npm - @stackframe/tanstack-start - Versions diffs - 2.8.93 → 2.8.95 - Mend

@stackframe/tanstack-start 2.8.93 → 2.8.95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client-app-impl.js","names":["isSecure","isSecureCookieContext"],"sources":["../../../../../../src/lib/stack-app/apps/implementations/client-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { WebAuthnError, startAuthentication, startRegistration } from \"@simplewebauthn/browser\";\nimport { KnownErrors, StackClientInterface } from \"@stackframe/stack-shared\";\nimport type { RequestListener } from \"@stackframe/stack-shared/dist/interface/client-interface\";\nimport { ContactChannelsCrud } from \"@stackframe/stack-shared/dist/interface/crud/contact-channels\";\nimport { CurrentUserCrud } from \"@stackframe/stack-shared/dist/interface/crud/current-user\";\nimport type { CustomerInvoicesListResponse } from \"@stackframe/stack-shared/dist/interface/crud/invoices\";\nimport { ItemCrud } from \"@stackframe/stack-shared/dist/interface/crud/items\";\nimport { NotificationPreferenceCrud } from \"@stackframe/stack-shared/dist/interface/crud/notification-preferences\";\nimport { OAuthProviderCrud } from \"@stackframe/stack-shared/dist/interface/crud/oauth-providers\";\nimport type { CustomerProductsListResponse } from \"@stackframe/stack-shared/dist/interface/crud/products\";\nimport { TeamApiKeysCrud, UserApiKeysCrud, teamApiKeysCreateOutputSchema, userApiKeysCreateOutputSchema } from \"@stackframe/stack-shared/dist/interface/crud/project-api-keys\";\nimport { ProjectPermissionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/project-permissions\";\nimport { ClientProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { SessionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/sessions\";\nimport { TeamInvitationCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-invitation\";\nimport { TeamMemberProfilesCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-member-profiles\";\nimport { TeamPermissionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-permissions\";\nimport { TeamsCrud } from \"@stackframe/stack-shared/dist/interface/crud/teams\";\nimport { UsersCrud } from \"@stackframe/stack-shared/dist/interface/crud/users\";\nimport type { RestrictedReason } from \"@stackframe/stack-shared/dist/schema-fields\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { decodeBase32, decodeBase64, encodeBase32, encodeBase64 } from \"@stackframe/stack-shared/dist/utils/bytes\";\nimport { scrambleDuringCompileTime } from \"@stackframe/stack-shared/dist/utils/compile-time\";\nimport { isBrowserLike } from \"@stackframe/stack-shared/dist/utils/env\";\nimport { StackAssertionError, captureError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { parseJson } from \"@stackframe/stack-shared/dist/utils/json\";\nimport { DependenciesMap } from \"@stackframe/stack-shared/dist/utils/maps\";\nimport { ProviderType } from \"@stackframe/stack-shared/dist/utils/oauth\";\nimport { deepPlainEquals, omit } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { neverResolve, runAsynchronously, wait } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { suspend, suspendIfSsr, use } from \"@stackframe/stack-shared/dist/utils/react\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { Store, storeLock } from \"@stackframe/stack-shared/dist/utils/stores\";\nimport { deindent, mergeScopeStrings } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { BotChallengeExecutionFailedError, BotChallengeUserCancelledError, withBotChallengeFlow } from \"@stackframe/stack-shared/dist/utils/turnstile-flow\";\nimport type { TurnstileAction } from \"@stackframe/stack-shared/dist/utils/turnstile\";\nimport { isRelative } from \"@stackframe/stack-shared/dist/utils/urls\";\nimport { generateUuid } from \"@stackframe/stack-shared/dist/utils/uuids\";\nimport * as tanstackStartServerContext from \"@stackframe/tanstack-start/tanstack-start-server-context\"; // THIS_LINE_PLATFORM tanstack-start\nimport * as TanStackRouter from \"@tanstack/react-router\"; // THIS_LINE_PLATFORM tanstack-start\nimport * as cookie from \"cookie\";\nimport React, { useCallback, useMemo } from \"react\"; // THIS_LINE_PLATFORM react-like\nimport type * as yup from \"yup\";\nimport { constructRedirectUrl } from \"../../../../utils/url\";\nimport { getNewOAuthProviderOrScopeUrl, callOAuthCallback } from \"../../../auth\";\nimport { CookieHelper, createBrowserCookieHelper, createCookieHelper, createPlaceholderCookieHelper, deleteCookie, deleteCookieClient, isSecure as isSecureCookieContext, saveVerifierAndState, setOrDeleteCookie, setOrDeleteCookieClient } from \"../../../cookie\";\nimport { envVars } from \"../../../env\";\nimport { ApiKey, ApiKeyCreationOptions, ApiKeyUpdateOptions, apiKeyCreationOptionsToCrud } from \"../../api-keys\";\nimport { ConvexCtx, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, RequestLike, ResolvedHandlerUrls, TokenStoreInit, stackAppInternalsSymbol } from \"../../common\";\nimport { DeprecatedOAuthConnection, OAuthConnection } from \"../../connected-accounts\";\nimport { ContactChannel, ContactChannelCreateOptions, ContactChannelUpdateOptions, contactChannelCreateOptionsToCrud, contactChannelUpdateOptionsToCrud } from \"../../contact-channels\";\nimport { Customer, CustomerBilling, CustomerDefaultPaymentMethod, CustomerInvoiceStatus, CustomerInvoicesList, CustomerInvoicesListOptions, CustomerInvoicesRequestOptions, CustomerPaymentMethodSetupIntent, CustomerProductsList, CustomerProductsListOptions, CustomerProductsRequestOptions, Item } from \"../../customers\";\nimport { NotificationCategory } from \"../../notification-categories\";\nimport { TeamPermission } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProjectUpdateOptions, Project, adminProjectCreateOptionsToCrud } from \"../../projects\";\nimport { EditableTeamMemberProfile, ReceivedTeamInvitation, SentTeamInvitation, Team, TeamCreateOptions, TeamUpdateOptions, TeamUser, teamCreateOptionsToCrud, teamUpdateOptionsToCrud } from \"../../teams\";\nimport { buildCliAuthConfirmUrl, isHostedHandlerUrlForProject, resolveHandlerUrls } from \"../../url-targets\";\nimport { ActiveSession, Auth, BaseUser, CurrentUser, InternalUserExtra, OAuthProvider, ProjectCurrentUser, SyncedPartialUser, TokenPartialUser, UserExtra, UserUpdateOptions, userUpdateOptionsToCrud, withUserDestructureGuard } from \"../../users\";\nimport { StackClientApp, StackClientAppConstructorOptions, StackClientAppJson } from \"../interfaces/client-app\";\nimport { _StackAdminAppImplIncomplete } from \"./admin-app-impl\";\nimport { TokenObject, clientVersion, createCache, createCacheBySession, createEmptyTokenStore, getAnalyticsBaseUrl, getDefaultExtraRequestHeaders, getDefaultProjectId, getDefaultPublishableClientKey, getUrls, resolveApiUrls, resolveConstructorOptions } from \"./common\";\nimport { EventTracker } from \"./event-tracker\";\nimport { crossDomainAuthQueryParams, getCrossDomainHandoffParamsFromCurrentUrl, planRedirectToHandler } from \"./redirect-page-urls\";\nimport type { CrossDomainHandoffParams } from \"./redirect-page-urls\";\nimport { subscribeSessionRefresh } from \"./session-refresh-subscription\";\nimport { AnalyticsOptions, SessionRecorder, analyticsOptionsFromJson, analyticsOptionsToJson } from \"./session-replay\";\n\nimport { useAsyncCache } from \"./common\";\nimport { mountDevTool } from \"../../../../dev-tool\";\n\nlet isReactServer = false;\n\nconst prefetchedCrossDomainHandoffTtlMs = 55 * 60 * 1000;\n\nconst allClientApps = new Map<string, [checkString: string \| undefined, app: StackClientApp<any, any>]>();\nconst STACK_AUTHORIZATION_VALUE_PREFIX = \"stackauth_\";\n\nfunction getAuthorizationHeaderValueFromAuthJson(authJson: { accessToken: string \| null, refreshToken: string \| null }): string \| null {\n if (authJson.accessToken == null && authJson.refreshToken == null) {\n return null;\n }\n\n const encodedAuthJson = encodeBase64(new TextEncoder().encode(JSON.stringify(authJson)));\n return `Bearer ${STACK_AUTHORIZATION_VALUE_PREFIX}${encodedAuthJson}`;\n}\n\nfunction getAuthJsonFromAuthorizationHeaderValue(authorizationHeaderValue: string): { accessToken: string \| null, refreshToken: string \| null } \| null {\n const match = authorizationHeaderValue.match(/^Bearer\\s+(.+)$/i);\n if (match == null) {\n return null;\n }\n\n const credential = match[1].trim();\n if (!credential.startsWith(STACK_AUTHORIZATION_VALUE_PREFIX)) {\n return null;\n }\n\n const encodedAuthJson = credential.slice(STACK_AUTHORIZATION_VALUE_PREFIX.length);\n if (encodedAuthJson.length === 0) {\n throw new Error(\"Invalid Authorization header format. Expected `Bearer stackauth_<base64(getAuthJson())>`.\");\n }\n\n let parsed: unknown;\n try {\n const decodedAuthJson = new TextDecoder().decode(decodeBase64(encodedAuthJson));\n parsed = JSON.parse(decodedAuthJson);\n } catch (e) {\n throw new Error(\"Invalid stackauth authorization header.\", { cause: e });\n }\n\n if (parsed == null \|\| typeof parsed !== \"object\" \|\| Array.isArray(parsed)) {\n throw new Error(\"Invalid stackauth authorization payload. Expected an object.\");\n }\n\n const accessToken = Reflect.get(parsed, \"accessToken\");\n const refreshToken = Reflect.get(parsed, \"refreshToken\");\n if (accessToken != null && typeof accessToken !== \"string\") {\n throw new Error(\"Invalid stackauth authorization payload. `accessToken` must be a string or null.\");\n }\n if (refreshToken != null && typeof refreshToken !== \"string\") {\n throw new Error(\"Invalid stackauth authorization payload. `refreshToken` must be a string or null.\");\n }\n\n return {\n accessToken: accessToken ?? null,\n refreshToken: refreshToken ?? null,\n };\n}\n\nfunction getHeaderValueFromRequestLikeHeaders(headers: RequestLike[\"headers\"], name: string): string \| null {\n if (\"get\" in headers && typeof headers.get === \"function\") {\n return headers.get(name);\n }\n\n const lowerCaseName = name.toLowerCase();\n for (const [headerName, headerValue] of Object.entries(headers)) {\n if (headerName.toLowerCase() === lowerCaseName) {\n return headerValue;\n }\n }\n return null;\n}\n\nfunction getTanStackStartRequestHeader(name: string): string \| null {\n const { getRequestHeader } = tanstackStartServerContext;\n if (getRequestHeader == null) {\n throw new StackAssertionError(\"TanStack Start request headers are only available during server rendering\");\n }\n return getRequestHeader(name) ?? null;\n}\n\nasync function getServerRequestHost(): Promise<string \| null> {\n return getTanStackStartRequestHeader(\"host\");\n}\n\ntype StackClientAppImplConstructorOptionsResolved<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined };\n\nexport class _StackClientAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string = string> implements StackClientApp<HasTokenStore, ProjectId> {\n /*\n There is a circular dependency between the admin app and the client app, as the former inherits from the latter and\n * the latter needs to use the former when creating a new instance of an internal project.\n \n To break it, we set the admin app here lazily instead of importing it directly. This variable is set by ./index.ts,\n * which imports both this file and ./admin-app-impl.ts.\n /\n static readonly LazyStackAdminAppImpl: { value: typeof import(\"./admin-app-impl\")._StackAdminAppImplIncomplete \| undefined } = { value: undefined };\n\n protected readonly _options: StackClientAppImplConstructorOptionsResolved<HasTokenStore, ProjectId>;\n protected readonly _extraOptions: { uniqueIdentifier?: string, checkString?: string, interface?: StackClientInterface } \| undefined;\n protected _uniqueIdentifier: string \| undefined = undefined;\n protected _interface: StackClientInterface;\n protected readonly _tokenStoreInit: TokenStoreInit<HasTokenStore>;\n protected readonly _redirectMethod: RedirectMethod \| undefined;\n protected readonly _urlOptions: HandlerUrlOptions;\n protected readonly _oauthScopesOnSignIn: Partial<OAuthScopesOnSignIn>;\n\n private readonly _analyticsOptions: AnalyticsOptions \| undefined;\n private _sessionRecorder: SessionRecorder \| null = null;\n private _eventTracker: EventTracker \| null = null;\n\n private __DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;\n private readonly _ownedAdminApps = new DependenciesMap<[InternalSession, string], _StackAdminAppImplIncomplete<false, string>>();\n\n private readonly _currentUserCache = createCacheBySession(async (session) => {\n if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {\n await wait(2000);\n }\n if (session.isKnownToBeInvalid()) {\n // let's save ourselves a network request\n //\n // this also makes a certain race condition less likely to happen. particularly, it's quite common for code to\n // look like this:\n //\n // const user = await useUser({ or: \"required\" });\n // const something = user.useSomething();\n //\n // now, let's say the session is invalidated. this will trigger a refresh to refresh both the user and the\n // something. however, it's not guaranteed that the user will return first, so useUser might still return a\n // user object while the something request has already completed (and failed, because the session is invalid).\n // by returning null quickly here without a request, it is very very likely for the user request to complete\n // first.\n //\n // TODO HACK: the above is a bit of a hack, and we should probably think of more consistent ways to handle this.\n // it also only works for the user endpoint, and only if the session is known to be invalid.\n return null;\n }\n return await this._interface.getClientUserByToken(session);\n });\n private readonly _currentProjectCache = createCache(async () => {\n return Result.orThrow(await this._interface.getClientProject());\n });\n private readonly _ownedProjectsCache = createCacheBySession(async (session) => {\n return await this._interface.listProjects(session);\n });\n private readonly _currentUserPermissionsCache = createCacheBySession<\n [string, boolean],\n TeamPermissionsCrud['Client']['Read'][]\n >(async (session, [teamId, recursive]) => {\n return await this._interface.listCurrentUserTeamPermissions({ teamId, recursive }, session);\n });\n private readonly _currentUserProjectPermissionsCache = createCacheBySession<\n [boolean],\n ProjectPermissionsCrud['Client']['Read'][]\n >(async (session, [recursive]) => {\n return await this._interface.listCurrentUserProjectPermissions({ recursive }, session);\n });\n private readonly _currentUserTeamsCache = createCacheBySession(async (session) => {\n return await this._interface.listCurrentUserTeams(session);\n });\n /* @deprecated Used by legacy getConnectedAccount(providerId) — uses old per-provider access token endpoint /\n private readonly _currentUserOAuthConnectionAccessTokensCache = createCacheBySession<[string, string], { accessToken: string } \| null>(\n async (session, [providerId, scope]) => {\n try {\n const result = await this._interface.createProviderAccessToken(providerId, scope \|\| \"\", session);\n return { accessToken: result.access_token };\n } catch (err) {\n if (!(KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) \|\| KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err))) {\n throw err;\n }\n }\n return null;\n }\n );\n /* @deprecated Used by legacy getConnectedAccount(providerId) — combines token check + redirect /\n private readonly _currentUserOAuthConnectionCache = createCacheBySession<[ProviderType, string, boolean], DeprecatedOAuthConnection \| null>(\n async (session, [providerId, scope, redirect]) => {\n return await this._getUserOAuthConnectionCacheFn({\n getUser: async () => Result.orThrow(await this._currentUserCache.getOrWait([session], \"write-only\")),\n getOrWaitOAuthToken: async () => Result.orThrow(await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, providerId, scope \|\| \"\"] as const, \"write-only\")),\n useOAuthToken: () => useAsyncCache(this._currentUserOAuthConnectionAccessTokensCache, [session, providerId, scope \|\| \"\"] as const, \"connection.useAccessToken()\"),\n providerId,\n scope,\n redirect,\n session,\n });\n }\n );\n private readonly _currentUserConnectedAccountsCache = createCacheBySession<[], OAuthConnection[]>(\n async (session) => {\n const result = await this._interface.listConnectedAccounts(session);\n return result.items.map((item) => this._createOAuthConnectionFromCrudItem(item, session));\n }\n );\n private readonly _currentUserOAuthConnectionAccessTokensByAccountCache = createCacheBySession<[string, string, string], { accessToken: string } \| null>(\n async (session, [providerId, providerAccountId, scope]) => {\n try {\n const result = await this._interface.createProviderAccessTokenByAccount(providerId, providerAccountId, scope, session);\n return { accessToken: result.access_token };\n } catch (err) {\n if (KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) \|\| KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err)) {\n return null;\n }\n throw err;\n }\n }\n );\n private readonly _currentUserValidConnectedAccountForProviderCache = createCacheBySession<[string, string], OAuthConnection>(\n async (session, [provider, scopeString]) => {\n const connectedAccounts = Result.orThrow(await this._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const matchingAccounts = connectedAccounts.filter(a => a.provider === provider);\n const scopes = scopeString ? scopeString.split(\" \") : undefined;\n\n for (const account of matchingAccounts) {\n const tokenResult = await account.getAccessToken({ scopes });\n if (tokenResult.status === \"ok\") {\n return account;\n }\n }\n\n const location = await getNewOAuthProviderOrScopeUrl(\n this._interface,\n {\n provider,\n redirectUrl: this.urls.oauthCallback,\n errorRedirectUrl: this.urls.error,\n providerScope: mergeScopeStrings(scopeString, (this._oauthScopesOnSignIn[provider as ProviderType] ?? []).join(\" \")),\n },\n session,\n );\n await this._redirectTo({ url: location });\n return await neverResolve();\n }\n );\n private readonly _teamMemberProfilesCache = createCacheBySession<[string], TeamMemberProfilesCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n return await this._interface.listTeamMemberProfiles({ teamId }, session);\n }\n );\n private readonly _teamInvitationsCache = createCacheBySession<[string], TeamInvitationCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n return await this._interface.listTeamInvitations({ teamId }, session);\n }\n );\n private readonly _currentUserTeamProfileCache = createCacheBySession<[string], TeamMemberProfilesCrud['Client']['Read']>(\n async (session, [teamId]) => {\n return await this._interface.getTeamMemberProfile({ teamId, userId: 'me' }, session);\n }\n );\n private readonly _currentUserTeamInvitationsCache = createCacheBySession(async (session) => {\n return await this._interface.listCurrentUserTeamInvitations(session);\n });\n private readonly _clientContactChannelsCache = createCacheBySession<[], ContactChannelsCrud['Client']['Read'][]>(\n async (session) => {\n return await this._interface.listClientContactChannels(session);\n }\n );\n\n private readonly _userApiKeysCache = createCacheBySession<[], UserApiKeysCrud['Client']['Read'][]>(\n async (session) => {\n const results = await this._interface.listProjectApiKeys({ user_id: 'me' }, session, \"client\");\n return results as UserApiKeysCrud['Client']['Read'][];\n }\n );\n\n private readonly _teamApiKeysCache = createCacheBySession<[string], TeamApiKeysCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n const results = await this._interface.listProjectApiKeys({ team_id: teamId }, session, \"client\");\n return results as TeamApiKeysCrud['Client']['Read'][];\n }\n );\n\n private readonly _notificationCategoriesCache = createCacheBySession<[], NotificationPreferenceCrud['Client']['Read'][]>(\n async (session) => {\n const results = await this._interface.listNotificationCategories(session);\n return results as NotificationPreferenceCrud['Client']['Read'][];\n }\n );\n\n private readonly _currentUserOAuthProvidersCache = createCacheBySession<[], OAuthProviderCrud['Client']['Read'][]>(\n async (session) => {\n return await this._interface.listOAuthProviders({ user_id: 'me' }, session);\n }\n );\n\n private readonly _userItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [userId, itemId]) => {\n return await this._interface.getItem({ userId, itemId }, session);\n }\n );\n\n private readonly _teamItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [teamId, itemId]) => {\n return await this._interface.getItem({ teamId, itemId }, session);\n }\n );\n\n private readonly _customItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [customCustomerId, itemId]) => {\n return await this._interface.getItem({ customCustomerId, itemId }, session);\n }\n );\n\n private readonly _userProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [userId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"user\",\n customer_id: userId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _teamProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [teamId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"team\",\n customer_id: teamId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _customProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [customCustomerId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"custom\",\n customer_id: customCustomerId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _userInvoicesCache = createCacheBySession<[string, string \| null, number \| null], CustomerInvoicesListResponse>(\n async (session, [userId, cursor, limit]) => {\n return await this._interface.listInvoices({\n customer_type: \"user\",\n customer_id: userId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _teamInvoicesCache = createCacheBySession<[string, string \| null, number \| null], CustomerInvoicesListResponse>(\n async (session, [teamId, cursor, limit]) => {\n return await this._interface.listInvoices({\n customer_type: \"team\",\n customer_id: teamId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _customerBillingCache = createCacheBySession<[\"user\" \| \"team\", string], {\n has_customer: boolean,\n default_payment_method: {\n id: string,\n brand: string \| null,\n last4: string \| null,\n exp_month: number \| null,\n exp_year: number \| null,\n } \| null,\n }>(\n async (session, [customerType, customerId]) => {\n return await this._interface.getCustomerBilling(customerType, customerId, session);\n }\n );\n\n private readonly _convexPartialUserCache = createCache<[unknown], TokenPartialUser \| null>(\n async ([ctx]) => await this._getPartialUserFromConvex(ctx as any)\n );\n\n private readonly _trustedParentDomainCache = createCache<[string], string \| null>(\n async ([domain]) => await this._getTrustedParentDomain(domain)\n );\n\n private _anonymousSignUpInProgress: Promise<{ accessToken: string, refreshToken: string }> \| null = null;\n private _prefetchedCrossDomainHandoffParams: CrossDomainHandoffParams \| null = null;\n private _prefetchedCrossDomainHandoffParamsFetchedAt = 0;\n private _isPrefetchingCrossDomainHandoffParams = false;\n\n protected async _createCookieHelper(overrideTokenStoreInit?: TokenStoreInit): Promise<CookieHelper> {\n const tokenStoreInit = overrideTokenStoreInit === undefined ? this._tokenStoreInit : overrideTokenStoreInit;\n if (tokenStoreInit === 'nextjs-cookie' \|\| tokenStoreInit === 'cookie') {\n return await createCookieHelper();\n } else {\n return await createPlaceholderCookieHelper();\n }\n }\n\n /* @deprecated Used by legacy getConnectedAccount(providerId) — combines user check + token check + redirect into one cache /\n protected async _getUserOAuthConnectionCacheFn(options: {\n getUser: () => Promise<CurrentUserCrud['Client']['Read'] \| null>,\n getOrWaitOAuthToken: () => Promise<{ accessToken: string } \| null>,\n useOAuthToken: () => { accessToken: string } \| null,\n providerId: ProviderType,\n scope: string \| null,\n } & ({ redirect: true, session: InternalSession \| null } \| { redirect: false }),): Promise<DeprecatedOAuthConnection \| null> {\n const user = await options.getUser();\n let hasConnection = true;\n if (!user \|\| !user.oauth_providers.find((p) => p.id === options.providerId)) {\n hasConnection = false;\n }\n\n const token = await options.getOrWaitOAuthToken();\n if (!token) {\n hasConnection = false;\n }\n\n if (!hasConnection && options.redirect) {\n if (!options.session) {\n throw new Error(deindent`\n Cannot add new scopes to a user that is not a CurrentUser. Please ensure that you are calling this function on a CurrentUser object, or remove the 'or: redirect' option.\n\n Often, you can solve this by calling this function in the browser instead, or by removing the 'or: redirect' option and dealing with the case where the user doesn't have enough permissions.\n `);\n }\n const location = await getNewOAuthProviderOrScopeUrl(\n this._interface,\n {\n provider: options.providerId,\n redirectUrl: this.urls.oauthCallback,\n errorRedirectUrl: this.urls.error,\n providerScope: mergeScopeStrings(options.scope \|\| \"\", (this._oauthScopesOnSignIn[options.providerId] ?? []).join(\" \")),\n },\n options.session,\n );\n await this._redirectTo({ url: location });\n return await neverResolve();\n } else if (!hasConnection) {\n return null;\n }\n\n // Find the matching oauth provider to get the providerAccountId\n // At this point, user is guaranteed to be non-null because we returned early if !hasConnection\n const matchingProvider = user!.oauth_providers.find((p) => p.id === options.providerId);\n const providerAccountId = matchingProvider?.account_id ?? \"\";\n\n return {\n id: options.providerId, // deprecated, for backward compat\n provider: options.providerId,\n providerAccountId,\n async getAccessToken() {\n const result = await options.getOrWaitOAuthToken();\n if (!result) {\n throw new StackAssertionError(`Failed to retrieve an access token for this connected account (provider: ${options.providerId}). This usually means the OAuth refresh token has been revoked or expired. The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`);\n }\n return result;\n },\n useAccessToken() {\n const result = options.useOAuthToken();\n if (!result) {\n throw new StackAssertionError(`Failed to retrieve an access token for this connected account (provider: ${options.providerId}). This usually means the OAuth refresh token has been revoked or expired. The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`);\n }\n return result;\n }\n };\n }\n\n protected _createOAuthConnectionFromCrudItem(\n item: { provider: string, provider_account_id: string },\n session: InternalSession,\n ): OAuthConnection {\n const app = this;\n const providerId = item.provider;\n const providerAccountId = item.provider_account_id;\n return {\n id: providerId, // deprecated, for backward compat\n provider: providerId,\n providerAccountId,\n async getAccessToken(options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const result = Result.orThrow(await app._currentUserOAuthConnectionAccessTokensByAccountCache.getOrWait([session, providerId, providerAccountId, scopeString], \"write-only\"));\n if (!result) {\n const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : \"The OAuth refresh token has likely been revoked or expired.\";\n return Result.error(new KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`));\n }\n return Result.ok(result);\n },\n useAccessToken(options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const result = useAsyncCache(app._currentUserOAuthConnectionAccessTokensByAccountCache, [session, providerId, providerAccountId, scopeString] as const, \"connection.useAccessToken()\");\n if (!result) {\n const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : \"The OAuth refresh token has likely been revoked or expired.\";\n return Result.error(new KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`));\n }\n return Result.ok(result);\n },\n };\n }\n\n constructor(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>, extraOptions?: { uniqueIdentifier?: string, checkString?: string, interface?: StackClientInterface }) {\n const resolvedOptions = resolveConstructorOptions(options);\n\n if (!_StackClientAppImplIncomplete.LazyStackAdminAppImpl.value) {\n throw new StackAssertionError(\"Admin app implementation not initialized. Did you import the _StackClientApp from stack-app/apps/implementations/index.ts? You can't import it directly from ./apps/implementations/client-app-impl.ts as that causes a circular dependency (see the comment at _LazyStackAdminAppImpl for more details).\");\n }\n\n this._options = resolvedOptions;\n this._extraOptions = extraOptions;\n\n const projectId = resolvedOptions.projectId ?? getDefaultProjectId();\n if (projectId !== \"internal\" && !(projectId.match(/^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i))) {\n throw new Error(`Invalid project ID: ${projectId}. Project IDs must be UUIDs. Please check your environment variables and/or your StackApp.`);\n }\n\n const publishableClientKey = resolvedOptions.publishableClientKey ?? getDefaultPublishableClientKey();\n\n if (extraOptions && extraOptions.interface) {\n this._interface = extraOptions.interface;\n } else {\n const apiUrls = resolveApiUrls(resolvedOptions.baseUrl);\n this._interface = new StackClientInterface({\n getBaseUrl: () => apiUrls()[0],\n getAnalyticsBaseUrl: () => getAnalyticsBaseUrl(apiUrls()[0]),\n getApiUrls: apiUrls,\n extraRequestHeaders: resolvedOptions.extraRequestHeaders ?? getDefaultExtraRequestHeaders(),\n projectId,\n clientVersion,\n ...(publishableClientKey != null ? { publishableClientKey } : {}),\n prepareRequest: async () => {\n }\n });\n }\n\n this._tokenStoreInit = resolvedOptions.tokenStore;\n this._redirectMethod = resolvedOptions.redirectMethod \|\| (isBrowserLike() ? \"window\" : \"none\");\n this._redirectMethod = resolvedOptions.redirectMethod \|\| \"tanstack-start\"; // THIS_LINE_PLATFORM tanstack-start\n this._urlOptions = resolvedOptions.urls ?? {};\n this._oauthScopesOnSignIn = resolvedOptions.oauthScopesOnSignIn ?? {};\n if (isBrowserLike() && (resolvedOptions.tokenStore === \"cookie\" \|\| resolvedOptions.tokenStore === \"nextjs-cookie\")) {\n runAsynchronously(this._trustedParentDomainCache.getOrWait([window.location.hostname], \"write-only\"));\n this._ensureCrossSubdomainCookieExists();\n }\n\n if (extraOptions && extraOptions.uniqueIdentifier) {\n this._uniqueIdentifier = extraOptions.uniqueIdentifier;\n this._initUniqueIdentifier();\n }\n\n this._analyticsOptions = resolvedOptions.analytics;\n\n const getAnalyticsSession = async (): Promise<InternalSession> => {\n this._ensurePersistentTokenStore();\n const partialUser = await this.getPartialUser({ from: 'token', or: 'anonymous-if-exists' });\n if (partialUser) {\n return await this._getSession();\n }\n const anonUser = await this.getUser({ or: \"anonymous\" });\n return anonUser._internalSession;\n };\n\n const analyticsEnabled = this._analyticsOptions?.enabled !== false;\n\n if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore() && this._analyticsOptions?.replays?.enabled === true) {\n this._sessionRecorder = new SessionRecorder({\n projectId: this.projectId,\n sendBatch: async (body, opts) => {\n return await this._interface.sendSessionReplayBatch(body, await getAnalyticsSession(), opts);\n },\n }, this._analyticsOptions.replays);\n this._sessionRecorder.start();\n }\n\n if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore()) {\n this._eventTracker = new EventTracker({\n projectId: this.projectId,\n sendBatch: async (body, opts) => {\n return await this._interface.sendAnalyticsEventBatch(body, await getAnalyticsSession(), opts);\n },\n });\n this._eventTracker.start();\n }\n\n if (isBrowserLike() && resolvedOptions.devTool !== false) {\n mountDevTool(this as any);\n }\n }\n\n protected _initUniqueIdentifier() {\n if (!this._uniqueIdentifier) {\n throw new StackAssertionError(\"Unique identifier not initialized\");\n }\n if (allClientApps.has(this._uniqueIdentifier)) {\n throw new StackAssertionError(\"A Stack client app with the same unique identifier already exists\");\n }\n allClientApps.set(this._uniqueIdentifier, [this._extraOptions?.checkString ?? undefined, this]);\n }\n\n /\n Cloudflare workers does not allow use of randomness on the global scope (on which the Stack app is probably\n * initialized). For that reason, we generate the unique identifier lazily when it is first needed instead of in the\n * constructor.\n /\n protected _getUniqueIdentifier() {\n if (!this._uniqueIdentifier) {\n this._uniqueIdentifier = generateUuid();\n this._initUniqueIdentifier();\n }\n return this._uniqueIdentifier!;\n }\n\n protected async _checkFeatureSupport(name: string, options: any) {\n return await this._interface.checkFeatureSupport({ ...options, name });\n }\n\n protected _useCheckFeatureSupport(name: string, options: any): never {\n runAsynchronously(this._checkFeatureSupport(name, options));\n throw new StackAssertionError(`${name} is not currently supported. Please reach out to Stack support for more information.`);\n }\n\n protected _memoryTokenStore = createEmptyTokenStore();\n protected _nextServerCookiesTokenStores = new WeakMap<object, Store<TokenObject>>();\n protected _requestTokenStores = new WeakMap<RequestLike, Store<TokenObject>>();\n protected _storedBrowserCookieTokenStore: Store<TokenObject> \| null = null;\n private _mostRecentQueuedCookieRefreshIndex: number = 0;\n protected get _legacyRefreshTokenCookieName() {\n return `stack-refresh-${this.projectId}`;\n }\n protected get _refreshTokenCookieName() {\n return `stack-refresh-${this.projectId}`;\n }\n private _getRefreshTokenDefaultCookieNameForSecure(secure: boolean): string {\n return `${secure ? \"__Host-\" : \"\"}${this._refreshTokenCookieName}--default`;\n }\n private _getCustomRefreshCookieName(domain: string): string {\n const encoded = encodeBase32(new TextEncoder().encode(domain.toLowerCase()));\n return `${this._refreshTokenCookieName}--custom-${encoded}`;\n }\n private _getDomainFromCustomRefreshCookieName(name: string): string \| null {\n const prefix = `${this._refreshTokenCookieName}--custom-`;\n if (!name.startsWith(prefix)) return null;\n try {\n return new TextDecoder().decode(decodeBase32(name.slice(prefix.length)));\n } catch {\n return null;\n }\n }\n private _formatRefreshCookieValue(refreshToken: string, updatedAt: number): string {\n return JSON.stringify({\n refresh_token: refreshToken,\n updated_at_millis: updatedAt,\n });\n }\n private _formatAccessCookieValue(refreshToken: string \| null, accessToken: string \| null): string \| null {\n return refreshToken && accessToken ? JSON.stringify([refreshToken, accessToken]) : null;\n }\n private _parseStructuredRefreshCookie(value: string \| undefined): { refreshToken: string, updatedAt: number \| null } \| null {\n if (!value) {\n return null;\n }\n const parsed = parseJson(value);\n if (parsed.status !== \"ok\" \|\| typeof parsed.data !== \"object\" \|\| parsed.data === null) {\n console.warn(\"Failed to parse structured refresh cookie\");\n return null;\n }\n const data = parsed.data;\n const refreshToken = \"refresh_token\" in data && typeof data.refresh_token === \"string\" ? data.refresh_token : null;\n const updatedAt = \"updated_at_millis\" in data && typeof data.updated_at_millis === \"number\" ? data.updated_at_millis : null;\n if (!refreshToken) {\n console.warn(\"Refresh token not found in structured refresh cookie\");\n return null;\n }\n return {\n refreshToken,\n updatedAt,\n };\n\n }\n private _extractRefreshTokenFromCookieMap(cookies: cookie.Cookies): { refreshToken: string \| null, updatedAt: number \| null } {\n const { legacyNames, structuredPrefixes } = this._getRefreshTokenCookieNamePatterns();\n for (const name of legacyNames) {\n const value = cookies[name];\n if (value) {\n return { refreshToken: value, updatedAt: null };\n }\n }\n\n let selected: { refreshToken: string, updatedAt: number \| null } \| null = null;\n for (const [name, value] of Object.entries(cookies)) {\n if (!structuredPrefixes.some(prefix => name.startsWith(prefix))) continue;\n const parsed = this._parseStructuredRefreshCookie(value);\n if (!parsed) continue;\n const candidateUpdatedAt = parsed.updatedAt ?? Number.NEGATIVE_INFINITY;\n const selectedUpdatedAt = selected?.updatedAt ?? Number.NEGATIVE_INFINITY;\n if (!selected \|\| candidateUpdatedAt > selectedUpdatedAt) {\n selected = parsed;\n }\n }\n\n if (!selected) {\n return { refreshToken: null, updatedAt: null };\n }\n\n return {\n refreshToken: selected.refreshToken,\n updatedAt: selected.updatedAt ?? null,\n };\n }\n protected _getTokensFromCookies(cookies: cookie.Cookies): TokenObject {\n const { refreshToken } = this._extractRefreshTokenFromCookieMap(cookies);\n const accessTokenCookie = cookies[this._accessTokenCookieName] ?? null;\n let accessToken: string \| null = null;\n if (accessTokenCookie && accessTokenCookie.startsWith('[\\\"')) {\n const parsed = parseJson(accessTokenCookie);\n if (\n parsed.status === \"ok\" &&\n typeof parsed.data === \"object\" &&\n parsed.data !== null &&\n Array.isArray(parsed.data) &&\n parsed.data.length === 2 &&\n typeof parsed.data[0] === \"string\" &&\n typeof parsed.data[1] === \"string\"\n ) {\n if (parsed.data[0] === refreshToken) {\n accessToken = parsed.data[1];\n }\n } else {\n console.warn(\"Access token cookie has invalid format\");\n }\n }\n return {\n refreshToken,\n accessToken,\n };\n }\n protected get _accessTokenCookieName() {\n // The access token, unlike the refresh token, should not depend on the project ID. We never want to store the\n // access token in cookies more than once because of how big it is (there's a limit of 4096 bytes for all cookies\n // together). This means that, if you have multiple projects on the same domain, some of them will need to refetch\n // the access token on page reload.\n return `stack-access`;\n }\n private _getAllBrowserCookies(): cookie.Cookies {\n if (!isBrowserLike()) {\n throw new StackAssertionError(\"Cannot get browser cookies on the server!\");\n }\n return cookie.parseCookie(document.cookie \|\| \"\");\n }\n private _getRefreshTokenCookieNamePatterns(): { legacyNames: string[], structuredPrefixes: string[] } {\n return {\n legacyNames: [this._legacyRefreshTokenCookieName, \"stack-refresh\"],\n structuredPrefixes: [\n `${this._refreshTokenCookieName}--`,\n `__Host-${this._refreshTokenCookieName}--`,\n ],\n };\n }\n private _collectRefreshTokenCookieNames(cookies: cookie.Cookies): Set<string> {\n const { legacyNames, structuredPrefixes } = this._getRefreshTokenCookieNamePatterns();\n const names = new Set<string>();\n for (const name of legacyNames) {\n if (cookies[name]) {\n names.add(name);\n }\n }\n for (const name of Object.keys(cookies)) {\n if (structuredPrefixes.some(prefix => name.startsWith(prefix))) {\n names.add(name);\n }\n }\n return names;\n }\n private _prepareRefreshCookieUpdate(\n existingCookies: cookie.Cookies,\n refreshToken: string \| null,\n accessToken: string \| null,\n defaultCookieName: string,\n ) {\n const cookieNames = this._collectRefreshTokenCookieNames(existingCookies);\n cookieNames.delete(defaultCookieName);\n const updatedAt = refreshToken ? Date.now() : null;\n const refreshCookieValue = refreshToken && updatedAt !