAAkB9C,uBAC3B,IAEF79C,OAAO49C,eAAeD,EAAS,WAAY,CACzC+C,YAAY,EACZl/C,IAAK,WACH,OAAOo/C,EAAoBH,QAC7B,IAEFzgD,OAAO49C,eAAeD,EAAS,kBAAmB,CAChD+C,YAAY,EACZl/C,IAAK,WACH,OAAOm/C,EAAkB7C,eAC3B,IAEF99C,OAAO49C,eAAeD,EAAS,uBAAwB,CACrD+C,YAAY,EACZl/C,IAAK,WACH,OAAOq/C,EAAgBpJ,oBACzB,IAEFz3C,OAAO49C,eAAeD,EAAS,iBAAkB,CAC/C+C,YAAY,EACZl/C,IAAK,WACH,OAAOm/C,EAAkBtC,cAC3B,IAEF,IAAIsC,EAAoB,EAAQ,MAC5BE,EAAkB,EAAQ,MAC1BD,EAAsB,EAAQ,yCCzClC5gD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQ8C,SAcR,SAAkBK,GAChBA,EAAc3vC,UAAW,EACzB2vC,EAAcC,YAAa,EAC3B,IAAIC,GAAW,EAAIC,EAAQvC,MAAK,WAC9B,OAAOoC,EAAclJ,KACvB,IACAkJ,EAAcI,KAAK79C,KAAK29C,GACxB,IAAIG,EAAmB,SAA0B31C,GAC3B,WAAhBA,EAAI2e,SAAuC,UAAf3e,EAAIwd,QAClCo4B,EAAkBN,EAAe,QAEf,WAAhBt1C,EAAI2e,SAAuC,SAAf3e,EAAIwd,QAAsB83B,EAAcO,QAStEP,EAAcO,OAAQ,EACtBP,EAAcQ,OACdF,EAAkBN,EAAe,QAErC,EAIA,OAFAA,EAAc1B,iBAAiBrhC,iBAAiB,WAAYojC,GAC5DL,EAAcS,OAAOl+C,KAAK89C,GACnBC,EAAkBN,EAAe,OAC1C,EA1CAnD,EAAQyD,kBAAoBA,EAC5B,IAAIH,EAAU,EAAQ,MAItB,SAASG,EAAkBN,EAAe93B,GACxC,IAAIw4B,EAAU,CACZr3B,QAAS,SACTnB,OAAQA,EACRrb,MAAOmzC,EAAcnzC,OAEvB,OAAOmzC,EAAc1B,iBAAiBvH,aAAa2J,EACrD,oCChBAxhD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQ8D,2BAAwB,EAChC,IAAItD,EAAQ,EAAQ,MAChByC,EAAsB,EAAQ,MAK9Ba,EAAwB,SAA+BrC,EAAkBp+C,GAC3E,IAAIk7C,EAAQt8C,KACZA,KAAKw/C,iBAAmBA,EACxBA,EAAiBJ,MAAM37C,MAAK,WAC1B,OAAO64C,EAAMtE,KACf,IACAh4C,KAAKm+C,SAAW/8C,EAChBpB,KAAKuR,UAAW,EAChBvR,KAAK8hD,QAAS,EACd9hD,KAAK+N,OAAQ,EAAIwwC,EAAMwD,eACvB/hD,KAAK2hD,OAAS,GACd3hD,KAAKshD,KAAO,GACZthD,KAAK0hD,KAAO,WAAa,EACzB1hD,KAAKyhD,OAAQ,EAEbzhD,KAAKgiD,MAAQ,CAAC,EAGdhiD,KAAKiiD,GAAK,cAAgBzC,EAAiBxkC,OAAOzV,KAAO,KAAOi6C,EAAiBl7C,IACnF,EACAy5C,EAAQ8D,sBAAwBA,EAChCA,EAAsBh+C,UAAY,CAChC+zC,UAAW,WACT,IAAIsK,EAASliD,KACb,OAAOwa,UAAU2nC,MAAMp3B,QAAQ7pB,MAAK,SAAUihD,GAC5C,IAAIC,EAAgBD,EAAME,KAAOF,EAAME,KAAK73B,QAAO,SAAU83B,GAC3D,OAAOA,EAAKh+C,OAAS49C,EAAOD,EAC9B,IAAK,GACL,SAAIG,GAAiBA,EAAc5+C,OAAS,EAK9C,GACF,EACAu0C,gBAAiB,WACf,IAAIwK,EAASviD,KACb,IAAKA,KAAKwiD,MAAO,CACfxiD,KAAKgiD,MAAMhtC,EAAI,IAAIytC,gBACnB,IAAIC,EAAgB,IAAIhiD,SAAQ,SAAUX,EAAK4iD,GAC7CJ,EAAOP,MAAMjiD,IAAMA,EACnBwiD,EAAOP,MAAMW,IAAMA,CACrB,IACA3iD,KAAKwiD,MAAQ,IAAI9hD,SAAQ,SAAUX,GACjCya,UAAU2nC,MAAMS,QAAQL,EAAON,GAAI,CACjCY,OAAQN,EAAOP,MAAMhtC,EAAE6tC,SACtB,WAKD,OAHAN,EAAOP,MAAMhtC,OAAI9U,GACjB,EAAI8gD,EAAoBH,UAAU0B,GAClCxiD,IACO2iD,CACT,IAAU,OAAE,WAAa,GAC3B,GACF,CACA,OAAO1iD,KAAKwiD,KACd,EACI1K,gBAAYgL,GAEhB,EACA9K,IAAK,WACH,IAAI+K,EAAS/iD,KAmBb,OAlBAA,KAAK2hD,OAAO73C,SAAQ,SAAUqB,GAC5B,OAAO43C,EAAOvD,iBAAiB3/B,oBAAoB,WAAY1U,EACjE,IACAnL,KAAK2hD,OAAS,GACd3hD,KAAKshD,KAAKx3C,SAAQ,SAAUk5C,GAC1B,OAAOA,EAAIj4C,QACb,IACA/K,KAAKshD,KAAO,GACRthD,KAAKuR,WACPvR,KAAKuR,UAAW,GAElBvR,KAAK8hD,QAAS,EACV9hD,KAAKgiD,MAAMjiD,KACbC,KAAKgiD,MAAMjiD,MAETC,KAAKgiD,MAAMhtC,GACbhV,KAAKgiD,MAAMhtC,EAAEiuC,MAAM,uCAEd,EAAIjC,EAAoBQ,mBAAmBxhD,KAAM,QAC1D,sCC3FFI,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQlG,qBAkRR,SAA8BtjC,EAASnT,GACrC,GAAImT,EAAQ2uC,eACV,MAAM,IAAIzwC,MAAM,iDAElBrR,EAfF,SAAiCA,EAASmT,GASxC,OARKnT,IAASA,EAAU,CAAC,IACzBA,EAAU8I,KAAKC,MAAMD,KAAKE,UAAUhJ,KACvB+hD,mBACX/hD,EAAQ+hD,iBAAmB,KAExB/hD,EAAQgiD,eACXhiD,EAAQgiD,aAAe7uC,EAAQyG,OAAOqoC,oBAAoB9uC,EAAQnT,UAE7DA,CACT,CAKYg9C,CAAwBh9C,EAASmT,GAC3C,IAAIojC,GAAU,EAAI4G,EAAM+E,sBAAwB,IAAIC,EAAuB1B,sBAAsBttC,EAASnT,GAAW,IAAIoiD,EAAejvC,EAASnT,GAKjJ,OAJAmT,EAAQ6qC,MAAM37C,MAAK,WACjB,OAAOk0C,EAAQK,KACjB,IACAzjC,EAAQ2uC,eAAiBvL,EAClBA,CACT,EA5RA,IAAI4G,EAAQ,EAAQ,MAChByC,EAAsB,EAAQ,MAC9BuC,EAAyB,EAAQ,KACjCC,EAAiB,SAAwBhE,EAAkBp+C,GAC7D,IAAIk7C,EAAQt8C,KACZA,KAAKw/C,iBAAmBA,EACxBx/C,KAAKm+C,SAAW/8C,EAChBpB,KAAKuR,UAAW,EAChBvR,KAAKmhD,YAAa,EAClBnhD,KAAK8hD,QAAS,EACd9hD,KAAK+N,OAAQ,EAAIwwC,EAAMwD,eAOvB/hD,KAAKyjD,MAAQlF,EAAMqB,sBAEnB5/C,KAAK0jD,OAAS,EAGd1jD,KAAKshD,KAAO,GACZthD,KAAK2hD,OAAS,GACd3hD,KAAK0hD,KAAO,WAAa,EACzB1hD,KAAKyhD,OAAQ,EAOb,IAAIkC,EAAoB,SAA2B/3C,GAC7B,WAAhBA,EAAI2e,UACa,UAAf3e,EAAIwd,SACNkzB,EAAM6E,YAAa,GAEF,SAAfv1C,EAAIwd,SACNkzB,EAAM6E,YAAa,GAGzB,EACAnhD,KAAKw/C,iBAAiBrhC,iBAAiB,WAAYwlC,GACnD3jD,KAAK2hD,OAAOl+C,KAAKkgD,EACnB,EACAH,EAAe3/C,UAAY,CACzB+zC,UAAW,WACT,OAAOl3C,QAAQC,QAAQX,KAAKmhD,WAC9B,EAMAyC,UAAW,SAEXC,GACE,IAAI3B,EAASliD,KACb,OAAIA,KAAKuR,UACA,EAAIgtC,EAAMuF,OAAO,GAAG,GAEzB9jD,KAAK8hD,QACA,EAAIvD,EAAMuF,OAAO,GAAG,GAOzB9jD,KAAK0jD,OAAS,EACT1jD,KAAKyjD,OAyFdzjD,KAAK0jD,OAAS1jD,KAAK0jD,OAAS,EAC5B1jD,KAAKyjD,MAAQzjD,KAAKyjD,MAAMviD,MAAK,WAC3B,OArFa,WAMb,GAAIghD,EAAO3wC,SACT,OAAOgtC,EAAMwF,sBAEf,IACIC,EADAC,GAAe,EAQfC,EAAsB,IAAIxjD,SAAQ,SAAUX,GAC9CikD,EAA6B,WAC3BC,GAAe,EACflkD,GACF,CACF,IACIokD,EAAgB,SAAuBv4C,GACrB,WAAhBA,EAAI2e,SAAwB3e,EAAImC,OAASm0C,EAAOn0C,QAC/B,UAAfnC,EAAIwd,QAEFxd,EAAImC,MAAQm0C,EAAOn0C,OAKrBi2C,IAGe,SAAfp4C,EAAIwd,SAEN46B,IACA9B,EAAOf,YAAa,GAG1B,EACAe,EAAO1C,iBAAiBrhC,iBAAiB,WAAYgmC,GAYrD,IAAIC,EAAoBP,EAAwD,EAA/B3B,EAAO/D,SAASiF,aAAmBlB,EAAO/D,SAASiF,aACpG,OAAO,EAAIpC,EAAoBQ,mBAAmBU,EAAQ,SACzDhhD,MAAK,WACJ,OAAOR,QAAQ2jD,KAAK,EAAC,EAAI9F,EAAMuF,OAAOM,GAAoBF,EAAoBhjD,MAAK,WACjF,OAAOR,QAAQK,OAAO,IAAI0R,MAC5B,KACF,IAECvR,MAAK,WACJ,OAAO,EAAI8/C,EAAoBQ,mBAAmBU,EAAQ,QAC5D,IAEChhD,MAAK,WACJ,OAAOR,QAAQ2jD,KAAK,EAAC,EAAI9F,EAAMuF,OAAOM,GAAoBF,EAAoBhjD,MAAK,WACjF,OAAOR,QAAQK,OAAO,IAAI0R,MAC5B,KACF,IAAU,OAAE,WAAa,IAAGvR,MAAK,WAE/B,OADAghD,EAAO1C,iBAAiB3/B,oBAAoB,WAAYskC,IACnDF,IAEI,EAAIjD,EAAoBH,UAAUqB,GAAQhhD,MAAK,WACpD,OAAO,CACT,GAKJ,GACF,CAGSojD,EACT,IAAGpjD,MAAK,WACNghD,EAAOwB,OAASxB,EAAOwB,OAAS,CAClC,IACO1jD,KAAKyjD,MAAMviD,MAAK,WACrB,OAAOghD,EAAO3wC,QAChB,IACF,EACAwmC,gBAAiB,WAKf,OAHC/3C,KAAKukD,OACJvkD,KAAKukD,MA6BmBrD,EA7BSlhD,MA8BnBuR,SACTgtC,EAAMqB,sBAER,IAAIl/C,SAAQ,SAAUX,GAC3B,IAAIykD,GAAW,EACf,SAASC,IACHD,IAGJA,GAAW,EACXtD,EAAc1B,iBAAiB3/B,oBAAoB,WAAY6kC,GAC/D3kD,GAAI,GACN,CAGAmhD,EAAc0C,YAAY1iD,MAAK,WACzBggD,EAAc3vC,UAChBkzC,GAEJ,IAMoB,SAASE,IAC3B,OAAO,EAAIpG,EAAMuF,OAAO5C,EAAc/C,SAASgF,kBAAkBjiD,MAAK,WACpE,IAAIggD,EAAcY,SAAU0C,EAG5B,OAAItD,EAAc3vC,cAChBkzC,IAEOvD,EAAc0C,WAAU,GAAM1iD,MAAK,WACpCggD,EAAc3vC,SAChBkzC,IAEAE,GAEJ,GAEJ,GACF,CACAA,GAGA,IAAID,EAAoB,SAA2B94C,GAC7B,WAAhBA,EAAI2e,SAAuC,UAAf3e,EAAIwd,SAClC83B,EAAcC,YAAa,EAC3BD,EAAc0C,YAAY1iD,MAAK,WACzBggD,EAAc3vC,UAChBkzC,GAEJ,IAEJ,EACAvD,EAAc1B,iBAAiBrhC,iBAAiB,WAAYumC,GAC5DxD,EAAcS,OAAOl+C,KAAKihD,EAC5B,KAtFS1kD,KAAKukD,KA2BhB,IAA8BrD,CA1B5B,EACIpJ,gBAAYpyC,GACd1F,KAAK0hD,KAAOh8C,CACd,EACAsyC,IAAK,WACH,IAAIuK,EAASviD,KAcb,OAbAA,KAAK2hD,OAAO73C,SAAQ,SAAUqB,GAC5B,OAAOo3C,EAAO/C,iBAAiB3/B,oBAAoB,WAAY1U,EACjE,IACAnL,KAAK2hD,OAAS,GACd3hD,KAAKshD,KAAKx3C,SAAQ,SAAUk5C,GAC1B,OAAOA,EAAIj4C,QACb,IACA/K,KAAKshD,KAAO,GACRthD,KAAKuR,WACPvR,KAAKmhD,YAAa,EAClBnhD,KAAKuR,UAAW,GAElBvR,KAAK8hD,QAAS,GACP,EAAId,EAAoBQ,mBAAmBxhD,KAAM,QAC1D,sCCvMY,EAAQ,MACtBI,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQO,aAaR,SAAsBl9C,GACpB,IAAIwjD,EAAgB,GAAGrJ,OAAOn6C,EAAQyjD,QAASC,GAASt6B,OAAOqJ,SAK/D,GAAIzyB,EAAQmE,KAAM,CAChB,GAAqB,aAAjBnE,EAAQmE,KAEV,OAAOw/C,EAAUC,eAEnB,IAAI7mB,EAAMymB,EAAcpgD,MAAK,SAAUygD,GACrC,OAAOA,EAAE1/C,OAASnE,EAAQmE,IAC5B,IACA,GAAK44B,EAAwE,OAAOA,EAA1E,MAAM,IAAI1rB,MAAM,eAAiBrR,EAAQmE,KAAO,aAC5D,CAMKnE,EAAQ8jD,mBACXN,EAAgBA,EAAcp6B,QAAO,SAAUy6B,GAC7C,MAAkB,QAAXA,EAAE1/C,IACX,KAEF,IAAI4/C,EAAYP,EAAcpgD,MAAK,SAAUwW,GAC3C,OAAOA,EAAOoqC,WAChB,IACA,GAAKD,EAKH,OAAOA,EAJP,MAAM,IAAI1yC,MAAM,6BAA+BvI,KAAKE,UAAU06C,EAAQ5pC,KAAI,SAAU+pC,GAClF,OAAOA,EAAE1/C,IACX,KAIJ,EAhDA,IAAI8/C,EAAU,EAAQ,MAClBC,EAAa,EAAQ,MACrBC,EAAgB,EAAQ,MACxBR,EAAY,EAAQ,MAMpBD,EAAU,CAACO,EAAQG,aAEvBF,EAAWG,gBAAiBF,EAAcG,uDChB1CtlD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQ4H,qBAAuB5H,EAAQ0H,qBAAkB,EACzD1H,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQ6H,iBAAmBA,EAC3B7H,EAAQtpC,MAAQA,EAChBspC,EAAQ8H,2BAA6BA,EACrC9H,EAAQpe,OAASA,EACjBoe,EAAQ+H,eAAiBA,EACzB/H,EAAQgI,eA8GR,SAAwB/gB,GACtB,IAAIllC,EAAKklC,EAAG9W,YAAY83B,EAAiB,WAAYL,GACjDzgB,EAAcplC,EAAGolC,YAAY8gB,GAC7B7nB,EAAM,GACV,OAAO,IAAIz9B,SAAQ,SAAUX,GAC3BmlC,EAAY+gB,aAAalhB,UAAY,SAAUmhB,GAC7C,IAAIC,EAASD,EAAGp8B,OAAO5N,OACnBiqC,GACFhoB,EAAI16B,KAAK0iD,EAAO58C,OAEhB48C,EAAiB,aAEjBN,EAA2B/lD,GAC3BC,EAAIo+B,GAER,CACF,GACF,EA9HA4f,EAAQqI,OAASA,EACjBrI,EAAQsI,sBAAwBA,EAChCtI,EAAQuI,eAAiBA,EACzBvI,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQjyC,YAAcA,EACtBiyC,EAAQwI,mBAAqBA,EAC7BxI,EAAQx4C,UAAO,EACfw4C,EAAQyI,aAAeA,EACvB,IAAIjI,EAAQ,EAAQ,MAChBkI,EAAgB,EAAQ,MACxBtI,EAAW,EAAQ,KAUnBwB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAI+G,EAAY,8BACZV,EAAkB,WAMlBL,EAAuB,CACzBgB,WAAY,WAKd,SAASP,IACP,GAAyB,oBAAdrsC,UAA2B,OAAOA,UAC7C,GAAsB,oBAAXjR,OAAwB,CACjC,QAAmC,IAAxBA,OAAO89C,aAA8B,OAAO99C,OAAO89C,aAC9D,QAAsC,IAA3B99C,OAAO+9C,gBAAiC,OAAO/9C,OAAO+9C,gBACjE,QAAkC,IAAvB/9C,OAAOg+C,YAA6B,OAAOh+C,OAAOg+C,WAC/D,CACA,OAAO,CACT,CAOA,SAASjB,EAA2B/lD,GAC9BA,EAAGinD,QACLjnD,EAAGinD,QAEP,CACA,SAASjB,EAAekB,GACtB,IAAIC,EAAYb,IAGZc,EAASR,EAAYM,EAOrBG,EAAcF,EAAUtiB,KAAKuiB,GAQjC,OAPAC,EAAYtiB,gBAAkB,SAAUqhB,GAC7BA,EAAGp8B,OAAO5N,OAChB4oB,kBAAkBkhB,EAAiB,CACpCoB,QAAS,KACTC,eAAe,GAEnB,EACO,IAAI3mD,SAAQ,SAAUX,EAAK4iD,GAChCwE,EAAYviB,QAAU,SAAUshB,GAC9B,OAAOvD,EAAIuD,EACb,EACAiB,EAAYpiB,UAAY,WACtBhlC,EAAIonD,EAAYjrC,OAClB,CACF,GACF,CAMA,SAASsqC,EAAaxhB,EAAIsiB,EAAYC,GACpC,IACIC,EAAc,CAChBC,KAAMH,EACN5H,MAHS,IAAI/0C,MAAOkyC,UAIpB58C,KAAMsnD,GAEJznD,EAAKklC,EAAG9W,YAAY,CAAC83B,GAAkB,YAAaL,GACxD,OAAO,IAAIjlD,SAAQ,SAAUX,EAAK4iD,GAChC7iD,EAAGqlC,WAAa,WACd,OAAOplC,GACT,EACAD,EAAG8kC,QAAU,SAAUshB,GACrB,OAAOvD,EAAIuD,EACb,EACkBpmD,EAAGolC,YAAY8gB,GACrBlH,IAAI0I,GAChB3B,EAA2B/lD,EAC7B,GACF,CAmBA,SAASumD,EAAsBrhB,EAAI0iB,GACjC,IAAI5nD,EAAKklC,EAAG9W,YAAY83B,EAAiB,WAAYL,GACjDzgB,EAAcplC,EAAGolC,YAAY8gB,GAC7B7nB,EAAM,GACNwpB,EAAgBC,YAAYC,MAAMH,EAAe,EAAGI,KAOxD,GAAI5iB,EAAY6iB,OAAQ,CACtB,IAAIC,EAAgB9iB,EAAY6iB,OAAOJ,GACvC,OAAO,IAAIjnD,SAAQ,SAAUX,EAAK4iD,GAChCqF,EAAcpjB,QAAU,SAAUh+B,GAChC,OAAO+7C,EAAI/7C,EACb,EACAohD,EAAcjjB,UAAY,SAAU9/B,GAClClF,EAAIkF,EAAE6kB,OAAO5N,OACf,CACF,GACF,CAYA,OAAO,IAAIxb,SAAQ,SAAUX,EAAK4iD,GAChC,IAAIsF,EAZN,WAIE,IAEE,OADAN,EAAgBC,YAAYC,MAAMH,EAAe,EAAGI,KAC7C5iB,EAAY+gB,WAAW0B,EAChC,CAAE,MAAO1iD,GACP,OAAOigC,EAAY+gB,YACrB,CACF,CAE0BA,GACxBgC,EAAkBrjB,QAAU,SAAUh+B,GACpC,OAAO+7C,EAAI/7C,EACb,EACAqhD,EAAkBljB,UAAY,SAAUmhB,GACtC,IAAIC,EAASD,EAAGp8B,OAAO5N,OACnBiqC,EACEA,EAAO58C,MAAMoa,GAAK+jC,EAAe,EACnCvB,EAAiB,SAAEuB,EAAe,IAElCvpB,EAAI16B,KAAK0iD,EAAO58C,OAChB48C,EAAiB,aAGnBN,EAA2B/lD,GAC3BC,EAAIo+B,GAER,CACF,GACF,CACA,SAASooB,EAAmB2B,EAAcC,GACxC,GAAID,EAAapc,OACf,OAAOprC,QAAQC,QAAQ,IAEzB,IACIukC,EADKgjB,EAAaljB,GAAG9W,YAAY83B,EAAiB,YAAaL,GAC9CzgB,YAAY8gB,GACjC,OAAOtlD,QAAQggD,IAAIyH,EAAIjtC,KAAI,SAAUyI,GACnC,IAAIykC,EAAgBljB,EAAoB,OAAEvhB,GAC1C,OAAO,IAAIjjB,SAAQ,SAAUX,GAC3BqoD,EAAcrjB,UAAY,WACxB,OAAOhlC,GACT,CACF,GACF,IACF,CACA,SAASumD,EAAethB,EAAIkX,GAC1B,IAAIO,GAAY,IAAI9xC,MAAOkyC,UAAYX,EACnCp8C,EAAKklC,EAAG9W,YAAY83B,EAAiB,WAAYL,GACjDzgB,EAAcplC,EAAGolC,YAAY8gB,GAC7B7nB,EAAM,GACV,OAAO,IAAIz9B,SAAQ,SAAUX,GAC3BmlC,EAAY+gB,aAAalhB,UAAY,SAAUmhB,GAC7C,IAAIC,EAASD,EAAGp8B,OAAO5N,OACvB,GAAIiqC,EAAQ,CACV,IAAIkC,EAASlC,EAAO58C,MAChB8+C,EAAO3I,KAAOjD,GAChBte,EAAI16B,KAAK4kD,GAETlC,EAAiB,aAGjBN,EAA2B/lD,GAC3BC,EAAIo+B,GAER,MACEp+B,EAAIo+B,EAER,CACF,GACF,CACA,SAASynB,EAAiBsC,GACxB,OAAO5B,EAAe4B,EAAaljB,GAAIkjB,EAAa9mD,QAAQknD,IAAIpM,KAAKh7C,MAAK,SAAUqnD,GAClF,OAAOhC,EAAmB2B,EAAcK,EAAOrtC,KAAI,SAAUtP,GAC3D,OAAOA,EAAI+X,EACb,IACF,GACF,CACA,SAASgc,EAAOqnB,EAAa5lD,GAE3B,OADAA,GAAU,EAAI+8C,EAASC,yBAAyBh9C,GACzC0kD,EAAekB,GAAa9lD,MAAK,SAAU8jC,GAChD,IAAIr2B,EAAQ,CACVm9B,QAAQ,EACR4b,aAAc,EACdV,YAAaA,EACb5lD,QAASA,EACTqmD,MAAM,EAAIlJ,EAAMwD,eAMhByG,KAAM,IAAI/B,EAActK,aAA+B,EAAlB/6C,EAAQknD,IAAIpM,KAEjDuM,kBAAmBlK,EAAMqB,sBACzB8I,iBAAkB,KAClBC,kBAAmB,GACnB3jB,GAAIA,GAoBN,OAXAA,EAAG4jB,QAAU,WACXj6C,EAAMm9B,QAAS,EACX1qC,EAAQknD,IAAIM,SAASxnD,EAAQknD,IAAIM,SACvC,EAOAC,EAAUl6C,GACHA,CACT,GACF,CACA,SAASk6C,EAAUl6C,GACbA,EAAMm9B,QACVgd,EAAgBn6C,GAAOzN,MAAK,WAC1B,OAAO,EAAIq9C,EAAMuF,OAAOn1C,EAAMvN,QAAQknD,IAAInF,iBAC5C,IAAGjiD,MAAK,WACN,OAAO2nD,EAAUl6C,EACnB,GACF,CAWA,SAASm6C,EAAgBn6C,GAEvB,OAAIA,EAAMm9B,OAAeyS,EAAMqB,sBAG1BjxC,EAAM+5C,iBACJrC,EAAsB13C,EAAMq2B,GAAIr2B,EAAM+4C,cAAcxmD,MAAK,SAAU6nD,GACxE,IAAIC,EAAcD,EAKdv+B,QAAO,SAAUi1B,GACnB,QAASA,CACX,IAAGvkC,KAAI,SAAUukC,GAIf,OAHIA,EAAO97B,GAAKhV,EAAM+4C,eACpB/4C,EAAM+4C,aAAejI,EAAO97B,IAEvB87B,CACT,IAAGj1B,QAAO,SAAUi1B,GAClB,OA9BN,SAAwBA,EAAQ9wC,GAC9B,QAAI8wC,EAAOgI,OAAS94C,EAAM84C,MACtB94C,EAAM65C,KAAKpM,IAAIqD,EAAO97B,KACtB87B,EAAOx/C,KAAKy/C,KAAO/wC,EAAMs6C,qBAE/B,CAyBaC,CAAezJ,EAAQ9wC,EAChC,IAAGw6C,MAAK,SAAUC,EAASC,GACzB,OAAOD,EAAQ1J,KAAO2J,EAAQ3J,IAChC,IAOA,OANAsJ,EAAYl/C,SAAQ,SAAU21C,GACxB9wC,EAAM+5C,mBACR/5C,EAAM65C,KAAK1J,IAAIW,EAAO97B,IACtBhV,EAAM+5C,iBAAiBjJ,EAAOx/C,MAElC,IACOs+C,EAAMqB,qBACf,IA1BoCrB,EAAMqB,qBA2B5C,CACA,SAASnrC,EAAMyzC,GACbA,EAAapc,QAAS,EACtBoc,EAAaljB,GAAGvwB,OAClB,CACA,SAAS3I,EAAYo8C,EAAcX,GASjC,OARAW,EAAaO,kBAAoBP,EAAaO,kBAAkBvnD,MAAK,WACnE,OAAOslD,EAAa0B,EAAaljB,GAAIkjB,EAAaT,KAAMF,EAC1D,IAAGrmD,MAAK,WAC8B,KAAhC,EAAIq9C,EAAM+K,WAAW,EAAG,KAE1B1D,EAAiBsC,EAErB,IACOA,EAAaO,iBACtB,CACA,SAAStI,EAAU+H,EAAcxiD,EAAIg6C,GACnCwI,EAAae,qBAAuBvJ,EACpCwI,EAAaQ,iBAAmBhjD,EAChCojD,EAAgBZ,EAClB,CACA,SAAS9C,IACP,QAASgB,GACX,CACA,SAAS/C,EAAoBjiD,GAC3B,OAAsC,EAA/BA,EAAQknD,IAAInF,gBACrB,CAzTApF,EAAQ4H,qBAAuBA,EAE/B5H,EAAQx4C,KADG,MAyTX,IAAIkgD,EAAkB,CACpB9lB,OAAQA,EACRlrB,MAAOA,EACP0rC,UAAWA,EACXr0C,YAAaA,EACbs5C,UAAWA,EACX7/C,KA/TS,MAgUT89C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQ0H,gBAAkBA,qCCjX1BrlD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQ2H,wBAAqB,EAC7B3H,EAAQwL,wBAA0BA,EAClCxL,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQtpC,MAAQA,EAChBspC,EAAQpe,OAASA,EACjBoe,EAAQp2C,gBAAkBA,EAC1Bo2C,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQjyC,YAAcA,EACtBiyC,EAAQyL,2BAA6BA,EACrCzL,EAAQzzC,WAAaA,EACrByzC,EAAQx4C,UAAO,EACf,IAAIkhD,EAAgB,EAAQ,MACxBtI,EAAW,EAAQ,KACnBI,EAAQ,EAAQ,MAShBoB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAI8J,EAAa,2BACblkD,EAAO,eAOX,SAASoC,IACP,IAAIqB,EACJ,GAAsB,oBAAXF,OAAwB,OAAO,KAC1C,IACEE,EAAeF,OAAOE,aACtBA,EAAeF,OAAO,8BAAgCA,OAAOE,YAC/D,CAAE,MAAO/D,GAIT,CACA,OAAO+D,CACT,CACA,SAASsB,EAAW08C,GAClB,OAAOyC,EAAazC,CACtB,CAMA,SAASl7C,EAAYo8C,EAAcX,GACjC,OAAO,IAAI7mD,SAAQ,SAAUX,IAC3B,EAAIw+C,EAAMuF,SAAS5iD,MAAK,WACtB,IAAI0C,EAAM0G,EAAW49C,EAAalB,aAC9B0C,EAAW,CACb37C,OAAO,EAAIwwC,EAAMwD,eACjBrC,MAAM,IAAI/0C,MAAOkyC,UACjB58C,KAAMsnD,EACNE,KAAMS,EAAaT,MAEjBl+C,EAAQW,KAAKE,UAAUs/C,GAC3B/hD,IAAkB2B,QAAQ1F,EAAK2F,GAO/B,IAAI28C,EAAK76C,SAASs+C,YAAY,SAC9BzD,EAAG0D,UAAU,WAAW,GAAM,GAC9B1D,EAAGtiD,IAAMA,EACTsiD,EAAG2D,SAAWtgD,EACdT,OAAOghD,cAAc5D,GACrBnmD,GACF,GACF,GACF,CACA,SAASwpD,EAAwBvC,EAAathD,GAC5C,IAAI9B,EAAM0G,EAAW08C,GACjB77C,EAAW,SAAkB+6C,GAC3BA,EAAGtiD,MAAQA,GACb8B,EAAGwE,KAAKC,MAAM+7C,EAAG2D,UAErB,EAEA,OADA/gD,OAAOqV,iBAAiB,UAAWhT,GAC5BA,CACT,CACA,SAASq+C,EAA2Br+C,GAClCrC,OAAO+W,oBAAoB,UAAW1U,EACxC,CACA,SAASw0B,EAAOqnB,EAAa5lD,GAE3B,GADAA,GAAU,EAAI+8C,EAASC,yBAAyBh9C,IAC3CgkD,IACH,MAAM,IAAI3yC,MAAM,iDAElB,IAAIg1C,GAAO,EAAIlJ,EAAMwD,eAOjByG,EAAO,IAAI/B,EAActK,aAAa/6C,EAAQ2oD,aAAaC,eAC3Dr7C,EAAQ,CACVq4C,YAAaA,EACbS,KAAMA,EACNe,KAAMA,GAYR,OATA75C,EAAMxD,SAAWo+C,EAAwBvC,GAAa,SAAUvH,GACzD9wC,EAAM+5C,kBACPjJ,EAAOgI,OAASA,GACfhI,EAAO1xC,QAASy6C,EAAKpM,IAAIqD,EAAO1xC,SACjC0xC,EAAOx/C,KAAKy/C,MAAQD,EAAOx/C,KAAKy/C,KAAO/wC,EAAMs6C,uBAEjDT,EAAK1J,IAAIW,EAAO1xC,OAChBY,EAAM+5C,iBAAiBjJ,EAAOx/C,OAChC,IACO0O,CACT,CACA,SAAS8F,EAAMyzC,GACbsB,EAA2BtB,EAAa/8C,SAC1C,CACA,SAASg1C,EAAU+H,EAAcxiD,EAAIg6C,GACnCwI,EAAae,qBAAuBvJ,EACpCwI,EAAaQ,iBAAmBhjD,CAClC,CACA,SAAS0/C,IACP,IAAI6E,EAAKtiD,IACT,IAAKsiD,EAAI,OAAO,EAChB,IACE,IAAIrmD,EAAM,2BACVqmD,EAAG3gD,QAAQ1F,EAAK,SAChBqmD,EAAGvgD,WAAW9F,EAChB,CAAE,MAAOqB,GAIP,OAAO,CACT,CACA,OAAO,CACT,CACA,SAASo+C,IACP,IACI5oC,EAAYD,UAAUC,UAAUoB,cACpC,OAAIpB,EAAU2T,SAAS,YAAc3T,EAAU2T,SAAS,UAE/C87B,IAJS,GAOpB,CA1HAnM,EAAQx4C,KAAOA,EA2Hf,IAAImgD,EAAqB,CACvB/lB,OAAQA,EACRlrB,MAAOA,EACP0rC,UAAWA,EACXr0C,YAAaA,EACbs5C,UAAWA,EACX7/C,KAAMA,EACN89C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQ2H,mBAAqBA,qCCzK7BtlD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQyH,kBAAe,EACvBzH,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQtpC,MAAQA,EAChBspC,EAAQpe,OAASA,EACjBoe,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQjyC,YAAcA,EACtBiyC,EAAQx4C,UAAO,EACf,IAAIg5C,EAAQ,EAAQ,MAChBoB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAIp6C,EAAO,SAEX,SAASo6B,EAAOqnB,GACd,IAAIr4C,EAAQ,CACV+5C,iBAAkB,KAClByB,GAAI,IAAI31C,iBAAiBwyC,GACzBoD,OAAQ,IAQV,OALAz7C,EAAMw7C,GAAG1W,UAAY,SAAU7nC,GACzB+C,EAAM+5C,kBACR/5C,EAAM+5C,iBAAiB98C,EAAI3L,KAE/B,EACO0O,CACT,CACA,SAAS8F,EAAMyzC,GACbA,EAAaiC,GAAG11C,QAChByzC,EAAakC,OAAS,EACxB,CACA,SAASt+C,EAAYo8C,EAAcX,GACjC,IAEE,OADAW,EAAaiC,GAAGr+C,YAAYy7C,GAAa,GAClChJ,EAAMqB,qBACf,CAAE,MAAOh5C,GACP,OAAOlG,QAAQK,OAAO6F,EACxB,CACF,CACA,SAASu5C,EAAU+H,EAAcxiD,GAC/BwiD,EAAaQ,iBAAmBhjD,CAClC,CACA,SAAS0/C,IACP,GAAuB,oBAAXt8C,QAA0C,oBAAT40B,MAAqD,mBAArBlpB,iBAM3E,OAAO,EALP,GAAIA,iBAAiB+rC,QACnB,MAAM,IAAI9tC,MAAM,uGAElB,OAAO,CAIX,CACA,SAAS4wC,IACP,OAAO,GACT,CA1CAtF,EAAQx4C,KAAOA,EA2Cf,IAAIigD,EAAe,CACjB7lB,OAAQA,EACRlrB,MAAOA,EACP0rC,UAAWA,EACXr0C,YAAaA,EACbs5C,UAAWA,EACX7/C,KAAMA,EACN89C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQyH,aAAeA,qCCrEvBplD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQiH,oBAAiB,EACzBjH,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQtpC,MAAQA,EAChBspC,EAAQpe,OAASA,EACjBoe,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQjyC,YAAcA,EACtBiyC,EAAQx4C,UAAO,EACf,IACIo6C,EADQ,EAAQ,MACKA,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAIp6C,EAAO,WACXw4C,EAAQx4C,KAAOA,EACf,IAAI8kD,EAAoB,IAAI1L,IAC5B,SAAShf,EAAOqnB,GACd,IAAIr4C,EAAQ,CACVrK,KAAM0iD,EACN0B,iBAAkB,MAGpB,OADA2B,EAAkBvL,IAAInwC,GACfA,CACT,CACA,SAAS8F,EAAMyzC,GACbmC,EAA0B,OAAEnC,EAC9B,CACA,SAASp8C,EAAYo8C,EAAcX,GACjC,OAAO,IAAI7mD,SAAQ,SAAUX,GAC3B,OAAOmM,YAAW,WACG/I,MAAM2R,KAAKu1C,GACjB7/B,QAAO,SAAUjW,GAC5B,OAAOA,EAAQjQ,OAAS4jD,EAAa5jD,IACvC,IAAGkmB,QAAO,SAAUjW,GAClB,OAAOA,IAAY2zC,CACrB,IAAG19B,QAAO,SAAUjW,GAClB,QAASA,EAAQm0C,gBACnB,IAAG5+C,SAAQ,SAAUyK,GACnB,OAAOA,EAAQm0C,iBAAiBnB,EAClC,IACAxnD,GACF,GAAG,EACL,GACF,CACA,SAASogD,EAAU+H,EAAcxiD,GAC/BwiD,EAAaQ,iBAAmBhjD,CAClC,CACA,SAAS0/C,IACP,OAAO,CACT,CACA,SAAS/B,IACP,OAAO,CACT,CACA,IAAI2B,EAAiB,CACnBrlB,OAAQA,EACRlrB,MAAOA,EACP0rC,UAAWA,EACXr0C,YAAaA,EACbs5C,UAAWA,EACX7/C,KAAMA,EACN89C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQiH,eAAiBA,kCCjEzB5kD,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQK,wBACR,WACE,IAAIkM,EAAkBx/C,UAAUtH,OAAS,QAAsBtD,IAAjB4K,UAAU,GAAmBA,UAAU,GAAK,CAAC,EACvF1J,EAAU8I,KAAKC,MAAMD,KAAKE,UAAUkgD,IA6BxC,YA1BwC,IAA7BlpD,EAAQ8jD,mBAAkC9jD,EAAQ8jD,kBAAmB,GAG3E9jD,EAAQknD,MAAKlnD,EAAQknD,IAAM,CAAC,GAE5BlnD,EAAQknD,IAAIpM,MAAK96C,EAAQknD,IAAIpM,IAAM,MACnC96C,EAAQknD,IAAInF,mBAAkB/hD,EAAQknD,IAAInF,iBAAmB,KAE9DmH,EAAgBhC,KAA8C,mBAAhCgC,EAAgBhC,IAAIM,UAAwBxnD,EAAQknD,IAAIM,QAAU0B,EAAgBhC,IAAIM,SAGnHxnD,EAAQ2oD,eAAc3oD,EAAQ2oD,aAAe,CAAC,GAC9C3oD,EAAQ2oD,aAAaC,gBAAe5oD,EAAQ2oD,aAAaC,cAAgB,KAG1EM,EAAgBzF,UAASzjD,EAAQyjD,QAAUyF,EAAgBzF,SAG1DzjD,EAAQ2b,OAAM3b,EAAQ2b,KAAO,CAAC,GAC9B3b,EAAQ2b,KAAKm/B,MAAK96C,EAAQ2b,KAAKm/B,IAAM,MAKrC96C,EAAQ2b,KAAKwtC,oBAAmBnpD,EAAQ2b,KAAKwtC,kBAAoB,WAC9B,IAA7BnpD,EAAQ2b,KAAKytC,cAA6BppD,EAAQ2b,KAAKytC,aAAc,GACzEppD,CACT,mCCpCAhB,OAAO49C,eAAeD,EAAS,aAAc,CAC3Cx0C,OAAO,IAETw0C,EAAQ6B,sBAAwB7B,EAAQgG,sBAAwBhG,EAAQS,4BAAyB,EACjGT,EAAQ7D,UASR,SAAmBj3C,GACjB,OAAOA,GAA2B,mBAAbA,EAAI/B,IAC3B,EAVA68C,EAAQ4B,aA6CR,WACE,IAAI9E,GAAK,IAAIlwC,MAAOkyC,UACpB,OAAIhC,IAAO4P,EAEG,IAAL5P,KADP6P,GAGAD,EAAS5P,EACT6P,EAAa,EACD,IAAL7P,EAEX,EAtDAkD,EAAQuL,UAwBR,SAAmBqB,EAAKjqB,GACtB,OAAO35B,KAAKmZ,MAAMnZ,KAAK+zC,UAAYpa,EAAMiqB,EAAM,GAAKA,EACtD,EAzBA5M,EAAQgE,YA8BR,WACE,OAAOh7C,KAAK+zC,SAAS3W,SAAS,IAAI7O,UAAU,EAC9C,EA/BAyoB,EAAQ+F,MAcR,SAAepE,EAAMkL,GAEnB,OADKlL,IAAMA,EAAO,GACX,IAAIh/C,SAAQ,SAAUX,GAC3B,OAAOmM,YAAW,WAChB,OAAOnM,EAAI6qD,EACb,GAAGlL,EACL,GACF,EApBA3B,EAAQuF,mBAyDR,WACE,MAAyB,oBAAd9oC,gBAAwD,IAApBA,UAAU2nC,OAA4D,mBAA5B3nC,UAAU2nC,MAAMS,OAK3G,EAxDA,IAAIpE,EAAyB99C,QAAQC,SAAQ,GAC7Co9C,EAAQS,uBAAyBA,EACjC,IAAIuF,EAAwBrjD,QAAQC,SAAQ,GAC5Co9C,EAAQgG,sBAAwBA,EAChC,IAAInE,EAAwBl/C,QAAQC,UACpCo9C,EAAQ6B,sBAAwBA,EAmBhC,IAAI6K,EAAS,EACTC,EAAa,sBC3CjB,IAAInvC,EAAyB,oBAATmiB,KAAuBA,KAAO19B,KAC9C6qD,EAAW,WACf,SAASC,IACT9qD,KAAKwb,OAAQ,EACbxb,KAAK+qD,aAAexvC,EAAOwvC,YAC3B,CAEA,OADAD,EAAEjnD,UAAY0X,EACP,IAAIuvC,CACV,CAPc,IAQf,SAAUptB,IAEO,SAAWqgB,GAE1B,IAAIiN,EAAU,CACZziC,aAAc,oBAAqBmV,EACnCutB,SAAU,WAAYvtB,GAAQ,aAAcif,OAC5CuO,KACE,eAAgBxtB,GAChB,SAAUA,GACV,WACE,IAEE,OADA,IAAIytB,MACG,CACT,CAAE,MAAOlmD,GACP,OAAO,CACT,CACD,CAPD,GAQFmmD,SAAU,aAAc1tB,EACxBjnB,YAAa,gBAAiBinB,GAOhC,GAAIstB,EAAQv0C,YACV,IAAI40C,EAAc,CAChB,qBACA,sBACA,6BACA,sBACA,uBACA,sBACA,uBACA,wBACA,yBAGEC,EACFC,YAAYC,QACZ,SAASvoD,GACP,OAAOA,GAAOooD,EAAYrhD,QAAQ5J,OAAOyD,UAAUsgC,SAASpgC,KAAKd,KAAS,CAC5E,EAGJ,SAASwoD,EAAcnnD,GAIrB,GAHoB,iBAATA,IACTA,EAAOuR,OAAOvR,IAEZ,4BAA4B+V,KAAK/V,GACnC,MAAM,IAAIonD,UAAU,0CAEtB,OAAOpnD,EAAKuX,aACd,CAEA,SAAS8vC,EAAepiD,GAItB,MAHqB,iBAAVA,IACTA,EAAQsM,OAAOtM,IAEVA,CACT,CAGA,SAASqiD,EAAYC,GACnB,IAAInP,EAAW,CACbE,KAAM,WACJ,IAAIrzC,EAAQsiD,EAAMljD,QAClB,MAAO,CAACmjD,UAAgB5rD,IAAVqJ,EAAqBA,MAAOA,EAC5C,GASF,OANIyhD,EAAQC,WACVvO,EAASC,OAAOD,UAAY,WAC1B,OAAOA,CACT,GAGKA,CACT,CAEA,SAASqP,EAAQjpD,GACf9C,KAAKkb,IAAM,CAAC,EAERpY,aAAmBipD,EACrBjpD,EAAQgH,SAAQ,SAASP,EAAOjF,GAC9BtE,KAAKqwC,OAAO/rC,EAAMiF,EACpB,GAAGvJ,MACMmD,MAAMC,QAAQN,GACvBA,EAAQgH,SAAQ,SAAS+O,GACvB7Y,KAAKqwC,OAAOx3B,EAAO,GAAIA,EAAO,GAChC,GAAG7Y,MACM8C,GACT1C,OAAO4rD,oBAAoBlpD,GAASgH,SAAQ,SAASxF,GACnDtE,KAAKqwC,OAAO/rC,EAAMxB,EAAQwB,GAC5B,GAAGtE,KAEP,CA8DA,SAASisD,EAAS3gD,GAChB,GAAIA,EAAK4gD,SACP,OAAOxrD,QAAQK,OAAO,IAAI2qD,UAAU,iBAEtCpgD,EAAK4gD,UAAW,CAClB,CAEA,SAASC,EAAgBC,GACvB,OAAO,IAAI1rD,SAAQ,SAASC,EAASI,GACnCqrD,EAAOC,OAAS,WACd1rD,EAAQyrD,EAAOlwC,OACjB,EACAkwC,EAAOxnB,QAAU,WACf7jC,EAAOqrD,EAAOr9C,MAChB,CACF,GACF,CAEA,SAASu9C,EAAsBpB,GAC7B,IAAIkB,EAAS,IAAIG,WACbjtC,EAAU6sC,EAAgBC,GAE9B,OADAA,EAAOI,kBAAkBtB,GAClB5rC,CACT,CAmBA,SAASmtC,EAAYC,GACnB,GAAIA,EAAIhkD,MACN,OAAOgkD,EAAIhkD,MAAM,GAEjB,IAAIikD,EAAO,IAAI93C,WAAW63C,EAAIE,YAE9B,OADAD,EAAKljD,IAAI,IAAIoL,WAAW63C,IACjBC,EAAK12C,MAEhB,CAEA,SAAS42C,IA0FP,OAzFA7sD,KAAKksD,UAAW,EAEhBlsD,KAAK8sD,UAAY,SAASxhD,GAhM5B,IAAoBrI,EAiMhBjD,KAAK+sD,UAAYzhD,EACZA,EAEsB,iBAATA,EAChBtL,KAAKgtD,UAAY1hD,EACR0/C,EAAQE,MAAQC,KAAKtnD,UAAUopD,cAAc3hD,GACtDtL,KAAKktD,UAAY5hD,EACR0/C,EAAQI,UAAY+B,SAAStpD,UAAUopD,cAAc3hD,GAC9DtL,KAAKotD,cAAgB9hD,EACZ0/C,EAAQziC,cAAgB8kC,gBAAgBxpD,UAAUopD,cAAc3hD,GACzEtL,KAAKgtD,UAAY1hD,EAAK64B,WACb6mB,EAAQv0C,aAAeu0C,EAAQE,OA5M1BjoD,EA4M6CqI,IA3MjDgiD,SAASzpD,UAAUopD,cAAchqD,IA4M3CjD,KAAKutD,iBAAmBd,EAAYnhD,EAAK2K,QAEzCjW,KAAK+sD,UAAY,IAAI5B,KAAK,CAACnrD,KAAKutD,oBACvBvC,EAAQv0C,cAAgB80C,YAAY1nD,UAAUopD,cAAc3hD,IAASggD,EAAkBhgD,IAChGtL,KAAKutD,iBAAmBd,EAAYnhD,GAEpCtL,KAAKgtD,UAAY1hD,EAAOlL,OAAOyD,UAAUsgC,SAASpgC,KAAKuH,GAhBvDtL,KAAKgtD,UAAY,GAmBdhtD,KAAK8C,QAAQlB,IAAI,kBACA,iBAAT0J,EACTtL,KAAK8C,QAAQ2G,IAAI,eAAgB,4BACxBzJ,KAAKktD,WAAaltD,KAAKktD,UAAU3nD,KAC1CvF,KAAK8C,QAAQ2G,IAAI,eAAgBzJ,KAAKktD,UAAU3nD,MACvCylD,EAAQziC,cAAgB8kC,gBAAgBxpD,UAAUopD,cAAc3hD,IACzEtL,KAAK8C,QAAQ2G,IAAI,eAAgB,mDAGvC,EAEIuhD,EAAQE,OACVlrD,KAAKkrD,KAAO,WACV,IAAIsC,EAAWvB,EAASjsD,MACxB,GAAIwtD,EACF,OAAOA,EAGT,GAAIxtD,KAAKktD,UACP,OAAOxsD,QAAQC,QAAQX,KAAKktD,WACvB,GAAIltD,KAAKutD,iBACd,OAAO7sD,QAAQC,QAAQ,IAAIwqD,KAAK,CAACnrD,KAAKutD,oBACjC,GAAIvtD,KAAKotD,cACd,MAAM,IAAI36C,MAAM,wCAEhB,OAAO/R,QAAQC,QAAQ,IAAIwqD,KAAK,CAACnrD,KAAKgtD,YAE1C,EAEAhtD,KAAKyW,YAAc,WACjB,OAAIzW,KAAKutD,iBACAtB,EAASjsD,OAASU,QAAQC,QAAQX,KAAKutD,kBAEvCvtD,KAAKkrD,OAAOhqD,KAAKorD,EAE5B,GAGFtsD,KAAK+b,KAAO,WACV,IA3FoBmvC,EAClBkB,EACA9sC,EAyFEkuC,EAAWvB,EAASjsD,MACxB,GAAIwtD,EACF,OAAOA,EAGT,GAAIxtD,KAAKktD,UACP,OAjGkBhC,EAiGIlrD,KAAKktD,UA/F3B5tC,EAAU6sC,EADVC,EAAS,IAAIG,YAEjBH,EAAOqB,WAAWvC,GACX5rC,EA8FE,GAAItf,KAAKutD,iBACd,OAAO7sD,QAAQC,QA5FrB,SAA+B+rD,GAI7B,IAHA,IAAIC,EAAO,IAAI93C,WAAW63C,GACtBgB,EAAQ,IAAIvqD,MAAMwpD,EAAKnpD,QAElB0S,EAAI,EAAGA,EAAIy2C,EAAKnpD,OAAQ0S,IAC/Bw3C,EAAMx3C,GAAKL,OAAOC,aAAa62C,EAAKz2C,IAEtC,OAAOw3C,EAAMryC,KAAK,GACpB,CAoF6BsyC,CAAsB3tD,KAAKutD,mBAC7C,GAAIvtD,KAAKotD,cACd,MAAM,IAAI36C,MAAM,wCAEhB,OAAO/R,QAAQC,QAAQX,KAAKgtD,UAEhC,EAEIhC,EAAQI,WACVprD,KAAKorD,SAAW,WACd,OAAOprD,KAAK+b,OAAO7a,KAAKupC,EAC1B,GAGFzqC,KAAK8b,KAAO,WACV,OAAO9b,KAAK+b,OAAO7a,KAAKgJ,KAAKC,MAC/B,EAEOnK,IACT,CA3MA+rD,EAAQloD,UAAUwsC,OAAS,SAAS/rC,EAAMiF,GACxCjF,EAAOmnD,EAAcnnD,GACrBiF,EAAQoiD,EAAepiD,GACvB,IAAIqkD,EAAW5tD,KAAKkb,IAAI5W,GACxBtE,KAAKkb,IAAI5W,GAAQspD,EAAWA,EAAW,KAAOrkD,EAAQA,CACxD,EAEAwiD,EAAQloD,UAAkB,OAAI,SAASS,UAC9BtE,KAAKkb,IAAIuwC,EAAcnnD,GAChC,EAEAynD,EAAQloD,UAAUjC,IAAM,SAAS0C,GAE/B,OADAA,EAAOmnD,EAAcnnD,GACdtE,KAAKo8C,IAAI93C,GAAQtE,KAAKkb,IAAI5W,GAAQ,IAC3C,EAEAynD,EAAQloD,UAAUu4C,IAAM,SAAS93C,GAC/B,OAAOtE,KAAKkb,IAAIpX,eAAe2nD,EAAcnnD,GAC/C,EAEAynD,EAAQloD,UAAU4F,IAAM,SAASnF,EAAMiF,GACrCvJ,KAAKkb,IAAIuwC,EAAcnnD,IAASqnD,EAAepiD,EACjD,EAEAwiD,EAAQloD,UAAUiG,QAAU,SAAS+jD,EAAUC,GAC7C,IAAK,IAAIxpD,KAAQtE,KAAKkb,IAChBlb,KAAKkb,IAAIpX,eAAeQ,IAC1BupD,EAAS9pD,KAAK+pD,EAAS9tD,KAAKkb,IAAI5W,GAAOA,EAAMtE,KAGnD,EAEA+rD,EAAQloD,UAAUgG,KAAO,WACvB,IAAIgiD,EAAQ,GAIZ,OAHA7rD,KAAK8J,SAAQ,SAASP,EAAOjF,GAC3BunD,EAAMpoD,KAAKa,EACb,IACOsnD,EAAYC,EACrB,EAEAE,EAAQloD,UAAU2N,OAAS,WACzB,IAAIq6C,EAAQ,GAIZ,OAHA7rD,KAAK8J,SAAQ,SAASP,GACpBsiD,EAAMpoD,KAAK8F,EACb,IACOqiD,EAAYC,EACrB,EAEAE,EAAQloD,UAAUiO,QAAU,WAC1B,IAAI+5C,EAAQ,GAIZ,OAHA7rD,KAAK8J,SAAQ,SAASP,EAAOjF,GAC3BunD,EAAMpoD,KAAK,CAACa,EAAMiF,GACpB,IACOqiD,EAAYC,EACrB,EAEIb,EAAQC,WACVc,EAAQloD,UAAU84C,OAAOD,UAAYqP,EAAQloD,UAAUiO,SAqJzD,IAAI+yC,EAAU,CAAC,SAAU,MAAO,OAAQ,UAAW,OAAQ,OAO3D,SAASkJ,EAAQjsC,EAAO1gB,GAEtB,IAPuB4Z,EACnBgzC,EAMA1iD,GADJlK,EAAUA,GAAW,CAAC,GACHkK,KAEnB,GAAIwW,aAAiBisC,EAAS,CAC5B,GAAIjsC,EAAMoqC,SACR,MAAM,IAAIR,UAAU,gBAEtB1rD,KAAKmB,IAAM2gB,EAAM3gB,IACjBnB,KAAK0b,YAAcoG,EAAMpG,YACpBta,EAAQ0B,UACX9C,KAAK8C,QAAU,IAAIipD,EAAQjqC,EAAMhf,UAEnC9C,KAAKgb,OAAS8G,EAAM9G,OACpBhb,KAAKiuD,KAAOnsC,EAAMmsC,KAClBjuD,KAAK6iD,OAAS/gC,EAAM+gC,OACfv3C,GAA2B,MAAnBwW,EAAMirC,YACjBzhD,EAAOwW,EAAMirC,UACbjrC,EAAMoqC,UAAW,EAErB,MACElsD,KAAKmB,IAAM0U,OAAOiM,GAYpB,GATA9hB,KAAK0b,YAActa,EAAQsa,aAAe1b,KAAK0b,aAAe,eAC1Dta,EAAQ0B,SAAY9C,KAAK8C,UAC3B9C,KAAK8C,QAAU,IAAIipD,EAAQ3qD,EAAQ0B,UAErC9C,KAAKgb,QAhCDgzC,GADmBhzC,EAiCO5Z,EAAQ4Z,QAAUhb,KAAKgb,QAAU,OAhC1Cqa,cACdwvB,EAAQ76C,QAAQgkD,IAAY,EAAIA,EAAUhzC,GAgCjDhb,KAAKiuD,KAAO7sD,EAAQ6sD,MAAQjuD,KAAKiuD,MAAQ,KACzCjuD,KAAK6iD,OAASzhD,EAAQyhD,QAAU7iD,KAAK6iD,OACrC7iD,KAAKkuD,SAAW,MAEK,QAAhBluD,KAAKgb,QAAoC,SAAhBhb,KAAKgb,SAAsB1P,EACvD,MAAM,IAAIogD,UAAU,6CAEtB1rD,KAAK8sD,UAAUxhD,EACjB,CAMA,SAASm/B,EAAOn/B,GACd,IAAIsW,EAAO,IAAIurC,SAYf,OAXA7hD,EACG6iD,OACAh3C,MAAM,KACNrN,SAAQ,SAASskD,GAChB,GAAIA,EAAO,CACT,IAAIj3C,EAAQi3C,EAAMj3C,MAAM,KACpB7S,EAAO6S,EAAMxO,QAAQsB,QAAQ,MAAO,KACpCV,EAAQ4N,EAAMkE,KAAK,KAAKpR,QAAQ,MAAO,KAC3C2X,EAAKyuB,OAAO/6B,mBAAmBhR,GAAOgR,mBAAmB/L,GAC3D,CACF,IACKqY,CACT,CAoBA,SAASysC,EAASC,EAAUltD,GACrBA,IACHA,EAAU,CAAC,GAGbpB,KAAKuF,KAAO,UACZvF,KAAKG,YAA4BD,IAAnBkB,EAAQjB,OAAuB,IAAMiB,EAAQjB,OAC3DH,KAAK4b,GAAK5b,KAAKG,QAAU,KAAOH,KAAKG,OAAS,IAC9CH,KAAKuuD,WAAa,eAAgBntD,EAAUA,EAAQmtD,WAAa,KACjEvuD,KAAK8C,QAAU,IAAIipD,EAAQ3qD,EAAQ0B,SACnC9C,KAAKmB,IAAMC,EAAQD,KAAO,GAC1BnB,KAAK8sD,UAAUwB,EACjB,CAlDAP,EAAQlqD,UAAUlB,MAAQ,WACxB,OAAO,IAAIorD,EAAQ/tD,KAAM,CAACsL,KAAMtL,KAAK+sD,WACvC,EAkCAF,EAAK9oD,KAAKgqD,EAAQlqD,WAgBlBgpD,EAAK9oD,KAAKsqD,EAASxqD,WAEnBwqD,EAASxqD,UAAUlB,MAAQ,WACzB,OAAO,IAAI0rD,EAASruD,KAAK+sD,UAAW,CAClC5sD,OAAQH,KAAKG,OACbouD,WAAYvuD,KAAKuuD,WACjBzrD,QAAS,IAAIipD,EAAQ/rD,KAAK8C,SAC1B3B,IAAKnB,KAAKmB,KAEd,EAEAktD,EAASt/C,MAAQ,WACf,IAAI4M,EAAW,IAAI0yC,EAAS,KAAM,CAACluD,OAAQ,EAAGouD,WAAY,KAE1D,OADA5yC,EAASpW,KAAO,QACToW,CACT,EAEA,IAAI6yC,EAAmB,CAAC,IAAK,IAAK,IAAK,IAAK,KAE5CH,EAASI,SAAW,SAASttD,EAAKhB,GAChC,IAA0C,IAAtCquD,EAAiBxkD,QAAQ7J,GAC3B,MAAM,IAAIuuD,WAAW,uBAGvB,OAAO,IAAIL,EAAS,KAAM,CAACluD,OAAQA,EAAQ2C,QAAS,CAACuR,SAAUlT,IACjE,EAEA48C,EAAQgN,aAAertB,EAAKqtB,aAC5B,IACE,IAAIhN,EAAQgN,YACd,CAAE,MAAOnkD,GACPm3C,EAAQgN,aAAe,SAASpzC,EAASrT,GACvCtE,KAAK2X,QAAUA,EACf3X,KAAKsE,KAAOA,EACZ,IAAIyK,EAAQ0D,MAAMkF,GAClB3X,KAAK2uD,MAAQ5/C,EAAM4/C,KACrB,EACA5Q,EAAQgN,aAAalnD,UAAYzD,OAAOu/B,OAAOltB,MAAM5O,WACrDk6C,EAAQgN,aAAalnD,UAAU+qD,YAAc7Q,EAAQgN,YACvD,CAEA,SAASvvC,EAAMsG,EAAO+sC,GACpB,OAAO,IAAInuD,SAAQ,SAASC,EAASI,GACnC,IAAI6hD,EAAU,IAAImL,EAAQjsC,EAAO+sC,GAEjC,GAAIjM,EAAQC,QAAUD,EAAQC,OAAOiM,QACnC,OAAO/tD,EAAO,IAAIg9C,EAAQgN,aAAa,UAAW,eAGpD,IAAIlkD,EAAM,IAAIkoD,eAEd,SAASC,IACPnoD,EAAIo8C,OACN,CAEAp8C,EAAIwlD,OAAS,WACX,IAxFgB4C,EAChBnsD,EAuFI1B,EAAU,CACZjB,OAAQ0G,EAAI1G,OACZouD,WAAY1nD,EAAI0nD,WAChBzrD,SA3FcmsD,EA2FQpoD,EAAIqoD,yBAA2B,GA1FvDpsD,EAAU,IAAIipD,EAGQkD,EAAWhlD,QAAQ,eAAgB,KACzCkN,MAAM,SAASrN,SAAQ,SAASqlD,GAClD,IAAInU,EAAQmU,EAAKh4C,MAAM,KACnBvT,EAAMo3C,EAAMryC,QAAQwlD,OACxB,GAAIvqD,EAAK,CACP,IAAI2F,EAAQyxC,EAAM3/B,KAAK,KAAK8yC,OAC5BrrD,EAAQutC,OAAOzsC,EAAK2F,EACtB,CACF,IACOzG,IAgFH1B,EAAQD,IAAM,gBAAiB0F,EAAMA,EAAIuoD,YAAchuD,EAAQ0B,QAAQlB,IAAI,iBAC3E,IAAI0J,EAAO,aAAczE,EAAMA,EAAI8U,SAAW9U,EAAIsV,aAClDxb,EAAQ,IAAI0tD,EAAS/iD,EAAMlK,GAC7B,EAEAyF,EAAI+9B,QAAU,WACZ7jC,EAAO,IAAI2qD,UAAU,0BACvB,EAEA7kD,EAAIwoD,UAAY,WACdtuD,EAAO,IAAI2qD,UAAU,0BACvB,EAEA7kD,EAAIyoD,QAAU,WACZvuD,EAAO,IAAIg9C,EAAQgN,aAAa,UAAW,cAC7C,EAEAlkD,EAAI89B,KAAKie,EAAQ5nC,OAAQ4nC,EAAQzhD,KAAK,GAEV,YAAxByhD,EAAQlnC,YACV7U,EAAIxF,iBAAkB,EACW,SAAxBuhD,EAAQlnC,cACjB7U,EAAIxF,iBAAkB,GAGpB,iBAAkBwF,GAAOmkD,EAAQE,OACnCrkD,EAAIuV,aAAe,QAGrBwmC,EAAQ9/C,QAAQgH,SAAQ,SAASP,EAAOjF,GACtCuC,EAAIwW,iBAAiB/Y,EAAMiF,EAC7B,IAEIq5C,EAAQC,SACVD,EAAQC,OAAO1kC,iBAAiB,QAAS6wC,GAEzCnoD,EAAI0oD,mBAAqB,WAEA,IAAnB1oD,EAAI2oD,YACN5M,EAAQC,OAAOhjC,oBAAoB,QAASmvC,EAEhD,GAGFnoD,EAAI4oD,UAAkC,IAAtB7M,EAAQmK,UAA4B,KAAOnK,EAAQmK,UACrE,GACF,CAEAvxC,EAAMk0C,UAAW,EAEZhyB,EAAKliB,QACRkiB,EAAKliB,MAAQA,EACbkiB,EAAKquB,QAAUA,EACfruB,EAAKqwB,QAAUA,EACfrwB,EAAK2wB,SAAWA,GAGlBtQ,EAAQgO,QAAUA,EAClBhO,EAAQgQ,QAAUA,EAClBhQ,EAAQsQ,SAAWA,EACnBtQ,EAAQviC,MAAQA,EAEhBpb,OAAO49C,eAAeD,EAAS,aAAc,CAAEx0C,OAAO,GAIvD,CAhhBgB,CAghBd,CAAC,EACH,CAnhBD,CAmhBGshD,GACHA,EAASrvC,MAAMm0C,UAAW,SAEnB9E,EAASrvC,MAAMk0C,SAGtB,IAAIp3B,EAAMuyB,GACV9M,EAAUzlB,EAAI9c,OACd,QAAkB8c,EAAI9c,MACtBuiC,EAAQviC,MAAQ8c,EAAI9c,MACpBuiC,EAAQgO,QAAUzzB,EAAIyzB,QACtBhO,EAAQgQ,QAAUz1B,EAAIy1B,QACtBhQ,EAAQsQ,SAAW/1B,EAAI+1B,SACvBvQ,EAAOC,QAAUA,mBCtiBgDD,EAAOC,QAOhE,WAAe,aAGrB,SAAS19C,EAAQypB,GACf,IAAK,IAAI5T,EAAI,EAAGA,EAAIpL,UAAUtH,OAAQ0S,IAAK,CACzC,IAAIxJ,EAAS5B,UAAUoL,GACvB,IAAK,IAAItS,KAAO8I,EACdod,EAAOlmB,GAAO8I,EAAO9I,EAEzB,CACA,OAAOkmB,CACT,CA2HA,OArGA,SAAS+kC,EAAMe,EAAWC,GACxB,SAASpmD,EAAK7F,EAAK2F,EAAOumD,GACxB,GAAwB,oBAAbzkD,SAAX,CAMkC,iBAFlCykD,EAAazvD,EAAO,CAAC,EAAGwvD,EAAmBC,IAErBllD,UACpBklD,EAAWllD,QAAU,IAAID,KAAKA,KAAKmC,MAA6B,MAArBgjD,EAAWllD,UAEpDklD,EAAWllD,UACbklD,EAAWllD,QAAUklD,EAAWllD,QAAQuwC,eAG1Cv3C,EAAMwX,mBAAmBxX,GACtBqG,QAAQ,uBAAwBqL,oBAChCrL,QAAQ,QAASsL,QAEpB,IAAIw6C,EAAwB,GAC5B,IAAK,IAAIr8B,KAAiBo8B,EACnBA,EAAWp8B,KAIhBq8B,GAAyB,KAAOr8B,GAEE,IAA9Bo8B,EAAWp8B,KAWfq8B,GAAyB,IAAMD,EAAWp8B,GAAevc,MAAM,KAAK,KAGtE,OAAQ9L,SAAS2kD,OACfpsD,EAAM,IAAMgsD,EAAUK,MAAM1mD,EAAO3F,GAAOmsD,CAtC5C,CAuCF,CA4BA,OAAO3vD,OAAOu/B,OACZ,CACEl2B,IAAKA,EACL7H,IA7BJ,SAAcgC,GACZ,GAAwB,oBAAbyH,YAA6BP,UAAUtH,QAAWI,GAA7D,CAQA,IAFA,IAAIqb,EAAU5T,SAAS2kD,OAAS3kD,SAAS2kD,OAAO74C,MAAM,MAAQ,GAC1D+4C,EAAM,CAAC,EACFh6C,EAAI,EAAGA,EAAI+I,EAAQzb,OAAQ0S,IAAK,CACvC,IAAI8kC,EAAQ/7B,EAAQ/I,GAAGiB,MAAM,KACzB5N,EAAQyxC,EAAMtyC,MAAM,GAAG2S,KAAK,KAEhC,IACE,IAAI80C,EAAW76C,mBAAmB0lC,EAAM,IAGxC,GAFAkV,EAAIC,GAAYP,EAAUQ,KAAK7mD,EAAO4mD,GAElCvsD,IAAQusD,EACV,KAEJ,CAAE,MAAOlrD,GAAI,CACf,CAEA,OAAOrB,EAAMssD,EAAItsD,GAAOssD,CApBxB,CAqBF,EAMInlD,OAAQ,SAAUnH,EAAKksD,GACrBrmD,EACE7F,EACA,GACAvD,EAAO,CAAC,EAAGyvD,EAAY,CACrBllD,SAAU,IAGhB,EACAylD,eAAgB,SAAUP,GACxB,OAAOjB,EAAK7uD,KAAK4vD,UAAWvvD,EAAO,CAAC,EAAGL,KAAK8vD,WAAYA,GAC1D,EACAQ,cAAe,SAAUV,GACvB,OAAOf,EAAKxuD,EAAO,CAAC,EAAGL,KAAK4vD,UAAWA,GAAY5vD,KAAK8vD,WAC1D,GAEF,CACEA,WAAY,CAAEvmD,MAAOnJ,OAAOmwD,OAAOV,IACnCD,UAAW,CAAErmD,MAAOnJ,OAAOmwD,OAAOX,KAGxC,CAEUf,CApHa,CACrBuB,KAAM,SAAU7mD,GAId,MAHiB,MAAbA,EAAM,KACRA,EAAQA,EAAMb,MAAM,GAAI,IAEnBa,EAAMU,QAAQ,mBAAoBqL,mBAC3C,EACA26C,MAAO,SAAU1mD,GACf,OAAO6R,mBAAmB7R,GAAOU,QAC/B,2CACAqL,mBAEJ,GAwG+B,CAAE5K,KAAM,KAK1C,CA/IiF8lD,qBCHlF,SAASC,IAGT,CAEAA,EAAE5sD,UAAY,CACZgK,GAAI,SAAUvJ,EAAMupD,EAAUv1B,GAC5B,IAAIrzB,EAAIjF,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,GAO7B,OALCA,EAAEX,KAAUW,EAAEX,GAAQ,KAAKb,KAAK,CAC/BiC,GAAImoD,EACJv1B,IAAKA,IAGAt4B,IACT,EAEA0wD,KAAM,SAAUpsD,EAAMupD,EAAUv1B,GAC9B,IAAIoF,EAAO19B,KACX,SAASmL,IACPuyB,EAAK3tB,IAAIzL,EAAM6G,GACf0iD,EAASj3C,MAAM0hB,EAAKxtB,UACtB,CAGA,OADAK,EAASoE,EAAIs+C,EACN7tD,KAAK6N,GAAGvJ,EAAM6G,EAAUmtB,EACjC,EAEAtpB,KAAM,SAAU1K,GAMd,IALA,IAAIrE,EAAO,GAAGyI,MAAM3E,KAAK+G,UAAW,GAChC6lD,IAAW3wD,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,IAAIX,IAAS,IAAIoE,QACjDwN,EAAI,EACJ06C,EAAMD,EAAOntD,OAET0S,EAAI06C,EAAK16C,IACfy6C,EAAOz6C,GAAGxQ,GAAGkR,MAAM+5C,EAAOz6C,GAAGoiB,IAAKr4B,GAGpC,OAAOD,IACT,EAEA+P,IAAK,SAAUzL,EAAMupD,GACnB,IAAI5oD,EAAIjF,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,GACzB4rD,EAAO5rD,EAAEX,GACTwsD,EAAa,GAEjB,GAAID,GAAQhD,EACV,IAAK,IAAI33C,EAAI,EAAG06C,EAAMC,EAAKrtD,OAAQ0S,EAAI06C,EAAK16C,IACtC26C,EAAK36C,GAAGxQ,KAAOmoD,GAAYgD,EAAK36C,GAAGxQ,GAAG6J,IAAMs+C,GAC9CiD,EAAWrtD,KAAKotD,EAAK36C,IAY3B,OAJC46C,EAAiB,OACd7rD,EAAEX,GAAQwsD,SACH7rD,EAAEX,GAENtE,IACT,GAGF89C,EAAOC,QAAU0S,sKCzDjB,IACIM,EAD0F,qBAAjF3wD,OAAOyD,UAAUsgC,SAASpgC,KAAwB,oBAAZ6Y,QAA0BA,QAAU,GCRhF,SAAiBlX,GACtBkX,QAAQ/O,GAAG,QAAQ,WACjB,OAAOnI,GACT,IAQAkX,QAAQ/O,GAAG,cAAc,WACvB,OAAOnI,IAAKxE,MAAK,WACf,OAAO0b,QAAQo0C,MACjB,GACF,IAEAp0C,QAAQ/O,GAAG,UAAU,WACnB,OAAOnI,IAAKxE,MAAK,WACf,OAAO0b,QAAQo0C,MACjB,GACF,IAEAp0C,QAAQ/O,GAAG,qBAAqB,SAAUjH,GACxC,OAAOlB,IAAKxE,MAAK,WACfk5C,QAAQ6W,MAAMrqD,GACdgW,QAAQo0C,KAAK,IACf,GACF,GACF,EC3BO,SAAoBtrD,GACzB,GAAiC,mBAAtBwrD,mBAAoCxzB,gBAAgBwzB,kBAAmB,CAOhF,IAAIC,EAAWzzB,KAAKjpB,MAAM3S,KAAK47B,MAC/BA,KAAKjpB,MAAQ,WAEX,OADA/O,IACOyrD,GACT,CACF,KAAO,CAKL,GAAuC,mBAA5BroD,OAAOqV,iBAChB,OAMFrV,OAAOqV,iBAAiB,gBAAgB,WACtCzY,GACF,IAAG,GAMHoD,OAAOqV,iBAAiB,UAAU,WAChCzY,GACF,IAAG,EACL,CAMF,EFlCI0rD,EAAY,IAAIzS,IAChB0S,GAAmB,EAQhB,SAASvS,EAAIp5C,GAElB,GARI2rD,IAGJA,GAAmB,EACnBN,EAAWO,IAIO,mBAAP5rD,EACT,MAAM,IAAI+M,MAAM,2BAYlB,OAVA2+C,EAAUtS,IAAIp5C,GACE,CACdqF,OAAQ,WACN,OAAOqmD,EAAkB,OAAE1rD,EAC7B,EACA0b,IAAK,WAEH,OADAgwC,EAAkB,OAAE1rD,GACbA,GACT,EAGJ,CACO,SAAS4rD,IACd,IAAIC,EAAW,GAKf,OAJAH,EAAUtnD,SAAQ,SAAUpE,GAC1B6rD,EAAS9tD,KAAKiC,KACd0rD,EAAkB,OAAE1rD,EACtB,IACOhF,QAAQggD,IAAI6Q,EACrB,CACO,SAASC,IACdJ,EAAUx7B,OACZ,CACO,SAAS67B,IACd,OAAOL,EAAUM,IACnB,oBG5CA5T,EAAOC,QALP,SAA2B7oB,EAAGogB,IAC3B,MAAQA,GAAKA,EAAIpgB,EAAE1xB,UAAY8xC,EAAIpgB,EAAE1xB,QACtC,IAAK,IAAIyB,EAAI,EAAGghC,EAAI9iC,MAAMmyC,GAAIrwC,EAAIqwC,EAAGrwC,IAAKghC,EAAEhhC,GAAKiwB,EAAEjwB,GACnD,OAAOghC,CACT,EACoC6X,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCFzGD,EAAOC,QAHP,SAAyB7oB,GACvB,GAAI/xB,MAAMC,QAAQ8xB,GAAI,OAAOA,CAC/B,EACkC4oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCHvG,IAAI6T,EAAmB,EAAQ,MAI/B9T,EAAOC,QAHP,SAA4B7oB,GAC1B,GAAI/xB,MAAMC,QAAQ8xB,GAAI,OAAO08B,EAAiB18B,EAChD,EACqC4oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCA1GD,EAAOC,QAJP,SAAgC94C,GAC9B,QAAI,IAAWA,EAAG,MAAM,IAAI4sD,eAAe,6DAC3C,OAAO5sD,CACT,EACyC64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCJ9G,SAAS+T,EAAmB7rB,EAAG8rB,EAAG9sD,EAAGiwB,EAAG5xB,EAAGgyC,EAAGtgC,GAC5C,IACE,IAAIkB,EAAI+vB,EAAEqP,GAAGtgC,GACXg9C,EAAI97C,EAAE3M,KACV,CAAE,MAAO08B,GACP,YAAYhhC,EAAEghC,EAChB,CACA/vB,EAAE41C,KAAOiG,EAAEC,GAAKtxD,QAAQC,QAAQqxD,GAAG9wD,KAAKg0B,EAAG5xB,EAC7C,CAiBAw6C,EAAOC,QAhBP,SAA2B9X,GACzB,OAAO,WACL,IAAI8rB,EAAI/xD,KACNiF,EAAI6F,UACN,OAAO,IAAIpK,SAAQ,SAAUw0B,EAAG5xB,GAC9B,IAAIgyC,EAAIrP,EAAErvB,MAAMm7C,EAAG9sD,GACnB,SAASgtD,EAAMhsB,GACb6rB,EAAmBxc,EAAGpgB,EAAG5xB,EAAG2uD,EAAOC,EAAQ,OAAQjsB,EACrD,CACA,SAASisB,EAAOjsB,GACd6rB,EAAmBxc,EAAGpgB,EAAG5xB,EAAG2uD,EAAOC,EAAQ,QAASjsB,EACtD,CACAgsB,OAAM,EACR,GACF,CACF,EACoCnU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCtBzGD,EAAOC,QAHP,SAAyBzI,EAAGrP,GAC1B,KAAMqP,aAAarP,GAAI,MAAM,IAAIylB,UAAU,oCAC7C,EACkC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCHvG,IAAIoU,EAA2B,EAAQ,MACnCj6C,EAAiB,EAAQ,MAQ7B4lC,EAAOC,QAPP,SAAoBgU,EAAG9sD,EAAGiwB,GACxB,GAAIi9B,IAA4B,OAAOC,QAAQC,UAAUz7C,MAAM,KAAM9L,WACrE,IAAIxH,EAAI,CAAC,MACTA,EAAEG,KAAKmT,MAAMtT,EAAG2B,GAChB,IAAI82C,EAAI,IAAKgW,EAAEjwD,KAAK8U,MAAMm7C,EAAGzuD,IAC7B,OAAO4xB,GAAKhd,EAAe6jC,EAAG7mB,EAAErxB,WAAYk4C,CAC9C,EAC6B+B,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTlG,IAAIuU,EAAgB,EAAQ,MAC5B,SAASC,EAAkBttD,EAAGiwB,GAC5B,IAAK,IAAI68B,EAAI,EAAGA,EAAI78B,EAAE1xB,OAAQuuD,IAAK,CACjC,IAAIzuD,EAAI4xB,EAAE68B,GACVzuD,EAAEw9C,WAAax9C,EAAEw9C,aAAc,EAAIx9C,EAAEkvD,cAAe,EAAI,UAAWlvD,IAAMA,EAAEmvD,UAAW,GAAKryD,OAAO49C,eAAe/4C,EAAGqtD,EAAchvD,EAAEM,KAAMN,EAC5I,CACF,CAMAw6C,EAAOC,QALP,SAAsB94C,EAAGiwB,EAAG68B,GAC1B,OAAO78B,GAAKq9B,EAAkBttD,EAAEpB,UAAWqxB,GAAI68B,GAAKQ,EAAkBttD,EAAG8sD,GAAI3xD,OAAO49C,eAAe/4C,EAAG,YAAa,CACjHwtD,UAAU,IACRxtD,CACN,EAC+B64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCZpG,IAAIuU,EAAgB,EAAQ,MAS5BxU,EAAOC,QARP,SAAyB94C,EAAGiwB,EAAG68B,GAC7B,OAAQ78B,EAAIo9B,EAAcp9B,MAAOjwB,EAAI7E,OAAO49C,eAAe/4C,EAAGiwB,EAAG,CAC/D3rB,MAAOwoD,EACPjR,YAAY,EACZ0R,cAAc,EACdC,UAAU,IACPxtD,EAAEiwB,GAAK68B,EAAG9sD,CACjB,EACkC64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTvG,IAAI2U,EAAgB,EAAQ,MAC5B,SAASC,IACP,OAAO7U,EAAOC,QAAU4U,EAAO,oBAAsBP,SAAWA,QAAQxwD,IAAMwwD,QAAQxwD,IAAIE,OAAS,SAAUmD,EAAG8sD,EAAG78B,GACjH,IAAI6mB,EAAI2W,EAAcztD,EAAG8sD,GACzB,GAAIhW,EAAG,CACL,IAAI9V,EAAI7lC,OAAOwyD,yBAAyB7W,EAAGgW,GAC3C,OAAO9rB,EAAErkC,IAAMqkC,EAAErkC,IAAImC,KAAK+G,UAAUtH,OAAS,EAAIyB,EAAIiwB,GAAK+Q,EAAE18B,KAC9D,CACF,EAAGu0C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS4U,EAAK/7C,MAAM,KAAM9L,UACpG,CACAgzC,EAAOC,QAAU4U,EAAM7U,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCV5F,SAAS8U,EAAgBd,GACvB,OAAOjU,EAAOC,QAAU8U,EAAkBzyD,OAAO8X,eAAiB9X,OAAO0yD,eAAehxD,OAAS,SAAUiwD,GACzG,OAAOA,EAAEgB,WAAa3yD,OAAO0yD,eAAef,EAC9C,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS8U,EAAgBd,EACnG,CACAjU,EAAOC,QAAU8U,EAAiB/U,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCLvG,IAAI7lC,EAAiB,EAAQ,MAa7B4lC,EAAOC,QAZP,SAAmBgU,EAAG9sD,GACpB,GAAI,mBAAqBA,GAAK,OAASA,EAAG,MAAM,IAAIymD,UAAU,sDAC9DqG,EAAEluD,UAAYzD,OAAOu/B,OAAO16B,GAAKA,EAAEpB,UAAW,CAC5C+qD,YAAa,CACXrlD,MAAOwoD,EACPU,UAAU,EACVD,cAAc,KAEdpyD,OAAO49C,eAAe+T,EAAG,YAAa,CACxCU,UAAU,IACRxtD,GAAKiT,EAAe65C,EAAG9sD,EAC7B,EAC4B64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCRjGD,EAAOC,QALP,SAAgC94C,GAC9B,OAAOA,GAAKA,EAAE0sD,WAAa1sD,EAAI,CAC7B,QAAWA,EAEf,EACyC64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCE9GD,EAAOC,QAPP,SAA2BgU,GACzB,IACE,OAAQ,IAAMiB,SAAS7uB,SAASpgC,KAAKguD,GAAG/nD,QAAQ,gBAClD,CAAE,MAAOi8B,GACP,MAAO,mBAAqB8rB,CAC9B,CACF,EACoCjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCPzG,SAASkV,IACP,IACE,IAAIlB,GAAKl+B,QAAQhwB,UAAUqvD,QAAQnvD,KAAKquD,QAAQC,UAAUx+B,QAAS,IAAI,WAAa,IACtF,CAAE,MAAOk+B,GAAI,CACb,OAAQjU,EAAOC,QAAUkV,EAA4B,WACnD,QAASlB,CACX,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,UAC1E,CACAD,EAAOC,QAAUkV,EAA2BnV,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCLjHD,EAAOC,QAHP,SAA0B7oB,GACxB,GAAI,oBAAsBynB,QAAU,MAAQznB,EAAEynB,OAAOD,WAAa,MAAQxnB,EAAE,cAAe,OAAO/xB,MAAM2R,KAAKogB,EAC/G,EACmC4oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCwBxGD,EAAOC,QA3BP,SAA+B7oB,EAAGi+B,GAChC,IAAIpB,EAAI,MAAQ78B,EAAI,KAAO,oBAAsBynB,QAAUznB,EAAEynB,OAAOD,WAAaxnB,EAAE,cACnF,GAAI,MAAQ68B,EAAG,CACb,IAAI9sD,EACFghC,EACA/vB,EACA87C,EACA1c,EAAI,GACJ8d,GAAI,EACJ9vD,GAAI,EACN,IACE,GAAI4S,GAAK67C,EAAIA,EAAEhuD,KAAKmxB,IAAI0nB,KAAM,IAAMuW,EAAG,CACrC,GAAI/yD,OAAO2xD,KAAOA,EAAG,OACrBqB,GAAI,CACN,MAAO,OAASA,GAAKnuD,EAAIiR,EAAEnS,KAAKguD,IAAIjG,QAAUxW,EAAE7xC,KAAKwB,EAAEsE,OAAQ+rC,EAAE9xC,SAAW2vD,GAAIC,GAAI,GACtF,CAAE,MAAOl+B,GACP5xB,GAAI,EAAI2iC,EAAI/Q,CACd,CAAE,QACA,IACE,IAAKk+B,GAAK,MAAQrB,EAAU,SAAMC,EAAID,EAAU,SAAK3xD,OAAO4xD,KAAOA,GAAI,MACzE,CAAE,QACA,GAAI1uD,EAAG,MAAM2iC,CACf,CACF,CACA,OAAOqP,CACT,CACF,EACwCwI,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCxB7GD,EAAOC,QAHP,WACE,MAAM,IAAI2N,UAAU,4IACtB,EACmC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCAxGD,EAAOC,QAHP,WACE,MAAM,IAAI2N,UAAU,uIACtB,EACqC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,6BCH1G,IAAIsV,EAA+B,EAAQ,MAY3CvV,EAAOC,QAXP,SAAkC94C,EAAG8sD,GACnC,GAAI,MAAQ9sD,EAAG,MAAO,CAAC,EACvB,IAAI3B,EACF4xB,EACAhf,EAAIm9C,EAA6BpuD,EAAG8sD,GACtC,GAAI3xD,OAAOkzD,sBAAuB,CAChC,IAAIrtB,EAAI7lC,OAAOkzD,sBAAsBruD,GACrC,IAAKiwB,EAAI,EAAGA,EAAI+Q,EAAEziC,OAAQ0xB,IAAK5xB,EAAI2iC,EAAE/Q,IAAK,IAAM68B,EAAE/nD,QAAQ1G,IAAM,CAAC,EAAEiwD,qBAAqBxvD,KAAKkB,EAAG3B,KAAO4S,EAAE5S,GAAK2B,EAAE3B,GAClH,CACA,OAAO4S,CACT,EAC2C4nC,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCHhHD,EAAOC,QATP,SAAuC7oB,EAAGjwB,GACxC,GAAI,MAAQiwB,EAAG,MAAO,CAAC,EACvB,IAAI68B,EAAI,CAAC,EACT,IAAK,IAAI9rB,KAAK/Q,EAAG,GAAI,CAAC,EAAEpxB,eAAeC,KAAKmxB,EAAG+Q,GAAI,CACjD,IAAK,IAAMhhC,EAAE+E,QAAQi8B,GAAI,SACzB8rB,EAAE9rB,GAAK/Q,EAAE+Q,EACX,CACA,OAAO8rB,CACT,EACgDjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTrH,IAAIyV,EAAU,gBACVC,EAAwB,EAAQ,MAMpC3V,EAAOC,QALP,SAAoCgU,EAAG9sD,GACrC,GAAIA,IAAM,UAAYuuD,EAAQvuD,IAAM,mBAAqBA,GAAI,OAAOA,EACpE,QAAI,IAAWA,EAAG,MAAM,IAAIymD,UAAU,4DACtC,OAAO+H,EAAsB1B,EAC/B,EAC6CjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCPlH,IAAIyV,EAAU,gBACd,SAASE,IACP,aACA5V,EAAOC,QAAU2V,EAAsB,WACrC,OAAOzuD,CACT,EAAG64C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QACxE,IAAIgU,EACF9sD,EAAI,CAAC,EACLiwB,EAAI90B,OAAOyD,UACXoiC,EAAI/Q,EAAEpxB,eACNR,EAAIlD,OAAO49C,gBAAkB,SAAU+T,EAAG9sD,EAAGiwB,GAC3C68B,EAAE9sD,GAAKiwB,EAAE3rB,KACX,EACA2M,EAAI,mBAAqBymC,OAASA,OAAS,CAAC,EAC5CrH,EAAIp/B,EAAEwmC,UAAY,aAClB1nC,EAAIkB,EAAEy9C,eAAiB,kBACvB3B,EAAI97C,EAAE09C,aAAe,gBACvB,SAASC,EAAO9B,EAAG9sD,EAAGiwB,GACpB,OAAO90B,OAAO49C,eAAe+T,EAAG9sD,EAAG,CACjCsE,MAAO2rB,EACP4rB,YAAY,EACZ0R,cAAc,EACdC,UAAU,IACRV,EAAE9sD,EACR,CACA,IACE4uD,EAAO,CAAC,EAAG,GACb,CAAE,MAAO9B,GACP8B,EAAS,SAAgB9B,EAAG9sD,EAAGiwB,GAC7B,OAAO68B,EAAE9sD,GAAKiwB,CAChB,CACF,CACA,SAAS4+B,EAAK/B,EAAG9sD,EAAGiwB,EAAG+Q,GACrB,IAAI/vB,EAAIjR,GAAKA,EAAEpB,qBAAqBkwD,EAAY9uD,EAAI8uD,EAClDze,EAAIl1C,OAAOu/B,OAAOzpB,EAAErS,WACpBmR,EAAI,IAAIg/C,EAAQ/tB,GAAK,IACvB,OAAO3iC,EAAEgyC,EAAG,UAAW,CACrB/rC,MAAO0qD,EAAiBlC,EAAG78B,EAAGlgB,KAC5BsgC,CACN,CACA,SAAS4e,EAASnC,EAAG9sD,EAAGiwB,GACtB,IACE,MAAO,CACL3vB,KAAM,SACN4uD,IAAKpC,EAAEhuD,KAAKkB,EAAGiwB,GAEnB,CAAE,MAAO68B,GACP,MAAO,CACLxsD,KAAM,QACN4uD,IAAKpC,EAET,CACF,CACA9sD,EAAE6uD,KAAOA,EACT,IAAIM,EAAI,iBACNjB,EAAI,iBACJC,EAAI,YACJz9C,EAAI,YACJwwB,EAAI,CAAC,EACP,SAAS4tB,IAAa,CACtB,SAASM,IAAqB,CAC9B,SAASC,IAA8B,CACvC,IAAIvY,EAAI,CAAC,EACT8X,EAAO9X,EAAGzG,GAAG,WACX,OAAOt1C,IACT,IACA,IAAIu0D,EAAIn0D,OAAO0yD,eACb5uB,EAAIqwB,GAAKA,EAAEA,EAAE/iD,EAAO,MACtB0yB,GAAKA,IAAMhP,GAAK+Q,EAAEliC,KAAKmgC,EAAGoR,KAAOyG,EAAI7X,GACrC,IAAIswB,EAAIF,EAA2BzwD,UAAYkwD,EAAUlwD,UAAYzD,OAAOu/B,OAAOoc,GACnF,SAAS0Y,EAAsB1C,GAC7B,CAAC,OAAQ,QAAS,UAAUjoD,SAAQ,SAAU7E,GAC5C4uD,EAAO9B,EAAG9sD,GAAG,SAAU8sD,GACrB,OAAO/xD,KAAK00D,QAAQzvD,EAAG8sD,EACzB,GACF,GACF,CACA,SAAS4C,EAAc5C,EAAG9sD,GACxB,SAAS2vD,EAAO1/B,EAAG5xB,EAAG4S,EAAGo/B,GACvB,IAAItgC,EAAIk/C,EAASnC,EAAE78B,GAAI68B,EAAGzuD,GAC1B,GAAI,UAAY0R,EAAEzP,KAAM,CACtB,IAAIysD,EAAIh9C,EAAEm/C,IACRC,EAAIpC,EAAEzoD,MACR,OAAO6qD,GAAK,UAAYZ,EAAQY,IAAMnuB,EAAEliC,KAAKqwD,EAAG,WAAanvD,EAAEtE,QAAQyzD,EAAES,SAAS3zD,MAAK,SAAU6wD,GAC/F6C,EAAO,OAAQ7C,EAAG77C,EAAGo/B,EACvB,IAAG,SAAUyc,GACX6C,EAAO,QAAS7C,EAAG77C,EAAGo/B,EACxB,IAAKrwC,EAAEtE,QAAQyzD,GAAGlzD,MAAK,SAAU6wD,GAC/BC,EAAEzoD,MAAQwoD,EAAG77C,EAAE87C,EACjB,IAAG,SAAUD,GACX,OAAO6C,EAAO,QAAS7C,EAAG77C,EAAGo/B,EAC/B,GACF,CACAA,EAAEtgC,EAAEm/C,IACN,CACA,IAAIj/B,EACJ5xB,EAAEtD,KAAM,UAAW,CACjBuJ,MAAO,SAAewoD,EAAG9rB,GACvB,SAAS6uB,IACP,OAAO,IAAI7vD,GAAE,SAAUA,EAAGiwB,GACxB0/B,EAAO7C,EAAG9rB,EAAGhhC,EAAGiwB,EAClB,GACF,CACA,OAAOA,EAAIA,EAAIA,EAAEh0B,KAAK4zD,EAA4BA,GAA8BA,GAClF,GAEJ,CACA,SAASb,EAAiBhvD,EAAGiwB,EAAG+Q,GAC9B,IAAI3iC,EAAI8wD,EACR,OAAO,SAAUl+C,EAAGo/B,GAClB,GAAIhyC,IAAM8vD,EAAG,MAAM3gD,MAAM,gCACzB,GAAInP,IAAMqS,EAAG,CACX,GAAI,UAAYO,EAAG,MAAMo/B,EACzB,MAAO,CACL/rC,MAAOwoD,EACPjG,MAAM,EAEV,CACA,IAAK7lB,EAAEjrB,OAAS9E,EAAG+vB,EAAEkuB,IAAM7e,IAAK,CAC9B,IAAItgC,EAAIixB,EAAE8uB,SACV,GAAI//C,EAAG,CACL,IAAIg9C,EAAIgD,EAAoBhgD,EAAGixB,GAC/B,GAAI+rB,EAAG,CACL,GAAIA,IAAM7rB,EAAG,SACb,OAAO6rB,CACT,CACF,CACA,GAAI,SAAW/rB,EAAEjrB,OAAQirB,EAAEgvB,KAAOhvB,EAAEivB,MAAQjvB,EAAEkuB,SAAS,GAAI,UAAYluB,EAAEjrB,OAAQ,CAC/E,GAAI1X,IAAM8wD,EAAG,MAAM9wD,EAAIqS,EAAGswB,EAAEkuB,IAC5BluB,EAAEkvB,kBAAkBlvB,EAAEkuB,IACxB,KAAO,WAAaluB,EAAEjrB,QAAUirB,EAAEmvB,OAAO,SAAUnvB,EAAEkuB,KACrD7wD,EAAI8vD,EACJ,IAAIrX,EAAImY,EAASjvD,EAAGiwB,EAAG+Q,GACvB,GAAI,WAAa8V,EAAEx2C,KAAM,CACvB,GAAIjC,EAAI2iC,EAAE6lB,KAAOn2C,EAAIw9C,EAAGpX,EAAEoY,MAAQhuB,EAAG,SACrC,MAAO,CACL58B,MAAOwyC,EAAEoY,IACTrI,KAAM7lB,EAAE6lB,KAEZ,CACA,UAAY/P,EAAEx2C,OAASjC,EAAIqS,EAAGswB,EAAEjrB,OAAS,QAASirB,EAAEkuB,IAAMpY,EAAEoY,IAC9D,CACF,CACF,CACA,SAASa,EAAoB/vD,EAAGiwB,GAC9B,IAAI+Q,EAAI/Q,EAAEla,OACR1X,EAAI2B,EAAEy3C,SAASzW,GACjB,GAAI3iC,IAAMyuD,EAAG,OAAO78B,EAAE6/B,SAAW,KAAM,UAAY9uB,GAAKhhC,EAAEy3C,SAAiB,SAAMxnB,EAAEla,OAAS,SAAUka,EAAEi/B,IAAMpC,EAAGiD,EAAoB/vD,EAAGiwB,GAAI,UAAYA,EAAEla,SAAW,WAAairB,IAAM/Q,EAAEla,OAAS,QAASka,EAAEi/B,IAAM,IAAIzI,UAAU,oCAAsCzlB,EAAI,aAAcE,EAC1R,IAAIjwB,EAAIg+C,EAAS5wD,EAAG2B,EAAEy3C,SAAUxnB,EAAEi/B,KAClC,GAAI,UAAYj+C,EAAE3Q,KAAM,OAAO2vB,EAAEla,OAAS,QAASka,EAAEi/B,IAAMj+C,EAAEi+C,IAAKj/B,EAAE6/B,SAAW,KAAM5uB,EACrF,IAAImP,EAAIp/B,EAAEi+C,IACV,OAAO7e,EAAIA,EAAEwW,MAAQ52B,EAAEjwB,EAAEowD,YAAc/f,EAAE/rC,MAAO2rB,EAAE0nB,KAAO33C,EAAEqwD,QAAS,WAAapgC,EAAEla,SAAWka,EAAEla,OAAS,OAAQka,EAAEi/B,IAAMpC,GAAI78B,EAAE6/B,SAAW,KAAM5uB,GAAKmP,GAAKpgB,EAAEla,OAAS,QAASka,EAAEi/B,IAAM,IAAIzI,UAAU,oCAAqCx2B,EAAE6/B,SAAW,KAAM5uB,EAC9P,CACA,SAASovB,EAAaxD,GACpB,IAAI9sD,EAAI,CACNuwD,OAAQzD,EAAE,IAEZ,KAAKA,IAAM9sD,EAAEwwD,SAAW1D,EAAE,IAAK,KAAKA,IAAM9sD,EAAEywD,WAAa3D,EAAE,GAAI9sD,EAAE0wD,SAAW5D,EAAE,IAAK/xD,KAAK41D,WAAWnyD,KAAKwB,EAC1G,CACA,SAAS4wD,EAAc9D,GACrB,IAAI9sD,EAAI8sD,EAAE+D,YAAc,CAAC,EACzB7wD,EAAEM,KAAO,gBAAiBN,EAAEkvD,IAAKpC,EAAE+D,WAAa7wD,CAClD,CACA,SAAS+uD,EAAQjC,GACf/xD,KAAK41D,WAAa,CAAC,CACjBJ,OAAQ,SACNzD,EAAEjoD,QAAQyrD,EAAcv1D,MAAOA,KAAK+1D,OAAM,EAChD,CACA,SAASvkD,EAAOvM,GACd,GAAIA,GAAK,KAAOA,EAAG,CACjB,IAAIiwB,EAAIjwB,EAAEqwC,GACV,GAAIpgB,EAAG,OAAOA,EAAEnxB,KAAKkB,GACrB,GAAI,mBAAqBA,EAAE23C,KAAM,OAAO33C,EACxC,IAAK+wD,MAAM/wD,EAAEzB,QAAS,CACpB,IAAIF,GAAK,EACP4S,EAAI,SAAS0mC,IACX,OAASt5C,EAAI2B,EAAEzB,QAAS,GAAIyiC,EAAEliC,KAAKkB,EAAG3B,GAAI,OAAOs5C,EAAKrzC,MAAQtE,EAAE3B,GAAIs5C,EAAKkP,MAAO,EAAIlP,EACpF,OAAOA,EAAKrzC,MAAQwoD,EAAGnV,EAAKkP,MAAO,EAAIlP,CACzC,EACF,OAAO1mC,EAAE0mC,KAAO1mC,CAClB,CACF,CACA,MAAM,IAAIw1C,UAAU8H,EAAQvuD,GAAK,mBACnC,CACA,OAAOovD,EAAkBxwD,UAAYywD,EAA4BhxD,EAAEkxD,EAAG,cAAe,CACnFjrD,MAAO+qD,EACP9B,cAAc,IACZlvD,EAAEgxD,EAA4B,cAAe,CAC/C/qD,MAAO8qD,EACP7B,cAAc,IACZ6B,EAAkB15B,YAAck5B,EAAOS,EAA4BtC,EAAG,qBAAsB/sD,EAAEgxD,oBAAsB,SAAUlE,GAChI,IAAI9sD,EAAI,mBAAqB8sD,GAAKA,EAAEnD,YACpC,QAAS3pD,IAAMA,IAAMovD,GAAqB,uBAAyBpvD,EAAE01B,aAAe11B,EAAEX,MACxF,EAAGW,EAAEixD,KAAO,SAAUnE,GACpB,OAAO3xD,OAAO8X,eAAiB9X,OAAO8X,eAAe65C,EAAGuC,IAA+BvC,EAAEgB,UAAYuB,EAA4BT,EAAO9B,EAAGC,EAAG,sBAAuBD,EAAEluD,UAAYzD,OAAOu/B,OAAO60B,GAAIzC,CACvM,EAAG9sD,EAAEkxD,MAAQ,SAAUpE,GACrB,MAAO,CACL8C,QAAS9C,EAEb,EAAG0C,EAAsBE,EAAc9wD,WAAYgwD,EAAOc,EAAc9wD,UAAWmR,GAAG,WACpF,OAAOhV,IACT,IAAIiF,EAAE0vD,cAAgBA,EAAe1vD,EAAEmxD,MAAQ,SAAUrE,EAAG78B,EAAG+Q,EAAG3iC,EAAG4S,QACnE,IAAWA,IAAMA,EAAIxV,SACrB,IAAI40C,EAAI,IAAIqf,EAAcb,EAAK/B,EAAG78B,EAAG+Q,EAAG3iC,GAAI4S,GAC5C,OAAOjR,EAAEgxD,oBAAoB/gC,GAAKogB,EAAIA,EAAEsH,OAAO17C,MAAK,SAAU6wD,GAC5D,OAAOA,EAAEjG,KAAOiG,EAAExoD,MAAQ+rC,EAAEsH,MAC9B,GACF,EAAG6X,EAAsBD,GAAIX,EAAOW,EAAGxC,EAAG,aAAc6B,EAAOW,EAAGlf,GAAG,WACnE,OAAOt1C,IACT,IAAI6zD,EAAOW,EAAG,YAAY,WACxB,MAAO,oBACT,IAAIvvD,EAAE4E,KAAO,SAAUkoD,GACrB,IAAI9sD,EAAI7E,OAAO2xD,GACb78B,EAAI,GACN,IAAK,IAAI+Q,KAAKhhC,EAAGiwB,EAAEzxB,KAAKwiC,GACxB,OAAO/Q,EAAEmhC,UAAW,SAASzZ,IAC3B,KAAO1nB,EAAE1xB,QAAS,CAChB,IAAIuuD,EAAI78B,EAAE0lB,MACV,GAAImX,KAAK9sD,EAAG,OAAO23C,EAAKrzC,MAAQwoD,EAAGnV,EAAKkP,MAAO,EAAIlP,CACrD,CACA,OAAOA,EAAKkP,MAAO,EAAIlP,CACzB,CACF,EAAG33C,EAAEuM,OAASA,EAAQwiD,EAAQnwD,UAAY,CACxC+qD,YAAaoF,EACb+B,MAAO,SAAe9wD,GACpB,GAAIjF,KAAKs2D,KAAO,EAAGt2D,KAAK48C,KAAO,EAAG58C,KAAKi1D,KAAOj1D,KAAKk1D,MAAQnD,EAAG/xD,KAAK8rD,MAAO,EAAI9rD,KAAK+0D,SAAW,KAAM/0D,KAAKgb,OAAS,OAAQhb,KAAKm0D,IAAMpC,EAAG/xD,KAAK41D,WAAW9rD,QAAQ+rD,IAAiB5wD,EAAG,IAAK,IAAIiwB,KAAKl1B,KAAM,MAAQk1B,EAAEE,OAAO,IAAM6Q,EAAEliC,KAAK/D,KAAMk1B,KAAO8gC,OAAO9gC,EAAExsB,MAAM,MAAQ1I,KAAKk1B,GAAK68B,EACtR,EACA9/C,KAAM,WACJjS,KAAK8rD,MAAO,EACZ,IAAIiG,EAAI/xD,KAAK41D,WAAW,GAAGE,WAC3B,GAAI,UAAY/D,EAAExsD,KAAM,MAAMwsD,EAAEoC,IAChC,OAAOn0D,KAAKu2D,IACd,EACApB,kBAAmB,SAA2BlwD,GAC5C,GAAIjF,KAAK8rD,KAAM,MAAM7mD,EACrB,IAAIiwB,EAAIl1B,KACR,SAASw2D,EAAOvwB,EAAG3iC,GACjB,OAAOgyC,EAAE/vC,KAAO,QAAS+vC,EAAE6e,IAAMlvD,EAAGiwB,EAAE0nB,KAAO3W,EAAG3iC,IAAM4xB,EAAEla,OAAS,OAAQka,EAAEi/B,IAAMpC,KAAMzuD,CACzF,CACA,IAAK,IAAIA,EAAItD,KAAK41D,WAAWpyD,OAAS,EAAGF,GAAK,IAAKA,EAAG,CACpD,IAAI4S,EAAIlW,KAAK41D,WAAWtyD,GACtBgyC,EAAIp/B,EAAE4/C,WACR,GAAI,SAAW5/C,EAAEs/C,OAAQ,OAAOgB,EAAO,OACvC,GAAItgD,EAAEs/C,QAAUx1D,KAAKs2D,KAAM,CACzB,IAAIthD,EAAIixB,EAAEliC,KAAKmS,EAAG,YAChB87C,EAAI/rB,EAAEliC,KAAKmS,EAAG,cAChB,GAAIlB,GAAKg9C,EAAG,CACV,GAAIhyD,KAAKs2D,KAAOpgD,EAAEu/C,SAAU,OAAOe,EAAOtgD,EAAEu/C,UAAU,GACtD,GAAIz1D,KAAKs2D,KAAOpgD,EAAEw/C,WAAY,OAAOc,EAAOtgD,EAAEw/C,WAChD,MAAO,GAAI1gD,GACT,GAAIhV,KAAKs2D,KAAOpgD,EAAEu/C,SAAU,OAAOe,EAAOtgD,EAAEu/C,UAAU,OACjD,CACL,IAAKzD,EAAG,MAAMv/C,MAAM,0CACpB,GAAIzS,KAAKs2D,KAAOpgD,EAAEw/C,WAAY,OAAOc,EAAOtgD,EAAEw/C,WAChD,CACF,CACF,CACF,EACAN,OAAQ,SAAgBrD,EAAG9sD,GACzB,IAAK,IAAIiwB,EAAIl1B,KAAK41D,WAAWpyD,OAAS,EAAG0xB,GAAK,IAAKA,EAAG,CACpD,IAAI5xB,EAAItD,KAAK41D,WAAW1gC,GACxB,GAAI5xB,EAAEkyD,QAAUx1D,KAAKs2D,MAAQrwB,EAAEliC,KAAKT,EAAG,eAAiBtD,KAAKs2D,KAAOhzD,EAAEoyD,WAAY,CAChF,IAAIx/C,EAAI5S,EACR,KACF,CACF,CACA4S,IAAM,UAAY67C,GAAK,aAAeA,IAAM77C,EAAEs/C,QAAUvwD,GAAKA,GAAKiR,EAAEw/C,aAAex/C,EAAI,MACvF,IAAIo/B,EAAIp/B,EAAIA,EAAE4/C,WAAa,CAAC,EAC5B,OAAOxgB,EAAE/vC,KAAOwsD,EAAGzc,EAAE6e,IAAMlvD,EAAGiR,GAAKlW,KAAKgb,OAAS,OAAQhb,KAAK48C,KAAO1mC,EAAEw/C,WAAYvvB,GAAKnmC,KAAKy2D,SAASnhB,EACxG,EACAmhB,SAAU,SAAkB1E,EAAG9sD,GAC7B,GAAI,UAAY8sD,EAAExsD,KAAM,MAAMwsD,EAAEoC,IAChC,MAAO,UAAYpC,EAAExsD,MAAQ,aAAewsD,EAAExsD,KAAOvF,KAAK48C,KAAOmV,EAAEoC,IAAM,WAAapC,EAAExsD,MAAQvF,KAAKu2D,KAAOv2D,KAAKm0D,IAAMpC,EAAEoC,IAAKn0D,KAAKgb,OAAS,SAAUhb,KAAK48C,KAAO,OAAS,WAAamV,EAAExsD,MAAQN,IAAMjF,KAAK48C,KAAO33C,GAAIkhC,CAC1N,EACAse,OAAQ,SAAgBsN,GACtB,IAAK,IAAI9sD,EAAIjF,KAAK41D,WAAWpyD,OAAS,EAAGyB,GAAK,IAAKA,EAAG,CACpD,IAAIiwB,EAAIl1B,KAAK41D,WAAW3wD,GACxB,GAAIiwB,EAAEwgC,aAAe3D,EAAG,OAAO/xD,KAAKy2D,SAASvhC,EAAE4gC,WAAY5gC,EAAEygC,UAAWE,EAAc3gC,GAAIiR,CAC5F,CACF,EACA,MAAS,SAAgB4rB,GACvB,IAAK,IAAI9sD,EAAIjF,KAAK41D,WAAWpyD,OAAS,EAAGyB,GAAK,IAAKA,EAAG,CACpD,IAAIiwB,EAAIl1B,KAAK41D,WAAW3wD,GACxB,GAAIiwB,EAAEsgC,SAAWzD,EAAG,CAClB,IAAI9rB,EAAI/Q,EAAE4gC,WACV,GAAI,UAAY7vB,EAAE1gC,KAAM,CACtB,IAAIjC,EAAI2iC,EAAEkuB,IACV0B,EAAc3gC,EAChB,CACA,OAAO5xB,CACT,CACF,CACA,MAAMmP,MAAM,wBACd,EACAikD,cAAe,SAAuBzxD,EAAGiwB,EAAG+Q,GAC1C,OAAOjmC,KAAK+0D,SAAW,CACrBrY,SAAUlrC,EAAOvM,GACjBowD,WAAYngC,EACZogC,QAASrvB,GACR,SAAWjmC,KAAKgb,SAAWhb,KAAKm0D,IAAMpC,GAAI5rB,CAC/C,GACClhC,CACL,CACA64C,EAAOC,QAAU2V,EAAqB5V,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BC/S3G,SAAS4Y,EAAgB5E,EAAG9sD,GAC1B,OAAO64C,EAAOC,QAAU4Y,EAAkBv2D,OAAO8X,eAAiB9X,OAAO8X,eAAepW,OAAS,SAAUiwD,EAAG9sD,GAC5G,OAAO8sD,EAAEgB,UAAY9tD,EAAG8sD,CAC1B,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS4Y,EAAgB5E,EAAG9sD,EACtG,CACA64C,EAAOC,QAAU4Y,EAAiB7Y,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCLvG,IAAI6Y,EAAiB,EAAQ,MACzBC,EAAuB,EAAQ,MAC/BC,EAA6B,EAAQ,MACrCC,EAAkB,EAAQ,MAI9BjZ,EAAOC,QAHP,SAAwB7oB,EAAGjwB,GACzB,OAAO2xD,EAAe1hC,IAAM2hC,EAAqB3hC,EAAGjwB,IAAM6xD,EAA2B5hC,EAAGjwB,IAAM8xD,GAChG,EACiCjZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCPtG,IAAI+U,EAAiB,EAAQ,MAK7BhV,EAAOC,QAJP,SAAwBgU,EAAGzuD,GACzB,MAAQ,CAAC,EAAEQ,eAAeC,KAAKguD,EAAGzuD,IAAM,QAAUyuD,EAAIe,EAAef,MACrE,OAAOA,CACT,EACiCjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,6BCLtG,IAAIiZ,EAAoB,EAAQ,MAC5BC,EAAkB,EAAQ,MAC1BH,EAA6B,EAAQ,MACrCI,EAAoB,EAAQ,MAIhCpZ,EAAOC,QAHP,SAA4B7oB,GAC1B,OAAO8hC,EAAkB9hC,IAAM+hC,EAAgB/hC,IAAM4hC,EAA2B5hC,IAAMgiC,GACxF,EACqCpZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCP1G,IAAIyV,EAAU,gBAWd1V,EAAOC,QAVP,SAAqBgU,EAAG78B,GACtB,GAAI,UAAYs+B,EAAQzB,KAAOA,EAAG,OAAOA,EACzC,IAAI9sD,EAAI8sD,EAAEpV,OAAOwa,aACjB,QAAI,IAAWlyD,EAAG,CAChB,IAAIiR,EAAIjR,EAAElB,KAAKguD,EAAG78B,GAAK,WACvB,GAAI,UAAYs+B,EAAQt9C,GAAI,OAAOA,EACnC,MAAM,IAAIw1C,UAAU,+CACtB,CACA,OAAQ,WAAax2B,EAAIrf,OAASwY,QAAQ0jC,EAC5C,EAC8BjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCXnG,IAAIyV,EAAU,gBACV2D,EAAc,EAAQ,MAK1BrZ,EAAOC,QAJP,SAAuBgU,GACrB,IAAI77C,EAAIihD,EAAYpF,EAAG,UACvB,MAAO,UAAYyB,EAAQt9C,GAAKA,EAAIA,EAAI,EAC1C,EACgC4nC,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCNrG,SAASyV,EAAQlwD,GAGf,OAAOw6C,EAAOC,QAAUyV,EAAU,mBAAqB7W,QAAU,iBAAmBA,OAAOD,SAAW,SAAUp5C,GAC9G,cAAcA,CAChB,EAAI,SAAUA,GACZ,OAAOA,GAAK,mBAAqBq5C,QAAUr5C,EAAEsrD,cAAgBjS,QAAUr5C,IAAMq5C,OAAO94C,UAAY,gBAAkBP,CACpH,EAAGw6C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAASyV,EAAQlwD,EAC3F,CACAw6C,EAAOC,QAAUyV,EAAS1V,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCT/F,IAAI6T,EAAmB,EAAQ,MAQ/B9T,EAAOC,QAPP,SAAqC7oB,EAAGogB,GACtC,GAAIpgB,EAAG,CACL,GAAI,iBAAmBA,EAAG,OAAO08B,EAAiB18B,EAAGogB,GACrD,IAAIyc,EAAI,CAAC,EAAE5tB,SAASpgC,KAAKmxB,GAAGxsB,MAAM,GAAI,GACtC,MAAO,WAAaqpD,GAAK78B,EAAE05B,cAAgBmD,EAAI78B,EAAE05B,YAAYtqD,MAAO,QAAUytD,GAAK,QAAUA,EAAI5uD,MAAM2R,KAAKogB,GAAK,cAAgB68B,GAAK,2CAA2C13C,KAAK03C,GAAKH,EAAiB18B,EAAGogB,QAAK,CACtN,CACF,EAC8CwI,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCRnH,IAAI+U,EAAiB,EAAQ,MACzB56C,EAAiB,EAAQ,MACzBk/C,EAAmB,EAAQ,MAC3B/E,EAAY,EAAQ,MACxB,SAASgF,EAAiBtF,GACxB,IAAI78B,EAAI,mBAAqBjkB,IAAM,IAAIA,SAAQ,EAC/C,OAAO6sC,EAAOC,QAAUsZ,EAAmB,SAA0BtF,GACnE,GAAI,OAASA,IAAMqF,EAAiBrF,GAAI,OAAOA,EAC/C,GAAI,mBAAqBA,EAAG,MAAM,IAAIrG,UAAU,sDAChD,QAAI,IAAWx2B,EAAG,CAChB,GAAIA,EAAEknB,IAAI2V,GAAI,OAAO78B,EAAEtzB,IAAImwD,GAC3B78B,EAAEzrB,IAAIsoD,EAAGuF,EACX,CACA,SAASA,IACP,OAAOjF,EAAUN,EAAGjnD,UAAWgoD,EAAe9yD,MAAM4uD,YACtD,CACA,OAAO0I,EAAQzzD,UAAYzD,OAAOu/B,OAAOoyB,EAAEluD,UAAW,CACpD+qD,YAAa,CACXrlD,MAAO+tD,EACPxW,YAAY,EACZ2R,UAAU,EACVD,cAAc,KAEdt6C,EAAeo/C,EAASvF,EAC9B,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAASsZ,EAAiBtF,EACpG,CACAjU,EAAOC,QAAUsZ,EAAkBvZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCxBxG,IAAIwZ,EAAU,EAAQ,KAAR,GACdzZ,EAAOC,QAAUwZ,EAGjB,IACEC,mBAAqBD,CACvB,CAAE,MAAOE,GACmB,iBAAfC,WACTA,WAAWF,mBAAqBD,EAEhCvE,SAAS,IAAK,yBAAdA,CAAwCuE,EAE5C,ICbII,EAA2B,CAAC,EAGhC,SAASC,EAAoBC,GAE5B,IAAIC,EAAeH,EAAyBE,GAC5C,QAAqB33D,IAAjB43D,EACH,OAAOA,EAAa/Z,QAGrB,IAAID,EAAS6Z,EAAyBE,GAAY,CAGjD9Z,QAAS,CAAC,GAOX,OAHAga,EAAoBF,GAAU9zD,KAAK+5C,EAAOC,QAASD,EAAQA,EAAOC,QAAS6Z,GAGpE9Z,EAAOC,OACf,CCrBA6Z,EAAoBrD,EAAI,SAASxW,EAASia,GACzC,IAAI,IAAIp0D,KAAOo0D,EACXJ,EAAoBt0D,EAAE00D,EAAYp0D,KAASg0D,EAAoBt0D,EAAEy6C,EAASn6C,IAC5ExD,OAAO49C,eAAeD,EAASn6C,EAAK,CAAEk9C,YAAY,EAAMl/C,IAAKo2D,EAAWp0D,IAG3E,ECPAg0D,EAAoBpD,EAAI,WACvB,GAA0B,iBAAfkD,WAAyB,OAAOA,WAC3C,IACC,OAAO13D,MAAQ,IAAIgzD,SAAS,cAAb,EAChB,CAAE,MAAO/tD,GACR,GAAsB,iBAAX6D,OAAqB,OAAOA,MACxC,CACA,CAPuB,GCAxB8uD,EAAoBt0D,EAAI,SAASL,EAAKw4C,GAAQ,OAAOr7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKw4C,EAAO,ECCtGmc,EAAoB1iC,EAAI,SAAS6oB,GACX,oBAAXpB,QAA0BA,OAAOiX,aAC1CxzD,OAAO49C,eAAeD,EAASpB,OAAOiX,YAAa,CAAErqD,MAAO,WAE7DnJ,OAAO49C,eAAeD,EAAS,aAAc,CAAEx0C,OAAO,GACvD,ECHA,IAAI0uD,EAAsBL,EAAoB","sources":["webpack://OktaAuth/./lib/authn/AuthnTransactionImpl.ts","webpack://OktaAuth/./lib/authn/api.ts","webpack://OktaAuth/./lib/authn/factory.ts","webpack://OktaAuth/./lib/authn/index.ts","webpack://OktaAuth/./lib/authn/mixin.ts","webpack://OktaAuth/./lib/authn/util/flattenEmbedded.ts","webpack://OktaAuth/./lib/authn/util/link2fn.ts","webpack://OktaAuth/./lib/authn/util/links2fns.ts","webpack://OktaAuth/./lib/authn/util/poll.ts","webpack://OktaAuth/./lib/authn/util/stateToken.ts","webpack://OktaAuth/./lib/base/factory.ts","webpack://OktaAuth/./lib/base/index.ts","webpack://OktaAuth/./lib/base/options.ts","webpack://OktaAuth/./lib/browser/browserStorage.ts","webpack://OktaAuth/./lib/browser/fingerprint.ts","webpack://OktaAuth/./lib/clock.ts","webpack://OktaAuth/./lib/constants.ts","webpack://OktaAuth/./lib/core/AuthStateManager.ts","webpack://OktaAuth/./lib/core/ServiceManager/browser.ts","webpack://OktaAuth/./lib/core/ServiceManager/index.ts","webpack://OktaAuth/./lib/core/factory.ts","webpack://OktaAuth/./lib/core/index.ts","webpack://OktaAuth/./lib/core/mixin.ts","webpack://OktaAuth/./lib/core/options.ts","webpack://OktaAuth/./lib/core/storage.ts","webpack://OktaAuth/./lib/core/types/index.ts","webpack://OktaAuth/./lib/crypto/base64.ts","webpack://OktaAuth/./lib/crypto/browser.ts","webpack://OktaAuth/./lib/crypto/index.ts","webpack://OktaAuth/./lib/crypto/oidcHash.ts","webpack://OktaAuth/./lib/crypto/verifyToken.ts","webpack://OktaAuth/./lib/crypto/webcrypto.ts","webpack://OktaAuth/./lib/errors/AuthApiError.ts","webpack://OktaAuth/./lib/errors/AuthPollStopError.ts","webpack://OktaAuth/./lib/errors/AuthSdkError.ts","webpack://OktaAuth/./lib/errors/CustomError.ts","webpack://OktaAuth/./lib/errors/OAuthError.ts","webpack://OktaAuth/./lib/errors/WWWAuthError.ts","webpack://OktaAuth/./lib/errors/index.ts","webpack://OktaAuth/./lib/exports/cdn/default.ts","webpack://OktaAuth/./lib/exports/common.ts","webpack://OktaAuth/./lib/exports/default.ts","webpack://OktaAuth/./lib/features.ts","webpack://OktaAuth/./lib/fetch/fetchRequest.ts","webpack://OktaAuth/./lib/http/OktaUserAgent.ts","webpack://OktaAuth/./lib/http/headers.ts","webpack://OktaAuth/./lib/http/index.ts","webpack://OktaAuth/./lib/http/mixin.ts","webpack://OktaAuth/./lib/http/options.ts","webpack://OktaAuth/./lib/http/request.ts","webpack://OktaAuth/./lib/idx/IdxTransactionManager.ts","webpack://OktaAuth/./lib/idx/authenticate.ts","webpack://OktaAuth/./lib/idx/authenticator/Authenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/OktaPassword.ts","webpack://OktaAuth/./lib/idx/authenticator/OktaVerifyTotp.ts","webpack://OktaAuth/./lib/idx/authenticator/SecurityQuestionEnrollment.ts","webpack://OktaAuth/./lib/idx/authenticator/SecurityQuestionVerification.ts","webpack://OktaAuth/./lib/idx/authenticator/VerificationCodeAuthenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/WebauthnEnrollment.ts","webpack://OktaAuth/./lib/idx/authenticator/WebauthnVerification.ts","webpack://OktaAuth/./lib/idx/authenticator/getAuthenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/index.ts","webpack://OktaAuth/./lib/idx/authenticator/util.ts","webpack://OktaAuth/./lib/idx/cancel.ts","webpack://OktaAuth/./lib/idx/emailVerify.ts","webpack://OktaAuth/./lib/idx/factory/MinimalOktaAuthIdx.ts","webpack://OktaAuth/./lib/idx/factory/OktaAuthIdx.ts","webpack://OktaAuth/./lib/idx/factory/api.ts","webpack://OktaAuth/./lib/idx/factory/index.ts","webpack://OktaAuth/./lib/idx/factory/minimalApi.ts","webpack://OktaAuth/./lib/idx/flow/AccountUnlockFlow.ts","webpack://OktaAuth/./lib/idx/flow/AuthenticationFlow.ts","webpack://OktaAuth/./lib/idx/flow/FlowSpecification.ts","webpack://OktaAuth/./lib/idx/flow/PasswordRecoveryFlow.ts","webpack://OktaAuth/./lib/idx/flow/RegistrationFlow.ts","webpack://OktaAuth/./lib/idx/flow/index.ts","webpack://OktaAuth/./lib/idx/handleInteractionCodeRedirect.ts","webpack://OktaAuth/./lib/idx/idxState/index.ts","webpack://OktaAuth/./lib/idx/idxState/v1/actionParser.ts","webpack://OktaAuth/./lib/idx/idxState/v1/generateIdxAction.ts","webpack://OktaAuth/./lib/idx/idxState/v1/idxResponseParser.ts","webpack://OktaAuth/./lib/idx/idxState/v1/makeIdxState.ts","webpack://OktaAuth/./lib/idx/idxState/v1/parsers.ts","webpack://OktaAuth/./lib/idx/idxState/v1/remediationParser.ts","webpack://OktaAuth/./lib/idx/index.ts","webpack://OktaAuth/./lib/idx/interact.ts","webpack://OktaAuth/./lib/idx/introspect.ts","webpack://OktaAuth/./lib/idx/mixin.ts","webpack://OktaAuth/./lib/idx/mixinMinimal.ts","webpack://OktaAuth/./lib/idx/options.ts","webpack://OktaAuth/./lib/idx/poll.ts","webpack://OktaAuth/./lib/idx/proceed.ts","webpack://OktaAuth/./lib/idx/recoverPassword.ts","webpack://OktaAuth/./lib/idx/register.ts","webpack://OktaAuth/./lib/idx/remediate.ts","webpack://OktaAuth/./lib/idx/remediators/AuthenticatorEnrollmentData.ts","webpack://OktaAuth/./lib/idx/remediators/AuthenticatorVerificationData.ts","webpack://OktaAuth/./lib/idx/remediators/Base/AuthenticatorData.ts","webpack://OktaAuth/./lib/idx/remediators/Base/Remediator.ts","webpack://OktaAuth/./lib/idx/remediators/Base/SelectAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/Base/VerifyAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ChallengeAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ChallengePoll.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollPoll.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollProfile.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollmentChannelData.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/GenericRemediator.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/index.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/util.ts","webpack://OktaAuth/./lib/idx/remediators/Identify.ts","webpack://OktaAuth/./lib/idx/remediators/ReEnrollAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ReEnrollAuthenticatorWarning.ts","webpack://OktaAuth/./lib/idx/remediators/RedirectIdp.ts","webpack://OktaAuth/./lib/idx/remediators/ResetAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorAuthenticate.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorEnroll.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorUnlockAccount.ts","webpack://OktaAuth/./lib/idx/remediators/SelectEnrollProfile.ts","webpack://OktaAuth/./lib/idx/remediators/SelectEnrollmentChannel.ts","webpack://OktaAuth/./lib/idx/remediators/Skip.ts","webpack://OktaAuth/./lib/idx/remediators/index.ts","webpack://OktaAuth/./lib/idx/remediators/util.ts","webpack://OktaAuth/./lib/idx/run.ts","webpack://OktaAuth/./lib/idx/startTransaction.ts","webpack://OktaAuth/./lib/idx/storage.ts","webpack://OktaAuth/./lib/idx/transactionMeta.ts","webpack://OktaAuth/./lib/idx/types/api.ts","webpack://OktaAuth/./lib/idx/types/idx-js.ts","webpack://OktaAuth/./lib/idx/types/index.ts","webpack://OktaAuth/./lib/idx/unlockAccount.ts","webpack://OktaAuth/./lib/idx/util.ts","webpack://OktaAuth/./lib/idx/webauthn.ts","webpack://OktaAuth/./lib/myaccount/api.ts","webpack://OktaAuth/./lib/myaccount/emailApi.ts","webpack://OktaAuth/./lib/myaccount/factory.ts","webpack://OktaAuth/./lib/myaccount/index.ts","webpack://OktaAuth/./lib/myaccount/mixin.ts","webpack://OktaAuth/./lib/myaccount/passwordApi.ts","webpack://OktaAuth/./lib/myaccount/phoneApi.ts","webpack://OktaAuth/./lib/myaccount/profileApi.ts","webpack://OktaAuth/./lib/myaccount/request.ts","webpack://OktaAuth/./lib/myaccount/transactions/Base.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailChallengeTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailStatusTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/PasswordTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/PhoneTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/ProfileSchemaTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/ProfileTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/index.ts","webpack://OktaAuth/./lib/myaccount/types.ts","webpack://OktaAuth/./lib/oidc/TokenManager.ts","webpack://OktaAuth/./lib/oidc/TransactionManager.ts","webpack://OktaAuth/./lib/oidc/decodeToken.ts","webpack://OktaAuth/./lib/oidc/dpop.ts","webpack://OktaAuth/./lib/oidc/endpoints/authorize.ts","webpack://OktaAuth/./lib/oidc/endpoints/index.ts","webpack://OktaAuth/./lib/oidc/endpoints/token.ts","webpack://OktaAuth/./lib/oidc/endpoints/well-known.ts","webpack://OktaAuth/./lib/oidc/enrollAuthenticator.ts","webpack://OktaAuth/./lib/oidc/exchangeCodeForTokens.ts","webpack://OktaAuth/./lib/oidc/factory/OktaAuthOAuth.ts","webpack://OktaAuth/./lib/oidc/factory/api.ts","webpack://OktaAuth/./lib/oidc/factory/baseApi.ts","webpack://OktaAuth/./lib/oidc/factory/index.ts","webpack://OktaAuth/./lib/oidc/getToken.ts","webpack://OktaAuth/./lib/oidc/getUserInfo.ts","webpack://OktaAuth/./lib/oidc/getWithPopup.ts","webpack://OktaAuth/./lib/oidc/getWithRedirect.ts","webpack://OktaAuth/./lib/oidc/getWithoutPrompt.ts","webpack://OktaAuth/./lib/oidc/handleOAuthResponse.ts","webpack://OktaAuth/./lib/oidc/index.ts","webpack://OktaAuth/./lib/oidc/introspect.ts","webpack://OktaAuth/./lib/oidc/mixin/browser.ts","webpack://OktaAuth/./lib/oidc/mixin/index.ts","webpack://OktaAuth/./lib/oidc/mixin/minimal.ts","webpack://OktaAuth/./lib/oidc/options/OAuthOptionsConstructor.ts","webpack://OktaAuth/./lib/oidc/options/browser.ts","webpack://OktaAuth/./lib/oidc/options/index.ts","webpack://OktaAuth/./lib/oidc/parseFromUrl.ts","webpack://OktaAuth/./lib/oidc/renewToken.ts","webpack://OktaAuth/./lib/oidc/renewTokens.ts","webpack://OktaAuth/./lib/oidc/renewTokensWithRefresh.ts","webpack://OktaAuth/./lib/oidc/revokeToken.ts","webpack://OktaAuth/./lib/oidc/storage.ts","webpack://OktaAuth/./lib/oidc/types/Token.ts","webpack://OktaAuth/./lib/oidc/types/TokenManager.ts","webpack://OktaAuth/./lib/oidc/types/Transaction.ts","webpack://OktaAuth/./lib/oidc/types/index.ts","webpack://OktaAuth/./lib/oidc/util/browser.ts","webpack://OktaAuth/./lib/oidc/util/defaultEnrollAuthenticatorParams.ts","webpack://OktaAuth/./lib/oidc/util/defaultTokenParams.ts","webpack://OktaAuth/./lib/oidc/util/enrollAuthenticatorMeta.ts","webpack://OktaAuth/./lib/oidc/util/errors.ts","webpack://OktaAuth/./lib/oidc/util/index.ts","webpack://OktaAuth/./lib/oidc/util/loginRedirect.ts","webpack://OktaAuth/./lib/oidc/util/oauth.ts","webpack://OktaAuth/./lib/oidc/util/oauthMeta.ts","webpack://OktaAuth/./lib/oidc/util/pkce.ts","webpack://OktaAuth/./lib/oidc/util/prepareEnrollAuthenticatorParams.ts","webpack://OktaAuth/./lib/oidc/util/prepareTokenParams.ts","webpack://OktaAuth/./lib/oidc/util/refreshToken.ts","webpack://OktaAuth/./lib/oidc/util/sharedStorage.ts","webpack://OktaAuth/./lib/oidc/util/urlParams.ts","webpack://OktaAuth/./lib/oidc/util/validateClaims.ts","webpack://OktaAuth/./lib/oidc/util/validateToken.ts","webpack://OktaAuth/./lib/oidc/verifyToken.ts","webpack://OktaAuth/./lib/services/AutoRenewService.ts","webpack://OktaAuth/./lib/services/LeaderElectionService.ts","webpack://OktaAuth/./lib/services/RenewOnTabActivationService.ts","webpack://OktaAuth/./lib/services/SyncStorageService.ts","webpack://OktaAuth/./lib/services/index.ts","webpack://OktaAuth/./lib/session/api.ts","webpack://OktaAuth/./lib/session/factory.ts","webpack://OktaAuth/./lib/session/index.ts","webpack://OktaAuth/./lib/session/mixin.ts","webpack://OktaAuth/./lib/storage/BaseStorageManager.ts","webpack://OktaAuth/./lib/storage/SavedObject.ts","webpack://OktaAuth/./lib/storage/index.ts","webpack://OktaAuth/./lib/storage/mixin.ts","webpack://OktaAuth/./lib/storage/options/StorageOptionsConstructor.ts","webpack://OktaAuth/./lib/storage/options/browser.ts","webpack://OktaAuth/./lib/util/PromiseQueue.ts","webpack://OktaAuth/./lib/util/console.ts","webpack://OktaAuth/./lib/util/index.ts","webpack://OktaAuth/./lib/util/jsonpath.ts","webpack://OktaAuth/./lib/util/misc.ts","webpack://OktaAuth/./lib/util/object.ts","webpack://OktaAuth/./lib/util/types.ts","webpack://OktaAuth/./lib/util/url.ts","webpack://OktaAuth/../../src/index.ts","webpack://OktaAuth/./node_modules/p-cancelable/index.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/broadcast-channel.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/index.es5.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/index.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election-util.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election-web-lock.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/method-chooser.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/indexed-db.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/localstorage.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/native.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/simulate.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/options.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/util.js","webpack://OktaAuth/./node_modules/cross-fetch/dist/browser-ponyfill.js","webpack://OktaAuth/./node_modules/js-cookie/dist/js.cookie.js","webpack://OktaAuth/./node_modules/tiny-emitter/index.js","webpack://OktaAuth/./node_modules/unload/dist/es/index.js","webpack://OktaAuth/./node_modules/unload/dist/es/node.js","webpack://OktaAuth/./node_modules/unload/dist/es/browser.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayLikeToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayWithHoles.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayWithoutHoles.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/assertThisInitialized.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/asyncToGenerator.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/classCallCheck.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/construct.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/createClass.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/defineProperty.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/get.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/getPrototypeOf.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/inherits.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/interopRequireDefault.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/isNativeFunction.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/isNativeReflectConstruct.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/iterableToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/iterableToArrayLimit.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/nonIterableRest.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/nonIterableSpread.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/objectWithoutProperties.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/objectWithoutPropertiesLoose.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/possibleConstructorReturn.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/regeneratorRuntime.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/setPrototypeOf.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/slicedToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/superPropBase.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toConsumableArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toPrimitive.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toPropertyKey.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/typeof.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/unsupportedIterableToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/wrapNativeSuper.js","webpack://OktaAuth/./node_modules/@babel/runtime/regenerator/index.js","webpack://OktaAuth/webpack/bootstrap","webpack://OktaAuth/webpack/runtime/define property getters","webpack://OktaAuth/webpack/runtime/global","webpack://OktaAuth/webpack/runtime/hasOwnProperty shorthand","webpack://OktaAuth/webpack/runtime/make namespace object","webpack://OktaAuth/webpack/startup"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { OktaAuthHttpInterface } from '../http/types';\nimport {\n AuthnTransactionFunction,\n AuthnTransaction,\n AuthnTransactionAPI,\n AuthnTransactionState\n} from './types';\nimport { flattenEmbedded } from './util/flattenEmbedded';\n\nexport class AuthnTransactionImpl implements AuthnTransaction {\n next?: AuthnTransactionFunction;\n cancel?: AuthnTransactionFunction;\n skip?: AuthnTransactionFunction;\n unlock?: AuthnTransactionFunction;\n changePassword?: AuthnTransactionFunction;\n resetPassword?: AuthnTransactionFunction;\n answer?: AuthnTransactionFunction;\n recovery?: AuthnTransactionFunction;\n verify?: AuthnTransactionFunction;\n resend?: AuthnTransactionFunction;\n activate?: AuthnTransactionFunction;\n poll?: AuthnTransactionFunction;\n prev?: AuthnTransactionFunction;\n\n data?: AuthnTransactionState;\n stateToken?: string;\n sessionToken?: string;\n status: string;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n constructor(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res: AuthnTransactionState | null = null) {\n this.data = undefined;\n this.status = undefined as unknown as string;\n if (res) {\n this.data = res;\n\n // Parse response from Authn V1\n Object.assign(this, flattenEmbedded(sdk, tx, res, res, {}));\n delete this.stateToken;\n\n // RECOVERY_CHALLENGE has some responses without _links.\n // Without _links, we emulate cancel to make it intuitive\n // to return to the starting state. We may remove this\n // when OKTA-75434 is resolved\n if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n this.cancel = function() {\n return Promise.resolve(tx.createTransaction());\n };\n }\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nimport { post } from '../http';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { STATE_TOKEN_KEY_NAME } from '../constants';\nimport { OktaAuthHttpInterface } from '../http/types';\nimport { OktaAuthStorageOptions } from '../storage/types';\nimport { addStateToken } from './util/stateToken';\nimport { AuthnTransactionAPI } from './types';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function transactionStatus(sdk: OktaAuthHttpInterface, args) {\n args = addStateToken(sdk, args);\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, { withCredentials: true });\n}\n\nexport function resumeTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n if (!args || !args.stateToken) {\n var stateToken = getSavedStateToken(sdk);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to resume'));\n }\n }\n return transactionStatus(sdk, args)\n .then(function(res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function introspectAuthn (sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n if (!args || !args.stateToken) {\n var stateToken = getSavedStateToken(sdk);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n }\n }\n return transactionStep(sdk, args)\n .then(function (res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function transactionStep(sdk: OktaAuthHttpInterface, args) {\n args = addStateToken(sdk, args);\n // v1 pipeline introspect API\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, { withCredentials: true });\n}\n\nexport function transactionExists(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n // We have a cookie state token\n return !!getSavedStateToken(sdk);\n}\n\nexport function postToTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, url: string, args, options?) {\n options = Object.assign({ withCredentials: true }, options);\n return post(sdk, url, args, options)\n .then(function(res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function getSavedStateToken(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = sdk.options.storageUtil!.storage;\n return storage.get(STATE_TOKEN_KEY_NAME);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { RequestData, RequestOptions, OktaAuthHttpInterface } from '../http/types';\nimport {\n introspectAuthn,\n transactionStatus,\n transactionExists,\n resumeTransaction,\n postToTransaction\n} from './api';\nimport { AuthnTransactionImpl } from './AuthnTransactionImpl';\nimport { AuthnTransactionAPI, AuthnTransactionState } from './types';\n\n// Factory\nexport function createAuthnTransactionAPI(sdk: OktaAuthHttpInterface): AuthnTransactionAPI {\n const tx: AuthnTransactionAPI = {\n status: transactionStatus.bind(null, sdk),\n resume(args) {\n return resumeTransaction(sdk, tx, args);\n },\n exists: transactionExists.bind(null, sdk),\n introspect(args) {\n return introspectAuthn(sdk, tx, args);\n },\n createTransaction: (res?: AuthnTransactionState) => {\n return new AuthnTransactionImpl(sdk, tx, res);\n },\n postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => {\n return postToTransaction(sdk, tx, url, args, options);\n }\n };\n return tx;\n}\n","export * from './factory';\nexport * from './mixin';\nexport * from './types';\n","/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { \n clone,\n} from '../util';\nimport fingerprint from '../browser/fingerprint';\nimport {\n SigninWithCredentialsOptions,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n SigninOptions,\n OktaAuthTxInterface,\n AuthnTransaction,\n AuthnTransactionAPI\n} from './types';\nimport {\n createAuthnTransactionAPI,\n} from './factory';\nimport { StorageManagerInterface } from '../storage/types';\nimport { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { FingerprintAPI, OktaAuthConstructor } from '../base/types';\n\nexport function mixinAuthn\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthTxInterface<S, O>>\n{\n return class OktaAuthTx extends Base implements OktaAuthTxInterface<S, O> {\n tx: AuthnTransactionAPI; // legacy, may be removed in future version\n authn: AuthnTransactionAPI;\n fingerprint: FingerprintAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.authn = this.tx = createAuthnTransactionAPI(this);\n \n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n }\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthnTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return this.tx.postToTransaction('/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction> {\n return this.signIn(opts);\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction> {\n const { multiOptionalFactorEnroll, ...args } = opts;\n if (multiOptionalFactorEnroll) {\n // see https://developer.okta.com/docs/reference/api/authn/#options-object\n (args as any).options = { multiOptionalFactorEnroll };\n }\n return this.tx.postToTransaction('/api/v1/authn/recovery/token', args);\n }\n\n };\n}\n","/* eslint-disable complexity */\nimport { OktaAuthHttpInterface } from '../../http/types';\nimport { clone, isObject, omit } from '../../util';\nimport { AuthnTransactionAPI } from '../types';\nimport { links2fns } from './links2fns';\n\nexport function flattenEmbedded(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n obj = obj || res;\n obj = clone(obj);\n\n if (Array.isArray(obj)) {\n var objArr = [];\n for (var o = 0, ol = obj.length; o < ol; o++) {\n objArr.push(flattenEmbedded(sdk, tx, res, obj[o], ref) as never);\n }\n return objArr;\n }\n\n var embedded = obj._embedded || {};\n\n for (var key in embedded) {\n if (!Object.prototype.hasOwnProperty.call(embedded, key)) {\n continue;\n }\n\n // Flatten any nested _embedded objects\n if (isObject(embedded[key]) || Array.isArray(embedded[key])) {\n embedded[key] = flattenEmbedded(sdk, tx, res, embedded[key], ref);\n }\n }\n\n // Convert any links on the embedded object\n var fns = links2fns(sdk, tx, res, obj, ref);\n Object.assign(embedded, fns);\n\n obj = omit(obj, '_embedded', '_links');\n Object.assign(obj, embedded);\n return obj;\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { find, omit, toQueryString } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { get } from '../../http';\nimport { AuthnTransactionAPI, AuthnTransactionState } from '../types';\nimport { postToTransaction } from '../api';\nimport { addStateToken } from './stateToken';\n\n\n// query parameters to post url\ninterface PostToTransactionParams {\n autoPush?: boolean;\n rememberDevice?: boolean;\n updatePhone?: boolean;\n}\n\n// eslint-disable-next-line max-params\nexport function link2fn(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, link, ref) {\n if (Array.isArray(link)) {\n return function(name, opts?) {\n if (!name) {\n throw new AuthSdkError('Must provide a link name');\n }\n\n var lk = find(link, {name: name});\n if (!lk) {\n throw new AuthSdkError('No link found for that name');\n }\n\n return link2fn(sdk, tx, res, obj, lk, ref)(opts);\n };\n\n } else if (link.hints &&\n link.hints.allow &&\n link.hints.allow.length === 1) {\n var method = link.hints.allow[0];\n switch (method) {\n\n case 'GET':\n return function() {\n return get(sdk, link.href, { withCredentials: true });\n };\n\n case 'POST':\n // eslint-disable-next-line max-statements,complexity\n return function(opts: AuthnTransactionState) {\n if (ref && ref.isPolling) {\n ref.isPolling = false;\n }\n\n var data = addStateToken(res, opts);\n\n if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n // Add factorType and provider\n Object.assign(data, {\n factorType: obj.factorType,\n provider: obj.provider\n });\n }\n\n var params = {} as PostToTransactionParams;\n var autoPush = data.autoPush;\n if (autoPush !== undefined) {\n if (typeof autoPush === 'function') {\n try {\n params.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== null) {\n params.autoPush = !!autoPush;\n }\n data = omit(data, 'autoPush');\n }\n\n var rememberDevice = data.rememberDevice;\n if (rememberDevice !== undefined) {\n if (typeof rememberDevice === 'function') {\n try {\n params.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== null) {\n params.rememberDevice = !!rememberDevice;\n }\n data = omit(data, 'rememberDevice');\n\n } else if (data.profile &&\n data.profile.updatePhone !== undefined) {\n if (data.profile.updatePhone) {\n params.updatePhone = true;\n }\n data.profile = omit(data.profile, 'updatePhone');\n }\n var href = link.href + toQueryString(params);\n return postToTransaction(sdk, tx, href, data);\n };\n }\n }\n}\n\n\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { AuthnTransactionFunctions, AuthnTransactionAPI } from '../types';\nimport { link2fn } from './link2fn';\nimport { getPollFn } from './poll';\n\nexport function links2fns(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n var fns = {} as AuthnTransactionFunctions;\n for (var linkName in obj._links) {\n if (!Object.prototype.hasOwnProperty.call(obj._links, linkName)) {\n continue;\n }\n\n var link = obj._links[linkName];\n \n if (linkName === 'next') {\n linkName = link.name;\n }\n\n if (link.type) {\n fns[linkName] = link;\n continue;\n }\n\n switch (linkName) {\n // poll is only found at the transaction\n // level, so we don't need to pass the link\n case 'poll':\n fns.poll = getPollFn(sdk, res, ref);\n break;\n\n default:\n var fn = link2fn(sdk, tx, res, obj, link, ref);\n if (fn) {\n fns[linkName] = fn;\n }\n }\n }\n return fns;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { post } from '../../http';\nimport { isNumber, isObject, getLink, toQueryString, delay as delayFn } from '../../util';\nimport { DEFAULT_POLLING_DELAY } from '../../constants';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport AuthPollStopError from '../../errors/AuthPollStopError';\nimport { AuthnTransactionState } from '../types';\nimport { getStateToken } from './stateToken';\n\ninterface PollOptions {\n delay?: number;\n rememberDevice?: boolean;\n autoPush?: boolean;\n transactionCallBack?: (AuthnTransactionState) => void;\n}\n\nexport function getPollFn(sdk, res: AuthnTransactionState, ref) {\n return function (options: PollOptions | number) {\n var delay;\n var rememberDevice;\n var autoPush;\n var transactionCallBack;\n\n if (isNumber(options)) {\n delay = options;\n } else if (isObject(options)) {\n options = options as PollOptions;\n delay = options.delay;\n rememberDevice = options.rememberDevice;\n autoPush = options.autoPush;\n transactionCallBack = options.transactionCallBack;\n }\n\n if (!delay && delay !== 0) {\n delay = DEFAULT_POLLING_DELAY;\n }\n\n // Get the poll function\n var pollLink = getLink(res, 'next', 'poll');\n // eslint-disable-next-line complexity\n function pollFn() {\n var opts = {} as PollOptions;\n if (typeof autoPush === 'function') {\n try {\n opts.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== undefined && autoPush !== null) {\n opts.autoPush = !!autoPush;\n }\n if (typeof rememberDevice === 'function') {\n try {\n opts.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== undefined && rememberDevice !== null) {\n opts.rememberDevice = !!rememberDevice;\n }\n\n var href = pollLink.href + toQueryString(opts);\n return post(sdk, href, getStateToken(res), {\n saveAuthnState: false,\n withCredentials: true,\n pollingIntent: true,\n });\n }\n\n ref.isPolling = true;\n\n var retryCount = 0;\n var recursivePoll = function () {\n // If the poll was manually stopped during the delay\n if (!ref.isPolling) {\n return Promise.reject(new AuthPollStopError());\n }\n\n return pollFn()\n .then(function (pollRes) {\n // Reset our retry counter on success\n retryCount = 0;\n\n // If we're still waiting\n if (pollRes.factorResult && pollRes.factorResult === 'WAITING') {\n\n // If the poll was manually stopped while the pollFn was called\n if (!ref.isPolling) {\n throw new AuthPollStopError();\n }\n\n if (typeof transactionCallBack === 'function') {\n transactionCallBack(pollRes);\n }\n\n // Continue poll\n return delayFn(delay).then(recursivePoll);\n\n } else {\n // Any non-waiting result, even if polling was stopped\n // during a request, will return\n ref.isPolling = false;\n return sdk.tx.createTransaction(pollRes);\n }\n })\n .catch(function(err) {\n // Exponential backoff, up to 16 seconds\n if (err.xhr &&\n (err.xhr.status === 0 || err.xhr.status === 429) &&\n retryCount <= 4) {\n var delayLength = Math.pow(2, retryCount) * 1000;\n retryCount++;\n return delayFn(delayLength)\n .then(recursivePoll);\n }\n throw err;\n });\n };\n return recursivePoll()\n .catch(function(err) {\n ref.isPolling = false;\n throw err;\n });\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nimport { AuthnTransactionState } from '../types';\n\nexport function addStateToken(res, options?) {\n var builtArgs = {} as AuthnTransactionState;\n Object.assign(builtArgs, options);\n\n // Add the stateToken if one isn't passed and we have one\n if (!builtArgs.stateToken && res.stateToken) {\n builtArgs.stateToken = res.stateToken;\n }\n\n return builtArgs;\n}\n\nexport function getStateToken(res) {\n return addStateToken(res);\n}\n","\n\n// Do not use this type in code, so it won't be emitted in the declaration output\nimport { removeNils } from '../util';\n\nimport * as features from '../features';\nimport * as constants from '../constants';\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nimport {\n EventEmitter,\n OktaAuthConstructor,\n OktaAuthBaseInterface,\n OktaAuthBaseOptions,\n OktaAuthOptionsConstructor, \n FeaturesAPI,\n} from './types';\n\nexport function createOktaAuthBase\n<\n O extends OktaAuthBaseOptions = OktaAuthBaseOptions,\n>\n(\n OptionsConstructor: OktaAuthOptionsConstructor<O>\n): OktaAuthConstructor<OktaAuthBaseInterface<O>>\n{\n class OktaAuthBase implements OktaAuthBaseInterface<O>\n {\n options: O;\n emitter: EventEmitter;\n features: FeaturesAPI;\n static features: FeaturesAPI = features;\n static constants = constants;\n \n constructor(...args: any[]) {\n const options = new OptionsConstructor(args.length ? args[0] || {} : {});\n this.options = removeNils(options) as O; // clear out undefined values\n this.emitter = new Emitter();\n this.features = features;\n }\n }\n\n // Hoist feature detection functions to prototype & static type\n OktaAuthBase.features = OktaAuthBase.prototype.features = features;\n\n // Also hoist constants for CommonJS users\n Object.assign(OktaAuthBase, {\n constants\n });\n\n return OktaAuthBase;\n}\n","export * from './factory';\nexport * from './options';\nexport * from './types';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthBaseOptions } from './types';\n\nexport function createBaseOptionsConstructor() {\n\n return class BaseOptionsConstructor implements Required<OktaAuthBaseOptions> {\n devMode: boolean;\n\n constructor(args: any) {\n this.devMode = !!args.devMode;\n }\n };\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport Cookies from 'js-cookie';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n StorageOptions,\n CookieOptions,\n SimpleStorage,\n StorageType,\n StorageUtil,\n} from '../storage/types';\nimport { warn } from '../util';\nimport { isIE11OrLess } from '../features';\n\nexport interface CookieStorage extends SimpleStorage {\n setItem(key: string, value: any, expiresAt?: string | null): void; // can customize expiresAt\n getItem(key?: string): any; // if no key is passed, all cookies are returned\n removeItem(key: string); // remove a cookie\n}\n\nexport interface BrowserStorageUtil extends StorageUtil {\n browserHasLocalStorage(): boolean;\n browserHasSessionStorage(): boolean;\n getStorageByType(storageType: StorageType, options: StorageOptions): SimpleStorage;\n getLocalStorage(): Storage;\n getSessionStorage(): Storage;\n getInMemoryStorage(): SimpleStorage;\n getCookieStorage(options?: StorageOptions): CookieStorage;\n testStorage(storage: any): boolean;\n storage: Cookies;\n inMemoryStore: Record<string, unknown>;\n}\n\n// Building this as an object allows us to mock the functions in our tests\nvar storageUtil: BrowserStorageUtil = {\n\n // IE11 bug that Microsoft doesn't plan to fix\n // https://connect.microsoft.com/IE/Feedback/Details/1496040\n browserHasLocalStorage: function() {\n try {\n var storage = this.getLocalStorage();\n return this.testStorage(storage);\n } catch (e) {\n return false;\n }\n },\n\n browserHasSessionStorage: function() {\n try {\n var storage = this.getSessionStorage();\n return this.testStorage(storage);\n } catch (e) {\n return false;\n }\n },\n\n testStorageType: function(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'sessionStorage':\n supported = this.browserHasSessionStorage();\n break;\n case 'localStorage':\n supported = this.browserHasLocalStorage();\n break;\n case 'cookie':\n case 'memory':\n supported = true;\n break;\n default:\n supported = false;\n break;\n }\n return supported;\n },\n\n getStorageByType: function(storageType: StorageType, options?: StorageOptions): SimpleStorage {\n let storageProvider;\n switch (storageType) {\n case 'sessionStorage':\n storageProvider = this.getSessionStorage();\n break;\n case 'localStorage':\n storageProvider = this.getLocalStorage();\n break;\n case 'cookie':\n storageProvider = this.getCookieStorage(options);\n break;\n case 'memory':\n storageProvider = this.getInMemoryStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n },\n\n findStorageType: function(types: StorageType[]) {\n let curType;\n let nextType;\n \n types = types.slice(); // copy array\n curType = types.shift();\n nextType = types.length ? types[0] : null;\n if (!nextType) {\n return curType;\n }\n\n if (this.testStorageType(curType)) {\n return curType;\n }\n\n // preferred type was unsupported.\n warn(`This browser doesn't support ${curType}. Switching to ${nextType}.`);\n\n // fallback to the next type. this is a recursive call\n return this.findStorageType(types);\n },\n\n getLocalStorage: function() {\n // Workaound for synchronization issue of LocalStorage cross tabs in IE11\n if (isIE11OrLess() && !window.onstorage) {\n window.onstorage = function() {};\n }\n \n return localStorage;\n },\n\n getSessionStorage: function() {\n return sessionStorage;\n },\n\n // Provides webStorage-like interface for cookies\n getCookieStorage: function(options): CookieStorage {\n const secure = options!.secure;\n const sameSite = options!.sameSite;\n const sessionCookie = options!.sessionCookie;\n if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n throw new AuthSdkError('getCookieStorage: \"secure\" and \"sameSite\" options must be provided');\n }\n const storage: CookieStorage = {\n getItem: this.storage.get,\n setItem: (key, value, expiresAt = '2200-01-01T00:00:00.000Z') => {\n // By defauilt, cookie shouldn't expire\n expiresAt = (sessionCookie ? null : expiresAt) as string;\n this.storage.set(key, value, expiresAt, {\n secure: secure, \n sameSite: sameSite,\n });\n },\n removeItem: (key) => {\n this.storage.delete(key);\n },\n };\n\n if (!options!.useSeparateCookies) {\n return storage;\n }\n\n // Tokens are stored separately because cookies have size limits.\n // Can only be used when storing an object value. Object properties will be saved to separate cookies.\n // Each property of the object must also be an object.\n return {\n getItem: function(key) {\n var data = storage.getItem(); // read all cookies\n var value = {};\n Object.keys(data).forEach(k => {\n if (k.indexOf(key!) === 0) { // filter out unrelated cookies\n value[k.replace(`${key}_`, '')] = JSON.parse(data[k]); // populate with cookie data\n }\n });\n return JSON.stringify(value);\n },\n setItem: function(key, value) {\n var existingValues = JSON.parse(this.getItem(key));\n value = JSON.parse(value);\n // Set key-value pairs from input to cookies\n Object.keys(value).forEach(k => {\n var storageKey = key + '_' + k;\n var valueToStore = JSON.stringify(value[k]);\n storage.setItem(storageKey, valueToStore);\n delete existingValues[k];\n });\n // Delete unmatched keys from existing cookies\n Object.keys(existingValues).forEach(k => {\n storage.removeItem(key + '_' + k);\n });\n },\n removeItem: function(key) {\n var existingValues = JSON.parse(this.getItem(key));\n Object.keys(existingValues).forEach(k => {\n storage.removeItem(key + '_' + k);\n });\n },\n };\n },\n\n // Provides an in-memory solution\n inMemoryStore: {}, // override this for a unique memory store per instance\n getInMemoryStorage: function() {\n return {\n getItem: (key) => {\n return this.inMemoryStore[key];\n },\n setItem: (key, value) => {\n this.inMemoryStore[key] = value;\n },\n };\n },\n\n testStorage: function(storage) {\n var key = 'okta-test-storage';\n try {\n storage.setItem(key, key);\n storage.removeItem(key);\n return true;\n } catch (e) {\n return false;\n }\n },\n\n storage: {\n set: function(name: string, value: string, expiresAt: string, options: CookieOptions): string {\n const { sameSite, secure } = options;\n if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n throw new AuthSdkError('storage.set: \"secure\" and \"sameSite\" options must be provided');\n }\n var cookieOptions: CookieOptions = {\n path: options.path || '/',\n secure,\n sameSite\n };\n\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Expires value can be converted to a Date object.\n //\n // If the 'expiresAt' value is not provided, or the value cannot be\n // parsed as a Date object, the cookie will set as a session cookie.\n cookieOptions.expires = new Date(expiresAt);\n }\n\n Cookies.set(name, value, cookieOptions);\n return this.get(name);\n },\n\n get: function(name?: string): string {\n // return all cookies when no args is provided\n if (!arguments.length) {\n return Cookies.get();\n }\n return Cookies.get(name);\n },\n\n delete: function(name: string): string {\n return Cookies.remove(name, { path: '/' });\n }\n }\n};\n\nexport default storageUtil;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { isFingerprintSupported } from '../features';\nimport {\n addListener,\n removeListener\n} from '../oidc';\nimport { FingerprintOptions } from '../base/types';\nimport { OktaAuthHttpInterface } from '../http/types';\n\nconst isMessageFromCorrectSource = (iframe: HTMLIFrameElement, event: MessageEvent)\n: boolean => event.source === iframe.contentWindow;\n\nexport default function fingerprint(sdk: OktaAuthHttpInterface, options?: FingerprintOptions): Promise<string> {\n if (!isFingerprintSupported()) {\n return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n }\n\n const container = options?.container ?? document.body;\n let timeout: NodeJS.Timeout;\n let iframe: HTMLIFrameElement;\n let listener: (this: Window, ev: MessageEvent) => void;\n const promise = new Promise(function (resolve, reject) {\n iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n\n // eslint-disable-next-line complexity\n listener = function listener(e: MessageEvent) {\n if (!isMessageFromCorrectSource(iframe, e)) {\n return;\n }\n\n if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n return;\n }\n\n let msg;\n try {\n msg = JSON.parse(e.data);\n } catch (err) {\n // iframe messages should all be parsable\n // skip not parsable messages come from other sources in same origin (browser extensions)\n // TODO: add namespace flag in okta-core to distinguish messages that come from other sources\n return;\n }\n\n if (!msg) { return; }\n if (msg.type === 'FingerprintAvailable') {\n return resolve(msg.fingerprint as string);\n } else if (msg.type === 'FingerprintServiceReady') {\n iframe?.contentWindow?.postMessage(JSON.stringify({\n type: 'GetFingerprint'\n }), e.origin);\n } else {\n return reject(new AuthSdkError('No data'));\n }\n };\n addListener(window, 'message', listener);\n\n iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n container.appendChild(iframe);\n\n timeout = setTimeout(function() {\n reject(new AuthSdkError('Fingerprinting timed out'));\n }, options?.timeout || 15000);\n });\n\n return promise.finally(function() {\n clearTimeout(timeout);\n removeListener(window, 'message', listener);\n if (container.contains(iframe)) {\n iframe.parentElement?.removeChild(iframe);\n }\n }) as Promise<string>;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class SdkClock {\n localOffset: number;\n\n constructor(localOffset) {\n // Calculated local clock offset from server time (in milliseconds). Can be positive or negative.\n this.localOffset = parseInt(localOffset || 0);\n }\n\n // factory method. Create an instance of a clock from current context.\n static create(/* sdk, options */): SdkClock {\n // TODO: calculate localOffset\n var localOffset = 0;\n return new SdkClock(localOffset);\n }\n\n // Return the current time (in seconds)\n now() {\n var now = (Date.now() + this.localOffset) / 1000;\n return now;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const IOS_MAX_RETRY_COUNT = 3;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY = 'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport PCancelable from 'p-cancelable';\nimport { AuthSdkError } from '../errors';\nimport {\n EVENT_ADDED,\n EVENT_REMOVED,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface\n} from '../oidc';\nimport {\n AuthState,\n AuthStateLogOptions,\n OktaAuthCoreOptions,\n} from './types';\nimport { PromiseQueue, getConsole } from '../util';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\n\nexport class AuthStateManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\n{\n _sdk: OktaAuthOAuthInterface<M, S, O>;\n _pending: { \n updateAuthStatePromise: any;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _transformQueue: PromiseQueue;\n\n constructor(sdk: OktaAuthOAuthInterface<M, S, O>) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n this._transformQueue = new PromiseQueue({\n quiet: true\n });\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n\n // Enqueue transformAuthState so that it does not run concurrently\n const promise: Promise<AuthState> = transformAuthState\n ? this._transformQueue.push(transformAuthState, null, this._sdk, authState) as Promise<AuthState>\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport {\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n} from '../../oidc';\n\nimport {\n ServiceManagerInterface,\n ServiceInterface,\n ServiceManagerOptions,\n OktaAuthCoreInterface,\n OktaAuthCoreOptions\n} from '../types';\nimport { AutoRenewService,\n SyncStorageService,\n LeaderElectionService,\n RenewOnTabActivationService\n} from '../../services';\nimport { removeNils } from '../../util';\n\nconst AUTO_RENEW = 'autoRenew';\nconst SYNC_STORAGE = 'syncStorage';\nconst LEADER_ELECTION = 'leaderElection';\nconst RENEW_ON_TAB_ACTIVATION = 'renewOnTabActivation';\n\nexport class ServiceManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\nimplements ServiceManagerInterface \n{\n private sdk: OktaAuthCoreInterface<M, S, O>;\n private options: ServiceManagerOptions;\n private services: Map<string, ServiceInterface>;\n private started: boolean;\n\n private static knownServices = [AUTO_RENEW, SYNC_STORAGE, LEADER_ELECTION, RENEW_ON_TAB_ACTIVATION];\n\n private static defaultOptions: ServiceManagerOptions = {\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n renewOnTabActivation: true,\n tabInactivityDuration: 1800, // 30 mins in seconds\n };\n\n constructor(sdk: OktaAuthCoreInterface<M, S, O>, options: ServiceManagerOptions = {}) {\n this.sdk = sdk;\n this.onLeader = this.onLeader.bind(this);\n\n // TODO: backwards compatibility, remove in next major version - OKTA-473815\n const { autoRenew, autoRemove, syncStorage } = sdk.tokenManager.getOptions();\n options.electionChannelName = options.electionChannelName || options.broadcastChannelName;\n this.options = Object.assign({}, \n ServiceManager.defaultOptions,\n { autoRenew, autoRemove, syncStorage }, \n {\n electionChannelName: `${sdk.options.clientId}-election`,\n syncChannelName: `${sdk.options.clientId}-sync`,\n },\n removeNils(options)\n );\n\n this.started = false;\n this.services = new Map();\n\n ServiceManager.knownServices.forEach(name => {\n const svc = this.createService(name);\n if (svc) {\n this.services.set(name, svc);\n }\n });\n }\n\n private async onLeader() {\n if (this.started) {\n // Start services that requires leadership\n await this.startServices();\n }\n }\n\n isLeader() {\n return (this.getService(LEADER_ELECTION) as LeaderElectionService)?.isLeader();\n }\n\n isLeaderRequired() {\n return [...this.services.values()].some(srv => srv.canStart() && srv.requiresLeadership());\n }\n\n async start() {\n if (this.started) {\n return; // noop if services have already started\n }\n await this.startServices();\n this.started = true;\n }\n \n async stop() {\n await this.stopServices();\n this.started = false;\n }\n\n getService(name: string): ServiceInterface | undefined {\n return this.services.get(name);\n }\n\n private async startServices() {\n for (const [name, srv] of this.services.entries()) {\n if (this.canStartService(name, srv)) {\n await srv.start();\n }\n }\n }\n\n private async stopServices() {\n for (const srv of this.services.values()) {\n await srv.stop();\n }\n }\n\n // eslint-disable-next-line complexity\n private canStartService(name: string, srv: ServiceInterface): boolean {\n let canStart = srv.canStart() && !srv.isStarted();\n // only start election if a leader is required\n if (name === LEADER_ELECTION) {\n canStart &&= this.isLeaderRequired();\n } else if (srv.requiresLeadership()) {\n canStart &&= this.isLeader();\n }\n return canStart;\n }\n\n private createService(name: string): ServiceInterface {\n const tokenManager = this.sdk.tokenManager;\n\n let service: ServiceInterface;\n switch (name) {\n case LEADER_ELECTION:\n service = new LeaderElectionService({...this.options, onLeader: this.onLeader});\n break;\n case AUTO_RENEW:\n service = new AutoRenewService(tokenManager, {...this.options});\n break;\n case SYNC_STORAGE:\n service = new SyncStorageService(tokenManager, {...this.options});\n break;\n case RENEW_ON_TAB_ACTIVATION:\n service = new RenewOnTabActivationService(tokenManager, {...this.options});\n break;\n default:\n throw new Error(`Unknown service ${name}`);\n }\n return service;\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// ./node is swapped for ./browser in webpack config\nexport * from './node';","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\n\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { createOktaAuthBase } from '../base';\nimport { mixinStorage } from '../storage/mixin';\nimport { mixinHttp } from '../http/mixin';\nimport { mixinOAuth } from '../oidc/mixin';\nimport {\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../oidc/types';\nimport { mixinCore } from './mixin';\nimport { mixinSession } from '../session/mixin';\n\nexport function createOktaAuthCore<\n M extends PKCETransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n const Core = mixinCore<M, S, O, TM>(WithOAuth);\n return Core;\n}\n","export * from './AuthStateManager';\nexport * from './options';\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './types';\nexport * from './ServiceManager';\n","import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n PKCETransactionMeta,\n Tokens,\n TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { AuthSdkError } from '../errors';\n\nexport function mixinCore\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n {\n authStateManager: AuthStateManager<M, S, O>;\n serviceManager: ServiceManager<M, S, O>;\n \n constructor(...args: any[]) {\n super(...args);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n }\n\n async start() {\n await this.serviceManager.start();\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n await this.authStateManager.updateAuthState();\n }\n }\n \n async stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n await this.serviceManager.stop();\n }\n\n async handleRedirect(originalUri?: string): Promise<void> {\n await this.handleLoginRedirect(undefined, originalUri);\n }\n\n // eslint-disable-next-line complexity\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n \n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n \n // clear originalUri from storage\n this.removeOriginalUri(state);\n \n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n handleIDPPopupRedirect (url = window.location.href) {\n const res = parseOAuthResponseFromUrl(this, { responseMode: 'query', url });\n if (res.state) {\n const channel = new BroadcastChannel(`popup-callback:${res.state}`);\n channel.postMessage(res);\n channel.close();\n }\n else {\n throw new AuthSdkError('Unable to parse auth code params');\n }\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createOAuthOptionsConstructor } from '../oidc';\nimport { AuthState, OktaAuthCoreInterface, OktaAuthCoreOptions, ServiceManagerOptions } from './types';\n\n\nexport function createCoreOptionsConstructor()\n{\n const OAuthOptionsConstructor = createOAuthOptionsConstructor();\n return class CoreOptionsConstructor\n extends OAuthOptionsConstructor\n implements Required<OktaAuthCoreOptions>\n {\n services: ServiceManagerOptions;\n transformAuthState: (oktaAuth: OktaAuthCoreInterface, authState: AuthState) => Promise<AuthState>;\n\n constructor(options: any) {\n super(options);\n this.services = options.services;\n this.transformAuthState = options.transformAuthState;\n }\n };\n}\n","import { createOAuthStorageManager } from '../oidc/storage';\nimport { PKCETransactionMeta } from '../oidc/types';\n\nexport function createCoreStorageManager<M extends PKCETransactionMeta = PKCETransactionMeta>() {\n return createOAuthStorageManager<M>();\n}\n","export * from './api';\nexport * from './AuthState';\nexport * from './Service';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthSdkError } from '../errors';\nimport { atob, btoa } from './webcrypto';\n\n// converts a string to base64 (url/filename safe variant)\nexport function stringToBase64Url(str) {\n var b64 = btoa(str);\n return base64ToBase64Url(b64);\n}\n\n// converts a standard base64-encoded string to a \"url/filename safe\" variant\nexport function base64ToBase64Url(b64) {\n return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// converts a \"url/filename safe\" base64 string to a \"standard\" base64 string\nexport function base64UrlToBase64(b64u) {\n return b64u.replace(/-/g, '+').replace(/_/g, '/');\n}\n\nexport function base64UrlToString(b64u) {\n var b64 = base64UrlToBase64(b64u);\n switch (b64.length % 4) {\n case 0:\n break;\n case 2:\n b64 += '==';\n break;\n case 3:\n b64 += '=';\n break;\n default:\n throw new AuthSdkError('Not a valid Base64Url');\n }\n var utf8 = atob(b64);\n try {\n return decodeURIComponent(escape(utf8));\n } catch (e) {\n return utf8;\n }\n}\n\nexport function stringToBuffer(str) {\n var buffer = new Uint8Array(str.length);\n for (var i = 0; i < str.length; i++) {\n buffer[i] = str.charCodeAt(i);\n }\n return buffer;\n}\n\nexport function base64UrlDecode(str) {\n return atob(base64UrlToBase64(str));\n}\n\n// Converts base64 string to binary data view\nexport function base64UrlToBuffer(b64u) {\n return Uint8Array.from(base64UrlDecode(b64u), (c: string) => c.charCodeAt(0));\n}\n\n// Converts an ArrayBuffer object that contains binary data to base64 encoded string\nexport function bufferToBase64Url(bin) {\n return btoa(new Uint8Array(bin).reduce((s, byte) => s + String.fromCharCode(byte), ''));\n}\n\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* global atob, btoa, crypto */\nconst a = function(str) { return atob(str); };\nconst b = function (str) { return btoa(str); };\nconst c = typeof crypto === 'undefined' ? null : crypto;\n\nexport { a as atob, b as btoa, c as webcrypto };\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './base64';\nexport * from './oidcHash';\nexport * from './types';\nexport * from './verifyToken';\nexport * from './webcrypto';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* global TextEncoder */\nimport { stringToBase64Url } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function getOidcHash(str) { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var intBuffer = new Uint8Array(arrayBuffer);\n var firstHalf = intBuffer.slice(0, 16);\n var hash = String.fromCharCode.apply(null, firstHalf as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { clone } from '../util';\nimport { stringToBuffer, base64UrlDecode } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function verifyToken(idToken, key) {\n key = clone(key);\n\n var format = 'jwk';\n var algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: 'SHA-256' }\n };\n var extractable = true;\n var usages = ['verify'];\n\n // https://connect.microsoft.com/IE/feedback/details/2242108/webcryptoapi-importing-jwk-with-use-field-fails\n // This is a metadata tag that specifies the intent of how the key should be used.\n // It's not necessary to properly verify the jwt's signature.\n delete key.use;\n\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n return webcrypto.subtle.importKey(\n format,\n key,\n algo,\n extractable,\n usages\n )\n .then(function(cryptoKey) {\n var jwt = idToken.split('.');\n var payload = stringToBuffer(jwt[0] + '.' + jwt[1]);\n var b64Signature = base64UrlDecode(jwt[2]);\n var signature = stringToBuffer(b64Signature);\n\n return webcrypto.subtle.verify(\n algo,\n cryptoKey,\n signature,\n payload\n );\n });\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// ./node is swapped for ./browser in webpack config\nexport * from './node';","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { HttpResponse } from '../http/types';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthApiError extends CustomError implements APIError {\n errorSummary: string;\n errorCode?: string;\n errorLink?: string;\n errorId?: string;\n errorCauses?: Array<FieldError>;\n xhr?: HttpResponse;\n meta?: Record<string, string | number>;\n\n constructor(err: APIError, xhr?: HttpResponse, meta?: Record<string, string | number>) {\n const message = err.errorSummary;\n super(message);\n\n this.name = 'AuthApiError';\n this.errorSummary = err.errorSummary;\n this.errorCode = err.errorCode;\n this.errorLink = err.errorLink;\n this.errorId = err.errorId;\n this.errorCauses = err.errorCauses;\n\n if (xhr) {\n this.xhr = xhr;\n }\n\n if (meta) {\n this.meta = meta;\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\n\nexport default class AuthPollStopError extends CustomError {\n constructor() {\n const message = 'The poll was stopped by the sdk';\n super(message);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthSdkError extends CustomError implements APIError {\n errorSummary: string;\n errorCode: string;\n errorLink: string;\n errorId: string;\n errorCauses: Array<FieldError>;\n xhr?: XMLHttpRequest;\n\n constructor(msg: string, xhr?: XMLHttpRequest) {\n super(msg);\n this.name = 'AuthSdkError';\n this.errorCode = 'INTERNAL';\n this.errorSummary = msg;\n this.errorLink = 'INTERNAL';\n this.errorId = 'INTERNAL';\n this.errorCauses = [];\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class CustomError extends Error {\n constructor(message: string) {\n // https://stackoverflow.com/questions/41102060/typescript-extending-error-class\n super(message); // 'Error' breaks prototype chain here\n Object.setPrototypeOf(this, new.target.prototype); // restore prototype chain\n }\n}\n","/* eslint-disable camelcase */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport type { HttpResponse } from '../http';\n\nexport default class OAuthError extends CustomError {\n errorCode: string;\n errorSummary: string;\n\n // for widget / idx-js backward compatibility\n error: string;\n error_description: string;\n\n resp: HttpResponse | null = null;\n\n constructor(errorCode: string, summary: string, resp?: HttpResponse) {\n super(summary);\n\n this.name = 'OAuthError';\n this.errorCode = errorCode;\n this.errorSummary = summary;\n\n // for widget / idx-js backward compatibility\n this.error = errorCode;\n this.error_description = summary;\n\n // an OAuth error (should) always result from a network request\n // therefore include that in error for potential error handling\n if (resp) {\n this.resp = resp;\n }\n }\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport type { HttpResponse } from '../http';\nimport CustomError from './CustomError';\nimport { isFunction } from '../util';\n\n// Error thrown after an unsuccessful network request which requires an Authorization header \n// and returns a 4XX error with a www-authenticate header. The header value is parsed to construct \n// an error instance, which contains key/value pairs parsed out\nexport default class WWWAuthError extends CustomError {\n static UNKNOWN_ERROR = 'UNKNOWN_WWW_AUTH_ERROR';\n\n scheme: string;\n parameters: Record<string, string>;\n name = 'WWWAuthError';\n\n resp: HttpResponse | null = null;\n\n constructor(scheme: string, parameters: Record<string, string>, resp?: HttpResponse) {\n // defaults to unknown error. `error` being returned in the www-authenticate header is expected\n // but cannot be guaranteed. Throwing an error within a error constructor seems awkward\n super(parameters.error ?? WWWAuthError.UNKNOWN_ERROR);\n this.scheme = scheme;\n this.parameters = parameters;\n\n if (resp) {\n this.resp = resp;\n }\n }\n\n // convenience references\n get error (): string { return this.parameters.error; }\n get errorCode (): string { return this.error; } // parity with other error props\n // eslint-disable-next-line camelcase\n get error_description (): string { return this.parameters.error_description; }\n // eslint-disable-next-line camelcase\n get errorDescription (): string { return this.error_description; }\n get errorSummary (): string { return this.errorDescription; } // parity with other error props\n get realm (): string { return this.parameters.realm; }\n\n // parses the www-authenticate header for releveant\n static parseHeader (header: string): WWWAuthError | null {\n // header cannot be empty string\n if (!header) {\n return null;\n }\n\n // example string: Bearer error=\"invalid_token\", error_description=\"The access token is invalid\"\n // regex will match on `error=\"invalid_token\", error_description=\"The access token is invalid\"`\n // see unit test for more examples of possible www-authenticate values\n // eslint-disable-next-line max-len\n const regex = /(?:,|, )?([a-zA-Z0-9!#$%&'*+\\-.^_`|~]+)=(?:\"([a-zA-Z0-9!#$%&'*+\\-.,^_`|~ /:]+)\"|([a-zA-Z0-9!#$%&'*+\\-.^_`|~/:]+))/g;\n const firstSpace = header.indexOf(' ');\n const scheme = header.slice(0, firstSpace);\n const remaining = header.slice(firstSpace + 1);\n const params = {};\n\n // Reference: foo=\"hello\", bar=\"bye\"\n // i=0, match=[foo=\"hello1\", foo, hello]\n // i=1, match=[bar=\"bye\", bar, bye]\n let match;\n while ((match = regex.exec(remaining)) !== null) {\n params[match[1]] = (match[2] ?? match[3]);\n }\n\n return new WWWAuthError(scheme, params);\n }\n\n // finds the value of the `www-authenticate` header. HeadersInit allows for a few different\n // representations of headers with different access patterns (.get vs [key])\n static getWWWAuthenticateHeader (headers: HeadersInit = {}): string | null {\n if (isFunction((headers as Headers)?.get)) {\n return (headers as Headers).get('WWW-Authenticate');\n }\n return headers['www-authenticate'] ?? headers['WWW-Authenticate'];\n }\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthApiError from './AuthApiError';\nimport AuthPollStopError from './AuthPollStopError';\nimport AuthSdkError from './AuthSdkError';\nimport OAuthError from './OAuthError';\nimport WWWAuthError from './WWWAuthError';\n\nfunction isAuthApiError(obj: any): obj is AuthApiError {\n return (obj instanceof AuthApiError);\n}\n\nfunction isOAuthError(obj: any): obj is OAuthError {\n return (obj instanceof OAuthError);\n}\n\nfunction isWWWAuthError(obj: any): obj is WWWAuthError {\n return (obj instanceof WWWAuthError);\n}\n\nexport {\n isAuthApiError,\n isOAuthError,\n isWWWAuthError,\n AuthApiError,\n AuthPollStopError,\n AuthSdkError,\n OAuthError,\n WWWAuthError\n};\n\nexport * from './types';\n","import { OktaAuth } from '../default';\n\n// Export only a single object\nexport default OktaAuth;\n","import * as crypto from '../crypto';\n\nexport { crypto };\nexport * from '../base';\nexport * from '../constants';\nexport * from '../core';\nexport * from '../errors';\nexport * from '../http';\nexport * from '../oidc';\nexport * from '../session';\nexport * from '../storage';\nexport * from '../util';\n","import {\n OktaAuthOptionsConstructor,\n} from '../base';\n\nimport {\n IdxStorageManagerConstructor,\n IdxTransactionManagerConstructor,\n OktaAuthIdxOptions,\n createIdxTransactionManager,\n createOktaAuthIdx,\n createIdxStorageManager,\n createIdxOptionsConstructor\n} from '../idx';\n\nimport { mixinMyAccount } from '../myaccount';\nimport { mixinAuthn } from '../authn';\n\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface OktaAuthOptions extends OktaAuthIdxOptions {}\n\nconst OptionsConstructor: OktaAuthOptionsConstructor<OktaAuthOptions> = createIdxOptionsConstructor();\nconst StorageManager: IdxStorageManagerConstructor = createIdxStorageManager();\nconst TransactionManager: IdxTransactionManagerConstructor = createIdxTransactionManager();\n\n// Default bundle includes everything\nconst WithIdx = createOktaAuthIdx(StorageManager, OptionsConstructor, TransactionManager);\nconst WithMyAccount = mixinMyAccount(WithIdx);\nconst WithAuthn = mixinAuthn(WithMyAccount);\n\nclass OktaAuth extends WithAuthn {\n constructor(options: OktaAuthOptions) {\n super(options);\n }\n}\n\nexport default OktaAuth;\nexport { OktaAuth };\nexport * from './common';\nexport * from '../idx';\nexport * from '../myaccount';\nexport * from '../authn';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable node/no-unsupported-features/node-builtins */\n/* global document, window, TextEncoder, navigator */\n\nimport { webcrypto } from './crypto';\n\nconst isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\t\n\nexport function isBrowser() {\n return typeof document !== 'undefined' && typeof window !== 'undefined';\n}\n\nexport function isIE11OrLess() {\n if (!isBrowser()) {\n return false;\n }\n const documentMode = (document as any).documentMode;\n return !!documentMode && documentMode <= 11;\n}\n\nexport function getUserAgent() {\n return navigator.userAgent;\n}\n\nexport function isFingerprintSupported() {\n const agent = getUserAgent();\n return agent && !isWindowsPhone.test(agent);\t\n}\n\nexport function isPopupPostMessageSupported() {\n if (!isBrowser()) {\n return false;\n }\n const documentMode = (document as any).documentMode;\n var isIE8or9 = documentMode && documentMode < 10;\n if (typeof window.postMessage !== 'undefined' && !isIE8or9) {\n return true;\n }\n return false;\n}\n\nfunction isWebCryptoSubtleSupported () {\n return typeof webcrypto !== 'undefined'\n && webcrypto !== null\n && typeof webcrypto.subtle !== 'undefined'\n && typeof Uint8Array !== 'undefined';\n}\n\nexport function isTokenVerifySupported() {\n return isWebCryptoSubtleSupported();\n}\n\nexport function hasTextEncoder() {\n return typeof TextEncoder !== 'undefined';\n}\n\nexport function isPKCESupported() {\n return isTokenVerifySupported() && hasTextEncoder();\n}\n\nexport function isHTTPS() {\n if (!isBrowser()) {\n return false;\n }\n return window.location.protocol === 'https:';\n}\n\nexport function isLocalhost() {\n // eslint-disable-next-line compat/compat\n return isBrowser() && window.location.hostname === 'localhost';\n}\n\n// For now, DPoP is only supported on browsers\nexport function isDPoPSupported () {\n return !isIE11OrLess() &&\n typeof window.indexedDB !== 'undefined' &&\n hasTextEncoder() &&\n isWebCryptoSubtleSupported();\n}\n\nexport function isIOS () {\n // iOS detection from: http://stackoverflow.com/a/9039885/177710\n return isBrowser() && typeof navigator !== 'undefined' && typeof navigator.userAgent !== 'undefined' &&\n // @ts-expect-error - MSStream is not in `window` type, unsurprisingly\n (/iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream);\n}\n","/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport crossFetch from 'cross-fetch';\nimport { FetchOptions, HttpResponse } from '../http/types';\n\n// content-type = application/json OR application/ion+json\nconst appJsonContentTypeRegex = /application\\/\\w*\\+?json/;\n\nfunction readData(response: Response): Promise<object | string> {\n if (response.headers.get('Content-Type') &&\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n response.headers.get('Content-Type')!.toLowerCase().indexOf('application/json') >= 0) {\n return response.json()\n // JSON parse can fail if response is not a valid object\n .catch(e => {\n return {\n error: e,\n errorSummary: 'Could not parse server response'\n };\n });\n } else {\n return response.text();\n }\n}\n\nfunction formatResult(status: number, data: object | string, response: Response) {\n const isObject = typeof data === 'object';\n const headers = {};\n for (const pair of (response.headers as any).entries()) {\n headers[pair[0]] = pair[1];\n }\n const result: HttpResponse = {\n responseText: isObject ? JSON.stringify(data) : data as string,\n status: status,\n headers\n };\n if (isObject) {\n result.responseType = 'json';\n result.responseJSON = data as object;\n }\n return result;\n}\n\n/* eslint-disable complexity */\nfunction fetchRequest(method: string, url: string, args: FetchOptions) {\n var body = args.data;\n var headers = args.headers || {};\n var contentType = (headers['Content-Type'] || headers['content-type'] || '');\n\n if (body && typeof body !== 'string') {\n // JSON encode body (if appropriate)\n if (appJsonContentTypeRegex.test(contentType)) {\n body = JSON.stringify(body);\n }\n else if (contentType === 'application/x-www-form-urlencoded') {\n body = Object.entries(body)\n .map( ([param, value]) => `${param}=${encodeURIComponent(value)}` )\n .join('&');\n }\n }\n\n var fetch = global.fetch || crossFetch;\n var fetchPromise = fetch(url, {\n method: method,\n headers: args.headers,\n body: body as string,\n credentials: args.withCredentials ? 'include' : 'omit'\n });\n\n if (!fetchPromise.finally) {\n fetchPromise = Promise.resolve(fetchPromise);\n }\n\n return fetchPromise.then(function(response) {\n var error = !response.ok;\n var status = response.status;\n return readData(response)\n .then(data => {\n return formatResult(status, data, response);\n })\n .then(result => {\n if (error || result.responseJSON?.error) {\n // Throwing result object since error handling is done in http.js\n throw result;\n }\n return result;\n });\n });\n}\n\nexport default fetchRequest;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global SDK_VERSION */\n\nimport { isBrowser } from '../features';\nexport class OktaUserAgent {\n environments: string[];\n\n constructor() {\n // add base sdk env\n this.environments = [`okta-auth-js/${SDK_VERSION}`];\n this.maybeAddNodeEnvironment();\n }\n\n addEnvironment(env: string) {\n this.environments.push(env);\n }\n\n getHttpHeader() {\n return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n }\n\n getVersion() {\n return SDK_VERSION;\n }\n\n maybeAddNodeEnvironment() {\n if (isBrowser() || !process || !process.versions) {\n return;\n }\n const { node: version } = process.versions;\n this.environments.push(`nodejs/${version}`);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthHttpInterface } from './types';\n\nexport function setRequestHeader(authClient: OktaAuthHttpInterface, headerName, headerValue) {\n authClient.options.headers = authClient.options.headers || {};\n authClient.options.headers[headerName] = headerValue;\n}","export * from './headers';\nexport * from './OktaUserAgent';\nexport * from './request';\nexport * from './types';\nexport * from './mixin';\nexport * from './options';\n\n","import { OktaAuthStorageInterface, StorageManagerInterface } from '../storage/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n HttpAPI,\n OktaAuthHttpInterface,\n OktaAuthHttpOptions,\n} from './types';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { setRequestHeader } from './headers';\nimport { toQueryString } from '../util';\nimport { get } from './request';\n\nexport function mixinHttp\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n = OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n{\n return class OktaAuthHttp extends Base implements OktaAuthHttpInterface<S, O>\n {\n _oktaUserAgent: OktaUserAgent;\n http: HttpAPI;\n \n constructor(...args: any[]) {\n super(...args);\n\n this._oktaUserAgent = new OktaUserAgent();\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n \n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n \n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createStorageOptionsConstructor } from '../storage';\nimport { HttpRequestClient, OktaAuthHttpOptions, RequestOptions } from './types';\nimport fetchRequest from '../fetch/fetchRequest';\n\nexport function createHttpOptionsConstructor() {\n const StorageOptionsConstructor = createStorageOptionsConstructor();\n return class HttpOptionsConstructor extends StorageOptionsConstructor implements Required<OktaAuthHttpOptions> {\n issuer: string;\n transformErrorXHR: (xhr: object) => any;\n headers: object;\n httpRequestClient: HttpRequestClient;\n httpRequestInterceptors: ((request: RequestOptions) => void)[];\n pollDelay: number;\n \n constructor(args: any) {\n super(args);\n this.issuer = args.issuer;\n this.transformErrorXHR = args.transformErrorXHR;\n this.headers = args.headers;\n this.httpRequestClient = args.httpRequestClient || fetchRequest;\n this.httpRequestInterceptors = args.httpRequestInterceptors;\n this.pollDelay = args.pollDelay;\n }\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport {\n STATE_TOKEN_KEY_NAME,\n DEFAULT_CACHE_DURATION,\n IOS_MAX_RETRY_COUNT,\n} from '../constants';\nimport {\n OktaAuthHttpInterface,\n RequestOptions,\n FetchOptions,\n RequestData,\n HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, APIError, WWWAuthError } from '../errors';\nimport { isBrowser } from '../features';\n\n\n// For iOS track last date when document became visible\nlet dateDocumentBecameVisible = 0;\nlet trackDateDocumentBecameVisible: () => void;\nif (isBrowser()) {\n dateDocumentBecameVisible = Date.now();\n trackDateDocumentBecameVisible = () => {\n if (!document.hidden) {\n dateDocumentBecameVisible = Date.now();\n }\n };\n document.addEventListener('visibilitychange', trackDateDocumentBecameVisible);\n}\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n if (error instanceof Error) {\n // fetch() can throw exceptions\n // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n return new AuthApiError({\n errorSummary: error.message,\n });\n }\n\n let resp: HttpResponse = error;\n let err: AuthApiError | OAuthError | WWWAuthError;\n let serverErr: Record<string, any> = {};\n if (resp.responseText && isString(resp.responseText)) {\n try {\n serverErr = JSON.parse(resp.responseText);\n } catch (e) {\n serverErr = {\n errorSummary: 'Unknown error'\n };\n }\n }\n\n if (resp.status >= 500) {\n serverErr.errorSummary = 'Unknown error';\n }\n\n if (sdk.options.transformErrorXHR) {\n resp = sdk.options.transformErrorXHR(clone(resp));\n }\n\n // \n const wwwAuthHeader = WWWAuthError.getWWWAuthenticateHeader(resp?.headers) ?? '';\n\n if (serverErr.error && serverErr.error_description) {\n err = new OAuthError(serverErr.error, serverErr.error_description, resp);\n } else {\n err = new AuthApiError(serverErr as APIError, resp, { wwwAuthHeader });\n }\n\n if (wwwAuthHeader && resp?.status >= 400 && resp?.status < 500) {\n const wwwAuthErr = WWWAuthError.parseHeader(wwwAuthHeader);\n // check for 403 to avoid breaking change\n if (resp.status === 403 && wwwAuthErr?.error === 'insufficient_authentication_context') {\n // eslint-disable-next-line camelcase\n const { max_age, acr_values } = wwwAuthErr.parameters;\n err = new AuthApiError(\n {\n errorSummary: wwwAuthErr.error,\n errorCauses: [{ errorSummary: wwwAuthErr.errorDescription }]\n },\n resp,\n {\n // eslint-disable-next-line camelcase\n max_age: +max_age,\n // eslint-disable-next-line camelcase\n ...(acr_values && { acr_values })\n }\n );\n }\n else if (wwwAuthErr?.scheme === 'DPoP') {\n err = wwwAuthErr;\n }\n // else {\n // // WWWAuthError.parseHeader may return null, only overwrite if !null\n // err = wwwAuthErr ?? err;\n // }\n }\n\n return err;\n};\n\n// eslint-disable-next-line max-statements\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n options = options || {};\n\n if (sdk.options.httpRequestInterceptors) {\n for (const interceptor of sdk.options.httpRequestInterceptors) {\n interceptor(options);\n }\n }\n\n var url = options.url,\n method = options.method,\n args = options.args,\n saveAuthnState = options.saveAuthnState,\n accessToken = options.accessToken,\n withCredentials = options.withCredentials === true, // default value is false\n storageUtil = sdk.options.storageUtil,\n storage = storageUtil!.storage,\n httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies),\n pollingIntent = options.pollingIntent,\n pollDelay = sdk.options.pollDelay ?? 0;\n\n if (options.cacheResponse) {\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[url as string];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n return Promise.resolve(cachedResponse.response);\n }\n }\n\n var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n var headers: HeadersInit = {\n 'Accept': 'application/json',\n 'Content-Type': 'application/json',\n ...oktaUserAgentHeader\n };\n Object.assign(headers, sdk.options.headers, options.headers);\n headers = removeNils(headers) as HeadersInit;\n\n if (accessToken && isString(accessToken)) {\n headers['Authorization'] = 'Bearer ' + accessToken;\n }\n\n var ajaxOptions: FetchOptions = {\n headers,\n data: args || undefined,\n withCredentials\n };\n\n var err, res, promise;\n\n if (pollingIntent && isBrowser() && pollDelay > 0) {\n let waitForVisibleAndAwakenDocument: () => Promise<void>;\n let waitForAwakenDocument: () => Promise<void>;\n let recursiveFetch: () => Promise<HttpResponse>;\n let retryCount = 0;\n\n // Safari on iOS has a bug:\n // Performing `fetch` right after document became visible can fail with `Load failed` error.\n // Running fetch after short timeout fixes this issue.\n waitForAwakenDocument = () => {\n const timeSinceDocumentIsVisible = Date.now() - dateDocumentBecameVisible;\n if (timeSinceDocumentIsVisible < pollDelay) {\n return new Promise<void>((resolve) => setTimeout(() => {\n if (!document.hidden) {\n resolve();\n } else {\n resolve(waitForVisibleAndAwakenDocument());\n }\n }, pollDelay - timeSinceDocumentIsVisible));\n } else {\n return Promise.resolve();\n }\n };\n\n // Returns a promise that resolves when document is visible for 500 ms\n waitForVisibleAndAwakenDocument = () => {\n if (document.hidden) {\n let pageVisibilityHandler: () => void;\n return new Promise<void>((resolve) => {\n pageVisibilityHandler = () => {\n if (!document.hidden) {\n document.removeEventListener('visibilitychange', pageVisibilityHandler);\n resolve(waitForAwakenDocument());\n }\n };\n document.addEventListener('visibilitychange', pageVisibilityHandler);\n });\n } else {\n return waitForAwakenDocument();\n }\n };\n\n // Restarts fetch on 'Load failed' error\n // This error can occur when `fetch` does not respond\n // (due to CORS error, non-existing host, or network error)\n const retryableFetch = (): Promise<HttpResponse> => {\n return sdk.options.httpRequestClient!(method!, url!, ajaxOptions).catch((err) => {\n const isNetworkError = err?.message === 'Load failed';\n if (isNetworkError && retryCount < IOS_MAX_RETRY_COUNT) {\n retryCount++;\n return recursiveFetch();\n }\n throw err;\n });\n };\n\n // Final promise to fetch that wraps logic with waiting for visible document\n // and retrying fetch request on network error\n recursiveFetch = (): Promise<HttpResponse> => {\n return waitForVisibleAndAwakenDocument().then(retryableFetch);\n };\n\n promise = recursiveFetch();\n } else {\n promise = sdk.options.httpRequestClient!(method!, url!, ajaxOptions);\n }\n\n return promise\n .then(function(resp) {\n res = resp.responseText;\n if (res && isString(res)) {\n res = JSON.parse(res);\n if (res && typeof res === 'object' && !res.headers) {\n if (Array.isArray(res)) {\n res.forEach(item => {\n item.headers = resp.headers;\n });\n } else {\n res.headers = resp.headers;\n }\n }\n }\n\n if (saveAuthnState) {\n if (!res.stateToken) {\n storage.delete(STATE_TOKEN_KEY_NAME);\n }\n }\n\n if (res && res.stateToken && res.expiresAt) {\n storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n }\n\n if (res && options.cacheResponse) {\n httpCache.updateStorage(url!, {\n expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n response: res\n });\n }\n \n return res;\n })\n .catch(function(resp) {\n err = formatError(sdk, resp);\n\n if (err.errorCode === 'E0000011') {\n storage.delete(STATE_TOKEN_KEY_NAME);\n }\n\n throw err;\n });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n var getOptions = {\n url: url,\n method: 'GET'\n };\n Object.assign(getOptions, options);\n return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n var postOptions = {\n url: url,\n method: 'POST',\n args: args,\n saveAuthnState: true\n };\n Object.assign(postOptions, options);\n return httpRequest(sdk, postOptions);\n}\n","import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n const TransactionManager = createTransactionManager<M, S>();\n return class IdxTransactionManager extends TransactionManager\n {\n constructor(options: TransactionManagerOptions) {\n super(options);\n }\n\n clear(options: ClearTransactionMetaOptions = {}) {\n super.clear(options);\n\n if (options.clearIdxResponse !== false) {\n this.clearIdxResponse();\n }\n }\n \n saveIdxResponse(data: SavedIdxResponse): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage(data);\n }\n\n // eslint-disable-next-line complexity\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n if (!this.saveLastResponse) {\n return null;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const storedValue = storage.getStorage();\n if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n return null;\n }\n\n if (options) {\n const { stateHandle, interactionHandle } = options;\n // only perform this check if NOT using generic remediator\n if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {\n return null;\n }\n if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n return null;\n }\n }\n\n return storedValue;\n }\n\n clearIdxResponse(): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n storage?.clearStorage();\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthIdxInterface,\n IdxTransaction,\n AuthenticatorKey,\n AuthenticationOptions\n} from './types';\nimport { run } from './run';\n\nexport async function authenticate(\n authClient: OktaAuthIdxInterface, options: AuthenticationOptions = {}\n): Promise<IdxTransaction> {\n if (options.password && !options.authenticator) {\n options.authenticator = AuthenticatorKey.OKTA_PASSWORD;\n }\n return run(authClient, { \n ...options, \n flow: 'authenticate'\n });\n}\n","import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js';\n\n\nexport interface Credentials {\n [key: string]: string | boolean | number | undefined;\n}\n\nexport abstract class Authenticator<Values> {\n meta: IdxAuthenticator;\n\n constructor(authenticator: IdxAuthenticator) {\n this.meta = authenticator;\n }\n\n abstract canVerify(values: Values): boolean;\n\n abstract mapCredentials(values: Values): Credentials | undefined;\n\n abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n password?: string;\n passcode?: string;\n credentials?: Credentials;\n // for ResetAuthenticator\n revokeSessions?: boolean;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n canVerify(values: OktaPasswordInputValues) {\n return !!(values.credentials || values.password || values.passcode);\n }\n\n mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n const { credentials, password, passcode, revokeSessions } = values;\n if (!credentials && !password && !passcode) {\n return;\n }\n return credentials || {\n passcode: passcode || password,\n revokeSessions,\n };\n }\n\n getInputs(idxRemediationValue) {\n const inputs = [{\n ...idxRemediationValue.form?.value[0],\n name: 'password',\n type: 'string',\n required: idxRemediationValue.required,\n }];\n const revokeSessions = idxRemediationValue.form?.value.find(\n input => input.name === 'revokeSessions'\n );\n if (revokeSessions) {\n inputs.push({\n name: 'revokeSessions',\n type: 'boolean',\n label: 'Sign me out of all other devices',\n required: false,\n });\n }\n return inputs;\n }\n}\n","import { Credentials } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\n\ninterface TotpCredentials extends Credentials {\n totp: string;\n}\n\nexport class OktaVerifyTotp extends VerificationCodeAuthenticator {\n mapCredentials(values): TotpCredentials | undefined {\n const { verificationCode } = values;\n if (!verificationCode) {\n return;\n }\n return { totp: verificationCode };\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n questionKey?: string;\n question?: string;\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n canVerify(values: SecurityQuestionEnrollValues) {\n const { credentials } = values;\n if (credentials && credentials.questionKey && credentials.answer) {\n return true;\n }\n const { questionKey, question, answer } = values;\n return !!(questionKey && answer) || !!(question && answer);\n }\n\n mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n const { questionKey, question, answer } = values;\n if (!answer || (!questionKey && !question)) {\n return;\n }\n return {\n questionKey: question ? 'custom' : questionKey,\n question,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'questionKey', type: 'string', required: true },\n { name: 'question', type: 'string', label: 'Create a security question' },\n { name: 'answer', type: 'string', label: 'Answer', required: true },\n ];\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n canVerify(values: SecurityQuestionVerificationValues) {\n const { credentials } = values;\n if (credentials && credentials.answer) {\n return true;\n }\n const { answer } = values;\n return !!answer;\n }\n\n mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n const { answer } = values;\n if (!answer) {\n return;\n }\n return {\n questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'answer', type: 'string', label: 'Answer', required: true }\n ];\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface VerificationCodeValues {\n verificationCode?: string;\n otp?: string;\n credentials?: Credentials;\n}\n\ninterface VerificationCodeCredentials extends Credentials {\n passcode: string;\n}\n\n// general authenticator to handle \"verificationCode\" input\n// it can be used for \"email\", \"phone\", \"google authenticator\"\n// a new authenticator class should be created if special cases need to be handled\nexport class VerificationCodeAuthenticator extends Authenticator<VerificationCodeValues> {\n canVerify(values: VerificationCodeValues) {\n return !!(values.credentials ||values.verificationCode || values.otp);\n }\n\n mapCredentials(values): VerificationCodeCredentials | Credentials | undefined {\n const { credentials, verificationCode, otp } = values;\n if (!credentials && !verificationCode && !otp) {\n return;\n }\n return credentials || { passcode: verificationCode || otp };\n }\n\n getInputs(idxRemediationValue) {\n return {\n ...idxRemediationValue.form?.value[0],\n name: 'verificationCode',\n type: 'string',\n required: idxRemediationValue.required\n };\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n clientData?: string;\n attestation?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n canVerify(values: WebauthnEnrollValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, attestation } = obj;\n return !!(clientData && attestation);\n }\n\n mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n const { credentials, clientData, attestation } = values;\n if (!credentials && !clientData && !attestation) {\n return;\n }\n return credentials || ({\n clientData,\n attestation\n });\n }\n\n getInputs() {\n return [\n { name: 'clientData', type: 'string', required: true, visible: false, label: 'Client Data' },\n { name: 'attestation', type: 'string', required: true, visible: false, label: 'Attestation' },\n ];\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n clientData?: string;\n authenticatorData?: string;\n signatureData?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n canVerify(values: WebauthnVerificationValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, authenticatorData, signatureData } = obj;\n return !!(clientData && authenticatorData && signatureData);\n }\n\n mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n const { credentials, authenticatorData, clientData, signatureData } = values;\n if (!credentials && !authenticatorData && !clientData && !signatureData) {\n return;\n }\n return credentials || ({\n authenticatorData,\n clientData,\n signatureData\n });\n }\n\n getInputs() {\n return [\n { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n ];\n }\n}\n","import { OktaVerifyTotp } from './OktaVerifyTotp';\nimport { Authenticator } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\nimport { OktaPassword } from './OktaPassword';\nimport { SecurityQuestionEnrollment } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerification } from './SecurityQuestionVerification';\nimport { WebauthnEnrollment } from './WebauthnEnrollment';\nimport { WebauthnVerification } from './WebauthnVerification';\nimport { IdxAuthenticator, IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey } from '../types';\n\n/* eslint complexity:[0,8] */\nexport function getAuthenticator(remediation: IdxRemediation): Authenticator<any> {\n const relatesTo = remediation.relatesTo;\n const value = relatesTo?.value || {} as IdxAuthenticator;\n switch (value.key) {\n case AuthenticatorKey.OKTA_PASSWORD:\n return new OktaPassword(value);\n case AuthenticatorKey.SECURITY_QUESTION:\n if (value.contextualData?.enrolledQuestion) {\n return new SecurityQuestionVerification(value);\n } else {\n return new SecurityQuestionEnrollment(value);\n }\n case AuthenticatorKey.OKTA_VERIFY:\n return new OktaVerifyTotp(value);\n case AuthenticatorKey.WEBAUTHN:\n if (value.contextualData?.challengeData) {\n return new WebauthnVerification(value);\n } else {\n return new WebauthnEnrollment(value);\n }\n default:\n return new VerificationCodeAuthenticator(value);\n }\n}\n","export * from './getAuthenticator';\nexport * from './Authenticator';\nexport * from './VerificationCodeAuthenticator';\nexport * from './OktaPassword';\nexport * from './SecurityQuestionEnrollment';\nexport * from './SecurityQuestionVerification';\nexport * from './WebauthnEnrollment';\nexport * from './WebauthnVerification';\n\nimport { OktaPasswordInputValues } from './OktaPassword';\nimport { SecurityQuestionEnrollValues } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerificationValues } from './SecurityQuestionVerification';\nimport { VerificationCodeValues } from './VerificationCodeAuthenticator';\nimport { WebauthnEnrollValues } from './WebauthnEnrollment';\nimport { WebauthnVerificationValues } from './WebauthnVerification';\n\nexport type AuthenticatorValues = OktaPasswordInputValues\n & SecurityQuestionEnrollValues\n & SecurityQuestionVerificationValues\n & VerificationCodeValues\n & WebauthnEnrollValues\n & WebauthnVerificationValues;\n","import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n let authenticator: Authenticator;\n if (isAuthenticator(incoming)) {\n authenticator = incoming;\n } else if (typeof incoming === 'string') {\n authenticator = {\n key: incoming\n };\n } else {\n throw new Error('Invalid format for authenticator');\n }\n return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n if (!auth1 || !auth2) {\n return false;\n }\n // by id\n if (auth1.id && auth2.id) {\n return (auth1.id === auth2.id);\n }\n // by key\n if (auth1.key && auth2.key) {\n return (auth1.key === auth2.key);\n }\n return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n let option;\n for (let authenticator of authenticators) {\n option = options\n .