== null ? this._formatRefreshCookieValue(refreshToken, updatedAt) : null;\n const accessTokenPayload = this._formatAccessCookieValue(refreshToken, accessToken);\n return {\n updatedAt,\n refreshCookieValue,\n accessTokenPayload,\n cookieNamesToDelete: [...cookieNames],\n };\n }\n\n private _ensureCrossSubdomainCookieExists() {\n runAsynchronously(async () => {\n const hostname = window.location.hostname;\n const domain = await this._trustedParentDomainCache.getOrWait([hostname], \"read-write\");\n if (domain.status === \"error\" \|\| !domain.data) {\n return;\n }\n const cookies = this._getAllBrowserCookies();\n const customCookieName = this._getCustomRefreshCookieName(domain.data);\n if (cookies[customCookieName]) {\n return;\n }\n const { refreshToken, updatedAt } = this._extractRefreshTokenFromCookieMap(cookies);\n if (refreshToken && updatedAt) {\n const value = this._formatRefreshCookieValue(refreshToken, updatedAt);\n setOrDeleteCookieClient(customCookieName, value, { maxAge: 60 60 * 24 * 365, domain: domain.data });\n }\n });\n }\n private _queueCustomRefreshCookieUpdate(refreshToken: string \| null, updatedAt: number \| null, context: \"browser\" \| \"server\") {\n runAsynchronously(async () => {\n this._mostRecentQueuedCookieRefreshIndex++;\n const updateIndex = this._mostRecentQueuedCookieRefreshIndex;\n let hostname;\n if (isBrowserLike()) {\n hostname = window.location.hostname;\n } else {\n hostname = await getServerRequestHost();\n }\n if (!hostname) {\n console.warn(\"No hostname found when queueing custom refresh cookie update\");\n return;\n }\n const domain = await this._trustedParentDomainCache.getOrWait([hostname], \"read-write\");\n\n const cookieOptions = { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true };\n const setCookie = async (targetDomain: string, value: string \| null) => {\n const name = this._getCustomRefreshCookieName(targetDomain);\n const options = { ...cookieOptions, domain: targetDomain };\n if (context === \"browser\") {\n setOrDeleteCookieClient(name, value, options);\n } else {\n await setOrDeleteCookie(name, value, options);\n }\n };\n\n if (domain.status === \"error\" \|\| !domain.data \|\| updateIndex !== this._mostRecentQueuedCookieRefreshIndex) {\n return;\n }\n const value = refreshToken && updatedAt ? this._formatRefreshCookieValue(refreshToken, updatedAt) : null;\n await setCookie(domain.data, value);\n const isSecure = await isSecureCookieContext();\n await setOrDeleteCookie(this._getRefreshTokenDefaultCookieNameForSecure(isSecure), null, cookieOptions);\n });\n }\n private async _getTrustedParentDomain(currentDomain: string): Promise<string \| null> {\n const project = Result.orThrow(await this._interface.getClientProject());\n const domains = project.config.domains.map(d => d.domain.trim().replace(/^https?:\\/\\//, \"\").split(\"/\")[0]?.toLowerCase());\n const trustedWildcards = domains.filter(d => d.startsWith(\".\"));\n const parts = currentDomain.split('.');\n for (let i = parts.length - 2; i >= 0; i--) {\n const parentDomain = parts.slice(i).join('.');\n if (domains.includes(parentDomain) && trustedWildcards.includes(\".\" + parentDomain)) {\n return parentDomain;\n }\n }\n\n return null;\n }\n\n protected _getBrowserCookieTokenStore(): Store<TokenObject> {\n if (!isBrowserLike()) {\n throw new Error(\"Cannot use cookie token store on the server!\");\n }\n\n if (this._storedBrowserCookieTokenStore === null) {\n const getCurrentValue = (old: TokenObject \| null) => {\n const tokens = this._getTokensFromCookies(this._getAllBrowserCookies());\n return {\n refreshToken: tokens.refreshToken,\n accessToken: tokens.accessToken ?? (old?.refreshToken === tokens.refreshToken ? old.accessToken : null),\n };\n };\n this._storedBrowserCookieTokenStore = new Store<TokenObject>(getCurrentValue(null));\n let hasSucceededInWriting = true;\n\n setInterval(() => {\n if (hasSucceededInWriting) {\n const oldValue = this._storedBrowserCookieTokenStore!.get();\n const currentValue = getCurrentValue(oldValue);\n if (!deepPlainEquals(currentValue, oldValue)) {\n this._storedBrowserCookieTokenStore!.set(currentValue);\n }\n }\n }, 100);\n this._storedBrowserCookieTokenStore.onChange((value) => {\n try {\n const refreshToken = value.refreshToken;\n const secure = window.location.protocol === \"https:\";\n const defaultName = this._getRefreshTokenDefaultCookieNameForSecure(secure);\n const { updatedAt, refreshCookieValue, accessTokenPayload, cookieNamesToDelete } = this._prepareRefreshCookieUpdate(\n this._getAllBrowserCookies(),\n refreshToken,\n value.accessToken ?? null,\n defaultName,\n );\n setOrDeleteCookieClient(defaultName, refreshCookieValue, { maxAge: 60 * 60 * 24 * 365, secure });\n setOrDeleteCookieClient(this._accessTokenCookieName, accessTokenPayload, { maxAge: 60 * 60 * 24 });\n cookieNamesToDelete.forEach((name) => {\n const domain = this._getDomainFromCustomRefreshCookieName(name);\n deleteCookieClient(name, domain ? { domain } : {});\n });\n this._queueCustomRefreshCookieUpdate(refreshToken, updatedAt, \"browser\");\n hasSucceededInWriting = true;\n } catch (e) {\n if (!isBrowserLike()) {\n // Setting cookies inside RSCs is not allowed, so we just ignore it\n hasSucceededInWriting = false;\n } else {\n throw e;\n }\n }\n });\n }\n\n return this._storedBrowserCookieTokenStore;\n };\n protected _getOrCreateTokenStore(cookieHelper: CookieHelper, overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject> {\n const tokenStoreInit = overrideTokenStoreInit === undefined ? this._tokenStoreInit : overrideTokenStoreInit;\n\n switch (tokenStoreInit) {\n case \"cookie\": {\n if (!isBrowserLike()) {\n return this._getOrCreateTokenStore(cookieHelper, \"nextjs-cookie\");\n }\n return this._getBrowserCookieTokenStore();\n }\n case \"nextjs-cookie\": {\n if (isBrowserLike()) {\n return this._getBrowserCookieTokenStore();\n } else {\n const tokens = this._getTokensFromCookies(cookieHelper.getAll());\n const store = new Store<TokenObject>(tokens);\n store.onChange((value) => {\n runAsynchronously(async () => {\n // TODO HACK this is a bit of a hack; while the order happens to work in practice (because the only actual\n // async operation is waiting for the `cookies()` to resolve which always happens at the same time during\n // the same request), it's not guaranteed to be free of race conditions if there are many updates happening\n // at the same time\n //\n // instead, we should create a per-request cookie helper outside of the store onChange and reuse that\n //\n // but that's kinda hard to do because Next.js doesn't expose a documented way to find out which request\n // we're currently processing, and hence we can't find out which per-request cookie helper to use\n //\n // so hack it is\n const refreshToken = value.refreshToken;\n const secure = await isSecureCookieContext();\n const defaultName = this._getRefreshTokenDefaultCookieNameForSecure(secure);\n const { updatedAt, refreshCookieValue, accessTokenPayload, cookieNamesToDelete } = this._prepareRefreshCookieUpdate(\n cookieHelper.getAll(),\n refreshToken,\n value.accessToken ?? null,\n defaultName,\n );\n await Promise.all([\n setOrDeleteCookie(defaultName, refreshCookieValue, { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true }),\n setOrDeleteCookie(this._accessTokenCookieName, accessTokenPayload, { maxAge: 60 * 60 * 24, noOpIfServerComponent: true }),\n ]);\n if (cookieNamesToDelete.length > 0) {\n await Promise.all(\n cookieNamesToDelete.map((name) => {\n const domain = this._getDomainFromCustomRefreshCookieName(name);\n return deleteCookie(name, { noOpIfServerComponent: true, ...(domain ? { domain } : {}) });\n }),\n );\n }\n this._queueCustomRefreshCookieUpdate(refreshToken, updatedAt, \"server\");\n });\n });\n return store;\n }\n }\n case \"memory\": {\n return this._memoryTokenStore;\n }\n default: {\n if (tokenStoreInit === null) {\n return createEmptyTokenStore();\n } else if (typeof tokenStoreInit === \"object\" && \"headers\" in tokenStoreInit) {\n if (this._requestTokenStores.has(tokenStoreInit)) return this._requestTokenStores.get(tokenStoreInit)!;\n\n // Authorization header (recommended)\n const authorizationHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"authorization\");\n if (authorizationHeader) {\n const authJson = getAuthJsonFromAuthorizationHeaderValue(authorizationHeader);\n if (authJson != null) {\n const tokenStore = new Store<TokenObject>({\n accessToken: authJson.accessToken,\n refreshToken: authJson.refreshToken,\n });\n this._requestTokenStores.set(tokenStoreInit, tokenStore);\n return tokenStore;\n }\n }\n\n // x-stack-auth header (legacy)\n const stackAuthHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"x-stack-auth\");\n if (stackAuthHeader) {\n let parsed;\n try {\n parsed = JSON.parse(stackAuthHeader);\n if (typeof parsed !== \"object\") throw new Error(\"x-stack-auth header must be a JSON object\");\n if (parsed === null) throw new Error(\"x-stack-auth header must not be null\");\n } catch (e) {\n throw new Error(\"Invalid x-stack-auth header.\", { cause: e });\n }\n return this._getOrCreateTokenStore(cookieHelper, {\n accessToken: parsed.accessToken ?? null,\n refreshToken: parsed.refreshToken ?? null,\n });\n }\n\n // read from cookies\n const cookieHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"cookie\");\n const parsed = cookie.parseCookie(cookieHeader \|\| \"\");\n const res = new Store<TokenObject>(this._getTokensFromCookies(parsed));\n this._requestTokenStores.set(tokenStoreInit, res);\n return res;\n } else if (\"accessToken\" in tokenStoreInit \|\| \"refreshToken\" in tokenStoreInit) {\n return new Store<TokenObject>({\n refreshToken: tokenStoreInit.refreshToken,\n accessToken: tokenStoreInit.accessToken,\n });\n }\n\n throw new Error(`Invalid token store ${tokenStoreInit}`);\n }\n }\n }\n\n protected _useTokenStore(overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject> {\n if (!isBrowserLike()) {\n return this._getOrCreateTokenStore(use(createCookieHelper()), overrideTokenStoreInit);\n }\n suspendIfSsr();\n const cookieHelper = createBrowserCookieHelper();\n const tokenStore = this._getOrCreateTokenStore(cookieHelper, overrideTokenStoreInit);\n return tokenStore;\n }\n\n /*\n A map from token stores and session keys to sessions.\n \n This isn't just a map from session keys to sessions for two reasons:\n \n - So we can garbage-collect Session objects when the token store is garbage-collected\n * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object\n /\n private _sessionsByTokenStoreAndSessionKey = new WeakMap<Store<TokenObject>, Map<string, InternalSession>>();\n protected _getSessionFromTokenStore(tokenStore: Store<TokenObject>): InternalSession {\n const tokenObj = tokenStore.get();\n const sessionKey = InternalSession.calculateSessionKey(tokenObj);\n const existing = sessionKey ? this._sessionsByTokenStoreAndSessionKey.get(tokenStore)?.get(sessionKey) : null;\n if (existing) return existing;\n\n const session = this._interface.createSession({\n refreshToken: tokenObj.refreshToken,\n accessToken: tokenObj.accessToken,\n });\n session.onAccessTokenChange((newAccessToken) => {\n tokenStore.update((old) => ({\n ...old,\n accessToken: newAccessToken?.token ?? null\n }));\n });\n session.onInvalidate(() => {\n tokenStore.update((old) => ({\n ...old,\n accessToken: null,\n refreshToken: null,\n }));\n });\n\n let sessionsBySessionKey = this._sessionsByTokenStoreAndSessionKey.get(tokenStore) ?? new Map();\n this._sessionsByTokenStoreAndSessionKey.set(tokenStore, sessionsBySessionKey);\n sessionsBySessionKey.set(sessionKey, session);\n return session;\n }\n\n protected async _getSession(overrideTokenStoreInit?: TokenStoreInit): Promise<InternalSession> {\n const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper(overrideTokenStoreInit), overrideTokenStoreInit);\n const session = this._getSessionFromTokenStore(tokenStore);\n return session;\n }\n\n protected _useSession(overrideTokenStoreInit?: TokenStoreInit): InternalSession {\n const tokenStore = this._useTokenStore(overrideTokenStoreInit);\n const subscribe = useCallback((cb: () => void) => {\n return subscribeSessionRefresh({\n tokenStore,\n getSession: () => this._getSessionFromTokenStore(tokenStore),\n onTokenStoreChange: cb,\n });\n }, [tokenStore]);\n const getSnapshot = useCallback(() => this._getSessionFromTokenStore(tokenStore), [tokenStore]);\n return React.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);\n }\n\n protected async _signInToAccountWithTokens(tokens: { accessToken: string \| null, refreshToken: string }) {\n if (!(\"accessToken\" in tokens) \|\| !(\"refreshToken\" in tokens)) {\n throw new StackAssertionError(\"Invalid tokens object; can't sign in with this\", { tokens });\n }\n const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper());\n tokenStore.set(tokens);\n\n // Pre-fetch the current user for the new session so the cache is already\n // populated when useUser() re-renders, avoiding a stale-cache render cycle.\n const newSession = this._getSessionFromTokenStore(tokenStore);\n this._currentUserCache.getOrWait([newSession], \"write-only\").catch(() => {});\n }\n\n protected _hasPersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): this is StackClientApp<true, ProjectId> {\n return (overrideTokenStoreInit !== undefined ? overrideTokenStoreInit : this._tokenStoreInit) !== null;\n }\n\n protected _ensurePersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): asserts this is StackClientApp<true, ProjectId> {\n if (!this._hasPersistentTokenStore(overrideTokenStoreInit)) {\n throw new Error(\"Cannot call this function on a Stack app without a persistent token store. Make sure the tokenStore option on the constructor is set to a non-null value when initializing Stack.\\n\\nStack uses token stores to access access tokens of the current user. For example, on web frontends it is commonly the string value 'cookies' for cookie storage.\");\n }\n }\n\n protected _isInternalProject(): this is { projectId: \"internal\" } {\n return this.projectId === \"internal\";\n }\n\n protected _ensureInternalProject(): asserts this is { projectId: \"internal\" } {\n if (!this._isInternalProject()) {\n throw new Error(\"Cannot call this function on a Stack app with a project ID other than 'internal'.\");\n }\n }\n\n protected _clientProjectFromCrud(crud: ClientProjectsCrud['Client']['Read']): Project {\n return {\n id: crud.id,\n displayName: crud.display_name,\n config: {\n signUpEnabled: crud.config.sign_up_enabled,\n credentialEnabled: crud.config.credential_enabled,\n magicLinkEnabled: crud.config.magic_link_enabled,\n passkeyEnabled: crud.config.passkey_enabled,\n clientTeamCreationEnabled: crud.config.client_team_creation_enabled,\n clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,\n allowTeamApiKeys: crud.config.allow_team_api_keys,\n allowUserApiKeys: crud.config.allow_user_api_keys,\n oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({\n id: p.id,\n })),\n }\n };\n }\n\n protected _clientPermissionFromCrud(crud: TeamPermissionsCrud['Client']['Read'] \| ProjectPermissionsCrud['Client']['Read']): TeamPermission {\n return {\n id: crud.id,\n };\n }\n\n protected _clientTeamUserFromCrud(crud: TeamMemberProfilesCrud['Client']['Read']): TeamUser {\n return {\n id: crud.user_id,\n teamProfile: {\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n }\n };\n }\n\n protected _clientSentTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): SentTeamInvitation {\n return {\n id: crud.id,\n recipientEmail: crud.recipient_email,\n expiresAt: new Date(crud.expires_at_millis),\n revoke: async () => {\n await this._interface.revokeTeamInvitation(crud.id, crud.team_id, session);\n await this._teamInvitationsCache.refresh([session, crud.team_id]);\n },\n };\n }\n\n protected _clientReceivedTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): ReceivedTeamInvitation {\n const app = this;\n return {\n id: crud.id,\n teamId: crud.team_id,\n teamDisplayName: crud.team_display_name,\n recipientEmail: crud.recipient_email,\n expiresAt: new Date(crud.expires_at_millis),\n accept: async () => {\n await app._interface.acceptTeamInvitationById(crud.id, session);\n await Promise.all([\n app._currentUserTeamInvitationsCache.refresh([session]),\n app._currentUserTeamsCache.refresh([session]),\n app._teamInvitationsCache.refresh([session, crud.team_id]),\n ]);\n },\n };\n }\n\n protected _baseApiKeyFromCrud(\n crud: TeamApiKeysCrud['Client']['Read'] \| UserApiKeysCrud['Client']['Read'] \| yup.InferType<typeof teamApiKeysCreateOutputSchema> \| yup.InferType<typeof userApiKeysCreateOutputSchema>\n ): Omit<ApiKey<\"user\", boolean>, \"revoke\" \| \"update\"> \| Omit<ApiKey<\"team\", boolean>, \"revoke\" \| \"update\"> {\n return {\n id: crud.id,\n description: crud.description,\n expiresAt: crud.expires_at_millis ? new Date(crud.expires_at_millis) : undefined,\n manuallyRevokedAt: crud.manually_revoked_at_millis ? new Date(crud.manually_revoked_at_millis) : null,\n createdAt: new Date(crud.created_at_millis),\n ...(crud.type === \"team\" ? { type: \"team\", teamId: crud.team_id } : { type: \"user\", userId: crud.user_id }),\n value: typeof crud.value === \"string\" ? crud.value : {\n lastFour: crud.value.last_four,\n },\n isValid: function () {\n return this.whyInvalid() === null;\n },\n whyInvalid: function () {\n if (this.manuallyRevokedAt) {\n return \"manually-revoked\";\n }\n if (this.expiresAt && this.expiresAt < new Date()) {\n return \"expired\";\n }\n return null;\n },\n };\n }\n\n\n protected _clientApiKeyFromCrud(session: InternalSession, crud: TeamApiKeysCrud['Client']['Read']): ApiKey<\"team\">;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: UserApiKeysCrud['Client']['Read']): ApiKey<\"user\">;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof teamApiKeysCreateOutputSchema>): ApiKey<\"team\", true>;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof userApiKeysCreateOutputSchema>): ApiKey<\"user\", true>;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: TeamApiKeysCrud['Client']['Read'] \| UserApiKeysCrud['Client']['Read'] \| yup.InferType<typeof teamApiKeysCreateOutputSchema> \| yup.InferType<typeof userApiKeysCreateOutputSchema>): ApiKey<\"user\" \| \"team\", boolean> {\n return {\n ...this._baseApiKeyFromCrud(crud),\n async revoke() {\n await this.update({ revoked: true });\n },\n update: async (options: ApiKeyUpdateOptions) => {\n await this._interface.updateProjectApiKey(crud.type === \"team\" ? { team_id: crud.team_id } : { user_id: crud.user_id }, crud.id, options, session, \"client\");\n if (crud.type === \"team\") {\n await this._teamApiKeysCache.refresh([session, crud.team_id]);\n } else {\n await this._userApiKeysCache.refresh([session]);\n }\n },\n };\n }\n\n protected _clientTeamFromCrud(crud: TeamsCrud['Client']['Read'], session: InternalSession): Team {\n const app = this;\n return {\n id: crud.id,\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n clientMetadata: crud.client_metadata,\n clientReadOnlyMetadata: crud.client_read_only_metadata,\n ...this._createCustomer(crud.id, \"team\", session),\n async inviteUser(options: { email: string, callbackUrl?: string }) {\n await app._interface.sendTeamInvitation({\n teamId: crud.id,\n email: options.email,\n session,\n callbackUrl: options.callbackUrl ?? constructRedirectUrl(app.urls.teamInvitation, \"callbackUrl\"),\n });\n await app._teamInvitationsCache.refresh([session, crud.id]);\n },\n async listUsers() {\n const result = Result.orThrow(await app._teamMemberProfilesCache.getOrWait([session, crud.id], \"write-only\"));\n return result.map((crud) => app._clientTeamUserFromCrud(crud));\n },\n useUsers() {\n const result = useAsyncCache(app._teamMemberProfilesCache, [session, crud.id] as const, \"team.useUsers()\");\n return result.map((crud) => app._clientTeamUserFromCrud(crud));\n },\n async listInvitations() {\n const result = Result.orThrow(await app._teamInvitationsCache.getOrWait([session, crud.id], \"write-only\"));\n return result.map((crud) => app._clientSentTeamInvitationFromCrud(session, crud));\n },\n useInvitations() {\n const result = useAsyncCache(app._teamInvitationsCache, [session, crud.id] as const, \"team.useInvitations()\");\n return result.map((crud) => app._clientSentTeamInvitationFromCrud(session, crud));\n },\n async update(data: TeamUpdateOptions) {\n await app._interface.updateTeam({ data: teamUpdateOptionsToCrud(data), teamId: crud.id }, session);\n await app._currentUserTeamsCache.refresh([session]);\n },\n async delete() {\n await app._interface.deleteTeam(crud.id, session);\n await app._currentUserTeamsCache.refresh([session]);\n },\n\n useApiKeys() {\n const result = useAsyncCache(app._teamApiKeysCache, [session, crud.id] as const, \"team.useApiKeys()\");\n return result.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async listApiKeys() {\n const results = Result.orThrow(await app._teamApiKeysCache.getOrWait([session, crud.id], \"write-only\"));\n return results.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async createApiKey(options: ApiKeyCreationOptions<\"team\">) {\n const result = await app._interface.createProjectApiKey(\n await apiKeyCreationOptionsToCrud(\"team\", crud.id, options),\n session,\n \"client\",\n );\n await app._teamApiKeysCache.refresh([session, crud.id]);\n return app._clientApiKeyFromCrud(session, result);\n },\n };\n }\n\n protected _clientContactChannelFromCrud(crud: ContactChannelsCrud['Client']['Read'], session: InternalSession): ContactChannel {\n const app = this;\n return {\n id: crud.id,\n value: crud.value,\n type: crud.type,\n isVerified: crud.is_verified,\n isPrimary: crud.is_primary,\n usedForAuth: crud.used_for_auth,\n\n async sendVerificationEmail(options?: { callbackUrl?: string }) {\n await app._interface.sendCurrentUserContactChannelVerificationEmail(\n crud.id,\n options?.callbackUrl \|\| constructRedirectUrl(app.urls.emailVerification, \"callbackUrl\"),\n session\n );\n },\n async update(data: ContactChannelUpdateOptions) {\n await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), session);\n await app._clientContactChannelsCache.refresh([session]);\n },\n async delete() {\n await app._interface.deleteClientContactChannel(crud.id, session);\n await app._clientContactChannelsCache.refresh([session]);\n },\n };\n }\n protected _clientNotificationCategoryFromCrud(crud: NotificationPreferenceCrud['Client']['Read'], session: InternalSession): NotificationCategory {\n const app = this;\n return {\n id: crud.notification_category_id,\n name: crud.notification_category_name,\n enabled: crud.enabled,\n canDisable: crud.can_disable,\n\n async setEnabled(enabled: boolean) {\n await app._interface.setNotificationsEnabled(crud.notification_category_id, enabled, session);\n await app._notificationCategoriesCache.refresh([session]);\n },\n };\n }\n protected _clientOAuthProviderFromCrud(crud: OAuthProviderCrud['Client']['Read'], session: InternalSession): OAuthProvider {\n const app = this;\n return {\n id: crud.id,\n type: crud.type,\n userId: crud.user_id,\n email: crud.email,\n allowSignIn: crud.allow_sign_in,\n allowConnectedAccounts: crud.allow_connected_accounts,\n\n async update(data: { allowSignIn?: boolean, allowConnectedAccounts?: boolean }): Promise<Result<void,\n InstanceType<typeof KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn>\n >> {\n try {\n await app._interface.updateOAuthProvider(\n crud.user_id,\n crud.id,\n {\n allow_sign_in: data.allowSignIn,\n allow_connected_accounts: data.allowConnectedAccounts,\n },\n session\n );\n await Promise.all([\n app._currentUserOAuthProvidersCache.refresh([session]),\n app._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n return Result.ok(undefined);\n } catch (error) {\n if (KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn.isInstance(error)) {\n return Result.error(error);\n }\n throw error;\n }\n },\n\n async delete() {\n await app._interface.deleteOAuthProvider(crud.user_id, crud.id, session);\n await Promise.all([\n app._currentUserOAuthProvidersCache.refresh([session]),\n app._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n },\n };\n }\n\n protected _clientItemFromCrud(crud: ItemCrud['Client']['Read']): Item {\n const app = this;\n return {\n displayName: crud.display_name,\n quantity: crud.quantity,\n nonNegativeQuantity: Math.max(0, crud.quantity),\n };\n }\n\n protected _customerProductsFromResponse(response: CustomerProductsListResponse): CustomerProductsList {\n const products = response.items.map((item) => ({\n id: item.id,\n quantity: item.quantity,\n displayName: item.product.display_name,\n customerType: item.product.customer_type,\n isServerOnly: item.product.server_only,\n stackable: item.product.stackable,\n type: item.type,\n subscription: item.subscription ? {\n subscriptionId: item.subscription.subscription_id,\n currentPeriodEnd: item.subscription.current_period_end ? new Date(item.subscription.current_period_end) : null,\n cancelAtPeriodEnd: item.subscription.cancel_at_period_end,\n isCancelable: item.subscription.is_cancelable,\n } : null,\n switchOptions: item.switch_options?.map((option) => ({\n productId: option.product_id,\n displayName: option.product.display_name,\n prices: option.product.prices,\n })),\n }));\n return Object.assign(products, { nextCursor: response.pagination.next_cursor ?? null });\n }\n\n protected _customerInvoicesFromResponse(response: CustomerInvoicesListResponse): CustomerInvoicesList {\n const invoices = response.items.map((item) => ({\n status: item.status as CustomerInvoiceStatus,\n amountTotal: item.amount_total,\n hostedInvoiceUrl: item.hosted_invoice_url,\n createdAt: new Date(item.created_at_millis),\n }));\n return Object.assign(invoices, { nextCursor: response.pagination.next_cursor ?? null });\n }\n\n protected _customerBillingFromResponse(response: {\n has_customer: boolean,\n default_payment_method: {\n id: string,\n brand: string \| null,\n last4: string \| null,\n exp_month: number \| null,\n exp_year: number \| null,\n } \| null,\n }): CustomerBilling {\n return {\n hasCustomer: response.has_customer,\n defaultPaymentMethod: response.default_payment_method,\n };\n }\n\n protected _createAuth(session: InternalSession): Auth {\n const app = this;\n return {\n _internalSession: session,\n currentSession: {\n async getTokens() {\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return {\n accessToken: tokens?.accessToken.token ?? null,\n refreshToken: tokens?.refreshToken?.token ?? null,\n };\n },\n useTokens() {\n const subscribe = useCallback((cb: () => void) => {\n const { unsubscribe: unsubscribeInvalidate } = session.onInvalidate(cb);\n const { unsubscribe: unsubscribeAccessTokenChange } = session.onAccessTokenChange(cb);\n return () => {\n unsubscribeInvalidate();\n unsubscribeAccessTokenChange();\n };\n }, [session]);\n const getSnapshot = useCallback(() => {\n return session.isKnownToBeInvalid()\n ? null\n : session.getAccessTokenIfNotExpiredYet(20_000, 75_000)?.token ?? null;\n }, [session]);\n\n let accessToken = React.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);\n if (accessToken === null && !session.isKnownToBeInvalid()) {\n // note: tokens is never actually assigned here in practice because getOrFetchLikelyValidTokens is always a fresh promise so the `use` hook always throws, but this is more idiomatic and makes the type checker happy\n accessToken = use(session.getOrFetchLikelyValidTokens(20_000, 75_000))?.accessToken.token ?? null;\n }\n return {\n accessToken,\n refreshToken: session.getRefreshToken()?.token ?? null,\n };\n },\n },\n async getAccessToken(): Promise<string \| null> {\n const tokens = await this.currentSession.getTokens();\n return tokens.accessToken;\n },\n useAccessToken(): string \| null {\n return this.currentSession.useTokens().accessToken;\n },\n async getRefreshToken(): Promise<string \| null> {\n const tokens = await this.currentSession.getTokens();\n return tokens.refreshToken;\n },\n useRefreshToken(): string \| null {\n return this.currentSession.useTokens().refreshToken;\n },\n async getAuthorizationHeader(): Promise<string \| null> {\n return getAuthorizationHeaderValueFromAuthJson(await this.getAuthJson());\n },\n useAuthorizationHeader(): string \| null {\n return getAuthorizationHeaderValueFromAuthJson(this.useAuthJson());\n },\n async getAuthHeaders(): Promise<{ \"x-stack-auth\": string }> {\n return {\n \"x-stack-auth\": JSON.stringify(await this.getAuthJson()),\n };\n },\n useAuthHeaders(): { \"x-stack-auth\": string } {\n return {\n \"x-stack-auth\": JSON.stringify(this.useAuthJson()),\n };\n },\n async getAuthJson(): Promise<{ accessToken: string \| null, refreshToken: string \| null }> {\n const tokens = await this.currentSession.getTokens();\n return tokens;\n },\n useAuthJson(): { accessToken: string \| null, refreshToken: string \| null } {\n return this.currentSession.useTokens();\n },\n signOut(options?: { redirectUrl?: URL \| string }) {\n return app._signOut(session, options);\n },\n };\n }\n\n protected _editableTeamProfileFromCrud(crud: TeamMemberProfilesCrud['Client']['Read'], session: InternalSession): EditableTeamMemberProfile {\n const app = this;\n return {\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n async update(update: { displayName?: string, profileImageUrl?: string }) {\n await app._interface.updateTeamMemberProfile({\n teamId: crud.team_id,\n userId: crud.user_id,\n profile: {\n display_name: update.displayName,\n profile_image_url: update.profileImageUrl,\n },\n }, session);\n await app._currentUserTeamProfileCache.refresh([session, crud.team_id]);\n }\n };\n }\n\n protected _createBaseUser(crud: NonNullable<CurrentUserCrud['Client']['Read']> \| UsersCrud['Server']['Read']): BaseUser {\n return {\n id: crud.id,\n displayName: crud.display_name,\n primaryEmail: crud.primary_email,\n primaryEmailVerified: crud.primary_email_verified,\n profileImageUrl: crud.profile_image_url,\n signedUpAt: new Date(crud.signed_up_at_millis),\n clientMetadata: crud.client_metadata,\n clientReadOnlyMetadata: crud.client_read_only_metadata,\n hasPassword: crud.has_password,\n emailAuthEnabled: crud.auth_with_email,\n otpAuthEnabled: crud.otp_auth_enabled,\n oauthProviders: crud.oauth_providers,\n passkeyAuthEnabled: crud.passkey_auth_enabled,\n isMultiFactorRequired: crud.requires_totp_mfa,\n isAnonymous: crud.is_anonymous,\n isRestricted: crud.is_restricted,\n restrictedReason: crud.restricted_reason,\n toClientJson(): CurrentUserCrud['Client']['Read'] {\n return crud;\n }\n };\n }\n\n protected _createUserExtraFromCurrent(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): UserExtra {\n const app = this;\n /\n @deprecated The string-based overloads are deprecated. Use `getOrLinkConnectedAccount` for redirect behavior,\n * or `getConnectedAccount({ provider, providerAccountId })` for existence check.\n /\n async function getConnectedAccount(id: ProviderType, options?: { scopes?: string[] }): Promise<DeprecatedOAuthConnection \| null>;\n async function getConnectedAccount(id: ProviderType, options: { or: 'redirect', scopes?: string[] }): Promise<DeprecatedOAuthConnection>;\n async function getConnectedAccount(account: { provider: string, providerAccountId: string }): Promise<OAuthConnection \| null>;\n async function getConnectedAccount(\n idOrAccount: ProviderType \| { provider: string, providerAccountId: string },\n options?: { or?: 'redirect', scopes?: string[] }\n ): Promise<DeprecatedOAuthConnection \| OAuthConnection \| null> {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n\n // Check if it's the new object-based API\n if (typeof idOrAccount === 'object' && 'provider' in idOrAccount && 'providerAccountId' in idOrAccount) {\n const { provider, providerAccountId } = idOrAccount;\n // Check if the account exists in the connected accounts list\n const connectedAccounts = Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const found = connectedAccounts.find(\n a => a.provider === provider && a.providerAccountId === providerAccountId\n );\n if (!found) {\n return null;\n }\n return found;\n }\n\n // Original behavior: by provider ID (returns first match)\n return Result.orThrow(await app._currentUserOAuthConnectionCache.getOrWait([session, idOrAccount, scopeString, options?.or === 'redirect'], \"write-only\"));\n }\n\n /\n @deprecated The string-based overloads are deprecated. Use `useOrLinkConnectedAccount` for redirect behavior,\n * or `useConnectedAccount({ provider, providerAccountId })` for existence check.\n /\n function useConnectedAccount(id: ProviderType, options?: { scopes?: string[] }): DeprecatedOAuthConnection \| null;\n function useConnectedAccount(id: ProviderType, options: { or: 'redirect', scopes?: string[] }): DeprecatedOAuthConnection;\n function useConnectedAccount(account: { provider: string, providerAccountId: string }): OAuthConnection \| null;\n function useConnectedAccount(\n idOrAccount: ProviderType \| { provider: string, providerAccountId: string },\n options?: { or?: 'redirect', scopes?: string[] }\n ): DeprecatedOAuthConnection \| OAuthConnection \| null {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n\n // Check if it's the new object-based API\n if (typeof idOrAccount === 'object' && 'provider' in idOrAccount && 'providerAccountId' in idOrAccount) {\n const { provider, providerAccountId } = idOrAccount;\n // Check if the account exists in the connected accounts list\n const connectedAccounts = useAsyncCache(\n app._currentUserConnectedAccountsCache,\n [session] as const,\n \"user.useConnectedAccount()\"\n );\n const found = connectedAccounts.find(\n a => a.provider === provider && a.providerAccountId === providerAccountId\n );\n return found ?? null;\n }\n\n // Original behavior: by provider ID (returns first match)\n return useAsyncCache(app._currentUserOAuthConnectionCache, [session, idOrAccount, scopeString, options?.or === 'redirect'] as const, \"user.useConnectedAccount()\");\n }\n return {\n async getActiveSessions() {\n const sessions = await app._interface.listSessions(session);\n return sessions.items.map((crud) => app._clientSessionFromCrud(crud));\n },\n async revokeSession(sessionId: string) {\n await app._interface.deleteSession(sessionId, session);\n },\n setDisplayName(displayName: string \| null) {\n return this.update({ displayName });\n },\n setClientMetadata(metadata: Record<string, any>) {\n return this.update({ clientMetadata: metadata });\n },\n async setSelectedTeam(team: Team \| string \| null) {\n await this.update({ selectedTeamId: typeof team === 'string' ? team : team?.id ?? null });\n },\n getConnectedAccount,\n useConnectedAccount, // THIS_LINE_PLATFORM react-like\n async listConnectedAccounts() {\n return Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n },\n useConnectedAccounts() {\n return useAsyncCache(app._currentUserConnectedAccountsCache, [session] as const, \"user.useConnectedAccounts()\");\n },\n async linkConnectedAccount(provider: string, options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const location = await getNewOAuthProviderOrScopeUrl(\n app._interface,\n {\n provider,\n redirectUrl: app.urls.oauthCallback,\n errorRedirectUrl: app.urls.error,\n providerScope: mergeScopeStrings(scopeString, (app._oauthScopesOnSignIn[provider as ProviderType] ?? []).join(\" \")),\n },\n session,\n );\n await app._redirectTo({ url: location });\n return await neverResolve();\n },\n async getOrLinkConnectedAccount(provider: string, options?: { scopes?: string[] }) {\n const connectedAccounts = Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const matchingAccounts = connectedAccounts.filter(a => a.provider === provider);\n\n for (const account of matchingAccounts) {\n const tokenResult = await account.getAccessToken({ scopes: options?.scopes });\n if (tokenResult.status === \"ok\") {\n return account;\n }\n }\n\n // No valid account found or all tokens unavailable — redirect to OAuth flow\n await this.linkConnectedAccount(provider, options);\n return await neverResolve();\n },\n useOrLinkConnectedAccount(provider: string, options?: { scopes?: string[] }): OAuthConnection {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n return useAsyncCache(app._currentUserValidConnectedAccountForProviderCache, [session, provider, scopeString] as const, \"user.useOrLinkConnectedAccount()\");\n },\n async getTeam(teamId: string) {\n const teams = await this.listTeams();\n return teams.find((t) => t.id === teamId) ?? null;\n },\n useTeam(teamId: string) {\n const teams = this.useTeams();\n return useMemo(() => {\n return teams.find((t) => t.id === teamId) ?? null;\n }, [teams, teamId]);\n },\n async listTeams() {\n const teams = Result.orThrow(await app._currentUserTeamsCache.getOrWait([session], \"write-only\"));\n return teams.map((crud) => app._clientTeamFromCrud(crud, session));\n },\n useTeams() {\n const teams = useAsyncCache(app._currentUserTeamsCache, [session], \"user.useTeams()\");\n return useMemo(() => teams.map((crud) => app._clientTeamFromCrud(crud, session)), [teams]);\n },\n async createTeam(data: TeamCreateOptions) {\n const crud = await app._interface.createClientTeam(teamCreateOptionsToCrud(data, 'me'), session);\n await app._currentUserTeamsCache.refresh([session]);\n await this.update({ selectedTeamId: crud.id });\n return app._clientTeamFromCrud(crud, session);\n },\n async leaveTeam(team: Team) {\n await app._interface.leaveTeam(team.id, session);\n // TODO: refresh cache\n },\n async listTeamInvitations() {\n const invitations = Result.orThrow(await app._currentUserTeamInvitationsCache.getOrWait([session], \"write-only\"));\n return invitations.map((crud) => app._clientReceivedTeamInvitationFromCrud(session, crud));\n },\n useTeamInvitations() {\n const invitations = useAsyncCache(app._currentUserTeamInvitationsCache, [session], \"user.useTeamInvitations()\");\n return useMemo(() => invitations.map((crud) => app._clientReceivedTeamInvitationFromCrud(session, crud)), [invitations]);\n },\n async listPermissions(scopeOrOptions?: Team \| { recursive?: boolean }, options?: { recursive?: boolean }): Promise<TeamPermission[]> {\n if (scopeOrOptions && 'id' in scopeOrOptions) {\n const scope = scopeOrOptions;\n const recursive = options?.recursive ?? true;\n const permissions = Result.orThrow(await app._currentUserPermissionsCache.getOrWait([session, scope.id, recursive], \"write-only\"));\n return permissions.map((crud) => app._clientPermissionFromCrud(crud));\n } else {\n const opts = scopeOrOptions;\n const recursive = opts?.recursive ?? true;\n const permissions = Result.orThrow(await app._currentUserProjectPermissionsCache.getOrWait([session, recursive], \"write-only\"));\n return permissions.map((crud) => app._clientPermissionFromCrud(crud));\n }\n },\n usePermissions(scopeOrOptions?: Team \| { recursive?: boolean }, options?: { recursive?: boolean }): TeamPermission[] {\n if (scopeOrOptions && 'id' in scopeOrOptions) {\n const scope = scopeOrOptions;\n const recursive = options?.recursive ?? true;\n const permissions = useAsyncCache(app._currentUserPermissionsCache, [session, scope.id, recursive] as const, \"user.usePermissions()\");\n return useMemo(() => permissions.map((crud) => app._clientPermissionFromCrud(crud)), [permissions]);\n } else {\n const opts = scopeOrOptions;\n const recursive = opts?.recursive ?? true;\n const permissions = useAsyncCache(app._currentUserProjectPermissionsCache, [session, recursive] as const, \"user.usePermissions()\");\n return useMemo(() => permissions.map((crud) => app._clientPermissionFromCrud(crud)), [permissions]);\n }\n },\n usePermission(scopeOrPermissionId: Team \| string, permissionId?: string): TeamPermission \| null {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n const permissions = this.usePermissions(scope);\n return useMemo(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);\n } else {\n const pid = scopeOrPermissionId;\n const permissions = this.usePermissions();\n return useMemo(() => permissions.find((p) => p.id === pid) ?? null, [permissions, pid]);\n }\n },\n async getPermission(scopeOrPermissionId: Team \| string, permissionId?: string): Promise<TeamPermission \| null> {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n const permissions = await this.listPermissions(scope);\n return permissions.find((p) => p.id === permissionId) ?? null;\n } else {\n const pid = scopeOrPermissionId;\n const permissions = await this.listPermissions();\n return permissions.find((p) => p.id === pid) ?? null;\n }\n },\n async hasPermission(scopeOrPermissionId: Team \| string, permissionId?: string): Promise<boolean> {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n return (await this.getPermission(scope, permissionId as string)) !== null;\n } else {\n const pid = scopeOrPermissionId;\n return (await this.getPermission(pid)) !== null;\n }\n },\n async update(update) {\n return await app._updateClientUser(update, session);\n },\n async sendVerificationEmail(options?: { callbackUrl?: string }) {\n if (!crud.primary_email) {\n throw new StackAssertionError(\"User does not have a primary email\");\n }\n return await app._interface.sendVerificationEmail(\n crud.primary_email,\n options?.callbackUrl ?? constructRedirectUrl(app.urls.emailVerification, \"callbackUrl\"),\n session\n );\n },\n async updatePassword(options: { oldPassword: string, newPassword: string }) {\n const result = await app._interface.updatePassword(options, session);\n await app._currentUserCache.refresh([session]);\n return result;\n },\n async setPassword(options: { password: string }) {\n const result = await app._interface.setPassword(options, session);\n await app._currentUserCache.refresh([session]);\n return result;\n },\n selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team, session),\n async getTeamProfile(team: Team) {\n const result = Result.orThrow(await app._currentUserTeamProfileCache.getOrWait([session, team.id], \"write-only\"));\n return app._editableTeamProfileFromCrud(result, session);\n },\n useTeamProfile(team: Team) {\n const result = useAsyncCache(app._currentUserTeamProfileCache, [session, team.id] as const, \"user.useTeamProfile()\");\n return app._editableTeamProfileFromCrud(result, session);\n },\n async delete() {\n await app._interface.deleteCurrentUser(session);\n session.markInvalid();\n },\n async listContactChannels() {\n const result = Result.orThrow(await app._clientContactChannelsCache.getOrWait([session], \"write-only\"));\n return result.map((crud) => app._clientContactChannelFromCrud(crud, session));\n },\n useContactChannels() {\n const result = useAsyncCache(app._clientContactChannelsCache, [session] as const, \"user.useContactChannels()\");\n return result.map((crud) => app._clientContactChannelFromCrud(crud, session));\n },\n async createContactChannel(data: ContactChannelCreateOptions) {\n const crud = await app._interface.createClientContactChannel(contactChannelCreateOptionsToCrud('me', data), session);\n await app._clientContactChannelsCache.refresh([session]);\n return app._clientContactChannelFromCrud(crud, session);\n },\n useNotificationCategories() {\n const results = useAsyncCache(app._notificationCategoriesCache, [session] as const, \"user.useNotificationCategories()\");\n return results.map((crud) => app._clientNotificationCategoryFromCrud(crud, session));\n },\n async listNotificationCategories() {\n const results = Result.orThrow(await app._notificationCategoriesCache.getOrWait([session], \"write-only\"));\n return results.map((crud) => app._clientNotificationCategoryFromCrud(crud, session));\n },\n useApiKeys() {\n const result = useAsyncCache(app._userApiKeysCache, [session] as const, \"user.useApiKeys()\");\n return result.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async listApiKeys() {\n const results = await app._interface.listProjectApiKeys({ user_id: 'me' }, session, \"client\");\n return results.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async createApiKey(options: ApiKeyCreationOptions<\"user\">) {\n const result = await app._interface.createProjectApiKey(\n await apiKeyCreationOptionsToCrud(\"user\", \"me\", options),\n session,\n \"client\",\n );\n await app._userApiKeysCache.refresh([session]);\n return app._clientApiKeyFromCrud(session, result);\n },\n\n useOAuthProviders() {\n const results = useAsyncCache(app._currentUserOAuthProvidersCache, [session] as const, \"user.useOAuthProviders()\");\n return results.map((crud) => app._clientOAuthProviderFromCrud(crud, session));\n },\n\n async listOAuthProviders() {\n const results = Result.orThrow(await app._currentUserOAuthProvidersCache.getOrWait([session], \"write-only\"));\n return results.map((crud) => app._clientOAuthProviderFromCrud(crud, session));\n },\n\n useOAuthProvider(id: string) {\n const providers = this.useOAuthProviders();\n return useMemo(() => providers.find((p) => p.id === id) ?? null, [providers, id]);\n },\n\n async getOAuthProvider(id: string) {\n const providers = await this.listOAuthProviders();\n return providers.find((p) => p.id === id) ?? null;\n },\n\n async registerPasskey(options?: { hostname?: string }): Promise<Result<undefined, KnownErrors[\"PasskeyRegistrationFailed\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>> {\n const hostname = (await app._getCurrentUrl())?.hostname;\n if (!hostname) {\n throw new StackAssertionError(\"hostname must be provided if the Stack App does not have a redirect method\");\n }\n\n const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);\n\n if (initiationResult.status !== \"ok\") {\n return Result.error(new KnownErrors.PasskeyRegistrationFailed(\"Failed to get initiation options for passkey registration\"));\n }\n\n const { options_json, code } = initiationResult.data;\n\n // HACK: Override the rpID to be the actual domain\n if (options_json.rp.id !== \"THIS_VALUE_WILL_BE_REPLACED.example.com\") {\n throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);\n }\n\n options_json.rp.id = hostname;\n\n let attResp;\n try {\n attResp = await startRegistration({ optionsJSON: options_json });\n } catch (error: any) {\n if (error instanceof WebAuthnError) {\n return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));\n } else {\n // This should never happen\n captureError(\"passkey-registration-failed\", error);\n return Result.error(new KnownErrors.PasskeyRegistrationFailed(\"Failed to start passkey registration due to unknown error\"));\n }\n }\n\n\n const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);\n\n await app._refreshUser(session);\n return registrationResult;\n },\n };\n }\n\n protected _createInternalUserExtra(session: InternalSession): InternalUserExtra {\n const app = this;\n this._ensureInternalProject();\n return {\n createProject(newProject: AdminProjectUpdateOptions & { displayName: string, teamId: string }) {\n return app._createProject(session, newProject);\n },\n async transferProject(projectIdToTransfer: string, newTeamId: string): Promise<void> {\n await app._interface.transferProject(session, projectIdToTransfer, newTeamId);\n await app._refreshProject();\n },\n listOwnedProjects() {\n return app._listOwnedProjects(session);\n },\n useOwnedProjects() {\n return app._useOwnedProjects(session);\n },\n };\n }\n\n protected _createCustomer(userIdOrTeamId: string, type: \"user\" \| \"team\", session: InternalSession \| null): Omit<Customer, \"id\"> {\n const app = this;\n const effectiveSession = session ?? app._interface.createSession({ refreshToken: null });\n const customerOptions = type === \"user\" ? { userId: userIdOrTeamId } : { teamId: userIdOrTeamId };\n return {\n async getBilling() {\n const response = Result.orThrow(await app._customerBillingCache.getOrWait([effectiveSession, type, userIdOrTeamId], \"write-only\"));\n return app._customerBillingFromResponse(response);\n },\n useBilling() {\n const response = useAsyncCache(app._customerBillingCache, [effectiveSession, type, userIdOrTeamId] as const, \"customer.useBilling()\");\n return app._customerBillingFromResponse(response);\n },\n async createPaymentMethodSetupIntent(): Promise<CustomerPaymentMethodSetupIntent> {\n const body = await app._interface.createCustomerPaymentMethodSetupIntent(type, userIdOrTeamId, effectiveSession);\n return {\n clientSecret: body.client_secret,\n stripeAccountId: body.stripe_account_id,\n };\n },\n async setDefaultPaymentMethodFromSetupIntent(setupIntentId: string): Promise<CustomerDefaultPaymentMethod> {\n const body = await app._interface.setDefaultCustomerPaymentMethodFromSetupIntent(type, userIdOrTeamId, setupIntentId, effectiveSession);\n await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);\n return body.default_payment_method;\n },\n async getItem(itemId: string) {\n return await app.getItem({ itemId, ...customerOptions });\n },\n useItem(itemId: string) {\n return app.useItem({ itemId, ...customerOptions });\n },\n async listProducts(options?: CustomerProductsListOptions) {\n return await app.listProducts({ ...options, ...customerOptions });\n },\n useProducts(options?: CustomerProductsListOptions) {\n return app.useProducts({ ...options, ...customerOptions });\n },\n async listInvoices(options?: CustomerInvoicesListOptions) {\n return await app.listInvoices({ ...options, ...customerOptions });\n },\n useInvoices(options?: CustomerInvoicesListOptions) {\n return app.useInvoices({ ...options, ...customerOptions });\n },\n async createCheckoutUrl(options: { productId: string, returnUrl?: string }) {\n return await app._interface.createCheckoutUrl(type, userIdOrTeamId, options.productId, effectiveSession, options.returnUrl, \"client\");\n },\n async switchSubscription(options: { fromProductId: string, toProductId: string, priceId?: string, quantity?: number }) {\n await app._interface.switchSubscription({\n customer_type: type,\n customer_id: userIdOrTeamId,\n from_product_id: options.fromProductId,\n to_product_id: options.toProductId,\n price_id: options.priceId,\n quantity: options.quantity,\n }, effectiveSession);\n await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);\n if (type === \"user\") {\n await app._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === effectiveSession && userId === userIdOrTeamId);\n } else {\n await app._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === effectiveSession && teamId === userIdOrTeamId);\n }\n },\n };\n }\n\n async getItem(options: { itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }): Promise<Item> {\n const session = await this._getSession();\n let crud: ItemCrud['Client']['Read'];\n if (\"userId\" in options) {\n crud = Result.orThrow(await this._userItemCache.getOrWait([session, options.userId, options.itemId], \"write-only\"));\n } else if (\"teamId\" in options) {\n crud = Result.orThrow(await this._teamItemCache.getOrWait([session, options.teamId, options.itemId], \"write-only\"));\n } else {\n crud = Result.orThrow(await this._customItemCache.getOrWait([session, options.customCustomerId, options.itemId], \"write-only\"));\n }\n return this._clientItemFromCrud(crud);\n }\n\n useItem(options: { itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }): Item {\n const session = this._useSession();\n const [cache, ownerId] =\n \"userId\" in options ? [this._userItemCache, options.userId] :\n \"teamId\" in options ? [this._teamItemCache, options.teamId] : [this._customItemCache, options.customCustomerId];\n const crud = useAsyncCache(cache, [session, ownerId, options.itemId] as const, \"app.useItem()\");\n return this._clientItemFromCrud(crud);\n }\n\n async listProducts(options: CustomerProductsRequestOptions): Promise<CustomerProductsList> {\n const currentUser = await this.getUser();\n const session = currentUser?._internalSession ?? await this._getSession();\n if (\"userId\" in options) {\n const response = Result.orThrow(await this._userProductsCache.getOrWait([session, options.userId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n } else if (\"teamId\" in options) {\n const response = Result.orThrow(await this._teamProductsCache.getOrWait([session, options.teamId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n }\n const response = Result.orThrow(await this._customProductsCache.getOrWait([session, options.customCustomerId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n }\n\n async listInvoices(options: CustomerInvoicesRequestOptions): Promise<CustomerInvoicesList> {\n const session = await this._getSession();\n if (\"userId\" in options) {\n const response = Result.orThrow(await this._userInvoicesCache.getOrWait([session, options.userId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerInvoicesFromResponse(response);\n }\n const response = Result.orThrow(await this._teamInvoicesCache.getOrWait([session, options.teamId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerInvoicesFromResponse(response);\n }\n\n async cancelSubscription(options: { productId: string, subscriptionId?: string } \| { productId: string, subscriptionId?: string, teamId: string }): Promise<void> {\n const session = await this._getSession();\n const user = await this.getUser();\n if (!user) {\n throw new KnownErrors.UserAuthenticationRequired();\n }\n const customerType = \"teamId\" in options ? \"team\" : \"user\";\n const customerId = \"teamId\" in options ? options.teamId : user.id;\n await this._interface.cancelSubscription({\n customer_type: customerType,\n customer_id: customerId,\n product_id: options.productId,\n subscription_id: options.subscriptionId,\n }, session);\n if (customerType === \"user\") {\n await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);\n } else {\n await this._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === session && teamId === customerId);\n }\n }\n useProducts(options: CustomerProductsRequestOptions): CustomerProductsList {\n const session = this._useSession();\n const cache = \"userId\" in options ? this._userProductsCache : \"teamId\" in options ? this._teamProductsCache : this._customProductsCache;\n const debugLabel = \"clientApp.useProducts()\";\n const customerId = \"userId\" in options ? options.userId : \"teamId\" in options ? options.teamId : options.customCustomerId;\n const response = useAsyncCache(cache, [session, customerId, options.cursor ?? null, options.limit ?? null] as const, debugLabel);\n return this._customerProductsFromResponse(response);\n }\n useInvoices(options: CustomerInvoicesRequestOptions): CustomerInvoicesList {\n const session = this._useSession();\n const cache = \"userId\" in options ? this._userInvoicesCache : this._teamInvoicesCache;\n const debugLabel = \"clientApp.useInvoices()\";\n const customerId = \"userId\" in options ? options.userId : options.teamId;\n const response = useAsyncCache(cache, [session, customerId, options.cursor ?? null, options.limit ?? null] as const, debugLabel);\n return this._customerInvoicesFromResponse(response);\n }\n\n protected _currentUserFromCrud(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): ProjectCurrentUser<ProjectId> {\n const currentUser = withUserDestructureGuard({\n ...this._createBaseUser(crud),\n ...this._createAuth(session),\n ...this._createUserExtraFromCurrent(crud, session),\n ...this._isInternalProject() ? this._createInternalUserExtra(session) : {},\n ...this._createCustomer(crud.id, \"user\", session),\n } satisfies CurrentUser);\n return currentUser as ProjectCurrentUser<ProjectId>;\n }\n protected _clientSessionFromCrud(crud: SessionsCrud['Client']['Read']): ActiveSession {\n return {\n id: crud.id,\n userId: crud.user_id,\n createdAt: new Date(crud.created_at),\n isImpersonation: crud.is_impersonation,\n lastUsedAt: crud.last_used_at ? new Date(crud.last_used_at) : undefined,\n isCurrentSession: crud.is_current_session ?? false,\n geoInfo: crud.last_used_at_end_user_ip_info,\n };\n }\n\n protected _getOwnedAdminApp(forProjectId: string, session: InternalSession): _StackAdminAppImplIncomplete<false, string> {\n if (!this._ownedAdminApps.has([session, forProjectId])) {\n this._ownedAdminApps.set([session, forProjectId], new (_StackClientAppImplIncomplete.LazyStackAdminAppImpl.value!)({\n baseUrl: this._interface.options.getBaseUrl(),\n projectId: forProjectId,\n tokenStore: null,\n projectOwnerSession: session,\n noAutomaticPrefetch: true,\n }));\n }\n return this._ownedAdminApps.get([session, forProjectId])!;\n }\n\n get projectId(): ProjectId {\n return this._interface.projectId as ProjectId;\n }\n\n get version(): string {\n return clientVersion;\n }\n\n private _botChallengeSiteKeysWarned = false;\n private _getBotChallengeSiteKeys(): { visibleSiteKey: string, invisibleSiteKey: string } \| null {\n if (!isBrowserLike()) return null;\n\n const visibleSiteKey = envVars.NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY;\n if (!visibleSiteKey) {\n if (!this._botChallengeSiteKeysWarned) {\n this._botChallengeSiteKeysWarned = true;\n console.warn(\"[stack-auth] NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY is not set — bot challenge fraud protection is disabled. Set the env variable to enable it.\");\n }\n return null;\n }\n\n const invisibleSiteKey = envVars.NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY ?? visibleSiteKey;\n\n return { visibleSiteKey, invisibleSiteKey };\n }\n\n private _getBotChallengeFlowFailure(error: unknown): { type: \"cancelled\" \| \"failed\", knownError: KnownErrors[\"BotChallengeFailed\"] } \| null {\n if (error instanceof BotChallengeUserCancelledError) {\n return {\n type: \"cancelled\",\n knownError: new KnownErrors.BotChallengeFailed(\"Bot challenge cancelled by user\"),\n };\n }\n if (error instanceof BotChallengeExecutionFailedError) {\n return {\n type: \"failed\",\n knownError: new KnownErrors.BotChallengeFailed(error.message),\n };\n }\n return null;\n }\n\n private _normalizeBotChallengeResult<T, E>(result: Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>): Result<T, E \| KnownErrors[\"BotChallengeFailed\"]> {\n if (result.status === \"ok\") {\n return result;\n }\n\n if (KnownErrors.BotChallengeRequired.isInstance(result.error)) {\n captureError(\"bot-challenge-unexpected-after-flow\", result.error);\n return Result.error(new KnownErrors.BotChallengeFailed(\"Unexpected bot challenge after flow completion\"));\n }\n\n return Result.error(result.error);\n }\n\n private _toInterfaceBotChallengeInput(challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) {\n if (challenge.unavailable) {\n return {\n phase: \"visible\" as const,\n };\n }\n\n return {\n token: challenge.token,\n phase: challenge.phase,\n };\n }\n\n private async _executeResultWithBotChallengeFlow<T, E>(options: {\n action: TurnstileAction,\n execute: (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => Promise<Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n }): Promise<Result<T, E \| KnownErrors[\"BotChallengeFailed\"]>> {\n const siteKeys = this._getBotChallengeSiteKeys();\n let result: Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>;\n\n try {\n if (siteKeys) {\n result = await withBotChallengeFlow({\n ...siteKeys,\n action: options.action,\n execute: options.execute,\n isChallengeRequired: (flowResult) => {\n return flowResult.status === \"error\" && KnownErrors.BotChallengeRequired.isInstance(flowResult.error);\n },\n });\n } else {\n result = await options.execute({});\n }\n } catch (e) {\n const flowFailure = this._getBotChallengeFlowFailure(e);\n if (flowFailure) {\n return Result.error(flowFailure.knownError);\n }\n throw e;\n }\n\n return this._normalizeBotChallengeResult(result);\n }\n\n protected async _isTrusted(url: string): Promise<boolean> {\n // TODO: At some point, we should use the project's trusted domains for this instead of just requiring the URL to be relative\n // (note that when we do this, that should be on-top of the relativity check, not replacing it)\n if (isRelative(url)) {\n return true;\n }\n if (typeof window !== \"undefined\" && window.location.origin === new URL(url).origin) {\n return true;\n }\n return isHostedHandlerUrlForProject({ url, projectId: this.projectId });\n }\n\n get urls(): Readonly<ResolvedHandlerUrls> {\n return getUrls(this._urlOptions, { projectId: this.projectId });\n }\n\n protected _prefetchCrossDomainHandoffParamsIfNeeded() {\n const canWriteOauthVerifierCookie = this._tokenStoreInit === \"cookie\" \|\| this._tokenStoreInit === \"nextjs-cookie\";\n if (\n !isBrowserLike()\n \|\| !canWriteOauthVerifierCookie\n \|\| this._isPrefetchingCrossDomainHandoffParams\n \|\| this._getFreshPrefetchedCrossDomainHandoffParams() != null\n ) {\n return;\n }\n this._isPrefetchingCrossDomainHandoffParams = true;\n runAsynchronously(async () => {\n try {\n if (!isBrowserLike()) {\n return;\n }\n const { state, codeChallenge } = await saveVerifierAndState();\n this._prefetchedCrossDomainHandoffParams = { state, codeChallenge };\n this._prefetchedCrossDomainHandoffParamsFetchedAt = performance.now();\n } finally {\n this._isPrefetchingCrossDomainHandoffParams = false;\n }\n });\n }\n\n protected _getCrossDomainHandoffParamsForUrlsGetter(currentUrl: URL): CrossDomainHandoffParams \| null {\n const fromQuery = getCrossDomainHandoffParamsFromCurrentUrl(currentUrl);\n if (fromQuery != null) {\n return fromQuery;\n }\n\n const prefetched = this._getFreshPrefetchedCrossDomainHandoffParams();\n if (prefetched != null) {\n return prefetched;\n }\n\n this._prefetchCrossDomainHandoffParamsIfNeeded();\n return null;\n }\n\n protected async _getCrossDomainHandoffParamsForRedirect(currentUrl: URL): Promise<CrossDomainHandoffParams> {\n const fromQuery = getCrossDomainHandoffParamsFromCurrentUrl(currentUrl);\n if (fromQuery != null) {\n return fromQuery;\n }\n const prefetched = this._getFreshPrefetchedCrossDomainHandoffParams();\n if (prefetched != null) {\n return prefetched;\n }\n const { state, codeChallenge } = await saveVerifierAndState();\n this._prefetchedCrossDomainHandoffParams = { state, codeChallenge };\n this._prefetchedCrossDomainHandoffParamsFetchedAt = performance.now();\n return { state, codeChallenge };\n }\n\n protected _getLocalOAuthCallbackHandlerUrl(): string {\n return resolveHandlerUrls({\n urls: {\n ...this._urlOptions,\n default: { type: \"handler-component\" },\n oauthCallback: { type: \"handler-component\" },\n },\n projectId: this.projectId,\n }).oauthCallback;\n }\n\n protected async _createCrossDomainAuthRedirectUrl(options: {\n redirectUri: string,\n state: string,\n codeChallenge: string,\n afterCallbackRedirectUrl: string,\n }): Promise<string> {\n const session = await this._getSession();\n const response = await this._interface.sendClientRequest(\n \"/auth/oauth/cross-domain/authorize\",\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n redirect_uri: options.redirectUri,\n state: options.state,\n code_challenge: options.codeChallenge,\n code_challenge_method: \"S256\",\n after_callback_redirect_url: options.afterCallbackRedirectUrl,\n }),\n },\n session,\n );\n if (!response.ok) {\n throw new StackAssertionError(`Cross-domain authorization endpoint failed: ${response.status} ${await response.text()}`);\n }\n const result = await response.json();\n if (!(\"redirect_url\" in result) \|\| typeof result.redirect_url !== \"string\") {\n throw new StackAssertionError(\"Cross-domain authorization endpoint returned an invalid payload\", { result });\n }\n return result.redirect_url;\n }\n\n protected _getFreshPrefetchedCrossDomainHandoffParams(): CrossDomainHandoffParams \| null {\n if (this._prefetchedCrossDomainHandoffParams == null) {\n return null;\n }\n if (performance.now() - this._prefetchedCrossDomainHandoffParamsFetchedAt > prefetchedCrossDomainHandoffTtlMs) {\n this._prefetchedCrossDomainHandoffParams = null;\n this._prefetchedCrossDomainHandoffParamsFetchedAt = 0;\n return null;\n }\n return this._prefetchedCrossDomainHandoffParams;\n }\n\n protected async _getCurrentUrl() {\n if (this._redirectMethod === \"none\") {\n return null;\n }\n return new URL(window.location.href);\n }\n\n protected async _redirectTo(options: { url: URL \| string, replace?: boolean }) {\n if (this._redirectMethod === \"none\") {\n return;\n } else if (this._redirectMethod === \"tanstack-start\" && !isBrowserLike()) {\n throw TanStackRouter.redirect({ href: options.url.toString(), replace: options.replace });\n } else if (typeof this._redirectMethod === \"object\" && this._redirectMethod.navigate) {\n this._redirectMethod.navigate(options.url.toString());\n } else {\n if (options.replace) {\n window.location.replace(options.url);\n } else {\n window.location.assign(options.url);\n }\n }\n\n await wait(2000);\n }\n\n useNavigate(): (to: string) => void {\n if (typeof this._redirectMethod === \"object\") {\n return this._redirectMethod.useNavigate();\n } else if (this._redirectMethod === \"window\") {\n return (to: string) => window.location.assign(to);\n } else if (this._redirectMethod === \"tanstack-start\") {\n return (to: string) => window.location.assign(to);\n } else {\n return (to: string) => { };\n }\n }\n protected async _redirectIfTrusted(url: string, options?: RedirectToOptions) {\n if (!await this._isTrusted(url)) {\n throw new Error(`Redirect URL ${url} is not trusted; should be relative.`);\n }\n return await this._redirectTo({ url, ...options });\n }\n\n protected async _redirectToHandler(handlerName: keyof HandlerUrls, options?: RedirectToOptions) {\n const rawUrls = getUrls(this._urlOptions, { projectId: this.projectId });\n const rawHandlerUrl = rawUrls[handlerName];\n if (!rawHandlerUrl) {\n throw new Error(`No URL for handler name ${handlerName}`);\n }\n\n const currentUrl = isReactServer \|\| typeof window === \"undefined\"\n ? null\n : new URL(window.location.href);\n const plan = await planRedirectToHandler({\n handlerName,\n rawHandlerUrl,\n noRedirectBack: options?.noRedirectBack === true,\n currentUrl,\n localOAuthCallbackUrl: this._getLocalOAuthCallbackHandlerUrl(),\n getCrossDomainHandoffParams: async (href) => await this._getCrossDomainHandoffParamsForRedirect(href),\n });\n\n if (plan.type === \"cross-domain-authorize\") {\n const crossDomainRedirectUrl = await this._createCrossDomainAuthRedirectUrl({\n redirectUri: plan.redirectUri,\n state: plan.state,\n codeChallenge: plan.codeChallenge,\n afterCallbackRedirectUrl: plan.afterCallbackRedirectUrl,\n });\n await this._redirectTo({ url: crossDomainRedirectUrl, ...options });\n return;\n }\n\n await this._redirectIfTrusted(plan.url, options);\n }\n\n protected _redirectToHandlerDuringRender(handlerName: keyof HandlerUrls, options?: RedirectToOptions): boolean {\n if (this._redirectMethod === \"tanstack-start\" && !isBrowserLike()) {\n const rawUrls = getUrls(this._urlOptions, { projectId: this.projectId });\n const rawHandlerUrl = rawUrls[handlerName];\n if (!rawHandlerUrl) {\n throw new Error(`No URL for handler name ${handlerName}`);\n }\n throw TanStackRouter.redirect({ href: rawHandlerUrl, replace: options?.replace });\n }\n return false;\n }\n\n async redirectToSignIn(options?: RedirectToOptions) { return await this._redirectToHandler(\"signIn\", options); }\n async redirectToSignUp(options?: RedirectToOptions) { return await this._redirectToHandler(\"signUp\", options); }\n async redirectToSignOut(options?: RedirectToOptions) { return await this._redirectToHandler(\"signOut\", options); }\n async redirectToEmailVerification(options?: RedirectToOptions) { return await this._redirectToHandler(\"emailVerification\", options); }\n async redirectToPasswordReset(options?: RedirectToOptions) { return await this._redirectToHandler(\"passwordReset\", options); }\n async redirectToForgotPassword(options?: RedirectToOptions) { return await this._redirectToHandler(\"forgotPassword\", options); }\n async redirectToHome(options?: RedirectToOptions) { return await this._redirectToHandler(\"home\", options); }\n async redirectToOAuthCallback(options?: RedirectToOptions) { return await this._redirectToHandler(\"oauthCallback\", options); }\n async redirectToMagicLinkCallback(options?: RedirectToOptions) { return await this._redirectToHandler(\"magicLinkCallback\", options); }\n async redirectToAfterSignIn(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignIn\", options); }\n async redirectToAfterSignUp(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignUp\", options); }\n async redirectToOnboarding(options?: RedirectToOptions) { return await this._redirectToHandler(\"onboarding\", options); }\n async redirectToAfterSignOut(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignOut\", options); }\n async redirectToAccountSettings(options?: RedirectToOptions) { return await this._redirectToHandler(\"accountSettings\", options); }\n async redirectToError(options?: RedirectToOptions) { return await this._redirectToHandler(\"error\", options); }\n async redirectToTeamInvitation(options?: RedirectToOptions) { return await this._redirectToHandler(\"teamInvitation\", options); }\n async redirectToCliAuthConfirm(options?: RedirectToOptions) { return await this._redirectToHandler(\"cliAuthConfirm\", options); }\n async redirectToMfa(options?: RedirectToOptions) { return await this._redirectToHandler(\"mfa\", options); }\n\n async sendForgotPasswordEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<undefined, KnownErrors[\"UserNotFound\"]>> {\n return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? constructRedirectUrl(this.urls.passwordReset, \"callbackUrl\"));\n }\n\n async sendMagicLinkEmail(email: string, options?: {\n callbackUrl?: string,\n }): Promise<Result<{ nonce: string }, KnownErrors[\"RedirectUrlNotWhitelisted\"] \| KnownErrors[\"BotChallengeFailed\"]>> {\n const callbackUrl = options?.callbackUrl ?? constructRedirectUrl(this.urls.magicLinkCallback, \"callbackUrl\");\n return await this._executeResultWithBotChallengeFlow({\n action: \"send_magic_link_email\",\n execute: async (challenge) => {\n return await this._interface.sendMagicLinkEmail(email, callbackUrl, this._toInterfaceBotChallengeInput(challenge));\n },\n });\n }\n\n async resetPassword(options: { password: string, code: string }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n return await this._interface.resetPassword(options);\n }\n\n async verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n return await this._interface.verifyPasswordResetCode(code);\n }\n\n async verifyTeamInvitationCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n return await this._interface.acceptTeamInvitation({\n type: 'check',\n code,\n session: await this._getSession(),\n });\n }\n\n async acceptTeamInvitation(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n const result = await this._interface.acceptTeamInvitation({\n type: 'use',\n code,\n session: await this._getSession(),\n });\n\n if (result.status === 'ok') {\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async getTeamInvitationDetails(code: string): Promise<Result<{ teamDisplayName: string }, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n const result = await this._interface.acceptTeamInvitation({\n type: 'details',\n code,\n session: await this._getSession(),\n });\n\n if (result.status === 'ok') {\n return Result.ok({ teamDisplayName: result.data.team_display_name });\n } else {\n return Result.error(result.error);\n }\n }\n\n async verifyEmail(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n const result = await this._interface.verifyEmail(code);\n await this._currentUserCache.refresh([await this._getSession()]);\n await this._clientContactChannelsCache.refresh([await this._getSession()]);\n return result;\n }\n\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null>;\n async getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null> {\n // Validate that includeRestricted: false and or: 'anonymous' are mutually exclusive\n if (options?.or === 'anonymous' && options.includeRestricted === false) {\n throw new Error(\"Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.\");\n }\n\n this._ensurePersistentTokenStore(options?.tokenStore);\n const session = await this._getSession(options?.tokenStore);\n let crud = Result.orThrow(await this._currentUserCache.getOrWait([session], \"write-only\"));\n const includeAnonymous = options?.or === \"anonymous\" \|\| options?.or === \"anonymous-if-exists[deprecated]\";\n const includeRestricted = options?.includeRestricted === true \|\| includeAnonymous;\n\n if (crud === null \|\| (crud.is_anonymous && !includeAnonymous) \|\| (crud.is_restricted && !includeRestricted)) {\n switch (options?.or) {\n case 'redirect': {\n if (!crud?.is_anonymous && crud?.is_restricted) {\n await this.redirectToOnboarding({ replace: true });\n } else {\n await this.redirectToSignIn({ replace: true });\n }\n // TODO: We should probably `await neverResolve()` here instead of returning null. I (Konsti) wanna do it in a release with few changes though because I'm not sure if it'll break anything\n break;\n }\n case 'throw': {\n throw new Error(\"User is not signed in but getUser was called with { or: 'throw' }\");\n }\n case 'anonymous': {\n const tokens = await this._signUpAnonymously();\n return await this.getUser({ tokenStore: tokens, or: \"anonymous-if-exists[deprecated]\", includeRestricted: true }) ?? throwErr(\"Something went wrong while signing up anonymously\");\n }\n case undefined:\n case \"anonymous-if-exists[deprecated]\":\n case \"return-null\": {\n return null;\n }\n }\n }\n\n return crud && this._currentUserFromCrud(crud, session);\n }\n\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): ProjectCurrentUser<ProjectId>;\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): ProjectCurrentUser<ProjectId>;\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): ProjectCurrentUser<ProjectId>;\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null;\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null {\n // Validate that includeRestricted: false and or: 'anonymous' are mutually exclusive\n if (options?.or === 'anonymous' && options.includeRestricted === false) {\n throw new Error(\"Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.\");\n }\n\n this._ensurePersistentTokenStore(options?.tokenStore);\n\n const session = this._useSession(options?.tokenStore);\n let crud = useAsyncCache(this._currentUserCache, [session] as const, \"clientApp.useUser()\");\n const includeAnonymous = options?.or === \"anonymous\" \|\| options?.or === \"anonymous-if-exists[deprecated]\";\n const includeRestricted = options?.includeRestricted === true \|\| includeAnonymous;\n\n if (crud === null \|\| (crud.is_anonymous && !includeAnonymous) \|\| (crud.is_restricted && !includeRestricted)) {\n switch (options?.or) {\n case 'redirect': {\n if (!crud?.is_anonymous && crud?.is_restricted) {\n if (!this._redirectToHandlerDuringRender(\"onboarding\", { replace: true })) {\n runAsynchronously(this.redirectToOnboarding({ replace: true }));\n }\n } else {\n if (!this._redirectToHandlerDuringRender(\"signIn\", { replace: true })) {\n runAsynchronously(this.redirectToSignIn({ replace: true }));\n }\n }\n suspend();\n throw new StackAssertionError(\"suspend should never return\");\n }\n case 'throw': {\n throw new Error(\"User is not signed in but useUser was called with { or: 'throw' }\");\n }\n case 'anonymous': {\n // TODO we should think about the behavior when calling useUser (or getUser) in anonymous with a custom token store. signUpAnonymously always sets the current token store on app level, instead of the one passed to this function\n // TODO we shouldn't reload & suspend here, instead we should use a promise that resolves to the new anonymous user\n runAsynchronously(async () => {\n await this._signUpAnonymously();\n if (typeof window !== \"undefined\") {\n window.location.reload();\n }\n });\n suspend();\n throw new StackAssertionError(\"suspend should never return\");\n }\n case undefined:\n case \"anonymous-if-exists[deprecated]\":\n case \"return-null\": {\n crud = null;\n break;\n }\n }\n }\n\n return useMemo(() => {\n return crud && this._currentUserFromCrud(crud, session);\n }, [crud, session, options?.or]);\n }\n\n _getTokenPartialUserFromSession(session: InternalSession, options: GetCurrentPartialUserOptions<HasTokenStore>): TokenPartialUser \| null {\n const accessToken = session.getAccessTokenIfNotExpiredYet(0, null);\n if (!accessToken) {\n return null;\n }\n const isAnonymous = accessToken.payload.is_anonymous;\n if (isAnonymous && options.or !