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n if (option) {\n break;\n }\n }\n return option;\n}","/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, CancelOptions, IdxTransactionMeta } from './types';\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\n\nexport async function cancel (authClient: OktaAuthIdxInterface, options?: CancelOptions) {\n const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n const flowSpec = getFlowSpecification(authClient, meta.flow);\n return run(authClient, {\n ...options,\n ...flowSpec,\n actions: ['cancel']\n });\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface } from './types';\n\nimport CustomError from '../errors/CustomError';\nimport { urlParamsToObject } from '../oidc/util/urlParams';\nimport { EmailVerifyCallbackResponse } from './types/api';\n\nexport class EmailVerifyCallbackError extends CustomError {\n state: string;\n otp: string;\n\n constructor(state: string, otp: string) {\n super(`Enter the OTP code in the originating client: ${otp}`);\n this.name = 'EmailVerifyCallbackError';\n this.state = state;\n this.otp = otp;\n }\n}\n\nexport function isEmailVerifyCallbackError(error: Error) {\n return (error.name === 'EmailVerifyCallbackError');\n}\n\n// Check if state && otp have been passed back in the url\nexport function isEmailVerifyCallback (urlPath: string): boolean {\n return /(otp=)/i.test(urlPath) && /(state=)/i.test(urlPath);\n}\n\n// Parse state and otp from a urlPath (should be either a search or fragment from the URL)\nexport function parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n return urlParamsToObject(urlPath) as EmailVerifyCallbackResponse;\n}\n\nexport async function handleEmailVerifyCallback(authClient: OktaAuthIdxInterface, search: string) {\n if (isEmailVerifyCallback(search)) {\n const { state, otp } = parseEmailVerifyCallback(search);\n if (authClient.idx.canProceed({ state })) {\n // same browser / device\n return await authClient.idx.proceed({ state, otp });\n } else {\n // different browser or device\n throw new EmailVerifyCallbackError(state, otp);\n }\n }\n}\n","import { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, MinimalOktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { TransactionManagerConstructor, MinimalOktaOAuthInterface } from '../../oidc/types';\nimport { mixinMinimalIdx } from '../mixinMinimal';\nimport { createOktaAuthBase } from '../../base/factory';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinMinimalOAuth } from '../../oidc/mixin/minimal';\n\nexport function createMinimalOktaAuthIdx<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<\n MinimalOktaAuthIdxInterface<M, S, O, TM> & MinimalOktaOAuthInterface<M, S, O, TM>\n>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinMinimalOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n // do not mixin core\n const WithIdx = mixinMinimalIdx(WithOAuth);\n return WithIdx;\n}\n","import { createOktaAuthCore } from '../../core/factory';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, OktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { mixinIdx } from '../mixin';\nimport { TransactionManagerConstructor } from '../../oidc/types';\nimport { OktaAuthCoreInterface } from '../../core/types';\n\nexport function createOktaAuthIdx<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM> & OktaAuthCoreInterface<M, S, O, TM>>\n{\n const Core = createOktaAuthCore<M, S, O, TM>(\n StorageManagerConstructor,\n OptionsConstructor,\n TransactionManagerConstructor\n );\n const WithIdx = mixinIdx(Core);\n return WithIdx;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { isInteractionRequired, isInteractionRequiredError } from '../../oidc';\nimport { authenticate } from '../authenticate';\nimport { cancel } from '../cancel';\nimport {\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n isEmailVerifyCallbackError,\n parseEmailVerifyCallback\n} from '../emailVerify';\nimport { handleInteractionCodeRedirect } from '../handleInteractionCodeRedirect';\nimport { makeIdxState } from '../idxState';\nimport { interact } from '../interact';\nimport { introspect } from '../introspect';\nimport { poll } from '../poll';\nimport { canProceed, proceed } from '../proceed';\nimport { recoverPassword } from '../recoverPassword';\nimport { register } from '../register';\nimport { startTransaction } from '../startTransaction';\nimport {\n clearTransactionMeta,\n createTransactionMeta,\n getSavedTransactionMeta,\n getTransactionMeta,\n isTransactionMetaValid,\n saveTransactionMeta\n} from '../transactionMeta';\nimport { FlowIdentifier, IdxAPI, OktaAuthIdxInterface } from '../types';\nimport { unlockAccount } from '../unlockAccount';\nimport * as remediators from '../remediators';\nimport { getFlowSpecification } from '../flow/FlowSpecification';\nimport { setRemediatorsCtx } from '../util';\n\n// Factory\nexport function createIdxAPI(sdk: OktaAuthIdxInterface): IdxAPI {\n setRemediatorsCtx({\n remediators,\n getFlowSpecification,\n });\n const boundStartTransaction = startTransaction.bind(null, sdk);\n const idx = {\n interact: interact.bind(null, sdk),\n introspect: introspect.bind(null, sdk),\n makeIdxResponse: makeIdxState.bind(null, sdk),\n \n authenticate: authenticate.bind(null, sdk),\n register: register.bind(null, sdk),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, sdk),\n proceed: proceed.bind(null, sdk),\n cancel: cancel.bind(null, sdk),\n recoverPassword: recoverPassword.bind(null, sdk),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, sdk),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, sdk),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, sdk),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, sdk),\n createTransactionMeta: createTransactionMeta.bind(null, sdk),\n getTransactionMeta: getTransactionMeta.bind(null, sdk),\n saveTransactionMeta: saveTransactionMeta.bind(null, sdk),\n clearTransactionMeta: clearTransactionMeta.bind(null, sdk),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n sdk.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return sdk.options.flow;\n },\n canProceed: canProceed.bind(null, sdk),\n unlockAccount: unlockAccount.bind(null, sdk),\n };\n return idx;\n}\n\n","export * from './api';\nexport * from './OktaAuthIdx';\nexport * from './MinimalOktaAuthIdx';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { makeIdxState } from '../idxState';\nimport { canProceed, proceed } from '../proceed';\nimport { startTransaction } from '../startTransaction';\nimport {\n clearTransactionMeta,\n createTransactionMeta,\n getSavedTransactionMeta,\n getTransactionMeta,\n isTransactionMetaValid,\n saveTransactionMeta\n} from '../transactionMeta';\nimport { MinimalIdxAPI, MinimalOktaAuthIdxInterface, OktaAuthIdxInterface } from '../types';\n\n// Factory\nexport function createMinimalIdxAPI(minimalSdk: MinimalOktaAuthIdxInterface): MinimalIdxAPI {\n const sdk = minimalSdk as OktaAuthIdxInterface;\n const boundStartTransaction = startTransaction.bind(null, sdk);\n const idx = {\n makeIdxResponse: makeIdxState.bind(null, sdk),\n\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n proceed: proceed.bind(null, sdk),\n canProceed: canProceed.bind(null, sdk),\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, sdk),\n createTransactionMeta: createTransactionMeta.bind(null, sdk),\n getTransactionMeta: getTransactionMeta.bind(null, sdk),\n saveTransactionMeta: saveTransactionMeta.bind(null, sdk),\n clearTransactionMeta: clearTransactionMeta.bind(null, sdk),\n isTransactionMetaValid,\n };\n return idx;\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n Identify,\n SelectAuthenticatorUnlockAccount,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n ChallengePoll,\n AuthenticatorVerificationData,\n ReEnrollAuthenticatorWarning\n} from '../remediators';\n\nexport const AccountUnlockFlow: RemediationFlow = {\n 'identify': Identify,\n // NOTE: unlock-account is purposely not included. Handled as action\n // because it's a rememdiation which requires no input\n // 'unlock-account': UnlockAccount,\n 'select-authenticator-unlock-account': SelectAuthenticatorUnlockAccount,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'challenge-poll': ChallengePoll,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n Identify,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n ReEnrollAuthenticator,\n ReEnrollAuthenticatorWarning,\n RedirectIdp,\n AuthenticatorEnrollmentData,\n SelectAuthenticatorEnroll,\n EnrollAuthenticator,\n AuthenticatorVerificationData,\n EnrollPoll,\n ChallengePoll,\n SelectEnrollmentChannel,\n EnrollmentChannelData,\n Skip\n} from '../remediators';\n\nexport const AuthenticationFlow: RemediationFlow = {\n 'identify': Identify,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'enroll-authenticator': EnrollAuthenticator,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'challenge-poll': ChallengePoll,\n 'reenroll-authenticator': ReEnrollAuthenticator,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n 'enroll-poll': EnrollPoll,\n 'select-enrollment-channel': SelectEnrollmentChannel,\n 'enrollment-channel-data': EnrollmentChannelData,\n 'redirect-idp': RedirectIdp,\n 'skip': Skip,\n};\n","import { OktaAuthIdxInterface, FlowIdentifier, FlowSpecification } from '../types';\nimport { AuthenticationFlow } from './AuthenticationFlow';\nimport { PasswordRecoveryFlow } from './PasswordRecoveryFlow';\nimport { RegistrationFlow } from './RegistrationFlow';\nimport { AccountUnlockFlow } from './AccountUnlockFlow';\n\n// eslint-disable-next-line complexity\nexport function getFlowSpecification(\n oktaAuth: OktaAuthIdxInterface,\n flow: FlowIdentifier = 'default'\n): FlowSpecification {\n let remediators, actions, withCredentials = true;\n switch (flow) {\n case 'register':\n case 'signup':\n case 'enrollProfile':\n remediators = RegistrationFlow;\n withCredentials = false;\n break;\n case 'recoverPassword':\n case 'resetPassword':\n remediators = PasswordRecoveryFlow;\n actions = [\n 'currentAuthenticator-recover', \n 'currentAuthenticatorEnrollment-recover'\n ];\n withCredentials = false;\n break;\n case 'unlockAccount':\n remediators = AccountUnlockFlow;\n withCredentials = false;\n actions = [\n 'unlock-account'\n ];\n break;\n case 'authenticate':\n case 'login':\n case 'signin':\n remediators = AuthenticationFlow;\n break;\n default:\n // default case has no flow monitor\n remediators = AuthenticationFlow;\n break;\n }\n return { flow, remediators, actions, withCredentials };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n Identify,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n AuthenticatorVerificationData,\n ResetAuthenticator,\n ReEnrollAuthenticator,\n ReEnrollAuthenticatorWarning,\n SelectAuthenticatorEnroll,\n AuthenticatorEnrollmentData,\n EnrollPoll\n} from '../remediators';\n\nexport const PasswordRecoveryFlow: RemediationFlow = {\n 'identify': Identify,\n 'identify-recovery': Identify,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'reset-authenticator': ResetAuthenticator,\n 'reenroll-authenticator': ReEnrollAuthenticator,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n 'enroll-poll': EnrollPoll,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n SelectEnrollProfile,\n EnrollPoll,\n SelectEnrollmentChannel,\n EnrollmentChannelData,\n EnrollProfile,\n SelectAuthenticatorEnroll,\n EnrollAuthenticator,\n AuthenticatorEnrollmentData,\n Skip,\n} from '../remediators';\n\nexport const RegistrationFlow: RemediationFlow = {\n 'select-enroll-profile': SelectEnrollProfile,\n 'enroll-profile': EnrollProfile,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'enroll-poll': EnrollPoll,\n 'select-enrollment-channel': SelectEnrollmentChannel,\n 'enrollment-channel-data': EnrollmentChannelData,\n 'enroll-authenticator': EnrollAuthenticator,\n 'skip': Skip,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './AuthenticationFlow';\nexport * from './FlowSpecification';\nexport * from './PasswordRecoveryFlow';\nexport * from './RegistrationFlow';\nexport * from './AccountUnlockFlow';\nexport * from './RemediationFlow';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { IdxTransactionMeta } from './types/meta';\nimport { OktaAuthIdxInterface } from './types';\n\nexport async function handleInteractionCodeRedirect(\n authClient: OktaAuthIdxInterface, \n url: string\n): Promise<void> {\n const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n if (!meta) {\n throw new AuthSdkError('No transaction data was found in storage');\n }\n\n const { \n codeVerifier,\n state: savedState \n } = meta;\n const { \n searchParams\n // URL API has been added to the polyfill\n // eslint-disable-next-line compat/compat\n } = new URL(url); \n const state = searchParams.get('state');\n const interactionCode = searchParams.get('interaction_code');\n\n // Error handling\n const error = searchParams.get('error');\n if (error) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n throw new OAuthError(error, searchParams.get('error_description')!);\n }\n if (state !== savedState) {\n throw new AuthSdkError('State in redirect uri does not match with transaction state');\n }\n if (!interactionCode) {\n throw new AuthSdkError('Unable to parse interaction_code from the url');\n }\n \n // Save tokens to storage\n const { tokens } = await authClient.token.exchangeCodeForTokens({ interactionCode, codeVerifier });\n authClient.tokenManager.setTokens(tokens);\n}","import { OktaAuthIdxInterface } from '../types'; // auth-js/types\nimport { IdxResponse, IdxToPersist, RawIdxResponse } from '../types/idx-js'; // idx/types\nimport { IDX_API_VERSION } from '../../constants';\nimport v1 from './v1/parsers';\n\n\nexport const parsersForVersion = function parsersForVersion( version ) {\n switch (version) {\n case '1.0.0':\n return v1;\n case undefined:\n case null:\n throw new Error('Api version is required');\n default:\n throw new Error(`Unknown api version: ${version}. Use an exact semver version.`);\n }\n};\n\nexport function validateVersionConfig(version) {\n if ( !version ) {\n throw new Error('version is required');\n }\n\n const cleanVersion = (version ?? '').replace(/[^0-9a-zA-Z._-]/, '');\n if ( cleanVersion !== version || !version ) {\n throw new Error('invalid version supplied - version is required and uses semver syntax');\n }\n\n parsersForVersion(version); // will throw for invalid version\n}\n\nexport function makeIdxState ( \n authClient: OktaAuthIdxInterface,\n rawIdxResponse: RawIdxResponse,\n toPersist: IdxToPersist,\n requestDidSucceed: boolean,\n): IdxResponse {\n const version = rawIdxResponse?.version ?? IDX_API_VERSION;\n validateVersionConfig(version);\n \n const { makeIdxState } = parsersForVersion(version);\n return makeIdxState(authClient, rawIdxResponse, toPersist, requestDidSucceed);\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nconst isFieldMutable = function isFieldMutable(field) {\n // mutable defaults to true, annoyingly\n return ( field.mutable !== false );\n};\n\nconst divideSingleActionParamsByMutability = function divideSingleActionParamsByMutability( action ) {\n const defaultParamsForAction = {}; // mutable and present\n const neededParamsForAction = []; // mutable values\n const immutableParamsForAction = {}; // immutable\n // TODO: remove assumption that form names are unique, neededParams being an array is a temp fix\n // not all actions have value (e.g. redirect)\n // making sure they are not empty and instead hold the remediation object\n if (!action.value) {\n neededParamsForAction.push(action);\n return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n }\n\n for ( let field of action.value ) {\n\n if ( isFieldMutable( field ) ) {\n\n neededParamsForAction.push(field);\n\n if ( field.value ?? false ) {\n defaultParamsForAction[field.name] = field.value;\n }\n\n } else {\n immutableParamsForAction[field.name] = field.value ?? '';\n }\n }\n return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n};\n\nexport const divideActionParamsByMutability = function divideActionParamsByMutability( actionList ) {\n // TODO: when removing form name is unique assumption, this may all be redundant\n actionList = Array.isArray(actionList) ? actionList : [ actionList ];\n const neededParams = [];\n const defaultParams = {};\n const immutableParams = {};\n\n for ( let action of actionList ) {\n const { \n defaultParamsForAction, \n neededParamsForAction, \n immutableParamsForAction \n } = divideSingleActionParamsByMutability(action);\n neededParams.push(neededParamsForAction);\n defaultParams[action.name] = defaultParamsForAction;\n immutableParams[action.name] = immutableParamsForAction;\n }\n\n return { defaultParams, neededParams, immutableParams };\n};\n\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len, complexity */\nimport { httpRequest, RequestOptions } from '../../../http';\nimport { OktaAuthIdxInterface } from '../../types'; // auth-js/types\nimport { IdxActionFunction, IdxActionParams, IdxResponse, IdxToPersist } from '../../types/idx-js';\nimport { divideActionParamsByMutability } from './actionParser';\nimport AuthApiError from '../../../errors/AuthApiError';\n\nconst generateDirectFetch = function generateDirectFetch(authClient: OktaAuthIdxInterface, { \n actionDefinition, \n defaultParamsForAction = {}, \n immutableParamsForAction = {}, \n toPersist = {} as IdxToPersist\n}): IdxActionFunction {\n const target = actionDefinition.href;\n return async function(params: IdxActionParams = {}): Promise<IdxResponse> {\n const headers = {\n 'Content-Type': 'application/json',\n 'Accept': actionDefinition.accepts || 'application/ion+json',\n };\n const body = JSON.stringify({\n ...defaultParamsForAction,\n ...params,\n ...immutableParamsForAction\n });\n\n try {\n const options: RequestOptions = {\n url: target,\n method: actionDefinition.method,\n headers,\n args: body,\n withCredentials: toPersist?.withCredentials ?? true\n };\n const isPolling = actionDefinition.name === 'poll' || actionDefinition.name?.endsWith('-poll');\n if (isPolling) {\n options.pollingIntent = true;\n }\n const response = await httpRequest(authClient, options);\n\n return authClient.idx.makeIdxResponse({ ...response }, toPersist, true);\n }\n catch (err) {\n if (!(err instanceof AuthApiError) || !err?.xhr) {\n throw err;\n }\n\n const response = err.xhr;\n const payload = response.responseJSON || JSON.parse(response.responseText);\n const wwwAuthHeader = response.headers['WWW-Authenticate'] || response.headers['www-authenticate'];\n\n const idxResponse = authClient.idx.makeIdxResponse({ ...payload }, toPersist, false);\n if (response.status === 401 && wwwAuthHeader === 'Oktadevicejwt realm=\"Okta Device\"') {\n // Okta server responds 401 status code with WWW-Authenticate header and new remediation\n // so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept\n // the response reaches here when Okta Verify is not installed\n // set `stepUp` to true if flow should be continued without showing any errors\n idxResponse.stepUp = true;\n }\n\n return idxResponse;\n }\n };\n};\n\n// TODO: Resolve in M2: Either build the final polling solution or remove this code\n// const generatePollingFetch = function generatePollingFetch( { actionDefinition, defaultParamsForAction = {}, immutableParamsForAction = {} } ) {\n// // TODO: Discussions ongoing about when/how to terminate polling: OKTA-246581\n// const target = actionDefinition.href;\n// return async function(params) {\n// return fetch(target, {\n// method: actionDefinition.method,\n// headers: {\n// 'content-type': actionDefinition.accepts,\n// },\n// body: JSON.stringify({ ...defaultParamsForAction, ...params, ...immutableParamsForAction })\n// })\n// .then( response => response.ok ? response.json() : response.json().then( err => Promise.reject(err)) )\n// .then( idxResponse => makeIdxState(authClient, idxResponse) );\n// };\n// };\n\nconst generateIdxAction = function generateIdxAction( authClient: OktaAuthIdxInterface, actionDefinition, toPersist ): IdxActionFunction {\n // TODO: leaving this here to see where the polling is EXPECTED to drop into the code, but removing any accidental trigger of incomplete code\n // const generator = actionDefinition.refresh ? generatePollingFetch : generateDirectFetch;\n const generator = generateDirectFetch;\n const { defaultParams, neededParams, immutableParams } = divideActionParamsByMutability( actionDefinition );\n\n const action = generator(authClient, {\n actionDefinition,\n defaultParamsForAction: defaultParams[actionDefinition.name],\n immutableParamsForAction: immutableParams[actionDefinition.name],\n toPersist\n });\n action.neededParams = neededParams;\n return action;\n};\n\nexport default generateIdxAction;\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n\nimport { OktaAuthIdxInterface, IdxResponse, IdxRemediation, IdxContext } from '../../types'; // auth-js/types\nimport { IdxActions } from '../../types/idx-js';\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\nimport { AuthSdkError } from '../../../errors';\n\nconst SKIP_FIELDS = {\n 'remediation': true, // remediations are put into proceed/neededToProceed\n 'context': true, // the API response of 'context' isn't externally useful. We ignore it and put all non-action (contextual) info into idxState.context\n};\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse: IdxResponse, toPersist = {} ) {\n const actions = {};\n const context = {} as IdxContext;\n\n Object.keys(idxResponse)\n .filter( field => !SKIP_FIELDS[field])\n .forEach( field => {\n const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n if ( !fieldIsObject ) {\n // simple fields are contextual info\n context[field] = idxResponse[field];\n return;\n }\n\n if ( idxResponse[field].rel ) {\n // top level actions\n actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n return;\n }\n\n const { value: fieldValue, type, ...info} = idxResponse[field];\n context[field] = { type, ...info}; // add the non-action parts as context\n\n if ( type !== 'object' ) {\n // only object values hold actions\n context[field].value = fieldValue;\n return;\n }\n\n // We are an object field containing an object value\n context[field].value = {};\n Object.entries<IdxRemediation>(fieldValue)\n .forEach( ([subField, value]) => {\n if (value.rel) { // is [field].value[subField] an action?\n // add any \"action\" value subfields to actions\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n } else {\n // add non-action value subfields to context\n context[field].value[subField] = value;\n }\n });\n });\n\n return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n Object.keys(value).forEach(k => {\n if (k === 'relatesTo') {\n const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n if (typeof query === 'string') {\n const result = jsonpath({ path: query, json: idxResponse });\n if (result) {\n value[k] = result;\n return;\n } else {\n throw new AuthSdkError(`Cannot resolve relatesTo: ${query}`);\n }\n }\n }\n if (Array.isArray(value[k])) {\n value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n }\n });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n // Only remediation that has `rel` field (indicator for form submission) can have http action\n if (remediation.rel) {\n const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n const actionFn = remediationActions[remediation.name];\n return {\n ...remediation,\n action: actionFn,\n };\n }\n\n return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n remediations: IdxRemediation[];\n context: IdxContext;\n actions: IdxActions;\n} {\n const remediationData = idxResponse.remediation?.value || [];\n\n remediationData.forEach(\n remediation => {\n // TODO: remove once IDX is fixed - OKTA-659181\n if (remediation.name === 'launch-authenticator' &&\n remediation?.relatesTo?.[0] === 'authenticatorChallenge' &&\n !idxResponse?.authenticatorChallenge\n ) {\n delete remediation.relatesTo;\n return;\n }\n\n return expandRelatesTo(idxResponse, remediation);\n }\n );\n\n const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n return {\n remediations,\n context,\n actions,\n };\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxResponse, IdxToPersist, IdxActionParams } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, RawIdxResponse } from '../../types'; // auth-js/types\nimport { parseIdxResponse } from './idxResponseParser';\n\nexport function makeIdxState( \n authClient: OktaAuthIdxInterface,\n idxResponse: RawIdxResponse,\n toPersist: IdxToPersist,\n requestDidSucceed: boolean\n): IdxResponse {\n const rawIdxResponse = idxResponse;\n const { remediations, context, actions } = parseIdxResponse( authClient, idxResponse, toPersist );\n const neededToProceed = [...remediations];\n\n const proceed: IdxResponse['proceed'] = async function( remediationChoice, paramsFromUser = {} ) {\n /*\n remediationChoice is the name attribute on each form\n name should remain unique for items inside the remediation that are considered forms(identify, select-factor)\n name can be duplicate for items like redirect where its not considered a form(redirect)\n when names are not unique its a redirect to a href, so widget wont POST to idx-js layer.\n */\n const remediationChoiceObject = remediations.find((remediation) => remediation.name === remediationChoice);\n if ( !remediationChoiceObject ) {\n return Promise.reject(`Unknown remediation choice: [${remediationChoice}]`);\n }\n\n const actionFn = remediationChoiceObject.action;\n if (typeof actionFn !== 'function') {\n return Promise.reject(`Current remediation cannot make form submit action: [${remediationChoice}]`);\n }\n\n return remediationChoiceObject.action!(paramsFromUser as IdxActionParams);\n };\n\n const findCode = item => item.name === 'interaction_code';\n const interactionCode = rawIdxResponse.successWithInteractionCode?.value?.find( findCode )?.value as string;\n\n return {\n proceed,\n neededToProceed,\n actions,\n context,\n rawIdxState: rawIdxResponse,\n interactionCode,\n toPersist,\n requestDidSucceed,\n };\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState } from './makeIdxState';\n\nexport default {\n makeIdxState,\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxRemediation } from '../../types'; // auth-js/types\nimport generateIdxAction from './generateIdxAction';\n\nexport const generateRemediationFunctions = function generateRemediationFunctions(\n authClient: OktaAuthIdxInterface,\n remediationValue: IdxRemediation[],\n toPersist = {}\n) {\n return remediationValue.reduce((obj, remediation) => ({\n ...obj,\n [remediation.name]: generateIdxAction(authClient, remediation, toPersist)\n }), {});\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport { authenticate } from './authenticate';\nexport { cancel } from './cancel';\nexport { \n handleEmailVerifyCallback, \n isEmailVerifyCallback, \n parseEmailVerifyCallback, \n isEmailVerifyCallbackError, \n} from './emailVerify';\nexport { interact } from './interact';\nexport { introspect } from './introspect';\nexport { poll } from './poll';\nexport { proceed, canProceed } from './proceed';\nexport { register } from './register';\nexport { recoverPassword } from './recoverPassword';\nexport { handleInteractionCodeRedirect } from './handleInteractionCodeRedirect';\nexport { startTransaction } from './startTransaction';\nexport { unlockAccount } from './unlockAccount';\nexport * from './transactionMeta';\nexport * from './factory';\nexport * from './mixin';\nexport * from './options';\nexport * from './storage';\nexport * from './types';\nexport * from './IdxTransactionManager';\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* eslint complexity:[0,8] */\nimport { OktaAuthIdxInterface, IdxTransactionMeta, InteractOptions, InteractResponse } from './types';\nimport { getSavedTransactionMeta, saveTransactionMeta, createTransactionMeta } from './transactionMeta';\nimport { getOAuthBaseUrl } from '../oidc';\nimport { removeNils } from '../util';\nimport { httpRequest } from '../http';\n\n\n/* eslint-disable camelcase */\nexport interface InteractParams {\n client_id: string;\n scope: string;\n redirect_uri: string;\n code_challenge: string;\n code_challenge_method: string;\n state: string;\n activation_token?: string;\n recovery_token?: string;\n client_secret?: string;\n max_age?: string | number;\n acr_values?: string;\n nonce?: string;\n}\n/* eslint-enable camelcase */\n\nfunction getResponse(meta: IdxTransactionMeta): InteractResponse {\n return {\n meta,\n interactionHandle: meta.interactionHandle!,\n state: meta.state\n };\n}\n\n// Begin or resume a transaction. Returns an interaction handle\nexport async function interact (\n authClient: OktaAuthIdxInterface, \n options: InteractOptions = {}\n): Promise<InteractResponse> {\n options = removeNils(options);\n\n let meta = getSavedTransactionMeta(authClient, options);\n // If meta exists, it has been validated against all options\n\n if (meta?.interactionHandle) {\n return getResponse(meta); // Saved transaction, return meta\n }\n\n // Create new meta, respecting previous meta if it has been set and is not overridden\n meta = await createTransactionMeta(authClient, { ...meta, ...options });\n const baseUrl = getOAuthBaseUrl(authClient);\n let {\n clientId,\n redirectUri,\n state,\n scopes,\n withCredentials,\n codeChallenge,\n codeChallengeMethod,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues,\n nonce\n } = meta as IdxTransactionMeta;\n const clientSecret = options.clientSecret || authClient.options.clientSecret;\n withCredentials = withCredentials ?? true;\n\n /* eslint-disable camelcase */\n const url = `${baseUrl}/v1/interact`;\n const params = {\n client_id: clientId,\n scope: scopes!.join(' '),\n redirect_uri: redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n state,\n ...(activationToken && { activation_token: activationToken }),\n ...(recoveryToken && { recovery_token: recoveryToken }),\n // X-Device-Token header need to pair with `client_secret`\n // eslint-disable-next-line max-len\n // https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)\n ...(clientSecret && { client_secret: clientSecret }),\n ...(maxAge && { max_age: maxAge }),\n ...(acrValues && { acr_values: acrValues }),\n ...(nonce && { nonce }),\n } as InteractParams;\n /* eslint-enable camelcase */\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n const resp = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: params\n });\n const interactionHandle = resp.interaction_handle;\n\n const newMeta = {\n ...meta,\n interactionHandle,\n \n // Options which can be passed into interact() should be saved in the meta\n withCredentials,\n state,\n scopes,\n recoveryToken,\n activationToken\n };\n // Save transaction meta so it can be resumed\n saveTransactionMeta(authClient, newMeta);\n\n return getResponse(newMeta);\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState, validateVersionConfig } from './idxState';\nimport { IntrospectOptions, OktaAuthIdxInterface } from './types';\nimport { IdxResponse, isRawIdxResponse } from './types/idx-js';\nimport { getOAuthDomain } from '../oidc';\nimport { IDX_API_VERSION } from '../constants';\nimport { httpRequest } from '../http';\nimport { isAuthApiError } from '../errors';\n\nexport async function introspect (\n authClient: OktaAuthIdxInterface, \n options: IntrospectOptions = {}\n): Promise<IdxResponse> {\n let rawIdxResponse;\n let requestDidSucceed;\n\n // try load from storage first\n const savedIdxResponse = authClient.transactionManager.loadIdxResponse(options);\n if (savedIdxResponse) {\n rawIdxResponse = savedIdxResponse.rawIdxResponse;\n requestDidSucceed = savedIdxResponse.requestDidSucceed;\n }\n\n // call idx.introspect if no existing idx response available in storage\n if (!rawIdxResponse) {\n const version = options.version || IDX_API_VERSION;\n const domain = getOAuthDomain(authClient);\n const { interactionHandle, stateHandle } = options;\n const withCredentials = options.withCredentials ?? true;\n try {\n requestDidSucceed = true;\n validateVersionConfig(version);\n const url = `${domain}/idp/idx/introspect`;\n const body = stateHandle ? { stateToken: stateHandle } : { interactionHandle };\n const headers = {\n 'Content-Type': `application/ion+json; okta-version=${version}`, // Server wants this version info\n Accept: `application/ion+json; okta-version=${version}`,\n };\n rawIdxResponse = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: body\n });\n } catch (err) {\n if (isAuthApiError(err) && err.xhr && isRawIdxResponse(err.xhr.responseJSON)) {\n rawIdxResponse = err.xhr.responseJSON;\n requestDidSucceed = false;\n } else {\n throw err;\n }\n }\n }\n\n const { withCredentials } = options;\n return makeIdxState(authClient, rawIdxResponse, { withCredentials }, requestDidSucceed);\n}\n","import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n IdxAPI, \n IdxTransactionManagerInterface, \n OktaAuthIdxInterface, \n OktaAuthIdxConstructor, \n OktaAuthIdxOptions, \n WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n {\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n","import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { MinimalOktaOAuthInterface } from '../oidc/types';\nimport {\n IdxTransactionManagerInterface,\n OktaAuthIdxConstructor,\n OktaAuthIdxOptions,\n MinimalIdxAPI,\n WebauthnAPI,\n MinimalOktaAuthIdxInterface\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createMinimalIdxAPI } from '../idx/factory/minimalApi';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinMinimalIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n>\n(\n Base: TBase\n): TBase & OktaAuthIdxConstructor<MinimalOktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements MinimalOktaAuthIdxInterface<M, S, O, TM>\n {\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createMinimalIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createCoreOptionsConstructor } from '../core/options';\nimport { FlowIdentifier } from './types/FlowIdentifier';\nimport { OktaAuthIdxOptions } from './types/options';\n\n\nexport function createIdxOptionsConstructor() {\n const CoreOptionsConstructor = createCoreOptionsConstructor();\n return class IdxOptionsConstructor\n extends CoreOptionsConstructor \n implements Required<OktaAuthIdxOptions>\n {\n flow: FlowIdentifier;\n activationToken: string;\n recoveryToken: string;\n \n // BETA WARNING: configs in this section are subject to change without a breaking change notice\n idx: {\n useGenericRemediator?: boolean;\n exchangeCodeForTokens?: boolean;\n };\n \n constructor(options: any) {\n super(options);\n \n this.flow = options.flow;\n this.activationToken = options.activationToken;\n this.recoveryToken = options.recoveryToken;\n this.idx = options.idx;\n }\n };\n \n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { proceed } from './proceed';\n\nimport { \n IdxPollOptions,\n IdxTransaction,\n OktaAuthIdxInterface,\n} from './types';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { warn } from '../util';\n\nexport async function poll(authClient: OktaAuthIdxInterface, options: IdxPollOptions = {}): Promise<IdxTransaction> {\n const { withCredentials, exchangeCodeForTokens } = options;\n let transaction = await proceed(authClient, {\n startPolling: true,\n withCredentials,\n exchangeCodeForTokens\n });\n\n const meta = getSavedTransactionMeta(authClient);\n let availablePollingRemeditaions = meta?.remediations?.find(remediation => remediation.includes('poll'));\n if (!availablePollingRemeditaions?.length) {\n warn('No polling remediations available at the current IDX flow stage');\n }\n\n if (Number.isInteger(options.refresh)) {\n return new Promise(function (resolve, reject) {\n setTimeout(async function () {\n try {\n const refresh = transaction.nextStep?.poll?.refresh;\n if (refresh) {\n resolve(poll(authClient, {\n refresh\n }));\n } else {\n resolve(transaction);\n }\n } catch (err) {\n reject(err);\n }\n }, options.refresh);\n });\n }\n\n return transaction;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthIdxInterface,\n IdxTransaction,\n ProceedOptions,\n} from './types';\nimport { run } from './run';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { AuthSdkError } from '../errors';\n\nexport function canProceed(authClient: OktaAuthIdxInterface, options: ProceedOptions = {}): boolean {\n const meta = getSavedTransactionMeta(authClient, options);\n return !!(meta || options.stateHandle);\n}\n\nexport async function proceed(\n authClient: OktaAuthIdxInterface,\n options: ProceedOptions = {}\n): Promise<IdxTransaction> {\n\n if (!canProceed(authClient, options)) {\n throw new AuthSdkError('Unable to proceed: saved transaction could not be loaded');\n }\n\n let { flow, state } = options;\n if (!flow) {\n const meta = getSavedTransactionMeta(authClient, { state });\n flow = meta?.flow;\n }\n\n return run(authClient, { \n ...options, \n flow\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\nimport { \n OktaAuthIdxInterface, \n PasswordRecoveryOptions, \n IdxTransaction,\n} from './types';\n\nexport async function recoverPassword(\n authClient: OktaAuthIdxInterface, options: PasswordRecoveryOptions = {}\n): Promise<IdxTransaction> {\n const flowSpec = getFlowSpecification(authClient, 'recoverPassword');\n return run(\n authClient, \n { \n ...options,\n ...flowSpec,\n }\n );\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n RegistrationOptions, \n IdxTransaction, \n OktaAuthIdxInterface, \n IdxFeature,\n} from './types';\n\nexport async function register(\n authClient: OktaAuthIdxInterface, options: RegistrationOptions = {}\n): Promise<IdxTransaction> {\n\n // Only check at the beginning of the transaction\n if (!hasSavedInteractionHandle(authClient)) {\n const { enabledFeatures } = await startTransaction(authClient, {\n ...options,\n flow: 'register',\n autoRemediate: false\n });\n if (!options.activationToken && enabledFeatures && !enabledFeatures.includes(IdxFeature.REGISTRATION)) {\n throw new AuthSdkError('Registration is not supported based on your current org configuration.');\n }\n }\n\n return run(authClient, {\n ...options,\n flow: 'register'\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { RemediationValues } from './remediators';\nimport { OktaAuthIdxInterface, RemediateOptions, RemediationResponse } from './types';\nimport { \n IdxResponse,\n IdxActionParams, \n} from './types/idx-js';\nimport {\n isTerminalResponse,\n filterValuesForRemediation,\n getRemediator,\n getNextStep,\n handleFailedResponse\n} from './util';\n\nexport interface RemediateActionWithOptionalParams {\n name: string;\n params?: IdxActionParams;\n}\n\nexport type RemediateAction = string | RemediateActionWithOptionalParams;\n\n\nfunction getActionFromValues(values: RemediationValues, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values: RemediationValues): RemediationValues {\n // Currently support resend actions only\n return {\n ...values,\n resend: undefined\n };\n}\n\nfunction removeActionFromOptions(options: RemediateOptions, actionName: string): RemediateOptions {\n let actions = options.actions || [];\n actions = actions.filter(entry => {\n if (typeof entry === 'string') {\n return entry !== actionName;\n }\n return entry.name !== actionName;\n });\n\n return { ...options, actions };\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n const remediator = getRemediator(idxResponse, values, options);\n\n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actionFromOptions = options.actions || [];\n const actions = [\n ...actionFromOptions,\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n // Action can either be specified as a string, or as an object with name and optional params\n let params: IdxActionParams = {};\n if (typeof action !== 'string') {\n params = action.params || {};\n action = action.name;\n }\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n let optionsWithoutExecutedAction = removeActionFromOptions(options, action);\n\n if (typeof idxResponse.actions[action] === 'function') {\n idxResponse = await idxResponse.actions[action](params);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n if (action === 'cancel') {\n return { idxResponse, canceled: true };\n }\n return remediate(\n authClient, \n idxResponse, \n valuesWithoutExecutedAction, \n optionsWithoutExecutedAction\n ); // recursive call\n }\n\n // search for action in remediation list\n const remediationAction = neededToProceed.find(({ name }) => name === action);\n if (remediationAction) {\n idxResponse = await idxResponse.proceed(action, params);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n return remediate(authClient, idxResponse, values, optionsWithoutExecutedAction); // recursive call\n }\n }\n }\n\n // Do not attempt to remediate if response is in terminal state\n const terminal = isTerminalResponse(idxResponse);\n if (terminal) {\n return { idxResponse, terminal };\n }\n\n if (!remediator) {\n // With options.step, remediator is not required\n if (options.step) {\n values = filterValuesForRemediation(idxResponse, options.step, values); // include only requested values\n idxResponse = await idxResponse.proceed(options.step, values);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n return { idxResponse };\n }\n\n // With default flow, remediator is not required\n if (flow === 'default') {\n return { idxResponse };\n }\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n nextStep,\n };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n\n idxResponse = await idxResponse.proceed(name, data);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n options = { ...options, step: undefined }; // do not re-use the step\n\n // generic remediator should not auto proceed in pending status\n // return nextStep directly\n if (options.useGenericRemediator && !idxResponse.interactionCode && !isTerminalResponse(idxResponse)) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const gr = getRemediator(idxResponse, values, options)!;\n const nextStep = getNextStep(authClient, gr, idxResponse);\n return {\n idxResponse,\n nextStep,\n };\n }\n \n return remediate(authClient, idxResponse, values, options); // recursive call\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\nimport { getAuthenticatorFromRemediation } from './util';\n\nexport type AuthenticatorEnrollmentDataValues = AuthenticatorDataValues & {\n phoneNumber?: string;\n resend?: boolean; // resend is not a remediator value - revise when IdxResponse structure is updated\n}\nexport class AuthenticatorEnrollmentData extends AuthenticatorData<AuthenticatorEnrollmentDataValues> {\n static remediationName = 'authenticator-enrollment-data';\n\n mapAuthenticator() {\n const authenticatorData = this.getAuthenticatorData();\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation)!;\n return { \n id: authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'id')!.value,\n methodType: authenticatorData!.methodType,\n phoneNumber: authenticatorData!.phoneNumber,\n };\n }\n\n getInputAuthenticator(remediation) {\n return [\n { name: 'methodType', type: 'string' }, \n { name: 'phoneNumber', label: 'Phone Number', type: 'string' }\n ].map(item => {\n const value = remediation.form.value.find(val => val.name === item.name);\n return { ...value, ...item };\n });\n }\n\n protected mapAuthenticatorDataFromValues(data?) {\n // get mapped authenticator from base class\n data = super.mapAuthenticatorDataFromValues(data);\n // add phoneNumber to authenticator if it exists in values\n const { phoneNumber } = this.values;\n if (!data && !phoneNumber) {\n return;\n }\n\n return { \n ...(data && data), \n ...(phoneNumber && { phoneNumber }) \n };\n }\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\n\nexport type AuthenticatorVerificationDataValues = AuthenticatorDataValues;\n\nexport class AuthenticatorVerificationData extends AuthenticatorData<AuthenticatorVerificationDataValues> {\n static remediationName = 'authenticator-verification-data';\n\n mapAuthenticator() {\n return this.getAuthenticatorData();\n }\n\n getInputAuthenticator() {\n const authenticator = this.getAuthenticatorFromRemediation();\n const methodType = authenticator.form!.value.find(({ name }) => name === 'methodType');\n // if has methodType in form, let user select the methodType\n if (methodType && methodType.options) {\n return { \n name: 'methodType', \n type: 'string', \n required: true, \n options: methodType.options \n };\n }\n // no methodType, then return form values\n const inputs = [...authenticator.form!.value];\n return inputs;\n }\n\n getValuesAfterProceed(): AuthenticatorVerificationDataValues {\n this.values = super.getValuesAfterProceed();\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'authenticator');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { IdxRemediationValue, IdxRemediation, IdxAuthenticator } from '../../types/idx-js';\nimport { isAuthenticator } from '../../types/api';\nimport { compareAuthenticators } from '../../authenticator/util';\n\nexport type AuthenticatorDataValues = RemediationValues & {\n methodType?: string;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class AuthenticatorData<T extends AuthenticatorDataValues = AuthenticatorDataValues> extends Remediator<T> {\n authenticator: IdxAuthenticator;\n\n constructor(remediation: IdxRemediation, values: T = {} as T) {\n super(remediation, values);\n\n // set before other data calculation\n this.authenticator = this.getAuthenticator()!;\n\n this.formatAuthenticatorData();\n }\n\n protected formatAuthenticatorData() {\n const authenticatorData = this.getAuthenticatorData();\n if (authenticatorData) {\n this.values.authenticatorsData = this.values.authenticatorsData!.map(data => {\n if (compareAuthenticators(this.authenticator, data)) {\n return this.mapAuthenticatorDataFromValues(data);\n }\n return data;\n });\n } else {\n const data = this.mapAuthenticatorDataFromValues();\n if (data) {\n this.values.authenticatorsData!.push(data);\n }\n }\n }\n\n protected getAuthenticatorData() {\n return this.values.authenticatorsData!\n .find((data) => compareAuthenticators(this.authenticator, data));\n }\n\n canRemediate() {\n return this.values.authenticatorsData!\n .some(data => compareAuthenticators(this.authenticator, data));\n }\n\n protected mapAuthenticatorDataFromValues(authenticatorData?) {\n // add methodType to authenticatorData if it exists in values\n let { methodType, authenticator } = this.values;\n if (!methodType && isAuthenticator(authenticator)) {\n methodType = authenticator?.methodType;\n }\n \n const { id, enrollmentId } = this.authenticator;\n const data = { \n id,\n enrollmentId,\n ...(authenticatorData && authenticatorData),\n ...(methodType && { methodType }) \n };\n\n return data.methodType ? data : null;\n }\n\n protected getAuthenticatorFromRemediation(): IdxRemediationValue {\n const authenticator = this.remediation.value!\n .find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n return authenticator;\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n // remove used authenticatorData\n const authenticatorsData = this.values.authenticatorsData!\n .filter(data => compareAuthenticators(this.authenticator, data) !== true);\n return { ...this.values, authenticatorsData };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { OktaAuthIdxInterface, NextStep, IdxMessage, Authenticator, Input, RemediateOptions } from '../../types';\nimport { IdxAuthenticator, IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { getAllValues, getRequiredValues, titleCase, getAuthenticatorFromRemediation } from '../util';\nimport { formatAuthenticator, compareAuthenticators } from '../../authenticator/util';\n\n// A map from IDX data values (server spec) to RemediationValues (client spec)\nexport type IdxToRemediationValueMap = Record<string, string[]>;\n\nexport interface RemediationValues {\n stateHandle?: string;\n authenticators?: (Authenticator | string)[];\n authenticator?: string | Authenticator;\n authenticatorsData?: Authenticator[];\n resend?: boolean;\n}\n\nexport interface RemediatorConstructor {\n remediationName: string;\n new<T extends RemediationValues>(\n remediation: IdxRemediation, \n values?: T, \n options?: RemediateOptions\n ): any;\n}\n\n// Base class - DO NOT expose static remediationName\nexport class Remediator<T extends RemediationValues = RemediationValues> {\n static remediationName: string;\n\n remediation: IdxRemediation;\n values: T;\n options: RemediateOptions;\n map?: IdxToRemediationValueMap;\n\n constructor(\n remediation: IdxRemediation, \n values: T = {} as T, \n options: RemediateOptions = {}\n ) {\n // assign fields to the instance\n this.values = { ...values };\n this.options = { ...options };\n this.formatAuthenticators();\n this.remediation = remediation;\n }\n\n private formatAuthenticators() {\n this.values.authenticators = (this.values.authenticators || []) as Authenticator[];\n\n // ensure authenticators are in the correct format\n this.values.authenticators = this.values.authenticators.map(authenticator => {\n return formatAuthenticator(authenticator);\n });\n\n // add authenticator (if any) to \"authenticators\"\n if (this.values.authenticator) {\n const authenticator = formatAuthenticator(this.values.authenticator);\n const hasAuthenticatorInList = this.values.authenticators.some(existing => {\n return compareAuthenticators(authenticator, existing);\n });\n if (!hasAuthenticatorInList) {\n this.values.authenticators.push(authenticator);\n }\n }\n\n // save non-key meta to \"authenticatorsData\" field\n // authenticators will be removed after selection to avoid select-authenticator loop\n this.values.authenticatorsData = this.values.authenticators.reduce((acc, authenticator) => {\n if (typeof authenticator === 'object' && Object.keys(authenticator).length > 1) {\n // save authenticator meta into authenticator data\n acc.push(authenticator);\n }\n return acc;\n }, this.values.authenticatorsData || []);\n }\n\n getName(): string {\n return this.remediation.name;\n }\n\n // Override this method to provide custom check\n /* eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars */\n canRemediate(context?: IdxContext): boolean {\n const required = getRequiredValues(this.remediation);\n const needed = required!.find((key) => !this.hasData(key));\n if (needed) {\n return false; // missing data for a required field\n }\n return true; // all required fields have available data\n }\n\n // returns an object for the entire remediation form, or just a part\n getData(key?: string) {\n if (!key) {\n let allValues = getAllValues(this.remediation);\n let res = allValues!.reduce((data, key) => {\n data[key] = this.getData(key); // recursive\n return data;\n }, {});\n return res;\n }\n\n // Map value by \"map${Property}\" function in each subClass\n if (typeof this[`map${titleCase(key)}`] === 'function') {\n const val = this[`map${titleCase(key)}`](\n this.remediation.value!.find(({name}) => name === key)\n );\n if (val) {\n return val;\n }\n }\n\n // If a map is defined for this key, return the first aliased property that returns a truthy value\n if (this.map && this.map[key]) {\n const entry = this.map[key];\n for (let i = 0; i < entry.length; i++) {\n let val = this.values[entry[i]];\n if (val) {\n return val;\n }\n }\n }\n\n // fallback: return the value by key\n return this.values[key];\n }\n\n hasData(\n key: string // idx name\n ): boolean \n {\n // no attempt to format, we want simple true/false\n return !!this.getData(key);\n }\n\n getNextStep(_authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n const authenticator = this.getAuthenticator();\n // TODO: remove type field in the next major version change\n // https://oktainc.atlassian.net/browse/OKTA-431749\n const type = authenticator?.type;\n return { \n name, \n inputs, \n ...(type && { type }),\n ...(authenticator && { authenticator }),\n };\n }\n\n // Get inputs for the next step\n getInputs(): Input[] {\n const inputs: Input[] = [];\n const inputsFromRemediation = this.remediation.value || [];\n inputsFromRemediation.forEach(inputFromRemediation => {\n let input;\n let { name, type, visible, messages } = inputFromRemediation;\n if (visible === false) {\n return; // Filter out invisible inputs, like stateHandle\n }\n if (typeof this[`getInput${titleCase(name)}`] === 'function') {\n input = this[`getInput${titleCase(name)}`](inputFromRemediation);\n } else if (type !== 'object') {\n // handle general primitive types\n let alias;\n const aliases = (this.map ? this.map[name] : null) || [];\n if (aliases.length === 1) {\n alias = aliases[0];\n } else {\n // try find key from values\n alias = aliases.find(name => Object.keys(this.values).includes(name));\n }\n if (alias) {\n input = { ...inputFromRemediation, name: alias };\n }\n }\n if (!input) {\n input = inputFromRemediation;\n }\n if (Array.isArray(input)) {\n input.forEach(i => inputs.push(i));\n } else {\n // guarantees field-level messages are passed back\n if (messages) {\n input.messages = messages;\n }\n inputs.push(input);\n }\n });\n return inputs;\n }\n\n static getMessages(remediation: IdxRemediation): IdxMessage[] | undefined {\n if (!remediation.value) {\n return;\n }\n return remediation.value[0]?.form?.value.reduce((messages: IdxMessage[], field) => {\n if (field.messages) {\n messages = [...messages, ...field.messages.value];\n }\n return messages;\n }, []);\n }\n\n // Prepare values for the next remediation\n // In general, remove used values from inputs for the current remediation\n // Override this method if special cases need be handled\n getValuesAfterProceed(): T {\n const inputsFromRemediation = this.remediation.value || []; // \"raw\" inputs from server response\n const inputsFromRemediator = this.getInputs(); // \"aliased\" inputs from SDK remediator\n const inputs = [\n ...inputsFromRemediation,\n ...inputsFromRemediator\n ];\n // scrub all values related to this remediation\n for (const input of inputs) {\n delete this.values[input.name];\n }\n return this.values;\n }\n\n protected getAuthenticator(): IdxAuthenticator | undefined {\n // relatesTo value may be an authenticator or an authenticatorEnrollment\n const relatesTo = this.remediation.relatesTo?.value;\n if (!relatesTo) {\n return;\n }\n\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n if (!authenticatorFromRemediation) {\n // Hopefully value is an authenticator\n return relatesTo;\n }\n\n // If relatesTo is an authenticatorEnrollment, the id is actually the enrollmentId\n // Let's get the correct authenticator id from the form value\n const id = authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'id')!.value as string;\n const enrollmentId = authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'enrollmentId')?.value as string;\n\n return {\n ...relatesTo,\n id,\n enrollmentId\n };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticatorFromRemediation } from '../util';\nimport { IdxRemediationValue, IdxContext, IdxOption } from '../../types/idx-js';\nimport { Authenticator, isAuthenticator } from '../../types/api';\nimport { compareAuthenticators, findMatchedOption} from '../../authenticator/util';\n\nexport type SelectAuthenticatorValues = RemediationValues & {\n authenticator?: string | Authenticator;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class SelectAuthenticator<T extends SelectAuthenticatorValues = SelectAuthenticatorValues>\n extends Remediator<T> {\n selectedAuthenticator?: Authenticator;\n selectedOption?: any;\n\n // Find matched authenticator in provided order\n findMatchedOption(authenticators, options) {\n let option: IdxOption | undefined;\n for (let authenticator of authenticators) {\n option = options\n .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n if (option) {\n break;\n }\n }\n return option;\n }\n\n /* eslint complexity:[0,9] */\n canRemediate(context?: IdxContext) {\n const { authenticators, authenticator } = this.values;\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n const { options } = authenticatorFromRemediation;\n // Let users select authenticator if no input is provided\n if (!authenticators || !authenticators.length) {\n return false;\n }\n\n // Authenticator is explicitly specified by id\n if (isAuthenticator(authenticator) && authenticator.id) {\n return true;\n }\n\n // Proceed with provided authenticators\n const matchedOption = this.findMatchedOption(authenticators, options!);\n if (matchedOption) {\n // Don't select current authenticator (OKTA-612939)\n const isCurrentAuthenticator = context?.currentAuthenticator\n && context?.currentAuthenticator.value.id === matchedOption.relatesTo?.id;\n const isCurrentAuthenticatorEnrollment = context?.currentAuthenticatorEnrollment\n && context?.currentAuthenticatorEnrollment.value.id === matchedOption.relatesTo?.id;\n return !isCurrentAuthenticator && !isCurrentAuthenticatorEnrollment;\n }\n \n return false;\n }\n\n mapAuthenticator(remediationValue: IdxRemediationValue) {\n const { authenticators, authenticator } = this.values;\n\n // Authenticator is explicitly specified by id\n if (isAuthenticator(authenticator) && authenticator.id) {\n this.selectedAuthenticator = authenticator; // track the selected authenticator\n return authenticator;\n }\n\n const { options } = remediationValue;\n const selectedOption = findMatchedOption(authenticators, options);\n this.selectedAuthenticator = selectedOption.relatesTo; // track the selected authenticator\n this.selectedOption = selectedOption;\n return {\n id: selectedOption?.value.form.value.find(({ name }) => name === 'id').value\n };\n }\n\n getInputAuthenticator(remediation) {\n const options = remediation.options.map(({ label, relatesTo }) => {\n return {\n label,\n value: relatesTo.key\n };\n });\n return { name: 'authenticator', type: 'string', options };\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n // remove used authenticators\n const authenticators = (this.values.authenticators as Authenticator[])\n .filter(authenticator => {\n return compareAuthenticators(authenticator, this.selectedAuthenticator) !== true;\n });\n return { ...this.values, authenticators };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticator, Authenticator, AuthenticatorValues } from '../../authenticator';\nimport { IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, NextStep } from '../../types';\n\nexport type VerifyAuthenticatorValues = AuthenticatorValues & RemediationValues;\n\n// Base class - DO NOT expose static remediationName\nexport class VerifyAuthenticator<T extends VerifyAuthenticatorValues = VerifyAuthenticatorValues>\n extends Remediator<T> {\n\n authenticator: Authenticator<VerifyAuthenticatorValues>;\n\n constructor(remediation: IdxRemediation, values: T = {} as T) {\n super(remediation, values);\n this.authenticator = getAuthenticator(remediation);\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n const nextStep = super.getNextStep(authClient, context);\n const authenticatorEnrollments = context?.authenticatorEnrollments?.value;\n\n return {\n ...nextStep,\n authenticatorEnrollments\n };\n }\n\n canRemediate() {\n return this.authenticator.canVerify(this.values);\n }\n\n mapCredentials() {\n return this.authenticator.mapCredentials(this.values);\n }\n\n getInputCredentials(input) {\n return this.authenticator.getInputs(input);\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'credentials');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {} as T);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ChallengeAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ChallengeAuthenticator extends VerifyAuthenticator<ChallengeAuthenticatorValues> {\n static remediationName = 'challenge-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { EnrollPoll } from './EnrollPoll';\n\nexport class ChallengePoll extends EnrollPoll{\n static remediationName = 'challenge-poll';\n\n canRemediate() {\n return !!this.values.startPolling || this.options.step === 'challenge-poll';\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type EnrollAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class EnrollAuthenticator extends VerifyAuthenticator<EnrollAuthenticatorValues> {\n static remediationName = 'enroll-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { NextStep, OktaAuthIdxInterface } from '../types';\nimport { IdxContext } from '../types/idx-js';\n\nexport interface EnrollPollValues extends RemediationValues {\n startPolling?: boolean;\n}\n\nexport class EnrollPoll extends Remediator<EnrollPollValues> {\n static remediationName = 'enroll-poll';\n\n canRemediate() {\n return !!this.values.startPolling || this.options.step === 'enroll-poll';\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n const common = super.getNextStep(authClient, context);\n let authenticator = this.getAuthenticator();\n if (!authenticator && context?.currentAuthenticator) {\n authenticator = context.currentAuthenticator.value;\n }\n return {\n ...common,\n authenticator,\n poll: {\n required: true,\n refresh: this.remediation.refresh\n },\n };\n }\n\n getValuesAfterProceed(): EnrollPollValues {\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'startPolling');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxRemediation, IdxRemediationValue, IdxAuthenticator } from '../types/idx-js';\nimport { RemediateOptions } from '../types';\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, Credentials, OktaPassword } from '../authenticator';\n\nexport interface EnrollProfileValues extends RemediationValues {\n firstName?: string;\n lastName?: string;\n email?: string;\n credentials?: Credentials;\n password?: string;\n passcode?: string;\n}\n\nexport class EnrollProfile extends Remediator<EnrollProfileValues> {\n static remediationName = 'enroll-profile';\n\n authenticator: Authenticator<any> | null = null;\n\n constructor(\n remediation: IdxRemediation,\n values: EnrollProfileValues = {},\n options: RemediateOptions = {}\n ) {\n super(remediation, values, options);\n\n // credentials are only required when Profile Enrollment policy requires them\n // if credentials are included in the remediation, they are considered required\n // otherwise it will be omitted\n const credentials = this.getCredentialsFromRemediation();\n if (credentials) {\n this.authenticator = this.authenticator = new OktaPassword({} as IdxAuthenticator);\n }\n }\n\n canRemediate() {\n // ensure credentials can be verified, if required\n if (this.authenticator && !this.authenticator.canVerify(this.values)) {\n return false;\n }\n\n const userProfileFromValues = this.getData().userProfile;\n if (!userProfileFromValues) {\n return false;\n }\n // eslint-disable-next-line max-len\n const userProfileFromRemediation = this.remediation.value!.find(({ name }) => name === 'userProfile') as IdxRemediationValue;\n return userProfileFromRemediation.form!.value.reduce((canRemediate, curr) => {\n if (curr.required) {\n canRemediate = canRemediate && !!userProfileFromValues[curr.name];\n }\n return canRemediate;\n }, true);\n }\n\n getCredentialsFromRemediation () {\n return this.remediation.value!.find(({ name }) => name === 'credentials');\n }\n\n mapUserProfile({form: { value: profileAttributes }}) {\n const attributeNames = profileAttributes.map(({name}) => name);\n const data = attributeNames.reduce((attributeValues, attributeName) => (\n this.values[attributeName] ? {\n ...attributeValues,\n [attributeName]: this.values[attributeName]\n } : attributeValues), {});\n if (Object.keys(data).length === 0) {\n return;\n }\n return data;\n }\n\n mapCredentials() {\n const val = this.authenticator && this.authenticator.mapCredentials(this.values);\n if (!val) {\n return;\n }\n return val;\n }\n\n getInputUserProfile(input) {\n return [...input.form.value];\n }\n\n getInputCredentials(input) {\n return [...input.form.value];\n }\n\n getErrorMessages(errorRemediation) {\n return errorRemediation.value[0].form.value.reduce((errors, field) => {\n if (field.messages) {\n errors.push(field.messages.value[0].message);\n }\n return errors;\n }, []);\n }\n}","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxContext } from '../types/idx-js';\nimport { OktaAuthIdxInterface } from '../types';\n\n\nexport type EnrollmentChannelDataValues = RemediationValues & {\n email?: string;\n phoneNumber?: string;\n};\n\nexport class EnrollmentChannelData extends Remediator<EnrollmentChannelDataValues> {\n static remediationName = 'enrollment-channel-data';\n\n getInputEmail() {\n return [\n { name: 'email', type: 'string', required: true, label: 'Email' },\n ];\n }\n\n getInputPhoneNumber() {\n return [\n { name: 'phoneNumber', type: 'string', required: true, label: 'Phone Number' },\n ];\n }\n\n canRemediate() {\n return Boolean(this.values.email || this.values.phoneNumber);\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n const common = super.getNextStep(authClient, context);\n const authenticator = context.currentAuthenticator.value;\n return {\n ...common,\n authenticator,\n };\n }\n\n getData() {\n return {\n stateHandle: this.values.stateHandle,\n email: this.values.email,\n phoneNumber: this.values.phoneNumber\n };\n }\n\n getValuesAfterProceed(): EnrollmentChannelDataValues {\n let trimmedValues = Object.keys(this.values).filter(valueKey => !['email', 'phoneNumber'].includes(valueKey));\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","import { OktaAuthIdxInterface, IdxContext, NextStep, Input } from '../../types';\nimport { Remediator } from '../Base/Remediator';\nimport { unwrapFormValue } from './util';\n\nexport class GenericRemediator extends Remediator {\n canRemediate(): boolean {\n // only handle remediations that are able to submit form (xhr)\n if (typeof this.remediation.action !== 'function') {\n return false;\n }\n\n // DO NOT REMOVE - bring it back when enable client side validation for GenericRemediator - OKTA-512003\n // const inputs = this.getInputs();\n // const res = inputs.reduce((acc, input) => {\n // return acc && hasValidInputValue(input, this.values);\n // }, true);\n // return res;\n\n if (this.remediation.name === 'poll' || this.remediation.name.endsWith('-poll')) {\n return true;\n }\n\n if (this.options.step) {\n return true;\n }\n \n // disable auto proceed for unknown remediations\n return false;\n }\n\n getData() {\n const data = this.getInputs().reduce((acc, { name }) => {\n acc[name] = this.values[name];\n return acc;\n }, {});\n return data;\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n \n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n // excludes transformed fields\n const { \n // http metas have been transformed to action\n href, \n method, \n rel, \n accepts, \n produces, \n // value has been transform to inputs\n value,\n // will be transformed to a function that resolves IdxTransaction\n action,\n ...rest \n } = this.remediation;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n\n // step to handle form submission\n if (action) {\n return { \n ...rest,\n ...(!!inputs.length && { inputs }),\n action: async (params?) => {\n return authClient.idx.proceed({\n step: name,\n ...params\n });\n }\n };\n }\n\n // return whole remediation data for other steps, eg \"redirect-idp\"\n return { ...this.remediation } as NextStep;\n \n }\n\n getInputs(): Input[] {\n return (this.remediation.value || [])\n .filter(({ name }) => name !== 'stateHandle')\n .map(unwrapFormValue)\n .map(input => {\n // use string as default input type\n input.type = input.type || 'string';\n return input;\n });\n }\n\n}\n","export * from './GenericRemediator';","/* eslint-disable complexity */\nimport { AuthSdkError } from '../../../errors';\nimport { Input } from '../../types';\n\nexport function unwrapFormValue(remediation): Input { \n if (Array.isArray(remediation)) {\n return remediation\n .map(item => {\n if (typeof item === 'string' || typeof item === 'number' || typeof item === 'boolean') {\n return item;\n }\n return unwrapFormValue(item);\n }) as any;\n }\n\n const res = {};\n for (const [key, value] of Object.entries(remediation)) {\n if (value === null || typeof value === 'undefined') {\n continue;\n }\n\n if (typeof value === 'object') {\n const formKeys = Object.keys(value as object);\n // detect patterns like:\n // value -> form -> value | form -> value\n if (['value', 'form'].includes(key) \n && formKeys.length === 1 \n && ['value', 'form'].includes(formKeys[0])\n ) {\n // unwrap nested form\n const unwrappedForm = unwrapFormValue(value);\n Object.entries(unwrappedForm).forEach(([key, value]) => {\n res[key] = value;\n });\n } else {\n // dfs\n res[key] = unwrapFormValue(value);\n }\n } else {\n // handle primitive value\n res[key] = value;\n }\n }\n\n return res as Input;\n}\n\n// only check if value is required for now\n// TODO: support SDK layer type based input validation\nexport function hasValidInputValue(input, values) {\n const fn = (input, values, requiredTracker) => {\n const { name, value, type, options, required } = input;\n const isRequired = required || requiredTracker;\n\n // handle nested value - all required fields should be avaiable in values \n if (Array.isArray(value)) {\n return value.reduce((acc, item) => {\n return acc && fn(item, values[name], isRequired); // recursive call\n }, true);\n }\n\n // handle options field\n // 1. object type options - check if each object field is required and value can be found from the selectedOption\n // 2. primitive options - required field is avaiable from top level\n // 3. unknown format - pass to backend for validation\n if (options) {\n // object type options\n if (type === 'object') {\n const selectedOption = values[name];\n if (!selectedOption) {\n return false;\n }\n if (!selectedOption.id) {\n // unknown option format, pass to backend for validation\n return true;\n }\n const optionSchema = options.find((option) => {\n const idSchema = option.value.find(({ name }) => name === 'id' );\n return idSchema.value === selectedOption.id;\n });\n if (!optionSchema) {\n return false;\n }\n return optionSchema.value\n .filter(({ required }) => !!required)\n .reduce((acc, { name }) => {\n return acc && !!selectedOption[name];\n }, true);\n }\n\n // primitive options, not required - always valid\n if (required === false) {\n return true;\n }\n\n // primitive options, required - check if value is available\n if (required === true) {\n return !!values[name];\n }\n\n // unknown options, throw\n throw new AuthSdkError(`Unknown options type, ${JSON.stringify(input)}`);\n }\n\n // base case\n if (!isRequired) {\n return true;\n }\n \n return !!(values && values[name]);\n };\n\n return fn(input, values, false);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Credentials } from '../authenticator';\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface IdentifyValues extends RemediationValues {\n username?: string;\n password?: string;\n credentials?: Credentials;\n rememberMe?: boolean;\n}\n\nexport class Identify extends Remediator<IdentifyValues> {\n static remediationName = 'identify';\n\n map = {\n 'identifier': ['username']\n };\n\n canRemediate(): boolean {\n const { identifier } = this.getData();\n return !!identifier;\n }\n\n mapCredentials() {\n const { credentials, password } = this.values;\n if (!credentials && !password) {\n return;\n }\n return credentials || { passcode: password };\n }\n\n getInputCredentials(input) {\n return {\n ...input.form.value[0],\n name: 'password',\n required: input.required\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator<ReEnrollAuthenticatorValues> {\n static remediationName = 'reenroll-authenticator';\n\n mapCredentials() {\n const { newPassword } = this.values;\n if (!newPassword) {\n return;\n }\n return { \n passcode: newPassword,\n };\n }\n\n getInputCredentials(input) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const challengeType = this.getAuthenticator()!.type;\n const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n return {\n ...input.form.value[0],\n name\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ReEnrollAuthenticator } from './ReEnrollAuthenticator';\n\nexport class ReEnrollAuthenticatorWarning extends ReEnrollAuthenticator {\n static remediationName = 'reenroll-authenticator-warning';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator } from './Base/Remediator';\n\nexport class RedirectIdp extends Remediator {\n static remediationName = 'redirect-idp';\n\n canRemediate() {\n return false;\n }\n\n getNextStep() {\n const { name, type, idp, href } = this.remediation;\n return {\n name,\n type,\n idp,\n href\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ResetAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ResetAuthenticator extends VerifyAuthenticator<ResetAuthenticatorValues> {\n static remediationName = 'reset-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { getAuthenticatorFromRemediation } from './util';\nimport { IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey, Authenticator, RemediateOptions } from '../types';\n\nexport type SelectAuthenticatorAuthenticateValues = SelectAuthenticatorValues & {\n password?: string;\n};\n\nexport class SelectAuthenticatorAuthenticate extends SelectAuthenticator<SelectAuthenticatorAuthenticateValues> {\n static remediationName = 'select-authenticator-authenticate';\n\n constructor(\n remediation: IdxRemediation, \n values: SelectAuthenticatorValues = {}, \n options: RemediateOptions = {}\n ) {\n super(remediation, values, options);\n\n // Preset password authenticator to trigger recover action\n const isRecoveryFlow = this.options.flow === 'recoverPassword';\n const hasPasswordInOptions = getAuthenticatorFromRemediation(remediation)\n .options?.some(({ relatesTo }) => relatesTo?.key === AuthenticatorKey.OKTA_PASSWORD);\n if (hasPasswordInOptions && (isRecoveryFlow || this.values.password)) {\n this.values.authenticators = [\n ...this.values.authenticators || [],\n { key: AuthenticatorKey.OKTA_PASSWORD }\n ] as Authenticator[];\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\n\nexport type SelectAuthenticatorEnrollValues = SelectAuthenticatorValues;\n\nexport class SelectAuthenticatorEnroll extends SelectAuthenticator<SelectAuthenticatorEnrollValues> {\n static remediationName = 'select-authenticator-enroll';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { Authenticator } from '../types';\nimport { IdxRemediationValue } from '../types/idx-js';\n\n\nexport type SelectAuthenticatorUnlockAccountValues = SelectAuthenticatorValues & {\n identifier?: string;\n methodType?: string;\n};\n\nexport class SelectAuthenticatorUnlockAccount extends SelectAuthenticator<SelectAuthenticatorUnlockAccountValues> {\n static remediationName = 'select-authenticator-unlock-account';\n authenticator?: Authenticator;\n\n map = {\n identifier: ['username']\n };\n\n canRemediate() {\n const identifier = this.getData('identifier');\n return !!identifier && super.canRemediate();\n }\n\n mapAuthenticator(remediationValue: IdxRemediationValue) {\n const authenticatorMap = super.mapAuthenticator(remediationValue);\n const methodTypeOption = this.selectedOption?.value.form.value.find(({ name }) => name === 'methodType');\n\n // defaults to 'manually defined' value\n // 2nd: option may have pre-defined value, like stateHandle\n // 3rd: if only a single OV option is available, default to that option\n const methodTypeValue = this.values.methodType ||\n methodTypeOption?.value as string || methodTypeOption?.options?.[0]?.value as string;\n\n if (methodTypeValue) {\n return {\n ...authenticatorMap,\n methodType: methodTypeValue\n };\n }\n\n return authenticatorMap;\n }\n\n getInputUsername () {\n return { name: 'username', type: 'string' };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface SelectEnrollProfileValues extends RemediationValues {}\n\nexport class SelectEnrollProfile extends Remediator<SelectEnrollProfileValues> {\n static remediationName = 'select-enroll-profile';\n\n canRemediate() {\n return true;\n }\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxRemediationValueForm, IdxContext } from '../types/idx-js';\nimport { Authenticator, OktaAuthIdxInterface } from '../types/api';\n\n\nexport type SelectEnrollmentChannelValues = RemediationValues & {\n channel?: string;\n};\n\nexport class SelectEnrollmentChannel extends Remediator<SelectEnrollmentChannelValues> {\n static remediationName = 'select-enrollment-channel';\n\n canRemediate() {\n if (this.values.channel) {\n return true;\n }\n\n if (this.values.authenticator) {\n const { id, channel } = this.values.authenticator as Authenticator;\n if (!!id && !!channel) {\n return true;\n }\n }\n\n return false;\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n const common = super.getNextStep(authClient, context);\n const authenticator = context.currentAuthenticator.value;\n return {\n ...common,\n authenticator,\n };\n }\n\n getData() {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediationValue = this.remediation!.value![0].value as IdxRemediationValueForm;\n return {\n authenticator: {\n id: remediationValue.form.value[0].value,\n channel: (this.values.authenticator as Authenticator)?.channel || this.values.channel,\n },\n stateHandle: this.values.stateHandle,\n\n };\n }\n\n getValuesAfterProceed(): SelectEnrollmentChannelValues {\n this.values = super.getValuesAfterProceed();\n delete this.values.authenticators; // required to prevent infinite loops from auto-remediating via values\n const filterKey = this.values.channel ? 'channel' : 'authenticator';\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== filterKey);\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface SkipValues extends RemediationValues {\n skip?: boolean;\n}\n\nexport class Skip extends Remediator<SkipValues> {\n static remediationName = 'skip';\n\n canRemediate() {\n return !!this.values.skip || this.options.step === 'skip';\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './Base/Remediator';\nexport * from './EnrollAuthenticator';\nexport * from './EnrollPoll';\nexport * from './SelectEnrollmentChannel';\nexport * from './EnrollmentChannelData';\nexport * from './ChallengeAuthenticator';\nexport * from './ChallengePoll';\nexport * from './ResetAuthenticator';\nexport * from './EnrollProfile';\nexport * from './Identify';\nexport * from './ReEnrollAuthenticator';\nexport * from './ReEnrollAuthenticatorWarning';\nexport * from './RedirectIdp';\nexport * from './SelectAuthenticatorAuthenticate';\nexport * from './SelectAuthenticatorEnroll';\nexport * from './SelectAuthenticatorUnlockAccount';\nexport * from './SelectEnrollProfile';\nexport * from './AuthenticatorVerificationData';\nexport * from './AuthenticatorEnrollmentData';\nexport * from './Skip';\nexport * from './GenericRemediator';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxRemediation, IdxRemediationValue } from '../types/idx-js';\n\nexport function getAllValues(idxRemediation: IdxRemediation) {\n return idxRemediation.value?.map(r => r.name);\n}\n\nexport function getRequiredValues(idxRemediation: IdxRemediation) {\n return idxRemediation.value?.reduce((required, cur) => {\n if (cur.required) {\n required.push(cur.name as never);\n }\n return required;\n }, []);\n}\n\nexport function titleCase(str: string) {\n return str.charAt(0).toUpperCase() + str.substring(1);\n}\n\nexport function getAuthenticatorFromRemediation(\n remediation: IdxRemediation\n): IdxRemediationValue {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediation.value!.find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n OktaAuthIdxInterface,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n RunOptions,\n IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n getAvailableSteps,\n getEnabledFeatures,\n getMessagesFromResponse,\n isTerminalResponse,\n getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n options: RunOptions;\n values: RemediationValues;\n status?: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n idxResponse?: IdxResponse;\n canceled?: boolean;\n interactionCode?: string;\n shouldSaveResponse?: boolean;\n shouldClearTransaction?: boolean;\n clearSharedStorage?: boolean;\n terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n // remove known options, everything else is assumed to be a value\n const knownOptions = [\n 'flow', \n 'remediators', \n 'actions', \n 'withCredentials', \n 'step',\n 'useGenericRemediator',\n 'exchangeCodeForTokens',\n ];\n const values = { ...options };\n knownOptions.forEach(option => {\n delete values[option];\n });\n return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n let { options } = data;\n options = {\n ...authClient.options.idx,\n ...options\n };\n let {\n flow,\n withCredentials,\n remediators,\n actions,\n } = options;\n\n const status = IdxStatus.PENDING;\n\n // certain options can be set by the flow specification\n flow = flow || authClient.idx.getFlow?.() || 'default';\n if (flow) {\n authClient.idx.setFlow?.(flow);\n const flowSpec = getFlowSpecification(authClient, flow);\n // Favor option values over flow spec\n withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n remediators = remediators || flowSpec.remediators;\n actions = actions || flowSpec.actions;\n }\n\n return { \n ...data,\n options: { \n ...options, \n flow, \n withCredentials, \n remediators, \n actions,\n },\n status\n };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n const { options } = data;\n const {\n stateHandle,\n withCredentials,\n version,\n state,\n scopes,\n recoveryToken,\n activationToken,\n maxAge,\n acrValues,\n nonce,\n useGenericRemediator,\n } = options;\n\n let idxResponse;\n let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n if (stateHandle) {\n idxResponse = await introspect(authClient, { withCredentials, version, stateHandle, useGenericRemediator });\n } else {\n let interactionHandle = meta?.interactionHandle; // may be undefined\n if (!interactionHandle) {\n // start a new transaction\n authClient.transactionManager.clear();\n const interactResponse = await interact(authClient, {\n withCredentials,\n state,\n scopes,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues,\n nonce,\n }); \n interactionHandle = interactResponse.interactionHandle;\n meta = interactResponse.meta;\n }\n \n // Introspect to get idx response\n idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle, useGenericRemediator });\n }\n return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n let {\n idxResponse,\n options,\n values\n } = data;\n\n const {\n autoRemediate,\n remediators,\n actions,\n flow,\n step,\n useGenericRemediator,\n } = options;\n \n const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n if (!shouldRemediate) {\n return data;\n }\n\n values = { \n ...values, \n stateHandle: idxResponse!.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromRemediation, \n nextStep,\n canceled,\n } = await remediate(\n authClient,\n idxResponse!, \n values, \n {\n remediators,\n actions,\n flow,\n step,\n useGenericRemediator,\n }\n );\n idxResponse = idxResponseFromRemediation;\n\n return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n let { meta, idxResponse } = data;\n const { interactionCode } = idxResponse as IdxResponse;\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = meta as IdxTransactionMeta;\n const tokenResponse = await authClient.token.exchangeCodeForTokens({\n interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n let {\n options,\n idxResponse,\n canceled,\n status,\n } = data;\n const { exchangeCodeForTokens } = options;\n let shouldSaveResponse = false;\n let shouldClearTransaction = false;\n let clearSharedStorage = true;\n let interactionCode;\n let tokens;\n let enabledFeatures;\n let availableSteps;\n let messages;\n let terminal;\n\n if (idxResponse) {\n shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n messages = getMessagesFromResponse(idxResponse, options);\n terminal = isTerminalResponse(idxResponse);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n\n // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n // A terminal \"success\" is a non-error response with no further actions available.\n // In these narrow cases, saved transaction data should be cleared.\n // One example of a terminal success is when the email verify flow is continued in another tab\n const hasActions = Object.keys(idxResponse!.actions).length > 0;\n const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n if (isTerminalSuccess) {\n shouldClearTransaction = true;\n } else {\n // save response if there are actions available (ignore messages)\n shouldSaveResponse = !!hasActions;\n }\n // leave shared storage intact so the transaction can be continued in another tab\n clearSharedStorage = false;\n } else if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponse?.interactionCode) { \n interactionCode = idxResponse.interactionCode;\n if (exchangeCodeForTokens === false) {\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = false;\n } else {\n tokens = await getTokens(authClient, data);\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n return {\n ...data,\n status,\n interactionCode,\n tokens,\n shouldSaveResponse,\n shouldClearTransaction,\n clearSharedStorage,\n enabledFeatures,\n availableSteps,\n messages,\n terminal\n };\n}\n\nexport async function run(\n authClient: OktaAuthIdxInterface, \n options: RunOptions = {},\n): Promise<IdxTransaction> {\n let data: RunData = {\n options,\n values: initializeValues(options)\n };\n\n data = initializeData(authClient, data);\n data = await getDataFromIntrospect(authClient, data);\n data = await getDataFromRemediate(authClient, data);\n data = await finalizeData(authClient, data);\n\n const {\n idxResponse,\n meta,\n shouldSaveResponse,\n shouldClearTransaction,\n clearSharedStorage,\n status,\n enabledFeatures,\n availableSteps,\n tokens,\n nextStep,\n messages,\n error,\n interactionCode\n } = data;\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear({ clearSharedStorage });\n }\n else {\n // ensures state is saved to sessionStorage\n saveTransactionMeta(authClient, { ...meta });\n\n if (shouldSaveResponse) {\n // Save intermediate idx response in storage to reduce introspect call\n const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n authClient.transactionManager.saveIdxResponse({\n rawIdxResponse,\n requestDidSucceed,\n stateHandle: idxResponse!.context?.stateHandle,\n interactionHandle: meta?.interactionHandle\n });\n }\n }\n \n // copy all fields from idxResponse which are needed by the widget\n const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n return {\n status: status!,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && messages.length && { messages }),\n ...(error && { error }),\n ...(stepUp && { stepUp }),\n interactionCode, // if options.exchangeCodeForTokens is false\n\n // from idx-js\n actions: actions!,\n context: context!,\n neededToProceed: neededToProceed!,\n proceed: proceed!,\n rawIdxState: rawIdxState!,\n requestDidSucceed\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuthIdxInterface, IdxTransaction, StartOptions } from './types';\n\nexport async function startTransaction(\n authClient: OktaAuthIdxInterface, \n options: StartOptions = {}\n): Promise<IdxTransaction> {\n // Clear IDX response cache and saved transaction meta (if any)\n authClient.transactionManager.clear();\n\n return run(authClient, {\n exchangeCodeForTokens: false,\n ...options\n });\n}\n","import { CookieOptions, StorageManagerOptions, StorageOptions, StorageUtil } from '../storage/types';\nimport { IdxTransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { IDX_RESPONSE_STORAGE_NAME } from '../constants';\nimport { createCoreStorageManager } from '../core/storage';\nimport { IdxResponseStorage } from './types/storage';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\nimport AuthSdkError from '../errors/AuthSdkError';\n\nexport function createIdxStorageManager<M extends IdxTransactionMeta>()\n{\n const CoreStorageManager = createCoreStorageManager<M>();\n return class IdxStorageManager extends CoreStorageManager\n {\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n super(storageManagerOptions, cookieOptions, storageUtil);\n }\n\n // intermediate idxResponse\n // store for network traffic optimazation purpose\n // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791\n getIdxResponseStorage(options?: StorageOptions): IdxResponseStorage | null {\n let storage;\n if (isBrowser()) {\n // on browser side only use memory storage \n try {\n storage = this.storageUtil.getStorageByType('memory', options);\n } catch (e) {\n // it's ok to miss response storage\n // eslint-disable-next-line max-len\n warn('No response storage found, you may want to provide custom implementation for intermediate idx responses to optimize the network traffic');\n }\n } else {\n // on server side re-use transaction custom storage\n const transactionStorage = this.getTransactionStorage(options);\n if (transactionStorage) {\n storage = {\n getItem: (key) => {\n const transaction = transactionStorage.getStorage();\n if (transaction && transaction[key]) {\n return transaction[key];\n }\n return null;\n },\n setItem: (key, val) => {\n const transaction = transactionStorage.getStorage();\n if (!transaction) {\n throw new AuthSdkError('Transaction has been cleared, failed to save idxState');\n }\n transaction[key] = val;\n transactionStorage.setStorage(transaction);\n },\n removeItem: (key) => {\n const transaction = transactionStorage.getStorage();\n if (!transaction) {\n return;\n }\n delete transaction[key];\n transactionStorage.setStorage(transaction);\n }\n };\n }\n }\n\n if (!storage) {\n return null;\n }\n\n return new SavedObject(storage, IDX_RESPONSE_STORAGE_NAME);\n }\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxTransactionMeta, IdxTransactionMetaOptions } from './types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta, PKCETransactionMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options: IdxTransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n const tokenParams = await authClient.token.prepareTokenParams(options);\n const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n let {\n flow = 'default',\n withCredentials = true,\n activationToken = undefined,\n recoveryToken = undefined,\n maxAge = undefined,\n acrValues = undefined,\n } = { ...authClient.options, ...options }; // local options override SDK options\n\n const meta: IdxTransactionMeta = {\n ...pkceMeta,\n flow,\n withCredentials,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues\n };\n return meta;\n}\n\nexport function hasSavedInteractionHandle(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): boolean {\n const savedMeta = getSavedTransactionMeta(authClient, options);\n if (savedMeta?.interactionHandle) {\n return true;\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): IdxTransactionMeta | undefined {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n let savedMeta;\n try {\n savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n } catch (e) {\n // ignore errors here\n }\n\n if (!savedMeta) {\n return;\n }\n\n if (isTransactionMetaValid(savedMeta, options)) {\n return savedMeta;\n }\n\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n // Load existing transaction meta from storage\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // No existing? Create new transaction meta.\n return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuthIdxInterface, meta): void {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuthIdxInterface): void {\n authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: IdxTransactionMetaOptions = {}): boolean {\n // Validate against certain options. If these exist in options, they must match in meta\n const keys = [\n 'issuer',\n 'clientId',\n 'redirectUri',\n 'state',\n 'codeChallenge',\n 'codeChallengeMethod',\n 'activationToken',\n 'recoveryToken'\n ];\n if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n return false;\n }\n\n // Validate configured flow\n const { flow } = options;\n if (isTransactionMetaValidForFlow(meta, flow) === false) {\n return false;\n }\n\n return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n // Specific flows should not share transaction data\n const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n if (shouldValidateFlow) {\n if (flow !== meta.flow) {\n // The flow has changed; abandon the old transaction\n return false;\n }\n }\n return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n // returns false if values in meta do not match options\n // if the option does not have a value for a specific key, it is ignored\n const mismatch = keys.some(key => {\n const value = options[key];\n if (value && value !== meta[key]) {\n return true;\n }\n });\n return !mismatch;\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n OktaAuthOAuthInterface,\n MinimalOktaOAuthInterface,\n Tokens,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n IdxActions,\n IdxAuthenticator,\n IdxContext,\n IdxForm,\n IdxMessage,\n IdxOption,\n IdxRemediation,\n IdxResponse,\n RawIdxResponse,\n IdxActionParams,\n IdpConfig,\n IdxToPersist,\n ChallengeData,\n ActivationData,\n} from './idx-js';\nimport {\n IdxOptions,\n AccountUnlockOptions,\n AuthenticationOptions,\n CancelOptions,\n InteractOptions,\n IntrospectOptions,\n OktaAuthIdxOptions,\n PasswordRecoveryOptions,\n ProceedOptions,\n RegistrationOptions,\n StartOptions,\n IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n WebauthnEnrollValues,\n WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor, FingerprintAPI } from '../../base/types';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify',\n WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n name: string;\n key?: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm} | Input[];\n minLength?: number;\n maxLength?: number;\n secret?: boolean;\n required?: boolean;\n options?: IdxOption[];\n mutable?: boolean;\n visible?: boolean;\n customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions extends Pick<IdxOptions, 'exchangeCodeForTokens' | 'withCredentials' > {\n required?: boolean;\n refresh?: number;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n poll?: IdxPollOptions;\n authenticatorEnrollments?: IdxAuthenticator[];\n // eslint-disable-next-line no-use-before-define\n action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n idp?: IdpConfig;\n href?: string;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n refresh?: number;\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n \n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\n\nexport type Authenticator = {\n id?: string;\n key?: string;\n methodType?: string;\n phoneNumber?: string;\n channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n idxResponse: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n state: string;\n otp: string;\n}\n\nexport interface MinimalIdxAPI {\n // lowest level api\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxAPI {\n // lowest level api\n interact: (options?: InteractOptions) => Promise<InteractResponse>;\n introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow entrypoints\n authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n getFlow(): FlowIdentifier | undefined;\n setFlow(flow: FlowIdentifier): void;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // redirect callbacks\n isInteractionRequired: (hashOrSearch?: string) => boolean;\n isInteractionRequiredError: (error: Error) => boolean; \n handleInteractionCodeRedirect: (url: string) => Promise<void>;\n isEmailVerifyCallback: (search: string) => boolean;\n parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n isEmailVerifyCallbackError: (error: Error) => boolean;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n saveIdxResponse(data: SavedIdxResponse): void;\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n buildCredentialRequestOptions(\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialRequestOptions;\n buildCredentialCreationOptions(\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialCreationOptions;\n}\n\n\nexport interface OktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface MinimalOktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends MinimalOktaOAuthInterface<M, S, O, TM>\n{\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n I extends MinimalOktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n new(...args: any[]): I;\n webauthn: WebauthnAPI;\n}\n","/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n challenge: string; \n userVerification: string; \n extensions?: {\n appid: string;\n };\n rpId?: string;\n}\nexport interface ActivationData {\n challenge: string;\n rp: {\n name: string;\n id?: string;\n };\n user: {\n id: string;\n name: string;\n displayName: string;\n };\n pubKeyCredParams: {\n type: string;\n alg: number;\n }[];\n attestation?: string;\n authenticatorSelection?: {\n userVerification?: string;\n authenticatorAttachment?: string;\n requireResidentKey?: boolean;\n residentKey?: string;\n };\n excludeCredentials?: {\n id: string;\n type: string;\n }[];\n}\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: {\n enrolledQuestion?: {\n question: string;\n questionKey: string;\n };\n qrcode?: { \n href: string; \n method: string; \n type: string; \n };\n sharedSecret?: string;\n questions?: {\n questionKey: string;\n question: string;\n }[];\n questionKeys?: string[];\n selectedChannel?: string;\n activationData?: ActivationData;\n challengeData?: ChallengeData;\n };\n credentialId?: string;\n enrollmentId?: string;\n profile?: Record<string, unknown>;\n resend?: Record<string, unknown>;\n poll?: Record<string, unknown>;\n recover?: Record<string, unknown>;\n deviceKnown?: boolean;\n nickname?: string;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | {form: IdxForm} | Input[];\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValueForm {\n form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string | IdxRemediationValueForm;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n produces?: string;\n refresh?: number;\n rel?: string[];\n action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n version: string;\n stateHandle: string;\n expiresAt: string;\n intent: string;\n currentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment: {\n type: string;\n value: IdxAuthenticator;\n };\n authenticators: {\n type: string;\n value: IdxAuthenticator[];\n };\n authenticatorEnrollments: {\n type: string;\n value: IdxAuthenticator[];\n };\n enrollmentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n user?: {\n type: string;\n value: Record<string, unknown>;\n };\n uiDisplay?: IdxContextUIDisplay\n app: {\n type: string;\n value: Record<string, unknown>;\n };\n messages?: IdxMessages;\n success?: IdxRemediation;\n failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n type: string;\n value: {\n label?: string;\n buttonLabel?: string;\n }\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n success?: boolean;\n successWithInteractionCode?: IdxRemediation;\n currentAuthenticator?: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment?: {\n type: string;\n value: IdxAuthenticator;\n };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n interactionHandle?: string;\n withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n (params: IdxActionParams): Promise<IdxResponse>;\n neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: IdxToPersist;\n context?: IdxContext;\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './api';\nexport * from './options';\nexport type {\n IdxMessage,\n IdxMessages,\n ChallengeData,\n ActivationData,\n IdxResponse,\n IdxContext,\n RawIdxResponse,\n IdxRemediation,\n IdxAuthenticator,\n IdxActionParams,\n IdxContextUIDisplay,\n\n} from './idx-js';\nexport * from './meta';\nexport type { FlowIdentifier } from './FlowIdentifier';\nexport type { FlowSpecification } from './FlowSpecification';\nexport type { WebauthnEnrollValues } from '../authenticator/WebauthnEnrollment';\nexport type { WebauthnVerificationValues } from '../authenticator/WebauthnVerification';\nexport * from './storage';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuthIdxInterface, \n AccountUnlockOptions, \n IdxTransaction,\n IdxFeature,\n} from './types';\n\nexport async function unlockAccount(\n authClient: OktaAuthIdxInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n options.flow = 'unlockAccount';\n\n // Only check at the beginning of the transaction\n if (!hasSavedInteractionHandle(authClient)) {\n const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n throw new AuthSdkError(\n 'Self Service Account Unlock is not supported based on your current org configuration.'\n );\n }\n }\n\n return run(authClient, { ...options });\n}\n","import { warn, split2 } from '../util';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport {\n OktaAuthIdxInterface,\n IdxFeature,\n NextStep,\n RemediateOptions,\n RemediationResponse,\n RunOptions,\n FlowIdentifier,\n FlowSpecification\n} from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\ntype GetFlowSpecification = (\n oktaAuth: OktaAuthIdxInterface,\n flow: FlowIdentifier\n) => FlowSpecification;\n\nconst ctx: {\n remediators: Record<string, RemediatorConstructor>,\n getFlowSpecification: GetFlowSpecification,\n} = {\n // default values to be used by minimal IDX API\n remediators: {},\n getFlowSpecification: function(_oktaAuth: OktaAuthIdxInterface, _flow: FlowIdentifier = 'default') {\n return {\n remediators: {}\n } as FlowSpecification;\n }\n};\n\n// should be set in createIdxAPI() factory\nexport function setRemediatorsCtx(newCtx: Partial<typeof ctx>) {\n Object.assign(ctx, newCtx);\n}\n\nexport function getFlowSpecification(oktaAuth: OktaAuthIdxInterface, flow: FlowIdentifier = 'default') {\n return ctx.getFlowSpecification(oktaAuth, flow);\n}\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n if (!value || !Array.isArray(value)) {\n return;\n }\n return value.reduce((messages, value) => {\n if (value.messages) {\n messages = [...messages, ...value.messages.value] as never;\n }\n if (value.form) {\n const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n messages = [...messages, ...messagesFromForm] as never;\n } \n if (value.options) {\n let optionValues = [];\n value.options.forEach(option => {\n if (!option.value || typeof option.value === 'string') {\n return;\n }\n optionValues = [...optionValues, option.value] as never;\n });\n const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n messages = [...messages, ...messagesFromOptions] as never;\n }\n return messages;\n }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n let messages: IdxMessage[] = [];\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages] as never;\n }\n\n // Handle field messages for current flow\n // Preserve existing logic for general cases, remove in the next major version\n // Follow ion response format for top level messages when useGenericRemediator is true\n if (!options.useGenericRemediator) {\n for (let remediation of neededToProceed) {\n const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages] as never;\n }\n }\n }\n\n // API may return identical error on same field, filter by i18n key\n const seen = {};\n messages = messages.reduce((filtered, message) => {\n const key = message.i18n?.key;\n if (key && seen[key] && message.message === seen[key].message) {\n return filtered;\n }\n seen[key] = message;\n filtered = [...filtered, message] as never;\n return filtered;\n }, []);\n\n return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n }\n\n return res;\n}\n\nexport function getAvailableSteps(\n authClient: OktaAuthIdxInterface, \n idxResponse: IdxResponse, \n useGenericRemediator?: boolean\n): NextStep[] {\n const res: NextStep[] = [];\n\n const remediatorMap: Record<string, RemediatorConstructor> = Object.values(ctx.remediators)\n .reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of idxResponse.neededToProceed) {\n const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n if (T) {\n const remediator: Remediator = new T(remediation);\n res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n }\n }\n\n for (const [name] of Object.entries((idxResponse.actions || {}))) {\n let stepObj = {\n name, \n action: async (params?) => {\n return authClient.idx.proceed({ \n actions: [{ name, params }] \n });\n }\n };\n if (name.startsWith('currentAuthenticator')) {\n const [part1, part2] = split2(name, '-');\n const actionObj = idxResponse.rawIdxState[part1].value[part2];\n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n const {\n href, \n method, \n rel, \n accepts, \n produces, \n ...rest\n } = actionObj;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n stepObj = { \n ...rest, \n ...(value && { value }),\n ...stepObj,\n };\n }\n res.push(stepObj);\n }\n\n return res;\n}\n\nexport function filterValuesForRemediation(\n idxResponse: IdxResponse,\n remediationName: string,\n values: RemediationValues\n): RemediationValues {\n const remediations = idxResponse.neededToProceed || [];\n const remediation = remediations.find(r => r.name === remediationName);\n if (!remediation) {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n return values;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n const { name, value } = entry;\n if (name === 'stateHandle') {\n res[name] = value; // use the stateHandle value in the remediation\n } else {\n res[name] = values[name]; // use the value provided by the caller\n }\n return res;\n }, {});\n return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n const { useGenericRemediator, remediators } = options;\n \n if (!remediation) {\n return undefined;\n }\n\n if (useGenericRemediator) {\n return GenericRemediator;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions,\n): Remediator | undefined {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediators = options.remediators!;\n const useGenericRemediator = options.useGenericRemediator;\n const {neededToProceed: idxRemediations, context} = idxResponse;\n\n let remediator: Remediator;\n // remediation name specified by caller - fast-track remediator lookup \n if (options.step) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n if (remediation) {\n const T = getRemediatorClass(remediation, options);\n return T ? new T(remediation, values, options) : undefined;\n } else {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`step \"${options.step}\" did not match any remediations`);\n return;\n }\n }\n\n const remediatorCandidates: Remediator[] = [];\n if (useGenericRemediator) {\n // always pick the first remediation for when use GenericRemediator\n remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n } else {\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const T = getRemediatorClass(remediation, options)!;\n remediator = new T(remediation, values, options);\n if (remediator.canRemediate(context)) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nexport function handleFailedResponse(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n options = {}\n): RemediationResponse {\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse, options);\n if (terminal) {\n return { idxResponse, terminal, messages };\n } else {\n const remediator = getRemediator(idxResponse, {}, options);\n const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n messages,\n ...(nextStep && { nextStep }),\n };\n }\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n ActivationData,\n ChallengeData,\n IdxAuthenticator,\n} from './types';\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n const credentials: PublicKeyCredentialDescriptor[] = [];\n authenticatorEnrollments.forEach((enrollement) => {\n if (enrollement.key === 'webauthn') {\n credentials.push({\n type: 'public-key',\n id: base64UrlToBuffer(enrollement.credentialId),\n });\n }\n });\n return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n rp: activationData.rp,\n user: {\n id: base64UrlToBuffer(activationData.user.id),\n name: activationData.user.name,\n displayName: activationData.user.displayName\n },\n challenge: base64UrlToBuffer(activationData.challenge),\n pubKeyCredParams: activationData.pubKeyCredParams,\n attestation: activationData.attestation,\n authenticatorSelection: activationData.authenticatorSelection,\n excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n }\n } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n challenge: base64UrlToBuffer(challengeData.challenge),\n userVerification: challengeData.userVerification,\n allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n ...(challengeData.rpId && { rpId: challengeData.rpId }),\n }\n } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential) => {\n const response = credential.response as AuthenticatorAttestationResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const attestation = bufferToBase64Url(response.attestationObject);\n return {\n id,\n clientData,\n attestation\n };\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential) => {\n const response = credential.response as AuthenticatorAssertionResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const authenticatorData = bufferToBase64Url(response.authenticatorData);\n const signatureData = bufferToBase64Url(response.signature);\n return {\n id,\n clientData,\n authenticatorData,\n signatureData\n };\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// exports all public methods from myaccount module\n\nexport * from './profileApi';\nexport * from './emailApi';\nexport * from './phoneApi';\nexport * from './passwordApi';","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n EmailTransaction, \n EmailChallengeTransaction \n} from './transactions';\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmails: IAPIFunction<EmailTransaction[]> = async (\n oktaAuth,\n options?\n) => {\n const transaction = await sendRequest<EmailTransaction, 'plural'>(oktaAuth, {\n url: '/idp/myaccount/emails',\n method: 'GET',\n accessToken: options?.accessToken\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmail: IAPIFunction<EmailTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}`,\n method: 'GET',\n accessToken,\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const addEmail: IAPIFunction<EmailTransaction> = async (\n oktaAuth, \n options\n): Promise<EmailTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/emails',\n method: 'POST',\n payload,\n accessToken,\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const deleteEmail: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}`,\n method: 'DELETE',\n accessToken\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const sendEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}/challenge`,\n method: 'POST',\n accessToken,\n }, EmailChallengeTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n oktaAuth, \n options\n) => {\n const { emailId, challengeId, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}`,\n method: 'POST',\n accessToken,\n }, EmailChallengeTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const verifyEmailChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth,\n options\n) => {\n const { emailId, challengeId, payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}/verify`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../oidc/types';\nimport { createOktaAuthCore } from '../core/factory';\nimport { OktaAuthCoreOptions } from '../core/types';\nimport { mixinMyAccount } from './mixin';\nimport { OktaAuthMyAccountInterface } from './types';\n\nexport function createOktaAuthMyAccount\n<\n M extends PKCETransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManager: TransactionManagerConstructor<TM>\n)\n: OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n const Core = createOktaAuthCore<M, S, O>(StorageManagerConstructor, OptionsConstructor, TransactionManager);\n const WithMyAccount = mixinMyAccount<M, S, O>(Core);\n return WithMyAccount;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './api';\nexport * from './factory';\nexport * from './mixin';\nexport * from './types';\n","import { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n} from '../oidc/types';\nimport { OktaAuthMyAccountInterface } from './types';\n\nimport * as MyAccountMethods from './api';\n\nexport function mixinMyAccount\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n return class OktaAuthMyAccount extends Base implements OktaAuthMyAccountInterface<M, S, O>\n {\n myaccount: any;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.myaccount = Object.entries(MyAccountMethods)\n .filter(([ name ]) => name !== 'default')\n .reduce((acc, [name, fn]) => {\n acc[name] = (fn as any).bind(null, this);\n return acc;\n }, {});\n }\n };\n}\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n PasswordTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.password.read\n */\nexport const getPassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth,\n options\n) => {\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/password`,\n method: 'GET',\n accessToken: options?.accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const enrollPassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth, \n options\n): Promise<PasswordTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/password',\n method: 'POST',\n payload,\n accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const updatePassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth, \n options\n): Promise<PasswordTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/password',\n method: 'PUT',\n payload,\n accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const deletePassword: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options?\n) => {\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/password`,\n method: 'DELETE',\n accessToken: options?.accessToken,\n });\n return transaction;\n};\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n PhoneTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhones: IAPIFunction<PhoneTransaction[]> = async (\n oktaAuth,\n options?\n) => {\n const transaction = await sendRequest<PhoneTransaction, 'plural'>(oktaAuth, {\n url: '/idp/myaccount/phones',\n method: 'GET',\n accessToken: options?.accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhone: IAPIFunction<PhoneTransaction> = async (\n oktaAuth,\n options\n) => {\n const { accessToken, id } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}`,\n method: 'GET',\n accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const addPhone: IAPIFunction<PhoneTransaction> = async (\n oktaAuth, \n options\n): Promise<PhoneTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/phones',\n method: 'POST',\n payload,\n accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const deletePhone: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}`,\n method: 'DELETE',\n accessToken,\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const sendPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { accessToken, id, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}/challenge`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const verifyPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth,\n options\n) => {\n const { id, payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}/verify`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n ProfileTransaction,\n ProfileSchemaTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfile: IAPIFunction<ProfileTransaction> = async (oktaAuth, options?) => {\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile',\n method: 'GET',\n accessToken: options?.accessToken,\n }, ProfileTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.manage\n */\nexport const updateProfile: IAPIFunction<ProfileTransaction> = async (\n oktaAuth, \n options\n) => {\n const { payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile',\n method: 'PUT',\n payload,\n accessToken,\n }, ProfileTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfileSchema: IAPIFunction<ProfileSchemaTransaction> = async (\n oktaAuth, \n options?\n): Promise<ProfileSchemaTransaction> => {\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile/schema',\n method: 'GET',\n accessToken: options?.accessToken,\n }, ProfileSchemaTransaction);\n return transaction;\n};\n","import { \n default as BaseTransaction,\n TransactionType,\n TransactionLinks\n} from './transactions/Base';\nimport { httpRequest } from '../http';\nimport { AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { RequestOptions as HttpRequestOptions } from '../http/types';\nimport { AccessToken, OktaAuthOAuthInterface } from '../oidc/types';\n\ntype SendRequestOptions = RequestOptions & {\n url: string;\n method: string;\n}\n\n/* eslint-disable complexity */\nexport async function sendRequest<\n T extends BaseTransaction = BaseTransaction,\n N extends 'plural' | 'single' = 'single',\n NT = N extends 'plural' ? T[] : T\n> (\n oktaAuth: OktaAuthOAuthInterface, \n options: SendRequestOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): Promise<NT> {\n const {\n accessToken: accessTokenObj\n } = oktaAuth.tokenManager.getTokensSync();\n\n const atToken = options.accessToken || accessTokenObj;\n const issuer = oktaAuth.getIssuerOrigin();\n const { url, method, payload } = options;\n const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n if (!atToken) {\n throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n }\n\n let accessToken: string | AccessToken = atToken;\n\n const httpOptions: HttpRequestOptions = {\n headers: { 'Accept': '*/*;okta-version=1.0.0' },\n url: requestUrl,\n method,\n ...(payload && { args: payload })\n };\n\n if (oktaAuth.options.dpop) {\n if (typeof accessToken === 'string') {\n throw new AuthSdkError('AccessToken object must be provided when using dpop');\n }\n\n const { Authorization, Dpop } = await oktaAuth.getDPoPAuthorizationHeaders({\n method,\n url: requestUrl,\n accessToken\n });\n httpOptions.headers!.Authorization = Authorization;\n httpOptions.headers!.Dpop = Dpop;\n }\n else {\n accessToken = typeof accessToken === 'string' ? accessToken : accessToken.accessToken;\n httpOptions.accessToken = accessToken;\n }\n\n const res = await httpRequest(oktaAuth, httpOptions);\n\n let ret: T | T[];\n if (Array.isArray(res)) {\n ret = res.map(item => new TransactionClass(oktaAuth, { \n res: item, \n accessToken\n }));\n } else {\n ret = new TransactionClass(oktaAuth, { \n res, \n accessToken\n });\n }\n return ret as NT;\n}\n/* eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n oktaAuth: OktaAuthOAuthInterface;\n accessToken: string | AccessToken;\n methodName: string;\n links: TransactionLinks;\n}\n\ntype IRequestFnFromLinks<T extends BaseTransaction> = (payload?) => Promise<T>;\n\nexport function generateRequestFnFromLinks<T extends BaseTransaction>(\n {\n oktaAuth, \n accessToken,\n methodName,\n links,\n }: GenerateRequestFnFromLinksOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): IRequestFnFromLinks<T> {\n for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n if (method.toLowerCase() === methodName) {\n const link = links.self;\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method,\n payload,\n }, TransactionClass));\n }\n }\n \n const link = links[methodName];\n if (!link) {\n throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n }\n\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method: link.hints!.allow![0],\n payload,\n }, TransactionClass));\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { AccessToken } from '../../oidc/types';\n\nexport type TransactionLink = {\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\nexport type TransactionLinks = {\n self: TransactionLink;\n [property: string]: TransactionLink;\n}\n\ntype TransactionOptions = {\n // TODO: move res type to http module\n res: {\n headers: Record<string, string>;\n _links?: Record<string, TransactionLink>;\n [property: string]: unknown;\n };\n accessToken: string | AccessToken;\n};\n\nexport default class BaseTransaction {\n // Deprecated\n headers?: Record<string, string>;\n\n constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n const { res } = options;\n const { headers, ...rest } = res;\n \n // assign required fields from res\n if (headers) {\n this.headers = headers;\n }\n\n // add all rest fields from res\n Object.keys(rest).forEach(key => {\n if (key === '_links') {\n return;\n }\n this[key] = rest[key];\n });\n }\n}\n\nexport interface TransactionType<T extends BaseTransaction = BaseTransaction> extends Function {\n new (oktaAuth: OktaAuthHttpInterface, options: TransactionOptions): T;\n prototype: T;\n}\n","import EmailStatusTransaction from './EmailStatusTransaction';\nimport { \n EmailProfile, \n Status,\n VerificationPayload, \n} from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailChallengeTransaction extends BaseTransaction {\n id: string;\n expiresAt: string;\n profile: EmailProfile;\n status: Status;\n\n poll: () => Promise<EmailStatusTransaction>;\n // eslint-disable-next-line no-use-before-define\n verify: (payload: VerificationPayload) => Promise<EmailChallengeTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { accessToken, res } = options;\n // assign required fields from res\n const { id, expiresAt, profile, status, _links } = res;\n this.id = id;\n this.expiresAt = expiresAt;\n this.profile = profile;\n this.status = status;\n\n // assign transformed fns to transaction\n this.poll = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'poll', \n links: _links,\n }, EmailStatusTransaction);\n return await fn();\n };\n this.verify = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links,\n }, EmailChallengeTransaction);\n return await fn(payload);\n };\n }\n}\n","import { EmailProfile, Status } from '../types';\nimport BaseTransaction from './Base';\n\nexport default class EmailStatusTransaction extends BaseTransaction {\n id: string;\n expiresAt: string;\n profile: EmailProfile;\n status: Status;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res } = options;\n // assign required fields from res\n const { id, profile, expiresAt, status } = res;\n this.id = id;\n this.expiresAt = expiresAt;\n this.profile = profile;\n this.status = status;\n }\n}\n","import EmailChallengeTransaction from './EmailChallengeTransaction';\nimport EmailStatusTransaction from './EmailStatusTransaction';\nimport { EmailProfile, EmailRole, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailTransaction extends BaseTransaction {\n id: string;\n profile: EmailProfile;\n roles: EmailRole[];\n status: Status;\n\n // eslint-disable-next-line no-use-before-define\n get: () => Promise<EmailTransaction>;\n delete: () => Promise<BaseTransaction>;\n challenge: () => Promise<EmailChallengeTransaction>;\n poll?: () => Promise<EmailStatusTransaction>;\n verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { accessToken, res } = options;\n // assign required fields from res\n const { id, profile, roles, status, _links } = res;\n this.id = id;\n this.profile = profile;\n this.roles = roles;\n this.status = status;\n\n // assign transformed fns to transaction\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get', \n links: _links,\n }, EmailTransaction);\n return await fn();\n };\n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n this.challenge = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'challenge', \n links: _links,\n }, EmailChallengeTransaction);\n return await fn();\n };\n if (_links.poll) {\n this.poll = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'poll', \n links: _links,\n }, EmailStatusTransaction);\n return await fn();\n };\n }\n if (_links.verify) {\n this.verify = async (payload: VerificationPayload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links,\n });\n return await fn(payload);\n };\n }\n }\n}\n","import { EnrollPasswordPayload, UpdatePasswordPayload, PasswordStatus } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PasswordTransaction extends BaseTransaction {\n id: string;\n created: string;\n lastUpdated: string;\n status: PasswordStatus;\n\n // eslint-disable-next-line no-use-before-define\n get?: () => Promise<PasswordTransaction>;\n // eslint-disable-next-line no-use-before-define\n enroll?: (payload: EnrollPasswordPayload) => Promise<PasswordTransaction>;\n // eslint-disable-next-line no-use-before-define\n update?: (payload: UpdatePasswordPayload) => Promise<PasswordTransaction>;\n delete?: () => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res, accessToken } = options;\n // assign required fields from res\n const { id, status, created, lastUpdated, _links } = res;\n this.id = id;\n this.status = status;\n this.created = created;\n this.lastUpdated = lastUpdated;\n\n // assign transformed fns to transaction\n if (this.status == PasswordStatus.NOT_ENROLLED) {\n this.enroll = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'enroll',\n links: _links,\n }, PasswordTransaction);\n return await fn(payload);\n };\n }\n else {\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get',\n links: _links,\n }, PasswordTransaction);\n return await fn();\n };\n\n this.update = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'put', \n links: _links,\n }, PasswordTransaction);\n return await fn(payload);\n };\n \n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n }\n }\n}\n","import { ChallengePhonePayload, PhoneProfile, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PhoneTransaction extends BaseTransaction {\n id: string;\n profile: PhoneProfile;\n status: Status;\n\n // eslint-disable-next-line no-use-before-define\n get: () => Promise<PhoneTransaction>;\n delete: () => Promise<BaseTransaction>;\n challenge: (payload: ChallengePhonePayload) => Promise<BaseTransaction>;\n verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res, accessToken } = options;\n // assign required fields from res\n const { id, profile, status, _links } = res;\n this.id = id;\n this.profile = profile;\n this.status = status;\n\n // assign transformed fns to transaction\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get', \n links: _links,\n }, PhoneTransaction);\n return await fn();\n };\n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n this.challenge = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'challenge', \n links: _links \n });\n return await fn(payload);\n };\n if (_links.verify) {\n this.verify = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links \n });\n return await fn(payload);\n } ;\n }\n }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileSchemaTransaction extends BaseTransaction {\n properties: Record<string, object>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n this.properties = options.res.properties;\n }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileTransaction extends BaseTransaction {\n createdAt: string;\n modifiedAt: string;\n profile: Record<string, string>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { createdAt, modifiedAt, profile } = options.res;\n this.createdAt = createdAt;\n this.modifiedAt = modifiedAt;\n this.profile = profile;\n }\n}\n","export { default as ProfileTransaction } from './ProfileTransaction';\nexport { default as ProfileSchemaTransaction } from './ProfileSchemaTransaction';\nexport { default as EmailTransaction } from './EmailTransaction';\nexport { default as EmailStatusTransaction } from './EmailStatusTransaction';\nexport { default as EmailChallengeTransaction } from './EmailChallengeTransaction';\nexport { default as PhoneTransaction } from './PhoneTransaction';\nexport { default as PasswordTransaction } from './PasswordTransaction';\nexport { default as BaseTransaction } from './Base';\n","import {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n AccessToken\n} from '../oidc/types';\n\nexport type { \n EmailTransaction, \n EmailStatusTransaction,\n EmailChallengeTransaction,\n PhoneTransaction,\n ProfileTransaction,\n ProfileSchemaTransaction,\n PasswordTransaction,\n BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n PRIMARY = 'PRIMARY',\n SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n VERIFIED = 'VERIFIED',\n UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n NOT_ENROLLED = 'NOT_ENROLLED',\n ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n email: string;\n}\n\nexport type AddEmailPayload = {\n profile: {\n email: string;\n };\n sendEmail: boolean;\n role: EmailRole;\n}\n\nexport type PhoneProfile = {\n profile: {\n phoneNumber: string;\n };\n}\n\nexport type AddPhonePayload = {\n profile: {\n phoneNumber: string;\n };\n sendCode: boolean;\n method: string;\n};\n\nexport type ChallengePhonePayload = {\n method: string;\n}\n\nexport type VerificationPayload = {\n verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n profile: {\n password: string;\n }\n}\n\nexport type UpdatePasswordPayload = {\n profile: {\n password: string;\n currentPassword?: string;\n }\n}\n\nexport type UpdateProfilePayload = {\n profile: {\n firstName?: string;\n lastName?: string;\n email?: string;\n login?: string;\n [property: string]: any;\n };\n};\n\nexport type MyAccountRequestOptions = {\n id?: string;\n emailId?: string;\n challengeId?: string;\n payload?: AddEmailPayload \n | AddPhonePayload \n | ChallengePhonePayload\n | VerificationPayload \n | UpdateProfilePayload\n | EnrollPasswordPayload\n | UpdatePasswordPayload;\n accessToken?: string | AccessToken;\n}\n\nexport type IAPIFunction<T> = (\n oktaAuth: OktaAuthOAuthInterface, \n options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n extends OktaAuthOAuthInterface<M, S, O>\n{\n myaccount;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n Token, \n Tokens, \n TokenType, \n TokenManagerOptions, \n isIDToken, \n isAccessToken,\n isRefreshToken,\n TokenManagerErrorEventHandler,\n TokenManagerSetStorageEventHandler,\n TokenManagerRenewEventHandler,\n TokenManagerEventHandler,\n TokenManagerInterface,\n RefreshToken,\n AccessTokenCallback,\n IDTokenCallback,\n RefreshTokenCallback,\n EVENT_RENEWED,\n EVENT_ADDED,\n EVENT_ERROR,\n EVENT_EXPIRED,\n EVENT_REMOVED,\n EVENT_SET_STORAGE,\n TokenManagerAnyEventHandler,\n TokenManagerAnyEvent,\n OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n // TODO: remove in next major version - OKTA-473815\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n // --- //\n clearPendingRemoveTokens: true,\n storage: undefined, // will use value from storageManager config\n expireEarlySeconds: 30,\n storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n expireTimeouts: Record<string, unknown>;\n renewPromise: Promise<Token | undefined> | null;\n started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n return {\n expireTimeouts: {},\n renewPromise: null\n };\n}\nexport class TokenManager implements TokenManagerInterface {\n private sdk: OktaAuthOAuthInterface;\n private clock: SdkClock;\n private emitter: EventEmitter;\n private storage: StorageProvider;\n private state: TokenManagerState;\n private options: TokenManagerOptions;\n\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler: TokenManagerEventHandler, context?: object): void;\n on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n if (context) {\n this.emitter.on(event, handler, context);\n } else {\n this.emitter.on(event, handler);\n }\n }\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler?: TokenManagerEventHandler): void;\n off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n if (handler) {\n this.emitter.off(event, handler);\n } else {\n this.emitter.off(event);\n }\n }\n\n // eslint-disable-next-line complexity\n constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n this.sdk = sdk;\n this.emitter = (sdk as any).emitter;\n if (!this.emitter) {\n throw new AuthSdkError('Emitter should be initialized before TokenManager');\n }\n \n options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n if (!isLocalhost()) {\n options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n }\n\n this.options = options;\n\n const storageOptions: StorageOptions = removeNils({\n storageKey: options.storageKey,\n secure: options.secure,\n });\n if (typeof options.storage === 'object') {\n // A custom storage provider must implement getItem(key) and setItem(key, val)\n storageOptions.storageProvider = options.storage;\n } else if (options.storage) {\n storageOptions.storageType = options.storage as StorageType;\n }\n\n this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n this.clock = SdkClock.create(/* sdk, options */);\n this.state = defaultState();\n }\n\n start() {\n if (this.options.clearPendingRemoveTokens) {\n this.clearPendingRemoveTokens();\n }\n this.setExpireEventTimeoutAll();\n this.state.started = true;\n }\n \n stop() {\n this.clearExpireEventTimeoutAll();\n this.state.started = false;\n }\n\n isStarted() {\n return !!this.state.started;\n }\n\n getOptions(): TokenManagerOptions {\n return clone(this.options);\n }\n \n getExpireTime(token) {\n const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n var expireTime = token.expiresAt - expireEarlySeconds;\n return expireTime;\n }\n \n hasExpired(token) {\n var expireTime = this.getExpireTime(token);\n return expireTime <= this.clock.now();\n }\n \n emitExpired(key, token) {\n this.emitter.emit(EVENT_EXPIRED, key, token);\n }\n \n emitRenewed(key, freshToken, oldToken) {\n this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n }\n \n emitAdded(key, token) {\n this.emitter.emit(EVENT_ADDED, key, token);\n }\n \n emitRemoved(key, token?) {\n this.emitter.emit(EVENT_REMOVED, key, token);\n }\n \n emitError(error) {\n this.emitter.emit(EVENT_ERROR, error);\n }\n \n clearExpireEventTimeout(key) {\n clearTimeout(this.state.expireTimeouts[key] as any);\n delete this.state.expireTimeouts[key];\n \n // Remove the renew promise (if it exists)\n this.state.renewPromise = null;\n }\n \n clearExpireEventTimeoutAll() {\n var expireTimeouts = this.state.expireTimeouts;\n for (var key in expireTimeouts) {\n if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n continue;\n }\n this.clearExpireEventTimeout(key);\n }\n }\n \n setExpireEventTimeout(key, token) {\n if (isRefreshToken(token)) {\n return;\n }\n\n var expireTime = this.getExpireTime(token);\n var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n \n // Clear any existing timeout\n this.clearExpireEventTimeout(key);\n \n var expireEventTimeout = setTimeout(() => {\n this.emitExpired(key, token);\n }, expireEventWait);\n \n // Add a new timeout\n this.state.expireTimeouts[key] = expireEventTimeout;\n }\n \n setExpireEventTimeoutAll() {\n var tokenStorage = this.storage.getStorage();\n for(var key in tokenStorage) {\n if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n continue;\n }\n var token = tokenStorage[key];\n this.setExpireEventTimeout(key, token);\n }\n }\n \n // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n resetExpireEventTimeoutAll() {\n this.clearExpireEventTimeoutAll();\n this.setExpireEventTimeoutAll();\n }\n \n add(key, token: Token) {\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n }\n \n getSync(key): Token | undefined {\n var tokenStorage = this.storage.getStorage();\n return tokenStorage[key];\n }\n \n async get(key): Promise<Token | undefined> {\n return this.getSync(key);\n }\n \n getTokensSync(): Tokens {\n const tokens = {} as Tokens;\n const tokenStorage = this.storage.getStorage();\n Object.keys(tokenStorage).forEach(key => {\n const token = tokenStorage[key];\n if (isAccessToken(token)) {\n tokens.accessToken = token;\n } else if (isIDToken(token)) {\n tokens.idToken = token;\n } else if (isRefreshToken(token)) { \n tokens.refreshToken = token;\n }\n });\n return tokens;\n }\n \n async getTokens(): Promise<Tokens> {\n return this.getTokensSync();\n }\n\n getStorageKeyByType(type: TokenType): string {\n const tokenStorage = this.storage.getStorage();\n const key = Object.keys(tokenStorage).filter(key => {\n const token = tokenStorage[key];\n return (isAccessToken(token) && type === 'accessToken') \n || (isIDToken(token) && type === 'idToken')\n || (isRefreshToken(token) && type === 'refreshToken');\n })[0];\n return key;\n }\n\n private getTokenType(token: Token): TokenType {\n if (isAccessToken(token)) {\n return 'accessToken';\n }\n if (isIDToken(token)) {\n return 'idToken';\n }\n if(isRefreshToken(token)) {\n return 'refreshToken';\n }\n throw new AuthSdkError('Unknown token type');\n }\n\n // for synchronization of LocalStorage cross tabs for IE11\n private emitSetStorageEvent() {\n if (isIE11OrLess()) {\n const storage = this.storage.getStorage();\n this.emitter.emit(EVENT_SET_STORAGE, storage);\n }\n }\n\n // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n public getStorage() {\n return this.storage;\n }\n\n setTokens(\n tokens: Tokens,\n // TODO: callbacks can be removed in the next major version OKTA-407224\n accessTokenCb?: AccessTokenCallback, \n idTokenCb?: IDTokenCallback,\n refreshTokenCb?: RefreshTokenCallback\n ): void {\n const handleTokenCallback = (key, token) => {\n const type = this.getTokenType(token);\n if (type === 'accessToken') {\n accessTokenCb && accessTokenCb(key, token);\n } else if (type === 'idToken') {\n idTokenCb && idTokenCb(key, token);\n } else if (type === 'refreshToken') {\n refreshTokenCb && refreshTokenCb(key, token);\n }\n };\n const handleAdded = (key, token) => {\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRenewed = (key, token, oldToken) => {\n this.emitRenewed(key, token, oldToken);\n this.clearExpireEventTimeout(key);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRemoved = (key, token) => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, token);\n handleTokenCallback(key, token);\n };\n \n const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n const existingTokens = this.getTokensSync();\n\n // valid tokens\n types.forEach((type) => {\n const token = tokens[type];\n if (token) {\n validateToken(token, type);\n }\n });\n \n // add token to storage\n const storage = types.reduce((storage, type) => {\n const token = tokens[type];\n if (token) {\n const storageKey = this.getStorageKeyByType(type) || type;\n storage[storageKey] = token;\n }\n return storage;\n }, {});\n this.storage.setStorage(storage);\n this.emitSetStorageEvent();\n\n // emit event and start expiration timer\n types.forEach(type => {\n const newToken = tokens[type];\n const existingToken = existingTokens[type];\n const storageKey = this.getStorageKeyByType(type) || type;\n if (newToken && existingToken) { // renew\n // call handleRemoved first, since it clears timers\n handleRemoved(storageKey, existingToken);\n handleAdded(storageKey, newToken);\n handleRenewed(storageKey, newToken, existingToken);\n } else if (newToken) { // add\n handleAdded(storageKey, newToken);\n } else if (existingToken) { //remove\n handleRemoved(storageKey, existingToken);\n }\n });\n }\n \n remove(key) {\n // Clear any listener for this token\n this.clearExpireEventTimeout(key);\n \n var tokenStorage = this.storage.getStorage();\n var removedToken = tokenStorage[key];\n delete tokenStorage[key];\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n \n this.emitRemoved(key, removedToken);\n }\n \n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n async renewToken(token) {\n return this.sdk.token?.renew(token);\n }\n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n validateToken(token: Token) {\n return validateToken(token);\n }\n\n // TODO: renew method should take no param, change in the next major version OKTA-407224\n renew(key): Promise<Token | undefined> {\n // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n if (this.state.renewPromise) {\n return this.state.renewPromise;\n }\n\n try {\n var token = this.getSync(key);\n let shouldRenew = token !== undefined;\n // explicitly check if key='accessToken' because token keys are not guaranteed (long story, features dragons)\n if (!token && key === 'accessToken') {\n // attempt token renewal if refresh token is present (improves consistency of autoRenew)\n const refreshKey = this.getStorageKeyByType('refreshToken');\n const refreshToken = this.getSync(refreshKey);\n shouldRenew = refreshToken !== undefined;\n }\n\n if (!shouldRenew) {\n throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n }\n }\n catch (err) {\n this.emitError(err);\n return Promise.reject(err);\n }\n\n // Remove existing autoRenew timeout\n this.clearExpireEventTimeout(key);\n \n // A refresh token means a replace instead of renewal\n // Store the renew promise state, to avoid renewing again\n const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n .then(tokens => {\n this.setTokens(tokens);\n\n // return accessToken in case where access token doesn't exist\n // but refresh token exists\n if (!token && key === 'accessToken') {\n const accessToken = tokens['accessToken'];\n this.emitRenewed(key, accessToken, null);\n return accessToken;\n }\n\n // resolve token based on the key\n const tokenType = this.getTokenType(token!);\n return tokens[tokenType];\n })\n .catch(err => {\n // If renew fails, remove token from storage and emit error\n this.remove(key);\n err.tokenKey = key;\n this.emitError(err);\n throw err;\n })\n .finally(() => {\n // Remove existing promise key\n this.state.renewPromise = null;\n });\n \n return renewPromise;\n }\n \n clear() {\n const tokens = this.getTokensSync();\n this.clearExpireEventTimeoutAll();\n this.storage.clearStorage();\n this.emitSetStorageEvent();\n\n Object.keys(tokens).forEach(key => {\n this.emitRemoved(key, tokens[key]);\n });\n }\n\n clearPendingRemoveTokens() {\n const tokenStorage = this.storage.getStorage();\n const removedTokens = {};\n Object.keys(tokenStorage).forEach(key => {\n if (tokenStorage[key].pendingRemove) {\n removedTokens[key] = tokenStorage[key];\n delete tokenStorage[key];\n }\n });\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n Object.keys(removedTokens).forEach(key => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, removedTokens[key]);\n });\n }\n\n updateRefreshToken(token: RefreshToken) {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n // do not emit any event\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n }\n\n removeRefreshToken () {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n this.remove(key);\n }\n\n addPendingRemoveFlags() {\n const tokens = this.getTokensSync();\n Object.keys(tokens).forEach(key => {\n tokens[key].pendingRemove = true;\n });\n this.setTokens(tokens);\n }\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n TransactionMeta,\n isTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n ClearTransactionMetaOptions,\n TransactionManagerInterface,\n PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n return class TransactionManager implements TransactionManagerInterface\n {\n options: TransactionManagerOptions;\n storageManager: S;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager! as S;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: M, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n return null;\n }\n\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from './types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n var jwt = token.split('.');\n var decodedToken: JWTObject;\n\n try {\n decodedToken = {\n header: JSON.parse(base64UrlToString(jwt[0])),\n payload: JSON.parse(base64UrlToString(jwt[1])),\n signature: jwt[2]\n };\n } catch (e) {\n throw new AuthSdkError('Malformed token');\n }\n\n return decodedToken;\n}\n","// References:\n// https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage\n// https://datatracker.ietf.org/doc/html/rfc9449\n\nimport {\n webcrypto,\n stringToBase64Url,\n stringToBuffer,\n bufferToBase64Url,\n base64ToBase64Url,\n btoa\n} from '../crypto';\nimport { AuthSdkError, OAuthError, WWWAuthError, isOAuthError, isWWWAuthError } from '../errors';\nimport { Tokens } from './types';\n\nexport interface DPoPClaims {\n htm: string;\n htu: string;\n iat: number;\n jti: string;\n nonce?: string;\n ath?: string;\n}\n\nexport interface DPoPProofParams {\n keyPair: CryptoKeyPair;\n url: string;\n method: string;\n nonce?: string;\n accessToken?: string;\n}\n\nexport type ResourceDPoPProofParams = Omit<DPoPProofParams, 'keyPair' | 'nonce'>;\ntype DPoPProofTokenRequestParams = Omit<DPoPProofParams, 'accessToken'>;\n\nconst INDEXEDDB_NAME = 'OktaAuthJs';\nconst DB_KEY = 'DPoPKeys';\n\nexport function isDPoPNonceError(obj: any): obj is OAuthError | WWWAuthError {\n return (\n (isOAuthError(obj) || isWWWAuthError(obj)) &&\n obj.errorCode === 'use_dpop_nonce'\n );\n}\n\n/////////// crypto ///////////\n\nexport async function createJwt(header: object, claims: object, signingKey: CryptoKey): Promise<string> {\n const head = stringToBase64Url(JSON.stringify(header));\n const body = stringToBase64Url(JSON.stringify(claims));\n const signature = await webcrypto.subtle.sign(\n { name: signingKey.algorithm.name }, signingKey, stringToBuffer(`${head}.