== \"anonymous-if-exists\") {\n return null;\n }\n return {\n id: accessToken.payload.sub,\n primaryEmail: accessToken.payload.email,\n displayName: accessToken.payload.name,\n primaryEmailVerified: accessToken.payload.email_verified,\n isAnonymous,\n isMultiFactorRequired: accessToken.payload.requires_totp_mfa,\n isRestricted: accessToken.payload.is_restricted,\n restrictedReason: accessToken.payload.restricted_reason,\n } satisfies TokenPartialUser;\n }\n\n async _getPartialUserFromConvex(ctx: ConvexCtx): Promise<TokenPartialUser \| null> {\n const auth = await ctx.auth.getUserIdentity();\n if (!auth) {\n return null;\n }\n return {\n id: auth.subject,\n displayName: auth.name ?? null,\n primaryEmail: auth.email ?? null,\n primaryEmailVerified: auth.email_verified as boolean,\n isAnonymous: auth.is_anonymous as boolean,\n isMultiFactorRequired: auth.requires_totp_mfa as boolean,\n isRestricted: auth.is_restricted as boolean,\n restrictedReason: (auth.restricted_reason as RestrictedReason \| null) ?? null,\n };\n }\n\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): Promise<TokenPartialUser \| null>;\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): Promise<TokenPartialUser \| null>;\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): Promise<SyncedPartialUser \| TokenPartialUser \| null> {\n switch (options.from) {\n case \"token\": {\n this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);\n const session = await this._getSession(options.tokenStore);\n return this._getTokenPartialUserFromSession(session, options);\n }\n case \"convex\": {\n return await this._getPartialUserFromConvex(options.ctx);\n }\n default: {\n // @ts-expect-error\n throw new Error(`Invalid 'from' option: ${options.from}`);\n }\n }\n }\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): TokenPartialUser \| null;\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): TokenPartialUser \| null;\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): TokenPartialUser \| SyncedPartialUser \| null {\n switch (options.from) {\n case \"token\": {\n this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);\n const session = this._useSession(options.tokenStore);\n return this._getTokenPartialUserFromSession(session, options);\n }\n case \"convex\": {\n const result = useAsyncCache(this._convexPartialUserCache, [options.ctx] as const, \"clientApp.usePartialUser()\");\n return result;\n }\n default: {\n // @ts-expect-error\n throw new Error(`Invalid 'from' option: ${options.from}`);\n }\n }\n }\n getConvexClientAuth(options: { tokenStore: TokenStoreInit }): (args: { forceRefreshToken: boolean }) => Promise<string \| null> {\n return async (args: { forceRefreshToken: boolean }) => {\n const session = await this._getSession(options.tokenStore ?? this._tokenStoreInit);\n if (!args.forceRefreshToken) {\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return tokens?.accessToken.token ?? null;\n }\n const tokens = await session.fetchNewTokens();\n return tokens?.accessToken.token ?? null;\n };\n }\n\n async getConvexHttpClientAuth(options: { tokenStore: TokenStoreInit }): Promise<string> {\n const session = await this._getSession(options.tokenStore);\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return tokens?.accessToken.token ?? \"\";\n }\n\n protected async _updateClientUser(update: UserUpdateOptions, session: InternalSession) {\n const res = await this._interface.updateClientUser(userUpdateOptionsToCrud(update), session);\n await this._refreshUser(session);\n return res;\n }\n\n async signInWithOAuth(provider: ProviderType, options?: {\n returnTo?: string,\n }) {\n if (typeof window === \"undefined\") {\n throw new Error(\"signInWithOAuth can currently only be called in a browser environment\");\n }\n\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const currentUrl = new URL(window.location.href);\n const afterCallbackRedirectUrl = options?.returnTo != null\n ? constructRedirectUrl(options.returnTo, \"returnTo\")\n : (\n currentUrl.searchParams.has(\"after_auth_return_to\")\n ? currentUrl.toString()\n : undefined\n );\n const siteKeys = this._getBotChallengeSiteKeys();\n const { codeChallenge, state } = await saveVerifierAndState();\n\n const executeOAuth = async (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => {\n return await this._interface.authorizeOAuth({\n provider,\n redirectUrl: constructRedirectUrl(this.urls.oauthCallback, \"redirectUrl\"),\n errorRedirectUrl: constructRedirectUrl(this.urls.error, \"errorRedirectUrl\"),\n afterCallbackRedirectUrl,\n type: \"authenticate\",\n providerScope: this._oauthScopesOnSignIn[provider]?.join(\" \"),\n codeChallenge,\n state,\n botChallenge: this._toInterfaceBotChallengeInput(challenge),\n session,\n });\n };\n\n let authorizeResult;\n try {\n if (siteKeys) {\n authorizeResult = await withBotChallengeFlow({\n ...siteKeys,\n action: \"oauth_authenticate\",\n execute: executeOAuth,\n isChallengeRequired: (result) => {\n return result.status === \"error\" && KnownErrors.BotChallengeRequired.isInstance(result.error);\n },\n });\n } else {\n // Server safe: just call execute with no bot challenge params\n authorizeResult = await executeOAuth({});\n }\n } catch (e) {\n const flowFailure = this._getBotChallengeFlowFailure(e);\n if (flowFailure?.type === \"cancelled\") {\n return;\n }\n if (flowFailure?.type === \"failed\") {\n throw flowFailure.knownError;\n }\n throw e;\n }\n\n const location = Result.orThrow(authorizeResult);\n await this._redirectTo({ url: location });\n await neverResolve();\n }\n\n /\n Handles MFA verification by redirecting to the OTP page\n /\n protected async _experimentalMfa(error: KnownErrors['MultiFactorAuthenticationRequired'], session: InternalSession): Promise<never> {\n // Store the attempt code in session storage so the OTP page can access it\n if (typeof window !== 'undefined') {\n window.sessionStorage.setItem('stack_mfa_attempt_code', (error.details as any)?.attempt_code ?? throwErr(\"attempt code missing\"));\n }\n\n // Redirect to the MFA page\n await this.redirectToMfa();\n\n throw new StackAssertionError(\"we should have redirected in redirectToMfa()\");\n }\n\n /\n @deprecated\n * TODO remove\n /\n protected async _catchMfaRequiredError<T, E>(callback: () => Promise<Result<T, E>>): Promise<Result<T \| { accessToken: string, refreshToken: string, newUser: boolean }, E>> {\n try {\n return await callback();\n } catch (e) {\n if (KnownErrors.MultiFactorAuthenticationRequired.isInstance(e)) {\n return Result.ok(await this._experimentalMfa(e, await this._getSession()));\n }\n throw e;\n }\n }\n\n async signInWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n }): Promise<Result<undefined, KnownErrors[\"EmailPasswordMismatch\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithCredential(options.email, options.password, session);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!options.noRedirect) {\n await this.redirectToAfterSignIn({ replace: true });\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async signUpWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n noVerificationCallback?: boolean,\n verificationCallbackUrl?: string,\n }): Promise<Result<undefined, KnownErrors[\"UserWithEmailAlreadyExists\"] \| KnownErrors['PasswordRequirementsNotMet'] \| KnownErrors[\"BotChallengeFailed\"]>> {\n if (options.noVerificationCallback && options.verificationCallbackUrl) {\n throw new StackAssertionError(\"verificationCallbackUrl is not allowed when noVerificationCallback is true\");\n }\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const emailVerificationRedirectUrl = options.noVerificationCallback ? undefined : options.verificationCallbackUrl ?? constructRedirectUrl(this.urls.emailVerification, \"verificationCallbackUrl\");\n\n const executeSignUp = async (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => {\n let result = await this._interface.signUpWithCredential(\n options.email,\n options.password,\n emailVerificationRedirectUrl,\n session,\n this._toInterfaceBotChallengeInput(challenge),\n );\n\n // If the auto-constructed redirect URL is not whitelisted, gracefully fall back\n // to signing up without email verification rather than failing.\n // If the user explicitly provided a verificationCallbackUrl, propagate the error.\n if (result.status === 'error' &&\n result.error instanceof KnownErrors.RedirectUrlNotWhitelisted &&\n emailVerificationRedirectUrl !== undefined) {\n if (!options.verificationCallbackUrl) {\n captureError(\"signup-verification-url-not-whitelisted\", new StackAssertionError(\"The auto-constructed verification callback URL is not whitelisted; proceeding without email verification\", { emailVerificationRedirectUrl }));\n\n result = await this._interface.signUpWithCredential(\n options.email,\n options.password,\n undefined, // No email verification\n session,\n this._toInterfaceBotChallengeInput(challenge),\n );\n }\n }\n\n return result;\n };\n\n let result;\n result = await this._executeResultWithBotChallengeFlow({\n action: \"sign_up_with_credential\",\n execute: executeSignUp,\n });\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!options.noRedirect) {\n await this.redirectToAfterSignUp({ replace: true });\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async _signUpAnonymously() {\n this._ensurePersistentTokenStore();\n\n if (!this._anonymousSignUpInProgress) {\n this._anonymousSignUpInProgress = (async () => {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const result = await this._interface.signUpAnonymously(session);\n if (result.status === \"ok\") {\n await this._signInToAccountWithTokens(result.data);\n } else {\n throw new StackAssertionError(\"signUpAnonymously() should never return an error\");\n }\n this._anonymousSignUpInProgress = null;\n return result.data;\n })();\n }\n\n return await this._anonymousSignUpInProgress;\n }\n\n async signInWithMagicLink(code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithMagicLink(code, session);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!(options?.noRedirect)) {\n if (result.data.newUser) {\n await this.redirectToAfterSignUp({ replace: true });\n } else {\n await this.redirectToAfterSignIn({ replace: true });\n }\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n /\n Initiates a CLI authentication process that allows a command line application\n * to get a refresh token for a user's account.\n \n This process works as follows:\n * 1. The CLI app calls this method, which initiates the auth process with the server\n * 2. The server returns a polling code and a login code\n * 3. The CLI app opens a browser window to the appUrl with the login code as a parameter\n * 4. The user logs in through the browser and confirms the authorization\n * 5. The CLI app polls for the refresh token using the polling code\n \n @param options Options for the CLI login\n * @param options.appUrl The URL of the app that will handle the CLI auth confirmation\n * @param options.expiresInMillis Optional duration in milliseconds before the auth attempt expires (default: 2 hours)\n * @param options.maxAttempts Optional maximum number of polling attempts (default: Infinity)\n * @param options.waitTimeMillis Optional time to wait between polling attempts (default: 2 seconds)\n * @param options.promptLink Optional function to call with the login URL and code to prompt the user to open the browser\n * @param options.anonRefreshToken Optional anonymous refresh token from the CLI's token store to associate with this login attempt\n * @returns Result containing either the refresh token or an error\n /\n async promptCliLogin(options: {\n appUrl: string,\n expiresInMillis?: number,\n maxAttempts?: number,\n waitTimeMillis?: number,\n promptLink?: (url: string, loginCode: string) => void,\n anonRefreshToken?: string,\n }): Promise<Result<string, KnownErrors[\"CliAuthError\"] \| KnownErrors[\"CliAuthExpiredError\"] \| KnownErrors[\"CliAuthUsedError\"]>> {\n // Step 1: Initiate the CLI auth process\n const response = await this._interface.sendClientRequest(\n \"/auth/cli\",\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n expires_in_millis: options.expiresInMillis,\n ...(options.anonRefreshToken != null ? { anon_refresh_token: options.anonRefreshToken } : {}),\n }),\n },\n null\n );\n\n if (!response.ok) {\n return Result.error(new KnownErrors.CliAuthError(`Failed to initiate CLI auth: ${response.status} ${await response.text()}`));\n }\n\n const initResult = await response.json();\n const pollingCode = initResult.polling_code;\n const loginCode = initResult.login_code;\n\n // Step 2: Open the browser for the user to authenticate and display the verification code\n const url = buildCliAuthConfirmUrl({\n cliAuthConfirmUrl: this.urls.cliAuthConfirm,\n appUrl: options.appUrl,\n loginCode,\n });\n if (options.promptLink) {\n options.promptLink(url, loginCode);\n } else {\n console.log(`Your verification code: ${loginCode}`);\n console.log(`Please visit the following URL to authenticate:\\n${url}`);\n }\n\n // Step 3: Poll for the token\n let attempts = 0;\n while (attempts < (options.maxAttempts ?? Infinity)) {\n attempts++;\n const pollResponse = await this._interface.sendClientRequest(\"/auth/cli/poll\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n polling_code: pollingCode,\n }),\n }, null);\n\n if (!pollResponse.ok) {\n return Result.error(new KnownErrors.CliAuthError(`Failed to initiate CLI auth: ${pollResponse.status} ${await pollResponse.text()}`));\n }\n const pollResult = await pollResponse.json();\n\n if (pollResponse.status === 201 && pollResult.status === \"success\") {\n return Result.ok(pollResult.refresh_token);\n }\n if (pollResult.status === \"waiting\") {\n await wait(options.waitTimeMillis ?? 2000);\n continue;\n }\n if (pollResult.status === \"expired\") {\n return Result.error(new KnownErrors.CliAuthExpiredError(\"CLI authentication request expired. Please try again.\"));\n }\n if (pollResult.status === \"used\") {\n return Result.error(new KnownErrors.CliAuthUsedError(\"This authentication token has already been used.\"));\n }\n return Result.error(new KnownErrors.CliAuthError(`Unexpected status from CLI auth polling: ${pollResult.status}`));\n }\n\n return Result.error(new KnownErrors.CliAuthError(\"Timed out waiting for CLI authentication.\"));\n }\n\n /\n * Completes the MFA sign-in process by verifying the provided OTP code\n * @param totp The TOTP (Time-based One-Time Password) provided by the user\n * @param code The Attempt code provided by the user\n * @param options Additional options for the sign-in process\n * @returns A Result indicating success or failure\n /\n async signInWithMfa(totp: string, code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithMfa(totp, code, session);\n });\n } catch (e) {\n if (e instanceof KnownErrors.InvalidTotpCode) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!(options?.noRedirect)) {\n if (result.data.newUser) {\n await this.redirectToAfterSignUp({ replace: true });\n } else {\n await this.redirectToAfterSignIn({ replace: true });\n }\n }\n return Result.ok(undefined);\n }\n return Result.error(result.error);\n }\n\n async signInWithPasskey(): Promise<Result<undefined, KnownErrors[\"PasskeyAuthenticationFailed\"] \| KnownErrors[\"InvalidTotpCode\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n const initiationResult = await this._interface.initiatePasskeyAuthentication({}, session);\n if (initiationResult.status !== \"ok\") {\n return Result.error(new KnownErrors.PasskeyAuthenticationFailed(\"Failed to get initiation options for passkey authentication\"));\n }\n\n const { options_json, code } = initiationResult.data;\n\n // HACK: Override the rpID to be the actual domain\n if (options_json.rpId !== \"THIS_VALUE_WILL_BE_REPLACED.example.com\") {\n throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rpId}`);\n }\n options_json.rpId = window.location.hostname;\n\n const authentication_response = await startAuthentication({ optionsJSON: options_json });\n return await this._interface.signInWithPasskey({ authentication_response, code }, session);\n });\n } catch (error) {\n if (error instanceof WebAuthnError) {\n return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));\n } else {\n // This should never happen\n return Result.error(new KnownErrors.PasskeyAuthenticationFailed(\"Failed to sign in with passkey\"));\n }\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n await this.redirectToAfterSignIn({ replace: true });\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n\n async callOAuthCallback() {\n if (typeof window === \"undefined\") {\n throw new Error(\"callOAuthCallback can currently only be called in a browser environment\");\n }\n this._ensurePersistentTokenStore();\n let oauthCallbackRedirectUri = this.urls.oauthCallback;\n const currentUrl = new URL(window.location.href);\n if (currentUrl.searchParams.get(crossDomainAuthQueryParams.marker) === \"1\") {\n currentUrl.searchParams.delete(\"code\");\n currentUrl.searchParams.delete(\"state\");\n oauthCallbackRedirectUri = currentUrl.toString();\n }\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await callOAuthCallback(this._interface, oauthCallbackRedirectUri);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n alert(\"Invalid TOTP code. Please try signing in again.\");\n return false;\n } else {\n throw e;\n }\n }\n if (result.status === 'ok' && result.data) {\n await this._signInToAccountWithTokens(result.data);\n // TODO fix afterCallbackRedirectUrl for MFA (currently not passed because /mfa/sign-in doesn't return it)\n // or just get rid of afterCallbackRedirectUrl entirely tbh\n if (\"afterCallbackRedirectUrl\" in result.data && result.data.afterCallbackRedirectUrl) {\n await this._redirectTo({ url: result.data.afterCallbackRedirectUrl, replace: true });\n return true;\n } else if (result.data.newUser) {\n await this.redirectToAfterSignUp({ replace: true });\n return true;\n } else {\n await this.redirectToAfterSignIn({ replace: true });\n return true;\n }\n }\n return false;\n }\n\n protected async _signOut(session: InternalSession, options?: { redirectUrl?: URL \| string }): Promise<void> {\n // Clear analytics buffers before sign-out to prevent cross-user event leakage\n this._eventTracker?.clearBuffer();\n this._sessionRecorder?.clearBuffer();\n\n await storeLock.withWriteLock(async () => {\n await this._interface.signOut(session);\n if (options?.redirectUrl) {\n await this._redirectTo({ url: options.redirectUrl, replace: true });\n } else {\n await this.redirectToAfterSignOut();\n }\n });\n }\n\n async signOut(options?: { redirectUrl?: URL \| string, tokenStore?: TokenStoreInit }): Promise<void> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n await user.signOut({ redirectUrl: options?.redirectUrl });\n }\n }\n\n async getAccessToken(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getAccessToken();\n }\n return null;\n }\n\n useAccessToken(options?: { tokenStore?: TokenStoreInit }): string \| null {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useAccessToken();\n }\n return null;\n }\n\n async getRefreshToken(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getRefreshToken();\n }\n return null;\n }\n\n useRefreshToken(options?: { tokenStore?: TokenStoreInit }): string \| null {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useRefreshToken();\n }\n return null;\n }\n\n async getAuthorizationHeader(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n return getAuthorizationHeaderValueFromAuthJson(await this.getAuthJson(options));\n }\n\n useAuthorizationHeader(options?: { tokenStore?: TokenStoreInit }): string \| null {\n return getAuthorizationHeaderValueFromAuthJson(this.useAuthJson(options));\n }\n\n async getAuthHeaders(options?: { tokenStore?: TokenStoreInit }): Promise<{ \"x-stack-auth\": string }> {\n return {\n \"x-stack-auth\": JSON.stringify(await this.getAuthJson(options)),\n };\n }\n\n useAuthHeaders(options?: { tokenStore?: TokenStoreInit }): { \"x-stack-auth\": string } {\n return {\n \"x-stack-auth\": JSON.stringify(this.useAuthJson(options)),\n };\n }\n\n async getAuthJson(options?: { tokenStore?: TokenStoreInit }): Promise<{ accessToken: string \| null, refreshToken: string \| null }> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getAuthJson();\n }\n return { accessToken: null, refreshToken: null };\n }\n\n useAuthJson(options?: { tokenStore?: TokenStoreInit }): { accessToken: string \| null, refreshToken: string \| null } {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useAuthJson();\n }\n return { accessToken: null, refreshToken: null };\n }\n\n async getProject(): Promise<Project> {\n const crud = Result.orThrow(await this._currentProjectCache.getOrWait([], \"write-only\"));\n return this._clientProjectFromCrud(crud);\n }\n\n useProject(): Project {\n const crud = useAsyncCache(this._currentProjectCache, [], \"clientApp.useProject()\");\n return useMemo(() => this._clientProjectFromCrud(crud), [crud]);\n }\n\n protected async _listOwnedProjects(session: InternalSession): Promise<AdminOwnedProject[]> {\n this._ensureInternalProject();\n const crud = Result.orThrow(await this._ownedProjectsCache.getOrWait([session], \"write-only\"));\n return crud.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(\n j,\n () => this._refreshOwnedProjects(session),\n ));\n }\n\n protected _useOwnedProjects(session: InternalSession): AdminOwnedProject[] {\n this._ensureInternalProject();\n const projects = useAsyncCache(this._ownedProjectsCache, [session], \"clientApp.useOwnedProjects()\");\n return useMemo(() => projects.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(\n j,\n () => this._refreshOwnedProjects(session),\n )), [projects]);\n }\n protected async _createProject(session: InternalSession, newProject: AdminProjectUpdateOptions & { displayName: string, teamId: string }): Promise<AdminOwnedProject> {\n this._ensureInternalProject();\n const crud = await this._interface.createProject(adminProjectCreateOptionsToCrud(newProject), session);\n const res = this._getOwnedAdminApp(crud.id, session)._adminOwnedProjectFromCrud(\n crud,\n () => this._refreshOwnedProjects(session),\n );\n await this._refreshOwnedProjects(session);\n return res;\n }\n\n protected async _refreshUser(session: InternalSession) {\n // TODO this should take a user ID instead of a session, and automatically refresh all sessions with that user ID\n await this._refreshSession(session);\n }\n\n protected async _refreshSession(session: InternalSession) {\n await Promise.all([\n this._currentUserCache.refresh([session]),\n this._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n // Suggest updating the access token so it contains the updated user/session data\n session.suggestAccessTokenExpired();\n }\n\n protected async _refreshUsers() {\n // nothing yet\n }\n\n protected async _refreshProject() {\n await this._currentProjectCache.refresh([]);\n }\n\n protected async _refreshOwnedProjects(session: InternalSession) {\n await this._ownedProjectsCache.refresh([session]);\n }\n\n static get [stackAppInternalsSymbol]() {\n return {\n fromClientJson: <HasTokenStore extends boolean, ProjectId extends string>(\n json: StackClientAppJson<HasTokenStore, ProjectId>\n ): StackClientApp<HasTokenStore, ProjectId> => {\n const providedCheckString = JSON.stringify(omit(json, [/ none currently */]));\n const existing = allClientApps.get(json.uniqueIdentifier);\n if (existing) {\n const [existingCheckString, clientApp] = existing;\n if (existingCheckString !== undefined && existingCheckString !== providedCheckString) {\n throw new StackAssertionError(\"The provided app JSON does not match the configuration of the existing client app with the same unique identifier\", { providedObj: json, existingString: existingCheckString });\n }\n return clientApp as any;\n }\n\n const { analytics, ...restJson } = omit(json, [\"uniqueIdentifier\"]);\n return new _StackClientAppImplIncomplete<HasTokenStore, ProjectId>({\n ...restJson as any,\n analytics: analyticsOptionsFromJson(analytics),\n }, {\n uniqueIdentifier: json.uniqueIdentifier,\n checkString: providedCheckString,\n });\n }\n };\n }\n\n get [stackAppInternalsSymbol]() {\n return {\n toClientJson: (): StackClientAppJson<HasTokenStore, ProjectId> => {\n if (typeof this._redirectMethod !== \"string\") {\n throw new StackAssertionError(\"Cannot serialize to JSON from an application with a non-string redirect method\");\n }\n\n const publishableClientKey = \"publishableClientKey\" in this._interface.options\n ? this._interface.options.publishableClientKey\n : undefined;\n\n return {\n baseUrl: this._options.baseUrl,\n projectId: this.projectId,\n ...(publishableClientKey != null ? { publishableClientKey } : {}),\n tokenStore: this._tokenStoreInit,\n urls: this._urlOptions,\n oauthScopesOnSignIn: this._oauthScopesOnSignIn,\n uniqueIdentifier: this._getUniqueIdentifier(),\n redirectMethod: this._redirectMethod,\n extraRequestHeaders: this._options.extraRequestHeaders,\n devTool: this._options.devTool,\n analytics: analyticsOptionsToJson(this._analyticsOptions),\n };\n },\n setCurrentUser: (userJsonPromise: Promise<CurrentUserCrud['Client']['Read'] \| null>) => {\n runAsynchronously(async () => {\n await this._currentUserCache.forceSetCachedValueAsync([await this._getSession()], Result.fromPromise(userJsonPromise));\n });\n },\n getConstructorOptions: () => this._options,\n sendSessionReplayBatch: async (body: string, options: { keepalive: boolean }) => {\n return await this._interface.sendSessionReplayBatch(body, await this._getSession(), options);\n },\n sendAnalyticsEventBatch: async (body: string, options: { keepalive: boolean }) => {\n return await this._interface.sendAnalyticsEventBatch(body, await this._getSession(), options);\n },\n addRequestListener: (listener: RequestListener) => {\n return this._interface.addRequestListener(listener);\n },\n sendRequest: async (\n path: string,\n requestOptions: RequestInit,\n requestType: \"client\" \| \"server\" \| \"admin\" = \"client\",\n ) => {\n return await this._interface.sendClientRequest(path, requestOptions, await this._getSession(), requestType);\n },\n getRedirectMethod: () => this._redirectMethod ?? throwErr(\"Redirect method should have been initialized in the Stack client app constructor\"),\n redirectToUrl: async (url: string \| URL, options?: { replace?: boolean }) => {\n await this._redirectTo({ url, ...options });\n },\n refreshOwnedProjects: async () => {\n await this._refreshOwnedProjects(await this._getSession());\n },\n signInWithTokens: async (tokens: { accessToken: string, refreshToken: string }) => {\n await this._signInToAccountWithTokens(tokens);\n },\n };\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4EA,MAAM,oCAAoC,OAAU;AAEpD,MAAM,gCAAgB,IAAI,KAA+E;AACzG,MAAM,mCAAmC;AAEzC,SAAS,wCAAwC,UAAsF;AACrI,KAAI,SAAS,eAAe,QAAQ,SAAS,gBAAgB,KAC3D,QAAO;AAIT,QAAO,UAAU,mCADO,aAAa,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,SAAS,CAAC,CAAC;;AAI1F,SAAS,wCAAwC,0BAAsG;CACrJ,MAAM,QAAQ,yBAAyB,MAAM,mBAAmB;AAChE,KAAI,SAAS,KACX,QAAO;CAGT,MAAM,aAAa,MAAM,GAAG,MAAM;AAClC,KAAI,CAAC,WAAW,WAAW,iCAAiC,CAC1D,QAAO;CAGT,MAAM,kBAAkB,WAAW,MAAM,GAAwC;AACjF,KAAI,gBAAgB,WAAW,EAC7B,OAAM,IAAI,MAAM,4FAA4F;CAG9G,IAAI;AACJ,KAAI;EACF,MAAM,kBAAkB,IAAI,aAAa,CAAC,OAAO,aAAa,gBAAgB,CAAC;AAC/E,WAAS,KAAK,MAAM,gBAAgB;UAC7B,GAAG;AACV,QAAM,IAAI,MAAM,2CAA2C,EAAE,OAAO,GAAG,CAAC;;AAG1E,KAAI,UAAU,QAAQ,OAAO,WAAW,YAAY,MAAM,QAAQ,OAAO,CACvE,OAAM,IAAI,MAAM,+DAA+D;CAGjF,MAAM,cAAc,QAAQ,IAAI,QAAQ,cAAc;CACtD,MAAM,eAAe,QAAQ,IAAI,QAAQ,eAAe;AACxD,KAAI,eAAe,QAAQ,OAAO,gBAAgB,SAChD,OAAM,IAAI,MAAM,mFAAmF;AAErG,KAAI,gBAAgB,QAAQ,OAAO,iBAAiB,SAClD,OAAM,IAAI,MAAM,oFAAoF;AAGtG,QAAO;EACL,aAAa,eAAe;EAC5B,cAAc,gBAAgB;EAC/B;;AAGH,SAAS,qCAAqC,SAAiC,MAA6B;AAC1G,KAAI,SAAS,WAAW,OAAO,QAAQ,QAAQ,WAC7C,QAAO,QAAQ,IAAI,KAAK;CAG1B,MAAM,gBAAgB,KAAK,aAAa;AACxC,MAAK,MAAM,CAAC,YAAY,gBAAgB,OAAO,QAAQ,QAAQ,CAC7D,KAAI,WAAW,aAAa,KAAK,cAC/B,QAAO;AAGX,QAAO;;AAGT,SAAS,8BAA8B,MAA6B;CAClE,MAAM,EAAE,qBAAqB;AAC7B,KAAI,oBAAoB,KACtB,OAAM,IAAI,oBAAoB,4EAA4E;AAE5G,QAAO,iBAAiB,KAAK,IAAI;;AAGnC,eAAe,uBAA+C;AAC5D,QAAO,8BAA8B,OAAO;;AAK9C,IAAa,gCAAb,MAAa,8BAAoJ;;+BAQhC,EAAE,OAAO,QAAW;;CAkSnJ,MAAgB,oBAAoB,wBAAgE;EAClG,MAAM,iBAAiB,2BAA2B,SAAY,KAAK,kBAAkB;AACrF,MAAI,mBAAmB,mBAAmB,mBAAmB,SAC3D,QAAO,MAAM,oBAAoB;MAEjC,QAAO,MAAM,+BAA+B;;;CAKhD,MAAgB,+BAA+B,SAM8E;EAC3H,MAAM,OAAO,MAAM,QAAQ,SAAS;EACpC,IAAI,gBAAgB;AACpB,MAAI,CAAC,QAAQ,CAAC,KAAK,gBAAgB,MAAM,MAAM,EAAE,OAAO,QAAQ,WAAW,CACzE,iBAAgB;AAIlB,MAAI,CADU,MAAM,QAAQ,qBAAqB,CAE/C,iBAAgB;AAGlB,MAAI,CAAC,iBAAiB,QAAQ,UAAU;AACtC,OAAI,CAAC,QAAQ,QACX,OAAM,IAAI,MAAM,QAAQ;;;;UAItB;GAEJ,MAAM,WAAW,MAAM,8BACrB,KAAK,YACL;IACE,UAAU,QAAQ;IAClB,aAAa,KAAK,KAAK;IACvB,kBAAkB,KAAK,KAAK;IAC5B,eAAe,kBAAkB,QAAQ,SAAS,KAAK,KAAK,qBAAqB,QAAQ,eAAe,EAAE,EAAE,KAAK,IAAI,CAAC;IACvH,EACD,QAAQ,QACT;AACD,SAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,UAAO,MAAM,cAAc;aAClB,CAAC,cACV,QAAO;EAMT,MAAM,oBADmB,KAAM,gBAAgB,MAAM,MAAM,EAAE,OAAO,QAAQ,WAAW,EAC3C,cAAc;AAE1D,SAAO;GACL,IAAI,QAAQ;GACZ,UAAU,QAAQ;GAClB;GACA,MAAM,iBAAiB;IACrB,MAAM,SAAS,MAAM,QAAQ,qBAAqB;AAClD,QAAI,CAAC,OACH,OAAM,IAAI,oBAAoB,4EAA4E,QAAQ,WAAW,uLAAuL;AAEtT,WAAO;;GAET,iBAAiB;IACf,MAAM,SAAS,QAAQ,eAAe;AACtC,QAAI,CAAC,OACH,OAAM,IAAI,oBAAoB,4EAA4E,QAAQ,WAAW,uLAAuL;AAEtT,WAAO;;GAEV;;CAGH,AAAU,mCACR,MACA,SACiB;EACjB,MAAM,MAAM;EACZ,MAAM,aAAa,KAAK;EACxB,MAAM,oBAAoB,KAAK;AAC/B,SAAO;GACL,IAAI;GACJ,UAAU;GACV;GACA,MAAM,eAAe,SAAiC;IACpD,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,SAAS,OAAO,QAAQ,MAAM,IAAI,sDAAsD,UAAU;KAAC;KAAS;KAAY;KAAmB;KAAY,EAAE,aAAa,CAAC;AAC7K,QAAI,CAAC,QAAQ;KACX,MAAM,cAAc,cAAc,yBAAyB,YAAY,8CAA8C;AACrH,YAAO,OAAO,MAAM,IAAI,YAAY,6BAA6B,YAAY,GAAG,YAAY,6GAA6G,CAAC;;AAE5M,WAAO,OAAO,GAAG,OAAO;;GAE1B,eAAe,SAAiC;IAC9C,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,SAAS,cAAc,IAAI,uDAAuD;KAAC;KAAS;KAAY;KAAmB;KAAY,EAAW,8BAA8B;AACtL,QAAI,CAAC,QAAQ;KACX,MAAM,cAAc,cAAc,yBAAyB,YAAY,8CAA8C;AACrH,YAAO,OAAO,MAAM,IAAI,YAAY,6BAA6B,YAAY,GAAG,YAAY,6GAA6G,CAAC;;AAE5M,WAAO,OAAO,GAAG,OAAO;;GAE3B;;CAGH,YAAY,SAAqE,cAAsG;2BA5YrI;0BAQC;uBACN;0CAEF;yBACR,IAAI,iBAAyF;2BAE3F,qBAAqB,OAAO,YAAY;AAC3E,OAAI,KAAK,iCACP,OAAM,KAAK,IAAK;AAElB,OAAI,QAAQ,oBAAoB,CAiB9B,QAAO;AAET,UAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ;IAC1D;8BACsC,YAAY,YAAY;AAC9D,UAAO,OAAO,QAAQ,MAAM,KAAK,WAAW,kBAAkB,CAAC;IAC/D;6BACqC,qBAAqB,OAAO,YAAY;AAC7E,UAAO,MAAM,KAAK,WAAW,aAAa,QAAQ;IAClD;sCAC8C,qBAG9C,OAAO,SAAS,CAAC,QAAQ,eAAe;AACxC,UAAO,MAAM,KAAK,WAAW,+BAA+B;IAAE;IAAQ;IAAW,EAAE,QAAQ;IAC3F;6CACqD,qBAGrD,OAAO,SAAS,CAAC,eAAe;AAChC,UAAO,MAAM,KAAK,WAAW,kCAAkC,EAAE,WAAW,EAAE,QAAQ;IACtF;gCACwC,qBAAqB,OAAO,YAAY;AAChF,UAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ;IAC1D;sDAE8D,qBAC9D,OAAO,SAAS,CAAC,YAAY,WAAW;AACtC,OAAI;AAEF,WAAO,EAAE,cADM,MAAM,KAAK,WAAW,0BAA0B,YAAY,SAAS,IAAI,QAAQ,EACnE,cAAc;YACpC,KAAK;AACZ,QAAI,EAAE,YAAY,wCAAwC,WAAW,IAAI,IAAI,YAAY,kCAAkC,WAAW,IAAI,EACxI,OAAM;;AAGV,UAAO;IAEV;0CAEmD,qBAClD,OAAO,SAAS,CAAC,YAAY,OAAO,cAAc;AAChD,UAAO,MAAM,KAAK,+BAA+B;IAC/C,SAAS,YAAY,OAAO,QAAQ,MAAM,KAAK,kBAAkB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;IACpG,qBAAqB,YAAY,OAAO,QAAQ,MAAM,KAAK,6CAA6C,UAAU;KAAC;KAAS;KAAY,SAAS;KAAG,EAAW,aAAa,CAAC;IAC7K,qBAAqB,cAAc,KAAK,8CAA8C;KAAC;KAAS;KAAY,SAAS;KAAG,EAAW,8BAA8B;IACjK;IACA;IACA;IACA;IACD,CAAC;IAEL;4CACqD,qBACpD,OAAO,YAAY;AAEjB,WADe,MAAM,KAAK,WAAW,sBAAsB,QAAQ,EACrD,MAAM,KAAK,SAAS,KAAK,mCAAmC,MAAM,QAAQ,CAAC;IAE5F;+DACwE,qBACvE,OAAO,SAAS,CAAC,YAAY,mBAAmB,WAAW;AACzD,OAAI;AAEF,WAAO,EAAE,cADM,MAAM,KAAK,WAAW,mCAAmC,YAAY,mBAAmB,OAAO,QAAQ,EACzF,cAAc;YACpC,KAAK;AACZ,QAAI,YAAY,wCAAwC,WAAW,IAAI,IAAI,YAAY,kCAAkC,WAAW,IAAI,CACtI,QAAO;AAET,UAAM;;IAGX;2DACoE,qBACnE,OAAO,SAAS,CAAC,UAAU,iBAAiB;GAE1C,MAAM,mBADoB,OAAO,QAAQ,MAAM,KAAK,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC/E,QAAO,MAAK,EAAE,aAAa,SAAS;GAC/E,MAAM,SAAS,cAAc,YAAY,MAAM,IAAI,GAAG;AAEtD,QAAK,MAAM,WAAW,iBAEpB,MADoB,MAAM,QAAQ,eAAe,EAAE,QAAQ,CAAC,EAC5C,WAAW,KACzB,QAAO;GAIX,MAAM,WAAW,MAAM,8BACrB,KAAK,YACL;IACE;IACA,aAAa,KAAK,KAAK;IACvB,kBAAkB,KAAK,KAAK;IAC5B,eAAe,kBAAkB,cAAc,KAAK,qBAAqB,aAA6B,EAAE,EAAE,KAAK,IAAI,CAAC;IACrH,EACD,QACD;AACD,SAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,UAAO,MAAM,cAAc;IAE9B;kCAC2C,qBAC1C,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,uBAAuB,EAAE,QAAQ,EAAE,QAAQ;IAE3E;+BACwC,qBACvC,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,oBAAoB,EAAE,QAAQ,EAAE,QAAQ;IAExE;sCAC+C,qBAC9C,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,qBAAqB;IAAE;IAAQ,QAAQ;IAAM,EAAE,QAAQ;IAEvF;0CACmD,qBAAqB,OAAO,YAAY;AAC1F,UAAO,MAAM,KAAK,WAAW,+BAA+B,QAAQ;IACpE;qCAC6C,qBAC7C,OAAO,YAAY;AACjB,UAAO,MAAM,KAAK,WAAW,0BAA0B,QAAQ;IAElE;2BAEoC,qBACnC,OAAO,YAAY;AAEjB,UADgB,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,SAAS,SAAS;IAGjG;2BAEoC,qBACnC,OAAO,SAAS,CAAC,YAAY;AAE3B,UADgB,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,QAAQ,EAAE,SAAS,SAAS;IAGnG;sCAE+C,qBAC9C,OAAO,YAAY;AAEjB,UADgB,MAAM,KAAK,WAAW,2BAA2B,QAAQ;IAG5E;yCAEkD,qBACjD,OAAO,YAAY;AACjB,UAAO,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,QAAQ;IAE9E;wBAEiC,qBAChC,OAAO,SAAS,CAAC,QAAQ,YAAY;AACnC,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAQ;IAAQ,EAAE,QAAQ;IAEpE;wBAEiC,qBAChC,OAAO,SAAS,CAAC,QAAQ,YAAY;AACnC,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAQ;IAAQ,EAAE,QAAQ;IAEpE;0BAEmC,qBAClC,OAAO,SAAS,CAAC,kBAAkB,YAAY;AAC7C,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAkB;IAAQ,EAAE,QAAQ;IAE9E;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;8BAEuC,qBACtC,OAAO,SAAS,CAAC,kBAAkB,QAAQ,WAAW;AACpD,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;+BAEwC,qBAUvC,OAAO,SAAS,CAAC,cAAc,gBAAgB;AAC7C,UAAO,MAAM,KAAK,WAAW,mBAAmB,cAAc,YAAY,QAAQ;IAErF;iCAE0C,YACzC,OAAO,CAAC,SAAS,MAAM,KAAK,0BAA0B,IAAW,CAClE;mCAE4C,YAC3C,OAAO,CAAC,YAAY,MAAM,KAAK,wBAAwB,OAAO,CAC/D;oCAEmG;6CACrB;sDACxB;gDACN;2BAwOnB,uBAAuB;uDACX,IAAI,SAAqC;6CACnD,IAAI,SAA0C;wCACR;6CAChB;4DA0aT,IAAI,SAA2D;qCA+kCtE;EApnDpC,MAAM,kBAAkB,0BAA0B,QAAQ;AAE1D,MAAI,CAAC,8BAA8B,sBAAsB,MACvD,OAAM,IAAI,oBAAoB,4SAA4S;AAG5U,OAAK,WAAW;AAChB,OAAK,gBAAgB;EAErB,MAAM,YAAY,gBAAgB,aAAa,qBAAqB;AACpE,MAAI,cAAc,cAAc,CAAE,UAAU,MAAM,8EAA8E,CAC9H,OAAM,IAAI,MAAM,uBAAuB,UAAU,4FAA4F;EAG/I,MAAM,uBAAuB,gBAAgB,wBAAwB,gCAAgC;AAErG,MAAI,gBAAgB,aAAa,UAC/B,MAAK,aAAa,aAAa;OAC1B;GACL,MAAM,UAAU,eAAe,gBAAgB,QAAQ;AACvD,QAAK,aAAa,IAAI,qBAAqB;IACzC,kBAAkB,SAAS,CAAC;IAC5B,2BAA2B,oBAAoB,SAAS,CAAC,GAAG;IAC5D,YAAY;IACZ,qBAAqB,gBAAgB,uBAAuB,+BAA+B;IAC3F;IACA;IACA,GAAI,wBAAwB,OAAO,EAAE,sBAAsB,GAAG,EAAE;IAChE,gBAAgB,YAAY;IAE7B,CAAC;;AAGJ,OAAK,kBAAkB,gBAAgB;AACvC,OAAK,kBAAkB,gBAAgB,mBAAmB,eAAe,GAAG,WAAW;AACvF,OAAK,kBAAkB,gBAAgB,kBAAkB;AACzD,OAAK,cAAc,gBAAgB,QAAQ,EAAE;AAC7C,OAAK,uBAAuB,gBAAgB,uBAAuB,EAAE;AACrE,MAAI,eAAe,KAAK,gBAAgB,eAAe,YAAY,gBAAgB,eAAe,kBAAkB;AAClH,qBAAkB,KAAK,0BAA0B,UAAU,CAAC,OAAO,SAAS,SAAS,EAAE,aAAa,CAAC;AACrG,QAAK,mCAAmC;;AAG1C,MAAI,gBAAgB,aAAa,kBAAkB;AACjD,QAAK,oBAAoB,aAAa;AACtC,QAAK,uBAAuB;;AAG9B,OAAK,oBAAoB,gBAAgB;EAEzC,MAAM,sBAAsB,YAAsC;AAChE,QAAK,6BAA6B;AAElC,OADoB,MAAM,KAAK,eAAe;IAAE,MAAM;IAAS,IAAI;IAAuB,CAAC,CAEzF,QAAO,MAAM,KAAK,aAAa;AAGjC,WADiB,MAAM,KAAK,QAAQ,EAAE,IAAI,aAAa,CAAC,EACxC;;EAGlB,MAAM,mBAAmB,KAAK,mBAAmB,YAAY;AAE7D,MAAI,oBAAoB,eAAe,IAAI,KAAK,0BAA0B,IAAI,KAAK,mBAAmB,SAAS,YAAY,MAAM;AAC/H,QAAK,mBAAmB,IAAI,gBAAgB;IAC1C,WAAW,KAAK;IAChB,WAAW,OAAO,MAAM,SAAS;AAC/B,YAAO,MAAM,KAAK,WAAW,uBAAuB,MAAM,MAAM,qBAAqB,EAAE,KAAK;;IAE/F,EAAE,KAAK,kBAAkB,QAAQ;AAClC,QAAK,iBAAiB,OAAO;;AAG/B,MAAI,oBAAoB,eAAe,IAAI,KAAK,0BAA0B,EAAE;AAC1E,QAAK,gBAAgB,IAAI,aAAa;IACpC,WAAW,KAAK;IAChB,WAAW,OAAO,MAAM,SAAS;AAC/B,YAAO,MAAM,KAAK,WAAW,wBAAwB,MAAM,MAAM,qBAAqB,EAAE,KAAK;;IAEhG,CAAC;AACF,QAAK,cAAc,OAAO;;AAG5B,MAAI,eAAe,IAAI,gBAAgB,YAAY,MACjD,cAAa,KAAY;;CAI7B,AAAU,wBAAwB;AAChC,MAAI,CAAC,KAAK,kBACR,OAAM,IAAI,oBAAoB,oCAAoC;AAEpE,MAAI,cAAc,IAAI,KAAK,kBAAkB,CAC3C,OAAM,IAAI,oBAAoB,oEAAoE;AAEpG,gBAAc,IAAI,KAAK,mBAAmB,CAAC,KAAK,eAAe,eAAe,QAAW,KAAK,CAAC;;;;;;;CAQjG,AAAU,uBAAuB;AAC/B,MAAI,CAAC,KAAK,mBAAmB;AAC3B,QAAK,oBAAoB,cAAc;AACvC,QAAK,uBAAuB;;AAE9B,SAAO,KAAK;;CAGd,MAAgB,qBAAqB,MAAc,SAAc;AAC/D,SAAO,MAAM,KAAK,WAAW,oBAAoB;GAAE,GAAG;GAAS;GAAM,CAAC;;CAGxE,AAAU,wBAAwB,MAAc,SAAqB;AACnE,oBAAkB,KAAK,qBAAqB,MAAM,QAAQ,CAAC;AAC3D,QAAM,IAAI,oBAAoB,GAAG,KAAK,sFAAsF;;CAQ9H,IAAc,gCAAgC;AAC5C,SAAO,iBAAiB,KAAK;;CAE/B,IAAc,0BAA0B;AACtC,SAAO,iBAAiB,KAAK;;CAE/B,AAAQ,2CAA2C,QAAyB;AAC1E,SAAO,GAAG,SAAS,YAAY,KAAK,KAAK,wBAAwB;;CAEnE,AAAQ,4BAA4B,QAAwB;EAC1D,MAAM,UAAU,aAAa,IAAI,aAAa,CAAC,OAAO,OAAO,aAAa,CAAC,CAAC;AAC5E,SAAO,GAAG,KAAK,wBAAwB,WAAW;;CAEpD,AAAQ,sCAAsC,MAA6B;EACzE,MAAM,SAAS,GAAG,KAAK,wBAAwB;AAC/C,MAAI,CAAC,KAAK,WAAW,OAAO,CAAE,QAAO;AACrC,MAAI;AACF,UAAO,IAAI,aAAa,CAAC,OAAO,aAAa,KAAK,MAAM,OAAO,OAAO,CAAC,CAAC;UAClE;AACN,UAAO;;;CAGX,AAAQ,0BAA0B,cAAsB,WAA2B;AACjF,SAAO,KAAK,UAAU;GACpB,eAAe;GACf,mBAAmB;GACpB,CAAC;;CAEJ,AAAQ,yBAAyB,cAA6B,aAA2C;AACvG,SAAO,gBAAgB,cAAc,KAAK,UAAU,CAAC,cAAc,YAAY,CAAC,GAAG;;CAErF,AAAQ,8BAA8B,OAAsF;AAC1H,MAAI,CAAC,MACH,QAAO;EAET,MAAM,SAAS,UAAU,MAAM;AAC/B,MAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,SAAS,YAAY,OAAO,SAAS,MAAM;AACrF,WAAQ,KAAK,4CAA4C;AACzD,UAAO;;EAET,MAAM,OAAO,OAAO;EACpB,MAAM,eAAe,mBAAmB,QAAQ,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;EAC9G,MAAM,YAAY,uBAAuB,QAAQ,OAAO,KAAK,sBAAsB,WAAW,KAAK,oBAAoB;AACvH,MAAI,CAAC,cAAc;AACjB,WAAQ,KAAK,uDAAuD;AACpE,UAAO;;AAET,SAAO;GACL;GACA;GACD;;CAGH,AAAQ,kCAAkC,SAAoF;EAC5H,MAAM,EAAE,aAAa,uBAAuB,KAAK,oCAAoC;AACrF,OAAK,MAAM,QAAQ,aAAa;GAC9B,MAAM,QAAQ,QAAQ;AACtB,OAAI,MACF,QAAO;IAAE,cAAc;IAAO,WAAW;IAAM;;EAInD,IAAI,WAAsE;AAC1E,OAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,EAAE;AACnD,OAAI,CAAC,mBAAmB,MAAK,WAAU,KAAK,WAAW,OAAO,CAAC,CAAE;GACjE,MAAM,SAAS,KAAK,8BAA8B,MAAM;AACxD,OAAI,CAAC,OAAQ;GACb,MAAM,qBAAqB,OAAO,aAAa,OAAO;GACtD,MAAM,oBAAoB,UAAU,aAAa,OAAO;AACxD,OAAI,CAAC,YAAY,qBAAqB,kBACpC,YAAW;;AAIf,MAAI,CAAC,SACH,QAAO;GAAE,cAAc;GAAM,WAAW;GAAM;AAGhD,SAAO;GACL,cAAc,SAAS;GACvB,WAAW,SAAS,aAAa;GAClC;;CAEH,AAAU,sBAAsB,SAAsC;EACpE,MAAM,EAAE,iBAAiB,KAAK,kCAAkC,QAAQ;EACxE,MAAM,oBAAoB,QAAQ,KAAK,2BAA2B;EAClE,IAAI,cAA6B;AACjC,MAAI,qBAAqB,kBAAkB,WAAW,MAAM,EAAE;GAC5D,MAAM,SAAS,UAAU,kBAAkB;AAC3C,OACE,OAAO,WAAW,QAClB,OAAO,OAAO,SAAS,YACvB,OAAO,SAAS,QAChB,MAAM,QAAQ,OAAO,KAAK,IAC1B,OAAO,KAAK,WAAW,KACvB,OAAO,OAAO,KAAK,OAAO,YAC1B,OAAO,OAAO,KAAK,OAAO,UAE1B;QAAI,OAAO,KAAK,OAAO,aACrB,eAAc,OAAO,KAAK;SAG5B,SAAQ,KAAK,yCAAyC;;AAG1D,SAAO;GACL;GACA;GACD;;CAEH,IAAc,yBAAyB;AAKrC,SAAO;;CAET,AAAQ,wBAAwC;AAC9C,MAAI,CAAC,eAAe,CAClB,OAAM,IAAI,oBAAoB,4CAA4C;AAE5E,SAAO,OAAO,YAAY,SAAS,UAAU,GAAG;;CAElD,AAAQ,qCAA8F;AACpG,SAAO;GACL,aAAa,CAAC,KAAK,+BAA+B,gBAAgB;GAClE,oBAAoB,CAClB,GAAG,KAAK,wBAAwB,KAChC,UAAU,KAAK,wBAAwB,IACxC;GACF;;CAEH,AAAQ,gCAAgC,SAAsC;EAC5E,MAAM,EAAE,aAAa,uBAAuB,KAAK,oCAAoC;EACrF,MAAM,wBAAQ,IAAI,KAAa;AAC/B,OAAK,MAAM,QAAQ,YACjB,KAAI,QAAQ,MACV,OAAM,IAAI,KAAK;AAGnB,OAAK,MAAM,QAAQ,OAAO,KAAK,QAAQ,CACrC,KAAI,mBAAmB,MAAK,WAAU,KAAK,WAAW,OAAO,CAAC,CAC5D,OAAM,IAAI,KAAK;AAGnB,SAAO;;CAET,AAAQ,4BACN,iBACA,cACA,aACA,mBACA;EACA,MAAM,cAAc,KAAK,gCAAgC,gBAAgB;AACzE,cAAY,OAAO,kBAAkB;EACrC,MAAM,YAAY,eAAe,KAAK,KAAK,GAAG;AAG9C,SAAO;GACL;GACA,oBAJyB,gBAAgB,cAAc,OAAO,KAAK,0BAA0B,cAAc,UAAU,GAAG;GAKxH,oBAJyB,KAAK,yBAAyB,cAAc,YAAY;GAKjF,qBAAqB,CAAC,GAAG,YAAY;GACtC;;CAGH,AAAQ,oCAAoC;AAC1C,oBAAkB,YAAY;GAC5B,MAAM,WAAW,OAAO,SAAS;GACjC,MAAM,SAAS,MAAM,KAAK,0BAA0B,UAAU,CAAC,SAAS,EAAE,aAAa;AACvF,OAAI,OAAO,WAAW,WAAW,CAAC,OAAO,KACvC;GAEF,MAAM,UAAU,KAAK,uBAAuB;GAC5C,MAAM,mBAAmB,KAAK,4BAA4B,OAAO,KAAK;AACtE,OAAI,QAAQ,kBACV;GAEF,MAAM,EAAE,cAAc,cAAc,KAAK,kCAAkC,QAAQ;AACnF,OAAI,gBAAgB,UAElB,yBAAwB,kBADV,KAAK,0BAA0B,cAAc,UAAU,EACpB;IAAE,QAAQ,OAAU,KAAK;IAAK,QAAQ,OAAO;IAAM,CAAC;IAEvG;;CAEJ,AAAQ,gCAAgC,cAA6B,WAA0B,SAA+B;AAC5H,oBAAkB,YAAY;AAC5B,QAAK;GACL,MAAM,cAAc,KAAK;GACzB,IAAI;AACJ,OAAI,eAAe,CACjB,YAAW,OAAO,SAAS;OAE3B,YAAW,MAAM,sBAAsB;AAEzC,OAAI,CAAC,UAAU;AACb,YAAQ,KAAK,+DAA+D;AAC5E;;GAEF,MAAM,SAAS,MAAM,KAAK,0BAA0B,UAAU,CAAC,SAAS,EAAE,aAAa;GAEvF,MAAM,gBAAgB;IAAE,QAAQ,OAAU,KAAK;IAAK,uBAAuB;IAAM;GACjF,MAAM,YAAY,OAAO,cAAsB,UAAyB;IACtE,MAAM,OAAO,KAAK,4BAA4B,aAAa;IAC3D,MAAM,UAAU;KAAE,GAAG;KAAe,QAAQ;KAAc;AAC1D,QAAI,YAAY,UACd,yBAAwB,MAAM,OAAO,QAAQ;QAE7C,OAAM,kBAAkB,MAAM,OAAO,QAAQ;;AAIjD,OAAI,OAAO,WAAW,WAAW,CAAC,OAAO,QAAQ,gBAAgB,KAAK,oCACpE;GAEF,MAAM,QAAQ,gBAAgB,YAAY,KAAK,0BAA0B,cAAc,UAAU,GAAG;AACpG,SAAM,UAAU,OAAO,MAAM,MAAM;GACnC,MAAMA,aAAW,MAAMC,UAAuB;AAC9C,SAAM,kBAAkB,KAAK,2CAA2CD,WAAS,EAAE,MAAM,cAAc;IACvG;;CAEJ,MAAc,wBAAwB,eAA+C;EAEnF,MAAM,UADU,OAAO,QAAQ,MAAM,KAAK,WAAW,kBAAkB,CAAC,CAChD,OAAO,QAAQ,KAAI,MAAK,EAAE,OAAO,MAAM,CAAC,QAAQ,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,aAAa,CAAC;EACzH,MAAM,mBAAmB,QAAQ,QAAO,MAAK,EAAE,WAAW,MAAM,CAAC;EACjE,MAAM,QAAQ,cAAc,MAAM,IAAI;AACtC,OAAK,IAAI,IAAI,MAAM,SAAS,GAAG,KAAK,GAAG,KAAK;GAC1C,MAAM,eAAe,MAAM,MAAM,EAAE,CAAC,KAAK,IAAI;AAC7C,OAAI,QAAQ,SAAS,aAAa,IAAI,iBAAiB,SAAS,QAAQ,aAAa,CACnF,QAAO;;AAIX,SAAO;;CAGT,AAAU,8BAAkD;AAC1D,MAAI,CAAC,eAAe,CAClB,OAAM,IAAI,MAAM,+CAA+C;AAGjE,MAAI,KAAK,mCAAmC,MAAM;GAChD,MAAM,mBAAmB,QAA4B;IACnD,MAAM,SAAS,KAAK,sBAAsB,KAAK,uBAAuB,CAAC;AACvE,WAAO;KACL,cAAc,OAAO;KACrB,aAAa,OAAO,gBAAgB,KAAK,iBAAiB,OAAO,eAAe,IAAI,cAAc;KACnG;;AAEH,QAAK,iCAAiC,IAAI,MAAmB,gBAAgB,KAAK,CAAC;GACnF,IAAI,wBAAwB;AAE5B,qBAAkB;AAChB,QAAI,uBAAuB;KACzB,MAAM,WAAW,KAAK,+BAAgC,KAAK;KAC3D,MAAM,eAAe,gBAAgB,SAAS;AAC9C,SAAI,CAAC,gBAAgB,cAAc,SAAS,CAC1C,MAAK,+BAAgC,IAAI,aAAa;;MAGzD,IAAI;AACP,QAAK,+BAA+B,UAAU,UAAU;AACtD,QAAI;KACF,MAAM,eAAe,MAAM;KAC3B,MAAM,SAAS,OAAO,SAAS,aAAa;KAC5C,MAAM,cAAc,KAAK,2CAA2C,OAAO;KAC3E,MAAM,EAAE,WAAW,oBAAoB,oBAAoB,wBAAwB,KAAK,4BACtF,KAAK,uBAAuB,EAC5B,cACA,MAAM,eAAe,MACrB,YACD;AACD,6BAAwB,aAAa,oBAAoB;MAAE,QAAQ,OAAU,KAAK;MAAK;MAAQ,CAAC;AAChG,6BAAwB,KAAK,wBAAwB,oBAAoB,EAAE,QAAQ,OAAU,IAAI,CAAC;AAClG,yBAAoB,SAAS,SAAS;MACpC,MAAM,SAAS,KAAK,sCAAsC,KAAK;AAC/D,yBAAmB,MAAM,SAAS,EAAE,QAAQ,GAAG,EAAE,CAAC;OAClD;AACF,UAAK,gCAAgC,cAAc,WAAW,UAAU;AACxE,6BAAwB;aACjB,GAAG;AACV,SAAI,CAAC,eAAe,CAElB,yBAAwB;SAExB,OAAM;;KAGV;;AAGJ,SAAO,KAAK;;CAEd,AAAU,uBAAuB,cAA4B,wBAA6D;EACxH,MAAM,iBAAiB,2BAA2B,SAAY,KAAK,kBAAkB;AAErF,UAAQ,gBAAR;GACE,KAAK;AACH,QAAI,CAAC,eAAe,CAClB,QAAO,KAAK,uBAAuB,cAAc,gBAAgB;AAEnE,WAAO,KAAK,6BAA6B;GAE3C,KAAK,gBACH,KAAI,eAAe,CACjB,QAAO,KAAK,6BAA6B;QACpC;IAEL,MAAM,QAAQ,IAAI,MADH,KAAK,sBAAsB,aAAa,QAAQ,CAAC,CACpB;AAC5C,UAAM,UAAU,UAAU;AACxB,uBAAkB,YAAY;MAY5B,MAAM,eAAe,MAAM;MAC3B,MAAM,SAAS,MAAMC,UAAuB;MAC5C,MAAM,cAAc,KAAK,2CAA2C,OAAO;MAC3E,MAAM,EAAE,WAAW,oBAAoB,oBAAoB,wBAAwB,KAAK,4BACtF,aAAa,QAAQ,EACrB,cACA,MAAM,eAAe,MACrB,YACD;AACD,YAAM,QAAQ,IAAI,CAChB,kBAAkB,aAAa,oBAAoB;OAAE,QAAQ,OAAU,KAAK;OAAK,uBAAuB;OAAM,CAAC,EAC/G,kBAAkB,KAAK,wBAAwB,oBAAoB;OAAE,QAAQ,OAAU;OAAI,uBAAuB;OAAM,CAAC,CAC1H,CAAC;AACF,UAAI,oBAAoB,SAAS,EAC/B,OAAM,QAAQ,IACZ,oBAAoB,KAAK,SAAS;OAChC,MAAM,SAAS,KAAK,sCAAsC,KAAK;AAC/D,cAAO,aAAa,MAAM;QAAE,uBAAuB;QAAM,GAAI,SAAS,EAAE,QAAQ,GAAG,EAAE;QAAG,CAAC;QACzF,CACH;AAEH,WAAK,gCAAgC,cAAc,WAAW,SAAS;OACvE;MACF;AACF,WAAO;;GAGX,KAAK,SACH,QAAO,KAAK;GAEd;AACE,QAAI,mBAAmB,KACrB,QAAO,uBAAuB;aACrB,OAAO,mBAAmB,YAAY,aAAa,gBAAgB;AAC5E,SAAI,KAAK,oBAAoB,IAAI,eAAe,CAAE,QAAO,KAAK,oBAAoB,IAAI,eAAe;KAGrG,MAAM,sBAAsB,qCAAqC,eAAe,SAAS,gBAAgB;AACzG,SAAI,qBAAqB;MACvB,MAAM,WAAW,wCAAwC,oBAAoB;AAC7E,UAAI,YAAY,MAAM;OACpB,MAAM,aAAa,IAAI,MAAmB;QACxC,aAAa,SAAS;QACtB,cAAc,SAAS;QACxB,CAAC;AACF,YAAK,oBAAoB,IAAI,gBAAgB,WAAW;AACxD,cAAO;;;KAKX,MAAM,kBAAkB,qCAAqC,eAAe,SAAS,eAAe;AACpG,SAAI,iBAAiB;MACnB,IAAI;AACJ,UAAI;AACF,gBAAS,KAAK,MAAM,gBAAgB;AACpC,WAAI,OAAO,WAAW,SAAU,OAAM,IAAI,MAAM,4CAA4C;AAC5F,WAAI,WAAW,KAAM,OAAM,IAAI,MAAM,uCAAuC;eACrE,GAAG;AACV,aAAM,IAAI,MAAM,gCAAgC,EAAE,OAAO,GAAG,CAAC;;AAE/D,aAAO,KAAK,uBAAuB,cAAc;OAC/C,aAAa,OAAO,eAAe;OACnC,cAAc,OAAO,gBAAgB;OACtC,CAAC;;KAIJ,MAAM,eAAe,qCAAqC,eAAe,SAAS,SAAS;KAC3F,MAAM,SAAS,OAAO,YAAY,gBAAgB,GAAG;KACrD,MAAM,MAAM,IAAI,MAAmB,KAAK,sBAAsB,OAAO,CAAC;AACtE,UAAK,oBAAoB,IAAI,gBAAgB,IAAI;AACjD,YAAO;eACE,iBAAiB,kBAAkB,kBAAkB,eAC9D,QAAO,IAAI,MAAmB;KAC5B,cAAc,eAAe;KAC7B,aAAa,eAAe;KAC7B,CAAC;AAGJ,UAAM,IAAI,MAAM,uBAAuB,iBAAiB;;;CAK9D,AAAU,eAAe,wBAA6D;AACpF,MAAI,CAAC,eAAe,CAClB,QAAO,KAAK,uBAAuB,IAAI,oBAAoB,CAAC,EAAE,uBAAuB;AAEvF,gBAAc;EACd,MAAM,eAAe,2BAA2B;AAEhD,SADmB,KAAK,uBAAuB,cAAc,uBAAuB;;CAatF,AAAU,0BAA0B,YAAiD;EACnF,MAAM,WAAW,WAAW,KAAK;EACjC,MAAM,aAAa,gBAAgB,oBAAoB,SAAS;EAChE,MAAM,WAAW,aAAa,KAAK,mCAAmC,IAAI,WAAW,EAAE,IAAI,WAAW,GAAG;AACzG,MAAI,SAAU,QAAO;EAErB,MAAM,UAAU,KAAK,WAAW,cAAc;GAC5C,cAAc,SAAS;GACvB,aAAa,SAAS;GACvB,CAAC;AACF,UAAQ,qBAAqB,mBAAmB;AAC9C,cAAW,QAAQ,SAAS;IAC1B,GAAG;IACH,aAAa,gBAAgB,SAAS;IACvC,EAAE;IACH;AACF,UAAQ,mBAAmB;AACzB,cAAW,QAAQ,SAAS;IAC1B,GAAG;IACH,aAAa;IACb,cAAc;IACf,EAAE;IACH;EAEF,IAAI,uBAAuB,KAAK,mCAAmC,IAAI,WAAW,oBAAI,IAAI,KAAK;AAC/F,OAAK,mCAAmC,IAAI,YAAY,qBAAqB;AAC7E,uBAAqB,IAAI,YAAY,QAAQ;AAC7C,SAAO;;CAGT,MAAgB,YAAY,wBAAmE;EAC7F,MAAM,aAAa,KAAK,uBAAuB,MAAM,KAAK,oBAAoB,uBAAuB,EAAE,uBAAuB;AAE9H,SADgB,KAAK,0BAA0B,WAAW;;CAI5D,AAAU,YAAY,wBAA0D;EAC9E,MAAM,aAAa,KAAK,eAAe,uBAAuB;EAC9D,MAAM,YAAY,aAAa,OAAmB;AAChD,UAAO,wBAAwB;IAC7B;IACA,kBAAkB,KAAK,0BAA0B,WAAW;IAC5D,oBAAoB;IACrB,CAAC;KACD,CAAC,WAAW,CAAC;EAChB,MAAM,cAAc,kBAAkB,KAAK,0BAA0B,WAAW,EAAE,CAAC,WAAW,CAAC;AAC/F,SAAO,MAAM,qBAAqB,WAAW,aAAa,YAAY;;CAGxE,MAAgB,2BAA2B,QAA8D;AACvG,MAAI,EAAE,iBAAiB,WAAW,EAAE,kBAAkB,QACpD,OAAM,IAAI,oBAAoB,kDAAkD,EAAE,QAAQ,CAAC;EAE7F,MAAM,aAAa,KAAK,uBAAuB,MAAM,KAAK,qBAAqB,CAAC;AAChF,aAAW,IAAI,OAAO;EAItB,MAAM,aAAa,KAAK,0BAA0B,WAAW;AAC7D,OAAK,kBAAkB,UAAU,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,GAAG;;CAG9E,AAAU,yBAAyB,wBAAkF;AACnH,UAAQ,2BAA2B,SAAY,yBAAyB,KAAK,qBAAqB;;CAGpG,AAAU,4BAA4B,wBAA0F;AAC9H,MAAI,CAAC,KAAK,yBAAyB,uBAAuB,CACxD,OAAM,IAAI,MAAM,wVAAwV;;CAI5W,AAAU,qBAAwD;AAChE,SAAO,KAAK,cAAc;;CAG5B,AAAU,yBAAoE;AAC5E,MAAI,CAAC,KAAK,oBAAoB,CAC5B,OAAM,IAAI,MAAM,oFAAoF;;CAIxG,AAAU,uBAAuB,MAAqD;AACpF,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,QAAQ;IACN,eAAe,KAAK,OAAO;IAC3B,mBAAmB,KAAK,OAAO;IAC/B,kBAAkB,KAAK,OAAO;IAC9B,gBAAgB,KAAK,OAAO;IAC5B,2BAA2B,KAAK,OAAO;IACvC,2BAA2B,KAAK,OAAO;IACvC,kBAAkB,KAAK,OAAO;IAC9B,kBAAkB,KAAK,OAAO;IAC9B,gBAAgB,KAAK,OAAO,wBAAwB,KAAK,OAAO,EAC9D,IAAI,EAAE,IACP,EAAE;IACJ;GACF;;CAGH,AAAU,0BAA0B,MAAwG;AAC1I,SAAO,EACL,IAAI,KAAK,IACV;;CAGH,AAAU,wBAAwB,MAA0D;AAC1F,SAAO;GACL,IAAI,KAAK;GACT,aAAa;IACX,aAAa,KAAK;IAClB,iBAAiB,KAAK;IACvB;GACF;;CAGH,AAAU,kCAAkC,SAA0B,MAAgE;AACpI,SAAO;GACL,IAAI,KAAK;GACT,gBAAgB,KAAK;GACrB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,QAAQ,YAAY;AAClB,UAAM,KAAK,WAAW,qBAAqB,KAAK,IAAI,KAAK,SAAS,QAAQ;AAC1E,UAAM,KAAK,sBAAsB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;;GAEpE;;CAGH,AAAU,sCAAsC,SAA0B,MAAoE;EAC5I,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,gBAAgB,KAAK;GACrB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,QAAQ,YAAY;AAClB,UAAM,IAAI,WAAW,yBAAyB,KAAK,IAAI,QAAQ;AAC/D,UAAM,QAAQ,IAAI;KAChB,IAAI,iCAAiC,QAAQ,CAAC,QAAQ,CAAC;KACvD,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;KAC7C,IAAI,sBAAsB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;KAC3D,CAAC;;GAEL;;CAGH,AAAU,oBACR,MACyG;AACzG,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,WAAW,KAAK,oBAAoB,IAAI,KAAK,KAAK,kBAAkB,GAAG;GACvE,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,2BAA2B,GAAG;GACjG,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,GAAI,KAAK,SAAS,SAAS;IAAE,MAAM;IAAQ,QAAQ,KAAK;IAAS,GAAG;IAAE,MAAM;IAAQ,QAAQ,KAAK;IAAS;GAC1G,OAAO,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,EACnD,UAAU,KAAK,MAAM,WACtB;GACD,SAAS,WAAY;AACnB,WAAO,KAAK,YAAY,KAAK;;GAE/B,YAAY,WAAY;AACtB,QAAI,KAAK,kBACP,QAAO;AAET,QAAI,KAAK,aAAa,KAAK,4BAAY,IAAI,MAAM,CAC/C,QAAO;AAET,WAAO;;GAEV;;CAQH,AAAU,sBAAsB,SAA0B,MAA2N;AACnR,SAAO;GACL,GAAG,KAAK,oBAAoB,KAAK;GACjC,MAAM,SAAS;AACb,UAAM,KAAK,OAAO,EAAE,SAAS,MAAM,CAAC;;GAEtC,QAAQ,OAAO,YAAiC;AAC9C,UAAM,KAAK,WAAW,oBAAoB,KAAK,SAAS,SAAS,EAAE,SAAS,KAAK,SAAS,GAAG,EAAE,SAAS,KAAK,SAAS,EAAE,KAAK,IAAI,SAAS,SAAS,SAAS;AAC5J,QAAI,KAAK,SAAS,OAChB,OAAM,KAAK,kBAAkB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;QAE7D,OAAM,KAAK,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;;GAGpD;;CAGH,AAAU,oBAAoB,MAAmC,SAAgC;EAC/F,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,iBAAiB,KAAK;GACtB,gBAAgB,KAAK;GACrB,wBAAwB,KAAK;GAC7B,GAAG,KAAK,gBAAgB,KAAK,IAAI,QAAQ,QAAQ;GACjD,MAAM,WAAW,SAAkD;AACjE,UAAM,IAAI,WAAW,mBAAmB;KACtC,QAAQ,KAAK;KACb,OAAO,QAAQ;KACf;KACA,aAAa,QAAQ,eAAe,qBAAqB,IAAI,KAAK,gBAAgB,cAAc;KACjG,CAAC;AACF,UAAM,IAAI,sBAAsB,QAAQ,CAAC,SAAS,KAAK,GAAG,CAAC;;GAE7D,MAAM,YAAY;AAEhB,WADe,OAAO,QAAQ,MAAM,IAAI,yBAAyB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CAC/F,KAAK,SAAS,IAAI,wBAAwB,KAAK,CAAC;;GAEhE,WAAW;AAET,WADe,cAAc,IAAI,0BAA0B,CAAC,SAAS,KAAK,GAAG,EAAW,kBAAkB,CAC5F,KAAK,SAAS,IAAI,wBAAwB,KAAK,CAAC;;GAEhE,MAAM,kBAAkB;AAEtB,WADe,OAAO,QAAQ,MAAM,IAAI,sBAAsB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CAC5F,KAAK,SAAS,IAAI,kCAAkC,SAAS,KAAK,CAAC;;GAEnF,iBAAiB;AAEf,WADe,cAAc,IAAI,uBAAuB,CAAC,SAAS,KAAK,GAAG,EAAW,wBAAwB,CAC/F,KAAK,SAAS,IAAI,kCAAkC,SAAS,KAAK,CAAC;;GAEnF,MAAM,OAAO,MAAyB;AACpC,UAAM,IAAI,WAAW,WAAW;KAAE,MAAM,wBAAwB,KAAK;KAAE,QAAQ,KAAK;KAAI,EAAE,QAAQ;AAClG,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;;GAErD,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,WAAW,KAAK,IAAI,QAAQ;AACjD,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;;GAGrD,aAAa;AAEX,WADe,cAAc,IAAI,mBAAmB,CAAC,SAAS,KAAK,GAAG,EAAW,oBAAoB,CACvF,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGvE,MAAM,cAAc;AAElB,WADgB,OAAO,QAAQ,MAAM,IAAI,kBAAkB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CACxF,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGxE,MAAM,aAAa,SAAwC;IACzD,MAAM,SAAS,MAAM,IAAI,WAAW,oBAClC,MAAM,4BAA4B,QAAQ,KAAK,IAAI,QAAQ,EAC3D,SACA,SACD;AACD,UAAM,IAAI,kBAAkB,QAAQ,CAAC,SAAS,KAAK,GAAG,CAAC;AACvD,WAAO,IAAI,sBAAsB,SAAS,OAAO;;GAEpD;;CAGH,AAAU,8BAA8B,MAA6C,SAA0C;EAC7H,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,OAAO,KAAK;GACZ,MAAM,KAAK;GACX,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,aAAa,KAAK;GAElB,MAAM,sBAAsB,SAAoC;AAC9D,UAAM,IAAI,WAAW,+CACnB,KAAK,IACL,SAAS,eAAe,qBAAqB,IAAI,KAAK,mBAAmB,cAAc,EACvF,QACD;;GAEH,MAAM,OAAO,MAAmC;AAC9C,UAAM,IAAI,WAAW,2BAA2B,KAAK,IAAI,kCAAkC,KAAK,EAAE,QAAQ;AAC1G,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;;GAE1D,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,2BAA2B,KAAK,IAAI,QAAQ;AACjE,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;;GAE3D;;CAEH,AAAU,oCAAoC,MAAoD,SAAgD;EAChJ,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,MAAM,KAAK;GACX,SAAS,KAAK;GACd,YAAY,KAAK;GAEjB,MAAM,WAAW,SAAkB;AACjC,UAAM,IAAI,WAAW,wBAAwB,KAAK,0BAA0B,SAAS,QAAQ;AAC7F,UAAM,IAAI,6BAA6B,QAAQ,CAAC,QAAQ,CAAC;;GAE5D;;CAEH,AAAU,6BAA6B,MAA2C,SAAyC;EACzH,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,MAAM,KAAK;GACX,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,wBAAwB,KAAK;GAE7B,MAAM,OAAO,MAEV;AACD,QAAI;AACF,WAAM,IAAI,WAAW,oBACnB,KAAK,SACL,KAAK,IACL;MACE,eAAe,KAAK;MACpB,0BAA0B,KAAK;MAChC,EACD,QACD;AACD,WAAM,QAAQ,IAAI,CAChB,IAAI,gCAAgC,QAAQ,CAAC,QAAQ,CAAC,EACtD,IAAI,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC1D,CAAC;AACF,YAAO,OAAO,GAAG,OAAU;aACpB,OAAO;AACd,SAAI,YAAY,2CAA2C,WAAW,MAAM,CAC1E,QAAO,OAAO,MAAM,MAAM;AAE5B,WAAM;;;GAIV,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,oBAAoB,KAAK,SAAS,KAAK,IAAI,QAAQ;AACxE,UAAM,QAAQ,IAAI,CAChB,IAAI,gCAAgC,QAAQ,CAAC,QAAQ,CAAC,EACtD,IAAI,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC1D,CAAC;;GAEL;;CAGH,AAAU,oBAAoB,MAAwC;AAEpE,SAAO;GACL,aAAa,KAAK;GAClB,UAAU,KAAK;GACf,qBAAqB,KAAK,IAAI,GAAG,KAAK,SAAS;GAChD;;CAGH,AAAU,8BAA8B,UAA8D;EACpG,MAAM,WAAW,SAAS,MAAM,KAAK,UAAU;GAC7C,IAAI,KAAK;GACT,UAAU,KAAK;GACf,aAAa,KAAK,QAAQ;GAC1B,cAAc,KAAK,QAAQ;GAC3B,cAAc,KAAK,QAAQ;GAC3B,WAAW,KAAK,QAAQ;GACxB,MAAM,KAAK;GACX,cAAc,KAAK,eAAe;IAChC,gBAAgB,KAAK,aAAa;IAClC,kBAAkB,KAAK,aAAa,qBAAqB,IAAI,KAAK,KAAK,aAAa,mBAAmB,GAAG;IAC1G,mBAAmB,KAAK,aAAa;IACrC,cAAc,KAAK,aAAa;IACjC,GAAG;GACJ,eAAe,KAAK,gBAAgB,KAAK,YAAY;IACnD,WAAW,OAAO;IAClB,aAAa,OAAO,QAAQ;IAC5B,QAAQ,OAAO,QAAQ;IACxB,EAAE;GACJ,EAAE;AACH,SAAO,OAAO,OAAO,UAAU,EAAE,YAAY,SAAS,WAAW,eAAe,MAAM,CAAC;;CAGzF,AAAU,8BAA8B,UAA8D;EACpG,MAAM,WAAW,SAAS,MAAM,KAAK,UAAU;GAC7C,QAAQ,KAAK;GACb,aAAa,KAAK;GAClB,kBAAkB,KAAK;GACvB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC5C,EAAE;AACH,SAAO,OAAO,OAAO,UAAU,EAAE,YAAY,SAAS,WAAW,eAAe,MAAM,CAAC;;CAGzF,AAAU,6BAA6B,UASnB;AAClB,SAAO;GACL,aAAa,SAAS;GACtB,sBAAsB,SAAS;GAChC;;CAGH,AAAU,YAAY,SAAgC;EACpD,MAAM,MAAM;AACZ,SAAO;GACL,kBAAkB;GAClB,gBAAgB;IACd,MAAM,YAAY;KAChB,MAAM,SAAS,MAAM,QAAQ,4BAA4B,KAAQ,KAAO;AACxE,YAAO;MACL,aAAa,QAAQ,YAAY,SAAS;MAC1C,cAAc,QAAQ,cAAc,SAAS;MAC9C;;IAEH,YAAY;KACV,MAAM,YAAY,aAAa,OAAmB;MAChD,MAAM,EAAE,aAAa,0BAA0B,QAAQ,aAAa,GAAG;MACvE,MAAM,EAAE,aAAa,iCAAiC,QAAQ,oBAAoB,GAAG;AACrF,mBAAa;AACX,8BAAuB;AACvB,qCAA8B;;QAE/B,CAAC,QAAQ,CAAC;KACb,MAAM,cAAc,kBAAkB;AACpC,aAAO,QAAQ,oBAAoB,GAC/B,OACA,QAAQ,8BAA8B,KAAQ,KAAO,EAAE,SAAS;QACnE,CAAC,QAAQ,CAAC;KAEb,IAAI,cAAc,MAAM,qBAAqB,WAAW,aAAa,YAAY;AACjF,SAAI,gBAAgB,QAAQ,CAAC,QAAQ,oBAAoB,CAEvD,eAAc,IAAI,QAAQ,4BAA4B,KAAQ,KAAO,CAAC,EAAE,YAAY,SAAS;AAE/F,YAAO;MACL;MACA,cAAc,QAAQ,iBAAiB,EAAE,SAAS;MACnD;;IAEJ;GACD,MAAM,iBAAyC;AAE7C,YADe,MAAM,KAAK,eAAe,WAAW,EACtC;;GAEhB,iBAAgC;AAC9B,WAAO,KAAK,eAAe,WAAW,CAAC;;GAEzC,MAAM,kBAA0C;AAE9C,YADe,MAAM,KAAK,eAAe,WAAW,EACtC;;GAEhB,kBAAiC;AAC/B,WAAO,KAAK,eAAe,WAAW,CAAC;;GAEzC,MAAM,yBAAiD;AACrD,WAAO,wCAAwC,MAAM,KAAK,aAAa,CAAC;;GAE1E,yBAAwC;AACtC,WAAO,wCAAwC,KAAK,aAAa,CAAC;;GAEpE,MAAM,iBAAsD;AAC1D,WAAO,EACL,gBAAgB,KAAK,UAAU,MAAM,KAAK,aAAa,CAAC,EACzD;;GAEH,iBAA6C;AAC3C,WAAO,EACL,gBAAgB,KAAK,UAAU,KAAK,aAAa,CAAC,EACnD;;GAEH,MAAM,cAAoF;AAExF,WADe,MAAM,KAAK,eAAe,WAAW;;GAGtD,cAA2E;AACzE,WAAO,KAAK,eAAe,WAAW;;GAExC,QAAQ,SAA0C;AAChD,WAAO,IAAI,SAAS,SAAS,QAAQ;;GAExC;;CAGH,AAAU,6BAA6B,MAAgD,SAAqD;EAC1I,MAAM,MAAM;AACZ,SAAO;GACL,aAAa,KAAK;GAClB,iBAAiB,KAAK;GACtB,MAAM,OAAO,QAA4D;AACvE,UAAM,IAAI,WAAW,wBAAwB;KAC3C,QAAQ,KAAK;KACb,QAAQ,KAAK;KACb,SAAS;MACP,cAAc,OAAO;MACrB,mBAAmB,OAAO;MAC3B;KACF,EAAE,QAAQ;AACX,UAAM,IAAI,6BAA6B,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;;GAE1E;;CAGH,AAAU,gBAAgB,MAA8F;AACtH,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,cAAc,KAAK;GACnB,sBAAsB,KAAK;GAC3B,iBAAiB,KAAK;GACtB,YAAY,IAAI,KAAK,KAAK,oBAAoB;GAC9C,gBAAgB,KAAK;GACrB,wBAAwB,KAAK;GAC7B,aAAa,KAAK;GAClB,kBAAkB,KAAK;GACvB,gBAAgB,KAAK;GACrB,gBAAgB,KAAK;GACrB,oBAAoB,KAAK;GACzB,uBAAuB,KAAK;GAC5B,aAAa,KAAK;GAClB,cAAc,KAAK;GACnB,kBAAkB,KAAK;GACvB,eAAkD;AAChD,WAAO;;GAEV;;CAGH,AAAU,4BAA4B,MAAsD,SAAqC;EAC/H,MAAM,MAAM;EAQZ,eAAe,oBACb,aACA,SAC6D;GAC7D,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAGlD,OAAI,OAAO,gBAAgB,YAAY,cAAc,eAAe,uBAAuB,aAAa;IACtG,MAAM,EAAE,UAAU,sBAAsB;IAGxC,MAAM,QADoB,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACzF,MAC9B,MAAK,EAAE,aAAa,YAAY,EAAE,sBAAsB,kBACzD;AACD,QAAI,CAAC,MACH,QAAO;AAET,WAAO;;AAIT,UAAO,OAAO,QAAQ,MAAM,IAAI,iCAAiC,UAAU;IAAC;IAAS;IAAa;IAAa,SAAS,OAAO;IAAW,EAAE,aAAa,CAAC;;EAU5J,SAAS,oBACP,aACA,SACoD;GACpD,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAGlD,OAAI,OAAO,gBAAgB,YAAY,cAAc,eAAe,uBAAuB,aAAa;IACtG,MAAM,EAAE,UAAU,sBAAsB;AAUxC,WAR0B,cACxB,IAAI,oCACJ,CAAC,QAAQ,EACT,6BACD,CAC+B,MAC9B,MAAK,EAAE,aAAa,YAAY,EAAE,sBAAsB,kBACzD,IACe;;AAIlB,UAAO,cAAc,IAAI,kCAAkC;IAAC;IAAS;IAAa;IAAa,SAAS,OAAO;IAAW,EAAW,6BAA6B;;AAEpK,SAAO;GACL,MAAM,oBAAoB;AAExB,YADiB,MAAM,IAAI,WAAW,aAAa,QAAQ,EAC3C,MAAM,KAAK,SAAS,IAAI,uBAAuB,KAAK,CAAC;;GAEvE,MAAM,cAAc,WAAmB;AACrC,UAAM,IAAI,WAAW,cAAc,WAAW,QAAQ;;GAExD,eAAe,aAA4B;AACzC,WAAO,KAAK,OAAO,EAAE,aAAa,CAAC;;GAErC,kBAAkB,UAA+B;AAC/C,WAAO,KAAK,OAAO,EAAE,gBAAgB,UAAU,CAAC;;GAElD,MAAM,gBAAgB,MAA4B;AAChD,UAAM,KAAK,OAAO,EAAE,gBAAgB,OAAO,SAAS,WAAW,OAAO,MAAM,MAAM,MAAM,CAAC;;GAE3F;GACA;GACA,MAAM,wBAAwB;AAC5B,WAAO,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;;GAExG,uBAAuB;AACrB,WAAO,cAAc,IAAI,oCAAoC,CAAC,QAAQ,EAAW,8BAA8B;;GAEjH,MAAM,qBAAqB,UAAkB,SAAiC;IAC5E,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,WAAW,MAAM,8BACrB,IAAI,YACJ;KACE;KACA,aAAa,IAAI,KAAK;KACtB,kBAAkB,IAAI,KAAK;KAC3B,eAAe,kBAAkB,cAAc,IAAI,qBAAqB,aAA6B,EAAE,EAAE,KAAK,IAAI,CAAC;KACpH,EACD,QACD;AACD,UAAM,IAAI,YAAY,EAAE,KAAK,UAAU,CAAC;AACxC,WAAO,MAAM,cAAc;;GAE7B,MAAM,0BAA0B,UAAkB,SAAiC;IAEjF,MAAM,mBADoB,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC9E,QAAO,MAAK,EAAE,aAAa,SAAS;AAE/E,SAAK,MAAM,WAAW,iBAEpB,MADoB,MAAM,QAAQ,eAAe,EAAE,QAAQ,SAAS,QAAQ,CAAC,EAC7D,WAAW,KACzB,QAAO;AAKX,UAAM,KAAK,qBAAqB,UAAU,QAAQ;AAClD,WAAO,MAAM,cAAc;;GAE7B,0BAA0B,UAAkB,SAAkD;IAC5F,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAClD,WAAO,cAAc,IAAI,mDAAmD;KAAC;KAAS;KAAU;KAAY,EAAW,mCAAmC;;GAE5J,MAAM,QAAQ,QAAgB;AAE5B,YADc,MAAM,KAAK,WAAW,EACvB,MAAM,MAAM,EAAE,OAAO,OAAO,IAAI;;GAE/C,QAAQ,QAAgB;IACtB,MAAM,QAAQ,KAAK,UAAU;AAC7B,WAAO,cAAc;AACnB,YAAO,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO,IAAI;OAC5C,CAAC,OAAO,OAAO,CAAC;;GAErB,MAAM,YAAY;AAEhB,WADc,OAAO,QAAQ,MAAM,IAAI,uBAAuB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACpF,KAAK,SAAS,IAAI,oBAAoB,MAAM,QAAQ,CAAC;;GAEpE,WAAW;IACT,MAAM,QAAQ,cAAc,IAAI,wBAAwB,CAAC,QAAQ,EAAE,kBAAkB;AACrF,WAAO,cAAc,MAAM,KAAK,SAAS,IAAI,oBAAoB,MAAM,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC;;GAE5F,MAAM,WAAW,MAAyB;IACxC,MAAM,OAAO,MAAM,IAAI,WAAW,iBAAiB,wBAAwB,MAAM,KAAK,EAAE,QAAQ;AAChG,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;AACnD,UAAM,KAAK,OAAO,EAAE,gBAAgB,KAAK,IAAI,CAAC;AAC9C,WAAO,IAAI,oBAAoB,MAAM,QAAQ;;GAE/C,MAAM,UAAU,MAAY;AAC1B,UAAM,IAAI,WAAW,UAAU,KAAK,IAAI,QAAQ;;GAGlD,MAAM,sBAAsB;AAE1B,WADoB,OAAO,QAAQ,MAAM,IAAI,iCAAiC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC9F,KAAK,SAAS,IAAI,sCAAsC,SAAS,KAAK,CAAC;;GAE5F,qBAAqB;IACnB,MAAM,cAAc,cAAc,IAAI,kCAAkC,CAAC,QAAQ,EAAE,4BAA4B;AAC/G,WAAO,cAAc,YAAY,KAAK,SAAS,IAAI,sCAAsC,SAAS,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;;GAE1H,MAAM,gBAAgB,gBAAiD,SAA8D;AACnI,QAAI,kBAAkB,QAAQ,gBAAgB;KAC5C,MAAM,QAAQ;KACd,MAAM,YAAY,SAAS,aAAa;AAExC,YADoB,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU;MAAC;MAAS,MAAM;MAAI;MAAU,EAAE,aAAa,CAAC,CAC/G,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC;WAChE;KAEL,MAAM,YADO,gBACW,aAAa;AAErC,YADoB,OAAO,QAAQ,MAAM,IAAI,oCAAoC,UAAU,CAAC,SAAS,UAAU,EAAE,aAAa,CAAC,CAC5G,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC;;;GAGzE,eAAe,gBAAiD,SAAqD;AACnH,QAAI,kBAAkB,QAAQ,gBAAgB;KAC5C,MAAM,QAAQ;KACd,MAAM,YAAY,SAAS,aAAa;KACxC,MAAM,cAAc,cAAc,IAAI,8BAA8B;MAAC;MAAS,MAAM;MAAI;MAAU,EAAW,wBAAwB;AACrI,YAAO,cAAc,YAAY,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;WAC9F;KAEL,MAAM,YADO,gBACW,aAAa;KACrC,MAAM,cAAc,cAAc,IAAI,qCAAqC,CAAC,SAAS,UAAU,EAAW,wBAAwB;AAClI,YAAO,cAAc,YAAY,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;;;GAGvG,cAAc,qBAAoC,cAA8C;AAC9F,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;KACd,MAAM,cAAc,KAAK,eAAe,MAAM;AAC9C,YAAO,cAAc,YAAY,MAAM,MAAM,EAAE,OAAO,aAAa,IAAI,MAAM,CAAC,aAAa,aAAa,CAAC;WACpG;KACL,MAAM,MAAM;KACZ,MAAM,cAAc,KAAK,gBAAgB;AACzC,YAAO,cAAc,YAAY,MAAM,MAAM,EAAE,OAAO,IAAI,IAAI,MAAM,CAAC,aAAa,IAAI,CAAC;;;GAG3F,MAAM,cAAc,qBAAoC,cAAuD;AAC7G,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;AAEd,aADoB,MAAM,KAAK,gBAAgB,MAAM,EAClC,MAAM,MAAM,EAAE,OAAO,aAAa,IAAI;WACpD;KACL,MAAM,MAAM;AAEZ,aADoB,MAAM,KAAK,iBAAiB,EAC7B,MAAM,MAAM,EAAE,OAAO,IAAI,IAAI;;;GAGpD,MAAM,cAAc,qBAAoC,cAAyC;AAC/F,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;AACd,YAAQ,MAAM,KAAK,cAAc,OAAO,aAAuB,KAAM;WAChE;KACL,MAAM,MAAM;AACZ,YAAQ,MAAM,KAAK,cAAc,IAAI,KAAM;;;GAG/C,MAAM,OAAO,QAAQ;AACnB,WAAO,MAAM,IAAI,kBAAkB,QAAQ,QAAQ;;GAErD,MAAM,sBAAsB,SAAoC;AAC9D,QAAI,CAAC,KAAK,cACR,OAAM,IAAI,oBAAoB,qCAAqC;AAErE,WAAO,MAAM,IAAI,WAAW,sBAC1B,KAAK,eACL,SAAS,eAAe,qBAAqB,IAAI,KAAK,mBAAmB,cAAc,EACvF,QACD;;GAEH,MAAM,eAAe,SAAuD;IAC1E,MAAM,SAAS,MAAM,IAAI,WAAW,eAAe,SAAS,QAAQ;AACpE,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO;;GAET,MAAM,YAAY,SAA+B;IAC/C,MAAM,SAAS,MAAM,IAAI,WAAW,YAAY,SAAS,QAAQ;AACjE,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO;;GAET,cAAc,KAAK,iBAAiB,KAAK,oBAAoB,KAAK,eAAe,QAAQ;GACzF,MAAM,eAAe,MAAY;IAC/B,MAAM,SAAS,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC;AACjH,WAAO,IAAI,6BAA6B,QAAQ,QAAQ;;GAE1D,eAAe,MAAY;IACzB,MAAM,SAAS,cAAc,IAAI,8BAA8B,CAAC,SAAS,KAAK,GAAG,EAAW,wBAAwB;AACpH,WAAO,IAAI,6BAA6B,QAAQ,QAAQ;;GAE1D,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,kBAAkB,QAAQ;AAC/C,YAAQ,aAAa;;GAEvB,MAAM,sBAAsB;AAE1B,WADe,OAAO,QAAQ,MAAM,IAAI,4BAA4B,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACzF,KAAK,SAAS,IAAI,8BAA8B,MAAM,QAAQ,CAAC;;GAE/E,qBAAqB;AAEnB,WADe,cAAc,IAAI,6BAA6B,CAAC,QAAQ,EAAW,4BAA4B,CAChG,KAAK,SAAS,IAAI,8BAA8B,MAAM,QAAQ,CAAC;;GAE/E,MAAM,qBAAqB,MAAmC;IAC5D,MAAM,OAAO,MAAM,IAAI,WAAW,2BAA2B,kCAAkC,MAAM,KAAK,EAAE,QAAQ;AACpH,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;AACxD,WAAO,IAAI,8BAA8B,MAAM,QAAQ;;GAEzD,4BAA4B;AAE1B,WADgB,cAAc,IAAI,8BAA8B,CAAC,QAAQ,EAAW,mCAAmC,CACxG,KAAK,SAAS,IAAI,oCAAoC,MAAM,QAAQ,CAAC;;GAEtF,MAAM,6BAA6B;AAEjC,WADgB,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC1F,KAAK,SAAS,IAAI,oCAAoC,MAAM,QAAQ,CAAC;;GAEtF,aAAa;AAEX,WADe,cAAc,IAAI,mBAAmB,CAAC,QAAQ,EAAW,oBAAoB,CAC9E,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGvE,MAAM,cAAc;AAElB,YADgB,MAAM,IAAI,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,SAAS,SAAS,EAC9E,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGxE,MAAM,aAAa,SAAwC;IACzD,MAAM,SAAS,MAAM,IAAI,WAAW,oBAClC,MAAM,4BAA4B,QAAQ,MAAM,QAAQ,EACxD,SACA,SACD;AACD,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO,IAAI,sBAAsB,SAAS,OAAO;;GAGnD,oBAAoB;AAElB,WADgB,cAAc,IAAI,iCAAiC,CAAC,QAAQ,EAAW,2BAA2B,CACnG,KAAK,SAAS,IAAI,6BAA6B,MAAM,QAAQ,CAAC;;GAG/E,MAAM,qBAAqB;AAEzB,WADgB,OAAO,QAAQ,MAAM,IAAI,gCAAgC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC7F,KAAK,SAAS,IAAI,6BAA6B,MAAM,QAAQ,CAAC;;GAG/E,iBAAiB,IAAY;IAC3B,MAAM,YAAY,KAAK,mBAAmB;AAC1C,WAAO,cAAc,UAAU,MAAM,MAAM,EAAE,OAAO,GAAG,IAAI,MAAM,CAAC,WAAW,GAAG,CAAC;;GAGnF,MAAM,iBAAiB,IAAY;AAEjC,YADkB,MAAM,KAAK,oBAAoB,EAChC,MAAM,MAAM,EAAE,OAAO,GAAG,IAAI;;GAG/C,MAAM,gBAAgB,SAA6I;IACjK,MAAM,YAAY,MAAM,IAAI,gBAAgB,GAAG;AAC/C,QAAI,CAAC,SACH,OAAM,IAAI,oBAAoB,6EAA6E;IAG7G,MAAM,mBAAmB,MAAM,IAAI,WAAW,4BAA4B,EAAE,EAAE,QAAQ;AAEtF,QAAI,iBAAiB,WAAW,KAC9B,QAAO,OAAO,MAAM,IAAI,YAAY,0BAA0B,4DAA4D,CAAC;IAG7H,MAAM,EAAE,cAAc,SAAS,iBAAiB;AAGhD,QAAI,aAAa,GAAG,OAAO,0CACzB,OAAM,IAAI,oBAAoB,oEAAoE,aAAa,GAAG,KAAK;AAGzH,iBAAa,GAAG,KAAK;IAErB,IAAI;AACJ,QAAI;AACF,eAAU,MAAM,kBAAkB,EAAE,aAAa,cAAc,CAAC;aACzD,OAAY;AACnB,SAAI,iBAAiB,cACnB,QAAO,OAAO,MAAM,IAAI,YAAY,qBAAqB,MAAM,SAAS,MAAM,KAAK,CAAC;UAC/E;AAEL,mBAAa,+BAA+B,MAAM;AAClD,aAAO,OAAO,MAAM,IAAI,YAAY,0BAA0B,4DAA4D,CAAC;;;IAK/H,MAAM,qBAAqB,MAAM,IAAI,WAAW,gBAAgB;KAAE,YAAY;KAAS;KAAM,EAAE,QAAQ;AAEvG,UAAM,IAAI,aAAa,QAAQ;AAC/B,WAAO;;GAEV;;CAGH,AAAU,yBAAyB,SAA6C;EAC9E,MAAM,MAAM;AACZ,OAAK,wBAAwB;AAC7B,SAAO;GACL,cAAc,YAAiF;AAC7F,WAAO,IAAI,eAAe,SAAS,WAAW;;GAEhD,MAAM,gBAAgB,qBAA6B,WAAkC;AACnF,UAAM,IAAI,WAAW,gBAAgB,SAAS,qBAAqB,UAAU;AAC7E,UAAM,IAAI,iBAAiB;;GAE7B,oBAAoB;AAClB,WAAO,IAAI,mBAAmB,QAAQ;;GAExC,mBAAmB;AACjB,WAAO,IAAI,kBAAkB,QAAQ;;GAExC;;CAGH,AAAU,gBAAgB,gBAAwB,MAAuB,SAAuD;EAC9H,MAAM,MAAM;EACZ,MAAM,mBAAmB,WAAW,IAAI,WAAW,cAAc,EAAE,cAAc,MAAM,CAAC;EACxF,MAAM,kBAAkB,SAAS,SAAS,EAAE,QAAQ,gBAAgB,GAAG,EAAE,QAAQ,gBAAgB;AACjG,SAAO;GACL,MAAM,aAAa;IACjB,MAAM,WAAW,OAAO,QAAQ,MAAM,IAAI,sBAAsB,UAAU;KAAC;KAAkB;KAAM;KAAe,EAAE,aAAa,CAAC;AAClI,WAAO,IAAI,6BAA6B,SAAS;;GAEnD,aAAa;IACX,MAAM,WAAW,cAAc,IAAI,uBAAuB;KAAC;KAAkB;KAAM;KAAe,EAAW,wBAAwB;AACrI,WAAO,IAAI,6BAA6B,SAAS;;GAEnD,MAAM,iCAA4E;IAChF,MAAM,OAAO,MAAM,IAAI,WAAW,uCAAuC,MAAM,gBAAgB,iBAAiB;AAChH,WAAO;KACL,cAAc,KAAK;KACnB,iBAAiB,KAAK;KACvB;;GAEH,MAAM,uCAAuC,eAA8D;IACzG,MAAM,OAAO,MAAM,IAAI,WAAW,+CAA+C,MAAM,gBAAgB,eAAe,iBAAiB;AACvI,UAAM,IAAI,sBAAsB,QAAQ;KAAC;KAAkB;KAAM;KAAe,CAAC;AACjF,WAAO,KAAK;;GAEd,MAAM,QAAQ,QAAgB;AAC5B,WAAO,MAAM,IAAI,QAAQ;KAAE;KAAQ,GAAG;KAAiB,CAAC;;GAE1D,QAAQ,QAAgB;AACtB,WAAO,IAAI,QAAQ;KAAE;KAAQ,GAAG;KAAiB,CAAC;;GAEpD,MAAM,aAAa,SAAuC;AACxD,WAAO,MAAM,IAAI,aAAa;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAEnE,YAAY,SAAuC;AACjD,WAAO,IAAI,YAAY;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAE5D,MAAM,aAAa,SAAuC;AACxD,WAAO,MAAM,IAAI,aAAa;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAEnE,YAAY,SAAuC;AACjD,WAAO,IAAI,YAAY;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAE5D,MAAM,kBAAkB,SAAoD;AAC1E,WAAO,MAAM,IAAI,WAAW,kBAAkB,MAAM,gBAAgB,QAAQ,WAAW,kBAAkB,QAAQ,WAAW,SAAS;;GAEvI,MAAM,mBAAmB,SAA8F;AACrH,UAAM,IAAI,WAAW,mBAAmB;KACtC,eAAe;KACf,aAAa;KACb,iBAAiB,QAAQ;KACzB,eAAe,QAAQ;KACvB,UAAU,QAAQ;KAClB,UAAU,QAAQ;KACnB,EAAE,iBAAiB;AACpB,UAAM,IAAI,sBAAsB,QAAQ;KAAC;KAAkB;KAAM;KAAe,CAAC;AACjF,QAAI,SAAS,OACX,OAAM,IAAI,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,oBAAoB,WAAW,eAAe;QAE1I,OAAM,IAAI,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,oBAAoB,WAAW,eAAe;;GAG/I;;CAGH,MAAM,QAAQ,SAAgJ;EAC5J,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI,YAAY,QACd,QAAO,OAAO,QAAQ,MAAM,KAAK,eAAe,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ;GAAO,EAAE,aAAa,CAAC;WAC1G,YAAY,QACrB,QAAO,OAAO,QAAQ,MAAM,KAAK,eAAe,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ;GAAO,EAAE,aAAa,CAAC;MAEnH,QAAO,OAAO,QAAQ,MAAM,KAAK,iBAAiB,UAAU;GAAC;GAAS,QAAQ;GAAkB,QAAQ;GAAO,EAAE,aAAa,CAAC;AAEjI,SAAO,KAAK,oBAAoB,KAAK;;CAGvC,QAAQ,SAAuI;EAC7I,MAAM,UAAU,KAAK,aAAa;EAClC,MAAM,CAAC,OAAO,WACZ,YAAY,UAAU,CAAC,KAAK,gBAAgB,QAAQ,OAAO,GACzD,YAAY,UAAU,CAAC,KAAK,gBAAgB,QAAQ,OAAO,GAAG,CAAC,KAAK,kBAAkB,QAAQ,iBAAiB;EACnH,MAAM,OAAO,cAAc,OAAO;GAAC;GAAS;GAAS,QAAQ;GAAO,EAAW,gBAAgB;AAC/F,SAAO,KAAK,oBAAoB,KAAK;;CAGvC,MAAM,aAAa,SAAwE;EAEzF,MAAM,WADc,MAAM,KAAK,SAAS,GACX,oBAAoB,MAAM,KAAK,aAAa;AACzE,MAAI,YAAY,SAAS;GACvB,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;aAC1C,YAAY,SAAS;GAC9B,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;;EAErD,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,qBAAqB,UAAU;GAAC;GAAS,QAAQ;GAAkB,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAAE,aAAa,CAAC;AAC5K,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,MAAM,aAAa,SAAwE;EACzF,MAAM,UAAU,MAAM,KAAK,aAAa;AACxC,MAAI,YAAY,SAAS;GACvB,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;;EAErD,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAAE,aAAa,CAAC;AAChK,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,MAAM,mBAAmB,SAAyI;EAChK,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,OAAO,MAAM,KAAK,SAAS;AACjC,MAAI,CAAC,KACH,OAAM,IAAI,YAAY,4BAA4B;EAEpD,MAAM,eAAe,YAAY,UAAU,SAAS;EACpD,MAAM,aAAa,YAAY,UAAU,QAAQ,SAAS,KAAK;AAC/D,QAAM,KAAK,WAAW,mBAAmB;GACvC,eAAe;GACf,aAAa;GACb,YAAY,QAAQ;GACpB,iBAAiB,QAAQ;GAC1B,EAAE,QAAQ;AACX,MAAI,iBAAiB,OACnB,OAAM,KAAK,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,WAAW,WAAW,WAAW;MAE9H,OAAM,KAAK,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,WAAW,WAAW,WAAW;;CAGlI,YAAY,SAA+D;EACzE,MAAM,UAAU,KAAK,aAAa;EAIlC,MAAM,WAAW,cAHH,YAAY,UAAU,KAAK,qBAAqB,YAAY,UAAU,KAAK,qBAAqB,KAAK,sBAG7E;GAAC;GADpB,YAAY,UAAU,QAAQ,SAAS,YAAY,UAAU,QAAQ,SAAS,QAAQ;GAC7C,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAFvF,0BAE6G;AAChI,SAAO,KAAK,8BAA8B,SAAS;;CAErD,YAAY,SAA+D;EACzE,MAAM,UAAU,KAAK,aAAa;EAIlC,MAAM,WAAW,cAHH,YAAY,UAAU,KAAK,qBAAqB,KAAK,oBAG7B;GAAC;GADpB,YAAY,UAAU,QAAQ,SAAS,QAAQ;GACN,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAFvF,0BAE6G;AAChI,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,AAAU,qBAAqB,MAAsD,SAAyD;AAQ5I,SAPoB,yBAAyB;GAC3C,GAAG,KAAK,gBAAgB,KAAK;GAC7B,GAAG,KAAK,YAAY,QAAQ;GAC5B,GAAG,KAAK,4BAA4B,MAAM,QAAQ;GAClD,GAAG,KAAK,oBAAoB,GAAG,KAAK,yBAAyB,QAAQ,GAAG,EAAE;GAC1E,GAAG,KAAK,gBAAgB,KAAK,IAAI,QAAQ,QAAQ;GAClD,CAAuB;;CAG1B,AAAU,uBAAuB,MAAqD;AACpF,SAAO;GACL,IAAI,KAAK;GACT,QAAQ,KAAK;GACb,WAAW,IAAI,KAAK,KAAK,WAAW;GACpC,iBAAiB,KAAK;GACtB,YAAY,KAAK,eAAe,IAAI,KAAK,KAAK,aAAa,GAAG;GAC9D,kBAAkB,KAAK,sBAAsB;GAC7C,SAAS,KAAK;GACf;;CAGH,AAAU,kBAAkB,cAAsB,SAAuE;AACvH,MAAI,CAAC,KAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,CAAC,CACpD,MAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,EAAE,IAAK,8BAA8B,sBAAsB,MAAQ;GACjH,SAAS,KAAK,WAAW,QAAQ,YAAY;GAC7C,WAAW;GACX,YAAY;GACZ,qBAAqB;GACrB,qBAAqB;GACtB,CAAC,CAAC;AAEL,SAAO,KAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,CAAC;;CAG1D,IAAI,YAAuB;AACzB,SAAO,KAAK,WAAW;;CAGzB,IAAI,UAAkB;AACpB,SAAO;;CAIT,AAAQ,2BAAwF;AAC9F,MAAI,CAAC,eAAe,CAAE,QAAO;EAE7B,MAAM,iBAAiB,QAAQ;AAC/B,MAAI,CAAC,gBAAgB;AACnB,OAAI,CAAC,KAAK,6BAA6B;AACrC,SAAK,8BAA8B;AACnC,YAAQ,KAAK,oJAAoJ;;AAEnK,UAAO;;AAKT,SAAO;GAAE;GAAgB,kBAFA,QAAQ,sDAAsD;GAE5C;;CAG7C,AAAQ,4BAA4B,OAAwG;AAC1I,MAAI,iBAAiB,+BACnB,QAAO;GACL,MAAM;GACN,YAAY,IAAI,YAAY,mBAAmB,kCAAkC;GAClF;AAEH,MAAI,iBAAiB,iCACnB,QAAO;GACL,MAAM;GACN,YAAY,IAAI,YAAY,mBAAmB,MAAM,QAAQ;GAC9D;AAEH,SAAO;;CAGT,AAAQ,6BAAmC,QAAkJ;AAC3L,MAAI,OAAO,WAAW,KACpB,QAAO;AAGT,MAAI,YAAY,qBAAqB,WAAW,OAAO,MAAM,EAAE;AAC7D,gBAAa,uCAAuC,OAAO,MAAM;AACjE,UAAO,OAAO,MAAM,IAAI,YAAY,mBAAmB,iDAAiD,CAAC;;AAG3G,SAAO,OAAO,MAAM,OAAO,MAAM;;CAGnC,AAAQ,8BAA8B,WAAoF;AACxH,MAAI,UAAU,YACZ,QAAO,EACL,OAAO,WACR;AAGH,SAAO;GACL,OAAO,UAAU;GACjB,OAAO,UAAU;GAClB;;CAGH,MAAc,mCAAyC,SAGO;EAC5D,MAAM,WAAW,KAAK,0BAA0B;EAChD,IAAI;AAEJ,MAAI;AACF,OAAI,SACF,UAAS,MAAM,qBAAqB;IAClC,GAAG;IACH,QAAQ,QAAQ;IAChB,SAAS,QAAQ;IACjB,sBAAsB,eAAe;AACnC,YAAO,WAAW,WAAW,WAAW,YAAY,qBAAqB,WAAW,WAAW,MAAM;;IAExG,CAAC;OAEF,UAAS,MAAM,QAAQ,QAAQ,EAAE,CAAC;WAE7B,GAAG;GACV,MAAM,cAAc,KAAK,4BAA4B,EAAE;AACvD,OAAI,YACF,QAAO,OAAO,MAAM,YAAY,WAAW;AAE7C,SAAM;;AAGR,SAAO,KAAK,6BAA6B,OAAO;;CAGlD,MAAgB,WAAW,KAA+B;AAGxD,MAAI,WAAW,IAAI,CACjB,QAAO;AAET,MAAI,OAAO,WAAW,eAAe,OAAO,SAAS,WAAW,IAAI,IAAI,IAAI,CAAC,OAC3E,QAAO;AAET,SAAO,6BAA6B;GAAE;GAAK,WAAW,KAAK;GAAW,CAAC;;CAGzE,IAAI,OAAsC;AACxC,SAAO,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC;;CAGjE,AAAU,4CAA4C;EACpD,MAAM,8BAA8B,KAAK,oBAAoB,YAAY,KAAK,oBAAoB;AAClG,MACE,CAAC,eAAe,IACb,CAAC,+BACD,KAAK,0CACL,KAAK,6CAA6C,IAAI,KAEzD;AAEF,OAAK,yCAAyC;AAC9C,oBAAkB,YAAY;AAC5B,OAAI;AACF,QAAI,CAAC,eAAe,CAClB;IAEF,MAAM,EAAE,OAAO,kBAAkB,MAAM,sBAAsB;AAC7D,SAAK,sCAAsC;KAAE;KAAO;KAAe;AACnE,SAAK,+CAA+C,YAAY,KAAK;aAC7D;AACR,SAAK,yCAAyC;;IAEhD;;CAGJ,AAAU,0CAA0C,YAAkD;EACpG,MAAM,YAAY,0CAA0C,WAAW;AACvE,MAAI,aAAa,KACf,QAAO;EAGT,MAAM,aAAa,KAAK,6CAA6C;AACrE,MAAI,cAAc,KAChB,QAAO;AAGT,OAAK,2CAA2C;AAChD,SAAO;;CAGT,MAAgB,wCAAwC,YAAoD;EAC1G,MAAM,YAAY,0CAA0C,WAAW;AACvE,MAAI,aAAa,KACf,QAAO;EAET,MAAM,aAAa,KAAK,6CAA6C;AACrE,MAAI,cAAc,KAChB,QAAO;EAET,MAAM,EAAE,OAAO,kBAAkB,MAAM,sBAAsB;AAC7D,OAAK,sCAAsC;GAAE;GAAO;GAAe;AACnE,OAAK,+CAA+C,YAAY,KAAK;AACrE,SAAO;GAAE;GAAO;GAAe;;CAGjC,AAAU,mCAA2C;AACnD,SAAO,mBAAmB;GACxB,MAAM;IACJ,GAAG,KAAK;IACR,SAAS,EAAE,MAAM,qBAAqB;IACtC,eAAe,EAAE,MAAM,qBAAqB;IAC7C;GACD,WAAW,KAAK;GACjB,CAAC,CAAC;;CAGL,MAAgB,kCAAkC,SAK9B;EAClB,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,WAAW,MAAM,KAAK,WAAW,kBACrC,sCACA;GACE,QAAQ;GACR,SAAS,EACP,gBAAgB,oBACjB;GACD,MAAM,KAAK,UAAU;IACnB,cAAc,QAAQ;IACtB,OAAO,QAAQ;IACf,gBAAgB,QAAQ;IACxB,uBAAuB;IACvB,6BAA6B,QAAQ;IACtC,CAAC;GACH,EACD,QACD;AACD,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,oBAAoB,+CAA+C,SAAS,OAAO,GAAG,MAAM,SAAS,MAAM,GAAG;EAE1H,MAAM,SAAS,MAAM,SAAS,MAAM;AACpC,MAAI,EAAE,kBAAkB,WAAW,OAAO,OAAO,iBAAiB,SAChE,OAAM,IAAI,oBAAoB,mEAAmE,EAAE,QAAQ,CAAC;AAE9G,SAAO,OAAO;;CAGhB,AAAU,8CAA+E;AACvF,MAAI,KAAK,uCAAuC,KAC9C,QAAO;AAET,MAAI,YAAY,KAAK,GAAG,KAAK,+CAA+C,mCAAmC;AAC7G,QAAK,sCAAsC;AAC3C,QAAK,+CAA+C;AACpD,UAAO;;AAET,SAAO,KAAK;;CAGd,MAAgB,iBAAiB;AAC/B,MAAI,KAAK,oBAAoB,OAC3B,QAAO;AAET,SAAO,IAAI,IAAI,OAAO,SAAS,KAAK;;CAGtC,MAAgB,YAAY,SAAmD;AAC7E,MAAI,KAAK,oBAAoB,OAC3B;WACS,KAAK,oBAAoB,oBAAoB,CAAC,eAAe,CACtE,OAAM,eAAe,SAAS;GAAE,MAAM,QAAQ,IAAI,UAAU;GAAE,SAAS,QAAQ;GAAS,CAAC;WAChF,OAAO,KAAK,oBAAoB,YAAY,KAAK,gBAAgB,SAC1E,MAAK,gBAAgB,SAAS,QAAQ,IAAI,UAAU,CAAC;WAEjD,QAAQ,QACV,QAAO,SAAS,QAAQ,QAAQ,IAAI;MAEpC,QAAO,SAAS,OAAO,QAAQ,IAAI;AAIvC,QAAM,KAAK,IAAK;;CAGlB,cAAoC;AAClC,MAAI,OAAO,KAAK,oBAAoB,SAClC,QAAO,KAAK,gBAAgB,aAAa;WAChC,KAAK,oBAAoB,SAClC,SAAQ,OAAe,OAAO,SAAS,OAAO,GAAG;WACxC,KAAK,oBAAoB,iBAClC,SAAQ,OAAe,OAAO,SAAS,OAAO,GAAG;MAEjD,SAAQ,OAAe;;CAG3B,MAAgB,mBAAmB,KAAa,SAA6B;AAC3E,MAAI,CAAC,MAAM,KAAK,WAAW,IAAI,CAC7B,OAAM,IAAI,MAAM,gBAAgB,IAAI,sCAAsC;AAE5E,SAAO,MAAM,KAAK,YAAY;GAAE;GAAK,GAAG;GAAS,CAAC;;CAGpD,MAAgB,mBAAmB,aAAgC,SAA6B;EAE9F,MAAM,gBADU,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC,CAC1C;AAC9B,MAAI,CAAC,cACH,OAAM,IAAI,MAAM,2BAA2B,cAAc;EAG3D,MAAM,aAA8B,OAAO,WAAW,cAClD,OACA,IAAI,IAAI,OAAO,SAAS,KAAK;EACjC,MAAM,OAAO,MAAM,sBAAsB;GACvC;GACA;GACA,gBAAgB,SAAS,mBAAmB;GAC5C;GACA,uBAAuB,KAAK,kCAAkC;GAC9D,6BAA6B,OAAO,SAAS,MAAM,KAAK,wCAAwC,KAAK;GACtG,CAAC;AAEF,MAAI,KAAK,SAAS,0BAA0B;GAC1C,MAAM,yBAAyB,MAAM,KAAK,kCAAkC;IAC1E,aAAa,KAAK;IAClB,OAAO,KAAK;IACZ,eAAe,KAAK;IACpB,0BAA0B,KAAK;IAChC,CAAC;AACF,SAAM,KAAK,YAAY;IAAE,KAAK;IAAwB,GAAG;IAAS,CAAC;AACnE;;AAGF,QAAM,KAAK,mBAAmB,KAAK,KAAK,QAAQ;;CAGlD,AAAU,+BAA+B,aAAgC,SAAsC;AAC7G,MAAI,KAAK,oBAAoB,oBAAoB,CAAC,eAAe,EAAE;GAEjE,MAAM,gBADU,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC,CAC1C;AAC9B,OAAI,CAAC,cACH,OAAM,IAAI,MAAM,2BAA2B,cAAc;AAE3D,SAAM,eAAe,SAAS;IAAE,MAAM;IAAe,SAAS,SAAS;IAAS,CAAC;;AAEnF,SAAO;;CAGT,MAAM,iBAAiB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,UAAU,QAAQ;;CAC7G,MAAM,iBAAiB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,UAAU,QAAQ;;CAC7G,MAAM,kBAAkB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,WAAW,QAAQ;;CAC/G,MAAM,4BAA4B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,qBAAqB,QAAQ;;CACnI,MAAM,wBAAwB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,iBAAiB,QAAQ;;CAC3H,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,eAAe,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,QAAQ,QAAQ;;CACzG,MAAM,wBAAwB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,iBAAiB,QAAQ;;CAC3H,MAAM,4BAA4B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,qBAAqB,QAAQ;;CACnI,MAAM,sBAAsB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,eAAe,QAAQ;;CACvH,MAAM,sBAAsB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,eAAe,QAAQ;;CACvH,MAAM,qBAAqB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,cAAc,QAAQ;;CACrH,MAAM,uBAAuB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,gBAAgB,QAAQ;;CACzH,MAAM,0BAA0B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,mBAAmB,QAAQ;;CAC/H,MAAM,gBAAgB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,SAAS,QAAQ;;CAC3G,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,cAAc,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,OAAO,QAAQ;;CAEvG,MAAM,wBAAwB,OAAe,SAA6F;AACxI,SAAO,MAAM,KAAK,WAAW,wBAAwB,OAAO,SAAS,eAAe,qBAAqB,KAAK,KAAK,eAAe,cAAc,CAAC;;CAGnJ,MAAM,mBAAmB,OAAe,SAE6E;EACnH,MAAM,cAAc,SAAS,eAAe,qBAAqB,KAAK,KAAK,mBAAmB,cAAc;AAC5G,SAAO,MAAM,KAAK,mCAAmC;GACnD,QAAQ;GACR,SAAS,OAAO,cAAc;AAC5B,WAAO,MAAM,KAAK,WAAW,mBAAmB,OAAO,aAAa,KAAK,8BAA8B,UAAU,CAAC;;GAErH,CAAC;;CAGJ,MAAM,cAAc,SAA+G;AACjI,SAAO,MAAM,KAAK,WAAW,cAAc,QAAQ;;CAGrD,MAAM,wBAAwB,MAAgF;AAC5G,SAAO,MAAM,KAAK,WAAW,wBAAwB,KAAK;;CAG5D,MAAM,yBAAyB,MAA6H;AAC1J,SAAO,MAAM,KAAK,WAAW,qBAAqB;GAChD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;;CAGJ,MAAM,qBAAqB,MAA6H;EACtJ,MAAM,SAAS,MAAM,KAAK,WAAW,qBAAqB;GACxD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;AAEF,MAAI,OAAO,WAAW,KACpB,QAAO,OAAO,GAAG,OAAU;MAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,yBAAyB,MAA+I;EAC5K,MAAM,SAAS,MAAM,KAAK,WAAW,qBAAqB;GACxD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;AAEF,MAAI,OAAO,WAAW,KACpB,QAAO,OAAO,GAAG,EAAE,iBAAiB,OAAO,KAAK,mBAAmB,CAAC;MAEpE,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,YAAY,MAAgF;EAChG,MAAM,SAAS,MAAM,KAAK,WAAW,YAAY,KAAK;AACtD,QAAM,KAAK,kBAAkB,QAAQ,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;AAChE,QAAM,KAAK,4BAA4B,QAAQ,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;AAC1E,SAAO;;CAOT,MAAM,QAAQ,SAA+F;AAE3G,MAAI,SAAS,OAAO,eAAe,QAAQ,sBAAsB,MAC/D,OAAM,IAAI,MAAM,yHAAyH;AAG3I,OAAK,4BAA4B,SAAS,WAAW;EACrD,MAAM,UAAU,MAAM,KAAK,YAAY,SAAS,WAAW;EAC3D,IAAI,OAAO,OAAO,QAAQ,MAAM,KAAK,kBAAkB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;EAC1F,MAAM,mBAAmB,SAAS,OAAO,eAAe,SAAS,OAAO;EACxE,MAAM,oBAAoB,SAAS,sBAAsB,QAAQ;AAEjE,MAAI,SAAS,QAAS,KAAK,gBAAgB,CAAC,oBAAsB,KAAK,iBAAiB,CAAC,kBACvF,SAAQ,SAAS,IAAjB;GACE,KAAK;AACH,QAAI,CAAC,MAAM,gBAAgB,MAAM,cAC/B,OAAM,KAAK,qBAAqB,EAAE,SAAS,MAAM,CAAC;QAElD,OAAM,KAAK,iBAAiB,EAAE,SAAS,MAAM,CAAC;AAGhD;GAEF,KAAK,QACH,OAAM,IAAI,MAAM,oEAAoE;GAEtF,KAAK,aAAa;IAChB,MAAM,SAAS,MAAM,KAAK,oBAAoB;AAC9C,WAAO,MAAM,KAAK,QAAQ;KAAE,YAAY;KAAQ,IAAI;KAAmC,mBAAmB;KAAM,CAAC,IAAI,SAAS,oDAAoD;;GAEpL,KAAK;GACL,KAAK;GACL,KAAK,cACH,QAAO;;AAKb,SAAO,QAAQ,KAAK,qBAAqB,MAAM,QAAQ;;CAOzD,QAAQ,SAAsF;AAE5F,MAAI,SAAS,OAAO,eAAe,QAAQ,sBAAsB,MAC/D,OAAM,IAAI,MAAM,yHAAyH;AAG3I,OAAK,4BAA4B,SAAS,WAAW;EAErD,MAAM,UAAU,KAAK,YAAY,SAAS,WAAW;EACrD,IAAI,OAAO,cAAc,KAAK,mBAAmB,CAAC,QAAQ,EAAW,sBAAsB;EAC3F,MAAM,mBAAmB,SAAS,OAAO,eAAe,SAAS,OAAO;EACxE,MAAM,oBAAoB,SAAS,sBAAsB,QAAQ;AAEjE,MAAI,SAAS,QAAS,KAAK,gBAAgB,CAAC,oBAAsB,KAAK,iBAAiB,CAAC,kBACvF,SAAQ,SAAS,IAAjB;GACE,KAAK;AACH,QAAI,CAAC,MAAM,gBAAgB,MAAM,eAC/B;SAAI,CAAC,KAAK,+BAA+B,cAAc,EAAE,SAAS,MAAM,CAAC,CACvE,mBAAkB,KAAK,qBAAqB,EAAE,SAAS,MAAM,CAAC,CAAC;eAG7D,CAAC,KAAK,+BAA+B,UAAU,EAAE,SAAS,MAAM,CAAC,CACnE,mBAAkB,KAAK,iBAAiB,EAAE,SAAS,MAAM,CAAC,CAAC;AAG/D,aAAS;AACT,UAAM,IAAI,oBAAoB,8BAA8B;GAE9D,KAAK,QACH,OAAM,IAAI,MAAM,oEAAoE;GAEtF,KAAK;AAGH,sBAAkB,YAAY;AAC5B,WAAM,KAAK,oBAAoB;AAC/B,SAAI,OAAO,WAAW,YACpB,QAAO,SAAS,QAAQ;MAE1B;AACF,aAAS;AACT,UAAM,IAAI,oBAAoB,8BAA8B;GAE9D,KAAK;GACL,KAAK;GACL,KAAK;AACH,WAAO;AACP;;AAKN,SAAO,cAAc;AACnB,UAAO,QAAQ,KAAK,qBAAqB,MAAM,QAAQ;KACtD;GAAC;GAAM;GAAS,SAAS;GAAG,CAAC;;CAGlC,gCAAgC,SAA0B,SAA+E;EACvI,MAAM,cAAc,QAAQ,8BAA8B,GAAG,KAAK;AAClE,MAAI,CAAC,YACH,QAAO;EAET,MAAM,cAAc,YAAY,QAAQ;AACxC,MAAI,eAAe,QAAQ,OAAO,sBAChC,QAAO;AAET,SAAO;GACL,IAAI,YAAY,QAAQ;GACxB,cAAc,YAAY,QAAQ;GAClC,aAAa,YAAY,QAAQ;GACjC,sBAAsB,YAAY,QAAQ;GAC1C;GACA,uBAAuB,YAAY,QAAQ;GAC3C,cAAc,YAAY,QAAQ;GAClC,kBAAkB,YAAY,QAAQ;GACvC;;CAGH,MAAM,0BAA0B,KAAkD;EAChF,MAAM,OAAO,MAAM,IAAI,KAAK,iBAAiB;AAC7C,MAAI,CAAC,KACH,QAAO;AAET,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK,QAAQ;GAC1B,cAAc,KAAK,SAAS;GAC5B,sBAAsB,KAAK;GAC3B,aAAa,KAAK;GAClB,uBAAuB,KAAK;GAC5B,cAAc,KAAK;GACnB,kBAAmB,KAAK,qBAAiD;GAC1E;;CAKH,MAAM,eAAe,SAA4G;AAC/H,UAAQ,QAAQ,MAAhB;GACE,KAAK,SAAS;AACZ,SAAK,4BAA4B,QAAQ,cAAc,KAAK,gBAAgB;IAC5E,MAAM,UAAU,MAAM,KAAK,YAAY,QAAQ,WAAW;AAC1D,WAAO,KAAK,gCAAgC,SAAS,QAAQ;;GAE/D,KAAK,SACH,QAAO,MAAM,KAAK,0BAA0B,QAAQ,IAAI;GAE1D,QAEE,OAAM,IAAI,MAAM,0BAA0B,QAAQ,OAAO;;;CAM/D,eAAe,SAAmG;AAChH,UAAQ,QAAQ,MAAhB;GACE,KAAK,SAAS;AACZ,SAAK,4BAA4B,QAAQ,cAAc,KAAK,gBAAgB;IAC5E,MAAM,UAAU,KAAK,YAAY,QAAQ,WAAW;AACpD,WAAO,KAAK,gCAAgC,SAAS,QAAQ;;GAE/D,KAAK,SAEH,QADe,cAAc,KAAK,yBAAyB,CAAC,QAAQ,IAAI,EAAW,6BAA6B;GAGlH,QAEE,OAAM,IAAI,MAAM,0BAA0B,QAAQ,OAAO;;;CAI/D,oBAAoB,SAA2G;AAC7H,SAAO,OAAO,SAAyC;GACrD,MAAM,UAAU,MAAM,KAAK,YAAY,QAAQ,cAAc,KAAK,gBAAgB;AAClF,OAAI,CAAC,KAAK,kBAER,SADe,MAAM,QAAQ,4BAA4B,KAAQ,KAAO,GACzD,YAAY,SAAS;AAGtC,WADe,MAAM,QAAQ,gBAAgB,GAC9B,YAAY,SAAS;;;CAIxC,MAAM,wBAAwB,SAA0D;AAGtF,UADe,OADC,MAAM,KAAK,YAAY,QAAQ,WAAW,EAC7B,4BAA4B,KAAQ,KAAO,GACzD,YAAY,SAAS;;CAGtC,MAAgB,kBAAkB,QAA2B,SAA0B;EACrF,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,wBAAwB,OAAO,EAAE,QAAQ;AAC5F,QAAM,KAAK,aAAa,QAAQ;AAChC,SAAO;;CAGT,MAAM,gBAAgB,UAAwB,SAE3C;AACD,MAAI,OAAO,WAAW,YACpB,OAAM,IAAI,MAAM,wEAAwE;AAG1F,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;EAChD,MAAM,2BAA2B,SAAS,YAAY,OAClD,qBAAqB,QAAQ,UAAU,WAAW,GAElD,WAAW,aAAa,IAAI,uBAAuB,GAC/C,WAAW,UAAU,GACrB;EAER,MAAM,WAAW,KAAK,0BAA0B;EAChD,MAAM,EAAE,eAAe,UAAU,MAAM,sBAAsB;EAE7D,MAAM,eAAe,OAAO,cAAuF;AACjH,UAAO,MAAM,KAAK,WAAW,eAAe;IAC1C;IACA,aAAa,qBAAqB,KAAK,KAAK,eAAe,cAAc;IACzE,kBAAkB,qBAAqB,KAAK,KAAK,OAAO,mBAAmB;IAC3E;IACA,MAAM;IACN,eAAe,KAAK,qBAAqB,WAAW,KAAK,IAAI;IAC7D;IACA;IACA,cAAc,KAAK,8BAA8B,UAAU;IAC3D;IACD,CAAC;;EAGJ,IAAI;AACJ,MAAI;AACF,OAAI,SACF,mBAAkB,MAAM,qBAAqB;IAC3C,GAAG;IACH,QAAQ;IACR,SAAS;IACT,sBAAsB,WAAW;AAC/B,YAAO,OAAO,WAAW,WAAW,YAAY,qBAAqB,WAAW,OAAO,MAAM;;IAEhG,CAAC;OAGF,mBAAkB,MAAM,aAAa,EAAE,CAAC;WAEnC,GAAG;GACV,MAAM,cAAc,KAAK,4BAA4B,EAAE;AACvD,OAAI,aAAa,SAAS,YACxB;AAEF,OAAI,aAAa,SAAS,SACxB,OAAM,YAAY;AAEpB,SAAM;;EAGR,MAAM,WAAW,OAAO,QAAQ,gBAAgB;AAChD,QAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,QAAM,cAAc;;;;;CAMtB,MAAgB,iBAAiB,OAAyD,SAA0C;AAElI,MAAI,OAAO,WAAW,YACpB,QAAO,eAAe,QAAQ,0BAA2B,MAAM,SAAiB,gBAAgB,SAAS,uBAAuB,CAAC;AAInI,QAAM,KAAK,eAAe;AAE1B,QAAM,IAAI,oBAAoB,+CAA+C;;;;;;CAO/E,MAAgB,uBAA6B,UAAgI;AAC3K,MAAI;AACF,UAAO,MAAM,UAAU;WAChB,GAAG;AACV,OAAI,YAAY,kCAAkC,WAAW,EAAE,CAC7D,QAAO,OAAO,GAAG,MAAM,KAAK,iBAAiB,GAAG,MAAM,KAAK,aAAa,CAAC,CAAC;AAE5E,SAAM;;;CAIV,MAAM,qBAAqB,SAI2E;AACpG,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ,OAAO,QAAQ,UAAU,QAAQ;KAC3F;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,CAC3C,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAC,QAAQ,WACX,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAErD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,qBAAqB,SAM+H;AACxJ,MAAI,QAAQ,0BAA0B,QAAQ,wBAC5C,OAAM,IAAI,oBAAoB,6EAA6E;AAE7G,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,+BAA+B,QAAQ,yBAAyB,SAAY,QAAQ,2BAA2B,qBAAqB,KAAK,KAAK,mBAAmB,0BAA0B;EAEjM,MAAM,gBAAgB,OAAO,cAAuF;GAClH,IAAI,SAAS,MAAM,KAAK,WAAW,qBACjC,QAAQ,OACR,QAAQ,UACR,8BACA,SACA,KAAK,8BAA8B,UAAU,CAC9C;AAKD,OAAI,OAAO,WAAW,WACpB,OAAO,iBAAiB,YAAY,6BACpC,iCAAiC,QACjC;QAAI,CAAC,QAAQ,yBAAyB;AACpC,kBAAa,2CAA2C,IAAI,oBAAoB,4GAA4G,EAAE,8BAA8B,CAAC,CAAC;AAE9N,cAAS,MAAM,KAAK,WAAW,qBAC7B,QAAQ,OACR,QAAQ,UACR,QACA,SACA,KAAK,8BAA8B,UAAU,CAC9C;;;AAIL,UAAO;;EAGT,IAAI;AACJ,WAAS,MAAM,KAAK,mCAAmC;GACrD,QAAQ;GACR,SAAS;GACV,CAAC;AAEF,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAC,QAAQ,WACX,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAErD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,qBAAqB;AACzB,OAAK,6BAA6B;AAElC,MAAI,CAAC,KAAK,2BACR,MAAK,8BAA8B,YAAY;AAC7C,QAAK,6BAA6B;GAClC,MAAM,UAAU,MAAM,KAAK,aAAa;GACxC,MAAM,SAAS,MAAM,KAAK,WAAW,kBAAkB,QAAQ;AAC/D,OAAI,OAAO,WAAW,KACpB,OAAM,KAAK,2BAA2B,OAAO,KAAK;OAElD,OAAM,IAAI,oBAAoB,mDAAmD;AAEnF,QAAK,6BAA6B;AAClC,UAAO,OAAO;MACZ;AAGN,SAAO,MAAM,KAAK;;CAGpB,MAAM,oBAAoB,MAAc,SAAuI;AAC7K,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,oBAAoB,MAAM,QAAQ;KAC/D;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,CAC3C,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAE,SAAS,WACb,KAAI,OAAO,KAAK,QACd,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;OAEnD,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAGvD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;;;;;;;;;;;;;;;;;;;;;CAwBrC,MAAM,eAAe,SAO2G;EAE9H,MAAM,WAAW,MAAM,KAAK,WAAW,kBACrC,aACA;GACE,QAAQ;GACR,SAAS,EACP,gBAAgB,oBACjB;GACD,MAAM,KAAK,UAAU;IACnB,mBAAmB,QAAQ;IAC3B,GAAI,QAAQ,oBAAoB,OAAO,EAAE,oBAAoB,QAAQ,kBAAkB,GAAG,EAAE;IAC7F,CAAC;GACH,EACD,KACD;AAED,MAAI,CAAC,SAAS,GACZ,QAAO,OAAO,MAAM,IAAI,YAAY,aAAa,gCAAgC,SAAS,OAAO,GAAG,MAAM,SAAS,MAAM,GAAG,CAAC;EAG/H,MAAM,aAAa,MAAM,SAAS,MAAM;EACxC,MAAM,cAAc,WAAW;EAC/B,MAAM,YAAY,WAAW;EAG7B,MAAM,MAAM,uBAAuB;GACjC,mBAAmB,KAAK,KAAK;GAC7B,QAAQ,QAAQ;GAChB;GACD,CAAC;AACF,MAAI,QAAQ,WACV,SAAQ,WAAW,KAAK,UAAU;OAC7B;AACL,WAAQ,IAAI,2BAA2B,YAAY;AACnD,WAAQ,IAAI,oDAAoD,MAAM;;EAIxE,IAAI,WAAW;AACf,SAAO,YAAY,QAAQ,eAAe,WAAW;AACnD;GACA,MAAM,eAAe,MAAM,KAAK,WAAW,kBAAkB,kBAAkB;IAC7E,QAAQ;IACR,SAAS,EACP,gBAAgB,oBACjB;IACD,MAAM,KAAK,UAAU,EACnB,cAAc,aACf,CAAC;IACH,EAAE,KAAK;AAER,OAAI,CAAC,aAAa,GAChB,QAAO,OAAO,MAAM,IAAI,YAAY,aAAa,gCAAgC,aAAa,OAAO,GAAG,MAAM,aAAa,MAAM,GAAG,CAAC;GAEvI,MAAM,aAAa,MAAM,aAAa,MAAM;AAE5C,OAAI,aAAa,WAAW,OAAO,WAAW,WAAW,UACvD,QAAO,OAAO,GAAG,WAAW,cAAc;AAE5C,OAAI,WAAW,WAAW,WAAW;AACnC,UAAM,KAAK,QAAQ,kBAAkB,IAAK;AAC1C;;AAEF,OAAI,WAAW,WAAW,UACxB,QAAO,OAAO,MAAM,IAAI,YAAY,oBAAoB,wDAAwD,CAAC;AAEnH,OAAI,WAAW,WAAW,OACxB,QAAO,OAAO,MAAM,IAAI,YAAY,iBAAiB,mDAAmD,CAAC;AAE3G,UAAO,OAAO,MAAM,IAAI,YAAY,aAAa,4CAA4C,WAAW,SAAS,CAAC;;AAGpH,SAAO,OAAO,MAAM,IAAI,YAAY,aAAa,4CAA4C,CAAC;;CAUhG,MAAM,cAAc,MAAc,MAAc,SAAuI;AACrL,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,cAAc,MAAM,MAAM,QAAQ;KAC/D;WACK,GAAG;AACV,OAAI,aAAa,YAAY,gBAC3B,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAE,SAAS,WACb,KAAI,OAAO,KAAK,QACd,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;OAEnD,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAGvD,UAAO,OAAO,GAAG,OAAU;;AAE7B,SAAO,OAAO,MAAM,OAAO,MAAM;;CAGnC,MAAM,oBAAmK;AACvK,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;IACrD,MAAM,mBAAmB,MAAM,KAAK,WAAW,8BAA8B,EAAE,EAAE,QAAQ;AACzF,QAAI,iBAAiB,WAAW,KAC9B,QAAO,OAAO,MAAM,IAAI,YAAY,4BAA4B,8DAA8D,CAAC;IAGjI,MAAM,EAAE,cAAc,SAAS,iBAAiB;AAGhD,QAAI,aAAa,SAAS,0CACxB,OAAM,IAAI,oBAAoB,oEAAoE,aAAa,OAAO;AAExH,iBAAa,OAAO,OAAO,SAAS;IAEpC,MAAM,0BAA0B,MAAM,oBAAoB,EAAE,aAAa,cAAc,CAAC;AACxF,WAAO,MAAM,KAAK,WAAW,kBAAkB;KAAE;KAAyB;KAAM,EAAE,QAAQ;KAC1F;WACK,OAAO;AACd,OAAI,iBAAiB,cACnB,QAAO,OAAO,MAAM,IAAI,YAAY,qBAAqB,MAAM,SAAS,MAAM,KAAK,CAAC;OAGpF,QAAO,OAAO,MAAM,IAAI,YAAY,4BAA4B,iCAAiC,CAAC;;AAItG,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,SAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AACnD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAKrC,MAAM,oBAAoB;AACxB,MAAI,OAAO,WAAW,YACpB,OAAM,IAAI,MAAM,0EAA0E;AAE5F,OAAK,6BAA6B;EAClC,IAAI,2BAA2B,KAAK,KAAK;EACzC,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;AAChD,MAAI,WAAW,aAAa,IAAI,2BAA2B,OAAO,KAAK,KAAK;AAC1E,cAAW,aAAa,OAAO,OAAO;AACtC,cAAW,aAAa,OAAO,QAAQ;AACvC,8BAA2B,WAAW,UAAU;;EAElD,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,kBAAkB,KAAK,YAAY,yBAAyB;KACzE;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,EAAE;AAC7C,UAAM,kDAAkD;AACxD,WAAO;SAEP,OAAM;;AAGV,MAAI,OAAO,WAAW,QAAQ,OAAO,MAAM;AACzC,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAGlD,OAAI,8BAA8B,OAAO,QAAQ,OAAO,KAAK,0BAA0B;AACrF,UAAM,KAAK,YAAY;KAAE,KAAK,OAAO,KAAK;KAA0B,SAAS;KAAM,CAAC;AACpF,WAAO;cACE,OAAO,KAAK,SAAS;AAC9B,UAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AACnD,WAAO;UACF;AACL,UAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AACnD,WAAO;;;AAGX,SAAO;;CAGT,MAAgB,SAAS,SAA0B,SAAyD;AAE1G,OAAK,eAAe,aAAa;AACjC,OAAK,kBAAkB,aAAa;AAEpC,QAAM,UAAU,cAAc,YAAY;AACxC,SAAM,KAAK,WAAW,QAAQ,QAAQ;AACtC,OAAI,SAAS,YACX,OAAM,KAAK,YAAY;IAAE,KAAK,QAAQ;IAAa,SAAS;IAAM,CAAC;OAEnE,OAAM,KAAK,wBAAwB;IAErC;;CAGJ,MAAM,QAAQ,SAAsF;EAClG,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,OAAM,KAAK,QAAQ,EAAE,aAAa,SAAS,aAAa,CAAC;;CAI7D,MAAM,eAAe,SAAmE;EACtF,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,gBAAgB;AAEpC,SAAO;;CAGT,eAAe,SAA0D;EACvE,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,gBAAgB;AAE9B,SAAO;;CAGT,MAAM,gBAAgB,SAAmE;EACvF,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,iBAAiB;AAErC,SAAO;;CAGT,gBAAgB,SAA0D;EACxE,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,iBAAiB;AAE/B,SAAO;;CAGT,MAAM,uBAAuB,SAAmE;AAC9F,SAAO,wCAAwC,MAAM,KAAK,YAAY,QAAQ,CAAC;;CAGjF,uBAAuB,SAA0D;AAC/E,SAAO,wCAAwC,KAAK,YAAY,QAAQ,CAAC;;CAG3E,MAAM,eAAe,SAAgF;AACnG,SAAO,EACL,gBAAgB,KAAK,UAAU,MAAM,KAAK,YAAY,QAAQ,CAAC,EAChE;;CAGH,eAAe,SAAuE;AACpF,SAAO,EACL,gBAAgB,KAAK,UAAU,KAAK,YAAY,QAAQ,CAAC,EAC1D;;CAGH,MAAM,YAAY,SAAiH;EACjI,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,aAAa;AAEjC,SAAO;GAAE,aAAa;GAAM,cAAc;GAAM;;CAGlD,YAAY,SAAwG;EAClH,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,aAAa;AAE3B,SAAO;GAAE,aAAa;GAAM,cAAc;GAAM;;CAGlD,MAAM,aAA+B;EACnC,MAAM,OAAO,OAAO,QAAQ,MAAM,KAAK,qBAAqB,UAAU,EAAE,EAAE,aAAa,CAAC;AACxF,SAAO,KAAK,uBAAuB,KAAK;;CAG1C,aAAsB;EACpB,MAAM,OAAO,cAAc,KAAK,sBAAsB,EAAE,EAAE,yBAAyB;AACnF,SAAO,cAAc,KAAK,uBAAuB,KAAK,EAAE,CAAC,KAAK,CAAC;;CAGjE,MAAgB,mBAAmB,SAAwD;AACzF,OAAK,wBAAwB;AAE7B,SADa,OAAO,QAAQ,MAAM,KAAK,oBAAoB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAClF,KAAK,MAAM,KAAK,kBAAkB,EAAE,IAAI,QAAQ,CAAC,2BAC3D,SACM,KAAK,sBAAsB,QAAQ,CAC1C,CAAC;;CAGJ,AAAU,kBAAkB,SAA+C;AACzE,OAAK,wBAAwB;EAC7B,MAAM,WAAW,cAAc,KAAK,qBAAqB,CAAC,QAAQ,EAAE,+BAA+B;AACnG,SAAO,cAAc,SAAS,KAAK,MAAM,KAAK,kBAAkB,EAAE,IAAI,QAAQ,CAAC,2BAC7E,SACM,KAAK,sBAAsB,QAAQ,CAC1C,CAAC,EAAE,CAAC,SAAS,CAAC;;CAEjB,MAAgB,eAAe,SAA0B,YAA6G;AACpK,OAAK,wBAAwB;EAC7B,MAAM,OAAO,MAAM,KAAK,WAAW,cAAc,gCAAgC,WAAW,EAAE,QAAQ;EACtG,MAAM,MAAM,KAAK,kBAAkB,KAAK,IAAI,QAAQ,CAAC,2BACnD,YACM,KAAK,sBAAsB,QAAQ,CAC1C;AACD,QAAM,KAAK,sBAAsB,QAAQ;AACzC,SAAO;;CAGT,MAAgB,aAAa,SAA0B;AAErD,QAAM,KAAK,gBAAgB,QAAQ;;CAGrC,MAAgB,gBAAgB,SAA0B;AACxD,QAAM,QAAQ,IAAI,CAChB,KAAK,kBAAkB,QAAQ,CAAC,QAAQ,CAAC,EACzC,KAAK,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC3D,CAAC;AAEF,UAAQ,2BAA2B;;CAGrC,MAAgB,gBAAgB;CAIhC,MAAgB,kBAAkB;AAChC,QAAM,KAAK,qBAAqB,QAAQ,EAAE,CAAC;;CAG7C,MAAgB,sBAAsB,SAA0B;AAC9D,QAAM,KAAK,oBAAoB,QAAQ,CAAC,QAAQ,CAAC;;CAGnD,YAAY,2BAA2B;AACrC,SAAO,EACL,iBACE,SAC6C;GAC7C,MAAM,sBAAsB,KAAK,UAAU,KAAK,MAAM,EAAsB,CAAC,CAAC;GAC9E,MAAM,WAAW,cAAc,IAAI,KAAK,iBAAiB;AACzD,OAAI,UAAU;IACZ,MAAM,CAAC,qBAAqB,aAAa;AACzC,QAAI,wBAAwB,UAAa,wBAAwB,oBAC/D,OAAM,IAAI,oBAAoB,qHAAqH;KAAE,aAAa;KAAM,gBAAgB;KAAqB,CAAC;AAEhN,WAAO;;GAGT,MAAM,EAAE,WAAW,GAAG,aAAa,KAAK,MAAM,CAAC,mBAAmB,CAAC;AACnE,UAAO,IAAI,8BAAwD;IACjE,GAAG;IACH,WAAW,yBAAyB,UAAU;IAC/C,EAAE;IACD,kBAAkB,KAAK;IACvB,aAAa;IACd,CAAC;KAEL;;CAGH,KAAK,2BAA2B;AAC9B,SAAO;GACL,oBAAkE;AAChE,QAAI,OAAO,KAAK,oBAAoB,SAClC,OAAM,IAAI,oBAAoB,iFAAiF;IAGjH,MAAM,uBAAuB,0BAA0B,KAAK,WAAW,UACnE,KAAK,WAAW,QAAQ,uBACxB;AAEJ,WAAO;KACL,SAAS,KAAK,SAAS;KACvB,WAAW,KAAK;KAChB,GAAI,wBAAwB,OAAO,EAAE,sBAAsB,GAAG,EAAE;KAChE,YAAY,KAAK;KACjB,MAAM,KAAK;KACX,qBAAqB,KAAK;KAC1B,kBAAkB,KAAK,sBAAsB;KAC7C,gBAAgB,KAAK;KACrB,qBAAqB,KAAK,SAAS;KACnC,SAAS,KAAK,SAAS;KACvB,WAAW,uBAAuB,KAAK,kBAAkB;KAC1D;;GAEH,iBAAiB,oBAAuE;AACtF,sBAAkB,YAAY;AAC5B,WAAM,KAAK,kBAAkB,yBAAyB,CAAC,MAAM,KAAK,aAAa,CAAC,EAAE,OAAO,YAAY,gBAAgB,CAAC;MACtH;;GAEJ,6BAA6B,KAAK;GAClC,wBAAwB,OAAO,MAAc,YAAoC;AAC/E,WAAO,MAAM,KAAK,WAAW,uBAAuB,MAAM,MAAM,KAAK,aAAa,EAAE,QAAQ;;GAE9F,yBAAyB,OAAO,MAAc,YAAoC;AAChF,WAAO,MAAM,KAAK,WAAW,wBAAwB,MAAM,MAAM,KAAK,aAAa,EAAE,QAAQ;;GAE/F,qBAAqB,aAA8B;AACjD,WAAO,KAAK,WAAW,mBAAmB,SAAS;;GAErD,aAAa,OACX,MACA,gBACA,cAA6C,aAC1C;AACH,WAAO,MAAM,KAAK,WAAW,kBAAkB,MAAM,gBAAgB,MAAM,KAAK,aAAa,EAAE,YAAY;;GAE7G,yBAAyB,KAAK,mBAAmB,SAAS,mFAAmF;GAC7I,eAAe,OAAO,KAAmB,YAAoC;AAC3E,UAAM,KAAK,YAAY;KAAE;KAAK,GAAG;KAAS,CAAC;;GAE7C,sBAAsB,YAAY;AAChC,UAAM,KAAK,sBAAsB,MAAM,KAAK,aAAa,CAAC;;GAE5D,kBAAkB,OAAO,WAA0D;AACjF,UAAM,KAAK,2BAA2B,OAAO;;GAEhD"}
1	+ {"version":3,"file":"client-app-impl.js","names":["isSecure","isSecureCookieContext"],"sources":["../../../../../../src/lib/stack-app/apps/implementations/client-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { WebAuthnError, startAuthentication, startRegistration } from \"@simplewebauthn/browser\";\nimport { KnownErrors, StackClientInterface } from \"@stackframe/stack-shared\";\nimport type { RequestListener } from \"@stackframe/stack-shared/dist/interface/client-interface\";\nimport { ContactChannelsCrud } from \"@stackframe/stack-shared/dist/interface/crud/contact-channels\";\nimport { CurrentUserCrud } from \"@stackframe/stack-shared/dist/interface/crud/current-user\";\nimport type { CustomerInvoicesListResponse } from \"@stackframe/stack-shared/dist/interface/crud/invoices\";\nimport { ItemCrud } from \"@stackframe/stack-shared/dist/interface/crud/items\";\nimport { NotificationPreferenceCrud } from \"@stackframe/stack-shared/dist/interface/crud/notification-preferences\";\nimport { OAuthProviderCrud } from \"@stackframe/stack-shared/dist/interface/crud/oauth-providers\";\nimport type { CustomerProductsListResponse } from \"@stackframe/stack-shared/dist/interface/crud/products\";\nimport { TeamApiKeysCrud, UserApiKeysCrud, teamApiKeysCreateOutputSchema, userApiKeysCreateOutputSchema } from \"@stackframe/stack-shared/dist/interface/crud/project-api-keys\";\nimport { ProjectPermissionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/project-permissions\";\nimport { ClientProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { SessionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/sessions\";\nimport { TeamInvitationCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-invitation\";\nimport { TeamMemberProfilesCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-member-profiles\";\nimport { TeamPermissionsCrud } from \"@stackframe/stack-shared/dist/interface/crud/team-permissions\";\nimport { TeamsCrud } from \"@stackframe/stack-shared/dist/interface/crud/teams\";\nimport { UsersCrud } from \"@stackframe/stack-shared/dist/interface/crud/users\";\nimport type { RestrictedReason } from \"@stackframe/stack-shared/dist/schema-fields\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { decodeBase32, decodeBase64, encodeBase32, encodeBase64 } from \"@stackframe/stack-shared/dist/utils/bytes\";\nimport { scrambleDuringCompileTime } from \"@stackframe/stack-shared/dist/utils/compile-time\";\nimport { isBrowserLike } from \"@stackframe/stack-shared/dist/utils/env\";\nimport { StackAssertionError, captureError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { parseJson } from \"@stackframe/stack-shared/dist/utils/json\";\nimport { DependenciesMap } from \"@stackframe/stack-shared/dist/utils/maps\";\nimport { ProviderType } from \"@stackframe/stack-shared/dist/utils/oauth\";\nimport { deepPlainEquals, omit } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { neverResolve, runAsynchronously, wait } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { suspend, suspendIfSsr, use } from \"@stackframe/stack-shared/dist/utils/react\";\nimport { getTrustedParentDomain, validateRedirectUrl } from \"@stackframe/stack-shared/dist/utils/redirect-urls\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { Store, storeLock } from \"@stackframe/stack-shared/dist/utils/stores\";\nimport { deindent, mergeScopeStrings } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport type { TurnstileAction } from \"@stackframe/stack-shared/dist/utils/turnstile\";\nimport { BotChallengeExecutionFailedError, BotChallengeUserCancelledError, withBotChallengeFlow } from \"@stackframe/stack-shared/dist/utils/turnstile-flow\";\nimport { createUrlIfValid, isRelative } from \"@stackframe/stack-shared/dist/utils/urls\";\nimport { generateUuid } from \"@stackframe/stack-shared/dist/utils/uuids\";\nimport * as tanstackStartServerContext from \"@stackframe/tanstack-start/tanstack-start-server-context\"; // THIS_LINE_PLATFORM tanstack-start\nimport * as TanStackRouter from \"@tanstack/react-router\"; // THIS_LINE_PLATFORM tanstack-start\nimport * as cookie from \"cookie\";\nimport React, { useCallback, useMemo } from \"react\"; // THIS_LINE_PLATFORM react-like\nimport type * as yup from \"yup\";\nimport { constructRedirectUrl } from \"../../../../utils/url\";\nimport { callOAuthCallback, getNewOAuthProviderOrScopeUrl } from \"../../../auth\";\nimport { CookieHelper, createBrowserCookieHelper, createCookieHelper, createPlaceholderCookieHelper, deleteCookie, deleteCookieClient, getCookieClient, isSecure as isSecureCookieContext, saveVerifierAndState, setOrDeleteCookie, setOrDeleteCookieClient } from \"../../../cookie\";\nimport { envVars } from \"../../../env\";\nimport { ApiKey, ApiKeyCreationOptions, ApiKeyUpdateOptions, apiKeyCreationOptionsToCrud } from \"../../api-keys\";\nimport { ConvexCtx, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, RequestLike, ResolvedHandlerUrls, TokenStoreInit, stackAppInternalsSymbol } from \"../../common\";\nimport { DeprecatedOAuthConnection, OAuthConnection } from \"../../connected-accounts\";\nimport { ContactChannel, ContactChannelCreateOptions, ContactChannelUpdateOptions, contactChannelCreateOptionsToCrud, contactChannelUpdateOptionsToCrud } from \"../../contact-channels\";\nimport { Customer, CustomerBilling, CustomerDefaultPaymentMethod, CustomerInvoiceStatus, CustomerInvoicesList, CustomerInvoicesListOptions, CustomerInvoicesRequestOptions, CustomerPaymentMethodSetupIntent, CustomerProductsList, CustomerProductsListOptions, CustomerProductsRequestOptions, Item } from \"../../customers\";\nimport { NotificationCategory } from \"../../notification-categories\";\nimport { TeamPermission } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProjectUpdateOptions, Project, adminProjectCreateOptionsToCrud } from \"../../projects\";\nimport { EditableTeamMemberProfile, ReceivedTeamInvitation, SentTeamInvitation, Team, TeamCreateOptions, TeamUpdateOptions, TeamUser, teamCreateOptionsToCrud, teamUpdateOptionsToCrud } from \"../../teams\";\nimport { buildCliAuthConfirmUrl, getHostedHandlerUrl, isHostedHandlerUrlForProject, resolveHandlerUrls } from \"../../url-targets\";\nimport { ActiveSession, Auth, BaseUser, CurrentUser, InternalUserExtra, OAuthProvider, ProjectCurrentUser, SyncedPartialUser, TokenPartialUser, UserExtra, UserUpdateOptions, userUpdateOptionsToCrud, withUserDestructureGuard } from \"../../users\";\nimport { StackClientApp, StackClientAppConstructorOptions, StackClientAppJson } from \"../interfaces/client-app\";\nimport { _StackAdminAppImplIncomplete } from \"./admin-app-impl\";\nimport { TokenObject, clientVersion, createCache, createCacheBySession, createEmptyTokenStore, getAnalyticsBaseUrl, getDefaultExtraRequestHeaders, getDefaultProjectId, getDefaultPublishableClientKey, getUrls, resolveApiUrls, resolveConstructorOptions } from \"./common\";\nimport { EventTracker } from \"./event-tracker\";\nimport type { CrossDomainHandoffParams } from \"./redirect-page-urls\";\nimport { crossDomainAuthQueryParams, getCrossDomainHandoffParamsFromCurrentUrl, planRedirectToHandler } from \"./redirect-page-urls\";\nimport { subscribeSessionRefresh } from \"./session-refresh-subscription\";\nimport { AnalyticsOptions, SessionRecorder, analyticsOptionsFromJson, analyticsOptionsToJson } from \"./session-replay\";\n\nimport { useAsyncCache } from \"./common\";\nimport { mountDevTool } from \"../../../../dev-tool\";\n\nlet isReactServer = false;\n\nconst prefetchedCrossDomainHandoffTtlMs = 55 * 60 * 1000;\n\nconst nestedCrossDomainAuthQueryParams = {\n refreshTokenId: \"stack_nested_cross_domain_auth_refresh_token_id\",\n callbackUrl: \"stack_nested_cross_domain_auth_callback_url\",\n redirectUri: \"redirect_uri\",\n state: \"state\",\n codeChallenge: \"code_challenge\",\n codeChallengeMethod: \"code_challenge_method\",\n afterCallbackRedirectUrl: \"after_callback_redirect_url\",\n} as const;\n\nconst oauthCallbackResponseQueryParams = [\"code\", \"state\", \"error\", \"error_description\", \"errorCode\", \"message\", \"details\"] as const;\n\nconst allClientApps = new Map<string, [checkString: string \| undefined, app: StackClientApp<any, any>]>();\nconst STACK_AUTHORIZATION_VALUE_PREFIX = \"stackauth_\";\n\nfunction getAuthorizationHeaderValueFromAuthJson(authJson: { accessToken: string \| null, refreshToken: string \| null }): string \| null {\n if (authJson.accessToken == null && authJson.refreshToken == null) {\n return null;\n }\n\n const encodedAuthJson = encodeBase64(new TextEncoder().encode(JSON.stringify(authJson)));\n return `Bearer ${STACK_AUTHORIZATION_VALUE_PREFIX}${encodedAuthJson}`;\n}\n\nfunction getAuthJsonFromAuthorizationHeaderValue(authorizationHeaderValue: string): { accessToken: string \| null, refreshToken: string \| null } \| null {\n const match = authorizationHeaderValue.match(/^Bearer\\s+(.+)$/i);\n if (match == null) {\n return null;\n }\n\n const credential = match[1].trim();\n if (!credential.startsWith(STACK_AUTHORIZATION_VALUE_PREFIX)) {\n return null;\n }\n\n const encodedAuthJson = credential.slice(STACK_AUTHORIZATION_VALUE_PREFIX.length);\n if (encodedAuthJson.length === 0) {\n throw new Error(\"Invalid Authorization header format. Expected `Bearer stackauth_<base64(getAuthJson())>`.\");\n }\n\n let parsed: unknown;\n try {\n const decodedAuthJson = new TextDecoder().decode(decodeBase64(encodedAuthJson));\n parsed = JSON.parse(decodedAuthJson);\n } catch (e) {\n throw new Error(\"Invalid stackauth authorization header.\", { cause: e });\n }\n\n if (parsed == null \|\| typeof parsed !== \"object\" \|\| Array.isArray(parsed)) {\n throw new Error(\"Invalid stackauth authorization payload. Expected an object.\");\n }\n\n const accessToken = Reflect.get(parsed, \"accessToken\");\n const refreshToken = Reflect.get(parsed, \"refreshToken\");\n if (accessToken != null && typeof accessToken !== \"string\") {\n throw new Error(\"Invalid stackauth authorization payload. `accessToken` must be a string or null.\");\n }\n if (refreshToken != null && typeof refreshToken !== \"string\") {\n throw new Error(\"Invalid stackauth authorization payload. `refreshToken` must be a string or null.\");\n }\n\n return {\n accessToken: accessToken ?? null,\n refreshToken: refreshToken ?? null,\n };\n}\n\nfunction getHeaderValueFromRequestLikeHeaders(headers: RequestLike[\"headers\"], name: string): string \| null {\n if (\"get\" in headers && typeof headers.get === \"function\") {\n return headers.get(name);\n }\n\n const lowerCaseName = name.toLowerCase();\n for (const [headerName, headerValue] of Object.entries(headers)) {\n if (headerName.toLowerCase() === lowerCaseName) {\n return headerValue;\n }\n }\n return null;\n}\n\nfunction getTanStackStartRequestHeader(name: string): string \| null {\n const { getRequestHeader } = tanstackStartServerContext;\n if (getRequestHeader == null) {\n throw new StackAssertionError(\"TanStack Start request headers are only available during server rendering\");\n }\n return getRequestHeader(name) ?? null;\n}\n\nasync function getServerRequestHost(): Promise<string \| null> {\n return getTanStackStartRequestHeader(\"host\");\n}\n\ntype StackClientAppImplConstructorOptionsResolved<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined };\n\nexport class _StackClientAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string = string> implements StackClientApp<HasTokenStore, ProjectId> {\n /*\n There is a circular dependency between the admin app and the client app, as the former inherits from the latter and\n * the latter needs to use the former when creating a new instance of an internal project.\n \n To break it, we set the admin app here lazily instead of importing it directly. This variable is set by ./index.ts,\n * which imports both this file and ./admin-app-impl.ts.\n /\n static readonly LazyStackAdminAppImpl: { value: typeof import(\"./admin-app-impl\")._StackAdminAppImplIncomplete \| undefined } = { value: undefined };\n\n protected readonly _options: StackClientAppImplConstructorOptionsResolved<HasTokenStore, ProjectId>;\n protected readonly _extraOptions: { uniqueIdentifier?: string, checkString?: string, interface?: StackClientInterface } \| undefined;\n protected _uniqueIdentifier: string \| undefined = undefined;\n protected _interface: StackClientInterface;\n protected readonly _tokenStoreInit: TokenStoreInit<HasTokenStore>;\n protected readonly _redirectMethod: RedirectMethod \| undefined;\n protected readonly _urlOptions: HandlerUrlOptions;\n protected readonly _oauthScopesOnSignIn: Partial<OAuthScopesOnSignIn>;\n\n private readonly _analyticsOptions: AnalyticsOptions \| undefined;\n private _sessionRecorder: SessionRecorder \| null = null;\n private _eventTracker: EventTracker \| null = null;\n\n private __DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;\n private readonly _ownedAdminApps = new DependenciesMap<[InternalSession, string], _StackAdminAppImplIncomplete<false, string>>();\n\n private readonly _currentUserCache = createCacheBySession(async (session) => {\n if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {\n await wait(2000);\n }\n if (session.isKnownToBeInvalid()) {\n // let's save ourselves a network request\n //\n // this also makes a certain race condition less likely to happen. particularly, it's quite common for code to\n // look like this:\n //\n // const user = await useUser({ or: \"required\" });\n // const something = user.useSomething();\n //\n // now, let's say the session is invalidated. this will trigger a refresh to refresh both the user and the\n // something. however, it's not guaranteed that the user will return first, so useUser might still return a\n // user object while the something request has already completed (and failed, because the session is invalid).\n // by returning null quickly here without a request, it is very very likely for the user request to complete\n // first.\n //\n // TODO HACK: the above is a bit of a hack, and we should probably think of more consistent ways to handle this.\n // it also only works for the user endpoint, and only if the session is known to be invalid.\n return null;\n }\n return await this._interface.getClientUserByToken(session);\n });\n private readonly _currentProjectCache = createCache(async () => {\n return Result.orThrow(await this._interface.getClientProject());\n });\n private readonly _ownedProjectsCache = createCacheBySession(async (session) => {\n return await this._interface.listProjects(session);\n });\n private readonly _currentUserPermissionsCache = createCacheBySession<\n [string, boolean],\n TeamPermissionsCrud['Client']['Read'][]\n >(async (session, [teamId, recursive]) => {\n return await this._interface.listCurrentUserTeamPermissions({ teamId, recursive }, session);\n });\n private readonly _currentUserProjectPermissionsCache = createCacheBySession<\n [boolean],\n ProjectPermissionsCrud['Client']['Read'][]\n >(async (session, [recursive]) => {\n return await this._interface.listCurrentUserProjectPermissions({ recursive }, session);\n });\n private readonly _currentUserTeamsCache = createCacheBySession(async (session) => {\n return await this._interface.listCurrentUserTeams(session);\n });\n /* @deprecated Used by legacy getConnectedAccount(providerId) — uses old per-provider access token endpoint /\n private readonly _currentUserOAuthConnectionAccessTokensCache = createCacheBySession<[string, string], { accessToken: string } \| null>(\n async (session, [providerId, scope]) => {\n try {\n const result = await this._interface.createProviderAccessToken(providerId, scope \|\| \"\", session);\n return { accessToken: result.access_token };\n } catch (err) {\n if (!(KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) \|\| KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err))) {\n throw err;\n }\n }\n return null;\n }\n );\n /* @deprecated Used by legacy getConnectedAccount(providerId) — combines token check + redirect /\n private readonly _currentUserOAuthConnectionCache = createCacheBySession<[ProviderType, string, boolean], DeprecatedOAuthConnection \| null>(\n async (session, [providerId, scope, redirect]) => {\n return await this._getUserOAuthConnectionCacheFn({\n getUser: async () => Result.orThrow(await this._currentUserCache.getOrWait([session], \"write-only\")),\n getOrWaitOAuthToken: async () => Result.orThrow(await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, providerId, scope \|\| \"\"] as const, \"write-only\")),\n useOAuthToken: () => useAsyncCache(this._currentUserOAuthConnectionAccessTokensCache, [session, providerId, scope \|\| \"\"] as const, \"connection.useAccessToken()\"),\n providerId,\n scope,\n redirect,\n session,\n });\n }\n );\n private readonly _currentUserConnectedAccountsCache = createCacheBySession<[], OAuthConnection[]>(\n async (session) => {\n const result = await this._interface.listConnectedAccounts(session);\n return result.items.map((item) => this._createOAuthConnectionFromCrudItem(item, session));\n }\n );\n private readonly _currentUserOAuthConnectionAccessTokensByAccountCache = createCacheBySession<[string, string, string], { accessToken: string } \| null>(\n async (session, [providerId, providerAccountId, scope]) => {\n try {\n const result = await this._interface.createProviderAccessTokenByAccount(providerId, providerAccountId, scope, session);\n return { accessToken: result.access_token };\n } catch (err) {\n if (KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) \|\| KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err)) {\n return null;\n }\n throw err;\n }\n }\n );\n private readonly _currentUserValidConnectedAccountForProviderCache = createCacheBySession<[string, string], OAuthConnection>(\n async (session, [provider, scopeString]) => {\n const connectedAccounts = Result.orThrow(await this._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const matchingAccounts = connectedAccounts.filter(a => a.provider === provider);\n const scopes = scopeString ? scopeString.split(\" \") : undefined;\n\n for (const account of matchingAccounts) {\n const tokenResult = await account.getAccessToken({ scopes });\n if (tokenResult.status === \"ok\") {\n return account;\n }\n }\n\n const location = await getNewOAuthProviderOrScopeUrl(\n this._interface,\n {\n provider,\n redirectUrl: this._getOAuthCallbackRedirectUri(),\n errorRedirectUrl: this.urls.error,\n providerScope: mergeScopeStrings(scopeString, (this._oauthScopesOnSignIn[provider as ProviderType] ?? []).join(\" \")),\n },\n session,\n );\n await this._redirectTo({ url: location });\n return await neverResolve();\n }\n );\n private readonly _teamMemberProfilesCache = createCacheBySession<[string], TeamMemberProfilesCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n return await this._interface.listTeamMemberProfiles({ teamId }, session);\n }\n );\n private readonly _teamInvitationsCache = createCacheBySession<[string], TeamInvitationCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n return await this._interface.listTeamInvitations({ teamId }, session);\n }\n );\n private readonly _currentUserTeamProfileCache = createCacheBySession<[string], TeamMemberProfilesCrud['Client']['Read']>(\n async (session, [teamId]) => {\n return await this._interface.getTeamMemberProfile({ teamId, userId: 'me' }, session);\n }\n );\n private readonly _currentUserTeamInvitationsCache = createCacheBySession(async (session) => {\n return await this._interface.listCurrentUserTeamInvitations(session);\n });\n private readonly _clientContactChannelsCache = createCacheBySession<[], ContactChannelsCrud['Client']['Read'][]>(\n async (session) => {\n return await this._interface.listClientContactChannels(session);\n }\n );\n\n private readonly _userApiKeysCache = createCacheBySession<[], UserApiKeysCrud['Client']['Read'][]>(\n async (session) => {\n const results = await this._interface.listProjectApiKeys({ user_id: 'me' }, session, \"client\");\n return results as UserApiKeysCrud['Client']['Read'][];\n }\n );\n\n private readonly _teamApiKeysCache = createCacheBySession<[string], TeamApiKeysCrud['Client']['Read'][]>(\n async (session, [teamId]) => {\n const results = await this._interface.listProjectApiKeys({ team_id: teamId }, session, \"client\");\n return results as TeamApiKeysCrud['Client']['Read'][];\n }\n );\n\n private readonly _notificationCategoriesCache = createCacheBySession<[], NotificationPreferenceCrud['Client']['Read'][]>(\n async (session) => {\n const results = await this._interface.listNotificationCategories(session);\n return results as NotificationPreferenceCrud['Client']['Read'][];\n }\n );\n\n private readonly _currentUserOAuthProvidersCache = createCacheBySession<[], OAuthProviderCrud['Client']['Read'][]>(\n async (session) => {\n return await this._interface.listOAuthProviders({ user_id: 'me' }, session);\n }\n );\n\n private readonly _userItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [userId, itemId]) => {\n return await this._interface.getItem({ userId, itemId }, session);\n }\n );\n\n private readonly _teamItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [teamId, itemId]) => {\n return await this._interface.getItem({ teamId, itemId }, session);\n }\n );\n\n private readonly _customItemCache = createCacheBySession<[string, string], ItemCrud['Client']['Read']>(\n async (session, [customCustomerId, itemId]) => {\n return await this._interface.getItem({ customCustomerId, itemId }, session);\n }\n );\n\n private readonly _userProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [userId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"user\",\n customer_id: userId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _teamProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [teamId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"team\",\n customer_id: teamId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _customProductsCache = createCacheBySession<[string, string \| null, number \| null], CustomerProductsListResponse>(\n async (session, [customCustomerId, cursor, limit]) => {\n return await this._interface.listProducts({\n customer_type: \"custom\",\n customer_id: customCustomerId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _userInvoicesCache = createCacheBySession<[string, string \| null, number \| null], CustomerInvoicesListResponse>(\n async (session, [userId, cursor, limit]) => {\n return await this._interface.listInvoices({\n customer_type: \"user\",\n customer_id: userId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _teamInvoicesCache = createCacheBySession<[string, string \| null, number \| null], CustomerInvoicesListResponse>(\n async (session, [teamId, cursor, limit]) => {\n return await this._interface.listInvoices({\n customer_type: \"team\",\n customer_id: teamId,\n cursor: cursor ?? undefined,\n limit: limit ?? undefined,\n }, session);\n }\n );\n\n private readonly _customerBillingCache = createCacheBySession<[\"user\" \| \"team\", string], {\n has_customer: boolean,\n default_payment_method: {\n id: string,\n brand: string \| null,\n last4: string \| null,\n exp_month: number \| null,\n exp_year: number \| null,\n } \| null,\n }>(\n async (session, [customerType, customerId]) => {\n return await this._interface.getCustomerBilling(customerType, customerId, session);\n }\n );\n\n private readonly _convexPartialUserCache = createCache<[unknown], TokenPartialUser \| null>(\n async ([ctx]) => await this._getPartialUserFromConvex(ctx as any)\n );\n\n private readonly _trustedParentDomainCache = createCache<[string], string \| null>(\n async ([domain]) => await this._getTrustedParentDomain(domain)\n );\n\n private _anonymousSignUpInProgress: Promise<{ accessToken: string, refreshToken: string }> \| null = null;\n private _prefetchedCrossDomainHandoffParams: CrossDomainHandoffParams \| null = null;\n private _prefetchedCrossDomainHandoffParamsFetchedAt = 0;\n private _isPrefetchingCrossDomainHandoffParams = false;\n private _pendingAuthResolutionPromises: Promise<unknown>[] = [];\n\n protected async _createCookieHelper(overrideTokenStoreInit?: TokenStoreInit): Promise<CookieHelper> {\n const tokenStoreInit = overrideTokenStoreInit === undefined ? this._tokenStoreInit : overrideTokenStoreInit;\n if (tokenStoreInit === 'nextjs-cookie' \|\| tokenStoreInit === 'cookie') {\n return await createCookieHelper();\n } else {\n return await createPlaceholderCookieHelper();\n }\n }\n\n /* @deprecated Used by legacy getConnectedAccount(providerId) — combines user check + token check + redirect into one cache /\n protected async _getUserOAuthConnectionCacheFn(options: {\n getUser: () => Promise<CurrentUserCrud['Client']['Read'] \| null>,\n getOrWaitOAuthToken: () => Promise<{ accessToken: string } \| null>,\n useOAuthToken: () => { accessToken: string } \| null,\n providerId: ProviderType,\n scope: string \| null,\n } & ({ redirect: true, session: InternalSession \| null } \| { redirect: false }),): Promise<DeprecatedOAuthConnection \| null> {\n const user = await options.getUser();\n let hasConnection = true;\n if (!user \|\| !user.oauth_providers.find((p) => p.id === options.providerId)) {\n hasConnection = false;\n }\n\n const token = await options.getOrWaitOAuthToken();\n if (!token) {\n hasConnection = false;\n }\n\n if (!hasConnection && options.redirect) {\n if (!options.session) {\n throw new Error(deindent`\n Cannot add new scopes to a user that is not a CurrentUser. Please ensure that you are calling this function on a CurrentUser object, or remove the 'or: redirect' option.\n\n Often, you can solve this by calling this function in the browser instead, or by removing the 'or: redirect' option and dealing with the case where the user doesn't have enough permissions.\n `);\n }\n const location = await getNewOAuthProviderOrScopeUrl(\n this._interface,\n {\n provider: options.providerId,\n redirectUrl: this._getOAuthCallbackRedirectUri(),\n errorRedirectUrl: this.urls.error,\n providerScope: mergeScopeStrings(options.scope \|\| \"\", (this._oauthScopesOnSignIn[options.providerId] ?? []).join(\" \")),\n },\n options.session,\n );\n await this._redirectTo({ url: location });\n return await neverResolve();\n } else if (!hasConnection) {\n return null;\n }\n\n // Find the matching oauth provider to get the providerAccountId\n // At this point, user is guaranteed to be non-null because we returned early if !hasConnection\n const matchingProvider = user!.oauth_providers.find((p) => p.id === options.providerId);\n const providerAccountId = matchingProvider?.account_id ?? \"\";\n\n return {\n id: options.providerId, // deprecated, for backward compat\n provider: options.providerId,\n providerAccountId,\n async getAccessToken() {\n const result = await options.getOrWaitOAuthToken();\n if (!result) {\n throw new StackAssertionError(`Failed to retrieve an access token for this connected account (provider: ${options.providerId}). This usually means the OAuth refresh token has been revoked or expired. The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`);\n }\n return result;\n },\n useAccessToken() {\n const result = options.useOAuthToken();\n if (!result) {\n throw new StackAssertionError(`Failed to retrieve an access token for this connected account (provider: ${options.providerId}). This usually means the OAuth refresh token has been revoked or expired. The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`);\n }\n return result;\n }\n };\n }\n\n protected _createOAuthConnectionFromCrudItem(\n item: { provider: string, provider_account_id: string },\n session: InternalSession,\n ): OAuthConnection {\n const app = this;\n const providerId = item.provider;\n const providerAccountId = item.provider_account_id;\n return {\n id: providerId, // deprecated, for backward compat\n provider: providerId,\n providerAccountId,\n async getAccessToken(options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const result = Result.orThrow(await app._currentUserOAuthConnectionAccessTokensByAccountCache.getOrWait([session, providerId, providerAccountId, scopeString], \"write-only\"));\n if (!result) {\n const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : \"The OAuth refresh token has likely been revoked or expired.\";\n return Result.error(new KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`));\n }\n return Result.ok(result);\n },\n useAccessToken(options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const result = useAsyncCache(app._currentUserOAuthConnectionAccessTokensByAccountCache, [session, providerId, providerAccountId, scopeString] as const, \"connection.useAccessToken()\");\n if (!result) {\n const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : \"The OAuth refresh token has likely been revoked or expired.\";\n return Result.error(new KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \\`linkConnectedAccount\\` or using \\`getOrLinkConnectedAccount\\`.`));\n }\n return Result.ok(result);\n },\n };\n }\n\n constructor(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>, extraOptions?: { uniqueIdentifier?: string, checkString?: string, interface?: StackClientInterface }) {\n const resolvedOptions = resolveConstructorOptions(options);\n\n if (!_StackClientAppImplIncomplete.LazyStackAdminAppImpl.value) {\n throw new StackAssertionError(\"Admin app implementation not initialized. Did you import the _StackClientApp from stack-app/apps/implementations/index.ts? You can't import it directly from ./apps/implementations/client-app-impl.ts as that causes a circular dependency (see the comment at _LazyStackAdminAppImpl for more details).\");\n }\n\n this._options = resolvedOptions;\n this._extraOptions = extraOptions;\n\n const projectId = resolvedOptions.projectId ?? getDefaultProjectId();\n if (projectId !== \"internal\" && !(projectId.match(/^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i))) {\n throw new Error(`Invalid project ID: ${projectId}. Project IDs must be UUIDs. Please check your environment variables and/or your StackApp.`);\n }\n\n const publishableClientKey = resolvedOptions.publishableClientKey ?? getDefaultPublishableClientKey();\n\n if (extraOptions && extraOptions.interface) {\n this._interface = extraOptions.interface;\n } else {\n const apiUrls = resolveApiUrls(resolvedOptions.baseUrl);\n this._interface = new StackClientInterface({\n getBaseUrl: () => apiUrls()[0],\n getAnalyticsBaseUrl: () => getAnalyticsBaseUrl(apiUrls()[0]),\n getApiUrls: apiUrls,\n extraRequestHeaders: resolvedOptions.extraRequestHeaders ?? getDefaultExtraRequestHeaders(),\n projectId,\n clientVersion,\n ...(publishableClientKey != null ? { publishableClientKey } : {}),\n prepareRequest: async () => {\n }\n });\n }\n\n this._tokenStoreInit = resolvedOptions.tokenStore;\n this._redirectMethod = resolvedOptions.redirectMethod \|\| (isBrowserLike() ? \"window\" : \"none\");\n this._redirectMethod = resolvedOptions.redirectMethod \|\| \"tanstack-start\"; // THIS_LINE_PLATFORM tanstack-start\n this._urlOptions = resolvedOptions.urls ?? {};\n this._oauthScopesOnSignIn = resolvedOptions.oauthScopesOnSignIn ?? {};\n if (isBrowserLike() && (resolvedOptions.tokenStore === \"cookie\" \|\| resolvedOptions.tokenStore === \"nextjs-cookie\")) {\n runAsynchronously(this._trustedParentDomainCache.getOrWait([window.location.hostname], \"write-only\"));\n this._ensureCrossSubdomainCookieExists();\n }\n\n if (extraOptions && extraOptions.uniqueIdentifier) {\n this._uniqueIdentifier = extraOptions.uniqueIdentifier;\n this._initUniqueIdentifier();\n }\n\n this._analyticsOptions = resolvedOptions.analytics;\n\n const getAnalyticsSession = async (): Promise<InternalSession> => {\n this._ensurePersistentTokenStore();\n const partialUser = await this.getPartialUser({ from: 'token', or: 'anonymous-if-exists' });\n if (partialUser) {\n return await this._getSession();\n }\n const anonUser = await this.getUser({ or: \"anonymous\" });\n return anonUser._internalSession;\n };\n\n const analyticsEnabled = this._analyticsOptions?.enabled !