${body}`)\n );\n return `${head}.${body}.${base64ToBase64Url(bufferToBase64Url(signature))}`;\n}\n\nexport function cryptoRandomValue (byteLen = 32) {\n return [...webcrypto.getRandomValues(new Uint8Array(byteLen))].map(v => v.toString(16)).join('');\n}\n\nexport async function generateKeyPair (): Promise<CryptoKeyPair> {\n const algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: 'SHA-256',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n };\n\n // The \"false\" here makes it non-exportable\n // https://caniuse.com/mdn-api_subtlecrypto_generatekey\n return webcrypto.subtle.generateKey(algorithm, false, ['sign', 'verify']);\n}\n\nasync function hashAccessToken (accessToken: string): Promise<string> {\n const buffer = new TextEncoder().encode(accessToken);\n const hash = await webcrypto.subtle.digest('SHA-256', buffer);\n\n return btoa(String.fromCharCode.apply(null, new Uint8Array(hash) as unknown as number[]))\n .replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n/////////// indexeddb / keystore ///////////\n\n\n// https://developer.mozilla.org/en-US/docs/Web/API/IDBObjectStore#instance_methods\n// add additional methods as needed\nexport type StoreMethod = 'get' | 'add' | 'delete' | 'clear';\n\n// convenience abstraction for exposing IDBObjectStore instance\nfunction keyStore (): Promise<IDBObjectStore> {\n return new Promise((resolve, reject) => {\n try {\n const indexedDB = window.indexedDB;\n const req = indexedDB.open(INDEXEDDB_NAME, 1);\n\n req.onerror = function () {\n reject(req.error!);\n };\n\n req.onupgradeneeded = function () {\n const db = req.result;\n db.createObjectStore(DB_KEY);\n };\n\n req.onsuccess = function () {\n const db = req.result;\n const tx = db.transaction(DB_KEY, 'readwrite');\n\n tx.onerror = function () {\n reject(tx.error!);\n };\n\n const store = tx.objectStore(DB_KEY);\n\n resolve(store);\n\n tx.oncomplete = function () {\n db.close();\n };\n };\n }\n catch (err) {\n reject(err);\n }\n });\n}\n\n// convenience abstraction for wrapping IDBObjectStore methods in promises\nasync function invokeStoreMethod (method: StoreMethod, ...args: any[]): Promise<IDBRequest> {\n const store = await keyStore();\n return new Promise((resolve, reject) => {\n // https://github.com/microsoft/TypeScript/issues/49700\n // https://github.com/microsoft/TypeScript/issues/49802\n // @ts-expect-error ts(2556)\n const req = store[method](...args);\n req.onsuccess = function () {\n resolve(req);\n };\n req.onerror = function () {\n reject(req.error);\n };\n });\n}\n\nasync function storeKeyPair (pairId: string, keyPair: CryptoKeyPair) {\n await invokeStoreMethod('add', keyPair, pairId);\n return keyPair;\n}\n\n// attempts to find keyPair stored at given key, otherwise throws\nexport async function findKeyPair (pairId?: string): Promise<CryptoKeyPair> {\n if (pairId) {\n const req = await invokeStoreMethod('get', pairId);\n if (req.result) {\n return req.result;\n }\n }\n\n // defaults to throwing unless keyPair is found\n throw new AuthSdkError(`Unable to locate dpop key pair required for refresh${pairId ? ` (${pairId})` : ''}`);\n}\n\nexport async function clearDPoPKeyPair (pairId: string): Promise<void> {\n await invokeStoreMethod('delete', pairId);\n}\n\nexport async function clearAllDPoPKeyPairs (): Promise<void> {\n await invokeStoreMethod('clear');\n}\n\n// generates a crypto (non-extractable) private key pair and writes it to indexeddb, returns key (id)\nexport async function createDPoPKeyPair (): Promise<{keyPair: CryptoKeyPair, keyPairId: string}> {\n const keyPairId = cryptoRandomValue(4);\n const keyPair = await generateKeyPair();\n await storeKeyPair(keyPairId, keyPair);\n return { keyPair, keyPairId };\n}\n\n// will clear PK from storage if certain token conditions are met\n/* eslint max-len: [2, 132], complexity: [2, 12] */\nexport async function clearDPoPKeyPairAfterRevoke (revokedToken: 'access' | 'refresh', tokens: Tokens): Promise<void> {\n let shouldClear = false;\n\n const { accessToken, refreshToken } = tokens;\n\n // revoking access token and refresh token doesn't exist\n if (revokedToken === 'access' && accessToken && accessToken.tokenType === 'DPoP' && !refreshToken) {\n shouldClear = true;\n }\n\n // revoking refresh token and access token doesn't exist\n if (revokedToken === 'refresh' && refreshToken && !accessToken) {\n shouldClear = true;\n }\n\n const pairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n if (shouldClear && pairId) {\n await clearDPoPKeyPair(pairId);\n }\n}\n\n/////////// proof generation methods ///////////\n\nexport async function generateDPoPProof ({ keyPair, url, method, nonce, accessToken }: DPoPProofParams): Promise<string> {\n const { kty, crv, e, n, x, y } = await webcrypto.subtle.exportKey('jwk', keyPair.publicKey);\n const header = {\n alg: 'RS256',\n typ: 'dpop+jwt',\n jwk: { kty, crv, e, n, x, y }\n };\n\n const claims: DPoPClaims = {\n htm: method,\n htu: url,\n iat: Math.floor(Date.now() / 1000),\n jti: cryptoRandomValue(),\n };\n\n if (nonce) {\n claims.nonce = nonce;\n }\n\n // encode access token\n if (accessToken) {\n claims.ath = await hashAccessToken(accessToken);\n }\n\n return createJwt(header, claims, keyPair.privateKey);\n}\n\n/* eslint max-len: [2, 132] */\nexport async function generateDPoPForTokenRequest ({ keyPair, url, method, nonce }: DPoPProofTokenRequestParams): Promise<string> {\n const params: DPoPProofParams = { keyPair, url, method };\n if (nonce) {\n params.nonce = nonce;\n }\n\n return generateDPoPProof(params);\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n 'acr_values': tokenParams.acrValues,\n 'enroll_amr_values': tokenParams.enrollAmrValues,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type', 'enroll_amr_values'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else if (tokenParams.scopes) {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, AuthApiError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\nimport { generateDPoPForTokenRequest, isDPoPNonceError } from '../dpop';\n\nexport interface TokenEndpointParams extends TokenParams {\n dpopKeyPair?: CryptoKeyPair;\n}\n\ninterface TokenRequestParams {\n url: string;\n data: any;\n dpopKeyPair?: CryptoKeyPair;\n nonce?: string;\n}\n\nfunction validateOptions(options: TokenEndpointParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n/* eslint complexity: [2, 10] */\nasync function makeTokenRequest (sdk, { url, data, nonce, dpopKeyPair }: TokenRequestParams): Promise<OAuthResponse> {\n const method = 'POST';\n const headers: any = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n if (sdk.options.dpop) {\n if (!dpopKeyPair) {\n throw new AuthSdkError('DPoP is configured but no key pair was provided');\n }\n\n const proof = await generateDPoPForTokenRequest({ url, method, nonce, keyPair: dpopKeyPair });\n headers.DPoP = proof;\n }\n\n try {\n const resp = await httpRequest(sdk, {\n url,\n method,\n args: data,\n headers\n });\n return resp;\n }\n catch (err) {\n if (isDPoPNonceError(err) && !nonce) {\n const dpopNonce = err.resp?.headers['dpop-nonce'];\n if (!dpopNonce) {\n // throws error is dpop-nonce header cannot be found, prevents infinite loop\n throw new AuthApiError(\n {errorSummary: 'No `dpop-nonce` header found when required'},\n err.resp ?? undefined // yay ts\n );\n }\n return makeTokenRequest(sdk, { url, data, dpopKeyPair, nonce: dpopNonce });\n }\n throw err;\n }\n}\n\n// exchange authorization code for an access token\nexport async function postToTokenEndpoint(sdk, options: TokenEndpointParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const params: TokenRequestParams = {\n url: urls.tokenUrl!,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n\nexport async function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenEndpointParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n const data = Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&');\n\n let url = refreshToken.tokenUrl;\n if (options.extraParams && Object.keys(options.extraParams).length >= 1) {\n url += toQueryString(options.extraParams);\n }\n\n const params: TokenRequestParams = {\n url,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOAuthInterface, WellKnownResponse } from '../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthOAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from './types';\nimport { clone } from '../util';\nimport { prepareEnrollAuthenticatorParams, createEnrollAuthenticatorMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function enrollAuthenticator(\n sdk: OktaAuthOAuthInterface, \n options: EnrollAuthenticatorOptions\n): void {\n options = clone(options) || {};\n\n const params = prepareEnrollAuthenticatorParams(sdk, options);\n const meta = createEnrollAuthenticatorMeta(sdk, params);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(params);\n sdk.transactionManager.save(meta);\n if (sdk.options.setLocation) {\n sdk.options.setLocation(requestUrl);\n } else {\n window.location.assign(requestUrl);\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint, TokenEndpointParams } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { createDPoPKeyPair, findKeyPair } from './dpop';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport async function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state,\n acrValues,\n dpop,\n dpopPairId,\n extraParams\n } = tokenParams;\n\n // postToTokenEndpoint() params\n const getTokenOptions: TokenEndpointParams = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n dpop,\n };\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n // handleOAuthResponse() params\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n acrValues,\n extraParams\n };\n\n try {\n if (dpop) {\n // token refresh, KP should already exist\n if (dpopPairId) {\n const keyPair = await findKeyPair(dpopPairId);\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = dpopPairId;\n }\n else {\n const { keyPair, keyPairId } = await createDPoPKeyPair();\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = keyPairId;\n }\n }\n\n const oauthResponse: OAuthResponse = await postToTokenEndpoint(sdk, getTokenOptions, urls);\n\n const tokenResponse: TokenResponse = await handleOAuthResponse(sdk, handleResponseOptions, oauthResponse, urls!);\n tokenResponse.code = authorizationCode;\n tokenResponse.state = state!;\n return tokenResponse;\n }\n finally {\n sdk.transactionManager.clear();\n }\n}\n","import { StorageManagerConstructor } from '../../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\n\nimport { createOktaAuthBase } from '../../base';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinOAuth } from '../mixin';\nimport {\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../types';\n\nexport function createOktaAuthOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n return WithOAuth;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup, getWithIDPPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithIDPPopup: getWithIDPPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport {\n OktaAuthOAuthInterface,\n BaseTokenAPI,\n} from '../types';\nimport { prepareTokenParams } from '../util';\n\n// Factory\nexport function createBaseTokenAPI(sdk: OktaAuthOAuthInterface): BaseTokenAPI {\n const token: BaseTokenAPI = {\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n decode: decodeToken,\n };\n\n return token;\n}\n","export * from './api';\nexport * from './OktaAuthOAuth';\n","\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener,\n addIDPPopupLisenter\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType: 'IFRAME' | 'POPUP' | 'IDP_POPUP' | 'IMPLICIT' = 'IMPLICIT';\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n }\n else if (tokenParams.display === 'popup') {\n flowType = options.idpPopup ? 'IDP_POPUP' : 'POPUP';\n }\n else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n case 'IDP_POPUP':\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var idpPromise = addIDPPopupLisenter(sdk, options.timeout, options.channel!, tokenParams.state!);\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n else {\n throw new AuthSdkError('Unable to open popup window');\n }\n\n return idpPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError, OAuthError, WWWAuthError, AuthApiError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n sdk, accessTokenObject: AccessToken,\n idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n const options: any = {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n };\n\n if (sdk.options.dpop) {\n const headers = await sdk.getDPoPAuthorizationHeaders({...options, accessToken: accessTokenObject });\n options.headers = headers;\n delete options.accessToken; // unset to prevent overriding Auth header with Bearer Token\n }\n\n return httpRequest(sdk, options)\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n // throw OAuthError to avoid breaking change (when dpop is not being used)\n if (err instanceof WWWAuthError && !sdk.options.dpop) {\n const { error, errorDescription } = err;\n throw new OAuthError(error, errorDescription);\n }\n\n // throw OAuthError to avoid breaking change (when dpop is not being used)\n if (!sdk.options.dpop) {\n let e = err;\n if (err instanceof AuthApiError && err?.meta?.wwwAuthHeader) {\n e = WWWAuthError.parseHeader(err.meta.wwwAuthHeader as string);\n }\n\n if (e instanceof WWWAuthError) {\n const { error, errorDescription } = e;\n throw new OAuthError(error, errorDescription);\n }\n }\n\n throw err;\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup, generateState } from './util';\n\nexport function getWithPopup(\n sdk: OktaAuthOAuthInterface,\n options: TokenParams & { initialPath?: string }\n): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n const { initialPath, ...params } = options;\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup(initialPath ?? '/', params);\n options = clone(params) || {};\n Object.assign(params, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, params);\n}\n\nexport function getWithIDPPopup(\n sdk: OktaAuthOAuthInterface,\n options: Omit<TokenParams, 'redirectUri'> & { redirectUri: string }\n): { cancel: () => void, promise: Promise<TokenResponse> } {\n try {\n // eslint-disable-next-line compat/compat\n if (!BroadcastChannel) {\n throw new AuthSdkError('Modern browser with `BroadcastChannel` support is required to use this method');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('`redirectUri` is a required param for `getWithIDPPopup`');\n }\n\n if (!options.state) {\n options.state = generateState();\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n // eslint-disable-next-line compat/compat\n const channel = new BroadcastChannel(`popup-callback:${options.state}`);\n\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'query',\n popupWindow,\n idpPopup: true,\n channel,\n });\n\n let cancelPromise;\n const promise = new Promise<TokenResponse>((resolve, reject) => {\n cancelPromise = reject;\n return getToken(sdk, options)\n .then((res) => resolve(res))\n .catch(err => reject(err));\n });\n\n const cancel = () => {\n channel.close();\n cancelPromise(new AuthSdkError('Popup flow canceled'));\n };\n\n return {\n promise,\n cancel\n };\n }\n catch (err) {\n return {\n promise: Promise.reject(err),\n cancel: () => {} // noop, no need to for method when error is thrown\n };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from './types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOAuthInterface, options?: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n const tokenParams = await prepareTokenParams(sdk, options);\n const meta = createOAuthMeta(sdk, tokenParams);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n sdk.transactionManager.save(meta);\n if (sdk.options.setLocation) {\n sdk.options.setLocation(requestUrl);\n } else {\n window.location.assign(requestUrl);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n }\n \n options = clone(options) || {};\n Object.assign(options, {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n });\n return getToken(sdk, options);\n}\n\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n if (tokenParams.dpop) {\n const { allowBearerTokens } = sdk.options?.dpopOptions ?? { allowBearerTokens: false };\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (!allowBearerTokens && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n }\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.accessToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.refreshToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n if (tokenParams.extraParams) {\n idTokenObj.extraParams = tokenParams.extraParams;\n }\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup, getWithIDPPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\nexport { oidcIntrospect } from './introspect';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer = issuer || sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n","import { REFERRER_PATH_STORAGE_KEY } from '../../constants';\nimport browserStorage from '../../browser/browserStorage';\nimport { OktaAuthStorageInterface } from '../../storage';\nimport { OktaAuthConstructor } from '../../base';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthOptions,\n OriginalUriApi,\n PKCETransactionMeta,\n} from '../types';\n\nexport function provideOriginalUri\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n = OktaAuthConstructor<OktaAuthStorageInterface<S, O>> \n>\n(BaseClass: TBase) {\n return class WithOriginalUri extends BaseClass implements OriginalUriApi {\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n \n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n \n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n \n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n \n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n \n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n };\n}\n","import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n isFunction\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n DPoPRequest,\n DPoPHeaders\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\nimport { \n generateDPoPProof,\n clearDPoPKeyPair,\n clearAllDPoPKeyPairs,\n clearDPoPKeyPairAfterRevoke,\n findKeyPair,\n isDPoPNonceError\n} from '../dpop';\nimport { AuthSdkError, WWWAuthError } from '../../errors';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n async getOrRenewAccessToken(): Promise<string | null> {\n const { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && !this.tokenManager.hasExpired(accessToken)) {\n return accessToken.accessToken;\n }\n try {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n const token = await this.tokenManager.renew(key ?? 'accessToken');\n return (token as AccessToken)?.accessToken ?? null;\n }\n catch (err) {\n this.emitter.emit('error', err);\n return null;\n }\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n const tokens = await this.tokenManager.getTokens();\n accessToken = tokens.accessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('access', tokens);\n }\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n const tokens = await this.tokenManager.getTokens();\n refreshToken = tokens.refreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('refresh', tokens);\n }\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const dpopPairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n if (this.options.dpop && dpopPairId) {\n await clearDPoPKeyPair(dpopPairId);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n async getDPoPAuthorizationHeaders (params: DPoPRequest): Promise<DPoPHeaders> {\n if (!this.options.dpop) {\n throw new AuthSdkError('DPoP is not configured for this client instance');\n }\n\n let { accessToken } = params;\n if (!accessToken) {\n accessToken = (this.tokenManager.getTokensSync()).accessToken;\n }\n\n if (!accessToken) {\n throw new AuthSdkError('AccessToken is required to generate a DPoP Proof');\n }\n\n const keyPair = await findKeyPair(accessToken?.dpopPairId);\n const proof = await generateDPoPProof({...params, keyPair, accessToken: accessToken.accessToken});\n return {\n Authorization: `DPoP ${accessToken.accessToken}`,\n Dpop: proof\n };\n }\n\n async clearDPoPStorage (clearAll=false): Promise<void> {\n if (clearAll) {\n return clearAllDPoPKeyPairs();\n }\n\n const tokens = await this.tokenManager.getTokens();\n const keyPair = tokens.accessToken?.dpopPairId || tokens.refreshToken?.dpopPairId;\n\n if (keyPair) {\n await clearDPoPKeyPair(keyPair);\n }\n }\n\n parseUseDPoPNonceError (headers: HeadersInit): string | null {\n const wwwAuth = WWWAuthError.getWWWAuthenticateHeader(headers);\n const wwwErr = WWWAuthError.parseHeader(wwwAuth ?? '');\n if (isDPoPNonceError(wwwErr)) {\n let nonce: string | null = null;\n if (isFunction((headers as Headers)?.get)) {\n nonce = (headers as Headers).get('DPoP-Nonce');\n }\n nonce = nonce ?? headers['dpop-nonce'] ?? headers['DPoP-Nonce'];\n return nonce;\n }\n\n return null;\n }\n };\n\n}\n","\nimport { OktaAuthConstructor } from '../../base/types';\nimport {\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n MinimalOktaOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n BaseTokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n} from '../types';\nimport { createBaseTokenAPI } from '../factory/baseApi';\nimport { isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nexport function mixinMinimalOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n{\n return class OktaAuthOAuth extends Base implements MinimalOktaOAuthInterface<M, S, O, TM>\n {\n token: BaseTokenAPI;\n transactionManager: TM;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.token = createBaseTokenAPI(this as any);\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this as any);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n };\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions,\n DPoPOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.okta') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n dpop: boolean;\n dpopOptions: DPoPOptions;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n this.dpop = options.dpop === true; // dpop defaults to false\n this.dpopOptions = {\n allowBearerTokens: false,\n ...options.dpopOptions,\n };\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n","export const enableSharedStorage = true;\n","export * from './OAuthOptionsConstructor';\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n state\n });\n if (!oauthParams) {\n if (sdk.options.pkce) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n }\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer, dpopPairId, extraParams } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n const dpopPairId = accessToken?.dpopPairId;\n const extraParams = accessToken?.extraParams || idToken?.extraParams;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { TokenEndpointParams, postRefreshToken } from './endpoints/token';\nimport { findKeyPair } from './dpop';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\n/* eslint complexity:[0,8] */\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId, dpop } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, { clientId });\n\n if (refreshTokenObject.extraParams) {\n renewTokenParams.extraParams = refreshTokenObject.extraParams;\n }\n\n const endpointParams: TokenEndpointParams = {...renewTokenParams};\n\n if (dpop) {\n const keyPair = await findKeyPair(refreshTokenObject?.dpopPairId); // will throw if KP cannot be found\n endpointParams.dpopKeyPair = keyPair;\n renewTokenParams.dpop = dpop;\n renewTokenParams.dpopPairId = refreshTokenObject.dpopPairId;\n }\n\n const tokenResponse = await postRefreshToken(sdk, endpointParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthOAuthInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from './types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOAuthInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n","import {\n CookieOptions,\n StorageManagerOptions,\n StorageOptions,\n StorageUtil\n} from '../storage/types';\nimport { BaseStorageManager, logServerSideMemoryStorageWarning } from '../storage/BaseStorageManager';\nimport { TransactionStorage, OAuthTransactionMeta, OAuthStorageManagerInterface, PKCETransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { ORIGINAL_URI_STORAGE_NAME, SHARED_TRANSACTION_STORAGE_NAME, TRANSACTION_STORAGE_NAME } from '../constants';\n\n\nexport function createOAuthStorageManager<M extends OAuthTransactionMeta = PKCETransactionMeta>()\n{\n return class OAuthStorageManager\n extends BaseStorageManager\n implements OAuthStorageManagerInterface<M>\n {\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n super(storageManagerOptions, cookieOptions, storageUtil);\n }\n\n getTransactionStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('transaction', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n getSharedTansactionStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('shared-transaction', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || SHARED_TRANSACTION_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n getOriginalUriStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('original-uri', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || ORIGINAL_URI_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n };\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n extraParams?: Record<string, string>;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n dpopPairId?: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n dpopPairId?: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n ACCESS = 'accessToken',\n ID = 'idToken',\n REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n","/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n errorSummary: string;\n errorCode: string;\n message: string;\n name: string;\n tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n clear(): void;\n setExpireEventTimeout(key: string, token: Token): void;\n clearExpireEventTimeout(key: string): void;\n clearExpireEventTimeoutAll(): void;\n emitAdded(key: string, token: Token): void;\n emitError(error: Error): void;\n emitRemoved(key: string, token: Token): void;\n emitRenewed(key: string, token: Token, oldToken?: Token): void;\n renew(key: string): Promise<Token | undefined>;\n remove(key: string): void;\n hasExpired(token: Token): boolean;\n getExpireTime(token: Token): number;\n\n get(key): Promise<Token | undefined>;\n getSync(key): Token | undefined;\n getTokens(): Promise<Tokens>;\n getTokensSync(): Tokens;\n setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n getStorageKeyByType(type: TokenType): string;\n add(key: any, token: Token): void;\n updateRefreshToken(token: RefreshToken);\n removeRefreshToken(): void;\n clearPendingRemoveTokens(): void;\n\n getOptions(): TokenManagerOptions;\n getStorage(): StorageProvider;\n\n start();\n stop();\n isStarted(): boolean;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxTransactionMeta } from '../../idx/types/meta';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { OAuthStorageManagerInterface } from './storage';\n\nexport interface TransactionManagerOptions\n{\n storageManager?: OAuthStorageManagerInterface;\n enableSharedStorage?: boolean; // default true\n saveNonceCookie?: boolean; // default true\n saveStateCookie?: boolean; // default true\n saveParamsCookie?: boolean; // default true\n saveLastResponse?: boolean; // default true\n}\n\n\nexport type CustomAuthTransactionMeta = Record<string, string | undefined>;\n\nexport type TransactionMeta =\n IdxTransactionMeta |\n PKCETransactionMeta |\n OAuthTransactionMeta |\n CustomAuthTransactionMeta;\n\n\nfunction isObjectWithProperties(obj) {\n if (!obj || typeof obj !== 'object' || Object.values(obj).length === 0) {\n return false;\n }\n return true;\n}\n\nexport function isOAuthTransactionMeta(obj: any): obj is OAuthTransactionMeta {\n if (!isObjectWithProperties(obj)) {\n return false;\n }\n return !!obj.redirectUri || !!obj.responseType;\n}\n\nexport function isPKCETransactionMeta(obj: any): obj is PKCETransactionMeta {\n if (!isOAuthTransactionMeta(obj)) {\n return false;\n }\n return !!(obj as any).codeVerifier;\n}\n\nexport function isIdxTransactionMeta(obj: any): obj is IdxTransactionMeta {\n if (!isPKCETransactionMeta(obj)) {\n return false;\n }\n return !!(obj as any).interactionHandle;\n}\n\nexport function isCustomAuthTransactionMeta(obj: any): obj is CustomAuthTransactionMeta {\n if (!isObjectWithProperties(obj)) {\n return false;\n }\n const isAllStringValues = Object.values(obj).find((value) => (typeof value !== 'string')) === undefined;\n return isAllStringValues;\n}\n\nexport function isTransactionMeta(obj: any): obj is TransactionMeta {\n if (isOAuthTransactionMeta(obj) || isCustomAuthTransactionMeta(obj)) {\n return true;\n }\n return false;\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './api';\nexport * from './JWT';\nexport * from './meta';\nexport * from './options';\nexport * from './proto';\nexport * from './storage';\nexport * from './Token';\nexport * from './TokenManager';\nexport * from './Transaction';\nexport * from './TransactionManager';\nexport * from './UserClaims';\nexport * from './endpoints';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface } from '../types';\n\nconst DEFAULT_TIMEOUT = 120000;\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthOAuthInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || DEFAULT_TIMEOUT);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n\nexport function addIDPPopupLisenter (\n sdk: OktaAuthOAuthInterface,\n timeout: number | undefined,\n channel: BroadcastChannel,\n state: string\n) {\n let timeoutId;\n\n const promise = new Promise((resolve, reject) => {\n channel.onmessage = (event) => {\n // ignore invalid or untrusted events\n if (!event.isTrusted || !event.data) {\n return;\n }\n\n if (typeof event.data === 'object' && state === event.data.state) {\n return resolve({ ...event.data });\n }\n\n reject(new AuthSdkError('Unable to complete auth code exchange'));\n };\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || DEFAULT_TIMEOUT);\n });\n\n return promise\n .finally(() => {\n clearTimeout(timeoutId);\n channel.close();\n });\n}\n","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultEnrollAuthenticatorParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n clientId,\n redirectUri,\n responseMode,\n state,\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseMode,\n state: state || generateState(),\n responseType: 'none',\n prompt: 'enroll_authenticator',\n });\n}","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n acrValues,\n maxAge,\n state,\n ignoreSignature,\n dpop\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n acrValues,\n maxAge,\n ignoreSignature,\n dpop,\n });\n}","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createEnrollAuthenticatorMeta(\n sdk: OktaAuthOAuthInterface, \n params: EnrollAuthenticatorOptions\n): OAuthTransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, params);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: params.clientId!,\n redirectUri: params.redirectUri!,\n responseType: params.responseType!,\n responseMode: params.responseMode!,\n state: params.state!,\n acrValues: params.acrValues,\n enrollAmrValues: params.enrollAmrValues,\n };\n\n return oauthMeta;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './defaultEnrollAuthenticatorParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nexport * from './enrollAuthenticatorMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './prepareEnrollAuthenticatorParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface, OAuthResponseType } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /[?&#](id|access)_token=/.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /[?&#]code=/.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /[?&#]interaction_code=/.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /[?&#]error=/.test(hashOrSearch) || /[?&#]error_description/.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function hasResponseType(responseType: OAuthResponseType, options: OktaAuthOAuthOptions): boolean {\n let hasResponseType = false;\n if (Array.isArray(options.responseType) && options.responseType.length) {\n hasResponseType = options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = options.responseType === responseType;\n }\n return hasResponseType;\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthOAuthInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n acrValues: tokenParams.acrValues,\n extraParams: tokenParams.extraParams\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n","/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getDefaultEnrollAuthenticatorParams } from './defaultEnrollAuthenticatorParams';\n\nfunction prepareParams(\n params: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n params = {\n ...params,\n // forced params:\n responseType: 'none',\n prompt: 'enroll_authenticator',\n maxAge: 0,\n };\n\n if (!params.enrollAmrValues) {\n throw new AuthSdkError('enroll_amr_values must be specified');\n }\n if (!params.acrValues) {\n // `acr_values` is required and should equal 'urn:okta:2fa:any:ifpossible'\n // But this can be changed in future\n throw new AuthSdkError('acr_values must be specified');\n }\n\n // `scope`, `nonce` must be omitted\n delete params.scopes;\n delete params.nonce;\n\n return params;\n}\n\n// Prepares params for a call to /authorize\nexport function prepareEnrollAuthenticatorParams(\n sdk: OktaAuthOAuthInterface,\n options: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n return prepareParams({\n ...getDefaultEnrollAuthenticatorParams(sdk),\n ...options\n });\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\nimport { OktaAuthBaseInterface } from '../../base/types';\n\nexport function assertPKCESupport(sdk: OktaAuthBaseInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOAuthInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthOAuthInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.dpop && !sdk.features.isDPoPSupported()) {\n throw new AuthSdkError('DPoP has been configured, but is not supported by browser');\n }\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}","import { RefreshToken } from '../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}","import { OAuthStorageManagerInterface, OAuthTransactionMeta, isTransactionMeta } from '../types';\n\nconst MAX_ENTRY_LIFETIME = 30 * 60 * 1000; // 30 minutes\n\nexport function pruneSharedStorage<M extends OAuthTransactionMeta>(storageManager: OAuthStorageManagerInterface<M>) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n Object.keys(entries).forEach(state => {\n const entry = entries[state];\n const age = Date.now() - entry.dateCreated;\n if (age > MAX_ENTRY_LIFETIME) {\n delete entries[state];\n }\n });\n sharedStorage.setStorage(entries);\n}\n\nexport function saveTransactionToSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string, meta: M\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n entries[state] = {\n dateCreated: Date.now(),\n transaction: meta\n };\n sharedStorage.setStorage(entries);\n}\n\n\nexport function loadTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n const entry = entries[state];\n if (entry && entry.transaction && isTransactionMeta(entry.transaction)) {\n return entry.transaction;\n }\n return null;\n}\n\nexport function clearTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n delete entries[state];\n sharedStorage.setStorage(entries);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n // Predefine regexs for parsing hash\n var plus2space = /\\+/g;\n var paramSplit = /([^&=]+)=?([^&]*)/g;\n var fragment = hashOrSearch || '';\n\n // Some hash based routers will automatically add a / character after the hash\n if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n fragment = fragment.substring(2);\n }\n\n // Remove the leading # or ?\n if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n fragment = fragment.substring(1);\n }\n\n\n var obj = {};\n\n // Loop until we have no more params\n var param;\n while (true) { // eslint-disable-line no-constant-condition\n param = paramSplit.exec(fragment);\n if (!param) { break; }\n\n var key = param[1];\n var value = param[2];\n\n // id_token should remain base64url encoded\n if (key === 'id_token' || key === 'access_token' || key === 'code') {\n obj[key] = value;\n } else {\n obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n }\n }\n return obj;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if ((Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0) ||\n (!Array.isArray(claims.aud) && claims.aud !== aud))\n {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n","/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../oidc/types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}","/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { EVENT_EXPIRED, TokenManagerInterface, isRefreshToken } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private renewTimeQueue: Array<number>;\n private started = false;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.renewTimeQueue = [];\n this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n }\n \n private shouldThrottleRenew(): boolean {\n let res = false;\n this.renewTimeQueue.push(Date.now());\n if (this.renewTimeQueue.length >= 10) {\n // get and remove first item from queue\n const firstTime = this.renewTimeQueue.shift() as number;\n const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n res = (lastTime - firstTime) < 30 * 1000;\n }\n return res;\n }\n\n requiresLeadership() {\n // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n return !!this.options.syncStorage && isBrowser();\n }\n\n private processExpiredTokens() {\n const tokenStorage = this.tokenManager.getStorage();\n const tokens = tokenStorage.getStorage();\n Object.keys(tokens).forEach(key => {\n const token = tokens[key];\n if (!isRefreshToken(token) && this.tokenManager.hasExpired(token)) {\n this.onTokenExpiredHandler(key);\n }\n });\n }\n\n private onTokenExpiredHandler(key: string) {\n if (this.options.autoRenew) {\n if (this.shouldThrottleRenew()) {\n const error = new AuthSdkError('Too many token renew requests');\n this.tokenManager.emitError(error);\n } else {\n this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n }\n } else if (this.options.autoRemove) {\n this.tokenManager.remove(key);\n }\n }\n\n canStart() {\n return (!!this.options.autoRenew || !!this.options.autoRemove) && !this.started;\n }\n\n async start() {\n if (this.canStart()) {\n this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n if (this.tokenManager.isStarted()) {\n // If token manager has been already started, we could miss token expire events,\n // so need to process expired tokens manually.\n this.processExpiredTokens();\n }\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n this.renewTimeQueue = [];\n this.started = false;\n }\n }\n\n isStarted() {\n return this.started;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n","import { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { TokenManagerInterface } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nconst getNow = () => Math.floor(Date.now() / 1000);\n\nexport class RenewOnTabActivationService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private started = false;\n private options: ServiceManagerOptions;\n private lastHidden = -1;\n onPageVisbilityChange: () => void;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n // store this context for event handler\n this.onPageVisbilityChange = this._onPageVisbilityChange.bind(this);\n }\n\n // do not use directly, use `onPageVisbilityChange` (with binded this context)\n /* eslint complexity: [0, 10] */\n private _onPageVisbilityChange () {\n if (document.hidden) {\n this.lastHidden = getNow();\n }\n // renew will only attempt if tab was inactive for duration\n else if (this.lastHidden > 0 && (getNow() - this.lastHidden >= this.options.tabInactivityDuration!)) {\n const { accessToken, idToken } = this.tokenManager.getTokensSync();\n if (!!accessToken && this.tokenManager.hasExpired(accessToken)) {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n // Renew errors will emit an \"error\" event\n this.tokenManager.renew(key).catch(() => {});\n }\n else if (!!idToken && this.tokenManager.hasExpired(idToken)) {\n const key = this.tokenManager.getStorageKeyByType('idToken');\n // Renew errors will emit an \"error\" event\n this.tokenManager.renew(key).catch(() => {});\n }\n }\n }\n\n async start () {\n if (this.canStart() && !!document) {\n document.addEventListener('visibilitychange', this.onPageVisbilityChange);\n this.started = true;\n }\n }\n\n async stop () {\n if (document) {\n document.removeEventListener('visibilitychange', this.onPageVisbilityChange);\n this.started = false;\n }\n }\n\n canStart(): boolean {\n return isBrowser() &&\n !!this.options.autoRenew &&\n !!this.options.renewOnTabActivation &&\n !this.started;\n }\n\n requiresLeadership(): boolean {\n return false;\n }\n\n isStarted(): boolean {\n return this.started;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { BroadcastChannel } from 'broadcast-channel';\nimport { isBrowser } from '../features';\nimport {\n ServiceManagerOptions, ServiceInterface\n} from '../core/types';\nimport {\n Token, Tokens, \n EVENT_ADDED, EVENT_REMOVED, EVENT_RENEWED, EVENT_SET_STORAGE, TokenManagerInterface\n} from '../oidc/types';\nimport { AuthSdkError } from '../errors';\n\nexport type SyncMessage = {\n type: string;\n key?: string;\n token?: Token;\n oldToken?: Token;\n storage?: Tokens;\n};\nexport class SyncStorageService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private channel?: BroadcastChannel<SyncMessage>;\n private started = false;\n private enablePostMessage = true;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.onTokenAddedHandler = this.onTokenAddedHandler.bind(this);\n this.onTokenRemovedHandler = this.onTokenRemovedHandler.bind(this);\n this.onTokenRenewedHandler = this.onTokenRenewedHandler.bind(this);\n this.onSetStorageHandler = this.onSetStorageHandler.bind(this);\n this.onSyncMessageHandler = this.onSyncMessageHandler.bind(this);\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return !!this.options.syncStorage && isBrowser() && !this.started;\n }\n\n async start() {\n if (!this.canStart()) {\n return;\n }\n \n const { syncChannelName } = this.options;\n try {\n // BroadcastChannel throws if no supported method can be found\n this.channel = new BroadcastChannel(syncChannelName as string);\n } catch (err) {\n throw new AuthSdkError('SyncStorageService is not supported in current browser.');\n }\n\n this.tokenManager.on(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.on(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.on(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.on(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel.addEventListener('message', this.onSyncMessageHandler);\n this.started = true;\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.off(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.off(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.off(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel?.removeEventListener('message', this.onSyncMessageHandler);\n await this.channel?.close();\n this.channel = undefined;\n this.started = false;\n }\n }\n\n private onTokenAddedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_ADDED,\n key,\n token\n });\n }\n\n private onTokenRemovedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_REMOVED,\n key,\n token\n });\n }\n\n private onTokenRenewedHandler(key: string, token: Token, oldToken?: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_RENEWED,\n key,\n token,\n oldToken\n });\n }\n\n private onSetStorageHandler(storage: Tokens) {\n this.channel?.postMessage({\n type: EVENT_SET_STORAGE,\n storage\n });\n }\n\n /* eslint-disable complexity */\n private onSyncMessageHandler(msg: SyncMessage) {\n // Notes:\n // 1. Using `enablePostMessage` flag here to prevent sync message loop.\n // If this flag is on, tokenManager event handlers do not post sync message.\n // 2. IE11 has known issue with synchronization of LocalStorage cross tabs.\n // One workaround is to set empty event handler for `window.onstorage`.\n // But it's not 100% working, sometimes you still get old value from LocalStorage.\n // Better approch is to explicitly udpate LocalStorage with `setStorage`.\n\n this.enablePostMessage = false;\n switch (msg.type) {\n case EVENT_SET_STORAGE:\n this.tokenManager.getStorage().setStorage(msg.storage);\n break;\n case EVENT_ADDED:\n this.tokenManager.emitAdded(msg.key!, msg.token!);\n this.tokenManager.setExpireEventTimeout(msg.key!, msg.token!);\n break;\n case EVENT_REMOVED:\n this.tokenManager.clearExpireEventTimeout(msg.key!);\n this.tokenManager.emitRemoved(msg.key!, msg.token!);\n break;\n case EVENT_RENEWED:\n this.tokenManager.emitRenewed(msg.key!, msg.token!, msg.oldToken);\n break;\n default:\n break;\n }\n this.enablePostMessage = true;\n }\n} ","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './AutoRenewService';\nexport * from './SyncStorageService';\nexport * from './LeaderElectionService';\nexport * from './RenewOnTabActivationService';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\nimport { omit, getLink, toQueryString } from '../util';\nimport { get, post, httpRequest } from '../http';\n\nfunction sessionExists(sdk) {\n return sdk.session.get()\n .then(function(res) {\n if (res.status === 'ACTIVE') {\n return true;\n }\n return false;\n })\n .catch(function() {\n return false;\n });\n}\n\nfunction getSession(sdk) { \n return get(sdk, '/api/v1/sessions/me', { withCredentials: true })\n .then(function(session) {\n var res = omit(session, '_links');\n\n res.refresh = function() {\n return post(sdk, getLink(session, 'refresh').href, {}, { withCredentials: true });\n };\n\n res.user = function() {\n return get(sdk, getLink(session, 'user').href, { withCredentials: true });\n };\n\n return res;\n })\n .catch(function() {\n // Return INACTIVE status on failure\n return {status: 'INACTIVE'};\n });\n}\n\nfunction closeSession(sdk) {\n return httpRequest(sdk, {\n url: sdk.getIssuerOrigin() + '/api/v1/sessions/me',\n method: 'DELETE',\n withCredentials: true\n });\n}\n\nfunction refreshSession(sdk) {\n return post(sdk, '/api/v1/sessions/me/lifecycle/refresh', {}, { withCredentials: true });\n}\n\nfunction setCookieAndRedirect(sdk, sessionToken, redirectUrl) {\n redirectUrl = redirectUrl || window.location.href;\n window.location.assign(sdk.getIssuerOrigin() + '/login/sessionCookieRedirect' +\n toQueryString({\n checkAccountSetupComplete: true,\n token: sessionToken,\n redirectUrl: redirectUrl\n }));\n}\n\nexport {\n sessionExists,\n getSession,\n closeSession,\n refreshSession,\n setCookieAndRedirect\n};\n","import { SessionAPI } from './types';\nimport { closeSession, getSession, refreshSession, sessionExists, setCookieAndRedirect } from './api';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function createSessionApi(sdk: OktaAuthBaseInterface): SessionAPI {\n const session = {\n close: closeSession.bind(null, sdk),\n exists: sessionExists.bind(null, sdk),\n get: getSession.bind(null, sdk),\n refresh: refreshSession.bind(null, sdk),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, sdk)\n };\n return session;\n}\n","export * from './api';\nexport * from './factory';\nexport * from './mixin';\nexport * from './types';\n","import { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport { createSessionApi } from './factory';\nimport {\n OktaAuthSessionInterface, SessionAPI,\n} from './types';\nimport { StorageManagerInterface } from '../storage/types';\n\nexport function mixinSession\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n{\n return class OktaAuthSession extends Base implements OktaAuthSessionInterface<S, O>\n {\n session: SessionAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.session = createSessionApi(this);\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<boolean> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.clearStorage();\n return true;\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return false;\n }\n throw e;\n });\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n\nimport {\n TOKEN_STORAGE_NAME,\n CACHE_STORAGE_NAME,\n} from '../constants';\nimport {\n StorageUtil,\n StorageProvider,\n StorageOptions,\n CookieOptions,\n StorageManagerOptions,\n SimpleStorage,\n StorageManagerInterface\n} from './types';\nimport { SavedObject } from './SavedObject';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\n\nexport function logServerSideMemoryStorageWarning(options: StorageOptions) {\n if (!isBrowser() && !options.storageProvider && !options.storageKey) {\n // eslint-disable-next-line max-len\n warn('Memory storage can only support simple single user use case on server side, please provide custom storageProvider or storageKey if advanced scenarios need to be supported.');\n }\n}\n\n\nexport class BaseStorageManager implements StorageManagerInterface {\n storageManagerOptions: StorageManagerOptions;\n cookieOptions: CookieOptions;\n storageUtil: StorageUtil;\n\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n this.storageManagerOptions = storageManagerOptions;\n this.cookieOptions = cookieOptions;\n this.storageUtil = storageUtil;\n }\n\n // combines defaults in order\n getOptionsForSection(sectionName: string, overrideOptions?: StorageOptions) {\n return Object.assign({}, this.storageManagerOptions[sectionName], overrideOptions);\n }\n \n // generic method to get any available storage provider\n // eslint-disable-next-line complexity\n getStorage(options: StorageOptions): SimpleStorage {\n options = Object.assign({}, this.cookieOptions, options); // set defaults\n\n if (options.storageProvider) {\n return options.storageProvider;\n }\n\n let { storageType, storageTypes } = options;\n\n if(storageType === 'sessionStorage') {\n options.sessionCookie = true;\n }\n\n // If both storageType and storageTypes are specified, then storageType will be used first\n // If storageType cannot be used but it matches an entry in storageTypes, subsequent entries may be used as fallback\n // if storageType does not match an entry in storageTypes then storageType is used with no fallback.\n if (storageType && storageTypes) {\n const idx = storageTypes.indexOf(storageType);\n if (idx >= 0) {\n storageTypes = storageTypes.slice(idx);\n storageType = undefined;\n }\n }\n\n if (!storageType) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n storageType = this.storageUtil.findStorageType(storageTypes!);\n }\n return this.storageUtil.getStorageByType(storageType, options);\n }\n\n // access_token, id_token, refresh_token\n getTokenStorage(options?: StorageOptions): StorageProvider {\n options = this.getOptionsForSection('token', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || TOKEN_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n // caches well-known response, among others\n getHttpCache(options?: StorageOptions): StorageProvider {\n options = this.getOptionsForSection('cache', options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || CACHE_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { StorageProvider, SimpleStorage } from './types';\n\n// formerly known as \"storageBuilder\". Represents an object saved under a key/name.\nexport class SavedObject implements StorageProvider {\n storageProvider: SimpleStorage;\n storageName: string;\n\n constructor(storage: SimpleStorage, storageName: string) {\n if (!storage) {\n throw new AuthSdkError('\"storage\" is required');\n }\n\n if (typeof storageName !== 'string' || !storageName.length) {\n throw new AuthSdkError('\"storageName\" is required');\n }\n\n this.storageName = storageName;\n this.storageProvider = storage;\n }\n\n //\n // SimpleStorage interface\n //\n\n getItem(key: string) {\n return this.getStorage()[key];\n }\n\n setItem(key: string, value: any) {\n return this.updateStorage(key, value);\n }\n\n removeItem(key: string) {\n return this.clearStorage(key);\n }\n\n //\n // StorageProvider interface\n //\n\n getStorage() {\n var storageString = this.storageProvider.getItem(this.storageName);\n storageString = storageString || '{}';\n try {\n return JSON.parse(storageString);\n } catch(e) {\n throw new AuthSdkError('Unable to parse storage string: ' + this.storageName);\n }\n }\n\n setStorage(obj?: any) {\n try {\n var storageString = obj ? JSON.stringify(obj) : '{}';\n this.storageProvider.setItem(this.storageName, storageString);\n } catch(e) {\n throw new AuthSdkError('Unable to set storage: ' + this.storageName);\n }\n }\n\n clearStorage(key?: string) {\n if (!key) {\n // clear all\n if (this.storageProvider.removeItem) {\n this.storageProvider.removeItem(this.storageName);\n } else {\n this.setStorage();\n }\n return;\n }\n\n var obj = this.getStorage();\n delete obj[key];\n this.setStorage(obj);\n }\n\n updateStorage(key, value) {\n var obj = this.getStorage();\n obj[key] = value;\n this.setStorage(obj);\n }\n}\n","export * from './options/StorageOptionsConstructor';\nexport * from './BaseStorageManager';\nexport * from './mixin';\nexport * from './SavedObject';\nexport * from './types';\n","import { OktaAuthBaseInterface, OktaAuthConstructor } from '../base/types';\nimport {\n OktaAuthStorageInterface,\n OktaAuthStorageOptions,\n StorageManagerConstructor,\n StorageManagerInterface,\n} from './types';\n\nexport function mixinStorage\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthStorageOptions = OktaAuthStorageOptions,\n TBase extends OktaAuthConstructor<OktaAuthBaseInterface<O>> = OktaAuthConstructor<OktaAuthBaseInterface<O>>\n>\n(\n Base: TBase, StorageManager: StorageManagerConstructor<S>\n): TBase & OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n{\n return class OktaAuthStorage extends Base implements OktaAuthStorageInterface<S, O>\n {\n storageManager: S;\n constructor(...args: any[]) {\n super(...args);\n const { storageManager, cookies, storageUtil } = this.options;\n this.storageManager = new StorageManager(storageManager!, cookies!, storageUtil!);\n }\n clearStorage(): void {\n // override in subclass\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createBaseOptionsConstructor } from '../../base';\nimport { CookieOptions, OktaAuthStorageOptions, StorageManagerOptions, StorageUtil } from '../types';\nimport { getStorage, STORAGE_MANAGER_OPTIONS, getCookieSettings } from './node';\nimport { isHTTPS } from '../../features';\n\nexport function createStorageOptionsConstructor() {\n\n const BaseOptionsConstructor = createBaseOptionsConstructor();\n return class StorageOptionsConstructor extends BaseOptionsConstructor implements Required<OktaAuthStorageOptions> {\n cookies: CookieOptions;\n storageUtil: StorageUtil;\n storageManager: StorageManagerOptions;\n \n constructor(args: any) {\n super(args);\n this.cookies = getCookieSettings(args, isHTTPS())!;\n this.storageUtil = args.storageUtil || getStorage();\n this.storageManager = { ...STORAGE_MANAGER_OPTIONS, ...args.storageManager };\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, StorageUtil, OktaAuthStorageOptions } from '../types';\nimport { warn } from '../../util';\n\nimport { default as browserStorage } from '../../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n const storageUtil = Object.assign({}, browserStorage, {\n inMemoryStore: {} // create unique storage for this instance\n });\n return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nexport function getCookieSettings(args: OktaAuthStorageOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// Implements a queue for synchronous or asynchronous methods\n// Methods will be wrapped in a promise and execute sequentially\n// This can be used to prevent concurrent calls to a single method or a set of methods\n\nimport { isPromise } from './types';\nimport { warn } from './console';\n\ninterface QueueItem {\n method: () => void;\n thisObject: object;\n args: any[];\n resolve: (value?: unknown) => void;\n reject: (reason?: unknown) => void;\n}\n\ninterface PromiseQueueOptions {\n quiet?: boolean; // if false, concurrrency warnings will not be logged\n}\nexport class PromiseQueue {\n queue: QueueItem[];\n running: boolean;\n options: PromiseQueueOptions;\n\n constructor(options: PromiseQueueOptions = { quiet: false }) {\n this.queue = [];\n this.running = false;\n this.options = options;\n }\n\n // Returns a promise\n // If the method is synchronous, it will resolve when the method completes\n // If the method returns a promise, it will resolve (or reject) with the value from the method's promise\n push(method: (...args: any) => any, thisObject: any, ...args: any[]) {\n return new Promise((resolve, reject) => {\n if (this.queue.length > 0) {\n // There is at least one other pending call.\n // The PromiseQueue will prevent these methods from running concurrently.\n if (this.options.quiet !== false) {\n warn(\n 'Async method is being called but another async method is already running. ' +\n 'The new method will be delayed until the previous method completes.'\n );\n }\n }\n this.queue.push({\n method,\n thisObject,\n args,\n resolve,\n reject\n });\n this.run();\n });\n }\n\n run() {\n if (this.running) {\n return;\n }\n if (this.queue.length === 0) {\n return;\n }\n this.running = true;\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var queueItem = this.queue.shift()!;\n var res = queueItem.method.apply(queueItem.thisObject, queueItem.args as never) as unknown;\n if (isPromise(res)) {\n (res as Promise<unknown>).then(queueItem.resolve, queueItem.reject).finally(() => {\n this.running = false;\n this.run();\n });\n } else {\n queueItem.resolve(res);\n this.running = false;\n this.run();\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nexport function getNativeConsole() {\n if (typeof window !== 'undefined') {\n return window.console;\n } else if (typeof console !== 'undefined') {\n return console;\n } else {\n return undefined;\n }\n}\n\nexport function getConsole() {\n var nativeConsole = getNativeConsole();\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n if (nativeConsole && nativeConsole.log) {\n return nativeConsole;\n }\n return {\n log: function() {},\n warn: function() {},\n group: function() {},\n groupEnd: function() {}\n };\n}\n\nexport function warn(text) {\n /* eslint-disable no-console */\n getConsole().warn('[okta-auth-sdk] WARN: ' + text);\n /* eslint-enable */\n}\n\nexport function deprecate(text) {\n /* eslint-disable no-console */\n getConsole().warn('[okta-auth-sdk] DEPRECATION: ' + text);\n /* eslint-enable */\n}\n\nexport function deprecateWrap(text, fn) {\n return function() {\n deprecate(text);\n return fn.apply(null, arguments);\n };\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './console';\nexport * from './misc';\nexport * from './object';\nexport * from './PromiseQueue';\nexport * from './types';\nexport * from './url';\n","const jsonpathRegex = /\\$?(?<step>\\w+)|(?:\\[(?<index>\\d+)\\])/g;\n\n/* eslint complexity:[0,8] */\nexport function jsonpath({ path, json }) {\n const steps: string[] = [];\n let match: RegExpExecArray | null;\n while ((match = jsonpathRegex.exec(path)) !== null) {\n const step = match?.groups?.step ?? match?.groups?.index;\n if (step) {\n steps.push(step);\n }\n }\n\n if (steps.length < 1) {\n return undefined;\n }\n\n // array length check above guarantees .pop() will return a value\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const lastStep = steps.pop()!;\n let curr = json;\n for (const step of steps) {\n if (Object.prototype.hasOwnProperty.call(curr, step)) {\n if (typeof curr[step] !== 'object') {\n return undefined;\n }\n\n curr = curr[step];\n }\n }\n\n return curr[lastStep];\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isoToUTCString(str) {\n var parts = str.match(/\\d+/g),\n isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),\n isoDate = new Date(isoTime);\n\n return isoDate.toUTCString();\n}\n\nexport function genRandomString(length) {\n var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';\n var random = '';\n for (var c = 0, cl = randomCharset.length; c < length; ++c) {\n random += randomCharset[Math.floor(Math.random() * cl)];\n }\n return random;\n}\n\nexport function delay(ms) {\n return new Promise(function(resolve) {\n setTimeout(resolve, ms);\n });\n}\n\nexport function split2(str, delim) {\n const parts = str.split(delim);\n return [\n parts[0], \n parts.splice(1, parts.length).join(delim),\n ];\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function bind(fn, ctx) {\n var additionalArgs = Array.prototype.slice.call(arguments, 2);\n return function() {\n var args = Array.prototype.slice.call(arguments);\n args = additionalArgs.concat(args);\n return fn.apply(ctx, args);\n };\n}\n\n// TODO: replace all references with `Object.assign` then remove this function\nexport function extend() {\n // First object will be modified!\n var obj1 = arguments[0];\n // Properties from other objects will be copied over\n var objArray = [].slice.call(arguments, 1);\n objArray.forEach(function(obj) {\n for (var prop in obj) {\n // copy over all properties with defined values\n if (Object.prototype.hasOwnProperty.call(obj, prop) && obj[prop] !== undefined) {\n obj1[prop] = obj[prop];\n }\n }\n });\n return obj1; // return the modified object\n}\n\nexport function removeNils(obj) {\n var cleaned = {};\n for (var prop in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, prop)) {\n var value = obj[prop];\n if (value !== null && value !== undefined) {\n cleaned[prop] = value;\n }\n }\n }\n return cleaned;\n}\n\nexport function clone(obj) {\n if (obj) {\n var str = JSON.stringify(obj);\n if (str) {\n return JSON.parse(str);\n }\n }\n return obj;\n}\n\n// Analogous to _.omit\nexport function omit(obj, ...props: any[]) {\n // var props = Array.prototype.slice.call(arguments, 1);\n var newobj = {};\n for (var p in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, p) && props.indexOf(p) == -1) {\n newobj[p] = obj[p];\n }\n }\n return clone(newobj);\n}\n\nexport function find(collection, searchParams) {\n var c = collection.length;\n while (c--) {\n var item = collection[c];\n var found = true;\n for (var prop in searchParams) {\n if (!Object.prototype.hasOwnProperty.call(searchParams, prop)) {\n continue;\n }\n if (item[prop] !== searchParams[prop]) {\n found = false;\n break;\n }\n }\n if (found) {\n return item;\n }\n }\n}\n\nexport function getLink(obj, linkName, altName?) {\n if (!obj || !obj._links) {\n return;\n }\n\n var link = clone(obj._links[linkName]);\n\n // If a link has a name and we have an altName, return if they match\n if (link && link.name && altName) {\n if (link.name === altName) {\n return link;\n }\n } else {\n return link;\n }\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isString(obj: any): obj is string {\n return Object.prototype.toString.call(obj) === '[object String]';\n}\n\nexport function isObject(obj: any): obj is object {\n return Object.prototype.toString.call(obj) === '[object Object]';\n}\n\nexport function isNumber(obj: any): obj is number {\n return Object.prototype.toString.call(obj) === '[object Number]';\n}\n\nexport function isFunction(fn: any): fn is (...any: any[]) => any {\n return !!fn && {}.toString.call(fn) === '[object Function]';\n}\n\nexport function isPromise(obj) {\n return obj && obj.finally && (typeof obj.finally === 'function');\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isAbsoluteUrl(url) {\n return /^[a-z][a-z0-9+.-]*:/i.test(url);\n}\n\nexport function toAbsoluteUrl(url = '', baseUrl) {\n if (isAbsoluteUrl(url)) {\n return url;\n }\n baseUrl = removeTrailingSlash(baseUrl);\n return url[0] === '/' ? `${baseUrl}${url}` : `${baseUrl}/${url}`;\n}\n\nexport function toRelativeUrl(url = '', baseUrl) {\n if (isAbsoluteUrl(url)) {\n url = url.substring(baseUrl.length);\n }\n\n return url[0] === '/' ? url : `/${url}`;\n}\n\nexport function toQueryString(obj) {\n var str = [];\n if (obj !== null) {\n for (var key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key) &&\n obj[key] !== undefined &&\n obj[key] !== null) {\n str.push(key + '=' + encodeURIComponent(obj[key]) as never);\n }\n }\n }\n if (str.length) {\n return '?' + str.join('&');\n } else {\n return '';\n }\n}\n\nexport function removeTrailingSlash(path) {\n if (!path) {\n return;\n }\n // Remove any whitespace before or after string\n var trimmed = path.replace(/^\\s+|\\s+$/gm,'');\n // Remove trailing slash(es)\n trimmed = trimmed.replace(/\\/+$/, '');\n\n return trimmed;\n}\n",null,"'use strict';\n\nclass CancelError extends Error {\n\tconstructor(reason) {\n\t\tsuper(reason || 'Promise was canceled');\n\t\tthis.name = 'CancelError';\n\t}\n\n\tget isCanceled() {\n\t\treturn true;\n\t}\n}\n\nclass PCancelable {\n\tstatic fn(userFn) {\n\t\treturn (...arguments_) => {\n\t\t\treturn new PCancelable((resolve, reject, onCancel) => {\n\t\t\t\targuments_.push(onCancel);\n\t\t\t\t// eslint-disable-next-line promise/prefer-await-to-then\n\t\t\t\tuserFn(...arguments_).then(resolve, reject);\n\t\t\t});\n\t\t};\n\t}\n\n\tconstructor(executor) {\n\t\tthis._cancelHandlers = [];\n\t\tthis._isPending = true;\n\t\tthis._isCanceled = false;\n\t\tthis._rejectOnCancel = true;\n\n\t\tthis._promise = new Promise((resolve, reject) => {\n\t\t\tthis._reject = reject;\n\n\t\t\tconst onResolve = value => {\n\t\t\t\tif (!this._isCanceled || !onCancel.shouldReject) {\n\t\t\t\t\tthis._isPending = false;\n\t\t\t\t\tresolve(value);\n\t\t\t\t}\n\t\t\t};\n\n\t\t\tconst onReject = error => {\n\t\t\t\tthis._isPending = false;\n\t\t\t\treject(error);\n\t\t\t};\n\n\t\t\tconst onCancel = handler => {\n\t\t\t\tif (!this._isPending) {\n\t\t\t\t\tthrow new Error('The `onCancel` handler was attached after the promise settled.');\n\t\t\t\t}\n\n\t\t\t\tthis._cancelHandlers.push(handler);\n\t\t\t};\n\n\t\t\tObject.defineProperties(onCancel, {\n\t\t\t\tshouldReject: {\n\t\t\t\t\tget: () => this._rejectOnCancel,\n\t\t\t\t\tset: boolean => {\n\t\t\t\t\t\tthis._rejectOnCancel = boolean;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t});\n\n\t\t\treturn executor(onResolve, onReject, onCancel);\n\t\t});\n\t}\n\n\tthen(onFulfilled, onRejected) {\n\t\t// eslint-disable-next-line promise/prefer-await-to-then\n\t\treturn this._promise.then(onFulfilled, onRejected);\n\t}\n\n\tcatch(onRejected) {\n\t\treturn this._promise.catch(onRejected);\n\t}\n\n\tfinally(onFinally) {\n\t\treturn this._promise.finally(onFinally);\n\t}\n\n\tcancel(reason) {\n\t\tif (!this._isPending || this._isCanceled) {\n\t\t\treturn;\n\t\t}\n\n\t\tthis._isCanceled = true;\n\n\t\tif (this._cancelHandlers.length > 0) {\n\t\t\ttry {\n\t\t\t\tfor (const handler of this._cancelHandlers) {\n\t\t\t\t\thandler();\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tthis._reject(error);\n\t\t\t\treturn;\n\t\t\t}\n\t\t}\n\n\t\tif (this._rejectOnCancel) {\n\t\t\tthis._reject(new CancelError(reason));\n\t\t}\n\t}\n\n\tget isCanceled() {\n\t\treturn this._isCanceled;\n\t}\n}\n\nObject.setPrototypeOf(PCancelable.prototype, Promise.prototype);\n\nmodule.exports = PCancelable;\nmodule.exports.CancelError = CancelError;\n","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.OPEN_BROADCAST_CHANNELS = exports.BroadcastChannel = void 0;\nexports.clearNodeFolder = clearNodeFolder;\nexports.enforceOptions = enforceOptions;\nvar _util = require(\"./util.js\");\nvar _methodChooser = require(\"./method-chooser.js\");\nvar _options = require(\"./options.js\");\n/**\n * Contains all open channels,\n * used in tests to ensure everything is closed.\n */\nvar OPEN_BROADCAST_CHANNELS = new Set();\nexports.OPEN_BROADCAST_CHANNELS = OPEN_BROADCAST_CHANNELS;\nvar lastId = 0;\nvar BroadcastChannel = function BroadcastChannel(name, options) {\n // identifier of the channel to debug stuff\n this.id = lastId++;\n OPEN_BROADCAST_CHANNELS.add(this);\n this.name = name;\n if (ENFORCED_OPTIONS) {\n options = ENFORCED_OPTIONS;\n }\n this.options = (0, _options.fillOptionsWithDefaults)(options);\n this.method = (0, _methodChooser.chooseMethod)(this.options);\n\n // isListening\n this._iL = false;\n\n /**\n * _onMessageListener\n * setting onmessage twice,\n * will overwrite the first listener\n */\n this._onML = null;\n\n /**\n * _addEventListeners\n */\n this._addEL = {\n message: [],\n internal: []\n };\n\n /**\n * Unsent message promises\n * where the sending is still in progress\n * @type {Set<Promise>}\n */\n this._uMP = new Set();\n\n /**\n * _beforeClose\n * array of promises that will be awaited\n * before the channel is closed\n */\n this._befC = [];\n\n /**\n * _preparePromise\n */\n this._prepP = null;\n _prepareChannel(this);\n};\n\n// STATICS\n\n/**\n * used to identify if someone overwrites\n * window.BroadcastChannel with this\n * See methods/native.js\n */\nexports.BroadcastChannel = BroadcastChannel;\nBroadcastChannel._pubkey = true;\n\n/**\n * clears the tmp-folder if is node\n * @return {Promise<boolean>} true if has run, false if not node\n */\nfunction clearNodeFolder(options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n var method = (0, _methodChooser.chooseMethod)(options);\n if (method.type === 'node') {\n return method.clearNodeFolder().then(function () {\n return true;\n });\n } else {\n return _util.PROMISE_RESOLVED_FALSE;\n }\n}\n\n/**\n * if set, this method is enforced,\n * no mather what the options are\n */\nvar ENFORCED_OPTIONS;\nfunction enforceOptions(options) {\n ENFORCED_OPTIONS = options;\n}\n\n// PROTOTYPE\nBroadcastChannel.prototype = {\n postMessage: function postMessage(msg) {\n if (this.closed) {\n throw new Error('BroadcastChannel.postMessage(): ' + 'Cannot post message after channel has closed ' +\n /**\n * In the past when this error appeared, it was really hard to debug.\n * So now we log the msg together with the error so it at least\n * gives some clue about where in your application this happens.\n */\n JSON.stringify(msg));\n }\n return _post(this, 'message', msg);\n },\n postInternal: function postInternal(msg) {\n return _post(this, 'internal', msg);\n },\n set onmessage(fn) {\n var time = this.method.microSeconds();\n var listenObj = {\n time: time,\n fn: fn\n };\n _removeListenerObject(this, 'message', this._onML);\n if (fn && typeof fn === 'function') {\n this._onML = listenObj;\n _addListenerObject(this, 'message', listenObj);\n } else {\n this._onML = null;\n }\n },\n addEventListener: function addEventListener(type, fn) {\n var time = this.method.microSeconds();\n var listenObj = {\n time: time,\n fn: fn\n };\n _addListenerObject(this, type, listenObj);\n },\n removeEventListener: function removeEventListener(type, fn) {\n var obj = this._addEL[type].find(function (obj) {\n return obj.fn === fn;\n });\n _removeListenerObject(this, type, obj);\n },\n close: function close() {\n var _this = this;\n if (this.closed) {\n return;\n }\n OPEN_BROADCAST_CHANNELS[\"delete\"](this);\n this.closed = true;\n var awaitPrepare = this._prepP ? this._prepP : _util.PROMISE_RESOLVED_VOID;\n this._onML = null;\n this._addEL.message = [];\n return awaitPrepare\n // wait until all current sending are processed\n .then(function () {\n return Promise.all(Array.from(_this._uMP));\n })\n // run before-close hooks\n .then(function () {\n return Promise.all(_this._befC.map(function (fn) {\n return fn();\n }));\n })\n // close the channel\n .then(function () {\n return _this.method.close(_this._state);\n });\n },\n get type() {\n return this.method.type;\n },\n get isClosed() {\n return this.closed;\n }\n};\n\n/**\n * Post a message over the channel\n * @returns {Promise} that resolved when the message sending is done\n */\nfunction _post(broadcastChannel, type, msg) {\n var time = broadcastChannel.method.microSeconds();\n var msgObj = {\n time: time,\n type: type,\n data: msg\n };\n var awaitPrepare = broadcastChannel._prepP ? broadcastChannel._prepP : _util.PROMISE_RESOLVED_VOID;\n return awaitPrepare.then(function () {\n var sendPromise = broadcastChannel.method.postMessage(broadcastChannel._state, msgObj);\n\n // add/remove to unsent messages list\n broadcastChannel._uMP.add(sendPromise);\n sendPromise[\"catch\"]().then(function () {\n return broadcastChannel._uMP[\"delete\"](sendPromise);\n });\n return sendPromise;\n });\n}\nfunction _prepareChannel(channel) {\n var maybePromise = channel.method.create(channel.name, channel.options);\n if ((0, _util.isPromise)(maybePromise)) {\n channel._prepP = maybePromise;\n maybePromise.then(function (s) {\n // used in tests to simulate slow runtime\n /*if (channel.options.prepareDelay) {\n await new Promise(res => setTimeout(res, this.options.prepareDelay));\n }*/\n channel._state = s;\n });\n } else {\n channel._state = maybePromise;\n }\n}\nfunction _hasMessageListeners(channel) {\n if (channel._addEL.message.length > 0) return true;\n if (channel._addEL.internal.length > 0) return true;\n return false;\n}\nfunction _addListenerObject(channel, type, obj) {\n channel._addEL[type].push(obj);\n _startListening(channel);\n}\nfunction _removeListenerObject(channel, type, obj) {\n channel._addEL[type] = channel._addEL[type].filter(function (o) {\n return o !== obj;\n });\n _stopListening(channel);\n}\nfunction _startListening(channel) {\n if (!channel._iL && _hasMessageListeners(channel)) {\n // someone is listening, start subscribing\n\n var listenerFn = function listenerFn(msgObj) {\n channel._addEL[msgObj.type].forEach(function (listenerObject) {\n /**\n * Getting the current time in JavaScript has no good precision.\n * So instead of only listening to events that happened 'after' the listener\n * was added, we also listen to events that happened 100ms before it.\n * This ensures that when another process, like a WebWorker, sends events\n * we do not miss them out because their timestamp is a bit off compared to the main process.\n * Not doing this would make messages missing when we send data directly after subscribing and awaiting a response.\n * @link https://johnresig.com/blog/accuracy-of-javascript-time/\n */\n var hundredMsInMicro = 100 * 1000;\n var minMessageTime = listenerObject.time - hundredMsInMicro;\n if (msgObj.time >= minMessageTime) {\n listenerObject.fn(msgObj.data);\n }\n });\n };\n var time = channel.method.microSeconds();\n if (channel._prepP) {\n channel._prepP.then(function () {\n channel._iL = true;\n channel.method.onMessage(channel._state, listenerFn, time);\n });\n } else {\n channel._iL = true;\n channel.method.onMessage(channel._state, listenerFn, time);\n }\n }\n}\nfunction _stopListening(channel) {\n if (channel._iL && !_hasMessageListeners(channel)) {\n // no one is listening, stop subscribing\n channel._iL = false;\n var time = channel.method.microSeconds();\n channel.method.onMessage(channel._state, null, time);\n }\n}","\"use strict\";\n\nvar _index = require(\"./index.js\");\n/**\n * because babel can only export on default-attribute,\n * we use this for the non-module-build\n * this ensures that users do not have to use\n * var BroadcastChannel = require('broadcast-channel').default;\n * but\n * var BroadcastChannel = require('broadcast-channel');\n */\n\nmodule.exports = {\n BroadcastChannel: _index.BroadcastChannel,\n createLeaderElection: _index.createLeaderElection,\n clearNodeFolder: _index.clearNodeFolder,\n enforceOptions: _index.enforceOptions,\n beLeader: _index.beLeader\n};","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nObject.defineProperty(exports, \"BroadcastChannel\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.BroadcastChannel;\n }\n});\nObject.defineProperty(exports, \"OPEN_BROADCAST_CHANNELS\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.OPEN_BROADCAST_CHANNELS;\n }\n});\nObject.defineProperty(exports, \"beLeader\", {\n enumerable: true,\n get: function get() {\n return _leaderElectionUtil.beLeader;\n }\n});\nObject.defineProperty(exports, \"clearNodeFolder\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.clearNodeFolder;\n }\n});\nObject.defineProperty(exports, \"createLeaderElection\", {\n enumerable: true,\n get: function get() {\n return _leaderElection.createLeaderElection;\n }\n});\nObject.defineProperty(exports, \"enforceOptions\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.enforceOptions;\n }\n});\nvar _broadcastChannel = require(\"./broadcast-channel.js\");\nvar _leaderElection = require(\"./leader-election.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.beLeader = beLeader;\nexports.sendLeaderMessage = sendLeaderMessage;\nvar _unload = require(\"unload\");\n/**\n * sends and internal message over the broadcast-channel\n */\nfunction sendLeaderMessage(leaderElector, action) {\n var msgJson = {\n context: 'leader',\n action: action,\n token: leaderElector.token\n };\n return leaderElector.broadcastChannel.postInternal(msgJson);\n}\nfunction beLeader(leaderElector) {\n leaderElector.isLeader = true;\n leaderElector._hasLeader = true;\n var unloadFn = (0, _unload.add)(function () {\n return leaderElector.die();\n });\n leaderElector._unl.push(unloadFn);\n var isLeaderListener = function isLeaderListener(msg) {\n if (msg.context === 'leader' && msg.action === 'apply') {\n sendLeaderMessage(leaderElector, 'tell');\n }\n if (msg.context === 'leader' && msg.action === 'tell' && !leaderElector._dpLC) {\n /**\n * another instance is also leader!\n * This can happen on rare events\n * like when the CPU is at 100% for long time\n * or the tabs are open very long and the browser throttles them.\n * @link https://github.com/pubkey/broadcast-channel/issues/414\n * @link https://github.com/pubkey/broadcast-channel/issues/385\n */\n leaderElector._dpLC = true;\n leaderElector._dpL(); // message the lib user so the app can handle the problem\n sendLeaderMessage(leaderElector, 'tell'); // ensure other leader also knows the problem\n }\n };\n\n leaderElector.broadcastChannel.addEventListener('internal', isLeaderListener);\n leaderElector._lstns.push(isLeaderListener);\n return sendLeaderMessage(leaderElector, 'tell');\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.LeaderElectionWebLock = void 0;\nvar _util = require(\"./util.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");\n/**\n * A faster version of the leader elector that uses the WebLock API\n * @link https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API\n */\nvar LeaderElectionWebLock = function LeaderElectionWebLock(broadcastChannel, options) {\n var _this = this;\n this.broadcastChannel = broadcastChannel;\n broadcastChannel._befC.push(function () {\n return _this.die();\n });\n this._options = options;\n this.isLeader = false;\n this.isDead = false;\n this.token = (0, _util.randomToken)();\n this._lstns = [];\n this._unl = [];\n this._dpL = function () {}; // onduplicate listener\n this._dpLC = false; // true when onduplicate called\n\n this._wKMC = {}; // stuff for cleanup\n\n // lock name\n this.lN = 'pubkey-bc||' + broadcastChannel.method.type + '||' + broadcastChannel.name;\n};\nexports.LeaderElectionWebLock = LeaderElectionWebLock;\nLeaderElectionWebLock.prototype = {\n hasLeader: function hasLeader() {\n var _this2 = this;\n return navigator.locks.query().then(function (locks) {\n var relevantLocks = locks.held ? locks.held.filter(function (lock) {\n return lock.name === _this2.lN;\n }) : [];\n if (relevantLocks && relevantLocks.length > 0) {\n return true;\n } else {\n return false;\n }\n });\n },\n awaitLeadership: function awaitLeadership() {\n var _this3 = this;\n if (!this._wLMP) {\n this._wKMC.c = new AbortController();\n var returnPromise = new Promise(function (res, rej) {\n _this3._wKMC.res = res;\n _this3._wKMC.rej = rej;\n });\n this._wLMP = new Promise(function (res) {\n navigator.locks.request(_this3.lN, {\n signal: _this3._wKMC.c.signal\n }, function () {\n // if the lock resolved, we can drop the abort controller\n _this3._wKMC.c = undefined;\n (0, _leaderElectionUtil.beLeader)(_this3);\n res();\n return returnPromise;\n })[\"catch\"](function () {});\n });\n }\n return this._wLMP;\n },\n set onduplicate(_fn) {\n // Do nothing because there are no duplicates in the WebLock version\n },\n die: function die() {\n var _this4 = this;\n this._lstns.forEach(function (listener) {\n return _this4.broadcastChannel.removeEventListener('internal', listener);\n });\n this._lstns = [];\n this._unl.forEach(function (uFn) {\n return uFn.remove();\n });\n this._unl = [];\n if (this.isLeader) {\n this.isLeader = false;\n }\n this.isDead = true;\n if (this._wKMC.res) {\n this._wKMC.res();\n }\n if (this._wKMC.c) {\n this._wKMC.c.abort('LeaderElectionWebLock.die() called');\n }\n return (0, _leaderElectionUtil.sendLeaderMessage)(this, 'death');\n }\n};","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.createLeaderElection = createLeaderElection;\nvar _util = require(\"./util.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");\nvar _leaderElectionWebLock = require(\"./leader-election-web-lock.js\");\nvar LeaderElection = function LeaderElection(broadcastChannel, options) {\n var _this = this;\n this.broadcastChannel = broadcastChannel;\n this._options = options;\n this.isLeader = false;\n this._hasLeader = false;\n this.isDead = false;\n this.token = (0, _util.randomToken)();\n\n /**\n * Apply Queue,\n * used to ensure we do not run applyOnce()\n * in parallel.\n */\n this._aplQ = _util.PROMISE_RESOLVED_VOID;\n // amount of unfinished applyOnce() calls\n this._aplQC = 0;\n\n // things to clean up\n this._unl = []; // _unloads\n this._lstns = []; // _listeners\n this._dpL = function () {}; // onduplicate listener\n this._dpLC = false; // true when onduplicate called\n\n /**\n * Even when the own instance is not applying,\n * we still listen to messages to ensure the hasLeader flag\n * is set correctly.\n */\n var hasLeaderListener = function hasLeaderListener(msg) {\n if (msg.context === 'leader') {\n if (msg.action === 'death') {\n _this._hasLeader = false;\n }\n if (msg.action === 'tell') {\n _this._hasLeader = true;\n }\n }\n };\n this.broadcastChannel.addEventListener('internal', hasLeaderListener);\n this._lstns.push(hasLeaderListener);\n};\nLeaderElection.prototype = {\n hasLeader: function hasLeader() {\n return Promise.resolve(this._hasLeader);\n },\n /**\n * Returns true if the instance is leader,\n * false if not.\n * @async\n */\n applyOnce: function applyOnce(\n // true if the applyOnce() call came from the fallbackInterval cycle\n isFromFallbackInterval) {\n var _this2 = this;\n if (this.isLeader) {\n return (0, _util.sleep)(0, true);\n }\n if (this.isDead) {\n return (0, _util.sleep)(0, false);\n }\n\n /**\n * Already applying more than once,\n * -> wait for the apply queue to be finished.\n */\n if (this._aplQC > 1) {\n return this._aplQ;\n }\n\n /**\n * Add a new apply-run\n */\n var applyRun = function applyRun() {\n /**\n * Optimization shortcuts.\n * Directly return if a previous run\n * has already elected a leader.\n */\n if (_this2.isLeader) {\n return _util.PROMISE_RESOLVED_TRUE;\n }\n var stopCriteria = false;\n var stopCriteriaPromiseResolve;\n /**\n * Resolves when a stop criteria is reached.\n * Uses as a performance shortcut so we do not\n * have to await the responseTime when it is already clear\n * that the election failed.\n */\n var stopCriteriaPromise = new Promise(function (res) {\n stopCriteriaPromiseResolve = function stopCriteriaPromiseResolve() {\n stopCriteria = true;\n res();\n };\n });\n var handleMessage = function handleMessage(msg) {\n if (msg.context === 'leader' && msg.token != _this2.token) {\n if (msg.action === 'apply') {\n // other is applying\n if (msg.token > _this2.token) {\n /**\n * other has higher token\n * -> stop applying and let other become leader.\n */\n stopCriteriaPromiseResolve();\n }\n }\n if (msg.action === 'tell') {\n // other is already leader\n stopCriteriaPromiseResolve();\n _this2._hasLeader = true;\n }\n }\n };\n _this2.broadcastChannel.addEventListener('internal', handleMessage);\n\n /**\n * If the applyOnce() call came from the fallbackInterval,\n * we can assume that the election runs in the background and\n * not critical process is waiting for it.\n * When this is true, we give the other instances\n * more time to answer to messages in the election cycle.\n * This makes it less likely to elect duplicate leaders.\n * But also it takes longer which is not a problem because we anyway\n * run in the background.\n */\n var waitForAnswerTime = isFromFallbackInterval ? _this2._options.responseTime * 4 : _this2._options.responseTime;\n return (0, _leaderElectionUtil.sendLeaderMessage)(_this2, 'apply') // send out that this one is applying\n .then(function () {\n return Promise.race([(0, _util.sleep)(waitForAnswerTime), stopCriteriaPromise.then(function () {\n return Promise.reject(new Error());\n })]);\n })\n // send again in case another instance was just created\n .then(function () {\n return (0, _leaderElectionUtil.sendLeaderMessage)(_this2, 'apply');\n })\n // let others time to respond\n .then(function () {\n return Promise.race([(0, _util.sleep)(waitForAnswerTime), stopCriteriaPromise.then(function () {\n return Promise.reject(new Error());\n })]);\n })[\"catch\"](function () {}).then(function () {\n _this2.broadcastChannel.removeEventListener('internal', handleMessage);\n if (!stopCriteria) {\n // no stop criteria -> own is leader\n return (0, _leaderElectionUtil.beLeader)(_this2).then(function () {\n return true;\n });\n } else {\n // other is leader\n return false;\n }\n });\n };\n this._aplQC = this._aplQC + 1;\n this._aplQ = this._aplQ.then(function () {\n return applyRun();\n }).then(function () {\n _this2._aplQC = _this2._aplQC - 1;\n });\n return this._aplQ.then(function () {\n return _this2.isLeader;\n });\n },\n awaitLeadership: function awaitLeadership() {\n if ( /* _awaitLeadershipPromise */\n !this._aLP) {\n this._aLP = _awaitLeadershipOnce(this);\n }\n return this._aLP;\n },\n set onduplicate(fn) {\n this._dpL = fn;\n },\n die: function die() {\n var _this3 = this;\n this._lstns.forEach(function (listener) {\n return _this3.broadcastChannel.removeEventListener('internal', listener);\n });\n this._lstns = [];\n this._unl.forEach(function (uFn) {\n return uFn.remove();\n });\n this._unl = [];\n if (this.isLeader) {\n this._hasLeader = false;\n this.isLeader = false;\n }\n this.isDead = true;\n return (0, _leaderElectionUtil.sendLeaderMessage)(this, 'death');\n }\n};\n\n/**\n * @param leaderElector {LeaderElector}\n */\nfunction _awaitLeadershipOnce(leaderElector) {\n if (leaderElector.isLeader) {\n return _util.PROMISE_RESOLVED_VOID;\n }\n return new Promise(function (res) {\n var resolved = false;\n function finish() {\n if (resolved) {\n return;\n }\n resolved = true;\n leaderElector.broadcastChannel.removeEventListener('internal', whenDeathListener);\n res(true);\n }\n\n // try once now\n leaderElector.applyOnce().then(function () {\n if (leaderElector.isLeader) {\n finish();\n }\n });\n\n /**\n * Try on fallbackInterval\n * @recursive\n */\n var tryOnFallBack = function tryOnFallBack() {\n return (0, _util.sleep)(leaderElector._options.fallbackInterval).then(function () {\n if (leaderElector.isDead || resolved) {\n return;\n }\n if (leaderElector.isLeader) {\n finish();\n } else {\n return leaderElector.applyOnce(true).then(function () {\n if (leaderElector.isLeader) {\n finish();\n } else {\n tryOnFallBack();\n }\n });\n }\n });\n };\n tryOnFallBack();\n\n // try when other leader dies\n var whenDeathListener = function whenDeathListener(msg) {\n if (msg.context === 'leader' && msg.action === 'death') {\n leaderElector._hasLeader = false;\n leaderElector.applyOnce().then(function () {\n if (leaderElector.isLeader) {\n finish();\n }\n });\n }\n };\n leaderElector.broadcastChannel.addEventListener('internal', whenDeathListener);\n leaderElector._lstns.push(whenDeathListener);\n });\n}\nfunction fillOptionsWithDefaults(options, channel) {\n if (!options) options = {};\n options = JSON.parse(JSON.stringify(options));\n if (!options.fallbackInterval) {\n options.fallbackInterval = 3000;\n }\n if (!options.responseTime) {\n options.responseTime = channel.method.averageResponseTime(channel.options);\n }\n return options;\n}\nfunction createLeaderElection(channel, options) {\n if (channel._leaderElector) {\n throw new Error('BroadcastChannel already has a leader-elector');\n }\n options = fillOptionsWithDefaults(options, channel);\n var elector = (0, _util.supportsWebLockAPI)() ? new _leaderElectionWebLock.LeaderElectionWebLock(channel, options) : new LeaderElection(channel, options);\n channel._befC.push(function () {\n return elector.die();\n });\n channel._leaderElector = elector;\n return elector;\n}","\"use strict\";\n\nvar _typeof = require(\"@babel/runtime/helpers/typeof\");\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.chooseMethod = chooseMethod;\nvar _native = require(\"./methods/native.js\");\nvar _indexedDb = require(\"./methods/indexed-db.js\");\nvar _localstorage = require(\"./methods/localstorage.js\");\nvar _simulate = require(\"./methods/simulate.js\");\nfunction _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== \"function\") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }\nfunction _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== \"object\" && typeof obj !== \"function\") { return { \"default\": obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== \"default\" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj[\"default\"] = obj; if (cache) { cache.set(obj, newObj); } return newObj; }\n// the line below will be removed from es5/browser builds\n\n// order is important\nvar METHODS = [_native.NativeMethod,\n// fastest\n_indexedDb.IndexedDBMethod, _localstorage.LocalstorageMethod];\nfunction chooseMethod(options) {\n var chooseMethods = [].concat(options.methods, METHODS).filter(Boolean);\n\n // the line below will be removed from es5/browser builds\n\n // directly chosen\n if (options.type) {\n if (options.type === 'simulate') {\n // only use simulate-method if directly chosen\n return _simulate.SimulateMethod;\n }\n var ret = chooseMethods.find(function (m) {\n return m.type === options.type;\n });\n if (!ret) throw new Error('method-type ' + options.type + ' not found');else return ret;\n }\n\n /**\n * if no webworker support is needed,\n * remove idb from the list so that localstorage will be chosen\n */\n if (!options.webWorkerSupport) {\n chooseMethods = chooseMethods.filter(function (m) {\n return m.type !== 'idb';\n });\n }\n var useMethod = chooseMethods.find(function (method) {\n return method.canBeUsed();\n });\n if (!useMethod) {\n throw new Error(\"No usable method found in \" + JSON.stringify(METHODS.map(function (m) {\n return m.type;\n })));\n } else {\n return useMethod;\n }\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.TRANSACTION_SETTINGS = exports.IndexedDBMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.cleanOldMessages = cleanOldMessages;\nexports.close = close;\nexports.commitIndexedDBTransaction = commitIndexedDBTransaction;\nexports.create = create;\nexports.createDatabase = createDatabase;\nexports.getAllMessages = getAllMessages;\nexports.getIdb = getIdb;\nexports.getMessagesHigherThan = getMessagesHigherThan;\nexports.getOldMessages = getOldMessages;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.removeMessagesById = removeMessagesById;\nexports.type = void 0;\nexports.writeMessage = writeMessage;\nvar _util = require(\"../util.js\");\nvar _obliviousSet = require(\"oblivious-set\");\nvar _options = require(\"../options.js\");\n/**\n * this method uses indexeddb to store the messages\n * There is currently no observerAPI for idb\n * @link https://github.com/w3c/IndexedDB/issues/51\n * \n * When working on this, ensure to use these performance optimizations:\n * @link https://rxdb.info/slow-indexeddb.html\n */\n\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar DB_PREFIX = 'pubkey.broadcast-channel-0-';\nvar OBJECT_STORE_ID = 'messages';\n\n/**\n * Use relaxed durability for faster performance on all transactions.\n * @link https://nolanlawson.com/2021/08/22/speeding-up-indexeddb-reads-and-writes/\n */\nvar TRANSACTION_SETTINGS = {\n durability: 'relaxed'\n};\nexports.TRANSACTION_SETTINGS = TRANSACTION_SETTINGS;\nvar type = 'idb';\nexports.type = type;\nfunction getIdb() {\n if (typeof indexedDB !== 'undefined') return indexedDB;\n if (typeof window !== 'undefined') {\n if (typeof window.mozIndexedDB !== 'undefined') return window.mozIndexedDB;\n if (typeof window.webkitIndexedDB !== 'undefined') return window.webkitIndexedDB;\n if (typeof window.msIndexedDB !== 'undefined') return window.msIndexedDB;\n }\n return false;\n}\n\n/**\n * If possible, we should explicitly commit IndexedDB transactions\n * for better performance.\n * @link https://nolanlawson.com/2021/08/22/speeding-up-indexeddb-reads-and-writes/\n */\nfunction commitIndexedDBTransaction(tx) {\n if (tx.commit) {\n tx.commit();\n }\n}\nfunction createDatabase(channelName) {\n var IndexedDB = getIdb();\n\n // create table\n var dbName = DB_PREFIX + channelName;\n\n /**\n * All IndexedDB databases are opened without version\n * because it is a bit faster, especially on firefox\n * @link http://nparashuram.com/IndexedDB/perf/#Open%20Database%20with%20version\n */\n var openRequest = IndexedDB.open(dbName);\n openRequest.onupgradeneeded = function (ev) {\n var db = ev.target.result;\n db.createObjectStore(OBJECT_STORE_ID, {\n keyPath: 'id',\n autoIncrement: true\n });\n };\n return new Promise(function (res, rej) {\n openRequest.onerror = function (ev) {\n return rej(ev);\n };\n openRequest.onsuccess = function () {\n res(openRequest.result);\n };\n });\n}\n\n/**\n * writes the new message to the database\n * so other readers can find it\n */\nfunction writeMessage(db, readerUuid, messageJson) {\n var time = new Date().getTime();\n var writeObject = {\n uuid: readerUuid,\n time: time,\n data: messageJson\n };\n var tx = db.transaction([OBJECT_STORE_ID], 'readwrite', TRANSACTION_SETTINGS);\n return new Promise(function (res, rej) {\n tx.oncomplete = function () {\n return res();\n };\n tx.onerror = function (ev) {\n return rej(ev);\n };\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n objectStore.add(writeObject);\n commitIndexedDBTransaction(tx);\n });\n}\nfunction getAllMessages(db) {\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n return new Promise(function (res) {\n objectStore.openCursor().onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n ret.push(cursor.value);\n //alert(\"Name for SSN \" + cursor.key + \" is \" + cursor.value.name);\n cursor[\"continue\"]();\n } else {\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n };\n });\n}\nfunction getMessagesHigherThan(db, lastCursorId) {\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n var keyRangeValue = IDBKeyRange.bound(lastCursorId + 1, Infinity);\n\n /**\n * Optimization shortcut,\n * if getAll() can be used, do not use a cursor.\n * @link https://rxdb.info/slow-indexeddb.html\n */\n if (objectStore.getAll) {\n var getAllRequest = objectStore.getAll(keyRangeValue);\n return new Promise(function (res, rej) {\n getAllRequest.onerror = function (err) {\n return rej(err);\n };\n getAllRequest.onsuccess = function (e) {\n res(e.target.result);\n };\n });\n }\n function openCursor() {\n // Occasionally Safari will fail on IDBKeyRange.bound, this\n // catches that error, having it open the cursor to the first\n // item. When it gets data it will advance to the desired key.\n try {\n keyRangeValue = IDBKeyRange.bound(lastCursorId + 1, Infinity);\n return objectStore.openCursor(keyRangeValue);\n } catch (e) {\n return objectStore.openCursor();\n }\n }\n return new Promise(function (res, rej) {\n var openCursorRequest = openCursor();\n openCursorRequest.onerror = function (err) {\n return rej(err);\n };\n openCursorRequest.onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n if (cursor.value.id < lastCursorId + 1) {\n cursor[\"continue\"](lastCursorId + 1);\n } else {\n ret.push(cursor.value);\n cursor[\"continue\"]();\n }\n } else {\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n };\n });\n}\nfunction removeMessagesById(channelState, ids) {\n if (channelState.closed) {\n return Promise.resolve([]);\n }\n var tx = channelState.db.transaction(OBJECT_STORE_ID, 'readwrite', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n return Promise.all(ids.map(function (id) {\n var deleteRequest = objectStore[\"delete\"](id);\n return new Promise(function (res) {\n deleteRequest.onsuccess = function () {\n return res();\n };\n });\n }));\n}\nfunction getOldMessages(db, ttl) {\n var olderThen = new Date().getTime() - ttl;\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n return new Promise(function (res) {\n objectStore.openCursor().onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n var msgObk = cursor.value;\n if (msgObk.time < olderThen) {\n ret.push(msgObk);\n //alert(\"Name for SSN \" + cursor.key + \" is \" + cursor.value.name);\n cursor[\"continue\"]();\n } else {\n // no more old messages,\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n } else {\n res(ret);\n }\n };\n });\n}\nfunction cleanOldMessages(channelState) {\n return getOldMessages(channelState.db, channelState.options.idb.ttl).then(function (tooOld) {\n return removeMessagesById(channelState, tooOld.map(function (msg) {\n return msg.id;\n }));\n });\n}\nfunction create(channelName, options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n return createDatabase(channelName).then(function (db) {\n var state = {\n closed: false,\n lastCursorId: 0,\n channelName: channelName,\n options: options,\n uuid: (0, _util.randomToken)(),\n /**\n * emittedMessagesIds\n * contains all messages that have been emitted before\n * @type {ObliviousSet}\n */\n eMIs: new _obliviousSet.ObliviousSet(options.idb.ttl * 2),\n // ensures we do not read messages in parallel\n writeBlockPromise: _util.PROMISE_RESOLVED_VOID,\n messagesCallback: null,\n readQueuePromises: [],\n db: db\n };\n\n /**\n * Handle abrupt closes that do not originate from db.close().\n * This could happen, for example, if the underlying storage is\n * removed or if the user clears the database in the browser's\n * history preferences.\n */\n db.onclose = function () {\n state.closed = true;\n if (options.idb.onclose) options.idb.onclose();\n };\n\n /**\n * if service-workers are used,\n * we have no 'storage'-event if they post a message,\n * therefore we also have to set an interval\n */\n _readLoop(state);\n return state;\n });\n}\nfunction _readLoop(state) {\n if (state.closed) return;\n readNewMessages(state).then(function () {\n return (0, _util.sleep)(state.options.idb.fallbackInterval);\n }).then(function () {\n return _readLoop(state);\n });\n}\nfunction _filterMessage(msgObj, state) {\n if (msgObj.uuid === state.uuid) return false; // send by own\n if (state.eMIs.has(msgObj.id)) return false; // already emitted\n if (msgObj.data.time < state.messagesCallbackTime) return false; // older then onMessageCallback\n return true;\n}\n\n/**\n * reads all new messages from the database and emits them\n */\nfunction readNewMessages(state) {\n // channel already closed\n if (state.closed) return _util.PROMISE_RESOLVED_VOID;\n\n // if no one is listening, we do not need to scan for new messages\n if (!state.messagesCallback) return _util.PROMISE_RESOLVED_VOID;\n return getMessagesHigherThan(state.db, state.lastCursorId).then(function (newerMessages) {\n var useMessages = newerMessages\n /**\n * there is a bug in iOS where the msgObj can be undefined sometimes\n * so we filter them out\n * @link https://github.com/pubkey/broadcast-channel/issues/19\n */.filter(function (msgObj) {\n return !!msgObj;\n }).map(function (msgObj) {\n if (msgObj.id > state.lastCursorId) {\n state.lastCursorId = msgObj.id;\n }\n return msgObj;\n }).filter(function (msgObj) {\n return _filterMessage(msgObj, state);\n }).sort(function (msgObjA, msgObjB) {\n return msgObjA.time - msgObjB.time;\n }); // sort by time\n useMessages.forEach(function (msgObj) {\n if (state.messagesCallback) {\n state.eMIs.add(msgObj.id);\n state.messagesCallback(msgObj.data);\n }\n });\n return _util.PROMISE_RESOLVED_VOID;\n });\n}\nfunction close(channelState) {\n channelState.closed = true;\n channelState.db.close();\n}\nfunction postMessage(channelState, messageJson) {\n channelState.writeBlockPromise = channelState.writeBlockPromise.then(function () {\n return writeMessage(channelState.db, channelState.uuid, messageJson);\n }).then(function () {\n if ((0, _util.randomInt)(0, 10) === 0) {\n /* await (do not await) */\n cleanOldMessages(channelState);\n }\n });\n return channelState.writeBlockPromise;\n}\nfunction onMessage(channelState, fn, time) {\n channelState.messagesCallbackTime = time;\n channelState.messagesCallback = fn;\n readNewMessages(channelState);\n}\nfunction canBeUsed() {\n return !!getIdb();\n}\nfunction averageResponseTime(options) {\n return options.idb.fallbackInterval * 2;\n}\nvar IndexedDBMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.IndexedDBMethod = IndexedDBMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.LocalstorageMethod = void 0;\nexports.addStorageEventListener = addStorageEventListener;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.getLocalStorage = getLocalStorage;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.removeStorageEventListener = removeStorageEventListener;\nexports.storageKey = storageKey;\nexports.type = void 0;\nvar _obliviousSet = require(\"oblivious-set\");\nvar _options = require(\"../options.js\");\nvar _util = require(\"../util.js\");\n/**\n * A localStorage-only method which uses localstorage and its 'storage'-event\n * This does not work inside webworkers because they have no access to localstorage\n * This is basically implemented to support IE9 or your grandmother's toaster.\n * @link https://caniuse.com/#feat=namevalue-storage\n * @link https://caniuse.com/#feat=indexeddb\n */\n\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar KEY_PREFIX = 'pubkey.broadcastChannel-';\nvar type = 'localstorage';\n\n/**\n * copied from crosstab\n * @link https://github.com/tejacques/crosstab/blob/master/src/crosstab.js#L32\n */\nexports.type = type;\nfunction getLocalStorage() {\n var localStorage;\n if (typeof window === 'undefined') return null;\n try {\n localStorage = window.localStorage;\n localStorage = window['ie8-eventlistener/storage'] || window.localStorage;\n } catch (e) {\n // New versions of Firefox throw a Security exception\n // if cookies are disabled. See\n // https://bugzilla.mozilla.org/show_bug.cgi?id=1028153\n }\n return localStorage;\n}\nfunction storageKey(channelName) {\n return KEY_PREFIX + channelName;\n}\n\n/**\n* writes the new message to the storage\n* and fires the storage-event so other readers can find it\n*/\nfunction postMessage(channelState, messageJson) {\n return new Promise(function (res) {\n (0, _util.sleep)().then(function () {\n var key = storageKey(channelState.channelName);\n var writeObj = {\n token: (0, _util.randomToken)(),\n time: new Date().getTime(),\n data: messageJson,\n uuid: channelState.uuid\n };\n var value = JSON.stringify(writeObj);\n getLocalStorage().setItem(key, value);\n\n /**\n * StorageEvent does not fire the 'storage' event\n * in the window that changes the state of the local storage.\n * So we fire it manually\n */\n var ev = document.createEvent('Event');\n ev.initEvent('storage', true, true);\n ev.key = key;\n ev.newValue = value;\n window.dispatchEvent(ev);\n res();\n });\n });\n}\nfunction addStorageEventListener(channelName, fn) {\n var key = storageKey(channelName);\n var listener = function listener(ev) {\n if (ev.key === key) {\n fn(JSON.parse(ev.newValue));\n }\n };\n window.addEventListener('storage', listener);\n return listener;\n}\nfunction removeStorageEventListener(listener) {\n window.removeEventListener('storage', listener);\n}\nfunction create(channelName, options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n if (!canBeUsed()) {\n throw new Error('BroadcastChannel: localstorage cannot be used');\n }\n var uuid = (0, _util.randomToken)();\n\n /**\n * eMIs\n * contains all messages that have been emitted before\n * @type {ObliviousSet}\n */\n var eMIs = new _obliviousSet.ObliviousSet(options.localstorage.removeTimeout);\n var state = {\n channelName: channelName,\n uuid: uuid,\n eMIs: eMIs // emittedMessagesIds\n };\n\n state.listener = addStorageEventListener(channelName, function (msgObj) {\n if (!state.messagesCallback) return; // no listener\n if (msgObj.uuid === uuid) return; // own message\n if (!msgObj.token || eMIs.has(msgObj.token)) return; // already emitted\n if (msgObj.data.time && msgObj.data.time < state.messagesCallbackTime) return; // too old\n\n eMIs.add(msgObj.token);\n state.messagesCallback(msgObj.data);\n });\n return state;\n}\nfunction close(channelState) {\n removeStorageEventListener(channelState.listener);\n}\nfunction onMessage(channelState, fn, time) {\n channelState.messagesCallbackTime = time;\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n var ls = getLocalStorage();\n if (!ls) return false;\n try {\n var key = '__broadcastchannel_check';\n ls.setItem(key, 'works');\n ls.removeItem(key);\n } catch (e) {\n // Safari 10 in private mode will not allow write access to local\n // storage and fail with a QuotaExceededError. See\n // https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API#Private_Browsing_Incognito_modes\n return false;\n }\n return true;\n}\nfunction averageResponseTime() {\n var defaultTime = 120;\n var userAgent = navigator.userAgent.toLowerCase();\n if (userAgent.includes('safari') && !userAgent.includes('chrome')) {\n // safari is much slower so this time is higher\n return defaultTime * 2;\n }\n return defaultTime;\n}\nvar LocalstorageMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.LocalstorageMethod = LocalstorageMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.NativeMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.type = void 0;\nvar _util = require(\"../util.js\");\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar type = 'native';\nexports.type = type;\nfunction create(channelName) {\n var state = {\n messagesCallback: null,\n bc: new BroadcastChannel(channelName),\n subFns: [] // subscriberFunctions\n };\n\n state.bc.onmessage = function (msg) {\n if (state.messagesCallback) {\n state.messagesCallback(msg.data);\n }\n };\n return state;\n}\nfunction close(channelState) {\n channelState.bc.close();\n channelState.subFns = [];\n}\nfunction postMessage(channelState, messageJson) {\n try {\n channelState.bc.postMessage(messageJson, false);\n return _util.PROMISE_RESOLVED_VOID;\n } catch (err) {\n return Promise.reject(err);\n }\n}\nfunction onMessage(channelState, fn) {\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n if ((typeof window !== 'undefined' || typeof self !== 'undefined') && typeof BroadcastChannel === 'function') {\n if (BroadcastChannel._pubkey) {\n throw new Error('BroadcastChannel: Do not overwrite window.BroadcastChannel with this module, this is not a polyfill');\n }\n return true;\n } else {\n return false;\n }\n}\nfunction averageResponseTime() {\n return 150;\n}\nvar NativeMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.NativeMethod = NativeMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.SimulateMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.type = void 0;\nvar _util = require(\"../util.js\");\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar type = 'simulate';\nexports.type = type;\nvar SIMULATE_CHANNELS = new Set();\nfunction create(channelName) {\n var state = {\n name: channelName,\n messagesCallback: null\n };\n SIMULATE_CHANNELS.add(state);\n return state;\n}\nfunction close(channelState) {\n SIMULATE_CHANNELS[\"delete\"](channelState);\n}\nfunction postMessage(channelState, messageJson) {\n return new Promise(function (res) {\n return setTimeout(function () {\n var channelArray = Array.from(SIMULATE_CHANNELS);\n channelArray.filter(function (channel) {\n return channel.name === channelState.name;\n }).filter(function (channel) {\n return channel !== channelState;\n }).filter(function (channel) {\n return !!channel.messagesCallback;\n }).forEach(function (channel) {\n return channel.messagesCallback(messageJson);\n });\n res();\n }, 5);\n });\n}\nfunction onMessage(channelState, fn) {\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n return true;\n}\nfunction averageResponseTime() {\n return 5;\n}\nvar SimulateMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.SimulateMethod = SimulateMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.fillOptionsWithDefaults = fillOptionsWithDefaults;\nfunction fillOptionsWithDefaults() {\n var originalOptions = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n var options = JSON.parse(JSON.stringify(originalOptions));\n\n // main\n if (typeof options.webWorkerSupport === 'undefined') options.webWorkerSupport = true;\n\n // indexed-db\n if (!options.idb) options.idb = {};\n // after this time the messages get deleted\n if (!options.idb.ttl) options.idb.ttl = 1000 * 45;\n if (!options.idb.fallbackInterval) options.idb.fallbackInterval = 150;\n // handles abrupt db onclose events.\n if (originalOptions.idb && typeof originalOptions.idb.onclose === 'function') options.idb.onclose = originalOptions.idb.onclose;\n\n // localstorage\n if (!options.localstorage) options.localstorage = {};\n if (!options.localstorage.removeTimeout) options.localstorage.removeTimeout = 1000 * 60;\n\n // custom methods\n if (originalOptions.methods) options.methods = originalOptions.methods;\n\n // node\n if (!options.node) options.node = {};\n if (!options.node.ttl) options.node.ttl = 1000 * 60 * 2; // 2 minutes;\n /**\n * On linux use 'ulimit -Hn' to get the limit of open files.\n * On ubuntu this was 4096 for me, so we use half of that as maxParallelWrites default.\n */\n if (!options.node.maxParallelWrites) options.node.maxParallelWrites = 2048;\n if (typeof options.node.useFastPath === 'undefined') options.node.useFastPath = true;\n return options;\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.PROMISE_RESOLVED_VOID = exports.PROMISE_RESOLVED_TRUE = exports.PROMISE_RESOLVED_FALSE = void 0;\nexports.isPromise = isPromise;\nexports.microSeconds = microSeconds;\nexports.randomInt = randomInt;\nexports.randomToken = randomToken;\nexports.sleep = sleep;\nexports.supportsWebLockAPI = supportsWebLockAPI;\n/**\n * returns true if the given object is a promise\n */\nfunction isPromise(obj) {\n return obj && typeof obj.then === 'function';\n}\nvar PROMISE_RESOLVED_FALSE = Promise.resolve(false);\nexports.PROMISE_RESOLVED_FALSE = PROMISE_RESOLVED_FALSE;\nvar PROMISE_RESOLVED_TRUE = Promise.resolve(true);\nexports.PROMISE_RESOLVED_TRUE = PROMISE_RESOLVED_TRUE;\nvar PROMISE_RESOLVED_VOID = Promise.resolve();\nexports.PROMISE_RESOLVED_VOID = PROMISE_RESOLVED_VOID;\nfunction sleep(time, resolveWith) {\n if (!time) time = 0;\n return new Promise(function (res) {\n return setTimeout(function () {\n return res(resolveWith);\n }, time);\n });\n}\nfunction randomInt(min, max) {\n return Math.floor(Math.random() * (max - min + 1) + min);\n}\n\n/**\n * https://stackoverflow.com/a/8084248\n */\nfunction randomToken() {\n return Math.random().toString(36).substring(2);\n}\nvar lastMs = 0;\nvar additional = 0;\n\n/**\n * returns the current time in micro-seconds,\n * WARNING: This is a pseudo-function\n * Performance.now is not reliable in webworkers, so we just make sure to never return the same time.\n * This is enough in browsers, and this function will not be used in nodejs.\n * The main reason for this hack is to ensure that BroadcastChannel behaves equal to production when it is used in fast-running unit tests.\n */\nfunction microSeconds() {\n var ms = new Date().getTime();\n if (ms === lastMs) {\n additional++;\n return ms * 1000 + additional;\n } else {\n lastMs = ms;\n additional = 0;\n return ms * 1000;\n }\n}\n\n/**\n * Check if WebLock API is supported.\n * @link https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API\n */\nfunction supportsWebLockAPI() {\n if (typeof navigator !== 'undefined' && typeof navigator.locks !== 'undefined' && typeof navigator.locks.request === 'function') {\n return true;\n } else {\n return false;\n }\n}","var global = typeof self !== 'undefined' ? self : this;\nvar __self__ = (function () {\nfunction F() {\nthis.fetch = false;\nthis.DOMException = global.DOMException\n}\nF.prototype = global;\nreturn new F();\n})();\n(function(self) {\n\nvar irrelevant = (function (exports) {\n\n var support = {\n searchParams: 'URLSearchParams' in self,\n iterable: 'Symbol' in self && 'iterator' in Symbol,\n blob:\n 'FileReader' in self &&\n 'Blob' in self &&\n (function() {\n try {\n new Blob();\n return true\n } catch (e) {\n return false\n }\n })(),\n formData: 'FormData' in self,\n arrayBuffer: 'ArrayBuffer' in self\n };\n\n function isDataView(obj) {\n return obj && DataView.prototype.isPrototypeOf(obj)\n }\n\n if (support.arrayBuffer) {\n var viewClasses = [\n '[object Int8Array]',\n '[object Uint8Array]',\n '[object Uint8ClampedArray]',\n '[object Int16Array]',\n '[object Uint16Array]',\n '[object Int32Array]',\n '[object Uint32Array]',\n '[object Float32Array]',\n '[object Float64Array]'\n ];\n\n var isArrayBufferView =\n ArrayBuffer.isView ||\n function(obj) {\n return obj && viewClasses.indexOf(Object.prototype.toString.call(obj)) > -1\n };\n }\n\n function normalizeName(name) {\n if (typeof name !== 'string') {\n name = String(name);\n }\n if (/[^a-z0-9\\-#$%&'*+.^_`|~]/i.test(name)) {\n throw new TypeError('Invalid character in header field name')\n }\n return name.toLowerCase()\n }\n\n function normalizeValue(value) {\n if (typeof value !== 'string') {\n value = String(value);\n }\n return value\n }\n\n // Build a destructive iterator for the value list\n function iteratorFor(items) {\n var iterator = {\n next: function() {\n var value = items.shift();\n return {done: value === undefined, value: value}\n }\n };\n\n if (support.iterable) {\n iterator[Symbol.iterator] = function() {\n return iterator\n };\n }\n\n return iterator\n }\n\n function Headers(headers) {\n this.map = {};\n\n if (headers instanceof Headers) {\n headers.forEach(function(value, name) {\n this.append(name, value);\n }, this);\n } else if (Array.isArray(headers)) {\n headers.forEach(function(header) {\n this.append(header[0], header[1]);\n }, this);\n } else if (headers) {\n Object.getOwnPropertyNames(headers).forEach(function(name) {\n this.append(name, headers[name]);\n }, this);\n }\n }\n\n Headers.prototype.append = function(name, value) {\n name = normalizeName(name);\n value = normalizeValue(value);\n var oldValue = this.map[name];\n this.map[name] = oldValue ? oldValue + ', ' + value : value;\n };\n\n Headers.prototype['delete'] = function(name) {\n delete this.map[normalizeName(name)];\n };\n\n Headers.prototype.get = function(name) {\n name = normalizeName(name);\n return this.has(name) ? this.map[name] : null\n };\n\n Headers.prototype.has = function(name) {\n return this.map.hasOwnProperty(normalizeName(name))\n };\n\n Headers.prototype.set = function(name, value) {\n this.map[normalizeName(name)] = normalizeValue(value);\n };\n\n Headers.prototype.forEach = function(callback, thisArg) {\n for (var name in this.map) {\n if (this.map.hasOwnProperty(name)) {\n callback.call(thisArg, this.map[name], name, this);\n }\n }\n };\n\n Headers.prototype.keys = function() {\n var items = [];\n this.forEach(function(value, name) {\n items.push(name);\n });\n return iteratorFor(items)\n };\n\n Headers.prototype.values = function() {\n var items = [];\n this.forEach(function(value) {\n items.push(value);\n });\n return iteratorFor(items)\n };\n\n Headers.prototype.entries = function() {\n var items = [];\n this.forEach(function(value, name) {\n items.push([name, value]);\n });\n return iteratorFor(items)\n };\n\n if (support.iterable) {\n Headers.prototype[Symbol.iterator] = Headers.prototype.entries;\n }\n\n function consumed(body) {\n if (body.bodyUsed) {\n return Promise.reject(new TypeError('Already read'))\n }\n body.bodyUsed = true;\n }\n\n function fileReaderReady(reader) {\n return new Promise(function(resolve, reject) {\n reader.onload = function() {\n resolve(reader.result);\n };\n reader.onerror = function() {\n reject(reader.error);\n };\n })\n }\n\n function readBlobAsArrayBuffer(blob) {\n var reader = new FileReader();\n var promise = fileReaderReady(reader);\n reader.readAsArrayBuffer(blob);\n return promise\n }\n\n function readBlobAsText(blob) {\n var reader = new FileReader();\n var promise = fileReaderReady(reader);\n reader.readAsText(blob);\n return promise\n }\n\n function readArrayBufferAsText(buf) {\n var view = new Uint8Array(buf);\n var chars = new Array(view.length);\n\n for (var i = 0; i < view.length; i++) {\n chars[i] = String.fromCharCode(view[i]);\n }\n return chars.join('')\n }\n\n function bufferClone(buf) {\n if (buf.slice) {\n return buf.slice(0)\n } else {\n var view = new Uint8Array(buf.byteLength);\n view.set(new Uint8Array(buf));\n return view.buffer\n }\n }\n\n function Body() {\n this.bodyUsed = false;\n\n this._initBody = function(body) {\n this._bodyInit = body;\n if (!body) {\n this._bodyText = '';\n } else if (typeof body === 'string') {\n this._bodyText = body;\n } else if (support.blob && Blob.prototype.isPrototypeOf(body)) {\n this._bodyBlob = body;\n } else if (support.formData && FormData.prototype.isPrototypeOf(body)) {\n this._bodyFormData = body;\n } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n this._bodyText = body.toString();\n } else if (support.arrayBuffer && support.blob && isDataView(body)) {\n this._bodyArrayBuffer = bufferClone(body.buffer);\n // IE 10-11 can't handle a DataView body.\n this._bodyInit = new Blob([this._bodyArrayBuffer]);\n } else if (support.arrayBuffer && (ArrayBuffer.prototype.isPrototypeOf(body) || isArrayBufferView(body))) {\n this._bodyArrayBuffer = bufferClone(body);\n } else {\n this._bodyText = body = Object.prototype.toString.call(body);\n }\n\n if (!this.headers.get('content-type')) {\n if (typeof body === 'string') {\n this.headers.set('content-type', 'text/plain;charset=UTF-8');\n } else if (this._bodyBlob && this._bodyBlob.type) {\n this.headers.set('content-type', this._bodyBlob.type);\n } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n this.headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n }\n }\n };\n\n if (support.blob) {\n this.blob = function() {\n var rejected = consumed(this);\n if (rejected) {\n return rejected\n }\n\n if (this._bodyBlob) {\n return Promise.resolve(this._bodyBlob)\n } else if (this._bodyArrayBuffer) {\n return Promise.resolve(new Blob([this._bodyArrayBuffer]))\n } else if (this._bodyFormData) {\n throw new Error('could not read FormData body as blob')\n } else {\n return Promise.resolve(new Blob([this._bodyText]))\n }\n };\n\n this.arrayBuffer = function() {\n if (this._bodyArrayBuffer) {\n return consumed(this) || Promise.resolve(this._bodyArrayBuffer)\n } else {\n return this.blob().then(readBlobAsArrayBuffer)\n }\n };\n }\n\n this.text = function() {\n var rejected = consumed(this);\n if (rejected) {\n return rejected\n }\n\n if (this._bodyBlob) {\n return readBlobAsText(this._bodyBlob)\n } else if (this._bodyArrayBuffer) {\n return Promise.resolve(readArrayBufferAsText(this._bodyArrayBuffer))\n } else if (this._bodyFormData) {\n throw new Error('could not read FormData body as text')\n } else {\n return Promise.resolve(this._bodyText)\n }\n };\n\n if (support.formData) {\n this.formData = function() {\n return this.text().then(decode)\n };\n }\n\n this.json = function() {\n return this.text().then(JSON.parse)\n };\n\n return this\n }\n\n // HTTP methods whose capitalization should be normalized\n var methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT'];\n\n function normalizeMethod(method) {\n var upcased = method.toUpperCase();\n return methods.indexOf(upcased) > -1 ? upcased : method\n }\n\n function Request(input, options) {\n options = options || {};\n var body = options.body;\n\n if (input instanceof Request) {\n if (input.bodyUsed) {\n throw new TypeError('Already read')\n }\n this.url = input.url;\n this.credentials = input.credentials;\n if (!options.headers) {\n this.headers = new Headers(input.headers);\n }\n this.method = input.method;\n this.mode = input.mode;\n this.signal = input.signal;\n if (!body && input._bodyInit != null) {\n body = input._bodyInit;\n input.bodyUsed = true;\n }\n } else {\n this.url = String(input);\n }\n\n this.credentials = options.credentials || this.credentials || 'same-origin';\n if (options.headers || !this.headers) {\n this.headers = new Headers(options.headers);\n }\n this.method = normalizeMethod(options.method || this.method || 'GET');\n this.mode = options.mode || this.mode || null;\n this.signal = options.signal || this.signal;\n this.referrer = null;\n\n if ((this.method === 'GET' || this.method === 'HEAD') && body) {\n throw new TypeError('Body not allowed for GET or HEAD requests')\n }\n this._initBody(body);\n }\n\n Request.prototype.clone = function() {\n return new Request(this, {body: this._bodyInit})\n };\n\n function decode(body) {\n var form = new FormData();\n body\n .trim()\n .split('&')\n .forEach(function(bytes) {\n if (bytes) {\n var split = bytes.split('=');\n var name = split.shift().replace(/\\+/g, ' ');\n var value = split.join('=').replace(/\\+/g, ' ');\n form.append(decodeURIComponent(name), decodeURIComponent(value));\n }\n });\n return form\n }\n\n function parseHeaders(rawHeaders) {\n var headers = new Headers();\n // Replace instances of \\r\\n and \\n followed by at least one space or horizontal tab with a space\n // https://tools.ietf.org/html/rfc7230#section-3.2\n var preProcessedHeaders = rawHeaders.replace(/\\r?\\n[\\t ]+/g, ' ');\n preProcessedHeaders.split(/\\r?\\n/).forEach(function(line) {\n var parts = line.split(':');\n var key = parts.shift().trim();\n if (key) {\n var value = parts.join(':').trim();\n headers.append(key, value);\n }\n });\n return headers\n }\n\n Body.call(Request.prototype);\n\n function Response(bodyInit, options) {\n if (!options) {\n options = {};\n }\n\n this.type = 'default';\n this.status = options.status === undefined ? 200 : options.status;\n this.ok = this.status >= 200 && this.status < 300;\n this.statusText = 'statusText' in options ? options.statusText : 'OK';\n this.headers = new Headers(options.headers);\n this.url = options.url || '';\n this._initBody(bodyInit);\n }\n\n Body.call(Response.prototype);\n\n Response.prototype.clone = function() {\n return new Response(this._bodyInit, {\n status: this.status,\n statusText: this.statusText,\n headers: new Headers(this.headers),\n url: this.url\n })\n };\n\n Response.error = function() {\n var response = new Response(null, {status: 0, statusText: ''});\n response.type = 'error';\n return response\n };\n\n var redirectStatuses = [301, 302, 303, 307, 308];\n\n Response.redirect = function(url, status) {\n if (redirectStatuses.indexOf(status) === -1) {\n throw new RangeError('Invalid status code')\n }\n\n return new Response(null, {status: status, headers: {location: url}})\n };\n\n exports.DOMException = self.DOMException;\n try {\n new exports.DOMException();\n } catch (err) {\n exports.DOMException = function(message, name) {\n this.message = message;\n this.name = name;\n var error = Error(message);\n this.stack = error.stack;\n };\n exports.DOMException.prototype = Object.create(Error.prototype);\n exports.DOMException.prototype.constructor = exports.DOMException;\n }\n\n function fetch(input, init) {\n return new Promise(function(resolve, reject) {\n var request = new Request(input, init);\n\n if (request.signal && request.signal.aborted) {\n return reject(new exports.DOMException('Aborted', 'AbortError'))\n }\n\n var xhr = new XMLHttpRequest();\n\n function abortXhr() {\n xhr.abort();\n }\n\n xhr.onload = function() {\n var options = {\n status: xhr.status,\n statusText: xhr.statusText,\n headers: parseHeaders(xhr.getAllResponseHeaders() || '')\n };\n options.url = 'responseURL' in xhr ? xhr.responseURL : options.headers.get('X-Request-URL');\n var body = 'response' in xhr ? xhr.response : xhr.responseText;\n resolve(new Response(body, options));\n };\n\n xhr.onerror = function() {\n reject(new TypeError('Network request failed'));\n };\n\n xhr.ontimeout = function() {\n reject(new TypeError('Network request failed'));\n };\n\n xhr.onabort = function() {\n reject(new exports.DOMException('Aborted', 'AbortError'));\n };\n\n xhr.open(request.method, request.url, true);\n\n if (request.credentials === 'include') {\n xhr.withCredentials = true;\n } else if (request.credentials === 'omit') {\n xhr.withCredentials = false;\n }\n\n if ('responseType' in xhr && support.blob) {\n xhr.responseType = 'blob';\n }\n\n request.headers.forEach(function(value, name) {\n xhr.setRequestHeader(name, value);\n });\n\n if (request.signal) {\n request.signal.addEventListener('abort', abortXhr);\n\n xhr.onreadystatechange = function() {\n // DONE (success or failure)\n if (xhr.readyState === 4) {\n request.signal.removeEventListener('abort', abortXhr);\n }\n };\n }\n\n xhr.send(typeof request._bodyInit === 'undefined' ? null : request._bodyInit);\n })\n }\n\n fetch.polyfill = true;\n\n if (!self.fetch) {\n self.fetch = fetch;\n self.Headers = Headers;\n self.Request = Request;\n self.Response = Response;\n }\n\n exports.Headers = Headers;\n exports.Request = Request;\n exports.Response = Response;\n exports.fetch = fetch;\n\n Object.defineProperty(exports, '__esModule', { value: true });\n\n return exports;\n\n})({});\n})(__self__);\n__self__.fetch.ponyfill = true;\n// Remove \"polyfill\" property added by whatwg-fetch\ndelete __self__.fetch.polyfill;\n// Choose between native implementation (global) or custom implementation (__self__)\n// var ctx = global.fetch ? global : __self__;\nvar ctx = __self__; // this line disable service worker support temporarily\nexports = ctx.fetch // To enable: import fetch from 'cross-fetch'\nexports.default = ctx.fetch // For TypeScript consumers without esModuleInterop.\nexports.fetch = ctx.fetch // To enable: import {fetch} from 'cross-fetch'\nexports.Headers = ctx.Headers\nexports.Request = ctx.Request\nexports.Response = ctx.Response\nmodule.exports = exports\n","/*! js-cookie v3.0.1 | MIT */\n;\n(function (global, factory) {\n typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :\n typeof define === 'function' && define.amd ? define(factory) :\n (global = global || self, (function () {\n var current = global.Cookies;\n var exports = global.Cookies = factory();\n exports.noConflict = function () { global.Cookies = current; return exports; };\n }()));\n}(this, (function () { 'use strict';\n\n /* eslint-disable no-var */\n function assign (target) {\n for (var i = 1; i < arguments.length; i++) {\n var source = arguments[i];\n for (var key in source) {\n target[key] = source[key];\n }\n }\n return target\n }\n /* eslint-enable no-var */\n\n /* eslint-disable no-var */\n var defaultConverter = {\n read: function (value) {\n if (value[0] === '\"') {\n value = value.slice(1, -1);\n }\n return value.replace(/(%[\\dA-F]{2})+/gi, decodeURIComponent)\n },\n write: function (value) {\n return encodeURIComponent(value).replace(\n /%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,\n decodeURIComponent\n )\n }\n };\n /* eslint-enable no-var */\n\n /* eslint-disable no-var */\n\n function init (converter, defaultAttributes) {\n function set (key, value, attributes) {\n if (typeof document === 'undefined') {\n return\n }\n\n attributes = assign({}, defaultAttributes, attributes);\n\n if (typeof attributes.expires === 'number') {\n attributes.expires = new Date(Date.now() + attributes.expires * 864e5);\n }\n if (attributes.expires) {\n attributes.expires = attributes.expires.toUTCString();\n }\n\n key = encodeURIComponent(key)\n .replace(/%(2[346B]|5E|60|7C)/g, decodeURIComponent)\n .replace(/[()]/g, escape);\n\n var stringifiedAttributes = '';\n for (var attributeName in attributes) {\n if (!attributes[attributeName]) {\n continue\n }\n\n stringifiedAttributes += '; ' + attributeName;\n\n if (attributes[attributeName] === true) {\n continue\n }\n\n // Considers RFC 6265 section 5.2:\n // ...\n // 3. If the remaining unparsed-attributes contains a %x3B (\";\")\n // character:\n // Consume the characters of the unparsed-attributes up to,\n // not including, the first %x3B (\";\") character.\n // ...\n stringifiedAttributes += '=' + attributes[attributeName].split(';')[0];\n }\n\n return (document.cookie =\n key + '=' + converter.write(value, key) + stringifiedAttributes)\n }\n\n function get (key) {\n if (typeof document === 'undefined' || (arguments.length && !key)) {\n return\n }\n\n // To prevent the for loop in the first place assign an empty array\n // in case there are no cookies at all.\n var cookies = document.cookie ? document.cookie.split('; ') : [];\n var jar = {};\n for (var i = 0; i < cookies.length; i++) {\n var parts = cookies[i].split('=');\n var value = parts.slice(1).join('=');\n\n try {\n var foundKey = decodeURIComponent(parts[0]);\n jar[foundKey] = converter.read(value, foundKey);\n\n if (key === foundKey) {\n break\n }\n } catch (e) {}\n }\n\n return key ? jar[key] : jar\n }\n\n return Object.create(\n {\n set: set,\n get: get,\n remove: function (key, attributes) {\n set(\n key,\n '',\n assign({}, attributes, {\n expires: -1\n })\n );\n },\n withAttributes: function (attributes) {\n return init(this.converter, assign({}, this.attributes, attributes))\n },\n withConverter: function (converter) {\n return init(assign({}, this.converter, converter), this.attributes)\n }\n },\n {\n attributes: { value: Object.freeze(defaultAttributes) },\n converter: { value: Object.freeze(converter) }\n }\n )\n }\n\n var api = init(defaultConverter, { path: '/' });\n /* eslint-enable no-var */\n\n return api;\n\n})));\n","function E () {\n // Keep this empty so it's easier to inherit from\n // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n on: function (name, callback, ctx) {\n var e = this.e || (this.e = {});\n\n (e[name] || (e[name] = [])).push({\n fn: callback,\n ctx: ctx\n });\n\n return this;\n },\n\n once: function (name, callback, ctx) {\n var self = this;\n function listener () {\n self.off(name, listener);\n callback.apply(ctx, arguments);\n };\n\n listener._ = callback\n return this.on(name, listener, ctx);\n },\n\n emit: function (name) {\n var data = [].slice.call(arguments, 1);\n var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n var i = 0;\n var len = evtArr.length;\n\n for (i; i < len; i++) {\n evtArr[i].fn.apply(evtArr[i].ctx, data);\n }\n\n return this;\n },\n\n off: function (name, callback) {\n var e = this.e || (this.e = {});\n var evts = e[name];\n var liveEvents = [];\n\n if (evts && callback) {\n for (var i = 0, len = evts.length; i < len; i++) {\n if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n liveEvents.push(evts[i]);\n }\n }\n\n // Remove event from queue to prevent memory leak\n // Suggested by https://github.com/lazd\n // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n (liveEvents.length)\n ? e[name] = liveEvents\n : delete e[name];\n\n return this;\n }\n};\n\nmodule.exports = E;\n","import { addBrowser } from './browser.js';\nimport { addNode } from './node.js';\n\n/**\n * Use the code directly to prevent import problems\n * with the detect-node package.\n * @link https://github.com/iliakan/detect-node/blob/master/index.js\n */\nvar isNode = Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\nvar USE_METHOD = isNode ? addNode : addBrowser;\nvar LISTENERS = new Set();\nvar startedListening = false;\nfunction startListening() {\n if (startedListening) {\n return;\n }\n startedListening = true;\n USE_METHOD(runAll);\n}\nexport function add(fn) {\n startListening();\n if (typeof fn !== 'function') {\n throw new Error('Listener is no function');\n }\n LISTENERS.add(fn);\n var addReturn = {\n remove: function remove() {\n return LISTENERS[\"delete\"](fn);\n },\n run: function run() {\n LISTENERS[\"delete\"](fn);\n return fn();\n }\n };\n return addReturn;\n}\nexport function runAll() {\n var promises = [];\n LISTENERS.forEach(function (fn) {\n promises.push(fn());\n LISTENERS[\"delete\"](fn);\n });\n return Promise.all(promises);\n}\nexport function removeAll() {\n LISTENERS.clear();\n}\nexport function getSize() {\n return LISTENERS.size;\n}","export function addNode(fn) {\n process.on('exit', function () {\n return fn();\n });\n\n /**\n * on the following events,\n * the process will not end if there are\n * event-handlers attached,\n * therefore we have to call process.exit()\n */\n process.on('beforeExit', function () {\n return fn().then(function () {\n return process.exit();\n });\n });\n // catches ctrl+c event\n process.on('SIGINT', function () {\n return fn().then(function () {\n return process.exit();\n });\n });\n // catches uncaught exceptions\n process.on('uncaughtException', function (err) {\n return fn().then(function () {\n console.trace(err);\n process.exit(101);\n });\n });\n}","/* global WorkerGlobalScope */\n\nexport function addBrowser(fn) {\n if (typeof WorkerGlobalScope === 'function' && self instanceof WorkerGlobalScope) {\n /**\n * Because killing a worker does directly stop the excution\n * of the code, our only chance is to overwrite the close function\n * which could work some times.\n * @link https://stackoverflow.com/q/72903255/3443137\n */\n var oldClose = self.close.bind(self);\n self.close = function () {\n fn();\n return oldClose();\n };\n } else {\n /**\n * if we are on react-native, there is no window.addEventListener\n * @link https://github.com/pubkey/unload/issues/6\n */\n if (typeof window.addEventListener !== 'function') {\n return;\n }\n\n /**\n * for normal browser-windows, we use the beforeunload-event\n */\n window.addEventListener('beforeunload', function () {\n fn();\n }, true);\n\n /**\n * for iframes, we have to use the unload-event\n * @link https://stackoverflow.com/q/47533670/3443137\n */\n window.addEventListener('unload', function () {\n fn();\n }, true);\n }\n\n /**\n * TODO add fallback for safari-mobile\n * @link https://stackoverflow.com/a/26193516/3443137\n */\n}","function _arrayLikeToArray(r, a) {\n (null == a || a > r.length) && (a = r.length);\n for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e];\n return n;\n}\nmodule.exports = _arrayLikeToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _arrayWithHoles(r) {\n if (Array.isArray(r)) return r;\n}\nmodule.exports = _arrayWithHoles, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayLikeToArray = require(\"./arrayLikeToArray.js\");\nfunction _arrayWithoutHoles(r) {\n if (Array.isArray(r)) return arrayLikeToArray(r);\n}\nmodule.exports = _arrayWithoutHoles, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _assertThisInitialized(e) {\n if (void 0 === e) throw new ReferenceError(\"this hasn't been initialised - super() hasn't been called\");\n return e;\n}\nmodule.exports = _assertThisInitialized, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function asyncGeneratorStep(n, t, e, r, o, a, c) {\n try {\n var i = n[a](c),\n u = i.value;\n } catch (n) {\n return void e(n);\n }\n i.done ? t(u) : Promise.resolve(u).then(r, o);\n}\nfunction _asyncToGenerator(n) {\n return function () {\n var t = this,\n e = arguments;\n return new Promise(function (r, o) {\n var a = n.apply(t, e);\n function _next(n) {\n asyncGeneratorStep(a, r, o, _next, _throw, \"next\", n);\n }\n function _throw(n) {\n asyncGeneratorStep(a, r, o, _next, _throw, \"throw\", n);\n }\n _next(void 0);\n });\n };\n}\nmodule.exports = _asyncToGenerator, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _classCallCheck(a, n) {\n if (!(a instanceof n)) throw new TypeError(\"Cannot call a class as a function\");\n}\nmodule.exports = _classCallCheck, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var isNativeReflectConstruct = require(\"./isNativeReflectConstruct.js\");\nvar setPrototypeOf = require(\"./setPrototypeOf.js\");\nfunction _construct(t, e, r) {\n if (isNativeReflectConstruct()) return Reflect.construct.apply(null, arguments);\n var o = [null];\n o.push.apply(o, e);\n var p = new (t.bind.apply(t, o))();\n return r && setPrototypeOf(p, r.prototype), p;\n}\nmodule.exports = _construct, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var toPropertyKey = require(\"./toPropertyKey.js\");\nfunction _defineProperties(e, r) {\n for (var t = 0; t < r.length; t++) {\n var o = r[t];\n o.enumerable = o.enumerable || !1, o.configurable = !0, \"value\" in o && (o.writable = !0), Object.defineProperty(e, toPropertyKey(o.key), o);\n }\n}\nfunction _createClass(e, r, t) {\n return r && _defineProperties(e.prototype, r), t && _defineProperties(e, t), Object.defineProperty(e, \"prototype\", {\n writable: !1\n }), e;\n}\nmodule.exports = _createClass, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var toPropertyKey = require(\"./toPropertyKey.js\");\nfunction _defineProperty(e, r, t) {\n return (r = toPropertyKey(r)) in e ? Object.defineProperty(e, r, {\n value: t,\n enumerable: !0,\n configurable: !0,\n writable: !0\n }) : e[r] = t, e;\n}\nmodule.exports = _defineProperty, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var superPropBase = require(\"./superPropBase.js\");\nfunction _get() {\n return module.exports = _get = \"undefined\" != typeof Reflect && Reflect.get ? Reflect.get.bind() : function (e, t, r) {\n var p = superPropBase(e, t);\n if (p) {\n var n = Object.getOwnPropertyDescriptor(p, t);\n return n.get ? n.get.call(arguments.length < 3 ? e : r) : n.value;\n }\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _get.apply(null, arguments);\n}\nmodule.exports = _get, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _getPrototypeOf(t) {\n return module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function (t) {\n return t.__proto__ || Object.getPrototypeOf(t);\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _getPrototypeOf(t);\n}\nmodule.exports = _getPrototypeOf, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var setPrototypeOf = require(\"./setPrototypeOf.js\");\nfunction _inherits(t, e) {\n if (\"function\" != typeof e && null !== e) throw new TypeError(\"Super expression must either be null or a function\");\n t.prototype = Object.create(e && e.prototype, {\n constructor: {\n value: t,\n writable: !0,\n configurable: !0\n }\n }), Object.defineProperty(t, \"prototype\", {\n writable: !1\n }), e && setPrototypeOf(t, e);\n}\nmodule.exports = _inherits, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _interopRequireDefault(e) {\n return e && e.__esModule ? e : {\n \"default\": e\n };\n}\nmodule.exports = _interopRequireDefault, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _isNativeFunction(t) {\n try {\n return -1 !== Function.toString.call(t).indexOf(\"[native code]\");\n } catch (n) {\n return \"function\" == typeof t;\n }\n}\nmodule.exports = _isNativeFunction, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _isNativeReflectConstruct() {\n try {\n var t = !Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));\n } catch (t) {}\n return (module.exports = _isNativeReflectConstruct = function _isNativeReflectConstruct() {\n return !!t;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports)();\n}\nmodule.exports = _isNativeReflectConstruct, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _iterableToArray(r) {\n if (\"undefined\" != typeof Symbol && null != r[Symbol.iterator] || null != r[\"@@iterator\"]) return Array.from(r);\n}\nmodule.exports = _iterableToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _iterableToArrayLimit(r, l) {\n var t = null == r ? null : \"undefined\" != typeof Symbol && r[Symbol.iterator] || r[\"@@iterator\"];\n if (null != t) {\n var e,\n n,\n i,\n u,\n a = [],\n f = !0,\n o = !1;\n try {\n if (i = (t = t.call(r)).next, 0 === l) {\n if (Object(t) !== t) return;\n f = !1;\n } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0);\n } catch (r) {\n o = !0, n = r;\n } finally {\n try {\n if (!f && null != t[\"return\"] && (u = t[\"return\"](), Object(u) !== u)) return;\n } finally {\n if (o) throw n;\n }\n }\n return a;\n }\n}\nmodule.exports = _iterableToArrayLimit, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _nonIterableRest() {\n throw new TypeError(\"Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.\");\n}\nmodule.exports = _nonIterableRest, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _nonIterableSpread() {\n throw new TypeError(\"Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.\");\n}\nmodule.exports = _nonIterableSpread, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var objectWithoutPropertiesLoose = require(\"./objectWithoutPropertiesLoose.js\");\nfunction _objectWithoutProperties(e, t) {\n if (null == e) return {};\n var o,\n r,\n i = objectWithoutPropertiesLoose(e, t);\n if (Object.getOwnPropertySymbols) {\n var n = Object.getOwnPropertySymbols(e);\n for (r = 0; r < n.length; r++) o = n[r], -1 === t.indexOf(o) && {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]);\n }\n return i;\n}\nmodule.exports = _objectWithoutProperties, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _objectWithoutPropertiesLoose(r, e) {\n if (null == r) return {};\n var t = {};\n for (var n in r) if ({}.hasOwnProperty.call(r, n)) {\n if (-1 !== e.indexOf(n)) continue;\n t[n] = r[n];\n }\n return t;\n}\nmodule.exports = _objectWithoutPropertiesLoose, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nvar assertThisInitialized = require(\"./assertThisInitialized.js\");\nfunction _possibleConstructorReturn(t, e) {\n if (e && (\"object\" == _typeof(e) || \"function\" == typeof e)) return e;\n if (void 0 !== e) throw new TypeError(\"Derived constructors may only return object or undefined\");\n return assertThisInitialized(t);\n}\nmodule.exports = _possibleConstructorReturn, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nfunction _regeneratorRuntime() {\n \"use strict\"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */\n module.exports = _regeneratorRuntime = function _regeneratorRuntime() {\n return e;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;\n var t,\n e = {},\n r = Object.prototype,\n n = r.hasOwnProperty,\n o = Object.defineProperty || function (t, e, r) {\n t[e] = r.value;\n },\n i = \"function\" == typeof Symbol ? Symbol : {},\n a = i.iterator || \"@@iterator\",\n c = i.asyncIterator || \"@@asyncIterator\",\n u = i.toStringTag || \"@@toStringTag\";\n function define(t, e, r) {\n return Object.defineProperty(t, e, {\n value: r,\n enumerable: !0,\n configurable: !0,\n writable: !0\n }), t[e];\n }\n try {\n define({}, \"\");\n } catch (t) {\n define = function define(t, e, r) {\n return t[e] = r;\n };\n }\n function wrap(t, e, r, n) {\n var i = e && e.prototype instanceof Generator ? e : Generator,\n a = Object.create(i.prototype),\n c = new Context(n || []);\n return o(a, \"_invoke\", {\n value: makeInvokeMethod(t, r, c)\n }), a;\n }\n function tryCatch(t, e, r) {\n try {\n return {\n type: \"normal\",\n arg: t.call(e, r)\n };\n } catch (t) {\n return {\n type: \"throw\",\n arg: t\n };\n }\n }\n e.wrap = wrap;\n var h = \"suspendedStart\",\n l = \"suspendedYield\",\n f = \"executing\",\n s = \"completed\",\n y = {};\n function Generator() {}\n function GeneratorFunction() {}\n function GeneratorFunctionPrototype() {}\n var p = {};\n define(p, a, function () {\n return this;\n });\n var d = Object.getPrototypeOf,\n v = d && d(d(values([])));\n v && v !== r && n.call(v, a) && (p = v);\n var g = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(p);\n function defineIteratorMethods(t) {\n [\"next\", \"throw\", \"return\"].forEach(function (e) {\n define(t, e, function (t) {\n return this._invoke(e, t);\n });\n });\n }\n function AsyncIterator(t, e) {\n function invoke(r, o, i, a) {\n var c = tryCatch(t[r], t, o);\n if (\"throw\" !== c.type) {\n var u = c.arg,\n h = u.value;\n return h && \"object\" == _typeof(h) && n.call(h, \"__await\") ? e.resolve(h.