== false;\n\n if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore() && this._analyticsOptions?.replays?.enabled === true) {\n this._sessionRecorder = new SessionRecorder({\n projectId: this.projectId,\n sendBatch: async (body, opts) => {\n return await this._interface.sendSessionReplayBatch(body, await getAnalyticsSession(), opts);\n },\n }, this._analyticsOptions.replays);\n this._sessionRecorder.start();\n }\n\n if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore()) {\n this._eventTracker = new EventTracker({\n projectId: this.projectId,\n sendBatch: async (body, opts) => {\n return await this._interface.sendAnalyticsEventBatch(body, await getAnalyticsSession(), opts);\n },\n });\n this._eventTracker.start();\n }\n\n if (isBrowserLike() && this._isOAuthCallbackUrlHosted() && this._currentUrlLooksLikeStackOAuthCallback()) {\n this._trackPendingAuthResolution(async () => {\n if (isBrowserLike()) {\n await this.callOAuthCallback({ dontWarnAboutMissingQueryParams: true });\n }\n });\n }\n\n if (isBrowserLike()) {\n this._trackPendingAuthResolution(async () => {\n await this._maybeHandleNestedCrossDomainAuth();\n });\n }\n\n if (isBrowserLike() && resolvedOptions.devTool !== false) {\n mountDevTool(this as any);\n }\n }\n\n protected _initUniqueIdentifier() {\n if (!this._uniqueIdentifier) {\n throw new StackAssertionError(\"Unique identifier not initialized\");\n }\n if (allClientApps.has(this._uniqueIdentifier)) {\n throw new StackAssertionError(\"A Stack client app with the same unique identifier already exists\");\n }\n allClientApps.set(this._uniqueIdentifier, [this._extraOptions?.checkString ?? undefined, this]);\n }\n\n protected _trackPendingAuthResolution(callback: () => Promise<unknown>) {\n const promise = (async () => {\n await Promise.resolve();\n try {\n await callback();\n } catch (error) {\n // Startup auth transitions gate session finality, but malformed nested-auth URLs should\n // not make every app-level session consumer fail while the tracker is cleaning up.\n captureError(\"pending-auth-resolution-failed\", error);\n }\n })();\n this._pendingAuthResolutionPromises.push(promise);\n runAsynchronously(async () => {\n try {\n await promise;\n } finally {\n this._pendingAuthResolutionPromises = this._pendingAuthResolutionPromises.filter(p => p !== promise);\n }\n });\n }\n\n protected async _awaitPendingAuthResolutions(\n overrideTokenStoreInit?: TokenStoreInit,\n options?: { awaitPendingAuthResolutions?: boolean },\n ) {\n if (\n options?.awaitPendingAuthResolutions === false\n \|\| overrideTokenStoreInit !== undefined\n \|\| !this._hasPersistentTokenStore()\n \|\| this._pendingAuthResolutionPromises.length === 0\n ) {\n return;\n }\n // A page may construct the app while OAuth callback or nested cross-domain auth is still\n // deciding whether it will replace the current session. Until those startup transitions\n // finish, auth consumers should not treat the current token store as final.\n await Promise.all(this._pendingAuthResolutionPromises);\n }\n\n protected _usePendingAuthResolutions(overrideTokenStoreInit?: TokenStoreInit) {\n if (\n overrideTokenStoreInit !== undefined\n \|\| !this._hasPersistentTokenStore()\n \|\| this._pendingAuthResolutionPromises.length === 0\n ) {\n return;\n }\n use(Promise.all(this._pendingAuthResolutionPromises));\n }\n\n protected _isOAuthCallbackUrlHosted(): boolean {\n const oauthCallbackTarget = this._urlOptions.oauthCallback ?? this._urlOptions.default;\n return typeof oauthCallbackTarget !== \"string\" && oauthCallbackTarget?.type === \"hosted\";\n }\n\n protected _currentUrlLooksLikeOAuthCallback(): boolean {\n if (typeof window === \"undefined\") {\n return false;\n }\n const currentUrl = new URL(window.location.href);\n return (\n currentUrl.searchParams.has(\"code\") && currentUrl.searchParams.has(\"state\")\n ) \|\| (\n currentUrl.searchParams.has(\"errorCode\") && currentUrl.searchParams.has(\"message\")\n );\n }\n\n protected _currentUrlLooksLikeStackOAuthCallback(): boolean {\n if (typeof window === \"undefined\") {\n return false;\n }\n const currentUrl = new URL(window.location.href);\n const state = currentUrl.searchParams.get(\"state\");\n if (!currentUrl.searchParams.has(\"code\") \|\| state == null) {\n return false;\n }\n return getCookieClient(`stack-oauth-outer-${state}`) != null;\n }\n\n protected _getOAuthCallbackRedirectUri(): string {\n if (!this._isOAuthCallbackUrlHosted()) {\n return this.urls.oauthCallback;\n }\n if (typeof window === \"undefined\") {\n throw new StackAssertionError(\"Hosted OAuth callback URLs require a browser environment to use the current URL as the redirect URI\");\n }\n\n const currentUrl = new URL(window.location.href);\n for (const param of oauthCallbackResponseQueryParams) {\n currentUrl.searchParams.delete(param);\n }\n return currentUrl.toString();\n }\n\n protected async _getCurrentRefreshTokenIdIfSignedIn(options?: { awaitPendingAuthResolutions?: boolean }): Promise<string \| null> {\n const session = await this._getSession(undefined, options);\n const tokens = await session.getOrFetchLikelyValidTokens(0, null);\n if (tokens?.refreshToken == null) {\n return null;\n }\n return tokens.accessToken.payload.refresh_token_id;\n }\n\n protected async _addNestedCrossDomainAuthParamsToRedirectUrl(options: {\n url: string,\n currentUrl: URL,\n awaitPendingAuthResolutions?: boolean,\n }): Promise<string> {\n const targetUrl = new URL(options.url, options.currentUrl);\n if (targetUrl.origin === options.currentUrl.origin) {\n return options.url;\n }\n\n const refreshTokenId = await this._getCurrentRefreshTokenIdIfSignedIn({\n awaitPendingAuthResolutions: options.awaitPendingAuthResolutions,\n });\n if (refreshTokenId == null) {\n return options.url;\n }\n\n targetUrl.searchParams.set(nestedCrossDomainAuthQueryParams.refreshTokenId, refreshTokenId);\n targetUrl.searchParams.set(\n nestedCrossDomainAuthQueryParams.callbackUrl,\n new URL(this._getOAuthCallbackRedirectUri(), options.currentUrl).toString(),\n );\n return targetUrl.toString();\n }\n\n protected async _maybeHandleNestedCrossDomainAuth(): Promise<boolean> {\n if (typeof window === \"undefined\") return false;\n const currentUrl = new URL(window.location.href);\n // A real OAuth callback wins over nested handoff detection on the final return to b.com.\n if (currentUrl.searchParams.has(\"code\") && currentUrl.searchParams.has(\"state\")) return false;\n const refreshTokenId = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.refreshTokenId);\n if (refreshTokenId == null) return false;\n\n const redirectUri = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.redirectUri);\n const state = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.state);\n const codeChallenge = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.codeChallenge);\n if (redirectUri != null \|\| state != null \|\| codeChallenge != null) {\n if (redirectUri == null \|\| state == null \|\| codeChallenge == null) {\n throw new StackAssertionError(\"Nested cross-domain auth callback URL is missing OAuth request parameters\", {\n redirectUri,\n state,\n codeChallenge,\n });\n }\n\n // We are back on a.com acting as the OAuth provider. Only mint the code if the current\n // source session matches the refresh-token ID that b.com requested.\n if ((currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.codeChallengeMethod) ?? \"S256\") !== \"S256\") {\n throw new StackAssertionError(\"Nested cross-domain auth only supports S256 PKCE\");\n }\n if (isRelative(redirectUri)) {\n throw new Error(\"Nested cross-domain auth redirect URI must be absolute.\");\n }\n const redirectUriUrl = new URL(redirectUri);\n if (!await this._isTrusted(redirectUriUrl.toString())) {\n throw new Error(`Nested cross-domain auth redirect URI ${redirectUri} is not trusted.`);\n }\n const afterCallbackRedirectUrlString = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.afterCallbackRedirectUrl);\n const afterCallbackRedirectUrl = afterCallbackRedirectUrlString == null\n ? redirectUriUrl\n : new URL(afterCallbackRedirectUrlString, redirectUriUrl);\n if (!await this._isTrusted(afterCallbackRedirectUrl.toString())) {\n throw new Error(`Nested cross-domain auth after-callback redirect URL ${afterCallbackRedirectUrlString} is not trusted.`);\n }\n const currentRefreshTokenId = await this._getCurrentRefreshTokenIdIfSignedIn({ awaitPendingAuthResolutions: false });\n if (currentRefreshTokenId !== refreshTokenId) {\n throw new Error(\"Nested cross-domain auth source session does not match the requested refresh token ID.\");\n }\n await this._redirectTo({\n url: await this._createCrossDomainAuthRedirectUrl({\n redirectUri: redirectUriUrl.toString(),\n state,\n codeChallenge,\n afterCallbackRedirectUrl: afterCallbackRedirectUrl.toString(),\n awaitPendingAuthResolutions: false,\n }),\n replace: true,\n });\n return true;\n }\n\n // We are on b.com. Bounce to the trusted callback on a.com with a normal OAuth request\n // shape; a.com will verify the source session and issue the one-time code.\n const currentRefreshTokenId = await this._getCurrentRefreshTokenIdIfSignedIn({ awaitPendingAuthResolutions: false });\n if (currentRefreshTokenId === refreshTokenId) return false;\n const callbackUrlString = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.callbackUrl);\n if (callbackUrlString == null) throw new StackAssertionError(\"Nested cross-domain auth URL is missing callback URL\");\n if (isRelative(callbackUrlString)) {\n throw new Error(\"Nested cross-domain auth callback URL must be absolute.\");\n }\n const callbackUrl = new URL(callbackUrlString);\n const isTrusted = await this._isTrusted(callbackUrl.toString());\n if (!isTrusted) {\n throw new Error(`Nested cross-domain auth callback URL ${callbackUrlString} is not trusted.`);\n }\n\n const afterCallbackRedirectUrl = new URL(currentUrl);\n afterCallbackRedirectUrl.searchParams.delete(nestedCrossDomainAuthQueryParams.refreshTokenId);\n afterCallbackRedirectUrl.searchParams.delete(nestedCrossDomainAuthQueryParams.callbackUrl);\n const { state: newState, codeChallenge: newCodeChallenge } = await this._getCrossDomainHandoffParamsForRedirect(currentUrl);\n\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.refreshTokenId, refreshTokenId);\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.redirectUri, new URL(this._getOAuthCallbackRedirectUri(), currentUrl).toString());\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.state, newState);\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.codeChallenge, newCodeChallenge);\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.codeChallengeMethod, \"S256\");\n callbackUrl.searchParams.set(nestedCrossDomainAuthQueryParams.afterCallbackRedirectUrl, afterCallbackRedirectUrl.toString());\n await this._redirectTo({ url: callbackUrl, replace: true });\n return true;\n }\n\n /\n Cloudflare workers does not allow use of randomness on the global scope (on which the Stack app is probably\n * initialized). For that reason, we generate the unique identifier lazily when it is first needed instead of in the\n * constructor.\n /\n protected _getUniqueIdentifier() {\n if (!this._uniqueIdentifier) {\n this._uniqueIdentifier = generateUuid();\n this._initUniqueIdentifier();\n }\n return this._uniqueIdentifier!;\n }\n\n protected async _checkFeatureSupport(name: string, options: any) {\n return await this._interface.checkFeatureSupport({ ...options, name });\n }\n\n protected _useCheckFeatureSupport(name: string, options: any): never {\n runAsynchronously(this._checkFeatureSupport(name, options));\n throw new StackAssertionError(`${name} is not currently supported. Please reach out to Stack support for more information.`);\n }\n\n protected _memoryTokenStore = createEmptyTokenStore();\n protected _nextServerCookiesTokenStores = new WeakMap<object, Store<TokenObject>>();\n protected _requestTokenStores = new WeakMap<RequestLike, Store<TokenObject>>();\n protected _storedBrowserCookieTokenStore: Store<TokenObject> \| null = null;\n private _mostRecentQueuedCookieRefreshIndex: number = 0;\n protected get _legacyRefreshTokenCookieName() {\n return `stack-refresh-${this.projectId}`;\n }\n protected get _refreshTokenCookieName() {\n return `stack-refresh-${this.projectId}`;\n }\n private _getRefreshTokenDefaultCookieNameForSecure(secure: boolean): string {\n return `${secure ? \"__Host-\" : \"\"}${this._refreshTokenCookieName}--default`;\n }\n private _getCustomRefreshCookieName(domain: string): string {\n const encoded = encodeBase32(new TextEncoder().encode(domain.toLowerCase()));\n return `${this._refreshTokenCookieName}--custom-${encoded}`;\n }\n private _getDomainFromCustomRefreshCookieName(name: string): string \| null {\n const prefix = `${this._refreshTokenCookieName}--custom-`;\n if (!name.startsWith(prefix)) return null;\n try {\n return new TextDecoder().decode(decodeBase32(name.slice(prefix.length)));\n } catch {\n return null;\n }\n }\n private _formatRefreshCookieValue(refreshToken: string, updatedAt: number): string {\n return JSON.stringify({\n refresh_token: refreshToken,\n updated_at_millis: updatedAt,\n });\n }\n private _formatAccessCookieValue(refreshToken: string \| null, accessToken: string \| null): string \| null {\n return refreshToken && accessToken ? JSON.stringify([refreshToken, accessToken]) : null;\n }\n private _parseStructuredRefreshCookie(value: string \| undefined): { refreshToken: string, updatedAt: number \| null } \| null {\n if (!value) {\n return null;\n }\n const parsed = parseJson(value);\n if (parsed.status !== \"ok\" \|\| typeof parsed.data !== \"object\" \|\| parsed.data === null) {\n console.warn(\"Failed to parse structured refresh cookie\");\n return null;\n }\n const data = parsed.data;\n const refreshToken = \"refresh_token\" in data && typeof data.refresh_token === \"string\" ? data.refresh_token : null;\n const updatedAt = \"updated_at_millis\" in data && typeof data.updated_at_millis === \"number\" ? data.updated_at_millis : null;\n if (!refreshToken) {\n console.warn(\"Refresh token not found in structured refresh cookie\");\n return null;\n }\n return {\n refreshToken,\n updatedAt,\n };\n\n }\n private _extractRefreshTokenFromCookieMap(cookies: cookie.Cookies): { refreshToken: string \| null, updatedAt: number \| null } {\n const { legacyNames, structuredPrefixes } = this._getRefreshTokenCookieNamePatterns();\n for (const name of legacyNames) {\n const value = cookies[name];\n if (value) {\n return { refreshToken: value, updatedAt: null };\n }\n }\n\n let selected: { refreshToken: string, updatedAt: number \| null } \| null = null;\n for (const [name, value] of Object.entries(cookies)) {\n if (!structuredPrefixes.some(prefix => name.startsWith(prefix))) continue;\n const parsed = this._parseStructuredRefreshCookie(value);\n if (!parsed) continue;\n const candidateUpdatedAt = parsed.updatedAt ?? Number.NEGATIVE_INFINITY;\n const selectedUpdatedAt = selected?.updatedAt ?? Number.NEGATIVE_INFINITY;\n if (!selected \|\| candidateUpdatedAt > selectedUpdatedAt) {\n selected = parsed;\n }\n }\n\n if (!selected) {\n return { refreshToken: null, updatedAt: null };\n }\n\n return {\n refreshToken: selected.refreshToken,\n updatedAt: selected.updatedAt ?? null,\n };\n }\n protected _getTokensFromCookies(cookies: cookie.Cookies): TokenObject {\n const { refreshToken } = this._extractRefreshTokenFromCookieMap(cookies);\n const accessTokenCookie = cookies[this._accessTokenCookieName] ?? null;\n let accessToken: string \| null = null;\n if (accessTokenCookie && accessTokenCookie.startsWith('[\\\"')) {\n const parsed = parseJson(accessTokenCookie);\n if (\n parsed.status === \"ok\" &&\n typeof parsed.data === \"object\" &&\n parsed.data !== null &&\n Array.isArray(parsed.data) &&\n parsed.data.length === 2 &&\n typeof parsed.data[0] === \"string\" &&\n typeof parsed.data[1] === \"string\"\n ) {\n if (parsed.data[0] === refreshToken) {\n accessToken = parsed.data[1];\n }\n } else {\n console.warn(\"Access token cookie has invalid format\");\n }\n }\n return {\n refreshToken,\n accessToken,\n };\n }\n protected get _accessTokenCookieName() {\n // The access token, unlike the refresh token, should not depend on the project ID. We never want to store the\n // access token in cookies more than once because of how big it is (there's a limit of 4096 bytes for all cookies\n // together). This means that, if you have multiple projects on the same domain, some of them will need to refetch\n // the access token on page reload.\n return `stack-access`;\n }\n private _getAllBrowserCookies(): cookie.Cookies {\n if (!isBrowserLike()) {\n throw new StackAssertionError(\"Cannot get browser cookies on the server!\");\n }\n return cookie.parseCookie(document.cookie \|\| \"\");\n }\n private _getRefreshTokenCookieNamePatterns(): { legacyNames: string[], structuredPrefixes: string[] } {\n return {\n legacyNames: [this._legacyRefreshTokenCookieName, \"stack-refresh\"],\n structuredPrefixes: [\n `${this._refreshTokenCookieName}--`,\n `__Host-${this._refreshTokenCookieName}--`,\n ],\n };\n }\n private _collectRefreshTokenCookieNames(cookies: cookie.Cookies): Set<string> {\n const { legacyNames, structuredPrefixes } = this._getRefreshTokenCookieNamePatterns();\n const names = new Set<string>();\n for (const name of legacyNames) {\n if (cookies[name]) {\n names.add(name);\n }\n }\n for (const name of Object.keys(cookies)) {\n if (structuredPrefixes.some(prefix => name.startsWith(prefix))) {\n names.add(name);\n }\n }\n return names;\n }\n private _prepareRefreshCookieUpdate(\n existingCookies: cookie.Cookies,\n refreshToken: string \| null,\n accessToken: string \| null,\n defaultCookieName: string,\n ) {\n const cookieNames = this._collectRefreshTokenCookieNames(existingCookies);\n cookieNames.delete(defaultCookieName);\n const updatedAt = refreshToken ? Date.now() : null;\n const refreshCookieValue = refreshToken && updatedAt !== null ? this._formatRefreshCookieValue(refreshToken, updatedAt) : null;\n const accessTokenPayload = this._formatAccessCookieValue(refreshToken, accessToken);\n return {\n updatedAt,\n refreshCookieValue,\n accessTokenPayload,\n cookieNamesToDelete: [...cookieNames],\n };\n }\n\n private _ensureCrossSubdomainCookieExists() {\n runAsynchronously(async () => {\n const hostname = window.location.hostname;\n const domain = await this._trustedParentDomainCache.getOrWait([hostname], \"read-write\");\n if (domain.status === \"error\" \|\| !domain.data) {\n return;\n }\n const cookies = this._getAllBrowserCookies();\n const customCookieName = this._getCustomRefreshCookieName(domain.data);\n if (cookies[customCookieName]) {\n return;\n }\n const { refreshToken, updatedAt } = this._extractRefreshTokenFromCookieMap(cookies);\n if (refreshToken && updatedAt) {\n const value = this._formatRefreshCookieValue(refreshToken, updatedAt);\n setOrDeleteCookieClient(customCookieName, value, { maxAge: 60 60 * 24 * 365, domain: domain.data });\n }\n });\n }\n private _queueCustomRefreshCookieUpdate(refreshToken: string \| null, updatedAt: number \| null, context: \"browser\" \| \"server\") {\n runAsynchronously(async () => {\n this._mostRecentQueuedCookieRefreshIndex++;\n const updateIndex = this._mostRecentQueuedCookieRefreshIndex;\n let hostname;\n if (isBrowserLike()) {\n hostname = window.location.hostname;\n } else {\n hostname = await getServerRequestHost();\n }\n if (!hostname) {\n console.warn(\"No hostname found when queueing custom refresh cookie update\");\n return;\n }\n const domain = await this._trustedParentDomainCache.getOrWait([hostname], \"read-write\");\n\n const cookieOptions = { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true };\n const setCookie = async (targetDomain: string, value: string \| null) => {\n const name = this._getCustomRefreshCookieName(targetDomain);\n const options = { ...cookieOptions, domain: targetDomain };\n if (context === \"browser\") {\n setOrDeleteCookieClient(name, value, options);\n } else {\n await setOrDeleteCookie(name, value, options);\n }\n };\n\n if (domain.status === \"error\" \|\| !domain.data \|\| updateIndex !== this._mostRecentQueuedCookieRefreshIndex) {\n return;\n }\n const value = refreshToken && updatedAt ? this._formatRefreshCookieValue(refreshToken, updatedAt) : null;\n await setCookie(domain.data, value);\n const isSecure = await isSecureCookieContext();\n await setOrDeleteCookie(this._getRefreshTokenDefaultCookieNameForSecure(isSecure), null, cookieOptions);\n });\n }\n private async _getTrustedRedirectConfig(): Promise<{ allowLocalhost: boolean, trustedDomains: string[] }> {\n const project = Result.orThrow(await this._currentProjectCache.getOrWait([], \"write-only\"));\n return {\n allowLocalhost: project.config.allow_localhost,\n trustedDomains: [\n ...project.config.domains.map(d => d.domain),\n new URL(getHostedHandlerUrl({ projectId: this.projectId, pagePath: \"\" })).origin,\n ],\n };\n }\n\n private async _getTrustedParentDomain(currentDomain: string): Promise<string \| null> {\n return getTrustedParentDomain(currentDomain, (await this._getTrustedRedirectConfig()).trustedDomains);\n }\n\n protected _getBrowserCookieTokenStore(): Store<TokenObject> {\n if (!isBrowserLike()) {\n throw new Error(\"Cannot use cookie token store on the server!\");\n }\n\n if (this._storedBrowserCookieTokenStore === null) {\n const getCurrentValue = (old: TokenObject \| null) => {\n const tokens = this._getTokensFromCookies(this._getAllBrowserCookies());\n return {\n refreshToken: tokens.refreshToken,\n accessToken: tokens.accessToken ?? (old?.refreshToken === tokens.refreshToken ? old.accessToken : null),\n };\n };\n this._storedBrowserCookieTokenStore = new Store<TokenObject>(getCurrentValue(null));\n let hasSucceededInWriting = true;\n\n setInterval(() => {\n if (hasSucceededInWriting) {\n const oldValue = this._storedBrowserCookieTokenStore!.get();\n const currentValue = getCurrentValue(oldValue);\n if (!deepPlainEquals(currentValue, oldValue)) {\n this._storedBrowserCookieTokenStore!.set(currentValue);\n }\n }\n }, 100);\n this._storedBrowserCookieTokenStore.onChange((value) => {\n try {\n const refreshToken = value.refreshToken;\n const secure = window.location.protocol === \"https:\";\n const defaultName = this._getRefreshTokenDefaultCookieNameForSecure(secure);\n const { updatedAt, refreshCookieValue, accessTokenPayload, cookieNamesToDelete } = this._prepareRefreshCookieUpdate(\n this._getAllBrowserCookies(),\n refreshToken,\n value.accessToken ?? null,\n defaultName,\n );\n setOrDeleteCookieClient(defaultName, refreshCookieValue, { maxAge: 60 * 60 * 24 * 365, secure });\n setOrDeleteCookieClient(this._accessTokenCookieName, accessTokenPayload, { maxAge: 60 * 60 * 24 });\n cookieNamesToDelete.forEach((name) => {\n const domain = this._getDomainFromCustomRefreshCookieName(name);\n deleteCookieClient(name, domain ? { domain } : {});\n });\n this._queueCustomRefreshCookieUpdate(refreshToken, updatedAt, \"browser\");\n hasSucceededInWriting = true;\n } catch (e) {\n if (!isBrowserLike()) {\n // Setting cookies inside RSCs is not allowed, so we just ignore it\n hasSucceededInWriting = false;\n } else {\n throw e;\n }\n }\n });\n }\n\n return this._storedBrowserCookieTokenStore;\n };\n protected _getOrCreateTokenStore(cookieHelper: CookieHelper, overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject> {\n const tokenStoreInit = overrideTokenStoreInit === undefined ? this._tokenStoreInit : overrideTokenStoreInit;\n\n switch (tokenStoreInit) {\n case \"cookie\": {\n if (!isBrowserLike()) {\n return this._getOrCreateTokenStore(cookieHelper, \"nextjs-cookie\");\n }\n return this._getBrowserCookieTokenStore();\n }\n case \"nextjs-cookie\": {\n if (isBrowserLike()) {\n return this._getBrowserCookieTokenStore();\n } else {\n const tokens = this._getTokensFromCookies(cookieHelper.getAll());\n const store = new Store<TokenObject>(tokens);\n store.onChange((value) => {\n runAsynchronously(async () => {\n // TODO HACK this is a bit of a hack; while the order happens to work in practice (because the only actual\n // async operation is waiting for the `cookies()` to resolve which always happens at the same time during\n // the same request), it's not guaranteed to be free of race conditions if there are many updates happening\n // at the same time\n //\n // instead, we should create a per-request cookie helper outside of the store onChange and reuse that\n //\n // but that's kinda hard to do because Next.js doesn't expose a documented way to find out which request\n // we're currently processing, and hence we can't find out which per-request cookie helper to use\n //\n // so hack it is\n const refreshToken = value.refreshToken;\n const secure = await isSecureCookieContext();\n const defaultName = this._getRefreshTokenDefaultCookieNameForSecure(secure);\n const { updatedAt, refreshCookieValue, accessTokenPayload, cookieNamesToDelete } = this._prepareRefreshCookieUpdate(\n cookieHelper.getAll(),\n refreshToken,\n value.accessToken ?? null,\n defaultName,\n );\n await Promise.all([\n setOrDeleteCookie(defaultName, refreshCookieValue, { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true }),\n setOrDeleteCookie(this._accessTokenCookieName, accessTokenPayload, { maxAge: 60 * 60 * 24, noOpIfServerComponent: true }),\n ]);\n if (cookieNamesToDelete.length > 0) {\n await Promise.all(\n cookieNamesToDelete.map((name) => {\n const domain = this._getDomainFromCustomRefreshCookieName(name);\n return deleteCookie(name, { noOpIfServerComponent: true, ...(domain ? { domain } : {}) });\n }),\n );\n }\n this._queueCustomRefreshCookieUpdate(refreshToken, updatedAt, \"server\");\n });\n });\n return store;\n }\n }\n case \"memory\": {\n return this._memoryTokenStore;\n }\n default: {\n if (tokenStoreInit === null) {\n return createEmptyTokenStore();\n } else if (typeof tokenStoreInit === \"object\" && \"headers\" in tokenStoreInit) {\n if (this._requestTokenStores.has(tokenStoreInit)) return this._requestTokenStores.get(tokenStoreInit)!;\n\n // Authorization header (recommended)\n const authorizationHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"authorization\");\n if (authorizationHeader) {\n const authJson = getAuthJsonFromAuthorizationHeaderValue(authorizationHeader);\n if (authJson != null) {\n const tokenStore = new Store<TokenObject>({\n accessToken: authJson.accessToken,\n refreshToken: authJson.refreshToken,\n });\n this._requestTokenStores.set(tokenStoreInit, tokenStore);\n return tokenStore;\n }\n }\n\n // x-stack-auth header (legacy)\n const stackAuthHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"x-stack-auth\");\n if (stackAuthHeader) {\n let parsed;\n try {\n parsed = JSON.parse(stackAuthHeader);\n if (typeof parsed !== \"object\") throw new Error(\"x-stack-auth header must be a JSON object\");\n if (parsed === null) throw new Error(\"x-stack-auth header must not be null\");\n } catch (e) {\n throw new Error(\"Invalid x-stack-auth header.\", { cause: e });\n }\n return this._getOrCreateTokenStore(cookieHelper, {\n accessToken: parsed.accessToken ?? null,\n refreshToken: parsed.refreshToken ?? null,\n });\n }\n\n // read from cookies\n const cookieHeader = getHeaderValueFromRequestLikeHeaders(tokenStoreInit.headers, \"cookie\");\n const parsed = cookie.parseCookie(cookieHeader \|\| \"\");\n const res = new Store<TokenObject>(this._getTokensFromCookies(parsed));\n this._requestTokenStores.set(tokenStoreInit, res);\n return res;\n } else if (\"accessToken\" in tokenStoreInit \|\| \"refreshToken\" in tokenStoreInit) {\n return new Store<TokenObject>({\n refreshToken: tokenStoreInit.refreshToken,\n accessToken: tokenStoreInit.accessToken,\n });\n }\n\n throw new Error(`Invalid token store ${tokenStoreInit}`);\n }\n }\n }\n\n protected _useTokenStore(overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject> {\n if (!isBrowserLike()) {\n return this._getOrCreateTokenStore(use(createCookieHelper()), overrideTokenStoreInit);\n }\n suspendIfSsr();\n const cookieHelper = createBrowserCookieHelper();\n const tokenStore = this._getOrCreateTokenStore(cookieHelper, overrideTokenStoreInit);\n return tokenStore;\n }\n\n /*\n A map from token stores and session keys to sessions.\n \n This isn't just a map from session keys to sessions for two reasons:\n \n - So we can garbage-collect Session objects when the token store is garbage-collected\n * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object\n /\n private _sessionsByTokenStoreAndSessionKey = new WeakMap<Store<TokenObject>, Map<string, InternalSession>>();\n protected _getSessionFromTokenStore(tokenStore: Store<TokenObject>): InternalSession {\n const tokenObj = tokenStore.get();\n const sessionKey = InternalSession.calculateSessionKey(tokenObj);\n const existing = sessionKey ? this._sessionsByTokenStoreAndSessionKey.get(tokenStore)?.get(sessionKey) : null;\n if (existing) return existing;\n\n const session = this._interface.createSession({\n refreshToken: tokenObj.refreshToken,\n accessToken: tokenObj.accessToken,\n });\n session.onAccessTokenChange((newAccessToken) => {\n tokenStore.update((old) => ({\n ...old,\n accessToken: newAccessToken?.token ?? null\n }));\n });\n session.onInvalidate(() => {\n tokenStore.update((old) => ({\n ...old,\n accessToken: null,\n refreshToken: null,\n }));\n });\n\n let sessionsBySessionKey = this._sessionsByTokenStoreAndSessionKey.get(tokenStore) ?? new Map();\n this._sessionsByTokenStoreAndSessionKey.set(tokenStore, sessionsBySessionKey);\n sessionsBySessionKey.set(sessionKey, session);\n return session;\n }\n\n protected async _getSession(\n overrideTokenStoreInit?: TokenStoreInit,\n options?: { awaitPendingAuthResolutions?: boolean },\n ): Promise<InternalSession> {\n await this._awaitPendingAuthResolutions(overrideTokenStoreInit, options);\n const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper(overrideTokenStoreInit), overrideTokenStoreInit);\n const session = this._getSessionFromTokenStore(tokenStore);\n return session;\n }\n\n protected _useSession(overrideTokenStoreInit?: TokenStoreInit): InternalSession {\n this._usePendingAuthResolutions(overrideTokenStoreInit);\n const tokenStore = this._useTokenStore(overrideTokenStoreInit);\n const subscribe = useCallback((cb: () => void) => {\n return subscribeSessionRefresh({\n tokenStore,\n getSession: () => this._getSessionFromTokenStore(tokenStore),\n onTokenStoreChange: cb,\n });\n }, [tokenStore]);\n const getSnapshot = useCallback(() => this._getSessionFromTokenStore(tokenStore), [tokenStore]);\n return React.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);\n }\n\n protected async _signInToAccountWithTokens(tokens: { accessToken: string \| null, refreshToken: string }) {\n if (!(\"accessToken\" in tokens) \|\| !(\"refreshToken\" in tokens)) {\n throw new StackAssertionError(\"Invalid tokens object; can't sign in with this\", { tokens });\n }\n const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper());\n tokenStore.set(tokens);\n\n // Pre-fetch the current user for the new session so the cache is already\n // populated when useUser() re-renders, avoiding a stale-cache render cycle.\n const newSession = this._getSessionFromTokenStore(tokenStore);\n this._currentUserCache.getOrWait([newSession], \"write-only\").catch(() => {});\n }\n\n protected _hasPersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): this is StackClientApp<true, ProjectId> {\n return (overrideTokenStoreInit !== undefined ? overrideTokenStoreInit : this._tokenStoreInit) !== null;\n }\n\n protected _ensurePersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): asserts this is StackClientApp<true, ProjectId> {\n if (!this._hasPersistentTokenStore(overrideTokenStoreInit)) {\n throw new Error(\"Cannot call this function on a Stack app without a persistent token store. Make sure the tokenStore option on the constructor is set to a non-null value when initializing Stack.\\n\\nStack uses token stores to access access tokens of the current user. For example, on web frontends it is commonly the string value 'cookies' for cookie storage.\");\n }\n }\n\n protected _isInternalProject(): this is { projectId: \"internal\" } {\n return this.projectId === \"internal\";\n }\n\n protected _ensureInternalProject(): asserts this is { projectId: \"internal\" } {\n if (!this._isInternalProject()) {\n throw new Error(\"Cannot call this function on a Stack app with a project ID other than 'internal'.\");\n }\n }\n\n protected _clientProjectFromCrud(crud: ClientProjectsCrud['Client']['Read']): Project {\n return {\n id: crud.id,\n displayName: crud.display_name,\n config: {\n signUpEnabled: crud.config.sign_up_enabled,\n credentialEnabled: crud.config.credential_enabled,\n magicLinkEnabled: crud.config.magic_link_enabled,\n passkeyEnabled: crud.config.passkey_enabled,\n clientTeamCreationEnabled: crud.config.client_team_creation_enabled,\n clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,\n allowTeamApiKeys: crud.config.allow_team_api_keys,\n allowUserApiKeys: crud.config.allow_user_api_keys,\n oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({\n id: p.id,\n })),\n }\n };\n }\n\n protected _clientPermissionFromCrud(crud: TeamPermissionsCrud['Client']['Read'] \| ProjectPermissionsCrud['Client']['Read']): TeamPermission {\n return {\n id: crud.id,\n };\n }\n\n protected _clientTeamUserFromCrud(crud: TeamMemberProfilesCrud['Client']['Read']): TeamUser {\n return {\n id: crud.user_id,\n teamProfile: {\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n }\n };\n }\n\n protected _clientSentTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): SentTeamInvitation {\n return {\n id: crud.id,\n recipientEmail: crud.recipient_email,\n expiresAt: new Date(crud.expires_at_millis),\n revoke: async () => {\n await this._interface.revokeTeamInvitation(crud.id, crud.team_id, session);\n await this._teamInvitationsCache.refresh([session, crud.team_id]);\n },\n };\n }\n\n protected _clientReceivedTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): ReceivedTeamInvitation {\n const app = this;\n return {\n id: crud.id,\n teamId: crud.team_id,\n teamDisplayName: crud.team_display_name,\n recipientEmail: crud.recipient_email,\n expiresAt: new Date(crud.expires_at_millis),\n accept: async () => {\n await app._interface.acceptTeamInvitationById(crud.id, session);\n await Promise.all([\n app._currentUserTeamInvitationsCache.refresh([session]),\n app._currentUserTeamsCache.refresh([session]),\n app._teamInvitationsCache.refresh([session, crud.team_id]),\n ]);\n },\n };\n }\n\n protected _baseApiKeyFromCrud(\n crud: TeamApiKeysCrud['Client']['Read'] \| UserApiKeysCrud['Client']['Read'] \| yup.InferType<typeof teamApiKeysCreateOutputSchema> \| yup.InferType<typeof userApiKeysCreateOutputSchema>\n ): Omit<ApiKey<\"user\", boolean>, \"revoke\" \| \"update\"> \| Omit<ApiKey<\"team\", boolean>, \"revoke\" \| \"update\"> {\n return {\n id: crud.id,\n description: crud.description,\n expiresAt: crud.expires_at_millis ? new Date(crud.expires_at_millis) : undefined,\n manuallyRevokedAt: crud.manually_revoked_at_millis ? new Date(crud.manually_revoked_at_millis) : null,\n createdAt: new Date(crud.created_at_millis),\n ...(crud.type === \"team\" ? { type: \"team\", teamId: crud.team_id } : { type: \"user\", userId: crud.user_id }),\n value: typeof crud.value === \"string\" ? crud.value : {\n lastFour: crud.value.last_four,\n },\n isValid: function () {\n return this.whyInvalid() === null;\n },\n whyInvalid: function () {\n if (this.manuallyRevokedAt) {\n return \"manually-revoked\";\n }\n if (this.expiresAt && this.expiresAt < new Date()) {\n return \"expired\";\n }\n return null;\n },\n };\n }\n\n\n protected _clientApiKeyFromCrud(session: InternalSession, crud: TeamApiKeysCrud['Client']['Read']): ApiKey<\"team\">;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: UserApiKeysCrud['Client']['Read']): ApiKey<\"user\">;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof teamApiKeysCreateOutputSchema>): ApiKey<\"team\", true>;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof userApiKeysCreateOutputSchema>): ApiKey<\"user\", true>;\n protected _clientApiKeyFromCrud(session: InternalSession, crud: TeamApiKeysCrud['Client']['Read'] \| UserApiKeysCrud['Client']['Read'] \| yup.InferType<typeof teamApiKeysCreateOutputSchema> \| yup.InferType<typeof userApiKeysCreateOutputSchema>): ApiKey<\"user\" \| \"team\", boolean> {\n return {\n ...this._baseApiKeyFromCrud(crud),\n async revoke() {\n await this.update({ revoked: true });\n },\n update: async (options: ApiKeyUpdateOptions) => {\n await this._interface.updateProjectApiKey(crud.type === \"team\" ? { team_id: crud.team_id } : { user_id: crud.user_id }, crud.id, options, session, \"client\");\n if (crud.type === \"team\") {\n await this._teamApiKeysCache.refresh([session, crud.team_id]);\n } else {\n await this._userApiKeysCache.refresh([session]);\n }\n },\n };\n }\n\n protected _clientTeamFromCrud(crud: TeamsCrud['Client']['Read'], session: InternalSession): Team {\n const app = this;\n return {\n id: crud.id,\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n clientMetadata: crud.client_metadata,\n clientReadOnlyMetadata: crud.client_read_only_metadata,\n ...this._createCustomer(crud.id, \"team\", session),\n async inviteUser(options: { email: string, callbackUrl?: string }) {\n await app._interface.sendTeamInvitation({\n teamId: crud.id,\n email: options.email,\n session,\n callbackUrl: options.callbackUrl ?? constructRedirectUrl(app.urls.teamInvitation, \"callbackUrl\"),\n });\n await app._teamInvitationsCache.refresh([session, crud.id]);\n },\n async listUsers() {\n const result = Result.orThrow(await app._teamMemberProfilesCache.getOrWait([session, crud.id], \"write-only\"));\n return result.map((crud) => app._clientTeamUserFromCrud(crud));\n },\n useUsers() {\n const result = useAsyncCache(app._teamMemberProfilesCache, [session, crud.id] as const, \"team.useUsers()\");\n return result.map((crud) => app._clientTeamUserFromCrud(crud));\n },\n async listInvitations() {\n const result = Result.orThrow(await app._teamInvitationsCache.getOrWait([session, crud.id], \"write-only\"));\n return result.map((crud) => app._clientSentTeamInvitationFromCrud(session, crud));\n },\n useInvitations() {\n const result = useAsyncCache(app._teamInvitationsCache, [session, crud.id] as const, \"team.useInvitations()\");\n return result.map((crud) => app._clientSentTeamInvitationFromCrud(session, crud));\n },\n async update(data: TeamUpdateOptions) {\n await app._interface.updateTeam({ data: teamUpdateOptionsToCrud(data), teamId: crud.id }, session);\n await app._currentUserTeamsCache.refresh([session]);\n },\n async delete() {\n await app._interface.deleteTeam(crud.id, session);\n await app._currentUserTeamsCache.refresh([session]);\n },\n\n useApiKeys() {\n const result = useAsyncCache(app._teamApiKeysCache, [session, crud.id] as const, \"team.useApiKeys()\");\n return result.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async listApiKeys() {\n const results = Result.orThrow(await app._teamApiKeysCache.getOrWait([session, crud.id], \"write-only\"));\n return results.