__await).then(function (t) {\n invoke(\"next\", t, i, a);\n }, function (t) {\n invoke(\"throw\", t, i, a);\n }) : e.resolve(h).then(function (t) {\n u.value = t, i(u);\n }, function (t) {\n return invoke(\"throw\", t, i, a);\n });\n }\n a(c.arg);\n }\n var r;\n o(this, \"_invoke\", {\n value: function value(t, n) {\n function callInvokeWithMethodAndArg() {\n return new e(function (e, r) {\n invoke(t, n, e, r);\n });\n }\n return r = r ? r.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg();\n }\n });\n }\n function makeInvokeMethod(e, r, n) {\n var o = h;\n return function (i, a) {\n if (o === f) throw Error(\"Generator is already running\");\n if (o === s) {\n if (\"throw\" === i) throw a;\n return {\n value: t,\n done: !0\n };\n }\n for (n.method = i, n.arg = a;;) {\n var c = n.delegate;\n if (c) {\n var u = maybeInvokeDelegate(c, n);\n if (u) {\n if (u === y) continue;\n return u;\n }\n }\n if (\"next\" === n.method) n.sent = n._sent = n.arg;else if (\"throw\" === n.method) {\n if (o === h) throw o = s, n.arg;\n n.dispatchException(n.arg);\n } else \"return\" === n.method && n.abrupt(\"return\", n.arg);\n o = f;\n var p = tryCatch(e, r, n);\n if (\"normal\" === p.type) {\n if (o = n.done ? s : l, p.arg === y) continue;\n return {\n value: p.arg,\n done: n.done\n };\n }\n \"throw\" === p.type && (o = s, n.method = \"throw\", n.arg = p.arg);\n }\n };\n }\n function maybeInvokeDelegate(e, r) {\n var n = r.method,\n o = e.iterator[n];\n if (o === t) return r.delegate = null, \"throw\" === n && e.iterator[\"return\"] && (r.method = \"return\", r.arg = t, maybeInvokeDelegate(e, r), \"throw\" === r.method) || \"return\" !== n && (r.method = \"throw\", r.arg = new TypeError(\"The iterator does not provide a '\" + n + \"' method\")), y;\n var i = tryCatch(o, e.iterator, r.arg);\n if (\"throw\" === i.type) return r.method = \"throw\", r.arg = i.arg, r.delegate = null, y;\n var a = i.arg;\n return a ? a.done ? (r[e.resultName] = a.value, r.next = e.nextLoc, \"return\" !== r.method && (r.method = \"next\", r.arg = t), r.delegate = null, y) : a : (r.method = \"throw\", r.arg = new TypeError(\"iterator result is not an object\"), r.delegate = null, y);\n }\n function pushTryEntry(t) {\n var e = {\n tryLoc: t[0]\n };\n 1 in t && (e.catchLoc = t[1]), 2 in t && (e.finallyLoc = t[2], e.afterLoc = t[3]), this.tryEntries.push(e);\n }\n function resetTryEntry(t) {\n var e = t.completion || {};\n e.type = \"normal\", delete e.arg, t.completion = e;\n }\n function Context(t) {\n this.tryEntries = [{\n tryLoc: \"root\"\n }], t.forEach(pushTryEntry, this), this.reset(!0);\n }\n function values(e) {\n if (e || \"\" === e) {\n var r = e[a];\n if (r) return r.call(e);\n if (\"function\" == typeof e.next) return e;\n if (!isNaN(e.length)) {\n var o = -1,\n i = function next() {\n for (; ++o < e.length;) if (n.call(e, o)) return next.value = e[o], next.done = !1, next;\n return next.value = t, next.done = !0, next;\n };\n return i.next = i;\n }\n }\n throw new TypeError(_typeof(e) + \" is not iterable\");\n }\n return GeneratorFunction.prototype = GeneratorFunctionPrototype, o(g, \"constructor\", {\n value: GeneratorFunctionPrototype,\n configurable: !0\n }), o(GeneratorFunctionPrototype, \"constructor\", {\n value: GeneratorFunction,\n configurable: !0\n }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, u, \"GeneratorFunction\"), e.isGeneratorFunction = function (t) {\n var e = \"function\" == typeof t && t.constructor;\n return !!e && (e === GeneratorFunction || \"GeneratorFunction\" === (e.displayName || e.name));\n }, e.mark = function (t) {\n return Object.setPrototypeOf ? Object.setPrototypeOf(t, GeneratorFunctionPrototype) : (t.__proto__ = GeneratorFunctionPrototype, define(t, u, \"GeneratorFunction\")), t.prototype = Object.create(g), t;\n }, e.awrap = function (t) {\n return {\n __await: t\n };\n }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, c, function () {\n return this;\n }), e.AsyncIterator = AsyncIterator, e.async = function (t, r, n, o, i) {\n void 0 === i && (i = Promise);\n var a = new AsyncIterator(wrap(t, r, n, o), i);\n return e.isGeneratorFunction(r) ? a : a.next().then(function (t) {\n return t.done ? t.value : a.next();\n });\n }, defineIteratorMethods(g), define(g, u, \"Generator\"), define(g, a, function () {\n return this;\n }), define(g, \"toString\", function () {\n return \"[object Generator]\";\n }), e.keys = function (t) {\n var e = Object(t),\n r = [];\n for (var n in e) r.push(n);\n return r.reverse(), function next() {\n for (; r.length;) {\n var t = r.pop();\n if (t in e) return next.value = t, next.done = !1, next;\n }\n return next.done = !0, next;\n };\n }, e.values = values, Context.prototype = {\n constructor: Context,\n reset: function reset(e) {\n if (this.prev = 0, this.next = 0, this.sent = this._sent = t, this.done = !1, this.delegate = null, this.method = \"next\", this.arg = t, this.tryEntries.forEach(resetTryEntry), !e) for (var r in this) \"t\" === r.charAt(0) && n.call(this, r) && !isNaN(+r.slice(1)) && (this[r] = t);\n },\n stop: function stop() {\n this.done = !0;\n var t = this.tryEntries[0].completion;\n if (\"throw\" === t.type) throw t.arg;\n return this.rval;\n },\n dispatchException: function dispatchException(e) {\n if (this.done) throw e;\n var r = this;\n function handle(n, o) {\n return a.type = \"throw\", a.arg = e, r.next = n, o && (r.method = \"next\", r.arg = t), !!o;\n }\n for (var o = this.tryEntries.length - 1; o >= 0; --o) {\n var i = this.tryEntries[o],\n a = i.completion;\n if (\"root\" === i.tryLoc) return handle(\"end\");\n if (i.tryLoc <= this.prev) {\n var c = n.call(i, \"catchLoc\"),\n u = n.call(i, \"finallyLoc\");\n if (c && u) {\n if (this.prev < i.catchLoc) return handle(i.catchLoc, !0);\n if (this.prev < i.finallyLoc) return handle(i.finallyLoc);\n } else if (c) {\n if (this.prev < i.catchLoc) return handle(i.catchLoc, !0);\n } else {\n if (!u) throw Error(\"try statement without catch or finally\");\n if (this.prev < i.finallyLoc) return handle(i.finallyLoc);\n }\n }\n }\n },\n abrupt: function abrupt(t, e) {\n for (var r = this.tryEntries.length - 1; r >= 0; --r) {\n var o = this.tryEntries[r];\n if (o.tryLoc <= this.prev && n.call(o, \"finallyLoc\") && this.prev < o.finallyLoc) {\n var i = o;\n break;\n }\n }\n i && (\"break\" === t || \"continue\" === t) && i.tryLoc <= e && e <= i.finallyLoc && (i = null);\n var a = i ? i.completion : {};\n return a.type = t, a.arg = e, i ? (this.method = \"next\", this.next = i.finallyLoc, y) : this.complete(a);\n },\n complete: function complete(t, e) {\n if (\"throw\" === t.type) throw t.arg;\n return \"break\" === t.type || \"continue\" === t.type ? this.next = t.arg : \"return\" === t.type ? (this.rval = this.arg = t.arg, this.method = \"return\", this.next = \"end\") : \"normal\" === t.type && e && (this.next = e), y;\n },\n finish: function finish(t) {\n for (var e = this.tryEntries.length - 1; e >= 0; --e) {\n var r = this.tryEntries[e];\n if (r.finallyLoc === t) return this.complete(r.completion, r.afterLoc), resetTryEntry(r), y;\n }\n },\n \"catch\": function _catch(t) {\n for (var e = this.tryEntries.length - 1; e >= 0; --e) {\n var r = this.tryEntries[e];\n if (r.tryLoc === t) {\n var n = r.completion;\n if (\"throw\" === n.type) {\n var o = n.arg;\n resetTryEntry(r);\n }\n return o;\n }\n }\n throw Error(\"illegal catch attempt\");\n },\n delegateYield: function delegateYield(e, r, n) {\n return this.delegate = {\n iterator: values(e),\n resultName: r,\n nextLoc: n\n }, \"next\" === this.method && (this.arg = t), y;\n }\n }, e;\n}\nmodule.exports = _regeneratorRuntime, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _setPrototypeOf(t, e) {\n return module.exports = _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function (t, e) {\n return t.__proto__ = e, t;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _setPrototypeOf(t, e);\n}\nmodule.exports = _setPrototypeOf, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayWithHoles = require(\"./arrayWithHoles.js\");\nvar iterableToArrayLimit = require(\"./iterableToArrayLimit.js\");\nvar unsupportedIterableToArray = require(\"./unsupportedIterableToArray.js\");\nvar nonIterableRest = require(\"./nonIterableRest.js\");\nfunction _slicedToArray(r, e) {\n return arrayWithHoles(r) || iterableToArrayLimit(r, e) || unsupportedIterableToArray(r, e) || nonIterableRest();\n}\nmodule.exports = _slicedToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var getPrototypeOf = require(\"./getPrototypeOf.js\");\nfunction _superPropBase(t, o) {\n for (; !{}.hasOwnProperty.call(t, o) && null !== (t = getPrototypeOf(t)););\n return t;\n}\nmodule.exports = _superPropBase, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayWithoutHoles = require(\"./arrayWithoutHoles.js\");\nvar iterableToArray = require(\"./iterableToArray.js\");\nvar unsupportedIterableToArray = require(\"./unsupportedIterableToArray.js\");\nvar nonIterableSpread = require(\"./nonIterableSpread.js\");\nfunction _toConsumableArray(r) {\n return arrayWithoutHoles(r) || iterableToArray(r) || unsupportedIterableToArray(r) || nonIterableSpread();\n}\nmodule.exports = _toConsumableArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nfunction toPrimitive(t, r) {\n if (\"object\" != _typeof(t) || !t) return t;\n var e = t[Symbol.toPrimitive];\n if (void 0 !== e) {\n var i = e.call(t, r || \"default\");\n if (\"object\" != _typeof(i)) return i;\n throw new TypeError(\"@@toPrimitive must return a primitive value.\");\n }\n return (\"string\" === r ? String : Number)(t);\n}\nmodule.exports = toPrimitive, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nvar toPrimitive = require(\"./toPrimitive.js\");\nfunction toPropertyKey(t) {\n var i = toPrimitive(t, \"string\");\n return \"symbol\" == _typeof(i) ? i : i + \"\";\n}\nmodule.exports = toPropertyKey, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _typeof(o) {\n \"@babel/helpers - typeof\";\n\n return module.exports = _typeof = \"function\" == typeof Symbol && \"symbol\" == typeof Symbol.iterator ? function (o) {\n return typeof o;\n } : function (o) {\n return o && \"function\" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? \"symbol\" : typeof o;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _typeof(o);\n}\nmodule.exports = _typeof, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayLikeToArray = require(\"./arrayLikeToArray.js\");\nfunction _unsupportedIterableToArray(r, a) {\n if (r) {\n if (\"string\" == typeof r) return arrayLikeToArray(r, a);\n var t = {}.toString.call(r).slice(8, -1);\n return \"Object\" === t && r.constructor && (t = r.constructor.name), \"Map\" === t || \"Set\" === t ? Array.from(r) : \"Arguments\" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? arrayLikeToArray(r, a) : void 0;\n }\n}\nmodule.exports = _unsupportedIterableToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var getPrototypeOf = require(\"./getPrototypeOf.js\");\nvar setPrototypeOf = require(\"./setPrototypeOf.js\");\nvar isNativeFunction = require(\"./isNativeFunction.js\");\nvar construct = require(\"./construct.js\");\nfunction _wrapNativeSuper(t) {\n var r = \"function\" == typeof Map ? new Map() : void 0;\n return module.exports = _wrapNativeSuper = function _wrapNativeSuper(t) {\n if (null === t || !isNativeFunction(t)) return t;\n if (\"function\" != typeof t) throw new TypeError(\"Super expression must either be null or a function\");\n if (void 0 !== r) {\n if (r.has(t)) return r.get(t);\n r.set(t, Wrapper);\n }\n function Wrapper() {\n return construct(t, arguments, getPrototypeOf(this).constructor);\n }\n return Wrapper.prototype = Object.create(t.prototype, {\n constructor: {\n value: Wrapper,\n enumerable: !1,\n writable: !0,\n configurable: !0\n }\n }), setPrototypeOf(Wrapper, t);\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _wrapNativeSuper(t);\n}\nmodule.exports = _wrapNativeSuper, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","// TODO(Babel 8): Remove this file.\n\nvar runtime = require(\"../helpers/regeneratorRuntime\")();\nmodule.exports = runtime;\n\n// Copied from https://github.com/facebook/regenerator/blob/main/packages/runtime/runtime.js#L736=\ntry {\n regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n if (typeof globalThis === \"object\") {\n globalThis.regeneratorRuntime = runtime;\n } else {\n Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n }\n}\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","// define getter functions for harmony exports\n__webpack_require__.d = function(exports, definition) {\n\tfor(var key in definition) {\n\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n\t\t}\n\t}\n};","__webpack_require__.g = (function() {\n\tif (typeof globalThis === 'object') return globalThis;\n\ttry {\n\t\treturn this || new Function('return this')();\n\t} catch (e) {\n\t\tif (typeof window === 'object') return window;\n\t}\n})();","__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }","// define __esModule on exports\n__webpack_require__.r = function(exports) {\n\tif(typeof Symbol !== 'undefined' && Symbol.toStringTag) {\n\t\tObject.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });\n\t}\n\tObject.defineProperty(exports, '__esModule', { value: true });\n};","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(8193);\n"],"names":["AuthnTransactionImpl","sdk","tx","res","this","data","undefined","status","Object","assign","flattenEmbedded","stateToken","_links","cancel","Promise","resolve","createTransaction","args","getSavedStateToken","reject","AuthSdkError","transactionStep","then","url","options","withCredentials","post","transactionStatus","addStateToken","getIssuerOrigin","storageUtil","storage","get","STATE_TOKEN_KEY_NAME","bind","resume","resumeTransaction","exists","transactionExists","introspect","introspectAuthn","postToTransaction","Base","authn","createAuthnTransactionAPI","fingerprint","opts","clone","_postToTransaction","sendFingerprint","headers","signIn","multiOptionalFactorEnroll","obj","ref","Array","isArray","objArr","o","ol","length","push","embedded","_embedded","key","prototype","hasOwnProperty","call","isObject","fns","links2fns","omit","link2fn","link","name","lk","find","hints","allow","href","isPolling","factorType","provider","params","autoPush","e","rememberDevice","profile","updatePhone","toQueryString","linkName","type","poll","getPollFn","fn","delay","transactionCallBack","isNumber","DEFAULT_POLLING_DELAY","pollLink","getLink","retryCount","recursivePoll","getStateToken","saveAuthnState","pollingIntent","pollFn","pollRes","factorResult","AuthPollStopError","delayFn","catch","err","xhr","delayLength","Math","pow","builtArgs","OptionsConstructor","OktaAuthBase","removeNils","emitter","Emitter","features","constants","devMode","browserHasLocalStorage","getLocalStorage","testStorage","browserHasSessionStorage","getSessionStorage","testStorageType","storageType","supported","getStorageByType","storageProvider","getCookieStorage","getInMemoryStorage","findStorageType","types","curType","nextType","slice","shift","warn","isIE11OrLess","window","onstorage","localStorage","sessionStorage","secure","sameSite","sessionCookie","getItem","setItem","value","expiresAt","set","removeItem","delete","useSeparateCookies","keys","forEach","k","indexOf","replace","JSON","parse","stringify","existingValues","storageKey","valueToStore","inMemoryStore","cookieOptions","path","Date","expires","Cookies","arguments","remove","isFingerprintSupported","timeout","iframe","listener","container","document","body","createElement","style","display","isMessageFromCorrectSource","origin","msg","contentWindow","postMessage","addListener","src","appendChild","setTimeout","finally","clearTimeout","removeListener","contains","parentElement","removeChild","event","source","SdkClock","localOffset","parseInt","now","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","AuthStateManager","_sdk","_pending","_authState","_logOptions","_prevAuthState","_transformQueue","PromiseQueue","quiet","tokenManager","on","EVENT_ADDED","token","_setLogOptions","updateAuthState","EVENT_REMOVED","transformAuthState","log","getConsole","group","groupEnd","emitAuthStateChange","authState","prevState","state","isAuthenticated","idToken","accessToken","error","emit","finalPromise","origPromise","curPromise","getAuthState","cancelablePromise","PCancelable","_","onCancel","shouldReject","emitAndResolve","isCanceled","getTokensSync","refreshToken","handler","off","AUTO_RENEW","SYNC_STORAGE","LEADER_ELECTION","RENEW_ON_TAB_ACTIVATION","ServiceManager","onLeader","getOptions","autoRenew","autoRemove","syncStorage","electionChannelName","broadcastChannelName","defaultOptions","clientId","syncChannelName","started","services","Map","knownServices","svc","createService","startServices","getService","isLeader","values","some","srv","canStart","requiresLeadership","stopServices","entries","canStartService","start","stop","isStarted","isLeaderRequired","service","LeaderElectionService","AutoRenewService","SyncStorageService","RenewOnTabActivationService","Error","renewOnTabActivation","tabInactivityDuration","StorageManagerConstructor","TransactionManagerConstructor","createOktaAuthBase","WithStorage","mixinStorage","WithHttp","mixinHttp","WithSession","mixinSession","WithOAuth","mixinOAuth","mixinCore","authStateManager","serviceManager","isLoginRedirect","originalUri","handleLoginRedirect","tokens","setTokens","getOriginalUri","parseOAuthResponseFromUrl","oAuthResponse","storeTokensFromRedirect","removeOriginalUri","restoreOriginalUri","location","responseMode","channel","BroadcastChannel","close","createOAuthOptionsConstructor","createOAuthStorageManager","b64u","Uint8Array","from","base64UrlDecode","c","charCodeAt","b64","base64UrlToBase64","utf8","atob","decodeURIComponent","escape","bin","btoa","reduce","s","byte","String","fromCharCode","str","base64ToBase64Url","buffer","i","crypto","TextEncoder","encode","webcrypto","subtle","digest","arrayBuffer","firstHalf","hash","apply","stringToBase64Url","algo","use","importKey","cryptoKey","jwt","split","payload","stringToBuffer","b64Signature","signature","verify","AuthApiError","meta","message","errorSummary","errorCode","errorLink","errorId","errorCauses","CustomError","setPrototypeOf","OAuthError","summary","resp","error_description","WWWAuthError","scheme","parameters","UNKNOWN_ERROR","errorDescription","realm","header","match","regex","firstSpace","remaining","exec","isFunction","OktaAuth","createIdxOptionsConstructor","StorageManager","createIdxStorageManager","TransactionManager","createIdxTransactionManager","WithIdx","createOktaAuthIdx","WithMyAccount","mixinMyAccount","mixinAuthn","indexedDB","hasTextEncoder","isWebCryptoSubtleSupported","agent","getUserAgent","isWindowsPhone","test","isBrowser","protocol","navigator","userAgent","MSStream","hostname","isTokenVerifySupported","documentMode","isIE8or9","appJsonContentTypeRegex","method","contentType","map","param","encodeURIComponent","join","fetchPromise","global","fetch","crossFetch","credentials","response","ok","toLowerCase","json","text","readData","pair","result","responseText","responseType","responseJSON","formatResult","OktaUserAgent","environments","SDK_VERSION","maybeAddNodeEnvironment","env","process","versions","version","node","authClient","headerName","headerValue","_oktaUserAgent","http","setRequestHeader","issuer","transformErrorXHR","httpRequestClient","fetchRequest","httpRequestInterceptors","pollDelay","createStorageOptionsConstructor","isAbsoluteUrl","httpRequest","postOptions","trackDateDocumentBecameVisible","dateDocumentBecameVisible","hidden","addEventListener","formatError","serverErr","isString","wwwAuthHeader","getWWWAuthenticateHeader","wwwAuthErr","parseHeader","max_age","acr_values","interceptor","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cachedResponse","getStorage","getHttpHeader","promise","ajaxOptions","waitForVisibleAndAwakenDocument","waitForAwakenDocument","recursiveFetch","timeSinceDocumentIsVisible","pageVisibilityHandler","removeEventListener","retryableFetch","IOS_MAX_RETRY_COUNT","item","updateStorage","floor","DEFAULT_CACHE_DURATION","clearIdxResponse","saveLastResponse","getIdxResponseStorage","setStorage","storedValue","isRawIdxResponse","rawIdxResponse","stateHandle","interactionHandle","useGenericRemediator","clearStorage","createTransactionManager","password","authenticator","AuthenticatorKey","OKTA_PASSWORD","run","flow","Authenticator","OktaPassword","passcode","revokeSessions","idxRemediationValue","inputs","form","required","input","label","OktaVerifyTotp","verificationCode","totp","VerificationCodeAuthenticator","SecurityQuestionEnrollment","questionKey","answer","question","SecurityQuestionVerification","contextualData","enrolledQuestion","otp","WebauthnEnrollment","clientData","attestation","visible","WebauthnVerification","authenticatorData","signatureData","remediation","relatesTo","SECURITY_QUESTION","OKTA_VERIFY","WEBAUTHN","challengeData","auth1","auth2","id","authenticators","option","incoming","isAuthenticator","transactionManager","load","flowSpec","getFlowSpecification","actions","EmailVerifyCallbackError","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","urlParamsToObject","search","idx","canProceed","proceed","mixinMinimalOAuth","mixinMinimalIdx","Core","createOktaAuthCore","mixinIdx","setRemediatorsCtx","remediators","boundStartTransaction","startTransaction","interact","makeIdxResponse","makeIdxState","authenticate","register","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","getFlow","unlockAccount","minimalSdk","AccountUnlockFlow","Identify","SelectAuthenticatorUnlockAccount","SelectAuthenticatorAuthenticate","ChallengeAuthenticator","ChallengePoll","AuthenticatorVerificationData","ReEnrollAuthenticatorWarning","AuthenticationFlow","SelectAuthenticatorEnroll","AuthenticatorEnrollmentData","EnrollAuthenticator","ReEnrollAuthenticator","EnrollPoll","SelectEnrollmentChannel","EnrollmentChannelData","RedirectIdp","Skip","oktaAuth","RegistrationFlow","PasswordRecoveryFlow","ResetAuthenticator","SelectEnrollProfile","EnrollProfile","codeVerifier","savedState","URL","searchParams","interactionCode","exchangeCodeForTokens","toPersist","requestDidSucceed","IDX_API_VERSION","validateVersionConfig","parsersForVersion","v1","isFieldMutable","field","mutable","divideSingleActionParamsByMutability","action","defaultParamsForAction","neededParamsForAction","immutableParamsForAction","actionList","neededParams","defaultParams","immutableParams","generateDirectFetch","actionDefinition","target","accepts","endsWith","idxResponse","stepUp","generator","divideActionParamsByMutability","SKIP_FIELDS","parseNonRemediations","context","filter","rel","generateIdxAction","fieldValue","info","subField","expandRelatesTo","query","jsonpath","innerValue","remediationData","authenticatorChallenge","remediations","actionFn","generateRemediationFunctions","convertRemediationAction","parseIdxResponse","neededToProceed","remediationChoice","paramsFromUser","remediationChoiceObject","rawIdxState","successWithInteractionCode","remediationValue","getResponse","baseUrl","getOAuthBaseUrl","redirectUri","scopes","codeChallenge","codeChallengeMethod","activationToken","recoveryToken","maxAge","acrValues","nonce","clientSecret","client_id","scope","redirect_uri","code_challenge","code_challenge_method","activation_token","recovery_token","client_secret","interaction_handle","newMeta","savedIdxResponse","loadIdxResponse","domain","getOAuthDomain","Accept","isAuthApiError","createIdxAPI","webauthn","createMinimalIdxAPI","createCoreOptionsConstructor","startPolling","transaction","availablePollingRemeditaions","includes","Number","isInteger","refresh","nextStep","hasSavedInteractionHandle","autoRemediate","enabledFeatures","IdxFeature","REGISTRATION","getActionFromValues","resend","removeActionFromValues","removeActionFromOptions","actionName","entry","remediate","remediator","getRemediator","actionFromValues","actionFromOptions","valuesWithoutExecutedAction","optionsWithoutExecutedAction","handleFailedResponse","canceled","terminal","isTerminalResponse","step","filterValuesForRemediation","acc","curr","canRemediate","getNextStep","getName","getData","getValuesAfterProceed","gr","getAuthenticatorData","getAuthenticatorFromRemediation","methodType","phoneNumber","val","AuthenticatorData","valueKey","getAuthenticator","formatAuthenticatorData","authenticatorsData","compareAuthenticators","mapAuthenticatorDataFromValues","enrollmentId","Remediator","formatAuthenticators","formatAuthenticator","existing","getRequiredValues","hasData","getAllValues","titleCase","_authClient","_context","getInputs","inputFromRemediation","messages","alias","aliases","inputsFromRemediation","inputsFromRemediator","authenticatorFromRemediation","SelectAuthenticator","matchedOption","findMatchedOption","isCurrentAuthenticator","currentAuthenticator","isCurrentAuthenticatorEnrollment","currentAuthenticatorEnrollment","selectedAuthenticator","selectedOption","VerifyAuthenticator","authenticatorEnrollments","canVerify","mapCredentials","common","getCredentialsFromRemediation","userProfileFromValues","userProfile","attributeValues","attributeName","errorRemediation","errors","Boolean","email","GenericRemediator","produces","rest","unwrapFormValue","requiredTracker","isRequired","optionSchema","formKeys","unwrappedForm","identifier","newPassword","idp","isRecoveryFlow","authenticatorMap","methodTypeOption","methodTypeValue","filterKey","skip","idxRemediation","r","cur","charAt","toUpperCase","substring","initializeValues","initializeData","IdxStatus","PENDING","getDataFromIntrospect","clear","interactResponse","getDataFromRemediate","idxResponseFromRemediation","getTokens","ignoreSignature","urls","tokenResponse","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","getEnabledFeatures","availableSteps","getAvailableSteps","getMessagesFromResponse","TERMINAL","hasActions","hasErrors","class","CANCELED","SUCCESS","saveIdxResponse","storageManagerOptions","transactionStorage","getTransactionStorage","SavedObject","IDX_RESPONSE_STORAGE_NAME","createCoreStorageManager","savedMeta","save","muteWarning","prepareTokenParams","tokenParams","pkceMeta","createOAuthMeta","validExistingMeta","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","ACCOUNT_UNLOCK","remediationName","remediatorMap","ctx","remediatorClass","T","getRemediatorClass","stepObj","startsWith","split2","part1","part2","actionObj","PASSWORD_RECOVERY","SOCIAL_IDP","newCtx","_oktaAuth","canSkipFn","canResendFn","getMessagesFromIdxRemediationValue","messagesFromForm","optionValues","messagesFromOptions","globalMessages","fieldMessages","seen","filtered","i18n","idxRemediations","remediatorCandidates","canSkip","canResend","getEnrolledCredentials","enrollement","base64UrlToBuffer","credentialId","activationData","publicKey","rp","user","displayName","challenge","pubKeyCredParams","authenticatorSelection","excludeCredentials","userVerification","allowCredentials","rpId","credential","bufferToBase64Url","clientDataJSON","attestationObject","getEmails","sendRequest","EmailTransaction","getEmail","addEmail","deleteEmail","sendEmailChallenge","EmailChallengeTransaction","getEmailChallenge","emailId","challengeId","verifyEmailChallenge","myaccount","MyAccountMethods","getPassword","PasswordTransaction","enrollPassword","updatePassword","deletePassword","getPhones","PhoneTransaction","getPhone","addPhone","deletePhone","sendPhoneChallenge","verifyPhoneChallenge","getProfile","ProfileTransaction","updateProfile","getProfileSchema","ProfileSchemaTransaction","methodName","links","TransactionClass","BaseTransaction","self","accessTokenObj","atToken","requestUrl","httpOptions","dpop","getDPoPAuthorizationHeaders","Authorization","Dpop","ret","generateRequestFnFromLinks","EmailStatusTransaction","roles","created","lastUpdated","PasswordStatus","NOT_ENROLLED","enroll","update","properties","createdAt","modifiedAt","EmailRole","Status","DEFAULT_OPTIONS","clearPendingRemoveTokens","expireEarlySeconds","TOKEN_STORAGE_NAME","TokenManager","isLocalhost","storageOptions","getTokenStorage","clock","create","expireTimeouts","renewPromise","setExpireEventTimeoutAll","clearExpireEventTimeoutAll","getExpireTime","EVENT_EXPIRED","freshToken","oldToken","EVENT_RENEWED","EVENT_ERROR","clearExpireEventTimeout","isRefreshToken","expireTime","expireEventWait","max","expireEventTimeout","emitExpired","tokenStorage","setExpireEventTimeout","validateToken","emitSetStorageEvent","emitAdded","getSync","isAccessToken","isIDToken","EVENT_SET_STORAGE","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","getTokenType","handleAdded","handleRemoved","emitRemoved","existingTokens","getStorageKeyByType","newToken","existingToken","emitRenewed","removedToken","renew","shouldRenew","refreshKey","emitError","renewTokens","tokenKey","removedTokens","pendingRemove","REFRESH_TOKEN_STORAGE_KEY","enableSharedStorage","clearTransactionFromSharedStorage","isTransactionMeta","saveTransactionToSharedStorage","pruneSharedStorage","loadTransactionFromSharedStorage","decodedToken","base64UrlToString","isOAuthError","isWWWAuthError","INDEXEDDB_NAME","DB_KEY","createJwt","claims","signingKey","head","sign","algorithm","cryptoRandomValue","byteLen","getRandomValues","v","toString","generateKeyPair","modulusLength","publicExponent","generateKey","hashAccessToken","invokeStoreMethod","req","open","onerror","onupgradeneeded","createObjectStore","onsuccess","db","store","objectStore","oncomplete","storeKeyPair","pairId","keyPair","clearDPoPKeyPair","keyPairId","revokedToken","shouldClear","tokenType","dpopPairId","generateDPoPProof","exportKey","kty","crv","n","x","y","alg","typ","jwk","htm","htu","iat","jti","ath","privateKey","oauthQueryParams","convertTokenParamsToOAuthParams","extraParams","oauthParams","idpScope","loginHint","prompt","sessionToken","enrollAmrValues","mayBeArray","validateOptions","authorizationCode","getPostData","code","makeTokenRequest","dpopKeyPair","generateDPoPForTokenRequest","proof","DPoP","isDPoPNonceError","dpopNonce","tokenUrl","grant_type","refresh_token","kid","getWellKnown","wellKnown","jwksUri","cachedKey","authServerUri","prepareEnrollAuthenticatorParams","createEnrollAuthenticatorMeta","authorizeUrl","buildAuthorizeParams","setLocation","getOAuthUrls","getDefaultTokenParams","getTokenOptions","handleResponseOptions","findKeyPair","createDPoPKeyPair","postToTokenEndpoint","oauthResponse","handleOAuthResponse","authorize","enrollAuthenticator","queue","useQueue","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","getWithoutPrompt","getWithPopup","getWithIDPPopup","decode","decodeToken","revoke","revokeToken","renewToken","renewTokensWithRefresh","getUserInfo","accessTokenObject","idTokenObject","verifyToken","oidcIntrospect","popupWindow","idpPopup","iframePromise","addPostMessageListener","iframeEl","loadFrame","oauthPromise","isPopupPostMessageSupported","closePoller","setInterval","closed","clearInterval","idpPromise","addIDPPopupLisenter","userinfoUrl","userInfo","sub","generateState","cancelPromise","loadPopup","getToken","initialPath","validateResponse","pkce","interaction_code","dpopOptions","allowBearerTokens","token_type","tokenDict","expiresIn","expires_in","access_token","id_token","accessJwt","idJwt","idTokenObj","exp","validationParams","hintMap","kind","TokenKind","ACCESS","iss","introspectUrl","introspection_endpoint","authHeader","token_type_hint","BaseClass","browserStorage","REFERRER_PATH_STORAGE_KEY","getOriginalUriStorage","sharedStorage","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","handleLogin","_tokenQueue","createTokenAPI","endpoints","createEndpoints","onExpiredToken","shouldRemove","hasExpired","additionalParams","setOriginalUri","hasResponseType","accessTokenKey","clearDPoPKeyPairAfterRevoke","refreshTokenKey","postLogoutRedirectUri","logoutUrl","idTokenHint","logoutUri","defaultUri","currentUri","revokeAccessToken","revokeRefreshToken","getSignOutRedirectUrl","closeSession","sessionClosed","append","clearTokensBeforeRedirect","addPendingRemoveFlags","clearAllDPoPKeyPairs","wwwAuth","wwwErr","provideOriginalUri","createBaseTokenAPI","RegExp","assertValidConfig","removeTrailingSlash","revokeUrl","toAbsoluteUrl","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","createHttpOptionsConstructor","getResponseMode","defaultResponseMode","paramStr","nativeLoc","cleanOAuthResponseFromUrl","nativeHistory","nativeDoc","replaceState","title","pathname","removeSearch","removeHash","throwInvalidTokenError","getSingleToken","originalToken","refreshTokenObject","renewTokenParams","endpointParams","postRefreshToken","isSameRefreshToken","updateRefreshToken","isRefreshTokenInvalidError","removeRefreshToken","creds","getOptionsForSection","logServerSideMemoryStorageWarning","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","ORIGINAL_URI_STORAGE_NAME","BaseStorageManager","isPKCETransactionMeta","isOAuthTransactionMeta","isCustomAuthTransactionMeta","isObjectWithProperties","timeoutId","onmessage","isTrusted","DEFAULT_TIMEOUT","responseHandler","popupTitle","eventTarget","attachEvent","detachEvent","defaultRedirectUri","generateNonce","errorResponse","hasTokensInHash","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","authParams","isCodeFlow","getHashOrSearch","codeFlow","genRandomString","getIssuer","oauthMeta","dec2hex","dec","substr","prefix","a","verifier","MIN_VERIFIER_LENGTH","ceil","MAX_VERIFIER_LENGTH","prepareParams","getDefaultEnrollAuthenticatorParams","assertPKCESupport","isPKCESupported","errorMessage","isHTTPS","validateCodeChallengeMethod","preparePKCE","defaults","isDPoPSupported","b","getSharedTansactionStorage","dateCreated","MAX_ENTRY_LIFETIME","plus2space","paramSplit","fragment","aud","acr","configuredIssuer","validationOptions","validateClaims","getKey","sdkCrypto","at_hash","getOidcHash","renewTimeQueue","onTokenExpiredHandler","firstTime","shouldThrottleRenew","processExpiredTokens","onLeaderDuplicate","elector","hasLeader","createLeaderElection","onduplicate","awaitLeadership","die","postInternal","getNow","onPageVisbilityChange","_onPageVisbilityChange","lastHidden","onTokenAddedHandler","onTokenRemovedHandler","onTokenRenewedHandler","onSetStorageHandler","onSyncMessageHandler","enablePostMessage","session","redirectUrl","checkAccountSetupComplete","sessionExists","getSession","refreshSession","setCookieAndRedirect","createSessionApi","sectionName","overrideOptions","storageTypes","CACHE_STORAGE_NAME","storageName","storageString","getCookieSettings","STORAGE_MANAGER_OPTIONS","createBaseOptionsConstructor","cookieSettings","cache","running","thisObject","queueItem","isPromise","getNativeConsole","console","nativeConsole","deprecate","steps","jsonpathRegex","groups","index","lastStep","pop","ms","random","randomCharset","parts","isoTime","UTC","toUTCString","delim","splice","additionalArgs","concat","obj1","prop","collection","found","altName","newobj","props","p","cleaned","trimmed","ttl","ObliviousSet","has","_to","_this","removeTooOldValues","obliviousSet","olderThen","iterator","Symbol","next","getTime","CancelError","reason","executor","_cancelHandlers","_isPending","_isCanceled","_rejectOnCancel","_promise","_reject","defineProperties","boolean","onFulfilled","onRejected","onFinally","userFn","arguments_","module","exports","defineProperty","OPEN_BROADCAST_CHANNELS","clearNodeFolder","_options","fillOptionsWithDefaults","_methodChooser","chooseMethod","_util","PROMISE_RESOLVED_FALSE","enforceOptions","ENFORCED_OPTIONS","Set","lastId","maybePromise","add","_iL","_onML","_addEL","internal","_uMP","_befC","_prepP","_state","_post","broadcastChannel","msgObj","time","microSeconds","PROMISE_RESOLVED_VOID","sendPromise","_hasMessageListeners","_addListenerObject","listenerFn","listenerObject","minMessageTime","onMessage","_startListening","_removeListenerObject","_stopListening","_pubkey","listenObj","awaitPrepare","all","isClosed","_index","beLeader","enumerable","_broadcastChannel","_leaderElectionUtil","_leaderElection","leaderElector","_hasLeader","unloadFn","_unload","_unl","isLeaderListener","sendLeaderMessage","_dpLC","_dpL","_lstns","msgJson","LeaderElectionWebLock","isDead","randomToken","_wKMC","lN","_this2","locks","relevantLocks","held","lock","_this3","_wLMP","AbortController","returnPromise","rej","request","signal","_fn","_this4","uFn","abort","_leaderElector","fallbackInterval","responseTime","averageResponseTime","supportsWebLockAPI","_leaderElectionWebLock","LeaderElection","_aplQ","_aplQC","hasLeaderListener","applyOnce","isFromFallbackInterval","sleep","PROMISE_RESOLVED_TRUE","stopCriteriaPromiseResolve","stopCriteria","stopCriteriaPromise","handleMessage","waitForAnswerTime","race","applyRun","_aLP","resolved","finish","whenDeathListener","tryOnFallBack","chooseMethods","methods","METHODS","_simulate","SimulateMethod","m","webWorkerSupport","useMethod","canBeUsed","_native","_indexedDb","_localstorage","NativeMethod","IndexedDBMethod","LocalstorageMethod","TRANSACTION_SETTINGS","cleanOldMessages","commitIndexedDBTransaction","createDatabase","getAllMessages","OBJECT_STORE_ID","openCursor","ev","cursor","getIdb","getMessagesHigherThan","getOldMessages","removeMessagesById","writeMessage","_obliviousSet","DB_PREFIX","durability","mozIndexedDB","webkitIndexedDB","msIndexedDB","commit","channelName","IndexedDB","dbName","openRequest","keyPath","autoIncrement","readerUuid","messageJson","writeObject","uuid","lastCursorId","keyRangeValue","IDBKeyRange","bound","Infinity","getAll","getAllRequest","openCursorRequest","channelState","ids","deleteRequest","msgObk","idb","tooOld","eMIs","writeBlockPromise","messagesCallback","readQueuePromises","onclose","_readLoop","readNewMessages","newerMessages","useMessages","messagesCallbackTime","_filterMessage","sort","msgObjA","msgObjB","randomInt","addStorageEventListener","removeStorageEventListener","KEY_PREFIX","writeObj","createEvent","initEvent","newValue","dispatchEvent","localstorage","removeTimeout","ls","defaultTime","bc","subFns","SIMULATE_CHANNELS","originalOptions","maxParallelWrites","useFastPath","lastMs","additional","min","resolveWith","__self__","F","DOMException","support","iterable","blob","Blob","formData","viewClasses","isArrayBufferView","ArrayBuffer","isView","normalizeName","TypeError","normalizeValue","iteratorFor","items","done","Headers","getOwnPropertyNames","consumed","bodyUsed","fileReaderReady","reader","onload","readBlobAsArrayBuffer","FileReader","readAsArrayBuffer","bufferClone","buf","view","byteLength","Body","_initBody","_bodyInit","_bodyText","isPrototypeOf","_bodyBlob","FormData","_bodyFormData","URLSearchParams","DataView","_bodyArrayBuffer","rejected","readAsText","chars","readArrayBufferAsText","oldValue","callback","thisArg","Request","upcased","mode","referrer","trim","bytes","Response","bodyInit","statusText","redirectStatuses","redirect","RangeError","stack","constructor","init","aborted","XMLHttpRequest","abortXhr","rawHeaders","getAllResponseHeaders","line","responseURL","ontimeout","onabort","onreadystatechange","readyState","send","polyfill","ponyfill","converter","defaultAttributes","attributes","stringifiedAttributes","cookie","write","jar","foundKey","read","withAttributes","withConverter","freeze","factory","E","once","evtArr","len","evts","liveEvents","USE_METHOD","exit","trace","WorkerGlobalScope","oldClose","LISTENERS","startedListening","runAll","promises","removeAll","getSize","size","__esModule","arrayLikeToArray","ReferenceError","asyncGeneratorStep","t","u","_next","_throw","isNativeReflectConstruct","Reflect","construct","toPropertyKey","_defineProperties","configurable","writable","superPropBase","_get","getOwnPropertyDescriptor","_getPrototypeOf","getPrototypeOf","__proto__","Function","_isNativeReflectConstruct","valueOf","l","f","objectWithoutPropertiesLoose","getOwnPropertySymbols","propertyIsEnumerable","_typeof","assertThisInitialized","_regeneratorRuntime","asyncIterator","toStringTag","define","wrap","Generator","Context","makeInvokeMethod","tryCatch","arg","h","GeneratorFunction","GeneratorFunctionPrototype","d","g","defineIteratorMethods","_invoke","AsyncIterator","invoke","__await","callInvokeWithMethodAndArg","delegate","maybeInvokeDelegate","sent","_sent","dispatchException","abrupt","resultName","nextLoc","pushTryEntry","tryLoc","catchLoc","finallyLoc","afterLoc","tryEntries","resetTryEntry","completion","reset","isNaN","isGeneratorFunction","mark","awrap","async","reverse","prev","rval","handle","complete","delegateYield","_setPrototypeOf","arrayWithHoles","iterableToArrayLimit","unsupportedIterableToArray","nonIterableRest","arrayWithoutHoles","iterableToArray","nonIterableSpread","toPrimitive","isNativeFunction","_wrapNativeSuper","Wrapper","runtime","regeneratorRuntime","accidentalStrictMode","globalThis","__webpack_module_cache__","__webpack_require__","moduleId","cachedModule","__webpack_modules__","definition","__webpack_exports__"],"sourceRoot":""}
1
+ {"version":3,"file":"okta-auth-js.min.js","mappings":";uJAoBA,UAEaA,GAAoB,cA0B/B,WAAYC,EAA4BC,GAAmE,IAA1CC,EAAoC,UAAH,6CAAG,MAAI,+4BACvGC,KAAKC,UAAOC,EACZF,KAAKG,YAASD,EACVH,IACFC,KAAKC,KAAOF,EAGZK,OAAOC,OAAOL,MAAM,EAAAM,EAAAA,iBAAgBT,EAAKC,EAAIC,EAAKA,EAAK,CAAC,WACjDC,KAAKO,WAMO,uBAAfR,EAAII,QAAoCJ,EAAIS,SAC9CR,KAAKS,OAAS,WACZ,OAAOC,QAAQC,QAAQb,EAAGc,oBAC5B,GAGN,IAAC,mHCvBI,SAA0Bf,EAA4BC,EAAyBe,GACpF,IAAKA,IAASA,EAAKN,WAAY,CAC7B,IAAIA,EAAaO,EAAmBjB,GACpC,IAAIU,EAKF,OAAOG,QAAQK,OAAO,IAAIC,EAAAA,QAAa,+BAJvCH,EAAO,CACLN,WAAYA,EAKlB,CACA,OAAOU,EAAgBpB,EAAKgB,GACzBK,MAAK,SAAUnB,GACd,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAaO,SAA2BF,EAA4BC,EAAyBqB,EAAaN,EAAMO,GAExG,OADAA,EAAUhB,OAAOC,OAAO,CAAEgB,iBAAiB,GAAQD,IAC5C,EAAAE,EAAAA,MAAKzB,EAAKsB,EAAKN,EAAMO,GACzBF,MAAK,SAASnB,GACb,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAnDO,SAA2BF,EAA4BC,EAAyBe,GACrF,IAAKA,IAASA,EAAKN,WAAY,CAC7B,IAAIA,EAAaO,EAAmBjB,GACpC,IAAIU,EAKF,OAAOG,QAAQK,OAAO,IAAIC,EAAAA,QAAa,6BAJvCH,EAAO,CACLN,WAAYA,EAKlB,CACA,OAAOgB,EAAkB1B,EAAKgB,GAC3BK,MAAK,SAASnB,GACb,OAAOD,EAAGc,kBAAkBb,EAC9B,GACJ,sBAyBO,SAA2BF,GAEhC,QAASiB,EAAmBjB,EAC9B,4CAzDA,cACA,aACA,UAGA,UAIO,SAAS0B,EAAkB1B,EAA4BgB,GAE5D,OADAA,GAAO,EAAAW,EAAAA,eAAc3B,EAAKgB,IACnB,EAAAS,EAAAA,MAAKzB,EAAKA,EAAI4B,kBAAoB,gBAAiBZ,EAAM,CAAEQ,iBAAiB,GACrF,CAoCO,SAASJ,EAAgBpB,EAA4BgB,GAG1D,OAFAA,GAAO,EAAAW,EAAAA,eAAc3B,EAAKgB,IAEnB,EAAAS,EAAAA,MAAKzB,EAAKA,EAAI4B,kBAAoB,2BAA4BZ,EAAM,CAAEQ,iBAAiB,GAChG,CAeO,SAASP,EAAmBjB,GAG/B,OADgBA,EAAIuB,QAAQM,YAAaC,QAC1BC,IAAIC,EAAAA,qBACvB,iEC5DO,SAAmChC,GACxC,IAAMC,EAA0B,CAC9BK,OAAQoB,EAAAA,kBAAkBO,KAAK,KAAMjC,GACrCkC,OAAM,SAAClB,GACL,OAAO,EAAAmB,EAAAA,mBAAkBnC,EAAKC,EAAIe,EACpC,EACAoB,OAAQC,EAAAA,kBAAkBJ,KAAK,KAAMjC,GACrCsC,WAAU,SAACtB,GACT,OAAO,EAAAuB,EAAAA,iBAAgBvC,EAAKC,EAAIe,EAClC,EACAD,kBAAmB,SAACb,GAClB,OAAO,IAAIH,EAAAA,qBAAqBC,EAAKC,EAAIC,EAC3C,EACAsC,kBAAmB,SAAClB,EAAaN,EAAoBO,GACnD,OAAO,EAAAiB,EAAAA,mBAAkBxC,EAAKC,EAAIqB,EAAKN,EAAMO,EAC/C,GAEF,OAAOtB,CACT,EA7BA,cAOA,2CCrBA,oLACA,oLACA,kPCgCO,SAONwC,GAEC,OAAO,SAAP,0BAdiB,IA8Cd,EApBA,EAZH,GAdiB,EAcjB,EAdiB,kbAmBf,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAM+B,OALhD,+BAASA,KAAM,+IAEf,EAAK0B,MAAQ,EAAKzC,IAAK,EAAA0C,EAAAA,4BAAyB,iBAGhD,EAAKC,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CA6CC,OA7CA,qEAGD,WAAaY,GAAmB,oFAK7B,GAJDA,GAAO,EAAAC,EAAAA,OAAMD,GAAQ,CAAC,GAChBE,EAAqB,SAACxB,GAE1B,cADOsB,EAAKG,gBACL,EAAK/C,GAAGuC,kBAAkB,gBAAiBK,EAAMtB,EAC1D,EACKsB,EAAKG,gBAAiB,CAAF,wCAChBD,KAAoB,gCAEtB5C,KAAKyC,cACXvB,MAAK,SAASuB,GACb,OAAOG,EAAmB,CACxBE,QAAS,CACP,uBAAwBL,IAG9B,KAAE,gDACH,kHAGD,WAA4BC,GAAkC,gGACrD1C,KAAK+C,OAAOL,IAAK,gDACzB,0EAGD,SAAeA,GACb,OAAO1C,KAAKF,GAAGuC,kBAAkB,kCAAmCK,EACtE,GAAC,2BAGD,SAAcA,GACZ,OAAO1C,KAAKF,GAAGuC,kBAAkB,gCAAiCK,EACpE,GAAC,iCAGD,SAAoBA,GAClB,IAAQM,EAAuCN,EAAvCM,0BAA8BnC,GAAI,aAAK6B,EAAI,GAKnD,OAJIM,IAEDnC,EAAaO,QAAU,CAAE4B,0BAAAA,IAErBhD,KAAKF,GAAGuC,kBAAkB,+BAAgCxB,EACnE,KAAC,EAzDI,CAAyByB,EA4DlC,uIAzFA,SAGA,aAUA,UAEmB,uGCvBZ,SAAShC,EAAgBT,EAA4BC,EAAyBC,EAAKkD,EAAKC,GAI7F,GAHAD,EAAMA,GAAOlD,EACbkD,GAAM,EAAAN,EAAAA,OAAMM,GAERE,MAAMC,QAAQH,GAAM,CAEtB,IADA,IAAII,EAAS,GACJC,EAAI,EAAGC,EAAKN,EAAIO,OAAQF,EAAIC,EAAID,IACvCD,EAAOI,KAAKnD,EAAgBT,EAAKC,EAAIC,EAAKkD,EAAIK,GAAIJ,IAEpD,OAAOG,CACT,CAEA,IAAIK,EAAWT,EAAIU,WAAa,CAAC,EAEjC,IAAK,IAAIC,KAAOF,EACTtD,OAAOyD,UAAUC,eAAeC,KAAKL,EAAUE,MAKhD,EAAAI,EAAAA,UAASN,EAASE,KAAST,MAAMC,QAAQM,EAASE,OACpDF,EAASE,GAAOtD,EAAgBT,EAAKC,EAAIC,EAAK2D,EAASE,GAAMV,IAKjE,IAAIe,GAAM,EAAAC,EAAAA,WAAUrE,EAAKC,EAAIC,EAAKkD,EAAKC,GAKvC,OAJA9C,OAAOC,OAAOqD,EAAUO,GAExBhB,GAAM,EAAAkB,EAAAA,MAAKlB,EAAK,YAAa,UAC7B7C,OAAOC,OAAO4C,EAAKS,GACZT,CACT,EApCA,aAEA,qECaO,SAASmB,EAAQvE,EAA4BC,EAAyBC,EAAKkD,EAAKoB,EAAMnB,GAC3F,GAAIC,MAAMC,QAAQiB,GAChB,OAAO,SAASC,EAAM5B,GACpB,IAAK4B,EACH,MAAM,IAAItD,EAAAA,QAAa,4BAGzB,IAAIuD,GAAK,EAAAC,EAAAA,MAAKH,EAAM,CAACC,KAAMA,IAC3B,IAAKC,EACH,MAAM,IAAIvD,EAAAA,QAAa,+BAGzB,OAAOoD,EAAQvE,EAAKC,EAAIC,EAAKkD,EAAKsB,EAAIrB,EAA/BkB,CAAoC1B,EAC7C,EAEK,GAAI2B,EAAKI,OACZJ,EAAKI,MAAMC,OACiB,IAA5BL,EAAKI,MAAMC,MAAMlB,OAEnB,OADaa,EAAKI,MAAMC,MAAM,IAG5B,IAAK,MACH,OAAO,WACL,OAAO,EAAA9C,EAAAA,KAAI/B,EAAKwE,EAAKM,KAAM,CAAEtD,iBAAiB,GAChD,EAEF,IAAK,OAEH,OAAO,SAASqB,GACVQ,GAAOA,EAAI0B,YACb1B,EAAI0B,WAAY,GAGlB,IAAI3E,GAAO,EAAAuB,EAAAA,eAAczB,EAAK2C,GAEX,eAAf3C,EAAII,QAA0C,kBAAfJ,EAAII,QAErCC,OAAOC,OAAOJ,EAAM,CAClB4E,WAAY5B,EAAI4B,WAChBC,SAAU7B,EAAI6B,WAIlB,IAAIC,EAAS,CAAC,EACVC,EAAW/E,EAAK+E,SACpB,QAAiB9E,IAAb8E,EAAwB,CAC1B,GAAwB,mBAAbA,EACT,IACED,EAAOC,WAAaA,GACtB,CACA,MAAOC,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,kCACzC,MAEoB,OAAbgE,IACPD,EAAOC,WAAaA,GAEtB/E,GAAO,EAAAkE,EAAAA,MAAKlE,EAAM,WACpB,CAEA,IAAIiF,EAAiBjF,EAAKiF,eAC1B,QAAuBhF,IAAnBgF,EAA8B,CAChC,GAA8B,mBAAnBA,EACT,IACEH,EAAOG,iBAAmBA,GAC5B,CACA,MAAOD,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,wCACzC,MAE0B,OAAnBkE,IACPH,EAAOG,iBAAmBA,GAE5BjF,GAAO,EAAAkE,EAAAA,MAAKlE,EAAM,iBAEpB,MAAWA,EAAKkF,cACuBjF,IAA7BD,EAAKkF,QAAQC,cACjBnF,EAAKkF,QAAQC,cACfL,EAAOK,aAAc,GAEvBnF,EAAKkF,SAAU,EAAAhB,EAAAA,MAAKlE,EAAKkF,QAAS,gBAEpC,IAAIR,EAAON,EAAKM,MAAO,EAAAU,EAAAA,eAAcN,GACrC,OAAO,EAAA1C,EAAAA,mBAAkBxC,EAAKC,EAAI6E,EAAM1E,EAC1C,EAGR,EAvGA,aACA,aACA,UAEA,UACA,yDCDO,SAAmBJ,EAA4BC,EAAyBC,EAAKkD,EAAKC,GACvF,IAAIe,EAAM,CAAC,EACX,IAAK,IAAIqB,KAAYrC,EAAIzC,OACvB,GAAKJ,OAAOyD,UAAUC,eAAeC,KAAKd,EAAIzC,OAAQ8E,GAAtD,CAIA,IAAIjB,EAAOpB,EAAIzC,OAAO8E,GAMtB,GAJiB,SAAbA,IACFA,EAAWjB,EAAKC,MAGdD,EAAKkB,KACPtB,EAAIqB,GAAYjB,OAIlB,GAGO,SAHCiB,EAIJrB,EAAIuB,MAAO,EAAAC,EAAAA,WAAU5F,EAAKE,EAAKmD,OAGjC,CACE,IAAIwC,GAAK,EAAAtB,EAAAA,SAAQvE,EAAKC,EAAIC,EAAKkD,EAAKoB,EAAMnB,GACtCwC,IACFzB,EAAIqB,GAAYI,EAClB,CAxBJ,CA2BF,OAAOzB,CACT,EApCA,cACA,uECyBO,SAAmBpE,EAAKE,EAA4BmD,GACzD,OAAO,SAAU9B,GACf,IAAIuE,EACAT,EACAF,EACAY,GAEA,EAAAC,EAAAA,UAASzE,GACXuE,EAAQvE,GACC,EAAA4C,EAAAA,UAAS5C,KAElBuE,EAAQvE,EAAQuE,MAChBT,EAAiB9D,EAAQ8D,eACzBF,EAAW5D,EAAQ4D,SACnBY,EAAsBxE,EAAQwE,qBAG3BD,GAAmB,IAAVA,IACZA,EAAQG,EAAAA,uBAIV,IAAIC,GAAW,EAAAC,EAAAA,SAAQjG,EAAK,OAAQ,QAmCpCmD,EAAI0B,WAAY,EAEhB,IAAIqB,EAAa,EA+CjB,OA9CoB,SAAhBC,IAEF,OAAKhD,EAAI0B,UAtCX,WACE,IAAIlC,EAAO,CAAC,EACZ,GAAwB,mBAAbsC,EACT,IACEtC,EAAKsC,WAAaA,GACpB,CACA,MAAOC,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,kCACzC,MAEOgE,UACPtC,EAAKsC,WAAaA,GAEpB,GAA8B,mBAAnBE,EACT,IACExC,EAAKwC,iBAAmBA,GAC1B,CACA,MAAOD,GACL,OAAOvE,QAAQK,OAAO,IAAIC,EAAAA,QAAa,wCACzC,MAEOkE,UACPxC,EAAKwC,iBAAmBA,GAG1B,IAAIP,EAAOoB,EAASpB,MAAO,EAAAU,EAAAA,eAAc3C,GACzC,OAAO,EAAApB,EAAAA,MAAKzB,EAAK8E,GAAM,EAAAwB,EAAAA,eAAcpG,GAAM,CACzCqG,gBAAgB,EAChB/E,iBAAiB,EACjBgF,eAAe,GAEnB,CAWSC,GACJpF,MAAK,SAAUqF,GAKd,GAHAN,EAAa,EAGTM,EAAQC,cAAyC,YAAzBD,EAAQC,aAA4B,CAG9D,IAAKtD,EAAI0B,UACP,MAAM,IAAI6B,EAAAA,QAQZ,MALmC,mBAAxBb,GACTA,EAAoBW,IAIf,EAAAG,EAAAA,OAAQf,GAAOzE,KAAKgF,EAE7B,CAIE,OADAhD,EAAI0B,WAAY,EACT/E,EAAIC,GAAGc,kBAAkB2F,EAEpC,IACCI,OAAM,SAASC,GAEd,GAAIA,EAAIC,MACgB,IAAnBD,EAAIC,IAAI1G,QAAmC,MAAnByG,EAAIC,IAAI1G,SACjC8F,GAAc,EAAG,CACnB,IAAIa,EAAwC,IAA1BC,KAAKC,IAAI,EAAGf,GAE9B,OADAA,KACO,EAAAS,EAAAA,OAAQI,GACZ5F,KAAKgF,EACV,CACA,MAAMU,CACR,IAzCOlG,QAAQK,OAAO,IAAI0F,EAAAA,QA0C9B,CACOP,GACJS,OAAM,SAASC,GAEd,MADA1D,EAAI0B,WAAY,EACVgC,CACR,GACJ,CACF,EA/HA,cACA,SACA,UACA,aACA,aAEA,GADA,QACA,0CCHO,SAASpF,EAAczB,EAAKqB,GACjC,IAAI6F,EAAY,CAAC,EAQjB,OAPA7G,OAAOC,OAAO4G,EAAW7F,IAGpB6F,EAAU1G,YAAcR,EAAIQ,aAC/B0G,EAAU1G,WAAaR,EAAIQ,YAGtB0G,CACT,mCAEO,SAAuBlH,GAC5B,OAAOyB,EAAczB,EACvB,kFCRO,SAKLmH,GAEF,IACQC,GAAY,cAQhB,cAA4B,qIAC1B,IAAM/F,EAAU,IAAI8F,EAAmB,UAAK1D,SAAS,0CAAgB,CAAC,GACtExD,KAAKoB,SAAU,EAAAgG,EAAAA,YAAWhG,GAC1BpB,KAAKqH,QAAU,IAAIC,EAAAA,QACnBtH,KAAKuH,SAAWA,CAClB,IAWF,OAXG,aAbGJ,EAAY,WAKeI,IAAQ,aALnCJ,EAAY,YAMGK,GAWrBL,EAAaI,SAAWJ,EAAatD,UAAU0D,SAAWA,EAG1DnH,OAAOC,OAAO8G,EAAc,CAC1BK,UAAAA,IAGKL,CACT,6CApDA,SAEA,YACA,aAKA,aAAmC,8lBCXnC,oLACA,oLACA,oQCYO,WAEL,OAAO,EAAP,YAGE,WAAYtG,IAAW,0DACrBb,KAAKyH,UAAY5G,EAAK4G,OACxB,GAGJ,iICVA,gBACA,aAQA,SACA,SAsBI/F,EAAkC,CAIpCgG,uBAAwB,WACtB,IACE,IAAI/F,EAAU3B,KAAK2H,kBACnB,OAAO3H,KAAK4H,YAAYjG,EAC1B,CAAE,MAAOsD,GACP,OAAO,CACT,CACF,EAEA4C,yBAA0B,WACxB,IACE,IAAIlG,EAAU3B,KAAK8H,oBACnB,OAAO9H,KAAK4H,YAAYjG,EAC1B,CAAE,MAAOsD,GACP,OAAO,CACT,CACF,EAEA8C,gBAAiB,SAASC,GACxB,IAAIC,GAAY,EAChB,OAAQD,GACN,IAAK,iBACHC,EAAYjI,KAAK6H,2BACjB,MACF,IAAK,eACHI,EAAYjI,KAAK0H,yBACjB,MACF,IAAK,SACL,IAAK,SACHO,GAAY,EACZ,MACF,QACEA,GAAY,EAGhB,OAAOA,CACT,EAEAC,iBAAkB,SAASF,EAA0B5G,GACnD,IAAI+G,EACJ,OAAQH,GACN,IAAK,iBACHG,EAAkBnI,KAAK8H,oBACvB,MACF,IAAK,eACHK,EAAkBnI,KAAK2H,kBACvB,MACF,IAAK,SACHQ,EAAkBnI,KAAKoI,iBAAiBhH,GACxC,MACF,IAAK,SACH+G,EAAkBnI,KAAKqI,qBACvB,MACF,QACE,MAAM,IAAIrH,EAAAA,QAAa,gCAAD,OAAiCgH,IAG3D,OAAOG,CACT,EAEAG,gBAAiB,SAASC,GACxB,IAAIC,EACAC,EAKJ,OAFAD,GADAD,EAAQA,EAAMG,SACEC,SAChBF,EAAWF,EAAM/E,OAAS+E,EAAM,GAAK,MAKjCvI,KAAK+H,gBAAgBS,GAChBA,IAIT,EAAAI,EAAAA,MAAI,uCAAiCJ,EAAO,0BAAkBC,EAAQ,MAG/DzI,KAAKsI,gBAAgBC,IAXnBC,CAYX,EAEAb,gBAAiB,WAMf,OAJI,EAAAkB,EAAAA,kBAAmBC,OAAOC,YAC5BD,OAAOC,UAAY,WAAY,GAG1BC,YACT,EAEAlB,kBAAmB,WACjB,OAAOmB,cACT,EAGAb,iBAAkB,SAAShH,GAAwB,WAC3C8H,EAAS9H,EAAS8H,OAClBC,EAAW/H,EAAS+H,SACpBC,EAAgBhI,EAASgI,cAC/B,QAAsB,IAAXF,QAA8C,IAAbC,EAC1C,MAAM,IAAInI,EAAAA,QAAa,sEAEzB,IAAMW,EAAyB,CAC7B0H,QAASrJ,KAAK2B,QAAQC,IACtB0H,QAAS,SAAC1F,EAAK2F,GAAkD,IAA3CC,EAAY,UAAH,6CAAG,2BAEhCA,EAAaJ,EAAgB,KAAOI,EACpC,EAAK7H,QAAQ8H,IAAI7F,EAAK2F,EAAOC,EAAW,CACtCN,OAAQA,EACRC,SAAUA,GAEd,EACAO,WAAY,SAAC9F,GACX,EAAKjC,QAAQgI,OAAO/F,EACtB,GAGF,OAAKxC,EAASwI,mBAOP,CACLP,QAAS,SAASzF,GAChB,IAAI3D,EAAO0B,EAAQ0H,UACfE,EAAQ,CAAC,EAMb,OALAnJ,OAAOyJ,KAAK5J,GAAM6J,SAAQ,SAAAC,GACA,IAApBA,EAAEC,QAAQpG,KACZ2F,EAAMQ,EAAEE,QAAQ,GAAD,OAAIrG,EAAG,KAAK,KAAOsG,KAAKC,MAAMlK,EAAK8J,IAEtD,IACOG,KAAKE,UAAUb,EACxB,EACAD,QAAS,SAAS1F,EAAK2F,GACrB,IAAIc,EAAiBH,KAAKC,MAAMnK,KAAKqJ,QAAQzF,IAC7C2F,EAAQW,KAAKC,MAAMZ,GAEnBnJ,OAAOyJ,KAAKN,GAAOO,SAAQ,SAAAC,GACzB,IAAIO,EAAa1G,EAAM,IAAMmG,EACzBQ,EAAeL,KAAKE,UAAUb,EAAMQ,IACxCpI,EAAQ2H,QAAQgB,EAAYC,UACrBF,EAAeN,EACxB,IAEA3J,OAAOyJ,KAAKQ,GAAgBP,SAAQ,SAAAC,GAClCpI,EAAQ+H,WAAW9F,EAAM,IAAMmG,EACjC,GACF,EACAL,WAAY,SAAS9F,GACnB,IAAIyG,EAAiBH,KAAKC,MAAMnK,KAAKqJ,QAAQzF,IAC7CxD,OAAOyJ,KAAKQ,GAAgBP,SAAQ,SAAAC,GAClCpI,EAAQ+H,WAAW9F,EAAM,IAAMmG,EACjC,GACF,GArCOpI,CAuCX,EAGA6I,cAAe,CAAC,EAChBnC,mBAAoB,WAAW,WAC7B,MAAO,CACLgB,QAAS,SAACzF,GACR,OAAO,EAAK4G,cAAc5G,EAC5B,EACA0F,QAAS,SAAC1F,EAAK2F,GACb,EAAKiB,cAAc5G,GAAO2F,CAC5B,EAEJ,EAEA3B,YAAa,SAASjG,GACpB,IAAIiC,EAAM,oBACV,IAGE,OAFAjC,EAAQ2H,QAAQ1F,EAAKA,GACrBjC,EAAQ+H,WAAW9F,IACZ,CACT,CAAE,MAAOqB,GACP,OAAO,CACT,CACF,EAEAtD,QAAS,CACP8H,IAAK,SAASnF,EAAciF,EAAeC,EAAmBpI,GAC5D,IAAQ+H,EAAqB/H,EAArB+H,SAAUD,EAAW9H,EAAX8H,OAClB,QAAsB,IAAXA,QAA8C,IAAbC,EAC1C,MAAM,IAAInI,EAAAA,QAAa,iEAEzB,IAAIyJ,EAA+B,CACjCC,KAAMtJ,EAAQsJ,MAAQ,IACtBxB,OAAAA,EACAC,SAAAA,GAaF,OATOwB,KAAKR,MAAMX,KAKhBiB,EAAcG,QAAU,IAAID,KAAKnB,IAGnCqB,EAAAA,QAAQpB,IAAInF,EAAMiF,EAAOkB,GAClBzK,KAAK4B,IAAI0C,EAClB,EAEA1C,IAAK,SAAS0C,GAEZ,OAAKwG,UAAUtH,OAGRqH,EAAAA,QAAQjJ,IAAI0C,GAFVuG,EAAAA,QAAQjJ,KAGnB,EAEA+H,OAAQ,SAASrF,GACf,OAAOuG,EAAAA,QAAQE,OAAOzG,EAAM,CAAEoG,KAAM,KACtC,IAEF,EAEahJ,EAAW,6ECxPX,SAAqB7B,EAA4BuB,GAA+C,MAC7G,KAAK,EAAA4J,EAAAA,0BACH,OAAOtK,QAAQK,OAAO,IAAIC,EAAAA,aAAa,mDAGzC,IACIiK,EACAC,EACAC,EAHEC,EAA8B,QAArB,EAAGhK,aAAO,EAAPA,EAASgK,iBAAS,QAAIC,SAASC,KAiDjD,OA7CgB,IAAI5K,SAAQ,SAAUC,EAASI,IAC7CmK,EAASG,SAASE,cAAc,WACzBC,MAAMC,QAAU,OAGvBN,EAAW,SAAkBlG,GAC3B,GAAKyG,EAA2BR,EAAQjG,IAInCA,GAAMA,EAAEhF,MAAQgF,EAAE0G,SAAW9L,EAAI4B,kBAAtC,CAIA,IAAImK,EAa+C,IAZnD,IACEA,EAAM1B,KAAKC,MAAMlF,EAAEhF,KACrB,CAAE,MAAO2G,GAIP,MACF,CAEA,GAAKgF,EACL,MAAiB,yBAAbA,EAAIrG,KACC5E,EAAQiL,EAAInJ,aACG,4BAAbmJ,EAAIrG,KAKNxE,EAAO,IAAIC,EAAAA,aAAa,iBAJzB,QAAN,EAAAkK,SAAM,OAAe,QAAf,EAAN,EAAQW,qBAAa,OAArB,EAAuBC,YAAY5B,KAAKE,UAAU,CAChD7E,KAAM,mBACJN,EAAE0G,QAlBR,CAsBF,GACA,EAAAI,EAAAA,aAAYjD,OAAQ,UAAWqC,GAE/BD,EAAOc,IAAMnM,EAAI4B,kBAAoB,mCACrC2J,EAAUa,YAAYf,GAEtBD,EAAUiB,YAAW,WACnBnL,EAAO,IAAIC,EAAAA,aAAa,4BAC1B,IAAGI,aAAO,EAAPA,EAAS6J,UAAW,KACzB,IAEekB,SAAQ,WAGW,MAFhCC,aAAanB,IACb,EAAAoB,EAAAA,gBAAevD,OAAQ,UAAWqC,GAC9BC,EAAUkB,SAASpB,KACD,QAApB,EAAAA,EAAOqB,qBAAa,OAApB,EAAsBC,YAAYtB,GAEtC,GACF,EAzEA,cACA,SACA,UAOMQ,EAA6B,SAACR,EAA2BuB,GAAmB,OACrEA,EAAMC,SAAWxB,EAAOW,aAAa,EA+DjD,iIC1EoBc,EAAQ,WAG3B,WAAYC,IAAa,8DAEvB5M,KAAK4M,YAAcC,SAASD,GAAe,EAC7C,CAOC,OAPA,iCAUD,WAEE,OADWjC,KAAKmC,MAAQ9M,KAAK4M,aAAe,GAE9C,IAAC,qBAVD,WAGE,OAAO,IAAID,EADO,EAEpB,KAAC,EAb0B,GAa1B,0jBCbkD,uBAAjB,iBACK,wBAAJ,IACA,sBAAF,EACO,yBAAJ,IACM,yBAAN,MACiB,qBAArB,qBACqB,qBAArB,qBACmB,oBAApB,oBACkC,2BAA3B,2BACyC,kCAAlC,kCACsB,4BAA5B,4BAC4B,4BAA5B,4BACa,2BAAd,cACO,uBAAV,UACoB,4BAAf,eACc,4BAAf,eAIH,sBAAH,GACI,sBAAJ,IACiB,gCAAP,OAEN,kBAAR,6KCpB/B,aACA,UACA,UAYA,SAAmD,2kBAEZ,qBAAL,KAClC,IAAMI,EAAkB,CACtBC,uBAAwB,KACxBC,cAAe,GAEXC,EAA0B,kBAiBnBC,EAAgB,WAiB3B,WAAYtN,GAAsC,WAChD,IADgD,wQAC3CA,EAAIwH,QACP,MAAM,IAAIrG,EAAAA,aAAa,yDAGzBhB,KAAKoN,KAAOvN,EACZG,KAAKqN,SAAW,EAAH,GAAQN,GACrB/M,KAAKsN,WA9CyB,KA+C9BtN,KAAKuN,YAAc,CAAC,EACpBvN,KAAKwN,eAAiB,KACtBxN,KAAKyN,gBAAkB,IAAIC,EAAAA,aAAa,CACtCC,OAAO,IAMT9N,EAAI+N,aAAaC,GAAGC,EAAAA,aAAa,SAAClK,EAAKmK,GACrC,EAAKC,eAAe,CAAEvB,MAAOqB,EAAAA,YAAalK,IAAAA,EAAKmK,MAAAA,IAC/C,EAAKE,iBACP,IACApO,EAAI+N,aAAaC,GAAGK,EAAAA,eAAe,SAACtK,EAAKmK,GACvC,EAAKC,eAAe,CAAEvB,MAAOyB,EAAAA,cAAetK,IAAAA,EAAKmK,MAAAA,IACjD,EAAKE,iBACP,GACF,CAYC,MAkHA,OA9HA,4CAED,SAAe7M,GACbpB,KAAKuN,YAAcnM,CACrB,GAAC,0BAED,WACE,OAAOpB,KAAKsN,UACd,GAAC,kCAED,WACE,OAAOtN,KAAKwN,cACd,GAAC,8DAED,6GAkCG,GAlCH,EAC0CxN,KAAKoN,KAAKhM,QAA1C+M,EAAkB,EAAlBA,mBAAoB1G,EAAO,EAAPA,QAEtB2G,EAAM,SAACjO,GACX,MAA8B,EAAKoN,YAA3Bd,EAAK,EAALA,MAAO7I,EAAG,EAAHA,IAAKmK,EAAK,EAALA,OACpB,EAAAM,EAAAA,cAAaC,MAAM,uCAAD,OAAwC7B,EAAK,mBAAWtM,KAC1E,EAAAkO,EAAAA,cAAaD,IAAIxK,EAAKmK,IACtB,EAAAM,EAAAA,cAAaD,IAAI,oBAAqB,EAAKd,aAC3C,EAAAe,EAAAA,cAAaE,WAGb,EAAKhB,YAAc,CAAC,CACtB,EAEMiB,EAAsB,SAACC,GAnFT,IAACC,EAA6BC,IAoFXF,GApFlBC,EAoFC,EAAKpB,aA9EtBoB,EAAUE,kBAAoBD,EAAMC,iBACtC1E,KAAKE,UAAUsE,EAAUG,WAAa3E,KAAKE,UAAUuE,EAAME,UAC3D3E,KAAKE,UAAUsE,EAAUI,eAAiB5E,KAAKE,UAAUuE,EAAMG,cAC/DJ,EAAUK,QAAUJ,EAAMI,MA4EzBtH,GAAW2G,EAAI,cAGjB,EAAKZ,eAAiB,EAAKF,WAC3B,EAAKA,WAAamB,EAElB,EAAKrB,KAAK/F,QAAQ2H,KAAK9B,EAAyB,EAAF,GAAOuB,IACrDhH,GAAW2G,EAAI,WACjB,EAEMa,EAAe,SAAfA,EAAgBC,GACpB,OAAO,EAAK7B,SAASL,uBAAuB9L,MAAK,WAC/C,IAAMiO,EAAa,EAAK9B,SAASL,uBACjC,OAAImC,GAAcA,IAAeD,EACxBD,EAAaE,GAEf,EAAKC,cACd,GACF,GAEIpP,KAAKqN,SAASL,uBAAwB,CAAF,qBAClChN,KAAKqN,SAASJ,eA7GS,IA6GgC,iBAG5B,OAA7BxF,GAAW2G,EAAI,cAAc,kBACtBa,EAAajP,KAAKqN,SAASL,yBAAuB,QAEzDhN,KAAKqN,SAASL,uBAAuBvM,SAAS,QA0DO,OArDnD4O,EAAoB,IAAIC,EAAAA,SAAY,SAAC3O,EAAS4O,EAAGC,GACrDA,EAASC,cAAe,EACxBD,GAAS,WACP,EAAKnC,SAASL,uBAAyB,KACvC,EAAKK,SAASJ,cAAgB,EAAKI,SAASJ,cAAgB,EAC5DxF,GAAW2G,EAAI,WACjB,IAEA,IAAMsB,EAAiB,SAACjB,GAClBY,EAAkBM,WACpBhP,KAIF6N,EAAoBC,GACpB9N,IAGA,EAAK0M,SAAW,EAAH,GAAQN,GACvB,EAEA,EAAKK,KAAKwB,kBACP1N,MAAK,WACJ,GAAImO,EAAkBM,WACpBhP,QADF,CAKA,MAA+C,EAAKyM,KAAKQ,aAAagC,gBAA9Dd,EAAW,EAAXA,YAAaD,EAAO,EAAPA,QAASgB,EAAY,EAAZA,aACxBpB,EAAY,CAChBK,YAAAA,EACAD,QAAAA,EACAgB,aAAAA,EACAjB,mBAAoBE,IAAeD,KAIDV,EAChC,EAAKV,gBAAgBhK,KAAK0K,EAAoB,KAAM,EAAKf,KAAMqB,GAC/D/N,QAAQC,QAAQ8N,IAGjBvN,MAAK,SAAAuN,GAAS,OAAIiB,EAAejB,EAAU,IAC3C9H,OAAM,SAAAoI,GAAK,OAAIW,EAAe,CAC7BZ,YAAAA,EACAD,QAAAA,EACAgB,aAAAA,EACAjB,iBAAiB,EACjBG,MAAAA,GACA,GAvBJ,CAwBF,GACJ,IAEA/O,KAAKqN,SAASL,uBAAyBqC,EAAkB,kBAElDJ,EAAaI,IAAkB,iDACvC,oEAED,SAAUS,GACR9P,KAAKoN,KAAK/F,QAAQwG,GAAGX,EAAyB4C,EAChD,GAAC,yBAED,SAAYA,GACV9P,KAAKoN,KAAK/F,QAAQ0I,IAAI7C,EAAyB4C,EACjD,KAAC,EAxK0B,GAwK1B,4LCpMH,UAKA,SAAwC,klDAExC,IAAME,EAAa,YACbC,EAAe,cACfC,EAAkB,iBAClBC,EAA0B,uBAEnBC,EAAc,WAuBzB,WAAYvQ,GAA0E,WAArCuB,EAAiC,UAAH,6CAAG,CAAC,GAAC,sKAClFpB,KAAKH,IAAMA,EACXG,KAAKqQ,SAAWrQ,KAAKqQ,SAASvO,KAAK9B,MAGnC,MAA+CH,EAAI+N,aAAa0C,aAAxDC,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAAYC,EAAW,EAAXA,YAC/BrP,EAAQsP,oBAAsBtP,EAAQsP,qBAAuBtP,EAAQuP,qBACrE3Q,KAAKoB,QAAUhB,OAAOC,OAAO,CAAC,EAC5B+P,EAAeQ,eACf,CAAEL,UAAAA,EAAWC,WAAAA,EAAYC,YAAAA,GACzB,CACEC,oBAAqB,GAAF,OAAK7Q,EAAIuB,QAAQyP,SAAQ,aAC5CC,gBAAiB,GAAF,OAAKjR,EAAIuB,QAAQyP,SAAQ,WAE1C,EAAAzJ,EAAAA,YAAWhG,IAGbpB,KAAK+Q,SAAU,EACf/Q,KAAKgR,SAAW,IAAIC,IAEpBb,EAAec,cAAcpH,SAAQ,SAAAxF,GACnC,IAAM6M,EAAM,EAAKC,cAAc9M,GAC3B6M,GACF,EAAKH,SAASvH,IAAInF,EAAM6M,EAE5B,GACF,CAwCC,MARA,EATA,EARA,EAfA,EAiFA,OAjFA,uEAED,wFACMnR,KAAK+Q,QAAS,CAAF,+BAER/Q,KAAKqR,gBAAe,gDAE7B,mEAED,WAAW,MACT,OAAwC,QAAhC,EAAArR,KAAKsR,WAAWpB,UAAgB,aAAjC,EAA6DqB,UACtE,GAAC,8BAED,WACE,OAAO,aAAIvR,KAAKgR,SAASQ,UAAUC,MAAK,SAAAC,GAAG,OAAIA,EAAIC,YAAcD,EAAIE,oBAAoB,GAC3F,GAAC,oDAED,wFACM5R,KAAK+Q,QAAS,CAAF,gEAGV/Q,KAAKqR,gBAAe,OAC1BrR,KAAK+Q,SAAU,EAAK,gDACrB,gGAED,oGACQ/Q,KAAK6R,eAAc,OACzB7R,KAAK+Q,SAAU,EAAM,gDACtB,qEAED,SAAWzM,GACT,OAAOtE,KAAKgR,SAASpP,IAAI0C,EAC3B,GAAC,4DAED,sGAC4BtE,KAAKgR,SAASc,WAAS,yDAA5B,GAA4B,2BAArCxN,EAAI,KAAEoN,EAAG,MACf1R,KAAK+R,gBAAgBzN,EAAMoN,GAAM,CAAF,+BAC3BA,EAAIM,QAAO,sMAGtB,wGAED,kGACoBhS,KAAKgR,SAASQ,UAAQ,wDAA1B,OAAHE,EAAG,iBACNA,EAAIO,OAAM,qMAEnB,0EAGD,SAAwB3N,EAAcoN,GACpC,IAAIC,EAAWD,EAAIC,aAAeD,EAAIQ,YAOtC,OALI5N,IAAS4L,EACXyB,IAAAA,EAAa3R,KAAKmS,oBACTT,EAAIE,sBACbD,IAAAA,EAAa3R,KAAKuR,YAEbI,CACT,GAAC,2BAED,SAAsBrN,GACpB,IAEI8N,EAFExE,EAAe5N,KAAKH,IAAI+N,aAG9B,OAAQtJ,GACN,KAAK4L,EACHkC,EAAU,IAAIC,EAAAA,sBAAsB,EAAD,KAAKrS,KAAKoB,SAAO,IAAEiP,SAAUrQ,KAAKqQ,YACrE,MACF,KAAKL,EACHoC,EAAU,IAAIE,EAAAA,iBAAiB1E,EAAc,EAAF,GAAM5N,KAAKoB,UACtD,MACF,KAAK6O,EACHmC,EAAU,IAAIG,EAAAA,mBAAmB3E,EAAc,EAAF,GAAM5N,KAAKoB,UACxD,MACF,KAAK+O,EACHiC,EAAU,IAAII,EAAAA,4BAA4B5E,EAAc,EAAF,GAAM5N,KAAKoB,UACjE,MACF,QACE,MAAM,IAAIqR,MAAM,mBAAD,OAAoBnO,IAEvC,OAAO8N,CACT,KAAC,EAlIwB,GAkIxB,iCAlIUhC,EAAc,gBAaM,CAACJ,EAAYC,EAAcC,EAAiBC,KAAwB,aAbxFC,EAAc,iBAe8B,CACrDG,WAAW,EACXC,YAAY,EACZC,aAAa,EACbiC,sBAAsB,EACtBC,sBAAuB,0CC3C3B,4OCGO,SAMLC,EACA1L,EACA2L,GAGA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GACjCI,GAAY,EAAAC,EAAAA,YAAwBH,EAAaN,GAEvD,OADa,EAAAU,EAAAA,WAAuBF,EAEtC,EA/BA,cACA,SACA,UACA,SAOA,UACA,6CCfA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,iPCSO,SASN/Q,GAEC,OAAO,SAAP,0BAbuC,IA6CpC,EAJA,EANA,EATA,EAbH,GAbuC,EAavC,EAbuC,kbAkBrC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAO8D,OAN/E,+BAASA,KAAM,iHAGf,EAAK2S,iBAAmB,IAAIrG,EAAAA,kBAAgB,iBAG5C,EAAKsG,eAAiB,IAAIrD,EAAAA,gBAAc,gBAAgB,EAAKhP,QAAQ4P,UAAU,CACjF,CAsEC,OAtEA,oEAED,oGACQhR,KAAKyT,eAAezB,QAAO,OAEP,GAA1BhS,KAAK4N,aAAaoE,QACbhS,KAAK+N,MAAM2F,kBAAmB,CAAF,+BACzB1T,KAAKwT,iBAAiBvF,kBAAiB,gDAEhD,gGAED,oFAE2B,OAAzBjO,KAAK4N,aAAaqE,OAAO,SACnBjS,KAAKyT,eAAexB,OAAM,gDACjC,0GAED,WAAqB0B,GAAoB,uFACjC3T,KAAK4T,yBAAoB1T,EAAWyT,GAAY,gDACvD,gHAGD,WAA0BE,EAAiBF,GAAoB,iFAC/B,GAA1BhF,EAAQ3O,KAAKoB,QAAQuN,OAGrBkF,EAAQ,CAAF,eACR7T,KAAK4N,aAAakG,UAAUD,GAC5BF,EAAcA,GAAe3T,KAAK+T,eAAe/T,KAAKoB,QAAQuN,OAAO,2BAC5D3O,KAAK0T,kBAAmB,CAAF,2CAGD,EAAAM,EAAAA,2BAA0BhU,KAAM,CAAC,GAAE,QAEP,OAFlDiU,EAAgB,EAAH,KACnBtF,EAAQsF,EAActF,MACtBgF,EAAcA,GAAe3T,KAAK+T,eAAepF,GAAO,UAClD3O,KAAKkU,0BAAyB,2EAG9BlU,KAAKwT,iBAAiBvF,kBAAiB,sGAQ3CjO,KAAKwT,iBAAiBvF,kBAAiB,QAMnB,GAH1BjO,KAAKmU,kBAAkBxF,KAGfyF,EAAuBpU,KAAKoB,QAA5BgT,oBACgB,CAAF,iCACdA,EAAmBpU,KAAM2T,GAAY,gCAClCA,GACT7K,OAAOuL,SAASpK,QAAQ0J,GACzB,0DACF,oFAED,WAAoD,IAA5BxS,EAAM,UAAH,6CAAG2H,OAAOuL,SAAS1P,KACtC5E,GAAM,EAAAiU,EAAAA,2BAA0BhU,KAAM,CAAEsU,aAAc,QAASnT,IAAAA,IACrE,IAAIpB,EAAI4O,MAMN,MAAM,IAAI3N,EAAAA,aAAa,oCALvB,IAAMuT,EAAU,IAAIC,iBAAiB,kBAAD,OAAmBzU,EAAI4O,QAC3D4F,EAAQzI,YAAY/L,GACpBwU,EAAQE,OAKZ,KAAC,EAnFI,CAA2BnS,EAqFpC,2HA/GA,UAUA,UACA,UAEA,0FCGO,WAGL,OAAO,SAAP,0BAPsD,IAOtD,GAPsD,EAOtD,EAPsD,kbAcpD,WAAYlB,GAAc,MAG6B,OAH7B,qBACxB,cAAMA,IAAS,6GACf,EAAK4P,SAAW5P,EAAQ4P,SACxB,EAAK7C,mBAAqB/M,EAAQ+M,mBAAmB,CACvD,CAAC,uBAXI,EADyB,EAAAuG,EAAAA,iCAclC,iGApBA,wECTO,WACL,OAAO,EAAAC,EAAAA,4BACT,EALA,uGCAA,oLACA,oLACA,2SCgEO,SAA2BC,GAChC,OAAOC,WAAWC,KAAKC,EAAgBH,IAAO,SAACI,GAAS,OAAKA,EAAEC,WAAW,EAAE,GAC9E,sBArCO,SAA2BL,GAChC,IAAIM,EAAMC,EAAkBP,GAC5B,OAAQM,EAAI1R,OAAS,GACnB,KAAK,EACH,MACF,KAAK,EACH0R,GAAO,KACP,MACF,KAAK,EACHA,GAAO,IACP,MACF,QACE,MAAM,IAAIlU,EAAAA,aAAa,yBAE3B,IAAIoU,GAAO,EAAAC,EAAAA,MAAKH,GAChB,IACE,OAAOI,mBAAmBC,OAAOH,GACnC,CAAE,MAAOnQ,GACP,OAAOmQ,CACT,CACF,sBAoBO,SAA2BI,GAChC,OAAO,EAAAC,EAAAA,MAAK,IAAIZ,WAAWW,GAAKE,QAAO,SAACC,EAAGC,GAAI,OAAKD,EAAIE,OAAOC,aAAaF,EAAK,GAAE,IACrF,sBAzDO,SAA2BG,GAEhC,OAAOC,GADG,EAAAP,EAAAA,MAAKM,GAEjB,mBAkCO,SAAwBA,GAE7B,IADA,IAAIE,EAAS,IAAIpB,WAAWkB,EAAIvS,QACvB0S,EAAI,EAAGA,EAAIH,EAAIvS,OAAQ0S,IAC9BD,EAAOC,GAAKH,EAAId,WAAWiB,GAE7B,OAAOD,CACT,EA/CA,cACA,OASO,SAASD,EAAkBd,GAChC,OAAOA,EAAIjL,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,GACpE,CAGO,SAASkL,EAAkBP,GAChC,OAAOA,EAAK3K,QAAQ,KAAM,KAAKA,QAAQ,KAAM,IAC/C,CAgCO,SAAS8K,EAAgBgB,GAC9B,OAAO,EAAAV,EAAAA,MAAKF,EAAkBY,GAChC,oECjD8C,OAApC,SAASA,GAAO,OAAOV,KAAKU,EAAM,EACG,OAArC,SAAUA,GAAO,OAAON,KAAKM,EAAM,EAC7C,IAAMf,EAAsB,oBAAXmB,OAAyB,KAAOA,OAAO,iDCHxD,oLACA,oLACA,oLACA,oLACA,kOCDO,SAAqBJ,GAC1B,IAAIE,GAAS,IAAIG,aAAcC,OAAON,GACtC,OAAOO,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAQ/U,MAAK,SAASuV,GAC9D,IACIC,EADY,IAAI7B,WAAW4B,GACL/N,MAAM,EAAG,IAC/BiO,EAAOd,OAAOC,aAAac,MAAM,KAAMF,GAE3C,OADW,EAAAG,EAAAA,mBAAkBF,EAE/B,GACF,EAZA,cACA,0ECEO,SAAqB9H,EAASjL,GACnCA,GAAM,EAAAjB,EAAAA,OAAMiB,GAEZ,IACIkT,EAAO,CACTxS,KAAM,oBACNqS,KAAM,CAAErS,KAAM,YAYhB,cAJOV,EAAImT,IAIJT,EAAAA,UAAUC,OAAOS,UAfX,MAiBXpT,EACAkT,GAbgB,EACL,CAAC,WAgBb5V,MAAK,SAAS+V,GACb,IAAIC,EAAMrI,EAAQsI,MAAM,KACpBC,GAAU,EAAAC,EAAAA,gBAAeH,EAAI,GAAK,IAAMA,EAAI,IAC5CI,GAAe,EAAAvC,EAAAA,iBAAgBmC,EAAI,IACnCK,GAAY,EAAAF,EAAAA,gBAAeC,GAE/B,OAAOhB,EAAAA,UAAUC,OAAOiB,OACtBV,EACAG,EACAM,EACAH,EAEJ,GACF,EA1CA,aACA,UACA,uCCAA,qVCFwC,IAInBK,EAAY,mCAJO,IAIP,GAJO,EAIP,EAJO,kbAatC,WAAY7Q,EAAeC,EAAoB6Q,GAAwC,4BACrF,IAAMC,EAAU/Q,EAAIgR,aAgBnB,OAfD,cAAMD,IAAS,4VAEf,EAAKrT,KAAO,eACZ,EAAKsT,aAAehR,EAAIgR,aACxB,EAAKC,UAAYjR,EAAIiR,UACrB,EAAKC,UAAYlR,EAAIkR,UACrB,EAAKC,QAAUnR,EAAImR,QACnB,EAAKC,YAAcpR,EAAIoR,YAEnBnR,IACF,EAAKA,IAAMA,GAGT6Q,IACF,EAAKA,KAAOA,GACb,CACH,CAAC,uBA3B8B,CAJjC,UAI0CO,SAAW,uKCJb,IAEnBxR,EAAiB,mCAFE,IAEF,GAFE,EAEF,EAFE,kbAGtC,aACoD,OADtC,qBACsC,YAAlC,kCAElB,CAAC,uBAJmC,CAFtC,UAE+CwR,SAAW,iMCFlB,IAGnBjX,EAAY,mCAHO,IAGP,GAHO,EAGP,EAHO,kbAWtC,WAAY4K,EAAa/E,GAAsB,MAU5C,OAV4C,qBAC7C,cAAM+E,IAAK,8SACX,EAAKtH,KAAO,eACZ,EAAKuT,UAAY,WACjB,EAAKD,aAAehM,EACpB,EAAKkM,UAAY,WACjB,EAAKC,QAAU,WACf,EAAKC,YAAc,GACfnR,IACF,EAAKA,IAAMA,GACZ,CACH,CAAC,uBAnB8B,CAHjC,UAG0CoR,SAAW,uLCHhCA,EAAW,geAC9B,WAAYN,GAAiB,MAGuB,OAHvB,qBAE3B,cAAMA,GACNvX,OAAO8X,gBAAe,EAAD,eAAO,2CAAWrU,WAAW,CACpD,CAAC,uBAL6B,EAK7B,sBALsC4O,QAAK,iMCCN,IAGnB0F,EAAU,mCAHS,IAGT,GAHS,EAGT,EAHS,kbAatC,WAAYN,EAAmBO,EAAiBC,GAAqB,MAelE,OAfkE,qBACnE,cAAMD,IAAS,wPAHW,MAK1B,EAAK9T,KAAO,aACZ,EAAKuT,UAAYA,EACjB,EAAKD,aAAeQ,EAGpB,EAAKrJ,MAAQ8I,EACb,EAAKS,kBAAoBF,EAIrBC,IACF,EAAKA,KAAOA,GACb,CACH,CAAC,uBA1B4B,CAH/B,UAGwCJ,SAAW,iMCFnD,YACA,SAAqC,IAKhBM,EAAY,mCALI,IAKJ,GALI,EAKJ,EALI,kbAcnC,WAAYC,EAAgBC,EAAoCJ,GAAqB,QASlF,OATkF,qBAGnF,cAAsB,QAAtB,EAAMI,EAAW1J,aAAK,QAAIwJ,EAAaG,gBAAe,yIAPjD,iBAAc,qCAEO,MAM1B,EAAKF,OAASA,EACd,EAAKC,WAAaA,EAEdJ,IACF,EAAKA,KAAOA,GACb,CACH,CA+CC,OA/CA,iCAGD,WAAuB,OAAOrY,KAAKyY,WAAW1J,KAAO,GAAC,qBACtD,WAA2B,OAAO/O,KAAK+O,KAAO,GAAC,6BAE/C,WAAmC,OAAO/O,KAAKyY,WAAWH,iBAAmB,GAAC,4BAE9E,WAAkC,OAAOtY,KAAKsY,iBAAmB,GAAC,wBAClE,WAA8B,OAAOtY,KAAK2Y,gBAAkB,GAAC,iBAC7D,WAAuB,OAAO3Y,KAAKyY,WAAWG,KAAO,IAAC,0BAGtD,SAAoBC,GAElB,IAAKA,EACH,OAAO,KAiBT,IAVA,IASIC,EATEC,EAAQ,qHACRC,EAAaH,EAAO7O,QAAQ,KAC5BwO,EAASK,EAAOnQ,MAAM,EAAGsQ,GACzBC,EAAYJ,EAAOnQ,MAAMsQ,EAAa,GACtCjU,EAAS,CAAC,EAM2B,QAAnC+T,EAAQC,EAAMG,KAAKD,KAAsB,OAC/ClU,EAAO+T,EAAM,IAAe,QAAR,EAAAA,EAAM,UAAE,QAAIA,EAAM,EACxC,CAEA,OAAO,IAAIP,EAAaC,EAAQzT,EAClC,GAAC,sCAID,WAA2E,MAA1CjC,EAAuB,UAAH,6CAAG,CAAC,EACvD,OAAI,EAAAqW,EAAAA,YAAYrW,aAAO,EAAPA,EAAqBlB,KAC3BkB,EAAoBlB,IAAI,oBAEA,QAAlC,EAAOkB,EAAQ,2BAAmB,QAAIA,EAAQ,mBAChD,KAAC,EAlE8B,CAASmV,EAAAA,SAAW,0BAAhCM,EAAY,gBACR,0BAAwB,iqBCFjD,SAAwBtV,GACtB,OAAQA,aAAewU,EAAAA,OACzB,iBAEA,SAAsBxU,GACpB,OAAQA,aAAekV,EAAAA,OACzB,mBAEA,SAAwBlV,GACtB,OAAQA,aAAesV,EAAAA,OACzB,EAhBA,iBACA,aACA,aACA,aACA,aAyBA,iSC1CA,IAAsC,EAAtC,QAGea,SAAQ,+GCHvB,MAWwB,qbAXxB,UAAoC,WAGpC,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,aAAwB,+HAAxB,mXCPA,UAmCA,iNAzBA,aA0BA,iNAzBA,cA0BA,iNAHA,+NAjBA,IAAMlS,GAAkE,EAAAmS,EAAAA,+BAClEC,GAA+C,EAAAC,EAAAA,2BAC/CC,GAAuD,EAAAC,EAAAA,+BAGvDC,GAAU,EAAAC,EAAAA,mBAAkBL,EAAgBpS,EAAoBsS,GAChEI,GAAgB,EAAAC,EAAAA,gBAAeH,GAG/BN,EAAQ,mCAQW,IARX,GAQW,EARX,EAQW,kbAPvB,WAAYhY,GAA0B,wCAC9BA,EACR,CAAC,uBAHW,EAFI,EAAA0Y,EAAAA,YAAWF,IAEG,mBAMjBR,EAAQ,kHCgDhB,WACL,OAAQvQ,UACsB,IAArBC,OAAOiR,WACdC,KACAC,GACJ,2BAtDO,WACL,IAAMC,EAAQC,IACd,OAAOD,IAAUE,EAAeC,KAAKH,EACvC,YAiCO,WACL,QAAKI,KAG+B,WAA7BxR,OAAOuL,SAASkG,QACzB,2BAeO,WAEL,OAAOD,KAAoC,oBAAdE,gBAA4D,IAAxBA,UAAUC,WAExE,mBAAmBJ,KAAKG,UAAUC,aAAe3R,OAAO4R,QAC7D,gBAlBO,WAEL,OAAOJ,KAA4C,cAA7BxR,OAAOuL,SAASsG,QACxC,oBAdO,WACL,OAAOC,KAA4BZ,GACrC,gCA7BO,WACL,IAAKM,IACH,OAAO,EAET,IAAMO,EAAgBxP,SAAiBwP,aACnCC,EAAWD,GAAgBA,EAAe,GAC9C,YAAkC,IAAvB/R,OAAOgD,cAAgCgP,CAIpD,6BAnCA,cAEMV,EAAiB,oCAEhB,SAASE,IACd,MAA2B,oBAAbjP,UAA8C,oBAAXvC,MACnD,CAEO,SAASD,IACd,IAAKyR,IACH,OAAO,EAET,IAAMO,EAAgBxP,SAAiBwP,aACvC,QAASA,GAAgBA,GAAgB,EAC3C,CAEO,SAASV,IACd,OAAOK,UAAUC,SACnB,CAmBA,SAASR,IACP,YAA4B,IAAd3D,EAAAA,WACK,OAAdA,EAAAA,gBAC4B,IAArBA,EAAAA,UAAUC,QACK,oBAAf1B,UACd,CAEO,SAAS+F,IACd,OAAOX,GACT,CAEO,SAASD,IACd,MAA8B,oBAAhB5D,WAChB,kGCrDA,aAAqC,0GAIrC,IAAM2E,EAA0B,0BAoFL,UA9C3B,SAAsBC,EAAgB7Z,EAAaN,GACjD,IAAIyK,EAAOzK,EAAKZ,KACZ6C,EAAUjC,EAAKiC,SAAW,CAAC,EAC3BmY,EAAenY,EAAQ,iBAAmBA,EAAQ,iBAAmB,GAErEwI,GAAwB,iBAATA,IAEbyP,EAAwBV,KAAKY,GAC/B3P,EAAOpB,KAAKE,UAAUkB,GAEC,sCAAhB2P,IACP3P,EAAOlL,OAAO0R,QAAQxG,GACrB4P,KAAK,qCAAEC,EAAK,KAAE5R,EAAK,qBAAS4R,EAAK,YAAIC,mBAAmB7R,GAAM,IAC9D8R,KAAK,OAIV,IACIC,GADQC,EAAAA,EAAOC,OAASC,EAAAA,SACHta,EAAK,CAC5B6Z,OAAQA,EACRlY,QAASjC,EAAKiC,QACdwI,KAAMA,EACNoQ,YAAa7a,EAAKQ,gBAAkB,UAAY,SAOlD,OAJKia,EAAanP,UAChBmP,EAAe5a,QAAQC,QAAQ2a,IAG1BA,EAAapa,MAAK,SAASya,GAChC,IAAI5M,GAAS4M,EAASC,GAClBzb,EAASwb,EAASxb,OACtB,OApEJ,SAAkBwb,GAChB,OAAIA,EAAS7Y,QAAQlB,IAAI,iBAEvB+Z,EAAS7Y,QAAQlB,IAAI,gBAAiBia,cAAc7R,QAAQ,qBAAuB,EAC9E2R,EAASG,OAEbnV,OAAM,SAAA1B,GACL,MAAO,CACL8J,MAAO9J,EACP2S,aAAc,kCAElB,IAEO+D,EAASI,MAEpB,CAqDWC,CAASL,GACbza,MAAK,SAAAjB,GACJ,OArDR,SAAsBE,EAAgBF,EAAuB0b,GAC3D,IAEsD,EAFhD3X,EAA2B,YAAhB,aAAO/D,GAClB6C,EAAU,CAAC,EAAE,EAzBgB,25BAyBhB,CACC6Y,EAAS7Y,QAAgBgP,WAAS,IAAtD,IAAK,EAAL,qBAAwD,KAA7CmK,EAAI,QACbnZ,EAAQmZ,EAAK,IAAMA,EAAK,EAC1B,CAAC,+BACD,IAAMC,EAAuB,CAC3BC,aAAcnY,EAAWkG,KAAKE,UAAUnK,GAAQA,EAChDE,OAAQA,EACR2C,QAAAA,GAMF,OAJIkB,IACFkY,EAAOE,aAAe,OACtBF,EAAOG,aAAepc,GAEjBic,CACT,CAqCeI,CAAanc,EAAQF,EAAM0b,EACpC,IACCza,MAAK,SAAAgb,GAAU,MACd,GAAInN,GAA4B,QAAvB,EAAImN,EAAOG,oBAAY,OAAnB,EAAqBtN,MAEhC,MAAMmN,EAER,OAAOA,CACT,GACJ,GACF,EAE2B,sICrF3B,SACaK,EAAa,WAGxB,cAAc,+DAEZvc,KAAKwc,aAAe,CAAC,gBAAD,OAAiBC,WACrCzc,KAAK0c,yBACP,CAoBC,OApBA,4CAED,SAAeC,GACb3c,KAAKwc,aAAa/Y,KAAKkZ,EACzB,GAAC,2BAED,WACE,MAAO,CAAE,6BAA8B3c,KAAKwc,aAAanB,KAAK,KAChE,GAAC,wBAED,WACE,MAAOoB,QACT,GAAC,qCAED,WACE,KAAI,EAAAnC,EAAAA,cAAgBsC,SAAYA,QAAQC,SAAxC,CAGA,IAAcC,EAAYF,QAAQC,SAA1BE,KACR/c,KAAKwc,aAAa/Y,KAAK,UAAD,OAAWqZ,GAFjC,CAGF,KAAC,EA3BuB,GA2BvB,sEC7BI,SAA0BE,EAAmCC,EAAYC,GAC9EF,EAAW5b,QAAQ0B,QAAUka,EAAW5b,QAAQ0B,SAAW,CAAC,EAC5Dka,EAAW5b,QAAQ0B,QAAQma,GAAcC,CAC3C,qCCjBA,oLACA,mLACA,oLACA,oLACA,oLACA,iPCOO,SAON5a,GAEC,OAAO,SAAP,0BAX8B,IAW9B,GAX8B,EAW9B,EAX8B,kbAgB5B,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAQf,OAPF,+BAASA,KAAM,qGAEf,EAAKsc,eAAiB,IAAIZ,EAAAA,cAG1B,EAAKa,KAAO,CACVC,iBAAkBA,EAAAA,iBAAiBvb,KAAK,MAAM,EAAF,gBAC5C,CACJ,CAoBC,OApBA,wCAED,SAAWgB,GACT9C,KAAKoB,QAAQ0B,QAAU1C,OAAOC,OAAO,CAAC,EAAGL,KAAKoB,QAAQ0B,QAASA,EACjE,GAAC,6BAED,WAGE,OAAO9C,KAAKoB,QAAQkc,OAAQnG,MAAM,YAAY,EAChD,GAAC,uBAED,SAAUzU,GACR,IAAIvB,EAAM,0BAA2B,EAAAkE,EAAAA,eAAc3C,GAMnD,OAAO,EAAAd,EAAAA,KAAI5B,KAAMmB,EALH,CACZ2B,QAAS,CACP,OAAU,yBAIhB,KAAC,EAlCI,CAA2BR,EAoCpC,iGAlDA,SACA,UACA,SACA,0FCMO,WAEL,OAAO,SAAP,0BAJ+C,IAI/C,GAJ+C,EAI/C,EAJ+C,kbAY7C,WAAYzB,GAAW,MAOW,OAPX,qBACrB,cAAMA,IAAM,0UACZ,EAAKyc,OAASzc,EAAKyc,OACnB,EAAKC,kBAAoB1c,EAAK0c,kBAC9B,EAAKza,QAAUjC,EAAKiC,QACpB,EAAK0a,kBAAoB3c,EAAK2c,mBAAqBC,EAAAA,QACnD,EAAKC,wBAA0B7c,EAAK6c,wBACpC,EAAKC,UAAY9c,EAAK8c,UAAU,CAClC,CAAC,uBAhBI,EAD2B,EAAAC,EAAAA,mCAmBpC,iGAxBA,UAEA,oEC0QO,SAAa/d,EAA4BsB,EAAaC,GAE3D,IAAIkP,EAAa,CACfnP,IAFFA,GAAM,EAAA0c,EAAAA,eAAc1c,GAAOA,EAAMtB,EAAI4B,kBAAoBN,EAGvD6Z,OAAQ,OAGV,OADA5a,OAAOC,OAAOiQ,EAAYlP,GACnB0c,EAAYje,EAAKyQ,EAC1B,yBAEO,SAAczQ,EAA4BsB,EAAaN,EAAoBO,GAEhF,IAAI2c,EAAc,CAChB5c,IAFFA,GAAM,EAAA0c,EAAAA,eAAc1c,GAAOA,EAAMtB,EAAI4B,kBAAoBN,EAGvD6Z,OAAQ,OACRna,KAAMA,EACNuF,gBAAgB,GAGlB,OADAhG,OAAOC,OAAO0d,EAAa3c,GACpB0c,EAAYje,EAAKke,EAC1B,gCA7RA,SACA,UAYA,UACA,SAAwC,qrBAIxC,IACIC,EADAC,EAA4B,GAE5B,EAAA3D,EAAAA,eACF2D,EAA4BtT,KAAKmC,MACjCkR,EAAiC,WAC1B3S,SAAS6S,SACZD,EAA4BtT,KAAKmC,MAErC,EACAzB,SAAS8S,iBAAiB,mBAAoBH,IAGhD,IAAMI,EAAc,SAACve,EAA4BkP,GAA2D,YAC1G,GAAIA,aAAiB0D,MAGnB,OAAO,IAAIgF,EAAAA,aAAa,CACtBG,aAAc7I,EAAM4I,UAIxB,IACI/Q,EADAyR,EAAqBtJ,EAErBsP,EAAiC,CAAC,EACtC,GAAIhG,EAAK8D,eAAgB,EAAAmC,EAAAA,UAASjG,EAAK8D,cACrC,IACEkC,EAAYnU,KAAKC,MAAMkO,EAAK8D,aAC9B,CAAE,MAAOlX,GACPoZ,EAAY,CACVzG,aAAc,gBAElB,CAGES,EAAKlY,QAAU,MACjBke,EAAUzG,aAAe,iBAGvB/X,EAAIuB,QAAQmc,oBACdlF,EAAOxY,EAAIuB,QAAQmc,mBAAkB,EAAA5a,EAAAA,OAAM0V,KAI7C,IAAMkG,EAAoE,QAAvD,EAAGhG,EAAAA,aAAaiG,yBAA6B,QAAL,EAACnG,SAAI,aAAJ,EAAMvV,gBAAQ,QAAI,GAQ9E,GALE8D,EADEyX,EAAUtP,OAASsP,EAAU/F,kBACzB,IAAIH,EAAAA,WAAWkG,EAAUtP,MAAOsP,EAAU/F,kBAAmBD,GAE7D,IAAIZ,EAAAA,aAAa4G,EAAuBhG,EAAM,CAAEkG,cAAAA,IAGpDA,IAAqB,QAAJ,EAAAlG,SAAI,aAAJ,EAAMlY,SAAU,MAAW,QAAJ,EAAAkY,SAAI,aAAJ,EAAMlY,QAAS,IAAK,CAC9D,IAAMse,EAAalG,EAAAA,aAAamG,YAAYH,GAE5C,GAAoB,MAAhBlG,EAAKlY,QAAwC,yCAAtBse,aAAU,EAAVA,EAAY1P,OAAiD,CAEtF,MAAgC0P,EAAWhG,WAAnCkG,EAAO,EAAPA,QAASC,EAAU,EAAVA,WACjBhY,EAAM,IAAI6Q,EAAAA,aACR,CACEG,aAAc6G,EAAW1P,MACzBiJ,YAAa,CAAC,CAAEJ,aAAc6G,EAAW9F,oBAE3CN,EAAI,GAGFsG,SAAUA,GAENC,GAAc,CAAEA,WAAAA,IAG1B,KACgC,UAAvBH,aAAU,EAAVA,EAAYjG,UACnB5R,EAAM6X,EAMV,CAEA,OAAO7X,CACT,EAGO,SAASkX,EAAYje,EAA4BuB,GAAuC,MAG7F,GAFAA,EAAUA,GAAW,CAAC,EAElBvB,EAAIuB,QAAQsc,wBAAyB,KACsB,EADtB,EA3FH,25BA2FG,CACb7d,EAAIuB,QAAQsc,yBAAuB,IAA7D,IAAK,EAAL,sBACEmB,EADoB,SACRzd,EACb,+BACH,CAEA,IAAID,EAAMC,EAAQD,IACd6Z,EAAS5Z,EAAQ4Z,OACjBna,EAAOO,EAAQP,KACfuF,EAAiBhF,EAAQgF,eACzB0I,EAAc1N,EAAQ0N,YACtBzN,GAA8C,IAA5BD,EAAQC,gBAE1BM,EADc9B,EAAIuB,QAAQM,YACHC,QACvBmd,EAAYjf,EAAIkf,eAAeC,aAAanf,EAAIuB,QAAQ6d,SACxD5Y,EAAgBjF,EAAQiF,cACxBsX,EAAiC,QAAxB,EAAG9d,EAAIuB,QAAQuc,iBAAS,QAAI,EAEzC,GAAIvc,EAAQ8d,cAAe,CACzB,IACIC,EADgBL,EAAUM,aACKje,GACnC,GAAIge,GAAkBxU,KAAKmC,MAAM,IAAOqS,EAAe3V,UACrD,OAAO9I,QAAQC,QAAQwe,EAAexD,SAE1C,CAEA,IACI7Y,EAAuB,EAAH,CACtB,OAAU,mBACV,eAAgB,oBAHQjD,EAAIsd,eAAekC,iBAM7Cjf,OAAOC,OAAOyC,EAASjD,EAAIuB,QAAQ0B,QAAS1B,EAAQ0B,SACpDA,GAAU,EAAAsE,EAAAA,YAAWtE,GAEjBgM,IAAe,EAAAwP,EAAAA,UAASxP,KAC1BhM,EAAuB,cAAI,UAAYgM,GAGzC,IAMIlI,EAAK7G,EAAKuf,EANVC,EAA4B,CAC9Bzc,QAAAA,EACA7C,KAAMY,QAAQX,EACdmB,gBAAAA,GAKF,GAAIgF,IAAiB,EAAAiU,EAAAA,cAAeqD,EAAY,EAAG,CACjD,IAAI6B,EACAC,EACAC,EACAzZ,EAAa,EAKjBwZ,EAAwB,WACtB,IAAME,EAA6BhV,KAAKmC,MAAQmR,EAChD,OAAI0B,EAA6BhC,EACxB,IAAIjd,SAAc,SAACC,GAAO,OAAKuL,YAAW,WAC1Cb,SAAS6S,OAGZvd,EAAQ6e,KAFR7e,GAIJ,GAAGgd,EAAYgC,EAA2B,IAEnCjf,QAAQC,SAEnB,EAGA6e,EAAkC,WAE9B,IAAII,EADN,OAAIvU,SAAS6S,OAEJ,IAAIxd,SAAc,SAACC,GACxBif,EAAwB,WACjBvU,SAAS6S,SACZ7S,SAASwU,oBAAoB,mBAAoBD,GACjDjf,EAAQ8e,KAEZ,EACApU,SAAS8S,iBAAiB,mBAAoByB,EAChD,IAEOH,GAEX,EAKA,IAAMK,EAAiB,WACrB,OAAOjgB,EAAIuB,QAAQoc,kBAAmBxC,EAAS7Z,EAAMoe,GAAa5Y,OAAM,SAACC,GAEvE,GADwC,iBAAjBA,aAAG,EAAHA,EAAK+Q,UACN1R,EAAa8Z,EAAAA,oBAEjC,OADA9Z,IACOyZ,IAET,MAAM9Y,CACR,GACF,EAQA0Y,GAJAI,EAAiB,WACf,OAAOF,IAAkCte,KAAK4e,EAChD,IAGF,MACER,EAAUzf,EAAIuB,QAAQoc,kBAAmBxC,EAAS7Z,EAAMoe,GAG1D,OAAOD,EACJpe,MAAK,SAASmX,GAgCb,OA/BAtY,EAAMsY,EAAK8D,gBACA,EAAAmC,EAAAA,UAASve,KAClBA,EAAMmK,KAAKC,MAAMpK,KACS,YAAf,aAAOA,KAAqBA,EAAI+C,UACrCK,MAAMC,QAAQrD,GAChBA,EAAI+J,SAAQ,SAAAkW,GACVA,EAAKld,QAAUuV,EAAKvV,OACtB,IAEA/C,EAAI+C,QAAUuV,EAAKvV,SAKrBsD,IACGrG,EAAIQ,YACPoB,EAAQgI,OAAO9H,EAAAA,uBAIf9B,GAAOA,EAAIQ,YAAcR,EAAIyJ,WAC/B7H,EAAQ8H,IAAI5H,EAAAA,qBAAsB9B,EAAIQ,WAAYR,EAAIyJ,UAAW3J,EAAIuB,QAAQ6d,SAG3Elf,GAAOqB,EAAQ8d,eACjBJ,EAAUmB,cAAc9e,EAAM,CAC5BqI,UAAWzC,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAAQqT,EAAAA,uBACzCxE,SAAU5b,IAIPA,CACT,IACC4G,OAAM,SAAS0R,GAOd,KAJsB,cAFtBzR,EAAMwX,EAAYve,EAAKwY,IAEfR,WACNlW,EAAQgI,OAAO9H,EAAAA,sBAGX+E,CACR,GACJ,mGChRO,WAQL,OAAO,SAAP,0BAXgD,IAWhD,GAXgD,EAWhD,EAXgD,kbAa9C,WAAYxF,GAAoC,wCACxCA,EACR,CAuDC,OAvDA,mCAED,WAAiD,IAA3CA,EAAuC,UAAH,6CAAG,CAAC,GAC5C,gEAAYA,IAEqB,IAA7BA,EAAQgf,kBACVpgB,KAAKogB,kBAET,GAAC,6BAED,SAAgBngB,GACd,GAAKD,KAAKqgB,iBAAV,CAGA,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBAC/B3e,GAGLA,EAAQ4e,WAAWtgB,EALnB,CAMF,GAAC,6BAGD,SAAgBmB,GACd,IAAKpB,KAAKqgB,iBACR,OAAO,KAET,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBACpC,IAAK3e,EACH,OAAO,KAET,IAAM6e,EAAc7e,EAAQyd,aAC5B,IAAKoB,KAAgB,EAAAC,EAAAA,kBAAiBD,EAAYE,gBAChD,OAAO,KAGT,GAAItf,EAAS,CACX,IAAQuf,EAAmCvf,EAAnCuf,YAAaC,EAAsBxf,EAAtBwf,kBAErB,IAAKxf,EAAQyf,sBAAwBF,GAAeH,EAAYG,cAAgBA,EAC9E,OAAO,KAET,GAAIC,GAAqBJ,EAAYI,oBAAsBA,EACzD,OAAO,IAEX,CAEA,OAAOJ,CACT,GAAC,8BAED,WACE,GAAKxgB,KAAKqgB,iBAAV,CAGA,IAAM1e,EAAU3B,KAAK+e,eAAeuB,wBACpC3e,SAAAA,EAASmf,cAFT,CAGF,KAAC,EA3DI,EADoB,EAAAC,EAAAA,4BA8D7B,oFA1EA,SAEA,yECgB4B,SAEO,GAAD,2EARlC,UAMA,UAA4B,2kBAEM,aAUjC,OAViC,gCAA3B,WACL/D,GAAgC,yFAI/B,OAJiC5b,EAAiC,EAAH,6BAAG,CAAC,GAExD4f,WAAa5f,EAAQ6f,gBAC/B7f,EAAQ6f,cAAgBC,EAAAA,iBAAiBC,eAC1C,mBACM,EAAAC,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAM,mBACN,2CACH,4ICxBqBC,GAAa,cAGjC,WAAYL,IAAiC,uDAC3CjhB,KAAK0X,KAAOuJ,CACd,IAAC,2KCZ0D,+kBAUhDM,EAAY,mCAVoC,IAUpC,GAVoC,EAUpC,EAVoC,kbAUpC,iEAmCtB,OAnCsB,uCACvB,SAAU/P,GACR,SAAUA,EAAOkK,aAAelK,EAAOwP,UAAYxP,EAAOgQ,SAC5D,GAAC,4BAED,SAAehQ,GACb,IAAQkK,EAAoDlK,EAApDkK,YAAasF,EAAuCxP,EAAvCwP,SAAUQ,EAA6BhQ,EAA7BgQ,SAAUC,EAAmBjQ,EAAnBiQ,eACzC,GAAK/F,GAAgBsF,GAAaQ,EAGlC,OAAO9F,GAAe,CACpB8F,SAAUA,GAAYR,EACtBS,eAAAA,EAEJ,GAAC,uBAED,SAAUC,GAAqB,QACvBC,EAAS,CAAC,EAAD,KACc,QADd,EACVD,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM,IAAE,IACrCjF,KAAM,WACNiB,KAAM,SACNsc,SAAUH,EAAoBG,YAahC,OAX+C,QAA3B,EAAGH,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM/E,MACrD,SAAAsd,GAAK,MAAmB,mBAAfA,EAAMxd,IAAyB,MAGxCqd,EAAOle,KAAK,CACVa,KAAM,iBACNiB,KAAM,UACNwc,MAAO,mCACPF,UAAU,IAGPF,CACT,KAAC,EAnCsB,CAVzB,QAUkCL,eAAa,+JCTiC,IAMnEU,EAAc,mCANqD,IAMrD,GANqD,EAMrD,EANqD,kbAMrD,iEAOxB,OAPwB,4CACzB,SAAexQ,GACb,IAAQyQ,EAAqBzQ,EAArByQ,iBACR,GAAKA,EAGL,MAAO,CAAEC,KAAMD,EACjB,KAAC,EAPwB,CAN3B,QAMoCE,+BAA6B,6KCPJ,IAShDC,EAA0B,mCATsB,IAStB,GATsB,EAStB,EATsB,kbAStB,iEA4BpC,OA5BoC,uCACrC,SAAU5Q,GACR,IAAQkK,EAAgBlK,EAAhBkK,YACR,GAAIA,GAAeA,EAAY2G,aAAe3G,EAAY4G,OACxD,OAAO,EAET,IAAQD,EAAkC7Q,EAAlC6Q,YAAaE,EAAqB/Q,EAArB+Q,SAAUD,EAAW9Q,EAAX8Q,OAC/B,SAAUD,IAAeC,OAAcC,IAAYD,EACrD,GAAC,4BAED,SAAe9Q,GACb,IAAQ6Q,EAAkC7Q,EAAlC6Q,YAAaE,EAAqB/Q,EAArB+Q,SAAUD,EAAW9Q,EAAX8Q,OAC/B,GAAKA,IAAYD,GAAgBE,GAGjC,MAAO,CACLF,YAAaE,EAAW,SAAWF,EACnCE,SAAAA,EACAD,OAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAEhe,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,GACjD,CAAEvd,KAAM,WAAYiB,KAAM,SAAUwc,MAAO,8BAC3C,CAAEzd,KAAM,SAAUiB,KAAM,SAAUwc,MAAO,SAAUF,UAAU,GAEjE,KAAC,EA5BoC,CATvC,QASgDP,eAAa,2LCRA,IAOhDkB,EAA4B,mCAPoB,IAOpB,GAPoB,EAOpB,EAPoB,kbAOpB,iEAyBtC,OAzBsC,uCACvC,SAAUhR,GACR,IAAQkK,EAAgBlK,EAAhBkK,YACR,SAAIA,IAAeA,EAAY4G,WAGZ9Q,EAAX8Q,MAEV,GAAC,4BAED,SAAe9Q,GACb,IAAQ8Q,EAAW9Q,EAAX8Q,OACR,GAAKA,EAGL,MAAO,CACLD,YAAariB,KAAK0X,KAAK+K,eAAgBC,iBAAkBL,YACzDC,OAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAEhe,KAAM,SAAUiB,KAAM,SAAUwc,MAAO,SAAUF,UAAU,GAEjE,KAAC,EAzBsC,CAPzC,QAOkDP,eAAa,2MCRF,+kBAehDa,EAA6B,mCAfmB,IAenB,GAfmB,EAenB,EAfmB,kbAenB,iEAoBvC,OApBuC,uCACxC,SAAU3Q,GACR,SAAUA,EAAOkK,aAAclK,EAAOyQ,kBAAoBzQ,EAAOmR,IACnE,GAAC,4BAED,SAAenR,GACb,IAAQkK,EAAuClK,EAAvCkK,YAAauG,EAA0BzQ,EAA1ByQ,iBAAkBU,EAAQnR,EAARmR,IACvC,GAAKjH,GAAgBuG,GAAqBU,EAG1C,OAAOjH,GAAe,CAAE8F,SAAUS,GAAoBU,EACxD,GAAC,uBAED,SAAUjB,GAAqB,MAC7B,OAAO,EAAP,KAC6B,QAD7B,EACKA,EAAoBE,YAAI,aAAxB,EAA0BrY,MAAM,IAAE,IACrCjF,KAAM,mBACNiB,KAAM,SACNsc,SAAUH,EAAoBG,UAElC,KAAC,EApBuC,CAf1C,QAemDP,eAAa,iMCfH,kOAUhDsB,EAAkB,mCAV8B,IAU9B,GAV8B,EAU9B,EAV8B,kbAU9B,iEAyB5B,OAzB4B,uCAC7B,SAAUpR,GACR,IACMvO,EADkBuO,EAAhBkK,aACmBlK,EACnBqR,EAA4B5f,EAA5B4f,WAAYC,EAAgB7f,EAAhB6f,YACpB,SAAUD,IAAcC,EAC1B,GAAC,4BAED,SAAetR,GACb,IAAQkK,EAAqDlK,EAArDkK,YAAamH,EAAwCrR,EAAxCqR,WAAYC,EAA4BtR,EAA5BsR,YAAaC,EAAevR,EAAfuR,WAC9C,GAAKrH,GAAgBmH,GAAeC,EAGpC,OAAOpH,GAvBkD,2WAuBnC,CAAJ,CAChBmH,WAAAA,EACAC,YAAAA,GACIC,GAAc,CAAEA,WAAAA,GAExB,GAAC,uBAED,WACE,MAAO,CACL,CAAEze,KAAM,aAAciB,KAAM,SAAUsc,UAAU,EAAMmB,SAAS,EAAOjB,MAAO,eAC7E,CAAEzd,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,EAAMmB,SAAS,EAAOjB,MAAO,eAElF,KAAC,EAzB4B,CAV/B,QAUwCT,eAAa,2KCVQ,IAUhD2B,EAAoB,mCAV4B,IAU5B,GAV4B,EAU5B,EAV4B,kbAU5B,iEA0B9B,OA1B8B,uCAC/B,SAAUzR,GACR,IACMvO,EADkBuO,EAAhBkK,aACmBlK,EACnBqR,EAAiD5f,EAAjD4f,WAAYK,EAAqCjgB,EAArCigB,kBAAmBC,EAAkBlgB,EAAlBkgB,cACvC,SAAUN,GAAcK,GAAqBC,EAC/C,GAAC,4BAED,SAAe3R,GACb,IAAQkK,EAA8DlK,EAA9DkK,YAAawH,EAAiD1R,EAAjD0R,kBAAmBL,EAA8BrR,EAA9BqR,WAAYM,EAAkB3R,EAAlB2R,cACpD,GAAKzH,GAAgBwH,GAAsBL,GAAeM,EAG1D,OAAOzH,GAAgB,CACrBwH,kBAAAA,EACAL,WAAAA,EACAM,cAAAA,EAEJ,GAAC,uBAED,WACE,MAAO,CACL,CAAE7e,KAAM,oBAAqBiB,KAAM,SAAUwc,MAAO,qBAAsBF,UAAU,EAAMmB,SAAS,GACnG,CAAE1e,KAAM,aAAciB,KAAM,SAAUwc,MAAO,cAAeF,UAAU,EAAMmB,SAAS,GACrF,CAAE1e,KAAM,gBAAiBiB,KAAM,SAAUwc,MAAO,iBAAkBF,UAAU,EAAMmB,SAAS,GAE/F,KAAC,EA1B8B,CAVjC,QAU0C1B,eAAa,+ECEhD,SAA0B8B,GAAiD,QAC1EC,EAAYD,EAAYC,UACxB9Z,GAAQ8Z,aAAS,EAATA,EAAW9Z,QAAS,CAAC,EACnC,OAAQA,EAAM3F,KACZ,KAAKsd,EAAAA,iBAAiBC,cACpB,OAAO,IAAII,EAAAA,aAAahY,GAC1B,KAAK2X,EAAAA,iBAAiBoC,kBACpB,OAAwB,QAAxB,EAAI/Z,EAAMkZ,sBAAc,OAApB,EAAsBC,iBACjB,IAAIF,EAAAA,6BAA6BjZ,GAEjC,IAAI6Y,EAAAA,2BAA2B7Y,GAE1C,KAAK2X,EAAAA,iBAAiBqC,YACpB,OAAO,IAAIvB,EAAAA,eAAezY,GAC5B,KAAK2X,EAAAA,iBAAiBsC,SACpB,OAAwB,QAAxB,EAAIja,EAAMkZ,sBAAc,OAApB,EAAsBgB,cACjB,IAAIR,EAAAA,qBAAqB1Z,GAEzB,IAAIqZ,EAAAA,mBAAmBrZ,GAElC,QACE,OAAO,IAAI4Y,EAAAA,8BAA8B5Y,GAE/C,EAnCA,cAEA,UACA,UACA,UACA,UACA,UACA,UAEA,6CCTA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,+OCUO,SAA+Bma,EAAOC,GAC3C,SAAKD,IAAUC,KAIXD,EAAME,IAAMD,EAAMC,GACZF,EAAME,KAAOD,EAAMC,MAGzBF,EAAM9f,MAAO+f,EAAM/f,MACb8f,EAAM9f,MAAQ+f,EAAM/f,IAGhC,sBAGO,SAA2BigB,EAAgBziB,GAChD,IAAI0iB,EACoC,EAD7B,EAlC6C,03BAkC7C,CACeD,GAAc,yBAA/B5C,EAAa,QAGpB,GAFA6C,EAAS1iB,EACNoD,MAAK,gBAAG6e,EAAS,EAATA,UAAS,OAAOA,EAAUzf,KAAOyf,EAAUzf,MAAQqd,EAAcrd,GAAG,IAE7E,aACD,EALH,IAAK,EAAL,qBAA0C,gBAMzC,+BACD,OAAOkgB,CACT,wBAzCO,SAA6BC,GAClC,IAAI9C,EACJ,IAAK,EAAA+C,EAAAA,iBAAgBD,GACnB9C,EAAgB8C,MACX,IAAwB,iBAAbA,EAKhB,MAAM,IAAItR,MAAM,oCAJhBwO,EAAgB,CACdrd,IAAKmgB,EAIT,CACA,OAAO9C,CACT,EAdA,cAA0D,qKCcZ,SAElB,gFAH5B,UACA,UAA8C,2kBAElB,aAQ3B,OAR2B,gCAArB,WAAuBjE,EAAkC5b,GAAuB,+EAEzB,OADtDsW,EAAOsF,EAAWiH,mBAAmBC,OACrCC,GAAW,EAAAC,EAAAA,sBAAqBpH,EAAYtF,EAAK2J,MAAK,mBACrD,EAAAD,EAAAA,KAAIpE,EAAY,EAAF,OAChB5b,GACA+iB,GAAQ,IACXE,QAAS,CAAC,cACV,4CACH,sICmBA,SAE+C,EAAD,0FAdxC,SAAoCtV,GACzC,MAAuB,6BAAfA,EAAMzK,IAChB,wJAlBA,YACA,UAA4D,IAG/CggB,EAAwB,mCAHuB,IAGvB,GAHuB,EAGvB,EAHuB,kbAO1D,WAAY3V,EAAegU,GAAa,MAIvB,OAJuB,qBACtC,sEAAuDA,KAAO,2FAC9D,EAAKre,KAAO,2BACZ,EAAKqK,MAAQA,EACb,EAAKgU,IAAMA,EAAI,CACjB,CAAC,uBATkC,CAAS1K,EAAAA,SAiBvC,SAASsM,EAAuBC,GACrC,MAAO,UAAUnK,KAAKmK,IAAY,YAAYnK,KAAKmK,EACrD,CAGO,SAASC,EAAyBD,GACvC,OAAO,EAAAE,EAAAA,mBAAkBF,EAC3B,CAE+C,aAW9C,OAX8C,gCAAxC,WAAyCxH,EAAkC2H,GAAc,qFAC1FJ,EAAsBI,GAAS,CAAF,eACb,GADa,EACRF,EAAyBE,GAAxChW,EAAK,EAALA,MAAOgU,EAAG,EAAHA,KACX3F,EAAW4H,IAAIC,WAAW,CAAElW,MAAAA,IAAU,CAAF,+BAEzBqO,EAAW4H,IAAIE,QAAQ,CAAEnW,MAAAA,EAAOgU,IAAAA,IAAM,qDAG7C,IAAI2B,EAAyB3V,EAAOgU,GAAI,4CAGnD,sBArCwD,0FCLlD,SAML/P,EACA1L,EACA2L,GAMA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GACjCI,GAAY,EAAA0R,EAAAA,mBAA+B5R,EAAaN,GAG9D,OADgB,EAAAmS,EAAAA,iBAAgB3R,EAElC,EA7BA,cACA,UACA,SACA,UACA,UACA,iECDO,SAMLT,EACA1L,EACA2L,GAIA,IAAMoS,GAAO,EAAAC,EAAAA,oBACXtS,EACA1L,EACA2L,GAGF,OADgB,EAAAsS,EAAAA,UAASF,EAE3B,EA9BA,cAOA,0ECuCO,SAAsBplB,IAC3B,EAAAulB,EAAAA,mBAAkB,CAChBC,YAAAA,EACAjB,qBAAAA,EAAAA,uBAEF,IAAMkB,EAAwBC,EAAAA,iBAAiBzjB,KAAK,KAAMjC,GA2C1D,MA1CY,CACV2lB,SAAUA,EAAAA,SAAS1jB,KAAK,KAAMjC,GAC9BsC,WAAYA,EAAAA,WAAWL,KAAK,KAAMjC,GAClC4lB,gBAAiBC,EAAAA,aAAa5jB,KAAK,KAAMjC,GAEzC8lB,aAAcA,EAAAA,aAAa7jB,KAAK,KAAMjC,GACtC+lB,SAAUA,EAAAA,SAAS9jB,KAAK,KAAMjC,GAC9BmS,MAAOsT,EACPC,iBAAkBD,EAClB9f,KAAMA,EAAAA,KAAK1D,KAAK,KAAMjC,GACtBilB,QAASA,EAAAA,QAAQhjB,KAAK,KAAMjC,GAC5BY,OAAQA,EAAAA,OAAOqB,KAAK,KAAMjC,GAC1BgmB,gBAAiBA,EAAAA,gBAAgB/jB,KAAK,KAAMjC,GAG5CimB,8BAA+BA,EAAAA,8BAA8BhkB,KAAK,KAAMjC,GAGxEkmB,sBAAuBA,EAAAA,sBAAsBjkB,KAAK,KAAMjC,GACxDmmB,2BAAAA,EAAAA,2BAGAC,0BAA2BA,EAAAA,0BAA0BnkB,KAAK,KAAMjC,GAChE0kB,sBAAAA,EAAAA,sBACAE,yBAAAA,EAAAA,yBACAyB,2BAAAA,EAAAA,2BAEAC,wBAAyBA,EAAAA,wBAAwBrkB,KAAK,KAAMjC,GAC5DumB,sBAAuBA,EAAAA,sBAAsBtkB,KAAK,KAAMjC,GACxDwmB,mBAAoBA,EAAAA,mBAAmBvkB,KAAK,KAAMjC,GAClDymB,oBAAqBA,EAAAA,oBAAoBxkB,KAAK,KAAMjC,GACpD0mB,qBAAsBA,EAAAA,qBAAqBzkB,KAAK,KAAMjC,GACtD2mB,uBAAAA,EAAAA,uBACAC,QAAS,SAACpF,GACRxhB,EAAIuB,QAAQigB,KAAOA,CACrB,EACAqF,QAAS,WACP,OAAO7mB,EAAIuB,QAAQigB,IACrB,EACAwD,WAAYA,EAAAA,WAAW/iB,KAAK,KAAMjC,GAClC8mB,cAAeA,EAAAA,cAAc7kB,KAAK,KAAMjC,GAG5C,EAlFA,cACA,UACA,UACA,UAMA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UASA,UACA,EAE4C,qbAF5C,UACA,UACA,UAA4C,mKC3C5C,oLACA,oLACA,4OCyBO,SAA6B+mB,GAClC,IAAM/mB,EAAM+mB,EACNtB,EAAwBC,EAAAA,iBAAiBzjB,KAAK,KAAMjC,GAgB1D,MAfY,CACV4lB,gBAAiBC,EAAAA,aAAa5jB,KAAK,KAAMjC,GAEzCmS,MAAOsT,EACPC,iBAAkBD,EAClBR,QAASA,EAAAA,QAAQhjB,KAAK,KAAMjC,GAC5BglB,WAAYA,EAAAA,WAAW/iB,KAAK,KAAMjC,GAElCsmB,wBAAyBA,EAAAA,wBAAwBrkB,KAAK,KAAMjC,GAC5DumB,sBAAuBA,EAAAA,sBAAsBtkB,KAAK,KAAMjC,GACxDwmB,mBAAoBA,EAAAA,mBAAmBvkB,KAAK,KAAMjC,GAClDymB,oBAAqBA,EAAAA,oBAAoBxkB,KAAK,KAAMjC,GACpD0mB,qBAAsBA,EAAAA,qBAAqBzkB,KAAK,KAAMjC,GACtD2mB,uBAAAA,EAAAA,uBAGJ,EAjCA,cACA,UACA,UACA,wECFA,cAUaK,EAAqC,CAChD,SAAYC,EAAAA,SAIZ,sCAAuCC,EAAAA,iCACvC,oCAAqCC,EAAAA,gCACrC,0BAA2BC,EAAAA,uBAC3B,iBAAkBC,EAAAA,cAClB,kCAAmCC,EAAAA,8BACnC,iCAAkCC,EAAAA,8BAClC,qFCrBF,cAkBaC,EAAsC,CACjD,SAAYP,EAAAA,SACZ,oCAAqCE,EAAAA,gCACrC,8BAA+BM,EAAAA,0BAC/B,gCAAiCC,EAAAA,4BACjC,kCAAmCJ,EAAAA,8BACnC,uBAAwBK,EAAAA,oBACxB,0BAA2BP,EAAAA,uBAC3B,iBAAkBC,EAAAA,cAClB,yBAA0BO,EAAAA,sBAC1B,iCAAkCL,EAAAA,6BAClC,cAAeM,EAAAA,WACf,4BAA6BC,EAAAA,wBAC7B,0BAA2BC,EAAAA,sBAC3B,eAAgBC,EAAAA,YAChB,KAAQC,EAAAA,MACR,iFCzCK,SACLC,GAEmB,IACf1C,EAAahB,EAFjBhD,EAAuB,UAAH,6CAAG,UAEGhgB,GAAkB,EAC5C,OAAQggB,GACN,IAAK,WACL,IAAK,SACL,IAAK,gBACHgE,EAAc2C,EAAAA,iBACd3mB,GAAkB,EAClB,MACF,IAAK,kBACL,IAAK,gBACHgkB,EAAc4C,EAAAA,qBACd5D,EAAU,CACR,+BACA,0CAEFhjB,GAAkB,EAClB,MACF,IAAK,gBACHgkB,EAAcwB,EAAAA,kBACdxlB,GAAkB,EAClBgjB,EAAU,CACR,kBAEF,MAMF,QAEEgB,EAAcgC,EAAAA,mBAGlB,MAAO,CAAEhG,KAAAA,EAAMgE,YAAAA,EAAahB,QAAAA,EAAShjB,gBAAAA,EACvC,EA7CA,cACA,UACA,UACA,2ECUA,cAaa4mB,EAAwC,CACnD,SAAYnB,EAAAA,SACZ,oBAAqBA,EAAAA,SACrB,oCAAqCE,EAAAA,gCACrC,8BAA+BM,EAAAA,0BAC/B,0BAA2BL,EAAAA,uBAC3B,kCAAmCE,EAAAA,8BACnC,gCAAiCI,EAAAA,4BACjC,sBAAuBW,EAAAA,mBACvB,yBAA0BT,EAAAA,sBAC1B,iCAAkCL,EAAAA,6BAClC,cAAeM,EAAAA,YACf,sFCzBF,cAYaM,EAAoC,CAC/C,wBAAyBG,EAAAA,oBACzB,iBAAkBC,EAAAA,cAClB,gCAAiCb,EAAAA,4BACjC,8BAA+BD,EAAAA,0BAC/B,cAAeI,EAAAA,WACf,4BAA6BC,EAAAA,wBAC7B,0BAA2BC,EAAAA,sBAC3B,uBAAwBJ,EAAAA,oBACxB,KAAQM,EAAAA,MACR,0ECxBF,oLACA,oLACA,oLACA,oLACA,oLACA,qQCJqD,SAID,EAAD,iEAJnD,UAImD,aAqClD,OArCkD,gCAA5C,WACL9K,EACA7b,GAAW,+FAEsC,GAA3CuW,EAAOsF,EAAWiH,mBAAmBC,OAChC,CAAF,qBACD,IAAIljB,EAAAA,aAAa,4CAA2C,OAgB7B,GAZrCqnB,EAEE3Q,EAFF2Q,aACOC,EACL5Q,EADF/I,MAAK,EAMH,IAAI4Z,IAAIpnB,GAHVqnB,EAAY,EAAZA,aAII7Z,EAAQ6Z,EAAa5mB,IAAI,SACzB6mB,EAAkBD,EAAa5mB,IAAI,sBAGnCmN,EAAQyZ,EAAa5mB,IAAI,UACpB,CAAF,sBAED,IAAIuW,EAAAA,WAAWpJ,EAAOyZ,EAAa5mB,IAAI,sBAAsB,WAEjE+M,IAAU2Z,EAAU,uBAChB,IAAItnB,EAAAA,aAAa,+DAA8D,WAElFynB,EAAiB,CAAF,sBACZ,IAAIznB,EAAAA,aAAa,iDAAgD,yBAIhDgc,EAAWjP,MAAM2a,sBAAsB,CAAED,gBAAAA,EAAiBJ,aAAAA,IAAe,iBAA1FxU,EAAM,EAANA,OACRmJ,EAAWpP,aAAakG,UAAUD,GAAQ,6CAC3C,uFCvBM,SACLmJ,EACA0D,EACAiI,EACAC,GACa,MACP9L,EAAiC,QAA1B,EAAG4D,aAAc,EAAdA,EAAgB5D,eAAO,QAAI+L,EAAAA,gBAI3C,OAHAC,EAAsBhM,IAGf4I,EADkBqD,EAAkBjM,GAAnC4I,cACY1I,EAAY0D,EAAgBiI,EAAWC,EAC7D,uDAxCA,cACA,YAGaG,EAAoB,SAA4BjM,GAC3D,OAAQA,GACN,IAAK,QACH,OAAOkM,EAAAA,QACT,UAAK9oB,EACL,KAAK,KACH,MAAM,IAAIuS,MAAM,2BAClB,QACE,MAAM,IAAIA,MAAM,wBAAD,OAAyBqK,EAAO,oCAErD,EAEO,SAASgM,EAAsBhM,GACpC,IAAMA,EACJ,MAAM,IAAIrK,MAAM,uBAIlB,IADsBqK,QAAAA,EAAW,IAAI7S,QAAQ,kBAAmB,MAC1C6S,IAAYA,EAChC,MAAM,IAAIrK,MAAM,yEAGlBsW,EAAkBjM,EACpB,CAbE,qmCCFF,IAAMmM,EAAiB,SAAwBC,GAE7C,OAA2B,IAAlBA,EAAMC,OACjB,EAEMC,EAAuC,SAA+CC,GAC1F,IAAMC,EAAyB,CAAC,EAC1BC,EAAwB,GACxBC,EAA2B,CAAC,EAIlC,IAAKH,EAAO9f,MAEV,OADAggB,EAAsB9lB,KAAK4lB,GACpB,CAAEC,uBAAAA,EAAwBC,sBAAAA,EAAuBC,yBAAAA,GACzD,IAE8B,EAF9B,IAEkBH,EAAO9f,OAAK,IAA/B,IAAK,EAAL,qBAAkC,KAED,EAQxB,EAVC2f,EAAK,QAERD,EAAgBC,IAEnBK,EAAsB9lB,KAAKylB,GAEX,QAAhB,EAAKA,EAAM3f,aAAK,WACd+f,EAAuBJ,EAAM5kB,MAAQ4kB,EAAM3f,QAI7CigB,EAAyBN,EAAM5kB,MAAmB,QAAd,EAAG4kB,EAAM3f,aAAK,QAAI,EAE1D,CAAC,+BACD,MAAO,CAAE+f,uBAAAA,EAAwBC,sBAAAA,EAAuBC,yBAAAA,EAC1D,EAqBE,iCAnB4C,SAAyCC,GAGrF,IAI8B,EAJxBC,EAAe,GACfC,EAAgB,CAAC,EACjBC,EAAkB,CAAC,EAAE,IAH3BH,EAAatmB,MAAMC,QAAQqmB,GAAcA,EAAa,CAAEA,IAK1B,IAA9B,IAAK,EAAL,qBAAiC,KAAvBJ,EAAM,QACd,EAIID,EAAqCC,GAHvCC,EAAsB,EAAtBA,uBACAC,EAAqB,EAArBA,sBACAC,EAAwB,EAAxBA,yBAEFE,EAAajmB,KAAK8lB,GAClBI,EAAcN,EAAO/kB,MAAQglB,EAC7BM,EAAgBP,EAAO/kB,MAAQklB,CACjC,CAAC,+BAED,MAAO,CAAEG,cAAAA,EAAeD,aAAAA,EAAcE,gBAAAA,EACxC,+GCtDA,UAGA,SACA,aAAwD,2kBAExD,IAAMC,EAAsB,SAA6B7M,EAAkC,GAKrE,IAJpB8M,EAAgB,EAAhBA,iBAAgB,IAChBR,uBAAAA,OAAsB,IAAG,GAAC,EAAC,MAC3BE,yBAAAA,OAAwB,IAAG,GAAC,EAAC,MAC7Bb,UAAAA,OAAS,IAAG,GAAC,EAAC,EAERoB,EAASD,EAAiBnlB,KAChC,OAAO,EAAP,2BAAO,0HAsBF,OAtBiBI,EAA0B,EAAH,6BAAG,CAAC,EACzCjC,EAAU,CACd,eAAgB,mBAChB,OAAUgnB,EAAiBE,SAAW,wBAElC1e,EAAOpB,KAAKE,UAAU,EAAD,OACtBkf,GACAvkB,GACAykB,IACH,SAGMpoB,EAA0B,CAC9BD,IAAK4oB,EACL/O,OAAQ8O,EAAiB9O,OACzBlY,QAAAA,EACAjC,KAAMyK,EACNjK,gBAA2C,QAA5B,EAAEsnB,aAAS,EAATA,EAAWtnB,uBAAe,WAED,SAA1ByoB,EAAiBxlB,OAAwC,QAAzB,EAAIwlB,EAAiBxlB,YAAI,aAArB,EAAuB2lB,SAAS,aAEpF7oB,EAAQiF,eAAgB,GACzB,UACsB,EAAAyX,EAAAA,aAAYd,EAAY5b,GAAQ,OAAzC,OAARua,EAAW,EAAH,uBAEPqB,EAAW4H,IAAIa,gBAAgB,EAAD,GAAM9J,GAAYgN,GAAW,IAAK,qCAGjE,gBAAelR,EAAAA,SAAiB,4BAAC,KAAK5Q,IAAG,oCAe9C,OAXK8U,EAAW,KAAI9U,IACfuQ,EAAUuE,EAASU,cAAgBnS,KAAKC,MAAMwR,EAASQ,cACvDoC,EAAgB5C,EAAS7Y,QAAQ,qBAAuB6Y,EAAS7Y,QAAQ,oBAEzEonB,EAAclN,EAAW4H,IAAIa,gBAAgB,EAAD,GAAMrO,GAAWuR,GAAW,GACtD,MAApBhN,EAASxb,QAAoC,sCAAlBoe,IAK7B2L,EAAYC,QAAS,GACtB,kBAEMD,GAAW,yDAGxB,EAmCgC,UAhBN,SAA4BlN,EAAkC8M,EAAkBnB,GAGxG,IAAMyB,EAAYP,EAClB,GAAyD,EAAAQ,EAAAA,gCAAgCP,GAAjFH,EAAa,EAAbA,cAAeD,EAAY,EAAZA,aAAcE,EAAe,EAAfA,gBAE/BP,EAASe,EAAUpN,EAAY,CACnC8M,iBAAAA,EACAR,uBAAwBK,EAAcG,EAAiBxlB,MACvDklB,yBAA0BI,EAAgBE,EAAiBxlB,MAC3DqkB,UAAAA,IAGF,OADAU,EAAOK,aAAeA,EACfL,CACT,EAEgC,4KC7FhC,UACA,aACA,UACA,UAA+C,8lBAE/C,IAAMiB,EAAc,CAClB,aAAe,EACf,SAAW,GAGAC,EAAuB,SAA+BvN,EAAkCkN,GAA2C,IAAjBvB,EAAY,UAAH,6CAAG,CAAC,EACpItE,EAAU,CAAC,EACXmG,EAAU,CAAC,EA4CjB,OA1CApqB,OAAOyJ,KAAKqgB,GACTO,QAAQ,SAAAvB,GAAK,OAAKoB,EAAYpB,EAAM,IACpCpf,SAAS,SAAAof,GAGR,GAFoD,YAA9B,aAAOgB,EAAYhB,KAAyBgB,EAAYhB,GAQ9E,GAAKgB,EAAYhB,GAAOwB,IAEtBrG,EAAQ6F,EAAYhB,GAAO5kB,OAAQ,EAAAqmB,EAAAA,SAAkB3N,EAAYkN,EAAYhB,GAAQP,OAFvF,CAMA,MAA4CuB,EAAYhB,GAAzC0B,EAAU,EAAjBrhB,MAAmBhE,EAAI,EAAJA,KAASslB,GAAI,kBACxCL,EAAQtB,GAAS,EAAH,CAAK3jB,KAAAA,GAASslB,GAEd,WAATtlB,GAOLilB,EAAQtB,GAAO3f,MAAQ,CAAC,EACxBnJ,OAAO0R,QAAwB8Y,GAC5B9gB,SAAS,YAAuB,yBAArBghB,EAAQ,KAAEvhB,EAAK,KACrBA,EAAMmhB,IAIRrG,EAAQ,GAAD,OAAI6E,EAAK,YAAI4B,EAASxmB,MAAQwmB,KAAc,EAAAH,EAAAA,SAAkB3N,EAAYzT,EAAOof,GAGxF6B,EAAQtB,GAAO3f,MAAMuhB,GAAYvhB,CAErC,KAjBAihB,EAAQtB,GAAO3f,MAAQqhB,CAPzB,MAREJ,EAAQtB,GAASgB,EAAYhB,EAiCjC,IAEK,CAAEsB,QAAAA,EAASnG,QAAAA,EACpB,EAAE,yBAEF,IAAM0G,EAAkB,SAAlBA,EAAmBb,EAAa3gB,GACpCnJ,OAAOyJ,KAAKN,GAAOO,SAAQ,SAAAC,GACzB,GAAU,cAANA,EAAmB,CACrB,IAAMihB,EAAQ7nB,MAAMC,QAAQmG,EAAMQ,IAAMR,EAAMQ,GAAG,GAAKR,EAAMQ,GAC5D,GAAqB,iBAAVihB,EAAoB,CAC7B,IAAM9O,GAAS,EAAA+O,EAAAA,UAAS,CAAEvgB,KAAMsgB,EAAOlP,KAAMoO,IAC7C,GAAIhO,EAEF,YADA3S,EAAMQ,GAAKmS,GAGX,MAAM,IAAIlb,EAAAA,aAAa,6BAAD,OAA8BgqB,GAExD,CACF,CACI7nB,MAAMC,QAAQmG,EAAMQ,KACtBR,EAAMQ,GAAGD,SAAQ,SAAAohB,GAAU,OAAIH,EAAgBb,EAAagB,EAAW,GAE3E,GACF,EA+CE,mBA/B8B,SAA2BlO,EAAkCkN,GAI3F,MAJwGvB,EAAY,UAAH,6CAAG,CAAC,EAK/GwC,GAAyC,QAAvB,EAAAjB,EAAY9G,mBAAW,aAAvB,EAAyB7Z,QAAS,GAE1D4hB,EAAgBrhB,SACd,SAAAsZ,GAAe,MAEb,GAAyB,yBAArBA,EAAY9e,MACkB,4BAAhC8e,SAAsB,QAAX,EAAXA,EAAaC,iBAAS,WAAX,EAAX,EAAyB,KACxB6G,SAAAA,EAAakB,uBAMhB,OAAOL,EAAgBb,EAAa9G,UAJ3BA,EAAYC,SAKvB,IAGF,IAAMgI,EAAeF,EAAgBjQ,KAAI,SAAAkI,GAAW,OApCrB,SAACpG,EAAkCoG,EAAauF,GAE/E,GAAIvF,EAAYsH,IAAK,CACnB,IACMY,GADqB,EAAAC,EAAAA,8BAA8BvO,EAAY,CAACoG,GAAcuF,GAChDvF,EAAY9e,MAChD,OAAO,EAAP,KACK8e,GAAW,IACdiG,OAAQiC,GAEZ,CAEA,OAAOlI,CACT,CAwB0DoI,CAA0BxO,EAAYoG,EAAauF,EAAW,IAEtH,EAA6B4B,EAAsBvN,EAAYkN,EAAavB,GAE5E,MAAO,CACL0C,aAAAA,EACAb,QAJa,EAAPA,QAKNnG,QALsB,EAAPA,QAOnB,kEC5HO,SACLrH,EACAkN,EACAvB,EACAC,GACa,UAKwB,EAJ/BlI,EAAkBwJ,EACxB,GAA2C,EAAAuB,EAAAA,kBAAkBzO,EAAYkN,EAAavB,GAA9E0C,EAAY,EAAZA,aAAcb,EAAO,EAAPA,QAASnG,EAAO,EAAPA,QACzBqH,GAAkB,EAAH,WAAOL,GAEtBvG,GAA+B,gCAAG,WAAgB6G,GAAiB,2FAOmC,GAPjCC,EAAiB,EAAH,6BAAG,CAAC,EAOrFC,EAA0BR,EAAa7mB,MAAK,SAAC4e,GAAW,OAAKA,EAAY9e,OAASqnB,CAAiB,IAC5E,yCACpBjrB,QAAQK,OAAO,gCAAD,OAAiC4qB,EAAiB,OAAI,OAG9B,GACvB,mBADPE,EAAwBxC,OACP,yCACzB3oB,QAAQK,OAAO,wDAAD,OAAyD4qB,EAAiB,OAAI,gCAG9FE,EAAwBxC,OAAQuC,IAAkC,2CAC1E,SAlBoC,oCAuBrC,MAAO,CACL9G,QAAAA,EACA4G,gBAAAA,EACArH,QAAAA,EACAmG,QAAAA,EACAsB,YAAapL,EACb+H,gBAR+D,QAA5C,EAAG/H,EAAeqL,kCAA0B,OAAO,QAAP,EAAzC,EAA2CxiB,aAAK,OAAkB,QAAlB,EAAhD,EAAkD/E,MADzD,SAAAwb,GAAI,MAAkB,qBAAdA,EAAK1b,IAA2B,WACiC,WAAzB,EAAzC,EAAoEiF,MAS1Fof,UAAAA,EACAC,kBAAAA,EAEJ,4CA7CA,4DCFA,IAA8C,EAE/B,CACblD,aAHF,QAGEA,cACD,wICHD,aAAoD,2kBAWlD,+BAT0C,SAC1C1I,EACAgP,GAEA,IADArD,EAAY,UAAH,6CAAG,CAAC,EAEb,OAAOqD,EAAiBtW,QAAO,SAACzS,EAAKmgB,GAAW,cAC3CngB,GAAG,oBACLmgB,EAAY9e,MAAO,EAAAqmB,EAAAA,SAAkB3N,EAAYoG,EAAauF,IAAU,GACvE,CAAC,EACP,24DCXA,cACA,UACA,UAMA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,2NACA,+NACA,+NACA,+NACA,+NACA,+NACA,2RCOC,SAG6B,8EAhC9B,UACA,UACA,SACA,UAAsC,2kBAoBtC,SAASsD,EAAYvU,GACnB,MAAO,CACLA,KAAAA,EACAkJ,kBAAmBlJ,EAAKkJ,kBACxBjS,MAAO+I,EAAK/I,MAEhB,CAG8B,aAkF7B,OAlF6B,gCAAvB,WACLqO,GAAgC,yIAKuB,GAJvD5b,EAA2B,EAAH,6BAAG,CAAC,EAE5BA,GAAU,EAAAgG,EAAAA,YAAWhG,GAEjBsW,GAAO,EAAAyO,EAAAA,yBAAwBnJ,EAAY5b,GAGvC,QAH+C,EAGnDsW,SAAI,QAAJ,EAAMkJ,kBAAiB,yCAClBqL,EAAYvU,IAAK,wBAIb,EAAA0O,EAAAA,uBAAsBpJ,EAAY,EAAF,KAAOtF,GAAStW,IAAU,OA0CtE,OA1CDsW,EAAO,EAAH,KACEwU,GAAU,EAAAC,EAAAA,iBAAgBnP,GAE9BnM,GAFyC,EAcvC6G,GAZF7G,SACAub,EAAW,EAAXA,YACAzd,EAAK,EAALA,MACA0d,EAAM,EAANA,OACAhrB,EAAe,EAAfA,gBACAirB,EAAa,EAAbA,cACAC,EAAmB,EAAnBA,oBACAC,EAAe,EAAfA,gBACAC,EAAa,EAAbA,cACAC,EAAM,EAANA,OACAC,EAAS,EAATA,UACAC,EAAK,EAALA,MAEIC,EAAezrB,EAAQyrB,cAAgB7P,EAAW5b,QAAQyrB,aAChExrB,EAAiC,QAAlB,EAAGA,SAAe,SAG3BF,EAAM,GAAH,OAAM+qB,EAAO,gBAChBnnB,EAAS,EAAH,WACV+nB,UAAWjc,EACXkc,MAAOV,EAAQhR,KAAK,KACpB2R,aAAcZ,EACda,eAAgBX,EAChBY,sBAAuBX,EACvB5d,MAAAA,GACI6d,GAAmB,CAAEW,iBAAkBX,IACvCC,GAAiB,CAAEW,eAAgBX,IAInCI,GAAgB,CAAEQ,cAAeR,IACjCH,GAAU,CAAE/N,QAAS+N,IACrBC,GAAa,CAAE/N,WAAY+N,IAC3BC,GAAS,CAAEA,MAAAA,IAIX9pB,EAAU,CACd,eAAgB,qCACjB,WAEkB,EAAAgb,EAAAA,aAAYd,EAAY,CACzChC,OAAQ,OACR7Z,IAAAA,EACA2B,QAAAA,EACAzB,gBAAAA,EACAR,KAAMkE,IACN,QAeuC,OArBnCsT,EAAO,EAAH,KAOJuI,EAAoBvI,EAAKiV,mBAEzBC,EAAU,EAAH,KACR7V,GAAI,IACPkJ,kBAAAA,EAGAvf,gBAAAA,EACAsN,MAAAA,EACA0d,OAAAA,EACAI,cAAAA,EACAD,gBAAAA,KAGF,EAAAlG,EAAAA,qBAAoBtJ,EAAYuQ,GAAS,kBAElCtB,EAAYsB,IAAQ,4CAC5B,uFC7G0C,SAEX,iEARhC,UAEA,SACA,UACA,UACA,UACA,UAEgC,aAgD/B,OAhD+B,gCAAzB,WACLvQ,GAAgC,mHAW/B,GAVD5b,EAA6B,EAAH,6BAAG,CAAC,GAMxBosB,EAAmBxQ,EAAWiH,mBAAmBwJ,gBAAgBrsB,MAErEsf,EAAiB8M,EAAiB9M,eAClCkI,EAAoB4E,EAAiB5E,mBAIlClI,EAAgB,CAAF,gBAad,OAZG5D,EAAU1b,EAAQ0b,SAAW+L,EAAAA,gBAC7B6E,GAAS,EAAAC,EAAAA,gBAAe3Q,GACtB4D,EAAmCxf,EAAnCwf,kBAAmBD,EAAgBvf,EAAhBuf,YACrBtf,EAAyC,QAA1B,EAAGD,EAAQC,uBAAe,SAAQ,SAErDunB,GAAoB,GACpB,EAAAE,EAAAA,uBAAsBhM,GAChB3b,EAAM,GAAH,OAAMusB,EAAM,uBACfpiB,EAAOqV,EAAc,CAAEpgB,WAAYogB,GAAgB,CAAEC,kBAAAA,GACrD9d,EAAU,CACd,eAAgB,sCAAF,OAAwCga,GACtD8Q,OAAQ,sCAAF,OAAwC9Q,IAC/C,WACsB,EAAAgB,EAAAA,aAAYd,EAAY,CAC7ChC,OAAQ,OACR7Z,IAAAA,EACA2B,QAAAA,EACAzB,gBAAAA,EACAR,KAAMyK,IACN,QANFoV,EAAiB,EAAH,6DAQV,EAAAmN,EAAAA,gBAAc,OAAS,KAAIhnB,MAAO,EAAA4Z,EAAAA,kBAAiB,KAAI5Z,IAAIwV,eAAa,iBAC1EqE,EAAiB,KAAI7Z,IAAIwV,aACzBuM,GAAoB,EAAM,2CAOT,OAAfvnB,EAAoBD,EAApBC,gBAAe,mBAChB,EAAAqkB,EAAAA,cAAa1I,EAAY0D,EAAgB,CAAErf,gBAAAA,GAAmBunB,IAAkB,0DACxF,+FCrDM,SASNtmB,GACD,MACE,OAAO,EAAP,mCAbqC,IAarC,GAbqC,EAarC,EAbqC,kbAmBnC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAG+B,OAFhD,+BAASA,KAAM,iGACf,EAAK+jB,KAAM,EAAAkJ,EAAAA,eAAY,iBACvB,EAAKrrB,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CAAC,uBAVH,CAAiCQ,IAAI,0BAIJyrB,GAAQ,CAQ3C,iGA3BA,UACA,aACA,EAAuC,qbAAvC,UAAuC,6MCEhC,SAULzrB,GAEF,MACE,OAAO,EAAP,mCAfqC,IAerC,GAfqC,EAerC,EAfqC,kbAqBnC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAG+B,OAFhD,+BAASA,KAAM,iGACf,EAAK+jB,KAAM,EAAAoJ,EAAAA,sBAAmB,iBAC9B,EAAKvrB,YAAcA,EAAAA,QAAYX,KAAK,MAAM,EAAF,eAAQ,CAClD,CAAC,uBAVH,CAAiCQ,IAAI,0BAIJyrB,GAAQ,CAQ3C,iGA7BA,UACA,aACA,EAAuC,qbAAvC,UAAuC,+MCGhC,WAEL,OAAO,SAAP,0BAP6D,IAO7D,GAP6D,EAO7D,EAP6D,kbAqB3D,WAAY3sB,GAAc,MAMD,OANC,qBACxB,cAAMA,IAAS,0MAEf,EAAKigB,KAAOjgB,EAAQigB,KACpB,EAAKmL,gBAAkBprB,EAAQorB,gBAC/B,EAAKC,cAAgBrrB,EAAQqrB,cAC7B,EAAK7H,IAAMxjB,EAAQwjB,IAAI,CACzB,CAAC,uBArBI,EADwB,EAAAqJ,EAAAA,gCAyBjC,iGA/BA,kGCAA,UAOA,UACA,SAA+B,SAETzoB,EAAK,GAAD,4CAkCzB,OAlCyB,gCAAnB,WAAoBwX,GAAgC,qGACX,OAAtC3b,GADmDD,EAA0B,EAAH,6BAAG,CAAC,GAC9EC,gBAAiBqnB,EAA0BtnB,EAA1BsnB,sBAAqB,UACtB,EAAA5D,EAAAA,SAAQ9H,EAAY,CAC1CkR,cAAc,EACd7sB,gBAAAA,EACAqnB,sBAAAA,IACA,OAMD,GAVGyF,EAAc,EAAH,KAMTzW,GAAO,EAAAyO,EAAAA,yBAAwBnJ,GAEhCoR,OADDA,EAA+B1W,SAAkB,QAAd,EAAJA,EAAM2T,oBAAY,WAAd,EAAJ,EAAoB7mB,MAAK,SAAA4e,GAAW,OAAIA,EAAYiL,SAAS,OAAO,MAClGD,EAA8B5qB,SACjC,EAAAoF,EAAAA,MAAK,oEAGH0lB,OAAOC,UAAUntB,EAAQotB,SAAU,CAAF,yCAC5B,IAAI9tB,SAAQ,SAAUC,EAASI,GACpCmL,YAAW,EAAD,2BAAC,8FACT,IACQsiB,EAA8B,QAAvB,EAAGL,EAAYM,gBAAQ,OAAM,QAAN,EAApB,EAAsBjpB,YAAI,WAAN,EAApB,EAA4BgpB,QAE1C7tB,EADE6tB,EACMhpB,EAAKwX,EAAY,CACvBwR,QAAAA,IAGML,EAEZ,CAAE,MAAOvnB,GACP7F,EAAO6F,EACT,CAAC,2CACAxF,EAAQotB,QACb,KAAE,iCAGGL,GAAW,4CACnB,mGC/BA,SAE6B,GAAD,2EAT7B,UACA,UACA,UAAyC,2kBAElC,SAAStJ,EAAW7H,GAAyE,IAAvC5b,EAA0B,UAAH,6CAAG,CAAC,EAEtF,UADa,EAAA+kB,EAAAA,yBAAwBnJ,EAAY5b,KAC/BA,EAAQuf,YAC5B,CAE6B,aAmB5B,OAnB4B,gCAAtB,WACL3D,GAAgC,+FACJ,GAGvB6H,EAAW7H,EAHhB5b,EAA0B,EAAH,6BAAG,CAAC,GAGW,CAAF,qBAC5B,IAAIJ,EAAAA,aAAa,4DAA2D,OAOnF,OAJKqgB,EAAgBjgB,EAAhBigB,KAAM1S,EAAUvN,EAAVuN,MACP0S,IACG3J,GAAO,EAAAyO,EAAAA,yBAAwBnJ,EAAY,CAAErO,MAAAA,IACnD0S,EAAO3J,aAAI,EAAJA,EAAM2J,MACd,mBAEM,EAAAD,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAAA,MACA,2CACH,4FChC6C,SAOR,GAAD,2EARrC,UACA,UAA8C,2kBAOT,aAWpC,OAXoC,gCAA9B,WACLrE,GAAgC,2FAEoC,OAFlC5b,EAAmC,EAAH,6BAAG,CAAC,EAEhE+iB,GAAW,EAAAC,EAAAA,sBAAqBpH,EAAY,mBAAkB,mBAC7D,EAAAoE,EAAAA,KACLpE,EAAY,EAAF,KAEL5b,GACA+iB,KAEN,2CACF,qFCVgB,SAEc,GAAD,2EAX9B,UACA,UACA,UACA,UACA,UAKiB,2kBAEa,aAoB7B,OApB6B,gCAAvB,WACLnH,GAAgC,6FAAmC,GAAjC5b,EAA+B,EAAH,6BAAG,CAAC,GAI7D,EAAAstB,EAAAA,2BAA0B1R,GAAa,CAAF,gCACN,EAAAuI,EAAAA,kBAAiBvI,EAAY,EAAF,KACxD5b,GAAO,IACVigB,KAAM,WACNsN,eAAe,KACf,OAJqB,GAIrB,SAJMC,EAAe,EAAfA,gBAKHxtB,EAAQorB,kBAAmBoC,GAAoBA,EAAgBP,SAASQ,EAAAA,WAAWC,cAAa,sBAC7F,IAAI9tB,EAAAA,aAAa,0EAAyE,iCAI7F,EAAAogB,EAAAA,KAAIpE,EAAY,EAAF,KAChB5b,GAAO,IACVigB,KAAM,eACN,2CACH,2JC9BD,UAOA,UAMgB,klDAUhB,SAAS0N,EAAoBvd,EAA2B0Y,GAEtD,OAAO9pB,OAAOyJ,KAAKqgB,EAAY7F,SAAS7f,MAAK,SAAA6kB,GAAM,QAAM7X,EAAOwd,QAAU3F,EAAOgF,SAAS,UAAU,GACtG,CAEA,SAASY,EAAuBzd,GAE9B,OAAO,EAAP,KACKA,GAAM,IACTwd,YAAQ9uB,GAEZ,CAEA,SAASgvB,EAAwB9tB,EAA2B+tB,GAC1D,IAAI9K,EAAUjjB,EAAQijB,SAAW,GAQjC,OAPAA,EAAUA,EAAQoG,QAAO,SAAA2E,GACvB,MAAqB,iBAAVA,EACFA,IAAUD,EAEZC,EAAM9qB,OAAS6qB,CACxB,IAEO,EAAP,KAAY/tB,GAAO,IAAEijB,QAAAA,GACvB,CAAC,SAGqBgL,EAAU,EAAD,mDA4H9B,OA5H8B,gCAAxB,WACLrS,EACAkN,EACA1Y,EACApQ,GAAyB,+GAGb,GADNsqB,GAFmB,EAEkBxB,GAArCwB,gBAAiBjD,EAAe,EAAfA,gBACfpH,EAASjgB,EAATigB,MAGJoH,EAAiB,CAAF,wCACV,CAAEyB,YAAAA,IAAa,OAU0B,GAP5CoF,GAAa,EAAAC,EAAAA,eAAcrF,EAAa1Y,EAAQpQ,GAGhDouB,EAAmBT,EAAoBvd,EAAQ0Y,GAC/CuF,EAAoBruB,EAAQijB,SAAW,KACvCA,EAAU,GAAH,qBACRoL,IAAiB,aAChBD,GAAoB,CAACA,IAAqB,MAEnC,CAAF,oBACUnL,GAAO,4HAQmD,GARpEgF,EAAM,QAETtkB,EAA0B,CAAC,EACT,iBAAXskB,IACTtkB,EAASskB,EAAOtkB,QAAU,CAAC,EAC3BskB,EAASA,EAAO/kB,MAEdorB,EAA8BT,EAAuBzd,GACrDme,EAA+BT,EAAwB9tB,EAASioB,GAEzB,mBAAhCa,EAAY7F,QAAQgF,GAAsB,iCAC/Ba,EAAY7F,QAAQgF,GAAQtkB,GAAO,OAA5C,IAC2B,KADtCmlB,EAAc,EAAH,MACKtB,kBAA2B,8CAClC,EAAAgH,EAAAA,sBAAqB5S,EAAYkN,EAAa9oB,KAAQ,WAEhD,WAAXioB,EAAmB,6CACd,CAAEa,YAAAA,EAAa2F,UAAU,KAAM,oCAEjCR,EACLrS,EACAkN,EACAwF,EACAC,KACD,QAI0E,IAAnDjE,EAAgBlnB,MAAK,YAAO,SAAJF,OAAoB+kB,CAAM,IACrD,CAAF,iCACCa,EAAYpF,QAAQuE,EAAQtkB,GAAO,QAA5C,IAC2B,KADtCmlB,EAAc,EAAH,MACKtB,kBAA2B,8CAClC,EAAAgH,EAAAA,sBAAqB5S,EAAYkN,EAAa9oB,KAAQ,oCAExDiuB,EAAUrS,EAAYkN,EAAa1Y,EAAQme,KAA6B,8WAMrC,KAA1CG,GAAW,EAAAC,EAAAA,oBAAmB7F,IACtB,CAAF,yCACH,CAAEA,YAAAA,EAAa4F,SAAAA,IAAU,WAG7BR,EAAY,CAAF,oBAETluB,EAAQ4uB,KAAM,CAAF,gBACyD,OAAvExe,GAAS,EAAAye,EAAAA,4BAA2B/F,EAAa9oB,EAAQ4uB,KAAMxe,GAAQ,UACnD0Y,EAAYpF,QAAQ1jB,EAAQ4uB,KAAMxe,GAAO,QAAlD,IAC2B,KADtC0Y,EAAc,EAAH,MACKtB,kBAA2B,2CAClC,EAAAgH,EAAAA,sBAAqB5S,EAAYkN,EAAa9oB,IAAQ,iCAExD,CAAE8oB,YAAAA,IAAa,WAIX,YAAT7I,EAAkB,0CACb,CAAE6I,YAAAA,IAAa,cAElB,IAAIlpB,EAAAA,aAAa,2GAAD,OAEH0qB,EAAgBhW,QAAO,SAACwa,EAAKC,GAAI,OAAKD,EAAMA,EAAM,KAAOC,EAAK7rB,KAAO6rB,EAAK7rB,IAAI,GAAE,IAAG,YACpG,WAICgrB,EAAWc,eAAgB,CAAF,gBACqC,OAA3D3B,GAAW,EAAA4B,EAAAA,aAAYrT,EAAYsS,EAAYpF,GAAY,kBAC1D,CACLA,YAAAA,EACAuE,SAAAA,IACD,QAI8B,OAD3BnqB,EAAOgrB,EAAWgB,UAClBrwB,EAAOqvB,EAAWiB,UAAS,UAEbrG,EAAYpF,QAAQxgB,EAAMrE,GAAK,QAAxC,IAC2B,KADtCiqB,EAAc,EAAH,MACKtB,kBAA2B,2CAClC,EAAAgH,EAAAA,sBAAqB5S,EAAYkN,EAAa9oB,IAAQ,QAKrB,GAD1CoQ,EAAS8d,EAAWkB,0BACpBpvB,EAAU,EAAH,KAAQA,GAAO,IAAE4uB,UAAM9vB,KAIlB2gB,sBAAyBqJ,EAAYzB,kBAAoB,EAAAsH,EAAAA,oBAAmB7F,GAAY,iBAGzC,OADnDuG,GAAK,EAAAlB,EAAAA,eAAcrF,EAAa1Y,EAAQpQ,GACxCqtB,GAAW,EAAA4B,EAAAA,aAAYrT,EAAYyT,EAAIvG,GAAY,kBAClD,CACLA,YAAAA,EACAuE,SAAAA,IACD,iCAGIY,EAAUrS,EAAYkN,EAAa1Y,EAAQpQ,IAAQ,kEAE3D,4MC7KD,UACA,UAAyD,+kBAM5CmmB,EAA2B,mCANiB,IAMjB,GANiB,EAMjB,EANiB,kbAMjB,iEAqCrC,OArCqC,8CAGtC,WACE,IAAMrE,EAAoBljB,KAAK0wB,uBAE/B,MAAO,CACL9M,IAFmC,EAAA+M,EAAAA,iCAAgC3wB,KAAKojB,aAEvCxB,KAAMrY,MACpC/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAGiF,MACtCqnB,WAAY1N,EAAmB0N,WAC/BC,YAAa3N,EAAmB2N,YAEpC,GAAC,mCAED,SAAsBzN,GACpB,MAAO,CACL,CAAE9e,KAAM,aAAciB,KAAM,UAC5B,CAAEjB,KAAM,cAAeyd,MAAO,eAAgBxc,KAAM,WACpD2V,KAAI,SAAA8E,GAEJ,OAAO,EAAP,KADcoD,EAAYxB,KAAKrY,MAAM/E,MAAK,SAAAssB,GAAG,OAAIA,EAAIxsB,OAAS0b,EAAK1b,IAAI,KACjD0b,EACxB,GACF,GAAC,4CAED,SAAyC/f,GAEvCA,GAAO,EAAH,uFAAwCA,GAE5C,IAAQ4wB,EAAgB7wB,KAAKwR,OAArBqf,YACR,GAAK5wB,GAAS4wB,EAId,OAAO,EAAP,KACM5wB,GAAQA,GACR4wB,GAAe,CAAEA,YAAAA,GAEzB,KAAC,EArCqC,CAASE,EAAAA,mBAAiB,8CAArDxJ,EAA2B,kBACb,oOCT2D,+kBAIzEJ,EAA6B,mCAJ4C,IAI5C,GAJ4C,EAI5C,EAJ4C,kbAI5C,iEA4BvC,OA5BuC,8CAGxC,WACE,OAAOnnB,KAAK0wB,sBACd,GAAC,mCAED,WACE,IAAMzP,EAAgBjhB,KAAK2wB,kCACrBC,EAAa3P,EAAcW,KAAMrY,MAAM/E,MAAK,YAAO,MAAgB,eAAhB,EAAJF,IAAgC,IAErF,OAAIssB,GAAcA,EAAWxvB,QACpB,CACLkD,KAAM,aACNiB,KAAM,SACNsc,UAAU,EACVzgB,QAASwvB,EAAWxvB,UAIT,EAAH,WAAO6f,EAAcW,KAAMrY,MAEzC,GAAC,mCAED,WAA6D,WAG3D,OAFAvJ,KAAKwR,QAAS,EAAH,+EACSpR,OAAOyJ,KAAK7J,KAAKwR,QAAQiZ,QAAO,SAAAuG,GAAQ,MAAiB,kBAAbA,CAA4B,IACvEtb,QAAO,SAAClE,EAAQwf,GAAQ,cAAUxf,GAAM,oBAAGwf,EAAW,EAAKxf,OAAOwf,IAAS,GAAI,CAAC,EACvG,KAAC,EA5BuC,CAJ1C,QAImDD,mBAAiB,gDAAvD5J,EAA6B,kBACf,2NCL3B,UAEA,UACA,UAAiE,+kBAOpD4J,EAAiB,mCAPmC,IAOnC,GAPmC,EAOnC,EAPmC,kbAU/D,WAAY3N,GAAkD,MAArB5R,EAAY,UAAH,6CAAG,CAAC,EAMrB,OANsB,qBACrD,cAAM4R,EAAa5R,IAAQ,sDAG3B,EAAKyP,cAAgB,EAAKgQ,mBAE1B,EAAKC,0BAA0B,CACjC,CA2DC,OA3DA,qDAED,WAAoC,WAElC,GAD0BlxB,KAAK0wB,uBAE7B1wB,KAAKwR,OAAO2f,mBAAqBnxB,KAAKwR,OAAO2f,mBAAoBjW,KAAI,SAAAjb,GACnE,OAAI,EAAAmxB,EAAAA,uBAAsB,EAAKnQ,cAAehhB,GACrC,EAAKoxB,+BAA+BpxB,GAEtCA,CACT,QACK,CACL,IAAMA,EAAOD,KAAKqxB,iCACdpxB,GACFD,KAAKwR,OAAO2f,mBAAoB1tB,KAAKxD,EAEzC,CACF,GAAC,kCAED,WAAiC,WAC/B,OAAOD,KAAKwR,OAAO2f,mBAChB3sB,MAAK,SAACvE,GAAI,OAAK,EAAAmxB,EAAAA,uBAAsB,EAAKnQ,cAAehhB,EAAK,GACnE,GAAC,0BAED,WAAe,WACb,OAAOD,KAAKwR,OAAO2f,mBAChB1f,MAAK,SAAAxR,GAAI,OAAI,EAAAmxB,EAAAA,uBAAsB,EAAKnQ,cAAehhB,EAAK,GACjE,GAAC,4CAED,SAAyCijB,GAEvC,MAAoCljB,KAAKwR,OAAnCof,EAAU,EAAVA,WAAY3P,EAAa,EAAbA,eACb2P,IAAc,EAAA5M,EAAAA,iBAAgB/C,KAClC2P,EAAa3P,aAAa,EAAbA,EAAe2P,YAG7B,MAA6B5wB,KAAKihB,cAC5BhhB,EAAO,EAAH,GACR2jB,GAFQ,EAAFA,GAGN0N,aAHsB,EAAZA,cAINpO,GAAqBA,GACrB0N,GAAc,CAAEA,WAAAA,IAGtB,OAAO3wB,EAAK2wB,WAAa3wB,EAAO,IAClC,GAAC,6CAED,WAGE,OAFsBD,KAAKojB,YAAY7Z,MACpC/E,MAAK,YAAO,MAAgB,kBAAhB,EAAJF,IAAmC,GAEhD,GAAC,mCAED,WAA2B,WACzBtE,KAAKwR,QAAS,EAAH,+EAEX,IAAM2f,EAAqBnxB,KAAKwR,OAAO2f,mBACpC1G,QAAO,SAAAxqB,GAAI,OAAwD,KAApD,EAAAmxB,EAAAA,uBAAsB,EAAKnQ,cAAehhB,EAAc,IAC1E,OAAO,EAAP,KAAYD,KAAKwR,QAAM,IAAE2f,mBAAAA,GAC3B,KAAC,EArE2B,CAAsEI,EAAAA,YAAU,+JCN9G,UACA,UAAsF,yrBAuBzEA,EAAU,WAQrB,WACEnO,GAGA,IAFA5R,EAAY,UAAH,6CAAG,CAAC,EACbpQ,EAA4B,UAAH,6CAAG,CAAC,GAAC,wKAG9BpB,KAAKwR,OAAS,EAAH,GAAQA,GACnBxR,KAAKoB,QAAU,EAAH,GAAQA,GACpBpB,KAAKwxB,uBACLxxB,KAAKojB,YAAcA,CACrB,CA8JC,OA9JA,kDAED,WASE,GARApjB,KAAKwR,OAAOqS,eAAkB7jB,KAAKwR,OAAOqS,gBAAkB,GAG5D7jB,KAAKwR,OAAOqS,eAAiB7jB,KAAKwR,OAAOqS,eAAe3I,KAAI,SAAA+F,GAC1D,OAAO,EAAAwQ,EAAAA,qBAAoBxQ,EAC7B,IAGIjhB,KAAKwR,OAAOyP,cAAe,CAC7B,IAAMA,GAAgB,EAAAwQ,EAAAA,qBAAoBzxB,KAAKwR,OAAOyP,eACvBjhB,KAAKwR,OAAOqS,eAAepS,MAAK,SAAAigB,GAC7D,OAAO,EAAAN,EAAAA,uBAAsBnQ,EAAeyQ,EAC9C,KAEE1xB,KAAKwR,OAAOqS,eAAepgB,KAAKwd,EAEpC,CAIAjhB,KAAKwR,OAAO2f,mBAAqBnxB,KAAKwR,OAAOqS,eAAenO,QAAO,SAACwa,EAAKjP,GAKvE,MAJ6B,YAAzB,aAAOA,IAA8B7gB,OAAOyJ,KAAKoX,GAAezd,OAAS,GAE3E0sB,EAAIzsB,KAAKwd,GAEJiP,CACT,GAAGlwB,KAAKwR,OAAO2f,oBAAsB,GACvC,GAAC,qBAED,WACE,OAAOnxB,KAAKojB,YAAY9e,IAC1B,GAAC,0BAID,SAAakmB,GAA+B,WAG1C,QAFiB,EAAAmH,EAAAA,mBAAkB3xB,KAAKojB,aACf5e,MAAK,SAACZ,GAAG,OAAM,EAAKguB,QAAQhuB,EAAI,GAK3D,GAAC,qBAGD,SAAQA,GAAc,WACpB,IAAKA,EAAK,CACR,IACI7D,GADY,EAAA8xB,EAAAA,cAAa7xB,KAAKojB,aACb1N,QAAO,SAACzV,EAAM2D,GAEjC,OADA3D,EAAK2D,GAAO,EAAK2sB,QAAQ3sB,GAClB3D,CACT,GAAG,CAAC,GACJ,OAAOF,CACT,CAGA,GAA4C,mBAAjCC,KAAK,MAAD,QAAO,EAAA8xB,EAAAA,WAAUluB,KAAwB,CACtD,IAAMktB,EAAM9wB,KAAK,MAAD,QAAO,EAAA8xB,EAAAA,WAAUluB,KAC/B5D,KAAKojB,YAAY7Z,MAAO/E,MAAK,YAAM,SAAJF,OAAmBV,CAAG,KAEvD,GAAIktB,EACF,OAAOA,CAEX,CAGA,GAAI9wB,KAAKkb,KAAOlb,KAAKkb,IAAItX,GAEvB,IADA,IAAMwrB,EAAQpvB,KAAKkb,IAAItX,GACdsS,EAAI,EAAGA,EAAIkZ,EAAM5rB,OAAQ0S,IAAK,CACrC,IAAI4a,EAAM9wB,KAAKwR,OAAO4d,EAAMlZ,IAC5B,GAAI4a,EACF,OAAOA,CAEX,CAIF,OAAO9wB,KAAKwR,OAAO5N,EACrB,GAAC,qBAED,SACEA,GAIA,QAAS5D,KAAKuwB,QAAQ3sB,EACxB,GAAC,yBAED,SAAYmuB,EAAmCC,GAC7C,IAAM1tB,EAAOtE,KAAKswB,UACZ3O,EAAS3hB,KAAKiyB,YACdhR,EAAgBjhB,KAAKixB,mBAGrB1rB,EAAO0b,aAAa,EAAbA,EAAe1b,KAC5B,OAAO,EAAP,GACEjB,KAAAA,EACAqd,OAAAA,GACIpc,GAAQ,CAAEA,KAAAA,IACV0b,GAAiB,CAAEA,cAAAA,GAE3B,GAAC,uBAGD,WAAqB,WACbU,EAAkB,GAqCxB,OApC8B3hB,KAAKojB,YAAY7Z,OAAS,IAClCO,SAAQ,SAAAooB,GAC5B,IAAIpQ,EACExd,EAAkC4tB,EAAlC5tB,KAAMiB,EAA4B2sB,EAA5B3sB,KAAMyd,EAAsBkP,EAAtBlP,QAASmP,EAAaD,EAAbC,SAC3B,IAAgB,IAAZnP,EAAJ,CAGA,GAAkD,mBAAvC,EAAK,WAAD,QAAY,EAAA8O,EAAAA,WAAUxtB,KACnCwd,EAAQ,EAAK,WAAD,QAAY,EAAAgQ,EAAAA,WAAUxtB,KAAS4tB,QACtC,GAAa,WAAT3sB,EAAmB,CAE5B,IAAI6sB,EACEC,GAAW,EAAKnX,IAAM,EAAKA,IAAI5W,GAAQ,OAAS,GAEpD8tB,EADqB,IAAnBC,EAAQ7uB,OACF6uB,EAAQ,GAGRA,EAAQ7tB,MAAK,SAAAF,GAAI,OAAIlE,OAAOyJ,KAAK,EAAK2H,QAAQ6c,SAAS/pB,EAAK,IAElE8tB,IACFtQ,EAAQ,EAAH,KAAQoQ,GAAoB,IAAE5tB,KAAM8tB,IAE7C,CACKtQ,IACHA,EAAQoQ,GAEN/uB,MAAMC,QAAQ0e,GAChBA,EAAMhY,SAAQ,SAAAoM,GAAC,OAAIyL,EAAOle,KAAKyS,EAAE,KAG7Bic,IACFrQ,EAAMqQ,SAAWA,GAEnBxQ,EAAOle,KAAKqe,GA3Bd,CA6BF,IACOH,CACT,GAAC,mCAiBD,WACE,IAO0B,EAPpB2Q,EAAwBtyB,KAAKojB,YAAY7Z,OAAS,GAClDgpB,EAAuBvyB,KAAKiyB,YAIhC,EAlNgF,25BAkNhF,CAHa,GAAH,qBACPK,IAAqB,aACrBC,KAGqB,IAA1B,IAAK,EAAL,qBAA4B,KAAjBzQ,EAAK,eACP9hB,KAAKwR,OAAOsQ,EAAMxd,KAC3B,CAAC,+BACD,OAAOtE,KAAKwR,MACd,GAAC,8BAED,WAA2D,QAEnD6R,EAAsC,QAA7B,EAAGrjB,KAAKojB,YAAYC,iBAAS,aAA1B,EAA4B9Z,MAC9C,GAAK8Z,EAAL,CAIA,IAAMmP,GAA+B,EAAA7B,EAAAA,iCAAgC3wB,KAAKojB,aAC1E,IAAKoP,EAEH,OAAOnP,EAKT,IAAMO,EAAK4O,EAA6B5Q,KAAMrY,MAC3C/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAGiF,MAChC+nB,EACwC,QAD5B,EAAGkB,EAA6B5Q,KAAMrY,MACrD/E,MAAK,YAAO,MAAgB,iBAAhB,EAAJF,IAAkC,WAAC,aADzB,EAC2BiF,MAEhD,OAAO,EAAP,KACK8Z,GAAS,IACZO,GAAAA,EACA0N,aAAAA,GAlBF,CAoBF,IAAC,0BAtDD,SAAmBlO,GAAuD,QACxE,GAAKA,EAAY7Z,MAGjB,OAA2B,QAA3B,EAAO6Z,EAAY7Z,MAAM,UAAE,OAAM,QAAN,EAApB,EAAsBqY,YAAI,WAAN,EAApB,EAA4BrY,MAAMmM,QAAO,SAACyc,EAAwBjJ,GAIvE,OAHIA,EAAMiJ,WACRA,EAAW,GAAH,qBAAOA,IAAQ,aAAKjJ,EAAMiJ,SAAS5oB,SAEtC4oB,CACT,GAAG,GACL,KAAC,EAhLoB,GAgLpB,6BAhLUZ,EAAU,oNC3BvB,UACA,UAEA,UACA,UAAmF,yrBAOtEkB,EAAmB,mCAPmD,IAOnD,GAPmD,EAOnD,EAPmD,kbAOnD,oRAmF7B,OAnF6B,+CAM9B,SAAkB5O,EAAgBziB,GAChC,IAAI0iB,EACoC,EADN,EAd6C,25BAc7C,CACRD,GAAc,yBAA/B5C,EAAa,QAGpB,GAFA6C,EAAS1iB,EACNoD,MAAK,gBAAG6e,EAAS,EAATA,UAAS,OAAOA,EAAUzf,KAAOyf,EAAUzf,MAAQqd,EAAcrd,GAAG,IAE7E,aACD,EALH,IAAK,EAAL,qBAA0C,gBAMzC,+BACD,OAAOkgB,CACT,GAAC,0BAGD,SAAa0G,GACX,MAA0CxqB,KAAKwR,OAAvCqS,EAAc,EAAdA,eAAgB5C,EAAa,EAAbA,cAEhB7f,GAD6B,EAAAuvB,EAAAA,iCAAgC3wB,KAAKojB,aAClEhiB,QAER,IAAKyiB,IAAmBA,EAAergB,OACrC,OAAO,EAIT,IAAI,EAAAwgB,EAAAA,iBAAgB/C,IAAkBA,EAAc2C,GAClD,OAAO,EAIT,IAAM8O,EAAgB1yB,KAAK2yB,kBAAkB9O,EAAgBziB,GAC7D,GAAIsxB,EAAe,SAEXE,GAAyBpI,aAAO,EAAPA,EAASqI,wBACnCrI,aAAO,EAAPA,EAASqI,qBAAqBtpB,MAAMqa,OAA8B,QAA5B,EAAK8O,EAAcrP,iBAAS,aAAvB,EAAyBO,IACnEkP,GAAmCtI,aAAO,EAAPA,EAASuI,kCAC7CvI,aAAO,EAAPA,EAASuI,+BAA+BxpB,MAAMqa,OAA8B,QAA5B,EAAK8O,EAAcrP,iBAAS,aAAvB,EAAyBO,IACnF,OAAQgP,IAA2BE,CACrC,CAEA,OAAO,CACT,GAAC,8BAED,SAAiB9G,GACf,MAA0ChsB,KAAKwR,OAAvCqS,EAAc,EAAdA,eAAgB5C,EAAa,EAAbA,cAGxB,IAAI,EAAA+C,EAAAA,iBAAgB/C,IAAkBA,EAAc2C,GAElD,OADA5jB,KAAKgzB,sBAAwB/R,EACtBA,EAGT,IAAQ7f,EAAY4qB,EAAZ5qB,QACF6xB,GAAiB,EAAAN,EAAAA,mBAAkB9O,EAAgBziB,GAGzD,OAFApB,KAAKgzB,sBAAwBC,EAAe5P,UAC5CrjB,KAAKizB,eAAiBA,EACf,CACLrP,GAAIqP,aAAc,EAAdA,EAAgB1pB,MAAMqY,KAAKrY,MAAM/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAAEiF,MAE3E,GAAC,mCAED,SAAsB6Z,GAOpB,MAAO,CAAE9e,KAAM,gBAAiBiB,KAAM,SAAUnE,QANhCgiB,EAAYhiB,QAAQ8Z,KAAI,YACtC,MAAO,CACL6G,MAF4C,EAALA,MAGvCxY,MAHuD,EAAT8Z,UAG7Bzf,IAErB,IAEF,GAAC,mCAED,WAA2B,WACzB5D,KAAKwR,QAAS,EAAH,+EAEX,IAAMqS,EAAkB7jB,KAAKwR,OAAOqS,eACjC4G,QAAO,SAAAxJ,GACN,OAA4E,KAArE,EAAAmQ,EAAAA,uBAAsBnQ,EAAe,EAAK+R,sBACnD,IACF,OAAO,EAAP,KAAYhzB,KAAKwR,QAAM,IAAEqS,eAAAA,GAC3B,KAAC,EAnF6B,CACtB0N,EAAAA,YAAU,kNCbpB,UACA,UAA2F,+kBAO9E2B,EAAmB,mCAP2D,IAO3D,GAP2D,EAO3D,EAP2D,kbAYzF,WAAY9P,GAAkD,MAArB5R,EAAY,UAAH,6CAAG,CAAC,EAED,OAFE,qBACrD,cAAM4R,EAAa5R,IAAQ,sDAC3B,EAAKyP,eAAgB,EAAAgQ,EAAAA,kBAAiB7N,GAAa,CACrD,CA4BC,OA5BA,yCAED,SAAYpG,EAAkCwN,GAAgC,MACtEiE,GAAW,EAAH,oEAAqBzR,EAAYwN,GACzC2I,EAA2B3I,SAAiC,QAA1B,EAAPA,EAAS2I,gCAAwB,WAA1B,EAAP,EAAmC5pB,MAEpE,OAAO,EAAP,KACKklB,GAAQ,IACX0E,yBAAAA,GAEJ,GAAC,0BAED,WACE,OAAOnzB,KAAKihB,cAAcmS,UAAUpzB,KAAKwR,OAC3C,GAAC,4BAED,WACE,OAAOxR,KAAKihB,cAAcoS,eAAerzB,KAAKwR,OAChD,GAAC,iCAED,SAAoBsQ,GAClB,OAAO9hB,KAAKihB,cAAcgR,UAAUnQ,EACtC,GAAC,mCAED,WAA2B,WAGzB,OAFA9hB,KAAKwR,QAAS,EAAH,+EACSpR,OAAOyJ,KAAK7J,KAAKwR,QAAQiZ,QAAO,SAAAuG,GAAQ,MAAiB,gBAAbA,CAA0B,IACrEtb,QAAO,SAAClE,EAAQwf,GAAQ,cAAUxf,GAAM,oBAAGwf,EAAW,EAAKxf,OAAOwf,IAAS,GAAI,CAAC,EACvG,KAAC,EApC6B,CACtBO,EAAAA,YAAU,2LCVwE,IAI/EtK,EAAsB,mCAJyD,IAIzD,GAJyD,EAIzD,EAJyD,kbAIzD,yFAJnC,QAI4CiM,qBAAmB,yCAAlDjM,EAAsB,kBACR,qLCLe,IAE7BC,EAAa,mCAFgB,IAEhB,GAFgB,EAEhB,EAFgB,kbAEhB,iEAKvB,OALuB,0CAGxB,WACE,QAASlnB,KAAKwR,OAAO0c,cAAsC,mBAAtBluB,KAAKoB,QAAQ4uB,IACpD,KAAC,EALuB,CAF1B,QAEmCtI,YAAU,gCAAhCR,EAAa,kBACC,kLCFiE,IAI/EM,EAAmB,mCAJ4D,IAI5D,GAJ4D,EAI5D,EAJ4D,kbAI5D,yFAJhC,QAIyC0L,qBAAmB,sCAA/C1L,EAAmB,kBACL,4LCLuC,+kBAQrDE,EAAU,mCAR2C,IAQ3C,GAR2C,EAQ3C,EAR2C,kbAQ3C,iEA0BpB,OA1BoB,0CAGrB,WACE,QAAS1nB,KAAKwR,OAAO0c,cAAsC,gBAAtBluB,KAAKoB,QAAQ4uB,IACpD,GAAC,yBAED,SAAYhT,EAAkCwN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBtW,EAAYwN,GACzCvJ,EAAgBjhB,KAAKixB,mBAIzB,OAHKhQ,GAAD,MAAkBuJ,GAAAA,EAASqI,uBAC7B5R,EAAgBuJ,EAAQqI,qBAAqBtpB,OAExC,EAAP,KACK+pB,GAAM,IACTrS,cAAAA,EACAzb,KAAM,CACJqc,UAAU,EACV2M,QAASxuB,KAAKojB,YAAYoL,UAGhC,GAAC,mCAED,WAA0C,WAExC,OADoBpuB,OAAOyJ,KAAK7J,KAAKwR,QAAQiZ,QAAO,SAAAuG,GAAQ,MAAiB,iBAAbA,CAA2B,IACtEtb,QAAO,SAAClE,EAAQwf,GAAQ,cAAUxf,GAAM,oBAAGwf,EAAW,EAAKxf,OAAOwf,IAAS,GAAI,CAAC,EACvG,KAAC,EA1BoB,CARvB,QAQgCO,YAAU,6BAA7B7J,EAAU,kBACI,kMCN3B,UACA,UAA4E,+kBAW/DU,EAAa,mCAXkD,IAWlD,GAXkD,EAWlD,EAXkD,kbAgB1E,WACEhF,GAGA,MAFA5R,EAA8B,UAAH,6CAAG,CAAC,EAC/BpQ,EAA4B,UAAH,6CAAG,CAAC,EAU5B,OAV6B,qBAE9B,cAAMgiB,EAAa5R,EAAQpQ,IAAS,8CAPK,MAYrB,EAAKmyB,kCAEvB,EAAKtS,cAAgB,EAAKA,cAAgB,IAAIM,EAAAA,aAAa,CAAC,IAC7D,CACH,CA8DC,OA9DA,0CAED,WAEE,GAAIvhB,KAAKihB,gBAAkBjhB,KAAKihB,cAAcmS,UAAUpzB,KAAKwR,QAC3D,OAAO,EAGT,IAAMgiB,EAAwBxzB,KAAKuwB,UAAUkD,YAC7C,QAAKD,GAI8BxzB,KAAKojB,YAAY7Z,MAAO/E,MAAK,YAAO,MAAgB,gBAAhB,EAAJF,IAAiC,IAClEsd,KAAMrY,MAAMmM,QAAO,SAAC0a,EAAcD,GAIlE,OAHIA,EAAKtO,WACPuO,EAAeA,KAAkBoD,EAAsBrD,EAAK7rB,OAEvD8rB,CACT,IAAG,EACL,GAAC,2CAED,WACE,OAAOpwB,KAAKojB,YAAY7Z,MAAO/E,MAAK,YAAO,MAAgB,gBAAhB,EAAJF,IAAiC,GAC1E,GAAC,4BAED,YAAqD,WAE7CrE,EAFwC,EAAhC2hB,KAAQrY,MACmB2R,KAAI,YAAM,SAAJ5W,IAAc,IACjCoR,QAAO,SAACge,EAAiBC,GAAa,OAChE,EAAKniB,OAAOmiB,GAAiB,EAAH,KACvBD,GAAe,oBACjBC,EAAgB,EAAKniB,OAAOmiB,KAC3BD,CAAe,GAAG,CAAC,GACvB,GAAiC,IAA7BtzB,OAAOyJ,KAAK5J,GAAMuD,OAGtB,OAAOvD,CACT,GAAC,4BAED,WACE,IAAM6wB,EAAM9wB,KAAKihB,eAAiBjhB,KAAKihB,cAAcoS,eAAerzB,KAAKwR,QACzE,GAAKsf,EAGL,OAAOA,CACT,GAAC,iCAED,SAAoBhP,GAClB,OAAO,EAAP,WAAWA,EAAMF,KAAKrY,MACxB,GAAC,iCAED,SAAoBuY,GAClB,OAAO,EAAP,WAAWA,EAAMF,KAAKrY,MACxB,GAAC,8BAED,SAAiBqqB,GACf,OAAOA,EAAiBrqB,MAAM,GAAGqY,KAAKrY,MAAMmM,QAAO,SAACme,EAAQ3K,GAI1D,OAHIA,EAAMiJ,UACR0B,EAAOpwB,KAAKylB,EAAMiJ,SAAS5oB,MAAM,GAAGoO,SAE/Bkc,CACT,GAAG,GACL,KAAC,EAjFuB,CAAStC,EAAAA,YAAU,gCAAhCnJ,EAAa,kBACC,iMChBuC,+kBAUrDR,EAAqB,mCAVgC,IAUhC,GAVgC,EAUhC,EAVgC,kbAUhC,iEAuC/B,OAvC+B,2CAGhC,WACE,MAAO,CACL,CAAEtjB,KAAM,QAASiB,KAAM,SAAUsc,UAAU,EAAME,MAAO,SAE5D,GAAC,iCAED,WACE,MAAO,CACL,CAAEzd,KAAM,cAAeiB,KAAM,SAAUsc,UAAU,EAAME,MAAO,gBAElE,GAAC,0BAED,WACE,OAAO+R,QAAQ9zB,KAAKwR,OAAOuiB,OAAS/zB,KAAKwR,OAAOqf,YAClD,GAAC,yBAED,SAAY7T,EAAkCwN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBtW,EAAYwN,GACvCvJ,EAAgBuJ,EAAQqI,qBAAqBtpB,MACnD,OAAO,EAAP,KACK+pB,GAAM,IACTrS,cAAAA,GAEJ,GAAC,qBAED,WACE,MAAO,CACLN,YAAa3gB,KAAKwR,OAAOmP,YACzBoT,MAAO/zB,KAAKwR,OAAOuiB,MACnBlD,YAAa7wB,KAAKwR,OAAOqf,YAE7B,GAAC,mCAED,WAAqD,WAEnD,OADoBzwB,OAAOyJ,KAAK7J,KAAKwR,QAAQiZ,QAAO,SAAAuG,GAAQ,OAAK,CAAC,QAAS,eAAe3C,SAAS2C,EAAS,IACvFtb,QAAO,SAAClE,EAAQwf,GAAQ,cAAUxf,GAAM,oBAAGwf,EAAW,EAAKxf,OAAOwf,IAAS,GAAI,CAAC,EACvG,KAAC,EAvC+B,CAVlC,QAU2CO,YAAU,wCAAxC3J,EAAqB,kBACP,8NCvB3B,UACA,UAAyC,+oBAE5BoM,EAAiB,mCAFW,IAEX,GAFW,EAEX,EAFW,kbAEX,iEAmF3B,OAnF2B,0CAC5B,WAEE,QAAuC,mBAA5Bh0B,KAAKojB,YAAYiG,QAWE,SAA1BrpB,KAAKojB,YAAY9e,OAAmBtE,KAAKojB,YAAY9e,KAAK2lB,SAAS,WAInEjqB,KAAKoB,QAAQ4uB,KAMnB,GAAC,qBAED,WAAU,WAKR,OAJahwB,KAAKiyB,YAAYvc,QAAO,SAACwa,EAAK,GAAa,IAAX5rB,EAAI,EAAJA,KAE3C,OADA4rB,EAAI5rB,GAAQ,EAAKkN,OAAOlN,GACjB4rB,CACT,GAAG,CAAC,EAEN,GAAC,yBAED,SAAYlT,EAAkCgV,GAC5C,IAyBU,EAzBJ1tB,EAAOtE,KAAKswB,UACZ3O,EAAS3hB,KAAKiyB,YAIpB,EAYIjyB,KAAKojB,YAFPiG,GARI,EAAJ1kB,KACM,EAANqW,OACG,EAAH0P,IACO,EAAPV,QACQ,EAARiK,SAEK,EAAL1qB,MAEM,EAAN8f,QACG6K,GAAI,kBAKT,OAAI7K,EACK,EAAP,OACK6K,KACGvS,EAAOne,QAAU,CAAEme,OAAAA,IAAQ,IACjC0H,QAAM,gCAAE,WAAOtkB,GAAO,gGACbiY,EAAW4H,IAAIE,QAAQ,EAAD,CAC3BkL,KAAM1rB,GACHS,KACH,2CACH,+CAKE,EAAP,GAAY/E,KAAKojB,YAEnB,GAAC,uBAED,WACE,OAAQpjB,KAAKojB,YAAY7Z,OAAS,IAC/BkhB,QAAO,YAAO,MAAgB,gBAAhB,EAAJnmB,IAAiC,IAC3C4W,IAAIiZ,EAAAA,iBACJjZ,KAAI,SAAA4G,GAGH,OADAA,EAAMvc,KAAOuc,EAAMvc,MAAQ,SACpBuc,CACT,GACJ,KAAC,EAnF2B,CAASyP,EAAAA,YAAU,yDCJjD,yPCiDO,SAA4BzP,EAAOtQ,GA+DxC,OA9DW,SAAL9L,EAAMoc,EAAOtQ,EAAQ4iB,GACzB,IAAQ9vB,EAAyCwd,EAAzCxd,KAAMiF,EAAmCuY,EAAnCvY,MAAOhE,EAA4Buc,EAA5Bvc,KAAMnE,EAAsB0gB,EAAtB1gB,QAASygB,EAAaC,EAAbD,SAC9BwS,EAAaxS,GAAYuS,EAG/B,GAAIjxB,MAAMC,QAAQmG,GAChB,OAAOA,EAAMmM,QAAO,SAACwa,EAAKlQ,GACxB,OAAOkQ,GAAOxqB,EAAGsa,EAAMxO,EAAOlN,GAAO+vB,EACvC,IAAG,GAOL,GAAIjzB,EAAS,CAEX,GAAa,WAATmE,EAAmB,CACrB,IAAM0tB,EAAiBzhB,EAAOlN,GAC9B,IAAK2uB,EACH,OAAO,EAET,IAAKA,EAAerP,GAElB,OAAO,EAET,IAAM0Q,EAAelzB,EAAQoD,MAAK,SAACsf,GAEjC,OADiBA,EAAOva,MAAM/E,MAAK,YAAO,MAAgB,OAAhB,EAAJF,IAAwB,IAC9CiF,QAAU0pB,EAAerP,EAC3C,IACA,QAAK0Q,GAGEA,EAAa/qB,MACjBkhB,QAAO,YAAW,UAAR5I,QAAyB,IACnCnM,QAAO,SAACwa,EAAK,GAAa,IAAX5rB,EAAI,EAAJA,KACd,OAAO4rB,KAAS+C,EAAe3uB,EACjC,IAAG,EACP,CAGA,IAAiB,IAAbud,EACF,OAAO,EAIT,IAAiB,IAAbA,EACF,QAASrQ,EAAOlN,GAIlB,MAAM,IAAItD,EAAAA,aAAa,yBAAD,OAA0BkJ,KAAKE,UAAU0X,IACjE,CAGA,OAAKuS,MAIK7iB,IAAUA,EAAOlN,GAC7B,CAEOoB,CAAGoc,EAAOtQ,GAAQ,EAC3B,oBA7GO,SAAS2iB,EAAgB/Q,GAC9B,GAAIjgB,MAAMC,QAAQggB,GAChB,OAAOA,EACJlI,KAAI,SAAA8E,GACH,MAAoB,iBAATA,GAAqC,iBAATA,GAAqC,kBAATA,EAC1DA,EAEFmU,EAAgBnU,EACzB,IAIJ,IADA,IAAMjgB,EAAM,CAAC,EACb,MAA2BK,OAAO0R,QAAQsR,GAAY,eAAE,CAAnD,4BAAOxf,EAAG,KAAE2F,EAAK,KACpB,GAAIA,QAIJ,GAAqB,YAAjB,aAAOA,GAAoB,CAC7B,IAAMgrB,EAAWn0B,OAAOyJ,KAAKN,GAG7B,GAAI,CAAC,QAAS,QAAQ8kB,SAASzqB,IACN,IAApB2wB,EAAS/wB,QACT,CAAC,QAAS,QAAQ6qB,SAASkG,EAAS,IACvC,CAEA,IAAMC,EAAgBL,EAAgB5qB,GACtCnJ,OAAO0R,QAAQ0iB,GAAe1qB,SAAQ,YAAkB,yBAAhBlG,EAAG,KAAE2F,EAAK,KAChDxJ,EAAI6D,GAAO2F,CACb,GACF,MAEExJ,EAAI6D,GAAOuwB,EAAgB5qB,EAE/B,MAEExJ,EAAI6D,GAAO2F,CAEf,CAEA,OAAOxJ,CACT,gCA5CA,4KCakE,+kBASrD+mB,EAAQ,mCAT6C,IAS7C,GAT6C,EAS7C,EAT6C,kbAS7C,iHAKlB,OALkB,wEAGb,CACJ,WAAc,CAAC,cAChB,EAqBA,OArBA,0CAED,WAEE,QADuB9mB,KAAKuwB,UAApBkE,UAEV,GAAC,4BAED,WACE,MAAkCz0B,KAAKwR,OAA/BkK,EAAW,EAAXA,YAAasF,EAAQ,EAARA,SACrB,GAAKtF,GAAgBsF,EAGrB,OAAOtF,GAAe,CAAE8F,SAAUR,EACpC,GAAC,iCAED,SAAoBc,GAClB,OAAO,EAAP,KACKA,EAAMF,KAAKrY,MAAM,IAAE,IACtBjF,KAAM,WACNud,SAAUC,EAAMD,UAEpB,KAAC,EA1BkB,CATrB,QAS8B0P,YAAU,2BAA3BzK,EAAQ,kBACM,8KCXuC,+kBAMrDW,EAAqB,mCANgC,IAMhC,GANgC,EAMhC,EANgC,kbAMhC,iEAqB/B,OArB+B,4CAGhC,WACE,IAAQiN,EAAgB10B,KAAKwR,OAArBkjB,YACR,GAAKA,EAGL,MAAO,CACLlT,SAAUkT,EAEd,GAAC,iCAED,SAAoB5S,GAElB,IACMxd,EAAyB,aADTtE,KAAKixB,mBAAoB1rB,KACH,cAAgB,mBAC5D,OAAO,EAAP,KACKuc,EAAMF,KAAKrY,MAAM,IAAE,IACtBjF,KAAAA,GAEJ,KAAC,EArB+B,CANlC,QAM2CitB,YAAU,wCAAxC9J,EAAqB,kBACP,mMCPqC,IAEnDL,EAA4B,mCAFuB,IAEvB,GAFuB,EAEvB,EAFuB,kbAEvB,yFAFzC,QAEkDK,uBAAqB,+CAA1DL,EAA4B,kBACd,0LCHoB,IAElCS,EAAW,mCAFuB,IAEvB,GAFuB,EAEvB,EAFuB,kbAEvB,iEAerB,OAfqB,0CAGtB,WACE,OAAO,CACT,GAAC,yBAED,WACE,MAAkC7nB,KAAKojB,YACvC,MAAO,CACL9e,KAFU,EAAJA,KAGNiB,KAHgB,EAAJA,KAIZovB,IAJqB,EAAHA,IAKlBhwB,KAL2B,EAAJA,KAO3B,KAAC,EAfqB,CAFxB,QAEiC4sB,YAAU,8BAA9B1J,EAAW,kBACG,+KCHiE,IAI/EK,EAAkB,mCAJ6D,IAI7D,GAJ6D,EAI7D,EAJ6D,kbAI7D,yFAJ/B,QAIwCgL,qBAAmB,qCAA9ChL,EAAkB,kBACJ,+MCL3B,UACA,UAEA,UAA6E,IAMhElB,EAA+B,mCANiC,IAMjC,GANiC,EAMjC,EANiC,kbAS3E,WACE5D,GAGA,QAFA5R,EAAoC,UAAH,6CAAG,CAAC,EACrCpQ,EAA4B,UAAH,6CAAG,CAAC,GAAC,qBAK9B,IAAMwzB,EAAuC,qBAH7C,cAAMxR,EAAa5R,EAAQpQ,IAGCA,QAAQigB,KAQnC,OANS,QADgB,GAAG,EAAAsP,EAAAA,iCAAgCvN,GAC1DhiB,eAAO,aADmB,EACjBqQ,MAAK,gBAAG4R,EAAS,EAATA,UAAS,OAAOA,aAAS,EAATA,EAAWzf,OAAQsd,EAAAA,iBAAiBC,aAAa,OACxDyT,GAAkB,EAAKpjB,OAAOwP,YACzD,EAAKxP,OAAOqS,eAAiB,GAAH,qBACrB,EAAKrS,OAAOqS,gBAAkB,IAAE,CACnC,CAAEjgB,IAAKsd,EAAAA,iBAAiBC,kBAE3B,CACH,CAAC,uBApByC,CAASsR,EAAAA,qBAAmB,kDAA3DzL,EAA+B,kBACjB,2MCViE,IAI/EM,EAAyB,mCAJsD,IAItD,GAJsD,EAItD,EAJsD,kbAItD,yFAJtC,QAI+CmL,qBAAmB,4CAArDnL,EAAyB,kBACX,sOCLiE,+kBAU/EP,EAAgC,mCAV+C,IAU/C,GAV+C,EAU/C,EAV+C,kbAU/C,iHAM1C,OAN0C,+HAIrC,CACJ0N,WAAY,CAAC,cACd,EA6BA,OA7BA,0CAED,WAEE,QADmBz0B,KAAKuwB,QAAQ,gBACT,EAAJ,qEACrB,GAAC,8BAED,SAAiBvE,GAAuC,UAChD6I,GAAmB,EAAH,yEAA0B7I,GAC1C8I,EAAsC,QAAtB,EAAG90B,KAAKizB,sBAAc,aAAnB,EAAqB1pB,MAAMqY,KAAKrY,MAAM/E,MAAK,YAAO,MAAgB,eAAhB,EAAJF,IAAgC,IAKjGywB,EAAkB/0B,KAAKwR,OAAOof,aAClCkE,aAAgB,EAAhBA,EAAkBvrB,SAAmBurB,SAAyB,QAAT,EAAhBA,EAAkB1zB,eAAO,OAAK,QAAL,EAAzB,EAA4B,UAAE,WAAd,EAAhB,EAAgCmI,OAEvE,OAAIwrB,EACK,EAAP,KACKF,GAAgB,IACnBjE,WAAYmE,IAITF,CACT,GAAC,8BAED,WACE,MAAO,CAAEvwB,KAAM,WAAYiB,KAAM,SACnC,KAAC,EAnC0C,CAV7C,QAUsDktB,qBAAmB,mDAA5D1L,EAAgC,kBAClB,uMCXuC,IAKrDoB,EAAmB,mCALkC,IAKlC,GALkC,EAKlC,EALkC,kbAKlC,iEAK7B,OAL6B,0CAG9B,WACE,OAAO,CACT,KAAC,EAL6B,CALhC,QAKyCoJ,YAAU,sCAAtCpJ,EAAmB,kBACL,0MCNuC,+kBASrDR,EAAuB,mCAT8B,IAS9B,GAT8B,EAS9B,EAT8B,kbAS9B,iEA8CjC,OA9CiC,0CAGlC,WACE,GAAI3nB,KAAKwR,OAAO+C,QACd,OAAO,EAGT,GAAIvU,KAAKwR,OAAOyP,cAAe,CAC7B,MAAwBjhB,KAAKwR,OAAOyP,cAA5B2C,EAAE,EAAFA,GAAIrP,EAAO,EAAPA,QACZ,GAAMqP,GAAQrP,EACZ,OAAO,CAEX,CAEA,OAAO,CACT,GAAC,yBAED,SAAYyI,EAAkCwN,GAC5C,IAAM8I,GAAS,EAAH,oEAAqBtW,EAAYwN,GACvCvJ,EAAgBuJ,EAAQqI,qBAAqBtpB,MACnD,OAAO,EAAP,KACK+pB,GAAM,IACTrS,cAAAA,GAEJ,GAAC,qBAED,WAAU,MAGR,MAAO,CACLA,cAAe,CACb2C,GAHqB5jB,KAAKojB,YAAa7Z,MAAO,GAAGA,MAG5BqY,KAAKrY,MAAM,GAAGA,MACnCgL,SAAmC,QAA1B,EAACvU,KAAKwR,OAAOyP,qBAAa,aAA1B,EAA8C1M,UAAWvU,KAAKwR,OAAO+C,SAEhFoM,YAAa3gB,KAAKwR,OAAOmP,YAG7B,GAAC,mCAED,WAAuD,WACrD3gB,KAAKwR,QAAS,EAAH,sFACJxR,KAAKwR,OAAOqS,eACnB,IAAMmR,EAAYh1B,KAAKwR,OAAO+C,QAAU,UAAY,gBAEpD,OADoBnU,OAAOyJ,KAAK7J,KAAKwR,QAAQiZ,QAAO,SAAAuG,GAAQ,OAAIA,IAAagE,CAAS,IACjEtf,QAAO,SAAClE,EAAQwf,GAAQ,cAAUxf,GAAM,oBAAGwf,EAAW,EAAKxf,OAAOwf,IAAS,GAAI,CAAC,EACvG,KAAC,EA9CiC,CATpC,QAS6CO,YAAU,0CAA1C5J,EAAuB,kBACT,8KCVuC,IAMrDG,EAAI,mCANiD,IAMjD,GANiD,EAMjD,EANiD,kbAMjD,iEAKd,OALc,0CAGf,WACE,QAAS9nB,KAAKwR,OAAOyjB,MAA8B,SAAtBj1B,KAAKoB,QAAQ4uB,IAC5C,KAAC,EALc,CANjB,QAM0BuB,YAAU,uBAAvBzJ,EAAI,kBACU,2CCP3B,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oLACA,oOCnBO,SAAsBoN,GAAgC,MAC3D,OAA2B,QAA3B,EAAOA,EAAe3rB,aAAK,aAApB,EAAsB2R,KAAI,SAAAia,GAAC,OAAIA,EAAE7wB,IAAI,GAC9C,oCAeO,SACL8e,GAGA,OAAOA,EAAY7Z,MAAO/E,MAAK,YAAO,MAAgB,kBAAhB,EAAJF,IAAmC,GACvE,sBAlBO,SAA2B4wB,GAAgC,MAChE,OAA2B,QAA3B,EAAOA,EAAe3rB,aAAK,aAApB,EAAsBmM,QAAO,SAACmM,EAAUuT,GAI7C,OAHIA,EAAIvT,UACNA,EAASpe,KAAK2xB,EAAI9wB,MAEbud,CACT,GAAG,GACL,cAEO,SAAmB9L,GACxB,OAAOA,EAAIsf,OAAO,GAAGC,cAAgBvf,EAAIwf,UAAU,EACrD,yDCkRC,SAEyB,GAAD,2EAlSzB,UACA,UACA,SAEA,UAUA,UACA,UAMgB,2kBAuBhB,SAASC,EAAiBp0B,GAExB,IASMoQ,EAAS,EAAH,GAAQpQ,GAIpB,MAbqB,CACnB,OACA,cACA,UACA,kBACA,OACA,uBACA,yBAGW0I,SAAQ,SAAAga,UACZtS,EAAOsS,EAChB,IACOtS,CACT,CAEA,SAASikB,EAAezY,EAAkC/c,GAAwB,QAC1EmB,EAAYnB,EAAZmB,QAKN,EAJAA,EAAU,EAAH,KACF4b,EAAW5b,QAAQwjB,KACnBxjB,GAGHigB,EAAI,EAAJA,KACAhgB,EAAe,EAAfA,gBACAgkB,EAAW,EAAXA,YACAhB,EAAO,EAAPA,QAGIlkB,EAASu1B,EAAAA,UAAUC,QAIzB,GADAtU,EAAOA,IAA8B,QAA1B,GAAI,EAAArE,EAAW4H,KAAI8B,eAAO,aAAtB,YAA8B,UACnC,SACc,QAAtB,KAAA1J,EAAW4H,KAAI6B,eAAO,OAAtB,SAAyBpF,GACzB,IAAM8C,GAAW,EAAAC,EAAAA,sBAAqBpH,EAAYqE,GAElDhgB,OAA8C,IAApBA,EAAmCA,EAAkB8iB,EAAS9iB,gBACxFgkB,EAAcA,GAAelB,EAASkB,YACtChB,EAAUA,GAAWF,EAASE,OAChC,CAEA,OAAO,EAAP,KACKpkB,GAAI,IACPmB,QAAS,EAAF,KACFA,GAAO,IACVigB,KAAAA,EACAhgB,gBAAAA,EACAgkB,YAAAA,EACAhB,QAAAA,IAEFlkB,OAAAA,GAEJ,CAAC,SAEcy1B,EAAsB,EAAD,+CA4CnC,OA5CmC,gCAApC,WAAqC5Y,EAAkC/c,GAAa,6GAiBO,GAhBjFmB,EAAYnB,EAAZmB,QAENuf,EAWEvf,EAXFuf,YACAtf,EAUED,EAVFC,gBACAyb,EASE1b,EATF0b,QACAnO,EAQEvN,EARFuN,MACA0d,EAOEjrB,EAPFirB,OACAI,EAMErrB,EANFqrB,cACAD,EAKEprB,EALForB,gBACAE,EAIEtrB,EAJFsrB,OACAC,EAGEvrB,EAHFurB,UACAC,EAEExrB,EAFFwrB,MACA/L,EACEzf,EADFyf,qBAIEnJ,GAAO,EAAAyO,EAAAA,yBAAwBnJ,EAAY,CAAErO,MAAAA,EAAO8d,cAAAA,EAAeD,gBAAAA,KAEnE7L,EAAa,CAAF,gCACO,EAAAxe,EAAAA,YAAW6a,EAAY,CAAE3b,gBAAAA,EAAiByb,QAAAA,EAAS6D,YAAAA,EAAaE,qBAAAA,IAAuB,OAA3GqJ,EAAc,EAAH,4BAEoC,GAA3CtJ,EAAwB,QAAP,EAAGlJ,SAAI,aAAJ,EAAMkJ,kBACN,CAAF,gBAEkB,OAAtC5D,EAAWiH,mBAAmB4R,QAAQ,WACP,EAAArQ,EAAAA,UAASxI,EAAY,CAClD3b,gBAAAA,EACAsN,MAAAA,EACA0d,OAAAA,EACAG,gBAAAA,EACAC,cAAAA,EACAC,OAAAA,EACAC,UAAAA,EACAC,MAAAA,IACA,QATIkJ,EAAmB,EAAH,KAUtBlV,EAAoBkV,EAAiBlV,kBACrClJ,EAAOoe,EAAiBpe,KAAK,0BAIX,EAAAvV,EAAAA,YAAW6a,EAAY,CAAE3b,gBAAAA,EAAiByb,QAAAA,EAAS8D,kBAAAA,EAAmBC,qBAAAA,IAAuB,QAAjHqJ,EAAc,EAAH,6CAEDjqB,GAAI,IAAEiqB,YAAAA,EAAaxS,KAAAA,KAAI,6CACpC,+BAEcqe,EAAqB,EAAD,+CA8ClC,OA9CkC,gCAAnC,WAAoC/Y,EAAkC/c,GAAa,qGAgBG,GAdlFiqB,EAGEjqB,EAHFiqB,YACA9oB,EAEEnB,EAFFmB,QACAoQ,EACEvR,EADFuR,OAIAmd,EAMEvtB,EANFutB,cACAtJ,EAKEjkB,EALFikB,YACAhB,EAIEjjB,EAJFijB,QACAhD,EAGEjgB,EAHFigB,KACA2O,EAEE5uB,EAFF4uB,KACAnP,EACEzf,EADFyf,sBAGyC,IAAlB8N,IAA4BtJ,GAAehB,GAAW2L,GACzD,CAAF,wCACX/vB,GAAI,OAMX,OAHFuR,EAAS,EAAH,KACDA,GAAM,IACTmP,YAAauJ,EAAa4B,YAAYnL,cACtC,UAOQ,EAAA0O,EAAAA,WACRrS,EACAkN,EACA1Y,EACA,CACE6T,YAAAA,EACAhB,QAAAA,EACAhD,KAAAA,EACA2O,KAAAA,EACAnP,qBAAAA,IAEH,OACwC,OADxC,SAdcmV,EAA0B,EAAvC9L,YACAuE,EAAQ,EAARA,SACAoB,EAAQ,EAARA,SAaF3F,EAAc8L,EAA2B,yBAE7B/1B,GAAI,IAAEiqB,YAAAA,EAAauE,SAAAA,EAAUoB,SAAAA,KAAQ,6CAClD,+BAEcoG,EAAU,EAAD,+CAoBvB,OApBuB,gCAAxB,WAAyBjZ,EAAkC/c,GAAa,iGAS9D,OARFyX,EAAsBzX,EAAtByX,KAAMwS,EAAgBjqB,EAAhBiqB,YACJzB,EAAoByB,EAApBzB,gBAEN5X,GAFqB,EAQnB6G,GANF7G,SACAwX,EAAY,EAAZA,aACA6N,EAAe,EAAfA,gBACA9J,EAAW,EAAXA,YACA+J,EAAI,EAAJA,KACA9J,EAAM,EAANA,OAAM,SAEoBrP,EAAWjP,MAAM2a,sBAAsB,CACjED,gBAAAA,EACA5X,SAAAA,EACAwX,aAAAA,EACA6N,gBAAAA,EACA9J,YAAAA,EACAC,OAAAA,GACC8J,GAAK,OAPW,OAAbC,EAAgB,EAAH,uBAQZA,EAAcviB,QAAM,4CAC5B,+BAEcwiB,EAAa,EAAD,+CAuE1B,OAvE0B,gCAA3B,WAA4BrZ,EAAkC/c,GAAa,2GAwBxE,GAtBCmB,EAIEnB,EAJFmB,QACA8oB,EAGEjqB,EAHFiqB,YACA2F,EAEE5vB,EAFF4vB,SACA1vB,EACEF,EADFE,OAEMuoB,EAA0BtnB,EAA1BsnB,sBACJ4N,GAAqB,EACrBC,GAAyB,EACzBC,GAAqB,EAQrBtM,IACFoM,KAAwBpM,EAAYtB,oBAAqBsB,EAAYC,QACrEyE,GAAkB,EAAA6H,EAAAA,oBAAmBvM,GACrCwM,GAAiB,EAAAC,EAAAA,mBAAkB3Z,EAAYkN,EAAa9oB,EAAQyf,sBACpEsR,GAAW,EAAAyE,EAAAA,yBAAwB1M,EAAa9oB,GAChD0uB,GAAW,EAAAC,EAAAA,oBAAmB7F,KAG5B4F,EAAU,CAAF,gBACV3vB,EAASu1B,EAAAA,UAAUmB,SAMbC,EAAa12B,OAAOyJ,KAAKqgB,EAAa7F,SAAS7gB,OAAS,EACxDuzB,IAAc5E,EAAS3tB,MAAK,SAAAoH,GAAG,MAAkB,UAAdA,EAAIorB,KAAiB,IACnCF,GAAeC,IAAgD,IAAnC7M,EAAatB,kBAKlE0N,IAAuBQ,EAHvBP,GAAyB,EAM3BC,GAAqB,EAAM,4BAClB3G,EAAU,CAAF,gBACjB1vB,EAASu1B,EAAAA,UAAUuB,SACnBV,GAAyB,EAAK,2BACrBrM,UAAAA,EAAazB,gBAAe,iBACS,GAA9CA,EAAkByB,EAAYzB,iBACA,IAA1BC,EAA+B,iBACjCvoB,EAASu1B,EAAAA,UAAUwB,QACnBX,GAAyB,EAAM,yCAEhBN,EAAUjZ,EAAY/c,GAAK,QAA1C4T,EAAS,EAAH,KACN1T,EAASu1B,EAAAA,UAAUwB,QACnBX,GAAyB,EAAK,wCAI7Bt2B,GAAI,IACPE,OAAAA,EACAsoB,gBAAAA,EACA5U,OAAAA,EACAyiB,mBAAAA,EACAC,uBAAAA,EACAC,mBAAAA,EACA5H,gBAAAA,EACA8H,eAAAA,EACAvE,SAAAA,EACArC,SAAAA,KAAQ,6CAEX,sBAEwB,aAuExB,OAvEwB,gCAAlB,WACL9S,GAAgC,+IAQQ,OALpC/c,EAAgB,CAClBmB,QAHFA,EAAsB,EAAH,6BAAG,CAAC,EAIrBoQ,OAAQgkB,EAAiBp0B,IAG3BnB,EAAOw1B,EAAezY,EAAY/c,GAAM,SAC3B21B,EAAsB5Y,EAAY/c,GAAK,OAAhD,OAAJA,EAAO,EAAH,cACS81B,EAAqB/Y,EAAY/c,GAAK,OAA/C,OAAJA,EAAO,EAAH,eACSo2B,EAAarZ,EAAY/c,GAAK,QAsC+C,OAtC1FA,EAAO,EAAH,KAGFiqB,GAHE,EAgBAjqB,GAbFiqB,YACAxS,EAAI,EAAJA,KACA4e,EAAkB,EAAlBA,mBACAC,EAAsB,EAAtBA,uBACAC,EAAkB,EAAlBA,mBACAr2B,EAAM,EAANA,OACAyuB,EAAe,EAAfA,gBACA8H,EAAc,EAAdA,eACA7iB,EAAM,EAANA,OACA4a,EAAQ,EAARA,SACA0D,EAAQ,EAARA,SACApjB,EAAK,EAALA,MACA0Z,EAAe,EAAfA,gBAGE8N,EACFvZ,EAAWiH,mBAAmB4R,MAAM,CAAEW,mBAAAA,MAItC,EAAAlQ,EAAAA,qBAAoBtJ,EAAY,EAAF,GAAOtF,IAEjC4e,IAEmB5V,GAFC,EAEqCwJ,GAAnD4B,YAA6BlD,EAAiB,EAAjBA,kBACrC5L,EAAWiH,mBAAmBkT,gBAAgB,CAC5CzW,eAAAA,EACAkI,kBAAAA,EACAjI,YAAiC,QAAtB,EAAEuJ,EAAaM,eAAO,aAApB,EAAsB7J,YACnCC,kBAAmBlJ,aAAI,EAAJA,EAAMkJ,sBAMvByD,GAHP,EAG8F6F,GAAe,CAAC,GAAvG7F,QAASmG,EAAO,EAAPA,QAASkB,EAAe,EAAfA,gBAAiB5G,EAAO,EAAPA,QAASgH,EAAW,EAAXA,YAAalD,EAAiB,EAAjBA,kBAAmBuB,EAAM,EAANA,OAAM,qCAExFhqB,OAAQA,GACJuX,GAAQ,CAAEA,KAAAA,IACVkX,GAAmB,CAAEA,gBAAAA,IACrB8H,GAAkB,CAAEA,eAAAA,IACpB7iB,GAAU,CAAEA,OAAAA,IACZ4a,GAAY,CAAEA,SAAAA,IACd0D,GAAYA,EAAS3uB,QAAU,CAAE2uB,SAAAA,IACjCpjB,GAAS,CAAEA,MAAAA,IACXob,GAAU,CAAEA,OAAAA,IAAQ,IACxB1B,gBAAAA,EAGApE,QAASA,EACTmG,QAASA,EACTkB,gBAAiBA,EACjB5G,QAASA,EACTgH,YAAaA,EACblD,kBAAAA,KAAiB,4CAEpB,6FC3W2B,SAGW,GAAD,2EAHtC,UAA4B,2kBAGU,aAWrC,OAXqC,gCAA/B,WACL5L,GAAgC,yFAIM,OAHtC5b,EAAwB,EAAH,6BAAG,CAAC,EAGzB4b,EAAWiH,mBAAmB4R,QAAQ,mBAE/B,EAAAzU,EAAAA,KAAIpE,EAAY,EAAF,CACnB0L,uBAAuB,GACpBtnB,KACH,2CACH,oGCjBM,WAGL,OAAO,SAAP,0BALgD,IAKhD,GALgD,EAKhD,EALgD,kbAO9C,WAAYg2B,EAA8C3sB,EAA8B/I,GAA0B,wCAC1G01B,EAAuB3sB,EAAe/I,EAC9C,CAqDC,OArDA,mDAKD,SAAsBN,GACpB,IAAIO,EACJ,IAAI,EAAA2Y,EAAAA,aAEF,IACE3Y,EAAU3B,KAAK0B,YAAYwG,iBAAiB,SAAU9G,EACxD,CAAE,MAAO6D,IAGP,EAAA2D,EAAAA,MAAK,0IACP,KACK,CAEL,IAAMyuB,EAAqBr3B,KAAKs3B,sBAAsBl2B,GAClDi2B,IACF11B,EAAU,CACR0H,QAAS,SAACzF,GACR,IAAMuqB,EAAckJ,EAAmBjY,aACvC,OAAI+O,GAAeA,EAAYvqB,GACtBuqB,EAAYvqB,GAEd,IACT,EACA0F,QAAS,SAAC1F,EAAKktB,GACb,IAAM3C,EAAckJ,EAAmBjY,aACvC,IAAK+O,EACH,MAAM,IAAIntB,EAAAA,QAAa,yDAEzBmtB,EAAYvqB,GAAOktB,EACnBuG,EAAmB9W,WAAW4N,EAChC,EACAzkB,WAAY,SAAC9F,GACX,IAAMuqB,EAAckJ,EAAmBjY,aAClC+O,WAGEA,EAAYvqB,GACnByzB,EAAmB9W,WAAW4N,GAChC,GAGN,CAEA,OAAKxsB,EAIE,IAAI41B,EAAAA,YAAY51B,EAAS61B,EAAAA,2BAHvB,IAIX,KAAC,EAzDI,EADoB,EAAAC,EAAAA,4BA4D7B,uEAtEA,UACA,UACA,UAEA,SACA,SACA,qFCiGO,SAA+Bza,GACpCA,EAAWiH,mBAAmB4R,OAChC,6EAvBC,SAEwC,EAAD,+DAzCjC,SACL7Y,EACA5b,GAEA,IAAMs2B,EAAYvR,EAAwBnJ,EAAY5b,GACtD,QAAIs2B,UAAAA,EAAW9W,kBAIjB,0HA+CO,SAA8B5D,EAAkCtF,GACrEsF,EAAWiH,mBAAmB0T,KAAKjgB,EAAM,CAAEkgB,aAAa,GAC1D,6CAzFA,SACA,UAA+D,olBAGzCxR,EAAsB,GAAD,4CAyB1C,OAzB0C,gCAApC,WACLpJ,GAAgC,yHACO,OAAvC5b,EAAqC,EAAH,6BAAG,CAAC,EAAC,SAEb4b,EAAWjP,MAAM8pB,mBAAmBz2B,GAAQ,OAkB3D,OAlBL02B,EAAc,EAAH,KACXC,GAAW,EAAAC,EAAAA,iBAAgBhb,EAAY8a,GAAY,SAQhD9a,EAAW5b,SAAYA,GAAO,IANrCigB,KAAAA,OAAI,IAAG,YAAS,MAChBhgB,gBAAAA,OAAe,IAAG,GAAI,MACtBmrB,gBAAAA,OAAe,IAAG,OAAAtsB,EAAS,MAC3BusB,cAAAA,OAAa,IAAG,OAAAvsB,EAAS,MACzBwsB,OAAAA,OAAM,IAAG,OAAAxsB,EAAS,MAClBysB,UAAAA,OAAS,IAAG,OAAAzsB,EAAS,EAGjBwX,EAA2B,EAAH,KACzBqgB,GAAQ,IACX1W,KAAAA,EACAhgB,gBAAAA,EACAmrB,gBAAAA,EACAC,cAAAA,EACAC,OAAAA,EACAC,UAAAA,IAAS,kBAEJjV,GAAI,2CACZ,wBAcM,SAASyO,EACdnJ,EACA5b,GAIA,IAAIs2B,EAFJt2B,GAAU,EAAAgG,EAAAA,YAAWhG,GACrBA,EAAU,EAAH,KAAQ4b,EAAW5b,SAAYA,GAEtC,IACEs2B,EAAY1a,EAAWiH,mBAAmBC,KAAK9iB,EACjD,CAAE,MAAO6D,GAET,CAEA,GAAKyyB,EAIL,OAAIlR,EAAuBkR,EAAWt2B,GAC7Bs2B,OAMT,EAAA9uB,EAAAA,MAAK,8HAGP,CAEwC,aAavC,OAbuC,gCAAjC,WACLoU,EACA5b,GAAmC,6EAKmC,GAHtEA,GAAU,EAAAgG,EAAAA,YAAWhG,GACrBA,EAAU,EAAH,KAAQ4b,EAAW5b,SAAYA,KAEhC62B,EAAoB9R,EAAwBnJ,EAAY5b,IACvC,CAAF,wCACZ62B,GAAiB,gCAGnB7R,EAAsBpJ,EAAY5b,IAAQ,4CAClD,sBAUM,SAASolB,EAAwB9O,GAAyD,IAAnDtW,EAAkC,uDAAI,CAAC,EAYnF,OAA8D,IAA1D82B,EAAiCxgB,EAAMtW,EAV9B,CACX,SACA,WACA,cACA,QACA,gBACA,sBACA,kBACA,oBAQgD,IAA9C+2B,EAA8BzgB,EADjBtW,EAATigB,KAMV,CAEO,SAAS8W,EAA8BzgB,EAAM2J,GAGlD,QAD2BA,GAAiB,YAATA,GAA+B,YAATA,IAEnDA,IAAS3J,EAAK2J,IAMtB,CAEO,SAAS6W,EAAiCxgB,EAAMtW,EAASyI,GAS9D,OANiBA,EAAK4H,MAAK,SAAA7N,GACzB,IAAM2F,EAAQnI,EAAQwC,GACtB,GAAI2F,GAASA,IAAUmO,EAAK9T,GAC1B,OAAO,CAEX,GAEF,uCCjGY8xB,EAQAxU,EAmDA2N,uEAsCL,SAAyB5rB,GAC9B,OAAOA,IAAQA,EAAIW,KAAOX,EAAI2gB,GAChC,EAnGqB,uBAAT8R,GAAAA,EAAS,kBAATA,EAAS,kBAATA,EAAS,kBAATA,EAAS,oBAATA,EAAS,qBAATA,IAAS,YAATA,EAAS,KAQO,8BAAhBxU,GAAAA,EAAgB,8BAAhBA,EAAgB,wBAAhBA,EAAgB,4BAAhBA,EAAgB,kCAAhBA,EAAgB,sCAAhBA,EAAgB,0BAAhBA,EAAgB,qBAAhBA,IAAgB,mBAAhBA,EAAgB,KAmDN,wBAAV2N,GAAAA,EAAU,qCAAVA,EAAU,8BAAVA,EAAU,0BAAVA,EAAU,iCAAVA,IAAU,aAAVA,EAAU,qCC2Hf,SAASpO,EAAiBxd,GAC/B,OAAOA,GAAOA,EAAI6Z,OACpB,iBAgCO,SAAuB7Z,GAC5B,OAAOA,GAAOwd,EAAiBxd,EAAI6oB,YACrC,0DCxQA,oLACA,oLAeA,oLAKA,2SCZiB,SAEmB,GAAD,2EAXnC,UACA,UACA,UACA,UACA,UAKiB,2kBAEkB,aAgBlC,OAhBkC,gCAA5B,WACL9O,GAAgC,6FAED,IAFG5b,EAAgC,EAAH,6BAAG,CAAC,GAE3DigB,KAAO,iBAGV,EAAAqN,EAAAA,2BAA0B1R,GAAa,CAAF,gCACN,EAAAuI,EAAAA,kBAAiBvI,EAAY,EAAF,KAAO5b,GAAO,IAAEutB,eAAe,KAAQ,OAA7E,GAA6E,WAA5FC,EAAe,EAAfA,kBACgBA,EAAgBP,SAASQ,EAAAA,WAAWuJ,gBAAe,sBACnE,IAAIp3B,EAAAA,aACR,yFACD,iCAIE,EAAAogB,EAAAA,KAAIpE,EAAY,EAAF,GAAO5b,KAAU,4CACvC,qICoKM,SACL8oB,EACAmO,EACA7mB,GAEA,IACM4R,GADe8G,EAAYwB,iBAAmB,IACnBlnB,MAAK,SAAA2wB,GAAC,OAAIA,EAAE7wB,OAAS+zB,CAAe,IACrE,OAAKjV,EAOwBA,EAAY7Z,MAAOmM,QAAO,SAAC3V,EAAKqvB,GAC3D,IAAQ9qB,EAAgB8qB,EAAhB9qB,KAAMiF,EAAU6lB,EAAV7lB,MAMd,OAJExJ,EAAIuE,GADO,gBAATA,EACUiF,EAEAiI,EAAOlN,GAEdvE,CACT,GAAG,CAAC,KAbF,EAAA6I,EAAAA,MAAI,uCAAiCyvB,EAAe,qCAC7C7mB,EAcX,sBAnFO,SACLwL,EACAkN,EACArJ,GAEA,IAWmD,EAX7C9gB,EAAkB,GAElBu4B,EAAuDl4B,OAAOoR,OAAO+mB,EAAIlT,aAC5E3P,QAAO,SAACwF,EAAKsd,GAKZ,OAHIA,EAAgBH,kBAClBnd,EAAIsd,EAAgBH,iBAAmBG,GAElCtd,CACT,GAAG,CAAC,GAAG,IAEegP,EAAYwB,iBAAe,IAAnD,IAAK,EAAL,qBAAqD,KAA5CtI,EAAW,QACZqV,EAAIC,EAAmBtV,EAAa,CAAEvC,qBAAAA,EAAsBwE,YAAaiT,IAC/E,GAAIG,EAAG,CACL,IAAMnJ,EAAyB,IAAImJ,EAAErV,GACrCrjB,EAAI0D,KAAM6rB,EAAWe,YAAYrT,EAAYkN,EAAYM,SAC3D,CACF,CAAC,+BAED,IAFC,iBAEI,IAGK,EAHElmB,GAAP,qBAAW,GACVq0B,EAAU,CACZr0B,KAAAA,EACA+kB,QAAM,gCAAE,WAAOtkB,GAAO,gGACbiY,EAAW4H,IAAIE,QAAQ,CAC5BT,QAAS,CAAC,CAAE/f,KAAAA,EAAMS,OAAAA,OAClB,2CACH,8CAEH,GAAIT,EAAKs0B,WAAW,wBAAyB,OAC3C,GAAuB,EAAAC,EAAAA,QAAOv0B,EAAM,KAAI,qBAAjCw0B,EAAK,KAAEC,EAAK,KACbC,EAAY9O,EAAY4B,YAAYgN,GAAOvvB,MAAMwvB,GAQlD7E,GACD8E,EANFr0B,KAMEq0B,EALFhe,OAKEge,EAJFtO,IAIEsO,EAHFhP,QAGEgP,EAFF/E,UACO,aACL+E,EAAS,IAEPzvB,EAAuB,QAAlB,EAAGyvB,EAAUzvB,aAAK,aAAf,EAAiBkhB,QAAO,SAAAzK,GAAI,MAAkB,gBAAdA,EAAK1b,IAAsB,IACzEq0B,EAAU,EAAH,OACFzE,GACC3qB,GAAS,CAAEA,MAAAA,IACZovB,EAEP,CACA54B,EAAI0D,KAAKk1B,EAAS,EA7BpB,MAAqBv4B,OAAO0R,QAASoY,EAAY7F,SAAW,CAAC,GAAG,eAAE,IAgClE,OAAOtkB,CACT,uBAhFO,SAA4BmqB,GACjC,IAAMnqB,EAAM,GACJskB,EAA6B6F,EAA7B7F,QAASqH,EAAoBxB,EAApBwB,gBAkBjB,OAhBIrH,EAAQ,iCACVtkB,EAAI0D,KAAKorB,EAAAA,WAAWoK,mBAGlBvN,EAAgBja,MAAK,YAAO,MAAgB,0BAAhB,EAAJnN,IAA2C,KACrEvE,EAAI0D,KAAKorB,EAAAA,WAAWC,cAGlBpD,EAAgBja,MAAK,YAAO,MAAgB,iBAAhB,EAAJnN,IAAkC,KAC5DvE,EAAI0D,KAAKorB,EAAAA,WAAWqK,YAGlBxN,EAAgBja,MAAK,YAAO,MAAgB,mBAAhB,EAAJnN,IAAoC,KAC9DvE,EAAI0D,KAAKorB,EAAAA,WAAWuJ,gBAGfr4B,CACT,yBAzGO,SAA8BgoB,GAAkE,IAAlC1G,EAAuB,UAAH,6CAAG,UAC1F,OAAOkX,EAAInU,qBAAqB2D,EAAU1G,EAC5C,8HAiRO,SACLrE,EACAkN,GAEqB,IADrB9oB,EAAU,UAAH,6CAAG,CAAC,EAEL0uB,EAAWC,EAAmB7F,GAC9BiI,EAAWyE,EAAwB1M,EAAa9oB,GACtD,GAAI0uB,EACF,MAAO,CAAE5F,YAAAA,EAAa4F,SAAAA,EAAUqC,SAAAA,GAEhC,IAAM7C,EAAaC,EAAcrF,EAAa,CAAC,EAAG9oB,GAC5CqtB,EAAWa,GAAce,EAAYrT,EAAYsS,EAAYpF,GACnE,OAAO,EAAP,CACEA,YAAAA,EACAiI,SAAAA,GACI1D,GAAY,CAAEA,SAAAA,GAIxB,6CA1SO,SAA2B0K,GAChC/4B,OAAOC,OAAOk4B,EAAKY,EACrB,kFApCA,SAEA,UACA,UASiB,ioDAQjB,IAAMZ,EAGF,CAEFlT,YAAa,CAAC,EACdjB,qBAAsB,SAASgV,GAC7B,MAAO,CACL/T,YAAa,CAAC,EAElB,GAYK,SAAS0K,EAAmB7F,GACjC,IAAQwB,EAAqCxB,EAArCwB,gBAAiBjD,EAAoByB,EAApBzB,gBACzB,OAAQiD,EAAgBloB,SAAWilB,CACrC,CAEO,SAAS4Q,EAAUnP,GACxB,OAAOA,EAAYwB,gBAAgBja,MAAK,YAAO,MAAgB,SAAhB,EAAJnN,IAA0B,GACvE,CAEO,SAASg1B,EAAYpP,GAC1B,OAAO9pB,OAAOyJ,KAAKqgB,EAAY7F,SAAS5S,MAAK,SAAA0d,GAAU,OAAIA,EAAWd,SAAS,SAAS,GAC1F,CAEO,SAASkL,EACdhwB,GAEA,GAAKA,GAAUpG,MAAMC,QAAQmG,GAG7B,OAAOA,EAAMmM,QAAO,SAACyc,EAAU5oB,GAI7B,GAHIA,EAAM4oB,WACRA,EAAW,GAAH,qBAAOA,IAAQ,aAAK5oB,EAAM4oB,SAAS5oB,SAEzCA,EAAMqY,KAAM,CACd,IAAM4X,EAAmBD,EAAmChwB,EAAMqY,KAAKrY,QAAU,GACjF4oB,EAAW,GAAH,qBAAOA,IAAQ,aAAKqH,GAC9B,CACA,GAAIjwB,EAAMnI,QAAS,CACjB,IAAIq4B,EAAe,GACnBlwB,EAAMnI,QAAQ0I,SAAQ,SAAAga,GACfA,EAAOva,OAAiC,iBAAjBua,EAAOva,QAGnCkwB,EAAe,GAAH,qBAAOA,GAAY,CAAE3V,EAAOva,QAC1C,IACA,IAAMmwB,EAAsBH,EAAmCE,IAAiB,GAChFtH,EAAW,GAAH,qBAAOA,IAAQ,aAAKuH,GAC9B,CACA,OAAOvH,CACT,GAAG,GACL,CAEO,SAASyE,EAAwB1M,EAA0B9oB,GAAmC,MAC/F+wB,EAAyB,GACrBrG,EAAiC5B,EAAjC4B,YAAaJ,EAAoBxB,EAApBwB,gBAGfiO,EAAqC,QAAvB,EAAG7N,EAAYqG,gBAAQ,aAApB,EAAsB5oB,MAAM2R,KAAI,SAAAvD,GAAO,OAAIA,CAAO,IAQzE,GAPIgiB,IACFxH,EAAW,GAAH,qBAAOA,IAAQ,aAAKwH,MAMzBv4B,EAAQyf,qBAAsB,KACM,EADN,IACT6K,GAAe,IAAvC,IAAK,EAAL,qBAAyC,KACjCkO,EAAgBL,EADJ,QACmDhwB,OACjEqwB,IACFzH,EAAW,GAAH,qBAAOA,IAAQ,aAAKyH,IAEhC,CAAC,+BACH,CAGA,IAAMC,EAAO,CAAC,EAWd,OAVW1H,EAASzc,QAAO,SAACokB,EAAUniB,GAAY,MAC1C/T,EAAkB,QAAf,EAAG+T,EAAQoiB,YAAI,aAAZ,EAAcn2B,IAC1B,OAAIA,GAAOi2B,EAAKj2B,IAAQ+T,EAAQA,UAAYkiB,EAAKj2B,GAAK+T,QAC7CmiB,GAETD,EAAKj2B,GAAO+T,EACZmiB,EAAW,GAAH,qBAAOA,GAAQ,CAAEniB,IAE3B,GAAG,GAGL,CA+GA,SAAS+gB,EAAmBtV,EAA6BhiB,GACvD,IAAQyf,EAAsCzf,EAAtCyf,qBAAsBwE,EAAgBjkB,EAAhBikB,YAE9B,GAAKjC,EAIL,OAAIvC,EACKmT,EAAAA,kBAIF3O,EAAajC,EAAY9e,KAClC,CAIO,SAASirB,EACdrF,EACA1Y,EACApQ,GAGA,IAIIkuB,EAJEjK,EAAcjkB,EAAQikB,YACtBxE,EAAuBzf,EAAQyf,qBACbmZ,EAA4B9P,EAA7CwB,gBAAkClB,EAAWN,EAAXM,QAIzC,IAAIppB,EAAQ4uB,KAAZ,CAaA,IAAMiK,EAAqC,GAC3C,GAAIpZ,EAEFoZ,EAAqBx2B,KAAK,IAAIuwB,EAAAA,kBAAkBgG,EAAgB,GAAIxoB,EAAQpQ,QACvE,KACkC,EADlC,IACmB44B,GAAe,IAAvC,IAAK,EAAL,qBAAyC,KAAhC5W,EAAW,QAElB,GAD2BhjB,OAAOyJ,KAAKwb,GAAuBgJ,SAASjL,EAAY9e,MACnF,CAOA,IADAgrB,EAAa,IADHoJ,EAAmBtV,EAAahiB,GAC7B,CAAMgiB,EAAa5R,EAAQpQ,IACzBgvB,aAAa5F,GAE1B,OAAO8E,EAIT2K,EAAqBx2B,KAAK6rB,EAX1B,CAYF,CAAC,+BACH,CAEA,OAAO2K,EAAqB,EA1B5B,CATE,IAAM7W,EAAc4W,EAAgBx1B,MAAK,YAAO,SAAJF,OAAoBlD,EAAQ4uB,IAAI,IAC5E,GAAI5M,EAAa,CACf,IAAMqV,EAAIC,EAAmBtV,EAAahiB,GAC1C,OAAOq3B,EAAI,IAAIA,EAAErV,EAAa5R,EAAQpQ,QAAWlB,CACnD,EAEE,EAAA0I,EAAAA,MAAI,gBAAUxH,EAAQ4uB,KAAI,oCA8BhC,CAGO,SAASK,EACdrT,EAAkCsS,EAAwBpF,GAE1D,IAAMuE,EAAWa,EAAWe,YAAYrT,EAAYkN,EAAYM,SAC1D0P,EAAUb,EAAUnP,GACpBiQ,EAAYb,EAAYpP,GAC9B,OAAO,EAAP,OACKuE,GACCyL,GAAW,CAACA,QAAAA,IACZC,GAAa,CAACA,UAAAA,GAEtB,4KC3SA,UAAwE,2kBAWxE,IAAMC,EAAyB,WAAuD,IAC9E1e,EAA+C,GAgBrD,OAjB6E,UAAH,6CAAG,IAEpD5R,SAAQ,SAACuwB,GAChC,GAAwB,aAApBA,EAAYz2B,IAAoB,SAC5B02B,EAA4C,CAChD/0B,KAAM,aACNqe,IAAI,EAAA2W,EAAAA,mBAAkBF,EAAYG,eAG9BzX,EAAmC,QAAzB,EAAGsX,EAAYtX,kBAAU,QAChB,QADgB,EACnCsX,EAAYl1B,eAAO,aAApB,EAA8D4d,WAC/D5f,MAAMC,QAAQ2f,KAChBuX,EAAWvX,WAAaA,GAE1BrH,EAAYjY,KAAK62B,EACnB,CACF,IACO5e,CACT,EAuBE,iCAnB4C,SAC5C+e,EAAgCtH,GAEhC,MAAO,CACLuH,UAAW,EAAF,CACPC,GAAIF,EAAeE,GACnBC,KAAM,CACJhX,IAAI,EAAA2W,EAAAA,mBAAkBE,EAAeG,KAAKhX,IAC1Ctf,KAAMm2B,EAAeG,KAAKt2B,KAC1Bu2B,YAAaJ,EAAeG,KAAKC,aAEnCC,WAAW,EAAAP,EAAAA,mBAAkBE,EAAeK,WAC5CC,iBAAkBN,EAAeM,iBACjCjY,YAAa2X,EAAe3X,YAC5BkY,uBAAwBP,EAAeO,uBACvCC,mBAAoBb,EAAuBjH,IACvCsH,EAAeh2B,OAAS,CAAEA,MAAOg2B,EAAeh2B,QAG1D,EAiBE,gCAZ2C,SAC3Cgf,EAA8B0P,GAE9B,MAAO,CACLuH,UAAW,EAAF,GACPI,WAAW,EAAAP,EAAAA,mBAAkB9W,EAAcqX,WAC3CI,iBAAkBzX,EAAcyX,iBAChCC,iBAAkBf,EAAuBjH,IACrC1P,EAAc2X,MAAQ,CAAEA,KAAM3X,EAAc2X,OAC5C3X,EAAchf,OAAS,CAAEA,MAAOgf,EAAchf,QAGxD,EAoBE,iBAhB4B,SAAC61B,GAC7B,IAAM3e,EAAW2e,EAAW3e,SACtBiI,EAAK0W,EAAW1W,GAChBf,GAAa,EAAAwY,EAAAA,mBAAkB1f,EAAS2f,gBACxCxY,GAAc,EAAAuY,EAAAA,mBAAkB1f,EAAS4f,mBAEzCC,EAAmB7f,EAAiB8f,cACpCvf,EAA+B,CACnC0H,GAAAA,EACAf,WAAAA,EACAC,YAAAA,GAKF,MAH+B,mBAApB0Y,IACTtf,EAAO6G,WAAa7Y,KAAKE,UAAUoxB,EAAgBz3B,KAAK4X,KAEnDO,CACT,EAgBE,eAZ0B,SAACoe,GAC3B,IAAM3e,EAAW2e,EAAW3e,SAK5B,MAAO,CACLiI,GALS0W,EAAW1W,GAMpBf,YALiB,EAAAwY,EAAAA,mBAAkB1f,EAAS2f,gBAM5CpY,mBALwB,EAAAmY,EAAAA,mBAAkB1f,EAASuH,mBAMnDC,eALoB,EAAAkY,EAAAA,mBAAkB1f,EAASpE,WAOnD,qCCtGA,oLACA,oLACA,oLACA,gWCPwD,4BAXxD,SAEA,UASamkB,GAA2C,gCAAG,WACzD3T,EACA3mB,GAAQ,8FAEkB,EAAAu6B,EAAAA,aAAwC5T,EAAU,CAC1E5mB,IAAK,wBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrB8sB,EAAAA,kBAAiB,OAJH,OAAXzN,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVuD,sCAUtD,cAKK,IAA8C,EAAxC0N,GAAwC,gCAAG,WACtD9T,EACA3mB,GAAO,mFAEgB,OAAfwiB,GAFD,EAEqBxiB,GAApBwiB,GAAI9U,EAAW,EAAXA,YAAW,UACG,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,GAC9B5I,OAAQ,MACRlM,YAAAA,GACC8sB,EAAAA,kBAAiB,OAJH,OAAXzN,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXoD,sCAWnD,aAKK,IAA8C,EAAxC2N,GAAwC,gCAAG,WACtD/T,EACA3mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAukB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,wBACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACC8sB,EAAAA,kBAAiB,OALH,OAAXzN,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZoD,sCAYnD,aAKK,IAAgD,EAA1C4N,GAA0C,gCAAG,WACxDhU,EACA3mB,GAAO,mFAEgB,OAAfwiB,GAFD,EAEqBxiB,GAApBwiB,GAAI9U,EAAW,EAAXA,YAAW,UACG,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,GAC9B5I,OAAQ,SACRlM,YAAAA,IACA,OAJe,OAAXqf,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsD,sCAWrD,gBAKK,IAAiE,EAA3D6N,GAA2D,gCAAG,WACzEjU,EACA3mB,GAAO,mFAEgB,OAAfwiB,GAFD,EAEqBxiB,GAApBwiB,GAAI9U,EAAW,EAAXA,YAAW,UACG,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,EAAE,cAChC5I,OAAQ,OACRlM,YAAAA,GACCmtB,EAAAA,2BAA0B,OAJZ,OAAX9N,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXuE,sCAWtE,uBAKK,IAAgE,EAA1D+N,GAA0D,gCAAG,WACxEnU,EACA3mB,GAAO,qFAEkC,OAAjC+6B,GAFD,EAEuC/6B,GAAtC+6B,QAASC,EAAW,EAAXA,YAAattB,EAAW,EAAXA,YAAW,UACf,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2Bg7B,EAAO,sBAAcC,GACnDphB,OAAQ,OACRlM,YAAAA,GACCmtB,EAAAA,2BAA0B,OAJZ,OAAX9N,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsE,sCAWrE,sBAKK,IAAyD,EAAnDkO,GAAmD,gCAAG,WACjEtU,EACA3mB,GAAO,uFAE2C,OAA1C+6B,GAFD,EAEgD/6B,GAA/C+6B,QAASC,EAAW,EAAXA,YAAahlB,EAAO,EAAPA,QAAStI,EAAW,EAAXA,YAAW,UACxB,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2Bg7B,EAAO,sBAAcC,EAAW,WAC9DphB,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXqf,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ+D,sCAY9D,sFC1GK,SAQLvb,EACA1L,EACAsS,GAIA,IAAMyL,GAAO,EAAAC,EAAAA,oBAA4BtS,EAA2B1L,EAAoBsS,GAExF,OADsB,EAAAK,EAAAA,gBAAwBoL,EAEhD,EAtBA,cAEA,4CCGA,oLACA,oLACA,oLACA,gQCJO,SAQN3iB,GAEC,OAAO,SAAP,0BAZwC,IAYxC,GAZwC,EAYxC,EAZwC,kbAgBtC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAQR,OAPT,+BAASA,KAAM,kDAEf,EAAKy7B,UAAYl8B,OAAO0R,QAAQyqB,GAC7B9R,QAAO,YAAO,MAAgB,aAAvB,kBAAO,EAAyB,IACvC/U,QAAO,SAACwa,EAAK,GAAe,yBAAd5rB,EAAI,KAAEoB,EAAE,KAErB,OADAwqB,EAAI5rB,GAASoB,EAAW5D,KAAK,MAAM,EAAF,eAC1BouB,CACT,GAAG,CAAC,GAAG,CACX,CAAC,uBAbI,CAAgC5tB,EAezC,8GA3BA,EAA0C,qbAA1C,UAA0C,6PCAiB,4BAV3D,SAEA,UAQak6B,GAA8C,gCAAG,WAC5DzU,EACA3mB,GAAO,8FAEmB,EAAAu6B,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,0BACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrB2tB,EAAAA,qBAAoB,OAJN,OAAXtO,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAV0D,sCAUzD,gBAKK,IAAuD,EAAjDuO,GAAiD,gCAAG,WAC/D3U,EACA3mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAukB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,0BACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACC2tB,EAAAA,qBAAoB,OALN,OAAXtO,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,mBAKK,IAAuD,EAAjDwO,GAAiD,gCAAG,WAC/D5U,EACA3mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAukB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,0BACL6Z,OAAQ,MACR5D,QAAAA,EACAtI,YAAAA,GACC2tB,EAAAA,qBAAoB,OALN,OAAXtO,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,mBAKK,IAAmD,EAA7CyO,GAA6C,gCAAG,WAC3D7U,EACA3mB,GAAQ,8FAEkB,EAAAu6B,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,0BACL6Z,OAAQ,SACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,cACtB,OAJe,OAAXqf,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVyD,sCAUxD,2KC3DsD,4BAVxD,SAEA,UAQa0O,GAA2C,gCAAG,WACzD9U,EACA3mB,GAAQ,8FAEkB,EAAAu6B,EAAAA,aAAwC5T,EAAU,CAC1E5mB,IAAK,wBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrBguB,EAAAA,kBAAiB,OAJH,OAAX3O,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVuD,sCAUtD,cAKK,IAA8C,EAAxC4O,GAAwC,gCAAG,WACtDhV,EACA3mB,GAAO,mFAEgB,OAAf0N,GAFD,EAEqB1N,GAApB0N,YAAa8U,EAAE,EAAFA,GAAE,UACG,EAAA+X,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,GAC9B5I,OAAQ,MACRlM,YAAAA,GACCguB,EAAAA,kBAAiB,OAJH,OAAX3O,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXoD,sCAWnD,aAKK,IAA8C,EAAxC6O,GAAwC,gCAAG,WACtDjV,EACA3mB,GAAO,mFAEqB,OAApB0N,GAFD,EAE0B1N,GAAzB0N,YAAasI,EAAO,EAAPA,QAAO,UACF,EAAAukB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,wBACL6Z,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,GACCguB,EAAAA,kBAAiB,OALH,OAAX3O,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZoD,sCAYnD,aAKK,IAAgD,EAA1C8O,GAA0C,gCAAG,WACxDlV,EACA3mB,GAAO,mFAEgB,OAAfwiB,GAFD,EAEqBxiB,GAApBwiB,GAAI9U,EAAW,EAAXA,YAAW,UACG,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,GAC9B5I,OAAQ,SACRlM,YAAAA,IACA,OAJe,OAAXqf,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAXsD,sCAWrD,gBAKK,IAAuD,EAAjD+O,GAAiD,gCAAG,WAC/DnV,EACA3mB,GAAO,qFAEyB,OAAxB0N,GAFD,EAE8B1N,GAA7B0N,YAAa8U,EAAE,EAAFA,GAAIxM,EAAO,EAAPA,QAAO,UACN,EAAAukB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,EAAE,cAChC5I,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXqf,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ6D,sCAY5D,uBAKK,IAAyD,EAAnDgP,GAAmD,gCAAG,WACjEpV,EACA3mB,GAAO,qFAEyB,OAAxBwiB,GAFD,EAE8BxiB,GAA7BwiB,GAAIxM,EAAO,EAAPA,QAAStI,EAAW,EAAXA,YAAW,UACN,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBAAF,OAA2ByiB,EAAE,WAChC5I,OAAQ,OACR5D,QAAAA,EACAtI,YAAAA,IACA,OALe,OAAXqf,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ+D,sCAY9D,qIC7FuD,4BAVzD,SAEA,UAQaiP,GAA4C,gCAAG,WAAOrV,EAAU3mB,GAAQ,8FACzD,EAAAu6B,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrBuuB,EAAAA,oBAAmB,OAJL,OAAXlP,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAPwD,sCAOvD,eAKK,IAAqD,EAA/CmP,GAA+C,gCAAG,WAC7DvV,EACA3mB,GAAO,mFAEqB,OAApBgW,GAFD,EAE0BhW,GAAzBgW,QAAStI,EAAW,EAAXA,YAAW,UACF,EAAA6sB,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,yBACL6Z,OAAQ,MACR5D,QAAAA,EACAtI,YAAAA,GACCuuB,EAAAA,oBAAmB,OALL,OAAXlP,EAAc,EAAH,uBAMVA,GAAW,2CACnB,SAZ2D,sCAY1D,kBAKK,IAA8D,EAAxDoP,GAAwD,gCAAG,WACtExV,EACA3mB,GAAQ,8FAEkB,EAAAu6B,EAAAA,aAAY5T,EAAU,CAC9C5mB,IAAK,gCACL6Z,OAAQ,MACRlM,YAAa1N,aAAO,EAAPA,EAAS0N,aACrB0uB,EAAAA,0BAAyB,OAJX,OAAXrP,EAAc,EAAH,uBAKVA,GAAW,2CACnB,SAVoE,sCAUnE,kGC4CK,SAAmC,GASxC,IADwB,IANtBpG,EAAQ,EAARA,SACAjZ,EAAW,EAAXA,YACA2uB,EAAU,EAAVA,WACAC,EAAK,EAALA,MAEFC,EAAuC,UAAH,6CAAGC,EAAAA,QAAe,aAEjD,IAGD,EAHO5iB,EAAM,KACf,GAAIA,EAAOa,gBAAkB4hB,EAAY,CACvC,IAAMp5B,EAAOq5B,EAAMG,KACnB,MAAO,CAAP,mCAAQ,WAAOzmB,GAAQ,gGAAKukB,EAAyB5T,EAAU,CAC7DjZ,YAAAA,EACA3N,IAAKkD,EAAKM,KACVqW,OAAAA,EACA5D,QAAAA,GACCumB,IAAiB,wFACtB,CAAC,EATH,MAAqB,CAAC,MAAO,OAAQ,MAAO,UAAS,eAAE,oDAUvD,CAEA,IAKA,EALMt5B,EAAOq5B,EAAMD,GACnB,IAAKp5B,EACH,MAAM,IAAIrD,EAAAA,aAAa,qCAAD,OAAsCy8B,IAG9D,uCAAQ,WAAOrmB,GAAQ,gGAAKukB,EAAyB5T,EAAU,CAC7DjZ,YAAAA,EACA3N,IAAKkD,EAAKM,KACVqW,OAAQ3W,EAAKI,MAAOC,MAAO,GAC3B0S,QAAAA,GACCumB,IAAiB,sFACtB,0EA7HA,aAKA,UACA,UAAyC,olBAWnBhC,EAAW,iDAgEhC,OAhEgC,gCAA1B,WAKL5T,EACA3mB,GAA2B,uHAUyC,GATpEu8B,EAAuC,EAAH,6BAAGC,EAAAA,QAAe,EAIlD7V,EAASna,aAAagC,gBADXkuB,EAAc,EAA3BhvB,YAGIivB,EAAU38B,EAAQ0N,aAAegvB,EACjCxgB,EAASyK,EAAStmB,kBAChBN,EAAyBC,EAAzBD,IAAK6Z,EAAoB5Z,EAApB4Z,OAAQ5D,EAAYhW,EAAZgW,QACf4mB,EAAa78B,EAAIy3B,WAAWtb,GAAWnc,EAAM,GAAH,OAAMmc,GAAM,OAAGnc,GAE1D48B,EAAS,CAAF,qBACJ,IAAI/8B,EAAAA,aAAa,+DAA8D,OASrD,GAN9B8N,EAAoCivB,EAElCE,EAAkC,EAAH,CACnCn7B,QAAS,CAAE,OAAU,0BACrB3B,IAAK68B,EACLhjB,OAAAA,GACI5D,GAAW,CAAEvW,KAAMuW,KAGrB2Q,EAAS3mB,QAAQ88B,KAAM,CAAF,mBACI,iBAAhBpvB,EAAwB,uBAC3B,IAAI9N,EAAAA,aAAa,uDAAsD,yBAGzC+mB,EAASoW,4BAA4B,CACzEnjB,OAAAA,EACA7Z,IAAK68B,EACLlvB,YAAAA,IACA,iBAJMsvB,EAAa,EAAbA,cAAeC,EAAI,EAAJA,KAKvBJ,EAAYn7B,QAASs7B,cAAgBA,EACrCH,EAAYn7B,QAASu7B,KAAOA,EAAK,wBAGjCvvB,EAAqC,iBAAhBA,EAA2BA,EAAcA,EAAYA,YAC1EmvB,EAAYnvB,YAAcA,EAAY,0BAGtB,EAAAgP,EAAAA,aAAYiK,EAAUkW,GAAY,QAanD,OAbKl+B,EAAM,EAAH,KAIPu+B,EADEn7B,MAAMC,QAAQrD,GACVA,EAAImb,KAAI,SAAA8E,GAAI,OAAI,IAAI2d,EAAiB5V,EAAU,CACnDhoB,IAAKigB,EACLlR,YAAAA,GACA,IAEI,IAAI6uB,EAAiB5V,EAAU,CACnChoB,IAAAA,EACA+O,YAAAA,IAEH,kBACMwvB,GAAG,4CACX,gKCxDoBV,GAAe,cAIlC,WAAY7V,EAAiC3mB,GAA6B,sEACxE,IAAQrB,EAAQqB,EAARrB,IACA+C,EAAqB/C,EAArB+C,QAAYoxB,GAAI,aAAKn0B,EAAG,GAG5B+C,IACF9C,KAAK8C,QAAUA,GAIjB1C,OAAOyJ,KAAKqqB,GAAMpqB,SAAQ,SAAAlG,GACZ,WAARA,IAGJ,EAAKA,GAAOswB,EAAKtwB,GACnB,GACF,IAAC,2NC7CH,aAMA,aACA,SAAwD,IAEnCq4B,EAAyB,mCAFU,IAEV,GAFU,EAEV,EAFU,kbAYtD,WAAYlU,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,6RAEzB,IAkBW,EAlBH0N,EAAqB1N,EAArB0N,YAAa/O,EAAQqB,EAARrB,IAEb6jB,EAA2C7jB,EAA3C6jB,GAAIpa,EAAuCzJ,EAAvCyJ,UAAWrE,EAA4BpF,EAA5BoF,QAAShF,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OAwBtC,OAvBF,EAAKojB,GAAKA,EACV,EAAKpa,UAAYA,EACjB,EAAKrE,QAAUA,EACf,EAAKhF,OAASA,EAGd,EAAKqF,MAAO,EAAH,2BAAG,0FAMgB,OALpBE,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,OACZC,MAAOl9B,GACNg+B,EAAAA,SAAuB,SACb94B,IAAI,mFAEnB,EAAK8R,QAAM,gCAAG,WAAOJ,GAAO,6EAMG,OALvB1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,GACNy7B,GAA0B,SAChBv2B,EAAG0R,GAAQ,mFACzB,6CAAC,CACJ,CAAC,uBAxC2C,CAASwmB,EAAAA,SAAe,iMCRjC,IAEhBY,EAAsB,mCAFN,IAEM,GAFN,EAEM,EAFN,kbAQnC,WAAYzW,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,+LAEzB,IAAQrB,EAAQqB,EAARrB,IAEA6jB,EAAmC7jB,EAAnC6jB,GAAIze,EAA+BpF,EAA/BoF,QAASqE,EAAsBzJ,EAAtByJ,UAAWrJ,EAAWJ,EAAXI,OAIX,OAHrB,EAAKyjB,GAAKA,EACV,EAAKpa,UAAYA,EACjB,EAAKrE,QAAUA,EACf,EAAKhF,OAASA,EAAO,CACvB,CAAC,uBAhBwC,CAF3C,WAEoDy9B,SAAe,2NCHnE,aACA,aAEA,aACA,SAAwD,IAEnChC,EAAgB,mCAFmB,IAEnB,GAFmB,EAEnB,EAFmB,kbAetD,WAAY7T,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,yaAEzB,IAgDa,EAhDL0N,EAAqB1N,EAArB0N,YAAa/O,EAAQqB,EAARrB,IAEb6jB,EAAuC7jB,EAAvC6jB,GAAIze,EAAmCpF,EAAnCoF,QAASs5B,EAA0B1+B,EAA1B0+B,MAAOt+B,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OAuDnC,OAtDD,EAAKojB,GAAKA,EACV,EAAKze,QAAUA,EACf,EAAKs5B,MAAQA,EACb,EAAKt+B,OAASA,EAGd,EAAKyB,KAAM,EAAH,2BAAG,0FAMW,OALd8D,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,MACZC,MAAOl9B,GACNo7B,GAAiB,SACPl2B,IAAI,mFAEnB,EAAKiE,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,IACP,SACWkF,IAAI,mFAEnB,EAAKo1B,WAAY,EAAH,2BAAG,0FAMc,OALvBp1B,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,YACZC,MAAOl9B,GACNy7B,EAAAA,SAA0B,SAChBv2B,IAAI,mFAEflF,EAAOgF,OACT,EAAKA,MAAO,EAAH,2BAAG,0FAMgB,OALpBE,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,OACZC,MAAOl9B,GACNg+B,EAAAA,SAAuB,SACb94B,IAAI,oFAGjBlF,EAAOgX,SACT,EAAKA,QAAM,gCAAG,WAAOJ,GAA4B,6EAM7C,OALI1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,8CACF,CACH,CAAC,uBA1EkC,CAASwmB,EAAAA,SAAe,2NCN7D,UACA,aACA,SAAwD,IAEnCnB,EAAmB,mCAFgB,IAEhB,GAFgB,EAEhB,EAFgB,kbAgBtD,WAAY1U,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,8XAEzB,IA+Ba,EArBA,EAVLrB,EAAqBqB,EAArBrB,IAAK+O,EAAgB1N,EAAhB0N,YAEL8U,EAA6C7jB,EAA7C6jB,GAAIzjB,EAAyCJ,EAAzCI,OAAQu+B,EAAiC3+B,EAAjC2+B,QAASC,EAAwB5+B,EAAxB4+B,YAAan+B,EAAWT,EAAXS,OAgDzC,OA/CD,EAAKojB,GAAKA,EACV,EAAKzjB,OAASA,EACd,EAAKu+B,QAAUA,EACf,EAAKC,YAAcA,EAGf,EAAKx+B,QAAUy+B,EAAAA,eAAeC,aAChC,EAAKC,QAAM,gCAAG,WAAO1nB,GAAO,6EAMH,OALjB1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,GACNi8B,GAAoB,SACV/2B,EAAG0R,GAAQ,mFACzB,8CAGD,EAAKxV,KAAM,EAAH,2BAAG,0FAMc,OALjB8D,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,MACZC,MAAOl9B,GACNi8B,GAAoB,SACV/2B,IAAI,mFAGnB,EAAKq5B,QAAM,gCAAG,WAAO3nB,GAAO,6EAMH,OALjB1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,MACZC,MAAOl9B,GACNi8B,GAAoB,SACV/2B,EAAG0R,GAAQ,mFACzB,6CAED,EAAKzN,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,IACP,SACWkF,IAAI,oFAEpB,CACH,CAAC,uBApEqC,CAASk4B,EAAAA,SAAe,2NCHhE,aACA,SAAwD,IAEnCd,EAAgB,mCAFmB,IAEnB,GAFmB,EAEnB,EAFmB,kbAatD,WAAY/U,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,4UAEzB,IA0Bc,EAUD,EApCLrB,EAAqBqB,EAArBrB,IAAK+O,EAAgB1N,EAAhB0N,YAEL8U,EAAgC7jB,EAAhC6jB,GAAIze,EAA4BpF,EAA5BoF,QAAShF,EAAmBJ,EAAnBI,OAAQK,EAAWT,EAAXS,OA2C5B,OA1CD,EAAKojB,GAAKA,EACV,EAAKze,QAAUA,EACf,EAAKhF,OAASA,EAGd,EAAKyB,KAAM,EAAH,2BAAG,0FAMW,OALd8D,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,MACZC,MAAOl9B,GACNs8B,GAAiB,SACPp3B,IAAI,mFAEnB,EAAKiE,QAAS,EAAH,2BAAG,0FAMV,OALIjE,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,IACP,SACWkF,IAAI,mFAEnB,EAAKo1B,WAAS,gCAAG,WAAO1jB,GAAO,6EAM3B,OALI1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,YACZC,MAAOl9B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,6CACG5W,EAAOgX,SACT,EAAKA,QAAM,gCAAG,WAAOJ,GAAO,6EAMxB,OALI1R,GAAK,EAAA64B,EAAAA,4BAA2B,CACpCxW,SAAAA,EACAjZ,YAAAA,EACA2uB,WAAY,SACZC,MAAOl9B,IACP,SACWkF,EAAG0R,GAAQ,mFACzB,8CACF,CACH,CAAC,uBA5DkC,CAASwmB,EAAAA,SAAe,iMCJxB,IAEhBJ,EAAwB,mCAFR,IAEQ,GAFR,EAEQ,EAFR,kbAKnC,WAAYzV,EAAU3mB,GAAS,MAGY,OAHZ,qBAC7B,cAAM2mB,EAAU3mB,IAAS,mDAEzB,EAAK49B,WAAa59B,EAAQrB,IAAIi/B,WAAW,CAC3C,CAAC,uBAP0C,CAF7C,WAEsDpB,SAAe,iMCFhC,IAEhBP,EAAkB,mCAFF,IAEE,GAFF,EAEE,EAFF,kbAOnC,WAAYtV,EAAU3mB,GAAS,4BAC7B,cAAM2mB,EAAU3mB,IAAS,uJAEzB,MAA2CA,EAAQrB,IAA3Ck/B,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAAY/5B,EAAO,EAAPA,QAGR,OAFvB,EAAK85B,UAAYA,EACjB,EAAKC,WAAaA,EAClB,EAAK/5B,QAAUA,EAAQ,CACzB,CAAC,uBAZoC,CAFvC,WAEgDy4B,SAAe,o1BCF/D,iBACA,aACA,aACA,aACA,aACA,aACA,aACA,kDCaYuB,EAKAC,EAKAR,+CAVS,uBAATO,GAAAA,EAAS,kBAATA,EAAS,uBAATA,IAAS,YAATA,EAAS,KAKH,oBAANC,GAAAA,EAAM,oBAANA,EAAM,yBAANA,IAAM,SAANA,EAAM,KAKQ,4BAAdR,GAAAA,EAAc,4BAAdA,EAAc,iBAAdA,IAAc,iBAAdA,EAAc,8JClB1B,SACA,UACA,UACA,SACA,aACA,UA2BA,UAA6E,2kBAI7E,IAAMS,EAAkB,CAEtB9uB,WAAW,EACXC,YAAY,EACZC,aAAa,EAEb6uB,0BAA0B,EAC1B39B,aAASzB,EACTq/B,mBAAoB,GACpBj1B,WAAYk1B,EAAAA,oBAcDC,EAAY,WAmCvB,WAAY5/B,GAAgE,IAAnCuB,EAA+B,UAAH,6CAAG,CAAC,EAGvE,IAHwE,2OACxEpB,KAAKH,IAAMA,EACXG,KAAKqH,QAAWxH,EAAYwH,SACvBrH,KAAKqH,QACR,MAAM,IAAIrG,EAAAA,aAAa,qDAGzBI,EAAUhB,OAAOC,OAAO,CAAC,EAAGg/B,GAAiB,EAAAj4B,EAAAA,YAAWhG,KACnD,EAAAs+B,EAAAA,iBACHt+B,EAAQm+B,mBAAqBF,EAAgBE,oBAG/Cv/B,KAAKoB,QAAUA,EAEf,IAAMu+B,GAAiC,EAAAv4B,EAAAA,YAAW,CAChDkD,WAAYlJ,EAAQkJ,WACpBpB,OAAQ9H,EAAQ8H,SAEa,YAA3B,aAAO9H,EAAQO,SAEjBg+B,EAAex3B,gBAAkB/G,EAAQO,QAChCP,EAAQO,UACjBg+B,EAAe33B,YAAc5G,EAAQO,SAGvC3B,KAAK2B,QAAU9B,EAAIkf,eAAe6gB,gBAAgB,EAAD,KAAKD,GAAc,IAAE/1B,oBAAoB,KAC1F5J,KAAK6/B,MAAQlzB,EAAAA,QAASmzB,SACtB9/B,KAAK2O,MAnEA,CACLoxB,eAAgB,CAAC,EACjBC,aAAc,KAkEhB,CA8QC,MAjIA,EApBA,EAiRA,OA1YA,gCAlDD,SAAGvzB,EAA6BqD,EAAsC0a,GAChEA,EACFxqB,KAAKqH,QAAQwG,GAAGpB,EAAOqD,EAAS0a,GAEhCxqB,KAAKqH,QAAQwG,GAAGpB,EAAOqD,EAE3B,GAAC,iBAOD,SAAIrD,EAA6BqD,GAC3BA,EACF9P,KAAKqH,QAAQ0I,IAAItD,EAAOqD,GAExB9P,KAAKqH,QAAQ0I,IAAItD,EAErB,GAAC,mBAiCD,WACMzM,KAAKoB,QAAQk+B,0BACft/B,KAAKs/B,2BAEPt/B,KAAKigC,2BACLjgC,KAAK2O,MAAMoC,SAAU,CACvB,GAAC,kBAED,WACE/Q,KAAKkgC,6BACLlgC,KAAK2O,MAAMoC,SAAU,CACvB,GAAC,uBAED,WACE,QAAS/Q,KAAK2O,MAAMoC,OACtB,GAAC,wBAED,WACE,OAAO,EAAApO,EAAAA,OAAM3C,KAAKoB,QACpB,GAAC,2BAED,SAAc2M,GACZ,IAAMwxB,EAAqBv/B,KAAKoB,QAAQm+B,oBAAsB,EAE9D,OADiBxxB,EAAMvE,UAAY+1B,CAErC,GAAC,wBAED,SAAWxxB,GAET,OADiB/N,KAAKmgC,cAAcpyB,IACf/N,KAAK6/B,MAAM/yB,KAClC,GAAC,yBAED,SAAYlJ,EAAKmK,GACf/N,KAAKqH,QAAQ2H,KAAKoxB,EAAAA,cAAex8B,EAAKmK,EACxC,GAAC,yBAED,SAAYnK,EAAKy8B,EAAYC,GAC3BtgC,KAAKqH,QAAQ2H,KAAKuxB,EAAAA,cAAe38B,EAAKy8B,EAAYC,EACpD,GAAC,uBAED,SAAU18B,EAAKmK,GACb/N,KAAKqH,QAAQ2H,KAAKlB,EAAAA,YAAalK,EAAKmK,EACtC,GAAC,yBAED,SAAYnK,EAAKmK,GACf/N,KAAKqH,QAAQ2H,KAAKd,EAAAA,cAAetK,EAAKmK,EACxC,GAAC,uBAED,SAAUgB,GACR/O,KAAKqH,QAAQ2H,KAAKwxB,EAAAA,YAAazxB,EACjC,GAAC,qCAED,SAAwBnL,GACtBwI,aAAapM,KAAK2O,MAAMoxB,eAAen8B,WAChC5D,KAAK2O,MAAMoxB,eAAen8B,GAGjC5D,KAAK2O,MAAMqxB,aAAe,IAC5B,GAAC,wCAED,WACE,IAAID,EAAiB//B,KAAK2O,MAAMoxB,eAChC,IAAK,IAAIn8B,KAAOm8B,EACT3/B,OAAOyD,UAAUC,eAAeC,KAAKg8B,EAAgBn8B,IAG1D5D,KAAKygC,wBAAwB78B,EAEjC,GAAC,mCAED,SAAsBA,EAAKmK,GAAO,WAChC,KAAI,EAAA2yB,EAAAA,gBAAe3yB,GAAnB,CAIA,IAAI4yB,EAAa3gC,KAAKmgC,cAAcpyB,GAChC6yB,EAA+D,IAA7C75B,KAAK85B,IAAIF,EAAa3gC,KAAK6/B,MAAM/yB,MAAO,GAG9D9M,KAAKygC,wBAAwB78B,GAE7B,IAAIk9B,EAAqB50B,YAAW,WAClC,EAAK60B,YAAYn9B,EAAKmK,EACxB,GAAG6yB,GAGH5gC,KAAK2O,MAAMoxB,eAAen8B,GAAOk9B,CAbjC,CAcF,GAAC,sCAED,WACE,IAAIE,EAAehhC,KAAK2B,QAAQyd,aAChC,IAAI,IAAIxb,KAAOo9B,EACb,GAAK5gC,OAAOyD,UAAUC,eAAeC,KAAKi9B,EAAcp9B,GAAxD,CAGA,IAAImK,EAAQizB,EAAap9B,GACzB5D,KAAKihC,sBAAsBr9B,EAAKmK,EAFhC,CAIJ,GAAC,wCAGD,WACE/N,KAAKkgC,6BACLlgC,KAAKigC,0BACP,GAAC,iBAED,SAAIr8B,EAAKmK,GACP,IAAIizB,EAAehhC,KAAK2B,QAAQyd,cAChC,EAAA8hB,EAAAA,eAAcnzB,GACdizB,EAAap9B,GAAOmK,EACpB/N,KAAK2B,QAAQ4e,WAAWygB,GACxBhhC,KAAKmhC,sBACLnhC,KAAKohC,UAAUx9B,EAAKmK,GACpB/N,KAAKihC,sBAAsBr9B,EAAKmK,EAClC,GAAC,qBAED,SAAQnK,GAEN,OADmB5D,KAAK2B,QAAQyd,aACZxb,EACtB,GAAC,kDAED,WAAUA,GAAG,gGACJ5D,KAAKqhC,QAAQz9B,IAAI,gDACzB,yEAED,WACE,IAAMiQ,EAAS,CAAC,EACVmtB,EAAehhC,KAAK2B,QAAQyd,aAWlC,OAVAhf,OAAOyJ,KAAKm3B,GAAcl3B,SAAQ,SAAAlG,GAChC,IAAMmK,EAAQizB,EAAap9B,IACvB,EAAA09B,EAAAA,eAAcvzB,GAChB8F,EAAO/E,YAAcf,GACZ,EAAAwzB,EAAAA,WAAUxzB,GACnB8F,EAAOhF,QAAUd,GACR,EAAA2yB,EAAAA,gBAAe3yB,KACxB8F,EAAOhE,aAAe9B,EAE1B,IACO8F,CACT,GAAC,wDAED,6GACS7T,KAAK4P,iBAAe,gDAC5B,8EAED,SAAoBrK,GAClB,IAAMy7B,EAAehhC,KAAK2B,QAAQyd,aAOlC,OANYhf,OAAOyJ,KAAKm3B,GAAcvW,QAAO,SAAA7mB,GAC3C,IAAMmK,EAAQizB,EAAap9B,GAC3B,OAAQ,EAAA09B,EAAAA,eAAcvzB,IAAmB,gBAATxI,IAC1B,EAAAg8B,EAAAA,WAAUxzB,IAAmB,YAATxI,IACpB,EAAAm7B,EAAAA,gBAAe3yB,IAAmB,iBAATxI,CACjC,IAAG,EAEL,GAAC,0BAED,SAAqBwI,GACnB,IAAI,EAAAuzB,EAAAA,eAAcvzB,GAChB,MAAO,cAET,IAAI,EAAAwzB,EAAAA,WAAUxzB,GACZ,MAAO,UAET,IAAG,EAAA2yB,EAAAA,gBAAe3yB,GAChB,MAAO,eAET,MAAM,IAAI/M,EAAAA,aAAa,qBACzB,GAAC,iCAGD,WACE,IAAI,EAAA6H,EAAAA,gBAAgB,CAClB,IAAMlH,EAAU3B,KAAK2B,QAAQyd,aAC7Bpf,KAAKqH,QAAQ2H,KAAKwyB,EAAAA,kBAAmB7/B,EACvC,CACF,GAAC,wBAGD,WACE,OAAO3B,KAAK2B,OACd,GAAC,uBAED,SACEkS,EAEA4tB,EACAC,EACAC,GACM,WACAC,EAAsB,SAACh+B,EAAKmK,GAChC,IAAMxI,EAAO,EAAKs8B,aAAa9zB,GAClB,gBAATxI,EACFk8B,GAAiBA,EAAc79B,EAAKmK,GAClB,YAATxI,EACTm8B,GAAaA,EAAU99B,EAAKmK,GACV,iBAATxI,GACTo8B,GAAkBA,EAAe/9B,EAAKmK,EAE1C,EACM+zB,EAAc,SAACl+B,EAAKmK,GACxB,EAAKqzB,UAAUx9B,EAAKmK,GACpB,EAAKkzB,sBAAsBr9B,EAAKmK,GAChC6zB,EAAoBh+B,EAAKmK,EAC3B,EAOMg0B,EAAgB,SAACn+B,EAAKmK,GAC1B,EAAK0yB,wBAAwB78B,GAC7B,EAAKo+B,YAAYp+B,EAAKmK,GACtB6zB,EAAoBh+B,EAAKmK,EAC3B,EAEMxF,EAAqB,CAAC,UAAW,cAAe,gBAChD05B,EAAiBjiC,KAAK4P,gBAG5BrH,EAAMuB,SAAQ,SAACvE,GACb,IAAMwI,EAAQ8F,EAAOtO,GACjBwI,IACF,EAAAmzB,EAAAA,eAAcnzB,EAAOxI,EAEzB,IAGA,IAAM5D,EAAU4G,EAAMmN,QAAO,SAAC/T,EAAS4D,GACrC,IAAMwI,EAAQ8F,EAAOtO,GAKrB,OAJIwI,IAEFpM,EADmB,EAAKugC,oBAAoB38B,IAASA,GAC/BwI,GAEjBpM,CACT,GAAG,CAAC,GACJ3B,KAAK2B,QAAQ4e,WAAW5e,GACxB3B,KAAKmhC,sBAGL54B,EAAMuB,SAAQ,SAAAvE,GACZ,IArCqB3B,EAAKmK,EAAOuyB,EAqC3B6B,EAAWtuB,EAAOtO,GAClB68B,EAAgBH,EAAe18B,GAC/B+E,EAAa,EAAK43B,oBAAoB38B,IAASA,EACjD48B,GAAYC,GAEdL,EAAcz3B,EAAY83B,GAC1BN,EAAYx3B,EAAY63B,GA3CLv+B,EA4CL0G,EA5CUyD,EA4CEo0B,EA5CK7B,EA4CK8B,EA3CtC,EAAKC,YAAYz+B,EAAKmK,EAAOuyB,GAC7B,EAAKG,wBAAwB78B,GAC7B,EAAKq9B,sBAAsBr9B,EAAKmK,GAChC6zB,EAAoBh+B,EAAKmK,IAyCdo0B,EACTL,EAAYx3B,EAAY63B,GACfC,GACTL,EAAcz3B,EAAY83B,EAE9B,GACF,GAAC,oBAED,SAAOx+B,GAEL5D,KAAKygC,wBAAwB78B,GAE7B,IAAIo9B,EAAehhC,KAAK2B,QAAQyd,aAC5BkjB,EAAetB,EAAap9B,UACzBo9B,EAAap9B,GACpB5D,KAAK2B,QAAQ4e,WAAWygB,GACxBhhC,KAAKmhC,sBAELnhC,KAAKgiC,YAAYp+B,EAAK0+B,EACxB,GAAC,yDAGD,WAAiBv0B,GAAK,sGACC,QADD,EACb/N,KAAKH,IAAIkO,aAAK,aAAd,EAAgBw0B,MAAMx0B,IAAM,gDACpC,yEAED,SAAcA,GACZ,OAAO,EAAAmzB,EAAAA,eAAcnzB,EACvB,GAAC,mBAGD,SAAMnK,GAAiC,WAErC,GAAI5D,KAAK2O,MAAMqxB,aACb,OAAOhgC,KAAK2O,MAAMqxB,aAGpB,IACE,IAAIjyB,EAAQ/N,KAAKqhC,QAAQz9B,GACrB4+B,OAAwBtiC,IAAV6N,EAElB,IAAKA,GAAiB,gBAARnK,EAAuB,CAEnC,IAAM6+B,EAAaziC,KAAKkiC,oBAAoB,gBAE5CM,OAA+BtiC,IADVF,KAAKqhC,QAAQoB,EAEpC,CAEA,IAAKD,EACH,MAAM,IAAIxhC,EAAAA,aAAa,8CAAgD4C,EAE3E,CACA,MAAOgD,GAEL,OADA5G,KAAK0iC,UAAU97B,GACRlG,QAAQK,OAAO6F,EACxB,CAmCA,OAhCA5G,KAAKygC,wBAAwB78B,GAIR5D,KAAK2O,MAAMqxB,aAAehgC,KAAKH,IAAIkO,MAAM40B,cAC3DzhC,MAAK,SAAA2S,GAKJ,GAJA,EAAKC,UAAUD,IAIV9F,GAAiB,gBAARnK,EAAuB,CACnC,IAAMkL,EAAc+E,EAAoB,YAExC,OADA,EAAKwuB,YAAYz+B,EAAKkL,EAAa,MAC5BA,CACT,CAIA,OAAO+E,EADW,EAAKguB,aAAa9zB,GAEtC,IACCpH,OAAM,SAAAC,GAKL,MAHA,EAAKmE,OAAOnH,GACZgD,EAAIg8B,SAAWh/B,EACf,EAAK8+B,UAAU97B,GACTA,CACR,IACCuF,SAAQ,WAEP,EAAKwC,MAAMqxB,aAAe,IAC5B,GAGJ,GAAC,mBAED,WAAQ,WACAnsB,EAAS7T,KAAK4P,gBACpB5P,KAAKkgC,6BACLlgC,KAAK2B,QAAQmf,eACb9gB,KAAKmhC,sBAEL/gC,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1B,EAAKo+B,YAAYp+B,EAAKiQ,EAAOjQ,GAC/B,GACF,GAAC,sCAED,WAA2B,WACnBo9B,EAAehhC,KAAK2B,QAAQyd,aAC5ByjB,EAAgB,CAAC,EACvBziC,OAAOyJ,KAAKm3B,GAAcl3B,SAAQ,SAAAlG,GAC5Bo9B,EAAap9B,GAAKk/B,gBACpBD,EAAcj/B,GAAOo9B,EAAap9B,UAC3Bo9B,EAAap9B,GAExB,IACA5D,KAAK2B,QAAQ4e,WAAWygB,GACxBhhC,KAAKmhC,sBACL/gC,OAAOyJ,KAAKg5B,GAAe/4B,SAAQ,SAAAlG,GACjC,EAAK68B,wBAAwB78B,GAC7B,EAAKo+B,YAAYp+B,EAAKi/B,EAAcj/B,GACtC,GACF,GAAC,gCAED,SAAmBmK,GACjB,IAAMnK,EAAM5D,KAAKkiC,oBAAoB,iBAAmBa,EAAAA,0BAGpD/B,EAAehhC,KAAK2B,QAAQyd,cAChC,EAAA8hB,EAAAA,eAAcnzB,GACdizB,EAAap9B,GAAOmK,EACpB/N,KAAK2B,QAAQ4e,WAAWygB,GACxBhhC,KAAKmhC,qBACP,GAAC,gCAED,WACE,IAAMv9B,EAAM5D,KAAKkiC,oBAAoB,iBAAmBa,EAAAA,0BACxD/iC,KAAK+K,OAAOnH,EACd,GAAC,mCAED,WACE,IAAMiQ,EAAS7T,KAAK4P,gBACpBxP,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1BiQ,EAAOjQ,GAAKk/B,eAAgB,CAC9B,IACA9iC,KAAK8T,UAAUD,EACjB,KAAC,EAzcsB,GAyctB,4FC/eI,WAOL,OAAO,WAOL,WAAYzS,IAAoC,qMAE9CpB,KAAK+e,eAAiB3d,EAAQ2d,eAC9B/e,KAAKgjC,qBAAsD,IAAhC5hC,EAAQ4hC,oBACnChjC,KAAKqgB,kBAAgD,IAA7Bjf,EAAQif,iBAChCrgB,KAAKoB,QAAUA,CACjB,CA2EC,OA3EA,mCAGD,WAAiD,IAA3CA,EAAuC,UAAH,6CAAG,CAAC,EACtCi2B,EAAsCr3B,KAAK+e,eAAeuY,wBAC1D5f,EAAO2f,EAAmBjY,aAMhC,GAHAiY,EAAmBvW,eAGf9gB,KAAKgjC,sBAAsD,IAA/B5hC,EAAQo1B,mBAA8B,CACpE,IAAM7nB,EAAQvN,EAAQuN,QAAS+I,aAAI,EAAJA,EAAM/I,OACjCA,IACF,EAAAs0B,EAAAA,mCAAkCjjC,KAAK+e,eAAgBpQ,EAE3D,CACF,GAAC,kBAGD,SAAK+I,GAA+C,IAAtCtW,EAAkC,UAAH,6CAAG,CAAC,EAK3CO,EAA2B3B,KAAK+e,eAAeuY,wBAC7Cr0B,EAAMtB,EAAQyd,cAIhB,EAAA8jB,EAAAA,mBAAkBjgC,KAAS7B,EAAQw2B,cAErC,EAAAhvB,EAAAA,MAAK,2GAGPjH,EAAQ4e,WAAW7I,GAGf1X,KAAKgjC,qBAAuBtrB,EAAK/I,QACnC,EAAAw0B,EAAAA,gCAA+BnjC,KAAK+e,eAAgBrH,EAAK/I,MAAO+I,EAEpE,GAAC,oBAED,WAAsD,IAA/CtW,EAAkC,UAAH,6CAAG,CAAC,EACxC,IAEE,QADapB,KAAKkkB,KAAK9iB,EAEzB,CAAE,SACA,OAAO,CACT,CACF,GAAC,kBAID,WAAmE,IAE7DsW,EAFDtW,EAAkC,UAAH,6CAAG,CAAC,EAKtC,OAAIpB,KAAKgjC,qBAAuB5hC,EAAQuN,SACtC,EAAAy0B,EAAAA,oBAAmBpjC,KAAK+e,gBACxBrH,GAAO,EAAA2rB,EAAAA,kCAAiCrjC,KAAK+e,eAAgB3d,EAAQuN,QACjE,EAAAu0B,EAAAA,mBAAkBxrB,IACbA,GAKXA,EAD+B1X,KAAK+e,eAAeuY,wBACpClY,cACX,EAAA8jB,EAAAA,mBAAkBxrB,GAEbA,EAGF,KACT,KAAC,EAxFI,EA2FT,6CAtHA,UAWA,SACA,2DCTO,SAAqB3J,GAC1B,IACIu1B,EADApsB,EAAMnJ,EAAMoJ,MAAM,KAGtB,IACEmsB,EAAe,CACbzqB,OAAQ3O,KAAKC,OAAM,EAAAo5B,EAAAA,mBAAkBrsB,EAAI,KACzCE,QAASlN,KAAKC,OAAM,EAAAo5B,EAAAA,mBAAkBrsB,EAAI,KAC1CK,UAAWL,EAAI,GAEnB,CAAE,MAAOjS,GACP,MAAM,IAAIjE,EAAAA,aAAa,kBACzB,CAEA,OAAOsiC,CACT,EAnBA,cAEA,kFCsJC,WAEyC,mFAUzC,SAIgD,yDAZhD,WAGsC,kFAxBtC,SAGgC,iEA8EhC,SAGgD,gGAjM1C,SAA0BrgC,GAC/B,QACG,EAAAugC,EAAAA,cAAavgC,KAAQ,EAAAwgC,EAAAA,gBAAexgC,KACnB,mBAAlBA,EAAI4U,SAER,4CAvCA,UAQA,UAuBM6rB,EAAiB,aACjBC,EAAS,WAOd,SAIqBC,EAAU,EAAD,iDAO9B,OAP8B,gCAAxB,WAAyB/qB,EAAgBgrB,EAAgBC,GAAqB,iFAE7B,OADhDC,GAAO,EAAAltB,EAAAA,mBAAkB3M,KAAKE,UAAUyO,IACxCvN,GAAO,EAAAuL,EAAAA,mBAAkB3M,KAAKE,UAAUy5B,IAAQ,SAC9BvtB,EAAAA,UAAUC,OAAOytB,KACvC,CAAE1/B,KAAMw/B,EAAWG,UAAU3/B,MAAQw/B,GAAY,EAAAzsB,EAAAA,gBAAc,UAAI0sB,EAAI,YAAIz4B,KAC5E,OAFc,OAATiM,EAAY,EAAH,iCAGLwsB,EAAI,YAAIz4B,EAAI,aAAI,EAAA0K,EAAAA,oBAAkB,EAAAqlB,EAAAA,mBAAkB9jB,MAAW,4CAC1E,sBAEM,SAAS2sB,IAAiC,IAAdC,EAAU,UAAH,6CAAG,GAC3C,OAAO,aAAI7tB,EAAAA,UAAU8tB,gBAAgB,IAAIvvB,WAAWsvB,KAAWjpB,KAAI,SAAAmpB,GAAC,OAAIA,EAAEC,SAAS,GAAG,IAAEjpB,KAAK,GAC/F,CAAC,SAEqBkpB,IAAe,4CAWpC,OAXoC,gCAA9B,0FAMJ,OALKN,EAAY,CAChB3/B,KAAM,oBACNqS,KAAM,UACN6tB,cAAe,KACfC,eAAgB,IAAI5vB,WAAW,CAAC,EAAM,EAAM,KAC7C,kBAIMyB,EAAAA,UAAUC,OAAOmuB,YAAYT,GAAW,EAAO,CAAC,OAAQ,YAAU,4CAC1E,+BAEcU,EAAe,+CAM7B,OAN6B,gCAA9B,WAAgC71B,GAAmB,+EACG,OAA9CmH,GAAS,IAAIG,aAAcC,OAAOvH,GAAY,SACjCwH,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAO,OAAnD,OAAJU,EAAO,EAAH,wBAEH,EAAAlB,EAAAA,MAAKI,OAAOC,aAAac,MAAM,KAAM,IAAI/B,WAAW8B,KACxD1M,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAG,4CAC9D,sBA8CA,SAGc26B,EAAiB,+CAc/B,OAd+B,gCAAhC,WAAkC5pB,GAAmB,8GAAKna,EAAI,iCAAJA,EAAI,0BAtCrD,IAAIH,SAAQ,SAACC,EAASI,GAC3B,IACE,IACM8jC,EADY/7B,OAAOiR,UACH+qB,KAAKpB,EAAgB,GAE3CmB,EAAIE,QAAU,WACZhkC,EAAO8jC,EAAI91B,MACb,EAEA81B,EAAIG,gBAAkB,WACTH,EAAI3oB,OACZ+oB,kBAAkBtB,EACvB,EAEAkB,EAAIK,UAAY,WACd,IAAMC,EAAKN,EAAI3oB,OACTpc,EAAKqlC,EAAGhX,YAAYwV,EAAQ,aAElC7jC,EAAGilC,QAAU,WACXhkC,EAAOjB,EAAGiP,MACZ,EAEA,IAAMq2B,EAAQtlC,EAAGulC,YAAY1B,GAE7BhjC,EAAQykC,GAERtlC,EAAGwlC,WAAa,WACdH,EAAG1wB,OACL,CACF,CACF,CACA,MAAO7N,GACL7F,EAAO6F,EACT,CACF,IAK8B,OAAnB,OAALw+B,EAAQ,EAAH,uBACJ,IAAI1kC,SAAQ,SAACC,EAASI,GAI3B,IAAM8jC,EAAMO,EAAMpqB,GAAO,MAAboqB,EAAiBvkC,GAC7BgkC,EAAIK,UAAY,WACdvkC,EAAQkkC,EACV,EACAA,EAAIE,QAAU,WACZhkC,EAAO8jC,EAAI91B,MACb,CACF,KAAE,2CACH,iCAEcw2B,EAAY,iDAG1B,OAH0B,gCAA3B,WAA6BC,EAAgBC,GAAsB,uFAC3Db,EAAkB,MAAOa,EAASD,GAAO,gCACxCC,GAAO,4CACf,sBAGgC,aAUhC,OAVgC,gCAA1B,WAA4BD,GAAe,iFAC5CA,EAAQ,CAAF,+BACUZ,EAAkB,MAAOY,GAAO,OAAzC,KAAHX,EAAM,EAAH,MACD3oB,OAAQ,CAAF,wCACL2oB,EAAI3oB,QAAM,aAKf,IAAIlb,EAAAA,aAAa,sDAAD,OAAuDwkC,EAAS,KAAH,OAAQA,EAAM,KAAM,KAAK,4CAC7G,+BAEqBE,EAAgB,+CAErC,OAFqC,gCAA/B,WAAiCF,GAAc,uFAC9CZ,EAAkB,SAAUY,GAAO,4CAC1C,sBAEyC,aAEzC,OAFyC,gCAAnC,oGACCZ,EAAkB,SAAQ,4CACjC,sBAGsC,aAKtC,OALsC,gCAAhC,4FACiC,OAAhCe,EAAYzB,EAAkB,GAAE,SAChBK,IAAiB,OAA1B,OAAPkB,EAAU,EAAH,cACPF,EAAaI,EAAWF,GAAQ,gCAC/B,CAAEA,QAAAA,EAASE,UAAAA,IAAW,4CAC9B,sBAIgD,aAmBhD,OAnBgD,gCAA1C,WAA4CC,EAAoC/xB,GAAc,qFAejC,GAd9DgyB,GAAc,EAEV/2B,EAA8B+E,EAA9B/E,YAAae,EAAiBgE,EAAjBhE,aAGA,WAAjB+1B,GAA6B92B,GAAyC,SAA1BA,EAAYg3B,YAAyBj2B,IACnFg2B,GAAc,GAIK,YAAjBD,GAA8B/1B,IAAiBf,IACjD+2B,GAAc,GAGVL,EAAgC,QAA1B,EAAG12B,aAAW,EAAXA,EAAai3B,kBAAU,QAAIl2B,aAAY,EAAZA,EAAck2B,YACpDF,IAAeL,EAAM,gCACjBE,EAAiBF,GAAO,4CAEjC,+BAIqBQ,EAAiB,+CAyBtC,OAzBsC,gCAAhC,qHAA4E,OAAxCP,EAAO,EAAPA,QAAStkC,EAAG,EAAHA,IAAK6Z,EAAM,EAANA,OAAQ4R,EAAK,EAALA,MAAO9d,EAAW,EAAXA,YAAW,SAC1CwH,EAAAA,UAAUC,OAAO0vB,UAAU,MAAOR,EAAQ/K,WAAU,OAgB1F,GAhB0F,SAAnFwL,EAAG,EAAHA,IAAKC,EAAG,EAAHA,IAAKlhC,EAAC,EAADA,EAAGmhC,EAAC,EAADA,EAAGC,EAAC,EAADA,EAAGC,EAAC,EAADA,EACrBztB,EAAS,CACb0tB,IAAK,QACLC,IAAK,WACLC,IAAK,CAAEP,IAAAA,EAAKC,IAAAA,EAAKlhC,EAAAA,EAAGmhC,EAAAA,EAAGC,EAAAA,EAAGC,EAAAA,IAGtBzC,EAAqB,CACzB6C,IAAK1rB,EACL2rB,IAAKxlC,EACLylC,IAAK7/B,KAAKmZ,MAAMvV,KAAKmC,MAAQ,KAC7B+5B,IAAK3C,KAGHtX,IACFiX,EAAOjX,MAAQA,IAIb9d,EAAa,CAAF,iCACM61B,EAAgB71B,GAAY,QAA/C+0B,EAAOiD,IAAM,EAAH,sCAGLlD,EAAU/qB,EAAQgrB,EAAQ4B,EAAQsB,aAAW,6CACrD,sBAGgD,aAOhD,OAPgD,gCAA1C,mGAIJ,OAJkDtB,EAAO,EAAPA,QAAStkC,EAAG,EAAHA,IAAK6Z,EAAM,EAANA,OAAQ4R,EAAK,EAALA,MACnE7nB,EAA0B,CAAE0gC,QAAAA,EAAStkC,IAAAA,EAAK6Z,OAAAA,GAC5C4R,IACF7nB,EAAO6nB,MAAQA,GAChB,kBAEMoZ,EAAkBjhC,IAAO,4CACjC,+FC5KM,SAA8B+yB,GACnC,IAAIkP,EAAmBC,EAAgCnP,GACvD,OAAO,EAAAzyB,EAAAA,eAAa,OACf2hC,GACClP,EAAYoP,aAAe,EAAJ,GAASpP,EAAYoP,cAEpD,uDA1DA,SACA,UAA4C,2kBAGrC,SAASD,EAAgCnP,GAE9C,IAAKA,EAAYjnB,SACf,MAAM,IAAI7P,EAAAA,aAAa,2EAGzB,IAAI,EAAAsd,EAAAA,UAASwZ,EAAY1b,gBAA4D,IAA3C0b,EAAY1b,aAAapS,QAAQ,KACzE,MAAM,IAAIhJ,EAAAA,aAAa,4DAIzB,IAAImmC,EAA2B,CAC7B,UAAarP,EAAYjnB,SACzB,eAAkBinB,EAAYxL,cAC9B,sBAAyBwL,EAAYvL,oBACrC,QAAWuL,EAAYrsB,QACvB,IAAOqsB,EAAYnD,IACnB,UAAamD,EAAYsP,SACzB,WAActP,EAAYuP,UAC1B,QAAWvP,EAAYpL,OACvB,MAASoL,EAAYlL,MACrB,OAAUkL,EAAYwP,OACtB,aAAgBxP,EAAY1L,YAC5B,cAAiB0L,EAAYxjB,aAC7B,cAAiBwjB,EAAY1b,aAC7B,aAAgB0b,EAAYyP,aAC5B,MAASzP,EAAYnpB,MACrB,WAAcmpB,EAAYnL,UAC1B,kBAAqBmL,EAAY0P,iBAUnC,GARAL,GAAc,EAAA//B,EAAAA,YAAW+/B,GAEzB,CAAC,YAAa,gBAAiB,qBAAqBr9B,SAAQ,SAAU29B,GAChEtkC,MAAMC,QAAQ+jC,EAAYM,MAC5BN,EAAYM,GAAcN,EAAYM,GAAYpsB,KAAK,KAE3D,KAEuD,IAAnDyc,EAAY1b,aAAcpS,QAAQ,cACO,IAA3C8tB,EAAYzL,OAAQriB,QAAQ,UAC5B,MAAM,IAAIhJ,EAAAA,aAAa,qFAKzB,OAJW82B,EAAYzL,SACrB8a,EAAYpa,MAAQ+K,EAAYzL,OAAQhR,KAAK,MAGxC8rB,CACT,qCCnDA,oLACA,oLACA,sPC+GC,SAEsC,EAAD,2DAhBrC,SAGyC,EAAD,gFAtGzC,UAEA,SACA,UACA,UAaA,SAASO,EAAgBtmC,GAEvB,IAAKA,EAAQyP,SACX,MAAM,IAAI7P,EAAAA,aAAa,2EAGzB,IAAKI,EAAQgrB,YACX,MAAM,IAAIprB,EAAAA,aAAa,sEAGzB,IAAKI,EAAQumC,oBAAsBvmC,EAAQqnB,gBACzC,MAAM,IAAIznB,EAAAA,aAAa,6EAGzB,IAAKI,EAAQinB,aACX,MAAM,IAAIrnB,EAAAA,aAAa,gFAE3B,CAEA,SAAS4mC,EAAY/nC,EAAKuB,GAExB,IAAI2D,GAAsB,EAAAqC,EAAAA,YAAW,CACnC,UAAahG,EAAQyP,SACrB,aAAgBzP,EAAQgrB,YACxB,WAAchrB,EAAQqnB,gBAAkB,mBAAqB,qBAC7D,cAAiBrnB,EAAQinB,eAGvBjnB,EAAQqnB,gBACV1jB,EAAyB,iBAAI3D,EAAQqnB,gBAC5BrnB,EAAQumC,oBACjB5iC,EAAO8iC,KAAOzmC,EAAQumC,mBAGxB,IAAQ9a,EAAiBhtB,EAAIuB,QAArByrB,aAMR,OALIA,IACF9nB,EAAsB,cAAI8nB,IAIrB,EAAAxnB,EAAAA,eAAcN,GAAQ2D,MAAM,EACrC,CAAC,SAGco/B,EAAgB,iDAsC9B,OAtC8B,gCAA/B,WAAiCjoC,EAAK,GAAF,iGAIjC,GAJqCsB,EAAG,EAAHA,IAAKlB,EAAI,EAAJA,KAAM2sB,EAAK,EAALA,MAAOmb,EAAW,EAAXA,YAClD/sB,EAAS,OACTlY,EAAe,CACnB,eAAgB,sCAGdjD,EAAIuB,QAAQ88B,KAAM,CAAF,mBACb6J,EAAa,CAAF,qBACR,IAAI/mC,EAAAA,aAAa,mDAAkD,wBAGvD,EAAAgnC,EAAAA,6BAA4B,CAAE7mC,IAAAA,EAAK6Z,OAAAA,EAAQ4R,MAAAA,EAAO6Y,QAASsC,IAAc,OAAvFE,EAAQ,EAAH,KACXnlC,EAAQolC,KAAOD,EAAM,oCAIF,EAAAnqB,EAAAA,aAAYje,EAAK,CAClCsB,IAAAA,EACA6Z,OAAAA,EACAna,KAAMZ,EACN6C,QAAAA,IACA,QALQ,OAAJuV,EAAO,EAAH,uBAMHA,GAAI,wCAGP,EAAA8vB,EAAAA,kBAAgB,OAAUvb,EAAK,iBACgB,GAA3Cwb,EAAoB,QAAX,EAAG,KAAI/vB,YAAI,aAAR,EAAUvV,QAAQ,cACpB,CAAF,sBAEN,IAAI2U,EAAAA,aACR,CAACG,aAAc,8CACP,QADoD,EAC5D,KAAIS,YAAI,aAAInY,GACb,iCAEI4nC,EAAiBjoC,EAAK,CAAEsB,IAAAA,EAAKlB,KAAAA,EAAM8nC,YAAAA,EAAanb,MAAOwb,KAAY,+EAI/E,sBAGwC,aAWxC,OAXwC,gCAAlC,WAAmCvoC,EAAKuB,EAA8B+0B,GAAgB,+EAQ1F,OAPDuR,EAAgBtmC,GACZnB,EAAO2nC,EAAY/nC,EAAKuB,GAEtB2D,EAA6B,CACjC5D,IAAKg1B,EAAKkS,SACVpoC,KAAAA,EACA8nC,YAAa3mC,aAAO,EAAPA,EAAS2mC,aACvB,kBAEMD,EAAiBjoC,EAAKkF,IAAO,4CACrC,sBAEqC,aA2BrC,OA3BqC,gCAA/B,WACLlF,EACAuB,EACAyO,GAA0B,iFAqBzB,OAnBK5P,EAAOG,OAAO0R,QAAQ,CAC1Bgb,UAAW1rB,EAAQyP,SACnBy3B,WAAY,gBACZvb,MAAOld,EAAawc,OAAOhR,KAAK,KAChCktB,cAAe14B,EAAaA,eAC3BqL,KAAI,SAAU,GAAe,yBAAd5W,EAAI,KAAEiF,EAAK,KAE3B,OAAOjF,EAAO,IAAM8W,mBAAmB7R,EACzC,IAAG8R,KAAK,KAEJla,EAAM0O,EAAaw4B,SACnBjnC,EAAQ8lC,aAAe9mC,OAAOyJ,KAAKzI,EAAQ8lC,aAAa1jC,QAAU,IACpErC,IAAO,EAAAkE,EAAAA,eAAcjE,EAAQ8lC,cAGzBniC,EAA6B,CACjC5D,IAAAA,EACAlB,KAAAA,EACA8nC,YAAa3mC,aAAO,EAAPA,EAAS2mC,aACvB,kBAEMD,EAAiBjoC,EAAKkF,IAAO,4CACrC,+ECnIM,SAAgBlF,EAA6Byd,EAAgBkrB,GAClE,IAAI1pB,EAAYjf,EAAIkf,eAAeC,aAAanf,EAAIuB,QAAQ6d,SAE5D,OAAOwpB,EAAa5oC,EAAKyd,GACxBpc,MAAK,SAASwnC,GACb,IAAIC,EAAUD,EAAoB,SAI9BvpB,EADgBL,EAAUM,aACKupB,GACnC,GAAIxpB,GAAkBxU,KAAKmC,MAAM,IAAOqS,EAAe3V,UAAW,CAChE,IAAIo/B,GAAY,EAAApkC,EAAAA,MAAK2a,EAAexD,SAAS9R,KAAM,CACjD2+B,IAAKA,IAGP,GAAII,EACF,OAAOA,CAEX,CAMA,OAHA9pB,EAAUgC,aAAa6nB,IAGhB,EAAA/mC,EAAAA,KAAI/B,EAAK8oC,EAAS,CACvBzpB,eAAe,IAEhBhe,MAAK,SAASnB,GACb,IAAI6D,GAAM,EAAAY,EAAAA,MAAKzE,EAAI8J,KAAM,CACvB2+B,IAAKA,IAGP,GAAI5kC,EACF,OAAOA,EAGT,MAAM,IAAI5C,EAAAA,QAAa,eAAiBwnC,EAAM,uCAChD,GACF,GACF,mBAnDA,cACA,SAEA,aAEO,SAASC,EAAa5oC,EAA6Byd,GACxD,IAAIurB,EAAiBvrB,GAAUzd,EAAIuB,QAAQkc,OAC3C,OAAO,EAAA1b,EAAAA,KAAI/B,EAAKgpC,EAAgB,oCAAqC,CACnE3pB,eAAe,GAEnB,2DCJO,SACLrf,EACAuB,GAEAA,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAE7B,IAAM2D,GAAS,EAAA+jC,EAAAA,kCAAiCjpC,EAAKuB,GAC/CsW,GAAO,EAAAqxB,EAAAA,+BAA8BlpC,EAAKkF,GAC1Ci5B,EAAatmB,EAAKye,KAAK6S,cAAe,EAAAC,EAAAA,sBAAqBlkC,GACjElF,EAAIokB,mBAAmB0T,KAAKjgB,GACxB7X,EAAIuB,QAAQ8nC,YACdrpC,EAAIuB,QAAQ8nC,YAAYlL,GAExBl1B,OAAOuL,SAAShU,OAAO29B,EAE3B,EAnBA,aACA,UACA,mFCGwD,SAGZ,EAAD,mEAP3C,UACA,SACA,UACA,UACA,UAG2C,aA2E1C,OA3E0C,gCAApC,WAAqCn+B,EAA6Bi4B,EAA0B3B,GAAiB,uHA8CjH,GA7CDA,EAAOA,IAAQ,EAAAgT,EAAAA,cAAatpC,EAAKi4B,GAEjCA,EAAc13B,OAAOC,OAAO,CAAC,GAAG,EAAA+oC,EAAAA,uBAAsBvpC,IAAM,EAAA8C,EAAAA,OAAMm1B,IAGhE6P,GAH8E,EAe5E7P,GAZF6P,kBACAlf,EAAe,EAAfA,gBACAJ,EAAY,EAAZA,aACAxX,EAAQ,EAARA,SACAub,EAAW,EAAXA,YACAC,EAAM,EAANA,OACA6J,EAAe,EAAfA,gBACAvnB,EAAK,EAALA,MACAge,EAAS,EAATA,UACAuR,EAAI,EAAJA,KACA6H,EAAU,EAAVA,WACAmB,EAAW,EAAXA,YAIImC,EAAuC,CAC3Cx4B,SAAAA,EACAub,YAAAA,EACAub,kBAAAA,EACAlf,gBAAAA,EACAJ,aAAAA,EACA6V,KAAAA,GAMI9hB,EAAoC,CAAC,UACR,IAA/BiQ,EAAQriB,QAAQ,WAClBoS,EAAa3Y,KAAK,YAGd6lC,EAAqC,CACzCz4B,SAAAA,EACAub,YAAAA,EACAC,OAAAA,EACAjQ,aAAAA,EACA8Z,gBAAAA,EACAvJ,UAAAA,EACAua,YAAAA,GACD,UAGKhJ,EAAM,CAAF,oBAEF6H,EAAY,CAAF,kCACU,EAAAwD,EAAAA,aAAYxD,GAAW,QAAvCN,EAAU,EAAH,KACb4D,EAAgBtB,YAActC,EAC9B6D,EAAsBpL,KAAOA,EAC7BoL,EAAsBvD,WAAaA,EAAW,0CAGT,EAAAyD,EAAAA,qBAAmB,iBAAhD/D,EAAO,EAAPA,QAASE,EAAS,EAATA,UACjB0D,EAAgBtB,YAActC,EAC9B6D,EAAsBpL,KAAOA,EAC7BoL,EAAsBvD,WAAaJ,EAAU,0BAIN,EAAA8D,EAAAA,qBAAoB5pC,EAAKwpC,EAAiBlT,GAAK,QAAxD,OAA5BuT,EAA+B,EAAH,gBAES,EAAAC,EAAAA,qBAAoB9pC,EAAKypC,EAAuBI,EAAevT,GAAM,QAEnF,OAFvBC,EAA+B,EAAH,MACpByR,KAAOF,EACrBvR,EAAcznB,MAAQA,EAAO,kBACtBynB,GAAa,QAGW,OAHX,UAGpBv2B,EAAIokB,mBAAmB4R,QAAQ,4EAElC,gFC/EM,SAQLjjB,EACA1L,EACA2L,GAGA,IAAMvQ,GAAO,EAAAwQ,EAAAA,oBAAmB5L,GAC1B6L,GAAc,EAAAC,EAAAA,cAAmB1Q,EAAMsQ,GACvCK,GAAW,EAAAC,EAAAA,WAAgBH,GAC3BI,GAAc,EAAAC,EAAAA,cAAmBH,GAEvC,OADkB,EAAAK,EAAAA,YAAwBH,EAAaN,EAEzD,EAlCA,cACA,SACA,UACA,UACA,8DCsGO,SAAyBhT,GAC9B,MAAO,CACL+pC,UAAW,CACTC,oBAAqBA,EAAAA,oBAAoB/nC,KAAK,KAAMjC,IAG1D,mBAzEO,SAAwBA,EAA6BiqC,GAC1D,IAAMC,EAAW,SAAC/uB,GAChB,OAAOtN,EAAAA,aAAa7J,UAAUJ,KAAK3B,KAAKgoC,EAAO9uB,EAAQ,KACzD,EAEMgvB,EAAoBD,EAASE,EAAAA,gBAAgBnoC,KAAK,KAAMjC,IAGxDqqC,EAAiBH,EAASI,EAAAA,aAAaroC,KAAK,KAAMjC,IAClDuqC,EAAyChqC,OAAOC,OAAO6pC,EAAgB,CAE3EG,YAAa,WACX,OAAOvhC,OAAOwhC,OAChB,EAGAC,aAAc,WACZ,OAAOzhC,OAAOuL,QAChB,EAGAm2B,aAAc,WACZ,OAAO1hC,OAAOuC,QAChB,IAGI0C,EAAiB,CACrB8pB,mBAAoBA,EAAAA,mBAAmB/1B,KAAK,KAAMjC,GAClD6oB,sBAAuBA,EAAAA,sBAAsB5mB,KAAK,KAAMjC,GACxD4qC,iBAAkBA,EAAAA,iBAAiB3oC,KAAK,KAAMjC,GAC9C6qC,aAAcA,EAAAA,aAAa5oC,KAAK,KAAMjC,GACtC8qC,gBAAiBA,EAAAA,gBAAgB7oC,KAAK,KAAMjC,GAC5CoqC,gBAAiBD,EACjBG,aAAcC,EACdQ,OAAQC,EAAAA,YACRC,OAAQC,EAAAA,YAAYjpC,KAAK,KAAMjC,GAC/B0iC,MAAOyI,EAAAA,WAAWlpC,KAAK,KAAMjC,GAC7BorC,uBAAwBA,EAAAA,uBAAuBnpC,KAAK,KAAMjC,GAC1D8iC,YAAaA,EAAAA,YAAY7gC,KAAK,KAAMjC,GACpCqrC,YAAa,SACXC,EACAC,GAEA,OAAO,EAAAF,EAAAA,aAAYrrC,EAAKsrC,EAAmBC,EAC7C,EACA5zB,OAAQ6zB,EAAAA,YAAYvpC,KAAK,KAAMjC,GAC/B6T,gBAAiBA,EAAAA,gBAAgB5R,KAAK,KAAMjC,GAC5CsC,WAAYmpC,EAAAA,eAAexpC,KAAK,KAAMjC,IAiBxC,MAZe,CACb,mBACA,eACA,SACA,QACA,yBACA,eAEKiK,SAAQ,SAAAlG,GACbmK,EAAMnK,GAAOmmC,EAASh8B,EAAMnK,GAC9B,IAEOmK,CACT,EA9FA,aACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,SACA,UACA,UAYA,UACA,UACA,kECjBO,SAA4BlO,GAOjC,MAN4B,CAC1Bg4B,mBAAoBA,EAAAA,mBAAmB/1B,KAAK,KAAMjC,GAClD6oB,sBAAuBA,EAAAA,sBAAsB5mB,KAAK,KAAMjC,GACxD+qC,OAAQC,EAAAA,YAIZ,EAjBA,cACA,UAKA,6CCnBA,oLACA,gPCmFO,SAAkBhrC,EAA6BuB,GACpD,GAAI0J,UAAUtH,OAAS,EACrB,OAAO9C,QAAQK,OAAO,IAAIC,EAAAA,QAAa,qEAOzC,IAAMuqC,GAJNnqC,EAAUA,GAAW,CAAC,GAIMmqC,YAG5B,OAFAnqC,EAAQmqC,iBAAcrrC,GAEf,EAAA23B,EAAAA,oBAAmBh4B,EAAKuB,GAC5BF,MAAK,SAAU42B,GAGd,IAiBIkG,EAEF7H,EAoBF,OA7BI/0B,EAAQmmC,aACVnnC,OAAOC,OAAOy3B,EAXY,CAC1BwP,OAAQ,OACRhzB,aAAc,oBACd7I,QAAS,OASArK,EAAQuzB,KACjBv0B,OAAOC,OAAOy3B,EAPG,CACjBrsB,QAAS,UAeX0qB,GAAO,EAAAgT,EAAAA,cAAatpC,EAAKi4B,GAEzBkG,GADW58B,EAAQinB,aAAe8N,EAAKkS,SAAWlS,EAAK6S,eAC/B,EAAAC,EAAAA,sBAAqBnR,GAIzCA,EAAYyP,cAAwC,OAAxBzP,EAAYrsB,QAC/B,SAEoB,UAAxBqsB,EAAYrsB,QACRrK,EAAQoqC,SAAW,YAAc,QAGjC,YAKX,IAAK,SACH,IAAIC,GAAgB,EAAAC,EAAAA,wBAAuB7rC,EAAKuB,EAAQ6J,QAAS6sB,EAAYnpB,OACzEg9B,GAAW,EAAAC,EAAAA,WAAU5N,GACzB,OAAOyN,EACJvqC,MAAK,SAAUnB,GACd,OAAO,EAAA4pC,EAAAA,qBAAoB9pC,EAAKi4B,EAAa/3B,EAAsBo2B,EACrE,IACChqB,SAAQ,WAC+B,MAAlCd,SAASC,KAAKgB,SAASq/B,KACH,QAAtB,EAAAA,EAASp/B,qBAAa,OAAtB,EAAwBC,YAAYm/B,GAExC,IAEJ,IAAK,QACH,IAAIE,EAIJ,GAAiC,sBAA7B/T,EAAYxjB,aAAsC,CACpD,IAAKzU,EAAI0H,SAASukC,8BAChB,MAAM,IAAI9qC,EAAAA,QAAa,sDAEzB6qC,GAAe,EAAAH,EAAAA,wBAAuB7rC,EAAKuB,EAAQ6J,QAAS6sB,EAAYnpB,MAC1E,CA6BA,OAzBI48B,GACFA,EAAYl3B,SAAShU,OAAO29B,GAIX,IAAIt9B,SAAQ,SAAUC,EAASI,GAChD,IAAIgrC,EAAcC,aAAY,WACvBT,IAAeA,EAAYU,SAC9BC,cAAcH,GACdhrC,EAAO,IAAIC,EAAAA,QAAa,wCAE5B,GAAG,KAGH6qC,EACG3qC,MAAK,SAAUnB,GACdmsC,cAAcH,GACdprC,EAAQZ,EACV,IACC4G,OAAM,SAAUC,GACfslC,cAAcH,GACdhrC,EAAO6F,EACT,GACJ,IAGG1F,MAAK,SAAUnB,GACd,OAAO,EAAA4pC,EAAAA,qBAAoB9pC,EAAKi4B,EAAa/3B,EAAsBo2B,EACrE,IACChqB,SAAQ,WACHo/B,IAAgBA,EAAYU,QAC9BV,EAAY92B,OAEhB,IAEJ,IAAK,YAEH,IAAI03B,GAAa,EAAAC,EAAAA,qBAAoBvsC,EAAKuB,EAAQ6J,QAAS7J,EAAQmT,QAAUujB,EAAYnpB,OAIzF,IAAI48B,EAIF,MAAM,IAAIvqC,EAAAA,QAAa,+BAGzB,OANEuqC,EAAYl3B,SAAShU,OAAO29B,GAMvBmO,EACNjrC,MAAK,SAAUnB,GACd,OAAO,EAAA4pC,EAAAA,qBAAoB9pC,EAAKi4B,EAAa/3B,EAAsBo2B,EACrE,IAEF,QACE,MAAM,IAAIn1B,EAAAA,QAAa,gDAE7B,GACJ,EAjNA,cAOA,aASA,UACA,UACA,yEClBuG,SAEtE,kFAJjC,UACA,UACA,UAAuG,2kBAEtE,aA8DhC,OA9DgC,gCAA1B,WACLnB,EAAKsrC,EACLC,GAAsB,kFAGjBD,EAAmB,CAAF,+BACOtrC,EAAI+N,aAAaqoB,YAAW,OAAvDkV,EAAoB,EAAH,KAAwCr8B,YAAW,UAEjEs8B,EAAe,CAAF,+BACOvrC,EAAI+N,aAAaqoB,YAAW,OAAnDmV,EAAgB,EAAH,KAAwCv8B,QAAO,UAGzDs8B,IAAsB,EAAA7J,EAAAA,eAAc6J,GAAkB,0CAClDzqC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,iDAA+C,WAGnFoqC,IAAkB,EAAA7J,EAAAA,WAAU6J,GAAc,0CACtC1qC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,6CAA2C,QAOnF,GAJKI,EAAe,CACnBD,IAAKgqC,EAAkBkB,YACvBrxB,OAAQ,MACRlM,YAAaq8B,EAAkBr8B,cAG7BjP,EAAIuB,QAAQ88B,KAAM,CAAF,iCACIr+B,EAAIs+B,4BAA4B,EAAD,KAAK/8B,GAAO,IAAE0N,YAAaq8B,KAAoB,QAA9FroC,EAAU,EAAH,KACb1B,EAAQ0B,QAAUA,SACX1B,EAAQ0N,YAAY,kCAGtB,EAAAgP,EAAAA,aAAYje,EAAKuB,GACrBF,MAAK,SAAAorC,GAEJ,OAAIA,EAASC,MAAQnB,EAAcvH,OAAO0I,IACjCD,EAEF5rC,QAAQK,OAAO,IAAIC,EAAAA,aAAa,0DACzC,IACC2F,OAAM,SAAUC,GAEf,GAAIA,aAAe2R,EAAAA,eAAiB1Y,EAAIuB,QAAQ88B,KAAM,CACpD,IAAQnvB,EAA4BnI,EAA5BmI,MAAO4J,EAAqB/R,EAArB+R,iBACf,MAAM,IAAIR,EAAAA,WAAWpJ,EAAO4J,EAC9B,CAGA,IAAK9Y,EAAIuB,QAAQ88B,KAAM,OACjBj5B,EAAI2B,EAKR,GAJIA,aAAe6Q,EAAAA,cAAf7Q,MAA+BA,GAAS,QAAN,EAAHA,EAAK8Q,YAAI,OAAT,EAAW6G,gBAC5CtZ,EAAIsT,EAAAA,aAAamG,YAAY9X,EAAI8Q,KAAK6G,gBAGpCtZ,aAAasT,EAAAA,aAAc,CAC7B,MAAoCtT,EAA5B8J,EAAK,EAALA,MAAO4J,EAAgB,EAAhBA,iBACf,MAAM,IAAIR,EAAAA,WAAWpJ,EAAO4J,EAC9B,CACF,CAEA,MAAM/R,CACR,KAAE,6CACL,0FCtCM,SACL/G,EACAuB,GAED,IAEE,IAAKoT,iBACJ,MAAM,IAAIxT,EAAAA,aAAa,iFAGzB,IAAKI,EAAQgrB,YACX,MAAM,IAAIprB,EAAAA,aAAa,2DAGpBI,EAAQuN,QACXvN,EAAQuN,OAAQ,EAAA69B,EAAAA,kBAMlB,IAaIC,EAbElB,GAAc,EAAAmB,EAAAA,WAAU,IAAKtrC,GAE7BmT,EAAU,IAAIC,iBAAiB,kBAAD,OAAmBpT,EAAQuN,QAwB/D,OAtBAvN,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAC7BhB,OAAOC,OAAOe,EAAS,CACrBqK,QAAS,QACT6I,aAAc,QACdi3B,YAAAA,EACAC,UAAU,EACVj3B,QAAAA,IAgBK,CACL+K,QAbc,IAAI5e,SAAuB,SAACC,EAASI,GAEnD,OADA0rC,EAAgB1rC,GACT,EAAA4rC,EAAAA,UAAS9sC,EAAKuB,GACpBF,MAAK,SAACnB,GAAG,OAAKY,EAAQZ,EAAI,IAC1B4G,OAAM,SAAAC,GAAG,OAAI7F,EAAO6F,EAAI,GAC3B,IASEnG,OAPa,WACb8T,EAAQE,QACRg4B,EAAc,IAAIzrC,EAAAA,aAAa,uBACjC,EAMD,CACA,MAAO4F,GACN,MAAO,CACL0Y,QAAS5e,QAAQK,OAAO6F,GACxBnG,OAAQ,WAAO,EAElB,CACD,iBAjFO,SACLZ,EACAuB,GAEA,GAAI0J,UAAUtH,OAAS,EACrB,OAAO9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,yEAGzC,MAAmCI,EAA3BwrC,EAAW,EAAXA,YAAgB7nC,GAAM,kBAKxBwmC,GAAc,EAAAmB,EAAAA,WAAUE,QAAAA,EAAe,IAAK7nC,GAOlD,OANA3D,GAAU,EAAAuB,EAAAA,OAAMoC,IAAW,CAAC,EAC5B3E,OAAOC,OAAO0E,EAAQ,CACpB0G,QAAS,QACT6I,aAAc,oBACdi3B,YAAAA,KAEK,EAAAoB,EAAAA,UAAS9sC,EAAKkF,EACvB,kBA3BA,UAEA,SACA,UACA,UAAkD,qFCCW,SAEvB,EAAD,iEANrC,UAEA,SACA,UACA,UAEqC,aAgBpC,OAhBoC,gCAA9B,WAA+BlF,EAA6BuB,GAAqB,kGAClF,EAAUoC,OAAS,GAAC,yCACf9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,6EAA2E,OAGrF,OAA/BI,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAAE,UAEL,EAAAy2B,EAAAA,oBAAmBh4B,EAAKuB,GAAQ,OAApD02B,EAAc,EAAH,KACXpgB,GAAO,EAAAsgB,EAAAA,iBAAgBn4B,EAAKi4B,GAC5BkG,EAAatmB,EAAKye,KAAK6S,cAAe,EAAAC,EAAAA,sBAAqBnR,GACjEj4B,EAAIokB,mBAAmB0T,KAAKjgB,GACxB7X,EAAIuB,QAAQ8nC,YACdrpC,EAAIuB,QAAQ8nC,YAAYlL,GAExBl1B,OAAOuL,SAAShU,OAAO29B,GACxB,4CACF,+EClBM,SAA0Bn+B,EAA6BuB,GAC5D,OAAI0J,UAAUtH,OAAS,EACd9C,QAAQK,OAAO,IAAIC,EAAAA,aAAa,8EAGzCI,GAAU,EAAAuB,EAAAA,OAAMvB,IAAY,CAAC,EAC7BhB,OAAOC,OAAOe,EAAS,CACrBkmC,OAAQ,OACRhzB,aAAc,oBACd7I,QAAS,QAEJ,EAAAkhC,EAAAA,UAAS9sC,EAAKuB,GACvB,EAjBA,cAEA,SACA,iFC0BC,SAEyC,EAAD,qEA5BzC,SACA,UAGA,UAWA,UACA,UAEA,SAASyrC,EAAiB9sC,EAAoBonC,GAC5C,GAAIpnC,EAAW,OAAKA,EAAuB,kBACzC,MAAM,IAAIoY,EAAAA,WAAWpY,EAAW,MAAGA,EAAuB,mBAG5D,GAAIA,EAAI4O,QAAUw4B,EAAYx4B,MAC5B,MAAM,IAAI3N,EAAAA,aAAa,wDAE3B,CAEyC,aAiJxC,OAjJwC,gCAAlC,WACLnB,EACAi4B,EACA/3B,EACAo2B,GAAiB,2GAEsB,IAAL,IAArBt2B,EAAIuB,QAAQ0rC,OAIZ/sC,EAAI8nC,OAAQ9nC,EAAIgtC,iBAAiB,yCACrCltC,EAAIkO,MAAM2a,sBAAsBtoB,OAAOC,OAAO,CAAC,EAAGy3B,EAAa,CACpE6P,kBAAmB5nC,EAAI8nC,KACvBpf,gBAAiB1oB,EAAIgtC,mBACnB5W,IAAK,OAoBwB,GAjBnC2B,EAAcA,IAAe,EAAAsR,EAAAA,uBAAsBvpC,GACnDs2B,EAAOA,IAAQ,EAAAgT,EAAAA,cAAatpC,EAAKi4B,GAE7B1b,EAAe0b,EAAY1b,cAAgB,GAC1CjZ,MAAMC,QAAQgZ,IAAkC,SAAjBA,IAClCA,EAAe,CAACA,IAKhBiQ,EADEtsB,EAAIgtB,MACGhtB,EAAIgtB,MAAM5V,MAAM,MAEhB,EAAAxU,EAAAA,OAAMm1B,EAAYzL,QAEvBxb,EAAWinB,EAAYjnB,UAAYhR,EAAIuB,QAAQyP,SAGrDg8B,EAAiB9sC,EAAK+3B,IAElBA,EAAYoG,KAAM,CAAF,gBACO,IAA6B,QADpC,EACuB,QADvB,EACYr+B,EAAIuB,eAAO,aAAX,EAAa4rC,mBAAW,QAAI,CAAEC,mBAAmB,IAAvEA,mBAIqC,SAAnBltC,EAAImtC,WAAqB,uBAC3C,IAAIlsC,EAAAA,aAAa,0FAAyF,QAoDnH,GAhDKmsC,EAAY,CAAC,EACbC,EAAYrtC,EAAIstC,WAChBvH,EAAY/lC,EAAImtC,WAChBp+B,EAAc/O,EAAIutC,aAClBz+B,EAAU9O,EAAIwtC,SACd19B,EAAe9P,EAAIwoC,cACnBz7B,EAAM/F,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAE9BgC,IACI0+B,EAAY3tC,EAAIkO,MAAM68B,OAAO97B,GACnCq+B,EAAUr+B,YAAc,CACtBA,YAAaA,EACb+0B,OAAQ2J,EAAUp2B,QAClB5N,UAAW8kB,OAAO8e,GAAatgC,EAC/Bg5B,UAAWA,EACXzZ,OAAQA,EACR2c,aAAc7S,EAAK6S,aACnBqD,YAAalW,EAAKkW,aAGhBvU,EAAYiO,aACdoH,EAAUr+B,YAAYi3B,WAAajO,EAAYiO,YAG7CjO,EAAYoP,cACdiG,EAAUr+B,YAAYo4B,YAAcpP,EAAYoP,cAIhDr3B,IACFs9B,EAAUt9B,aAAe,CACvBA,aAAcA,EAGdrG,UAAW8kB,OAAO8e,GAAatgC,EAC/Buf,OAAQA,EACRgc,SAAUlS,EAAKkS,SACfW,aAAc7S,EAAK6S,aACnB1rB,OAAQ6Y,EAAK7Y,QAGXwa,EAAYiO,aACdoH,EAAUt9B,aAAak2B,WAAajO,EAAYiO,YAG9CjO,EAAYoP,cACdiG,EAAUt9B,aAAaq3B,YAAcpP,EAAYoP,eAIjDr4B,EAAS,CAAF,gBA0BR,OAzBK4+B,EAAQ5tC,EAAIkO,MAAM68B,OAAO/7B,GACzB6+B,EAAsB,CAC1B7+B,QAASA,EACTg1B,OAAQ4J,EAAMr2B,QACd5N,UAAWikC,EAAMr2B,QAAQu2B,IAAOF,EAAMr2B,QAAQwvB,IAAO95B,EACrDuf,OAAQA,EACR2c,aAAc7S,EAAK6S,aACnB1rB,OAAQ6Y,EAAK7Y,OACbzM,SAAUA,GAGRinB,EAAYoP,cACdwG,EAAWxG,YAAcpP,EAAYoP,aAGjC0G,EAAsC,CAC1C/8B,SAAUA,EACVyM,OAAQ6Y,EAAK7Y,OACbsP,MAAOkL,EAAYlL,MACnB9d,YAAaA,EACb6d,UAAWmL,EAAYnL,gBAGWzsB,IAAhC43B,EAAY5B,kBACd0X,EAAiB1X,gBAAkB4B,EAAY5B,iBAChD,WAEK,EAAAmV,EAAAA,aAAYxrC,EAAK6tC,EAAYE,GAAiB,QACpDT,EAAUt+B,QAAU6+B,EAAW,YAIM,IAAnCtxB,EAAapS,QAAQ,UAAoBmjC,EAAUr+B,YAAW,uBAE1D,IAAI9N,EAAAA,aAAa,iHAAgH,YAE/F,IAAtCob,EAAapS,QAAQ,aAAuBmjC,EAAUt+B,QAAO,uBAEzD,IAAI7N,EAAAA,aAAa,gHAA+G,iCAGjI,CACL6S,OAAQs5B,EACRx+B,MAAO5O,EAAI4O,MACXk5B,KAAM9nC,EAAI8nC,KACVzrB,aAAAA,IACD,6CAEF,m3DChLD,+NACA,8NACA,+NACA,+NACA,+NACA,+NACA,+NACA,8NACA,+NAEA,cACA,UACA,UACA,SACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,UACA,4ECZE,SAGkC,qEAdpC,UACA,QACA,UACA,SACA,UACA,UAEMyxB,EAAU,CACd/+B,YAAa,eACbD,QAAS,WACTgB,aAAc,iBAIoB,aAyCnC,OAzCmC,gCAA7B,WAA+BhQ,EAAKiuC,EAAiB//B,GAAa,+FAOtE,GALG8C,EAAmBhR,EAAIuB,QAAQyP,SAC/Bgc,EAAmChtB,EAAIuB,QAAQyrB,aAE9C9e,IACHA,EAAQlO,EAAI+N,aAAaqoB,YAAY6X,IAGlC//B,EAAO,CAAF,qBACF,IAAI/M,EAAAA,aAAa,kBAAD,OAAmB8sC,EAAI,6BAA2B,OASpC,GAAtCxwB,GALEA,EADEwwB,IAASC,EAAAA,UAAUC,OACN,QAAL,EAAAjgC,SAAK,aAAN,EAAgBuP,OAGV,QAAL,EAAAvP,SAAK,OAAgB,QAAhB,EAAN,EAAgB81B,cAAM,WAAhB,EAAN,EAAwBoK,MAEhBpuC,EAAIuB,QAAQkc,OAE1BzM,EAAU,CAAF,qBACL,IAAI7P,EAAAA,aAAa,kFAAiF,UAErGsc,EAAQ,CAAF,sBACH,IAAItc,EAAAA,aAAa,yBAAwB,0BAGQ,EAAAynC,EAAAA,cAAa5oC,EAAKyd,GAAO,QAMvE,OANuE,SAAlD4wB,EAAa,EAArCC,uBACFC,EAAavhB,GAAe,EAAApX,EAAAA,MAAI,UAAI5E,EAAQ,YAAIgc,KAAkB,EAAApX,EAAAA,MAAK5E,GACvEhQ,GAAO,EAAAwE,EAAAA,eAAc,CAEzBgpC,gBAAiBR,EAAQC,GACzB//B,MAAOA,EAAM+/B,KACZplC,MAAM,GAAE,mBACJ,EAAApH,EAAAA,MAAKzB,EAAKquC,EAAertC,EAAM,CACpCiC,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAAWsrC,MAE9B,6CACH,6FCxDM,SAQNE,GACC,OAAO,SAAP,0BApBwD,IAoBxD,GApBwD,EAoBxD,EApBwD,kbAoBxD,yCAAO,EAAP,sBAyCG,OAzCH,4CACE,SAAe36B,EAAqBhF,GAEX4/B,EAAAA,QAAezmC,oBACvBwB,QAAQklC,EAAAA,0BAA2B76B,IAGlDhF,EAAQA,GAAS3O,KAAKoB,QAAQuN,QAEN3O,KAAK+e,eAAe0vB,wBAC5BnlC,QAAQqF,EAAOgF,EAEjC,GAAC,4BAED,SAAehF,GAGb,GADAA,EAAQA,GAAS3O,KAAKoB,QAAQuN,MACnB,CACT,IACMgF,EADgB3T,KAAK+e,eAAe0vB,wBACRplC,QAAQsF,GAC1C,GAAIgF,EACF,OAAOA,CAEX,CAGA,IAAMhS,EAAU4sC,EAAAA,QAAezmC,oBAC/B,OAAOnG,GAAUA,EAAQ0H,QAAQmlC,EAAAA,iCAA0CtuC,CAC7E,GAAC,+BAED,SAAkByO,GAOhB,GALgB4/B,EAAAA,QAAezmC,oBACvB4B,WAAW8kC,EAAAA,2BAGnB7/B,EAAQA,GAAS3O,KAAKoB,QAAQuN,MACnB,CACT,IAAM+/B,EAAgB1uC,KAAK+e,eAAe0vB,wBAC1CC,EAAchlC,YAAcglC,EAAchlC,WAAWiF,EACvD,CACF,KAAC,EAzCI,CAA8B2/B,EA2CvC,uEAhEA,UACA,oFC+CO,SAULhsC,EACAuQ,GAEF,MAEE,OAAO,EAAP,mCAhB0C,IA6WvC,EAtBA,EA/EA,EAjDA,EAnBA,EATA,EA1BA,EAhBA,EApBA,EAxBA,EAzCA,EA5CH,GAhB0C,EAgB1C,EAhB0C,kbA6BxC,aAA4B,uDAAbhS,EAAI,yBAAJA,EAAI,gBAsBsB,OArBvC,+BAASA,KAAM,wWAEf,EAAKojB,mBAAqB,IAAIpR,EAA8BzS,OAAOC,OAAO,CACxE0e,eAAgB,EAAKA,gBACpB,EAAK3d,QAAQ6iB,qBAEhB,EAAK6oB,KAAO,CACV6B,8BAA+BC,EAAAA,QAAKD,8BACpCE,iBAAkBD,EAAAA,QAAKC,iBACvBC,iBAAkBF,EAAAA,QAAKE,kBAGzB,EAAKzhC,SAAW,CAAE0hC,aAAa,GAE/B,EAAKC,YAAc,IAAIthC,EAAAA,aAEvB,EAAKK,OAAQ,EAAAkhC,EAAAA,iBAAc,gBAAO,EAAKD,aAGvC,EAAKphC,aAAe,IAAI6xB,EAAAA,cAAa,EAAD,cAAO,EAAKr+B,QAAQwM,cAExD,EAAKshC,WAAY,EAAAC,EAAAA,kBAAe,iBAAO,CACzC,CAqVC,OArVA,0CAGD,YACE,wEAGAnvC,KAAK4N,aAAaioB,OACpB,GAAC,8DAKD,wHAOmB,GAPGz0B,EAAkC,EAAH,6BAAG,CAAC,EAAC,EAEtBpB,KAAK4N,aAAa0C,aAA5CC,EAAS,EAATA,UAAWC,EAAU,EAAVA,WAEbgyB,EAAcphC,EAAQguC,eAA4C,UAA3BhuC,EAAQguC,eAA6B7+B,EAC5E8+B,EAAejuC,EAAQguC,eAA4C,WAA3BhuC,EAAQguC,eAA8B5+B,EAAU,EAExExQ,KAAK4N,aAAagC,kBAAlCd,EAAW,EAAXA,eACa9O,KAAK4N,aAAa0hC,WAAWxgC,GAAY,iBAClC,GAAxBA,OAAc5O,GACVsiC,EAAa,CAAF,0CAESxiC,KAAK4N,aAAa20B,MAAM,eAAc,QAA1DzzB,EAAc,EAAH,uFAIJugC,GACTrvC,KAAK4N,aAAa7C,OAAO,eAC1B,QAGU,GAHV,EAGe/K,KAAK4N,aAAagC,kBAA9Bf,EAAO,EAAPA,WACS7O,KAAK4N,aAAa0hC,WAAWzgC,GAAQ,iBAC9B,GAApBA,OAAU3O,GACNsiC,EAAa,CAAF,2CAEKxiC,KAAK4N,aAAa20B,MAAM,WAAU,QAAlD1zB,EAAU,EAAH,wFAIAwgC,GACTrvC,KAAK4N,aAAa7C,OAAO,WAC1B,oCAGO+D,IAAeD,IAAQ,kEAClC,8GAGD,4GACmD,GAAzC8E,GADejR,EAAkC,EAAH,6BAAG,CAAC,GAClDiR,YAAgB47B,GAAgB,aAAK7sC,EAAI,IAC9C1C,KAAKqN,SAAS0hC,YAAa,CAAF,gDAcN,OATtB/uC,KAAKqN,SAAS0hC,aAAc,EAAK,SAG3Bp7B,GACF3T,KAAKwvC,eAAe77B,GAEhB5O,EAAS3E,OAAOC,OAAO,CAE3BgsB,OAAQrsB,KAAKoB,QAAQirB,QAAU,CAAC,SAAU,QAAS,YAClDkjB,GAAiB,UACdvvC,KAAK+N,MAAMk8B,gBAAgBllC,GAAO,QAEN,OAFM,UAExC/E,KAAKqN,SAAS0hC,aAAc,EAAM,2EAErC,mGAED,8FAC8B,OAD9B,EACmC/uC,KAAK4N,aAAagC,gBAA3Cf,EAAO,EAAPA,QAASC,EAAW,EAAXA,YAAW,kBACrB9O,KAAK+N,MAAMm9B,YAAYp8B,EAAaD,IAAQ,gDACpD,qEAED,WACE,IAAQA,EAAY7O,KAAK4N,aAAagC,gBAA9Bf,QACR,OAAOA,EAAUA,EAAQA,aAAU3O,CACrC,GAAC,4BAED,WACE,IAAQ4O,EAAgB9O,KAAK4N,aAAagC,gBAAlCd,YACR,OAAOA,EAAcA,EAAYA,iBAAc5O,CACjD,GAAC,6BAED,WACE,IAAQ2P,EAAiB7P,KAAK4N,aAAagC,gBAAnCC,aACR,OAAOA,EAAeA,EAAaA,kBAAe3P,CACpD,GAAC,oEAED,kGACqB,GADrB,EAC0BF,KAAK4N,aAAagC,kBAAlCd,EAAW,EAAXA,cACY9O,KAAK4N,aAAa0hC,WAAWxgC,GAAY,yCACpDA,EAAYA,aAAW,OAGkC,OAHlC,SAGxBlL,EAAM5D,KAAK4N,aAAas0B,oBAAoB,eAAc,SAC5CliC,KAAK4N,aAAa20B,MAAM3+B,QAAAA,EAAO,eAAc,OAAtD,OAALmK,EAAQ,EAAH,uBAC+B,QAD/B,EACHA,aAAK,EAALA,EAAuBe,mBAAW,QAAI,MAAI,QAGlB,OAHkB,0BAGlD9O,KAAKqH,QAAQ2H,KAAK,QAAS,EAAF,IAAO,kBACzB,MAAI,0DAEd,mHAKD,4GACyChP,KAAK+N,MAAMo8B,eAAc,gBAAxDt2B,EAAM,EAANA,OACa,SADO,EAAZuI,cAEdpc,KAAK4N,aAAakG,UAAUD,GAC7B,gDACF,0EAED,WACE,OAAO,EAAAH,EAAAA,iBAAgB1T,KACzB,GAAC,oBAED,WACE,QAASA,KAAKoB,QAAQ0rC,IACxB,GAAC,6BAED,SAAgB1wB,GACd,OAAO,EAAAqzB,EAAAA,iBAAgBrzB,EAAcpc,KAAKoB,QAC5C,GAAC,qCAED,WACE,OAAOpB,KAAKyvC,gBAAgB,OAC9B,GAAC,8DAGD,WAAsBruC,GAAuB,gFACtCA,EAAQ0N,YAAa,CAAF,+BACK9O,KAAK4N,aAAaqoB,YAAW,OAAlDnnB,EAAc,EAAH,KAAyCA,YAC1D1N,EAAQ0N,YAAcA,aAAW,EAAXA,EAAaA,YAAY,iCAE1C,EAAAgP,EAAAA,aAAY9d,KAAMoB,IAAQ,gDAClC,8GAGD,WAAwB0N,GAAyB,kFAC1CA,EAAa,CAAF,gCACO9O,KAAK4N,aAAaqoB,YAAW,OAGT,GAHnCpiB,EAAS,EAAH,KACZ/E,EAAc+E,EAAO/E,YACf4gC,EAAiB1vC,KAAK4N,aAAas0B,oBAAoB,eAC7DliC,KAAK4N,aAAa7C,OAAO2kC,IAErB1vC,KAAKoB,QAAQ88B,KAAM,CAAF,kCACb,EAAAyR,EAAAA,6BAA4B,SAAU97B,GAAO,WAIlD/E,EAAa,CAAF,yCACPpO,QAAQC,QAAQ,OAAK,iCAEvBX,KAAK+N,MAAM+8B,OAAOh8B,IAAY,iDACtC,+GAGD,WAAyBe,GAA2B,kFAC7CA,EAAc,CAAF,gCACM7P,KAAK4N,aAAaqoB,YAAW,OAGR,GAHpCpiB,EAAS,EAAH,KACZhE,EAAegE,EAAOhE,aAChB+/B,EAAkB5vC,KAAK4N,aAAas0B,oBAAoB,gBAC9DliC,KAAK4N,aAAa7C,OAAO6kC,IAErB5vC,KAAKoB,QAAQ88B,KAAM,CAAF,kCACb,EAAAyR,EAAAA,6BAA4B,UAAW97B,GAAO,WAInDhE,EAAc,CAAF,yCACRnP,QAAQC,QAAQ,OAAK,iCAEvBX,KAAK+N,MAAM+8B,OAAOj7B,IAAa,iDACvC,iFAED,WAA+D,IAAzCzO,EAAqC,UAAH,6CAAG,CAAC,EAExDyN,EAGEzN,EAHFyN,QACAghC,EAEEzuC,EAFFyuC,sBACAlhC,EACEvN,EADFuN,MAKF,GAHKE,IACHA,EAAU7O,KAAK4N,aAAagC,gBAAgBf,UAEzCA,EACH,MAAO,QAEqB3O,IAA1B2vC,IACFA,EAAwB7vC,KAAKoB,QAAQyuC,uBAGvC,IAAMC,GAAY,EAAA3G,EAAAA,cAAanpC,MAAM8vC,UAC/BC,EAAclhC,EAAQA,QACxBmhC,EAAYF,EAAY,kBAAoB10B,mBAAmB20B,GASnE,OARIF,IACFG,GAAa,6BAA+B50B,mBAAmBy0B,IAG7DlhC,IACFqhC,GAAa,UAAY50B,mBAAmBzM,IAGvCqhC,CACT,GAAC,sDAID,WAAc5uC,GAAwB,2GAgCnC,GA/BDA,EAAUhB,OAAOC,OAAO,CAAC,EAAGe,GAGtB6uC,EAAannC,OAAOuL,SAAS1I,OAC7BukC,EAAapnC,OAAOuL,SAAS1P,KAK7BkrC,EAA0D,OAAlCzuC,EAAQyuC,sBAAiC,KACpEzuC,EAAQyuC,uBACN7vC,KAAKoB,QAAQyuC,uBACbI,EACCthC,EAAe,QAAV,EAAGvN,SAAO,aAAP,EAASuN,MAGnBG,EAAc1N,EAAQ0N,YACtBe,EAAezO,EAAQyO,aACrBsgC,GAAkD,IAA9B/uC,EAAQ+uC,mBAC5BC,GAAoD,IAA/BhvC,EAAQgvC,0BAEe,IAAjBvgC,IAC/BA,EAAe7P,KAAK4N,aAAagC,gBAAgBC,cAG/CsgC,QAA4C,IAAhBrhC,IAC9BA,EAAc9O,KAAK4N,aAAagC,gBAAgBd,aAG7C1N,EAAQyN,UACXzN,EAAQyN,QAAU7O,KAAK4N,aAAagC,gBAAgBf,UAGlDuhC,IAAsBvgC,EAAY,kCAC9B7P,KAAKowC,mBAAmBvgC,GAAa,YAGzCsgC,IAAqBrhC,EAAW,kCAC5B9O,KAAKmwC,kBAAkBrhC,GAAY,QAG2B,GAAhEi3B,EAAoC,QAA1B,EAAc,QAAd,EAAGj3B,SAAW,aAAX,EAAai3B,kBAAU,QAAgB,QAAhB,EAAIl2B,SAAY,aAAZ,EAAck2B,YACxD/lC,KAAKoB,QAAQ88B,OAAQ6H,EAAU,mCAC3B,EAAAL,EAAAA,kBAAiBK,GAAW,QAG+C,GAA7EiK,EAAYhwC,KAAKqwC,sBAAsB,EAAD,KAAMjvC,GAAO,IAAEyuC,sBAAAA,KAG3C,CAAF,iCAEgB7vC,KAAKswC,eAAc,QAU9C,OAVKC,EAAgB,EAAH,KACbnkB,EAAc,IAAI7D,IAAIsnB,GAAyBI,GACjDthC,GACFyd,EAAY5D,aAAagoB,OAAO,QAAS7hC,GAEvCkhC,IAA0BK,EAE5BpnC,OAAOuL,SAAS1P,KAAOynB,EAAYznB,KAEnCmE,OAAOuL,SAAShU,OAAO+rB,EAAYznB,MACpC,kBACM4rC,GAAa,QASc,OAP9BnvC,EAAQqvC,0BAEVzwC,KAAK4N,aAAaioB,QAElB71B,KAAK4N,aAAa8iC,wBAGpB5nC,OAAOuL,SAAShU,OAAO2vC,GAAW,mBAC3B,GAAI,iDAEd,wHAED,WAAmCjrC,GAAmB,sFAC/C/E,KAAKoB,QAAQ88B,KAAM,CAAF,qBACd,IAAIl9B,EAAAA,aAAa,mDAAkD,OAM1E,IAHK8N,EAAgB/J,EAAhB+J,eAEJA,EAAe9O,KAAK4N,aAAagC,gBAAiBd,aAG/CA,EAAa,CAAF,qBACR,IAAI9N,EAAAA,aAAa,oDAAmD,wBAGtD,EAAAuoC,EAAAA,aAAuB,QAAZ,EAACz6B,SAAW,aAAX,EAAai3B,YAAW,OAA7C,OAAPN,EAAU,EAAH,gBACO,EAAAO,EAAAA,mBAAiB,OAAKjhC,GAAM,IAAE0gC,QAAAA,EAAS32B,YAAaA,EAAYA,eAAa,QAAtF,OAALm5B,EAAQ,EAAH,uBACJ,CACL7J,cAAe,QAAF,OAAUtvB,EAAYA,aACnCuvB,KAAM4J,IACP,iDACF,6GAED,4GAAsC,KAAN,iCAChB,CAAF,yCACH,EAAA0I,EAAAA,yBAAsB,uBAGV3wC,KAAK4N,aAAaqoB,YAAW,OAC+B,GAD3EpiB,EAAS,EAAH,OACN4xB,GAA4B,QAAlB,EAAA5xB,EAAO/E,mBAAW,aAAlB,EAAoBi3B,cAAiC,QAAvB,EAAIlyB,EAAOhE,oBAAY,aAAnB,EAAqBk2B,aAE1D,CAAF,kCACH,EAAAL,EAAAA,kBAAiBD,GAAQ,iDAElC,iFAED,SAAwB3iC,GACtB,IAAM8tC,EAAUr4B,EAAAA,aAAaiG,yBAAyB1b,GAChD+tC,EAASt4B,EAAAA,aAAamG,YAAYkyB,QAAAA,EAAW,IACnD,IAAI,EAAAzI,EAAAA,kBAAiB0I,GAAS,SACxBjkB,EAAuB,KAK3B,OAJI,EAAAzT,EAAAA,YAAYrW,aAAO,EAAPA,EAAqBlB,OACnCgrB,EAAS9pB,EAAoBlB,IAAI,eAEG,QAAjC,EAAQ,QAAR,EAAGgrB,SAAK,QAAI9pB,EAAQ,qBAAa,QAAIA,EAAQ,aAEpD,CAEA,OAAO,IACT,KAAC,EAzXH,EADwB,EAAAguC,EAAAA,oBAAmBxuC,KACO,wBAGrB6T,GAAM,CAyXrC,oJA3bA,UAEA,SAKA,EAwC4C,qbAxC5C,UAyBA,aACA,UACA,UACA,UACA,UAQA,UAGA,UAA4C,kyBC9BrC,SAUL7T,EACAuQ,GAGA,OAAO,SAAP,0BAjByD,IAiBzD,GAjByD,EAiBzD,EAjByD,kbAsBvD,aAA4B,uDAAbhS,EAAI,yBAAJA,EAAI,gBAO4B,OAN7C,+BAASA,KAAM,0GAEf,EAAKojB,mBAAqB,IAAIpR,EAA8BzS,OAAOC,OAAO,CACxE0e,eAAgB,EAAKA,gBACpB,EAAK3d,QAAQ6iB,qBAEhB,EAAKlW,OAAQ,EAAAgjC,EAAAA,qBAAkB,iBAAc,CAC/C,CAgBC,OAhBA,6CAED,WACE,OAAO,EAAAr9B,EAAAA,iBAAgB1T,KACzB,GAAC,oBAED,WACE,QAASA,KAAKoB,QAAQ0rC,IACxB,GAAC,6BAED,SAAgB1wB,GACd,OAAO,EAAAqzB,EAAAA,iBAAgBrzB,EAAcpc,KAAKoB,QAC5C,GAAC,qCAED,WACE,OAAOpB,KAAKyvC,gBAAgB,OAC9B,KAAC,EA7BI,CAA4BntC,EAiCrC,iGAnDA,UACA,2FC2CO,WAEL,OAAO,SAAP,0BAhCmD,IAgCnD,GAhCmD,EAgCnD,EAhCmD,kbA4EjD,WAAYlB,GAAc,MA0DvB,OA1DuB,qBACxB,cAAMA,IAAS,28CA3ErB,SAA2BP,GAGzB,IAAIwrB,GAFJxrB,EAAOA,GAAQ,CAAC,GAEEwrB,OAClB,GAAIA,IAAWlpB,MAAMC,QAAQipB,GAC3B,MAAM,IAAIrrB,EAAAA,QAAa,kGAKzB,IAAIsc,EAASzc,EAAKyc,OAClB,IAAKA,EACH,MAAM,IAAItc,EAAAA,QAAa,iIAKzB,IADiB,IAAIgwC,OAAO,iBACZ32B,KAAKiD,GACnB,MAAM,IAAItc,EAAAA,QAAa,4HAIzB,IAAuC,IAAnCsc,EAAOtT,QAAQ,eACjB,MAAM,IAAIhJ,EAAAA,QAAa,yIAG3B,CAmDMiwC,CAAkB7vC,GAElB,EAAKkc,QAAS,EAAA4zB,EAAAA,qBAAoB9vC,EAAQkc,QAC1C,EAAK+qB,UAAW,EAAA6I,EAAAA,qBAAoB9vC,EAAQinC,UAC5C,EAAKW,cAAe,EAAAkI,EAAAA,qBAAoB9vC,EAAQ4nC,cAChD,EAAKqD,aAAc,EAAA6E,EAAAA,qBAAoB9vC,EAAQirC,aAC/C,EAAK8E,WAAY,EAAAD,EAAAA,qBAAoB9vC,EAAQ+vC,WAC7C,EAAKrB,WAAY,EAAAoB,EAAAA,qBAAoB9vC,EAAQ0uC,WAE7C,EAAKhD,MAAwB,IAAjB1rC,EAAQ0rC,KACpB,EAAKj8B,SAAWzP,EAAQyP,SACxB,EAAKub,YAAchrB,EAAQgrB,aACvB,EAAA9R,EAAAA,eACF,EAAK8R,aAAc,EAAAglB,EAAAA,eAAchwC,EAAQgrB,YAAatjB,OAAOuL,SAAS1I,SAExE,EAAKyQ,aAAehb,EAAQgb,aAC5B,EAAK9H,aAAelT,EAAQkT,aAC5B,EAAK3F,MAAQvN,EAAQuN,MACrB,EAAK0d,OAASjrB,EAAQirB,OAEtB,EAAK6J,kBAAoB90B,EAAQ80B,gBACjC,EAAK5J,cAAgBlrB,EAAQkrB,cAC7B,EAAKC,oBAAsBnrB,EAAQmrB,oBACnC,EAAKI,UAAYvrB,EAAQurB,UACzB,EAAKD,OAAStrB,EAAQsrB,OACtB,EAAKwR,MAAwB,IAAjB98B,EAAQ88B,KACpB,EAAK8O,YAAc,EAAH,CACdC,mBAAmB,GAChB7rC,EAAQ4rC,aAGb,EAAKp/B,aAAexM,EAAQwM,aAC5B,EAAKiiC,sBAAwBzuC,EAAQyuC,sBACrC,EAAKz7B,mBAAqBhT,EAAQgT,mBAClC,EAAK6P,mBAAqB,EAAH,CAAK+e,oBAAAA,EAAAA,qBAAwB5hC,EAAQ6iB,oBAE5D,EAAK4I,aAAezrB,EAAQyrB,aAC5B,EAAKqc,YAAc9nC,EAAQ8nC,YAK3B,EAAKmI,iBAAmBjwC,EAAQiwC,eAS3BjwC,EAAQkwC,cAAyC,IAAzBlwC,EAAQkwC,aAGnC,EAAKA,aAAelwC,EAAQkwC,aAF5B,EAAKA,aAAeC,EAAAA,uBAGrB,CAEH,CAAC,uBAxGI,EADwB,EAAAC,EAAAA,gCA2GjC,iGAzJA,UACA,UACA,SACA,UAWA,UACA,aAAqD,0oBC3Bb,uBAAL,qCCAnC,sSCoFC,SAEkC,EAAD,+FAzElC,UACA,UAQA,SACA,UAwBO,SAASC,EAAgB5xC,GAE9B,IAAI6xC,EAAsB7xC,EAAIuB,QAAQ0rC,KAAO,QAAU,WAEvD,OADmBjtC,EAAIuB,QAAQkT,cAAgBo9B,CAEjD,CAEO,SAAS19B,EAA0BnU,EAAKuB,GAC7CA,EAAUA,GAAW,CAAC,GAClB,EAAAkd,EAAAA,UAASld,KACXA,EAAU,CAAED,IAAKC,IAKnB,IAGIuwC,EAHAxwC,EAAMC,EAAQD,IACdmT,EAAelT,EAAQkT,cAAgBm9B,EAAgB5xC,GACvD+xC,EAAY/xC,EAAIkO,MAAMo8B,aAAaI,eASvC,KALEoH,EADmB,UAAjBr9B,EACSnT,EAAMA,EAAIo0B,UAAUp0B,EAAI6I,QAAQ,MAAQ4nC,EAAUjtB,OAElDxjB,EAAMA,EAAIo0B,UAAUp0B,EAAI6I,QAAQ,MAAQ4nC,EAAUj7B,MAI7D,MAAM,IAAI3V,EAAAA,aAAa,wCAGzB,OAAO,EAAA0jB,EAAAA,mBAAkBitB,EAC3B,CAEO,SAASE,EAA0BhyC,EAAKuB,GAG5B,WADIA,EAAQkT,cAAgBm9B,EAAgB5xC,IA9C/D,SAAsBA,GACpB,IAAIiyC,EAAgBjyC,EAAIkO,MAAMo8B,aAAaE,cACvC0H,EAAYlyC,EAAIkO,MAAMo8B,aAAaK,eACnCoH,EAAY/xC,EAAIkO,MAAMo8B,aAAaI,eACnCuH,GAAiBA,EAAcE,aACjCF,EAAcE,aAAa,KAAMD,EAAUE,MAAOL,EAAUM,SAAWN,EAAUj7B,MAEjFi7B,EAAUjtB,OAAS,EAEvB,CAsC6BwtB,CAAatyC,GA1D1C,SAAoBA,GAClB,IAAIiyC,EAAgBjyC,EAAIkO,MAAMo8B,aAAaE,cACvC0H,EAAYlyC,EAAIkO,MAAMo8B,aAAaK,eACnCoH,EAAY/xC,EAAIkO,MAAMo8B,aAAaI,eACnCuH,GAAiBA,EAAcE,aACjCF,EAAcE,aAAa,KAAMD,EAAUE,MAAOL,EAAUM,SAAWN,EAAUjtB,QAEjFitB,EAAUj7B,KAAO,EAErB,CAiDiDy7B,CAAWvyC,EAC5D,CAEkC,aA4CjC,OA5CiC,gCAA3B,WAA4BA,EAAKuB,GAAsC,mFAY1E,GAXFA,EAAUA,GAAW,CAAC,GAClB,EAAAkd,EAAAA,UAASld,KACXA,EAAU,CAAED,IAAKC,IAKbrB,EAAqBiU,EAA0BnU,EAAKuB,GACpDuN,EAAQ5O,EAAI4O,MACZw4B,EAA+BtnC,EAAIokB,mBAAmBC,KAAK,CAC/DvV,MAAAA,IAEgB,CAAF,mBACV9O,EAAIuB,QAAQ0rC,KAAM,CAAF,qBAEZ,IAAI9rC,EAAAA,aAAa,+JAA2Jd,GAAU,aAExL,IAAIc,EAAAA,aAAa,yDAAwD,OAQhF,OANKm1B,EAAmBgR,EAAYhR,YAC9BgR,EAAYhR,KAEd/0B,EAAQD,KAEX0wC,EAA0BhyC,EAAKuB,GAChC,mBAEM,EAAAuoC,EAAAA,qBAAoB9pC,EAAKsnC,EAAapnC,EAAKo2B,GAC/CxvB,OAAM,SAAAC,GAML,MALK,EAAAof,EAAAA,4BAA2Bpf,IAC9B/G,EAAIokB,mBAAmB4R,MAAM,CAC3BlnB,MAAAA,IAGE/H,CACR,IACC1F,MAAK,SAAAnB,GAIJ,OAHAF,EAAIokB,mBAAmB4R,MAAM,CAC3BlnB,MAAAA,IAEK5O,CACT,KAAE,6CAEL,qFClGA,SAGgC,EAAD,iEAvBhC,UACA,UACA,UACA,SAEA,SAASsyC,IACP,MAAM,IAAIrxC,EAAAA,aACR,qFAEJ,CAGA,SAASsxC,EAAeC,EAAsB1+B,GAC5C,OAAI,EAAA0tB,EAAAA,WAAUgR,GACL1+B,EAAOhF,SAEZ,EAAAyyB,EAAAA,eAAciR,GACT1+B,EAAO/E,iBAEhBujC,GACF,CAGgC,aAmC/B,OAnC+B,gCAAzB,WAA0BxyC,EAA6BkO,GAAY,6FAK3B,IAJxC,EAAAwzB,EAAAA,WAAUxzB,KAAW,EAAAuzB,EAAAA,eAAcvzB,IACtCskC,MAGEx+B,EAAShU,EAAI+N,aAAagC,iBACnBC,aAAc,CAAF,gCACN,EAAAo7B,EAAAA,wBAAuBprC,EAAK,CACzCwsB,OAAQte,EAAMse,QACbxY,EAAOhE,cAAa,OAFjB,OAANgE,EAAS,EAAH,uBAGCy+B,EAAevkC,EAAO8F,IAAO,OAYoC,OAPxEuI,EADEvc,EAAIuB,QAAQ0rC,KACC,QACN,EAAAxL,EAAAA,eAAcvzB,GACR,QAEA,WAGTse,GAFP,EAE8Ete,GAAvEse,OAAQ2c,EAAY,EAAZA,aAAcqD,EAAW,EAAXA,YAAa/uB,EAAM,EAANA,OAAQyoB,EAAU,EAAVA,WAAYmB,EAAW,EAAXA,YAAW,mBACnE,EAAAuD,EAAAA,kBAAiB5qC,EAAK,CAC3Buc,aAAAA,EACAiQ,OAAAA,EACA2c,aAAAA,EACAqD,YAAAA,EACA/uB,OAAAA,EACAyoB,WAAAA,EACAmB,YAAAA,IAEChmC,MAAK,SAAUnB,GACd,OAAOuyC,EAAevkC,EAAOhO,EAAI8T,OACnC,KAAE,6CACL,sFCtD8C,SAIb,EAAD,iEARjC,UAEA,UACA,SACA,UAIiC,aA6ChC,OA7CgC,gCAA1B,WAA2BhU,EAAKuB,GAA2B,qGACE,KAA5DyS,EAAwB,QAAlB,EAAU,QAAV,EAAGzS,SAAO,aAAP,EAASyS,cAAM,QAAIhU,EAAI+N,aAAagC,iBACxCC,aAAc,CAAF,yCACd,EAAAo7B,EAAAA,wBAAuBprC,EAAKuB,GAAW,CAAC,EAAGyS,EAAOhE,eAAa,UAGnEgE,EAAO/E,aAAgB+E,EAAOhF,QAAO,sBAClC,IAAI7N,EAAAA,aAAa,2DAA0D,OAKhC,GAF7C8N,EAAc+E,EAAO/E,aAAe,CAAC,EACrCD,EAAUgF,EAAOhF,SAAW,CAAC,EAC7Bwd,EAASvd,EAAYud,QAAUxd,EAAQwd,OAChC,CAAF,sBACH,IAAIrrB,EAAAA,aAAa,sDAAqD,QAET,GAA/DgoC,EAAel6B,EAAYk6B,cAAgBn6B,EAAQm6B,aACtC,CAAF,sBACT,IAAIhoC,EAAAA,aAAa,4DAA2D,QAsBnF,OApBKqrC,EAAcv9B,EAAYu9B,aAAexsC,EAAIuB,QAAQirC,YACrD/uB,EAASzO,EAAQyO,QAAUzd,EAAIuB,QAAQkc,OACvCyoB,EAAaj3B,aAAW,EAAXA,EAAai3B,WAC1BmB,GAAcp4B,aAAW,EAAXA,EAAao4B,eAAer4B,aAAO,EAAPA,EAASq4B,aAGzD9lC,EAAUhB,OAAOC,OAAO,CACtBgsB,OAAAA,EACA2c,aAAAA,EACAqD,YAAAA,EACA/uB,OAAAA,EACAyoB,WAAAA,EACAmB,YAAAA,GACC9lC,GAECvB,EAAIuB,QAAQ0rC,KACd1rC,EAAQgb,aAAe,QAClB,GACoB,EAAAgtB,EAAAA,uBAAsBvpC,GAAvCuc,EAAY,EAAZA,aACRhb,EAAQgb,aAAeA,GACxB,mBAEM,EAAAquB,EAAAA,kBAAiB5qC,EAAKuB,GAC1BF,MAAK,SAAAnB,GAAG,OAAIA,EAAI8T,MAAM,KAAC,6CAE3B,gGC9C0D,SAGd,EAAD,gFAV5C,UACA,UACA,UAEA,UACA,UACA,UACA,UAA2D,2kBAGf,aA6C3C,OA7C2C,gCAArC,WACLhU,EACAi4B,EACA0a,GAAgC,iGAEV,GAFU,EAEL3yC,EAAIuB,QAAvByP,EAAQ,EAARA,SAAUqtB,EAAI,EAAJA,KACbrtB,EAAU,CAAF,qBACL,IAAI7P,EAAAA,aAAa,4EAA2E,OAUlC,GAVkC,SAI5FyxC,EAAgCryC,OAAOC,OAAO,CAAC,EAAGy3B,EAAa,CAAEjnB,SAAAA,IAEnE2hC,EAAmBtL,cACrBuL,EAAiBvL,YAAcsL,EAAmBtL,aAG9CwL,EAAsC,EAAH,GAAOD,IAE5CvU,EAAM,CAAF,kCACgB,EAAAqL,EAAAA,aAAYiJ,aAAkB,EAAlBA,EAAoBzM,YAAW,QAA3DN,EAAU,EAAH,KACbiN,EAAe3K,YAActC,EAC7BgN,EAAiBvU,KAAOA,EACxBuU,EAAiB1M,WAAayM,EAAmBzM,WAAW,0BAGlC,EAAA4M,EAAAA,kBAAiB9yC,EAAK6yC,EAAgBF,GAAmB,QAC1C,OADrCpc,EAAgB,EAAH,KACbD,GAAO,EAAAgT,EAAAA,cAAatpC,EAAKi4B,GAAY,WAClB,EAAA6R,EAAAA,qBAAoB9pC,EAAK4yC,EAAkBrc,EAAeD,GAAK,QAMvF,OANuF,SAAhFtiB,EAAM,EAANA,QAGAhE,EAAiBgE,EAAjBhE,iBACa,EAAA+iC,EAAAA,oBAAmB/iC,EAAc2iC,IACpD3yC,EAAI+N,aAAailC,mBAAmBhjC,GACrC,kBAEMgE,GAAM,QAMZ,MANY,2BAGT,EAAAi/B,EAAAA,4BAA0B,OAE5BjzC,EAAI+N,aAAamlC,qBAClB,gEAGJ,sFC/CiD,SAShB,EAAD,iEAfjC,UACA,SACA,UAGA,UACA,aASiC,aA6BhC,OA7BgC,gCAA1B,WAA2BlzC,EAA6BkO,GAAqB,yFAMjF,GALGe,EAAc,GACde,EAAe,GACf9B,IACAe,EAAef,EAAsBe,YACrCe,EAAgB9B,EAAuB8B,cAEvCf,GAAgBe,EAAY,sBACxB,IAAI7O,EAAAA,QAAa,sDAAqD,OAGnC,GADvC6P,EAAWhR,EAAIuB,QAAQyP,SACvBgc,EAAehtB,EAAIuB,QAAQyrB,aAC1Bhc,EAAU,CAAF,qBACL,IAAI7P,EAAAA,QAAa,8EAA6E,OASvB,OAN3EmwC,GAAY,EAAAhI,EAAAA,cAAatpC,GAAKsxC,UAC9BtwC,GAAO,EAAAwE,EAAAA,eAAc,CAEvBgpC,gBAAiBx+B,EAAe,gBAAkB,eAClD9B,MAAO8B,GAAgBf,IACtBpG,MAAM,GACLsqC,EAAQnmB,GAAe,EAAApX,EAAAA,MAAI,UAAI5E,EAAQ,YAAIgc,KAAkB,EAAApX,EAAAA,MAAK5E,GAAS,mBACxE,EAAAvP,EAAAA,MAAKzB,EAAKsxC,EAAWtwC,EAAM,CAChCiC,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAAWkwC,MAE9B,6CACH,oGC9CM,WAEL,OAAO,SAAP,0BALkH,IAKlH,GALkH,EAKlH,EALkH,kbAShH,WAAY5b,EAA8C3sB,EAA8B/I,GAA0B,wCAC1G01B,EAAuB3sB,EAAe/I,EAC9C,CAwBC,OAxBA,mDAED,SAAsBN,GACpBA,EAAUpB,KAAKizC,qBAAqB,cAAe7xC,IACnD,EAAA8xC,EAAAA,mCAAkC9xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc6oC,EAAAA,yBACzC,OAAO,IAAI5b,EAAAA,YAAY51B,EAAS2I,EAClC,GAAC,wCAED,SAA2BlJ,GACzBA,EAAUpB,KAAKizC,qBAAqB,qBAAsB7xC,IAC1D,EAAA8xC,EAAAA,mCAAkC9xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc8oC,EAAAA,gCACzC,OAAO,IAAI7b,EAAAA,YAAY51B,EAAS2I,EAClC,GAAC,mCAED,SAAsBlJ,GACpBA,EAAUpB,KAAKizC,qBAAqB,eAAgB7xC,IACpD,EAAA8xC,EAAAA,mCAAkC9xC,GAClC,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAc+oC,EAAAA,0BACzC,OAAO,IAAI9b,EAAAA,YAAY51B,EAAS2I,EAClC,KAAC,EA9BI,CACGgpC,EAAAA,mBAgCZ,uEAzCA,UAEA,UACA,iECuCYvF,qCAeL,SAAuB9qC,GAC5B,OAAOA,GAAOA,EAAI6L,WACpB,cAEO,SAAmB7L,GACxB,OAAOA,GAAOA,EAAI4L,OACpB,mBAEO,SAAwB5L,GAC7B,OAAOA,GAAOA,EAAI4M,YACpB,YAnBO,SAAiB5M,GACtB,SAAIA,IACCA,EAAI6L,aAAe7L,EAAI4L,SAAW5L,EAAI4M,eACvC1M,MAAMC,QAAQH,EAAIopB,QAIxB,EAbqB,uBAAT0hB,GAAAA,EAAS,qBAATA,EAAS,aAATA,EAAS,wBAATA,IAAS,YAATA,EAAS,6IC/BkB,gBAAV,UACU,gBAAV,UACM,cAAR,QACY,gBAAV,UACM,cAAR,QACoB,oBAAd,sHCoC1B,SAA8B9qC,GACnC,QAAKswC,EAAsBtwC,MAGjBA,EAAY2d,iBACxB,2EAUO,SAA2B3d,GAChC,SAAIuwC,EAAuBvwC,KAAQwwC,EAA4BxwC,GAIjE,mBAzCA,SAASywC,EAAuBzwC,GAC9B,SAAKA,GAAsB,YAAf,aAAOA,IAAkD,IAA9B7C,OAAOoR,OAAOvO,GAAKO,OAI5D,CAEO,SAASgwC,EAAuBvwC,GACrC,SAAKywC,EAAuBzwC,KAGnBA,EAAImpB,cAAiBnpB,EAAImZ,aACpC,CAEO,SAASm3B,EAAsBtwC,GACpC,QAAKuwC,EAAuBvwC,MAGlBA,EAAYolB,YACxB,CASO,SAASorB,EAA4BxwC,GAC1C,QAAKywC,EAAuBzwC,SAGkE/C,IAApEE,OAAOoR,OAAOvO,GAAKuB,MAAK,SAAC+E,GAAK,MAAuB,iBAAVA,CAAkB,GAEzF,6GC3DA,oLACA,oLACA,oLACA,oLACA,oLACA,mLACA,oLACA,oLACA,oLACA,oLACA,oLACA,kUC8DO,SACL1J,EACAoL,EACAsJ,EACA5F,GAEA,IAAIglC,EAqBJ,OAnBgB,IAAIjzC,SAAQ,SAACC,EAASI,GACpCwT,EAAQq/B,UAAY,SAACnnC,GAEnB,GAAKA,EAAMonC,WAAcpnC,EAAMxM,KAI/B,MAA0B,YAAtB,aAAOwM,EAAMxM,OAAqB0O,IAAUlC,EAAMxM,KAAK0O,MAClDhO,EAvF6B,2WAuFrB,CAAD,GAAM8L,EAAMxM,YAG5Bc,EAAO,IAAIC,EAAAA,aAAa,yCAC1B,EAEA2yC,EAAYznC,YAAW,WACrBnL,EAAO,IAAIC,EAAAA,aAAa,wBAC1B,GAAGiK,GAAW6oC,EAChB,IAGC3nC,SAAQ,WACPC,aAAaunC,GACbp/B,EAAQE,OACV,GACF,2CAnEO,SAAgC5U,EAA6BoL,EAAS0D,GAC3E,IAAIolC,EACAJ,EA0BJ,OAzB2B,IAAIjzC,SAAQ,SAAUC,EAASI,GAExDgzC,EAAkB,SAAyB9uC,GACzC,GAAKA,EAAEhF,MAAQgF,EAAEhF,KAAK0O,QAAUA,EAShC,OAAI1J,EAAE0G,SAAW9L,EAAI4B,kBACZV,EAAO,IAAIC,EAAAA,aAAa,yDAEjCL,EAAQsE,EAAEhF,KACZ,EAEA8L,EAAYjD,OAAQ,UAAWirC,GAE/BJ,EAAYznC,YAAW,WACrBnL,EAAO,IAAIC,EAAAA,aAAa,wBAC1B,GAAGiK,GAAW6oC,EAChB,IAGG3nC,SAAQ,WACPC,aAAaunC,GACbtnC,EAAevD,OAAQ,UAAWirC,EACpC,GACJ,cAhDO,SAAmB/nC,GACxB,IAAId,EAASG,SAASE,cAAc,UAIpC,OAHAL,EAAOM,MAAMC,QAAU,OACvBP,EAAOc,IAAMA,EAENX,SAASC,KAAKW,YAAYf,EACnC,cAEO,SAAmBc,EAAK5K,GAC7B,IAAI6wC,EAAQ7wC,EAAQ4yC,YAAc,iDAGlC,OAAOlrC,OAAOg8B,KAAK94B,EAAKimC,EAFP,sFAGnB,mDAlCA,UAA4C,8NAG5C,IAAM6B,EAAkB,KAEjB,SAAS/nC,EAAYkoC,EAAa3vC,EAAMoB,GACzCuuC,EAAY91B,iBACd81B,EAAY91B,iBAAiB7Z,EAAMoB,GAEnCuuC,EAAYC,YAAY,KAAO5vC,EAAMoB,EAEzC,CAEO,SAAS2G,EAAe4nC,EAAa3vC,EAAMoB,GAC5CuuC,EAAYp0B,oBACdo0B,EAAYp0B,oBAAoBvb,EAAMoB,GAEtCuuC,EAAYE,YAAY,KAAO7vC,EAAMoB,EAEzC,2ECdO,SAA6C7F,GAClD,MAKIA,EAAIuB,QAJNyP,EAAQ,EAARA,SACAub,EAAW,EAAXA,YACA9X,EAAY,EAAZA,aACA3F,EAAK,EAALA,MAEIylC,GAAqB,EAAA95B,EAAAA,aAAcxR,OAAOuL,SAAS1P,UAAOzE,EAChE,OAAO,EAAAkH,EAAAA,YAAW,CAChByJ,SAAAA,EACAub,YAAaA,GAAegoB,EAC5B9/B,aAAAA,EACA3F,MAAOA,IAAS,EAAA69B,EAAAA,iBAChBpwB,aAAc,OACdkrB,OAAQ,wBAEZ,EArBA,cAEA,SACA,oECEO,SAA+BznC,GACpC,MAYIA,EAAIuB,QAXN0rC,EAAI,EAAJA,KACAj8B,EAAQ,EAARA,SACAub,EAAW,EAAXA,YACAhQ,EAAY,EAAZA,aACA9H,EAAY,EAAZA,aACA+X,EAAM,EAANA,OACAM,EAAS,EAATA,UACAD,EAAM,EAANA,OACA/d,EAAK,EAALA,MACAunB,EAAe,EAAfA,gBACAgI,EAAI,EAAJA,KAEIkW,GAAqB,EAAA95B,EAAAA,aAAcxR,OAAOuL,SAAS1P,UAAOzE,EAChE,OAAO,EAAAkH,EAAAA,YAAW,CAChB0lC,KAAAA,EACAj8B,SAAAA,EACAub,YAAaA,GAAegoB,EAC5Bh4B,aAAcA,GAAgB,CAAC,QAAS,YACxC9H,aAAAA,EACA3F,MAAOA,IAAS,EAAA69B,EAAAA,iBAChB5f,OAAO,EAAAynB,EAAAA,iBACPhoB,OAAQA,GAAU,CAAC,SAAU,SAC7BM,UAAAA,EACAD,OAAAA,EACAwJ,gBAAAA,EACAgI,KAAAA,GAEJ,EAlCA,cAEA,SACA,4ECbO,SACLr+B,EACAkF,GAgBA,MAZwC,CACtCuY,OAHazd,EAAIuB,QAAQkc,OAIzB6Y,MAHW,EAAAgT,EAAAA,cAAatpC,EAAKkF,GAI7B8L,SAAU9L,EAAO8L,SACjBub,YAAarnB,EAAOqnB,YACpBhQ,aAAcrX,EAAOqX,aACrB9H,aAAcvP,EAAOuP,aACrB3F,MAAO5J,EAAO4J,MACdge,UAAW5nB,EAAO4nB,UAClB6a,gBAAiBziC,EAAOyiC,gBAI5B,EArBA,4ECsBO,SAAkC3nC,EAA6BkP,GACpE,GAAmB,iBAAfA,EAAMzK,KACR,OAAO,EAET,IAEMgwC,EAFevlC,EAEclI,IAC7BwV,EAAei4B,aAAa,EAAbA,EAAej4B,aACpC,OAAOxc,EAAIuB,QAAQ0rC,MAA2C,mBAAlCzwB,aAAY,EAAZA,EAActN,MAC5C,+BAjBO,SAAoCA,GACzC,MAAmB,eAAfA,EAAMzK,MAIuB,yBADdyK,EACA8I,SACrB,+BAaO,SAAoC9I,GAEzC,OAAO,EAAAy0B,EAAAA,cAAaz0B,IACE,kBAApBA,EAAM8I,WACiB,6CAAvB9I,EAAM6I,YACV,EA1BA,4JCAA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,+NACA,iBAEA,2NACA,+NACA,+NACA,+NACA,+NACA,gQCbO,SAAS28B,EAAgB59B,GAC9B,MAAO,0BAA0B0D,KAAK1D,EACxC,CAGO,SAAS69B,EAAqBC,GACnC,MAAO,aAAap6B,KAAKo6B,EAC3B,CAGO,SAASC,EAAmBD,GACjC,MAAO,yBAAyBp6B,KAAKo6B,EACvC,CAEO,SAASE,EAAcF,GAC5B,MAAO,cAAcp6B,KAAKo6B,IAAiB,yBAAyBp6B,KAAKo6B,EAC3E,CAEO,SAASG,EAAcC,EAAah1C,GACzC,IAAIi1C,EAAaj1C,EAAIuB,QACrB,SAAKyzC,IAAQC,EAAW1oB,cAGuB,IAAxCyoB,EAAI7qC,QAAQ8qC,EAAW1oB,YAChC,CAEO,SAAS2oB,EAAW3zC,GACzB,OAAOA,EAAQ0rC,MAAiC,SAAzB1rC,EAAQgb,cAAoD,UAAzBhb,EAAQkT,YACpE,CAYO,SAAS0gC,EAAgB5zC,GAG9B,OAFe2zC,EAAW3zC,IAC0B,aAAzBA,EAAQkT,aACjBxL,OAAOuL,SAASsQ,OAAS7b,OAAOuL,SAASsC,IAC7D,CAMO,SAASjD,EAAiB7T,GAE/B,IAAK+0C,EAAc9rC,OAAOuL,SAAS1P,KAAM9E,GACvC,OAAO,EAIT,IAAIo1C,EAAWF,EAAWl1C,EAAIuB,SAC1BqzC,EAAeO,EAAgBn1C,EAAIuB,SAEvC,QAAIuzC,EAAcF,KAIdQ,EACaT,EAAqBC,IAAiBC,EAAmBD,GAKnEF,EAAgBzrC,OAAOuL,SAASsC,MACzC,yGAzCO,SAAyByF,EAAiChb,GAO/D,OALI+B,MAAMC,QAAQhC,EAAQgb,eAAiBhb,EAAQgb,aAAa5Y,OAC5CpC,EAAQgb,aAAapS,QAAQoS,IAAiB,EAE9Chb,EAAQgb,eAAiBA,CAG/C,6DAuCO,SAAgCvc,EAA6B40C,GAClE,IAAKA,EAAc,CAEjB,IAAK/gC,EAAgB7T,GACnB,OAAO,EAGT40C,EAAeO,EAAgBn1C,EAAIuB,QACrC,CACA,MAAO,gCAAgCiZ,KAAKo6B,EAC9C,yGClFO,WACL,OAAO,EAAAS,EAAAA,iBAAgB,GACzB,kBANO,WACL,OAAO,EAAAA,EAAAA,iBAAgB,GACzB,uCAiBO,SAAwBr1C,GAG7B,OAFes1C,EAAUt1C,EADuD,UAAH,6CAAG,CAAC,GAE3DsX,MAAM,WAAW,EAEzC,iBAEO,SAAsBtX,EAA6BuB,GACxD,GAAI0J,UAAUtH,OAAS,EACrB,MAAM,IAAIxC,EAAAA,QAAa,wEAEzBI,EAAUA,GAAW,CAAC,EAGtB,IAAI4nC,GAAe,EAAAkI,EAAAA,qBAAoB9vC,EAAQ4nC,eAAiBnpC,EAAIuB,QAAQ4nC,aACxE1rB,EAAS63B,EAAUt1C,EAAKuB,GACxBirC,GAAc,EAAA6E,EAAAA,qBAAoB9vC,EAAQirC,cAAgBxsC,EAAIuB,QAAQirC,YACtEhE,GAAW,EAAA6I,EAAAA,qBAAoB9vC,EAAQinC,WAAaxoC,EAAIuB,QAAQinC,SAChEyH,GAAY,EAAAoB,EAAAA,qBAAoB9vC,EAAQ0uC,YAAcjwC,EAAIuB,QAAQ0uC,UAClEqB,GAAY,EAAAD,EAAAA,qBAAoB9vC,EAAQ+vC,YAActxC,EAAIuB,QAAQ+vC,UAElEjlB,EAAUC,EAAgBtsB,EAAKuB,GAQnC,MAAO,CACLkc,OAAQA,EACR0rB,aARFA,EAAeA,GAAgB9c,EAAU,gBASvCmgB,YARFA,EAAcA,GAAengB,EAAU,eASrCmc,SARFA,EAAWA,GAAYnc,EAAU,YAS/BilB,UARFA,EAAYA,GAAajlB,EAAU,aASjC4jB,UARFA,EAAYA,GAAa5jB,EAAU,aAUrC,EA3DA,aACA,aAWA,SAASipB,EAAUt1C,GAAuD,IAA1BuB,EAAsB,UAAH,6CAAG,CAAC,EAErE,OADe,EAAA8vC,EAAAA,qBAAoB9vC,EAAQkc,SAAWzd,EAAIuB,QAAQkc,MAEpE,CAEO,SAAS6O,EAAgBtsB,GAAuD,IAC/Eyd,EAAS63B,EAAUt1C,EADwD,UAAH,6CAAG,CAAC,GAGlF,OADgByd,EAAOtT,QAAQ,WAAa,EAAIsT,EAASA,EAAS,SAEpE,qEC9BO,SACLzd,EACAi4B,GAEA,IAEMsd,EAAkC,CACtC93B,OAHazd,EAAIuB,QAAQkc,OAIzB6Y,MAHW,EAAAgT,EAAAA,cAAatpC,EAAKi4B,GAI7BjnB,SAAUinB,EAAYjnB,SACtBub,YAAa0L,EAAY1L,YACzBhQ,aAAc0b,EAAY1b,aAC1B9H,aAAcwjB,EAAYxjB,aAC1B+X,OAAQyL,EAAYzL,OACpB1d,MAAOmpB,EAAYnpB,MACnBie,MAAOkL,EAAYlL,MACnBsJ,gBAAiB4B,EAAY5B,gBAC7BvJ,UAAWmL,EAAYnL,UACvBua,YAAapP,EAAYoP,aAG3B,OAAyB,IAArBpP,EAAYgV,KAEPsI,EAG6B,EAAH,KAC9BA,GAAS,IACZ/sB,aAAcyP,EAAYzP,aAC1BkE,oBAAqBuL,EAAYvL,oBACjCD,cAAewL,EAAYxL,eAI/B,mBApCA,UAAuC,goBCYvC,cACA,UAEA,SAAS+oB,EAASC,GAChB,OAAQ,IAAMA,EAAIhR,SAAS,KAAKiR,QAAQ,EAC1C,CAwBC,MAEc,CACb5G,8BAAAA,EAAAA,8BACAE,iBAnBF,SAA0B2G,GACxB,IARuBhyC,EACnBiyC,EAOAC,EAAWF,GAAU,GAIzB,OAHIE,EAASlyC,OAASmyC,EAAAA,sBACpBD,IAVqBlyC,EAUiBmyC,EAAAA,oBAAsBD,EAASlyC,OATnEiyC,EAAI,IAAI5gC,WAAW9N,KAAK6uC,KAAKpyC,EAAS,IAC1C8S,EAAAA,UAAU8tB,gBAAgBqR,GAChBtyC,MAAM2R,KAAK2gC,EAAGJ,GAASh6B,KAAK,IAC3B3S,MAAM,EAAGlF,KAQb4X,mBAAmBs6B,GAAUhtC,MAAM,EAAGmtC,EAAAA,oBAC/C,EAcE/G,iBAZF,SAA0B/4B,GACxB,IAAIE,GAAS,IAAIG,aAAcC,OAAON,GACtC,OAAOO,EAAAA,UAAUC,OAAOC,OAAO,UAAWP,GAAQ/U,MAAK,SAASuV,GAC9D,IAAIE,EAAOd,OAAOC,aAAac,MAAM,KAAM,IAAI/B,WAAW4B,IAE1D,OADW,EAAAI,EAAAA,mBAAkBF,EAE/B,GACF,GAMC,oHCJM,SACL9W,EACAuB,GAEA,OAhCF,SACE2D,GAUA,KARAA,EAAS,EAAH,KACDA,GAAM,IAETqX,aAAc,OACdkrB,OAAQ,uBACR5a,OAAQ,KAGE8a,gBACV,MAAM,IAAIxmC,EAAAA,aAAa,uCAEzB,IAAK+D,EAAO4nB,UAGV,MAAM,IAAI3rB,EAAAA,aAAa,gCAOzB,cAHO+D,EAAOsnB,cACPtnB,EAAO6nB,MAEP7nB,CACT,CAOS+wC,CAAc,EAAD,MACf,EAAAC,EAAAA,qCAAoCl2C,IACpCuB,GAEP,mBAxCA,UAEA,UAAyF,wrBC+DxF,SAGwC,GAAD,2GApExC,QACA,UAEA,UACA,UACA,aAA0B,2kBAGnB,SAAS40C,EAAkBn2C,GAChC,IAAKA,EAAI0H,SAAS0uC,kBAAmB,CACnC,IAAIC,EAAe,sFASnB,MARKr2C,EAAI0H,SAAS4uC,YAEhBD,GAAgB,oGAEbr2C,EAAI0H,SAASyS,mBAEhBk8B,GAAgB,0GAEZ,IAAIl1C,EAAAA,aAAak1C,EACzB,CACF,CAAC,SAEqBE,EAA4B,EAAD,+CAWhD,OAXgD,gCAA1C,WAA2Cv2C,EAA6B0sB,GAA4B,uEAEK,OAA9GA,EAAsBA,GAAuB1sB,EAAIuB,QAAQmrB,qBAAuBoiB,EAAAA,8BAA8B,UAG9E,EAAAlG,EAAAA,cAAa5oC,GAAI,OACwB,IAC3B,KAFpB,EAAH,KAC2C,kCAAK,IAC3DmK,QAAQuiB,GAA2B,sBACvC,IAAIvrB,EAAAA,aAAa,iCAAgC,gCAElDurB,GAAmB,4CAC3B,+BAEqB8pB,EAAY,EAAD,+CA6BhC,OA7BgC,gCAA1B,WACLx2C,EACAi4B,GAAwB,mFASmC,GANzDzP,GAHsB,EAMpByP,GAHFzP,aACAiE,EAAa,EAAbA,cACAC,EAAmB,EAAnBA,oBAIFD,EAAgBA,GAAiBzsB,EAAIuB,QAAQkrB,cACzB,CAAF,eAEuC,OADvD0pB,EAAkBn2C,GAClBwoB,EAAeA,GAAgBumB,EAAAA,QAAKC,mBAAmB,SACjCD,EAAAA,QAAKE,iBAAiBzmB,GAAa,OAAzDiE,EAAgB,EAAH,6BAEa8pB,EAA4Bv2C,EAAK0sB,GAAoB,QAS/E,OATFA,EAAsB,EAAH,KAGnBuL,EAAc,EAAH,KACNA,GAAW,IACd1b,aAAc,OACdiM,aAAAA,EACAiE,cAAAA,EACAC,oBAAAA,IACA,kBAEKuL,GAAW,6CACnB,sBAGuC,aAkBvC,OAlBuC,gCAAjC,WACLj4B,GAA2B,2FAKmB,GAJ9Ci4B,EAA2B,EAAH,6BAAG,CAAC,EAGtBwe,GAAW,EAAAlN,EAAAA,uBAAsBvpC,KACvCi4B,EAAc,EAAH,KAAQwe,GAAaxe,IAEhBoG,MAASr+B,EAAI0H,SAASgvC,kBAAiB,sBAC/C,IAAIv1C,EAAAA,aAAa,6DAA4D,WAG5D,IAArB82B,EAAYgV,KAAc,yCAErBhV,GAAW,gCAGbue,EAAYx2C,EAAKi4B,IAAY,2CACrC,kFC5FM,SAA6BlxB,GAClC,SAAK,EAAAinB,EAAAA,gBAAejnB,QAIfA,EAAIC,MAAQD,EAAIC,IAAIwV,eAKE,kBADFzV,EAAIC,IAArBwV,aACStN,MAKnB,uBAnBO,SAA4B0mC,EAAiBe,GAClD,OAAQf,EAAE5lC,eAAiB2mC,EAAE3mC,YAC/B,EAJA,qFCyCO,SACLkP,EAAiDpQ,GAEjD,IAAM+/B,EAAgB3vB,EAAe03B,6BAC/B3kC,EAAU48B,EAActvB,oBACvBtN,EAAQnD,GACf+/B,EAAcnuB,WAAWzO,EAC3B,qCAnBO,SACLiN,EAAiDpQ,GAEjD,IAEMygB,EAFgBrQ,EAAe03B,6BACPr3B,aACRzQ,GACtB,OAAIygB,GAASA,EAAMjB,cAAe,EAAA+U,EAAAA,mBAAkB9T,EAAMjB,aACjDiB,EAAMjB,YAER,IACT,uBApCO,SAA4DpP,GACjE,IAAM2vB,EAAgB3vB,EAAe03B,6BAC/B3kC,EAAU48B,EAActvB,aAC9Bhf,OAAOyJ,KAAKiI,GAAShI,SAAQ,SAAA6E,GAC3B,IAAMygB,EAAQtd,EAAQnD,GACVhE,KAAKmC,MAAQsiB,EAAMsnB,YACrBC,UACD7kC,EAAQnD,EAEnB,IACA+/B,EAAcnuB,WAAWzO,EAC3B,mCAEO,SACLiN,EAAiDpQ,EAAe+I,GAEhE,IAAMg3B,EAAgB3vB,EAAe03B,6BAC/B3kC,EAAU48B,EAActvB,aAC9BtN,EAAQnD,GAAS,CACf+nC,YAAa/rC,KAAKmC,MAClBqhB,YAAazW,GAEfg3B,EAAcnuB,WAAWzO,EAC3B,EA3BA,cAEM6kC,EAAqB,0DCYpB,SAA2BlC,GAEhC,IAAImC,EAAa,MACbC,EAAa,qBACbC,EAAWrC,GAAgB,GAGJ,MAAvBqC,EAASzhB,OAAO,IAAqC,MAAvByhB,EAASzhB,OAAO,KAChDyhB,EAAWA,EAASvhB,UAAU,IAIL,MAAvBuhB,EAASzhB,OAAO,IAAqC,MAAvByhB,EAASzhB,OAAO,KAChDyhB,EAAWA,EAASvhB,UAAU,IAQhC,IAJA,IAGIpa,EAHAlY,EAAM,CAAC,EAKTkY,EAAQ07B,EAAW39B,KAAK49B,IADb,CAIX,IAAIlzC,EAAMuX,EAAM,GACZ5R,EAAQ4R,EAAM,GAIhBlY,EAAIW,GADM,aAARA,GAA8B,iBAARA,GAAkC,SAARA,EACvC2F,EAEA+L,mBAAmB/L,EAAMU,QAAQ2sC,EAAY,KAE5D,CACA,OAAO3zC,CACT,oEChCO,SAAwBpD,EAA6BgkC,EAAoB+J,GAC9E,IAAMmJ,EAAMnJ,EAAiB/8B,SACvBo9B,EAAML,EAAiBtwB,OACvBsP,EAAQghB,EAAiBhhB,MACzBoqB,EAAMpJ,EAAiBjhB,UAE7B,IAAKkX,IAAWoK,IAAQ8I,EACtB,MAAM,IAAI/1C,EAAAA,QAAa,oDAGzB,GAAI4rB,GAASiX,EAAOjX,QAAUA,EAC5B,MAAM,IAAI5rB,EAAAA,QAAa,yDAGzB,IAAM8L,EAAM/F,KAAKmZ,MAAMvV,KAAKmC,MAAM,KAElC,GAAI+2B,EAAOoK,MAAQA,EACjB,MAAM,IAAIjtC,EAAAA,QAAa,eAAiB6iC,EAAOoK,IAAxB,qBACAA,EAAM,KAG/B,GAAK9qC,MAAMC,QAAQygC,EAAOkT,MAAQlT,EAAOkT,IAAI/sC,QAAQ+sC,GAAO,IACxD5zC,MAAMC,QAAQygC,EAAOkT,MAAQlT,EAAOkT,MAAQA,EAE9C,MAAM,IAAI/1C,EAAAA,QAAa,iBAAmB6iC,EAAOkT,IAA1B,qBACAA,EAAM,KAG/B,GAAIC,GAAOnT,EAAOmT,MAAQA,EACxB,MAAM,IAAIh2C,EAAAA,QAAa,YAAc6iC,EAAOmT,IAArB,gCACWA,EAAM,KAG1C,GAAInT,EAAO+C,IAAO/C,EAAO8J,IACvB,MAAM,IAAI3sC,EAAAA,QAAa,wCAGzB,IAAKnB,EAAIuB,QAAQiwC,eAAgB,CAC/B,GAAKvkC,EAAMjN,EAAIuB,QAAQkwC,aAAiBzN,EAAO8J,IAC7C,MAAM,IAAI3sC,EAAAA,QAAa,0CAGzB,GAAI6iC,EAAO+C,IAAQ95B,EAAMjN,EAAIuB,QAAQkwC,aACnC,MAAM,IAAItwC,EAAAA,QAAa,mCAE3B,CACF,EAjDA,oECVO,SAAuB+M,EAAcxI,GAC1C,KAAK,EAAAg8B,EAAAA,WAAUxzB,MAAW,EAAAuzB,EAAAA,eAAcvzB,MAAW,EAAA2yB,EAAAA,gBAAe3yB,GAChE,MAAM,IAAI/M,EAAAA,aACR,iHAIJ,GAAa,gBAATuE,KAA2B,EAAA+7B,EAAAA,eAAcvzB,GAC3C,MAAM,IAAI/M,EAAAA,aAAa,uBAEzB,GAAa,YAATuE,KAAuB,EAAAg8B,EAAAA,WAAUxzB,GACnC,MAAM,IAAI/M,EAAAA,aAAa,mBAGzB,GAAa,iBAATuE,KAA4B,EAAAm7B,EAAAA,gBAAe3yB,GAC7C,MAAM,IAAI/M,EAAAA,aAAa,uBAE3B,EApBA,cACA,mFCgBuC,SAGL,EAAD,mEARjC,QACA,UACA,UAEA,UACA,EAAuC,qbAAvC,UAAuC,+HAGN,aA4ChC,OA5CgC,gCAA1B,WAA2BnB,EAA6BkO,EAAgB6/B,GAAmC,0FAC3G7/B,GAAUA,EAAMc,QAAO,sBACpB,IAAI7N,EAAAA,aAAa,iCAAgC,OAQc,OAJjEkW,GAAM,EAAA2zB,EAAAA,aAAY98B,EAAMc,SAIxBooC,GAAmBrJ,aAAgB,EAAhBA,EAAkBtwB,SAAUzd,EAAIuB,QAAQkc,OAAM,UAC9C,EAAAmrB,EAAAA,cAAa5oC,EAAKo3C,GAAiB,OAYR,GAZQ,SAApD35B,EAAM,EAANA,OAEF45B,EAAuC92C,OAAOC,OAAO,CAEzDwQ,SAAUhR,EAAIuB,QAAQyP,SACtBqlB,gBAAiBr2B,EAAIuB,QAAQ80B,iBAC5B0X,EAAkB,CAEnBtwB,OAAAA,KAIF,EAAA65B,EAAAA,gBAAet3C,EAAKqX,EAAIE,QAAS8/B,GAIQ,GAArCA,EAAkBhhB,iBAA4Br2B,EAAI0H,SAASqT,yBAAwB,0CAC9E7M,GAAK,0BAII,EAAAqpC,EAAAA,QAAOv3C,EAAKkO,EAAMuP,OAAQpG,EAAI2B,OAAO2vB,KAAK,QAAnD,OAAH5kC,EAAM,EAAH,eACWyzC,EAAUhM,YAAYt9B,EAAMc,QAASjL,GAAI,QAAlD,GAAG,EAAH,KACC,CAAF,sBACF,IAAI5C,EAAAA,aAAa,oCAAmC,aAExD4sC,GAAoBA,EAAiB9+B,aAAef,EAAM81B,OAAOyT,SAAO,kCACvDD,EAAUE,YAAY3J,EAAiB9+B,aAAY,QAA5D,GAAG,EAAH,OACGf,EAAM81B,OAAOyT,QAAO,uBACzB,IAAIt2C,EAAAA,aAAa,kCAAiC,iCAGrD+M,GAAK,6CACb,uKCrDD,UAEA,UACA,SAEauE,EAAgB,WAM3B,WAAY1E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,8KAFlE,GAGhBpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EACfpB,KAAKw3C,eAAiB,GACtBx3C,KAAKy3C,sBAAwBz3C,KAAKy3C,sBAAsB31C,KAAK9B,KAC/D,CAyDC,MAZA,EAwBA,OArEA,iDAED,WACE,IAAID,GAAM,EAEV,GADAC,KAAKw3C,eAAe/zC,KAAKkH,KAAKmC,OAC1B9M,KAAKw3C,eAAeh0C,QAAU,GAAI,CAEpC,IAAMk0C,EAAY13C,KAAKw3C,eAAe7uC,QAEtC5I,EADiBC,KAAKw3C,eAAex3C,KAAKw3C,eAAeh0C,OAAS,GAChDk0C,EAAa,GACjC,CACA,OAAO33C,CACT,GAAC,gCAED,WAEE,QAASC,KAAKoB,QAAQqP,cAAe,EAAA6J,EAAAA,YACvC,GAAC,kCAED,WAA+B,WAEvBzG,EADe7T,KAAK4N,aAAawR,aACXA,aAC5Bhf,OAAOyJ,KAAKgK,GAAQ/J,SAAQ,SAAAlG,GAC1B,IAAMmK,EAAQ8F,EAAOjQ,KAChB,EAAA88B,EAAAA,gBAAe3yB,IAAU,EAAKH,aAAa0hC,WAAWvhC,IACzD,EAAK0pC,sBAAsB7zC,EAE/B,GACF,GAAC,mCAED,SAA8BA,GAC5B,GAAI5D,KAAKoB,QAAQmP,UACf,GAAIvQ,KAAK23C,sBAAuB,CAC9B,IAAM5oC,EAAQ,IAAI/N,EAAAA,aAAa,iCAC/BhB,KAAK4N,aAAa80B,UAAU3zB,EAC9B,MACE/O,KAAK4N,aAAa20B,MAAM3+B,GAAK+C,OAAM,WAAO,SAEnC3G,KAAKoB,QAAQoP,YACtBxQ,KAAK4N,aAAa7C,OAAOnH,EAE7B,GAAC,sBAED,WACE,SAAU5D,KAAKoB,QAAQmP,YAAevQ,KAAKoB,QAAQoP,YAAgBxQ,KAAK+Q,QAC1E,GAAC,oDAED,oFACM/Q,KAAK2R,aACP3R,KAAK4N,aAAaC,GAAGuyB,EAAAA,cAAepgC,KAAKy3C,uBACrCz3C,KAAK4N,aAAasE,aAGpBlS,KAAK43C,uBAEP53C,KAAK+Q,SAAU,GAChB,gDACF,gGAED,oFACM/Q,KAAK+Q,UACP/Q,KAAK4N,aAAamC,IAAIqwB,EAAAA,cAAepgC,KAAKy3C,uBAC1Cz3C,KAAKw3C,eAAiB,GACtBx3C,KAAK+Q,SAAU,GAChB,gDACF,oEAED,WACE,OAAO/Q,KAAK+Q,OACd,KAAC,EAhF0B,GAgF1B,0KCpFH,UAKA,SAOasB,EAAqB,WAMhC,aAA0C,IAA9BjR,EAA0B,UAAH,6CAAG,CAAC,GAAC,kKAFtB,GAGhBpB,KAAKoB,QAAUA,EACfpB,KAAK63C,kBAAoB73C,KAAK63C,kBAAkB/1C,KAAK9B,MACrDA,KAAKqQ,SAAWrQ,KAAKqQ,SAASvO,KAAK9B,KACrC,CA0BC,MAXA,EAZA,EAmDA,OAtDA,+CAED,WACA,GAAC,uDAED,4GAC6B,QAD7B,GACQ,EAAAA,KAAKoB,SAAQiP,gBAAQ,aAArB,UAAyB,gDAChC,mEAED,WAAW,MACT,QAAqB,QAAb,EAACrQ,KAAK83C,eAAO,QAAZ,EAAcvmC,SACzB,GAAC,uBAED,WAAY,MACV,QAAqB,QAAb,EAACvR,KAAK83C,eAAO,QAAZ,EAAcC,UACzB,GAAC,oDAED,0FACM/3C,KAAK2R,aACCjB,EAAwB1Q,KAAKoB,QAA7BsP,oBACR1Q,KAAKuU,QAAU,IAAIC,EAAAA,iBAAiB9D,GACpC1Q,KAAK83C,SAAU,EAAAE,EAAAA,sBAAqBh4C,KAAKuU,SACzCvU,KAAK83C,QAAQG,YAAcj4C,KAAK63C,kBAChC73C,KAAK83C,QAAQI,kBAAkBh3C,KAAKlB,KAAKqQ,UACzCrQ,KAAK+Q,SAAU,GAChB,gDACF,gGAED,wFACM/Q,KAAK+Q,QAAS,CAAF,oBACV/Q,KAAK83C,QAAS,CAAF,+BACR93C,KAAK83C,QAAQK,MAAK,OACxBn4C,KAAK83C,aAAU53C,EAAU,WAEvBF,KAAKuU,QAAS,CAAF,gBAE+C,OAA5DvU,KAAKuU,QAAgB6jC,aAAe,kBAAM13C,QAAQC,SAAS,EAAC,SACvDX,KAAKuU,QAAQE,QAAO,OAC1BzU,KAAKuU,aAAUrU,EAAU,QAE3BF,KAAK+Q,SAAU,EAAM,iDAExB,6EAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAO/Q,KAAK+Q,OACd,GAAC,sBAED,WACE,OAAO,EAAAuJ,EAAAA,eAAgBta,KAAK+Q,OAC9B,KAAC,EAhE+B,GAgE/B,qLCxFH,SAEMsnC,EAAS,WAAH,OAAStxC,KAAKmZ,MAAMvV,KAAKmC,MAAQ,IAAK,EAErC0F,EAA2B,WAOtC,WAAY5E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,6FALlE,IAAK,qEAED,IAAC,kDAIrBpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EAEfpB,KAAKs4C,sBAAwBt4C,KAAKu4C,uBAAuBz2C,KAAK9B,KAChE,CA6BC,MAPA,EA6BA,OAnDA,oDAID,WACE,GAAIqL,SAAS6S,OACXle,KAAKw4C,WAAaH,SAGf,GAAIr4C,KAAKw4C,WAAa,GAAMH,IAAWr4C,KAAKw4C,YAAcx4C,KAAKoB,QAAQuR,sBAAyB,CACnG,MAAiC3S,KAAK4N,aAAagC,gBAA3Cd,EAAW,EAAXA,YAAaD,EAAO,EAAPA,QACrB,GAAMC,GAAe9O,KAAK4N,aAAa0hC,WAAWxgC,GAAc,CAC9D,IAAMlL,EAAM5D,KAAK4N,aAAas0B,oBAAoB,eAElDliC,KAAK4N,aAAa20B,MAAM3+B,GAAK+C,OAAM,WAAO,GAC5C,MACK,GAAMkI,GAAW7O,KAAK4N,aAAa0hC,WAAWzgC,GAAU,CAC3D,IAAMjL,EAAM5D,KAAK4N,aAAas0B,oBAAoB,WAElDliC,KAAK4N,aAAa20B,MAAM3+B,GAAK+C,OAAM,WAAO,GAC5C,CACF,CACF,GAAC,oDAED,oFACM3G,KAAK2R,YAAgBtG,WACvBA,SAAS8S,iBAAiB,mBAAoBne,KAAKs4C,uBACnDt4C,KAAK+Q,SAAU,GAChB,gDACF,gGAED,oFACM1F,WACFA,SAASwU,oBAAoB,mBAAoB7f,KAAKs4C,uBACtDt4C,KAAK+Q,SAAU,GAChB,gDACF,mEAED,WACE,OAAO,EAAAuJ,EAAAA,gBACLta,KAAKoB,QAAQmP,aACbvQ,KAAKoB,QAAQsR,uBACd1S,KAAK+Q,OACR,GAAC,gCAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAO/Q,KAAK+Q,OACd,KAAC,EA/DqC,GA+DrC,kLCzDH,UACA,SAIA,UAIA,UASawB,EAAkB,WAO7B,WAAY3E,GAA0E,IAArCxM,EAAiC,UAAH,6CAAG,CAAC,GAAC,uKAHlE,IAAK,uCACK,GAG1BpB,KAAK4N,aAAeA,EACpB5N,KAAKoB,QAAUA,EACfpB,KAAKy4C,oBAAsBz4C,KAAKy4C,oBAAoB32C,KAAK9B,MACzDA,KAAK04C,sBAAwB14C,KAAK04C,sBAAsB52C,KAAK9B,MAC7DA,KAAK24C,sBAAwB34C,KAAK24C,sBAAsB72C,KAAK9B,MAC7DA,KAAK44C,oBAAsB54C,KAAK44C,oBAAoB92C,KAAK9B,MACzDA,KAAK64C,qBAAuB74C,KAAK64C,qBAAqB/2C,KAAK9B,KAC7D,CAiCC,MArBA,EA2GA,OAvHA,gDAED,WACE,OAAO,CACT,GAAC,uBAED,WACE,OAAOA,KAAK+Q,OACd,GAAC,sBAED,WACE,QAAS/Q,KAAKoB,QAAQqP,cAAe,EAAA6J,EAAAA,eAAgBta,KAAK+Q,OAC5D,GAAC,oDAED,6FACO/Q,KAAK2R,WAAY,CAAF,gDAIZb,EAAoB9Q,KAAKoB,QAAzB0P,gBAAe,SAGrB9Q,KAAKuU,QAAU,IAAIC,EAAAA,iBAAiB1D,GAA2B,sDAEzD,IAAI9P,EAAAA,aAAa,2DAA0D,QAGnFhB,KAAK4N,aAAaC,GAAGC,EAAAA,YAAa9N,KAAKy4C,qBACvCz4C,KAAK4N,aAAaC,GAAGK,EAAAA,cAAelO,KAAK04C,uBACzC14C,KAAK4N,aAAaC,GAAG0yB,EAAAA,cAAevgC,KAAK24C,uBACzC34C,KAAK4N,aAAaC,GAAG2zB,EAAAA,kBAAmBxhC,KAAK44C,qBAC7C54C,KAAKuU,QAAQ4J,iBAAiB,UAAWne,KAAK64C,sBAC9C74C,KAAK+Q,SAAU,EAAK,yDACrB,gGAED,gGACM/Q,KAAK+Q,QAAS,CAAF,gBAK0D,OAJxE/Q,KAAK4N,aAAamC,IAAIjC,EAAAA,YAAa9N,KAAKy4C,qBACxCz4C,KAAK4N,aAAamC,IAAI7B,EAAAA,cAAelO,KAAK04C,uBAC1C14C,KAAK4N,aAAamC,IAAIwwB,EAAAA,cAAevgC,KAAK24C,uBAC1C34C,KAAK4N,aAAamC,IAAIyxB,EAAAA,kBAAmBxhC,KAAK44C,qBAClC,QAAZ,EAAA54C,KAAKuU,eAAO,OAAZ,EAAcsL,oBAAoB,UAAW7f,KAAK64C,sBAAsB,SACtD,QADsD,EAClE74C,KAAKuU,eAAO,aAAZ,EAAcE,QAAO,OAC3BzU,KAAKuU,aAAUrU,EACfF,KAAK+Q,SAAU,EAAM,iDAExB,8EAED,SAA4BnN,EAAamK,GAAc,MAChD/N,KAAK84C,oBAGE,QAAZ,EAAA94C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAMuI,EAAAA,YACNlK,IAAAA,EACAmK,MAAAA,IAEJ,GAAC,mCAED,SAA8BnK,EAAamK,GAAc,MAClD/N,KAAK84C,oBAGE,QAAZ,EAAA94C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAM2I,EAAAA,cACNtK,IAAAA,EACAmK,MAAAA,IAEJ,GAAC,mCAED,SAA8BnK,EAAamK,EAAcuyB,GAAkB,MACpEtgC,KAAK84C,oBAGE,QAAZ,EAAA94C,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAMg7B,EAAAA,cACN38B,IAAAA,EACAmK,MAAAA,EACAuyB,SAAAA,IAEJ,GAAC,iCAED,SAA4B3+B,GAAiB,MAC/B,QAAZ,EAAA3B,KAAKuU,eAAO,OAAZ,EAAczI,YAAY,CACxBvG,KAAMi8B,EAAAA,kBACN7/B,QAAAA,GAEJ,GAAC,kCAGD,SAA6BiK,GAU3B,OADA5L,KAAK84C,mBAAoB,EACjBltC,EAAIrG,MACV,KAAKi8B,EAAAA,kBACHxhC,KAAK4N,aAAawR,aAAamB,WAAW3U,EAAIjK,SAC9C,MACF,KAAKmM,EAAAA,YACH9N,KAAK4N,aAAawzB,UAAUx1B,EAAIhI,IAAMgI,EAAImC,OAC1C/N,KAAK4N,aAAaqzB,sBAAsBr1B,EAAIhI,IAAMgI,EAAImC,OACtD,MACF,KAAKG,EAAAA,cACHlO,KAAK4N,aAAa6yB,wBAAwB70B,EAAIhI,KAC9C5D,KAAK4N,aAAao0B,YAAYp2B,EAAIhI,IAAMgI,EAAImC,OAC5C,MACF,KAAKwyB,EAAAA,cACHvgC,KAAK4N,aAAay0B,YAAYz2B,EAAIhI,IAAMgI,EAAImC,MAAQnC,EAAI00B,UAK5DtgC,KAAK84C,mBAAoB,CAC3B,KAAC,EAtI4B,GAsI5B,0DCvJH,oLACA,oLACA,oLACA,sOCkCA,SAAsBj5C,GACpB,OAAO,EAAAie,EAAAA,aAAYje,EAAK,CACtBsB,IAAKtB,EAAI4B,kBAAoB,sBAC7BuZ,OAAQ,SACR3Z,iBAAiB,GAErB,eA3BA,SAAoBxB,GAClB,OAAO,EAAA+B,EAAAA,KAAI/B,EAAK,sBAAuB,CAAEwB,iBAAiB,IACzDH,MAAK,SAAS63C,GACb,IAAIh5C,GAAM,EAAAoE,EAAAA,MAAK40C,EAAS,UAUxB,OARAh5C,EAAIyuB,QAAU,WACZ,OAAO,EAAAltB,EAAAA,MAAKzB,GAAK,EAAAmG,EAAAA,SAAQ+yC,EAAS,WAAWp0C,KAAM,CAAC,EAAG,CAAEtD,iBAAiB,GAC5E,EAEAtB,EAAI66B,KAAO,WACT,OAAO,EAAAh5B,EAAAA,KAAI/B,GAAK,EAAAmG,EAAAA,SAAQ+yC,EAAS,QAAQp0C,KAAM,CAAEtD,iBAAiB,GACpE,EAEOtB,CACT,IACC4G,OAAM,WAEL,MAAO,CAACxG,OAAQ,WAClB,GACF,mBAUA,SAAwBN,GACtB,OAAO,EAAAyB,EAAAA,MAAKzB,EAAK,wCAAyC,CAAC,EAAG,CAAEwB,iBAAiB,GACnF,kBA5CA,SAAuBxB,GACrB,OAAOA,EAAIk5C,QAAQn3C,MAChBV,MAAK,SAASnB,GACb,MAAmB,WAAfA,EAAII,MAIV,IACCwG,OAAM,WACL,OAAO,CACT,GACJ,yBAmCA,SAA8B9G,EAAK0nC,EAAcyR,GAC/CA,EAAcA,GAAelwC,OAAOuL,SAAS1P,KAC7CmE,OAAOuL,SAAShU,OAAOR,EAAI4B,kBAAoB,gCAC7C,EAAA4D,EAAAA,eAAc,CACZ4zC,2BAA2B,EAC3BlrC,MAAOw5B,EACPyR,YAAaA,IAEnB,EAzDA,aACA,gECVO,SAA0Bn5C,GAQ/B,MAPgB,CACd4U,MAAO67B,EAAAA,aAAaxuC,KAAK,KAAMjC,GAC/BoC,OAAQi3C,EAAAA,cAAcp3C,KAAK,KAAMjC,GACjC+B,IAAKu3C,EAAAA,WAAWr3C,KAAK,KAAMjC,GAC3B2uB,QAAS4qB,EAAAA,eAAet3C,KAAK,KAAMjC,GACnCw5C,qBAAsBA,EAAAA,qBAAqBv3C,KAAK,KAAMjC,GAG1D,EAZA,iDCDA,oLACA,oLACA,oLACA,oPCKO,SAONyC,GAEC,OAAO,SAAP,0BAf2C,IAe3C,GAf2C,EAe3C,EAf2C,kbAmBzC,aAA4B,uDAAbzB,EAAI,yBAAJA,EAAI,gBAGqB,OAFtC,+BAASA,KAAM,gDAEf,EAAKk4C,SAAU,EAAAO,EAAAA,mBAAgB,iBAAO,CACxC,CAiBC,OAjBA,0CAGD,WAAiC,WAC/B,OAAOt5C,KAAK+4C,QAAQtkC,QACnBvT,MAAK,EAAD,2BAAC,oFAEgB,OAApB,EAAK4f,eAAe,mBACb,GAAI,4CAEZna,OAAM,SAAS1B,GACd,GAAe,iBAAXA,EAAEX,MAA2C,aAAhBW,EAAE4S,UAEjC,OAAO,EAET,MAAM5S,CACR,GACF,KAAC,EAzBI,CAA8B3C,EA2BvC,2HA1CA,0LCYA,UAaA,UACA,SACA,SAEO,SAAS4wC,EAAkC9xC,IAC3C,EAAAkZ,EAAAA,cAAgBlZ,EAAQ+G,iBAAoB/G,EAAQkJ,aAEvD,EAAA1B,EAAAA,MAAK,8KAET,CAAC,IAGY0qC,EAAkB,WAK7B,WAAYlc,EAA8C3sB,EAA8B/I,IAA0B,4JAChH1B,KAAKo3B,sBAAwBA,EAC7Bp3B,KAAKyK,cAAgBA,EACrBzK,KAAK0B,YAAcA,CACrB,CAuDC,OAvDA,kDAGD,SAAqB63C,EAAqBC,GACxC,OAAOp5C,OAAOC,OAAO,CAAC,EAAGL,KAAKo3B,sBAAsBmiB,GAAcC,EACpE,GAAC,wBAID,SAAWp4C,GAGT,IAFAA,EAAUhB,OAAOC,OAAO,CAAC,EAAGL,KAAKyK,cAAerJ,IAEpC+G,gBACV,OAAO/G,EAAQ+G,gBAGjB,MAAoC/G,EAA9B4G,EAAW,EAAXA,YAAayxC,EAAY,EAAZA,aASnB,GAPmB,mBAAhBzxC,IACD5G,EAAQgI,eAAgB,GAMtBpB,GAAeyxC,EAAc,CAC/B,IAAM70B,EAAM60B,EAAazvC,QAAQhC,GAC7B4c,GAAO,IACT60B,EAAeA,EAAa/wC,MAAMkc,GAClC5c,OAAc9H,EAElB,CAMA,OAJK8H,IAEHA,EAAchI,KAAK0B,YAAY4G,gBAAgBmxC,IAE1Cz5C,KAAK0B,YAAYwG,iBAAiBF,EAAa5G,EACxD,GAAC,6BAGD,SAAgBA,GAEd8xC,EADA9xC,EAAUpB,KAAKizC,qBAAqB,QAAS7xC,IAE7C,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAck1B,EAAAA,mBACzC,OAAO,IAAIjI,EAAAA,YAAY51B,EAAS2I,EAClC,GAAC,0BAGD,SAAalJ,GACXA,EAAUpB,KAAKizC,qBAAqB,QAAS7xC,GAC7C,IAAMO,EAAU3B,KAAKof,WAAWhe,GAC1BkJ,EAAalJ,EAAQkJ,YAAcovC,EAAAA,mBACzC,OAAO,IAAIniB,EAAAA,YAAY51B,EAAS2I,EAClC,KAAC,EAhE4B,GAgE5B,wIC1FH,aAIaitB,EAAW,WAItB,WAAY51B,EAAwBg4C,GAClC,IADuD,4GAClDh4C,EACH,MAAM,IAAIX,EAAAA,QAAa,yBAGzB,GAA2B,iBAAhB24C,IAA6BA,EAAYn2C,OAClD,MAAM,IAAIxC,EAAAA,QAAa,6BAGzBhB,KAAK25C,YAAcA,EACnB35C,KAAKmI,gBAAkBxG,CACzB,CA6DC,OA7DA,qCAMD,SAAQiC,GACN,OAAO5D,KAAKof,aAAaxb,EAC3B,GAAC,qBAED,SAAQA,EAAa2F,GACnB,OAAOvJ,KAAKigB,cAAcrc,EAAK2F,EACjC,GAAC,wBAED,SAAW3F,GACT,OAAO5D,KAAK8gB,aAAald,EAC3B,GAAC,wBAMD,WACE,IAAIg2C,EAAgB55C,KAAKmI,gBAAgBkB,QAAQrJ,KAAK25C,aACtDC,EAAgBA,GAAiB,KACjC,IACE,OAAO1vC,KAAKC,MAAMyvC,EACpB,CAAE,MAAM30C,GACN,MAAM,IAAIjE,EAAAA,QAAa,mCAAqChB,KAAK25C,YACnE,CACF,GAAC,wBAED,SAAW12C,GACT,IACE,IAAI22C,EAAgB32C,EAAMiH,KAAKE,UAAUnH,GAAO,KAChDjD,KAAKmI,gBAAgBmB,QAAQtJ,KAAK25C,YAAaC,EACjD,CAAE,MAAM30C,GACN,MAAM,IAAIjE,EAAAA,QAAa,0BAA4BhB,KAAK25C,YAC1D,CACF,GAAC,0BAED,SAAa/1C,GACX,GAAKA,EAAL,CAUA,IAAIX,EAAMjD,KAAKof,oBACRnc,EAAIW,GACX5D,KAAKugB,WAAWtd,EAJhB,MANMjD,KAAKmI,gBAAgBuB,WACvB1J,KAAKmI,gBAAgBuB,WAAW1J,KAAK25C,aAErC35C,KAAKugB,YAQX,GAAC,2BAED,SAAc3c,EAAK2F,GACjB,IAAItG,EAAMjD,KAAKof,aACfnc,EAAIW,GAAO2F,EACXvJ,KAAKugB,WAAWtd,EAClB,KAAC,EA5EqB,GA4ErB,mDC7FH,oLACA,oLACA,mLACA,oLACA,mPCIO,SAOLX,EAAagX,GAGb,OAAO,SAAP,udAGE,aAA4B,uDAAbzY,EAAI,yBAAJA,EAAI,gBACjB,+BAASA,KAAM,uDACf,MAAiD,EAAKO,QAA9C2d,EAAc,EAAdA,eAAgBE,EAAO,EAAPA,QAASvd,EAAW,EAAXA,YACiD,OAAlF,EAAKqd,eAAiB,IAAIzF,EAAeyF,EAAiBE,EAAUvd,GAAc,CACpF,CAGC,OAHA,0CACD,WAEA,KAAC,EAVI,CAA8BY,EAYvC,oLCbO,WAGL,OAAO,SAAP,0BALuC,IAKvC,GALuC,EAKvC,EALuC,kbAUrC,WAAYzB,GAAW,MAIwD,OAJxD,qBACrB,cAAMA,IAAM,6JACZ,EAAKoe,SAAU,EAAA46B,EAAAA,mBAAkBh5C,GAAM,EAAAs1C,EAAAA,YACvC,EAAKz0C,YAAcb,EAAKa,cAAe,EAAA0d,EAAAA,cACvC,EAAKL,eAAiB,EAAH,KAAQ+6B,EAAAA,yBAA4Bj5C,EAAKke,gBAAiB,CAC/E,CAAC,uBAVI,EADwB,EAAAg7B,EAAAA,gCAajC,iGApBA,UAEA,UACA,SAAyC,krBC4ClC,WAAgF,IAAlB5D,EAAgB,uCAI/E6D,GAJ2D,UAAH,6CAAG,CAAC,GAItC/6B,SAAW,CAAC,EAyBtC,YAxBqC,IAA1B+6B,EAAe9wC,SACxB8wC,EAAe9wC,OAASitC,QAEa,IAA5B6D,EAAe7wC,WACxB6wC,EAAe7wC,SAAW6wC,EAAe9wC,OAAS,OAAS,OAIzD8wC,EAAe9wC,SAAWitC,KAE5B,EAAAvtC,EAAAA,MACE,2LAIFoxC,EAAe9wC,QAAS,GAKM,SAA5B8wC,EAAe7wC,UAAwB6wC,EAAe9wC,SACxD8wC,EAAe7wC,SAAW,OAGrB6wC,CACT,eAvEO,WAIL,OAHoB55C,OAAOC,OAAO,CAAC,EAAGkuC,EAAAA,QAAgB,CACpD/jC,cAAe,CAAC,GAGpB,EATA,aAEA,aAyCE,0BAhC4D,CAC5DuD,MAAO,CACL0rC,aAAc,CACZ,eACA,iBACA,WAGJQ,MAAO,CACLR,aAAc,CACZ,eACA,iBACA,WAGJtrB,YAAa,CACXsrB,aAAc,CACZ,iBACA,eACA,WAGJ,qBAAsB,CACpBA,aAAc,CACZ,iBAGJ,eAAgB,CACdA,aAAc,CACZ,sJCtCN,UACA,SAaa/rC,EAAY,WAKvB,aAA6D,IAAjDtM,EAA+B,UAAH,6CAAG,CAAEuM,OAAO,IAAO,kIACzD3N,KAAK8pC,MAAQ,GACb9pC,KAAKk6C,SAAU,EACfl6C,KAAKoB,QAAUA,CACjB,CAiDC,OAjDA,kCAKD,SAAK4Z,EAA+Bm/B,GAAiC,kCAAbt5C,EAAI,iCAAJA,EAAI,kBAC1D,OAAO,IAAIH,SAAQ,SAACC,EAASI,GACvB,EAAK+oC,MAAMtmC,OAAS,IAGK,IAAvB,EAAKpC,QAAQuM,QACf,EAAA/E,EAAAA,MACE,iJAKN,EAAKkhC,MAAMrmC,KAAK,CACduX,OAAAA,EACAm/B,WAAAA,EACAt5C,KAAAA,EACAF,QAAAA,EACAI,OAAAA,IAEF,EAAKqgB,KACP,GACF,GAAC,iBAED,WAAM,WACJ,IAAIphB,KAAKk6C,SAGiB,IAAtBl6C,KAAK8pC,MAAMtmC,OAAf,CAGAxD,KAAKk6C,SAAU,EAEf,IAAIE,EAAYp6C,KAAK8pC,MAAMnhC,QACvB5I,EAAMq6C,EAAUp/B,OAAOpE,MAAMwjC,EAAUD,WAAYC,EAAUv5C,OAC7D,EAAAw5C,EAAAA,WAAUt6C,GACXA,EAAyBmB,KAAKk5C,EAAUz5C,QAASy5C,EAAUr5C,QAAQoL,SAAQ,WAC1E,EAAK+tC,SAAU,EACf,EAAK94B,KACP,KAEAg5B,EAAUz5C,QAAQZ,GAClBC,KAAKk6C,SAAU,EACfl6C,KAAKohB,MAbP,CAeF,KAAC,EA1DsB,GA0DtB,iDC3EI,SAASk5B,IACd,MAAsB,oBAAXxxC,OACFA,OAAOyxC,QACc,oBAAZA,QACTA,aAEP,CAEJ,CAEO,SAASlsC,IACd,IAAImsC,EAAgBF,IAGpB,OAAIE,GAAiBA,EAAcpsC,IAC1BosC,EAEF,CACLpsC,IAAK,WAAY,EACjBxF,KAAM,WAAY,EAClB0F,MAAO,WAAY,EACnBC,SAAU,WAAY,EAE1B,CAQO,SAASksC,EAAU1+B,GAExB1N,IAAazF,KAAK,gCAAkCmT,EAEtD,+BAEO,SAAuBA,EAAMrW,GAClC,OAAO,WAEL,OADA+0C,EAAU1+B,GACHrW,EAAGkR,MAAM,KAAM9L,UACxB,CACF,6CAjBO,SAAciR,GAEnB1N,IAAazF,KAAK,yBAA2BmT,EAE/C,oCC7BA,mLACA,oLACA,oLACA,oLACA,oLACA,0PCfO,SAAkB,GAGvB,IAHuC,IAEnCjD,EAFqBpO,EAAI,EAAJA,KAAMoR,EAAI,EAAJA,KACzB4+B,EAAkB,GAEsB,QAAtC5hC,EAAQ6hC,EAAczhC,KAAKxO,KAAiB,eAC5CslB,EAA0B,QAAtB,EAAQ,QAAR,EAAGlX,SAAK,OAAQ,QAAR,EAAL,EAAO8hC,cAAM,WAAR,EAAL,EAAe5qB,YAAI,QAAS,QAAT,EAAIlX,SAAK,OAAQ,QAAR,EAAL,EAAO8hC,cAAM,WAAR,EAAL,EAAeC,MAC/C7qB,GACF0qB,EAAMj3C,KAAKusB,EAEf,CAEA,KAAI0qB,EAAMl3C,OAAS,GAAnB,CAQA,IAFA,IAAMs3C,EAAWJ,EAAMK,MACnB5qB,EAAOrU,EACX,MAAmB4+B,EAAK,eAAE,CAArB,IAAM1qB,EAAI,KACb,GAAI5vB,OAAOyD,UAAUC,eAAeC,KAAKosB,EAAMH,GAAO,CACpD,GAA0B,YAAtB,aAAOG,EAAKH,IACd,OAGFG,EAAOA,EAAKH,EACd,CACF,CAEA,OAAOG,EAAK2qB,EAhBZ,CAiBF,y+BAhCA,IAAMH,EAAgB,4BAAwC,2DC6BvD,SAAeK,GACpB,OAAO,IAAIt6C,SAAQ,SAASC,GAC1BuL,WAAWvL,EAASq6C,EACtB,GACF,oBAbO,SAAyBx3C,GAG9B,IAFA,IACIy3C,EAAS,GACJjmC,EAAI,EAA8BA,EAAIxR,IAAUwR,EACvDimC,GAHkB,gEAGMl0C,KAAKmZ,MADVg7B,GACgBn0C,KAAKk0C,WAE1C,OAAOA,CACT,mBAfO,SAAwBllC,GAC7B,IAAIolC,EAAQplC,EAAI+C,MAAM,QAClBsiC,EAAUzwC,KAAK0wC,IAAIF,EAAM,GAAIA,EAAM,GAAK,EAAGA,EAAM,GAAIA,EAAM,GAAIA,EAAM,GAAIA,EAAM,IAGnF,OAFc,IAAIxwC,KAAKywC,GAERE,aACjB,WAiBO,SAAgBvlC,EAAKwlC,GAC1B,IAAMJ,EAAQplC,EAAIoB,MAAMokC,GACxB,MAAO,CACLJ,EAAM,GACNA,EAAMK,OAAO,EAAGL,EAAM33C,QAAQ6X,KAAKkgC,GAEvC,mCCUO,SAAS54C,EAAMM,GACpB,GAAIA,EAAK,CACP,IAAI8S,EAAM7L,KAAKE,UAAUnH,GACzB,GAAI8S,EACF,OAAO7L,KAAKC,MAAM4L,EAEtB,CACA,OAAO9S,CACT,QA/CO,SAAcyC,EAAI6yB,GACvB,IAAIkjB,EAAiBt4C,MAAMU,UAAU6E,MAAM3E,KAAK+G,UAAW,GAC3D,OAAO,WACL,IAAIjK,EAAOsC,MAAMU,UAAU6E,MAAM3E,KAAK+G,WAEtC,OADAjK,EAAO46C,EAAeC,OAAO76C,GACtB6E,EAAGkR,MAAM2hB,EAAK13B,EACvB,CACF,qBAGO,WAEL,IAAI86C,EAAO7wC,UAAU,GAWrB,MATe,GAAGpC,MAAM3E,KAAK+G,UAAW,GAC/BhB,SAAQ,SAAS7G,GACxB,IAAK,IAAI24C,KAAQ34C,EAEX7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAK24C,SAAuB17C,IAAd+C,EAAI24C,KACzDD,EAAKC,GAAQ34C,EAAI24C,GAGvB,IACOD,CACT,SAqCO,SAAcE,EAAYrzB,GAE/B,IADA,IAAIxT,EAAI6mC,EAAWr4C,OACZwR,KAAK,CACV,IAAIgL,EAAO67B,EAAW7mC,GAClB8mC,GAAQ,EACZ,IAAK,IAAIF,KAAQpzB,EACf,GAAKpoB,OAAOyD,UAAUC,eAAeC,KAAKykB,EAAcozB,IAGpD57B,EAAK47B,KAAUpzB,EAAaozB,GAAO,CACrCE,GAAQ,EACR,KACF,CAEF,GAAIA,EACF,OAAO97B,CAEX,CACF,YAEO,SAAiB/c,EAAKqC,EAAUy2C,GACrC,GAAK94C,GAAQA,EAAIzC,OAAjB,CAIA,IAAI6D,EAAO1B,EAAMM,EAAIzC,OAAO8E,IAG5B,OAAIjB,GAAQA,EAAKC,MAAQy3C,EACnB13C,EAAKC,OAASy3C,EACT13C,OADT,EAIOA,CAVT,CAYF,SA9CO,SAAcpB,GAEH,IAAhB,IAAI+4C,EAAS,CAAC,EAAE,mBAFWC,EAAK,iCAALA,EAAK,kBAGhC,IAAK,IAAIC,KAAKj5C,EACR7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKi5C,KAA2B,GAArBD,EAAMjyC,QAAQkyC,KAChEF,EAAOE,GAAKj5C,EAAIi5C,IAGpB,OAAOv5C,EAAMq5C,EACf,eAjCO,SAAoB/4C,GACzB,IAAIk5C,EAAU,CAAC,EACf,IAAK,IAAIP,KAAQ34C,EACf,GAAI7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAK24C,GAAO,CACnD,IAAIryC,EAAQtG,EAAI24C,GACZryC,UACF4yC,EAAQP,GAAQryC,EAEpB,CAEF,OAAO4yC,CACT,gDCzBO,SAAoBz2C,GACzB,QAASA,GAA+B,sBAAzB,CAAC,EAAE4+B,SAASvgC,KAAK2B,EAClC,aANO,SAAkBzC,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUygC,SAASvgC,KAAKd,EACxC,aANO,SAAkBA,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUygC,SAASvgC,KAAKd,EACxC,cAUO,SAAmBA,GACxB,OAAOA,GAAOA,EAAIkJ,SAAmC,mBAAhBlJ,EAAIkJ,OAC3C,aAlBO,SAAkBlJ,GACvB,MAA+C,oBAAxC7C,OAAOyD,UAAUygC,SAASvgC,KAAKd,EACxC,mCCFO,SAAS4a,EAAc1c,GAC5B,MAAO,uBAAuBkZ,KAAKlZ,EACrC,CAoCO,SAAS+vC,EAAoBxmC,GAClC,GAAKA,EAAL,CAIA,IAAI0xC,EAAU1xC,EAAKT,QAAQ,cAAc,IAIzC,OAFUmyC,EAAQnyC,QAAQ,OAAQ,GAJlC,CAOF,2DA5CO,WAA0C,IAAnB9I,EAAM,UAAH,6CAAG,GAAI+qB,EAAO,uCAC7C,OAAIrO,EAAc1c,GACTA,GAET+qB,EAAUglB,EAAoBhlB,GACZ,MAAX/qB,EAAI,GAAa,GAAH,OAAM+qB,GAAO,OAAG/qB,GAAG,UAAQ+qB,EAAO,YAAI/qB,GAC7D,kBAUO,SAAuB8B,GAC5B,IAAI8S,EAAM,GACV,GAAY,OAAR9S,EACF,IAAK,IAAIW,KAAOX,EACV7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAKW,SAC7B1D,IAAb+C,EAAIW,IACS,OAAbX,EAAIW,IACNmS,EAAItS,KAAKG,EAAM,IAAMwX,mBAAmBnY,EAAIW,KAIlD,OAAImS,EAAIvS,OACC,IAAMuS,EAAIsF,KAAK,KAEf,EAEX,kBAxBO,WAA0C,IAAnBla,EAAM,UAAH,6CAAG,GAAI+qB,EAAO,uCAK7C,OAJIrO,EAAc1c,KAChBA,EAAMA,EAAIo0B,UAAUrJ,EAAQ1oB,SAGZ,MAAXrC,EAAI,GAAaA,EAAM,IAAH,OAAOA,EACpC,wFCxBA,iBAQI,WACoBk7C,GAAA,SAAAA,EARJ,SAAM,IAAIprC,IAMnB,UAAe,CAGlB,CA2BR,OAzBIqrC,EAAAA,UAAAA,IAAA,SAAI/yC,GACA,OAAO,KAAK2R,IAAIqhC,IAAIhzC,EACxB,EAEA+yC,EAAAA,UAAAA,IAAA,SAAI/yC,GAAJ,WACI,KAAK2R,IAAIzR,IAAIF,EAAOuD,KAQf,KAAK0vC,MACN,KAAKA,KAAM,EACXtwC,YAAW,WACPuwC,EAAKD,KAAM,EACXE,EAAmBD,EACvB,GAAG,GAEX,EAEAH,EAAAA,UAAAA,MAAA,WACI,KAAKphC,IAAI2a,OACb,EACJ,EArCA,GA4CM,SAAU6mB,EACZC,GASA,IAPA,IAAMC,EAAY9vC,IAAQ6vC,EAAaN,IACjCQ,EAAWF,EAAazhC,IAAI4hC,OAAOD,cAM5B,CAET,IAAME,EAAOF,EAASE,OAAOxzC,MAE7B,IAAKwzC,EACD,OAEJ,IAAMxzC,EAAQwzC,EAAK,GAEnB,KADaA,EAAK,GACPH,GAIP,OAHAD,EAAazhC,IAAIvR,OAAOJ,GAMpC,CAEM,SAAUuD,IACZ,OAAO,IAAInC,MAAOqyC,SACtB,CArCC,oDC3CY,oKAEPC,EAAW,uBAFJ,IAEI,GAFJ,EAEI,EAFJ,+YAGZ,WAAYC,GAAQ,MAEO,OAFP,WACnB,cAAMA,GAAU,yBACX54C,KAAO,cAAc,CAC3B,CAIC,OAJA,2BAED,WACC,OAAO,CACR,KAAC,EARe,CAFJ,OAUX,CARwBmO,QAWpBnD,EAAW,WAWhB,WAAY6tC,GAAU,qBACrBn9C,KAAKo9C,gBAAkB,GACvBp9C,KAAKq9C,YAAa,EAClBr9C,KAAKs9C,aAAc,EACnBt9C,KAAKu9C,iBAAkB,EAEvBv9C,KAAKw9C,SAAW,IAAI98C,SAAQ,SAACC,EAASI,GACrC,EAAK08C,QAAU18C,EAEf,IAYMyO,EAAW,SAAAM,GAChB,IAAK,EAAKutC,WACT,MAAM,IAAI5qC,MAAM,kEAGjB,EAAK2qC,gBAAgB35C,KAAKqM,EAC3B,EAWA,OATA1P,OAAOs9C,iBAAiBluC,EAAU,CACjCC,aAAc,CACb7N,IAAK,kBAAM,EAAK27C,eAAe,EAC/B9zC,IAAK,SAAAk0C,GACJ,EAAKJ,gBAAkBI,CACxB,KAIKR,GA7BW,SAAA5zC,GACZ,EAAK+zC,aAAgB9tC,EAASC,eAClC,EAAK4tC,YAAa,EAClB18C,EAAQ4I,GAEV,IAEiB,SAAAwF,GAChB,EAAKsuC,YAAa,EAClBt8C,EAAOgO,EACR,GAmBqCS,EACtC,GACD,CA1CC,OA0CA,uBAED,SAAKouC,EAAaC,GAEjB,OAAO79C,KAAKw9C,SAASt8C,KAAK08C,EAAaC,EACxC,GAAC,mBAED,SAAMA,GACL,OAAO79C,KAAKw9C,SAAS72C,MAAMk3C,EAC5B,GAAC,qBAED,SAAQC,GACP,OAAO99C,KAAKw9C,SAASrxC,QAAQ2xC,EAC9B,GAAC,oBAED,SAAOZ,GACN,GAAKl9C,KAAKq9C,aAAcr9C,KAAKs9C,YAA7B,CAMA,GAFAt9C,KAAKs9C,aAAc,EAEft9C,KAAKo9C,gBAAgB55C,OAAS,EACjC,IAAI,IACuC,EADvC,EAvFM,25BAuFN,CACmBxD,KAAKo9C,iBAAe,IAA1C,IAAK,EAAL,sBACCttC,EADiB,UAEjB,+BACF,CAAE,MAAOf,GAER,YADA/O,KAAKy9C,QAAQ1uC,EAEd,CAGG/O,KAAKu9C,iBACRv9C,KAAKy9C,QAAQ,IAAIR,EAAYC,GAhB9B,CAkBD,GAAC,sBAED,WACC,OAAOl9C,KAAKs9C,WACb,IAAC,iBA1FD,SAAUS,GACT,OAAO,WAAmB,2BAAfC,EAAU,yBAAVA,EAAU,gBACpB,OAAO,IAAI1uC,GAAY,SAAC3O,EAASI,EAAQyO,GACxCwuC,EAAWv6C,KAAK+L,GAEhBuuC,EAAM,aAAIC,GAAY98C,KAAKP,EAASI,EACrC,GACD,CACD,KAAC,EATe,GA8FjBX,OAAO8X,eAAe5I,EAAYzL,UAAWnD,QAAQmD,WAErDo6C,EAAOC,QAAU5uC,EACjB2uC,EAAOC,QAAQjB,YAAcA,qCC5G7B78C,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQE,wBAA0BF,EAAQ1pC,sBAAmB,EAC7D0pC,EAAQG,gBA4ER,SAAyBj9C,GACvBA,GAAU,EAAIk9C,EAASC,yBAAyBn9C,GAChD,IAAI4Z,GAAS,EAAIwjC,EAAeC,cAAcr9C,GAC9C,MAAoB,SAAhB4Z,EAAOzV,KACFyV,EAAOqjC,kBAAkBn9C,MAAK,WACnC,OAAO,CACT,IAEOw9C,EAAMC,sBAEjB,EArFAT,EAAQU,eA4FR,SAAwBx9C,GACtBy9C,EAAmBz9C,CACrB,EA7FA,IAAIs9C,EAAQ,EAAQ,MAChBF,EAAiB,EAAQ,MACzBF,EAAW,EAAQ,KAKnBF,EAA0B,IAAIU,IAClCZ,EAAQE,wBAA0BA,EAClC,IAiFIS,EAjFAE,EAAS,EACTvqC,EAAmB,SAA0BlQ,EAAMlD,GA2LvD,IAAyBmT,EACnByqC,EA1LJh/C,KAAK4jB,GAAKm7B,IACVX,EAAwBa,IAAIj/C,MAC5BA,KAAKsE,KAAOA,EACRu6C,IACFz9C,EAAUy9C,GAEZ7+C,KAAKoB,SAAU,EAAIk9C,EAASC,yBAAyBn9C,GACrDpB,KAAKgb,QAAS,EAAIwjC,EAAeC,cAAcz+C,KAAKoB,SAGpDpB,KAAKk/C,KAAM,EAOXl/C,KAAKm/C,MAAQ,KAKbn/C,KAAKo/C,OAAS,CACZznC,QAAS,GACT0nC,SAAU,IAQZr/C,KAAKs/C,KAAO,IAAIR,IAOhB9+C,KAAKu/C,MAAQ,GAKbv/C,KAAKw/C,OAAS,KA8IVR,GADmBzqC,EA5IPvU,MA6IWgb,OAAO8kB,OAAOvrB,EAAQjQ,KAAMiQ,EAAQnT,UAC3D,EAAIs9C,EAAMrE,WAAW2E,IACvBzqC,EAAQirC,OAASR,EACjBA,EAAa99C,MAAK,SAAUyU,GAK1BpB,EAAQkrC,OAAS9pC,CACnB,KAEApB,EAAQkrC,OAAST,CAvJrB,EAwHA,SAASU,EAAMC,EAAkBp6C,EAAMqG,GACrC,IACIg0C,EAAS,CACXC,KAFSF,EAAiB3kC,OAAO8kC,eAGjCv6C,KAAMA,EACNtF,KAAM2L,GAGR,OADmB+zC,EAAiBH,OAASG,EAAiBH,OAASd,EAAMqB,uBACzD7+C,MAAK,WACvB,IAAI8+C,EAAcL,EAAiB3kC,OAAOlP,YAAY6zC,EAAiBF,OAAQG,GAO/E,OAJAD,EAAiBL,KAAKL,IAAIe,GAC1BA,EAAmB,QAAI9+C,MAAK,WAC1B,OAAOy+C,EAAiBL,KAAa,OAAEU,EACzC,IACOA,CACT,GACF,CAgBA,SAASC,EAAqB1rC,GAC5B,OAAIA,EAAQ6qC,OAAOznC,QAAQnU,OAAS,GAChC+Q,EAAQ6qC,OAAOC,SAAS77C,OAAS,CAEvC,CACA,SAAS08C,EAAmB3rC,EAAShP,EAAMtC,GACzCsR,EAAQ6qC,OAAO75C,GAAM9B,KAAKR,GAS5B,SAAyBsR,GACvB,IAAKA,EAAQ2qC,KAAOe,EAAqB1rC,GAAU,CAGjD,IAAI4rC,EAAa,SAAoBP,GACnCrrC,EAAQ6qC,OAAOQ,EAAOr6C,MAAMuE,SAAQ,SAAUs2C,GAU5C,IACIC,EAAiBD,EAAeP,KADb,IAEnBD,EAAOC,MAAQQ,GACjBD,EAAe16C,GAAGk6C,EAAO3/C,KAE7B,GACF,EACI4/C,EAAOtrC,EAAQyG,OAAO8kC,eACtBvrC,EAAQirC,OACVjrC,EAAQirC,OAAOt+C,MAAK,WAClBqT,EAAQ2qC,KAAM,EACd3qC,EAAQyG,OAAOslC,UAAU/rC,EAAQkrC,OAAQU,EAAYN,EACvD,KAEAtrC,EAAQ2qC,KAAM,EACd3qC,EAAQyG,OAAOslC,UAAU/rC,EAAQkrC,OAAQU,EAAYN,GAEzD,CACF,CAzCEU,CAAgBhsC,EAClB,CACA,SAASisC,EAAsBjsC,EAAShP,EAAMtC,GAC5CsR,EAAQ6qC,OAAO75C,GAAQgP,EAAQ6qC,OAAO75C,GAAMklB,QAAO,SAAUnnB,GAC3D,OAAOA,IAAML,CACf,IAqCF,SAAwBsR,GACtB,GAAIA,EAAQ2qC,MAAQe,EAAqB1rC,GAAU,CAEjDA,EAAQ2qC,KAAM,EACd,IAAIW,EAAOtrC,EAAQyG,OAAO8kC,eAC1BvrC,EAAQyG,OAAOslC,UAAU/rC,EAAQkrC,OAAQ,KAAMI,EACjD,CACF,CA3CEY,CAAelsC,EACjB,CA/JA2pC,EAAQ1pC,iBAAmBA,EAC3BA,EAAiBksC,SAAU,EA4B3BlsC,EAAiB3Q,UAAY,CAC3BiI,YAAa,SAAqBF,GAChC,GAAI5L,KAAKisC,OACP,MAAM,IAAIx5B,MAAM,gFAMhBvI,KAAKE,UAAUwB,IAEjB,OAAO8zC,EAAM1/C,KAAM,UAAW4L,EAChC,EACAwsC,aAAc,SAAsBxsC,GAClC,OAAO8zC,EAAM1/C,KAAM,WAAY4L,EACjC,EACIgoC,cAAUluC,GACZ,IACIi7C,EAAY,CACdd,KAFS7/C,KAAKgb,OAAO8kC,eAGrBp6C,GAAIA,GAEN86C,EAAsBxgD,KAAM,UAAWA,KAAKm/C,OACxCz5C,GAAoB,mBAAPA,GACf1F,KAAKm/C,MAAQwB,EACbT,EAAmBlgD,KAAM,UAAW2gD,IAEpC3gD,KAAKm/C,MAAQ,IAEjB,EACAhhC,iBAAkB,SAA0B5Y,EAAMG,GAMhDw6C,EAAmBlgD,KAAMuF,EAJT,CACds6C,KAFS7/C,KAAKgb,OAAO8kC,eAGrBp6C,GAAIA,GAGR,EACAma,oBAAqB,SAA6Bta,EAAMG,GAItD86C,EAAsBxgD,KAAMuF,EAHlBvF,KAAKo/C,OAAO75C,GAAMf,MAAK,SAAUvB,GACzC,OAAOA,EAAIyC,KAAOA,CACpB,IAEF,EACA+O,MAAO,WACL,IAAIgoC,EAAQz8C,KACZ,IAAIA,KAAKisC,OAAT,CAGAmS,EAAgC,OAAEp+C,MAClCA,KAAKisC,QAAS,EACd,IAAI2U,EAAe5gD,KAAKw/C,OAASx/C,KAAKw/C,OAASd,EAAMqB,sBAGrD,OAFA//C,KAAKm/C,MAAQ,KACbn/C,KAAKo/C,OAAOznC,QAAU,GACfipC,EAEN1/C,MAAK,WACJ,OAAOR,QAAQmgD,IAAI19C,MAAM2R,KAAK2nC,EAAM6C,MACtC,IAECp+C,MAAK,WACJ,OAAOR,QAAQmgD,IAAIpE,EAAM8C,MAAMrkC,KAAI,SAAUxV,GAC3C,OAAOA,GACT,IACF,IAECxE,MAAK,WACJ,OAAOu7C,EAAMzhC,OAAOvG,MAAMgoC,EAAMgD,OAClC,GApBA,CAqBF,EACIl6C,WACF,OAAOvF,KAAKgb,OAAOzV,IACrB,EACIu7C,eACF,OAAO9gD,KAAKisC,MACd,sCCjLF,IAAI8U,EAAS,EAAQ,MAUrB9C,EAAOC,QAAU,CACf1pC,iBAAkBusC,EAAOvsC,iBACzBwjC,qBAAsB+I,EAAO/I,qBAC7BqG,gBAAiB0C,EAAO1C,gBACxBO,eAAgBmC,EAAOnC,eACvBoC,SAAUD,EAAOC,6CCfnB5gD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAETnJ,OAAO+9C,eAAeD,EAAS,mBAAoB,CACjD+C,YAAY,EACZr/C,IAAK,WACH,OAAOs/C,EAAkB1sC,gBAC3B,IAEFpU,OAAO+9C,eAAeD,EAAS,0BAA2B,CACxD+C,YAAY,EACZr/C,IAAK,WACH,OAAOs/C,EAAkB9C,uBAC3B,IAEFh+C,OAAO+9C,eAAeD,EAAS,WAAY,CACzC+C,YAAY,EACZr/C,IAAK,WACH,OAAOu/C,EAAoBH,QAC7B,IAEF5gD,OAAO+9C,eAAeD,EAAS,kBAAmB,CAChD+C,YAAY,EACZr/C,IAAK,WACH,OAAOs/C,EAAkB7C,eAC3B,IAEFj+C,OAAO+9C,eAAeD,EAAS,uBAAwB,CACrD+C,YAAY,EACZr/C,IAAK,WACH,OAAOw/C,EAAgBpJ,oBACzB,IAEF53C,OAAO+9C,eAAeD,EAAS,iBAAkB,CAC/C+C,YAAY,EACZr/C,IAAK,WACH,OAAOs/C,EAAkBtC,cAC3B,IAEF,IAAIsC,EAAoB,EAAQ,MAC5BE,EAAkB,EAAQ,MAC1BD,EAAsB,EAAQ,yCCzClC/gD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQ8C,SAcR,SAAkBK,GAChBA,EAAc9vC,UAAW,EACzB8vC,EAAcC,YAAa,EAC3B,IAAIC,GAAW,EAAIC,EAAQvC,MAAK,WAC9B,OAAOoC,EAAclJ,KACvB,IACAkJ,EAAcI,KAAKh+C,KAAK89C,GACxB,IAAIG,EAAmB,SAA0B91C,GAC3B,WAAhBA,EAAI4e,SAAuC,UAAf5e,EAAIyd,QAClCs4B,EAAkBN,EAAe,QAEf,WAAhBz1C,EAAI4e,SAAuC,SAAf5e,EAAIyd,QAAsBg4B,EAAcO,QAStEP,EAAcO,OAAQ,EACtBP,EAAcQ,OACdF,EAAkBN,EAAe,QAErC,EAIA,OAFAA,EAAc1B,iBAAiBxhC,iBAAiB,WAAYujC,GAC5DL,EAAcS,OAAOr+C,KAAKi+C,GACnBC,EAAkBN,EAAe,OAC1C,EA1CAnD,EAAQyD,kBAAoBA,EAC5B,IAAIH,EAAU,EAAQ,MAItB,SAASG,EAAkBN,EAAeh4B,GACxC,IAAI04B,EAAU,CACZv3B,QAAS,SACTnB,OAAQA,EACRtb,MAAOszC,EAActzC,OAEvB,OAAOszC,EAAc1B,iBAAiBvH,aAAa2J,EACrD,oCChBA3hD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQ8D,2BAAwB,EAChC,IAAItD,EAAQ,EAAQ,MAChByC,EAAsB,EAAQ,MAK9Ba,EAAwB,SAA+BrC,EAAkBv+C,GAC3E,IAAIq7C,EAAQz8C,KACZA,KAAK2/C,iBAAmBA,EACxBA,EAAiBJ,MAAM97C,MAAK,WAC1B,OAAOg5C,EAAMtE,KACf,IACAn4C,KAAKs+C,SAAWl9C,EAChBpB,KAAKuR,UAAW,EAChBvR,KAAKiiD,QAAS,EACdjiD,KAAK+N,OAAQ,EAAI2wC,EAAMwD,eACvBliD,KAAK8hD,OAAS,GACd9hD,KAAKyhD,KAAO,GACZzhD,KAAK6hD,KAAO,WAAa,EACzB7hD,KAAK4hD,OAAQ,EAEb5hD,KAAKmiD,MAAQ,CAAC,EAGdniD,KAAKoiD,GAAK,cAAgBzC,EAAiB3kC,OAAOzV,KAAO,KAAOo6C,EAAiBr7C,IACnF,EACA45C,EAAQ8D,sBAAwBA,EAChCA,EAAsBn+C,UAAY,CAChCk0C,UAAW,WACT,IAAIsK,EAASriD,KACb,OAAOwa,UAAU8nC,MAAMt3B,QAAQ9pB,MAAK,SAAUohD,GAC5C,IAAIC,EAAgBD,EAAME,KAAOF,EAAME,KAAK/3B,QAAO,SAAUg4B,GAC3D,OAAOA,EAAKn+C,OAAS+9C,EAAOD,EAC9B,IAAK,GACL,SAAIG,GAAiBA,EAAc/+C,OAAS,EAK9C,GACF,EACA00C,gBAAiB,WACf,IAAIwK,EAAS1iD,KACb,IAAKA,KAAK2iD,MAAO,CACf3iD,KAAKmiD,MAAMntC,EAAI,IAAI4tC,gBACnB,IAAIC,EAAgB,IAAIniD,SAAQ,SAAUX,EAAK+iD,GAC7CJ,EAAOP,MAAMpiD,IAAMA,EACnB2iD,EAAOP,MAAMW,IAAMA,CACrB,IACA9iD,KAAK2iD,MAAQ,IAAIjiD,SAAQ,SAAUX,GACjCya,UAAU8nC,MAAMS,QAAQL,EAAON,GAAI,CACjCY,OAAQN,EAAOP,MAAMntC,EAAEguC,SACtB,WAKD,OAHAN,EAAOP,MAAMntC,OAAI9U,GACjB,EAAIihD,EAAoBH,UAAU0B,GAClC3iD,IACO8iD,CACT,IAAU,OAAE,WAAa,GAC3B,GACF,CACA,OAAO7iD,KAAK2iD,KACd,EACI1K,gBAAYgL,GAEhB,EACA9K,IAAK,WACH,IAAI+K,EAASljD,KAmBb,OAlBAA,KAAK8hD,OAAOh4C,SAAQ,SAAUqB,GAC5B,OAAO+3C,EAAOvD,iBAAiB9/B,oBAAoB,WAAY1U,EACjE,IACAnL,KAAK8hD,OAAS,GACd9hD,KAAKyhD,KAAK33C,SAAQ,SAAUq5C,GAC1B,OAAOA,EAAIp4C,QACb,IACA/K,KAAKyhD,KAAO,GACRzhD,KAAKuR,WACPvR,KAAKuR,UAAW,GAElBvR,KAAKiiD,QAAS,EACVjiD,KAAKmiD,MAAMpiD,KACbC,KAAKmiD,MAAMpiD,MAETC,KAAKmiD,MAAMntC,GACbhV,KAAKmiD,MAAMntC,EAAEouC,MAAM,uCAEd,EAAIjC,EAAoBQ,mBAAmB3hD,KAAM,QAC1D,sCC3FFI,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQlG,qBAkRR,SAA8BzjC,EAASnT,GACrC,GAAImT,EAAQ8uC,eACV,MAAM,IAAI5wC,MAAM,iDAElBrR,EAfF,SAAiCA,EAASmT,GASxC,OARKnT,IAASA,EAAU,CAAC,IACzBA,EAAU8I,KAAKC,MAAMD,KAAKE,UAAUhJ,KACvBkiD,mBACXliD,EAAQkiD,iBAAmB,KAExBliD,EAAQmiD,eACXniD,EAAQmiD,aAAehvC,EAAQyG,OAAOwoC,oBAAoBjvC,EAAQnT,UAE7DA,CACT,CAKYm9C,CAAwBn9C,EAASmT,GAC3C,IAAIujC,GAAU,EAAI4G,EAAM+E,sBAAwB,IAAIC,EAAuB1B,sBAAsBztC,EAASnT,GAAW,IAAIuiD,EAAepvC,EAASnT,GAKjJ,OAJAmT,EAAQgrC,MAAM97C,MAAK,WACjB,OAAOq0C,EAAQK,KACjB,IACA5jC,EAAQ8uC,eAAiBvL,EAClBA,CACT,EA5RA,IAAI4G,EAAQ,EAAQ,MAChByC,EAAsB,EAAQ,MAC9BuC,EAAyB,EAAQ,KACjCC,EAAiB,SAAwBhE,EAAkBv+C,GAC7D,IAAIq7C,EAAQz8C,KACZA,KAAK2/C,iBAAmBA,EACxB3/C,KAAKs+C,SAAWl9C,EAChBpB,KAAKuR,UAAW,EAChBvR,KAAKshD,YAAa,EAClBthD,KAAKiiD,QAAS,EACdjiD,KAAK+N,OAAQ,EAAI2wC,EAAMwD,eAOvBliD,KAAK4jD,MAAQlF,EAAMqB,sBAEnB//C,KAAK6jD,OAAS,EAGd7jD,KAAKyhD,KAAO,GACZzhD,KAAK8hD,OAAS,GACd9hD,KAAK6hD,KAAO,WAAa,EACzB7hD,KAAK4hD,OAAQ,EAOb,IAAIkC,EAAoB,SAA2Bl4C,GAC7B,WAAhBA,EAAI4e,UACa,UAAf5e,EAAIyd,SACNozB,EAAM6E,YAAa,GAEF,SAAf11C,EAAIyd,SACNozB,EAAM6E,YAAa,GAGzB,EACAthD,KAAK2/C,iBAAiBxhC,iBAAiB,WAAY2lC,GACnD9jD,KAAK8hD,OAAOr+C,KAAKqgD,EACnB,EACAH,EAAe9/C,UAAY,CACzBk0C,UAAW,WACT,OAAOr3C,QAAQC,QAAQX,KAAKshD,WAC9B,EAMAyC,UAAW,SAEXC,GACE,IAAI3B,EAASriD,KACb,OAAIA,KAAKuR,UACA,EAAImtC,EAAMuF,OAAO,GAAG,GAEzBjkD,KAAKiiD,QACA,EAAIvD,EAAMuF,OAAO,GAAG,GAOzBjkD,KAAK6jD,OAAS,EACT7jD,KAAK4jD,OAyFd5jD,KAAK6jD,OAAS7jD,KAAK6jD,OAAS,EAC5B7jD,KAAK4jD,MAAQ5jD,KAAK4jD,MAAM1iD,MAAK,WAC3B,OArFa,WAMb,GAAImhD,EAAO9wC,SACT,OAAOmtC,EAAMwF,sBAEf,IACIC,EADAC,GAAe,EAQfC,EAAsB,IAAI3jD,SAAQ,SAAUX,GAC9CokD,EAA6B,WAC3BC,GAAe,EACfrkD,GACF,CACF,IACIukD,EAAgB,SAAuB14C,GACrB,WAAhBA,EAAI4e,SAAwB5e,EAAImC,OAASs0C,EAAOt0C,QAC/B,UAAfnC,EAAIyd,QAEFzd,EAAImC,MAAQs0C,EAAOt0C,OAKrBo2C,IAGe,SAAfv4C,EAAIyd,SAEN86B,IACA9B,EAAOf,YAAa,GAG1B,EACAe,EAAO1C,iBAAiBxhC,iBAAiB,WAAYmmC,GAYrD,IAAIC,EAAoBP,EAAwD,EAA/B3B,EAAO/D,SAASiF,aAAmBlB,EAAO/D,SAASiF,aACpG,OAAO,EAAIpC,EAAoBQ,mBAAmBU,EAAQ,SACzDnhD,MAAK,WACJ,OAAOR,QAAQ8jD,KAAK,EAAC,EAAI9F,EAAMuF,OAAOM,GAAoBF,EAAoBnjD,MAAK,WACjF,OAAOR,QAAQK,OAAO,IAAI0R,MAC5B,KACF,IAECvR,MAAK,WACJ,OAAO,EAAIigD,EAAoBQ,mBAAmBU,EAAQ,QAC5D,IAECnhD,MAAK,WACJ,OAAOR,QAAQ8jD,KAAK,EAAC,EAAI9F,EAAMuF,OAAOM,GAAoBF,EAAoBnjD,MAAK,WACjF,OAAOR,QAAQK,OAAO,IAAI0R,MAC5B,KACF,IAAU,OAAE,WAAa,IAAGvR,MAAK,WAE/B,OADAmhD,EAAO1C,iBAAiB9/B,oBAAoB,WAAYykC,IACnDF,IAEI,EAAIjD,EAAoBH,UAAUqB,GAAQnhD,MAAK,WACpD,OAAO,CACT,GAKJ,GACF,CAGSujD,EACT,IAAGvjD,MAAK,WACNmhD,EAAOwB,OAASxB,EAAOwB,OAAS,CAClC,IACO7jD,KAAK4jD,MAAM1iD,MAAK,WACrB,OAAOmhD,EAAO9wC,QAChB,IACF,EACA2mC,gBAAiB,WAKf,OAHCl4C,KAAK0kD,OACJ1kD,KAAK0kD,MA6BmBrD,EA7BSrhD,MA8BnBuR,SACTmtC,EAAMqB,sBAER,IAAIr/C,SAAQ,SAAUX,GAC3B,IAAI4kD,GAAW,EACf,SAASC,IACHD,IAGJA,GAAW,EACXtD,EAAc1B,iBAAiB9/B,oBAAoB,WAAYglC,GAC/D9kD,GAAI,GACN,CAGAshD,EAAc0C,YAAY7iD,MAAK,WACzBmgD,EAAc9vC,UAChBqzC,GAEJ,IAMoB,SAASE,IAC3B,OAAO,EAAIpG,EAAMuF,OAAO5C,EAAc/C,SAASgF,kBAAkBpiD,MAAK,WACpE,IAAImgD,EAAcY,SAAU0C,EAG5B,OAAItD,EAAc9vC,cAChBqzC,IAEOvD,EAAc0C,WAAU,GAAM7iD,MAAK,WACpCmgD,EAAc9vC,SAChBqzC,IAEAE,GAEJ,GAEJ,GACF,CACAA,GAGA,IAAID,EAAoB,SAA2Bj5C,GAC7B,WAAhBA,EAAI4e,SAAuC,UAAf5e,EAAIyd,SAClCg4B,EAAcC,YAAa,EAC3BD,EAAc0C,YAAY7iD,MAAK,WACzBmgD,EAAc9vC,UAChBqzC,GAEJ,IAEJ,EACAvD,EAAc1B,iBAAiBxhC,iBAAiB,WAAY0mC,GAC5DxD,EAAcS,OAAOr+C,KAAKohD,EAC5B,KAtFS7kD,KAAK0kD,KA2BhB,IAA8BrD,CA1B5B,EACIpJ,gBAAYvyC,GACd1F,KAAK6hD,KAAOn8C,CACd,EACAyyC,IAAK,WACH,IAAIuK,EAAS1iD,KAcb,OAbAA,KAAK8hD,OAAOh4C,SAAQ,SAAUqB,GAC5B,OAAOu3C,EAAO/C,iBAAiB9/B,oBAAoB,WAAY1U,EACjE,IACAnL,KAAK8hD,OAAS,GACd9hD,KAAKyhD,KAAK33C,SAAQ,SAAUq5C,GAC1B,OAAOA,EAAIp4C,QACb,IACA/K,KAAKyhD,KAAO,GACRzhD,KAAKuR,WACPvR,KAAKshD,YAAa,EAClBthD,KAAKuR,UAAW,GAElBvR,KAAKiiD,QAAS,GACP,EAAId,EAAoBQ,mBAAmB3hD,KAAM,QAC1D,sCCvMY,EAAQ,MACtBI,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQO,aAaR,SAAsBr9C,GACpB,IAAI2jD,EAAgB,GAAGrJ,OAAOt6C,EAAQ4jD,QAASC,GAASx6B,OAAOqJ,SAK/D,GAAI1yB,EAAQmE,KAAM,CAChB,GAAqB,aAAjBnE,EAAQmE,KAEV,OAAO2/C,EAAUC,eAEnB,IAAI7mB,EAAMymB,EAAcvgD,MAAK,SAAU4gD,GACrC,OAAOA,EAAE7/C,OAASnE,EAAQmE,IAC5B,IACA,GAAK+4B,EAAwE,OAAOA,EAA1E,MAAM,IAAI7rB,MAAM,eAAiBrR,EAAQmE,KAAO,aAC5D,CAMKnE,EAAQikD,mBACXN,EAAgBA,EAAct6B,QAAO,SAAU26B,GAC7C,MAAkB,QAAXA,EAAE7/C,IACX,KAEF,IAAI+/C,EAAYP,EAAcvgD,MAAK,SAAUwW,GAC3C,OAAOA,EAAOuqC,WAChB,IACA,GAAKD,EAKH,OAAOA,EAJP,MAAM,IAAI7yC,MAAM,6BAA+BvI,KAAKE,UAAU66C,EAAQ/pC,KAAI,SAAUkqC,GAClF,OAAOA,EAAE7/C,IACX,KAIJ,EAhDA,IAAIigD,EAAU,EAAQ,MAClBC,EAAa,EAAQ,MACrBC,EAAgB,EAAQ,MACxBR,EAAY,EAAQ,MAMpBD,EAAU,CAACO,EAAQG,aAEvBF,EAAWG,gBAAiBF,EAAcG,uDChB1CzlD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQ4H,qBAAuB5H,EAAQ0H,qBAAkB,EACzD1H,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQ6H,iBAAmBA,EAC3B7H,EAAQzpC,MAAQA,EAChBypC,EAAQ8H,2BAA6BA,EACrC9H,EAAQpe,OAASA,EACjBoe,EAAQ+H,eAAiBA,EACzB/H,EAAQgI,eA8GR,SAAwB/gB,GACtB,IAAIrlC,EAAKqlC,EAAGhX,YAAYg4B,EAAiB,WAAYL,GACjDzgB,EAAcvlC,EAAGulC,YAAY8gB,GAC7B7nB,EAAM,GACV,OAAO,IAAI59B,SAAQ,SAAUX,GAC3BslC,EAAY+gB,aAAalhB,UAAY,SAAUmhB,GAC7C,IAAIC,EAASD,EAAGt8B,OAAO7N,OACnBoqC,GACFhoB,EAAI76B,KAAK6iD,EAAO/8C,OAEhB+8C,EAAiB,aAEjBN,EAA2BlmD,GAC3BC,EAAIu+B,GAER,CACF,GACF,EA9HA4f,EAAQqI,OAASA,EACjBrI,EAAQsI,sBAAwBA,EAChCtI,EAAQuI,eAAiBA,EACzBvI,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQpyC,YAAcA,EACtBoyC,EAAQwI,mBAAqBA,EAC7BxI,EAAQ34C,UAAO,EACf24C,EAAQyI,aAAeA,EACvB,IAAIjI,EAAQ,EAAQ,MAChBkI,EAAgB,EAAQ,MACxBtI,EAAW,EAAQ,KAUnBwB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAI+G,EAAY,8BACZV,EAAkB,WAMlBL,EAAuB,CACzBgB,WAAY,WAKd,SAASP,IACP,GAAyB,oBAAdxsC,UAA2B,OAAOA,UAC7C,GAAsB,oBAAXjR,OAAwB,CACjC,QAAmC,IAAxBA,OAAOi+C,aAA8B,OAAOj+C,OAAOi+C,aAC9D,QAAsC,IAA3Bj+C,OAAOk+C,gBAAiC,OAAOl+C,OAAOk+C,gBACjE,QAAkC,IAAvBl+C,OAAOm+C,YAA6B,OAAOn+C,OAAOm+C,WAC/D,CACA,OAAO,CACT,CAOA,SAASjB,EAA2BlmD,GAC9BA,EAAGonD,QACLpnD,EAAGonD,QAEP,CACA,SAASjB,EAAekB,GACtB,IAAIC,EAAYb,IAGZc,EAASR,EAAYM,EAOrBG,EAAcF,EAAUtiB,KAAKuiB,GAQjC,OAPAC,EAAYtiB,gBAAkB,SAAUqhB,GAC7BA,EAAGt8B,OAAO7N,OAChB+oB,kBAAkBkhB,EAAiB,CACpCoB,QAAS,KACTC,eAAe,GAEnB,EACO,IAAI9mD,SAAQ,SAAUX,EAAK+iD,GAChCwE,EAAYviB,QAAU,SAAUshB,GAC9B,OAAOvD,EAAIuD,EACb,EACAiB,EAAYpiB,UAAY,WACtBnlC,EAAIunD,EAAYprC,OAClB,CACF,GACF,CAMA,SAASyqC,EAAaxhB,EAAIsiB,EAAYC,GACpC,IACIC,EAAc,CAChBC,KAAMH,EACN5H,MAHS,IAAIl1C,MAAOqyC,UAIpB/8C,KAAMynD,GAEJ5nD,EAAKqlC,EAAGhX,YAAY,CAACg4B,GAAkB,YAAaL,GACxD,OAAO,IAAIplD,SAAQ,SAAUX,EAAK+iD,GAChChjD,EAAGwlC,WAAa,WACd,OAAOvlC,GACT,EACAD,EAAGilC,QAAU,SAAUshB,GACrB,OAAOvD,EAAIuD,EACb,EACkBvmD,EAAGulC,YAAY8gB,GACrBlH,IAAI0I,GAChB3B,EAA2BlmD,EAC7B,GACF,CAmBA,SAAS0mD,EAAsBrhB,EAAI0iB,GACjC,IAAI/nD,EAAKqlC,EAAGhX,YAAYg4B,EAAiB,WAAYL,GACjDzgB,EAAcvlC,EAAGulC,YAAY8gB,GAC7B7nB,EAAM,GACNwpB,EAAgBC,YAAYC,MAAMH,EAAe,EAAGI,KAOxD,GAAI5iB,EAAY6iB,OAAQ,CACtB,IAAIC,EAAgB9iB,EAAY6iB,OAAOJ,GACvC,OAAO,IAAIpnD,SAAQ,SAAUX,EAAK+iD,GAChCqF,EAAcpjB,QAAU,SAAUn+B,GAChC,OAAOk8C,EAAIl8C,EACb,EACAuhD,EAAcjjB,UAAY,SAAUjgC,GAClClF,EAAIkF,EAAE8kB,OAAO7N,OACf,CACF,GACF,CAYA,OAAO,IAAIxb,SAAQ,SAAUX,EAAK+iD,GAChC,IAAIsF,EAZN,WAIE,IAEE,OADAN,EAAgBC,YAAYC,MAAMH,EAAe,EAAGI,KAC7C5iB,EAAY+gB,WAAW0B,EAChC,CAAE,MAAO7iD,GACP,OAAOogC,EAAY+gB,YACrB,CACF,CAE0BA,GACxBgC,EAAkBrjB,QAAU,SAAUn+B,GACpC,OAAOk8C,EAAIl8C,EACb,EACAwhD,EAAkBljB,UAAY,SAAUmhB,GACtC,IAAIC,EAASD,EAAGt8B,OAAO7N,OACnBoqC,EACEA,EAAO/8C,MAAMqa,GAAKikC,EAAe,EACnCvB,EAAiB,SAAEuB,EAAe,IAElCvpB,EAAI76B,KAAK6iD,EAAO/8C,OAChB+8C,EAAiB,aAGnBN,EAA2BlmD,GAC3BC,EAAIu+B,GAER,CACF,GACF,CACA,SAASooB,EAAmB2B,EAAcC,GACxC,GAAID,EAAapc,OACf,OAAOvrC,QAAQC,QAAQ,IAEzB,IACI0kC,EADKgjB,EAAaljB,GAAGhX,YAAYg4B,EAAiB,YAAaL,GAC9CzgB,YAAY8gB,GACjC,OAAOzlD,QAAQmgD,IAAIyH,EAAIptC,KAAI,SAAU0I,GACnC,IAAI2kC,EAAgBljB,EAAoB,OAAEzhB,GAC1C,OAAO,IAAIljB,SAAQ,SAAUX,GAC3BwoD,EAAcrjB,UAAY,WACxB,OAAOnlC,GACT,CACF,GACF,IACF,CACA,SAAS0mD,EAAethB,EAAIkX,GAC1B,IAAIO,GAAY,IAAIjyC,MAAOqyC,UAAYX,EACnCv8C,EAAKqlC,EAAGhX,YAAYg4B,EAAiB,WAAYL,GACjDzgB,EAAcvlC,EAAGulC,YAAY8gB,GAC7B7nB,EAAM,GACV,OAAO,IAAI59B,SAAQ,SAAUX,GAC3BslC,EAAY+gB,aAAalhB,UAAY,SAAUmhB,GAC7C,IAAIC,EAASD,EAAGt8B,OAAO7N,OACvB,GAAIoqC,EAAQ,CACV,IAAIkC,EAASlC,EAAO/8C,MAChBi/C,EAAO3I,KAAOjD,GAChBte,EAAI76B,KAAK+kD,GAETlC,EAAiB,aAGjBN,EAA2BlmD,GAC3BC,EAAIu+B,GAER,MACEv+B,EAAIu+B,EAER,CACF,GACF,CACA,SAASynB,EAAiBsC,GACxB,OAAO5B,EAAe4B,EAAaljB,GAAIkjB,EAAajnD,QAAQqnD,IAAIpM,KAAKn7C,MAAK,SAAUwnD,GAClF,OAAOhC,EAAmB2B,EAAcK,EAAOxtC,KAAI,SAAUtP,GAC3D,OAAOA,EAAIgY,EACb,IACF,GACF,CACA,SAASkc,EAAOqnB,EAAa/lD,GAE3B,OADAA,GAAU,EAAIk9C,EAASC,yBAAyBn9C,GACzC6kD,EAAekB,GAAajmD,MAAK,SAAUikC,GAChD,IAAIx2B,EAAQ,CACVs9B,QAAQ,EACR4b,aAAc,EACdV,YAAaA,EACb/lD,QAASA,EACTwmD,MAAM,EAAIlJ,EAAMwD,eAMhByG,KAAM,IAAI/B,EAActK,aAA+B,EAAlBl7C,EAAQqnD,IAAIpM,KAEjDuM,kBAAmBlK,EAAMqB,sBACzB8I,iBAAkB,KAClBC,kBAAmB,GACnB3jB,GAAIA,GAoBN,OAXAA,EAAG4jB,QAAU,WACXp6C,EAAMs9B,QAAS,EACX7qC,EAAQqnD,IAAIM,SAAS3nD,EAAQqnD,IAAIM,SACvC,EAOAC,EAAUr6C,GACHA,CACT,GACF,CACA,SAASq6C,EAAUr6C,GACbA,EAAMs9B,QACVgd,EAAgBt6C,GAAOzN,MAAK,WAC1B,OAAO,EAAIw9C,EAAMuF,OAAOt1C,EAAMvN,QAAQqnD,IAAInF,iBAC5C,IAAGpiD,MAAK,WACN,OAAO8nD,EAAUr6C,EACnB,GACF,CAWA,SAASs6C,EAAgBt6C,GAEvB,OAAIA,EAAMs9B,OAAeyS,EAAMqB,sBAG1BpxC,EAAMk6C,iBACJrC,EAAsB73C,EAAMw2B,GAAIx2B,EAAMk5C,cAAc3mD,MAAK,SAAUgoD,GACxE,IAAIC,EAAcD,EAKdz+B,QAAO,SAAUm1B,GACnB,QAASA,CACX,IAAG1kC,KAAI,SAAU0kC,GAIf,OAHIA,EAAOh8B,GAAKjV,EAAMk5C,eACpBl5C,EAAMk5C,aAAejI,EAAOh8B,IAEvBg8B,CACT,IAAGn1B,QAAO,SAAUm1B,GAClB,OA9BN,SAAwBA,EAAQjxC,GAC9B,QAAIixC,EAAOgI,OAASj5C,EAAMi5C,MACtBj5C,EAAMg6C,KAAKpM,IAAIqD,EAAOh8B,KACtBg8B,EAAO3/C,KAAK4/C,KAAOlxC,EAAMy6C,qBAE/B,CAyBaC,CAAezJ,EAAQjxC,EAChC,IAAG26C,MAAK,SAAUC,EAASC,GACzB,OAAOD,EAAQ1J,KAAO2J,EAAQ3J,IAChC,IAOA,OANAsJ,EAAYr/C,SAAQ,SAAU81C,GACxBjxC,EAAMk6C,mBACRl6C,EAAMg6C,KAAK1J,IAAIW,EAAOh8B,IACtBjV,EAAMk6C,iBAAiBjJ,EAAO3/C,MAElC,IACOy+C,EAAMqB,qBACf,IA1BoCrB,EAAMqB,qBA2B5C,CACA,SAAStrC,EAAM4zC,GACbA,EAAapc,QAAS,EACtBoc,EAAaljB,GAAG1wB,OAClB,CACA,SAAS3I,EAAYu8C,EAAcX,GASjC,OARAW,EAAaO,kBAAoBP,EAAaO,kBAAkB1nD,MAAK,WACnE,OAAOylD,EAAa0B,EAAaljB,GAAIkjB,EAAaT,KAAMF,EAC1D,IAAGxmD,MAAK,WAC8B,KAAhC,EAAIw9C,EAAM+K,WAAW,EAAG,KAE1B1D,EAAiBsC,EAErB,IACOA,EAAaO,iBACtB,CACA,SAAStI,EAAU+H,EAAc3iD,EAAIm6C,GACnCwI,EAAae,qBAAuBvJ,EACpCwI,EAAaQ,iBAAmBnjD,EAChCujD,EAAgBZ,EAClB,CACA,SAAS9C,IACP,QAASgB,GACX,CACA,SAAS/C,EAAoBpiD,GAC3B,OAAsC,EAA/BA,EAAQqnD,IAAInF,gBACrB,CAzTApF,EAAQ4H,qBAAuBA,EAE/B5H,EAAQ34C,KADG,MAyTX,IAAIqgD,EAAkB,CACpB9lB,OAAQA,EACRrrB,MAAOA,EACP6rC,UAAWA,EACXx0C,YAAaA,EACby5C,UAAWA,EACXhgD,KA/TS,MAgUTi+C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQ0H,gBAAkBA,qCCjX1BxlD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQ2H,wBAAqB,EAC7B3H,EAAQwL,wBAA0BA,EAClCxL,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQzpC,MAAQA,EAChBypC,EAAQpe,OAASA,EACjBoe,EAAQv2C,gBAAkBA,EAC1Bu2C,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQpyC,YAAcA,EACtBoyC,EAAQyL,2BAA6BA,EACrCzL,EAAQ5zC,WAAaA,EACrB4zC,EAAQ34C,UAAO,EACf,IAAIqhD,EAAgB,EAAQ,MACxBtI,EAAW,EAAQ,KACnBI,EAAQ,EAAQ,MAShBoB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAI8J,EAAa,2BACbrkD,EAAO,eAOX,SAASoC,IACP,IAAIqB,EACJ,GAAsB,oBAAXF,OAAwB,OAAO,KAC1C,IACEE,EAAeF,OAAOE,aACtBA,EAAeF,OAAO,8BAAgCA,OAAOE,YAC/D,CAAE,MAAO/D,GAIT,CACA,OAAO+D,CACT,CACA,SAASsB,EAAW68C,GAClB,OAAOyC,EAAazC,CACtB,CAMA,SAASr7C,EAAYu8C,EAAcX,GACjC,OAAO,IAAIhnD,SAAQ,SAAUX,IAC3B,EAAI2+C,EAAMuF,SAAS/iD,MAAK,WACtB,IAAI0C,EAAM0G,EAAW+9C,EAAalB,aAC9B0C,EAAW,CACb97C,OAAO,EAAI2wC,EAAMwD,eACjBrC,MAAM,IAAIl1C,MAAOqyC,UACjB/8C,KAAMynD,EACNE,KAAMS,EAAaT,MAEjBr+C,EAAQW,KAAKE,UAAUy/C,GAC3BliD,IAAkB2B,QAAQ1F,EAAK2F,GAO/B,IAAI88C,EAAKh7C,SAASy+C,YAAY,SAC9BzD,EAAG0D,UAAU,WAAW,GAAM,GAC9B1D,EAAGziD,IAAMA,EACTyiD,EAAG2D,SAAWzgD,EACdT,OAAOmhD,cAAc5D,GACrBtmD,GACF,GACF,GACF,CACA,SAAS2pD,EAAwBvC,EAAazhD,GAC5C,IAAI9B,EAAM0G,EAAW68C,GACjBh8C,EAAW,SAAkBk7C,GAC3BA,EAAGziD,MAAQA,GACb8B,EAAGwE,KAAKC,MAAMk8C,EAAG2D,UAErB,EAEA,OADAlhD,OAAOqV,iBAAiB,UAAWhT,GAC5BA,CACT,CACA,SAASw+C,EAA2Bx+C,GAClCrC,OAAO+W,oBAAoB,UAAW1U,EACxC,CACA,SAAS20B,EAAOqnB,EAAa/lD,GAE3B,GADAA,GAAU,EAAIk9C,EAASC,yBAAyBn9C,IAC3CmkD,IACH,MAAM,IAAI9yC,MAAM,iDAElB,IAAIm1C,GAAO,EAAIlJ,EAAMwD,eAOjByG,EAAO,IAAI/B,EAActK,aAAal7C,EAAQ8oD,aAAaC,eAC3Dx7C,EAAQ,CACVw4C,YAAaA,EACbS,KAAMA,EACNe,KAAMA,GAYR,OATAh6C,EAAMxD,SAAWu+C,EAAwBvC,GAAa,SAAUvH,GACzDjxC,EAAMk6C,kBACPjJ,EAAOgI,OAASA,GACfhI,EAAO7xC,QAAS46C,EAAKpM,IAAIqD,EAAO7xC,SACjC6xC,EAAO3/C,KAAK4/C,MAAQD,EAAO3/C,KAAK4/C,KAAOlxC,EAAMy6C,uBAEjDT,EAAK1J,IAAIW,EAAO7xC,OAChBY,EAAMk6C,iBAAiBjJ,EAAO3/C,OAChC,IACO0O,CACT,CACA,SAAS8F,EAAM4zC,GACbsB,EAA2BtB,EAAal9C,SAC1C,CACA,SAASm1C,EAAU+H,EAAc3iD,EAAIm6C,GACnCwI,EAAae,qBAAuBvJ,EACpCwI,EAAaQ,iBAAmBnjD,CAClC,CACA,SAAS6/C,IACP,IAAI6E,EAAKziD,IACT,IAAKyiD,EAAI,OAAO,EAChB,IACE,IAAIxmD,EAAM,2BACVwmD,EAAG9gD,QAAQ1F,EAAK,SAChBwmD,EAAG1gD,WAAW9F,EAChB,CAAE,MAAOqB,GAIP,OAAO,CACT,CACA,OAAO,CACT,CACA,SAASu+C,IACP,IACI/oC,EAAYD,UAAUC,UAAUoB,cACpC,OAAIpB,EAAU4T,SAAS,YAAc5T,EAAU4T,SAAS,UAE/Cg8B,IAJS,GAOpB,CA1HAnM,EAAQ34C,KAAOA,EA2Hf,IAAIsgD,EAAqB,CACvB/lB,OAAQA,EACRrrB,MAAOA,EACP6rC,UAAWA,EACXx0C,YAAaA,EACby5C,UAAWA,EACXhgD,KAAMA,EACNi+C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQ2H,mBAAqBA,qCCzK7BzlD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQyH,kBAAe,EACvBzH,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQzpC,MAAQA,EAChBypC,EAAQpe,OAASA,EACjBoe,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQpyC,YAAcA,EACtBoyC,EAAQ34C,UAAO,EACf,IAAIm5C,EAAQ,EAAQ,MAChBoB,EAAepB,EAAMoB,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAIv6C,EAAO,SAEX,SAASu6B,EAAOqnB,GACd,IAAIx4C,EAAQ,CACVk6C,iBAAkB,KAClByB,GAAI,IAAI91C,iBAAiB2yC,GACzBoD,OAAQ,IAQV,OALA57C,EAAM27C,GAAG1W,UAAY,SAAUhoC,GACzB+C,EAAMk6C,kBACRl6C,EAAMk6C,iBAAiBj9C,EAAI3L,KAE/B,EACO0O,CACT,CACA,SAAS8F,EAAM4zC,GACbA,EAAaiC,GAAG71C,QAChB4zC,EAAakC,OAAS,EACxB,CACA,SAASz+C,EAAYu8C,EAAcX,GACjC,IAEE,OADAW,EAAaiC,GAAGx+C,YAAY47C,GAAa,GAClChJ,EAAMqB,qBACf,CAAE,MAAOn5C,GACP,OAAOlG,QAAQK,OAAO6F,EACxB,CACF,CACA,SAAS05C,EAAU+H,EAAc3iD,GAC/B2iD,EAAaQ,iBAAmBnjD,CAClC,CACA,SAAS6/C,IACP,GAAuB,oBAAXz8C,QAA0C,oBAAT+0B,MAAqD,mBAArBrpB,iBAM3E,OAAO,EALP,GAAIA,iBAAiBksC,QACnB,MAAM,IAAIjuC,MAAM,uGAElB,OAAO,CAIX,CACA,SAAS+wC,IACP,OAAO,GACT,CA1CAtF,EAAQ34C,KAAOA,EA2Cf,IAAIogD,EAAe,CACjB7lB,OAAQA,EACRrrB,MAAOA,EACP6rC,UAAWA,EACXx0C,YAAaA,EACby5C,UAAWA,EACXhgD,KAAMA,EACNi+C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQyH,aAAeA,qCCrEvBvlD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQiH,oBAAiB,EACzBjH,EAAQsF,oBAAsBA,EAC9BtF,EAAQqH,UAAYA,EACpBrH,EAAQzpC,MAAQA,EAChBypC,EAAQpe,OAASA,EACjBoe,EAAQ4B,kBAAe,EACvB5B,EAAQoC,UAAYA,EACpBpC,EAAQpyC,YAAcA,EACtBoyC,EAAQ34C,UAAO,EACf,IACIu6C,EADQ,EAAQ,MACKA,aACzB5B,EAAQ4B,aAAeA,EACvB,IAAIv6C,EAAO,WACX24C,EAAQ34C,KAAOA,EACf,IAAIilD,EAAoB,IAAI1L,IAC5B,SAAShf,EAAOqnB,GACd,IAAIx4C,EAAQ,CACVrK,KAAM6iD,EACN0B,iBAAkB,MAGpB,OADA2B,EAAkBvL,IAAItwC,GACfA,CACT,CACA,SAAS8F,EAAM4zC,GACbmC,EAA0B,OAAEnC,EAC9B,CACA,SAASv8C,EAAYu8C,EAAcX,GACjC,OAAO,IAAIhnD,SAAQ,SAAUX,GAC3B,OAAOmM,YAAW,WACG/I,MAAM2R,KAAK01C,GACjB//B,QAAO,SAAUlW,GAC5B,OAAOA,EAAQjQ,OAAS+jD,EAAa/jD,IACvC,IAAGmmB,QAAO,SAAUlW,GAClB,OAAOA,IAAY8zC,CACrB,IAAG59B,QAAO,SAAUlW,GAClB,QAASA,EAAQs0C,gBACnB,IAAG/+C,SAAQ,SAAUyK,GACnB,OAAOA,EAAQs0C,iBAAiBnB,EAClC,IACA3nD,GACF,GAAG,EACL,GACF,CACA,SAASugD,EAAU+H,EAAc3iD,GAC/B2iD,EAAaQ,iBAAmBnjD,CAClC,CACA,SAAS6/C,IACP,OAAO,CACT,CACA,SAAS/B,IACP,OAAO,CACT,CACA,IAAI2B,EAAiB,CACnBrlB,OAAQA,EACRrrB,MAAOA,EACP6rC,UAAWA,EACXx0C,YAAaA,EACby5C,UAAWA,EACXhgD,KAAMA,EACNi+C,oBAAqBA,EACrB1D,aAAcA,GAEhB5B,EAAQiH,eAAiBA,kCCjEzB/kD,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQK,wBACR,WACE,IAAIkM,EAAkB3/C,UAAUtH,OAAS,QAAsBtD,IAAjB4K,UAAU,GAAmBA,UAAU,GAAK,CAAC,EACvF1J,EAAU8I,KAAKC,MAAMD,KAAKE,UAAUqgD,IA6BxC,YA1BwC,IAA7BrpD,EAAQikD,mBAAkCjkD,EAAQikD,kBAAmB,GAG3EjkD,EAAQqnD,MAAKrnD,EAAQqnD,IAAM,CAAC,GAE5BrnD,EAAQqnD,IAAIpM,MAAKj7C,EAAQqnD,IAAIpM,IAAM,MACnCj7C,EAAQqnD,IAAInF,mBAAkBliD,EAAQqnD,IAAInF,iBAAmB,KAE9DmH,EAAgBhC,KAA8C,mBAAhCgC,EAAgBhC,IAAIM,UAAwB3nD,EAAQqnD,IAAIM,QAAU0B,EAAgBhC,IAAIM,SAGnH3nD,EAAQ8oD,eAAc9oD,EAAQ8oD,aAAe,CAAC,GAC9C9oD,EAAQ8oD,aAAaC,gBAAe/oD,EAAQ8oD,aAAaC,cAAgB,KAG1EM,EAAgBzF,UAAS5jD,EAAQ4jD,QAAUyF,EAAgBzF,SAG1D5jD,EAAQ2b,OAAM3b,EAAQ2b,KAAO,CAAC,GAC9B3b,EAAQ2b,KAAKs/B,MAAKj7C,EAAQ2b,KAAKs/B,IAAM,MAKrCj7C,EAAQ2b,KAAK2tC,oBAAmBtpD,EAAQ2b,KAAK2tC,kBAAoB,WAC9B,IAA7BtpD,EAAQ2b,KAAK4tC,cAA6BvpD,EAAQ2b,KAAK4tC,aAAc,GACzEvpD,CACT,mCCpCAhB,OAAO+9C,eAAeD,EAAS,aAAc,CAC3C30C,OAAO,IAET20C,EAAQ6B,sBAAwB7B,EAAQgG,sBAAwBhG,EAAQS,4BAAyB,EACjGT,EAAQ7D,UASR,SAAmBp3C,GACjB,OAAOA,GAA2B,mBAAbA,EAAI/B,IAC3B,EAVAg9C,EAAQ4B,aA6CR,WACE,IAAI9E,GAAK,IAAIrwC,MAAOqyC,UACpB,OAAIhC,IAAO4P,EAEG,IAAL5P,KADP6P,GAGAD,EAAS5P,EACT6P,EAAa,EACD,IAAL7P,EAEX,EAtDAkD,EAAQuL,UAwBR,SAAmBqB,EAAKjqB,GACtB,OAAO95B,KAAKmZ,MAAMnZ,KAAKk0C,UAAYpa,EAAMiqB,EAAM,GAAKA,EACtD,EAzBA5M,EAAQgE,YA8BR,WACE,OAAOn7C,KAAKk0C,SAAS3W,SAAS,IAAI/O,UAAU,EAC9C,EA/BA2oB,EAAQ+F,MAcR,SAAepE,EAAMkL,GAEnB,OADKlL,IAAMA,EAAO,GACX,IAAIn/C,SAAQ,SAAUX,GAC3B,OAAOmM,YAAW,WAChB,OAAOnM,EAAIgrD,EACb,GAAGlL,EACL,GACF,EApBA3B,EAAQuF,mBAyDR,WACE,MAAyB,oBAAdjpC,gBAAwD,IAApBA,UAAU8nC,OAA4D,mBAA5B9nC,UAAU8nC,MAAMS,OAK3G,EAxDA,IAAIpE,EAAyBj+C,QAAQC,SAAQ,GAC7Cu9C,EAAQS,uBAAyBA,EACjC,IAAIuF,EAAwBxjD,QAAQC,SAAQ,GAC5Cu9C,EAAQgG,sBAAwBA,EAChC,IAAInE,EAAwBr/C,QAAQC,UACpCu9C,EAAQ6B,sBAAwBA,EAmBhC,IAAI6K,EAAS,EACTC,EAAa,sBC3CjB,IAAItvC,EAAyB,oBAATsiB,KAAuBA,KAAO79B,KAC9CgrD,EAAW,WACf,SAASC,IACTjrD,KAAKwb,OAAQ,EACbxb,KAAKkrD,aAAe3vC,EAAO2vC,YAC3B,CAEA,OADAD,EAAEpnD,UAAY0X,EACP,IAAI0vC,CACV,CAPc,IAQf,SAAUptB,IAEO,SAAWqgB,GAE1B,IAAIiN,EAAU,CACZ3iC,aAAc,oBAAqBqV,EACnCutB,SAAU,WAAYvtB,GAAQ,aAAcif,OAC5CuO,KACE,eAAgBxtB,GAChB,SAAUA,GACV,WACE,IAEE,OADA,IAAIytB,MACG,CACT,CAAE,MAAOrmD,GACP,OAAO,CACT,CACD,CAPD,GAQFsmD,SAAU,aAAc1tB,EACxBpnB,YAAa,gBAAiBonB,GAOhC,GAAIstB,EAAQ10C,YACV,IAAI+0C,EAAc,CAChB,qBACA,sBACA,6BACA,sBACA,uBACA,sBACA,uBACA,wBACA,yBAGEC,EACFC,YAAYC,QACZ,SAAS1oD,GACP,OAAOA,GAAOuoD,EAAYxhD,QAAQ5J,OAAOyD,UAAUygC,SAASvgC,KAAKd,KAAS,CAC5E,EAGJ,SAAS2oD,EAActnD,GAIrB,GAHoB,iBAATA,IACTA,EAAOuR,OAAOvR,IAEZ,4BAA4B+V,KAAK/V,GACnC,MAAM,IAAIunD,UAAU,0CAEtB,OAAOvnD,EAAKuX,aACd,CAEA,SAASiwC,EAAeviD,GAItB,MAHqB,iBAAVA,IACTA,EAAQsM,OAAOtM,IAEVA,CACT,CAGA,SAASwiD,EAAYC,GACnB,IAAInP,EAAW,CACbE,KAAM,WACJ,IAAIxzC,EAAQyiD,EAAMrjD,QAClB,MAAO,CAACsjD,UAAgB/rD,IAAVqJ,EAAqBA,MAAOA,EAC5C,GASF,OANI4hD,EAAQC,WACVvO,EAASC,OAAOD,UAAY,WAC1B,OAAOA,CACT,GAGKA,CACT,CAEA,SAASqP,EAAQppD,GACf9C,KAAKkb,IAAM,CAAC,EAERpY,aAAmBopD,EACrBppD,EAAQgH,SAAQ,SAASP,EAAOjF,GAC9BtE,KAAKwwC,OAAOlsC,EAAMiF,EACpB,GAAGvJ,MACMmD,MAAMC,QAAQN,GACvBA,EAAQgH,SAAQ,SAAS+O,GACvB7Y,KAAKwwC,OAAO33B,EAAO,GAAIA,EAAO,GAChC,GAAG7Y,MACM8C,GACT1C,OAAO+rD,oBAAoBrpD,GAASgH,SAAQ,SAASxF,GACnDtE,KAAKwwC,OAAOlsC,EAAMxB,EAAQwB,GAC5B,GAAGtE,KAEP,CA8DA,SAASosD,EAAS9gD,GAChB,GAAIA,EAAK+gD,SACP,OAAO3rD,QAAQK,OAAO,IAAI8qD,UAAU,iBAEtCvgD,EAAK+gD,UAAW,CAClB,CAEA,SAASC,EAAgBC,GACvB,OAAO,IAAI7rD,SAAQ,SAASC,EAASI,GACnCwrD,EAAOC,OAAS,WACd7rD,EAAQ4rD,EAAOrwC,OACjB,EACAqwC,EAAOxnB,QAAU,WACfhkC,EAAOwrD,EAAOx9C,MAChB,CACF,GACF,CAEA,SAAS09C,EAAsBpB,GAC7B,IAAIkB,EAAS,IAAIG,WACbptC,EAAUgtC,EAAgBC,GAE9B,OADAA,EAAOI,kBAAkBtB,GAClB/rC,CACT,CAmBA,SAASstC,EAAYC,GACnB,GAAIA,EAAInkD,MACN,OAAOmkD,EAAInkD,MAAM,GAEjB,IAAIokD,EAAO,IAAIj4C,WAAWg4C,EAAIE,YAE9B,OADAD,EAAKrjD,IAAI,IAAIoL,WAAWg4C,IACjBC,EAAK72C,MAEhB,CAEA,SAAS+2C,IA0FP,OAzFAhtD,KAAKqsD,UAAW,EAEhBrsD,KAAKitD,UAAY,SAAS3hD,GAhM5B,IAAoBrI,EAiMhBjD,KAAKktD,UAAY5hD,EACZA,EAEsB,iBAATA,EAChBtL,KAAKmtD,UAAY7hD,EACR6/C,EAAQE,MAAQC,KAAKznD,UAAUupD,cAAc9hD,GACtDtL,KAAKqtD,UAAY/hD,EACR6/C,EAAQI,UAAY+B,SAASzpD,UAAUupD,cAAc9hD,GAC9DtL,KAAKutD,cAAgBjiD,EACZ6/C,EAAQ3iC,cAAgBglC,gBAAgB3pD,UAAUupD,cAAc9hD,GACzEtL,KAAKmtD,UAAY7hD,EAAKg5B,WACb6mB,EAAQ10C,aAAe00C,EAAQE,OA5M1BpoD,EA4M6CqI,IA3MjDmiD,SAAS5pD,UAAUupD,cAAcnqD,IA4M3CjD,KAAK0tD,iBAAmBd,EAAYthD,EAAK2K,QAEzCjW,KAAKktD,UAAY,IAAI5B,KAAK,CAACtrD,KAAK0tD,oBACvBvC,EAAQ10C,cAAgBi1C,YAAY7nD,UAAUupD,cAAc9hD,IAASmgD,EAAkBngD,IAChGtL,KAAK0tD,iBAAmBd,EAAYthD,GAEpCtL,KAAKmtD,UAAY7hD,EAAOlL,OAAOyD,UAAUygC,SAASvgC,KAAKuH,GAhBvDtL,KAAKmtD,UAAY,GAmBdntD,KAAK8C,QAAQlB,IAAI,kBACA,iBAAT0J,EACTtL,KAAK8C,QAAQ2G,IAAI,eAAgB,4BACxBzJ,KAAKqtD,WAAartD,KAAKqtD,UAAU9nD,KAC1CvF,KAAK8C,QAAQ2G,IAAI,eAAgBzJ,KAAKqtD,UAAU9nD,MACvC4lD,EAAQ3iC,cAAgBglC,gBAAgB3pD,UAAUupD,cAAc9hD,IACzEtL,KAAK8C,QAAQ2G,IAAI,eAAgB,mDAGvC,EAEI0hD,EAAQE,OACVrrD,KAAKqrD,KAAO,WACV,IAAIsC,EAAWvB,EAASpsD,MACxB,GAAI2tD,EACF,OAAOA,EAGT,GAAI3tD,KAAKqtD,UACP,OAAO3sD,QAAQC,QAAQX,KAAKqtD,WACvB,GAAIrtD,KAAK0tD,iBACd,OAAOhtD,QAAQC,QAAQ,IAAI2qD,KAAK,CAACtrD,KAAK0tD,oBACjC,GAAI1tD,KAAKutD,cACd,MAAM,IAAI96C,MAAM,wCAEhB,OAAO/R,QAAQC,QAAQ,IAAI2qD,KAAK,CAACtrD,KAAKmtD,YAE1C,EAEAntD,KAAKyW,YAAc,WACjB,OAAIzW,KAAK0tD,iBACAtB,EAASpsD,OAASU,QAAQC,QAAQX,KAAK0tD,kBAEvC1tD,KAAKqrD,OAAOnqD,KAAKurD,EAE5B,GAGFzsD,KAAK+b,KAAO,WACV,IA3FoBsvC,EAClBkB,EACAjtC,EAyFEquC,EAAWvB,EAASpsD,MACxB,GAAI2tD,EACF,OAAOA,EAGT,GAAI3tD,KAAKqtD,UACP,OAjGkBhC,EAiGIrrD,KAAKqtD,UA/F3B/tC,EAAUgtC,EADVC,EAAS,IAAIG,YAEjBH,EAAOqB,WAAWvC,GACX/rC,EA8FE,GAAItf,KAAK0tD,iBACd,OAAOhtD,QAAQC,QA5FrB,SAA+BksD,GAI7B,IAHA,IAAIC,EAAO,IAAIj4C,WAAWg4C,GACtBgB,EAAQ,IAAI1qD,MAAM2pD,EAAKtpD,QAElB0S,EAAI,EAAGA,EAAI42C,EAAKtpD,OAAQ0S,IAC/B23C,EAAM33C,GAAKL,OAAOC,aAAag3C,EAAK52C,IAEtC,OAAO23C,EAAMxyC,KAAK,GACpB,CAoF6ByyC,CAAsB9tD,KAAK0tD,mBAC7C,GAAI1tD,KAAKutD,cACd,MAAM,IAAI96C,MAAM,wCAEhB,OAAO/R,QAAQC,QAAQX,KAAKmtD,UAEhC,EAEIhC,EAAQI,WACVvrD,KAAKurD,SAAW,WACd,OAAOvrD,KAAK+b,OAAO7a,KAAK0pC,EAC1B,GAGF5qC,KAAK8b,KAAO,WACV,OAAO9b,KAAK+b,OAAO7a,KAAKgJ,KAAKC,MAC/B,EAEOnK,IACT,CA3MAksD,EAAQroD,UAAU2sC,OAAS,SAASlsC,EAAMiF,GACxCjF,EAAOsnD,EAActnD,GACrBiF,EAAQuiD,EAAeviD,GACvB,IAAIwkD,EAAW/tD,KAAKkb,IAAI5W,GACxBtE,KAAKkb,IAAI5W,GAAQypD,EAAWA,EAAW,KAAOxkD,EAAQA,CACxD,EAEA2iD,EAAQroD,UAAkB,OAAI,SAASS,UAC9BtE,KAAKkb,IAAI0wC,EAActnD,GAChC,EAEA4nD,EAAQroD,UAAUjC,IAAM,SAAS0C,GAE/B,OADAA,EAAOsnD,EAActnD,GACdtE,KAAKu8C,IAAIj4C,GAAQtE,KAAKkb,IAAI5W,GAAQ,IAC3C,EAEA4nD,EAAQroD,UAAU04C,IAAM,SAASj4C,GAC/B,OAAOtE,KAAKkb,IAAIpX,eAAe8nD,EAActnD,GAC/C,EAEA4nD,EAAQroD,UAAU4F,IAAM,SAASnF,EAAMiF,GACrCvJ,KAAKkb,IAAI0wC,EAActnD,IAASwnD,EAAeviD,EACjD,EAEA2iD,EAAQroD,UAAUiG,QAAU,SAASkkD,EAAUC,GAC7C,IAAK,IAAI3pD,KAAQtE,KAAKkb,IAChBlb,KAAKkb,IAAIpX,eAAeQ,IAC1B0pD,EAASjqD,KAAKkqD,EAASjuD,KAAKkb,IAAI5W,GAAOA,EAAMtE,KAGnD,EAEAksD,EAAQroD,UAAUgG,KAAO,WACvB,IAAImiD,EAAQ,GAIZ,OAHAhsD,KAAK8J,SAAQ,SAASP,EAAOjF,GAC3B0nD,EAAMvoD,KAAKa,EACb,IACOynD,EAAYC,EACrB,EAEAE,EAAQroD,UAAU2N,OAAS,WACzB,IAAIw6C,EAAQ,GAIZ,OAHAhsD,KAAK8J,SAAQ,SAASP,GACpByiD,EAAMvoD,KAAK8F,EACb,IACOwiD,EAAYC,EACrB,EAEAE,EAAQroD,UAAUiO,QAAU,WAC1B,IAAIk6C,EAAQ,GAIZ,OAHAhsD,KAAK8J,SAAQ,SAASP,EAAOjF,GAC3B0nD,EAAMvoD,KAAK,CAACa,EAAMiF,GACpB,IACOwiD,EAAYC,EACrB,EAEIb,EAAQC,WACVc,EAAQroD,UAAUi5C,OAAOD,UAAYqP,EAAQroD,UAAUiO,SAqJzD,IAAIkzC,EAAU,CAAC,SAAU,MAAO,OAAQ,UAAW,OAAQ,OAO3D,SAASkJ,EAAQpsC,EAAO1gB,GAEtB,IAPuB4Z,EACnBmzC,EAMA7iD,GADJlK,EAAUA,GAAW,CAAC,GACHkK,KAEnB,GAAIwW,aAAiBosC,EAAS,CAC5B,GAAIpsC,EAAMuqC,SACR,MAAM,IAAIR,UAAU,gBAEtB7rD,KAAKmB,IAAM2gB,EAAM3gB,IACjBnB,KAAK0b,YAAcoG,EAAMpG,YACpBta,EAAQ0B,UACX9C,KAAK8C,QAAU,IAAIopD,EAAQpqC,EAAMhf,UAEnC9C,KAAKgb,OAAS8G,EAAM9G,OACpBhb,KAAKouD,KAAOtsC,EAAMssC,KAClBpuD,KAAKgjD,OAASlhC,EAAMkhC,OACf13C,GAA2B,MAAnBwW,EAAMorC,YACjB5hD,EAAOwW,EAAMorC,UACbprC,EAAMuqC,UAAW,EAErB,MACErsD,KAAKmB,IAAM0U,OAAOiM,GAYpB,GATA9hB,KAAK0b,YAActa,EAAQsa,aAAe1b,KAAK0b,aAAe,eAC1Dta,EAAQ0B,SAAY9C,KAAK8C,UAC3B9C,KAAK8C,QAAU,IAAIopD,EAAQ9qD,EAAQ0B,UAErC9C,KAAKgb,QAhCDmzC,GADmBnzC,EAiCO5Z,EAAQ4Z,QAAUhb,KAAKgb,QAAU,OAhC1Csa,cACd0vB,EAAQh7C,QAAQmkD,IAAY,EAAIA,EAAUnzC,GAgCjDhb,KAAKouD,KAAOhtD,EAAQgtD,MAAQpuD,KAAKouD,MAAQ,KACzCpuD,KAAKgjD,OAAS5hD,EAAQ4hD,QAAUhjD,KAAKgjD,OACrChjD,KAAKquD,SAAW,MAEK,QAAhBruD,KAAKgb,QAAoC,SAAhBhb,KAAKgb,SAAsB1P,EACvD,MAAM,IAAIugD,UAAU,6CAEtB7rD,KAAKitD,UAAU3hD,EACjB,CAMA,SAASs/B,EAAOt/B,GACd,IAAIsW,EAAO,IAAI0rC,SAYf,OAXAhiD,EACGgjD,OACAn3C,MAAM,KACNrN,SAAQ,SAASykD,GAChB,GAAIA,EAAO,CACT,IAAIp3C,EAAQo3C,EAAMp3C,MAAM,KACpB7S,EAAO6S,EAAMxO,QAAQsB,QAAQ,MAAO,KACpCV,EAAQ4N,EAAMkE,KAAK,KAAKpR,QAAQ,MAAO,KAC3C2X,EAAK4uB,OAAOl7B,mBAAmBhR,GAAOgR,mBAAmB/L,GAC3D,CACF,IACKqY,CACT,CAoBA,SAAS4sC,EAASC,EAAUrtD,GACrBA,IACHA,EAAU,CAAC,GAGbpB,KAAKuF,KAAO,UACZvF,KAAKG,YAA4BD,IAAnBkB,EAAQjB,OAAuB,IAAMiB,EAAQjB,OAC3DH,KAAK4b,GAAK5b,KAAKG,QAAU,KAAOH,KAAKG,OAAS,IAC9CH,KAAK0uD,WAAa,eAAgBttD,EAAUA,EAAQstD,WAAa,KACjE1uD,KAAK8C,QAAU,IAAIopD,EAAQ9qD,EAAQ0B,SACnC9C,KAAKmB,IAAMC,EAAQD,KAAO,GAC1BnB,KAAKitD,UAAUwB,EACjB,CAlDAP,EAAQrqD,UAAUlB,MAAQ,WACxB,OAAO,IAAIurD,EAAQluD,KAAM,CAACsL,KAAMtL,KAAKktD,WACvC,EAkCAF,EAAKjpD,KAAKmqD,EAAQrqD,WAgBlBmpD,EAAKjpD,KAAKyqD,EAAS3qD,WAEnB2qD,EAAS3qD,UAAUlB,MAAQ,WACzB,OAAO,IAAI6rD,EAASxuD,KAAKktD,UAAW,CAClC/sD,OAAQH,KAAKG,OACbuuD,WAAY1uD,KAAK0uD,WACjB5rD,QAAS,IAAIopD,EAAQlsD,KAAK8C,SAC1B3B,IAAKnB,KAAKmB,KAEd,EAEAqtD,EAASz/C,MAAQ,WACf,IAAI4M,EAAW,IAAI6yC,EAAS,KAAM,CAACruD,OAAQ,EAAGuuD,WAAY,KAE1D,OADA/yC,EAASpW,KAAO,QACToW,CACT,EAEA,IAAIgzC,EAAmB,CAAC,IAAK,IAAK,IAAK,IAAK,KAE5CH,EAASI,SAAW,SAASztD,EAAKhB,GAChC,IAA0C,IAAtCwuD,EAAiB3kD,QAAQ7J,GAC3B,MAAM,IAAI0uD,WAAW,uBAGvB,OAAO,IAAIL,EAAS,KAAM,CAACruD,OAAQA,EAAQ2C,QAAS,CAACuR,SAAUlT,IACjE,EAEA+8C,EAAQgN,aAAertB,EAAKqtB,aAC5B,IACE,IAAIhN,EAAQgN,YACd,CAAE,MAAOtkD,GACPs3C,EAAQgN,aAAe,SAASvzC,EAASrT,GACvCtE,KAAK2X,QAAUA,EACf3X,KAAKsE,KAAOA,EACZ,IAAIyK,EAAQ0D,MAAMkF,GAClB3X,KAAK8uD,MAAQ//C,EAAM+/C,KACrB,EACA5Q,EAAQgN,aAAarnD,UAAYzD,OAAO0/B,OAAOrtB,MAAM5O,WACrDq6C,EAAQgN,aAAarnD,UAAUkrD,YAAc7Q,EAAQgN,YACvD,CAEA,SAAS1vC,EAAMsG,EAAOktC,GACpB,OAAO,IAAItuD,SAAQ,SAASC,EAASI,GACnC,IAAIgiD,EAAU,IAAImL,EAAQpsC,EAAOktC,GAEjC,GAAIjM,EAAQC,QAAUD,EAAQC,OAAOiM,QACnC,OAAOluD,EAAO,IAAIm9C,EAAQgN,aAAa,UAAW,eAGpD,IAAIrkD,EAAM,IAAIqoD,eAEd,SAASC,IACPtoD,EAAIu8C,OACN,CAEAv8C,EAAI2lD,OAAS,WACX,IAxFgB4C,EAChBtsD,EAuFI1B,EAAU,CACZjB,OAAQ0G,EAAI1G,OACZuuD,WAAY7nD,EAAI6nD,WAChB5rD,SA3FcssD,EA2FQvoD,EAAIwoD,yBAA2B,GA1FvDvsD,EAAU,IAAIopD,EAGQkD,EAAWnlD,QAAQ,eAAgB,KACzCkN,MAAM,SAASrN,SAAQ,SAASwlD,GAClD,IAAInU,EAAQmU,EAAKn4C,MAAM,KACnBvT,EAAMu3C,EAAMxyC,QAAQ2lD,OACxB,GAAI1qD,EAAK,CACP,IAAI2F,EAAQ4xC,EAAM9/B,KAAK,KAAKizC,OAC5BxrD,EAAQ0tC,OAAO5sC,EAAK2F,EACtB,CACF,IACOzG,IAgFH1B,EAAQD,IAAM,gBAAiB0F,EAAMA,EAAI0oD,YAAcnuD,EAAQ0B,QAAQlB,IAAI,iBAC3E,IAAI0J,EAAO,aAAczE,EAAMA,EAAI8U,SAAW9U,EAAIsV,aAClDxb,EAAQ,IAAI6tD,EAASljD,EAAMlK,GAC7B,EAEAyF,EAAIk+B,QAAU,WACZhkC,EAAO,IAAI8qD,UAAU,0BACvB,EAEAhlD,EAAI2oD,UAAY,WACdzuD,EAAO,IAAI8qD,UAAU,0BACvB,EAEAhlD,EAAI4oD,QAAU,WACZ1uD,EAAO,IAAIm9C,EAAQgN,aAAa,UAAW,cAC7C,EAEArkD,EAAIi+B,KAAKie,EAAQ/nC,OAAQ+nC,EAAQ5hD,KAAK,GAEV,YAAxB4hD,EAAQrnC,YACV7U,EAAIxF,iBAAkB,EACW,SAAxB0hD,EAAQrnC,cACjB7U,EAAIxF,iBAAkB,GAGpB,iBAAkBwF,GAAOskD,EAAQE,OACnCxkD,EAAIuV,aAAe,QAGrB2mC,EAAQjgD,QAAQgH,SAAQ,SAASP,EAAOjF,GACtCuC,EAAIwW,iBAAiB/Y,EAAMiF,EAC7B,IAEIw5C,EAAQC,SACVD,EAAQC,OAAO7kC,iBAAiB,QAASgxC,GAEzCtoD,EAAI6oD,mBAAqB,WAEA,IAAnB7oD,EAAI8oD,YACN5M,EAAQC,OAAOnjC,oBAAoB,QAASsvC,EAEhD,GAGFtoD,EAAI+oD,UAAkC,IAAtB7M,EAAQmK,UAA4B,KAAOnK,EAAQmK,UACrE,GACF,CAEA1xC,EAAMq0C,UAAW,EAEZhyB,EAAKriB,QACRqiB,EAAKriB,MAAQA,EACbqiB,EAAKquB,QAAUA,EACfruB,EAAKqwB,QAAUA,EACfrwB,EAAK2wB,SAAWA,GAGlBtQ,EAAQgO,QAAUA,EAClBhO,EAAQgQ,QAAUA,EAClBhQ,EAAQsQ,SAAWA,EACnBtQ,EAAQ1iC,MAAQA,EAEhBpb,OAAO+9C,eAAeD,EAAS,aAAc,CAAE30C,OAAO,GAIvD,CAhhBgB,CAghBd,CAAC,EACH,CAnhBD,CAmhBGyhD,GACHA,EAASxvC,MAAMs0C,UAAW,SAEnB9E,EAASxvC,MAAMq0C,SAGtB,IAAIt3B,EAAMyyB,GACV9M,EAAU3lB,EAAI/c,OACd,QAAkB+c,EAAI/c,MACtB0iC,EAAQ1iC,MAAQ+c,EAAI/c,MACpB0iC,EAAQgO,QAAU3zB,EAAI2zB,QACtBhO,EAAQgQ,QAAU31B,EAAI21B,QACtBhQ,EAAQsQ,SAAWj2B,EAAIi2B,SACvBvQ,EAAOC,QAAUA,mBCtiBgDD,EAAOC,QAOhE,WAAe,aAGrB,SAAS79C,EAAQ0pB,GACf,IAAK,IAAI7T,EAAI,EAAGA,EAAIpL,UAAUtH,OAAQ0S,IAAK,CACzC,IAAIxJ,EAAS5B,UAAUoL,GACvB,IAAK,IAAItS,KAAO8I,EACdqd,EAAOnmB,GAAO8I,EAAO9I,EAEzB,CACA,OAAOmmB,CACT,CA2HA,OArGA,SAASilC,EAAMe,EAAWC,GACxB,SAASvmD,EAAK7F,EAAK2F,EAAO0mD,GACxB,GAAwB,oBAAb5kD,SAAX,CAMkC,iBAFlC4kD,EAAa5vD,EAAO,CAAC,EAAG2vD,EAAmBC,IAErBrlD,UACpBqlD,EAAWrlD,QAAU,IAAID,KAAKA,KAAKmC,MAA6B,MAArBmjD,EAAWrlD,UAEpDqlD,EAAWrlD,UACbqlD,EAAWrlD,QAAUqlD,EAAWrlD,QAAQ0wC,eAG1C13C,EAAMwX,mBAAmBxX,GACtBqG,QAAQ,uBAAwBqL,oBAChCrL,QAAQ,QAASsL,QAEpB,IAAI26C,EAAwB,GAC5B,IAAK,IAAIv8B,KAAiBs8B,EACnBA,EAAWt8B,KAIhBu8B,GAAyB,KAAOv8B,GAEE,IAA9Bs8B,EAAWt8B,KAWfu8B,GAAyB,IAAMD,EAAWt8B,GAAexc,MAAM,KAAK,KAGtE,OAAQ9L,SAAS8kD,OACfvsD,EAAM,IAAMmsD,EAAUK,MAAM7mD,EAAO3F,GAAOssD,CAtC5C,CAuCF,CA4BA,OAAO9vD,OAAO0/B,OACZ,CACEr2B,IAAKA,EACL7H,IA7BJ,SAAcgC,GACZ,GAAwB,oBAAbyH,YAA6BP,UAAUtH,QAAWI,GAA7D,CAQA,IAFA,IAAIqb,EAAU5T,SAAS8kD,OAAS9kD,SAAS8kD,OAAOh5C,MAAM,MAAQ,GAC1Dk5C,EAAM,CAAC,EACFn6C,EAAI,EAAGA,EAAI+I,EAAQzb,OAAQ0S,IAAK,CACvC,IAAIilC,EAAQl8B,EAAQ/I,GAAGiB,MAAM,KACzB5N,EAAQ4xC,EAAMzyC,MAAM,GAAG2S,KAAK,KAEhC,IACE,IAAIi1C,EAAWh7C,mBAAmB6lC,EAAM,IAGxC,GAFAkV,EAAIC,GAAYP,EAAUQ,KAAKhnD,EAAO+mD,GAElC1sD,IAAQ0sD,EACV,KAEJ,CAAE,MAAOrrD,GAAI,CACf,CAEA,OAAOrB,EAAMysD,EAAIzsD,GAAOysD,CApBxB,CAqBF,EAMItlD,OAAQ,SAAUnH,EAAKqsD,GACrBxmD,EACE7F,EACA,GACAvD,EAAO,CAAC,EAAG4vD,EAAY,CACrBrlD,SAAU,IAGhB,EACA4lD,eAAgB,SAAUP,GACxB,OAAOjB,EAAKhvD,KAAK+vD,UAAW1vD,EAAO,CAAC,EAAGL,KAAKiwD,WAAYA,GAC1D,EACAQ,cAAe,SAAUV,GACvB,OAAOf,EAAK3uD,EAAO,CAAC,EAAGL,KAAK+vD,UAAWA,GAAY/vD,KAAKiwD,WAC1D,GAEF,CACEA,WAAY,CAAE1mD,MAAOnJ,OAAOswD,OAAOV,IACnCD,UAAW,CAAExmD,MAAOnJ,OAAOswD,OAAOX,KAGxC,CAEUf,CApHa,CACrBuB,KAAM,SAAUhnD,GAId,MAHiB,MAAbA,EAAM,KACRA,EAAQA,EAAMb,MAAM,GAAI,IAEnBa,EAAMU,QAAQ,mBAAoBqL,mBAC3C,EACA86C,MAAO,SAAU7mD,GACf,OAAO6R,mBAAmB7R,GAAOU,QAC/B,2CACAqL,mBAEJ,GAwG+B,CAAE5K,KAAM,KAK1C,CA/IiFimD,qBCHlF,SAASC,IAGT,CAEAA,EAAE/sD,UAAY,CACZgK,GAAI,SAAUvJ,EAAM0pD,EAAUz1B,GAC5B,IAAItzB,EAAIjF,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,GAO7B,OALCA,EAAEX,KAAUW,EAAEX,GAAQ,KAAKb,KAAK,CAC/BiC,GAAIsoD,EACJz1B,IAAKA,IAGAv4B,IACT,EAEA6wD,KAAM,SAAUvsD,EAAM0pD,EAAUz1B,GAC9B,IAAIsF,EAAO79B,KACX,SAASmL,IACP0yB,EAAK9tB,IAAIzL,EAAM6G,GACf6iD,EAASp3C,MAAM2hB,EAAKztB,UACtB,CAGA,OADAK,EAASoE,EAAIy+C,EACNhuD,KAAK6N,GAAGvJ,EAAM6G,EAAUotB,EACjC,EAEAvpB,KAAM,SAAU1K,GAMd,IALA,IAAIrE,EAAO,GAAGyI,MAAM3E,KAAK+G,UAAW,GAChCgmD,IAAW9wD,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,IAAIX,IAAS,IAAIoE,QACjDwN,EAAI,EACJ66C,EAAMD,EAAOttD,OAET0S,EAAI66C,EAAK76C,IACf46C,EAAO56C,GAAGxQ,GAAGkR,MAAMk6C,EAAO56C,GAAGqiB,IAAKt4B,GAGpC,OAAOD,IACT,EAEA+P,IAAK,SAAUzL,EAAM0pD,GACnB,IAAI/oD,EAAIjF,KAAKiF,IAAMjF,KAAKiF,EAAI,CAAC,GACzB+rD,EAAO/rD,EAAEX,GACT2sD,EAAa,GAEjB,GAAID,GAAQhD,EACV,IAAK,IAAI93C,EAAI,EAAG66C,EAAMC,EAAKxtD,OAAQ0S,EAAI66C,EAAK76C,IACtC86C,EAAK96C,GAAGxQ,KAAOsoD,GAAYgD,EAAK96C,GAAGxQ,GAAG6J,IAAMy+C,GAC9CiD,EAAWxtD,KAAKutD,EAAK96C,IAY3B,OAJC+6C,EAAiB,OACdhsD,EAAEX,GAAQ2sD,SACHhsD,EAAEX,GAENtE,IACT,GAGFi+C,EAAOC,QAAU0S,sKCzDjB,IACIM,EAD0F,qBAAjF9wD,OAAOyD,UAAUygC,SAASvgC,KAAwB,oBAAZ6Y,QAA0BA,QAAU,GCRhF,SAAiBlX,GACtBkX,QAAQ/O,GAAG,QAAQ,WACjB,OAAOnI,GACT,IAQAkX,QAAQ/O,GAAG,cAAc,WACvB,OAAOnI,IAAKxE,MAAK,WACf,OAAO0b,QAAQu0C,MACjB,GACF,IAEAv0C,QAAQ/O,GAAG,UAAU,WACnB,OAAOnI,IAAKxE,MAAK,WACf,OAAO0b,QAAQu0C,MACjB,GACF,IAEAv0C,QAAQ/O,GAAG,qBAAqB,SAAUjH,GACxC,OAAOlB,IAAKxE,MAAK,WACfq5C,QAAQ6W,MAAMxqD,GACdgW,QAAQu0C,KAAK,IACf,GACF,GACF,EC3BO,SAAoBzrD,GACzB,GAAiC,mBAAtB2rD,mBAAoCxzB,gBAAgBwzB,kBAAmB,CAOhF,IAAIC,EAAWzzB,KAAKppB,MAAM3S,KAAK+7B,MAC/BA,KAAKppB,MAAQ,WAEX,OADA/O,IACO4rD,GACT,CACF,KAAO,CAKL,GAAuC,mBAA5BxoD,OAAOqV,iBAChB,OAMFrV,OAAOqV,iBAAiB,gBAAgB,WACtCzY,GACF,IAAG,GAMHoD,OAAOqV,iBAAiB,UAAU,WAChCzY,GACF,IAAG,EACL,CAMF,EFlCI6rD,EAAY,IAAIzS,IAChB0S,GAAmB,EAQhB,SAASvS,EAAIv5C,GAElB,GARI8rD,IAGJA,GAAmB,EACnBN,EAAWO,IAIO,mBAAP/rD,EACT,MAAM,IAAI+M,MAAM,2BAYlB,OAVA8+C,EAAUtS,IAAIv5C,GACE,CACdqF,OAAQ,WACN,OAAOwmD,EAAkB,OAAE7rD,EAC7B,EACA0b,IAAK,WAEH,OADAmwC,EAAkB,OAAE7rD,GACbA,GACT,EAGJ,CACO,SAAS+rD,IACd,IAAIC,EAAW,GAKf,OAJAH,EAAUznD,SAAQ,SAAUpE,GAC1BgsD,EAASjuD,KAAKiC,KACd6rD,EAAkB,OAAE7rD,EACtB,IACOhF,QAAQmgD,IAAI6Q,EACrB,CACO,SAASC,IACdJ,EAAU17B,OACZ,CACO,SAAS+7B,IACd,OAAOL,EAAUM,IACnB,oBG5CA5T,EAAOC,QALP,SAA2B/oB,EAAGsgB,IAC3B,MAAQA,GAAKA,EAAItgB,EAAE3xB,UAAYiyC,EAAItgB,EAAE3xB,QACtC,IAAK,IAAIyB,EAAI,EAAGmhC,EAAIjjC,MAAMsyC,GAAIxwC,EAAIwwC,EAAGxwC,IAAKmhC,EAAEnhC,GAAKkwB,EAAElwB,GACnD,OAAOmhC,CACT,EACoC6X,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCFzGD,EAAOC,QAHP,SAAyB/oB,GACvB,GAAIhyB,MAAMC,QAAQ+xB,GAAI,OAAOA,CAC/B,EACkC8oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCHvG,IAAI6T,EAAmB,EAAQ,MAI/B9T,EAAOC,QAHP,SAA4B/oB,GAC1B,GAAIhyB,MAAMC,QAAQ+xB,GAAI,OAAO48B,EAAiB58B,EAChD,EACqC8oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCA1GD,EAAOC,QAJP,SAAgCj5C,GAC9B,QAAI,IAAWA,EAAG,MAAM,IAAI+sD,eAAe,6DAC3C,OAAO/sD,CACT,EACyCg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCJ9G,SAAS+T,EAAmB7rB,EAAG8rB,EAAGjtD,EAAGkwB,EAAG7xB,EAAGmyC,EAAGzgC,GAC5C,IACE,IAAIkB,EAAIkwB,EAAEqP,GAAGzgC,GACXm9C,EAAIj8C,EAAE3M,KACV,CAAE,MAAO68B,GACP,YAAYnhC,EAAEmhC,EAChB,CACAlwB,EAAE+1C,KAAOiG,EAAEC,GAAKzxD,QAAQC,QAAQwxD,GAAGjxD,KAAKi0B,EAAG7xB,EAC7C,CAiBA26C,EAAOC,QAhBP,SAA2B9X,GACzB,OAAO,WACL,IAAI8rB,EAAIlyD,KACNiF,EAAI6F,UACN,OAAO,IAAIpK,SAAQ,SAAUy0B,EAAG7xB,GAC9B,IAAImyC,EAAIrP,EAAExvB,MAAMs7C,EAAGjtD,GACnB,SAASmtD,EAAMhsB,GACb6rB,EAAmBxc,EAAGtgB,EAAG7xB,EAAG8uD,EAAOC,EAAQ,OAAQjsB,EACrD,CACA,SAASisB,EAAOjsB,GACd6rB,EAAmBxc,EAAGtgB,EAAG7xB,EAAG8uD,EAAOC,EAAQ,QAASjsB,EACtD,CACAgsB,OAAM,EACR,GACF,CACF,EACoCnU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCtBzGD,EAAOC,QAHP,SAAyBzI,EAAGrP,GAC1B,KAAMqP,aAAarP,GAAI,MAAM,IAAIylB,UAAU,oCAC7C,EACkC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCHvG,IAAIoU,EAA2B,EAAQ,MACnCp6C,EAAiB,EAAQ,MAQ7B+lC,EAAOC,QAPP,SAAoBgU,EAAGjtD,EAAGkwB,GACxB,GAAIm9B,IAA4B,OAAOC,QAAQC,UAAU57C,MAAM,KAAM9L,WACrE,IAAIxH,EAAI,CAAC,MACTA,EAAEG,KAAKmT,MAAMtT,EAAG2B,GAChB,IAAIi3C,EAAI,IAAKgW,EAAEpwD,KAAK8U,MAAMs7C,EAAG5uD,IAC7B,OAAO6xB,GAAKjd,EAAegkC,EAAG/mB,EAAEtxB,WAAYq4C,CAC9C,EAC6B+B,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTlG,IAAIuU,EAAgB,EAAQ,MAC5B,SAASC,EAAkBztD,EAAGkwB,GAC5B,IAAK,IAAI+8B,EAAI,EAAGA,EAAI/8B,EAAE3xB,OAAQ0uD,IAAK,CACjC,IAAI5uD,EAAI6xB,EAAE+8B,GACV5uD,EAAE29C,WAAa39C,EAAE29C,aAAc,EAAI39C,EAAEqvD,cAAe,EAAI,UAAWrvD,IAAMA,EAAEsvD,UAAW,GAAKxyD,OAAO+9C,eAAel5C,EAAGwtD,EAAcnvD,EAAEM,KAAMN,EAC5I,CACF,CAMA26C,EAAOC,QALP,SAAsBj5C,EAAGkwB,EAAG+8B,GAC1B,OAAO/8B,GAAKu9B,EAAkBztD,EAAEpB,UAAWsxB,GAAI+8B,GAAKQ,EAAkBztD,EAAGitD,GAAI9xD,OAAO+9C,eAAel5C,EAAG,YAAa,CACjH2tD,UAAU,IACR3tD,CACN,EAC+Bg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCZpG,IAAIuU,EAAgB,EAAQ,MAS5BxU,EAAOC,QARP,SAAyBj5C,EAAGkwB,EAAG+8B,GAC7B,OAAQ/8B,EAAIs9B,EAAct9B,MAAOlwB,EAAI7E,OAAO+9C,eAAel5C,EAAGkwB,EAAG,CAC/D5rB,MAAO2oD,EACPjR,YAAY,EACZ0R,cAAc,EACdC,UAAU,IACP3tD,EAAEkwB,GAAK+8B,EAAGjtD,CACjB,EACkCg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTvG,IAAI2U,EAAgB,EAAQ,MAC5B,SAASC,IACP,OAAO7U,EAAOC,QAAU4U,EAAO,oBAAsBP,SAAWA,QAAQ3wD,IAAM2wD,QAAQ3wD,IAAIE,OAAS,SAAUmD,EAAGitD,EAAG/8B,GACjH,IAAI+mB,EAAI2W,EAAc5tD,EAAGitD,GACzB,GAAIhW,EAAG,CACL,IAAI9V,EAAIhmC,OAAO2yD,yBAAyB7W,EAAGgW,GAC3C,OAAO9rB,EAAExkC,IAAMwkC,EAAExkC,IAAImC,KAAK+G,UAAUtH,OAAS,EAAIyB,EAAIkwB,GAAKiR,EAAE78B,KAC9D,CACF,EAAG00C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS4U,EAAKl8C,MAAM,KAAM9L,UACpG,CACAmzC,EAAOC,QAAU4U,EAAM7U,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCV5F,SAAS8U,EAAgBd,GACvB,OAAOjU,EAAOC,QAAU8U,EAAkB5yD,OAAO8X,eAAiB9X,OAAO6yD,eAAenxD,OAAS,SAAUowD,GACzG,OAAOA,EAAEgB,WAAa9yD,OAAO6yD,eAAef,EAC9C,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS8U,EAAgBd,EACnG,CACAjU,EAAOC,QAAU8U,EAAiB/U,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCLvG,IAAIhmC,EAAiB,EAAQ,MAa7B+lC,EAAOC,QAZP,SAAmBgU,EAAGjtD,GACpB,GAAI,mBAAqBA,GAAK,OAASA,EAAG,MAAM,IAAI4mD,UAAU,sDAC9DqG,EAAEruD,UAAYzD,OAAO0/B,OAAO76B,GAAKA,EAAEpB,UAAW,CAC5CkrD,YAAa,CACXxlD,MAAO2oD,EACPU,UAAU,EACVD,cAAc,KAEdvyD,OAAO+9C,eAAe+T,EAAG,YAAa,CACxCU,UAAU,IACR3tD,GAAKiT,EAAeg6C,EAAGjtD,EAC7B,EAC4Bg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCRjGD,EAAOC,QALP,SAAgCj5C,GAC9B,OAAOA,GAAKA,EAAE6sD,WAAa7sD,EAAI,CAC7B,QAAWA,EAEf,EACyCg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCE9GD,EAAOC,QAPP,SAA2BgU,GACzB,IACE,OAAQ,IAAMiB,SAAS7uB,SAASvgC,KAAKmuD,GAAGloD,QAAQ,gBAClD,CAAE,MAAOo8B,GACP,MAAO,mBAAqB8rB,CAC9B,CACF,EACoCjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCPzG,SAASkV,IACP,IACE,IAAIlB,GAAKp+B,QAAQjwB,UAAUwvD,QAAQtvD,KAAKwuD,QAAQC,UAAU1+B,QAAS,IAAI,WAAa,IACtF,CAAE,MAAOo+B,GAAI,CACb,OAAQjU,EAAOC,QAAUkV,EAA4B,WACnD,QAASlB,CACX,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,UAC1E,CACAD,EAAOC,QAAUkV,EAA2BnV,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCLjHD,EAAOC,QAHP,SAA0B/oB,GACxB,GAAI,oBAAsB2nB,QAAU,MAAQ3nB,EAAE2nB,OAAOD,WAAa,MAAQ1nB,EAAE,cAAe,OAAOhyB,MAAM2R,KAAKqgB,EAC/G,EACmC8oB,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCwBxGD,EAAOC,QA3BP,SAA+B/oB,EAAGm+B,GAChC,IAAIpB,EAAI,MAAQ/8B,EAAI,KAAO,oBAAsB2nB,QAAU3nB,EAAE2nB,OAAOD,WAAa1nB,EAAE,cACnF,GAAI,MAAQ+8B,EAAG,CACb,IAAIjtD,EACFmhC,EACAlwB,EACAi8C,EACA1c,EAAI,GACJ8d,GAAI,EACJjwD,GAAI,EACN,IACE,GAAI4S,GAAKg8C,EAAIA,EAAEnuD,KAAKoxB,IAAI4nB,KAAM,IAAMuW,EAAG,CACrC,GAAIlzD,OAAO8xD,KAAOA,EAAG,OACrBqB,GAAI,CACN,MAAO,OAASA,GAAKtuD,EAAIiR,EAAEnS,KAAKmuD,IAAIjG,QAAUxW,EAAEhyC,KAAKwB,EAAEsE,OAAQksC,EAAEjyC,SAAW8vD,GAAIC,GAAI,GACtF,CAAE,MAAOp+B,GACP7xB,GAAI,EAAI8iC,EAAIjR,CACd,CAAE,QACA,IACE,IAAKo+B,GAAK,MAAQrB,EAAU,SAAMC,EAAID,EAAU,SAAK9xD,OAAO+xD,KAAOA,GAAI,MACzE,CAAE,QACA,GAAI7uD,EAAG,MAAM8iC,CACf,CACF,CACA,OAAOqP,CACT,CACF,EACwCwI,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCxB7GD,EAAOC,QAHP,WACE,MAAM,IAAI2N,UAAU,4IACtB,EACmC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCAxGD,EAAOC,QAHP,WACE,MAAM,IAAI2N,UAAU,uIACtB,EACqC5N,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,6BCH1G,IAAIsV,EAA+B,EAAQ,MAY3CvV,EAAOC,QAXP,SAAkCj5C,EAAGitD,GACnC,GAAI,MAAQjtD,EAAG,MAAO,CAAC,EACvB,IAAI3B,EACF6xB,EACAjf,EAAIs9C,EAA6BvuD,EAAGitD,GACtC,GAAI9xD,OAAOqzD,sBAAuB,CAChC,IAAIrtB,EAAIhmC,OAAOqzD,sBAAsBxuD,GACrC,IAAKkwB,EAAI,EAAGA,EAAIiR,EAAE5iC,OAAQ2xB,IAAK7xB,EAAI8iC,EAAEjR,IAAK,IAAM+8B,EAAEloD,QAAQ1G,IAAM,CAAC,EAAEowD,qBAAqB3vD,KAAKkB,EAAG3B,KAAO4S,EAAE5S,GAAK2B,EAAE3B,GAClH,CACA,OAAO4S,CACT,EAC2C+nC,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCHhHD,EAAOC,QATP,SAAuC/oB,EAAGlwB,GACxC,GAAI,MAAQkwB,EAAG,MAAO,CAAC,EACvB,IAAI+8B,EAAI,CAAC,EACT,IAAK,IAAI9rB,KAAKjR,EAAG,GAAI,CAAC,EAAErxB,eAAeC,KAAKoxB,EAAGiR,GAAI,CACjD,IAAK,IAAMnhC,EAAE+E,QAAQo8B,GAAI,SACzB8rB,EAAE9rB,GAAKjR,EAAEiR,EACX,CACA,OAAO8rB,CACT,EACgDjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCTrH,IAAIyV,EAAU,gBACVC,EAAwB,EAAQ,MAMpC3V,EAAOC,QALP,SAAoCgU,EAAGjtD,GACrC,GAAIA,IAAM,UAAY0uD,EAAQ1uD,IAAM,mBAAqBA,GAAI,OAAOA,EACpE,QAAI,IAAWA,EAAG,MAAM,IAAI4mD,UAAU,4DACtC,OAAO+H,EAAsB1B,EAC/B,EAC6CjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCPlH,IAAIyV,EAAU,gBACd,SAASE,IACP,aACA5V,EAAOC,QAAU2V,EAAsB,WACrC,OAAO5uD,CACT,EAAGg5C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QACxE,IAAIgU,EACFjtD,EAAI,CAAC,EACLkwB,EAAI/0B,OAAOyD,UACXuiC,EAAIjR,EAAErxB,eACNR,EAAIlD,OAAO+9C,gBAAkB,SAAU+T,EAAGjtD,EAAGkwB,GAC3C+8B,EAAEjtD,GAAKkwB,EAAE5rB,KACX,EACA2M,EAAI,mBAAqB4mC,OAASA,OAAS,CAAC,EAC5CrH,EAAIv/B,EAAE2mC,UAAY,aAClB7nC,EAAIkB,EAAE49C,eAAiB,kBACvB3B,EAAIj8C,EAAE69C,aAAe,gBACvB,SAASC,EAAO9B,EAAGjtD,EAAGkwB,GACpB,OAAO/0B,OAAO+9C,eAAe+T,EAAGjtD,EAAG,CACjCsE,MAAO4rB,EACP8rB,YAAY,EACZ0R,cAAc,EACdC,UAAU,IACRV,EAAEjtD,EACR,CACA,IACE+uD,EAAO,CAAC,EAAG,GACb,CAAE,MAAO9B,GACP8B,EAAS,SAAgB9B,EAAGjtD,EAAGkwB,GAC7B,OAAO+8B,EAAEjtD,GAAKkwB,CAChB,CACF,CACA,SAAS8+B,EAAK/B,EAAGjtD,EAAGkwB,EAAGiR,GACrB,IAAIlwB,EAAIjR,GAAKA,EAAEpB,qBAAqBqwD,EAAYjvD,EAAIivD,EAClDze,EAAIr1C,OAAO0/B,OAAO5pB,EAAErS,WACpBmR,EAAI,IAAIm/C,EAAQ/tB,GAAK,IACvB,OAAO9iC,EAAEmyC,EAAG,UAAW,CACrBlsC,MAAO6qD,EAAiBlC,EAAG/8B,EAAGngB,KAC5BygC,CACN,CACA,SAAS4e,EAASnC,EAAGjtD,EAAGkwB,GACtB,IACE,MAAO,CACL5vB,KAAM,SACN+uD,IAAKpC,EAAEnuD,KAAKkB,EAAGkwB,GAEnB,CAAE,MAAO+8B,GACP,MAAO,CACL3sD,KAAM,QACN+uD,IAAKpC,EAET,CACF,CACAjtD,EAAEgvD,KAAOA,EACT,IAAIM,EAAI,iBACNjB,EAAI,iBACJC,EAAI,YACJ59C,EAAI,YACJ2wB,EAAI,CAAC,EACP,SAAS4tB,IAAa,CACtB,SAASM,IAAqB,CAC9B,SAASC,IAA8B,CACvC,IAAIvY,EAAI,CAAC,EACT8X,EAAO9X,EAAGzG,GAAG,WACX,OAAOz1C,IACT,IACA,IAAI00D,EAAIt0D,OAAO6yD,eACb5uB,EAAIqwB,GAAKA,EAAEA,EAAEljD,EAAO,MACtB6yB,GAAKA,IAAMlP,GAAKiR,EAAEriC,KAAKsgC,EAAGoR,KAAOyG,EAAI7X,GACrC,IAAIswB,EAAIF,EAA2B5wD,UAAYqwD,EAAUrwD,UAAYzD,OAAO0/B,OAAOoc,GACnF,SAAS0Y,EAAsB1C,GAC7B,CAAC,OAAQ,QAAS,UAAUpoD,SAAQ,SAAU7E,GAC5C+uD,EAAO9B,EAAGjtD,GAAG,SAAUitD,GACrB,OAAOlyD,KAAK60D,QAAQ5vD,EAAGitD,EACzB,GACF,GACF,CACA,SAAS4C,EAAc5C,EAAGjtD,GACxB,SAAS8vD,EAAO5/B,EAAG7xB,EAAG4S,EAAGu/B,GACvB,IAAIzgC,EAAIq/C,EAASnC,EAAE/8B,GAAI+8B,EAAG5uD,GAC1B,GAAI,UAAY0R,EAAEzP,KAAM,CACtB,IAAI4sD,EAAIn9C,EAAEs/C,IACRC,EAAIpC,EAAE5oD,MACR,OAAOgrD,GAAK,UAAYZ,EAAQY,IAAMnuB,EAAEriC,KAAKwwD,EAAG,WAAatvD,EAAEtE,QAAQ4zD,EAAES,SAAS9zD,MAAK,SAAUgxD,GAC/F6C,EAAO,OAAQ7C,EAAGh8C,EAAGu/B,EACvB,IAAG,SAAUyc,GACX6C,EAAO,QAAS7C,EAAGh8C,EAAGu/B,EACxB,IAAKxwC,EAAEtE,QAAQ4zD,GAAGrzD,MAAK,SAAUgxD,GAC/BC,EAAE5oD,MAAQ2oD,EAAGh8C,EAAEi8C,EACjB,IAAG,SAAUD,GACX,OAAO6C,EAAO,QAAS7C,EAAGh8C,EAAGu/B,EAC/B,GACF,CACAA,EAAEzgC,EAAEs/C,IACN,CACA,IAAIn/B,EACJ7xB,EAAEtD,KAAM,UAAW,CACjBuJ,MAAO,SAAe2oD,EAAG9rB,GACvB,SAAS6uB,IACP,OAAO,IAAIhwD,GAAE,SAAUA,EAAGkwB,GACxB4/B,EAAO7C,EAAG9rB,EAAGnhC,EAAGkwB,EAClB,GACF,CACA,OAAOA,EAAIA,EAAIA,EAAEj0B,KAAK+zD,EAA4BA,GAA8BA,GAClF,GAEJ,CACA,SAASb,EAAiBnvD,EAAGkwB,EAAGiR,GAC9B,IAAI9iC,EAAIixD,EACR,OAAO,SAAUr+C,EAAGu/B,GAClB,GAAInyC,IAAMiwD,EAAG,MAAM9gD,MAAM,gCACzB,GAAInP,IAAMqS,EAAG,CACX,GAAI,UAAYO,EAAG,MAAMu/B,EACzB,MAAO,CACLlsC,MAAO2oD,EACPjG,MAAM,EAEV,CACA,IAAK7lB,EAAEprB,OAAS9E,EAAGkwB,EAAEkuB,IAAM7e,IAAK,CAC9B,IAAIzgC,EAAIoxB,EAAE8uB,SACV,GAAIlgD,EAAG,CACL,IAAIm9C,EAAIgD,EAAoBngD,EAAGoxB,GAC/B,GAAI+rB,EAAG,CACL,GAAIA,IAAM7rB,EAAG,SACb,OAAO6rB,CACT,CACF,CACA,GAAI,SAAW/rB,EAAEprB,OAAQorB,EAAEgvB,KAAOhvB,EAAEivB,MAAQjvB,EAAEkuB,SAAS,GAAI,UAAYluB,EAAEprB,OAAQ,CAC/E,GAAI1X,IAAMixD,EAAG,MAAMjxD,EAAIqS,EAAGywB,EAAEkuB,IAC5BluB,EAAEkvB,kBAAkBlvB,EAAEkuB,IACxB,KAAO,WAAaluB,EAAEprB,QAAUorB,EAAEmvB,OAAO,SAAUnvB,EAAEkuB,KACrDhxD,EAAIiwD,EACJ,IAAIrX,EAAImY,EAASpvD,EAAGkwB,EAAGiR,GACvB,GAAI,WAAa8V,EAAE32C,KAAM,CACvB,GAAIjC,EAAI8iC,EAAE6lB,KAAOt2C,EAAI29C,EAAGpX,EAAEoY,MAAQhuB,EAAG,SACrC,MAAO,CACL/8B,MAAO2yC,EAAEoY,IACTrI,KAAM7lB,EAAE6lB,KAEZ,CACA,UAAY/P,EAAE32C,OAASjC,EAAIqS,EAAGywB,EAAEprB,OAAS,QAASorB,EAAEkuB,IAAMpY,EAAEoY,IAC9D,CACF,CACF,CACA,SAASa,EAAoBlwD,EAAGkwB,GAC9B,IAAIiR,EAAIjR,EAAEna,OACR1X,EAAI2B,EAAE43C,SAASzW,GACjB,GAAI9iC,IAAM4uD,EAAG,OAAO/8B,EAAE+/B,SAAW,KAAM,UAAY9uB,GAAKnhC,EAAE43C,SAAiB,SAAM1nB,EAAEna,OAAS,SAAUma,EAAEm/B,IAAMpC,EAAGiD,EAAoBlwD,EAAGkwB,GAAI,UAAYA,EAAEna,SAAW,WAAaorB,IAAMjR,EAAEna,OAAS,QAASma,EAAEm/B,IAAM,IAAIzI,UAAU,oCAAsCzlB,EAAI,aAAcE,EAC1R,IAAIpwB,EAAIm+C,EAAS/wD,EAAG2B,EAAE43C,SAAU1nB,EAAEm/B,KAClC,GAAI,UAAYp+C,EAAE3Q,KAAM,OAAO4vB,EAAEna,OAAS,QAASma,EAAEm/B,IAAMp+C,EAAEo+C,IAAKn/B,EAAE+/B,SAAW,KAAM5uB,EACrF,IAAImP,EAAIv/B,EAAEo+C,IACV,OAAO7e,EAAIA,EAAEwW,MAAQ92B,EAAElwB,EAAEuwD,YAAc/f,EAAElsC,MAAO4rB,EAAE4nB,KAAO93C,EAAEwwD,QAAS,WAAatgC,EAAEna,SAAWma,EAAEna,OAAS,OAAQma,EAAEm/B,IAAMpC,GAAI/8B,EAAE+/B,SAAW,KAAM5uB,GAAKmP,GAAKtgB,EAAEna,OAAS,QAASma,EAAEm/B,IAAM,IAAIzI,UAAU,oCAAqC12B,EAAE+/B,SAAW,KAAM5uB,EAC9P,CACA,SAASovB,EAAaxD,GACpB,IAAIjtD,EAAI,CACN0wD,OAAQzD,EAAE,IAEZ,KAAKA,IAAMjtD,EAAE2wD,SAAW1D,EAAE,IAAK,KAAKA,IAAMjtD,EAAE4wD,WAAa3D,EAAE,GAAIjtD,EAAE6wD,SAAW5D,EAAE,IAAKlyD,KAAK+1D,WAAWtyD,KAAKwB,EAC1G,CACA,SAAS+wD,EAAc9D,GACrB,IAAIjtD,EAAIitD,EAAE+D,YAAc,CAAC,EACzBhxD,EAAEM,KAAO,gBAAiBN,EAAEqvD,IAAKpC,EAAE+D,WAAahxD,CAClD,CACA,SAASkvD,EAAQjC,GACflyD,KAAK+1D,WAAa,CAAC,CACjBJ,OAAQ,SACNzD,EAAEpoD,QAAQ4rD,EAAc11D,MAAOA,KAAKk2D,OAAM,EAChD,CACA,SAAS1kD,EAAOvM,GACd,GAAIA,GAAK,KAAOA,EAAG,CACjB,IAAIkwB,EAAIlwB,EAAEwwC,GACV,GAAItgB,EAAG,OAAOA,EAAEpxB,KAAKkB,GACrB,GAAI,mBAAqBA,EAAE83C,KAAM,OAAO93C,EACxC,IAAKkxD,MAAMlxD,EAAEzB,QAAS,CACpB,IAAIF,GAAK,EACP4S,EAAI,SAAS6mC,IACX,OAASz5C,EAAI2B,EAAEzB,QAAS,GAAI4iC,EAAEriC,KAAKkB,EAAG3B,GAAI,OAAOy5C,EAAKxzC,MAAQtE,EAAE3B,GAAIy5C,EAAKkP,MAAO,EAAIlP,EACpF,OAAOA,EAAKxzC,MAAQ2oD,EAAGnV,EAAKkP,MAAO,EAAIlP,CACzC,EACF,OAAO7mC,EAAE6mC,KAAO7mC,CAClB,CACF,CACA,MAAM,IAAI21C,UAAU8H,EAAQ1uD,GAAK,mBACnC,CACA,OAAOuvD,EAAkB3wD,UAAY4wD,EAA4BnxD,EAAEqxD,EAAG,cAAe,CACnFprD,MAAOkrD,EACP9B,cAAc,IACZrvD,EAAEmxD,EAA4B,cAAe,CAC/ClrD,MAAOirD,EACP7B,cAAc,IACZ6B,EAAkB35B,YAAcm5B,EAAOS,EAA4BtC,EAAG,qBAAsBltD,EAAEmxD,oBAAsB,SAAUlE,GAChI,IAAIjtD,EAAI,mBAAqBitD,GAAKA,EAAEnD,YACpC,QAAS9pD,IAAMA,IAAMuvD,GAAqB,uBAAyBvvD,EAAE41B,aAAe51B,EAAEX,MACxF,EAAGW,EAAEoxD,KAAO,SAAUnE,GACpB,OAAO9xD,OAAO8X,eAAiB9X,OAAO8X,eAAeg6C,EAAGuC,IAA+BvC,EAAEgB,UAAYuB,EAA4BT,EAAO9B,EAAGC,EAAG,sBAAuBD,EAAEruD,UAAYzD,OAAO0/B,OAAO60B,GAAIzC,CACvM,EAAGjtD,EAAEqxD,MAAQ,SAAUpE,GACrB,MAAO,CACL8C,QAAS9C,EAEb,EAAG0C,EAAsBE,EAAcjxD,WAAYmwD,EAAOc,EAAcjxD,UAAWmR,GAAG,WACpF,OAAOhV,IACT,IAAIiF,EAAE6vD,cAAgBA,EAAe7vD,EAAEsxD,MAAQ,SAAUrE,EAAG/8B,EAAGiR,EAAG9iC,EAAG4S,QACnE,IAAWA,IAAMA,EAAIxV,SACrB,IAAI+0C,EAAI,IAAIqf,EAAcb,EAAK/B,EAAG/8B,EAAGiR,EAAG9iC,GAAI4S,GAC5C,OAAOjR,EAAEmxD,oBAAoBjhC,GAAKsgB,EAAIA,EAAEsH,OAAO77C,MAAK,SAAUgxD,GAC5D,OAAOA,EAAEjG,KAAOiG,EAAE3oD,MAAQksC,EAAEsH,MAC9B,GACF,EAAG6X,EAAsBD,GAAIX,EAAOW,EAAGxC,EAAG,aAAc6B,EAAOW,EAAGlf,GAAG,WACnE,OAAOz1C,IACT,IAAIg0D,EAAOW,EAAG,YAAY,WACxB,MAAO,oBACT,IAAI1vD,EAAE4E,KAAO,SAAUqoD,GACrB,IAAIjtD,EAAI7E,OAAO8xD,GACb/8B,EAAI,GACN,IAAK,IAAIiR,KAAKnhC,EAAGkwB,EAAE1xB,KAAK2iC,GACxB,OAAOjR,EAAEqhC,UAAW,SAASzZ,IAC3B,KAAO5nB,EAAE3xB,QAAS,CAChB,IAAI0uD,EAAI/8B,EAAE4lB,MACV,GAAImX,KAAKjtD,EAAG,OAAO83C,EAAKxzC,MAAQ2oD,EAAGnV,EAAKkP,MAAO,EAAIlP,CACrD,CACA,OAAOA,EAAKkP,MAAO,EAAIlP,CACzB,CACF,EAAG93C,EAAEuM,OAASA,EAAQ2iD,EAAQtwD,UAAY,CACxCkrD,YAAaoF,EACb+B,MAAO,SAAejxD,GACpB,GAAIjF,KAAKy2D,KAAO,EAAGz2D,KAAK+8C,KAAO,EAAG/8C,KAAKo1D,KAAOp1D,KAAKq1D,MAAQnD,EAAGlyD,KAAKisD,MAAO,EAAIjsD,KAAKk1D,SAAW,KAAMl1D,KAAKgb,OAAS,OAAQhb,KAAKs0D,IAAMpC,EAAGlyD,KAAK+1D,WAAWjsD,QAAQksD,IAAiB/wD,EAAG,IAAK,IAAIkwB,KAAKn1B,KAAM,MAAQm1B,EAAEE,OAAO,IAAM+Q,EAAEriC,KAAK/D,KAAMm1B,KAAOghC,OAAOhhC,EAAEzsB,MAAM,MAAQ1I,KAAKm1B,GAAK+8B,EACtR,EACAjgD,KAAM,WACJjS,KAAKisD,MAAO,EACZ,IAAIiG,EAAIlyD,KAAK+1D,WAAW,GAAGE,WAC3B,GAAI,UAAY/D,EAAE3sD,KAAM,MAAM2sD,EAAEoC,IAChC,OAAOt0D,KAAK02D,IACd,EACApB,kBAAmB,SAA2BrwD,GAC5C,GAAIjF,KAAKisD,KAAM,MAAMhnD,EACrB,IAAIkwB,EAAIn1B,KACR,SAAS22D,EAAOvwB,EAAG9iC,GACjB,OAAOmyC,EAAElwC,KAAO,QAASkwC,EAAE6e,IAAMrvD,EAAGkwB,EAAE4nB,KAAO3W,EAAG9iC,IAAM6xB,EAAEna,OAAS,OAAQma,EAAEm/B,IAAMpC,KAAM5uD,CACzF,CACA,IAAK,IAAIA,EAAItD,KAAK+1D,WAAWvyD,OAAS,EAAGF,GAAK,IAAKA,EAAG,CACpD,IAAI4S,EAAIlW,KAAK+1D,WAAWzyD,GACtBmyC,EAAIv/B,EAAE+/C,WACR,GAAI,SAAW//C,EAAEy/C,OAAQ,OAAOgB,EAAO,OACvC,GAAIzgD,EAAEy/C,QAAU31D,KAAKy2D,KAAM,CACzB,IAAIzhD,EAAIoxB,EAAEriC,KAAKmS,EAAG,YAChBi8C,EAAI/rB,EAAEriC,KAAKmS,EAAG,cAChB,GAAIlB,GAAKm9C,EAAG,CACV,GAAInyD,KAAKy2D,KAAOvgD,EAAE0/C,SAAU,OAAOe,EAAOzgD,EAAE0/C,UAAU,GACtD,GAAI51D,KAAKy2D,KAAOvgD,EAAE2/C,WAAY,OAAOc,EAAOzgD,EAAE2/C,WAChD,MAAO,GAAI7gD,GACT,GAAIhV,KAAKy2D,KAAOvgD,EAAE0/C,SAAU,OAAOe,EAAOzgD,EAAE0/C,UAAU,OACjD,CACL,IAAKzD,EAAG,MAAM1/C,MAAM,0CACpB,GAAIzS,KAAKy2D,KAAOvgD,EAAE2/C,WAAY,OAAOc,EAAOzgD,EAAE2/C,WAChD,CACF,CACF,CACF,EACAN,OAAQ,SAAgBrD,EAAGjtD,GACzB,IAAK,IAAIkwB,EAAIn1B,KAAK+1D,WAAWvyD,OAAS,EAAG2xB,GAAK,IAAKA,EAAG,CACpD,IAAI7xB,EAAItD,KAAK+1D,WAAW5gC,GACxB,GAAI7xB,EAAEqyD,QAAU31D,KAAKy2D,MAAQrwB,EAAEriC,KAAKT,EAAG,eAAiBtD,KAAKy2D,KAAOnzD,EAAEuyD,WAAY,CAChF,IAAI3/C,EAAI5S,EACR,KACF,CACF,CACA4S,IAAM,UAAYg8C,GAAK,aAAeA,IAAMh8C,EAAEy/C,QAAU1wD,GAAKA,GAAKiR,EAAE2/C,aAAe3/C,EAAI,MACvF,IAAIu/B,EAAIv/B,EAAIA,EAAE+/C,WAAa,CAAC,EAC5B,OAAOxgB,EAAElwC,KAAO2sD,EAAGzc,EAAE6e,IAAMrvD,EAAGiR,GAAKlW,KAAKgb,OAAS,OAAQhb,KAAK+8C,KAAO7mC,EAAE2/C,WAAYvvB,GAAKtmC,KAAK42D,SAASnhB,EACxG,EACAmhB,SAAU,SAAkB1E,EAAGjtD,GAC7B,GAAI,UAAYitD,EAAE3sD,KAAM,MAAM2sD,EAAEoC,IAChC,MAAO,UAAYpC,EAAE3sD,MAAQ,aAAe2sD,EAAE3sD,KAAOvF,KAAK+8C,KAAOmV,EAAEoC,IAAM,WAAapC,EAAE3sD,MAAQvF,KAAK02D,KAAO12D,KAAKs0D,IAAMpC,EAAEoC,IAAKt0D,KAAKgb,OAAS,SAAUhb,KAAK+8C,KAAO,OAAS,WAAamV,EAAE3sD,MAAQN,IAAMjF,KAAK+8C,KAAO93C,GAAIqhC,CAC1N,EACAse,OAAQ,SAAgBsN,GACtB,IAAK,IAAIjtD,EAAIjF,KAAK+1D,WAAWvyD,OAAS,EAAGyB,GAAK,IAAKA,EAAG,CACpD,IAAIkwB,EAAIn1B,KAAK+1D,WAAW9wD,GACxB,GAAIkwB,EAAE0gC,aAAe3D,EAAG,OAAOlyD,KAAK42D,SAASzhC,EAAE8gC,WAAY9gC,EAAE2gC,UAAWE,EAAc7gC,GAAImR,CAC5F,CACF,EACA,MAAS,SAAgB4rB,GACvB,IAAK,IAAIjtD,EAAIjF,KAAK+1D,WAAWvyD,OAAS,EAAGyB,GAAK,IAAKA,EAAG,CACpD,IAAIkwB,EAAIn1B,KAAK+1D,WAAW9wD,GACxB,GAAIkwB,EAAEwgC,SAAWzD,EAAG,CAClB,IAAI9rB,EAAIjR,EAAE8gC,WACV,GAAI,UAAY7vB,EAAE7gC,KAAM,CACtB,IAAIjC,EAAI8iC,EAAEkuB,IACV0B,EAAc7gC,EAChB,CACA,OAAO7xB,CACT,CACF,CACA,MAAMmP,MAAM,wBACd,EACAokD,cAAe,SAAuB5xD,EAAGkwB,EAAGiR,GAC1C,OAAOpmC,KAAKk1D,SAAW,CACrBrY,SAAUrrC,EAAOvM,GACjBuwD,WAAYrgC,EACZsgC,QAASrvB,GACR,SAAWpmC,KAAKgb,SAAWhb,KAAKs0D,IAAMpC,GAAI5rB,CAC/C,GACCrhC,CACL,CACAg5C,EAAOC,QAAU2V,EAAqB5V,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BC/S3G,SAAS4Y,EAAgB5E,EAAGjtD,GAC1B,OAAOg5C,EAAOC,QAAU4Y,EAAkB12D,OAAO8X,eAAiB9X,OAAO8X,eAAepW,OAAS,SAAUowD,EAAGjtD,GAC5G,OAAOitD,EAAEgB,UAAYjuD,EAAGitD,CAC1B,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAAS4Y,EAAgB5E,EAAGjtD,EACtG,CACAg5C,EAAOC,QAAU4Y,EAAiB7Y,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCLvG,IAAI6Y,EAAiB,EAAQ,MACzBC,EAAuB,EAAQ,MAC/BC,EAA6B,EAAQ,MACrCC,EAAkB,EAAQ,MAI9BjZ,EAAOC,QAHP,SAAwB/oB,EAAGlwB,GACzB,OAAO8xD,EAAe5hC,IAAM6hC,EAAqB7hC,EAAGlwB,IAAMgyD,EAA2B9hC,EAAGlwB,IAAMiyD,GAChG,EACiCjZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCPtG,IAAI+U,EAAiB,EAAQ,MAK7BhV,EAAOC,QAJP,SAAwBgU,EAAG5uD,GACzB,MAAQ,CAAC,EAAEQ,eAAeC,KAAKmuD,EAAG5uD,IAAM,QAAU4uD,EAAIe,EAAef,MACrE,OAAOA,CACT,EACiCjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,6BCLtG,IAAIiZ,EAAoB,EAAQ,MAC5BC,EAAkB,EAAQ,MAC1BH,EAA6B,EAAQ,MACrCI,EAAoB,EAAQ,MAIhCpZ,EAAOC,QAHP,SAA4B/oB,GAC1B,OAAOgiC,EAAkBhiC,IAAMiiC,EAAgBjiC,IAAM8hC,EAA2B9hC,IAAMkiC,GACxF,EACqCpZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCP1G,IAAIyV,EAAU,gBAWd1V,EAAOC,QAVP,SAAqBgU,EAAG/8B,GACtB,GAAI,UAAYw+B,EAAQzB,KAAOA,EAAG,OAAOA,EACzC,IAAIjtD,EAAIitD,EAAEpV,OAAOwa,aACjB,QAAI,IAAWryD,EAAG,CAChB,IAAIiR,EAAIjR,EAAElB,KAAKmuD,EAAG/8B,GAAK,WACvB,GAAI,UAAYw+B,EAAQz9C,GAAI,OAAOA,EACnC,MAAM,IAAI21C,UAAU,+CACtB,CACA,OAAQ,WAAa12B,EAAItf,OAASyY,QAAQ4jC,EAC5C,EAC8BjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCXnG,IAAIyV,EAAU,gBACV2D,EAAc,EAAQ,MAK1BrZ,EAAOC,QAJP,SAAuBgU,GACrB,IAAIh8C,EAAIohD,EAAYpF,EAAG,UACvB,MAAO,UAAYyB,EAAQz9C,GAAKA,EAAIA,EAAI,EAC1C,EACgC+nC,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,0BCNrG,SAASyV,EAAQrwD,GAGf,OAAO26C,EAAOC,QAAUyV,EAAU,mBAAqB7W,QAAU,iBAAmBA,OAAOD,SAAW,SAAUv5C,GAC9G,cAAcA,CAChB,EAAI,SAAUA,GACZ,OAAOA,GAAK,mBAAqBw5C,QAAUx5C,EAAEyrD,cAAgBjS,QAAUx5C,IAAMw5C,OAAOj5C,UAAY,gBAAkBP,CACpH,EAAG26C,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAASyV,EAAQrwD,EAC3F,CACA26C,EAAOC,QAAUyV,EAAS1V,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCT/F,IAAI6T,EAAmB,EAAQ,MAQ/B9T,EAAOC,QAPP,SAAqC/oB,EAAGsgB,GACtC,GAAItgB,EAAG,CACL,GAAI,iBAAmBA,EAAG,OAAO48B,EAAiB58B,EAAGsgB,GACrD,IAAIyc,EAAI,CAAC,EAAE5tB,SAASvgC,KAAKoxB,GAAGzsB,MAAM,GAAI,GACtC,MAAO,WAAawpD,GAAK/8B,EAAE45B,cAAgBmD,EAAI/8B,EAAE45B,YAAYzqD,MAAO,QAAU4tD,GAAK,QAAUA,EAAI/uD,MAAM2R,KAAKqgB,GAAK,cAAgB+8B,GAAK,2CAA2C73C,KAAK63C,GAAKH,EAAiB58B,EAAGsgB,QAAK,CACtN,CACF,EAC8CwI,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCRnH,IAAI+U,EAAiB,EAAQ,MACzB/6C,EAAiB,EAAQ,MACzBq/C,EAAmB,EAAQ,MAC3B/E,EAAY,EAAQ,MACxB,SAASgF,EAAiBtF,GACxB,IAAI/8B,EAAI,mBAAqBlkB,IAAM,IAAIA,SAAQ,EAC/C,OAAOgtC,EAAOC,QAAUsZ,EAAmB,SAA0BtF,GACnE,GAAI,OAASA,IAAMqF,EAAiBrF,GAAI,OAAOA,EAC/C,GAAI,mBAAqBA,EAAG,MAAM,IAAIrG,UAAU,sDAChD,QAAI,IAAW12B,EAAG,CAChB,GAAIA,EAAEonB,IAAI2V,GAAI,OAAO/8B,EAAEvzB,IAAIswD,GAC3B/8B,EAAE1rB,IAAIyoD,EAAGuF,EACX,CACA,SAASA,IACP,OAAOjF,EAAUN,EAAGpnD,UAAWmoD,EAAejzD,MAAM+uD,YACtD,CACA,OAAO0I,EAAQ5zD,UAAYzD,OAAO0/B,OAAOoyB,EAAEruD,UAAW,CACpDkrD,YAAa,CACXxlD,MAAOkuD,EACPxW,YAAY,EACZ2R,UAAU,EACVD,cAAc,KAEdz6C,EAAeu/C,EAASvF,EAC9B,EAAGjU,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,QAASsZ,EAAiBtF,EACpG,CACAjU,EAAOC,QAAUsZ,EAAkBvZ,EAAOC,QAAQ4T,YAAa,EAAM7T,EAAOC,QAAiB,QAAID,EAAOC,8BCxBxG,IAAIwZ,EAAU,EAAQ,KAAR,GACdzZ,EAAOC,QAAUwZ,EAGjB,IACEC,mBAAqBD,CACvB,CAAE,MAAOE,GACmB,iBAAfC,WACTA,WAAWF,mBAAqBD,EAEhCvE,SAAS,IAAK,yBAAdA,CAAwCuE,EAE5C,ICbII,EAA2B,CAAC,EAGhC,SAASC,EAAoBC,GAE5B,IAAIC,EAAeH,EAAyBE,GAC5C,QAAqB93D,IAAjB+3D,EACH,OAAOA,EAAa/Z,QAGrB,IAAID,EAAS6Z,EAAyBE,GAAY,CAGjD9Z,QAAS,CAAC,GAOX,OAHAga,EAAoBF,GAAUj0D,KAAKk6C,EAAOC,QAASD,EAAQA,EAAOC,QAAS6Z,GAGpE9Z,EAAOC,OACf,CCrBA6Z,EAAoBrD,EAAI,SAASxW,EAASia,GACzC,IAAI,IAAIv0D,KAAOu0D,EACXJ,EAAoBz0D,EAAE60D,EAAYv0D,KAASm0D,EAAoBz0D,EAAE46C,EAASt6C,IAC5ExD,OAAO+9C,eAAeD,EAASt6C,EAAK,CAAEq9C,YAAY,EAAMr/C,IAAKu2D,EAAWv0D,IAG3E,ECPAm0D,EAAoBpD,EAAI,WACvB,GAA0B,iBAAfkD,WAAyB,OAAOA,WAC3C,IACC,OAAO73D,MAAQ,IAAImzD,SAAS,cAAb,EAChB,CAAE,MAAOluD,GACR,GAAsB,iBAAX6D,OAAqB,OAAOA,MACxC,CACA,CAPuB,GCAxBivD,EAAoBz0D,EAAI,SAASL,EAAK24C,GAAQ,OAAOx7C,OAAOyD,UAAUC,eAAeC,KAAKd,EAAK24C,EAAO,ECCtGmc,EAAoB5iC,EAAI,SAAS+oB,GACX,oBAAXpB,QAA0BA,OAAOiX,aAC1C3zD,OAAO+9C,eAAeD,EAASpB,OAAOiX,YAAa,CAAExqD,MAAO,WAE7DnJ,OAAO+9C,eAAeD,EAAS,aAAc,CAAE30C,OAAO,GACvD,ECHA,IAAI6uD,EAAsBL,EAAoB","sources":["webpack://OktaAuth/./lib/authn/AuthnTransactionImpl.ts","webpack://OktaAuth/./lib/authn/api.ts","webpack://OktaAuth/./lib/authn/factory.ts","webpack://OktaAuth/./lib/authn/index.ts","webpack://OktaAuth/./lib/authn/mixin.ts","webpack://OktaAuth/./lib/authn/util/flattenEmbedded.ts","webpack://OktaAuth/./lib/authn/util/link2fn.ts","webpack://OktaAuth/./lib/authn/util/links2fns.ts","webpack://OktaAuth/./lib/authn/util/poll.ts","webpack://OktaAuth/./lib/authn/util/stateToken.ts","webpack://OktaAuth/./lib/base/factory.ts","webpack://OktaAuth/./lib/base/index.ts","webpack://OktaAuth/./lib/base/options.ts","webpack://OktaAuth/./lib/browser/browserStorage.ts","webpack://OktaAuth/./lib/browser/fingerprint.ts","webpack://OktaAuth/./lib/clock.ts","webpack://OktaAuth/./lib/constants.ts","webpack://OktaAuth/./lib/core/AuthStateManager.ts","webpack://OktaAuth/./lib/core/ServiceManager/browser.ts","webpack://OktaAuth/./lib/core/ServiceManager/index.ts","webpack://OktaAuth/./lib/core/factory.ts","webpack://OktaAuth/./lib/core/index.ts","webpack://OktaAuth/./lib/core/mixin.ts","webpack://OktaAuth/./lib/core/options.ts","webpack://OktaAuth/./lib/core/storage.ts","webpack://OktaAuth/./lib/core/types/index.ts","webpack://OktaAuth/./lib/crypto/base64.ts","webpack://OktaAuth/./lib/crypto/browser.ts","webpack://OktaAuth/./lib/crypto/index.ts","webpack://OktaAuth/./lib/crypto/oidcHash.ts","webpack://OktaAuth/./lib/crypto/verifyToken.ts","webpack://OktaAuth/./lib/crypto/webcrypto.ts","webpack://OktaAuth/./lib/errors/AuthApiError.ts","webpack://OktaAuth/./lib/errors/AuthPollStopError.ts","webpack://OktaAuth/./lib/errors/AuthSdkError.ts","webpack://OktaAuth/./lib/errors/CustomError.ts","webpack://OktaAuth/./lib/errors/OAuthError.ts","webpack://OktaAuth/./lib/errors/WWWAuthError.ts","webpack://OktaAuth/./lib/errors/index.ts","webpack://OktaAuth/./lib/exports/cdn/default.ts","webpack://OktaAuth/./lib/exports/common.ts","webpack://OktaAuth/./lib/exports/default.ts","webpack://OktaAuth/./lib/features.ts","webpack://OktaAuth/./lib/fetch/fetchRequest.ts","webpack://OktaAuth/./lib/http/OktaUserAgent.ts","webpack://OktaAuth/./lib/http/headers.ts","webpack://OktaAuth/./lib/http/index.ts","webpack://OktaAuth/./lib/http/mixin.ts","webpack://OktaAuth/./lib/http/options.ts","webpack://OktaAuth/./lib/http/request.ts","webpack://OktaAuth/./lib/idx/IdxTransactionManager.ts","webpack://OktaAuth/./lib/idx/authenticate.ts","webpack://OktaAuth/./lib/idx/authenticator/Authenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/OktaPassword.ts","webpack://OktaAuth/./lib/idx/authenticator/OktaVerifyTotp.ts","webpack://OktaAuth/./lib/idx/authenticator/SecurityQuestionEnrollment.ts","webpack://OktaAuth/./lib/idx/authenticator/SecurityQuestionVerification.ts","webpack://OktaAuth/./lib/idx/authenticator/VerificationCodeAuthenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/WebauthnEnrollment.ts","webpack://OktaAuth/./lib/idx/authenticator/WebauthnVerification.ts","webpack://OktaAuth/./lib/idx/authenticator/getAuthenticator.ts","webpack://OktaAuth/./lib/idx/authenticator/index.ts","webpack://OktaAuth/./lib/idx/authenticator/util.ts","webpack://OktaAuth/./lib/idx/cancel.ts","webpack://OktaAuth/./lib/idx/emailVerify.ts","webpack://OktaAuth/./lib/idx/factory/MinimalOktaAuthIdx.ts","webpack://OktaAuth/./lib/idx/factory/OktaAuthIdx.ts","webpack://OktaAuth/./lib/idx/factory/api.ts","webpack://OktaAuth/./lib/idx/factory/index.ts","webpack://OktaAuth/./lib/idx/factory/minimalApi.ts","webpack://OktaAuth/./lib/idx/flow/AccountUnlockFlow.ts","webpack://OktaAuth/./lib/idx/flow/AuthenticationFlow.ts","webpack://OktaAuth/./lib/idx/flow/FlowSpecification.ts","webpack://OktaAuth/./lib/idx/flow/PasswordRecoveryFlow.ts","webpack://OktaAuth/./lib/idx/flow/RegistrationFlow.ts","webpack://OktaAuth/./lib/idx/flow/index.ts","webpack://OktaAuth/./lib/idx/handleInteractionCodeRedirect.ts","webpack://OktaAuth/./lib/idx/idxState/index.ts","webpack://OktaAuth/./lib/idx/idxState/v1/actionParser.ts","webpack://OktaAuth/./lib/idx/idxState/v1/generateIdxAction.ts","webpack://OktaAuth/./lib/idx/idxState/v1/idxResponseParser.ts","webpack://OktaAuth/./lib/idx/idxState/v1/makeIdxState.ts","webpack://OktaAuth/./lib/idx/idxState/v1/parsers.ts","webpack://OktaAuth/./lib/idx/idxState/v1/remediationParser.ts","webpack://OktaAuth/./lib/idx/index.ts","webpack://OktaAuth/./lib/idx/interact.ts","webpack://OktaAuth/./lib/idx/introspect.ts","webpack://OktaAuth/./lib/idx/mixin.ts","webpack://OktaAuth/./lib/idx/mixinMinimal.ts","webpack://OktaAuth/./lib/idx/options.ts","webpack://OktaAuth/./lib/idx/poll.ts","webpack://OktaAuth/./lib/idx/proceed.ts","webpack://OktaAuth/./lib/idx/recoverPassword.ts","webpack://OktaAuth/./lib/idx/register.ts","webpack://OktaAuth/./lib/idx/remediate.ts","webpack://OktaAuth/./lib/idx/remediators/AuthenticatorEnrollmentData.ts","webpack://OktaAuth/./lib/idx/remediators/AuthenticatorVerificationData.ts","webpack://OktaAuth/./lib/idx/remediators/Base/AuthenticatorData.ts","webpack://OktaAuth/./lib/idx/remediators/Base/Remediator.ts","webpack://OktaAuth/./lib/idx/remediators/Base/SelectAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/Base/VerifyAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ChallengeAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ChallengePoll.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollPoll.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollProfile.ts","webpack://OktaAuth/./lib/idx/remediators/EnrollmentChannelData.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/GenericRemediator.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/index.ts","webpack://OktaAuth/./lib/idx/remediators/GenericRemediator/util.ts","webpack://OktaAuth/./lib/idx/remediators/Identify.ts","webpack://OktaAuth/./lib/idx/remediators/ReEnrollAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/ReEnrollAuthenticatorWarning.ts","webpack://OktaAuth/./lib/idx/remediators/RedirectIdp.ts","webpack://OktaAuth/./lib/idx/remediators/ResetAuthenticator.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorAuthenticate.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorEnroll.ts","webpack://OktaAuth/./lib/idx/remediators/SelectAuthenticatorUnlockAccount.ts","webpack://OktaAuth/./lib/idx/remediators/SelectEnrollProfile.ts","webpack://OktaAuth/./lib/idx/remediators/SelectEnrollmentChannel.ts","webpack://OktaAuth/./lib/idx/remediators/Skip.ts","webpack://OktaAuth/./lib/idx/remediators/index.ts","webpack://OktaAuth/./lib/idx/remediators/util.ts","webpack://OktaAuth/./lib/idx/run.ts","webpack://OktaAuth/./lib/idx/startTransaction.ts","webpack://OktaAuth/./lib/idx/storage.ts","webpack://OktaAuth/./lib/idx/transactionMeta.ts","webpack://OktaAuth/./lib/idx/types/api.ts","webpack://OktaAuth/./lib/idx/types/idx-js.ts","webpack://OktaAuth/./lib/idx/types/index.ts","webpack://OktaAuth/./lib/idx/unlockAccount.ts","webpack://OktaAuth/./lib/idx/util.ts","webpack://OktaAuth/./lib/idx/webauthn.ts","webpack://OktaAuth/./lib/myaccount/api.ts","webpack://OktaAuth/./lib/myaccount/emailApi.ts","webpack://OktaAuth/./lib/myaccount/factory.ts","webpack://OktaAuth/./lib/myaccount/index.ts","webpack://OktaAuth/./lib/myaccount/mixin.ts","webpack://OktaAuth/./lib/myaccount/passwordApi.ts","webpack://OktaAuth/./lib/myaccount/phoneApi.ts","webpack://OktaAuth/./lib/myaccount/profileApi.ts","webpack://OktaAuth/./lib/myaccount/request.ts","webpack://OktaAuth/./lib/myaccount/transactions/Base.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailChallengeTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailStatusTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/EmailTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/PasswordTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/PhoneTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/ProfileSchemaTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/ProfileTransaction.ts","webpack://OktaAuth/./lib/myaccount/transactions/index.ts","webpack://OktaAuth/./lib/myaccount/types.ts","webpack://OktaAuth/./lib/oidc/TokenManager.ts","webpack://OktaAuth/./lib/oidc/TransactionManager.ts","webpack://OktaAuth/./lib/oidc/decodeToken.ts","webpack://OktaAuth/./lib/oidc/dpop.ts","webpack://OktaAuth/./lib/oidc/endpoints/authorize.ts","webpack://OktaAuth/./lib/oidc/endpoints/index.ts","webpack://OktaAuth/./lib/oidc/endpoints/token.ts","webpack://OktaAuth/./lib/oidc/endpoints/well-known.ts","webpack://OktaAuth/./lib/oidc/enrollAuthenticator.ts","webpack://OktaAuth/./lib/oidc/exchangeCodeForTokens.ts","webpack://OktaAuth/./lib/oidc/factory/OktaAuthOAuth.ts","webpack://OktaAuth/./lib/oidc/factory/api.ts","webpack://OktaAuth/./lib/oidc/factory/baseApi.ts","webpack://OktaAuth/./lib/oidc/factory/index.ts","webpack://OktaAuth/./lib/oidc/getToken.ts","webpack://OktaAuth/./lib/oidc/getUserInfo.ts","webpack://OktaAuth/./lib/oidc/getWithPopup.ts","webpack://OktaAuth/./lib/oidc/getWithRedirect.ts","webpack://OktaAuth/./lib/oidc/getWithoutPrompt.ts","webpack://OktaAuth/./lib/oidc/handleOAuthResponse.ts","webpack://OktaAuth/./lib/oidc/index.ts","webpack://OktaAuth/./lib/oidc/introspect.ts","webpack://OktaAuth/./lib/oidc/mixin/browser.ts","webpack://OktaAuth/./lib/oidc/mixin/index.ts","webpack://OktaAuth/./lib/oidc/mixin/minimal.ts","webpack://OktaAuth/./lib/oidc/options/OAuthOptionsConstructor.ts","webpack://OktaAuth/./lib/oidc/options/browser.ts","webpack://OktaAuth/./lib/oidc/options/index.ts","webpack://OktaAuth/./lib/oidc/parseFromUrl.ts","webpack://OktaAuth/./lib/oidc/renewToken.ts","webpack://OktaAuth/./lib/oidc/renewTokens.ts","webpack://OktaAuth/./lib/oidc/renewTokensWithRefresh.ts","webpack://OktaAuth/./lib/oidc/revokeToken.ts","webpack://OktaAuth/./lib/oidc/storage.ts","webpack://OktaAuth/./lib/oidc/types/Token.ts","webpack://OktaAuth/./lib/oidc/types/TokenManager.ts","webpack://OktaAuth/./lib/oidc/types/Transaction.ts","webpack://OktaAuth/./lib/oidc/types/index.ts","webpack://OktaAuth/./lib/oidc/util/browser.ts","webpack://OktaAuth/./lib/oidc/util/defaultEnrollAuthenticatorParams.ts","webpack://OktaAuth/./lib/oidc/util/defaultTokenParams.ts","webpack://OktaAuth/./lib/oidc/util/enrollAuthenticatorMeta.ts","webpack://OktaAuth/./lib/oidc/util/errors.ts","webpack://OktaAuth/./lib/oidc/util/index.ts","webpack://OktaAuth/./lib/oidc/util/loginRedirect.ts","webpack://OktaAuth/./lib/oidc/util/oauth.ts","webpack://OktaAuth/./lib/oidc/util/oauthMeta.ts","webpack://OktaAuth/./lib/oidc/util/pkce.ts","webpack://OktaAuth/./lib/oidc/util/prepareEnrollAuthenticatorParams.ts","webpack://OktaAuth/./lib/oidc/util/prepareTokenParams.ts","webpack://OktaAuth/./lib/oidc/util/refreshToken.ts","webpack://OktaAuth/./lib/oidc/util/sharedStorage.ts","webpack://OktaAuth/./lib/oidc/util/urlParams.ts","webpack://OktaAuth/./lib/oidc/util/validateClaims.ts","webpack://OktaAuth/./lib/oidc/util/validateToken.ts","webpack://OktaAuth/./lib/oidc/verifyToken.ts","webpack://OktaAuth/./lib/services/AutoRenewService.ts","webpack://OktaAuth/./lib/services/LeaderElectionService.ts","webpack://OktaAuth/./lib/services/RenewOnTabActivationService.ts","webpack://OktaAuth/./lib/services/SyncStorageService.ts","webpack://OktaAuth/./lib/services/index.ts","webpack://OktaAuth/./lib/session/api.ts","webpack://OktaAuth/./lib/session/factory.ts","webpack://OktaAuth/./lib/session/index.ts","webpack://OktaAuth/./lib/session/mixin.ts","webpack://OktaAuth/./lib/storage/BaseStorageManager.ts","webpack://OktaAuth/./lib/storage/SavedObject.ts","webpack://OktaAuth/./lib/storage/index.ts","webpack://OktaAuth/./lib/storage/mixin.ts","webpack://OktaAuth/./lib/storage/options/StorageOptionsConstructor.ts","webpack://OktaAuth/./lib/storage/options/browser.ts","webpack://OktaAuth/./lib/util/PromiseQueue.ts","webpack://OktaAuth/./lib/util/console.ts","webpack://OktaAuth/./lib/util/index.ts","webpack://OktaAuth/./lib/util/jsonpath.ts","webpack://OktaAuth/./lib/util/misc.ts","webpack://OktaAuth/./lib/util/object.ts","webpack://OktaAuth/./lib/util/types.ts","webpack://OktaAuth/./lib/util/url.ts","webpack://OktaAuth/../../src/index.ts","webpack://OktaAuth/./node_modules/p-cancelable/index.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/broadcast-channel.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/index.es5.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/index.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election-util.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election-web-lock.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/leader-election.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/method-chooser.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/indexed-db.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/localstorage.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/native.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/methods/simulate.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/options.js","webpack://OktaAuth/./node_modules/broadcast-channel/dist/lib/util.js","webpack://OktaAuth/./node_modules/cross-fetch/dist/browser-ponyfill.js","webpack://OktaAuth/./node_modules/js-cookie/dist/js.cookie.js","webpack://OktaAuth/./node_modules/tiny-emitter/index.js","webpack://OktaAuth/./node_modules/unload/dist/es/index.js","webpack://OktaAuth/./node_modules/unload/dist/es/node.js","webpack://OktaAuth/./node_modules/unload/dist/es/browser.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayLikeToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayWithHoles.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/arrayWithoutHoles.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/assertThisInitialized.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/asyncToGenerator.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/classCallCheck.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/construct.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/createClass.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/defineProperty.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/get.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/getPrototypeOf.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/inherits.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/interopRequireDefault.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/isNativeFunction.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/isNativeReflectConstruct.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/iterableToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/iterableToArrayLimit.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/nonIterableRest.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/nonIterableSpread.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/objectWithoutProperties.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/objectWithoutPropertiesLoose.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/possibleConstructorReturn.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/regeneratorRuntime.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/setPrototypeOf.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/slicedToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/superPropBase.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toConsumableArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toPrimitive.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/toPropertyKey.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/typeof.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/unsupportedIterableToArray.js","webpack://OktaAuth/./node_modules/@babel/runtime/helpers/wrapNativeSuper.js","webpack://OktaAuth/./node_modules/@babel/runtime/regenerator/index.js","webpack://OktaAuth/webpack/bootstrap","webpack://OktaAuth/webpack/runtime/define property getters","webpack://OktaAuth/webpack/runtime/global","webpack://OktaAuth/webpack/runtime/hasOwnProperty shorthand","webpack://OktaAuth/webpack/runtime/make namespace object","webpack://OktaAuth/webpack/startup"],"sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { OktaAuthHttpInterface } from '../http/types';\nimport {\n AuthnTransactionFunction,\n AuthnTransaction,\n AuthnTransactionAPI,\n AuthnTransactionState\n} from './types';\nimport { flattenEmbedded } from './util/flattenEmbedded';\n\nexport class AuthnTransactionImpl implements AuthnTransaction {\n next?: AuthnTransactionFunction;\n cancel?: AuthnTransactionFunction;\n skip?: AuthnTransactionFunction;\n unlock?: AuthnTransactionFunction;\n changePassword?: AuthnTransactionFunction;\n resetPassword?: AuthnTransactionFunction;\n answer?: AuthnTransactionFunction;\n recovery?: AuthnTransactionFunction;\n verify?: AuthnTransactionFunction;\n resend?: AuthnTransactionFunction;\n activate?: AuthnTransactionFunction;\n poll?: AuthnTransactionFunction;\n prev?: AuthnTransactionFunction;\n\n data?: AuthnTransactionState;\n stateToken?: string;\n sessionToken?: string;\n status: string;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n constructor(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res: AuthnTransactionState | null = null) {\n this.data = undefined;\n this.status = undefined as unknown as string;\n if (res) {\n this.data = res;\n\n // Parse response from Authn V1\n Object.assign(this, flattenEmbedded(sdk, tx, res, res, {}));\n delete this.stateToken;\n\n // RECOVERY_CHALLENGE has some responses without _links.\n // Without _links, we emulate cancel to make it intuitive\n // to return to the starting state. We may remove this\n // when OKTA-75434 is resolved\n if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n this.cancel = function() {\n return Promise.resolve(tx.createTransaction());\n };\n }\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nimport { post } from '../http';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { STATE_TOKEN_KEY_NAME } from '../constants';\nimport { OktaAuthHttpInterface } from '../http/types';\nimport { OktaAuthStorageOptions } from '../storage/types';\nimport { addStateToken } from './util/stateToken';\nimport { AuthnTransactionAPI } from './types';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function transactionStatus(sdk: OktaAuthHttpInterface, args) {\n args = addStateToken(sdk, args);\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, { withCredentials: true });\n}\n\nexport function resumeTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n if (!args || !args.stateToken) {\n var stateToken = getSavedStateToken(sdk);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to resume'));\n }\n }\n return transactionStatus(sdk, args)\n .then(function(res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function introspectAuthn (sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n if (!args || !args.stateToken) {\n var stateToken = getSavedStateToken(sdk);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n }\n }\n return transactionStep(sdk, args)\n .then(function (res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function transactionStep(sdk: OktaAuthHttpInterface, args) {\n args = addStateToken(sdk, args);\n // v1 pipeline introspect API\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, { withCredentials: true });\n}\n\nexport function transactionExists(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n // We have a cookie state token\n return !!getSavedStateToken(sdk);\n}\n\nexport function postToTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, url: string, args, options?) {\n options = Object.assign({ withCredentials: true }, options);\n return post(sdk, url, args, options)\n .then(function(res) {\n return tx.createTransaction(res);\n });\n}\n\nexport function getSavedStateToken(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = sdk.options.storageUtil!.storage;\n return storage.get(STATE_TOKEN_KEY_NAME);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { RequestData, RequestOptions, OktaAuthHttpInterface } from '../http/types';\nimport {\n introspectAuthn,\n transactionStatus,\n transactionExists,\n resumeTransaction,\n postToTransaction\n} from './api';\nimport { AuthnTransactionImpl } from './AuthnTransactionImpl';\nimport { AuthnTransactionAPI, AuthnTransactionState } from './types';\n\n// Factory\nexport function createAuthnTransactionAPI(sdk: OktaAuthHttpInterface): AuthnTransactionAPI {\n const tx: AuthnTransactionAPI = {\n status: transactionStatus.bind(null, sdk),\n resume(args) {\n return resumeTransaction(sdk, tx, args);\n },\n exists: transactionExists.bind(null, sdk),\n introspect(args) {\n return introspectAuthn(sdk, tx, args);\n },\n createTransaction: (res?: AuthnTransactionState) => {\n return new AuthnTransactionImpl(sdk, tx, res);\n },\n postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => {\n return postToTransaction(sdk, tx, url, args, options);\n }\n };\n return tx;\n}\n","export * from './factory';\nexport * from './mixin';\nexport * from './types';\n","/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { \n clone,\n} from '../util';\nimport fingerprint from '../browser/fingerprint';\nimport {\n SigninWithCredentialsOptions,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n SigninOptions,\n OktaAuthTxInterface,\n AuthnTransaction,\n AuthnTransactionAPI\n} from './types';\nimport {\n createAuthnTransactionAPI,\n} from './factory';\nimport { StorageManagerInterface } from '../storage/types';\nimport { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { FingerprintAPI, OktaAuthConstructor } from '../base/types';\n\nexport function mixinAuthn\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthTxInterface<S, O>>\n{\n return class OktaAuthTx extends Base implements OktaAuthTxInterface<S, O> {\n tx: AuthnTransactionAPI; // legacy, may be removed in future version\n authn: AuthnTransactionAPI;\n fingerprint: FingerprintAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.authn = this.tx = createAuthnTransactionAPI(this);\n \n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n }\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthnTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return this.tx.postToTransaction('/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction> {\n return this.signIn(opts);\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction> {\n return this.tx.postToTransaction('/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction> {\n const { multiOptionalFactorEnroll, ...args } = opts;\n if (multiOptionalFactorEnroll) {\n // see https://developer.okta.com/docs/reference/api/authn/#options-object\n (args as any).options = { multiOptionalFactorEnroll };\n }\n return this.tx.postToTransaction('/api/v1/authn/recovery/token', args);\n }\n\n };\n}\n","/* eslint-disable complexity */\nimport { OktaAuthHttpInterface } from '../../http/types';\nimport { clone, isObject, omit } from '../../util';\nimport { AuthnTransactionAPI } from '../types';\nimport { links2fns } from './links2fns';\n\nexport function flattenEmbedded(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n obj = obj || res;\n obj = clone(obj);\n\n if (Array.isArray(obj)) {\n var objArr = [];\n for (var o = 0, ol = obj.length; o < ol; o++) {\n objArr.push(flattenEmbedded(sdk, tx, res, obj[o], ref) as never);\n }\n return objArr;\n }\n\n var embedded = obj._embedded || {};\n\n for (var key in embedded) {\n if (!Object.prototype.hasOwnProperty.call(embedded, key)) {\n continue;\n }\n\n // Flatten any nested _embedded objects\n if (isObject(embedded[key]) || Array.isArray(embedded[key])) {\n embedded[key] = flattenEmbedded(sdk, tx, res, embedded[key], ref);\n }\n }\n\n // Convert any links on the embedded object\n var fns = links2fns(sdk, tx, res, obj, ref);\n Object.assign(embedded, fns);\n\n obj = omit(obj, '_embedded', '_links');\n Object.assign(obj, embedded);\n return obj;\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { find, omit, toQueryString } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { get } from '../../http';\nimport { AuthnTransactionAPI, AuthnTransactionState } from '../types';\nimport { postToTransaction } from '../api';\nimport { addStateToken } from './stateToken';\n\n\n// query parameters to post url\ninterface PostToTransactionParams {\n autoPush?: boolean;\n rememberDevice?: boolean;\n updatePhone?: boolean;\n}\n\n// eslint-disable-next-line max-params\nexport function link2fn(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, link, ref) {\n if (Array.isArray(link)) {\n return function(name, opts?) {\n if (!name) {\n throw new AuthSdkError('Must provide a link name');\n }\n\n var lk = find(link, {name: name});\n if (!lk) {\n throw new AuthSdkError('No link found for that name');\n }\n\n return link2fn(sdk, tx, res, obj, lk, ref)(opts);\n };\n\n } else if (link.hints &&\n link.hints.allow &&\n link.hints.allow.length === 1) {\n var method = link.hints.allow[0];\n switch (method) {\n\n case 'GET':\n return function() {\n return get(sdk, link.href, { withCredentials: true });\n };\n\n case 'POST':\n // eslint-disable-next-line max-statements,complexity\n return function(opts: AuthnTransactionState) {\n if (ref && ref.isPolling) {\n ref.isPolling = false;\n }\n\n var data = addStateToken(res, opts);\n\n if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n // Add factorType and provider\n Object.assign(data, {\n factorType: obj.factorType,\n provider: obj.provider\n });\n }\n\n var params = {} as PostToTransactionParams;\n var autoPush = data.autoPush;\n if (autoPush !== undefined) {\n if (typeof autoPush === 'function') {\n try {\n params.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== null) {\n params.autoPush = !!autoPush;\n }\n data = omit(data, 'autoPush');\n }\n\n var rememberDevice = data.rememberDevice;\n if (rememberDevice !== undefined) {\n if (typeof rememberDevice === 'function') {\n try {\n params.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== null) {\n params.rememberDevice = !!rememberDevice;\n }\n data = omit(data, 'rememberDevice');\n\n } else if (data.profile &&\n data.profile.updatePhone !== undefined) {\n if (data.profile.updatePhone) {\n params.updatePhone = true;\n }\n data.profile = omit(data.profile, 'updatePhone');\n }\n var href = link.href + toQueryString(params);\n return postToTransaction(sdk, tx, href, data);\n };\n }\n }\n}\n\n\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { AuthnTransactionFunctions, AuthnTransactionAPI } from '../types';\nimport { link2fn } from './link2fn';\nimport { getPollFn } from './poll';\n\nexport function links2fns(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n var fns = {} as AuthnTransactionFunctions;\n for (var linkName in obj._links) {\n if (!Object.prototype.hasOwnProperty.call(obj._links, linkName)) {\n continue;\n }\n\n var link = obj._links[linkName];\n \n if (linkName === 'next') {\n linkName = link.name;\n }\n\n if (link.type) {\n fns[linkName] = link;\n continue;\n }\n\n switch (linkName) {\n // poll is only found at the transaction\n // level, so we don't need to pass the link\n case 'poll':\n fns.poll = getPollFn(sdk, res, ref);\n break;\n\n default:\n var fn = link2fn(sdk, tx, res, obj, link, ref);\n if (fn) {\n fns[linkName] = fn;\n }\n }\n }\n return fns;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { post } from '../../http';\nimport { isNumber, isObject, getLink, toQueryString, delay as delayFn } from '../../util';\nimport { DEFAULT_POLLING_DELAY } from '../../constants';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport AuthPollStopError from '../../errors/AuthPollStopError';\nimport { AuthnTransactionState } from '../types';\nimport { getStateToken } from './stateToken';\n\ninterface PollOptions {\n delay?: number;\n rememberDevice?: boolean;\n autoPush?: boolean;\n transactionCallBack?: (AuthnTransactionState) => void;\n}\n\nexport function getPollFn(sdk, res: AuthnTransactionState, ref) {\n return function (options: PollOptions | number) {\n var delay;\n var rememberDevice;\n var autoPush;\n var transactionCallBack;\n\n if (isNumber(options)) {\n delay = options;\n } else if (isObject(options)) {\n options = options as PollOptions;\n delay = options.delay;\n rememberDevice = options.rememberDevice;\n autoPush = options.autoPush;\n transactionCallBack = options.transactionCallBack;\n }\n\n if (!delay && delay !== 0) {\n delay = DEFAULT_POLLING_DELAY;\n }\n\n // Get the poll function\n var pollLink = getLink(res, 'next', 'poll');\n // eslint-disable-next-line complexity\n function pollFn() {\n var opts = {} as PollOptions;\n if (typeof autoPush === 'function') {\n try {\n opts.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== undefined && autoPush !== null) {\n opts.autoPush = !!autoPush;\n }\n if (typeof rememberDevice === 'function') {\n try {\n opts.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== undefined && rememberDevice !== null) {\n opts.rememberDevice = !!rememberDevice;\n }\n\n var href = pollLink.href + toQueryString(opts);\n return post(sdk, href, getStateToken(res), {\n saveAuthnState: false,\n withCredentials: true,\n pollingIntent: true,\n });\n }\n\n ref.isPolling = true;\n\n var retryCount = 0;\n var recursivePoll = function () {\n // If the poll was manually stopped during the delay\n if (!ref.isPolling) {\n return Promise.reject(new AuthPollStopError());\n }\n\n return pollFn()\n .then(function (pollRes) {\n // Reset our retry counter on success\n retryCount = 0;\n\n // If we're still waiting\n if (pollRes.factorResult && pollRes.factorResult === 'WAITING') {\n\n // If the poll was manually stopped while the pollFn was called\n if (!ref.isPolling) {\n throw new AuthPollStopError();\n }\n\n if (typeof transactionCallBack === 'function') {\n transactionCallBack(pollRes);\n }\n\n // Continue poll\n return delayFn(delay).then(recursivePoll);\n\n } else {\n // Any non-waiting result, even if polling was stopped\n // during a request, will return\n ref.isPolling = false;\n return sdk.tx.createTransaction(pollRes);\n }\n })\n .catch(function(err) {\n // Exponential backoff, up to 16 seconds\n if (err.xhr &&\n (err.xhr.status === 0 || err.xhr.status === 429) &&\n retryCount <= 4) {\n var delayLength = Math.pow(2, retryCount) * 1000;\n retryCount++;\n return delayFn(delayLength)\n .then(recursivePoll);\n }\n throw err;\n });\n };\n return recursivePoll()\n .catch(function(err) {\n ref.isPolling = false;\n throw err;\n });\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nimport { AuthnTransactionState } from '../types';\n\nexport function addStateToken(res, options?) {\n var builtArgs = {} as AuthnTransactionState;\n Object.assign(builtArgs, options);\n\n // Add the stateToken if one isn't passed and we have one\n if (!builtArgs.stateToken && res.stateToken) {\n builtArgs.stateToken = res.stateToken;\n }\n\n return builtArgs;\n}\n\nexport function getStateToken(res) {\n return addStateToken(res);\n}\n","\n\n// Do not use this type in code, so it won't be emitted in the declaration output\nimport { removeNils } from '../util';\n\nimport * as features from '../features';\nimport * as constants from '../constants';\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nimport {\n EventEmitter,\n OktaAuthConstructor,\n OktaAuthBaseInterface,\n OktaAuthBaseOptions,\n OktaAuthOptionsConstructor, \n FeaturesAPI,\n} from './types';\n\nexport function createOktaAuthBase\n<\n O extends OktaAuthBaseOptions = OktaAuthBaseOptions,\n>\n(\n OptionsConstructor: OktaAuthOptionsConstructor<O>\n): OktaAuthConstructor<OktaAuthBaseInterface<O>>\n{\n class OktaAuthBase implements OktaAuthBaseInterface<O>\n {\n options: O;\n emitter: EventEmitter;\n features: FeaturesAPI;\n static features: FeaturesAPI = features;\n static constants = constants;\n \n constructor(...args: any[]) {\n const options = new OptionsConstructor(args.length ? args[0] || {} : {});\n this.options = removeNils(options) as O; // clear out undefined values\n this.emitter = new Emitter();\n this.features = features;\n }\n }\n\n // Hoist feature detection functions to prototype & static type\n OktaAuthBase.features = OktaAuthBase.prototype.features = features;\n\n // Also hoist constants for CommonJS users\n Object.assign(OktaAuthBase, {\n constants\n });\n\n return OktaAuthBase;\n}\n","export * from './factory';\nexport * from './options';\nexport * from './types';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthBaseOptions } from './types';\n\nexport function createBaseOptionsConstructor() {\n\n return class BaseOptionsConstructor implements Required<OktaAuthBaseOptions> {\n devMode: boolean;\n\n constructor(args: any) {\n this.devMode = !!args.devMode;\n }\n };\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport Cookies from 'js-cookie';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n StorageOptions,\n CookieOptions,\n SimpleStorage,\n StorageType,\n StorageUtil,\n} from '../storage/types';\nimport { warn } from '../util';\nimport { isIE11OrLess } from '../features';\n\nexport interface CookieStorage extends SimpleStorage {\n setItem(key: string, value: any, expiresAt?: string | null): void; // can customize expiresAt\n getItem(key?: string): any; // if no key is passed, all cookies are returned\n removeItem(key: string); // remove a cookie\n}\n\nexport interface BrowserStorageUtil extends StorageUtil {\n browserHasLocalStorage(): boolean;\n browserHasSessionStorage(): boolean;\n getStorageByType(storageType: StorageType, options: StorageOptions): SimpleStorage;\n getLocalStorage(): Storage;\n getSessionStorage(): Storage;\n getInMemoryStorage(): SimpleStorage;\n getCookieStorage(options?: StorageOptions): CookieStorage;\n testStorage(storage: any): boolean;\n storage: Cookies;\n inMemoryStore: Record<string, unknown>;\n}\n\n// Building this as an object allows us to mock the functions in our tests\nvar storageUtil: BrowserStorageUtil = {\n\n // IE11 bug that Microsoft doesn't plan to fix\n // https://connect.microsoft.com/IE/Feedback/Details/1496040\n browserHasLocalStorage: function() {\n try {\n var storage = this.getLocalStorage();\n return this.testStorage(storage);\n } catch (e) {\n return false;\n }\n },\n\n browserHasSessionStorage: function() {\n try {\n var storage = this.getSessionStorage();\n return this.testStorage(storage);\n } catch (e) {\n return false;\n }\n },\n\n testStorageType: function(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'sessionStorage':\n supported = this.browserHasSessionStorage();\n break;\n case 'localStorage':\n supported = this.browserHasLocalStorage();\n break;\n case 'cookie':\n case 'memory':\n supported = true;\n break;\n default:\n supported = false;\n break;\n }\n return supported;\n },\n\n getStorageByType: function(storageType: StorageType, options?: StorageOptions): SimpleStorage {\n let storageProvider;\n switch (storageType) {\n case 'sessionStorage':\n storageProvider = this.getSessionStorage();\n break;\n case 'localStorage':\n storageProvider = this.getLocalStorage();\n break;\n case 'cookie':\n storageProvider = this.getCookieStorage(options);\n break;\n case 'memory':\n storageProvider = this.getInMemoryStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n },\n\n findStorageType: function(types: StorageType[]) {\n let curType;\n let nextType;\n \n types = types.slice(); // copy array\n curType = types.shift();\n nextType = types.length ? types[0] : null;\n if (!nextType) {\n return curType;\n }\n\n if (this.testStorageType(curType)) {\n return curType;\n }\n\n // preferred type was unsupported.\n warn(`This browser doesn't support ${curType}. Switching to ${nextType}.`);\n\n // fallback to the next type. this is a recursive call\n return this.findStorageType(types);\n },\n\n getLocalStorage: function() {\n // Workaound for synchronization issue of LocalStorage cross tabs in IE11\n if (isIE11OrLess() && !window.onstorage) {\n window.onstorage = function() {};\n }\n \n return localStorage;\n },\n\n getSessionStorage: function() {\n return sessionStorage;\n },\n\n // Provides webStorage-like interface for cookies\n getCookieStorage: function(options): CookieStorage {\n const secure = options!.secure;\n const sameSite = options!.sameSite;\n const sessionCookie = options!.sessionCookie;\n if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n throw new AuthSdkError('getCookieStorage: \"secure\" and \"sameSite\" options must be provided');\n }\n const storage: CookieStorage = {\n getItem: this.storage.get,\n setItem: (key, value, expiresAt = '2200-01-01T00:00:00.000Z') => {\n // By defauilt, cookie shouldn't expire\n expiresAt = (sessionCookie ? null : expiresAt) as string;\n this.storage.set(key, value, expiresAt, {\n secure: secure, \n sameSite: sameSite,\n });\n },\n removeItem: (key) => {\n this.storage.delete(key);\n },\n };\n\n if (!options!.useSeparateCookies) {\n return storage;\n }\n\n // Tokens are stored separately because cookies have size limits.\n // Can only be used when storing an object value. Object properties will be saved to separate cookies.\n // Each property of the object must also be an object.\n return {\n getItem: function(key) {\n var data = storage.getItem(); // read all cookies\n var value = {};\n Object.keys(data).forEach(k => {\n if (k.indexOf(key!) === 0) { // filter out unrelated cookies\n value[k.replace(`${key}_`, '')] = JSON.parse(data[k]); // populate with cookie data\n }\n });\n return JSON.stringify(value);\n },\n setItem: function(key, value) {\n var existingValues = JSON.parse(this.getItem(key));\n value = JSON.parse(value);\n // Set key-value pairs from input to cookies\n Object.keys(value).forEach(k => {\n var storageKey = key + '_' + k;\n var valueToStore = JSON.stringify(value[k]);\n storage.setItem(storageKey, valueToStore);\n delete existingValues[k];\n });\n // Delete unmatched keys from existing cookies\n Object.keys(existingValues).forEach(k => {\n storage.removeItem(key + '_' + k);\n });\n },\n removeItem: function(key) {\n var existingValues = JSON.parse(this.getItem(key));\n Object.keys(existingValues).forEach(k => {\n storage.removeItem(key + '_' + k);\n });\n },\n };\n },\n\n // Provides an in-memory solution\n inMemoryStore: {}, // override this for a unique memory store per instance\n getInMemoryStorage: function() {\n return {\n getItem: (key) => {\n return this.inMemoryStore[key];\n },\n setItem: (key, value) => {\n this.inMemoryStore[key] = value;\n },\n };\n },\n\n testStorage: function(storage) {\n var key = 'okta-test-storage';\n try {\n storage.setItem(key, key);\n storage.removeItem(key);\n return true;\n } catch (e) {\n return false;\n }\n },\n\n storage: {\n set: function(name: string, value: string, expiresAt: string, options: CookieOptions): string {\n const { sameSite, secure } = options;\n if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n throw new AuthSdkError('storage.set: \"secure\" and \"sameSite\" options must be provided');\n }\n var cookieOptions: CookieOptions = {\n path: options.path || '/',\n secure,\n sameSite\n };\n\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Expires value can be converted to a Date object.\n //\n // If the 'expiresAt' value is not provided, or the value cannot be\n // parsed as a Date object, the cookie will set as a session cookie.\n cookieOptions.expires = new Date(expiresAt);\n }\n\n Cookies.set(name, value, cookieOptions);\n return this.get(name);\n },\n\n get: function(name?: string): string {\n // return all cookies when no args is provided\n if (!arguments.length) {\n return Cookies.get();\n }\n return Cookies.get(name);\n },\n\n delete: function(name: string): string {\n return Cookies.remove(name, { path: '/' });\n }\n }\n};\n\nexport default storageUtil;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { isFingerprintSupported } from '../features';\nimport {\n addListener,\n removeListener\n} from '../oidc';\nimport { FingerprintOptions } from '../base/types';\nimport { OktaAuthHttpInterface } from '../http/types';\n\nconst isMessageFromCorrectSource = (iframe: HTMLIFrameElement, event: MessageEvent)\n: boolean => event.source === iframe.contentWindow;\n\nexport default function fingerprint(sdk: OktaAuthHttpInterface, options?: FingerprintOptions): Promise<string> {\n if (!isFingerprintSupported()) {\n return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n }\n\n const container = options?.container ?? document.body;\n let timeout: NodeJS.Timeout;\n let iframe: HTMLIFrameElement;\n let listener: (this: Window, ev: MessageEvent) => void;\n const promise = new Promise(function (resolve, reject) {\n iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n\n // eslint-disable-next-line complexity\n listener = function listener(e: MessageEvent) {\n if (!isMessageFromCorrectSource(iframe, e)) {\n return;\n }\n\n if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n return;\n }\n\n let msg;\n try {\n msg = JSON.parse(e.data);\n } catch (err) {\n // iframe messages should all be parsable\n // skip not parsable messages come from other sources in same origin (browser extensions)\n // TODO: add namespace flag in okta-core to distinguish messages that come from other sources\n return;\n }\n\n if (!msg) { return; }\n if (msg.type === 'FingerprintAvailable') {\n return resolve(msg.fingerprint as string);\n } else if (msg.type === 'FingerprintServiceReady') {\n iframe?.contentWindow?.postMessage(JSON.stringify({\n type: 'GetFingerprint'\n }), e.origin);\n } else {\n return reject(new AuthSdkError('No data'));\n }\n };\n addListener(window, 'message', listener);\n\n iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n container.appendChild(iframe);\n\n timeout = setTimeout(function() {\n reject(new AuthSdkError('Fingerprinting timed out'));\n }, options?.timeout || 15000);\n });\n\n return promise.finally(function() {\n clearTimeout(timeout);\n removeListener(window, 'message', listener);\n if (container.contains(iframe)) {\n iframe.parentElement?.removeChild(iframe);\n }\n }) as Promise<string>;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class SdkClock {\n localOffset: number;\n\n constructor(localOffset) {\n // Calculated local clock offset from server time (in milliseconds). Can be positive or negative.\n this.localOffset = parseInt(localOffset || 0);\n }\n\n // factory method. Create an instance of a clock from current context.\n static create(/* sdk, options */): SdkClock {\n // TODO: calculate localOffset\n var localOffset = 0;\n return new SdkClock(localOffset);\n }\n\n // Return the current time (in seconds)\n now() {\n var now = (Date.now() + this.localOffset) / 1000;\n return now;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const IOS_MAX_RETRY_COUNT = 3;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY = 'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport PCancelable from 'p-cancelable';\nimport { AuthSdkError } from '../errors';\nimport {\n EVENT_ADDED,\n EVENT_REMOVED,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface\n} from '../oidc';\nimport {\n AuthState,\n AuthStateLogOptions,\n OktaAuthCoreOptions,\n} from './types';\nimport { PromiseQueue, getConsole } from '../util';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\n\nexport class AuthStateManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\n{\n _sdk: OktaAuthOAuthInterface<M, S, O>;\n _pending: { \n updateAuthStatePromise: any;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _transformQueue: PromiseQueue;\n\n constructor(sdk: OktaAuthOAuthInterface<M, S, O>) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n this._transformQueue = new PromiseQueue({\n quiet: true\n });\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n\n // Enqueue transformAuthState so that it does not run concurrently\n const promise: Promise<AuthState> = transformAuthState\n ? this._transformQueue.push(transformAuthState, null, this._sdk, authState) as Promise<AuthState>\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport {\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n} from '../../oidc';\n\nimport {\n ServiceManagerInterface,\n ServiceInterface,\n ServiceManagerOptions,\n OktaAuthCoreInterface,\n OktaAuthCoreOptions\n} from '../types';\nimport { AutoRenewService,\n SyncStorageService,\n LeaderElectionService,\n RenewOnTabActivationService\n} from '../../services';\nimport { removeNils } from '../../util';\n\nconst AUTO_RENEW = 'autoRenew';\nconst SYNC_STORAGE = 'syncStorage';\nconst LEADER_ELECTION = 'leaderElection';\nconst RENEW_ON_TAB_ACTIVATION = 'renewOnTabActivation';\n\nexport class ServiceManager\n<\n M extends OAuthTransactionMeta,\n S extends OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions\n>\nimplements ServiceManagerInterface \n{\n private sdk: OktaAuthCoreInterface<M, S, O>;\n private options: ServiceManagerOptions;\n private services: Map<string, ServiceInterface>;\n private started: boolean;\n\n private static knownServices = [AUTO_RENEW, SYNC_STORAGE, LEADER_ELECTION, RENEW_ON_TAB_ACTIVATION];\n\n private static defaultOptions: ServiceManagerOptions = {\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n renewOnTabActivation: true,\n tabInactivityDuration: 1800, // 30 mins in seconds\n };\n\n constructor(sdk: OktaAuthCoreInterface<M, S, O>, options: ServiceManagerOptions = {}) {\n this.sdk = sdk;\n this.onLeader = this.onLeader.bind(this);\n\n // TODO: backwards compatibility, remove in next major version - OKTA-473815\n const { autoRenew, autoRemove, syncStorage } = sdk.tokenManager.getOptions();\n options.electionChannelName = options.electionChannelName || options.broadcastChannelName;\n this.options = Object.assign({}, \n ServiceManager.defaultOptions,\n { autoRenew, autoRemove, syncStorage }, \n {\n electionChannelName: `${sdk.options.clientId}-election`,\n syncChannelName: `${sdk.options.clientId}-sync`,\n },\n removeNils(options)\n );\n\n this.started = false;\n this.services = new Map();\n\n ServiceManager.knownServices.forEach(name => {\n const svc = this.createService(name);\n if (svc) {\n this.services.set(name, svc);\n }\n });\n }\n\n private async onLeader() {\n if (this.started) {\n // Start services that requires leadership\n await this.startServices();\n }\n }\n\n isLeader() {\n return (this.getService(LEADER_ELECTION) as LeaderElectionService)?.isLeader();\n }\n\n isLeaderRequired() {\n return [...this.services.values()].some(srv => srv.canStart() && srv.requiresLeadership());\n }\n\n async start() {\n if (this.started) {\n return; // noop if services have already started\n }\n await this.startServices();\n this.started = true;\n }\n \n async stop() {\n await this.stopServices();\n this.started = false;\n }\n\n getService(name: string): ServiceInterface | undefined {\n return this.services.get(name);\n }\n\n private async startServices() {\n for (const [name, srv] of this.services.entries()) {\n if (this.canStartService(name, srv)) {\n await srv.start();\n }\n }\n }\n\n private async stopServices() {\n for (const srv of this.services.values()) {\n await srv.stop();\n }\n }\n\n // eslint-disable-next-line complexity\n private canStartService(name: string, srv: ServiceInterface): boolean {\n let canStart = srv.canStart() && !srv.isStarted();\n // only start election if a leader is required\n if (name === LEADER_ELECTION) {\n canStart &&= this.isLeaderRequired();\n } else if (srv.requiresLeadership()) {\n canStart &&= this.isLeader();\n }\n return canStart;\n }\n\n private createService(name: string): ServiceInterface {\n const tokenManager = this.sdk.tokenManager;\n\n let service: ServiceInterface;\n switch (name) {\n case LEADER_ELECTION:\n service = new LeaderElectionService({...this.options, onLeader: this.onLeader});\n break;\n case AUTO_RENEW:\n service = new AutoRenewService(tokenManager, {...this.options});\n break;\n case SYNC_STORAGE:\n service = new SyncStorageService(tokenManager, {...this.options});\n break;\n case RENEW_ON_TAB_ACTIVATION:\n service = new RenewOnTabActivationService(tokenManager, {...this.options});\n break;\n default:\n throw new Error(`Unknown service ${name}`);\n }\n return service;\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// ./node is swapped for ./browser in webpack config\nexport * from './node';","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\n\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { createOktaAuthBase } from '../base';\nimport { mixinStorage } from '../storage/mixin';\nimport { mixinHttp } from '../http/mixin';\nimport { mixinOAuth } from '../oidc/mixin';\nimport {\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../oidc/types';\nimport { mixinCore } from './mixin';\nimport { mixinSession } from '../session/mixin';\n\nexport function createOktaAuthCore<\n M extends PKCETransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n const Core = mixinCore<M, S, O, TM>(WithOAuth);\n return Core;\n}\n","export * from './AuthStateManager';\nexport * from './options';\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './types';\nexport * from './ServiceManager';\n","import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n PKCETransactionMeta,\n Tokens,\n TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { AuthSdkError } from '../errors';\n\nexport function mixinCore\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n {\n authStateManager: AuthStateManager<M, S, O>;\n serviceManager: ServiceManager<M, S, O>;\n \n constructor(...args: any[]) {\n super(...args);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n }\n\n async start() {\n await this.serviceManager.start();\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n await this.authStateManager.updateAuthState();\n }\n }\n \n async stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n await this.serviceManager.stop();\n }\n\n async handleRedirect(originalUri?: string): Promise<void> {\n await this.handleLoginRedirect(undefined, originalUri);\n }\n\n // eslint-disable-next-line complexity\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n \n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n \n // clear originalUri from storage\n this.removeOriginalUri(state);\n \n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n handleIDPPopupRedirect (url = window.location.href) {\n const res = parseOAuthResponseFromUrl(this, { responseMode: 'query', url });\n if (res.state) {\n const channel = new BroadcastChannel(`popup-callback:${res.state}`);\n channel.postMessage(res);\n channel.close();\n }\n else {\n throw new AuthSdkError('Unable to parse auth code params');\n }\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createOAuthOptionsConstructor } from '../oidc';\nimport { AuthState, OktaAuthCoreInterface, OktaAuthCoreOptions, ServiceManagerOptions } from './types';\n\n\nexport function createCoreOptionsConstructor()\n{\n const OAuthOptionsConstructor = createOAuthOptionsConstructor();\n return class CoreOptionsConstructor\n extends OAuthOptionsConstructor\n implements Required<OktaAuthCoreOptions>\n {\n services: ServiceManagerOptions;\n transformAuthState: (oktaAuth: OktaAuthCoreInterface, authState: AuthState) => Promise<AuthState>;\n\n constructor(options: any) {\n super(options);\n this.services = options.services;\n this.transformAuthState = options.transformAuthState;\n }\n };\n}\n","import { createOAuthStorageManager } from '../oidc/storage';\nimport { PKCETransactionMeta } from '../oidc/types';\n\nexport function createCoreStorageManager<M extends PKCETransactionMeta = PKCETransactionMeta>() {\n return createOAuthStorageManager<M>();\n}\n","export * from './api';\nexport * from './AuthState';\nexport * from './Service';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthSdkError } from '../errors';\nimport { atob, btoa } from './webcrypto';\n\n// converts a string to base64 (url/filename safe variant)\nexport function stringToBase64Url(str) {\n var b64 = btoa(str);\n return base64ToBase64Url(b64);\n}\n\n// converts a standard base64-encoded string to a \"url/filename safe\" variant\nexport function base64ToBase64Url(b64) {\n return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// converts a \"url/filename safe\" base64 string to a \"standard\" base64 string\nexport function base64UrlToBase64(b64u) {\n return b64u.replace(/-/g, '+').replace(/_/g, '/');\n}\n\nexport function base64UrlToString(b64u) {\n var b64 = base64UrlToBase64(b64u);\n switch (b64.length % 4) {\n case 0:\n break;\n case 2:\n b64 += '==';\n break;\n case 3:\n b64 += '=';\n break;\n default:\n throw new AuthSdkError('Not a valid Base64Url');\n }\n var utf8 = atob(b64);\n try {\n return decodeURIComponent(escape(utf8));\n } catch (e) {\n return utf8;\n }\n}\n\nexport function stringToBuffer(str) {\n var buffer = new Uint8Array(str.length);\n for (var i = 0; i < str.length; i++) {\n buffer[i] = str.charCodeAt(i);\n }\n return buffer;\n}\n\nexport function base64UrlDecode(str) {\n return atob(base64UrlToBase64(str));\n}\n\n// Converts base64 string to binary data view\nexport function base64UrlToBuffer(b64u) {\n return Uint8Array.from(base64UrlDecode(b64u), (c: string) => c.charCodeAt(0));\n}\n\n// Converts an ArrayBuffer object that contains binary data to base64 encoded string\nexport function bufferToBase64Url(bin) {\n return btoa(new Uint8Array(bin).reduce((s, byte) => s + String.fromCharCode(byte), ''));\n}\n\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* global atob, btoa, crypto */\nconst a = function(str) { return atob(str); };\nconst b = function (str) { return btoa(str); };\nconst c = typeof crypto === 'undefined' ? null : crypto;\n\nexport { a as atob, b as btoa, c as webcrypto };\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './base64';\nexport * from './oidcHash';\nexport * from './types';\nexport * from './verifyToken';\nexport * from './webcrypto';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* global TextEncoder */\nimport { stringToBase64Url } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function getOidcHash(str) { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var intBuffer = new Uint8Array(arrayBuffer);\n var firstHalf = intBuffer.slice(0, 16);\n var hash = String.fromCharCode.apply(null, firstHalf as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { clone } from '../util';\nimport { stringToBuffer, base64UrlDecode } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function verifyToken(idToken, key) {\n key = clone(key);\n\n var format = 'jwk';\n var algo = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: { name: 'SHA-256' }\n };\n var extractable = true;\n var usages = ['verify'];\n\n // https://connect.microsoft.com/IE/feedback/details/2242108/webcryptoapi-importing-jwk-with-use-field-fails\n // This is a metadata tag that specifies the intent of how the key should be used.\n // It's not necessary to properly verify the jwt's signature.\n delete key.use;\n\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n return webcrypto.subtle.importKey(\n format,\n key,\n algo,\n extractable,\n usages\n )\n .then(function(cryptoKey) {\n var jwt = idToken.split('.');\n var payload = stringToBuffer(jwt[0] + '.' + jwt[1]);\n var b64Signature = base64UrlDecode(jwt[2]);\n var signature = stringToBuffer(b64Signature);\n\n return webcrypto.subtle.verify(\n algo,\n cryptoKey,\n signature,\n payload\n );\n });\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// ./node is swapped for ./browser in webpack config\nexport * from './node';","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { HttpResponse } from '../http/types';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthApiError extends CustomError implements APIError {\n errorSummary: string;\n errorCode?: string;\n errorLink?: string;\n errorId?: string;\n errorCauses?: Array<FieldError>;\n xhr?: HttpResponse;\n meta?: Record<string, string | number>;\n\n constructor(err: APIError, xhr?: HttpResponse, meta?: Record<string, string | number>) {\n const message = err.errorSummary;\n super(message);\n\n this.name = 'AuthApiError';\n this.errorSummary = err.errorSummary;\n this.errorCode = err.errorCode;\n this.errorLink = err.errorLink;\n this.errorId = err.errorId;\n this.errorCauses = err.errorCauses;\n\n if (xhr) {\n this.xhr = xhr;\n }\n\n if (meta) {\n this.meta = meta;\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\n\nexport default class AuthPollStopError extends CustomError {\n constructor() {\n const message = 'The poll was stopped by the sdk';\n super(message);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthSdkError extends CustomError implements APIError {\n errorSummary: string;\n errorCode: string;\n errorLink: string;\n errorId: string;\n errorCauses: Array<FieldError>;\n xhr?: XMLHttpRequest;\n\n constructor(msg: string, xhr?: XMLHttpRequest) {\n super(msg);\n this.name = 'AuthSdkError';\n this.errorCode = 'INTERNAL';\n this.errorSummary = msg;\n this.errorLink = 'INTERNAL';\n this.errorId = 'INTERNAL';\n this.errorCauses = [];\n if (xhr) {\n this.xhr = xhr;\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class CustomError extends Error {\n constructor(message: string) {\n // https://stackoverflow.com/questions/41102060/typescript-extending-error-class\n super(message); // 'Error' breaks prototype chain here\n Object.setPrototypeOf(this, new.target.prototype); // restore prototype chain\n }\n}\n","/* eslint-disable camelcase */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport type { HttpResponse } from '../http';\n\nexport default class OAuthError extends CustomError {\n errorCode: string;\n errorSummary: string;\n\n // for widget / idx-js backward compatibility\n error: string;\n error_description: string;\n\n resp: HttpResponse | null = null;\n\n constructor(errorCode: string, summary: string, resp?: HttpResponse) {\n super(summary);\n\n this.name = 'OAuthError';\n this.errorCode = errorCode;\n this.errorSummary = summary;\n\n // for widget / idx-js backward compatibility\n this.error = errorCode;\n this.error_description = summary;\n\n // an OAuth error (should) always result from a network request\n // therefore include that in error for potential error handling\n if (resp) {\n this.resp = resp;\n }\n }\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport type { HttpResponse } from '../http';\nimport CustomError from './CustomError';\nimport { isFunction } from '../util';\n\n// Error thrown after an unsuccessful network request which requires an Authorization header \n// and returns a 4XX error with a www-authenticate header. The header value is parsed to construct \n// an error instance, which contains key/value pairs parsed out\nexport default class WWWAuthError extends CustomError {\n static UNKNOWN_ERROR = 'UNKNOWN_WWW_AUTH_ERROR';\n\n scheme: string;\n parameters: Record<string, string>;\n name = 'WWWAuthError';\n\n resp: HttpResponse | null = null;\n\n constructor(scheme: string, parameters: Record<string, string>, resp?: HttpResponse) {\n // defaults to unknown error. `error` being returned in the www-authenticate header is expected\n // but cannot be guaranteed. Throwing an error within a error constructor seems awkward\n super(parameters.error ?? WWWAuthError.UNKNOWN_ERROR);\n this.scheme = scheme;\n this.parameters = parameters;\n\n if (resp) {\n this.resp = resp;\n }\n }\n\n // convenience references\n get error (): string { return this.parameters.error; }\n get errorCode (): string { return this.error; } // parity with other error props\n // eslint-disable-next-line camelcase\n get error_description (): string { return this.parameters.error_description; }\n // eslint-disable-next-line camelcase\n get errorDescription (): string { return this.error_description; }\n get errorSummary (): string { return this.errorDescription; } // parity with other error props\n get realm (): string { return this.parameters.realm; }\n\n // parses the www-authenticate header for releveant\n static parseHeader (header: string): WWWAuthError | null {\n // header cannot be empty string\n if (!header) {\n return null;\n }\n\n // example string: Bearer error=\"invalid_token\", error_description=\"The access token is invalid\"\n // regex will match on `error=\"invalid_token\", error_description=\"The access token is invalid\"`\n // see unit test for more examples of possible www-authenticate values\n // eslint-disable-next-line max-len\n const regex = /(?:,|, )?([a-zA-Z0-9!#$%&'*+\\-.^_`|~]+)=(?:\"([a-zA-Z0-9!#$%&'*+\\-.,^_`|~ /:]+)\"|([a-zA-Z0-9!#$%&'*+\\-.^_`|~/:]+))/g;\n const firstSpace = header.indexOf(' ');\n const scheme = header.slice(0, firstSpace);\n const remaining = header.slice(firstSpace + 1);\n const params = {};\n\n // Reference: foo=\"hello\", bar=\"bye\"\n // i=0, match=[foo=\"hello1\", foo, hello]\n // i=1, match=[bar=\"bye\", bar, bye]\n let match;\n while ((match = regex.exec(remaining)) !== null) {\n params[match[1]] = (match[2] ?? match[3]);\n }\n\n return new WWWAuthError(scheme, params);\n }\n\n // finds the value of the `www-authenticate` header. HeadersInit allows for a few different\n // representations of headers with different access patterns (.get vs [key])\n static getWWWAuthenticateHeader (headers: HeadersInit = {}): string | null {\n if (isFunction((headers as Headers)?.get)) {\n return (headers as Headers).get('WWW-Authenticate');\n }\n return headers['www-authenticate'] ?? headers['WWW-Authenticate'];\n }\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthApiError from './AuthApiError';\nimport AuthPollStopError from './AuthPollStopError';\nimport AuthSdkError from './AuthSdkError';\nimport OAuthError from './OAuthError';\nimport WWWAuthError from './WWWAuthError';\n\nfunction isAuthApiError(obj: any): obj is AuthApiError {\n return (obj instanceof AuthApiError);\n}\n\nfunction isOAuthError(obj: any): obj is OAuthError {\n return (obj instanceof OAuthError);\n}\n\nfunction isWWWAuthError(obj: any): obj is WWWAuthError {\n return (obj instanceof WWWAuthError);\n}\n\nexport {\n isAuthApiError,\n isOAuthError,\n isWWWAuthError,\n AuthApiError,\n AuthPollStopError,\n AuthSdkError,\n OAuthError,\n WWWAuthError\n};\n\nexport * from './types';\n","import { OktaAuth } from '../default';\n\n// Export only a single object\nexport default OktaAuth;\n","import * as crypto from '../crypto';\n\nexport { crypto };\nexport * from '../base';\nexport * from '../constants';\nexport * from '../core';\nexport * from '../errors';\nexport * from '../http';\nexport * from '../oidc';\nexport * from '../session';\nexport * from '../storage';\nexport * from '../util';\n","import {\n OktaAuthOptionsConstructor,\n} from '../base';\n\nimport {\n IdxStorageManagerConstructor,\n IdxTransactionManagerConstructor,\n OktaAuthIdxOptions,\n createIdxTransactionManager,\n createOktaAuthIdx,\n createIdxStorageManager,\n createIdxOptionsConstructor\n} from '../idx';\n\nimport { mixinMyAccount } from '../myaccount';\nimport { mixinAuthn } from '../authn';\n\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface OktaAuthOptions extends OktaAuthIdxOptions {}\n\nconst OptionsConstructor: OktaAuthOptionsConstructor<OktaAuthOptions> = createIdxOptionsConstructor();\nconst StorageManager: IdxStorageManagerConstructor = createIdxStorageManager();\nconst TransactionManager: IdxTransactionManagerConstructor = createIdxTransactionManager();\n\n// Default bundle includes everything\nconst WithIdx = createOktaAuthIdx(StorageManager, OptionsConstructor, TransactionManager);\nconst WithMyAccount = mixinMyAccount(WithIdx);\nconst WithAuthn = mixinAuthn(WithMyAccount);\n\nclass OktaAuth extends WithAuthn {\n constructor(options: OktaAuthOptions) {\n super(options);\n }\n}\n\nexport default OktaAuth;\nexport { OktaAuth };\nexport * from './common';\nexport * from '../idx';\nexport * from '../myaccount';\nexport * from '../authn';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable node/no-unsupported-features/node-builtins */\n/* global document, window, TextEncoder, navigator */\n\nimport { webcrypto } from './crypto';\n\nconst isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\t\n\nexport function isBrowser() {\n return typeof document !== 'undefined' && typeof window !== 'undefined';\n}\n\nexport function isIE11OrLess() {\n if (!isBrowser()) {\n return false;\n }\n const documentMode = (document as any).documentMode;\n return !!documentMode && documentMode <= 11;\n}\n\nexport function getUserAgent() {\n return navigator.userAgent;\n}\n\nexport function isFingerprintSupported() {\n const agent = getUserAgent();\n return agent && !isWindowsPhone.test(agent);\t\n}\n\nexport function isPopupPostMessageSupported() {\n if (!isBrowser()) {\n return false;\n }\n const documentMode = (document as any).documentMode;\n var isIE8or9 = documentMode && documentMode < 10;\n if (typeof window.postMessage !== 'undefined' && !isIE8or9) {\n return true;\n }\n return false;\n}\n\nfunction isWebCryptoSubtleSupported () {\n return typeof webcrypto !== 'undefined'\n && webcrypto !== null\n && typeof webcrypto.subtle !== 'undefined'\n && typeof Uint8Array !== 'undefined';\n}\n\nexport function isTokenVerifySupported() {\n return isWebCryptoSubtleSupported();\n}\n\nexport function hasTextEncoder() {\n return typeof TextEncoder !== 'undefined';\n}\n\nexport function isPKCESupported() {\n return isTokenVerifySupported() && hasTextEncoder();\n}\n\nexport function isHTTPS() {\n if (!isBrowser()) {\n return false;\n }\n return window.location.protocol === 'https:';\n}\n\nexport function isLocalhost() {\n // eslint-disable-next-line compat/compat\n return isBrowser() && window.location.hostname === 'localhost';\n}\n\n// For now, DPoP is only supported on browsers\nexport function isDPoPSupported () {\n return !isIE11OrLess() &&\n typeof window.indexedDB !== 'undefined' &&\n hasTextEncoder() &&\n isWebCryptoSubtleSupported();\n}\n\nexport function isIOS () {\n // iOS detection from: http://stackoverflow.com/a/9039885/177710\n return isBrowser() && typeof navigator !== 'undefined' && typeof navigator.userAgent !== 'undefined' &&\n // @ts-expect-error - MSStream is not in `window` type, unsurprisingly\n (/iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream);\n}\n","/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport crossFetch from 'cross-fetch';\nimport { FetchOptions, HttpResponse } from '../http/types';\n\n// content-type = application/json OR application/ion+json\nconst appJsonContentTypeRegex = /application\\/\\w*\\+?json/;\n\nfunction readData(response: Response): Promise<object | string> {\n if (response.headers.get('Content-Type') &&\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n response.headers.get('Content-Type')!.toLowerCase().indexOf('application/json') >= 0) {\n return response.json()\n // JSON parse can fail if response is not a valid object\n .catch(e => {\n return {\n error: e,\n errorSummary: 'Could not parse server response'\n };\n });\n } else {\n return response.text();\n }\n}\n\nfunction formatResult(status: number, data: object | string, response: Response) {\n const isObject = typeof data === 'object';\n const headers = {};\n for (const pair of (response.headers as any).entries()) {\n headers[pair[0]] = pair[1];\n }\n const result: HttpResponse = {\n responseText: isObject ? JSON.stringify(data) : data as string,\n status: status,\n headers\n };\n if (isObject) {\n result.responseType = 'json';\n result.responseJSON = data as object;\n }\n return result;\n}\n\n/* eslint-disable complexity */\nfunction fetchRequest(method: string, url: string, args: FetchOptions) {\n var body = args.data;\n var headers = args.headers || {};\n var contentType = (headers['Content-Type'] || headers['content-type'] || '');\n\n if (body && typeof body !== 'string') {\n // JSON encode body (if appropriate)\n if (appJsonContentTypeRegex.test(contentType)) {\n body = JSON.stringify(body);\n }\n else if (contentType === 'application/x-www-form-urlencoded') {\n body = Object.entries(body)\n .map( ([param, value]) => `${param}=${encodeURIComponent(value)}` )\n .join('&');\n }\n }\n\n var fetch = global.fetch || crossFetch;\n var fetchPromise = fetch(url, {\n method: method,\n headers: args.headers,\n body: body as string,\n credentials: args.withCredentials ? 'include' : 'omit'\n });\n\n if (!fetchPromise.finally) {\n fetchPromise = Promise.resolve(fetchPromise);\n }\n\n return fetchPromise.then(function(response) {\n var error = !response.ok;\n var status = response.status;\n return readData(response)\n .then(data => {\n return formatResult(status, data, response);\n })\n .then(result => {\n if (error || result.responseJSON?.error) {\n // Throwing result object since error handling is done in http.js\n throw result;\n }\n return result;\n });\n });\n}\n\nexport default fetchRequest;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global SDK_VERSION */\n\nimport { isBrowser } from '../features';\nexport class OktaUserAgent {\n environments: string[];\n\n constructor() {\n // add base sdk env\n this.environments = [`okta-auth-js/${SDK_VERSION}`];\n this.maybeAddNodeEnvironment();\n }\n\n addEnvironment(env: string) {\n this.environments.push(env);\n }\n\n getHttpHeader() {\n return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n }\n\n getVersion() {\n return SDK_VERSION;\n }\n\n maybeAddNodeEnvironment() {\n if (isBrowser() || !process || !process.versions) {\n return;\n }\n const { node: version } = process.versions;\n this.environments.push(`nodejs/${version}`);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthHttpInterface } from './types';\n\nexport function setRequestHeader(authClient: OktaAuthHttpInterface, headerName, headerValue) {\n authClient.options.headers = authClient.options.headers || {};\n authClient.options.headers[headerName] = headerValue;\n}","export * from './headers';\nexport * from './OktaUserAgent';\nexport * from './request';\nexport * from './types';\nexport * from './mixin';\nexport * from './options';\n\n","import { OktaAuthStorageInterface, StorageManagerInterface } from '../storage/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n HttpAPI,\n OktaAuthHttpInterface,\n OktaAuthHttpOptions,\n} from './types';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { setRequestHeader } from './headers';\nimport { toQueryString } from '../util';\nimport { get } from './request';\n\nexport function mixinHttp\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n = OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n{\n return class OktaAuthHttp extends Base implements OktaAuthHttpInterface<S, O>\n {\n _oktaUserAgent: OktaUserAgent;\n http: HttpAPI;\n \n constructor(...args: any[]) {\n super(...args);\n\n this._oktaUserAgent = new OktaUserAgent();\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n \n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n \n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createStorageOptionsConstructor } from '../storage';\nimport { HttpRequestClient, OktaAuthHttpOptions, RequestOptions } from './types';\nimport fetchRequest from '../fetch/fetchRequest';\n\nexport function createHttpOptionsConstructor() {\n const StorageOptionsConstructor = createStorageOptionsConstructor();\n return class HttpOptionsConstructor extends StorageOptionsConstructor implements Required<OktaAuthHttpOptions> {\n issuer: string;\n transformErrorXHR: (xhr: object) => any;\n headers: object;\n httpRequestClient: HttpRequestClient;\n httpRequestInterceptors: ((request: RequestOptions) => void)[];\n pollDelay: number;\n \n constructor(args: any) {\n super(args);\n this.issuer = args.issuer;\n this.transformErrorXHR = args.transformErrorXHR;\n this.headers = args.headers;\n this.httpRequestClient = args.httpRequestClient || fetchRequest;\n this.httpRequestInterceptors = args.httpRequestInterceptors;\n this.pollDelay = args.pollDelay;\n }\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport {\n STATE_TOKEN_KEY_NAME,\n DEFAULT_CACHE_DURATION,\n IOS_MAX_RETRY_COUNT,\n} from '../constants';\nimport {\n OktaAuthHttpInterface,\n RequestOptions,\n FetchOptions,\n RequestData,\n HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, APIError, WWWAuthError } from '../errors';\nimport { isBrowser } from '../features';\n\n\n// For iOS track last date when document became visible\nlet dateDocumentBecameVisible = 0;\nlet trackDateDocumentBecameVisible: () => void;\nif (isBrowser()) {\n dateDocumentBecameVisible = Date.now();\n trackDateDocumentBecameVisible = () => {\n if (!document.hidden) {\n dateDocumentBecameVisible = Date.now();\n }\n };\n document.addEventListener('visibilitychange', trackDateDocumentBecameVisible);\n}\n\nconst formatError = (sdk: OktaAuthHttpInterface, error: HttpResponse | Error): AuthApiError | OAuthError => {\n if (error instanceof Error) {\n // fetch() can throw exceptions\n // see https://developer.mozilla.org/en-US/docs/Web/API/fetch#exceptions\n return new AuthApiError({\n errorSummary: error.message,\n });\n }\n\n let resp: HttpResponse = error;\n let err: AuthApiError | OAuthError | WWWAuthError;\n let serverErr: Record<string, any> = {};\n if (resp.responseText && isString(resp.responseText)) {\n try {\n serverErr = JSON.parse(resp.responseText);\n } catch (e) {\n serverErr = {\n errorSummary: 'Unknown error'\n };\n }\n }\n\n if (resp.status >= 500) {\n serverErr.errorSummary = 'Unknown error';\n }\n\n if (sdk.options.transformErrorXHR) {\n resp = sdk.options.transformErrorXHR(clone(resp));\n }\n\n // \n const wwwAuthHeader = WWWAuthError.getWWWAuthenticateHeader(resp?.headers) ?? '';\n\n if (serverErr.error && serverErr.error_description) {\n err = new OAuthError(serverErr.error, serverErr.error_description, resp);\n } else {\n err = new AuthApiError(serverErr as APIError, resp, { wwwAuthHeader });\n }\n\n if (wwwAuthHeader && resp?.status >= 400 && resp?.status < 500) {\n const wwwAuthErr = WWWAuthError.parseHeader(wwwAuthHeader);\n // check for 403 to avoid breaking change\n if (resp.status === 403 && wwwAuthErr?.error === 'insufficient_authentication_context') {\n // eslint-disable-next-line camelcase\n const { max_age, acr_values } = wwwAuthErr.parameters;\n err = new AuthApiError(\n {\n errorSummary: wwwAuthErr.error,\n errorCauses: [{ errorSummary: wwwAuthErr.errorDescription }]\n },\n resp,\n {\n // eslint-disable-next-line camelcase\n max_age: +max_age,\n // eslint-disable-next-line camelcase\n ...(acr_values && { acr_values })\n }\n );\n }\n else if (wwwAuthErr?.scheme === 'DPoP') {\n err = wwwAuthErr;\n }\n // else {\n // // WWWAuthError.parseHeader may return null, only overwrite if !null\n // err = wwwAuthErr ?? err;\n // }\n }\n\n return err;\n};\n\n// eslint-disable-next-line max-statements\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n options = options || {};\n\n if (sdk.options.httpRequestInterceptors) {\n for (const interceptor of sdk.options.httpRequestInterceptors) {\n interceptor(options);\n }\n }\n\n var url = options.url,\n method = options.method,\n args = options.args,\n saveAuthnState = options.saveAuthnState,\n accessToken = options.accessToken,\n withCredentials = options.withCredentials === true, // default value is false\n storageUtil = sdk.options.storageUtil,\n storage = storageUtil!.storage,\n httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies),\n pollingIntent = options.pollingIntent,\n pollDelay = sdk.options.pollDelay ?? 0;\n\n if (options.cacheResponse) {\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[url as string];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n return Promise.resolve(cachedResponse.response);\n }\n }\n\n var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n var headers: HeadersInit = {\n 'Accept': 'application/json',\n 'Content-Type': 'application/json',\n ...oktaUserAgentHeader\n };\n Object.assign(headers, sdk.options.headers, options.headers);\n headers = removeNils(headers) as HeadersInit;\n\n if (accessToken && isString(accessToken)) {\n headers['Authorization'] = 'Bearer ' + accessToken;\n }\n\n var ajaxOptions: FetchOptions = {\n headers,\n data: args || undefined,\n withCredentials\n };\n\n var err, res, promise;\n\n if (pollingIntent && isBrowser() && pollDelay > 0) {\n let waitForVisibleAndAwakenDocument: () => Promise<void>;\n let waitForAwakenDocument: () => Promise<void>;\n let recursiveFetch: () => Promise<HttpResponse>;\n let retryCount = 0;\n\n // Safari on iOS has a bug:\n // Performing `fetch` right after document became visible can fail with `Load failed` error.\n // Running fetch after short timeout fixes this issue.\n waitForAwakenDocument = () => {\n const timeSinceDocumentIsVisible = Date.now() - dateDocumentBecameVisible;\n if (timeSinceDocumentIsVisible < pollDelay) {\n return new Promise<void>((resolve) => setTimeout(() => {\n if (!document.hidden) {\n resolve();\n } else {\n resolve(waitForVisibleAndAwakenDocument());\n }\n }, pollDelay - timeSinceDocumentIsVisible));\n } else {\n return Promise.resolve();\n }\n };\n\n // Returns a promise that resolves when document is visible for 500 ms\n waitForVisibleAndAwakenDocument = () => {\n if (document.hidden) {\n let pageVisibilityHandler: () => void;\n return new Promise<void>((resolve) => {\n pageVisibilityHandler = () => {\n if (!document.hidden) {\n document.removeEventListener('visibilitychange', pageVisibilityHandler);\n resolve(waitForAwakenDocument());\n }\n };\n document.addEventListener('visibilitychange', pageVisibilityHandler);\n });\n } else {\n return waitForAwakenDocument();\n }\n };\n\n // Restarts fetch on 'Load failed' error\n // This error can occur when `fetch` does not respond\n // (due to CORS error, non-existing host, or network error)\n const retryableFetch = (): Promise<HttpResponse> => {\n return sdk.options.httpRequestClient!(method!, url!, ajaxOptions).catch((err) => {\n const isNetworkError = err?.message === 'Load failed';\n if (isNetworkError && retryCount < IOS_MAX_RETRY_COUNT) {\n retryCount++;\n return recursiveFetch();\n }\n throw err;\n });\n };\n\n // Final promise to fetch that wraps logic with waiting for visible document\n // and retrying fetch request on network error\n recursiveFetch = (): Promise<HttpResponse> => {\n return waitForVisibleAndAwakenDocument().then(retryableFetch);\n };\n\n promise = recursiveFetch();\n } else {\n promise = sdk.options.httpRequestClient!(method!, url!, ajaxOptions);\n }\n\n return promise\n .then(function(resp) {\n res = resp.responseText;\n if (res && isString(res)) {\n res = JSON.parse(res);\n if (res && typeof res === 'object' && !res.headers) {\n if (Array.isArray(res)) {\n res.forEach(item => {\n item.headers = resp.headers;\n });\n } else {\n res.headers = resp.headers;\n }\n }\n }\n\n if (saveAuthnState) {\n if (!res.stateToken) {\n storage.delete(STATE_TOKEN_KEY_NAME);\n }\n }\n\n if (res && res.stateToken && res.expiresAt) {\n storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n }\n\n if (res && options.cacheResponse) {\n httpCache.updateStorage(url!, {\n expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n response: res\n });\n }\n \n return res;\n })\n .catch(function(resp) {\n err = formatError(sdk, resp);\n\n if (err.errorCode === 'E0000011') {\n storage.delete(STATE_TOKEN_KEY_NAME);\n }\n\n throw err;\n });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n var getOptions = {\n url: url,\n method: 'GET'\n };\n Object.assign(getOptions, options);\n return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n var postOptions = {\n url: url,\n method: 'POST',\n args: args,\n saveAuthnState: true\n };\n Object.assign(postOptions, options);\n return httpRequest(sdk, postOptions);\n}\n","import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n const TransactionManager = createTransactionManager<M, S>();\n return class IdxTransactionManager extends TransactionManager\n {\n constructor(options: TransactionManagerOptions) {\n super(options);\n }\n\n clear(options: ClearTransactionMetaOptions = {}) {\n super.clear(options);\n\n if (options.clearIdxResponse !== false) {\n this.clearIdxResponse();\n }\n }\n \n saveIdxResponse(data: SavedIdxResponse): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage(data);\n }\n\n // eslint-disable-next-line complexity\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n if (!this.saveLastResponse) {\n return null;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const storedValue = storage.getStorage();\n if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n return null;\n }\n\n if (options) {\n const { stateHandle, interactionHandle } = options;\n // only perform this check if NOT using generic remediator\n if (!options.useGenericRemediator && stateHandle && storedValue.stateHandle !== stateHandle) {\n return null;\n }\n if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n return null;\n }\n }\n\n return storedValue;\n }\n\n clearIdxResponse(): void {\n if (!this.saveLastResponse) {\n return;\n }\n const storage = this.storageManager.getIdxResponseStorage();\n storage?.clearStorage();\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthIdxInterface,\n IdxTransaction,\n AuthenticatorKey,\n AuthenticationOptions\n} from './types';\nimport { run } from './run';\n\nexport async function authenticate(\n authClient: OktaAuthIdxInterface, options: AuthenticationOptions = {}\n): Promise<IdxTransaction> {\n if (options.password && !options.authenticator) {\n options.authenticator = AuthenticatorKey.OKTA_PASSWORD;\n }\n return run(authClient, { \n ...options, \n flow: 'authenticate'\n });\n}\n","import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js';\n\n\nexport interface Credentials {\n [key: string]: string | boolean | number | undefined;\n}\n\nexport abstract class Authenticator<Values> {\n meta: IdxAuthenticator;\n\n constructor(authenticator: IdxAuthenticator) {\n this.meta = authenticator;\n }\n\n abstract canVerify(values: Values): boolean;\n\n abstract mapCredentials(values: Values): Credentials | undefined;\n\n abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n password?: string;\n passcode?: string;\n credentials?: Credentials;\n // for ResetAuthenticator\n revokeSessions?: boolean;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n canVerify(values: OktaPasswordInputValues) {\n return !!(values.credentials || values.password || values.passcode);\n }\n\n mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n const { credentials, password, passcode, revokeSessions } = values;\n if (!credentials && !password && !passcode) {\n return;\n }\n return credentials || {\n passcode: passcode || password,\n revokeSessions,\n };\n }\n\n getInputs(idxRemediationValue) {\n const inputs = [{\n ...idxRemediationValue.form?.value[0],\n name: 'password',\n type: 'string',\n required: idxRemediationValue.required,\n }];\n const revokeSessions = idxRemediationValue.form?.value.find(\n input => input.name === 'revokeSessions'\n );\n if (revokeSessions) {\n inputs.push({\n name: 'revokeSessions',\n type: 'boolean',\n label: 'Sign me out of all other devices',\n required: false,\n });\n }\n return inputs;\n }\n}\n","import { Credentials } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\n\ninterface TotpCredentials extends Credentials {\n totp: string;\n}\n\nexport class OktaVerifyTotp extends VerificationCodeAuthenticator {\n mapCredentials(values): TotpCredentials | undefined {\n const { verificationCode } = values;\n if (!verificationCode) {\n return;\n }\n return { totp: verificationCode };\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n questionKey?: string;\n question?: string;\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n canVerify(values: SecurityQuestionEnrollValues) {\n const { credentials } = values;\n if (credentials && credentials.questionKey && credentials.answer) {\n return true;\n }\n const { questionKey, question, answer } = values;\n return !!(questionKey && answer) || !!(question && answer);\n }\n\n mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n const { questionKey, question, answer } = values;\n if (!answer || (!questionKey && !question)) {\n return;\n }\n return {\n questionKey: question ? 'custom' : questionKey,\n question,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'questionKey', type: 'string', required: true },\n { name: 'question', type: 'string', label: 'Create a security question' },\n { name: 'answer', type: 'string', label: 'Answer', required: true },\n ];\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n canVerify(values: SecurityQuestionVerificationValues) {\n const { credentials } = values;\n if (credentials && credentials.answer) {\n return true;\n }\n const { answer } = values;\n return !!answer;\n }\n\n mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n const { answer } = values;\n if (!answer) {\n return;\n }\n return {\n questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'answer', type: 'string', label: 'Answer', required: true }\n ];\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface VerificationCodeValues {\n verificationCode?: string;\n otp?: string;\n credentials?: Credentials;\n}\n\ninterface VerificationCodeCredentials extends Credentials {\n passcode: string;\n}\n\n// general authenticator to handle \"verificationCode\" input\n// it can be used for \"email\", \"phone\", \"google authenticator\"\n// a new authenticator class should be created if special cases need to be handled\nexport class VerificationCodeAuthenticator extends Authenticator<VerificationCodeValues> {\n canVerify(values: VerificationCodeValues) {\n return !!(values.credentials ||values.verificationCode || values.otp);\n }\n\n mapCredentials(values): VerificationCodeCredentials | Credentials | undefined {\n const { credentials, verificationCode, otp } = values;\n if (!credentials && !verificationCode && !otp) {\n return;\n }\n return credentials || { passcode: verificationCode || otp };\n }\n\n getInputs(idxRemediationValue) {\n return {\n ...idxRemediationValue.form?.value[0],\n name: 'verificationCode',\n type: 'string',\n required: idxRemediationValue.required\n };\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n id?: string;\n clientData?: string;\n attestation?: string;\n credentials?: Credentials;\n transports?: string;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n canVerify(values: WebauthnEnrollValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, attestation } = obj;\n return !!(clientData && attestation);\n }\n\n mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n const { credentials, clientData, attestation, transports } = values;\n if (!credentials && !clientData && !attestation) {\n return;\n }\n return credentials || ({\n clientData,\n attestation,\n ...(transports && { transports }),\n });\n }\n\n getInputs() {\n return [\n { name: 'clientData', type: 'string', required: true, visible: false, label: 'Client Data' },\n { name: 'attestation', type: 'string', required: true, visible: false, label: 'Attestation' },\n ];\n }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n id?: string;\n clientData?: string;\n authenticatorData?: string;\n signatureData?: string;\n credentials?: Credentials;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n canVerify(values: WebauthnVerificationValues) {\n const { credentials } = values;\n const obj = credentials || values;\n const { clientData, authenticatorData, signatureData } = obj;\n return !!(clientData && authenticatorData && signatureData);\n }\n\n mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n const { credentials, authenticatorData, clientData, signatureData } = values;\n if (!credentials && !authenticatorData && !clientData && !signatureData) {\n return;\n }\n return credentials || ({\n authenticatorData,\n clientData,\n signatureData\n });\n }\n\n getInputs() {\n return [\n { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n ];\n }\n}\n","import { OktaVerifyTotp } from './OktaVerifyTotp';\nimport { Authenticator } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\nimport { OktaPassword } from './OktaPassword';\nimport { SecurityQuestionEnrollment } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerification } from './SecurityQuestionVerification';\nimport { WebauthnEnrollment } from './WebauthnEnrollment';\nimport { WebauthnVerification } from './WebauthnVerification';\nimport { IdxAuthenticator, IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey } from '../types';\n\n/* eslint complexity:[0,8] */\nexport function getAuthenticator(remediation: IdxRemediation): Authenticator<any> {\n const relatesTo = remediation.relatesTo;\n const value = relatesTo?.value || {} as IdxAuthenticator;\n switch (value.key) {\n case AuthenticatorKey.OKTA_PASSWORD:\n return new OktaPassword(value);\n case AuthenticatorKey.SECURITY_QUESTION:\n if (value.contextualData?.enrolledQuestion) {\n return new SecurityQuestionVerification(value);\n } else {\n return new SecurityQuestionEnrollment(value);\n }\n case AuthenticatorKey.OKTA_VERIFY:\n return new OktaVerifyTotp(value);\n case AuthenticatorKey.WEBAUTHN:\n if (value.contextualData?.challengeData) {\n return new WebauthnVerification(value);\n } else {\n return new WebauthnEnrollment(value);\n }\n default:\n return new VerificationCodeAuthenticator(value);\n }\n}\n","export * from './getAuthenticator';\nexport * from './Authenticator';\nexport * from './VerificationCodeAuthenticator';\nexport * from './OktaPassword';\nexport * from './SecurityQuestionEnrollment';\nexport * from './SecurityQuestionVerification';\nexport * from './WebauthnEnrollment';\nexport * from './WebauthnVerification';\n\nimport { OktaPasswordInputValues } from './OktaPassword';\nimport { SecurityQuestionEnrollValues } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerificationValues } from './SecurityQuestionVerification';\nimport { VerificationCodeValues } from './VerificationCodeAuthenticator';\nimport { WebauthnEnrollValues } from './WebauthnEnrollment';\nimport { WebauthnVerificationValues } from './WebauthnVerification';\n\nexport type AuthenticatorValues = OktaPasswordInputValues\n & SecurityQuestionEnrollValues\n & SecurityQuestionVerificationValues\n & VerificationCodeValues\n & WebauthnEnrollValues\n & WebauthnVerificationValues;\n","import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n let authenticator: Authenticator;\n if (isAuthenticator(incoming)) {\n authenticator = incoming;\n } else if (typeof incoming === 'string') {\n authenticator = {\n key: incoming\n };\n } else {\n throw new Error('Invalid format for authenticator');\n }\n return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n if (!auth1 || !auth2) {\n return false;\n }\n // by id\n if (auth1.id && auth2.id) {\n return (auth1.id === auth2.id);\n }\n // by key\n if (auth1.key && auth2.key) {\n return (auth1.key === auth2.key);\n }\n return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n let option;\n for (let authenticator of authenticators) {\n option = options\n .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n if (option) {\n break;\n }\n }\n return option;\n}","/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, CancelOptions, IdxTransactionMeta } from './types';\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\n\nexport async function cancel (authClient: OktaAuthIdxInterface, options?: CancelOptions) {\n const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n const flowSpec = getFlowSpecification(authClient, meta.flow);\n return run(authClient, {\n ...options,\n ...flowSpec,\n actions: ['cancel']\n });\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface } from './types';\n\nimport CustomError from '../errors/CustomError';\nimport { urlParamsToObject } from '../oidc/util/urlParams';\nimport { EmailVerifyCallbackResponse } from './types/api';\n\nexport class EmailVerifyCallbackError extends CustomError {\n state: string;\n otp: string;\n\n constructor(state: string, otp: string) {\n super(`Enter the OTP code in the originating client: ${otp}`);\n this.name = 'EmailVerifyCallbackError';\n this.state = state;\n this.otp = otp;\n }\n}\n\nexport function isEmailVerifyCallbackError(error: Error) {\n return (error.name === 'EmailVerifyCallbackError');\n}\n\n// Check if state && otp have been passed back in the url\nexport function isEmailVerifyCallback (urlPath: string): boolean {\n return /(otp=)/i.test(urlPath) && /(state=)/i.test(urlPath);\n}\n\n// Parse state and otp from a urlPath (should be either a search or fragment from the URL)\nexport function parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n return urlParamsToObject(urlPath) as EmailVerifyCallbackResponse;\n}\n\nexport async function handleEmailVerifyCallback(authClient: OktaAuthIdxInterface, search: string) {\n if (isEmailVerifyCallback(search)) {\n const { state, otp } = parseEmailVerifyCallback(search);\n if (authClient.idx.canProceed({ state })) {\n // same browser / device\n return await authClient.idx.proceed({ state, otp });\n } else {\n // different browser or device\n throw new EmailVerifyCallbackError(state, otp);\n }\n }\n}\n","import { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, MinimalOktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { TransactionManagerConstructor, MinimalOktaOAuthInterface } from '../../oidc/types';\nimport { mixinMinimalIdx } from '../mixinMinimal';\nimport { createOktaAuthBase } from '../../base/factory';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinMinimalOAuth } from '../../oidc/mixin/minimal';\n\nexport function createMinimalOktaAuthIdx<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<\n MinimalOktaAuthIdxInterface<M, S, O, TM> & MinimalOktaOAuthInterface<M, S, O, TM>\n>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinMinimalOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n // do not mixin core\n const WithIdx = mixinMinimalIdx(WithOAuth);\n return WithIdx;\n}\n","import { createOktaAuthCore } from '../../core/factory';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, OktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { mixinIdx } from '../mixin';\nimport { TransactionManagerConstructor } from '../../oidc/types';\nimport { OktaAuthCoreInterface } from '../../core/types';\n\nexport function createOktaAuthIdx<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM> & OktaAuthCoreInterface<M, S, O, TM>>\n{\n const Core = createOktaAuthCore<M, S, O, TM>(\n StorageManagerConstructor,\n OptionsConstructor,\n TransactionManagerConstructor\n );\n const WithIdx = mixinIdx(Core);\n return WithIdx;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { isInteractionRequired, isInteractionRequiredError } from '../../oidc';\nimport { authenticate } from '../authenticate';\nimport { cancel } from '../cancel';\nimport {\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n isEmailVerifyCallbackError,\n parseEmailVerifyCallback\n} from '../emailVerify';\nimport { handleInteractionCodeRedirect } from '../handleInteractionCodeRedirect';\nimport { makeIdxState } from '../idxState';\nimport { interact } from '../interact';\nimport { introspect } from '../introspect';\nimport { poll } from '../poll';\nimport { canProceed, proceed } from '../proceed';\nimport { recoverPassword } from '../recoverPassword';\nimport { register } from '../register';\nimport { startTransaction } from '../startTransaction';\nimport {\n clearTransactionMeta,\n createTransactionMeta,\n getSavedTransactionMeta,\n getTransactionMeta,\n isTransactionMetaValid,\n saveTransactionMeta\n} from '../transactionMeta';\nimport { FlowIdentifier, IdxAPI, OktaAuthIdxInterface } from '../types';\nimport { unlockAccount } from '../unlockAccount';\nimport * as remediators from '../remediators';\nimport { getFlowSpecification } from '../flow/FlowSpecification';\nimport { setRemediatorsCtx } from '../util';\n\n// Factory\nexport function createIdxAPI(sdk: OktaAuthIdxInterface): IdxAPI {\n setRemediatorsCtx({\n remediators,\n getFlowSpecification,\n });\n const boundStartTransaction = startTransaction.bind(null, sdk);\n const idx = {\n interact: interact.bind(null, sdk),\n introspect: introspect.bind(null, sdk),\n makeIdxResponse: makeIdxState.bind(null, sdk),\n \n authenticate: authenticate.bind(null, sdk),\n register: register.bind(null, sdk),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, sdk),\n proceed: proceed.bind(null, sdk),\n cancel: cancel.bind(null, sdk),\n recoverPassword: recoverPassword.bind(null, sdk),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, sdk),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, sdk),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, sdk),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, sdk),\n createTransactionMeta: createTransactionMeta.bind(null, sdk),\n getTransactionMeta: getTransactionMeta.bind(null, sdk),\n saveTransactionMeta: saveTransactionMeta.bind(null, sdk),\n clearTransactionMeta: clearTransactionMeta.bind(null, sdk),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n sdk.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return sdk.options.flow;\n },\n canProceed: canProceed.bind(null, sdk),\n unlockAccount: unlockAccount.bind(null, sdk),\n };\n return idx;\n}\n\n","export * from './api';\nexport * from './OktaAuthIdx';\nexport * from './MinimalOktaAuthIdx';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { makeIdxState } from '../idxState';\nimport { canProceed, proceed } from '../proceed';\nimport { startTransaction } from '../startTransaction';\nimport {\n clearTransactionMeta,\n createTransactionMeta,\n getSavedTransactionMeta,\n getTransactionMeta,\n isTransactionMetaValid,\n saveTransactionMeta\n} from '../transactionMeta';\nimport { MinimalIdxAPI, MinimalOktaAuthIdxInterface, OktaAuthIdxInterface } from '../types';\n\n// Factory\nexport function createMinimalIdxAPI(minimalSdk: MinimalOktaAuthIdxInterface): MinimalIdxAPI {\n const sdk = minimalSdk as OktaAuthIdxInterface;\n const boundStartTransaction = startTransaction.bind(null, sdk);\n const idx = {\n makeIdxResponse: makeIdxState.bind(null, sdk),\n\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n proceed: proceed.bind(null, sdk),\n canProceed: canProceed.bind(null, sdk),\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, sdk),\n createTransactionMeta: createTransactionMeta.bind(null, sdk),\n getTransactionMeta: getTransactionMeta.bind(null, sdk),\n saveTransactionMeta: saveTransactionMeta.bind(null, sdk),\n clearTransactionMeta: clearTransactionMeta.bind(null, sdk),\n isTransactionMetaValid,\n };\n return idx;\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n Identify,\n SelectAuthenticatorUnlockAccount,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n ChallengePoll,\n AuthenticatorVerificationData,\n ReEnrollAuthenticatorWarning\n} from '../remediators';\n\nexport const AccountUnlockFlow: RemediationFlow = {\n 'identify': Identify,\n // NOTE: unlock-account is purposely not included. Handled as action\n // because it's a rememdiation which requires no input\n // 'unlock-account': UnlockAccount,\n 'select-authenticator-unlock-account': SelectAuthenticatorUnlockAccount,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'challenge-poll': ChallengePoll,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n Identify,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n ReEnrollAuthenticator,\n ReEnrollAuthenticatorWarning,\n RedirectIdp,\n AuthenticatorEnrollmentData,\n SelectAuthenticatorEnroll,\n EnrollAuthenticator,\n AuthenticatorVerificationData,\n EnrollPoll,\n ChallengePoll,\n SelectEnrollmentChannel,\n EnrollmentChannelData,\n Skip\n} from '../remediators';\n\nexport const AuthenticationFlow: RemediationFlow = {\n 'identify': Identify,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'enroll-authenticator': EnrollAuthenticator,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'challenge-poll': ChallengePoll,\n 'reenroll-authenticator': ReEnrollAuthenticator,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n 'enroll-poll': EnrollPoll,\n 'select-enrollment-channel': SelectEnrollmentChannel,\n 'enrollment-channel-data': EnrollmentChannelData,\n 'redirect-idp': RedirectIdp,\n 'skip': Skip,\n};\n","import { OktaAuthIdxInterface, FlowIdentifier, FlowSpecification } from '../types';\nimport { AuthenticationFlow } from './AuthenticationFlow';\nimport { PasswordRecoveryFlow } from './PasswordRecoveryFlow';\nimport { RegistrationFlow } from './RegistrationFlow';\nimport { AccountUnlockFlow } from './AccountUnlockFlow';\n\n// eslint-disable-next-line complexity\nexport function getFlowSpecification(\n oktaAuth: OktaAuthIdxInterface,\n flow: FlowIdentifier = 'default'\n): FlowSpecification {\n let remediators, actions, withCredentials = true;\n switch (flow) {\n case 'register':\n case 'signup':\n case 'enrollProfile':\n remediators = RegistrationFlow;\n withCredentials = false;\n break;\n case 'recoverPassword':\n case 'resetPassword':\n remediators = PasswordRecoveryFlow;\n actions = [\n 'currentAuthenticator-recover', \n 'currentAuthenticatorEnrollment-recover'\n ];\n withCredentials = false;\n break;\n case 'unlockAccount':\n remediators = AccountUnlockFlow;\n withCredentials = false;\n actions = [\n 'unlock-account'\n ];\n break;\n case 'authenticate':\n case 'login':\n case 'signin':\n remediators = AuthenticationFlow;\n break;\n default:\n // default case has no flow monitor\n remediators = AuthenticationFlow;\n break;\n }\n return { flow, remediators, actions, withCredentials };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n Identify,\n SelectAuthenticatorAuthenticate,\n ChallengeAuthenticator,\n AuthenticatorVerificationData,\n ResetAuthenticator,\n ReEnrollAuthenticator,\n ReEnrollAuthenticatorWarning,\n SelectAuthenticatorEnroll,\n AuthenticatorEnrollmentData,\n EnrollPoll\n} from '../remediators';\n\nexport const PasswordRecoveryFlow: RemediationFlow = {\n 'identify': Identify,\n 'identify-recovery': Identify,\n 'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'challenge-authenticator': ChallengeAuthenticator,\n 'authenticator-verification-data': AuthenticatorVerificationData,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'reset-authenticator': ResetAuthenticator,\n 'reenroll-authenticator': ReEnrollAuthenticator,\n 'reenroll-authenticator-warning': ReEnrollAuthenticatorWarning,\n 'enroll-poll': EnrollPoll,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n SelectEnrollProfile,\n EnrollPoll,\n SelectEnrollmentChannel,\n EnrollmentChannelData,\n EnrollProfile,\n SelectAuthenticatorEnroll,\n EnrollAuthenticator,\n AuthenticatorEnrollmentData,\n Skip,\n} from '../remediators';\n\nexport const RegistrationFlow: RemediationFlow = {\n 'select-enroll-profile': SelectEnrollProfile,\n 'enroll-profile': EnrollProfile,\n 'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n 'select-authenticator-enroll': SelectAuthenticatorEnroll,\n 'enroll-poll': EnrollPoll,\n 'select-enrollment-channel': SelectEnrollmentChannel,\n 'enrollment-channel-data': EnrollmentChannelData,\n 'enroll-authenticator': EnrollAuthenticator,\n 'skip': Skip,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './AuthenticationFlow';\nexport * from './FlowSpecification';\nexport * from './PasswordRecoveryFlow';\nexport * from './RegistrationFlow';\nexport * from './AccountUnlockFlow';\nexport * from './RemediationFlow';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { IdxTransactionMeta } from './types/meta';\nimport { OktaAuthIdxInterface } from './types';\n\nexport async function handleInteractionCodeRedirect(\n authClient: OktaAuthIdxInterface, \n url: string\n): Promise<void> {\n const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n if (!meta) {\n throw new AuthSdkError('No transaction data was found in storage');\n }\n\n const { \n codeVerifier,\n state: savedState \n } = meta;\n const { \n searchParams\n // URL API has been added to the polyfill\n // eslint-disable-next-line compat/compat\n } = new URL(url); \n const state = searchParams.get('state');\n const interactionCode = searchParams.get('interaction_code');\n\n // Error handling\n const error = searchParams.get('error');\n if (error) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n throw new OAuthError(error, searchParams.get('error_description')!);\n }\n if (state !== savedState) {\n throw new AuthSdkError('State in redirect uri does not match with transaction state');\n }\n if (!interactionCode) {\n throw new AuthSdkError('Unable to parse interaction_code from the url');\n }\n \n // Save tokens to storage\n const { tokens } = await authClient.token.exchangeCodeForTokens({ interactionCode, codeVerifier });\n authClient.tokenManager.setTokens(tokens);\n}","import { OktaAuthIdxInterface } from '../types'; // auth-js/types\nimport { IdxResponse, IdxToPersist, RawIdxResponse } from '../types/idx-js'; // idx/types\nimport { IDX_API_VERSION } from '../../constants';\nimport v1 from './v1/parsers';\n\n\nexport const parsersForVersion = function parsersForVersion( version ) {\n switch (version) {\n case '1.0.0':\n return v1;\n case undefined:\n case null:\n throw new Error('Api version is required');\n default:\n throw new Error(`Unknown api version: ${version}. Use an exact semver version.`);\n }\n};\n\nexport function validateVersionConfig(version) {\n if ( !version ) {\n throw new Error('version is required');\n }\n\n const cleanVersion = (version ?? '').replace(/[^0-9a-zA-Z._-]/, '');\n if ( cleanVersion !== version || !version ) {\n throw new Error('invalid version supplied - version is required and uses semver syntax');\n }\n\n parsersForVersion(version); // will throw for invalid version\n}\n\nexport function makeIdxState ( \n authClient: OktaAuthIdxInterface,\n rawIdxResponse: RawIdxResponse,\n toPersist: IdxToPersist,\n requestDidSucceed: boolean,\n): IdxResponse {\n const version = rawIdxResponse?.version ?? IDX_API_VERSION;\n validateVersionConfig(version);\n \n const { makeIdxState } = parsersForVersion(version);\n return makeIdxState(authClient, rawIdxResponse, toPersist, requestDidSucceed);\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nconst isFieldMutable = function isFieldMutable(field) {\n // mutable defaults to true, annoyingly\n return ( field.mutable !== false );\n};\n\nconst divideSingleActionParamsByMutability = function divideSingleActionParamsByMutability( action ) {\n const defaultParamsForAction = {}; // mutable and present\n const neededParamsForAction = []; // mutable values\n const immutableParamsForAction = {}; // immutable\n // TODO: remove assumption that form names are unique, neededParams being an array is a temp fix\n // not all actions have value (e.g. redirect)\n // making sure they are not empty and instead hold the remediation object\n if (!action.value) {\n neededParamsForAction.push(action);\n return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n }\n\n for ( let field of action.value ) {\n\n if ( isFieldMutable( field ) ) {\n\n neededParamsForAction.push(field);\n\n if ( field.value ?? false ) {\n defaultParamsForAction[field.name] = field.value;\n }\n\n } else {\n immutableParamsForAction[field.name] = field.value ?? '';\n }\n }\n return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n};\n\nexport const divideActionParamsByMutability = function divideActionParamsByMutability( actionList ) {\n // TODO: when removing form name is unique assumption, this may all be redundant\n actionList = Array.isArray(actionList) ? actionList : [ actionList ];\n const neededParams = [];\n const defaultParams = {};\n const immutableParams = {};\n\n for ( let action of actionList ) {\n const { \n defaultParamsForAction, \n neededParamsForAction, \n immutableParamsForAction \n } = divideSingleActionParamsByMutability(action);\n neededParams.push(neededParamsForAction);\n defaultParams[action.name] = defaultParamsForAction;\n immutableParams[action.name] = immutableParamsForAction;\n }\n\n return { defaultParams, neededParams, immutableParams };\n};\n\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len, complexity */\nimport { httpRequest, RequestOptions } from '../../../http';\nimport { OktaAuthIdxInterface } from '../../types'; // auth-js/types\nimport { IdxActionFunction, IdxActionParams, IdxResponse, IdxToPersist } from '../../types/idx-js';\nimport { divideActionParamsByMutability } from './actionParser';\nimport AuthApiError from '../../../errors/AuthApiError';\n\nconst generateDirectFetch = function generateDirectFetch(authClient: OktaAuthIdxInterface, { \n actionDefinition, \n defaultParamsForAction = {}, \n immutableParamsForAction = {}, \n toPersist = {} as IdxToPersist\n}): IdxActionFunction {\n const target = actionDefinition.href;\n return async function(params: IdxActionParams = {}): Promise<IdxResponse> {\n const headers = {\n 'Content-Type': 'application/json',\n 'Accept': actionDefinition.accepts || 'application/ion+json',\n };\n const body = JSON.stringify({\n ...defaultParamsForAction,\n ...params,\n ...immutableParamsForAction\n });\n\n try {\n const options: RequestOptions = {\n url: target,\n method: actionDefinition.method,\n headers,\n args: body,\n withCredentials: toPersist?.withCredentials ?? true\n };\n const isPolling = actionDefinition.name === 'poll' || actionDefinition.name?.endsWith('-poll');\n if (isPolling) {\n options.pollingIntent = true;\n }\n const response = await httpRequest(authClient, options);\n\n return authClient.idx.makeIdxResponse({ ...response }, toPersist, true);\n }\n catch (err) {\n if (!(err instanceof AuthApiError) || !err?.xhr) {\n throw err;\n }\n\n const response = err.xhr;\n const payload = response.responseJSON || JSON.parse(response.responseText);\n const wwwAuthHeader = response.headers['WWW-Authenticate'] || response.headers['www-authenticate'];\n\n const idxResponse = authClient.idx.makeIdxResponse({ ...payload }, toPersist, false);\n if (response.status === 401 && wwwAuthHeader === 'Oktadevicejwt realm=\"Okta Device\"') {\n // Okta server responds 401 status code with WWW-Authenticate header and new remediation\n // so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept\n // the response reaches here when Okta Verify is not installed\n // set `stepUp` to true if flow should be continued without showing any errors\n idxResponse.stepUp = true;\n }\n\n return idxResponse;\n }\n };\n};\n\n// TODO: Resolve in M2: Either build the final polling solution or remove this code\n// const generatePollingFetch = function generatePollingFetch( { actionDefinition, defaultParamsForAction = {}, immutableParamsForAction = {} } ) {\n// // TODO: Discussions ongoing about when/how to terminate polling: OKTA-246581\n// const target = actionDefinition.href;\n// return async function(params) {\n// return fetch(target, {\n// method: actionDefinition.method,\n// headers: {\n// 'content-type': actionDefinition.accepts,\n// },\n// body: JSON.stringify({ ...defaultParamsForAction, ...params, ...immutableParamsForAction })\n// })\n// .then( response => response.ok ? response.json() : response.json().then( err => Promise.reject(err)) )\n// .then( idxResponse => makeIdxState(authClient, idxResponse) );\n// };\n// };\n\nconst generateIdxAction = function generateIdxAction( authClient: OktaAuthIdxInterface, actionDefinition, toPersist ): IdxActionFunction {\n // TODO: leaving this here to see where the polling is EXPECTED to drop into the code, but removing any accidental trigger of incomplete code\n // const generator = actionDefinition.refresh ? generatePollingFetch : generateDirectFetch;\n const generator = generateDirectFetch;\n const { defaultParams, neededParams, immutableParams } = divideActionParamsByMutability( actionDefinition );\n\n const action = generator(authClient, {\n actionDefinition,\n defaultParamsForAction: defaultParams[actionDefinition.name],\n immutableParamsForAction: immutableParams[actionDefinition.name],\n toPersist\n });\n action.neededParams = neededParams;\n return action;\n};\n\nexport default generateIdxAction;\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n\nimport { OktaAuthIdxInterface, IdxResponse, IdxRemediation, IdxContext } from '../../types'; // auth-js/types\nimport { IdxActions } from '../../types/idx-js';\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\nimport { AuthSdkError } from '../../../errors';\n\nconst SKIP_FIELDS = {\n 'remediation': true, // remediations are put into proceed/neededToProceed\n 'context': true, // the API response of 'context' isn't externally useful. We ignore it and put all non-action (contextual) info into idxState.context\n};\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse: IdxResponse, toPersist = {} ) {\n const actions = {};\n const context = {} as IdxContext;\n\n Object.keys(idxResponse)\n .filter( field => !SKIP_FIELDS[field])\n .forEach( field => {\n const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n if ( !fieldIsObject ) {\n // simple fields are contextual info\n context[field] = idxResponse[field];\n return;\n }\n\n if ( idxResponse[field].rel ) {\n // top level actions\n actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n return;\n }\n\n const { value: fieldValue, type, ...info} = idxResponse[field];\n context[field] = { type, ...info}; // add the non-action parts as context\n\n if ( type !== 'object' ) {\n // only object values hold actions\n context[field].value = fieldValue;\n return;\n }\n\n // We are an object field containing an object value\n context[field].value = {};\n Object.entries<IdxRemediation>(fieldValue)\n .forEach( ([subField, value]) => {\n if (value.rel) { // is [field].value[subField] an action?\n // add any \"action\" value subfields to actions\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n } else {\n // add non-action value subfields to context\n context[field].value[subField] = value;\n }\n });\n });\n\n return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n Object.keys(value).forEach(k => {\n if (k === 'relatesTo') {\n const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n if (typeof query === 'string') {\n const result = jsonpath({ path: query, json: idxResponse });\n if (result) {\n value[k] = result;\n return;\n } else {\n throw new AuthSdkError(`Cannot resolve relatesTo: ${query}`);\n }\n }\n }\n if (Array.isArray(value[k])) {\n value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n }\n });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n // Only remediation that has `rel` field (indicator for form submission) can have http action\n if (remediation.rel) {\n const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n const actionFn = remediationActions[remediation.name];\n return {\n ...remediation,\n action: actionFn,\n };\n }\n\n return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n remediations: IdxRemediation[];\n context: IdxContext;\n actions: IdxActions;\n} {\n const remediationData = idxResponse.remediation?.value || [];\n\n remediationData.forEach(\n remediation => {\n // TODO: remove once IDX is fixed - OKTA-659181\n if (remediation.name === 'launch-authenticator' &&\n remediation?.relatesTo?.[0] === 'authenticatorChallenge' &&\n !idxResponse?.authenticatorChallenge\n ) {\n delete remediation.relatesTo;\n return;\n }\n\n return expandRelatesTo(idxResponse, remediation);\n }\n );\n\n const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n return {\n remediations,\n context,\n actions,\n };\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxResponse, IdxToPersist, IdxActionParams } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, RawIdxResponse } from '../../types'; // auth-js/types\nimport { parseIdxResponse } from './idxResponseParser';\n\nexport function makeIdxState( \n authClient: OktaAuthIdxInterface,\n idxResponse: RawIdxResponse,\n toPersist: IdxToPersist,\n requestDidSucceed: boolean\n): IdxResponse {\n const rawIdxResponse = idxResponse;\n const { remediations, context, actions } = parseIdxResponse( authClient, idxResponse, toPersist );\n const neededToProceed = [...remediations];\n\n const proceed: IdxResponse['proceed'] = async function( remediationChoice, paramsFromUser = {} ) {\n /*\n remediationChoice is the name attribute on each form\n name should remain unique for items inside the remediation that are considered forms(identify, select-factor)\n name can be duplicate for items like redirect where its not considered a form(redirect)\n when names are not unique its a redirect to a href, so widget wont POST to idx-js layer.\n */\n const remediationChoiceObject = remediations.find((remediation) => remediation.name === remediationChoice);\n if ( !remediationChoiceObject ) {\n return Promise.reject(`Unknown remediation choice: [${remediationChoice}]`);\n }\n\n const actionFn = remediationChoiceObject.action;\n if (typeof actionFn !== 'function') {\n return Promise.reject(`Current remediation cannot make form submit action: [${remediationChoice}]`);\n }\n\n return remediationChoiceObject.action!(paramsFromUser as IdxActionParams);\n };\n\n const findCode = item => item.name === 'interaction_code';\n const interactionCode = rawIdxResponse.successWithInteractionCode?.value?.find( findCode )?.value as string;\n\n return {\n proceed,\n neededToProceed,\n actions,\n context,\n rawIdxState: rawIdxResponse,\n interactionCode,\n toPersist,\n requestDidSucceed,\n };\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState } from './makeIdxState';\n\nexport default {\n makeIdxState,\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxRemediation } from '../../types'; // auth-js/types\nimport generateIdxAction from './generateIdxAction';\n\nexport const generateRemediationFunctions = function generateRemediationFunctions(\n authClient: OktaAuthIdxInterface,\n remediationValue: IdxRemediation[],\n toPersist = {}\n) {\n return remediationValue.reduce((obj, remediation) => ({\n ...obj,\n [remediation.name]: generateIdxAction(authClient, remediation, toPersist)\n }), {});\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport { authenticate } from './authenticate';\nexport { cancel } from './cancel';\nexport { \n handleEmailVerifyCallback, \n isEmailVerifyCallback, \n parseEmailVerifyCallback, \n isEmailVerifyCallbackError, \n} from './emailVerify';\nexport { interact } from './interact';\nexport { introspect } from './introspect';\nexport { poll } from './poll';\nexport { proceed, canProceed } from './proceed';\nexport { register } from './register';\nexport { recoverPassword } from './recoverPassword';\nexport { handleInteractionCodeRedirect } from './handleInteractionCodeRedirect';\nexport { startTransaction } from './startTransaction';\nexport { unlockAccount } from './unlockAccount';\nexport * from './transactionMeta';\nexport * from './factory';\nexport * from './mixin';\nexport * from './options';\nexport * from './storage';\nexport * from './types';\nexport * from './IdxTransactionManager';\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* eslint complexity:[0,8] */\nimport { OktaAuthIdxInterface, IdxTransactionMeta, InteractOptions, InteractResponse } from './types';\nimport { getSavedTransactionMeta, saveTransactionMeta, createTransactionMeta } from './transactionMeta';\nimport { getOAuthBaseUrl } from '../oidc';\nimport { removeNils } from '../util';\nimport { httpRequest } from '../http';\n\n\n/* eslint-disable camelcase */\nexport interface InteractParams {\n client_id: string;\n scope: string;\n redirect_uri: string;\n code_challenge: string;\n code_challenge_method: string;\n state: string;\n activation_token?: string;\n recovery_token?: string;\n client_secret?: string;\n max_age?: string | number;\n acr_values?: string;\n nonce?: string;\n}\n/* eslint-enable camelcase */\n\nfunction getResponse(meta: IdxTransactionMeta): InteractResponse {\n return {\n meta,\n interactionHandle: meta.interactionHandle!,\n state: meta.state\n };\n}\n\n// Begin or resume a transaction. Returns an interaction handle\nexport async function interact (\n authClient: OktaAuthIdxInterface, \n options: InteractOptions = {}\n): Promise<InteractResponse> {\n options = removeNils(options);\n\n let meta = getSavedTransactionMeta(authClient, options);\n // If meta exists, it has been validated against all options\n\n if (meta?.interactionHandle) {\n return getResponse(meta); // Saved transaction, return meta\n }\n\n // Create new meta, respecting previous meta if it has been set and is not overridden\n meta = await createTransactionMeta(authClient, { ...meta, ...options });\n const baseUrl = getOAuthBaseUrl(authClient);\n let {\n clientId,\n redirectUri,\n state,\n scopes,\n withCredentials,\n codeChallenge,\n codeChallengeMethod,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues,\n nonce\n } = meta as IdxTransactionMeta;\n const clientSecret = options.clientSecret || authClient.options.clientSecret;\n withCredentials = withCredentials ?? true;\n\n /* eslint-disable camelcase */\n const url = `${baseUrl}/v1/interact`;\n const params = {\n client_id: clientId,\n scope: scopes!.join(' '),\n redirect_uri: redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n state,\n ...(activationToken && { activation_token: activationToken }),\n ...(recoveryToken && { recovery_token: recoveryToken }),\n // X-Device-Token header need to pair with `client_secret`\n // eslint-disable-next-line max-len\n // https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)\n ...(clientSecret && { client_secret: clientSecret }),\n ...(maxAge && { max_age: maxAge }),\n ...(acrValues && { acr_values: acrValues }),\n ...(nonce && { nonce }),\n } as InteractParams;\n /* eslint-enable camelcase */\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n const resp = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: params\n });\n const interactionHandle = resp.interaction_handle;\n\n const newMeta = {\n ...meta,\n interactionHandle,\n \n // Options which can be passed into interact() should be saved in the meta\n withCredentials,\n state,\n scopes,\n recoveryToken,\n activationToken\n };\n // Save transaction meta so it can be resumed\n saveTransactionMeta(authClient, newMeta);\n\n return getResponse(newMeta);\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState, validateVersionConfig } from './idxState';\nimport { IntrospectOptions, OktaAuthIdxInterface } from './types';\nimport { IdxResponse, isRawIdxResponse } from './types/idx-js';\nimport { getOAuthDomain } from '../oidc';\nimport { IDX_API_VERSION } from '../constants';\nimport { httpRequest } from '../http';\nimport { isAuthApiError } from '../errors';\n\nexport async function introspect (\n authClient: OktaAuthIdxInterface, \n options: IntrospectOptions = {}\n): Promise<IdxResponse> {\n let rawIdxResponse;\n let requestDidSucceed;\n\n // try load from storage first\n const savedIdxResponse = authClient.transactionManager.loadIdxResponse(options);\n if (savedIdxResponse) {\n rawIdxResponse = savedIdxResponse.rawIdxResponse;\n requestDidSucceed = savedIdxResponse.requestDidSucceed;\n }\n\n // call idx.introspect if no existing idx response available in storage\n if (!rawIdxResponse) {\n const version = options.version || IDX_API_VERSION;\n const domain = getOAuthDomain(authClient);\n const { interactionHandle, stateHandle } = options;\n const withCredentials = options.withCredentials ?? true;\n try {\n requestDidSucceed = true;\n validateVersionConfig(version);\n const url = `${domain}/idp/idx/introspect`;\n const body = stateHandle ? { stateToken: stateHandle } : { interactionHandle };\n const headers = {\n 'Content-Type': `application/ion+json; okta-version=${version}`, // Server wants this version info\n Accept: `application/ion+json; okta-version=${version}`,\n };\n rawIdxResponse = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: body\n });\n } catch (err) {\n if (isAuthApiError(err) && err.xhr && isRawIdxResponse(err.xhr.responseJSON)) {\n rawIdxResponse = err.xhr.responseJSON;\n requestDidSucceed = false;\n } else {\n throw err;\n }\n }\n }\n\n const { withCredentials } = options;\n return makeIdxState(authClient, rawIdxResponse, { withCredentials }, requestDidSucceed);\n}\n","import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n IdxAPI, \n IdxTransactionManagerInterface, \n OktaAuthIdxInterface, \n OktaAuthIdxConstructor, \n OktaAuthIdxOptions, \n WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n {\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n","import { FingerprintAPI, OktaAuthConstructor } from '../base/types';\nimport { MinimalOktaOAuthInterface } from '../oidc/types';\nimport {\n IdxTransactionManagerInterface,\n OktaAuthIdxConstructor,\n OktaAuthIdxOptions,\n MinimalIdxAPI,\n WebauthnAPI,\n MinimalOktaAuthIdxInterface\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createMinimalIdxAPI } from '../idx/factory/minimalApi';\nimport fingerprint from '../browser/fingerprint';\nimport * as webauthn from './webauthn';\n\nexport function mixinMinimalIdx\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n TBase extends OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n = OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n>\n(\n Base: TBase\n): TBase & OktaAuthIdxConstructor<MinimalOktaAuthIdxInterface<M, S, O, TM>>\n{\n return class OktaAuthIdx extends Base implements MinimalOktaAuthIdxInterface<M, S, O, TM>\n {\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n static webauthn: WebauthnAPI = webauthn;\n \n constructor(...args: any[]) {\n super(...args);\n this.idx = createMinimalIdxAPI(this);\n this.fingerprint = fingerprint.bind(null, this);\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createCoreOptionsConstructor } from '../core/options';\nimport { FlowIdentifier } from './types/FlowIdentifier';\nimport { OktaAuthIdxOptions } from './types/options';\n\n\nexport function createIdxOptionsConstructor() {\n const CoreOptionsConstructor = createCoreOptionsConstructor();\n return class IdxOptionsConstructor\n extends CoreOptionsConstructor \n implements Required<OktaAuthIdxOptions>\n {\n flow: FlowIdentifier;\n activationToken: string;\n recoveryToken: string;\n \n // BETA WARNING: configs in this section are subject to change without a breaking change notice\n idx: {\n useGenericRemediator?: boolean;\n exchangeCodeForTokens?: boolean;\n };\n \n constructor(options: any) {\n super(options);\n \n this.flow = options.flow;\n this.activationToken = options.activationToken;\n this.recoveryToken = options.recoveryToken;\n this.idx = options.idx;\n }\n };\n \n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { proceed } from './proceed';\n\nimport { \n IdxPollOptions,\n IdxTransaction,\n OktaAuthIdxInterface,\n} from './types';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { warn } from '../util';\n\nexport async function poll(authClient: OktaAuthIdxInterface, options: IdxPollOptions = {}): Promise<IdxTransaction> {\n const { withCredentials, exchangeCodeForTokens } = options;\n let transaction = await proceed(authClient, {\n startPolling: true,\n withCredentials,\n exchangeCodeForTokens\n });\n\n const meta = getSavedTransactionMeta(authClient);\n let availablePollingRemeditaions = meta?.remediations?.find(remediation => remediation.includes('poll'));\n if (!availablePollingRemeditaions?.length) {\n warn('No polling remediations available at the current IDX flow stage');\n }\n\n if (Number.isInteger(options.refresh)) {\n return new Promise(function (resolve, reject) {\n setTimeout(async function () {\n try {\n const refresh = transaction.nextStep?.poll?.refresh;\n if (refresh) {\n resolve(poll(authClient, {\n refresh\n }));\n } else {\n resolve(transaction);\n }\n } catch (err) {\n reject(err);\n }\n }, options.refresh);\n });\n }\n\n return transaction;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n OktaAuthIdxInterface,\n IdxTransaction,\n ProceedOptions,\n} from './types';\nimport { run } from './run';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { AuthSdkError } from '../errors';\n\nexport function canProceed(authClient: OktaAuthIdxInterface, options: ProceedOptions = {}): boolean {\n const meta = getSavedTransactionMeta(authClient, options);\n return !!(meta || options.stateHandle);\n}\n\nexport async function proceed(\n authClient: OktaAuthIdxInterface,\n options: ProceedOptions = {}\n): Promise<IdxTransaction> {\n\n if (!canProceed(authClient, options)) {\n throw new AuthSdkError('Unable to proceed: saved transaction could not be loaded');\n }\n\n let { flow, state } = options;\n if (!flow) {\n const meta = getSavedTransactionMeta(authClient, { state });\n flow = meta?.flow;\n }\n\n return run(authClient, { \n ...options, \n flow\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\nimport { \n OktaAuthIdxInterface, \n PasswordRecoveryOptions, \n IdxTransaction,\n} from './types';\n\nexport async function recoverPassword(\n authClient: OktaAuthIdxInterface, options: PasswordRecoveryOptions = {}\n): Promise<IdxTransaction> {\n const flowSpec = getFlowSpecification(authClient, 'recoverPassword');\n return run(\n authClient, \n { \n ...options,\n ...flowSpec,\n }\n );\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n RegistrationOptions, \n IdxTransaction, \n OktaAuthIdxInterface, \n IdxFeature,\n} from './types';\n\nexport async function register(\n authClient: OktaAuthIdxInterface, options: RegistrationOptions = {}\n): Promise<IdxTransaction> {\n\n // Only check at the beginning of the transaction\n if (!hasSavedInteractionHandle(authClient)) {\n const { enabledFeatures } = await startTransaction(authClient, {\n ...options,\n flow: 'register',\n autoRemediate: false\n });\n if (!options.activationToken && enabledFeatures && !enabledFeatures.includes(IdxFeature.REGISTRATION)) {\n throw new AuthSdkError('Registration is not supported based on your current org configuration.');\n }\n }\n\n return run(authClient, {\n ...options,\n flow: 'register'\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { RemediationValues } from './remediators';\nimport { OktaAuthIdxInterface, RemediateOptions, RemediationResponse } from './types';\nimport { \n IdxResponse,\n IdxActionParams, \n} from './types/idx-js';\nimport {\n isTerminalResponse,\n filterValuesForRemediation,\n getRemediator,\n getNextStep,\n handleFailedResponse\n} from './util';\n\nexport interface RemediateActionWithOptionalParams {\n name: string;\n params?: IdxActionParams;\n}\n\nexport type RemediateAction = string | RemediateActionWithOptionalParams;\n\n\nfunction getActionFromValues(values: RemediationValues, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values: RemediationValues): RemediationValues {\n // Currently support resend actions only\n return {\n ...values,\n resend: undefined\n };\n}\n\nfunction removeActionFromOptions(options: RemediateOptions, actionName: string): RemediateOptions {\n let actions = options.actions || [];\n actions = actions.filter(entry => {\n if (typeof entry === 'string') {\n return entry !== actionName;\n }\n return entry.name !== actionName;\n });\n\n return { ...options, actions };\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n const remediator = getRemediator(idxResponse, values, options);\n\n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actionFromOptions = options.actions || [];\n const actions = [\n ...actionFromOptions,\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n // Action can either be specified as a string, or as an object with name and optional params\n let params: IdxActionParams = {};\n if (typeof action !== 'string') {\n params = action.params || {};\n action = action.name;\n }\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n let optionsWithoutExecutedAction = removeActionFromOptions(options, action);\n\n if (typeof idxResponse.actions[action] === 'function') {\n idxResponse = await idxResponse.actions[action](params);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n if (action === 'cancel') {\n return { idxResponse, canceled: true };\n }\n return remediate(\n authClient, \n idxResponse, \n valuesWithoutExecutedAction, \n optionsWithoutExecutedAction\n ); // recursive call\n }\n\n // search for action in remediation list\n const remediationAction = neededToProceed.find(({ name }) => name === action);\n if (remediationAction) {\n idxResponse = await idxResponse.proceed(action, params);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n return remediate(authClient, idxResponse, values, optionsWithoutExecutedAction); // recursive call\n }\n }\n }\n\n // Do not attempt to remediate if response is in terminal state\n const terminal = isTerminalResponse(idxResponse);\n if (terminal) {\n return { idxResponse, terminal };\n }\n\n if (!remediator) {\n // With options.step, remediator is not required\n if (options.step) {\n values = filterValuesForRemediation(idxResponse, options.step, values); // include only requested values\n idxResponse = await idxResponse.proceed(options.step, values);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n return { idxResponse };\n }\n\n // With default flow, remediator is not required\n if (flow === 'default') {\n return { idxResponse };\n }\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n nextStep,\n };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n\n idxResponse = await idxResponse.proceed(name, data);\n if (idxResponse.requestDidSucceed === false) {\n return handleFailedResponse(authClient, idxResponse, options);\n }\n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n options = { ...options, step: undefined }; // do not re-use the step\n\n // generic remediator should not auto proceed in pending status\n // return nextStep directly\n if (options.useGenericRemediator && !idxResponse.interactionCode && !isTerminalResponse(idxResponse)) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const gr = getRemediator(idxResponse, values, options)!;\n const nextStep = getNextStep(authClient, gr, idxResponse);\n return {\n idxResponse,\n nextStep,\n };\n }\n \n return remediate(authClient, idxResponse, values, options); // recursive call\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\nimport { getAuthenticatorFromRemediation } from './util';\n\nexport type AuthenticatorEnrollmentDataValues = AuthenticatorDataValues & {\n phoneNumber?: string;\n resend?: boolean; // resend is not a remediator value - revise when IdxResponse structure is updated\n}\nexport class AuthenticatorEnrollmentData extends AuthenticatorData<AuthenticatorEnrollmentDataValues> {\n static remediationName = 'authenticator-enrollment-data';\n\n mapAuthenticator() {\n const authenticatorData = this.getAuthenticatorData();\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation)!;\n return { \n id: authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'id')!.value,\n methodType: authenticatorData!.methodType,\n phoneNumber: authenticatorData!.phoneNumber,\n };\n }\n\n getInputAuthenticator(remediation) {\n return [\n { name: 'methodType', type: 'string' }, \n { name: 'phoneNumber', label: 'Phone Number', type: 'string' }\n ].map(item => {\n const value = remediation.form.value.find(val => val.name === item.name);\n return { ...value, ...item };\n });\n }\n\n protected mapAuthenticatorDataFromValues(data?) {\n // get mapped authenticator from base class\n data = super.mapAuthenticatorDataFromValues(data);\n // add phoneNumber to authenticator if it exists in values\n const { phoneNumber } = this.values;\n if (!data && !phoneNumber) {\n return;\n }\n\n return { \n ...(data && data), \n ...(phoneNumber && { phoneNumber }) \n };\n }\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\n\nexport type AuthenticatorVerificationDataValues = AuthenticatorDataValues;\n\nexport class AuthenticatorVerificationData extends AuthenticatorData<AuthenticatorVerificationDataValues> {\n static remediationName = 'authenticator-verification-data';\n\n mapAuthenticator() {\n return this.getAuthenticatorData();\n }\n\n getInputAuthenticator() {\n const authenticator = this.getAuthenticatorFromRemediation();\n const methodType = authenticator.form!.value.find(({ name }) => name === 'methodType');\n // if has methodType in form, let user select the methodType\n if (methodType && methodType.options) {\n return { \n name: 'methodType', \n type: 'string', \n required: true, \n options: methodType.options \n };\n }\n // no methodType, then return form values\n const inputs = [...authenticator.form!.value];\n return inputs;\n }\n\n getValuesAfterProceed(): AuthenticatorVerificationDataValues {\n this.values = super.getValuesAfterProceed();\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'authenticator');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { IdxRemediationValue, IdxRemediation, IdxAuthenticator } from '../../types/idx-js';\nimport { isAuthenticator } from '../../types/api';\nimport { compareAuthenticators } from '../../authenticator/util';\n\nexport type AuthenticatorDataValues = RemediationValues & {\n methodType?: string;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class AuthenticatorData<T extends AuthenticatorDataValues = AuthenticatorDataValues> extends Remediator<T> {\n authenticator: IdxAuthenticator;\n\n constructor(remediation: IdxRemediation, values: T = {} as T) {\n super(remediation, values);\n\n // set before other data calculation\n this.authenticator = this.getAuthenticator()!;\n\n this.formatAuthenticatorData();\n }\n\n protected formatAuthenticatorData() {\n const authenticatorData = this.getAuthenticatorData();\n if (authenticatorData) {\n this.values.authenticatorsData = this.values.authenticatorsData!.map(data => {\n if (compareAuthenticators(this.authenticator, data)) {\n return this.mapAuthenticatorDataFromValues(data);\n }\n return data;\n });\n } else {\n const data = this.mapAuthenticatorDataFromValues();\n if (data) {\n this.values.authenticatorsData!.push(data);\n }\n }\n }\n\n protected getAuthenticatorData() {\n return this.values.authenticatorsData!\n .find((data) => compareAuthenticators(this.authenticator, data));\n }\n\n canRemediate() {\n return this.values.authenticatorsData!\n .some(data => compareAuthenticators(this.authenticator, data));\n }\n\n protected mapAuthenticatorDataFromValues(authenticatorData?) {\n // add methodType to authenticatorData if it exists in values\n let { methodType, authenticator } = this.values;\n if (!methodType && isAuthenticator(authenticator)) {\n methodType = authenticator?.methodType;\n }\n \n const { id, enrollmentId } = this.authenticator;\n const data = { \n id,\n enrollmentId,\n ...(authenticatorData && authenticatorData),\n ...(methodType && { methodType }) \n };\n\n return data.methodType ? data : null;\n }\n\n protected getAuthenticatorFromRemediation(): IdxRemediationValue {\n const authenticator = this.remediation.value!\n .find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n return authenticator;\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n // remove used authenticatorData\n const authenticatorsData = this.values.authenticatorsData!\n .filter(data => compareAuthenticators(this.authenticator, data) !== true);\n return { ...this.values, authenticatorsData };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { OktaAuthIdxInterface, NextStep, IdxMessage, Authenticator, Input, RemediateOptions } from '../../types';\nimport { IdxAuthenticator, IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { getAllValues, getRequiredValues, titleCase, getAuthenticatorFromRemediation } from '../util';\nimport { formatAuthenticator, compareAuthenticators } from '../../authenticator/util';\n\n// A map from IDX data values (server spec) to RemediationValues (client spec)\nexport type IdxToRemediationValueMap = Record<string, string[]>;\n\nexport interface RemediationValues {\n stateHandle?: string;\n authenticators?: (Authenticator | string)[];\n authenticator?: string | Authenticator;\n authenticatorsData?: Authenticator[];\n resend?: boolean;\n}\n\nexport interface RemediatorConstructor {\n remediationName: string;\n new<T extends RemediationValues>(\n remediation: IdxRemediation, \n values?: T, \n options?: RemediateOptions\n ): any;\n}\n\n// Base class - DO NOT expose static remediationName\nexport class Remediator<T extends RemediationValues = RemediationValues> {\n static remediationName: string;\n\n remediation: IdxRemediation;\n values: T;\n options: RemediateOptions;\n map?: IdxToRemediationValueMap;\n\n constructor(\n remediation: IdxRemediation, \n values: T = {} as T, \n options: RemediateOptions = {}\n ) {\n // assign fields to the instance\n this.values = { ...values };\n this.options = { ...options };\n this.formatAuthenticators();\n this.remediation = remediation;\n }\n\n private formatAuthenticators() {\n this.values.authenticators = (this.values.authenticators || []) as Authenticator[];\n\n // ensure authenticators are in the correct format\n this.values.authenticators = this.values.authenticators.map(authenticator => {\n return formatAuthenticator(authenticator);\n });\n\n // add authenticator (if any) to \"authenticators\"\n if (this.values.authenticator) {\n const authenticator = formatAuthenticator(this.values.authenticator);\n const hasAuthenticatorInList = this.values.authenticators.some(existing => {\n return compareAuthenticators(authenticator, existing);\n });\n if (!hasAuthenticatorInList) {\n this.values.authenticators.push(authenticator);\n }\n }\n\n // save non-key meta to \"authenticatorsData\" field\n // authenticators will be removed after selection to avoid select-authenticator loop\n this.values.authenticatorsData = this.values.authenticators.reduce((acc, authenticator) => {\n if (typeof authenticator === 'object' && Object.keys(authenticator).length > 1) {\n // save authenticator meta into authenticator data\n acc.push(authenticator);\n }\n return acc;\n }, this.values.authenticatorsData || []);\n }\n\n getName(): string {\n return this.remediation.name;\n }\n\n // Override this method to provide custom check\n /* eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars */\n canRemediate(context?: IdxContext): boolean {\n const required = getRequiredValues(this.remediation);\n const needed = required!.find((key) => !this.hasData(key));\n if (needed) {\n return false; // missing data for a required field\n }\n return true; // all required fields have available data\n }\n\n // returns an object for the entire remediation form, or just a part\n getData(key?: string) {\n if (!key) {\n let allValues = getAllValues(this.remediation);\n let res = allValues!.reduce((data, key) => {\n data[key] = this.getData(key); // recursive\n return data;\n }, {});\n return res;\n }\n\n // Map value by \"map${Property}\" function in each subClass\n if (typeof this[`map${titleCase(key)}`] === 'function') {\n const val = this[`map${titleCase(key)}`](\n this.remediation.value!.find(({name}) => name === key)\n );\n if (val) {\n return val;\n }\n }\n\n // If a map is defined for this key, return the first aliased property that returns a truthy value\n if (this.map && this.map[key]) {\n const entry = this.map[key];\n for (let i = 0; i < entry.length; i++) {\n let val = this.values[entry[i]];\n if (val) {\n return val;\n }\n }\n }\n\n // fallback: return the value by key\n return this.values[key];\n }\n\n hasData(\n key: string // idx name\n ): boolean \n {\n // no attempt to format, we want simple true/false\n return !!this.getData(key);\n }\n\n getNextStep(_authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n const authenticator = this.getAuthenticator();\n // TODO: remove type field in the next major version change\n // https://oktainc.atlassian.net/browse/OKTA-431749\n const type = authenticator?.type;\n return { \n name, \n inputs, \n ...(type && { type }),\n ...(authenticator && { authenticator }),\n };\n }\n\n // Get inputs for the next step\n getInputs(): Input[] {\n const inputs: Input[] = [];\n const inputsFromRemediation = this.remediation.value || [];\n inputsFromRemediation.forEach(inputFromRemediation => {\n let input;\n let { name, type, visible, messages } = inputFromRemediation;\n if (visible === false) {\n return; // Filter out invisible inputs, like stateHandle\n }\n if (typeof this[`getInput${titleCase(name)}`] === 'function') {\n input = this[`getInput${titleCase(name)}`](inputFromRemediation);\n } else if (type !== 'object') {\n // handle general primitive types\n let alias;\n const aliases = (this.map ? this.map[name] : null) || [];\n if (aliases.length === 1) {\n alias = aliases[0];\n } else {\n // try find key from values\n alias = aliases.find(name => Object.keys(this.values).includes(name));\n }\n if (alias) {\n input = { ...inputFromRemediation, name: alias };\n }\n }\n if (!input) {\n input = inputFromRemediation;\n }\n if (Array.isArray(input)) {\n input.forEach(i => inputs.push(i));\n } else {\n // guarantees field-level messages are passed back\n if (messages) {\n input.messages = messages;\n }\n inputs.push(input);\n }\n });\n return inputs;\n }\n\n static getMessages(remediation: IdxRemediation): IdxMessage[] | undefined {\n if (!remediation.value) {\n return;\n }\n return remediation.value[0]?.form?.value.reduce((messages: IdxMessage[], field) => {\n if (field.messages) {\n messages = [...messages, ...field.messages.value];\n }\n return messages;\n }, []);\n }\n\n // Prepare values for the next remediation\n // In general, remove used values from inputs for the current remediation\n // Override this method if special cases need be handled\n getValuesAfterProceed(): T {\n const inputsFromRemediation = this.remediation.value || []; // \"raw\" inputs from server response\n const inputsFromRemediator = this.getInputs(); // \"aliased\" inputs from SDK remediator\n const inputs = [\n ...inputsFromRemediation,\n ...inputsFromRemediator\n ];\n // scrub all values related to this remediation\n for (const input of inputs) {\n delete this.values[input.name];\n }\n return this.values;\n }\n\n protected getAuthenticator(): IdxAuthenticator | undefined {\n // relatesTo value may be an authenticator or an authenticatorEnrollment\n const relatesTo = this.remediation.relatesTo?.value;\n if (!relatesTo) {\n return;\n }\n\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n if (!authenticatorFromRemediation) {\n // Hopefully value is an authenticator\n return relatesTo;\n }\n\n // If relatesTo is an authenticatorEnrollment, the id is actually the enrollmentId\n // Let's get the correct authenticator id from the form value\n const id = authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'id')!.value as string;\n const enrollmentId = authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'enrollmentId')?.value as string;\n\n return {\n ...relatesTo,\n id,\n enrollmentId\n };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticatorFromRemediation } from '../util';\nimport { IdxRemediationValue, IdxContext, IdxOption } from '../../types/idx-js';\nimport { Authenticator, isAuthenticator } from '../../types/api';\nimport { compareAuthenticators, findMatchedOption} from '../../authenticator/util';\n\nexport type SelectAuthenticatorValues = RemediationValues & {\n authenticator?: string | Authenticator;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class SelectAuthenticator<T extends SelectAuthenticatorValues = SelectAuthenticatorValues>\n extends Remediator<T> {\n selectedAuthenticator?: Authenticator;\n selectedOption?: any;\n\n // Find matched authenticator in provided order\n findMatchedOption(authenticators, options) {\n let option: IdxOption | undefined;\n for (let authenticator of authenticators) {\n option = options\n .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n if (option) {\n break;\n }\n }\n return option;\n }\n\n /* eslint complexity:[0,9] */\n canRemediate(context?: IdxContext) {\n const { authenticators, authenticator } = this.values;\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n const { options } = authenticatorFromRemediation;\n // Let users select authenticator if no input is provided\n if (!authenticators || !authenticators.length) {\n return false;\n }\n\n // Authenticator is explicitly specified by id\n if (isAuthenticator(authenticator) && authenticator.id) {\n return true;\n }\n\n // Proceed with provided authenticators\n const matchedOption = this.findMatchedOption(authenticators, options!);\n if (matchedOption) {\n // Don't select current authenticator (OKTA-612939)\n const isCurrentAuthenticator = context?.currentAuthenticator\n && context?.currentAuthenticator.value.id === matchedOption.relatesTo?.id;\n const isCurrentAuthenticatorEnrollment = context?.currentAuthenticatorEnrollment\n && context?.currentAuthenticatorEnrollment.value.id === matchedOption.relatesTo?.id;\n return !isCurrentAuthenticator && !isCurrentAuthenticatorEnrollment;\n }\n \n return false;\n }\n\n mapAuthenticator(remediationValue: IdxRemediationValue) {\n const { authenticators, authenticator } = this.values;\n\n // Authenticator is explicitly specified by id\n if (isAuthenticator(authenticator) && authenticator.id) {\n this.selectedAuthenticator = authenticator; // track the selected authenticator\n return authenticator;\n }\n\n const { options } = remediationValue;\n const selectedOption = findMatchedOption(authenticators, options);\n this.selectedAuthenticator = selectedOption.relatesTo; // track the selected authenticator\n this.selectedOption = selectedOption;\n return {\n id: selectedOption?.value.form.value.find(({ name }) => name === 'id').value\n };\n }\n\n getInputAuthenticator(remediation) {\n const options = remediation.options.map(({ label, relatesTo }) => {\n return {\n label,\n value: relatesTo.key\n };\n });\n return { name: 'authenticator', type: 'string', options };\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n // remove used authenticators\n const authenticators = (this.values.authenticators as Authenticator[])\n .filter(authenticator => {\n return compareAuthenticators(authenticator, this.selectedAuthenticator) !== true;\n });\n return { ...this.values, authenticators };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticator, Authenticator, AuthenticatorValues } from '../../authenticator';\nimport { IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, NextStep } from '../../types';\n\nexport type VerifyAuthenticatorValues = AuthenticatorValues & RemediationValues;\n\n// Base class - DO NOT expose static remediationName\nexport class VerifyAuthenticator<T extends VerifyAuthenticatorValues = VerifyAuthenticatorValues>\n extends Remediator<T> {\n\n authenticator: Authenticator<VerifyAuthenticatorValues>;\n\n constructor(remediation: IdxRemediation, values: T = {} as T) {\n super(remediation, values);\n this.authenticator = getAuthenticator(remediation);\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n const nextStep = super.getNextStep(authClient, context);\n const authenticatorEnrollments = context?.authenticatorEnrollments?.value;\n\n return {\n ...nextStep,\n authenticatorEnrollments\n };\n }\n\n canRemediate() {\n return this.authenticator.canVerify(this.values);\n }\n\n mapCredentials() {\n return this.authenticator.mapCredentials(this.values);\n }\n\n getInputCredentials(input) {\n return this.authenticator.getInputs(input);\n }\n\n getValuesAfterProceed(): T {\n this.values = super.getValuesAfterProceed();\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'credentials');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {} as T);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ChallengeAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ChallengeAuthenticator extends VerifyAuthenticator<ChallengeAuthenticatorValues> {\n static remediationName = 'challenge-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { EnrollPoll } from './EnrollPoll';\n\nexport class ChallengePoll extends EnrollPoll{\n static remediationName = 'challenge-poll';\n\n canRemediate() {\n return !!this.values.startPolling || this.options.step === 'challenge-poll';\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type EnrollAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class EnrollAuthenticator extends VerifyAuthenticator<EnrollAuthenticatorValues> {\n static remediationName = 'enroll-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { NextStep, OktaAuthIdxInterface } from '../types';\nimport { IdxContext } from '../types/idx-js';\n\nexport interface EnrollPollValues extends RemediationValues {\n startPolling?: boolean;\n}\n\nexport class EnrollPoll extends Remediator<EnrollPollValues> {\n static remediationName = 'enroll-poll';\n\n canRemediate() {\n return !!this.values.startPolling || this.options.step === 'enroll-poll';\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n const common = super.getNextStep(authClient, context);\n let authenticator = this.getAuthenticator();\n if (!authenticator && context?.currentAuthenticator) {\n authenticator = context.currentAuthenticator.value;\n }\n return {\n ...common,\n authenticator,\n poll: {\n required: true,\n refresh: this.remediation.refresh\n },\n };\n }\n\n getValuesAfterProceed(): EnrollPollValues {\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'startPolling');\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxRemediation, IdxRemediationValue, IdxAuthenticator } from '../types/idx-js';\nimport { RemediateOptions } from '../types';\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, Credentials, OktaPassword } from '../authenticator';\n\nexport interface EnrollProfileValues extends RemediationValues {\n firstName?: string;\n lastName?: string;\n email?: string;\n credentials?: Credentials;\n password?: string;\n passcode?: string;\n}\n\nexport class EnrollProfile extends Remediator<EnrollProfileValues> {\n static remediationName = 'enroll-profile';\n\n authenticator: Authenticator<any> | null = null;\n\n constructor(\n remediation: IdxRemediation,\n values: EnrollProfileValues = {},\n options: RemediateOptions = {}\n ) {\n super(remediation, values, options);\n\n // credentials are only required when Profile Enrollment policy requires them\n // if credentials are included in the remediation, they are considered required\n // otherwise it will be omitted\n const credentials = this.getCredentialsFromRemediation();\n if (credentials) {\n this.authenticator = this.authenticator = new OktaPassword({} as IdxAuthenticator);\n }\n }\n\n canRemediate() {\n // ensure credentials can be verified, if required\n if (this.authenticator && !this.authenticator.canVerify(this.values)) {\n return false;\n }\n\n const userProfileFromValues = this.getData().userProfile;\n if (!userProfileFromValues) {\n return false;\n }\n // eslint-disable-next-line max-len\n const userProfileFromRemediation = this.remediation.value!.find(({ name }) => name === 'userProfile') as IdxRemediationValue;\n return userProfileFromRemediation.form!.value.reduce((canRemediate, curr) => {\n if (curr.required) {\n canRemediate = canRemediate && !!userProfileFromValues[curr.name];\n }\n return canRemediate;\n }, true);\n }\n\n getCredentialsFromRemediation () {\n return this.remediation.value!.find(({ name }) => name === 'credentials');\n }\n\n mapUserProfile({form: { value: profileAttributes }}) {\n const attributeNames = profileAttributes.map(({name}) => name);\n const data = attributeNames.reduce((attributeValues, attributeName) => (\n this.values[attributeName] ? {\n ...attributeValues,\n [attributeName]: this.values[attributeName]\n } : attributeValues), {});\n if (Object.keys(data).length === 0) {\n return;\n }\n return data;\n }\n\n mapCredentials() {\n const val = this.authenticator && this.authenticator.mapCredentials(this.values);\n if (!val) {\n return;\n }\n return val;\n }\n\n getInputUserProfile(input) {\n return [...input.form.value];\n }\n\n getInputCredentials(input) {\n return [...input.form.value];\n }\n\n getErrorMessages(errorRemediation) {\n return errorRemediation.value[0].form.value.reduce((errors, field) => {\n if (field.messages) {\n errors.push(field.messages.value[0].message);\n }\n return errors;\n }, []);\n }\n}","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxContext } from '../types/idx-js';\nimport { OktaAuthIdxInterface } from '../types';\n\n\nexport type EnrollmentChannelDataValues = RemediationValues & {\n email?: string;\n phoneNumber?: string;\n};\n\nexport class EnrollmentChannelData extends Remediator<EnrollmentChannelDataValues> {\n static remediationName = 'enrollment-channel-data';\n\n getInputEmail() {\n return [\n { name: 'email', type: 'string', required: true, label: 'Email' },\n ];\n }\n\n getInputPhoneNumber() {\n return [\n { name: 'phoneNumber', type: 'string', required: true, label: 'Phone Number' },\n ];\n }\n\n canRemediate() {\n return Boolean(this.values.email || this.values.phoneNumber);\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n const common = super.getNextStep(authClient, context);\n const authenticator = context.currentAuthenticator.value;\n return {\n ...common,\n authenticator,\n };\n }\n\n getData() {\n return {\n stateHandle: this.values.stateHandle,\n email: this.values.email,\n phoneNumber: this.values.phoneNumber\n };\n }\n\n getValuesAfterProceed(): EnrollmentChannelDataValues {\n let trimmedValues = Object.keys(this.values).filter(valueKey => !['email', 'phoneNumber'].includes(valueKey));\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","import { OktaAuthIdxInterface, IdxContext, NextStep, Input } from '../../types';\nimport { Remediator } from '../Base/Remediator';\nimport { unwrapFormValue } from './util';\n\nexport class GenericRemediator extends Remediator {\n canRemediate(): boolean {\n // only handle remediations that are able to submit form (xhr)\n if (typeof this.remediation.action !== 'function') {\n return false;\n }\n\n // DO NOT REMOVE - bring it back when enable client side validation for GenericRemediator - OKTA-512003\n // const inputs = this.getInputs();\n // const res = inputs.reduce((acc, input) => {\n // return acc && hasValidInputValue(input, this.values);\n // }, true);\n // return res;\n\n if (this.remediation.name === 'poll' || this.remediation.name.endsWith('-poll')) {\n return true;\n }\n\n if (this.options.step) {\n return true;\n }\n \n // disable auto proceed for unknown remediations\n return false;\n }\n\n getData() {\n const data = this.getInputs().reduce((acc, { name }) => {\n acc[name] = this.values[name];\n return acc;\n }, {});\n return data;\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n \n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n // excludes transformed fields\n const { \n // http metas have been transformed to action\n href, \n method, \n rel, \n accepts, \n produces, \n // value has been transform to inputs\n value,\n // will be transformed to a function that resolves IdxTransaction\n action,\n ...rest \n } = this.remediation;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n\n // step to handle form submission\n if (action) {\n return { \n ...rest,\n ...(!!inputs.length && { inputs }),\n action: async (params?) => {\n return authClient.idx.proceed({\n step: name,\n ...params\n });\n }\n };\n }\n\n // return whole remediation data for other steps, eg \"redirect-idp\"\n return { ...this.remediation } as NextStep;\n \n }\n\n getInputs(): Input[] {\n return (this.remediation.value || [])\n .filter(({ name }) => name !== 'stateHandle')\n .map(unwrapFormValue)\n .map(input => {\n // use string as default input type\n input.type = input.type || 'string';\n return input;\n });\n }\n\n}\n","export * from './GenericRemediator';","/* eslint-disable complexity */\nimport { AuthSdkError } from '../../../errors';\nimport { Input } from '../../types';\n\nexport function unwrapFormValue(remediation): Input { \n if (Array.isArray(remediation)) {\n return remediation\n .map(item => {\n if (typeof item === 'string' || typeof item === 'number' || typeof item === 'boolean') {\n return item;\n }\n return unwrapFormValue(item);\n }) as any;\n }\n\n const res = {};\n for (const [key, value] of Object.entries(remediation)) {\n if (value === null || typeof value === 'undefined') {\n continue;\n }\n\n if (typeof value === 'object') {\n const formKeys = Object.keys(value as object);\n // detect patterns like:\n // value -> form -> value | form -> value\n if (['value', 'form'].includes(key) \n && formKeys.length === 1 \n && ['value', 'form'].includes(formKeys[0])\n ) {\n // unwrap nested form\n const unwrappedForm = unwrapFormValue(value);\n Object.entries(unwrappedForm).forEach(([key, value]) => {\n res[key] = value;\n });\n } else {\n // dfs\n res[key] = unwrapFormValue(value);\n }\n } else {\n // handle primitive value\n res[key] = value;\n }\n }\n\n return res as Input;\n}\n\n// only check if value is required for now\n// TODO: support SDK layer type based input validation\nexport function hasValidInputValue(input, values) {\n const fn = (input, values, requiredTracker) => {\n const { name, value, type, options, required } = input;\n const isRequired = required || requiredTracker;\n\n // handle nested value - all required fields should be avaiable in values \n if (Array.isArray(value)) {\n return value.reduce((acc, item) => {\n return acc && fn(item, values[name], isRequired); // recursive call\n }, true);\n }\n\n // handle options field\n // 1. object type options - check if each object field is required and value can be found from the selectedOption\n // 2. primitive options - required field is avaiable from top level\n // 3. unknown format - pass to backend for validation\n if (options) {\n // object type options\n if (type === 'object') {\n const selectedOption = values[name];\n if (!selectedOption) {\n return false;\n }\n if (!selectedOption.id) {\n // unknown option format, pass to backend for validation\n return true;\n }\n const optionSchema = options.find((option) => {\n const idSchema = option.value.find(({ name }) => name === 'id' );\n return idSchema.value === selectedOption.id;\n });\n if (!optionSchema) {\n return false;\n }\n return optionSchema.value\n .filter(({ required }) => !!required)\n .reduce((acc, { name }) => {\n return acc && !!selectedOption[name];\n }, true);\n }\n\n // primitive options, not required - always valid\n if (required === false) {\n return true;\n }\n\n // primitive options, required - check if value is available\n if (required === true) {\n return !!values[name];\n }\n\n // unknown options, throw\n throw new AuthSdkError(`Unknown options type, ${JSON.stringify(input)}`);\n }\n\n // base case\n if (!isRequired) {\n return true;\n }\n \n return !!(values && values[name]);\n };\n\n return fn(input, values, false);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Credentials } from '../authenticator';\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface IdentifyValues extends RemediationValues {\n username?: string;\n password?: string;\n credentials?: Credentials;\n rememberMe?: boolean;\n}\n\nexport class Identify extends Remediator<IdentifyValues> {\n static remediationName = 'identify';\n\n map = {\n 'identifier': ['username']\n };\n\n canRemediate(): boolean {\n const { identifier } = this.getData();\n return !!identifier;\n }\n\n mapCredentials() {\n const { credentials, password } = this.values;\n if (!credentials && !password) {\n return;\n }\n return credentials || { passcode: password };\n }\n\n getInputCredentials(input) {\n return {\n ...input.form.value[0],\n name: 'password',\n required: input.required\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator<ReEnrollAuthenticatorValues> {\n static remediationName = 'reenroll-authenticator';\n\n mapCredentials() {\n const { newPassword } = this.values;\n if (!newPassword) {\n return;\n }\n return { \n passcode: newPassword,\n };\n }\n\n getInputCredentials(input) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const challengeType = this.getAuthenticator()!.type;\n const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n return {\n ...input.form.value[0],\n name\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ReEnrollAuthenticator } from './ReEnrollAuthenticator';\n\nexport class ReEnrollAuthenticatorWarning extends ReEnrollAuthenticator {\n static remediationName = 'reenroll-authenticator-warning';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator } from './Base/Remediator';\n\nexport class RedirectIdp extends Remediator {\n static remediationName = 'redirect-idp';\n\n canRemediate() {\n return false;\n }\n\n getNextStep() {\n const { name, type, idp, href } = this.remediation;\n return {\n name,\n type,\n idp,\n href\n };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ResetAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ResetAuthenticator extends VerifyAuthenticator<ResetAuthenticatorValues> {\n static remediationName = 'reset-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { getAuthenticatorFromRemediation } from './util';\nimport { IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey, Authenticator, RemediateOptions } from '../types';\n\nexport type SelectAuthenticatorAuthenticateValues = SelectAuthenticatorValues & {\n password?: string;\n};\n\nexport class SelectAuthenticatorAuthenticate extends SelectAuthenticator<SelectAuthenticatorAuthenticateValues> {\n static remediationName = 'select-authenticator-authenticate';\n\n constructor(\n remediation: IdxRemediation, \n values: SelectAuthenticatorValues = {}, \n options: RemediateOptions = {}\n ) {\n super(remediation, values, options);\n\n // Preset password authenticator to trigger recover action\n const isRecoveryFlow = this.options.flow === 'recoverPassword';\n const hasPasswordInOptions = getAuthenticatorFromRemediation(remediation)\n .options?.some(({ relatesTo }) => relatesTo?.key === AuthenticatorKey.OKTA_PASSWORD);\n if (hasPasswordInOptions && (isRecoveryFlow || this.values.password)) {\n this.values.authenticators = [\n ...this.values.authenticators || [],\n { key: AuthenticatorKey.OKTA_PASSWORD }\n ] as Authenticator[];\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\n\nexport type SelectAuthenticatorEnrollValues = SelectAuthenticatorValues;\n\nexport class SelectAuthenticatorEnroll extends SelectAuthenticator<SelectAuthenticatorEnrollValues> {\n static remediationName = 'select-authenticator-enroll';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { Authenticator } from '../types';\nimport { IdxRemediationValue } from '../types/idx-js';\n\n\nexport type SelectAuthenticatorUnlockAccountValues = SelectAuthenticatorValues & {\n identifier?: string;\n methodType?: string;\n};\n\nexport class SelectAuthenticatorUnlockAccount extends SelectAuthenticator<SelectAuthenticatorUnlockAccountValues> {\n static remediationName = 'select-authenticator-unlock-account';\n authenticator?: Authenticator;\n\n map = {\n identifier: ['username']\n };\n\n canRemediate() {\n const identifier = this.getData('identifier');\n return !!identifier && super.canRemediate();\n }\n\n mapAuthenticator(remediationValue: IdxRemediationValue) {\n const authenticatorMap = super.mapAuthenticator(remediationValue);\n const methodTypeOption = this.selectedOption?.value.form.value.find(({ name }) => name === 'methodType');\n\n // defaults to 'manually defined' value\n // 2nd: option may have pre-defined value, like stateHandle\n // 3rd: if only a single OV option is available, default to that option\n const methodTypeValue = this.values.methodType ||\n methodTypeOption?.value as string || methodTypeOption?.options?.[0]?.value as string;\n\n if (methodTypeValue) {\n return {\n ...authenticatorMap,\n methodType: methodTypeValue\n };\n }\n\n return authenticatorMap;\n }\n\n getInputUsername () {\n return { name: 'username', type: 'string' };\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface SelectEnrollProfileValues extends RemediationValues {}\n\nexport class SelectEnrollProfile extends Remediator<SelectEnrollProfileValues> {\n static remediationName = 'select-enroll-profile';\n\n canRemediate() {\n return true;\n }\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxRemediationValueForm, IdxContext } from '../types/idx-js';\nimport { Authenticator, OktaAuthIdxInterface } from '../types/api';\n\n\nexport type SelectEnrollmentChannelValues = RemediationValues & {\n channel?: string;\n};\n\nexport class SelectEnrollmentChannel extends Remediator<SelectEnrollmentChannelValues> {\n static remediationName = 'select-enrollment-channel';\n\n canRemediate() {\n if (this.values.channel) {\n return true;\n }\n\n if (this.values.authenticator) {\n const { id, channel } = this.values.authenticator as Authenticator;\n if (!!id && !!channel) {\n return true;\n }\n }\n\n return false;\n }\n\n getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n const common = super.getNextStep(authClient, context);\n const authenticator = context.currentAuthenticator.value;\n return {\n ...common,\n authenticator,\n };\n }\n\n getData() {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediationValue = this.remediation!.value![0].value as IdxRemediationValueForm;\n return {\n authenticator: {\n id: remediationValue.form.value[0].value,\n channel: (this.values.authenticator as Authenticator)?.channel || this.values.channel,\n },\n stateHandle: this.values.stateHandle,\n\n };\n }\n\n getValuesAfterProceed(): SelectEnrollmentChannelValues {\n this.values = super.getValuesAfterProceed();\n delete this.values.authenticators; // required to prevent infinite loops from auto-remediating via values\n const filterKey = this.values.channel ? 'channel' : 'authenticator';\n let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== filterKey);\n return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface SkipValues extends RemediationValues {\n skip?: boolean;\n}\n\nexport class Skip extends Remediator<SkipValues> {\n static remediationName = 'skip';\n\n canRemediate() {\n return !!this.values.skip || this.options.step === 'skip';\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './Base/Remediator';\nexport * from './EnrollAuthenticator';\nexport * from './EnrollPoll';\nexport * from './SelectEnrollmentChannel';\nexport * from './EnrollmentChannelData';\nexport * from './ChallengeAuthenticator';\nexport * from './ChallengePoll';\nexport * from './ResetAuthenticator';\nexport * from './EnrollProfile';\nexport * from './Identify';\nexport * from './ReEnrollAuthenticator';\nexport * from './ReEnrollAuthenticatorWarning';\nexport * from './RedirectIdp';\nexport * from './SelectAuthenticatorAuthenticate';\nexport * from './SelectAuthenticatorEnroll';\nexport * from './SelectAuthenticatorUnlockAccount';\nexport * from './SelectEnrollProfile';\nexport * from './AuthenticatorVerificationData';\nexport * from './AuthenticatorEnrollmentData';\nexport * from './Skip';\nexport * from './GenericRemediator';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxRemediation, IdxRemediationValue } from '../types/idx-js';\n\nexport function getAllValues(idxRemediation: IdxRemediation) {\n return idxRemediation.value?.map(r => r.name);\n}\n\nexport function getRequiredValues(idxRemediation: IdxRemediation) {\n return idxRemediation.value?.reduce((required, cur) => {\n if (cur.required) {\n required.push(cur.name as never);\n }\n return required;\n }, []);\n}\n\nexport function titleCase(str: string) {\n return str.charAt(0).toUpperCase() + str.substring(1);\n}\n\nexport function getAuthenticatorFromRemediation(\n remediation: IdxRemediation\n): IdxRemediationValue {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediation.value!.find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationValues } from './remediators/Base/Remediator';\nimport { \n OktaAuthIdxInterface,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n RunOptions,\n IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport {\n getAvailableSteps,\n getEnabledFeatures,\n getMessagesFromResponse,\n isTerminalResponse,\n getFlowSpecification\n} from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n options: RunOptions;\n values: RemediationValues;\n status?: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n idxResponse?: IdxResponse;\n canceled?: boolean;\n interactionCode?: string;\n shouldSaveResponse?: boolean;\n shouldClearTransaction?: boolean;\n clearSharedStorage?: boolean;\n terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n // remove known options, everything else is assumed to be a value\n const knownOptions = [\n 'flow', \n 'remediators', \n 'actions', \n 'withCredentials', \n 'step',\n 'useGenericRemediator',\n 'exchangeCodeForTokens',\n ];\n const values = { ...options };\n knownOptions.forEach(option => {\n delete values[option];\n });\n return values;\n}\n\nfunction initializeData(authClient: OktaAuthIdxInterface, data: RunData): RunData {\n let { options } = data;\n options = {\n ...authClient.options.idx,\n ...options\n };\n let {\n flow,\n withCredentials,\n remediators,\n actions,\n } = options;\n\n const status = IdxStatus.PENDING;\n\n // certain options can be set by the flow specification\n flow = flow || authClient.idx.getFlow?.() || 'default';\n if (flow) {\n authClient.idx.setFlow?.(flow);\n const flowSpec = getFlowSpecification(authClient, flow);\n // Favor option values over flow spec\n withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n remediators = remediators || flowSpec.remediators;\n actions = actions || flowSpec.actions;\n }\n\n return { \n ...data,\n options: { \n ...options, \n flow, \n withCredentials, \n remediators, \n actions,\n },\n status\n };\n}\n\nasync function getDataFromIntrospect(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n const { options } = data;\n const {\n stateHandle,\n withCredentials,\n version,\n state,\n scopes,\n recoveryToken,\n activationToken,\n maxAge,\n acrValues,\n nonce,\n useGenericRemediator,\n } = options;\n\n let idxResponse;\n let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n if (stateHandle) {\n idxResponse = await introspect(authClient, { withCredentials, version, stateHandle, useGenericRemediator });\n } else {\n let interactionHandle = meta?.interactionHandle; // may be undefined\n if (!interactionHandle) {\n // start a new transaction\n authClient.transactionManager.clear();\n const interactResponse = await interact(authClient, {\n withCredentials,\n state,\n scopes,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues,\n nonce,\n }); \n interactionHandle = interactResponse.interactionHandle;\n meta = interactResponse.meta;\n }\n \n // Introspect to get idx response\n idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle, useGenericRemediator });\n }\n return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n let {\n idxResponse,\n options,\n values\n } = data;\n\n const {\n autoRemediate,\n remediators,\n actions,\n flow,\n step,\n useGenericRemediator,\n } = options;\n \n const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n if (!shouldRemediate) {\n return data;\n }\n\n values = { \n ...values, \n stateHandle: idxResponse!.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromRemediation, \n nextStep,\n canceled,\n } = await remediate(\n authClient,\n idxResponse!, \n values, \n {\n remediators,\n actions,\n flow,\n step,\n useGenericRemediator,\n }\n );\n idxResponse = idxResponseFromRemediation;\n\n return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient: OktaAuthIdxInterface, data: RunData): Promise<Tokens> {\n let { meta, idxResponse } = data;\n const { interactionCode } = idxResponse as IdxResponse;\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = meta as IdxTransactionMeta;\n const tokenResponse = await authClient.token.exchangeCodeForTokens({\n interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient: OktaAuthIdxInterface, data: RunData): Promise<RunData> {\n let {\n options,\n idxResponse,\n canceled,\n status,\n } = data;\n const { exchangeCodeForTokens } = options;\n let shouldSaveResponse = false;\n let shouldClearTransaction = false;\n let clearSharedStorage = true;\n let interactionCode;\n let tokens;\n let enabledFeatures;\n let availableSteps;\n let messages;\n let terminal;\n\n if (idxResponse) {\n shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n messages = getMessagesFromResponse(idxResponse, options);\n terminal = isTerminalResponse(idxResponse);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n\n // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n // A terminal \"success\" is a non-error response with no further actions available.\n // In these narrow cases, saved transaction data should be cleared.\n // One example of a terminal success is when the email verify flow is continued in another tab\n const hasActions = Object.keys(idxResponse!.actions).length > 0;\n const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n if (isTerminalSuccess) {\n shouldClearTransaction = true;\n } else {\n // save response if there are actions available (ignore messages)\n shouldSaveResponse = !!hasActions;\n }\n // leave shared storage intact so the transaction can be continued in another tab\n clearSharedStorage = false;\n } else if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponse?.interactionCode) { \n interactionCode = idxResponse.interactionCode;\n if (exchangeCodeForTokens === false) {\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = false;\n } else {\n tokens = await getTokens(authClient, data);\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n return {\n ...data,\n status,\n interactionCode,\n tokens,\n shouldSaveResponse,\n shouldClearTransaction,\n clearSharedStorage,\n enabledFeatures,\n availableSteps,\n messages,\n terminal\n };\n}\n\nexport async function run(\n authClient: OktaAuthIdxInterface, \n options: RunOptions = {},\n): Promise<IdxTransaction> {\n let data: RunData = {\n options,\n values: initializeValues(options)\n };\n\n data = initializeData(authClient, data);\n data = await getDataFromIntrospect(authClient, data);\n data = await getDataFromRemediate(authClient, data);\n data = await finalizeData(authClient, data);\n\n const {\n idxResponse,\n meta,\n shouldSaveResponse,\n shouldClearTransaction,\n clearSharedStorage,\n status,\n enabledFeatures,\n availableSteps,\n tokens,\n nextStep,\n messages,\n error,\n interactionCode\n } = data;\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear({ clearSharedStorage });\n }\n else {\n // ensures state is saved to sessionStorage\n saveTransactionMeta(authClient, { ...meta });\n\n if (shouldSaveResponse) {\n // Save intermediate idx response in storage to reduce introspect call\n const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n authClient.transactionManager.saveIdxResponse({\n rawIdxResponse,\n requestDidSucceed,\n stateHandle: idxResponse!.context?.stateHandle,\n interactionHandle: meta?.interactionHandle\n });\n }\n }\n \n // copy all fields from idxResponse which are needed by the widget\n const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n return {\n status: status!,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && messages.length && { messages }),\n ...(error && { error }),\n ...(stepUp && { stepUp }),\n interactionCode, // if options.exchangeCodeForTokens is false\n\n // from idx-js\n actions: actions!,\n context: context!,\n neededToProceed: neededToProceed!,\n proceed: proceed!,\n rawIdxState: rawIdxState!,\n requestDidSucceed\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuthIdxInterface, IdxTransaction, StartOptions } from './types';\n\nexport async function startTransaction(\n authClient: OktaAuthIdxInterface, \n options: StartOptions = {}\n): Promise<IdxTransaction> {\n // Clear IDX response cache and saved transaction meta (if any)\n authClient.transactionManager.clear();\n\n return run(authClient, {\n exchangeCodeForTokens: false,\n ...options\n });\n}\n","import { CookieOptions, StorageManagerOptions, StorageOptions, StorageUtil } from '../storage/types';\nimport { IdxTransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { IDX_RESPONSE_STORAGE_NAME } from '../constants';\nimport { createCoreStorageManager } from '../core/storage';\nimport { IdxResponseStorage } from './types/storage';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\nimport AuthSdkError from '../errors/AuthSdkError';\n\nexport function createIdxStorageManager<M extends IdxTransactionMeta>()\n{\n const CoreStorageManager = createCoreStorageManager<M>();\n return class IdxStorageManager extends CoreStorageManager\n {\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n super(storageManagerOptions, cookieOptions, storageUtil);\n }\n\n // intermediate idxResponse\n // store for network traffic optimazation purpose\n // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791\n getIdxResponseStorage(options?: StorageOptions): IdxResponseStorage | null {\n let storage;\n if (isBrowser()) {\n // on browser side only use memory storage \n try {\n storage = this.storageUtil.getStorageByType('memory', options);\n } catch (e) {\n // it's ok to miss response storage\n // eslint-disable-next-line max-len\n warn('No response storage found, you may want to provide custom implementation for intermediate idx responses to optimize the network traffic');\n }\n } else {\n // on server side re-use transaction custom storage\n const transactionStorage = this.getTransactionStorage(options);\n if (transactionStorage) {\n storage = {\n getItem: (key) => {\n const transaction = transactionStorage.getStorage();\n if (transaction && transaction[key]) {\n return transaction[key];\n }\n return null;\n },\n setItem: (key, val) => {\n const transaction = transactionStorage.getStorage();\n if (!transaction) {\n throw new AuthSdkError('Transaction has been cleared, failed to save idxState');\n }\n transaction[key] = val;\n transactionStorage.setStorage(transaction);\n },\n removeItem: (key) => {\n const transaction = transactionStorage.getStorage();\n if (!transaction) {\n return;\n }\n delete transaction[key];\n transactionStorage.setStorage(transaction);\n }\n };\n }\n }\n\n if (!storage) {\n return null;\n }\n\n return new SavedObject(storage, IDX_RESPONSE_STORAGE_NAME);\n }\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxTransactionMeta, IdxTransactionMetaOptions } from './types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta, PKCETransactionMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options: IdxTransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n const tokenParams = await authClient.token.prepareTokenParams(options);\n const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n let {\n flow = 'default',\n withCredentials = true,\n activationToken = undefined,\n recoveryToken = undefined,\n maxAge = undefined,\n acrValues = undefined,\n } = { ...authClient.options, ...options }; // local options override SDK options\n\n const meta: IdxTransactionMeta = {\n ...pkceMeta,\n flow,\n withCredentials,\n activationToken,\n recoveryToken,\n maxAge,\n acrValues\n };\n return meta;\n}\n\nexport function hasSavedInteractionHandle(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): boolean {\n const savedMeta = getSavedTransactionMeta(authClient, options);\n if (savedMeta?.interactionHandle) {\n return true;\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): IdxTransactionMeta | undefined {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n let savedMeta;\n try {\n savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n } catch (e) {\n // ignore errors here\n }\n\n if (!savedMeta) {\n return;\n }\n\n if (isTransactionMetaValid(savedMeta, options)) {\n return savedMeta;\n }\n\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuthIdxInterface,\n options?: IdxTransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n // Load existing transaction meta from storage\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // No existing? Create new transaction meta.\n return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuthIdxInterface, meta): void {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuthIdxInterface): void {\n authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: IdxTransactionMetaOptions = {}): boolean {\n // Validate against certain options. If these exist in options, they must match in meta\n const keys = [\n 'issuer',\n 'clientId',\n 'redirectUri',\n 'state',\n 'codeChallenge',\n 'codeChallengeMethod',\n 'activationToken',\n 'recoveryToken'\n ];\n if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n return false;\n }\n\n // Validate configured flow\n const { flow } = options;\n if (isTransactionMetaValidForFlow(meta, flow) === false) {\n return false;\n }\n\n return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n // Specific flows should not share transaction data\n const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n if (shouldValidateFlow) {\n if (flow !== meta.flow) {\n // The flow has changed; abandon the old transaction\n return false;\n }\n }\n return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n // returns false if values in meta do not match options\n // if the option does not have a value for a specific key, it is ignored\n const mismatch = keys.some(key => {\n const value = options[key];\n if (value && value !== meta[key]) {\n return true;\n }\n });\n return !mismatch;\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n OktaAuthOAuthInterface,\n MinimalOktaOAuthInterface,\n Tokens,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n IdxActions,\n IdxAuthenticator,\n IdxContext,\n IdxForm,\n IdxMessage,\n IdxOption,\n IdxRemediation,\n IdxResponse,\n RawIdxResponse,\n IdxActionParams,\n IdpConfig,\n IdxToPersist,\n ChallengeData,\n ActivationData,\n} from './idx-js';\nimport {\n IdxOptions,\n AccountUnlockOptions,\n AuthenticationOptions,\n CancelOptions,\n InteractOptions,\n IntrospectOptions,\n OktaAuthIdxOptions,\n PasswordRecoveryOptions,\n ProceedOptions,\n RegistrationOptions,\n StartOptions,\n IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n WebauthnEnrollValues,\n WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor, FingerprintAPI } from '../../base/types';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify',\n WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n name: string;\n key?: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm} | Input[];\n minLength?: number;\n maxLength?: number;\n secret?: boolean;\n required?: boolean;\n options?: IdxOption[];\n mutable?: boolean;\n visible?: boolean;\n customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions extends Pick<IdxOptions, 'exchangeCodeForTokens' | 'withCredentials' > {\n required?: boolean;\n refresh?: number;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n poll?: IdxPollOptions;\n authenticatorEnrollments?: IdxAuthenticator[];\n // eslint-disable-next-line no-use-before-define\n action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n idp?: IdpConfig;\n href?: string;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n refresh?: number;\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError | IdxResponse;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n \n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\n\nexport type Authenticator = {\n id?: string;\n key?: string;\n methodType?: string;\n phoneNumber?: string;\n channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n idxResponse: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n state: string;\n otp: string;\n}\n\nexport interface MinimalIdxAPI {\n // lowest level api\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxAPI {\n // lowest level api\n interact: (options?: InteractOptions) => Promise<InteractResponse>;\n introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n // flow entrypoints\n authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n // flow control\n start: (options?: StartOptions) => Promise<IdxTransaction>;\n canProceed(options?: ProceedOptions): boolean;\n proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n getFlow(): FlowIdentifier | undefined;\n setFlow(flow: FlowIdentifier): void;\n\n // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n // redirect callbacks\n isInteractionRequired: (hashOrSearch?: string) => boolean;\n isInteractionRequiredError: (error: Error) => boolean; \n handleInteractionCodeRedirect: (url: string) => Promise<void>;\n isEmailVerifyCallback: (search: string) => boolean;\n parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n isEmailVerifyCallbackError: (error: Error) => boolean;\n\n // transaction meta\n getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n saveTransactionMeta: (meta: unknown) => void;\n clearTransactionMeta: () => void;\n isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n saveIdxResponse(data: SavedIdxResponse): void;\n loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n buildCredentialRequestOptions(\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialRequestOptions;\n buildCredentialCreationOptions(\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n ): CredentialCreationOptions;\n}\n\n\nexport interface OktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n idx: IdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface MinimalOktaAuthIdxInterface\n<\n M extends IdxTransactionMeta = IdxTransactionMeta,\n S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n extends MinimalOktaOAuthInterface<M, S, O, TM>\n{\n idx: MinimalIdxAPI;\n fingerprint: FingerprintAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n I extends MinimalOktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n new(...args: any[]): I;\n webauthn: WebauthnAPI;\n}\n","/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n challenge: string; \n userVerification: string; \n extensions?: {\n appid: string;\n };\n rpId?: string;\n hints?: string[];\n}\nexport interface ActivationData {\n challenge: string;\n rp: {\n name: string;\n id?: string;\n };\n user: {\n id: string;\n name: string;\n displayName: string;\n };\n pubKeyCredParams: {\n type: string;\n alg: number;\n }[];\n attestation?: string;\n authenticatorSelection?: {\n userVerification?: string;\n authenticatorAttachment?: string;\n requireResidentKey?: boolean;\n residentKey?: string;\n };\n excludeCredentials?: {\n id: string;\n type: string;\n }[];\n hints?: string[];\n}\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: {\n enrolledQuestion?: {\n question: string;\n questionKey: string;\n };\n qrcode?: { \n href: string; \n method: string; \n type: string; \n };\n sharedSecret?: string;\n questions?: {\n questionKey: string;\n question: string;\n }[];\n questionKeys?: string[];\n selectedChannel?: string;\n activationData?: ActivationData;\n challengeData?: ChallengeData;\n };\n credentialId?: string;\n transports?: string[];\n enrollmentId?: string;\n profile?: Record<string, unknown>;\n resend?: Record<string, unknown>;\n poll?: Record<string, unknown>;\n recover?: Record<string, unknown>;\n deviceKnown?: boolean;\n nickname?: string;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | {form: IdxForm} | Input[];\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValueForm {\n form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string | IdxRemediationValueForm;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n produces?: string;\n refresh?: number;\n rel?: string[];\n action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n version: string;\n stateHandle: string;\n expiresAt: string;\n intent: string;\n currentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment: {\n type: string;\n value: IdxAuthenticator;\n };\n authenticators: {\n type: string;\n value: IdxAuthenticator[];\n };\n authenticatorEnrollments: {\n type: string;\n value: IdxAuthenticator[];\n };\n enrollmentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n user?: {\n type: string;\n value: Record<string, unknown>;\n };\n uiDisplay?: IdxContextUIDisplay\n app: {\n type: string;\n value: Record<string, unknown>;\n };\n messages?: IdxMessages;\n success?: IdxRemediation;\n failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n type: string;\n value: {\n label?: string;\n buttonLabel?: string;\n }\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n success?: boolean;\n successWithInteractionCode?: IdxRemediation;\n currentAuthenticator?: {\n type: string;\n value: IdxAuthenticator;\n };\n currentAuthenticatorEnrollment?: {\n type: string;\n value: IdxAuthenticator;\n };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n interactionHandle?: string;\n withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n (params: IdxActionParams): Promise<IdxResponse>;\n neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: IdxToPersist;\n context?: IdxContext;\n requestDidSucceed?: boolean;\n stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './api';\nexport * from './options';\nexport type {\n IdxMessage,\n IdxMessages,\n ChallengeData,\n ActivationData,\n IdxResponse,\n IdxContext,\n RawIdxResponse,\n IdxRemediation,\n IdxAuthenticator,\n IdxActionParams,\n IdxContextUIDisplay,\n\n} from './idx-js';\nexport * from './meta';\nexport type { FlowIdentifier } from './FlowIdentifier';\nexport type { FlowSpecification } from './FlowSpecification';\nexport type { WebauthnEnrollValues } from '../authenticator/WebauthnEnrollment';\nexport type { WebauthnVerificationValues } from '../authenticator/WebauthnVerification';\nexport * from './storage';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuthIdxInterface, \n AccountUnlockOptions, \n IdxTransaction,\n IdxFeature,\n} from './types';\n\nexport async function unlockAccount(\n authClient: OktaAuthIdxInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n options.flow = 'unlockAccount';\n\n // Only check at the beginning of the transaction\n if (!hasSavedInteractionHandle(authClient)) {\n const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n throw new AuthSdkError(\n 'Self Service Account Unlock is not supported based on your current org configuration.'\n );\n }\n }\n\n return run(authClient, { ...options });\n}\n","import { warn, split2 } from '../util';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport {\n OktaAuthIdxInterface,\n IdxFeature,\n NextStep,\n RemediateOptions,\n RemediationResponse,\n RunOptions,\n FlowIdentifier,\n FlowSpecification\n} from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\ntype GetFlowSpecification = (\n oktaAuth: OktaAuthIdxInterface,\n flow: FlowIdentifier\n) => FlowSpecification;\n\nconst ctx: {\n remediators: Record<string, RemediatorConstructor>,\n getFlowSpecification: GetFlowSpecification,\n} = {\n // default values to be used by minimal IDX API\n remediators: {},\n getFlowSpecification: function(_oktaAuth: OktaAuthIdxInterface, _flow: FlowIdentifier = 'default') {\n return {\n remediators: {}\n } as FlowSpecification;\n }\n};\n\n// should be set in createIdxAPI() factory\nexport function setRemediatorsCtx(newCtx: Partial<typeof ctx>) {\n Object.assign(ctx, newCtx);\n}\n\nexport function getFlowSpecification(oktaAuth: OktaAuthIdxInterface, flow: FlowIdentifier = 'default') {\n return ctx.getFlowSpecification(oktaAuth, flow);\n}\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n if (!value || !Array.isArray(value)) {\n return;\n }\n return value.reduce((messages, value) => {\n if (value.messages) {\n messages = [...messages, ...value.messages.value] as never;\n }\n if (value.form) {\n const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n messages = [...messages, ...messagesFromForm] as never;\n } \n if (value.options) {\n let optionValues = [];\n value.options.forEach(option => {\n if (!option.value || typeof option.value === 'string') {\n return;\n }\n optionValues = [...optionValues, option.value] as never;\n });\n const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n messages = [...messages, ...messagesFromOptions] as never;\n }\n return messages;\n }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n let messages: IdxMessage[] = [];\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages] as never;\n }\n\n // Handle field messages for current flow\n // Preserve existing logic for general cases, remove in the next major version\n // Follow ion response format for top level messages when useGenericRemediator is true\n if (!options.useGenericRemediator) {\n for (let remediation of neededToProceed) {\n const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages] as never;\n }\n }\n }\n\n // API may return identical error on same field, filter by i18n key\n const seen = {};\n messages = messages.reduce((filtered, message) => {\n const key = message.i18n?.key;\n if (key && seen[key] && message.message === seen[key].message) {\n return filtered;\n }\n seen[key] = message;\n filtered = [...filtered, message] as never;\n return filtered;\n }, []);\n\n return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP as never);\n }\n\n if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n }\n\n return res;\n}\n\nexport function getAvailableSteps(\n authClient: OktaAuthIdxInterface, \n idxResponse: IdxResponse, \n useGenericRemediator?: boolean\n): NextStep[] {\n const res: NextStep[] = [];\n\n const remediatorMap: Record<string, RemediatorConstructor> = Object.values(ctx.remediators)\n .reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of idxResponse.neededToProceed) {\n const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n if (T) {\n const remediator: Remediator = new T(remediation);\n res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n }\n }\n\n for (const [name] of Object.entries((idxResponse.actions || {}))) {\n let stepObj = {\n name, \n action: async (params?) => {\n return authClient.idx.proceed({ \n actions: [{ name, params }] \n });\n }\n };\n if (name.startsWith('currentAuthenticator')) {\n const [part1, part2] = split2(name, '-');\n const actionObj = idxResponse.rawIdxState[part1].value[part2];\n /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n const {\n href, \n method, \n rel, \n accepts, \n produces, \n ...rest\n } = actionObj;\n /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n stepObj = { \n ...rest, \n ...(value && { value }),\n ...stepObj,\n };\n }\n res.push(stepObj);\n }\n\n return res;\n}\n\nexport function filterValuesForRemediation(\n idxResponse: IdxResponse,\n remediationName: string,\n values: RemediationValues\n): RemediationValues {\n const remediations = idxResponse.neededToProceed || [];\n const remediation = remediations.find(r => r.name === remediationName);\n if (!remediation) {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n return values;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n const { name, value } = entry;\n if (name === 'stateHandle') {\n res[name] = value; // use the stateHandle value in the remediation\n } else {\n res[name] = values[name]; // use the value provided by the caller\n }\n return res;\n }, {});\n return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n const { useGenericRemediator, remediators } = options;\n \n if (!remediation) {\n return undefined;\n }\n\n if (useGenericRemediator) {\n return GenericRemediator;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions,\n): Remediator | undefined {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediators = options.remediators!;\n const useGenericRemediator = options.useGenericRemediator;\n const {neededToProceed: idxRemediations, context} = idxResponse;\n\n let remediator: Remediator;\n // remediation name specified by caller - fast-track remediator lookup \n if (options.step) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n if (remediation) {\n const T = getRemediatorClass(remediation, options);\n return T ? new T(remediation, values, options) : undefined;\n } else {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`step \"${options.step}\" did not match any remediations`);\n return;\n }\n }\n\n const remediatorCandidates: Remediator[] = [];\n if (useGenericRemediator) {\n // always pick the first remediation for when use GenericRemediator\n remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n } else {\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const T = getRemediatorClass(remediation, options)!;\n remediator = new T(remediation, values, options);\n if (remediator.canRemediate(context)) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nexport function handleFailedResponse(\n authClient: OktaAuthIdxInterface,\n idxResponse: IdxResponse,\n options = {}\n): RemediationResponse {\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse, options);\n if (terminal) {\n return { idxResponse, terminal, messages };\n } else {\n const remediator = getRemediator(idxResponse, {}, options);\n const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n return {\n idxResponse,\n messages,\n ...(nextStep && { nextStep }),\n };\n }\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n ActivationData,\n ChallengeData,\n IdxAuthenticator,\n WebauthnEnrollValues,\n WebauthnVerificationValues,\n} from './types';\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n const credentials: PublicKeyCredentialDescriptor[] = [];\n authenticatorEnrollments.forEach((enrollement) => {\n if (enrollement.key === 'webauthn') {\n const credential: PublicKeyCredentialDescriptor = {\n type: 'public-key',\n id: base64UrlToBuffer(enrollement.credentialId),\n };\n // transports may be at top-level or nested under profile\n const transports = enrollement.transports\n ?? (enrollement.profile as Record<string, unknown> | undefined)?.transports;\n if (Array.isArray(transports)) {\n credential.transports = transports as AuthenticatorTransport[];\n }\n credentials.push(credential);\n }\n });\n return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n rp: activationData.rp,\n user: {\n id: base64UrlToBuffer(activationData.user.id),\n name: activationData.user.name,\n displayName: activationData.user.displayName\n },\n challenge: base64UrlToBuffer(activationData.challenge),\n pubKeyCredParams: activationData.pubKeyCredParams,\n attestation: activationData.attestation,\n authenticatorSelection: activationData.authenticatorSelection,\n excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n ...(activationData.hints && { hints: activationData.hints }),\n }\n } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n return {\n publicKey: {\n challenge: base64UrlToBuffer(challengeData.challenge),\n userVerification: challengeData.userVerification,\n allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n ...(challengeData.rpId && { rpId: challengeData.rpId }),\n ...(challengeData.hints && { hints: challengeData.hints }),\n }\n } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential): WebauthnEnrollValues => {\n const response = credential.response as AuthenticatorAttestationResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const attestation = bufferToBase64Url(response.attestationObject);\n // getTransports() is a newer WebAuthn API not yet in all TS type definitions\n const getTransportsFn = (response as any).getTransports;\n const result: WebauthnEnrollValues = {\n id,\n clientData,\n attestation,\n };\n if (typeof getTransportsFn === 'function') {\n result.transports = JSON.stringify(getTransportsFn.call(response));\n }\n return result;\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential): WebauthnVerificationValues => {\n const response = credential.response as AuthenticatorAssertionResponse;\n const id = credential.id;\n const clientData = bufferToBase64Url(response.clientDataJSON);\n const authenticatorData = bufferToBase64Url(response.authenticatorData);\n const signatureData = bufferToBase64Url(response.signature);\n return {\n id,\n clientData,\n authenticatorData,\n signatureData\n };\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// exports all public methods from myaccount module\n\nexport * from './profileApi';\nexport * from './emailApi';\nexport * from './phoneApi';\nexport * from './passwordApi';","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n EmailTransaction, \n EmailChallengeTransaction \n} from './transactions';\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmails: IAPIFunction<EmailTransaction[]> = async (\n oktaAuth,\n options?\n) => {\n const transaction = await sendRequest<EmailTransaction, 'plural'>(oktaAuth, {\n url: '/idp/myaccount/emails',\n method: 'GET',\n accessToken: options?.accessToken\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmail: IAPIFunction<EmailTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}`,\n method: 'GET',\n accessToken,\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const addEmail: IAPIFunction<EmailTransaction> = async (\n oktaAuth, \n options\n): Promise<EmailTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/emails',\n method: 'POST',\n payload,\n accessToken,\n }, EmailTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const deleteEmail: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}`,\n method: 'DELETE',\n accessToken\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const sendEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${id}/challenge`,\n method: 'POST',\n accessToken,\n }, EmailChallengeTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n oktaAuth, \n options\n) => {\n const { emailId, challengeId, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}`,\n method: 'POST',\n accessToken,\n }, EmailChallengeTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const verifyEmailChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth,\n options\n) => {\n const { emailId, challengeId, payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}/verify`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../oidc/types';\nimport { createOktaAuthCore } from '../core/factory';\nimport { OktaAuthCoreOptions } from '../core/types';\nimport { mixinMyAccount } from './mixin';\nimport { OktaAuthMyAccountInterface } from './types';\n\nexport function createOktaAuthMyAccount\n<\n M extends PKCETransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManager: TransactionManagerConstructor<TM>\n)\n: OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n const Core = createOktaAuthCore<M, S, O>(StorageManagerConstructor, OptionsConstructor, TransactionManager);\n const WithMyAccount = mixinMyAccount<M, S, O>(Core);\n return WithMyAccount;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './api';\nexport * from './factory';\nexport * from './mixin';\nexport * from './types';\n","import { OktaAuthConstructor } from '../base/types';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n} from '../oidc/types';\nimport { OktaAuthMyAccountInterface } from './types';\n\nimport * as MyAccountMethods from './api';\n\nexport function mixinMyAccount\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n return class OktaAuthMyAccount extends Base implements OktaAuthMyAccountInterface<M, S, O>\n {\n myaccount: any;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.myaccount = Object.entries(MyAccountMethods)\n .filter(([ name ]) => name !== 'default')\n .reduce((acc, [name, fn]) => {\n acc[name] = (fn as any).bind(null, this);\n return acc;\n }, {});\n }\n };\n}\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n PasswordTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.password.read\n */\nexport const getPassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth,\n options\n) => {\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/password`,\n method: 'GET',\n accessToken: options?.accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const enrollPassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth, \n options\n): Promise<PasswordTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/password',\n method: 'POST',\n payload,\n accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const updatePassword: IAPIFunction<PasswordTransaction> = async (\n oktaAuth, \n options\n): Promise<PasswordTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/password',\n method: 'PUT',\n payload,\n accessToken,\n }, PasswordTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const deletePassword: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options?\n) => {\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/password`,\n method: 'DELETE',\n accessToken: options?.accessToken,\n });\n return transaction;\n};\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n BaseTransaction, \n PhoneTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhones: IAPIFunction<PhoneTransaction[]> = async (\n oktaAuth,\n options?\n) => {\n const transaction = await sendRequest<PhoneTransaction, 'plural'>(oktaAuth, {\n url: '/idp/myaccount/phones',\n method: 'GET',\n accessToken: options?.accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhone: IAPIFunction<PhoneTransaction> = async (\n oktaAuth,\n options\n) => {\n const { accessToken, id } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}`,\n method: 'GET',\n accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const addPhone: IAPIFunction<PhoneTransaction> = async (\n oktaAuth, \n options\n): Promise<PhoneTransaction> => {\n const { accessToken, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/phones',\n method: 'POST',\n payload,\n accessToken,\n }, PhoneTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const deletePhone: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { id, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}`,\n method: 'DELETE',\n accessToken,\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const sendPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth, \n options\n) => {\n const { accessToken, id, payload } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}/challenge`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const verifyPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n oktaAuth,\n options\n) => {\n const { id, payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: `/idp/myaccount/phones/${id}/verify`,\n method: 'POST',\n payload,\n accessToken\n });\n return transaction;\n};\n","import { sendRequest } from './request';\nimport { IAPIFunction } from './types';\nimport {\n ProfileTransaction,\n ProfileSchemaTransaction\n} from './transactions';\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfile: IAPIFunction<ProfileTransaction> = async (oktaAuth, options?) => {\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile',\n method: 'GET',\n accessToken: options?.accessToken,\n }, ProfileTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.manage\n */\nexport const updateProfile: IAPIFunction<ProfileTransaction> = async (\n oktaAuth, \n options\n) => {\n const { payload, accessToken } = options!;\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile',\n method: 'PUT',\n payload,\n accessToken,\n }, ProfileTransaction);\n return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfileSchema: IAPIFunction<ProfileSchemaTransaction> = async (\n oktaAuth, \n options?\n): Promise<ProfileSchemaTransaction> => {\n const transaction = await sendRequest(oktaAuth, {\n url: '/idp/myaccount/profile/schema',\n method: 'GET',\n accessToken: options?.accessToken,\n }, ProfileSchemaTransaction);\n return transaction;\n};\n","import { \n default as BaseTransaction,\n TransactionType,\n TransactionLinks\n} from './transactions/Base';\nimport { httpRequest } from '../http';\nimport { AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { RequestOptions as HttpRequestOptions } from '../http/types';\nimport { AccessToken, OktaAuthOAuthInterface } from '../oidc/types';\n\ntype SendRequestOptions = RequestOptions & {\n url: string;\n method: string;\n}\n\n/* eslint-disable complexity */\nexport async function sendRequest<\n T extends BaseTransaction = BaseTransaction,\n N extends 'plural' | 'single' = 'single',\n NT = N extends 'plural' ? T[] : T\n> (\n oktaAuth: OktaAuthOAuthInterface, \n options: SendRequestOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): Promise<NT> {\n const {\n accessToken: accessTokenObj\n } = oktaAuth.tokenManager.getTokensSync();\n\n const atToken = options.accessToken || accessTokenObj;\n const issuer = oktaAuth.getIssuerOrigin();\n const { url, method, payload } = options;\n const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n if (!atToken) {\n throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n }\n\n let accessToken: string | AccessToken = atToken;\n\n const httpOptions: HttpRequestOptions = {\n headers: { 'Accept': '*/*;okta-version=1.0.0' },\n url: requestUrl,\n method,\n ...(payload && { args: payload })\n };\n\n if (oktaAuth.options.dpop) {\n if (typeof accessToken === 'string') {\n throw new AuthSdkError('AccessToken object must be provided when using dpop');\n }\n\n const { Authorization, Dpop } = await oktaAuth.getDPoPAuthorizationHeaders({\n method,\n url: requestUrl,\n accessToken\n });\n httpOptions.headers!.Authorization = Authorization;\n httpOptions.headers!.Dpop = Dpop;\n }\n else {\n accessToken = typeof accessToken === 'string' ? accessToken : accessToken.accessToken;\n httpOptions.accessToken = accessToken;\n }\n\n const res = await httpRequest(oktaAuth, httpOptions);\n\n let ret: T | T[];\n if (Array.isArray(res)) {\n ret = res.map(item => new TransactionClass(oktaAuth, { \n res: item, \n accessToken\n }));\n } else {\n ret = new TransactionClass(oktaAuth, { \n res, \n accessToken\n });\n }\n return ret as NT;\n}\n/* eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n oktaAuth: OktaAuthOAuthInterface;\n accessToken: string | AccessToken;\n methodName: string;\n links: TransactionLinks;\n}\n\ntype IRequestFnFromLinks<T extends BaseTransaction> = (payload?) => Promise<T>;\n\nexport function generateRequestFnFromLinks<T extends BaseTransaction>(\n {\n oktaAuth, \n accessToken,\n methodName,\n links,\n }: GenerateRequestFnFromLinksOptions,\n TransactionClass: TransactionType<T> = BaseTransaction as TransactionType<T>,\n): IRequestFnFromLinks<T> {\n for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n if (method.toLowerCase() === methodName) {\n const link = links.self;\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method,\n payload,\n }, TransactionClass));\n }\n }\n \n const link = links[methodName];\n if (!link) {\n throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n }\n\n return (async (payload?) => sendRequest<T, 'single'>(oktaAuth, {\n accessToken,\n url: link.href,\n method: link.hints!.allow![0],\n payload,\n }, TransactionClass));\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { AccessToken } from '../../oidc/types';\n\nexport type TransactionLink = {\n href: string;\n hints?: {\n allow?: string[];\n };\n}\n\nexport type TransactionLinks = {\n self: TransactionLink;\n [property: string]: TransactionLink;\n}\n\ntype TransactionOptions = {\n // TODO: move res type to http module\n res: {\n headers: Record<string, string>;\n _links?: Record<string, TransactionLink>;\n [property: string]: unknown;\n };\n accessToken: string | AccessToken;\n};\n\nexport default class BaseTransaction {\n // Deprecated\n headers?: Record<string, string>;\n\n constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n const { res } = options;\n const { headers, ...rest } = res;\n \n // assign required fields from res\n if (headers) {\n this.headers = headers;\n }\n\n // add all rest fields from res\n Object.keys(rest).forEach(key => {\n if (key === '_links') {\n return;\n }\n this[key] = rest[key];\n });\n }\n}\n\nexport interface TransactionType<T extends BaseTransaction = BaseTransaction> extends Function {\n new (oktaAuth: OktaAuthHttpInterface, options: TransactionOptions): T;\n prototype: T;\n}\n","import EmailStatusTransaction from './EmailStatusTransaction';\nimport { \n EmailProfile, \n Status,\n VerificationPayload, \n} from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailChallengeTransaction extends BaseTransaction {\n id: string;\n expiresAt: string;\n profile: EmailProfile;\n status: Status;\n\n poll: () => Promise<EmailStatusTransaction>;\n // eslint-disable-next-line no-use-before-define\n verify: (payload: VerificationPayload) => Promise<EmailChallengeTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { accessToken, res } = options;\n // assign required fields from res\n const { id, expiresAt, profile, status, _links } = res;\n this.id = id;\n this.expiresAt = expiresAt;\n this.profile = profile;\n this.status = status;\n\n // assign transformed fns to transaction\n this.poll = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'poll', \n links: _links,\n }, EmailStatusTransaction);\n return await fn();\n };\n this.verify = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links,\n }, EmailChallengeTransaction);\n return await fn(payload);\n };\n }\n}\n","import { EmailProfile, Status } from '../types';\nimport BaseTransaction from './Base';\n\nexport default class EmailStatusTransaction extends BaseTransaction {\n id: string;\n expiresAt: string;\n profile: EmailProfile;\n status: Status;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res } = options;\n // assign required fields from res\n const { id, profile, expiresAt, status } = res;\n this.id = id;\n this.expiresAt = expiresAt;\n this.profile = profile;\n this.status = status;\n }\n}\n","import EmailChallengeTransaction from './EmailChallengeTransaction';\nimport EmailStatusTransaction from './EmailStatusTransaction';\nimport { EmailProfile, EmailRole, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailTransaction extends BaseTransaction {\n id: string;\n profile: EmailProfile;\n roles: EmailRole[];\n status: Status;\n\n // eslint-disable-next-line no-use-before-define\n get: () => Promise<EmailTransaction>;\n delete: () => Promise<BaseTransaction>;\n challenge: () => Promise<EmailChallengeTransaction>;\n poll?: () => Promise<EmailStatusTransaction>;\n verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { accessToken, res } = options;\n // assign required fields from res\n const { id, profile, roles, status, _links } = res;\n this.id = id;\n this.profile = profile;\n this.roles = roles;\n this.status = status;\n\n // assign transformed fns to transaction\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get', \n links: _links,\n }, EmailTransaction);\n return await fn();\n };\n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n this.challenge = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'challenge', \n links: _links,\n }, EmailChallengeTransaction);\n return await fn();\n };\n if (_links.poll) {\n this.poll = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'poll', \n links: _links,\n }, EmailStatusTransaction);\n return await fn();\n };\n }\n if (_links.verify) {\n this.verify = async (payload: VerificationPayload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links,\n });\n return await fn(payload);\n };\n }\n }\n}\n","import { EnrollPasswordPayload, UpdatePasswordPayload, PasswordStatus } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PasswordTransaction extends BaseTransaction {\n id: string;\n created: string;\n lastUpdated: string;\n status: PasswordStatus;\n\n // eslint-disable-next-line no-use-before-define\n get?: () => Promise<PasswordTransaction>;\n // eslint-disable-next-line no-use-before-define\n enroll?: (payload: EnrollPasswordPayload) => Promise<PasswordTransaction>;\n // eslint-disable-next-line no-use-before-define\n update?: (payload: UpdatePasswordPayload) => Promise<PasswordTransaction>;\n delete?: () => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res, accessToken } = options;\n // assign required fields from res\n const { id, status, created, lastUpdated, _links } = res;\n this.id = id;\n this.status = status;\n this.created = created;\n this.lastUpdated = lastUpdated;\n\n // assign transformed fns to transaction\n if (this.status == PasswordStatus.NOT_ENROLLED) {\n this.enroll = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'enroll',\n links: _links,\n }, PasswordTransaction);\n return await fn(payload);\n };\n }\n else {\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get',\n links: _links,\n }, PasswordTransaction);\n return await fn();\n };\n\n this.update = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'put', \n links: _links,\n }, PasswordTransaction);\n return await fn(payload);\n };\n \n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n }\n }\n}\n","import { ChallengePhonePayload, PhoneProfile, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PhoneTransaction extends BaseTransaction {\n id: string;\n profile: PhoneProfile;\n status: Status;\n\n // eslint-disable-next-line no-use-before-define\n get: () => Promise<PhoneTransaction>;\n delete: () => Promise<BaseTransaction>;\n challenge: (payload: ChallengePhonePayload) => Promise<BaseTransaction>;\n verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { res, accessToken } = options;\n // assign required fields from res\n const { id, profile, status, _links } = res;\n this.id = id;\n this.profile = profile;\n this.status = status;\n\n // assign transformed fns to transaction\n this.get = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'get', \n links: _links,\n }, PhoneTransaction);\n return await fn();\n };\n this.delete = async () => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'delete', \n links: _links \n });\n return await fn();\n };\n this.challenge = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'challenge', \n links: _links \n });\n return await fn(payload);\n };\n if (_links.verify) {\n this.verify = async (payload) => {\n const fn = generateRequestFnFromLinks({ \n oktaAuth, \n accessToken, \n methodName: 'verify', \n links: _links \n });\n return await fn(payload);\n } ;\n }\n }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileSchemaTransaction extends BaseTransaction {\n properties: Record<string, object>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n this.properties = options.res.properties;\n }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileTransaction extends BaseTransaction {\n createdAt: string;\n modifiedAt: string;\n profile: Record<string, string>;\n\n constructor(oktaAuth, options) {\n super(oktaAuth, options);\n\n const { createdAt, modifiedAt, profile } = options.res;\n this.createdAt = createdAt;\n this.modifiedAt = modifiedAt;\n this.profile = profile;\n }\n}\n","export { default as ProfileTransaction } from './ProfileTransaction';\nexport { default as ProfileSchemaTransaction } from './ProfileSchemaTransaction';\nexport { default as EmailTransaction } from './EmailTransaction';\nexport { default as EmailStatusTransaction } from './EmailStatusTransaction';\nexport { default as EmailChallengeTransaction } from './EmailChallengeTransaction';\nexport { default as PhoneTransaction } from './PhoneTransaction';\nexport { default as PasswordTransaction } from './PasswordTransaction';\nexport { default as BaseTransaction } from './Base';\n","import {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n AccessToken\n} from '../oidc/types';\n\nexport type { \n EmailTransaction, \n EmailStatusTransaction,\n EmailChallengeTransaction,\n PhoneTransaction,\n ProfileTransaction,\n ProfileSchemaTransaction,\n PasswordTransaction,\n BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n PRIMARY = 'PRIMARY',\n SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n VERIFIED = 'VERIFIED',\n UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n NOT_ENROLLED = 'NOT_ENROLLED',\n ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n email: string;\n}\n\nexport type AddEmailPayload = {\n profile: {\n email: string;\n };\n sendEmail: boolean;\n role: EmailRole;\n}\n\nexport type PhoneProfile = {\n profile: {\n phoneNumber: string;\n };\n}\n\nexport type AddPhonePayload = {\n profile: {\n phoneNumber: string;\n };\n sendCode: boolean;\n method: string;\n};\n\nexport type ChallengePhonePayload = {\n method: string;\n}\n\nexport type VerificationPayload = {\n verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n profile: {\n password: string;\n }\n}\n\nexport type UpdatePasswordPayload = {\n profile: {\n password: string;\n currentPassword?: string;\n }\n}\n\nexport type UpdateProfilePayload = {\n profile: {\n firstName?: string;\n lastName?: string;\n email?: string;\n login?: string;\n [property: string]: any;\n };\n};\n\nexport type MyAccountRequestOptions = {\n id?: string;\n emailId?: string;\n challengeId?: string;\n payload?: AddEmailPayload \n | AddPhonePayload \n | ChallengePhonePayload\n | VerificationPayload \n | UpdateProfilePayload\n | EnrollPasswordPayload\n | UpdatePasswordPayload;\n accessToken?: string | AccessToken;\n}\n\nexport type IAPIFunction<T> = (\n oktaAuth: OktaAuthOAuthInterface, \n options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n extends OktaAuthOAuthInterface<M, S, O>\n{\n myaccount;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n Token, \n Tokens, \n TokenType, \n TokenManagerOptions, \n isIDToken, \n isAccessToken,\n isRefreshToken,\n TokenManagerErrorEventHandler,\n TokenManagerSetStorageEventHandler,\n TokenManagerRenewEventHandler,\n TokenManagerEventHandler,\n TokenManagerInterface,\n RefreshToken,\n AccessTokenCallback,\n IDTokenCallback,\n RefreshTokenCallback,\n EVENT_RENEWED,\n EVENT_ADDED,\n EVENT_ERROR,\n EVENT_EXPIRED,\n EVENT_REMOVED,\n EVENT_SET_STORAGE,\n TokenManagerAnyEventHandler,\n TokenManagerAnyEvent,\n OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n // TODO: remove in next major version - OKTA-473815\n autoRenew: true,\n autoRemove: true,\n syncStorage: true,\n // --- //\n clearPendingRemoveTokens: true,\n storage: undefined, // will use value from storageManager config\n expireEarlySeconds: 30,\n storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n expireTimeouts: Record<string, unknown>;\n renewPromise: Promise<Token | undefined> | null;\n started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n return {\n expireTimeouts: {},\n renewPromise: null\n };\n}\nexport class TokenManager implements TokenManagerInterface {\n private sdk: OktaAuthOAuthInterface;\n private clock: SdkClock;\n private emitter: EventEmitter;\n private storage: StorageProvider;\n private state: TokenManagerState;\n private options: TokenManagerOptions;\n\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler: TokenManagerEventHandler, context?: object): void;\n on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n if (context) {\n this.emitter.on(event, handler, context);\n } else {\n this.emitter.on(event, handler);\n }\n }\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n handler?: TokenManagerEventHandler): void;\n off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n if (handler) {\n this.emitter.off(event, handler);\n } else {\n this.emitter.off(event);\n }\n }\n\n // eslint-disable-next-line complexity\n constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n this.sdk = sdk;\n this.emitter = (sdk as any).emitter;\n if (!this.emitter) {\n throw new AuthSdkError('Emitter should be initialized before TokenManager');\n }\n \n options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n if (!isLocalhost()) {\n options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n }\n\n this.options = options;\n\n const storageOptions: StorageOptions = removeNils({\n storageKey: options.storageKey,\n secure: options.secure,\n });\n if (typeof options.storage === 'object') {\n // A custom storage provider must implement getItem(key) and setItem(key, val)\n storageOptions.storageProvider = options.storage;\n } else if (options.storage) {\n storageOptions.storageType = options.storage as StorageType;\n }\n\n this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n this.clock = SdkClock.create(/* sdk, options */);\n this.state = defaultState();\n }\n\n start() {\n if (this.options.clearPendingRemoveTokens) {\n this.clearPendingRemoveTokens();\n }\n this.setExpireEventTimeoutAll();\n this.state.started = true;\n }\n \n stop() {\n this.clearExpireEventTimeoutAll();\n this.state.started = false;\n }\n\n isStarted() {\n return !!this.state.started;\n }\n\n getOptions(): TokenManagerOptions {\n return clone(this.options);\n }\n \n getExpireTime(token) {\n const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n var expireTime = token.expiresAt - expireEarlySeconds;\n return expireTime;\n }\n \n hasExpired(token) {\n var expireTime = this.getExpireTime(token);\n return expireTime <= this.clock.now();\n }\n \n emitExpired(key, token) {\n this.emitter.emit(EVENT_EXPIRED, key, token);\n }\n \n emitRenewed(key, freshToken, oldToken) {\n this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n }\n \n emitAdded(key, token) {\n this.emitter.emit(EVENT_ADDED, key, token);\n }\n \n emitRemoved(key, token?) {\n this.emitter.emit(EVENT_REMOVED, key, token);\n }\n \n emitError(error) {\n this.emitter.emit(EVENT_ERROR, error);\n }\n \n clearExpireEventTimeout(key) {\n clearTimeout(this.state.expireTimeouts[key] as any);\n delete this.state.expireTimeouts[key];\n \n // Remove the renew promise (if it exists)\n this.state.renewPromise = null;\n }\n \n clearExpireEventTimeoutAll() {\n var expireTimeouts = this.state.expireTimeouts;\n for (var key in expireTimeouts) {\n if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n continue;\n }\n this.clearExpireEventTimeout(key);\n }\n }\n \n setExpireEventTimeout(key, token) {\n if (isRefreshToken(token)) {\n return;\n }\n\n var expireTime = this.getExpireTime(token);\n var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n \n // Clear any existing timeout\n this.clearExpireEventTimeout(key);\n \n var expireEventTimeout = setTimeout(() => {\n this.emitExpired(key, token);\n }, expireEventWait);\n \n // Add a new timeout\n this.state.expireTimeouts[key] = expireEventTimeout;\n }\n \n setExpireEventTimeoutAll() {\n var tokenStorage = this.storage.getStorage();\n for(var key in tokenStorage) {\n if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n continue;\n }\n var token = tokenStorage[key];\n this.setExpireEventTimeout(key, token);\n }\n }\n \n // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n resetExpireEventTimeoutAll() {\n this.clearExpireEventTimeoutAll();\n this.setExpireEventTimeoutAll();\n }\n \n add(key, token: Token) {\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n }\n \n getSync(key): Token | undefined {\n var tokenStorage = this.storage.getStorage();\n return tokenStorage[key];\n }\n \n async get(key): Promise<Token | undefined> {\n return this.getSync(key);\n }\n \n getTokensSync(): Tokens {\n const tokens = {} as Tokens;\n const tokenStorage = this.storage.getStorage();\n Object.keys(tokenStorage).forEach(key => {\n const token = tokenStorage[key];\n if (isAccessToken(token)) {\n tokens.accessToken = token;\n } else if (isIDToken(token)) {\n tokens.idToken = token;\n } else if (isRefreshToken(token)) { \n tokens.refreshToken = token;\n }\n });\n return tokens;\n }\n \n async getTokens(): Promise<Tokens> {\n return this.getTokensSync();\n }\n\n getStorageKeyByType(type: TokenType): string {\n const tokenStorage = this.storage.getStorage();\n const key = Object.keys(tokenStorage).filter(key => {\n const token = tokenStorage[key];\n return (isAccessToken(token) && type === 'accessToken') \n || (isIDToken(token) && type === 'idToken')\n || (isRefreshToken(token) && type === 'refreshToken');\n })[0];\n return key;\n }\n\n private getTokenType(token: Token): TokenType {\n if (isAccessToken(token)) {\n return 'accessToken';\n }\n if (isIDToken(token)) {\n return 'idToken';\n }\n if(isRefreshToken(token)) {\n return 'refreshToken';\n }\n throw new AuthSdkError('Unknown token type');\n }\n\n // for synchronization of LocalStorage cross tabs for IE11\n private emitSetStorageEvent() {\n if (isIE11OrLess()) {\n const storage = this.storage.getStorage();\n this.emitter.emit(EVENT_SET_STORAGE, storage);\n }\n }\n\n // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n public getStorage() {\n return this.storage;\n }\n\n setTokens(\n tokens: Tokens,\n // TODO: callbacks can be removed in the next major version OKTA-407224\n accessTokenCb?: AccessTokenCallback, \n idTokenCb?: IDTokenCallback,\n refreshTokenCb?: RefreshTokenCallback\n ): void {\n const handleTokenCallback = (key, token) => {\n const type = this.getTokenType(token);\n if (type === 'accessToken') {\n accessTokenCb && accessTokenCb(key, token);\n } else if (type === 'idToken') {\n idTokenCb && idTokenCb(key, token);\n } else if (type === 'refreshToken') {\n refreshTokenCb && refreshTokenCb(key, token);\n }\n };\n const handleAdded = (key, token) => {\n this.emitAdded(key, token);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRenewed = (key, token, oldToken) => {\n this.emitRenewed(key, token, oldToken);\n this.clearExpireEventTimeout(key);\n this.setExpireEventTimeout(key, token);\n handleTokenCallback(key, token);\n };\n const handleRemoved = (key, token) => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, token);\n handleTokenCallback(key, token);\n };\n \n const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n const existingTokens = this.getTokensSync();\n\n // valid tokens\n types.forEach((type) => {\n const token = tokens[type];\n if (token) {\n validateToken(token, type);\n }\n });\n \n // add token to storage\n const storage = types.reduce((storage, type) => {\n const token = tokens[type];\n if (token) {\n const storageKey = this.getStorageKeyByType(type) || type;\n storage[storageKey] = token;\n }\n return storage;\n }, {});\n this.storage.setStorage(storage);\n this.emitSetStorageEvent();\n\n // emit event and start expiration timer\n types.forEach(type => {\n const newToken = tokens[type];\n const existingToken = existingTokens[type];\n const storageKey = this.getStorageKeyByType(type) || type;\n if (newToken && existingToken) { // renew\n // call handleRemoved first, since it clears timers\n handleRemoved(storageKey, existingToken);\n handleAdded(storageKey, newToken);\n handleRenewed(storageKey, newToken, existingToken);\n } else if (newToken) { // add\n handleAdded(storageKey, newToken);\n } else if (existingToken) { //remove\n handleRemoved(storageKey, existingToken);\n }\n });\n }\n \n remove(key) {\n // Clear any listener for this token\n this.clearExpireEventTimeout(key);\n \n var tokenStorage = this.storage.getStorage();\n var removedToken = tokenStorage[key];\n delete tokenStorage[key];\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n \n this.emitRemoved(key, removedToken);\n }\n \n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n async renewToken(token) {\n return this.sdk.token?.renew(token);\n }\n // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n validateToken(token: Token) {\n return validateToken(token);\n }\n\n // TODO: renew method should take no param, change in the next major version OKTA-407224\n renew(key): Promise<Token | undefined> {\n // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n if (this.state.renewPromise) {\n return this.state.renewPromise;\n }\n\n try {\n var token = this.getSync(key);\n let shouldRenew = token !== undefined;\n // explicitly check if key='accessToken' because token keys are not guaranteed (long story, features dragons)\n if (!token && key === 'accessToken') {\n // attempt token renewal if refresh token is present (improves consistency of autoRenew)\n const refreshKey = this.getStorageKeyByType('refreshToken');\n const refreshToken = this.getSync(refreshKey);\n shouldRenew = refreshToken !== undefined;\n }\n\n if (!shouldRenew) {\n throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n }\n }\n catch (err) {\n this.emitError(err);\n return Promise.reject(err);\n }\n\n // Remove existing autoRenew timeout\n this.clearExpireEventTimeout(key);\n \n // A refresh token means a replace instead of renewal\n // Store the renew promise state, to avoid renewing again\n const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n .then(tokens => {\n this.setTokens(tokens);\n\n // return accessToken in case where access token doesn't exist\n // but refresh token exists\n if (!token && key === 'accessToken') {\n const accessToken = tokens['accessToken'];\n this.emitRenewed(key, accessToken, null);\n return accessToken;\n }\n\n // resolve token based on the key\n const tokenType = this.getTokenType(token!);\n return tokens[tokenType];\n })\n .catch(err => {\n // If renew fails, remove token from storage and emit error\n this.remove(key);\n err.tokenKey = key;\n this.emitError(err);\n throw err;\n })\n .finally(() => {\n // Remove existing promise key\n this.state.renewPromise = null;\n });\n \n return renewPromise;\n }\n \n clear() {\n const tokens = this.getTokensSync();\n this.clearExpireEventTimeoutAll();\n this.storage.clearStorage();\n this.emitSetStorageEvent();\n\n Object.keys(tokens).forEach(key => {\n this.emitRemoved(key, tokens[key]);\n });\n }\n\n clearPendingRemoveTokens() {\n const tokenStorage = this.storage.getStorage();\n const removedTokens = {};\n Object.keys(tokenStorage).forEach(key => {\n if (tokenStorage[key].pendingRemove) {\n removedTokens[key] = tokenStorage[key];\n delete tokenStorage[key];\n }\n });\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n Object.keys(removedTokens).forEach(key => {\n this.clearExpireEventTimeout(key);\n this.emitRemoved(key, removedTokens[key]);\n });\n }\n\n updateRefreshToken(token: RefreshToken) {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n // do not emit any event\n var tokenStorage = this.storage.getStorage();\n validateToken(token);\n tokenStorage[key] = token;\n this.storage.setStorage(tokenStorage);\n this.emitSetStorageEvent();\n }\n\n removeRefreshToken () {\n const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n this.remove(key);\n }\n\n addPendingRemoveFlags() {\n const tokens = this.getTokensSync();\n Object.keys(tokens).forEach(key => {\n tokens[key].pendingRemove = true;\n });\n this.setTokens(tokens);\n }\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n TransactionMeta,\n isTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n OAuthTransactionMeta,\n OAuthStorageManagerInterface,\n ClearTransactionMetaOptions,\n TransactionManagerInterface,\n PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n return class TransactionManager implements TransactionManagerInterface\n {\n options: TransactionManagerOptions;\n storageManager: S;\n enableSharedStorage: boolean;\n saveLastResponse: boolean;\n\n constructor(options: TransactionManagerOptions) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = options.storageManager! as S;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.saveLastResponse = options.saveLastResponse === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: M, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n return null;\n }\n\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from './types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n var jwt = token.split('.');\n var decodedToken: JWTObject;\n\n try {\n decodedToken = {\n header: JSON.parse(base64UrlToString(jwt[0])),\n payload: JSON.parse(base64UrlToString(jwt[1])),\n signature: jwt[2]\n };\n } catch (e) {\n throw new AuthSdkError('Malformed token');\n }\n\n return decodedToken;\n}\n","// References:\n// https://www.w3.org/TR/WebCryptoAPI/#concepts-key-storage\n// https://datatracker.ietf.org/doc/html/rfc9449\n\nimport {\n webcrypto,\n stringToBase64Url,\n stringToBuffer,\n bufferToBase64Url,\n base64ToBase64Url,\n btoa\n} from '../crypto';\nimport { AuthSdkError, OAuthError, WWWAuthError, isOAuthError, isWWWAuthError } from '../errors';\nimport { Tokens } from './types';\n\nexport interface DPoPClaims {\n htm: string;\n htu: string;\n iat: number;\n jti: string;\n nonce?: string;\n ath?: string;\n}\n\nexport interface DPoPProofParams {\n keyPair: CryptoKeyPair;\n url: string;\n method: string;\n nonce?: string;\n accessToken?: string;\n}\n\nexport type ResourceDPoPProofParams = Omit<DPoPProofParams, 'keyPair' | 'nonce'>;\ntype DPoPProofTokenRequestParams = Omit<DPoPProofParams, 'accessToken'>;\n\nconst INDEXEDDB_NAME = 'OktaAuthJs';\nconst DB_KEY = 'DPoPKeys';\n\nexport function isDPoPNonceError(obj: any): obj is OAuthError | WWWAuthError {\n return (\n (isOAuthError(obj) || isWWWAuthError(obj)) &&\n obj.errorCode === 'use_dpop_nonce'\n );\n}\n\n/////////// crypto ///////////\n\nexport async function createJwt(header: object, claims: object, signingKey: CryptoKey): Promise<string> {\n const head = stringToBase64Url(JSON.stringify(header));\n const body = stringToBase64Url(JSON.stringify(claims));\n const signature = await webcrypto.subtle.sign(\n { name: signingKey.algorithm.name }, signingKey, stringToBuffer(`${head}.${body}`)\n );\n return `${head}.${body}.${base64ToBase64Url(bufferToBase64Url(signature))}`;\n}\n\nexport function cryptoRandomValue (byteLen = 32) {\n return [...webcrypto.getRandomValues(new Uint8Array(byteLen))].map(v => v.toString(16)).join('');\n}\n\nexport async function generateKeyPair (): Promise<CryptoKeyPair> {\n const algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: 'SHA-256',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n };\n\n // The \"false\" here makes it non-exportable\n // https://caniuse.com/mdn-api_subtlecrypto_generatekey\n return webcrypto.subtle.generateKey(algorithm, false, ['sign', 'verify']);\n}\n\nasync function hashAccessToken (accessToken: string): Promise<string> {\n const buffer = new TextEncoder().encode(accessToken);\n const hash = await webcrypto.subtle.digest('SHA-256', buffer);\n\n return btoa(String.fromCharCode.apply(null, new Uint8Array(hash) as unknown as number[]))\n .replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n/////////// indexeddb / keystore ///////////\n\n\n// https://developer.mozilla.org/en-US/docs/Web/API/IDBObjectStore#instance_methods\n// add additional methods as needed\nexport type StoreMethod = 'get' | 'add' | 'delete' | 'clear';\n\n// convenience abstraction for exposing IDBObjectStore instance\nfunction keyStore (): Promise<IDBObjectStore> {\n return new Promise((resolve, reject) => {\n try {\n const indexedDB = window.indexedDB;\n const req = indexedDB.open(INDEXEDDB_NAME, 1);\n\n req.onerror = function () {\n reject(req.error!);\n };\n\n req.onupgradeneeded = function () {\n const db = req.result;\n db.createObjectStore(DB_KEY);\n };\n\n req.onsuccess = function () {\n const db = req.result;\n const tx = db.transaction(DB_KEY, 'readwrite');\n\n tx.onerror = function () {\n reject(tx.error!);\n };\n\n const store = tx.objectStore(DB_KEY);\n\n resolve(store);\n\n tx.oncomplete = function () {\n db.close();\n };\n };\n }\n catch (err) {\n reject(err);\n }\n });\n}\n\n// convenience abstraction for wrapping IDBObjectStore methods in promises\nasync function invokeStoreMethod (method: StoreMethod, ...args: any[]): Promise<IDBRequest> {\n const store = await keyStore();\n return new Promise((resolve, reject) => {\n // https://github.com/microsoft/TypeScript/issues/49700\n // https://github.com/microsoft/TypeScript/issues/49802\n // @ts-expect-error ts(2556)\n const req = store[method](...args);\n req.onsuccess = function () {\n resolve(req);\n };\n req.onerror = function () {\n reject(req.error);\n };\n });\n}\n\nasync function storeKeyPair (pairId: string, keyPair: CryptoKeyPair) {\n await invokeStoreMethod('add', keyPair, pairId);\n return keyPair;\n}\n\n// attempts to find keyPair stored at given key, otherwise throws\nexport async function findKeyPair (pairId?: string): Promise<CryptoKeyPair> {\n if (pairId) {\n const req = await invokeStoreMethod('get', pairId);\n if (req.result) {\n return req.result;\n }\n }\n\n // defaults to throwing unless keyPair is found\n throw new AuthSdkError(`Unable to locate dpop key pair required for refresh${pairId ? ` (${pairId})` : ''}`);\n}\n\nexport async function clearDPoPKeyPair (pairId: string): Promise<void> {\n await invokeStoreMethod('delete', pairId);\n}\n\nexport async function clearAllDPoPKeyPairs (): Promise<void> {\n await invokeStoreMethod('clear');\n}\n\n// generates a crypto (non-extractable) private key pair and writes it to indexeddb, returns key (id)\nexport async function createDPoPKeyPair (): Promise<{keyPair: CryptoKeyPair, keyPairId: string}> {\n const keyPairId = cryptoRandomValue(4);\n const keyPair = await generateKeyPair();\n await storeKeyPair(keyPairId, keyPair);\n return { keyPair, keyPairId };\n}\n\n// will clear PK from storage if certain token conditions are met\n/* eslint max-len: [2, 132], complexity: [2, 12] */\nexport async function clearDPoPKeyPairAfterRevoke (revokedToken: 'access' | 'refresh', tokens: Tokens): Promise<void> {\n let shouldClear = false;\n\n const { accessToken, refreshToken } = tokens;\n\n // revoking access token and refresh token doesn't exist\n if (revokedToken === 'access' && accessToken && accessToken.tokenType === 'DPoP' && !refreshToken) {\n shouldClear = true;\n }\n\n // revoking refresh token and access token doesn't exist\n if (revokedToken === 'refresh' && refreshToken && !accessToken) {\n shouldClear = true;\n }\n\n const pairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n if (shouldClear && pairId) {\n await clearDPoPKeyPair(pairId);\n }\n}\n\n/////////// proof generation methods ///////////\n\nexport async function generateDPoPProof ({ keyPair, url, method, nonce, accessToken }: DPoPProofParams): Promise<string> {\n const { kty, crv, e, n, x, y } = await webcrypto.subtle.exportKey('jwk', keyPair.publicKey);\n const header = {\n alg: 'RS256',\n typ: 'dpop+jwt',\n jwk: { kty, crv, e, n, x, y }\n };\n\n const claims: DPoPClaims = {\n htm: method,\n htu: url,\n iat: Math.floor(Date.now() / 1000),\n jti: cryptoRandomValue(),\n };\n\n if (nonce) {\n claims.nonce = nonce;\n }\n\n // encode access token\n if (accessToken) {\n claims.ath = await hashAccessToken(accessToken);\n }\n\n return createJwt(header, claims, keyPair.privateKey);\n}\n\n/* eslint max-len: [2, 132] */\nexport async function generateDPoPForTokenRequest ({ keyPair, url, method, nonce }: DPoPProofTokenRequestParams): Promise<string> {\n const params: DPoPProofParams = { keyPair, url, method };\n if (nonce) {\n params.nonce = nonce;\n }\n\n return generateDPoPProof(params);\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n 'acr_values': tokenParams.acrValues,\n 'enroll_amr_values': tokenParams.enrollAmrValues,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type', 'enroll_amr_values'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else if (tokenParams.scopes) {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, AuthApiError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\nimport { generateDPoPForTokenRequest, isDPoPNonceError } from '../dpop';\n\nexport interface TokenEndpointParams extends TokenParams {\n dpopKeyPair?: CryptoKeyPair;\n}\n\ninterface TokenRequestParams {\n url: string;\n data: any;\n dpopKeyPair?: CryptoKeyPair;\n nonce?: string;\n}\n\nfunction validateOptions(options: TokenEndpointParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n/* eslint complexity: [2, 10] */\nasync function makeTokenRequest (sdk, { url, data, nonce, dpopKeyPair }: TokenRequestParams): Promise<OAuthResponse> {\n const method = 'POST';\n const headers: any = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n if (sdk.options.dpop) {\n if (!dpopKeyPair) {\n throw new AuthSdkError('DPoP is configured but no key pair was provided');\n }\n\n const proof = await generateDPoPForTokenRequest({ url, method, nonce, keyPair: dpopKeyPair });\n headers.DPoP = proof;\n }\n\n try {\n const resp = await httpRequest(sdk, {\n url,\n method,\n args: data,\n headers\n });\n return resp;\n }\n catch (err) {\n if (isDPoPNonceError(err) && !nonce) {\n const dpopNonce = err.resp?.headers['dpop-nonce'];\n if (!dpopNonce) {\n // throws error is dpop-nonce header cannot be found, prevents infinite loop\n throw new AuthApiError(\n {errorSummary: 'No `dpop-nonce` header found when required'},\n err.resp ?? undefined // yay ts\n );\n }\n return makeTokenRequest(sdk, { url, data, dpopKeyPair, nonce: dpopNonce });\n }\n throw err;\n }\n}\n\n// exchange authorization code for an access token\nexport async function postToTokenEndpoint(sdk, options: TokenEndpointParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const params: TokenRequestParams = {\n url: urls.tokenUrl!,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n\nexport async function postRefreshToken(\n sdk: OktaAuthHttpInterface,\n options: TokenEndpointParams,\n refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n const data = Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&');\n\n let url = refreshToken.tokenUrl;\n if (options.extraParams && Object.keys(options.extraParams).length >= 1) {\n url += toQueryString(options.extraParams);\n }\n\n const params: TokenRequestParams = {\n url,\n data,\n dpopKeyPair: options?.dpopKeyPair\n };\n\n return makeTokenRequest(sdk, params);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOAuthInterface, WellKnownResponse } from '../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthOAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from './types';\nimport { clone } from '../util';\nimport { prepareEnrollAuthenticatorParams, createEnrollAuthenticatorMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function enrollAuthenticator(\n sdk: OktaAuthOAuthInterface, \n options: EnrollAuthenticatorOptions\n): void {\n options = clone(options) || {};\n\n const params = prepareEnrollAuthenticatorParams(sdk, options);\n const meta = createEnrollAuthenticatorMeta(sdk, params);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(params);\n sdk.transactionManager.save(meta);\n if (sdk.options.setLocation) {\n sdk.options.setLocation(requestUrl);\n } else {\n window.location.assign(requestUrl);\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint, TokenEndpointParams } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { createDPoPKeyPair, findKeyPair } from './dpop';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport async function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state,\n acrValues,\n dpop,\n dpopPairId,\n extraParams\n } = tokenParams;\n\n // postToTokenEndpoint() params\n const getTokenOptions: TokenEndpointParams = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n dpop,\n };\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n // handleOAuthResponse() params\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n acrValues,\n extraParams\n };\n\n try {\n if (dpop) {\n // token refresh, KP should already exist\n if (dpopPairId) {\n const keyPair = await findKeyPair(dpopPairId);\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = dpopPairId;\n }\n else {\n const { keyPair, keyPairId } = await createDPoPKeyPair();\n getTokenOptions.dpopKeyPair = keyPair;\n handleResponseOptions.dpop = dpop;\n handleResponseOptions.dpopPairId = keyPairId;\n }\n }\n\n const oauthResponse: OAuthResponse = await postToTokenEndpoint(sdk, getTokenOptions, urls);\n\n const tokenResponse: TokenResponse = await handleOAuthResponse(sdk, handleResponseOptions, oauthResponse, urls!);\n tokenResponse.code = authorizationCode;\n tokenResponse.state = state!;\n return tokenResponse;\n }\n finally {\n sdk.transactionManager.clear();\n }\n}\n","import { StorageManagerConstructor } from '../../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\n\nimport { createOktaAuthBase } from '../../base';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinOAuth } from '../mixin';\nimport {\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n OAuthStorageManagerInterface,\n PKCETransactionMeta,\n TransactionManagerConstructor,\n TransactionManagerInterface\n} from '../types';\n\nexport function createOktaAuthOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n StorageManagerConstructor: StorageManagerConstructor<S>,\n OptionsConstructor: OktaAuthOptionsConstructor<O>,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const Base = createOktaAuthBase(OptionsConstructor);\n const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n const WithHttp = mixinHttp<S, O>(WithStorage);\n const WithSession = mixinSession<S, O>(WithHttp);\n const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n return WithOAuth;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup, getWithIDPPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n AccessToken,\n CustomUserClaims,\n GetWithRedirectFunction,\n IDToken,\n OktaAuthOAuthInterface,\n ParseFromUrlInterface,\n TokenAPI,\n UserClaims,\n Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(queue, method, null);\n };\n\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n const token: TokenAPI ={\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n getWithPopup: getWithPopup.bind(null, sdk),\n getWithIDPPopup: getWithIDPPopup.bind(null, sdk),\n getWithRedirect: getWithRedirectFn,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, sdk),\n renew: renewToken.bind(null, sdk),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n renewTokens: renewTokens.bind(null, sdk),\n getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n accessTokenObject: AccessToken,\n idTokenObject: IDToken\n ): Promise<UserClaims<C>> => {\n return getUserInfo(sdk, accessTokenObject, idTokenObject);\n },\n verify: verifyToken.bind(null, sdk),\n isLoginRedirect: isLoginRedirect.bind(null, sdk),\n introspect: oidcIntrospect.bind(null, sdk),\n };\n\n // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n const toWrap = [\n 'getWithoutPrompt',\n 'getWithPopup',\n 'revoke',\n 'renew',\n 'renewTokensWithRefresh',\n 'renewTokens'\n ];\n toWrap.forEach(key => {\n token[key] = useQueue(token[key]);\n });\n\n return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n return {\n authorize: {\n enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport {\n OktaAuthOAuthInterface,\n BaseTokenAPI,\n} from '../types';\nimport { prepareTokenParams } from '../util';\n\n// Factory\nexport function createBaseTokenAPI(sdk: OktaAuthOAuthInterface): BaseTokenAPI {\n const token: BaseTokenAPI = {\n prepareTokenParams: prepareTokenParams.bind(null, sdk),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n decode: decodeToken,\n };\n\n return token;\n}\n","export * from './api';\nexport * from './OktaAuthOAuth';\n","\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener,\n addIDPPopupLisenter\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthOAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType: 'IFRAME' | 'POPUP' | 'IDP_POPUP' | 'IMPLICIT' = 'IMPLICIT';\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n }\n else if (tokenParams.display === 'popup') {\n flowType = options.idpPopup ? 'IDP_POPUP' : 'POPUP';\n }\n else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n case 'IDP_POPUP':\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var idpPromise = addIDPPopupLisenter(sdk, options.timeout, options.channel!, tokenParams.state!);\n\n // Redirect for authorization\n // popupWindow can be null when popup is blocked\n if (popupWindow) {\n popupWindow.location.assign(requestUrl);\n }\n else {\n throw new AuthSdkError('Unable to open popup window');\n }\n\n return idpPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError, OAuthError, WWWAuthError, AuthApiError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n sdk, accessTokenObject: AccessToken,\n idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n const options: any = {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n };\n\n if (sdk.options.dpop) {\n const headers = await sdk.getDPoPAuthorizationHeaders({...options, accessToken: accessTokenObject });\n options.headers = headers;\n delete options.accessToken; // unset to prevent overriding Auth header with Bearer Token\n }\n\n return httpRequest(sdk, options)\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n // throw OAuthError to avoid breaking change (when dpop is not being used)\n if (err instanceof WWWAuthError && !sdk.options.dpop) {\n const { error, errorDescription } = err;\n throw new OAuthError(error, errorDescription);\n }\n\n // throw OAuthError to avoid breaking change (when dpop is not being used)\n if (!sdk.options.dpop) {\n let e = err;\n if (err instanceof AuthApiError && err?.meta?.wwwAuthHeader) {\n e = WWWAuthError.parseHeader(err.meta.wwwAuthHeader as string);\n }\n\n if (e instanceof WWWAuthError) {\n const { error, errorDescription } = e;\n throw new OAuthError(error, errorDescription);\n }\n }\n\n throw err;\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup, generateState } from './util';\n\nexport function getWithPopup(\n sdk: OktaAuthOAuthInterface,\n options: TokenParams & { initialPath?: string }\n): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n const { initialPath, ...params } = options;\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup(initialPath ?? '/', params);\n options = clone(params) || {};\n Object.assign(params, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, params);\n}\n\nexport function getWithIDPPopup(\n sdk: OktaAuthOAuthInterface,\n options: Omit<TokenParams, 'redirectUri'> & { redirectUri: string }\n): { cancel: () => void, promise: Promise<TokenResponse> } {\n try {\n // eslint-disable-next-line compat/compat\n if (!BroadcastChannel) {\n throw new AuthSdkError('Modern browser with `BroadcastChannel` support is required to use this method');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('`redirectUri` is a required param for `getWithIDPPopup`');\n }\n\n if (!options.state) {\n options.state = generateState();\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n // eslint-disable-next-line compat/compat\n const channel = new BroadcastChannel(`popup-callback:${options.state}`);\n\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'query',\n popupWindow,\n idpPopup: true,\n channel,\n });\n\n let cancelPromise;\n const promise = new Promise<TokenResponse>((resolve, reject) => {\n cancelPromise = reject;\n return getToken(sdk, options)\n .then((res) => resolve(res))\n .catch(err => reject(err));\n });\n\n const cancel = () => {\n channel.close();\n cancelPromise(new AuthSdkError('Popup flow canceled'));\n };\n\n return {\n promise,\n cancel\n };\n }\n catch (err) {\n return {\n promise: Promise.reject(err),\n cancel: () => {} // noop, no need to for method when error is thrown\n };\n }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from './types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOAuthInterface, options?: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n const tokenParams = await prepareTokenParams(sdk, options);\n const meta = createOAuthMeta(sdk, tokenParams);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n sdk.transactionManager.save(meta);\n if (sdk.options.setLocation) {\n sdk.options.setLocation(requestUrl);\n } else {\n window.location.assign(requestUrl);\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n }\n \n options = clone(options) || {};\n Object.assign(options, {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n });\n return getToken(sdk, options);\n}\n\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthOAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n const pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n let responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType) && responseType !== 'none') {\n responseType = [responseType];\n }\n\n let scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n const clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n if (tokenParams.dpop) {\n const { allowBearerTokens } = sdk.options?.dpopOptions ?? { allowBearerTokens: false };\n\n // https://datatracker.ietf.org/doc/html/rfc9449#token-response\n // \"A token_type of DPoP MUST be included in the access token response to signal to the client\"\n if (!allowBearerTokens && res.token_type !== 'DPoP') {\n throw new AuthSdkError('Unable to parse OAuth flow response: DPoP was configured but \"token_type\" was not DPoP');\n }\n }\n\n const tokenDict = {} as Tokens;\n const expiresIn = res.expires_in;\n const tokenType = res.token_type;\n const accessToken = res.access_token;\n const idToken = res.id_token;\n const refreshToken = res.refresh_token;\n const now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n const accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.accessToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.accessToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n\n if (tokenParams.dpopPairId) {\n tokenDict.refreshToken.dpopPairId = tokenParams.dpopPairId;\n }\n\n if (tokenParams.extraParams) {\n tokenDict.refreshToken.extraParams = tokenParams.extraParams;\n }\n }\n\n if (idToken) {\n const idJwt = sdk.token.decode(idToken);\n const idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n if (tokenParams.extraParams) {\n idTokenObj.extraParams = tokenParams.extraParams;\n }\n\n const validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken,\n acrValues: tokenParams.acrValues\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code,\n responseType\n };\n \n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './factory';\nexport * from './mixin';\nexport * from './storage';\nexport * from './endpoints';\nexport * from './options';\nexport * from './types';\nexport * from './TokenManager';\nexport * from './TransactionManager';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup, getWithIDPPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\nexport { oidcIntrospect } from './introspect';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n accessToken: 'access_token',\n idToken: 'id_token',\n refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n let issuer: string;\n let clientId: string = sdk.options.clientId;\n let clientSecret: string | undefined = sdk.options.clientSecret;\n\n if (!token) {\n token = sdk.tokenManager.getTokens()[kind];\n }\n\n if (!token) {\n throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n }\n\n if (kind !== TokenKind.ACCESS) {\n issuer = (token as any)?.issuer;\n }\n else {\n issuer = (token as any)?.claims?.iss;\n }\n issuer = issuer || sdk.options.issuer;\n\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n }\n if (!issuer) {\n throw new AuthSdkError('Unable to find issuer');\n }\n\n const { introspection_endpoint: introspectUrl } = await getWellKnown(sdk, issuer);\n const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n const args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: hintMap[kind],\n token: token[kind] // extract raw token string from token object\n }).slice(1);\n return post(sdk, introspectUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + authHeader\n }\n });\n}\n","import { REFERRER_PATH_STORAGE_KEY } from '../../constants';\nimport browserStorage from '../../browser/browserStorage';\nimport { OktaAuthStorageInterface } from '../../storage';\nimport { OktaAuthConstructor } from '../../base';\nimport {\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthOptions,\n OriginalUriApi,\n PKCETransactionMeta,\n} from '../types';\n\nexport function provideOriginalUri\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n = OktaAuthConstructor<OktaAuthStorageInterface<S, O>> \n>\n(BaseClass: TBase) {\n return class WithOriginalUri extends BaseClass implements OriginalUriApi {\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n \n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n \n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n \n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n \n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n \n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n };\n}\n","import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n PromiseQueue,\n isFunction\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n AccessToken,\n CustomUserClaims,\n IDToken,\n IsAuthenticatedOptions,\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n PkceAPI,\n PKCETransactionMeta,\n RefreshToken,\n SigninWithRedirectOptions,\n SignoutOptions,\n SignoutRedirectUrlOptions,\n TokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n UserClaims,\n Endpoints,\n DPoPRequest,\n DPoPHeaders\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory/api';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect, hasResponseType } from '../util';\nimport { \n generateDPoPProof,\n clearDPoPKeyPair,\n clearAllDPoPKeyPairs,\n clearDPoPKeyPairAfterRevoke,\n findKeyPair,\n isDPoPNonceError\n} from '../dpop';\nimport { AuthSdkError, WWWAuthError } from '../../errors';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n const WithOriginalUri = provideOriginalUri(Base);\n return class OktaAuthOAuth extends WithOriginalUri\n implements OktaAuthOAuthInterface<M, S, O, TM>\n {\n static crypto: CryptoAPI = crypto;\n token: TokenAPI;\n tokenManager: TokenManager;\n transactionManager: TM;\n pkce: PkceAPI;\n endpoints: Endpoints;\n\n _pending: { handleLogin: boolean };\n _tokenQueue: PromiseQueue;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n \n this._pending = { handleLogin: false };\n\n this._tokenQueue = new PromiseQueue();\n\n this.token = createTokenAPI(this, this._tokenQueue);\n\n // TokenManager\n this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n this.endpoints = createEndpoints(this);\n }\n\n // inherited from subclass\n clearStorage(): void {\n super.clearStorage();\n \n // Clear all local tokens\n this.tokenManager.clear();\n }\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n // eslint-disable-next-line complexity\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n \n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n \n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n \n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n async getOrRenewAccessToken(): Promise<string | null> {\n const { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && !this.tokenManager.hasExpired(accessToken)) {\n return accessToken.accessToken;\n }\n try {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n const token = await this.tokenManager.renew(key ?? 'accessToken');\n return (token as AccessToken)?.accessToken ?? null;\n }\n catch (err) {\n this.emitter.emit('error', err);\n return null;\n }\n }\n \n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens, responseType } = await this.token.parseFromUrl();\n if (responseType !== 'none') {\n this.tokenManager.setTokens(tokens);\n }\n }\n \n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n \n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n const tokens = await this.tokenManager.getTokens();\n accessToken = tokens.accessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('access', tokens);\n }\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n const tokens = await this.tokenManager.getTokens();\n refreshToken = tokens.refreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n\n if (this.options.dpop) {\n await clearDPoPKeyPairAfterRevoke('refresh', tokens);\n }\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (postLogoutRedirectUri === undefined) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n // eslint-disable-next-line complexity, max-statements\n async signOut(options?: SignoutOptions): Promise<boolean> {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n const defaultUri = window.location.origin;\n const currentUri = window.location.href;\n // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n // \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n // Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n // - https://developer.okta.com/docs/reference/api/oidc/#logout\n const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n (options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri);\n const state = options?.state;\n \n \n let accessToken = options.accessToken;\n let refreshToken = options.refreshToken;\n const revokeAccessToken = options.revokeAccessToken !== false;\n const revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const dpopPairId = accessToken?.dpopPairId ?? refreshToken?.dpopPairId;\n if (this.options.dpop && dpopPairId) {\n await clearDPoPKeyPair(dpopPairId);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n const sessionClosed = await this.closeSession(); // can throw if the user cannot be signed out\n const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n if (state) {\n redirectUri.searchParams.append('state', state);\n }\n if (postLogoutRedirectUri === currentUri) {\n // window.location.reload(); // force a hard reload if URI is not changing\n window.location.href = redirectUri.href;\n } else {\n window.location.assign(redirectUri.href);\n }\n return sessionClosed;\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n return true;\n }\n }\n\n async getDPoPAuthorizationHeaders (params: DPoPRequest): Promise<DPoPHeaders> {\n if (!this.options.dpop) {\n throw new AuthSdkError('DPoP is not configured for this client instance');\n }\n\n let { accessToken } = params;\n if (!accessToken) {\n accessToken = (this.tokenManager.getTokensSync()).accessToken;\n }\n\n if (!accessToken) {\n throw new AuthSdkError('AccessToken is required to generate a DPoP Proof');\n }\n\n const keyPair = await findKeyPair(accessToken?.dpopPairId);\n const proof = await generateDPoPProof({...params, keyPair, accessToken: accessToken.accessToken});\n return {\n Authorization: `DPoP ${accessToken.accessToken}`,\n Dpop: proof\n };\n }\n\n async clearDPoPStorage (clearAll=false): Promise<void> {\n if (clearAll) {\n return clearAllDPoPKeyPairs();\n }\n\n const tokens = await this.tokenManager.getTokens();\n const keyPair = tokens.accessToken?.dpopPairId || tokens.refreshToken?.dpopPairId;\n\n if (keyPair) {\n await clearDPoPKeyPair(keyPair);\n }\n }\n\n parseUseDPoPNonceError (headers: HeadersInit): string | null {\n const wwwAuth = WWWAuthError.getWWWAuthenticateHeader(headers);\n const wwwErr = WWWAuthError.parseHeader(wwwAuth ?? '');\n if (isDPoPNonceError(wwwErr)) {\n let nonce: string | null = null;\n if (isFunction((headers as Headers)?.get)) {\n nonce = (headers as Headers).get('DPoP-Nonce');\n }\n nonce = nonce ?? headers['dpop-nonce'] ?? headers['DPoP-Nonce'];\n return nonce;\n }\n\n return null;\n }\n };\n\n}\n","\nimport { OktaAuthConstructor } from '../../base/types';\nimport {\n OAuthResponseType,\n OAuthStorageManagerInterface,\n OAuthTransactionMeta,\n MinimalOktaOAuthInterface,\n OktaAuthOAuthOptions,\n PKCETransactionMeta,\n BaseTokenAPI,\n TransactionManagerInterface,\n TransactionManagerConstructor,\n} from '../types';\nimport { createBaseTokenAPI } from '../factory/baseApi';\nimport { isLoginRedirect, hasResponseType } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nexport function mixinMinimalOAuth\n<\n M extends OAuthTransactionMeta = PKCETransactionMeta,\n S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n TM extends TransactionManagerInterface = TransactionManagerInterface,\n TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n Base: TBase,\n TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<MinimalOktaOAuthInterface<M, S, O, TM>>\n{\n return class OktaAuthOAuth extends Base implements MinimalOktaOAuthInterface<M, S, O, TM>\n {\n token: BaseTokenAPI;\n transactionManager: TM;\n \n constructor(...args: any[]) {\n super(...args);\n\n this.transactionManager = new TransactionManagerConstructor(Object.assign({\n storageManager: this.storageManager,\n }, this.options.transactionManager));\n \n this.token = createBaseTokenAPI(this as any);\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this as any);\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: OAuthResponseType): boolean {\n return hasResponseType(responseType, this.options);\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n };\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n OAuthResponseMode,\n OAuthResponseType,\n OktaAuthOAuthInterface,\n OktaAuthOAuthOptions,\n SetLocationFunction,\n TokenManagerOptions,\n TransactionManagerOptions,\n DPoPOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var issuer = args.issuer!;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.okta') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nexport function createOAuthOptionsConstructor() {\n const HttpOptionsConstructor = createHttpOptionsConstructor();\n return class OAuthOptionsConstructor\n extends HttpOptionsConstructor\n implements Required<OktaAuthOAuthOptions>\n {\n // CustomUrls\n issuer: string;\n authorizeUrl: string;\n userinfoUrl: string;\n tokenUrl: string;\n revokeUrl: string;\n logoutUrl: string;\n \n // TokenParams\n pkce: boolean;\n clientId: string;\n redirectUri: string;\n responseType: OAuthResponseType | OAuthResponseType[];\n responseMode: OAuthResponseMode;\n state: string;\n scopes: string[];\n ignoreSignature: boolean;\n codeChallenge: string;\n codeChallengeMethod: string;\n acrValues: string;\n maxAge: string | number;\n dpop: boolean;\n dpopOptions: DPoPOptions;\n\n // Additional options\n tokenManager: TokenManagerOptions;\n postLogoutRedirectUri: string;\n restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n transactionManager: TransactionManagerOptions;\n\n // For server-side web applications ONLY!\n clientSecret: string;\n setLocation: SetLocationFunction;\n\n // Workaround for bad client time/clock\n ignoreLifetime: boolean;\n maxClockSkew: number;\n\n\n // eslint-disable-next-line max-statements\n constructor(options: any) {\n super(options);\n \n assertValidConfig(options);\n \n this.issuer = removeTrailingSlash(options.issuer);\n this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n this.clientId = options.clientId;\n this.redirectUri = options.redirectUri;\n if (isBrowser()) {\n this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n }\n this.responseType = options.responseType;\n this.responseMode = options.responseMode;\n this.state = options.state;\n this.scopes = options.scopes;\n // Give the developer the ability to disable token signature validation.\n this.ignoreSignature = !!options.ignoreSignature;\n this.codeChallenge = options.codeChallenge;\n this.codeChallengeMethod = options.codeChallengeMethod;\n this.acrValues = options.acrValues;\n this.maxAge = options.maxAge;\n this.dpop = options.dpop === true; // dpop defaults to false\n this.dpopOptions = {\n allowBearerTokens: false,\n ...options.dpopOptions,\n };\n\n this.tokenManager = options.tokenManager;\n this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n this.restoreOriginalUri = options.restoreOriginalUri;\n this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n \n this.clientSecret = options.clientSecret;\n this.setLocation = options.setLocation;\n \n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.ignoreLifetime = !!options.ignoreLifetime;\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.maxClockSkew = options.maxClockSkew;\n }\n\n }\n };\n}\n","export const enableSharedStorage = true;\n","export * from './OAuthOptionsConstructor';\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n state\n });\n if (!oauthParams) {\n if (sdk.options.pkce) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n }\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer, dpopPairId, extraParams } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n const dpopPairId = accessToken?.dpopPairId;\n const extraParams = accessToken?.extraParams || idToken?.extraParams;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer,\n dpopPairId,\n extraParams\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { TokenEndpointParams, postRefreshToken } from './endpoints/token';\nimport { findKeyPair } from './dpop';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\n/* eslint complexity:[0,8] */\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId, dpop } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n try {\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, { clientId });\n\n if (refreshTokenObject.extraParams) {\n renewTokenParams.extraParams = refreshTokenObject.extraParams;\n }\n\n const endpointParams: TokenEndpointParams = {...renewTokenParams};\n\n if (dpop) {\n const keyPair = await findKeyPair(refreshTokenObject?.dpopPairId); // will throw if KP cannot be found\n endpointParams.dpopKeyPair = keyPair;\n renewTokenParams.dpop = dpop;\n renewTokenParams.dpopPairId = refreshTokenObject.dpopPairId;\n }\n\n const tokenResponse = await postRefreshToken(sdk, endpointParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n }\n catch (err) {\n if (isRefreshTokenInvalidError(err)) {\n // if the refresh token is invalid, remove it from storage\n sdk.tokenManager.removeRefreshToken();\n }\n throw err;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthOAuthInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from './types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOAuthInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n","import {\n CookieOptions,\n StorageManagerOptions,\n StorageOptions,\n StorageUtil\n} from '../storage/types';\nimport { BaseStorageManager, logServerSideMemoryStorageWarning } from '../storage/BaseStorageManager';\nimport { TransactionStorage, OAuthTransactionMeta, OAuthStorageManagerInterface, PKCETransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { ORIGINAL_URI_STORAGE_NAME, SHARED_TRANSACTION_STORAGE_NAME, TRANSACTION_STORAGE_NAME } from '../constants';\n\n\nexport function createOAuthStorageManager<M extends OAuthTransactionMeta = PKCETransactionMeta>()\n{\n return class OAuthStorageManager\n extends BaseStorageManager\n implements OAuthStorageManagerInterface<M>\n {\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n super(storageManagerOptions, cookieOptions, storageUtil);\n }\n\n getTransactionStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('transaction', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n getSharedTansactionStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('shared-transaction', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || SHARED_TRANSACTION_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n getOriginalUriStorage(options?: StorageOptions): TransactionStorage<M> {\n options = this.getOptionsForSection('original-uri', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || ORIGINAL_URI_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n };\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n expiresAt: number;\n authorizeUrl: string;\n scopes: string[];\n pendingRemove?: boolean;\n extraParams?: Record<string, string>;\n}\n\nexport interface AccessToken extends AbstractToken {\n accessToken: string;\n claims: UserClaims;\n tokenType: string;\n userinfoUrl: string;\n dpopPairId?: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n refreshToken: string;\n tokenUrl: string;\n issuer: string;\n dpopPairId?: string;\n}\n\nexport interface IDToken extends AbstractToken {\n idToken: string;\n claims: UserClaims;\n issuer: string;\n clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n ACCESS = 'accessToken',\n ID = 'idToken',\n REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n if (obj &&\n (obj.accessToken || obj.idToken || obj.refreshToken) &&\n Array.isArray(obj.scopes)) {\n return true;\n }\n return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n accessToken?: AccessToken;\n idToken?: IDToken;\n refreshToken?: RefreshToken;\n}\n","/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n errorSummary: string;\n errorCode: string;\n message: string;\n name: string;\n tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n clear(): void;\n setExpireEventTimeout(key: string, token: Token): void;\n clearExpireEventTimeout(key: string): void;\n clearExpireEventTimeoutAll(): void;\n emitAdded(key: string, token: Token): void;\n emitError(error: Error): void;\n emitRemoved(key: string, token: Token): void;\n emitRenewed(key: string, token: Token, oldToken?: Token): void;\n renew(key: string): Promise<Token | undefined>;\n remove(key: string): void;\n hasExpired(token: Token): boolean;\n getExpireTime(token: Token): number;\n\n get(key): Promise<Token | undefined>;\n getSync(key): Token | undefined;\n getTokens(): Promise<Tokens>;\n getTokensSync(): Tokens;\n setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n getStorageKeyByType(type: TokenType): string;\n add(key: any, token: Token): void;\n updateRefreshToken(token: RefreshToken);\n removeRefreshToken(): void;\n clearPendingRemoveTokens(): void;\n\n getOptions(): TokenManagerOptions;\n getStorage(): StorageProvider;\n\n start();\n stop();\n isStarted(): boolean;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxTransactionMeta } from '../../idx/types/meta';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { OAuthStorageManagerInterface } from './storage';\n\nexport interface TransactionManagerOptions\n{\n storageManager?: OAuthStorageManagerInterface;\n enableSharedStorage?: boolean; // default true\n saveNonceCookie?: boolean; // default true\n saveStateCookie?: boolean; // default true\n saveParamsCookie?: boolean; // default true\n saveLastResponse?: boolean; // default true\n}\n\n\nexport type CustomAuthTransactionMeta = Record<string, string | undefined>;\n\nexport type TransactionMeta =\n IdxTransactionMeta |\n PKCETransactionMeta |\n OAuthTransactionMeta |\n CustomAuthTransactionMeta;\n\n\nfunction isObjectWithProperties(obj) {\n if (!obj || typeof obj !== 'object' || Object.values(obj).length === 0) {\n return false;\n }\n return true;\n}\n\nexport function isOAuthTransactionMeta(obj: any): obj is OAuthTransactionMeta {\n if (!isObjectWithProperties(obj)) {\n return false;\n }\n return !!obj.redirectUri || !!obj.responseType;\n}\n\nexport function isPKCETransactionMeta(obj: any): obj is PKCETransactionMeta {\n if (!isOAuthTransactionMeta(obj)) {\n return false;\n }\n return !!(obj as any).codeVerifier;\n}\n\nexport function isIdxTransactionMeta(obj: any): obj is IdxTransactionMeta {\n if (!isPKCETransactionMeta(obj)) {\n return false;\n }\n return !!(obj as any).interactionHandle;\n}\n\nexport function isCustomAuthTransactionMeta(obj: any): obj is CustomAuthTransactionMeta {\n if (!isObjectWithProperties(obj)) {\n return false;\n }\n const isAllStringValues = Object.values(obj).find((value) => (typeof value !== 'string')) === undefined;\n return isAllStringValues;\n}\n\nexport function isTransactionMeta(obj: any): obj is TransactionMeta {\n if (isOAuthTransactionMeta(obj) || isCustomAuthTransactionMeta(obj)) {\n return true;\n }\n return false;\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './api';\nexport * from './JWT';\nexport * from './meta';\nexport * from './options';\nexport * from './proto';\nexport * from './storage';\nexport * from './Token';\nexport * from './TokenManager';\nexport * from './Transaction';\nexport * from './TransactionManager';\nexport * from './UserClaims';\nexport * from './endpoints';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface } from '../types';\n\nconst DEFAULT_TIMEOUT = 120000;\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthOAuthInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || DEFAULT_TIMEOUT);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n\nexport function addIDPPopupLisenter (\n sdk: OktaAuthOAuthInterface,\n timeout: number | undefined,\n channel: BroadcastChannel,\n state: string\n) {\n let timeoutId;\n\n const promise = new Promise((resolve, reject) => {\n channel.onmessage = (event) => {\n // ignore invalid or untrusted events\n if (!event.isTrusted || !event.data) {\n return;\n }\n\n if (typeof event.data === 'object' && state === event.data.state) {\n return resolve({ ...event.data });\n }\n\n reject(new AuthSdkError('Unable to complete auth code exchange'));\n };\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || DEFAULT_TIMEOUT);\n });\n\n return promise\n .finally(() => {\n clearTimeout(timeoutId);\n channel.close();\n });\n}\n","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultEnrollAuthenticatorParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n clientId,\n redirectUri,\n responseMode,\n state,\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseMode,\n state: state || generateState(),\n responseType: 'none',\n prompt: 'enroll_authenticator',\n });\n}","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n acrValues,\n maxAge,\n state,\n ignoreSignature,\n dpop\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n acrValues,\n maxAge,\n ignoreSignature,\n dpop,\n });\n}","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createEnrollAuthenticatorMeta(\n sdk: OktaAuthOAuthInterface, \n params: EnrollAuthenticatorOptions\n): OAuthTransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, params);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: params.clientId!,\n redirectUri: params.redirectUri!,\n responseType: params.responseType!,\n responseMode: params.responseMode!,\n state: params.state!,\n acrValues: params.acrValues,\n enrollAmrValues: params.enrollAmrValues,\n };\n\n return oauthMeta;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n return isOAuthError(error) &&\n error.errorCode === 'invalid_grant' &&\n error.errorSummary === 'The refresh token is invalid or expired.';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './defaultEnrollAuthenticatorParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nexport * from './enrollAuthenticatorMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './prepareEnrollAuthenticatorParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface, OAuthResponseType } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /[?&#](id|access)_token=/.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /[?&#]code=/.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /[?&#]interaction_code=/.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /[?&#]error=/.test(hashOrSearch) || /[?&#]error_description/.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function hasResponseType(responseType: OAuthResponseType, options: OktaAuthOAuthOptions): boolean {\n let hasResponseType = false;\n if (Array.isArray(options.responseType) && options.responseType.length) {\n hasResponseType = options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = options.responseType === responseType;\n }\n return hasResponseType;\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthOAuthInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n acrValues: tokenParams.acrValues,\n extraParams: tokenParams.extraParams\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n","/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getDefaultEnrollAuthenticatorParams } from './defaultEnrollAuthenticatorParams';\n\nfunction prepareParams(\n params: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n params = {\n ...params,\n // forced params:\n responseType: 'none',\n prompt: 'enroll_authenticator',\n maxAge: 0,\n };\n\n if (!params.enrollAmrValues) {\n throw new AuthSdkError('enroll_amr_values must be specified');\n }\n if (!params.acrValues) {\n // `acr_values` is required and should equal 'urn:okta:2fa:any:ifpossible'\n // But this can be changed in future\n throw new AuthSdkError('acr_values must be specified');\n }\n\n // `scope`, `nonce` must be omitted\n delete params.scopes;\n delete params.nonce;\n\n return params;\n}\n\n// Prepares params for a call to /authorize\nexport function prepareEnrollAuthenticatorParams(\n sdk: OktaAuthOAuthInterface,\n options: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n return prepareParams({\n ...getDefaultEnrollAuthenticatorParams(sdk),\n ...options\n });\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\nimport { OktaAuthBaseInterface } from '../../base/types';\n\nexport function assertPKCESupport(sdk: OktaAuthBaseInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOAuthInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthOAuthInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthOAuthInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.dpop && !sdk.features.isDPoPSupported()) {\n throw new AuthSdkError('DPoP has been configured, but is not supported by browser');\n }\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}","import { RefreshToken } from '../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}","import { OAuthStorageManagerInterface, OAuthTransactionMeta, isTransactionMeta } from '../types';\n\nconst MAX_ENTRY_LIFETIME = 30 * 60 * 1000; // 30 minutes\n\nexport function pruneSharedStorage<M extends OAuthTransactionMeta>(storageManager: OAuthStorageManagerInterface<M>) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n Object.keys(entries).forEach(state => {\n const entry = entries[state];\n const age = Date.now() - entry.dateCreated;\n if (age > MAX_ENTRY_LIFETIME) {\n delete entries[state];\n }\n });\n sharedStorage.setStorage(entries);\n}\n\nexport function saveTransactionToSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string, meta: M\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n entries[state] = {\n dateCreated: Date.now(),\n transaction: meta\n };\n sharedStorage.setStorage(entries);\n}\n\n\nexport function loadTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n const entry = entries[state];\n if (entry && entry.transaction && isTransactionMeta(entry.transaction)) {\n return entry.transaction;\n }\n return null;\n}\n\nexport function clearTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n const sharedStorage = storageManager.getSharedTansactionStorage();\n const entries = sharedStorage.getStorage();\n delete entries[state];\n sharedStorage.setStorage(entries);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n // Predefine regexs for parsing hash\n var plus2space = /\\+/g;\n var paramSplit = /([^&=]+)=?([^&]*)/g;\n var fragment = hashOrSearch || '';\n\n // Some hash based routers will automatically add a / character after the hash\n if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n fragment = fragment.substring(2);\n }\n\n // Remove the leading # or ?\n if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n fragment = fragment.substring(1);\n }\n\n\n var obj = {};\n\n // Loop until we have no more params\n var param;\n while (true) { // eslint-disable-line no-constant-condition\n param = paramSplit.exec(fragment);\n if (!param) { break; }\n\n var key = param[1];\n var value = param[2];\n\n // id_token should remain base64url encoded\n if (key === 'id_token' || key === 'access_token' || key === 'code') {\n obj[key] = value;\n } else {\n obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n }\n }\n return obj;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n const aud = validationParams.clientId;\n const iss = validationParams.issuer;\n const nonce = validationParams.nonce;\n const acr = validationParams.acrValues;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n const now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if ((Array.isArray(claims.aud) && claims.aud.indexOf(aud) < 0) ||\n (!Array.isArray(claims.aud) && claims.aud !== aud))\n {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (acr && claims.acr !== acr) {\n throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n 'does not match acr_values [' + acr + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n","/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../oidc/types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}","/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n const jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n const validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { EVENT_EXPIRED, TokenManagerInterface, isRefreshToken } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private renewTimeQueue: Array<number>;\n private started = false;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.renewTimeQueue = [];\n this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n }\n \n private shouldThrottleRenew(): boolean {\n let res = false;\n this.renewTimeQueue.push(Date.now());\n if (this.renewTimeQueue.length >= 10) {\n // get and remove first item from queue\n const firstTime = this.renewTimeQueue.shift() as number;\n const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n res = (lastTime - firstTime) < 30 * 1000;\n }\n return res;\n }\n\n requiresLeadership() {\n // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n return !!this.options.syncStorage && isBrowser();\n }\n\n private processExpiredTokens() {\n const tokenStorage = this.tokenManager.getStorage();\n const tokens = tokenStorage.getStorage();\n Object.keys(tokens).forEach(key => {\n const token = tokens[key];\n if (!isRefreshToken(token) && this.tokenManager.hasExpired(token)) {\n this.onTokenExpiredHandler(key);\n }\n });\n }\n\n private onTokenExpiredHandler(key: string) {\n if (this.options.autoRenew) {\n if (this.shouldThrottleRenew()) {\n const error = new AuthSdkError('Too many token renew requests');\n this.tokenManager.emitError(error);\n } else {\n this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n }\n } else if (this.options.autoRemove) {\n this.tokenManager.remove(key);\n }\n }\n\n canStart() {\n return (!!this.options.autoRenew || !!this.options.autoRemove) && !this.started;\n }\n\n async start() {\n if (this.canStart()) {\n this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n if (this.tokenManager.isStarted()) {\n // If token manager has been already started, we could miss token expire events,\n // so need to process expired tokens manually.\n this.processExpiredTokens();\n }\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n this.renewTimeQueue = [];\n this.started = false;\n }\n }\n\n isStarted() {\n return this.started;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n BroadcastChannel,\n createLeaderElection,\n LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n private options: ServiceOptions;\n private channel?: BroadcastChannel;\n private elector?: LeaderElector;\n private started = false;\n\n constructor(options: ServiceOptions = {}) {\n this.options = options;\n this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n this.onLeader = this.onLeader.bind(this);\n }\n\n private onLeaderDuplicate() {\n }\n\n private async onLeader() {\n await this.options.onLeader?.();\n }\n\n isLeader() {\n return !!this.elector?.isLeader;\n }\n\n hasLeader() {\n return !!this.elector?.hasLeader;\n }\n\n async start() {\n if (this.canStart()) {\n const { electionChannelName } = this.options;\n this.channel = new BroadcastChannel(electionChannelName as string);\n this.elector = createLeaderElection(this.channel);\n this.elector.onduplicate = this.onLeaderDuplicate;\n this.elector.awaitLeadership().then(this.onLeader);\n this.started = true;\n }\n }\n\n async stop() {\n if (this.started) {\n if (this.elector) {\n await this.elector.die();\n this.elector = undefined;\n }\n if (this.channel) {\n // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n (this.channel as any).postInternal = () => Promise.resolve();\n await this.channel.close();\n this.channel = undefined;\n }\n this.started = false;\n }\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return isBrowser() && !this.started;\n }\n\n}\n","import { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { TokenManagerInterface } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nconst getNow = () => Math.floor(Date.now() / 1000);\n\nexport class RenewOnTabActivationService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private started = false;\n private options: ServiceManagerOptions;\n private lastHidden = -1;\n onPageVisbilityChange: () => void;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n // store this context for event handler\n this.onPageVisbilityChange = this._onPageVisbilityChange.bind(this);\n }\n\n // do not use directly, use `onPageVisbilityChange` (with binded this context)\n /* eslint complexity: [0, 10] */\n private _onPageVisbilityChange () {\n if (document.hidden) {\n this.lastHidden = getNow();\n }\n // renew will only attempt if tab was inactive for duration\n else if (this.lastHidden > 0 && (getNow() - this.lastHidden >= this.options.tabInactivityDuration!)) {\n const { accessToken, idToken } = this.tokenManager.getTokensSync();\n if (!!accessToken && this.tokenManager.hasExpired(accessToken)) {\n const key = this.tokenManager.getStorageKeyByType('accessToken');\n // Renew errors will emit an \"error\" event\n this.tokenManager.renew(key).catch(() => {});\n }\n else if (!!idToken && this.tokenManager.hasExpired(idToken)) {\n const key = this.tokenManager.getStorageKeyByType('idToken');\n // Renew errors will emit an \"error\" event\n this.tokenManager.renew(key).catch(() => {});\n }\n }\n }\n\n async start () {\n if (this.canStart() && !!document) {\n document.addEventListener('visibilitychange', this.onPageVisbilityChange);\n this.started = true;\n }\n }\n\n async stop () {\n if (document) {\n document.removeEventListener('visibilitychange', this.onPageVisbilityChange);\n this.started = false;\n }\n }\n\n canStart(): boolean {\n return isBrowser() &&\n !!this.options.autoRenew &&\n !!this.options.renewOnTabActivation &&\n !this.started;\n }\n\n requiresLeadership(): boolean {\n return false;\n }\n\n isStarted(): boolean {\n return this.started;\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { BroadcastChannel } from 'broadcast-channel';\nimport { isBrowser } from '../features';\nimport {\n ServiceManagerOptions, ServiceInterface\n} from '../core/types';\nimport {\n Token, Tokens, \n EVENT_ADDED, EVENT_REMOVED, EVENT_RENEWED, EVENT_SET_STORAGE, TokenManagerInterface\n} from '../oidc/types';\nimport { AuthSdkError } from '../errors';\n\nexport type SyncMessage = {\n type: string;\n key?: string;\n token?: Token;\n oldToken?: Token;\n storage?: Tokens;\n};\nexport class SyncStorageService implements ServiceInterface {\n private tokenManager: TokenManagerInterface;\n private options: ServiceManagerOptions;\n private channel?: BroadcastChannel<SyncMessage>;\n private started = false;\n private enablePostMessage = true;\n\n constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.onTokenAddedHandler = this.onTokenAddedHandler.bind(this);\n this.onTokenRemovedHandler = this.onTokenRemovedHandler.bind(this);\n this.onTokenRenewedHandler = this.onTokenRenewedHandler.bind(this);\n this.onSetStorageHandler = this.onSetStorageHandler.bind(this);\n this.onSyncMessageHandler = this.onSyncMessageHandler.bind(this);\n }\n\n requiresLeadership() {\n return false;\n }\n\n isStarted() {\n return this.started;\n }\n\n canStart() {\n return !!this.options.syncStorage && isBrowser() && !this.started;\n }\n\n async start() {\n if (!this.canStart()) {\n return;\n }\n \n const { syncChannelName } = this.options;\n try {\n // BroadcastChannel throws if no supported method can be found\n this.channel = new BroadcastChannel(syncChannelName as string);\n } catch (err) {\n throw new AuthSdkError('SyncStorageService is not supported in current browser.');\n }\n\n this.tokenManager.on(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.on(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.on(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.on(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel.addEventListener('message', this.onSyncMessageHandler);\n this.started = true;\n }\n\n async stop() {\n if (this.started) {\n this.tokenManager.off(EVENT_ADDED, this.onTokenAddedHandler);\n this.tokenManager.off(EVENT_REMOVED, this.onTokenRemovedHandler);\n this.tokenManager.off(EVENT_RENEWED, this.onTokenRenewedHandler);\n this.tokenManager.off(EVENT_SET_STORAGE, this.onSetStorageHandler);\n this.channel?.removeEventListener('message', this.onSyncMessageHandler);\n await this.channel?.close();\n this.channel = undefined;\n this.started = false;\n }\n }\n\n private onTokenAddedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_ADDED,\n key,\n token\n });\n }\n\n private onTokenRemovedHandler(key: string, token: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_REMOVED,\n key,\n token\n });\n }\n\n private onTokenRenewedHandler(key: string, token: Token, oldToken?: Token) {\n if (!this.enablePostMessage) {\n return;\n }\n this.channel?.postMessage({\n type: EVENT_RENEWED,\n key,\n token,\n oldToken\n });\n }\n\n private onSetStorageHandler(storage: Tokens) {\n this.channel?.postMessage({\n type: EVENT_SET_STORAGE,\n storage\n });\n }\n\n /* eslint-disable complexity */\n private onSyncMessageHandler(msg: SyncMessage) {\n // Notes:\n // 1. Using `enablePostMessage` flag here to prevent sync message loop.\n // If this flag is on, tokenManager event handlers do not post sync message.\n // 2. IE11 has known issue with synchronization of LocalStorage cross tabs.\n // One workaround is to set empty event handler for `window.onstorage`.\n // But it's not 100% working, sometimes you still get old value from LocalStorage.\n // Better approch is to explicitly udpate LocalStorage with `setStorage`.\n\n this.enablePostMessage = false;\n switch (msg.type) {\n case EVENT_SET_STORAGE:\n this.tokenManager.getStorage().setStorage(msg.storage);\n break;\n case EVENT_ADDED:\n this.tokenManager.emitAdded(msg.key!, msg.token!);\n this.tokenManager.setExpireEventTimeout(msg.key!, msg.token!);\n break;\n case EVENT_REMOVED:\n this.tokenManager.clearExpireEventTimeout(msg.key!);\n this.tokenManager.emitRemoved(msg.key!, msg.token!);\n break;\n case EVENT_RENEWED:\n this.tokenManager.emitRenewed(msg.key!, msg.token!, msg.oldToken);\n break;\n default:\n break;\n }\n this.enablePostMessage = true;\n }\n} ","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './AutoRenewService';\nexport * from './SyncStorageService';\nexport * from './LeaderElectionService';\nexport * from './RenewOnTabActivationService';\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\nimport { omit, getLink, toQueryString } from '../util';\nimport { get, post, httpRequest } from '../http';\n\nfunction sessionExists(sdk) {\n return sdk.session.get()\n .then(function(res) {\n if (res.status === 'ACTIVE') {\n return true;\n }\n return false;\n })\n .catch(function() {\n return false;\n });\n}\n\nfunction getSession(sdk) { \n return get(sdk, '/api/v1/sessions/me', { withCredentials: true })\n .then(function(session) {\n var res = omit(session, '_links');\n\n res.refresh = function() {\n return post(sdk, getLink(session, 'refresh').href, {}, { withCredentials: true });\n };\n\n res.user = function() {\n return get(sdk, getLink(session, 'user').href, { withCredentials: true });\n };\n\n return res;\n })\n .catch(function() {\n // Return INACTIVE status on failure\n return {status: 'INACTIVE'};\n });\n}\n\nfunction closeSession(sdk) {\n return httpRequest(sdk, {\n url: sdk.getIssuerOrigin() + '/api/v1/sessions/me',\n method: 'DELETE',\n withCredentials: true\n });\n}\n\nfunction refreshSession(sdk) {\n return post(sdk, '/api/v1/sessions/me/lifecycle/refresh', {}, { withCredentials: true });\n}\n\nfunction setCookieAndRedirect(sdk, sessionToken, redirectUrl) {\n redirectUrl = redirectUrl || window.location.href;\n window.location.assign(sdk.getIssuerOrigin() + '/login/sessionCookieRedirect' +\n toQueryString({\n checkAccountSetupComplete: true,\n token: sessionToken,\n redirectUrl: redirectUrl\n }));\n}\n\nexport {\n sessionExists,\n getSession,\n closeSession,\n refreshSession,\n setCookieAndRedirect\n};\n","import { SessionAPI } from './types';\nimport { closeSession, getSession, refreshSession, sessionExists, setCookieAndRedirect } from './api';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function createSessionApi(sdk: OktaAuthBaseInterface): SessionAPI {\n const session = {\n close: closeSession.bind(null, sdk),\n exists: sessionExists.bind(null, sdk),\n get: getSession.bind(null, sdk),\n refresh: refreshSession.bind(null, sdk),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, sdk)\n };\n return session;\n}\n","export * from './api';\nexport * from './factory';\nexport * from './mixin';\nexport * from './types';\n","import { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport { createSessionApi } from './factory';\nimport {\n OktaAuthSessionInterface, SessionAPI,\n} from './types';\nimport { StorageManagerInterface } from '../storage/types';\n\nexport function mixinSession\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n{\n return class OktaAuthSession extends Base implements OktaAuthSessionInterface<S, O>\n {\n session: SessionAPI;\n\n constructor(...args: any[]) {\n super(...args);\n\n this.session = createSessionApi(this);\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<boolean> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.clearStorage();\n return true;\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return false;\n }\n throw e;\n });\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n\nimport {\n TOKEN_STORAGE_NAME,\n CACHE_STORAGE_NAME,\n} from '../constants';\nimport {\n StorageUtil,\n StorageProvider,\n StorageOptions,\n CookieOptions,\n StorageManagerOptions,\n SimpleStorage,\n StorageManagerInterface\n} from './types';\nimport { SavedObject } from './SavedObject';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\n\nexport function logServerSideMemoryStorageWarning(options: StorageOptions) {\n if (!isBrowser() && !options.storageProvider && !options.storageKey) {\n // eslint-disable-next-line max-len\n warn('Memory storage can only support simple single user use case on server side, please provide custom storageProvider or storageKey if advanced scenarios need to be supported.');\n }\n}\n\n\nexport class BaseStorageManager implements StorageManagerInterface {\n storageManagerOptions: StorageManagerOptions;\n cookieOptions: CookieOptions;\n storageUtil: StorageUtil;\n\n constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n this.storageManagerOptions = storageManagerOptions;\n this.cookieOptions = cookieOptions;\n this.storageUtil = storageUtil;\n }\n\n // combines defaults in order\n getOptionsForSection(sectionName: string, overrideOptions?: StorageOptions) {\n return Object.assign({}, this.storageManagerOptions[sectionName], overrideOptions);\n }\n \n // generic method to get any available storage provider\n // eslint-disable-next-line complexity\n getStorage(options: StorageOptions): SimpleStorage {\n options = Object.assign({}, this.cookieOptions, options); // set defaults\n\n if (options.storageProvider) {\n return options.storageProvider;\n }\n\n let { storageType, storageTypes } = options;\n\n if(storageType === 'sessionStorage') {\n options.sessionCookie = true;\n }\n\n // If both storageType and storageTypes are specified, then storageType will be used first\n // If storageType cannot be used but it matches an entry in storageTypes, subsequent entries may be used as fallback\n // if storageType does not match an entry in storageTypes then storageType is used with no fallback.\n if (storageType && storageTypes) {\n const idx = storageTypes.indexOf(storageType);\n if (idx >= 0) {\n storageTypes = storageTypes.slice(idx);\n storageType = undefined;\n }\n }\n\n if (!storageType) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n storageType = this.storageUtil.findStorageType(storageTypes!);\n }\n return this.storageUtil.getStorageByType(storageType, options);\n }\n\n // access_token, id_token, refresh_token\n getTokenStorage(options?: StorageOptions): StorageProvider {\n options = this.getOptionsForSection('token', options);\n logServerSideMemoryStorageWarning(options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || TOKEN_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n // caches well-known response, among others\n getHttpCache(options?: StorageOptions): StorageProvider {\n options = this.getOptionsForSection('cache', options);\n const storage = this.getStorage(options);\n const storageKey = options.storageKey || CACHE_STORAGE_NAME;\n return new SavedObject(storage, storageKey);\n }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { StorageProvider, SimpleStorage } from './types';\n\n// formerly known as \"storageBuilder\". Represents an object saved under a key/name.\nexport class SavedObject implements StorageProvider {\n storageProvider: SimpleStorage;\n storageName: string;\n\n constructor(storage: SimpleStorage, storageName: string) {\n if (!storage) {\n throw new AuthSdkError('\"storage\" is required');\n }\n\n if (typeof storageName !== 'string' || !storageName.length) {\n throw new AuthSdkError('\"storageName\" is required');\n }\n\n this.storageName = storageName;\n this.storageProvider = storage;\n }\n\n //\n // SimpleStorage interface\n //\n\n getItem(key: string) {\n return this.getStorage()[key];\n }\n\n setItem(key: string, value: any) {\n return this.updateStorage(key, value);\n }\n\n removeItem(key: string) {\n return this.clearStorage(key);\n }\n\n //\n // StorageProvider interface\n //\n\n getStorage() {\n var storageString = this.storageProvider.getItem(this.storageName);\n storageString = storageString || '{}';\n try {\n return JSON.parse(storageString);\n } catch(e) {\n throw new AuthSdkError('Unable to parse storage string: ' + this.storageName);\n }\n }\n\n setStorage(obj?: any) {\n try {\n var storageString = obj ? JSON.stringify(obj) : '{}';\n this.storageProvider.setItem(this.storageName, storageString);\n } catch(e) {\n throw new AuthSdkError('Unable to set storage: ' + this.storageName);\n }\n }\n\n clearStorage(key?: string) {\n if (!key) {\n // clear all\n if (this.storageProvider.removeItem) {\n this.storageProvider.removeItem(this.storageName);\n } else {\n this.setStorage();\n }\n return;\n }\n\n var obj = this.getStorage();\n delete obj[key];\n this.setStorage(obj);\n }\n\n updateStorage(key, value) {\n var obj = this.getStorage();\n obj[key] = value;\n this.setStorage(obj);\n }\n}\n","export * from './options/StorageOptionsConstructor';\nexport * from './BaseStorageManager';\nexport * from './mixin';\nexport * from './SavedObject';\nexport * from './types';\n","import { OktaAuthBaseInterface, OktaAuthConstructor } from '../base/types';\nimport {\n OktaAuthStorageInterface,\n OktaAuthStorageOptions,\n StorageManagerConstructor,\n StorageManagerInterface,\n} from './types';\n\nexport function mixinStorage\n<\n S extends StorageManagerInterface = StorageManagerInterface,\n O extends OktaAuthStorageOptions = OktaAuthStorageOptions,\n TBase extends OktaAuthConstructor<OktaAuthBaseInterface<O>> = OktaAuthConstructor<OktaAuthBaseInterface<O>>\n>\n(\n Base: TBase, StorageManager: StorageManagerConstructor<S>\n): TBase & OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n{\n return class OktaAuthStorage extends Base implements OktaAuthStorageInterface<S, O>\n {\n storageManager: S;\n constructor(...args: any[]) {\n super(...args);\n const { storageManager, cookies, storageUtil } = this.options;\n this.storageManager = new StorageManager(storageManager!, cookies!, storageUtil!);\n }\n clearStorage(): void {\n // override in subclass\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createBaseOptionsConstructor } from '../../base';\nimport { CookieOptions, OktaAuthStorageOptions, StorageManagerOptions, StorageUtil } from '../types';\nimport { getStorage, STORAGE_MANAGER_OPTIONS, getCookieSettings } from './node';\nimport { isHTTPS } from '../../features';\n\nexport function createStorageOptionsConstructor() {\n\n const BaseOptionsConstructor = createBaseOptionsConstructor();\n return class StorageOptionsConstructor extends BaseOptionsConstructor implements Required<OktaAuthStorageOptions> {\n cookies: CookieOptions;\n storageUtil: StorageUtil;\n storageManager: StorageManagerOptions;\n \n constructor(args: any) {\n super(args);\n this.cookies = getCookieSettings(args, isHTTPS())!;\n this.storageUtil = args.storageUtil || getStorage();\n this.storageManager = { ...STORAGE_MANAGER_OPTIONS, ...args.storageManager };\n }\n };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, StorageUtil, OktaAuthStorageOptions } from '../types';\nimport { warn } from '../../util';\n\nimport { default as browserStorage } from '../../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n const storageUtil = Object.assign({}, browserStorage, {\n inMemoryStore: {} // create unique storage for this instance\n });\n return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nexport function getCookieSettings(args: OktaAuthStorageOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// Implements a queue for synchronous or asynchronous methods\n// Methods will be wrapped in a promise and execute sequentially\n// This can be used to prevent concurrent calls to a single method or a set of methods\n\nimport { isPromise } from './types';\nimport { warn } from './console';\n\ninterface QueueItem {\n method: () => void;\n thisObject: object;\n args: any[];\n resolve: (value?: unknown) => void;\n reject: (reason?: unknown) => void;\n}\n\ninterface PromiseQueueOptions {\n quiet?: boolean; // if false, concurrrency warnings will not be logged\n}\nexport class PromiseQueue {\n queue: QueueItem[];\n running: boolean;\n options: PromiseQueueOptions;\n\n constructor(options: PromiseQueueOptions = { quiet: false }) {\n this.queue = [];\n this.running = false;\n this.options = options;\n }\n\n // Returns a promise\n // If the method is synchronous, it will resolve when the method completes\n // If the method returns a promise, it will resolve (or reject) with the value from the method's promise\n push(method: (...args: any) => any, thisObject: any, ...args: any[]) {\n return new Promise((resolve, reject) => {\n if (this.queue.length > 0) {\n // There is at least one other pending call.\n // The PromiseQueue will prevent these methods from running concurrently.\n if (this.options.quiet !== false) {\n warn(\n 'Async method is being called but another async method is already running. ' +\n 'The new method will be delayed until the previous method completes.'\n );\n }\n }\n this.queue.push({\n method,\n thisObject,\n args,\n resolve,\n reject\n });\n this.run();\n });\n }\n\n run() {\n if (this.running) {\n return;\n }\n if (this.queue.length === 0) {\n return;\n }\n this.running = true;\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var queueItem = this.queue.shift()!;\n var res = queueItem.method.apply(queueItem.thisObject, queueItem.args as never) as unknown;\n if (isPromise(res)) {\n (res as Promise<unknown>).then(queueItem.resolve, queueItem.reject).finally(() => {\n this.running = false;\n this.run();\n });\n } else {\n queueItem.resolve(res);\n this.running = false;\n this.run();\n }\n }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nexport function getNativeConsole() {\n if (typeof window !== 'undefined') {\n return window.console;\n } else if (typeof console !== 'undefined') {\n return console;\n } else {\n return undefined;\n }\n}\n\nexport function getConsole() {\n var nativeConsole = getNativeConsole();\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n if (nativeConsole && nativeConsole.log) {\n return nativeConsole;\n }\n return {\n log: function() {},\n warn: function() {},\n group: function() {},\n groupEnd: function() {}\n };\n}\n\nexport function warn(text) {\n /* eslint-disable no-console */\n getConsole().warn('[okta-auth-sdk] WARN: ' + text);\n /* eslint-enable */\n}\n\nexport function deprecate(text) {\n /* eslint-disable no-console */\n getConsole().warn('[okta-auth-sdk] DEPRECATION: ' + text);\n /* eslint-enable */\n}\n\nexport function deprecateWrap(text, fn) {\n return function() {\n deprecate(text);\n return fn.apply(null, arguments);\n };\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './console';\nexport * from './misc';\nexport * from './object';\nexport * from './PromiseQueue';\nexport * from './types';\nexport * from './url';\n","const jsonpathRegex = /\\$?(?<step>\\w+)|(?:\\[(?<index>\\d+)\\])/g;\n\n/* eslint complexity:[0,8] */\nexport function jsonpath({ path, json }) {\n const steps: string[] = [];\n let match: RegExpExecArray | null;\n while ((match = jsonpathRegex.exec(path)) !== null) {\n const step = match?.groups?.step ?? match?.groups?.index;\n if (step) {\n steps.push(step);\n }\n }\n\n if (steps.length < 1) {\n return undefined;\n }\n\n // array length check above guarantees .pop() will return a value\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const lastStep = steps.pop()!;\n let curr = json;\n for (const step of steps) {\n if (Object.prototype.hasOwnProperty.call(curr, step)) {\n if (typeof curr[step] !== 'object') {\n return undefined;\n }\n\n curr = curr[step];\n }\n }\n\n return curr[lastStep];\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isoToUTCString(str) {\n var parts = str.match(/\\d+/g),\n isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),\n isoDate = new Date(isoTime);\n\n return isoDate.toUTCString();\n}\n\nexport function genRandomString(length) {\n var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';\n var random = '';\n for (var c = 0, cl = randomCharset.length; c < length; ++c) {\n random += randomCharset[Math.floor(Math.random() * cl)];\n }\n return random;\n}\n\nexport function delay(ms) {\n return new Promise(function(resolve) {\n setTimeout(resolve, ms);\n });\n}\n\nexport function split2(str, delim) {\n const parts = str.split(delim);\n return [\n parts[0], \n parts.splice(1, parts.length).join(delim),\n ];\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function bind(fn, ctx) {\n var additionalArgs = Array.prototype.slice.call(arguments, 2);\n return function() {\n var args = Array.prototype.slice.call(arguments);\n args = additionalArgs.concat(args);\n return fn.apply(ctx, args);\n };\n}\n\n// TODO: replace all references with `Object.assign` then remove this function\nexport function extend() {\n // First object will be modified!\n var obj1 = arguments[0];\n // Properties from other objects will be copied over\n var objArray = [].slice.call(arguments, 1);\n objArray.forEach(function(obj) {\n for (var prop in obj) {\n // copy over all properties with defined values\n if (Object.prototype.hasOwnProperty.call(obj, prop) && obj[prop] !== undefined) {\n obj1[prop] = obj[prop];\n }\n }\n });\n return obj1; // return the modified object\n}\n\nexport function removeNils(obj) {\n var cleaned = {};\n for (var prop in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, prop)) {\n var value = obj[prop];\n if (value !== null && value !== undefined) {\n cleaned[prop] = value;\n }\n }\n }\n return cleaned;\n}\n\nexport function clone(obj) {\n if (obj) {\n var str = JSON.stringify(obj);\n if (str) {\n return JSON.parse(str);\n }\n }\n return obj;\n}\n\n// Analogous to _.omit\nexport function omit(obj, ...props: any[]) {\n // var props = Array.prototype.slice.call(arguments, 1);\n var newobj = {};\n for (var p in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, p) && props.indexOf(p) == -1) {\n newobj[p] = obj[p];\n }\n }\n return clone(newobj);\n}\n\nexport function find(collection, searchParams) {\n var c = collection.length;\n while (c--) {\n var item = collection[c];\n var found = true;\n for (var prop in searchParams) {\n if (!Object.prototype.hasOwnProperty.call(searchParams, prop)) {\n continue;\n }\n if (item[prop] !== searchParams[prop]) {\n found = false;\n break;\n }\n }\n if (found) {\n return item;\n }\n }\n}\n\nexport function getLink(obj, linkName, altName?) {\n if (!obj || !obj._links) {\n return;\n }\n\n var link = clone(obj._links[linkName]);\n\n // If a link has a name and we have an altName, return if they match\n if (link && link.name && altName) {\n if (link.name === altName) {\n return link;\n }\n } else {\n return link;\n }\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isString(obj: any): obj is string {\n return Object.prototype.toString.call(obj) === '[object String]';\n}\n\nexport function isObject(obj: any): obj is object {\n return Object.prototype.toString.call(obj) === '[object Object]';\n}\n\nexport function isNumber(obj: any): obj is number {\n return Object.prototype.toString.call(obj) === '[object Number]';\n}\n\nexport function isFunction(fn: any): fn is (...any: any[]) => any {\n return !!fn && {}.toString.call(fn) === '[object Function]';\n}\n\nexport function isPromise(obj) {\n return obj && obj.finally && (typeof obj.finally === 'function');\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isAbsoluteUrl(url) {\n return /^[a-z][a-z0-9+.-]*:/i.test(url);\n}\n\nexport function toAbsoluteUrl(url = '', baseUrl) {\n if (isAbsoluteUrl(url)) {\n return url;\n }\n baseUrl = removeTrailingSlash(baseUrl);\n return url[0] === '/' ? `${baseUrl}${url}` : `${baseUrl}/${url}`;\n}\n\nexport function toRelativeUrl(url = '', baseUrl) {\n if (isAbsoluteUrl(url)) {\n url = url.substring(baseUrl.length);\n }\n\n return url[0] === '/' ? url : `/${url}`;\n}\n\nexport function toQueryString(obj) {\n var str = [];\n if (obj !== null) {\n for (var key in obj) {\n if (Object.prototype.hasOwnProperty.call(obj, key) &&\n obj[key] !== undefined &&\n obj[key] !== null) {\n str.push(key + '=' + encodeURIComponent(obj[key]) as never);\n }\n }\n }\n if (str.length) {\n return '?' + str.join('&');\n } else {\n return '';\n }\n}\n\nexport function removeTrailingSlash(path) {\n if (!path) {\n return;\n }\n // Remove any whitespace before or after string\n var trimmed = path.replace(/^\\s+|\\s+$/gm,'');\n // Remove trailing slash(es)\n trimmed = trimmed.replace(/\\/+$/, '');\n\n return trimmed;\n}\n",null,"'use strict';\n\nclass CancelError extends Error {\n\tconstructor(reason) {\n\t\tsuper(reason || 'Promise was canceled');\n\t\tthis.name = 'CancelError';\n\t}\n\n\tget isCanceled() {\n\t\treturn true;\n\t}\n}\n\nclass PCancelable {\n\tstatic fn(userFn) {\n\t\treturn (...arguments_) => {\n\t\t\treturn new PCancelable((resolve, reject, onCancel) => {\n\t\t\t\targuments_.push(onCancel);\n\t\t\t\t// eslint-disable-next-line promise/prefer-await-to-then\n\t\t\t\tuserFn(...arguments_).then(resolve, reject);\n\t\t\t});\n\t\t};\n\t}\n\n\tconstructor(executor) {\n\t\tthis._cancelHandlers = [];\n\t\tthis._isPending = true;\n\t\tthis._isCanceled = false;\n\t\tthis._rejectOnCancel = true;\n\n\t\tthis._promise = new Promise((resolve, reject) => {\n\t\t\tthis._reject = reject;\n\n\t\t\tconst onResolve = value => {\n\t\t\t\tif (!this._isCanceled || !onCancel.shouldReject) {\n\t\t\t\t\tthis._isPending = false;\n\t\t\t\t\tresolve(value);\n\t\t\t\t}\n\t\t\t};\n\n\t\t\tconst onReject = error => {\n\t\t\t\tthis._isPending = false;\n\t\t\t\treject(error);\n\t\t\t};\n\n\t\t\tconst onCancel = handler => {\n\t\t\t\tif (!this._isPending) {\n\t\t\t\t\tthrow new Error('The `onCancel` handler was attached after the promise settled.');\n\t\t\t\t}\n\n\t\t\t\tthis._cancelHandlers.push(handler);\n\t\t\t};\n\n\t\t\tObject.defineProperties(onCancel, {\n\t\t\t\tshouldReject: {\n\t\t\t\t\tget: () => this._rejectOnCancel,\n\t\t\t\t\tset: boolean => {\n\t\t\t\t\t\tthis._rejectOnCancel = boolean;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t});\n\n\t\t\treturn executor(onResolve, onReject, onCancel);\n\t\t});\n\t}\n\n\tthen(onFulfilled, onRejected) {\n\t\t// eslint-disable-next-line promise/prefer-await-to-then\n\t\treturn this._promise.then(onFulfilled, onRejected);\n\t}\n\n\tcatch(onRejected) {\n\t\treturn this._promise.catch(onRejected);\n\t}\n\n\tfinally(onFinally) {\n\t\treturn this._promise.finally(onFinally);\n\t}\n\n\tcancel(reason) {\n\t\tif (!this._isPending || this._isCanceled) {\n\t\t\treturn;\n\t\t}\n\n\t\tthis._isCanceled = true;\n\n\t\tif (this._cancelHandlers.length > 0) {\n\t\t\ttry {\n\t\t\t\tfor (const handler of this._cancelHandlers) {\n\t\t\t\t\thandler();\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tthis._reject(error);\n\t\t\t\treturn;\n\t\t\t}\n\t\t}\n\n\t\tif (this._rejectOnCancel) {\n\t\t\tthis._reject(new CancelError(reason));\n\t\t}\n\t}\n\n\tget isCanceled() {\n\t\treturn this._isCanceled;\n\t}\n}\n\nObject.setPrototypeOf(PCancelable.prototype, Promise.prototype);\n\nmodule.exports = PCancelable;\nmodule.exports.CancelError = CancelError;\n","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.OPEN_BROADCAST_CHANNELS = exports.BroadcastChannel = void 0;\nexports.clearNodeFolder = clearNodeFolder;\nexports.enforceOptions = enforceOptions;\nvar _util = require(\"./util.js\");\nvar _methodChooser = require(\"./method-chooser.js\");\nvar _options = require(\"./options.js\");\n/**\n * Contains all open channels,\n * used in tests to ensure everything is closed.\n */\nvar OPEN_BROADCAST_CHANNELS = new Set();\nexports.OPEN_BROADCAST_CHANNELS = OPEN_BROADCAST_CHANNELS;\nvar lastId = 0;\nvar BroadcastChannel = function BroadcastChannel(name, options) {\n // identifier of the channel to debug stuff\n this.id = lastId++;\n OPEN_BROADCAST_CHANNELS.add(this);\n this.name = name;\n if (ENFORCED_OPTIONS) {\n options = ENFORCED_OPTIONS;\n }\n this.options = (0, _options.fillOptionsWithDefaults)(options);\n this.method = (0, _methodChooser.chooseMethod)(this.options);\n\n // isListening\n this._iL = false;\n\n /**\n * _onMessageListener\n * setting onmessage twice,\n * will overwrite the first listener\n */\n this._onML = null;\n\n /**\n * _addEventListeners\n */\n this._addEL = {\n message: [],\n internal: []\n };\n\n /**\n * Unsent message promises\n * where the sending is still in progress\n * @type {Set<Promise>}\n */\n this._uMP = new Set();\n\n /**\n * _beforeClose\n * array of promises that will be awaited\n * before the channel is closed\n */\n this._befC = [];\n\n /**\n * _preparePromise\n */\n this._prepP = null;\n _prepareChannel(this);\n};\n\n// STATICS\n\n/**\n * used to identify if someone overwrites\n * window.BroadcastChannel with this\n * See methods/native.js\n */\nexports.BroadcastChannel = BroadcastChannel;\nBroadcastChannel._pubkey = true;\n\n/**\n * clears the tmp-folder if is node\n * @return {Promise<boolean>} true if has run, false if not node\n */\nfunction clearNodeFolder(options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n var method = (0, _methodChooser.chooseMethod)(options);\n if (method.type === 'node') {\n return method.clearNodeFolder().then(function () {\n return true;\n });\n } else {\n return _util.PROMISE_RESOLVED_FALSE;\n }\n}\n\n/**\n * if set, this method is enforced,\n * no mather what the options are\n */\nvar ENFORCED_OPTIONS;\nfunction enforceOptions(options) {\n ENFORCED_OPTIONS = options;\n}\n\n// PROTOTYPE\nBroadcastChannel.prototype = {\n postMessage: function postMessage(msg) {\n if (this.closed) {\n throw new Error('BroadcastChannel.postMessage(): ' + 'Cannot post message after channel has closed ' +\n /**\n * In the past when this error appeared, it was really hard to debug.\n * So now we log the msg together with the error so it at least\n * gives some clue about where in your application this happens.\n */\n JSON.stringify(msg));\n }\n return _post(this, 'message', msg);\n },\n postInternal: function postInternal(msg) {\n return _post(this, 'internal', msg);\n },\n set onmessage(fn) {\n var time = this.method.microSeconds();\n var listenObj = {\n time: time,\n fn: fn\n };\n _removeListenerObject(this, 'message', this._onML);\n if (fn && typeof fn === 'function') {\n this._onML = listenObj;\n _addListenerObject(this, 'message', listenObj);\n } else {\n this._onML = null;\n }\n },\n addEventListener: function addEventListener(type, fn) {\n var time = this.method.microSeconds();\n var listenObj = {\n time: time,\n fn: fn\n };\n _addListenerObject(this, type, listenObj);\n },\n removeEventListener: function removeEventListener(type, fn) {\n var obj = this._addEL[type].find(function (obj) {\n return obj.fn === fn;\n });\n _removeListenerObject(this, type, obj);\n },\n close: function close() {\n var _this = this;\n if (this.closed) {\n return;\n }\n OPEN_BROADCAST_CHANNELS[\"delete\"](this);\n this.closed = true;\n var awaitPrepare = this._prepP ? this._prepP : _util.PROMISE_RESOLVED_VOID;\n this._onML = null;\n this._addEL.message = [];\n return awaitPrepare\n // wait until all current sending are processed\n .then(function () {\n return Promise.all(Array.from(_this._uMP));\n })\n // run before-close hooks\n .then(function () {\n return Promise.all(_this._befC.map(function (fn) {\n return fn();\n }));\n })\n // close the channel\n .then(function () {\n return _this.method.close(_this._state);\n });\n },\n get type() {\n return this.method.type;\n },\n get isClosed() {\n return this.closed;\n }\n};\n\n/**\n * Post a message over the channel\n * @returns {Promise} that resolved when the message sending is done\n */\nfunction _post(broadcastChannel, type, msg) {\n var time = broadcastChannel.method.microSeconds();\n var msgObj = {\n time: time,\n type: type,\n data: msg\n };\n var awaitPrepare = broadcastChannel._prepP ? broadcastChannel._prepP : _util.PROMISE_RESOLVED_VOID;\n return awaitPrepare.then(function () {\n var sendPromise = broadcastChannel.method.postMessage(broadcastChannel._state, msgObj);\n\n // add/remove to unsent messages list\n broadcastChannel._uMP.add(sendPromise);\n sendPromise[\"catch\"]().then(function () {\n return broadcastChannel._uMP[\"delete\"](sendPromise);\n });\n return sendPromise;\n });\n}\nfunction _prepareChannel(channel) {\n var maybePromise = channel.method.create(channel.name, channel.options);\n if ((0, _util.isPromise)(maybePromise)) {\n channel._prepP = maybePromise;\n maybePromise.then(function (s) {\n // used in tests to simulate slow runtime\n /*if (channel.options.prepareDelay) {\n await new Promise(res => setTimeout(res, this.options.prepareDelay));\n }*/\n channel._state = s;\n });\n } else {\n channel._state = maybePromise;\n }\n}\nfunction _hasMessageListeners(channel) {\n if (channel._addEL.message.length > 0) return true;\n if (channel._addEL.internal.length > 0) return true;\n return false;\n}\nfunction _addListenerObject(channel, type, obj) {\n channel._addEL[type].push(obj);\n _startListening(channel);\n}\nfunction _removeListenerObject(channel, type, obj) {\n channel._addEL[type] = channel._addEL[type].filter(function (o) {\n return o !== obj;\n });\n _stopListening(channel);\n}\nfunction _startListening(channel) {\n if (!channel._iL && _hasMessageListeners(channel)) {\n // someone is listening, start subscribing\n\n var listenerFn = function listenerFn(msgObj) {\n channel._addEL[msgObj.type].forEach(function (listenerObject) {\n /**\n * Getting the current time in JavaScript has no good precision.\n * So instead of only listening to events that happened 'after' the listener\n * was added, we also listen to events that happened 100ms before it.\n * This ensures that when another process, like a WebWorker, sends events\n * we do not miss them out because their timestamp is a bit off compared to the main process.\n * Not doing this would make messages missing when we send data directly after subscribing and awaiting a response.\n * @link https://johnresig.com/blog/accuracy-of-javascript-time/\n */\n var hundredMsInMicro = 100 * 1000;\n var minMessageTime = listenerObject.time - hundredMsInMicro;\n if (msgObj.time >= minMessageTime) {\n listenerObject.fn(msgObj.data);\n }\n });\n };\n var time = channel.method.microSeconds();\n if (channel._prepP) {\n channel._prepP.then(function () {\n channel._iL = true;\n channel.method.onMessage(channel._state, listenerFn, time);\n });\n } else {\n channel._iL = true;\n channel.method.onMessage(channel._state, listenerFn, time);\n }\n }\n}\nfunction _stopListening(channel) {\n if (channel._iL && !_hasMessageListeners(channel)) {\n // no one is listening, stop subscribing\n channel._iL = false;\n var time = channel.method.microSeconds();\n channel.method.onMessage(channel._state, null, time);\n }\n}","\"use strict\";\n\nvar _index = require(\"./index.js\");\n/**\n * because babel can only export on default-attribute,\n * we use this for the non-module-build\n * this ensures that users do not have to use\n * var BroadcastChannel = require('broadcast-channel').default;\n * but\n * var BroadcastChannel = require('broadcast-channel');\n */\n\nmodule.exports = {\n BroadcastChannel: _index.BroadcastChannel,\n createLeaderElection: _index.createLeaderElection,\n clearNodeFolder: _index.clearNodeFolder,\n enforceOptions: _index.enforceOptions,\n beLeader: _index.beLeader\n};","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nObject.defineProperty(exports, \"BroadcastChannel\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.BroadcastChannel;\n }\n});\nObject.defineProperty(exports, \"OPEN_BROADCAST_CHANNELS\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.OPEN_BROADCAST_CHANNELS;\n }\n});\nObject.defineProperty(exports, \"beLeader\", {\n enumerable: true,\n get: function get() {\n return _leaderElectionUtil.beLeader;\n }\n});\nObject.defineProperty(exports, \"clearNodeFolder\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.clearNodeFolder;\n }\n});\nObject.defineProperty(exports, \"createLeaderElection\", {\n enumerable: true,\n get: function get() {\n return _leaderElection.createLeaderElection;\n }\n});\nObject.defineProperty(exports, \"enforceOptions\", {\n enumerable: true,\n get: function get() {\n return _broadcastChannel.enforceOptions;\n }\n});\nvar _broadcastChannel = require(\"./broadcast-channel.js\");\nvar _leaderElection = require(\"./leader-election.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.beLeader = beLeader;\nexports.sendLeaderMessage = sendLeaderMessage;\nvar _unload = require(\"unload\");\n/**\n * sends and internal message over the broadcast-channel\n */\nfunction sendLeaderMessage(leaderElector, action) {\n var msgJson = {\n context: 'leader',\n action: action,\n token: leaderElector.token\n };\n return leaderElector.broadcastChannel.postInternal(msgJson);\n}\nfunction beLeader(leaderElector) {\n leaderElector.isLeader = true;\n leaderElector._hasLeader = true;\n var unloadFn = (0, _unload.add)(function () {\n return leaderElector.die();\n });\n leaderElector._unl.push(unloadFn);\n var isLeaderListener = function isLeaderListener(msg) {\n if (msg.context === 'leader' && msg.action === 'apply') {\n sendLeaderMessage(leaderElector, 'tell');\n }\n if (msg.context === 'leader' && msg.action === 'tell' && !leaderElector._dpLC) {\n /**\n * another instance is also leader!\n * This can happen on rare events\n * like when the CPU is at 100% for long time\n * or the tabs are open very long and the browser throttles them.\n * @link https://github.com/pubkey/broadcast-channel/issues/414\n * @link https://github.com/pubkey/broadcast-channel/issues/385\n */\n leaderElector._dpLC = true;\n leaderElector._dpL(); // message the lib user so the app can handle the problem\n sendLeaderMessage(leaderElector, 'tell'); // ensure other leader also knows the problem\n }\n };\n\n leaderElector.broadcastChannel.addEventListener('internal', isLeaderListener);\n leaderElector._lstns.push(isLeaderListener);\n return sendLeaderMessage(leaderElector, 'tell');\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.LeaderElectionWebLock = void 0;\nvar _util = require(\"./util.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");\n/**\n * A faster version of the leader elector that uses the WebLock API\n * @link https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API\n */\nvar LeaderElectionWebLock = function LeaderElectionWebLock(broadcastChannel, options) {\n var _this = this;\n this.broadcastChannel = broadcastChannel;\n broadcastChannel._befC.push(function () {\n return _this.die();\n });\n this._options = options;\n this.isLeader = false;\n this.isDead = false;\n this.token = (0, _util.randomToken)();\n this._lstns = [];\n this._unl = [];\n this._dpL = function () {}; // onduplicate listener\n this._dpLC = false; // true when onduplicate called\n\n this._wKMC = {}; // stuff for cleanup\n\n // lock name\n this.lN = 'pubkey-bc||' + broadcastChannel.method.type + '||' + broadcastChannel.name;\n};\nexports.LeaderElectionWebLock = LeaderElectionWebLock;\nLeaderElectionWebLock.prototype = {\n hasLeader: function hasLeader() {\n var _this2 = this;\n return navigator.locks.query().then(function (locks) {\n var relevantLocks = locks.held ? locks.held.filter(function (lock) {\n return lock.name === _this2.lN;\n }) : [];\n if (relevantLocks && relevantLocks.length > 0) {\n return true;\n } else {\n return false;\n }\n });\n },\n awaitLeadership: function awaitLeadership() {\n var _this3 = this;\n if (!this._wLMP) {\n this._wKMC.c = new AbortController();\n var returnPromise = new Promise(function (res, rej) {\n _this3._wKMC.res = res;\n _this3._wKMC.rej = rej;\n });\n this._wLMP = new Promise(function (res) {\n navigator.locks.request(_this3.lN, {\n signal: _this3._wKMC.c.signal\n }, function () {\n // if the lock resolved, we can drop the abort controller\n _this3._wKMC.c = undefined;\n (0, _leaderElectionUtil.beLeader)(_this3);\n res();\n return returnPromise;\n })[\"catch\"](function () {});\n });\n }\n return this._wLMP;\n },\n set onduplicate(_fn) {\n // Do nothing because there are no duplicates in the WebLock version\n },\n die: function die() {\n var _this4 = this;\n this._lstns.forEach(function (listener) {\n return _this4.broadcastChannel.removeEventListener('internal', listener);\n });\n this._lstns = [];\n this._unl.forEach(function (uFn) {\n return uFn.remove();\n });\n this._unl = [];\n if (this.isLeader) {\n this.isLeader = false;\n }\n this.isDead = true;\n if (this._wKMC.res) {\n this._wKMC.res();\n }\n if (this._wKMC.c) {\n this._wKMC.c.abort('LeaderElectionWebLock.die() called');\n }\n return (0, _leaderElectionUtil.sendLeaderMessage)(this, 'death');\n }\n};","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.createLeaderElection = createLeaderElection;\nvar _util = require(\"./util.js\");\nvar _leaderElectionUtil = require(\"./leader-election-util.js\");\nvar _leaderElectionWebLock = require(\"./leader-election-web-lock.js\");\nvar LeaderElection = function LeaderElection(broadcastChannel, options) {\n var _this = this;\n this.broadcastChannel = broadcastChannel;\n this._options = options;\n this.isLeader = false;\n this._hasLeader = false;\n this.isDead = false;\n this.token = (0, _util.randomToken)();\n\n /**\n * Apply Queue,\n * used to ensure we do not run applyOnce()\n * in parallel.\n */\n this._aplQ = _util.PROMISE_RESOLVED_VOID;\n // amount of unfinished applyOnce() calls\n this._aplQC = 0;\n\n // things to clean up\n this._unl = []; // _unloads\n this._lstns = []; // _listeners\n this._dpL = function () {}; // onduplicate listener\n this._dpLC = false; // true when onduplicate called\n\n /**\n * Even when the own instance is not applying,\n * we still listen to messages to ensure the hasLeader flag\n * is set correctly.\n */\n var hasLeaderListener = function hasLeaderListener(msg) {\n if (msg.context === 'leader') {\n if (msg.action === 'death') {\n _this._hasLeader = false;\n }\n if (msg.action === 'tell') {\n _this._hasLeader = true;\n }\n }\n };\n this.broadcastChannel.addEventListener('internal', hasLeaderListener);\n this._lstns.push(hasLeaderListener);\n};\nLeaderElection.prototype = {\n hasLeader: function hasLeader() {\n return Promise.resolve(this._hasLeader);\n },\n /**\n * Returns true if the instance is leader,\n * false if not.\n * @async\n */\n applyOnce: function applyOnce(\n // true if the applyOnce() call came from the fallbackInterval cycle\n isFromFallbackInterval) {\n var _this2 = this;\n if (this.isLeader) {\n return (0, _util.sleep)(0, true);\n }\n if (this.isDead) {\n return (0, _util.sleep)(0, false);\n }\n\n /**\n * Already applying more than once,\n * -> wait for the apply queue to be finished.\n */\n if (this._aplQC > 1) {\n return this._aplQ;\n }\n\n /**\n * Add a new apply-run\n */\n var applyRun = function applyRun() {\n /**\n * Optimization shortcuts.\n * Directly return if a previous run\n * has already elected a leader.\n */\n if (_this2.isLeader) {\n return _util.PROMISE_RESOLVED_TRUE;\n }\n var stopCriteria = false;\n var stopCriteriaPromiseResolve;\n /**\n * Resolves when a stop criteria is reached.\n * Uses as a performance shortcut so we do not\n * have to await the responseTime when it is already clear\n * that the election failed.\n */\n var stopCriteriaPromise = new Promise(function (res) {\n stopCriteriaPromiseResolve = function stopCriteriaPromiseResolve() {\n stopCriteria = true;\n res();\n };\n });\n var handleMessage = function handleMessage(msg) {\n if (msg.context === 'leader' && msg.token != _this2.token) {\n if (msg.action === 'apply') {\n // other is applying\n if (msg.token > _this2.token) {\n /**\n * other has higher token\n * -> stop applying and let other become leader.\n */\n stopCriteriaPromiseResolve();\n }\n }\n if (msg.action === 'tell') {\n // other is already leader\n stopCriteriaPromiseResolve();\n _this2._hasLeader = true;\n }\n }\n };\n _this2.broadcastChannel.addEventListener('internal', handleMessage);\n\n /**\n * If the applyOnce() call came from the fallbackInterval,\n * we can assume that the election runs in the background and\n * not critical process is waiting for it.\n * When this is true, we give the other instances\n * more time to answer to messages in the election cycle.\n * This makes it less likely to elect duplicate leaders.\n * But also it takes longer which is not a problem because we anyway\n * run in the background.\n */\n var waitForAnswerTime = isFromFallbackInterval ? _this2._options.responseTime * 4 : _this2._options.responseTime;\n return (0, _leaderElectionUtil.sendLeaderMessage)(_this2, 'apply') // send out that this one is applying\n .then(function () {\n return Promise.race([(0, _util.sleep)(waitForAnswerTime), stopCriteriaPromise.then(function () {\n return Promise.reject(new Error());\n })]);\n })\n // send again in case another instance was just created\n .then(function () {\n return (0, _leaderElectionUtil.sendLeaderMessage)(_this2, 'apply');\n })\n // let others time to respond\n .then(function () {\n return Promise.race([(0, _util.sleep)(waitForAnswerTime), stopCriteriaPromise.then(function () {\n return Promise.reject(new Error());\n })]);\n })[\"catch\"](function () {}).then(function () {\n _this2.broadcastChannel.removeEventListener('internal', handleMessage);\n if (!stopCriteria) {\n // no stop criteria -> own is leader\n return (0, _leaderElectionUtil.beLeader)(_this2).then(function () {\n return true;\n });\n } else {\n // other is leader\n return false;\n }\n });\n };\n this._aplQC = this._aplQC + 1;\n this._aplQ = this._aplQ.then(function () {\n return applyRun();\n }).then(function () {\n _this2._aplQC = _this2._aplQC - 1;\n });\n return this._aplQ.then(function () {\n return _this2.isLeader;\n });\n },\n awaitLeadership: function awaitLeadership() {\n if ( /* _awaitLeadershipPromise */\n !this._aLP) {\n this._aLP = _awaitLeadershipOnce(this);\n }\n return this._aLP;\n },\n set onduplicate(fn) {\n this._dpL = fn;\n },\n die: function die() {\n var _this3 = this;\n this._lstns.forEach(function (listener) {\n return _this3.broadcastChannel.removeEventListener('internal', listener);\n });\n this._lstns = [];\n this._unl.forEach(function (uFn) {\n return uFn.remove();\n });\n this._unl = [];\n if (this.isLeader) {\n this._hasLeader = false;\n this.isLeader = false;\n }\n this.isDead = true;\n return (0, _leaderElectionUtil.sendLeaderMessage)(this, 'death');\n }\n};\n\n/**\n * @param leaderElector {LeaderElector}\n */\nfunction _awaitLeadershipOnce(leaderElector) {\n if (leaderElector.isLeader) {\n return _util.PROMISE_RESOLVED_VOID;\n }\n return new Promise(function (res) {\n var resolved = false;\n function finish() {\n if (resolved) {\n return;\n }\n resolved = true;\n leaderElector.broadcastChannel.removeEventListener('internal', whenDeathListener);\n res(true);\n }\n\n // try once now\n leaderElector.applyOnce().then(function () {\n if (leaderElector.isLeader) {\n finish();\n }\n });\n\n /**\n * Try on fallbackInterval\n * @recursive\n */\n var tryOnFallBack = function tryOnFallBack() {\n return (0, _util.sleep)(leaderElector._options.fallbackInterval).then(function () {\n if (leaderElector.isDead || resolved) {\n return;\n }\n if (leaderElector.isLeader) {\n finish();\n } else {\n return leaderElector.applyOnce(true).then(function () {\n if (leaderElector.isLeader) {\n finish();\n } else {\n tryOnFallBack();\n }\n });\n }\n });\n };\n tryOnFallBack();\n\n // try when other leader dies\n var whenDeathListener = function whenDeathListener(msg) {\n if (msg.context === 'leader' && msg.action === 'death') {\n leaderElector._hasLeader = false;\n leaderElector.applyOnce().then(function () {\n if (leaderElector.isLeader) {\n finish();\n }\n });\n }\n };\n leaderElector.broadcastChannel.addEventListener('internal', whenDeathListener);\n leaderElector._lstns.push(whenDeathListener);\n });\n}\nfunction fillOptionsWithDefaults(options, channel) {\n if (!options) options = {};\n options = JSON.parse(JSON.stringify(options));\n if (!options.fallbackInterval) {\n options.fallbackInterval = 3000;\n }\n if (!options.responseTime) {\n options.responseTime = channel.method.averageResponseTime(channel.options);\n }\n return options;\n}\nfunction createLeaderElection(channel, options) {\n if (channel._leaderElector) {\n throw new Error('BroadcastChannel already has a leader-elector');\n }\n options = fillOptionsWithDefaults(options, channel);\n var elector = (0, _util.supportsWebLockAPI)() ? new _leaderElectionWebLock.LeaderElectionWebLock(channel, options) : new LeaderElection(channel, options);\n channel._befC.push(function () {\n return elector.die();\n });\n channel._leaderElector = elector;\n return elector;\n}","\"use strict\";\n\nvar _typeof = require(\"@babel/runtime/helpers/typeof\");\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.chooseMethod = chooseMethod;\nvar _native = require(\"./methods/native.js\");\nvar _indexedDb = require(\"./methods/indexed-db.js\");\nvar _localstorage = require(\"./methods/localstorage.js\");\nvar _simulate = require(\"./methods/simulate.js\");\nfunction _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== \"function\") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }\nfunction _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== \"object\" && typeof obj !== \"function\") { return { \"default\": obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== \"default\" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj[\"default\"] = obj; if (cache) { cache.set(obj, newObj); } return newObj; }\n// the line below will be removed from es5/browser builds\n\n// order is important\nvar METHODS = [_native.NativeMethod,\n// fastest\n_indexedDb.IndexedDBMethod, _localstorage.LocalstorageMethod];\nfunction chooseMethod(options) {\n var chooseMethods = [].concat(options.methods, METHODS).filter(Boolean);\n\n // the line below will be removed from es5/browser builds\n\n // directly chosen\n if (options.type) {\n if (options.type === 'simulate') {\n // only use simulate-method if directly chosen\n return _simulate.SimulateMethod;\n }\n var ret = chooseMethods.find(function (m) {\n return m.type === options.type;\n });\n if (!ret) throw new Error('method-type ' + options.type + ' not found');else return ret;\n }\n\n /**\n * if no webworker support is needed,\n * remove idb from the list so that localstorage will be chosen\n */\n if (!options.webWorkerSupport) {\n chooseMethods = chooseMethods.filter(function (m) {\n return m.type !== 'idb';\n });\n }\n var useMethod = chooseMethods.find(function (method) {\n return method.canBeUsed();\n });\n if (!useMethod) {\n throw new Error(\"No usable method found in \" + JSON.stringify(METHODS.map(function (m) {\n return m.type;\n })));\n } else {\n return useMethod;\n }\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.TRANSACTION_SETTINGS = exports.IndexedDBMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.cleanOldMessages = cleanOldMessages;\nexports.close = close;\nexports.commitIndexedDBTransaction = commitIndexedDBTransaction;\nexports.create = create;\nexports.createDatabase = createDatabase;\nexports.getAllMessages = getAllMessages;\nexports.getIdb = getIdb;\nexports.getMessagesHigherThan = getMessagesHigherThan;\nexports.getOldMessages = getOldMessages;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.removeMessagesById = removeMessagesById;\nexports.type = void 0;\nexports.writeMessage = writeMessage;\nvar _util = require(\"../util.js\");\nvar _obliviousSet = require(\"oblivious-set\");\nvar _options = require(\"../options.js\");\n/**\n * this method uses indexeddb to store the messages\n * There is currently no observerAPI for idb\n * @link https://github.com/w3c/IndexedDB/issues/51\n * \n * When working on this, ensure to use these performance optimizations:\n * @link https://rxdb.info/slow-indexeddb.html\n */\n\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar DB_PREFIX = 'pubkey.broadcast-channel-0-';\nvar OBJECT_STORE_ID = 'messages';\n\n/**\n * Use relaxed durability for faster performance on all transactions.\n * @link https://nolanlawson.com/2021/08/22/speeding-up-indexeddb-reads-and-writes/\n */\nvar TRANSACTION_SETTINGS = {\n durability: 'relaxed'\n};\nexports.TRANSACTION_SETTINGS = TRANSACTION_SETTINGS;\nvar type = 'idb';\nexports.type = type;\nfunction getIdb() {\n if (typeof indexedDB !== 'undefined') return indexedDB;\n if (typeof window !== 'undefined') {\n if (typeof window.mozIndexedDB !== 'undefined') return window.mozIndexedDB;\n if (typeof window.webkitIndexedDB !== 'undefined') return window.webkitIndexedDB;\n if (typeof window.msIndexedDB !== 'undefined') return window.msIndexedDB;\n }\n return false;\n}\n\n/**\n * If possible, we should explicitly commit IndexedDB transactions\n * for better performance.\n * @link https://nolanlawson.com/2021/08/22/speeding-up-indexeddb-reads-and-writes/\n */\nfunction commitIndexedDBTransaction(tx) {\n if (tx.commit) {\n tx.commit();\n }\n}\nfunction createDatabase(channelName) {\n var IndexedDB = getIdb();\n\n // create table\n var dbName = DB_PREFIX + channelName;\n\n /**\n * All IndexedDB databases are opened without version\n * because it is a bit faster, especially on firefox\n * @link http://nparashuram.com/IndexedDB/perf/#Open%20Database%20with%20version\n */\n var openRequest = IndexedDB.open(dbName);\n openRequest.onupgradeneeded = function (ev) {\n var db = ev.target.result;\n db.createObjectStore(OBJECT_STORE_ID, {\n keyPath: 'id',\n autoIncrement: true\n });\n };\n return new Promise(function (res, rej) {\n openRequest.onerror = function (ev) {\n return rej(ev);\n };\n openRequest.onsuccess = function () {\n res(openRequest.result);\n };\n });\n}\n\n/**\n * writes the new message to the database\n * so other readers can find it\n */\nfunction writeMessage(db, readerUuid, messageJson) {\n var time = new Date().getTime();\n var writeObject = {\n uuid: readerUuid,\n time: time,\n data: messageJson\n };\n var tx = db.transaction([OBJECT_STORE_ID], 'readwrite', TRANSACTION_SETTINGS);\n return new Promise(function (res, rej) {\n tx.oncomplete = function () {\n return res();\n };\n tx.onerror = function (ev) {\n return rej(ev);\n };\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n objectStore.add(writeObject);\n commitIndexedDBTransaction(tx);\n });\n}\nfunction getAllMessages(db) {\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n return new Promise(function (res) {\n objectStore.openCursor().onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n ret.push(cursor.value);\n //alert(\"Name for SSN \" + cursor.key + \" is \" + cursor.value.name);\n cursor[\"continue\"]();\n } else {\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n };\n });\n}\nfunction getMessagesHigherThan(db, lastCursorId) {\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n var keyRangeValue = IDBKeyRange.bound(lastCursorId + 1, Infinity);\n\n /**\n * Optimization shortcut,\n * if getAll() can be used, do not use a cursor.\n * @link https://rxdb.info/slow-indexeddb.html\n */\n if (objectStore.getAll) {\n var getAllRequest = objectStore.getAll(keyRangeValue);\n return new Promise(function (res, rej) {\n getAllRequest.onerror = function (err) {\n return rej(err);\n };\n getAllRequest.onsuccess = function (e) {\n res(e.target.result);\n };\n });\n }\n function openCursor() {\n // Occasionally Safari will fail on IDBKeyRange.bound, this\n // catches that error, having it open the cursor to the first\n // item. When it gets data it will advance to the desired key.\n try {\n keyRangeValue = IDBKeyRange.bound(lastCursorId + 1, Infinity);\n return objectStore.openCursor(keyRangeValue);\n } catch (e) {\n return objectStore.openCursor();\n }\n }\n return new Promise(function (res, rej) {\n var openCursorRequest = openCursor();\n openCursorRequest.onerror = function (err) {\n return rej(err);\n };\n openCursorRequest.onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n if (cursor.value.id < lastCursorId + 1) {\n cursor[\"continue\"](lastCursorId + 1);\n } else {\n ret.push(cursor.value);\n cursor[\"continue\"]();\n }\n } else {\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n };\n });\n}\nfunction removeMessagesById(channelState, ids) {\n if (channelState.closed) {\n return Promise.resolve([]);\n }\n var tx = channelState.db.transaction(OBJECT_STORE_ID, 'readwrite', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n return Promise.all(ids.map(function (id) {\n var deleteRequest = objectStore[\"delete\"](id);\n return new Promise(function (res) {\n deleteRequest.onsuccess = function () {\n return res();\n };\n });\n }));\n}\nfunction getOldMessages(db, ttl) {\n var olderThen = new Date().getTime() - ttl;\n var tx = db.transaction(OBJECT_STORE_ID, 'readonly', TRANSACTION_SETTINGS);\n var objectStore = tx.objectStore(OBJECT_STORE_ID);\n var ret = [];\n return new Promise(function (res) {\n objectStore.openCursor().onsuccess = function (ev) {\n var cursor = ev.target.result;\n if (cursor) {\n var msgObk = cursor.value;\n if (msgObk.time < olderThen) {\n ret.push(msgObk);\n //alert(\"Name for SSN \" + cursor.key + \" is \" + cursor.value.name);\n cursor[\"continue\"]();\n } else {\n // no more old messages,\n commitIndexedDBTransaction(tx);\n res(ret);\n }\n } else {\n res(ret);\n }\n };\n });\n}\nfunction cleanOldMessages(channelState) {\n return getOldMessages(channelState.db, channelState.options.idb.ttl).then(function (tooOld) {\n return removeMessagesById(channelState, tooOld.map(function (msg) {\n return msg.id;\n }));\n });\n}\nfunction create(channelName, options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n return createDatabase(channelName).then(function (db) {\n var state = {\n closed: false,\n lastCursorId: 0,\n channelName: channelName,\n options: options,\n uuid: (0, _util.randomToken)(),\n /**\n * emittedMessagesIds\n * contains all messages that have been emitted before\n * @type {ObliviousSet}\n */\n eMIs: new _obliviousSet.ObliviousSet(options.idb.ttl * 2),\n // ensures we do not read messages in parallel\n writeBlockPromise: _util.PROMISE_RESOLVED_VOID,\n messagesCallback: null,\n readQueuePromises: [],\n db: db\n };\n\n /**\n * Handle abrupt closes that do not originate from db.close().\n * This could happen, for example, if the underlying storage is\n * removed or if the user clears the database in the browser's\n * history preferences.\n */\n db.onclose = function () {\n state.closed = true;\n if (options.idb.onclose) options.idb.onclose();\n };\n\n /**\n * if service-workers are used,\n * we have no 'storage'-event if they post a message,\n * therefore we also have to set an interval\n */\n _readLoop(state);\n return state;\n });\n}\nfunction _readLoop(state) {\n if (state.closed) return;\n readNewMessages(state).then(function () {\n return (0, _util.sleep)(state.options.idb.fallbackInterval);\n }).then(function () {\n return _readLoop(state);\n });\n}\nfunction _filterMessage(msgObj, state) {\n if (msgObj.uuid === state.uuid) return false; // send by own\n if (state.eMIs.has(msgObj.id)) return false; // already emitted\n if (msgObj.data.time < state.messagesCallbackTime) return false; // older then onMessageCallback\n return true;\n}\n\n/**\n * reads all new messages from the database and emits them\n */\nfunction readNewMessages(state) {\n // channel already closed\n if (state.closed) return _util.PROMISE_RESOLVED_VOID;\n\n // if no one is listening, we do not need to scan for new messages\n if (!state.messagesCallback) return _util.PROMISE_RESOLVED_VOID;\n return getMessagesHigherThan(state.db, state.lastCursorId).then(function (newerMessages) {\n var useMessages = newerMessages\n /**\n * there is a bug in iOS where the msgObj can be undefined sometimes\n * so we filter them out\n * @link https://github.com/pubkey/broadcast-channel/issues/19\n */.filter(function (msgObj) {\n return !!msgObj;\n }).map(function (msgObj) {\n if (msgObj.id > state.lastCursorId) {\n state.lastCursorId = msgObj.id;\n }\n return msgObj;\n }).filter(function (msgObj) {\n return _filterMessage(msgObj, state);\n }).sort(function (msgObjA, msgObjB) {\n return msgObjA.time - msgObjB.time;\n }); // sort by time\n useMessages.forEach(function (msgObj) {\n if (state.messagesCallback) {\n state.eMIs.add(msgObj.id);\n state.messagesCallback(msgObj.data);\n }\n });\n return _util.PROMISE_RESOLVED_VOID;\n });\n}\nfunction close(channelState) {\n channelState.closed = true;\n channelState.db.close();\n}\nfunction postMessage(channelState, messageJson) {\n channelState.writeBlockPromise = channelState.writeBlockPromise.then(function () {\n return writeMessage(channelState.db, channelState.uuid, messageJson);\n }).then(function () {\n if ((0, _util.randomInt)(0, 10) === 0) {\n /* await (do not await) */\n cleanOldMessages(channelState);\n }\n });\n return channelState.writeBlockPromise;\n}\nfunction onMessage(channelState, fn, time) {\n channelState.messagesCallbackTime = time;\n channelState.messagesCallback = fn;\n readNewMessages(channelState);\n}\nfunction canBeUsed() {\n return !!getIdb();\n}\nfunction averageResponseTime(options) {\n return options.idb.fallbackInterval * 2;\n}\nvar IndexedDBMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.IndexedDBMethod = IndexedDBMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.LocalstorageMethod = void 0;\nexports.addStorageEventListener = addStorageEventListener;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.getLocalStorage = getLocalStorage;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.removeStorageEventListener = removeStorageEventListener;\nexports.storageKey = storageKey;\nexports.type = void 0;\nvar _obliviousSet = require(\"oblivious-set\");\nvar _options = require(\"../options.js\");\nvar _util = require(\"../util.js\");\n/**\n * A localStorage-only method which uses localstorage and its 'storage'-event\n * This does not work inside webworkers because they have no access to localstorage\n * This is basically implemented to support IE9 or your grandmother's toaster.\n * @link https://caniuse.com/#feat=namevalue-storage\n * @link https://caniuse.com/#feat=indexeddb\n */\n\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar KEY_PREFIX = 'pubkey.broadcastChannel-';\nvar type = 'localstorage';\n\n/**\n * copied from crosstab\n * @link https://github.com/tejacques/crosstab/blob/master/src/crosstab.js#L32\n */\nexports.type = type;\nfunction getLocalStorage() {\n var localStorage;\n if (typeof window === 'undefined') return null;\n try {\n localStorage = window.localStorage;\n localStorage = window['ie8-eventlistener/storage'] || window.localStorage;\n } catch (e) {\n // New versions of Firefox throw a Security exception\n // if cookies are disabled. See\n // https://bugzilla.mozilla.org/show_bug.cgi?id=1028153\n }\n return localStorage;\n}\nfunction storageKey(channelName) {\n return KEY_PREFIX + channelName;\n}\n\n/**\n* writes the new message to the storage\n* and fires the storage-event so other readers can find it\n*/\nfunction postMessage(channelState, messageJson) {\n return new Promise(function (res) {\n (0, _util.sleep)().then(function () {\n var key = storageKey(channelState.channelName);\n var writeObj = {\n token: (0, _util.randomToken)(),\n time: new Date().getTime(),\n data: messageJson,\n uuid: channelState.uuid\n };\n var value = JSON.stringify(writeObj);\n getLocalStorage().setItem(key, value);\n\n /**\n * StorageEvent does not fire the 'storage' event\n * in the window that changes the state of the local storage.\n * So we fire it manually\n */\n var ev = document.createEvent('Event');\n ev.initEvent('storage', true, true);\n ev.key = key;\n ev.newValue = value;\n window.dispatchEvent(ev);\n res();\n });\n });\n}\nfunction addStorageEventListener(channelName, fn) {\n var key = storageKey(channelName);\n var listener = function listener(ev) {\n if (ev.key === key) {\n fn(JSON.parse(ev.newValue));\n }\n };\n window.addEventListener('storage', listener);\n return listener;\n}\nfunction removeStorageEventListener(listener) {\n window.removeEventListener('storage', listener);\n}\nfunction create(channelName, options) {\n options = (0, _options.fillOptionsWithDefaults)(options);\n if (!canBeUsed()) {\n throw new Error('BroadcastChannel: localstorage cannot be used');\n }\n var uuid = (0, _util.randomToken)();\n\n /**\n * eMIs\n * contains all messages that have been emitted before\n * @type {ObliviousSet}\n */\n var eMIs = new _obliviousSet.ObliviousSet(options.localstorage.removeTimeout);\n var state = {\n channelName: channelName,\n uuid: uuid,\n eMIs: eMIs // emittedMessagesIds\n };\n\n state.listener = addStorageEventListener(channelName, function (msgObj) {\n if (!state.messagesCallback) return; // no listener\n if (msgObj.uuid === uuid) return; // own message\n if (!msgObj.token || eMIs.has(msgObj.token)) return; // already emitted\n if (msgObj.data.time && msgObj.data.time < state.messagesCallbackTime) return; // too old\n\n eMIs.add(msgObj.token);\n state.messagesCallback(msgObj.data);\n });\n return state;\n}\nfunction close(channelState) {\n removeStorageEventListener(channelState.listener);\n}\nfunction onMessage(channelState, fn, time) {\n channelState.messagesCallbackTime = time;\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n var ls = getLocalStorage();\n if (!ls) return false;\n try {\n var key = '__broadcastchannel_check';\n ls.setItem(key, 'works');\n ls.removeItem(key);\n } catch (e) {\n // Safari 10 in private mode will not allow write access to local\n // storage and fail with a QuotaExceededError. See\n // https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API#Private_Browsing_Incognito_modes\n return false;\n }\n return true;\n}\nfunction averageResponseTime() {\n var defaultTime = 120;\n var userAgent = navigator.userAgent.toLowerCase();\n if (userAgent.includes('safari') && !userAgent.includes('chrome')) {\n // safari is much slower so this time is higher\n return defaultTime * 2;\n }\n return defaultTime;\n}\nvar LocalstorageMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.LocalstorageMethod = LocalstorageMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.NativeMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.type = void 0;\nvar _util = require(\"../util.js\");\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar type = 'native';\nexports.type = type;\nfunction create(channelName) {\n var state = {\n messagesCallback: null,\n bc: new BroadcastChannel(channelName),\n subFns: [] // subscriberFunctions\n };\n\n state.bc.onmessage = function (msg) {\n if (state.messagesCallback) {\n state.messagesCallback(msg.data);\n }\n };\n return state;\n}\nfunction close(channelState) {\n channelState.bc.close();\n channelState.subFns = [];\n}\nfunction postMessage(channelState, messageJson) {\n try {\n channelState.bc.postMessage(messageJson, false);\n return _util.PROMISE_RESOLVED_VOID;\n } catch (err) {\n return Promise.reject(err);\n }\n}\nfunction onMessage(channelState, fn) {\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n if ((typeof window !== 'undefined' || typeof self !== 'undefined') && typeof BroadcastChannel === 'function') {\n if (BroadcastChannel._pubkey) {\n throw new Error('BroadcastChannel: Do not overwrite window.BroadcastChannel with this module, this is not a polyfill');\n }\n return true;\n } else {\n return false;\n }\n}\nfunction averageResponseTime() {\n return 150;\n}\nvar NativeMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.NativeMethod = NativeMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.SimulateMethod = void 0;\nexports.averageResponseTime = averageResponseTime;\nexports.canBeUsed = canBeUsed;\nexports.close = close;\nexports.create = create;\nexports.microSeconds = void 0;\nexports.onMessage = onMessage;\nexports.postMessage = postMessage;\nexports.type = void 0;\nvar _util = require(\"../util.js\");\nvar microSeconds = _util.microSeconds;\nexports.microSeconds = microSeconds;\nvar type = 'simulate';\nexports.type = type;\nvar SIMULATE_CHANNELS = new Set();\nfunction create(channelName) {\n var state = {\n name: channelName,\n messagesCallback: null\n };\n SIMULATE_CHANNELS.add(state);\n return state;\n}\nfunction close(channelState) {\n SIMULATE_CHANNELS[\"delete\"](channelState);\n}\nfunction postMessage(channelState, messageJson) {\n return new Promise(function (res) {\n return setTimeout(function () {\n var channelArray = Array.from(SIMULATE_CHANNELS);\n channelArray.filter(function (channel) {\n return channel.name === channelState.name;\n }).filter(function (channel) {\n return channel !== channelState;\n }).filter(function (channel) {\n return !!channel.messagesCallback;\n }).forEach(function (channel) {\n return channel.messagesCallback(messageJson);\n });\n res();\n }, 5);\n });\n}\nfunction onMessage(channelState, fn) {\n channelState.messagesCallback = fn;\n}\nfunction canBeUsed() {\n return true;\n}\nfunction averageResponseTime() {\n return 5;\n}\nvar SimulateMethod = {\n create: create,\n close: close,\n onMessage: onMessage,\n postMessage: postMessage,\n canBeUsed: canBeUsed,\n type: type,\n averageResponseTime: averageResponseTime,\n microSeconds: microSeconds\n};\nexports.SimulateMethod = SimulateMethod;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.fillOptionsWithDefaults = fillOptionsWithDefaults;\nfunction fillOptionsWithDefaults() {\n var originalOptions = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n var options = JSON.parse(JSON.stringify(originalOptions));\n\n // main\n if (typeof options.webWorkerSupport === 'undefined') options.webWorkerSupport = true;\n\n // indexed-db\n if (!options.idb) options.idb = {};\n // after this time the messages get deleted\n if (!options.idb.ttl) options.idb.ttl = 1000 * 45;\n if (!options.idb.fallbackInterval) options.idb.fallbackInterval = 150;\n // handles abrupt db onclose events.\n if (originalOptions.idb && typeof originalOptions.idb.onclose === 'function') options.idb.onclose = originalOptions.idb.onclose;\n\n // localstorage\n if (!options.localstorage) options.localstorage = {};\n if (!options.localstorage.removeTimeout) options.localstorage.removeTimeout = 1000 * 60;\n\n // custom methods\n if (originalOptions.methods) options.methods = originalOptions.methods;\n\n // node\n if (!options.node) options.node = {};\n if (!options.node.ttl) options.node.ttl = 1000 * 60 * 2; // 2 minutes;\n /**\n * On linux use 'ulimit -Hn' to get the limit of open files.\n * On ubuntu this was 4096 for me, so we use half of that as maxParallelWrites default.\n */\n if (!options.node.maxParallelWrites) options.node.maxParallelWrites = 2048;\n if (typeof options.node.useFastPath === 'undefined') options.node.useFastPath = true;\n return options;\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n value: true\n});\nexports.PROMISE_RESOLVED_VOID = exports.PROMISE_RESOLVED_TRUE = exports.PROMISE_RESOLVED_FALSE = void 0;\nexports.isPromise = isPromise;\nexports.microSeconds = microSeconds;\nexports.randomInt = randomInt;\nexports.randomToken = randomToken;\nexports.sleep = sleep;\nexports.supportsWebLockAPI = supportsWebLockAPI;\n/**\n * returns true if the given object is a promise\n */\nfunction isPromise(obj) {\n return obj && typeof obj.then === 'function';\n}\nvar PROMISE_RESOLVED_FALSE = Promise.resolve(false);\nexports.PROMISE_RESOLVED_FALSE = PROMISE_RESOLVED_FALSE;\nvar PROMISE_RESOLVED_TRUE = Promise.resolve(true);\nexports.PROMISE_RESOLVED_TRUE = PROMISE_RESOLVED_TRUE;\nvar PROMISE_RESOLVED_VOID = Promise.resolve();\nexports.PROMISE_RESOLVED_VOID = PROMISE_RESOLVED_VOID;\nfunction sleep(time, resolveWith) {\n if (!time) time = 0;\n return new Promise(function (res) {\n return setTimeout(function () {\n return res(resolveWith);\n }, time);\n });\n}\nfunction randomInt(min, max) {\n return Math.floor(Math.random() * (max - min + 1) + min);\n}\n\n/**\n * https://stackoverflow.com/a/8084248\n */\nfunction randomToken() {\n return Math.random().toString(36).substring(2);\n}\nvar lastMs = 0;\nvar additional = 0;\n\n/**\n * returns the current time in micro-seconds,\n * WARNING: This is a pseudo-function\n * Performance.now is not reliable in webworkers, so we just make sure to never return the same time.\n * This is enough in browsers, and this function will not be used in nodejs.\n * The main reason for this hack is to ensure that BroadcastChannel behaves equal to production when it is used in fast-running unit tests.\n */\nfunction microSeconds() {\n var ms = new Date().getTime();\n if (ms === lastMs) {\n additional++;\n return ms * 1000 + additional;\n } else {\n lastMs = ms;\n additional = 0;\n return ms * 1000;\n }\n}\n\n/**\n * Check if WebLock API is supported.\n * @link https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API\n */\nfunction supportsWebLockAPI() {\n if (typeof navigator !== 'undefined' && typeof navigator.locks !== 'undefined' && typeof navigator.locks.request === 'function') {\n return true;\n } else {\n return false;\n }\n}","var global = typeof self !== 'undefined' ? self : this;\nvar __self__ = (function () {\nfunction F() {\nthis.fetch = false;\nthis.DOMException = global.DOMException\n}\nF.prototype = global;\nreturn new F();\n})();\n(function(self) {\n\nvar irrelevant = (function (exports) {\n\n var support = {\n searchParams: 'URLSearchParams' in self,\n iterable: 'Symbol' in self && 'iterator' in Symbol,\n blob:\n 'FileReader' in self &&\n 'Blob' in self &&\n (function() {\n try {\n new Blob();\n return true\n } catch (e) {\n return false\n }\n })(),\n formData: 'FormData' in self,\n arrayBuffer: 'ArrayBuffer' in self\n };\n\n function isDataView(obj) {\n return obj && DataView.prototype.isPrototypeOf(obj)\n }\n\n if (support.arrayBuffer) {\n var viewClasses = [\n '[object Int8Array]',\n '[object Uint8Array]',\n '[object Uint8ClampedArray]',\n '[object Int16Array]',\n '[object Uint16Array]',\n '[object Int32Array]',\n '[object Uint32Array]',\n '[object Float32Array]',\n '[object Float64Array]'\n ];\n\n var isArrayBufferView =\n ArrayBuffer.isView ||\n function(obj) {\n return obj && viewClasses.indexOf(Object.prototype.toString.call(obj)) > -1\n };\n }\n\n function normalizeName(name) {\n if (typeof name !== 'string') {\n name = String(name);\n }\n if (/[^a-z0-9\\-#$%&'*+.^_`|~]/i.test(name)) {\n throw new TypeError('Invalid character in header field name')\n }\n return name.toLowerCase()\n }\n\n function normalizeValue(value) {\n if (typeof value !== 'string') {\n value = String(value);\n }\n return value\n }\n\n // Build a destructive iterator for the value list\n function iteratorFor(items) {\n var iterator = {\n next: function() {\n var value = items.shift();\n return {done: value === undefined, value: value}\n }\n };\n\n if (support.iterable) {\n iterator[Symbol.iterator] = function() {\n return iterator\n };\n }\n\n return iterator\n }\n\n function Headers(headers) {\n this.map = {};\n\n if (headers instanceof Headers) {\n headers.forEach(function(value, name) {\n this.append(name, value);\n }, this);\n } else if (Array.isArray(headers)) {\n headers.forEach(function(header) {\n this.append(header[0], header[1]);\n }, this);\n } else if (headers) {\n Object.getOwnPropertyNames(headers).forEach(function(name) {\n this.append(name, headers[name]);\n }, this);\n }\n }\n\n Headers.prototype.append = function(name, value) {\n name = normalizeName(name);\n value = normalizeValue(value);\n var oldValue = this.map[name];\n this.map[name] = oldValue ? oldValue + ', ' + value : value;\n };\n\n Headers.prototype['delete'] = function(name) {\n delete this.map[normalizeName(name)];\n };\n\n Headers.prototype.get = function(name) {\n name = normalizeName(name);\n return this.has(name) ? this.map[name] : null\n };\n\n Headers.prototype.has = function(name) {\n return this.map.hasOwnProperty(normalizeName(name))\n };\n\n Headers.prototype.set = function(name, value) {\n this.map[normalizeName(name)] = normalizeValue(value);\n };\n\n Headers.prototype.forEach = function(callback, thisArg) {\n for (var name in this.map) {\n if (this.map.hasOwnProperty(name)) {\n callback.call(thisArg, this.map[name], name, this);\n }\n }\n };\n\n Headers.prototype.keys = function() {\n var items = [];\n this.forEach(function(value, name) {\n items.push(name);\n });\n return iteratorFor(items)\n };\n\n Headers.prototype.values = function() {\n var items = [];\n this.forEach(function(value) {\n items.push(value);\n });\n return iteratorFor(items)\n };\n\n Headers.prototype.entries = function() {\n var items = [];\n this.forEach(function(value, name) {\n items.push([name, value]);\n });\n return iteratorFor(items)\n };\n\n if (support.iterable) {\n Headers.prototype[Symbol.iterator] = Headers.prototype.entries;\n }\n\n function consumed(body) {\n if (body.bodyUsed) {\n return Promise.reject(new TypeError('Already read'))\n }\n body.bodyUsed = true;\n }\n\n function fileReaderReady(reader) {\n return new Promise(function(resolve, reject) {\n reader.onload = function() {\n resolve(reader.result);\n };\n reader.onerror = function() {\n reject(reader.error);\n };\n })\n }\n\n function readBlobAsArrayBuffer(blob) {\n var reader = new FileReader();\n var promise = fileReaderReady(reader);\n reader.readAsArrayBuffer(blob);\n return promise\n }\n\n function readBlobAsText(blob) {\n var reader = new FileReader();\n var promise = fileReaderReady(reader);\n reader.readAsText(blob);\n return promise\n }\n\n function readArrayBufferAsText(buf) {\n var view = new Uint8Array(buf);\n var chars = new Array(view.length);\n\n for (var i = 0; i < view.length; i++) {\n chars[i] = String.fromCharCode(view[i]);\n }\n return chars.join('')\n }\n\n function bufferClone(buf) {\n if (buf.slice) {\n return buf.slice(0)\n } else {\n var view = new Uint8Array(buf.byteLength);\n view.set(new Uint8Array(buf));\n return view.buffer\n }\n }\n\n function Body() {\n this.bodyUsed = false;\n\n this._initBody = function(body) {\n this._bodyInit = body;\n if (!body) {\n this._bodyText = '';\n } else if (typeof body === 'string') {\n this._bodyText = body;\n } else if (support.blob && Blob.prototype.isPrototypeOf(body)) {\n this._bodyBlob = body;\n } else if (support.formData && FormData.prototype.isPrototypeOf(body)) {\n this._bodyFormData = body;\n } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n this._bodyText = body.toString();\n } else if (support.arrayBuffer && support.blob && isDataView(body)) {\n this._bodyArrayBuffer = bufferClone(body.buffer);\n // IE 10-11 can't handle a DataView body.\n this._bodyInit = new Blob([this._bodyArrayBuffer]);\n } else if (support.arrayBuffer && (ArrayBuffer.prototype.isPrototypeOf(body) || isArrayBufferView(body))) {\n this._bodyArrayBuffer = bufferClone(body);\n } else {\n this._bodyText = body = Object.prototype.toString.call(body);\n }\n\n if (!this.headers.get('content-type')) {\n if (typeof body === 'string') {\n this.headers.set('content-type', 'text/plain;charset=UTF-8');\n } else if (this._bodyBlob && this._bodyBlob.type) {\n this.headers.set('content-type', this._bodyBlob.type);\n } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n this.headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n }\n }\n };\n\n if (support.blob) {\n this.blob = function() {\n var rejected = consumed(this);\n if (rejected) {\n return rejected\n }\n\n if (this._bodyBlob) {\n return Promise.resolve(this._bodyBlob)\n } else if (this._bodyArrayBuffer) {\n return Promise.resolve(new Blob([this._bodyArrayBuffer]))\n } else if (this._bodyFormData) {\n throw new Error('could not read FormData body as blob')\n } else {\n return Promise.resolve(new Blob([this._bodyText]))\n }\n };\n\n this.arrayBuffer = function() {\n if (this._bodyArrayBuffer) {\n return consumed(this) || Promise.resolve(this._bodyArrayBuffer)\n } else {\n return this.blob().then(readBlobAsArrayBuffer)\n }\n };\n }\n\n this.text = function() {\n var rejected = consumed(this);\n if (rejected) {\n return rejected\n }\n\n if (this._bodyBlob) {\n return readBlobAsText(this._bodyBlob)\n } else if (this._bodyArrayBuffer) {\n return Promise.resolve(readArrayBufferAsText(this._bodyArrayBuffer))\n } else if (this._bodyFormData) {\n throw new Error('could not read FormData body as text')\n } else {\n return Promise.resolve(this._bodyText)\n }\n };\n\n if (support.formData) {\n this.formData = function() {\n return this.text().then(decode)\n };\n }\n\n this.json = function() {\n return this.text().then(JSON.parse)\n };\n\n return this\n }\n\n // HTTP methods whose capitalization should be normalized\n var methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT'];\n\n function normalizeMethod(method) {\n var upcased = method.toUpperCase();\n return methods.indexOf(upcased) > -1 ? upcased : method\n }\n\n function Request(input, options) {\n options = options || {};\n var body = options.body;\n\n if (input instanceof Request) {\n if (input.bodyUsed) {\n throw new TypeError('Already read')\n }\n this.url = input.url;\n this.credentials = input.credentials;\n if (!options.headers) {\n this.headers = new Headers(input.headers);\n }\n this.method = input.method;\n this.mode = input.mode;\n this.signal = input.signal;\n if (!body && input._bodyInit != null) {\n body = input._bodyInit;\n input.bodyUsed = true;\n }\n } else {\n this.url = String(input);\n }\n\n this.credentials = options.credentials || this.credentials || 'same-origin';\n if (options.headers || !this.headers) {\n this.headers = new Headers(options.headers);\n }\n this.method = normalizeMethod(options.method || this.method || 'GET');\n this.mode = options.mode || this.mode || null;\n this.signal = options.signal || this.signal;\n this.referrer = null;\n\n if ((this.method === 'GET' || this.method === 'HEAD') && body) {\n throw new TypeError('Body not allowed for GET or HEAD requests')\n }\n this._initBody(body);\n }\n\n Request.prototype.clone = function() {\n return new Request(this, {body: this._bodyInit})\n };\n\n function decode(body) {\n var form = new FormData();\n body\n .trim()\n .split('&')\n .forEach(function(bytes) {\n if (bytes) {\n var split = bytes.split('=');\n var name = split.shift().replace(/\\+/g, ' ');\n var value = split.join('=').replace(/\\+/g, ' ');\n form.append(decodeURIComponent(name), decodeURIComponent(value));\n }\n });\n return form\n }\n\n function parseHeaders(rawHeaders) {\n var headers = new Headers();\n // Replace instances of \\r\\n and \\n followed by at least one space or horizontal tab with a space\n // https://tools.ietf.org/html/rfc7230#section-3.2\n var preProcessedHeaders = rawHeaders.replace(/\\r?\\n[\\t ]+/g, ' ');\n preProcessedHeaders.split(/\\r?\\n/).forEach(function(line) {\n var parts = line.split(':');\n var key = parts.shift().trim();\n if (key) {\n var value = parts.join(':').trim();\n headers.append(key, value);\n }\n });\n return headers\n }\n\n Body.call(Request.prototype);\n\n function Response(bodyInit, options) {\n if (!options) {\n options = {};\n }\n\n this.type = 'default';\n this.status = options.status === undefined ? 200 : options.status;\n this.ok = this.status >= 200 && this.status < 300;\n this.statusText = 'statusText' in options ? options.statusText : 'OK';\n this.headers = new Headers(options.headers);\n this.url = options.url || '';\n this._initBody(bodyInit);\n }\n\n Body.call(Response.prototype);\n\n Response.prototype.clone = function() {\n return new Response(this._bodyInit, {\n status: this.status,\n statusText: this.statusText,\n headers: new Headers(this.headers),\n url: this.url\n })\n };\n\n Response.error = function() {\n var response = new Response(null, {status: 0, statusText: ''});\n response.type = 'error';\n return response\n };\n\n var redirectStatuses = [301, 302, 303, 307, 308];\n\n Response.redirect = function(url, status) {\n if (redirectStatuses.indexOf(status) === -1) {\n throw new RangeError('Invalid status code')\n }\n\n return new Response(null, {status: status, headers: {location: url}})\n };\n\n exports.DOMException = self.DOMException;\n try {\n new exports.DOMException();\n } catch (err) {\n exports.DOMException = function(message, name) {\n this.message = message;\n this.name = name;\n var error = Error(message);\n this.stack = error.stack;\n };\n exports.DOMException.prototype = Object.create(Error.prototype);\n exports.DOMException.prototype.constructor = exports.DOMException;\n }\n\n function fetch(input, init) {\n return new Promise(function(resolve, reject) {\n var request = new Request(input, init);\n\n if (request.signal && request.signal.aborted) {\n return reject(new exports.DOMException('Aborted', 'AbortError'))\n }\n\n var xhr = new XMLHttpRequest();\n\n function abortXhr() {\n xhr.abort();\n }\n\n xhr.onload = function() {\n var options = {\n status: xhr.status,\n statusText: xhr.statusText,\n headers: parseHeaders(xhr.getAllResponseHeaders() || '')\n };\n options.url = 'responseURL' in xhr ? xhr.responseURL : options.headers.get('X-Request-URL');\n var body = 'response' in xhr ? xhr.response : xhr.responseText;\n resolve(new Response(body, options));\n };\n\n xhr.onerror = function() {\n reject(new TypeError('Network request failed'));\n };\n\n xhr.ontimeout = function() {\n reject(new TypeError('Network request failed'));\n };\n\n xhr.onabort = function() {\n reject(new exports.DOMException('Aborted', 'AbortError'));\n };\n\n xhr.open(request.method, request.url, true);\n\n if (request.credentials === 'include') {\n xhr.withCredentials = true;\n } else if (request.credentials === 'omit') {\n xhr.withCredentials = false;\n }\n\n if ('responseType' in xhr && support.blob) {\n xhr.responseType = 'blob';\n }\n\n request.headers.forEach(function(value, name) {\n xhr.setRequestHeader(name, value);\n });\n\n if (request.signal) {\n request.signal.addEventListener('abort', abortXhr);\n\n xhr.onreadystatechange = function() {\n // DONE (success or failure)\n if (xhr.readyState === 4) {\n request.signal.removeEventListener('abort', abortXhr);\n }\n };\n }\n\n xhr.send(typeof request._bodyInit === 'undefined' ? null : request._bodyInit);\n })\n }\n\n fetch.polyfill = true;\n\n if (!self.fetch) {\n self.fetch = fetch;\n self.Headers = Headers;\n self.Request = Request;\n self.Response = Response;\n }\n\n exports.Headers = Headers;\n exports.Request = Request;\n exports.Response = Response;\n exports.fetch = fetch;\n\n Object.defineProperty(exports, '__esModule', { value: true });\n\n return exports;\n\n})({});\n})(__self__);\n__self__.fetch.ponyfill = true;\n// Remove \"polyfill\" property added by whatwg-fetch\ndelete __self__.fetch.polyfill;\n// Choose between native implementation (global) or custom implementation (__self__)\n// var ctx = global.fetch ? global : __self__;\nvar ctx = __self__; // this line disable service worker support temporarily\nexports = ctx.fetch // To enable: import fetch from 'cross-fetch'\nexports.default = ctx.fetch // For TypeScript consumers without esModuleInterop.\nexports.fetch = ctx.fetch // To enable: import {fetch} from 'cross-fetch'\nexports.Headers = ctx.Headers\nexports.Request = ctx.Request\nexports.Response = ctx.Response\nmodule.exports = exports\n","/*! js-cookie v3.0.1 | MIT */\n;\n(function (global, factory) {\n typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :\n typeof define === 'function' && define.amd ? define(factory) :\n (global = global || self, (function () {\n var current = global.Cookies;\n var exports = global.Cookies = factory();\n exports.noConflict = function () { global.Cookies = current; return exports; };\n }()));\n}(this, (function () { 'use strict';\n\n /* eslint-disable no-var */\n function assign (target) {\n for (var i = 1; i < arguments.length; i++) {\n var source = arguments[i];\n for (var key in source) {\n target[key] = source[key];\n }\n }\n return target\n }\n /* eslint-enable no-var */\n\n /* eslint-disable no-var */\n var defaultConverter = {\n read: function (value) {\n if (value[0] === '\"') {\n value = value.slice(1, -1);\n }\n return value.replace(/(%[\\dA-F]{2})+/gi, decodeURIComponent)\n },\n write: function (value) {\n return encodeURIComponent(value).replace(\n /%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,\n decodeURIComponent\n )\n }\n };\n /* eslint-enable no-var */\n\n /* eslint-disable no-var */\n\n function init (converter, defaultAttributes) {\n function set (key, value, attributes) {\n if (typeof document === 'undefined') {\n return\n }\n\n attributes = assign({}, defaultAttributes, attributes);\n\n if (typeof attributes.expires === 'number') {\n attributes.expires = new Date(Date.now() + attributes.expires * 864e5);\n }\n if (attributes.expires) {\n attributes.expires = attributes.expires.toUTCString();\n }\n\n key = encodeURIComponent(key)\n .replace(/%(2[346B]|5E|60|7C)/g, decodeURIComponent)\n .replace(/[()]/g, escape);\n\n var stringifiedAttributes = '';\n for (var attributeName in attributes) {\n if (!attributes[attributeName]) {\n continue\n }\n\n stringifiedAttributes += '; ' + attributeName;\n\n if (attributes[attributeName] === true) {\n continue\n }\n\n // Considers RFC 6265 section 5.2:\n // ...\n // 3. If the remaining unparsed-attributes contains a %x3B (\";\")\n // character:\n // Consume the characters of the unparsed-attributes up to,\n // not including, the first %x3B (\";\") character.\n // ...\n stringifiedAttributes += '=' + attributes[attributeName].split(';')[0];\n }\n\n return (document.cookie =\n key + '=' + converter.write(value, key) + stringifiedAttributes)\n }\n\n function get (key) {\n if (typeof document === 'undefined' || (arguments.length && !key)) {\n return\n }\n\n // To prevent the for loop in the first place assign an empty array\n // in case there are no cookies at all.\n var cookies = document.cookie ? document.cookie.split('; ') : [];\n var jar = {};\n for (var i = 0; i < cookies.length; i++) {\n var parts = cookies[i].split('=');\n var value = parts.slice(1).join('=');\n\n try {\n var foundKey = decodeURIComponent(parts[0]);\n jar[foundKey] = converter.read(value, foundKey);\n\n if (key === foundKey) {\n break\n }\n } catch (e) {}\n }\n\n return key ? jar[key] : jar\n }\n\n return Object.create(\n {\n set: set,\n get: get,\n remove: function (key, attributes) {\n set(\n key,\n '',\n assign({}, attributes, {\n expires: -1\n })\n );\n },\n withAttributes: function (attributes) {\n return init(this.converter, assign({}, this.attributes, attributes))\n },\n withConverter: function (converter) {\n return init(assign({}, this.converter, converter), this.attributes)\n }\n },\n {\n attributes: { value: Object.freeze(defaultAttributes) },\n converter: { value: Object.freeze(converter) }\n }\n )\n }\n\n var api = init(defaultConverter, { path: '/' });\n /* eslint-enable no-var */\n\n return api;\n\n})));\n","function E () {\n // Keep this empty so it's easier to inherit from\n // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n on: function (name, callback, ctx) {\n var e = this.e || (this.e = {});\n\n (e[name] || (e[name] = [])).push({\n fn: callback,\n ctx: ctx\n });\n\n return this;\n },\n\n once: function (name, callback, ctx) {\n var self = this;\n function listener () {\n self.off(name, listener);\n callback.apply(ctx, arguments);\n };\n\n listener._ = callback\n return this.on(name, listener, ctx);\n },\n\n emit: function (name) {\n var data = [].slice.call(arguments, 1);\n var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n var i = 0;\n var len = evtArr.length;\n\n for (i; i < len; i++) {\n evtArr[i].fn.apply(evtArr[i].ctx, data);\n }\n\n return this;\n },\n\n off: function (name, callback) {\n var e = this.e || (this.e = {});\n var evts = e[name];\n var liveEvents = [];\n\n if (evts && callback) {\n for (var i = 0, len = evts.length; i < len; i++) {\n if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n liveEvents.push(evts[i]);\n }\n }\n\n // Remove event from queue to prevent memory leak\n // Suggested by https://github.com/lazd\n // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n (liveEvents.length)\n ? e[name] = liveEvents\n : delete e[name];\n\n return this;\n }\n};\n\nmodule.exports = E;\n","import { addBrowser } from './browser.js';\nimport { addNode } from './node.js';\n\n/**\n * Use the code directly to prevent import problems\n * with the detect-node package.\n * @link https://github.com/iliakan/detect-node/blob/master/index.js\n */\nvar isNode = Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\nvar USE_METHOD = isNode ? addNode : addBrowser;\nvar LISTENERS = new Set();\nvar startedListening = false;\nfunction startListening() {\n if (startedListening) {\n return;\n }\n startedListening = true;\n USE_METHOD(runAll);\n}\nexport function add(fn) {\n startListening();\n if (typeof fn !== 'function') {\n throw new Error('Listener is no function');\n }\n LISTENERS.add(fn);\n var addReturn = {\n remove: function remove() {\n return LISTENERS[\"delete\"](fn);\n },\n run: function run() {\n LISTENERS[\"delete\"](fn);\n return fn();\n }\n };\n return addReturn;\n}\nexport function runAll() {\n var promises = [];\n LISTENERS.forEach(function (fn) {\n promises.push(fn());\n LISTENERS[\"delete\"](fn);\n });\n return Promise.all(promises);\n}\nexport function removeAll() {\n LISTENERS.clear();\n}\nexport function getSize() {\n return LISTENERS.size;\n}","export function addNode(fn) {\n process.on('exit', function () {\n return fn();\n });\n\n /**\n * on the following events,\n * the process will not end if there are\n * event-handlers attached,\n * therefore we have to call process.exit()\n */\n process.on('beforeExit', function () {\n return fn().then(function () {\n return process.exit();\n });\n });\n // catches ctrl+c event\n process.on('SIGINT', function () {\n return fn().then(function () {\n return process.exit();\n });\n });\n // catches uncaught exceptions\n process.on('uncaughtException', function (err) {\n return fn().then(function () {\n console.trace(err);\n process.exit(101);\n });\n });\n}","/* global WorkerGlobalScope */\n\nexport function addBrowser(fn) {\n if (typeof WorkerGlobalScope === 'function' && self instanceof WorkerGlobalScope) {\n /**\n * Because killing a worker does directly stop the excution\n * of the code, our only chance is to overwrite the close function\n * which could work some times.\n * @link https://stackoverflow.com/q/72903255/3443137\n */\n var oldClose = self.close.bind(self);\n self.close = function () {\n fn();\n return oldClose();\n };\n } else {\n /**\n * if we are on react-native, there is no window.addEventListener\n * @link https://github.com/pubkey/unload/issues/6\n */\n if (typeof window.addEventListener !== 'function') {\n return;\n }\n\n /**\n * for normal browser-windows, we use the beforeunload-event\n */\n window.addEventListener('beforeunload', function () {\n fn();\n }, true);\n\n /**\n * for iframes, we have to use the unload-event\n * @link https://stackoverflow.com/q/47533670/3443137\n */\n window.addEventListener('unload', function () {\n fn();\n }, true);\n }\n\n /**\n * TODO add fallback for safari-mobile\n * @link https://stackoverflow.com/a/26193516/3443137\n */\n}","function _arrayLikeToArray(r, a) {\n (null == a || a > r.length) && (a = r.length);\n for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e];\n return n;\n}\nmodule.exports = _arrayLikeToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _arrayWithHoles(r) {\n if (Array.isArray(r)) return r;\n}\nmodule.exports = _arrayWithHoles, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayLikeToArray = require(\"./arrayLikeToArray.js\");\nfunction _arrayWithoutHoles(r) {\n if (Array.isArray(r)) return arrayLikeToArray(r);\n}\nmodule.exports = _arrayWithoutHoles, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _assertThisInitialized(e) {\n if (void 0 === e) throw new ReferenceError(\"this hasn't been initialised - super() hasn't been called\");\n return e;\n}\nmodule.exports = _assertThisInitialized, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function asyncGeneratorStep(n, t, e, r, o, a, c) {\n try {\n var i = n[a](c),\n u = i.value;\n } catch (n) {\n return void e(n);\n }\n i.done ? t(u) : Promise.resolve(u).then(r, o);\n}\nfunction _asyncToGenerator(n) {\n return function () {\n var t = this,\n e = arguments;\n return new Promise(function (r, o) {\n var a = n.apply(t, e);\n function _next(n) {\n asyncGeneratorStep(a, r, o, _next, _throw, \"next\", n);\n }\n function _throw(n) {\n asyncGeneratorStep(a, r, o, _next, _throw, \"throw\", n);\n }\n _next(void 0);\n });\n };\n}\nmodule.exports = _asyncToGenerator, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _classCallCheck(a, n) {\n if (!(a instanceof n)) throw new TypeError(\"Cannot call a class as a function\");\n}\nmodule.exports = _classCallCheck, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var isNativeReflectConstruct = require(\"./isNativeReflectConstruct.js\");\nvar setPrototypeOf = require(\"./setPrototypeOf.js\");\nfunction _construct(t, e, r) {\n if (isNativeReflectConstruct()) return Reflect.construct.apply(null, arguments);\n var o = [null];\n o.push.apply(o, e);\n var p = new (t.bind.apply(t, o))();\n return r && setPrototypeOf(p, r.prototype), p;\n}\nmodule.exports = _construct, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var toPropertyKey = require(\"./toPropertyKey.js\");\nfunction _defineProperties(e, r) {\n for (var t = 0; t < r.length; t++) {\n var o = r[t];\n o.enumerable = o.enumerable || !1, o.configurable = !0, \"value\" in o && (o.writable = !0), Object.defineProperty(e, toPropertyKey(o.key), o);\n }\n}\nfunction _createClass(e, r, t) {\n return r && _defineProperties(e.prototype, r), t && _defineProperties(e, t), Object.defineProperty(e, \"prototype\", {\n writable: !1\n }), e;\n}\nmodule.exports = _createClass, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var toPropertyKey = require(\"./toPropertyKey.js\");\nfunction _defineProperty(e, r, t) {\n return (r = toPropertyKey(r)) in e ? Object.defineProperty(e, r, {\n value: t,\n enumerable: !0,\n configurable: !0,\n writable: !0\n }) : e[r] = t, e;\n}\nmodule.exports = _defineProperty, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var superPropBase = require(\"./superPropBase.js\");\nfunction _get() {\n return module.exports = _get = \"undefined\" != typeof Reflect && Reflect.get ? Reflect.get.bind() : function (e, t, r) {\n var p = superPropBase(e, t);\n if (p) {\n var n = Object.getOwnPropertyDescriptor(p, t);\n return n.get ? n.get.call(arguments.length < 3 ? e : r) : n.value;\n }\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _get.apply(null, arguments);\n}\nmodule.exports = _get, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _getPrototypeOf(t) {\n return module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function (t) {\n return t.__proto__ || Object.getPrototypeOf(t);\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _getPrototypeOf(t);\n}\nmodule.exports = _getPrototypeOf, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var setPrototypeOf = require(\"./setPrototypeOf.js\");\nfunction _inherits(t, e) {\n if (\"function\" != typeof e && null !== e) throw new TypeError(\"Super expression must either be null or a function\");\n t.prototype = Object.create(e && e.prototype, {\n constructor: {\n value: t,\n writable: !0,\n configurable: !0\n }\n }), Object.defineProperty(t, \"prototype\", {\n writable: !1\n }), e && setPrototypeOf(t, e);\n}\nmodule.exports = _inherits, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _interopRequireDefault(e) {\n return e && e.__esModule ? e : {\n \"default\": e\n };\n}\nmodule.exports = _interopRequireDefault, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _isNativeFunction(t) {\n try {\n return -1 !== Function.toString.call(t).indexOf(\"[native code]\");\n } catch (n) {\n return \"function\" == typeof t;\n }\n}\nmodule.exports = _isNativeFunction, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _isNativeReflectConstruct() {\n try {\n var t = !Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));\n } catch (t) {}\n return (module.exports = _isNativeReflectConstruct = function _isNativeReflectConstruct() {\n return !!t;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports)();\n}\nmodule.exports = _isNativeReflectConstruct, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _iterableToArray(r) {\n if (\"undefined\" != typeof Symbol && null != r[Symbol.iterator] || null != r[\"@@iterator\"]) return Array.from(r);\n}\nmodule.exports = _iterableToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _iterableToArrayLimit(r, l) {\n var t = null == r ? null : \"undefined\" != typeof Symbol && r[Symbol.iterator] || r[\"@@iterator\"];\n if (null != t) {\n var e,\n n,\n i,\n u,\n a = [],\n f = !0,\n o = !1;\n try {\n if (i = (t = t.call(r)).next, 0 === l) {\n if (Object(t) !== t) return;\n f = !1;\n } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0);\n } catch (r) {\n o = !0, n = r;\n } finally {\n try {\n if (!f && null != t[\"return\"] && (u = t[\"return\"](), Object(u) !== u)) return;\n } finally {\n if (o) throw n;\n }\n }\n return a;\n }\n}\nmodule.exports = _iterableToArrayLimit, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _nonIterableRest() {\n throw new TypeError(\"Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.\");\n}\nmodule.exports = _nonIterableRest, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _nonIterableSpread() {\n throw new TypeError(\"Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.\");\n}\nmodule.exports = _nonIterableSpread, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var objectWithoutPropertiesLoose = require(\"./objectWithoutPropertiesLoose.js\");\nfunction _objectWithoutProperties(e, t) {\n if (null == e) return {};\n var o,\n r,\n i = objectWithoutPropertiesLoose(e, t);\n if (Object.getOwnPropertySymbols) {\n var n = Object.getOwnPropertySymbols(e);\n for (r = 0; r < n.length; r++) o = n[r], -1 === t.indexOf(o) && {}.propertyIsEnumerable.call(e, o) && (i[o] = e[o]);\n }\n return i;\n}\nmodule.exports = _objectWithoutProperties, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _objectWithoutPropertiesLoose(r, e) {\n if (null == r) return {};\n var t = {};\n for (var n in r) if ({}.hasOwnProperty.call(r, n)) {\n if (-1 !== e.indexOf(n)) continue;\n t[n] = r[n];\n }\n return t;\n}\nmodule.exports = _objectWithoutPropertiesLoose, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nvar assertThisInitialized = require(\"./assertThisInitialized.js\");\nfunction _possibleConstructorReturn(t, e) {\n if (e && (\"object\" == _typeof(e) || \"function\" == typeof e)) return e;\n if (void 0 !== e) throw new TypeError(\"Derived constructors may only return object or undefined\");\n return assertThisInitialized(t);\n}\nmodule.exports = _possibleConstructorReturn, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nfunction _regeneratorRuntime() {\n \"use strict\"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */\n module.exports = _regeneratorRuntime = function _regeneratorRuntime() {\n return e;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;\n var t,\n e = {},\n r = Object.prototype,\n n = r.hasOwnProperty,\n o = Object.defineProperty || function (t, e, r) {\n t[e] = r.value;\n },\n i = \"function\" == typeof Symbol ? Symbol : {},\n a = i.iterator || \"@@iterator\",\n c = i.asyncIterator || \"@@asyncIterator\",\n u = i.toStringTag || \"@@toStringTag\";\n function define(t, e, r) {\n return Object.defineProperty(t, e, {\n value: r,\n enumerable: !0,\n configurable: !0,\n writable: !0\n }), t[e];\n }\n try {\n define({}, \"\");\n } catch (t) {\n define = function define(t, e, r) {\n return t[e] = r;\n };\n }\n function wrap(t, e, r, n) {\n var i = e && e.prototype instanceof Generator ? e : Generator,\n a = Object.create(i.prototype),\n c = new Context(n || []);\n return o(a, \"_invoke\", {\n value: makeInvokeMethod(t, r, c)\n }), a;\n }\n function tryCatch(t, e, r) {\n try {\n return {\n type: \"normal\",\n arg: t.call(e, r)\n };\n } catch (t) {\n return {\n type: \"throw\",\n arg: t\n };\n }\n }\n e.wrap = wrap;\n var h = \"suspendedStart\",\n l = \"suspendedYield\",\n f = \"executing\",\n s = \"completed\",\n y = {};\n function Generator() {}\n function GeneratorFunction() {}\n function GeneratorFunctionPrototype() {}\n var p = {};\n define(p, a, function () {\n return this;\n });\n var d = Object.getPrototypeOf,\n v = d && d(d(values([])));\n v && v !== r && n.call(v, a) && (p = v);\n var g = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(p);\n function defineIteratorMethods(t) {\n [\"next\", \"throw\", \"return\"].forEach(function (e) {\n define(t, e, function (t) {\n return this._invoke(e, t);\n });\n });\n }\n function AsyncIterator(t, e) {\n function invoke(r, o, i, a) {\n var c = tryCatch(t[r], t, o);\n if (\"throw\" !== c.type) {\n var u = c.arg,\n h = u.value;\n return h && \"object\" == _typeof(h) && n.call(h, \"__await\") ? e.resolve(h.__await).then(function (t) {\n invoke(\"next\", t, i, a);\n }, function (t) {\n invoke(\"throw\", t, i, a);\n }) : e.resolve(h).then(function (t) {\n u.value = t, i(u);\n }, function (t) {\n return invoke(\"throw\", t, i, a);\n });\n }\n a(c.arg);\n }\n var r;\n o(this, \"_invoke\", {\n value: function value(t, n) {\n function callInvokeWithMethodAndArg() {\n return new e(function (e, r) {\n invoke(t, n, e, r);\n });\n }\n return r = r ? r.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg();\n }\n });\n }\n function makeInvokeMethod(e, r, n) {\n var o = h;\n return function (i, a) {\n if (o === f) throw Error(\"Generator is already running\");\n if (o === s) {\n if (\"throw\" === i) throw a;\n return {\n value: t,\n done: !0\n };\n }\n for (n.method = i, n.arg = a;;) {\n var c = n.delegate;\n if (c) {\n var u = maybeInvokeDelegate(c, n);\n if (u) {\n if (u === y) continue;\n return u;\n }\n }\n if (\"next\" === n.method) n.sent = n._sent = n.arg;else if (\"throw\" === n.method) {\n if (o === h) throw o = s, n.arg;\n n.dispatchException(n.arg);\n } else \"return\" === n.method && n.abrupt(\"return\", n.arg);\n o = f;\n var p = tryCatch(e, r, n);\n if (\"normal\" === p.type) {\n if (o = n.done ? s : l, p.arg === y) continue;\n return {\n value: p.arg,\n done: n.done\n };\n }\n \"throw\" === p.type && (o = s, n.method = \"throw\", n.arg = p.arg);\n }\n };\n }\n function maybeInvokeDelegate(e, r) {\n var n = r.method,\n o = e.iterator[n];\n if (o === t) return r.delegate = null, \"throw\" === n && e.iterator[\"return\"] && (r.method = \"return\", r.arg = t, maybeInvokeDelegate(e, r), \"throw\" === r.method) || \"return\" !== n && (r.method = \"throw\", r.arg = new TypeError(\"The iterator does not provide a '\" + n + \"' method\")), y;\n var i = tryCatch(o, e.iterator, r.arg);\n if (\"throw\" === i.type) return r.method = \"throw\", r.arg = i.arg, r.delegate = null, y;\n var a = i.arg;\n return a ? a.done ? (r[e.resultName] = a.value, r.next = e.nextLoc, \"return\" !== r.method && (r.method = \"next\", r.arg = t), r.delegate = null, y) : a : (r.method = \"throw\", r.arg = new TypeError(\"iterator result is not an object\"), r.delegate = null, y);\n }\n function pushTryEntry(t) {\n var e = {\n tryLoc: t[0]\n };\n 1 in t && (e.catchLoc = t[1]), 2 in t && (e.finallyLoc = t[2], e.afterLoc = t[3]), this.tryEntries.push(e);\n }\n function resetTryEntry(t) {\n var e = t.completion || {};\n e.type = \"normal\", delete e.arg, t.completion = e;\n }\n function Context(t) {\n this.tryEntries = [{\n tryLoc: \"root\"\n }], t.forEach(pushTryEntry, this), this.reset(!0);\n }\n function values(e) {\n if (e || \"\" === e) {\n var r = e[a];\n if (r) return r.call(e);\n if (\"function\" == typeof e.next) return e;\n if (!isNaN(e.length)) {\n var o = -1,\n i = function next() {\n for (; ++o < e.length;) if (n.call(e, o)) return next.value = e[o], next.done = !1, next;\n return next.value = t, next.done = !0, next;\n };\n return i.next = i;\n }\n }\n throw new TypeError(_typeof(e) + \" is not iterable\");\n }\n return GeneratorFunction.prototype = GeneratorFunctionPrototype, o(g, \"constructor\", {\n value: GeneratorFunctionPrototype,\n configurable: !0\n }), o(GeneratorFunctionPrototype, \"constructor\", {\n value: GeneratorFunction,\n configurable: !0\n }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, u, \"GeneratorFunction\"), e.isGeneratorFunction = function (t) {\n var e = \"function\" == typeof t && t.constructor;\n return !!e && (e === GeneratorFunction || \"GeneratorFunction\" === (e.displayName || e.name));\n }, e.mark = function (t) {\n return Object.setPrototypeOf ? Object.setPrototypeOf(t, GeneratorFunctionPrototype) : (t.__proto__ = GeneratorFunctionPrototype, define(t, u, \"GeneratorFunction\")), t.prototype = Object.create(g), t;\n }, e.awrap = function (t) {\n return {\n __await: t\n };\n }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, c, function () {\n return this;\n }), e.AsyncIterator = AsyncIterator, e.async = function (t, r, n, o, i) {\n void 0 === i && (i = Promise);\n var a = new AsyncIterator(wrap(t, r, n, o), i);\n return e.isGeneratorFunction(r) ? a : a.next().then(function (t) {\n return t.done ? t.value : a.next();\n });\n }, defineIteratorMethods(g), define(g, u, \"Generator\"), define(g, a, function () {\n return this;\n }), define(g, \"toString\", function () {\n return \"[object Generator]\";\n }), e.keys = function (t) {\n var e = Object(t),\n r = [];\n for (var n in e) r.push(n);\n return r.reverse(), function next() {\n for (; r.length;) {\n var t = r.pop();\n if (t in e) return next.value = t, next.done = !1, next;\n }\n return next.done = !0, next;\n };\n }, e.values = values, Context.prototype = {\n constructor: Context,\n reset: function reset(e) {\n if (this.prev = 0, this.next = 0, this.sent = this._sent = t, this.done = !1, this.delegate = null, this.method = \"next\", this.arg = t, this.tryEntries.forEach(resetTryEntry), !e) for (var r in this) \"t\" === r.charAt(0) && n.call(this, r) && !isNaN(+r.slice(1)) && (this[r] = t);\n },\n stop: function stop() {\n this.done = !0;\n var t = this.tryEntries[0].completion;\n if (\"throw\" === t.type) throw t.arg;\n return this.rval;\n },\n dispatchException: function dispatchException(e) {\n if (this.done) throw e;\n var r = this;\n function handle(n, o) {\n return a.type = \"throw\", a.arg = e, r.next = n, o && (r.method = \"next\", r.arg = t), !!o;\n }\n for (var o = this.tryEntries.length - 1; o >= 0; --o) {\n var i = this.tryEntries[o],\n a = i.completion;\n if (\"root\" === i.tryLoc) return handle(\"end\");\n if (i.tryLoc <= this.prev) {\n var c = n.call(i, \"catchLoc\"),\n u = n.call(i, \"finallyLoc\");\n if (c && u) {\n if (this.prev < i.catchLoc) return handle(i.catchLoc, !0);\n if (this.prev < i.finallyLoc) return handle(i.finallyLoc);\n } else if (c) {\n if (this.prev < i.catchLoc) return handle(i.catchLoc, !0);\n } else {\n if (!u) throw Error(\"try statement without catch or finally\");\n if (this.prev < i.finallyLoc) return handle(i.finallyLoc);\n }\n }\n }\n },\n abrupt: function abrupt(t, e) {\n for (var r = this.tryEntries.length - 1; r >= 0; --r) {\n var o = this.tryEntries[r];\n if (o.tryLoc <= this.prev && n.call(o, \"finallyLoc\") && this.prev < o.finallyLoc) {\n var i = o;\n break;\n }\n }\n i && (\"break\" === t || \"continue\" === t) && i.tryLoc <= e && e <= i.finallyLoc && (i = null);\n var a = i ? i.completion : {};\n return a.type = t, a.arg = e, i ? (this.method = \"next\", this.next = i.finallyLoc, y) : this.complete(a);\n },\n complete: function complete(t, e) {\n if (\"throw\" === t.type) throw t.arg;\n return \"break\" === t.type || \"continue\" === t.type ? this.next = t.arg : \"return\" === t.type ? (this.rval = this.arg = t.arg, this.method = \"return\", this.next = \"end\") : \"normal\" === t.type && e && (this.next = e), y;\n },\n finish: function finish(t) {\n for (var e = this.tryEntries.length - 1; e >= 0; --e) {\n var r = this.tryEntries[e];\n if (r.finallyLoc === t) return this.complete(r.completion, r.afterLoc), resetTryEntry(r), y;\n }\n },\n \"catch\": function _catch(t) {\n for (var e = this.tryEntries.length - 1; e >= 0; --e) {\n var r = this.tryEntries[e];\n if (r.tryLoc === t) {\n var n = r.completion;\n if (\"throw\" === n.type) {\n var o = n.arg;\n resetTryEntry(r);\n }\n return o;\n }\n }\n throw Error(\"illegal catch attempt\");\n },\n delegateYield: function delegateYield(e, r, n) {\n return this.delegate = {\n iterator: values(e),\n resultName: r,\n nextLoc: n\n }, \"next\" === this.method && (this.arg = t), y;\n }\n }, e;\n}\nmodule.exports = _regeneratorRuntime, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _setPrototypeOf(t, e) {\n return module.exports = _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function (t, e) {\n return t.__proto__ = e, t;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _setPrototypeOf(t, e);\n}\nmodule.exports = _setPrototypeOf, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayWithHoles = require(\"./arrayWithHoles.js\");\nvar iterableToArrayLimit = require(\"./iterableToArrayLimit.js\");\nvar unsupportedIterableToArray = require(\"./unsupportedIterableToArray.js\");\nvar nonIterableRest = require(\"./nonIterableRest.js\");\nfunction _slicedToArray(r, e) {\n return arrayWithHoles(r) || iterableToArrayLimit(r, e) || unsupportedIterableToArray(r, e) || nonIterableRest();\n}\nmodule.exports = _slicedToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var getPrototypeOf = require(\"./getPrototypeOf.js\");\nfunction _superPropBase(t, o) {\n for (; !{}.hasOwnProperty.call(t, o) && null !== (t = getPrototypeOf(t)););\n return t;\n}\nmodule.exports = _superPropBase, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayWithoutHoles = require(\"./arrayWithoutHoles.js\");\nvar iterableToArray = require(\"./iterableToArray.js\");\nvar unsupportedIterableToArray = require(\"./unsupportedIterableToArray.js\");\nvar nonIterableSpread = require(\"./nonIterableSpread.js\");\nfunction _toConsumableArray(r) {\n return arrayWithoutHoles(r) || iterableToArray(r) || unsupportedIterableToArray(r) || nonIterableSpread();\n}\nmodule.exports = _toConsumableArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nfunction toPrimitive(t, r) {\n if (\"object\" != _typeof(t) || !t) return t;\n var e = t[Symbol.toPrimitive];\n if (void 0 !== e) {\n var i = e.call(t, r || \"default\");\n if (\"object\" != _typeof(i)) return i;\n throw new TypeError(\"@@toPrimitive must return a primitive value.\");\n }\n return (\"string\" === r ? String : Number)(t);\n}\nmodule.exports = toPrimitive, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var _typeof = require(\"./typeof.js\")[\"default\"];\nvar toPrimitive = require(\"./toPrimitive.js\");\nfunction toPropertyKey(t) {\n var i = toPrimitive(t, \"string\");\n return \"symbol\" == _typeof(i) ? i : i + \"\";\n}\nmodule.exports = toPropertyKey, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","function _typeof(o) {\n \"@babel/helpers - typeof\";\n\n return module.exports = _typeof = \"function\" == typeof Symbol && \"symbol\" == typeof Symbol.iterator ? function (o) {\n return typeof o;\n } : function (o) {\n return o && \"function\" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? \"symbol\" : typeof o;\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _typeof(o);\n}\nmodule.exports = _typeof, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var arrayLikeToArray = require(\"./arrayLikeToArray.js\");\nfunction _unsupportedIterableToArray(r, a) {\n if (r) {\n if (\"string\" == typeof r) return arrayLikeToArray(r, a);\n var t = {}.toString.call(r).slice(8, -1);\n return \"Object\" === t && r.constructor && (t = r.constructor.name), \"Map\" === t || \"Set\" === t ? Array.from(r) : \"Arguments\" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? arrayLikeToArray(r, a) : void 0;\n }\n}\nmodule.exports = _unsupportedIterableToArray, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","var getPrototypeOf = require(\"./getPrototypeOf.js\");\nvar setPrototypeOf = require(\"./setPrototypeOf.js\");\nvar isNativeFunction = require(\"./isNativeFunction.js\");\nvar construct = require(\"./construct.js\");\nfunction _wrapNativeSuper(t) {\n var r = \"function\" == typeof Map ? new Map() : void 0;\n return module.exports = _wrapNativeSuper = function _wrapNativeSuper(t) {\n if (null === t || !isNativeFunction(t)) return t;\n if (\"function\" != typeof t) throw new TypeError(\"Super expression must either be null or a function\");\n if (void 0 !== r) {\n if (r.has(t)) return r.get(t);\n r.set(t, Wrapper);\n }\n function Wrapper() {\n return construct(t, arguments, getPrototypeOf(this).constructor);\n }\n return Wrapper.prototype = Object.create(t.prototype, {\n constructor: {\n value: Wrapper,\n enumerable: !1,\n writable: !0,\n configurable: !0\n }\n }), setPrototypeOf(Wrapper, t);\n }, module.exports.__esModule = true, module.exports[\"default\"] = module.exports, _wrapNativeSuper(t);\n}\nmodule.exports = _wrapNativeSuper, module.exports.__esModule = true, module.exports[\"default\"] = module.exports;","// TODO(Babel 8): Remove this file.\n\nvar runtime = require(\"../helpers/regeneratorRuntime\")();\nmodule.exports = runtime;\n\n// Copied from https://github.com/facebook/regenerator/blob/main/packages/runtime/runtime.js#L736=\ntry {\n regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n if (typeof globalThis === \"object\") {\n globalThis.regeneratorRuntime = runtime;\n } else {\n Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n }\n}\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","// define getter functions for harmony exports\n__webpack_require__.d = function(exports, definition) {\n\tfor(var key in definition) {\n\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n\t\t}\n\t}\n};","__webpack_require__.g = (function() {\n\tif (typeof globalThis === 'object') return globalThis;\n\ttry {\n\t\treturn this || new Function('return this')();\n\t} catch (e) {\n\t\tif (typeof window === 'object') return window;\n\t}\n})();","__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }","// define __esModule on exports\n__webpack_require__.r = function(exports) {\n\tif(typeof Symbol !== 'undefined' && Symbol.toStringTag) {\n\t\tObject.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });\n\t}\n\tObject.defineProperty(exports, '__esModule', { value: true });\n};","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(8193);\n"],"names":["AuthnTransactionImpl","sdk","tx","res","this","data","undefined","status","Object","assign","flattenEmbedded","stateToken","_links","cancel","Promise","resolve","createTransaction","args","getSavedStateToken","reject","AuthSdkError","transactionStep","then","url","options","withCredentials","post","transactionStatus","addStateToken","getIssuerOrigin","storageUtil","storage","get","STATE_TOKEN_KEY_NAME","bind","resume","resumeTransaction","exists","transactionExists","introspect","introspectAuthn","postToTransaction","Base","authn","createAuthnTransactionAPI","fingerprint","opts","clone","_postToTransaction","sendFingerprint","headers","signIn","multiOptionalFactorEnroll","obj","ref","Array","isArray","objArr","o","ol","length","push","embedded","_embedded","key","prototype","hasOwnProperty","call","isObject","fns","links2fns","omit","link2fn","link","name","lk","find","hints","allow","href","isPolling","factorType","provider","params","autoPush","e","rememberDevice","profile","updatePhone","toQueryString","linkName","type","poll","getPollFn","fn","delay","transactionCallBack","isNumber","DEFAULT_POLLING_DELAY","pollLink","getLink","retryCount","recursivePoll","getStateToken","saveAuthnState","pollingIntent","pollFn","pollRes","factorResult","AuthPollStopError","delayFn","catch","err","xhr","delayLength","Math","pow","builtArgs","OptionsConstructor","OktaAuthBase","removeNils","emitter","Emitter","features","constants","devMode","browserHasLocalStorage","getLocalStorage","testStorage","browserHasSessionStorage","getSessionStorage","testStorageType","storageType","supported","getStorageByType","storageProvider","getCookieStorage","getInMemoryStorage","findStorageType","types","curType","nextType","slice","shift","warn","isIE11OrLess","window","onstorage","localStorage","sessionStorage","secure","sameSite","sessionCookie","getItem","setItem","value","expiresAt","set","removeItem","delete","useSeparateCookies","keys","forEach","k","indexOf","replace","JSON","parse","stringify","existingValues","storageKey","valueToStore","inMemoryStore","cookieOptions","path","Date","expires","Cookies","arguments","remove","isFingerprintSupported","timeout","iframe","listener","container","document","body","createElement","style","display","isMessageFromCorrectSource","origin","msg","contentWindow","postMessage","addListener","src","appendChild","setTimeout","finally","clearTimeout","removeListener","contains","parentElement","removeChild","event","source","SdkClock","localOffset","parseInt","now","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","AuthStateManager","_sdk","_pending","_authState","_logOptions","_prevAuthState","_transformQueue","PromiseQueue","quiet","tokenManager","on","EVENT_ADDED","token","_setLogOptions","updateAuthState","EVENT_REMOVED","transformAuthState","log","getConsole","group","groupEnd","emitAuthStateChange","authState","prevState","state","isAuthenticated","idToken","accessToken","error","emit","finalPromise","origPromise","curPromise","getAuthState","cancelablePromise","PCancelable","_","onCancel","shouldReject","emitAndResolve","isCanceled","getTokensSync","refreshToken","handler","off","AUTO_RENEW","SYNC_STORAGE","LEADER_ELECTION","RENEW_ON_TAB_ACTIVATION","ServiceManager","onLeader","getOptions","autoRenew","autoRemove","syncStorage","electionChannelName","broadcastChannelName","defaultOptions","clientId","syncChannelName","started","services","Map","knownServices","svc","createService","startServices","getService","isLeader","values","some","srv","canStart","requiresLeadership","stopServices","entries","canStartService","start","stop","isStarted","isLeaderRequired","service","LeaderElectionService","AutoRenewService","SyncStorageService","RenewOnTabActivationService","Error","renewOnTabActivation","tabInactivityDuration","StorageManagerConstructor","TransactionManagerConstructor","createOktaAuthBase","WithStorage","mixinStorage","WithHttp","mixinHttp","WithSession","mixinSession","WithOAuth","mixinOAuth","mixinCore","authStateManager","serviceManager","isLoginRedirect","originalUri","handleLoginRedirect","tokens","setTokens","getOriginalUri","parseOAuthResponseFromUrl","oAuthResponse","storeTokensFromRedirect","removeOriginalUri","restoreOriginalUri","location","responseMode","channel","BroadcastChannel","close","createOAuthOptionsConstructor","createOAuthStorageManager","b64u","Uint8Array","from","base64UrlDecode","c","charCodeAt","b64","base64UrlToBase64","utf8","atob","decodeURIComponent","escape","bin","btoa","reduce","s","byte","String","fromCharCode","str","base64ToBase64Url","buffer","i","crypto","TextEncoder","encode","webcrypto","subtle","digest","arrayBuffer","firstHalf","hash","apply","stringToBase64Url","algo","use","importKey","cryptoKey","jwt","split","payload","stringToBuffer","b64Signature","signature","verify","AuthApiError","meta","message","errorSummary","errorCode","errorLink","errorId","errorCauses","CustomError","setPrototypeOf","OAuthError","summary","resp","error_description","WWWAuthError","scheme","parameters","UNKNOWN_ERROR","errorDescription","realm","header","match","regex","firstSpace","remaining","exec","isFunction","OktaAuth","createIdxOptionsConstructor","StorageManager","createIdxStorageManager","TransactionManager","createIdxTransactionManager","WithIdx","createOktaAuthIdx","WithMyAccount","mixinMyAccount","mixinAuthn","indexedDB","hasTextEncoder","isWebCryptoSubtleSupported","agent","getUserAgent","isWindowsPhone","test","isBrowser","protocol","navigator","userAgent","MSStream","hostname","isTokenVerifySupported","documentMode","isIE8or9","appJsonContentTypeRegex","method","contentType","map","param","encodeURIComponent","join","fetchPromise","global","fetch","crossFetch","credentials","response","ok","toLowerCase","json","text","readData","pair","result","responseText","responseType","responseJSON","formatResult","OktaUserAgent","environments","SDK_VERSION","maybeAddNodeEnvironment","env","process","versions","version","node","authClient","headerName","headerValue","_oktaUserAgent","http","setRequestHeader","issuer","transformErrorXHR","httpRequestClient","fetchRequest","httpRequestInterceptors","pollDelay","createStorageOptionsConstructor","isAbsoluteUrl","httpRequest","postOptions","trackDateDocumentBecameVisible","dateDocumentBecameVisible","hidden","addEventListener","formatError","serverErr","isString","wwwAuthHeader","getWWWAuthenticateHeader","wwwAuthErr","parseHeader","max_age","acr_values","interceptor","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cachedResponse","getStorage","getHttpHeader","promise","ajaxOptions","waitForVisibleAndAwakenDocument","waitForAwakenDocument","recursiveFetch","timeSinceDocumentIsVisible","pageVisibilityHandler","removeEventListener","retryableFetch","IOS_MAX_RETRY_COUNT","item","updateStorage","floor","DEFAULT_CACHE_DURATION","clearIdxResponse","saveLastResponse","getIdxResponseStorage","setStorage","storedValue","isRawIdxResponse","rawIdxResponse","stateHandle","interactionHandle","useGenericRemediator","clearStorage","createTransactionManager","password","authenticator","AuthenticatorKey","OKTA_PASSWORD","run","flow","Authenticator","OktaPassword","passcode","revokeSessions","idxRemediationValue","inputs","form","required","input","label","OktaVerifyTotp","verificationCode","totp","VerificationCodeAuthenticator","SecurityQuestionEnrollment","questionKey","answer","question","SecurityQuestionVerification","contextualData","enrolledQuestion","otp","WebauthnEnrollment","clientData","attestation","transports","visible","WebauthnVerification","authenticatorData","signatureData","remediation","relatesTo","SECURITY_QUESTION","OKTA_VERIFY","WEBAUTHN","challengeData","auth1","auth2","id","authenticators","option","incoming","isAuthenticator","transactionManager","load","flowSpec","getFlowSpecification","actions","EmailVerifyCallbackError","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","urlParamsToObject","search","idx","canProceed","proceed","mixinMinimalOAuth","mixinMinimalIdx","Core","createOktaAuthCore","mixinIdx","setRemediatorsCtx","remediators","boundStartTransaction","startTransaction","interact","makeIdxResponse","makeIdxState","authenticate","register","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","getFlow","unlockAccount","minimalSdk","AccountUnlockFlow","Identify","SelectAuthenticatorUnlockAccount","SelectAuthenticatorAuthenticate","ChallengeAuthenticator","ChallengePoll","AuthenticatorVerificationData","ReEnrollAuthenticatorWarning","AuthenticationFlow","SelectAuthenticatorEnroll","AuthenticatorEnrollmentData","EnrollAuthenticator","ReEnrollAuthenticator","EnrollPoll","SelectEnrollmentChannel","EnrollmentChannelData","RedirectIdp","Skip","oktaAuth","RegistrationFlow","PasswordRecoveryFlow","ResetAuthenticator","SelectEnrollProfile","EnrollProfile","codeVerifier","savedState","URL","searchParams","interactionCode","exchangeCodeForTokens","toPersist","requestDidSucceed","IDX_API_VERSION","validateVersionConfig","parsersForVersion","v1","isFieldMutable","field","mutable","divideSingleActionParamsByMutability","action","defaultParamsForAction","neededParamsForAction","immutableParamsForAction","actionList","neededParams","defaultParams","immutableParams","generateDirectFetch","actionDefinition","target","accepts","endsWith","idxResponse","stepUp","generator","divideActionParamsByMutability","SKIP_FIELDS","parseNonRemediations","context","filter","rel","generateIdxAction","fieldValue","info","subField","expandRelatesTo","query","jsonpath","innerValue","remediationData","authenticatorChallenge","remediations","actionFn","generateRemediationFunctions","convertRemediationAction","parseIdxResponse","neededToProceed","remediationChoice","paramsFromUser","remediationChoiceObject","rawIdxState","successWithInteractionCode","remediationValue","getResponse","baseUrl","getOAuthBaseUrl","redirectUri","scopes","codeChallenge","codeChallengeMethod","activationToken","recoveryToken","maxAge","acrValues","nonce","clientSecret","client_id","scope","redirect_uri","code_challenge","code_challenge_method","activation_token","recovery_token","client_secret","interaction_handle","newMeta","savedIdxResponse","loadIdxResponse","domain","getOAuthDomain","Accept","isAuthApiError","createIdxAPI","webauthn","createMinimalIdxAPI","createCoreOptionsConstructor","startPolling","transaction","availablePollingRemeditaions","includes","Number","isInteger","refresh","nextStep","hasSavedInteractionHandle","autoRemediate","enabledFeatures","IdxFeature","REGISTRATION","getActionFromValues","resend","removeActionFromValues","removeActionFromOptions","actionName","entry","remediate","remediator","getRemediator","actionFromValues","actionFromOptions","valuesWithoutExecutedAction","optionsWithoutExecutedAction","handleFailedResponse","canceled","terminal","isTerminalResponse","step","filterValuesForRemediation","acc","curr","canRemediate","getNextStep","getName","getData","getValuesAfterProceed","gr","getAuthenticatorData","getAuthenticatorFromRemediation","methodType","phoneNumber","val","AuthenticatorData","valueKey","getAuthenticator","formatAuthenticatorData","authenticatorsData","compareAuthenticators","mapAuthenticatorDataFromValues","enrollmentId","Remediator","formatAuthenticators","formatAuthenticator","existing","getRequiredValues","hasData","getAllValues","titleCase","_authClient","_context","getInputs","inputFromRemediation","messages","alias","aliases","inputsFromRemediation","inputsFromRemediator","authenticatorFromRemediation","SelectAuthenticator","matchedOption","findMatchedOption","isCurrentAuthenticator","currentAuthenticator","isCurrentAuthenticatorEnrollment","currentAuthenticatorEnrollment","selectedAuthenticator","selectedOption","VerifyAuthenticator","authenticatorEnrollments","canVerify","mapCredentials","common","getCredentialsFromRemediation","userProfileFromValues","userProfile","attributeValues","attributeName","errorRemediation","errors","Boolean","email","GenericRemediator","produces","rest","unwrapFormValue","requiredTracker","isRequired","optionSchema","formKeys","unwrappedForm","identifier","newPassword","idp","isRecoveryFlow","authenticatorMap","methodTypeOption","methodTypeValue","filterKey","skip","idxRemediation","r","cur","charAt","toUpperCase","substring","initializeValues","initializeData","IdxStatus","PENDING","getDataFromIntrospect","clear","interactResponse","getDataFromRemediate","idxResponseFromRemediation","getTokens","ignoreSignature","urls","tokenResponse","finalizeData","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","getEnabledFeatures","availableSteps","getAvailableSteps","getMessagesFromResponse","TERMINAL","hasActions","hasErrors","class","CANCELED","SUCCESS","saveIdxResponse","storageManagerOptions","transactionStorage","getTransactionStorage","SavedObject","IDX_RESPONSE_STORAGE_NAME","createCoreStorageManager","savedMeta","save","muteWarning","prepareTokenParams","tokenParams","pkceMeta","createOAuthMeta","validExistingMeta","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","ACCOUNT_UNLOCK","remediationName","remediatorMap","ctx","remediatorClass","T","getRemediatorClass","stepObj","startsWith","split2","part1","part2","actionObj","PASSWORD_RECOVERY","SOCIAL_IDP","newCtx","_oktaAuth","canSkipFn","canResendFn","getMessagesFromIdxRemediationValue","messagesFromForm","optionValues","messagesFromOptions","globalMessages","fieldMessages","seen","filtered","i18n","idxRemediations","remediatorCandidates","canSkip","canResend","getEnrolledCredentials","enrollement","credential","base64UrlToBuffer","credentialId","activationData","publicKey","rp","user","displayName","challenge","pubKeyCredParams","authenticatorSelection","excludeCredentials","userVerification","allowCredentials","rpId","bufferToBase64Url","clientDataJSON","attestationObject","getTransportsFn","getTransports","getEmails","sendRequest","EmailTransaction","getEmail","addEmail","deleteEmail","sendEmailChallenge","EmailChallengeTransaction","getEmailChallenge","emailId","challengeId","verifyEmailChallenge","myaccount","MyAccountMethods","getPassword","PasswordTransaction","enrollPassword","updatePassword","deletePassword","getPhones","PhoneTransaction","getPhone","addPhone","deletePhone","sendPhoneChallenge","verifyPhoneChallenge","getProfile","ProfileTransaction","updateProfile","getProfileSchema","ProfileSchemaTransaction","methodName","links","TransactionClass","BaseTransaction","self","accessTokenObj","atToken","requestUrl","httpOptions","dpop","getDPoPAuthorizationHeaders","Authorization","Dpop","ret","generateRequestFnFromLinks","EmailStatusTransaction","roles","created","lastUpdated","PasswordStatus","NOT_ENROLLED","enroll","update","properties","createdAt","modifiedAt","EmailRole","Status","DEFAULT_OPTIONS","clearPendingRemoveTokens","expireEarlySeconds","TOKEN_STORAGE_NAME","TokenManager","isLocalhost","storageOptions","getTokenStorage","clock","create","expireTimeouts","renewPromise","setExpireEventTimeoutAll","clearExpireEventTimeoutAll","getExpireTime","EVENT_EXPIRED","freshToken","oldToken","EVENT_RENEWED","EVENT_ERROR","clearExpireEventTimeout","isRefreshToken","expireTime","expireEventWait","max","expireEventTimeout","emitExpired","tokenStorage","setExpireEventTimeout","validateToken","emitSetStorageEvent","emitAdded","getSync","isAccessToken","isIDToken","EVENT_SET_STORAGE","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","getTokenType","handleAdded","handleRemoved","emitRemoved","existingTokens","getStorageKeyByType","newToken","existingToken","emitRenewed","removedToken","renew","shouldRenew","refreshKey","emitError","renewTokens","tokenKey","removedTokens","pendingRemove","REFRESH_TOKEN_STORAGE_KEY","enableSharedStorage","clearTransactionFromSharedStorage","isTransactionMeta","saveTransactionToSharedStorage","pruneSharedStorage","loadTransactionFromSharedStorage","decodedToken","base64UrlToString","isOAuthError","isWWWAuthError","INDEXEDDB_NAME","DB_KEY","createJwt","claims","signingKey","head","sign","algorithm","cryptoRandomValue","byteLen","getRandomValues","v","toString","generateKeyPair","modulusLength","publicExponent","generateKey","hashAccessToken","invokeStoreMethod","req","open","onerror","onupgradeneeded","createObjectStore","onsuccess","db","store","objectStore","oncomplete","storeKeyPair","pairId","keyPair","clearDPoPKeyPair","keyPairId","revokedToken","shouldClear","tokenType","dpopPairId","generateDPoPProof","exportKey","kty","crv","n","x","y","alg","typ","jwk","htm","htu","iat","jti","ath","privateKey","oauthQueryParams","convertTokenParamsToOAuthParams","extraParams","oauthParams","idpScope","loginHint","prompt","sessionToken","enrollAmrValues","mayBeArray","validateOptions","authorizationCode","getPostData","code","makeTokenRequest","dpopKeyPair","generateDPoPForTokenRequest","proof","DPoP","isDPoPNonceError","dpopNonce","tokenUrl","grant_type","refresh_token","kid","getWellKnown","wellKnown","jwksUri","cachedKey","authServerUri","prepareEnrollAuthenticatorParams","createEnrollAuthenticatorMeta","authorizeUrl","buildAuthorizeParams","setLocation","getOAuthUrls","getDefaultTokenParams","getTokenOptions","handleResponseOptions","findKeyPair","createDPoPKeyPair","postToTokenEndpoint","oauthResponse","handleOAuthResponse","authorize","enrollAuthenticator","queue","useQueue","getWithRedirectFn","getWithRedirect","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","getWithoutPrompt","getWithPopup","getWithIDPPopup","decode","decodeToken","revoke","revokeToken","renewToken","renewTokensWithRefresh","getUserInfo","accessTokenObject","idTokenObject","verifyToken","oidcIntrospect","popupWindow","idpPopup","iframePromise","addPostMessageListener","iframeEl","loadFrame","oauthPromise","isPopupPostMessageSupported","closePoller","setInterval","closed","clearInterval","idpPromise","addIDPPopupLisenter","userinfoUrl","userInfo","sub","generateState","cancelPromise","loadPopup","getToken","initialPath","validateResponse","pkce","interaction_code","dpopOptions","allowBearerTokens","token_type","tokenDict","expiresIn","expires_in","access_token","id_token","accessJwt","idJwt","idTokenObj","exp","validationParams","hintMap","kind","TokenKind","ACCESS","iss","introspectUrl","introspection_endpoint","authHeader","token_type_hint","BaseClass","browserStorage","REFERRER_PATH_STORAGE_KEY","getOriginalUriStorage","sharedStorage","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","handleLogin","_tokenQueue","createTokenAPI","endpoints","createEndpoints","onExpiredToken","shouldRemove","hasExpired","additionalParams","setOriginalUri","hasResponseType","accessTokenKey","clearDPoPKeyPairAfterRevoke","refreshTokenKey","postLogoutRedirectUri","logoutUrl","idTokenHint","logoutUri","defaultUri","currentUri","revokeAccessToken","revokeRefreshToken","getSignOutRedirectUrl","closeSession","sessionClosed","append","clearTokensBeforeRedirect","addPendingRemoveFlags","clearAllDPoPKeyPairs","wwwAuth","wwwErr","provideOriginalUri","createBaseTokenAPI","RegExp","assertValidConfig","removeTrailingSlash","revokeUrl","toAbsoluteUrl","ignoreLifetime","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","createHttpOptionsConstructor","getResponseMode","defaultResponseMode","paramStr","nativeLoc","cleanOAuthResponseFromUrl","nativeHistory","nativeDoc","replaceState","title","pathname","removeSearch","removeHash","throwInvalidTokenError","getSingleToken","originalToken","refreshTokenObject","renewTokenParams","endpointParams","postRefreshToken","isSameRefreshToken","updateRefreshToken","isRefreshTokenInvalidError","removeRefreshToken","creds","getOptionsForSection","logServerSideMemoryStorageWarning","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","ORIGINAL_URI_STORAGE_NAME","BaseStorageManager","isPKCETransactionMeta","isOAuthTransactionMeta","isCustomAuthTransactionMeta","isObjectWithProperties","timeoutId","onmessage","isTrusted","DEFAULT_TIMEOUT","responseHandler","popupTitle","eventTarget","attachEvent","detachEvent","defaultRedirectUri","generateNonce","errorResponse","hasTokensInHash","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","authParams","isCodeFlow","getHashOrSearch","codeFlow","genRandomString","getIssuer","oauthMeta","dec2hex","dec","substr","prefix","a","verifier","MIN_VERIFIER_LENGTH","ceil","MAX_VERIFIER_LENGTH","prepareParams","getDefaultEnrollAuthenticatorParams","assertPKCESupport","isPKCESupported","errorMessage","isHTTPS","validateCodeChallengeMethod","preparePKCE","defaults","isDPoPSupported","b","getSharedTansactionStorage","dateCreated","MAX_ENTRY_LIFETIME","plus2space","paramSplit","fragment","aud","acr","configuredIssuer","validationOptions","validateClaims","getKey","sdkCrypto","at_hash","getOidcHash","renewTimeQueue","onTokenExpiredHandler","firstTime","shouldThrottleRenew","processExpiredTokens","onLeaderDuplicate","elector","hasLeader","createLeaderElection","onduplicate","awaitLeadership","die","postInternal","getNow","onPageVisbilityChange","_onPageVisbilityChange","lastHidden","onTokenAddedHandler","onTokenRemovedHandler","onTokenRenewedHandler","onSetStorageHandler","onSyncMessageHandler","enablePostMessage","session","redirectUrl","checkAccountSetupComplete","sessionExists","getSession","refreshSession","setCookieAndRedirect","createSessionApi","sectionName","overrideOptions","storageTypes","CACHE_STORAGE_NAME","storageName","storageString","getCookieSettings","STORAGE_MANAGER_OPTIONS","createBaseOptionsConstructor","cookieSettings","cache","running","thisObject","queueItem","isPromise","getNativeConsole","console","nativeConsole","deprecate","steps","jsonpathRegex","groups","index","lastStep","pop","ms","random","randomCharset","parts","isoTime","UTC","toUTCString","delim","splice","additionalArgs","concat","obj1","prop","collection","found","altName","newobj","props","p","cleaned","trimmed","ttl","ObliviousSet","has","_to","_this","removeTooOldValues","obliviousSet","olderThen","iterator","Symbol","next","getTime","CancelError","reason","executor","_cancelHandlers","_isPending","_isCanceled","_rejectOnCancel","_promise","_reject","defineProperties","boolean","onFulfilled","onRejected","onFinally","userFn","arguments_","module","exports","defineProperty","OPEN_BROADCAST_CHANNELS","clearNodeFolder","_options","fillOptionsWithDefaults","_methodChooser","chooseMethod","_util","PROMISE_RESOLVED_FALSE","enforceOptions","ENFORCED_OPTIONS","Set","lastId","maybePromise","add","_iL","_onML","_addEL","internal","_uMP","_befC","_prepP","_state","_post","broadcastChannel","msgObj","time","microSeconds","PROMISE_RESOLVED_VOID","sendPromise","_hasMessageListeners","_addListenerObject","listenerFn","listenerObject","minMessageTime","onMessage","_startListening","_removeListenerObject","_stopListening","_pubkey","listenObj","awaitPrepare","all","isClosed","_index","beLeader","enumerable","_broadcastChannel","_leaderElectionUtil","_leaderElection","leaderElector","_hasLeader","unloadFn","_unload","_unl","isLeaderListener","sendLeaderMessage","_dpLC","_dpL","_lstns","msgJson","LeaderElectionWebLock","isDead","randomToken","_wKMC","lN","_this2","locks","relevantLocks","held","lock","_this3","_wLMP","AbortController","returnPromise","rej","request","signal","_fn","_this4","uFn","abort","_leaderElector","fallbackInterval","responseTime","averageResponseTime","supportsWebLockAPI","_leaderElectionWebLock","LeaderElection","_aplQ","_aplQC","hasLeaderListener","applyOnce","isFromFallbackInterval","sleep","PROMISE_RESOLVED_TRUE","stopCriteriaPromiseResolve","stopCriteria","stopCriteriaPromise","handleMessage","waitForAnswerTime","race","applyRun","_aLP","resolved","finish","whenDeathListener","tryOnFallBack","chooseMethods","methods","METHODS","_simulate","SimulateMethod","m","webWorkerSupport","useMethod","canBeUsed","_native","_indexedDb","_localstorage","NativeMethod","IndexedDBMethod","LocalstorageMethod","TRANSACTION_SETTINGS","cleanOldMessages","commitIndexedDBTransaction","createDatabase","getAllMessages","OBJECT_STORE_ID","openCursor","ev","cursor","getIdb","getMessagesHigherThan","getOldMessages","removeMessagesById","writeMessage","_obliviousSet","DB_PREFIX","durability","mozIndexedDB","webkitIndexedDB","msIndexedDB","commit","channelName","IndexedDB","dbName","openRequest","keyPath","autoIncrement","readerUuid","messageJson","writeObject","uuid","lastCursorId","keyRangeValue","IDBKeyRange","bound","Infinity","getAll","getAllRequest","openCursorRequest","channelState","ids","deleteRequest","msgObk","idb","tooOld","eMIs","writeBlockPromise","messagesCallback","readQueuePromises","onclose","_readLoop","readNewMessages","newerMessages","useMessages","messagesCallbackTime","_filterMessage","sort","msgObjA","msgObjB","randomInt","addStorageEventListener","removeStorageEventListener","KEY_PREFIX","writeObj","createEvent","initEvent","newValue","dispatchEvent","localstorage","removeTimeout","ls","defaultTime","bc","subFns","SIMULATE_CHANNELS","originalOptions","maxParallelWrites","useFastPath","lastMs","additional","min","resolveWith","__self__","F","DOMException","support","iterable","blob","Blob","formData","viewClasses","isArrayBufferView","ArrayBuffer","isView","normalizeName","TypeError","normalizeValue","iteratorFor","items","done","Headers","getOwnPropertyNames","consumed","bodyUsed","fileReaderReady","reader","onload","readBlobAsArrayBuffer","FileReader","readAsArrayBuffer","bufferClone","buf","view","byteLength","Body","_initBody","_bodyInit","_bodyText","isPrototypeOf","_bodyBlob","FormData","_bodyFormData","URLSearchParams","DataView","_bodyArrayBuffer","rejected","readAsText","chars","readArrayBufferAsText","oldValue","callback","thisArg","Request","upcased","mode","referrer","trim","bytes","Response","bodyInit","statusText","redirectStatuses","redirect","RangeError","stack","constructor","init","aborted","XMLHttpRequest","abortXhr","rawHeaders","getAllResponseHeaders","line","responseURL","ontimeout","onabort","onreadystatechange","readyState","send","polyfill","ponyfill","converter","defaultAttributes","attributes","stringifiedAttributes","cookie","write","jar","foundKey","read","withAttributes","withConverter","freeze","factory","E","once","evtArr","len","evts","liveEvents","USE_METHOD","exit","trace","WorkerGlobalScope","oldClose","LISTENERS","startedListening","runAll","promises","removeAll","getSize","size","__esModule","arrayLikeToArray","ReferenceError","asyncGeneratorStep","t","u","_next","_throw","isNativeReflectConstruct","Reflect","construct","toPropertyKey","_defineProperties","configurable","writable","superPropBase","_get","getOwnPropertyDescriptor","_getPrototypeOf","getPrototypeOf","__proto__","Function","_isNativeReflectConstruct","valueOf","l","f","objectWithoutPropertiesLoose","getOwnPropertySymbols","propertyIsEnumerable","_typeof","assertThisInitialized","_regeneratorRuntime","asyncIterator","toStringTag","define","wrap","Generator","Context","makeInvokeMethod","tryCatch","arg","h","GeneratorFunction","GeneratorFunctionPrototype","d","g","defineIteratorMethods","_invoke","AsyncIterator","invoke","__await","callInvokeWithMethodAndArg","delegate","maybeInvokeDelegate","sent","_sent","dispatchException","abrupt","resultName","nextLoc","pushTryEntry","tryLoc","catchLoc","finallyLoc","afterLoc","tryEntries","resetTryEntry","completion","reset","isNaN","isGeneratorFunction","mark","awrap","async","reverse","prev","rval","handle","complete","delegateYield","_setPrototypeOf","arrayWithHoles","iterableToArrayLimit","unsupportedIterableToArray","nonIterableRest","arrayWithoutHoles","iterableToArray","nonIterableSpread","toPrimitive","isNativeFunction","_wrapNativeSuper","Wrapper","runtime","regeneratorRuntime","accidentalStrictMode","globalThis","__webpack_module_cache__","__webpack_require__","moduleId","cachedModule","__webpack_modules__","definition","__webpack_exports__"],"sourceRoot":""}