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async createApiKey(options: ApiKeyCreationOptions<\"team\">) {\n const result = await app._interface.createProjectApiKey(\n await apiKeyCreationOptionsToCrud(\"team\", crud.id, options),\n session,\n \"client\",\n );\n await app._teamApiKeysCache.refresh([session, crud.id]);\n return app._clientApiKeyFromCrud(session, result);\n },\n };\n }\n\n protected _clientContactChannelFromCrud(crud: ContactChannelsCrud['Client']['Read'], session: InternalSession): ContactChannel {\n const app = this;\n return {\n id: crud.id,\n value: crud.value,\n type: crud.type,\n isVerified: crud.is_verified,\n isPrimary: crud.is_primary,\n usedForAuth: crud.used_for_auth,\n\n async sendVerificationEmail(options?: { callbackUrl?: string }) {\n await app._interface.sendCurrentUserContactChannelVerificationEmail(\n crud.id,\n options?.callbackUrl \|\| constructRedirectUrl(app.urls.emailVerification, \"callbackUrl\"),\n session\n );\n },\n async update(data: ContactChannelUpdateOptions) {\n await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), session);\n await app._clientContactChannelsCache.refresh([session]);\n },\n async delete() {\n await app._interface.deleteClientContactChannel(crud.id, session);\n await app._clientContactChannelsCache.refresh([session]);\n },\n };\n }\n protected _clientNotificationCategoryFromCrud(crud: NotificationPreferenceCrud['Client']['Read'], session: InternalSession): NotificationCategory {\n const app = this;\n return {\n id: crud.notification_category_id,\n name: crud.notification_category_name,\n enabled: crud.enabled,\n canDisable: crud.can_disable,\n\n async setEnabled(enabled: boolean) {\n await app._interface.setNotificationsEnabled(crud.notification_category_id, enabled, session);\n await app._notificationCategoriesCache.refresh([session]);\n },\n };\n }\n protected _clientOAuthProviderFromCrud(crud: OAuthProviderCrud['Client']['Read'], session: InternalSession): OAuthProvider {\n const app = this;\n return {\n id: crud.id,\n type: crud.type,\n userId: crud.user_id,\n email: crud.email,\n allowSignIn: crud.allow_sign_in,\n allowConnectedAccounts: crud.allow_connected_accounts,\n\n async update(data: { allowSignIn?: boolean, allowConnectedAccounts?: boolean }): Promise<Result<void,\n InstanceType<typeof KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn>\n >> {\n try {\n await app._interface.updateOAuthProvider(\n crud.user_id,\n crud.id,\n {\n allow_sign_in: data.allowSignIn,\n allow_connected_accounts: data.allowConnectedAccounts,\n },\n session\n );\n await Promise.all([\n app._currentUserOAuthProvidersCache.refresh([session]),\n app._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n return Result.ok(undefined);\n } catch (error) {\n if (KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn.isInstance(error)) {\n return Result.error(error);\n }\n throw error;\n }\n },\n\n async delete() {\n await app._interface.deleteOAuthProvider(crud.user_id, crud.id, session);\n await Promise.all([\n app._currentUserOAuthProvidersCache.refresh([session]),\n app._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n },\n };\n }\n\n protected _clientItemFromCrud(crud: ItemCrud['Client']['Read']): Item {\n const app = this;\n return {\n displayName: crud.display_name,\n quantity: crud.quantity,\n nonNegativeQuantity: Math.max(0, crud.quantity),\n };\n }\n\n protected _customerProductsFromResponse(response: CustomerProductsListResponse): CustomerProductsList {\n const products = response.items.map((item) => ({\n id: item.id,\n quantity: item.quantity,\n displayName: item.product.display_name,\n customerType: item.product.customer_type,\n isServerOnly: item.product.server_only,\n stackable: item.product.stackable,\n type: item.type,\n subscription: item.subscription ? {\n subscriptionId: item.subscription.subscription_id,\n currentPeriodEnd: item.subscription.current_period_end ? new Date(item.subscription.current_period_end) : null,\n cancelAtPeriodEnd: item.subscription.cancel_at_period_end,\n isCancelable: item.subscription.is_cancelable,\n } : null,\n switchOptions: item.switch_options?.map((option) => ({\n productId: option.product_id,\n displayName: option.product.display_name,\n prices: option.product.prices,\n })),\n }));\n return Object.assign(products, { nextCursor: response.pagination.next_cursor ?? null });\n }\n\n protected _customerInvoicesFromResponse(response: CustomerInvoicesListResponse): CustomerInvoicesList {\n const invoices = response.items.map((item) => ({\n status: item.status as CustomerInvoiceStatus,\n amountTotal: item.amount_total,\n hostedInvoiceUrl: item.hosted_invoice_url,\n createdAt: new Date(item.created_at_millis),\n }));\n return Object.assign(invoices, { nextCursor: response.pagination.next_cursor ?? null });\n }\n\n protected _customerBillingFromResponse(response: {\n has_customer: boolean,\n default_payment_method: {\n id: string,\n brand: string \| null,\n last4: string \| null,\n exp_month: number \| null,\n exp_year: number \| null,\n } \| null,\n }): CustomerBilling {\n return {\n hasCustomer: response.has_customer,\n defaultPaymentMethod: response.default_payment_method,\n };\n }\n\n protected _createAuth(session: InternalSession): Auth {\n const app = this;\n return {\n _internalSession: session,\n currentSession: {\n async getTokens() {\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return {\n accessToken: tokens?.accessToken.token ?? null,\n refreshToken: tokens?.refreshToken?.token ?? null,\n };\n },\n useTokens() {\n const subscribe = useCallback((cb: () => void) => {\n const { unsubscribe: unsubscribeInvalidate } = session.onInvalidate(cb);\n const { unsubscribe: unsubscribeAccessTokenChange } = session.onAccessTokenChange(cb);\n return () => {\n unsubscribeInvalidate();\n unsubscribeAccessTokenChange();\n };\n }, [session]);\n const getSnapshot = useCallback(() => {\n return session.isKnownToBeInvalid()\n ? null\n : session.getAccessTokenIfNotExpiredYet(20_000, 75_000)?.token ?? null;\n }, [session]);\n\n let accessToken = React.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);\n if (accessToken === null && !session.isKnownToBeInvalid()) {\n // note: tokens is never actually assigned here in practice because getOrFetchLikelyValidTokens is always a fresh promise so the `use` hook always throws, but this is more idiomatic and makes the type checker happy\n accessToken = use(session.getOrFetchLikelyValidTokens(20_000, 75_000))?.accessToken.token ?? null;\n }\n return {\n accessToken,\n refreshToken: session.getRefreshToken()?.token ?? null,\n };\n },\n },\n async getAccessToken(): Promise<string \| null> {\n const tokens = await this.currentSession.getTokens();\n return tokens.accessToken;\n },\n useAccessToken(): string \| null {\n return this.currentSession.useTokens().accessToken;\n },\n async getRefreshToken(): Promise<string \| null> {\n const tokens = await this.currentSession.getTokens();\n return tokens.refreshToken;\n },\n useRefreshToken(): string \| null {\n return this.currentSession.useTokens().refreshToken;\n },\n async getAuthorizationHeader(): Promise<string \| null> {\n return getAuthorizationHeaderValueFromAuthJson(await this.getAuthJson());\n },\n useAuthorizationHeader(): string \| null {\n return getAuthorizationHeaderValueFromAuthJson(this.useAuthJson());\n },\n async getAuthHeaders(): Promise<{ \"x-stack-auth\": string }> {\n return {\n \"x-stack-auth\": JSON.stringify(await this.getAuthJson()),\n };\n },\n useAuthHeaders(): { \"x-stack-auth\": string } {\n return {\n \"x-stack-auth\": JSON.stringify(this.useAuthJson()),\n };\n },\n async getAuthJson(): Promise<{ accessToken: string \| null, refreshToken: string \| null }> {\n const tokens = await this.currentSession.getTokens();\n return tokens;\n },\n useAuthJson(): { accessToken: string \| null, refreshToken: string \| null } {\n return this.currentSession.useTokens();\n },\n signOut(options?: { redirectUrl?: URL \| string }) {\n return app._signOut(session, options);\n },\n };\n }\n\n protected _editableTeamProfileFromCrud(crud: TeamMemberProfilesCrud['Client']['Read'], session: InternalSession): EditableTeamMemberProfile {\n const app = this;\n return {\n displayName: crud.display_name,\n profileImageUrl: crud.profile_image_url,\n async update(update: { displayName?: string, profileImageUrl?: string }) {\n await app._interface.updateTeamMemberProfile({\n teamId: crud.team_id,\n userId: crud.user_id,\n profile: {\n display_name: update.displayName,\n profile_image_url: update.profileImageUrl,\n },\n }, session);\n await app._currentUserTeamProfileCache.refresh([session, crud.team_id]);\n }\n };\n }\n\n protected _createBaseUser(crud: NonNullable<CurrentUserCrud['Client']['Read']> \| UsersCrud['Server']['Read']): BaseUser {\n return {\n id: crud.id,\n displayName: crud.display_name,\n primaryEmail: crud.primary_email,\n primaryEmailVerified: crud.primary_email_verified,\n profileImageUrl: crud.profile_image_url,\n signedUpAt: new Date(crud.signed_up_at_millis),\n clientMetadata: crud.client_metadata,\n clientReadOnlyMetadata: crud.client_read_only_metadata,\n hasPassword: crud.has_password,\n emailAuthEnabled: crud.auth_with_email,\n otpAuthEnabled: crud.otp_auth_enabled,\n oauthProviders: crud.oauth_providers,\n passkeyAuthEnabled: crud.passkey_auth_enabled,\n isMultiFactorRequired: crud.requires_totp_mfa,\n isAnonymous: crud.is_anonymous,\n isRestricted: crud.is_restricted,\n restrictedReason: crud.restricted_reason,\n toClientJson(): CurrentUserCrud['Client']['Read'] {\n return crud;\n }\n };\n }\n\n protected _createUserExtraFromCurrent(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): UserExtra {\n const app = this;\n /\n @deprecated The string-based overloads are deprecated. Use `getOrLinkConnectedAccount` for redirect behavior,\n * or `getConnectedAccount({ provider, providerAccountId })` for existence check.\n /\n async function getConnectedAccount(id: ProviderType, options?: { scopes?: string[] }): Promise<DeprecatedOAuthConnection \| null>;\n async function getConnectedAccount(id: ProviderType, options: { or: 'redirect', scopes?: string[] }): Promise<DeprecatedOAuthConnection>;\n async function getConnectedAccount(account: { provider: string, providerAccountId: string }): Promise<OAuthConnection \| null>;\n async function getConnectedAccount(\n idOrAccount: ProviderType \| { provider: string, providerAccountId: string },\n options?: { or?: 'redirect', scopes?: string[] }\n ): Promise<DeprecatedOAuthConnection \| OAuthConnection \| null> {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n\n // Check if it's the new object-based API\n if (typeof idOrAccount === 'object' && 'provider' in idOrAccount && 'providerAccountId' in idOrAccount) {\n const { provider, providerAccountId } = idOrAccount;\n // Check if the account exists in the connected accounts list\n const connectedAccounts = Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const found = connectedAccounts.find(\n a => a.provider === provider && a.providerAccountId === providerAccountId\n );\n if (!found) {\n return null;\n }\n return found;\n }\n\n // Original behavior: by provider ID (returns first match)\n return Result.orThrow(await app._currentUserOAuthConnectionCache.getOrWait([session, idOrAccount, scopeString, options?.or === 'redirect'], \"write-only\"));\n }\n\n /\n @deprecated The string-based overloads are deprecated. Use `useOrLinkConnectedAccount` for redirect behavior,\n * or `useConnectedAccount({ provider, providerAccountId })` for existence check.\n /\n function useConnectedAccount(id: ProviderType, options?: { scopes?: string[] }): DeprecatedOAuthConnection \| null;\n function useConnectedAccount(id: ProviderType, options: { or: 'redirect', scopes?: string[] }): DeprecatedOAuthConnection;\n function useConnectedAccount(account: { provider: string, providerAccountId: string }): OAuthConnection \| null;\n function useConnectedAccount(\n idOrAccount: ProviderType \| { provider: string, providerAccountId: string },\n options?: { or?: 'redirect', scopes?: string[] }\n ): DeprecatedOAuthConnection \| OAuthConnection \| null {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n\n // Check if it's the new object-based API\n if (typeof idOrAccount === 'object' && 'provider' in idOrAccount && 'providerAccountId' in idOrAccount) {\n const { provider, providerAccountId } = idOrAccount;\n // Check if the account exists in the connected accounts list\n const connectedAccounts = useAsyncCache(\n app._currentUserConnectedAccountsCache,\n [session] as const,\n \"user.useConnectedAccount()\"\n );\n const found = connectedAccounts.find(\n a => a.provider === provider && a.providerAccountId === providerAccountId\n );\n return found ?? null;\n }\n\n // Original behavior: by provider ID (returns first match)\n return useAsyncCache(app._currentUserOAuthConnectionCache, [session, idOrAccount, scopeString, options?.or === 'redirect'] as const, \"user.useConnectedAccount()\");\n }\n return {\n async getActiveSessions() {\n const sessions = await app._interface.listSessions(session);\n return sessions.items.map((crud) => app._clientSessionFromCrud(crud));\n },\n async revokeSession(sessionId: string) {\n await app._interface.deleteSession(sessionId, session);\n },\n setDisplayName(displayName: string \| null) {\n return this.update({ displayName });\n },\n setClientMetadata(metadata: Record<string, any>) {\n return this.update({ clientMetadata: metadata });\n },\n async setSelectedTeam(team: Team \| string \| null) {\n await this.update({ selectedTeamId: typeof team === 'string' ? team : team?.id ?? null });\n },\n getConnectedAccount,\n useConnectedAccount, // THIS_LINE_PLATFORM react-like\n async listConnectedAccounts() {\n return Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n },\n useConnectedAccounts() {\n return useAsyncCache(app._currentUserConnectedAccountsCache, [session] as const, \"user.useConnectedAccounts()\");\n },\n async linkConnectedAccount(provider: string, options?: { scopes?: string[] }) {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n const location = await getNewOAuthProviderOrScopeUrl(\n app._interface,\n {\n provider,\n redirectUrl: app._getOAuthCallbackRedirectUri(),\n errorRedirectUrl: app.urls.error,\n providerScope: mergeScopeStrings(scopeString, (app._oauthScopesOnSignIn[provider as ProviderType] ?? []).join(\" \")),\n },\n session,\n );\n await app._redirectTo({ url: location });\n return await neverResolve();\n },\n async getOrLinkConnectedAccount(provider: string, options?: { scopes?: string[] }) {\n const connectedAccounts = Result.orThrow(await app._currentUserConnectedAccountsCache.getOrWait([session], \"write-only\"));\n const matchingAccounts = connectedAccounts.filter(a => a.provider === provider);\n\n for (const account of matchingAccounts) {\n const tokenResult = await account.getAccessToken({ scopes: options?.scopes });\n if (tokenResult.status === \"ok\") {\n return account;\n }\n }\n\n // No valid account found or all tokens unavailable — redirect to OAuth flow\n await this.linkConnectedAccount(provider, options);\n return await neverResolve();\n },\n useOrLinkConnectedAccount(provider: string, options?: { scopes?: string[] }): OAuthConnection {\n const scopeString = options?.scopes?.join(\" \") ?? \"\";\n return useAsyncCache(app._currentUserValidConnectedAccountForProviderCache, [session, provider, scopeString] as const, \"user.useOrLinkConnectedAccount()\");\n },\n async getTeam(teamId: string) {\n const teams = await this.listTeams();\n return teams.find((t) => t.id === teamId) ?? null;\n },\n useTeam(teamId: string) {\n const teams = this.useTeams();\n return useMemo(() => {\n return teams.find((t) => t.id === teamId) ?? null;\n }, [teams, teamId]);\n },\n async listTeams() {\n const teams = Result.orThrow(await app._currentUserTeamsCache.getOrWait([session], \"write-only\"));\n return teams.map((crud) => app._clientTeamFromCrud(crud, session));\n },\n useTeams() {\n const teams = useAsyncCache(app._currentUserTeamsCache, [session], \"user.useTeams()\");\n return useMemo(() => teams.map((crud) => app._clientTeamFromCrud(crud, session)), [teams]);\n },\n async createTeam(data: TeamCreateOptions) {\n const crud = await app._interface.createClientTeam(teamCreateOptionsToCrud(data, 'me'), session);\n await app._currentUserTeamsCache.refresh([session]);\n await this.update({ selectedTeamId: crud.id });\n return app._clientTeamFromCrud(crud, session);\n },\n async leaveTeam(team: Team) {\n await app._interface.leaveTeam(team.id, session);\n // TODO: refresh cache\n },\n async listTeamInvitations() {\n const invitations = Result.orThrow(await app._currentUserTeamInvitationsCache.getOrWait([session], \"write-only\"));\n return invitations.map((crud) => app._clientReceivedTeamInvitationFromCrud(session, crud));\n },\n useTeamInvitations() {\n const invitations = useAsyncCache(app._currentUserTeamInvitationsCache, [session], \"user.useTeamInvitations()\");\n return useMemo(() => invitations.map((crud) => app._clientReceivedTeamInvitationFromCrud(session, crud)), [invitations]);\n },\n async listPermissions(scopeOrOptions?: Team \| { recursive?: boolean }, options?: { recursive?: boolean }): Promise<TeamPermission[]> {\n if (scopeOrOptions && 'id' in scopeOrOptions) {\n const scope = scopeOrOptions;\n const recursive = options?.recursive ?? true;\n const permissions = Result.orThrow(await app._currentUserPermissionsCache.getOrWait([session, scope.id, recursive], \"write-only\"));\n return permissions.map((crud) => app._clientPermissionFromCrud(crud));\n } else {\n const opts = scopeOrOptions;\n const recursive = opts?.recursive ?? true;\n const permissions = Result.orThrow(await app._currentUserProjectPermissionsCache.getOrWait([session, recursive], \"write-only\"));\n return permissions.map((crud) => app._clientPermissionFromCrud(crud));\n }\n },\n usePermissions(scopeOrOptions?: Team \| { recursive?: boolean }, options?: { recursive?: boolean }): TeamPermission[] {\n if (scopeOrOptions && 'id' in scopeOrOptions) {\n const scope = scopeOrOptions;\n const recursive = options?.recursive ?? true;\n const permissions = useAsyncCache(app._currentUserPermissionsCache, [session, scope.id, recursive] as const, \"user.usePermissions()\");\n return useMemo(() => permissions.map((crud) => app._clientPermissionFromCrud(crud)), [permissions]);\n } else {\n const opts = scopeOrOptions;\n const recursive = opts?.recursive ?? true;\n const permissions = useAsyncCache(app._currentUserProjectPermissionsCache, [session, recursive] as const, \"user.usePermissions()\");\n return useMemo(() => permissions.map((crud) => app._clientPermissionFromCrud(crud)), [permissions]);\n }\n },\n usePermission(scopeOrPermissionId: Team \| string, permissionId?: string): TeamPermission \| null {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n const permissions = this.usePermissions(scope);\n return useMemo(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);\n } else {\n const pid = scopeOrPermissionId;\n const permissions = this.usePermissions();\n return useMemo(() => permissions.find((p) => p.id === pid) ?? null, [permissions, pid]);\n }\n },\n async getPermission(scopeOrPermissionId: Team \| string, permissionId?: string): Promise<TeamPermission \| null> {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n const permissions = await this.listPermissions(scope);\n return permissions.find((p) => p.id === permissionId) ?? null;\n } else {\n const pid = scopeOrPermissionId;\n const permissions = await this.listPermissions();\n return permissions.find((p) => p.id === pid) ?? null;\n }\n },\n async hasPermission(scopeOrPermissionId: Team \| string, permissionId?: string): Promise<boolean> {\n if (scopeOrPermissionId && typeof scopeOrPermissionId !== 'string') {\n const scope = scopeOrPermissionId;\n return (await this.getPermission(scope, permissionId as string)) !== null;\n } else {\n const pid = scopeOrPermissionId;\n return (await this.getPermission(pid)) !== null;\n }\n },\n async update(update) {\n return await app._updateClientUser(update, session);\n },\n async sendVerificationEmail(options?: { callbackUrl?: string }) {\n if (!crud.primary_email) {\n throw new StackAssertionError(\"User does not have a primary email\");\n }\n return await app._interface.sendVerificationEmail(\n crud.primary_email,\n options?.callbackUrl ?? constructRedirectUrl(app.urls.emailVerification, \"callbackUrl\"),\n session\n );\n },\n async updatePassword(options: { oldPassword: string, newPassword: string }) {\n const result = await app._interface.updatePassword(options, session);\n await app._currentUserCache.refresh([session]);\n return result;\n },\n async setPassword(options: { password: string }) {\n const result = await app._interface.setPassword(options, session);\n await app._currentUserCache.refresh([session]);\n return result;\n },\n selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team, session),\n async getTeamProfile(team: Team) {\n const result = Result.orThrow(await app._currentUserTeamProfileCache.getOrWait([session, team.id], \"write-only\"));\n return app._editableTeamProfileFromCrud(result, session);\n },\n useTeamProfile(team: Team) {\n const result = useAsyncCache(app._currentUserTeamProfileCache, [session, team.id] as const, \"user.useTeamProfile()\");\n return app._editableTeamProfileFromCrud(result, session);\n },\n async delete() {\n await app._interface.deleteCurrentUser(session);\n session.markInvalid();\n },\n async listContactChannels() {\n const result = Result.orThrow(await app._clientContactChannelsCache.getOrWait([session], \"write-only\"));\n return result.map((crud) => app._clientContactChannelFromCrud(crud, session));\n },\n useContactChannels() {\n const result = useAsyncCache(app._clientContactChannelsCache, [session] as const, \"user.useContactChannels()\");\n return result.map((crud) => app._clientContactChannelFromCrud(crud, session));\n },\n async createContactChannel(data: ContactChannelCreateOptions) {\n const crud = await app._interface.createClientContactChannel(contactChannelCreateOptionsToCrud('me', data), session);\n await app._clientContactChannelsCache.refresh([session]);\n return app._clientContactChannelFromCrud(crud, session);\n },\n useNotificationCategories() {\n const results = useAsyncCache(app._notificationCategoriesCache, [session] as const, \"user.useNotificationCategories()\");\n return results.map((crud) => app._clientNotificationCategoryFromCrud(crud, session));\n },\n async listNotificationCategories() {\n const results = Result.orThrow(await app._notificationCategoriesCache.getOrWait([session], \"write-only\"));\n return results.map((crud) => app._clientNotificationCategoryFromCrud(crud, session));\n },\n useApiKeys() {\n const result = useAsyncCache(app._userApiKeysCache, [session] as const, \"user.useApiKeys()\");\n return result.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async listApiKeys() {\n const results = await app._interface.listProjectApiKeys({ user_id: 'me' }, session, \"client\");\n return results.map((crud) => app._clientApiKeyFromCrud(session, crud));\n },\n\n async createApiKey(options: ApiKeyCreationOptions<\"user\">) {\n const result = await app._interface.createProjectApiKey(\n await apiKeyCreationOptionsToCrud(\"user\", \"me\", options),\n session,\n \"client\",\n );\n await app._userApiKeysCache.refresh([session]);\n return app._clientApiKeyFromCrud(session, result);\n },\n\n useOAuthProviders() {\n const results = useAsyncCache(app._currentUserOAuthProvidersCache, [session] as const, \"user.useOAuthProviders()\");\n return results.map((crud) => app._clientOAuthProviderFromCrud(crud, session));\n },\n\n async listOAuthProviders() {\n const results = Result.orThrow(await app._currentUserOAuthProvidersCache.getOrWait([session], \"write-only\"));\n return results.map((crud) => app._clientOAuthProviderFromCrud(crud, session));\n },\n\n useOAuthProvider(id: string) {\n const providers = this.useOAuthProviders();\n return useMemo(() => providers.find((p) => p.id === id) ?? null, [providers, id]);\n },\n\n async getOAuthProvider(id: string) {\n const providers = await this.listOAuthProviders();\n return providers.find((p) => p.id === id) ?? null;\n },\n\n async registerPasskey(options?: { hostname?: string }): Promise<Result<undefined, KnownErrors[\"PasskeyRegistrationFailed\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>> {\n const hostname = (await app._getCurrentUrl())?.hostname;\n if (!hostname) {\n throw new StackAssertionError(\"hostname must be provided if the Stack App does not have a redirect method\");\n }\n\n const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);\n\n if (initiationResult.status !== \"ok\") {\n return Result.error(new KnownErrors.PasskeyRegistrationFailed(\"Failed to get initiation options for passkey registration\"));\n }\n\n const { options_json, code } = initiationResult.data;\n\n // HACK: Override the rpID to be the actual domain\n if (options_json.rp.id !== \"THIS_VALUE_WILL_BE_REPLACED.example.com\") {\n throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);\n }\n\n options_json.rp.id = hostname;\n\n let attResp;\n try {\n attResp = await startRegistration({ optionsJSON: options_json });\n } catch (error: any) {\n if (error instanceof WebAuthnError) {\n return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));\n } else {\n // This should never happen\n captureError(\"passkey-registration-failed\", error);\n return Result.error(new KnownErrors.PasskeyRegistrationFailed(\"Failed to start passkey registration due to unknown error\"));\n }\n }\n\n\n const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);\n\n await app._refreshUser(session);\n return registrationResult;\n },\n };\n }\n\n protected _createInternalUserExtra(session: InternalSession): InternalUserExtra {\n const app = this;\n this._ensureInternalProject();\n return {\n createProject(newProject: AdminProjectUpdateOptions & { displayName: string, teamId: string }) {\n return app._createProject(session, newProject);\n },\n async transferProject(projectIdToTransfer: string, newTeamId: string): Promise<void> {\n await app._interface.transferProject(session, projectIdToTransfer, newTeamId);\n await app._refreshProject();\n },\n listOwnedProjects() {\n return app._listOwnedProjects(session);\n },\n useOwnedProjects() {\n return app._useOwnedProjects(session);\n },\n };\n }\n\n protected _createCustomer(userIdOrTeamId: string, type: \"user\" \| \"team\", session: InternalSession \| null): Omit<Customer, \"id\"> {\n const app = this;\n const effectiveSession = session ?? app._interface.createSession({ refreshToken: null });\n const customerOptions = type === \"user\" ? { userId: userIdOrTeamId } : { teamId: userIdOrTeamId };\n return {\n async getBilling() {\n const response = Result.orThrow(await app._customerBillingCache.getOrWait([effectiveSession, type, userIdOrTeamId], \"write-only\"));\n return app._customerBillingFromResponse(response);\n },\n useBilling() {\n const response = useAsyncCache(app._customerBillingCache, [effectiveSession, type, userIdOrTeamId] as const, \"customer.useBilling()\");\n return app._customerBillingFromResponse(response);\n },\n async createPaymentMethodSetupIntent(): Promise<CustomerPaymentMethodSetupIntent> {\n const body = await app._interface.createCustomerPaymentMethodSetupIntent(type, userIdOrTeamId, effectiveSession);\n return {\n clientSecret: body.client_secret,\n stripeAccountId: body.stripe_account_id,\n };\n },\n async setDefaultPaymentMethodFromSetupIntent(setupIntentId: string): Promise<CustomerDefaultPaymentMethod> {\n const body = await app._interface.setDefaultCustomerPaymentMethodFromSetupIntent(type, userIdOrTeamId, setupIntentId, effectiveSession);\n await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);\n return body.default_payment_method;\n },\n async getItem(itemId: string) {\n return await app.getItem({ itemId, ...customerOptions });\n },\n useItem(itemId: string) {\n return app.useItem({ itemId, ...customerOptions });\n },\n async listProducts(options?: CustomerProductsListOptions) {\n return await app.listProducts({ ...options, ...customerOptions });\n },\n useProducts(options?: CustomerProductsListOptions) {\n return app.useProducts({ ...options, ...customerOptions });\n },\n async listInvoices(options?: CustomerInvoicesListOptions) {\n return await app.listInvoices({ ...options, ...customerOptions });\n },\n useInvoices(options?: CustomerInvoicesListOptions) {\n return app.useInvoices({ ...options, ...customerOptions });\n },\n async createCheckoutUrl(options: { productId: string, returnUrl?: string }) {\n return await app._interface.createCheckoutUrl(type, userIdOrTeamId, options.productId, effectiveSession, options.returnUrl, \"client\");\n },\n async switchSubscription(options: { fromProductId: string, toProductId: string, priceId?: string, quantity?: number }) {\n await app._interface.switchSubscription({\n customer_type: type,\n customer_id: userIdOrTeamId,\n from_product_id: options.fromProductId,\n to_product_id: options.toProductId,\n price_id: options.priceId,\n quantity: options.quantity,\n }, effectiveSession);\n await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);\n if (type === \"user\") {\n await app._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === effectiveSession && userId === userIdOrTeamId);\n } else {\n await app._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === effectiveSession && teamId === userIdOrTeamId);\n }\n },\n };\n }\n\n async getItem(options: { itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }): Promise<Item> {\n const session = await this._getSession();\n let crud: ItemCrud['Client']['Read'];\n if (\"userId\" in options) {\n crud = Result.orThrow(await this._userItemCache.getOrWait([session, options.userId, options.itemId], \"write-only\"));\n } else if (\"teamId\" in options) {\n crud = Result.orThrow(await this._teamItemCache.getOrWait([session, options.teamId, options.itemId], \"write-only\"));\n } else {\n crud = Result.orThrow(await this._customItemCache.getOrWait([session, options.customCustomerId, options.itemId], \"write-only\"));\n }\n return this._clientItemFromCrud(crud);\n }\n\n useItem(options: { itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }): Item {\n const session = this._useSession();\n const [cache, ownerId] =\n \"userId\" in options ? [this._userItemCache, options.userId] :\n \"teamId\" in options ? [this._teamItemCache, options.teamId] : [this._customItemCache, options.customCustomerId];\n const crud = useAsyncCache(cache, [session, ownerId, options.itemId] as const, \"app.useItem()\");\n return this._clientItemFromCrud(crud);\n }\n\n async listProducts(options: CustomerProductsRequestOptions): Promise<CustomerProductsList> {\n const currentUser = await this.getUser();\n const session = currentUser?._internalSession ?? await this._getSession();\n if (\"userId\" in options) {\n const response = Result.orThrow(await this._userProductsCache.getOrWait([session, options.userId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n } else if (\"teamId\" in options) {\n const response = Result.orThrow(await this._teamProductsCache.getOrWait([session, options.teamId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n }\n const response = Result.orThrow(await this._customProductsCache.getOrWait([session, options.customCustomerId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerProductsFromResponse(response);\n }\n\n async listInvoices(options: CustomerInvoicesRequestOptions): Promise<CustomerInvoicesList> {\n const session = await this._getSession();\n if (\"userId\" in options) {\n const response = Result.orThrow(await this._userInvoicesCache.getOrWait([session, options.userId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerInvoicesFromResponse(response);\n }\n const response = Result.orThrow(await this._teamInvoicesCache.getOrWait([session, options.teamId, options.cursor ?? null, options.limit ?? null], \"write-only\"));\n return this._customerInvoicesFromResponse(response);\n }\n\n async cancelSubscription(options: { productId: string, subscriptionId?: string } \| { productId: string, subscriptionId?: string, teamId: string }): Promise<void> {\n const session = await this._getSession();\n const user = await this.getUser();\n if (!user) {\n throw new KnownErrors.UserAuthenticationRequired();\n }\n const customerType = \"teamId\" in options ? \"team\" : \"user\";\n const customerId = \"teamId\" in options ? options.teamId : user.id;\n await this._interface.cancelSubscription({\n customer_type: customerType,\n customer_id: customerId,\n product_id: options.productId,\n subscription_id: options.subscriptionId,\n }, session);\n if (customerType === \"user\") {\n await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);\n } else {\n await this._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === session && teamId === customerId);\n }\n }\n useProducts(options: CustomerProductsRequestOptions): CustomerProductsList {\n const session = this._useSession();\n const cache = \"userId\" in options ? this._userProductsCache : \"teamId\" in options ? this._teamProductsCache : this._customProductsCache;\n const debugLabel = \"clientApp.useProducts()\";\n const customerId = \"userId\" in options ? options.userId : \"teamId\" in options ? options.teamId : options.customCustomerId;\n const response = useAsyncCache(cache, [session, customerId, options.cursor ?? null, options.limit ?? null] as const, debugLabel);\n return this._customerProductsFromResponse(response);\n }\n useInvoices(options: CustomerInvoicesRequestOptions): CustomerInvoicesList {\n const session = this._useSession();\n const cache = \"userId\" in options ? this._userInvoicesCache : this._teamInvoicesCache;\n const debugLabel = \"clientApp.useInvoices()\";\n const customerId = \"userId\" in options ? options.userId : options.teamId;\n const response = useAsyncCache(cache, [session, customerId, options.cursor ?? null, options.limit ?? null] as const, debugLabel);\n return this._customerInvoicesFromResponse(response);\n }\n\n protected _currentUserFromCrud(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): ProjectCurrentUser<ProjectId> {\n const currentUser = withUserDestructureGuard({\n ...this._createBaseUser(crud),\n ...this._createAuth(session),\n ...this._createUserExtraFromCurrent(crud, session),\n ...this._isInternalProject() ? this._createInternalUserExtra(session) : {},\n ...this._createCustomer(crud.id, \"user\", session),\n } satisfies CurrentUser);\n return currentUser as ProjectCurrentUser<ProjectId>;\n }\n protected _clientSessionFromCrud(crud: SessionsCrud['Client']['Read']): ActiveSession {\n return {\n id: crud.id,\n userId: crud.user_id,\n createdAt: new Date(crud.created_at),\n isImpersonation: crud.is_impersonation,\n lastUsedAt: crud.last_used_at ? new Date(crud.last_used_at) : undefined,\n isCurrentSession: crud.is_current_session ?? false,\n geoInfo: crud.last_used_at_end_user_ip_info,\n };\n }\n\n protected _getOwnedAdminApp(forProjectId: string, session: InternalSession): _StackAdminAppImplIncomplete<false, string> {\n if (!this._ownedAdminApps.has([session, forProjectId])) {\n this._ownedAdminApps.set([session, forProjectId], new (_StackClientAppImplIncomplete.LazyStackAdminAppImpl.value!)({\n baseUrl: this._interface.options.getBaseUrl(),\n projectId: forProjectId,\n tokenStore: null,\n projectOwnerSession: session,\n noAutomaticPrefetch: true,\n }));\n }\n return this._ownedAdminApps.get([session, forProjectId])!;\n }\n\n get projectId(): ProjectId {\n return this._interface.projectId as ProjectId;\n }\n\n get version(): string {\n return clientVersion;\n }\n\n private _botChallengeSiteKeysWarned = false;\n private _getBotChallengeSiteKeys(): { visibleSiteKey: string, invisibleSiteKey: string } \| null {\n if (!isBrowserLike()) return null;\n\n const visibleSiteKey = envVars.NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY;\n if (!visibleSiteKey) {\n if (!this._botChallengeSiteKeysWarned) {\n this._botChallengeSiteKeysWarned = true;\n console.warn(\"[stack-auth] NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY is not set — bot challenge fraud protection is disabled. Set the env variable to enable it.\");\n }\n return null;\n }\n\n const invisibleSiteKey = envVars.NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY ?? visibleSiteKey;\n\n return { visibleSiteKey, invisibleSiteKey };\n }\n\n private _getBotChallengeFlowFailure(error: unknown): { type: \"cancelled\" \| \"failed\", knownError: KnownErrors[\"BotChallengeFailed\"] } \| null {\n if (error instanceof BotChallengeUserCancelledError) {\n return {\n type: \"cancelled\",\n knownError: new KnownErrors.BotChallengeFailed(\"Bot challenge cancelled by user\"),\n };\n }\n if (error instanceof BotChallengeExecutionFailedError) {\n return {\n type: \"failed\",\n knownError: new KnownErrors.BotChallengeFailed(error.message),\n };\n }\n return null;\n }\n\n private _normalizeBotChallengeResult<T, E>(result: Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>): Result<T, E \| KnownErrors[\"BotChallengeFailed\"]> {\n if (result.status === \"ok\") {\n return result;\n }\n\n if (KnownErrors.BotChallengeRequired.isInstance(result.error)) {\n captureError(\"bot-challenge-unexpected-after-flow\", result.error);\n return Result.error(new KnownErrors.BotChallengeFailed(\"Unexpected bot challenge after flow completion\"));\n }\n\n return Result.error(result.error);\n }\n\n private _toInterfaceBotChallengeInput(challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) {\n if (challenge.unavailable) {\n return {\n phase: \"visible\" as const,\n };\n }\n\n return {\n token: challenge.token,\n phase: challenge.phase,\n };\n }\n\n private async _executeResultWithBotChallengeFlow<T, E>(options: {\n action: TurnstileAction,\n execute: (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => Promise<Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n }): Promise<Result<T, E \| KnownErrors[\"BotChallengeFailed\"]>> {\n const siteKeys = this._getBotChallengeSiteKeys();\n let result: Result<T, E \| KnownErrors[\"BotChallengeRequired\"] \| KnownErrors[\"BotChallengeFailed\"]>;\n\n try {\n if (siteKeys) {\n result = await withBotChallengeFlow({\n ...siteKeys,\n action: options.action,\n execute: options.execute,\n isChallengeRequired: (flowResult) => {\n return flowResult.status === \"error\" && KnownErrors.BotChallengeRequired.isInstance(flowResult.error);\n },\n });\n } else {\n result = await options.execute({});\n }\n } catch (e) {\n const flowFailure = this._getBotChallengeFlowFailure(e);\n if (flowFailure) {\n return Result.error(flowFailure.knownError);\n }\n throw e;\n }\n\n return this._normalizeBotChallengeResult(result);\n }\n\n protected async _isTrusted(url: string): Promise<boolean> {\n if (isRelative(url)) {\n return true;\n }\n const parsedUrl = createUrlIfValid(url);\n if (parsedUrl == null) {\n return false;\n }\n if (typeof window !== \"undefined\" && window.location.origin === parsedUrl.origin) {\n return true;\n }\n if (isHostedHandlerUrlForProject({ url, projectId: this.projectId })) {\n return true;\n }\n const trustedRedirectConfig = await this._getTrustedRedirectConfig();\n return validateRedirectUrl(parsedUrl, {\n allowLocalhost: trustedRedirectConfig.allowLocalhost,\n trustedDomains: trustedRedirectConfig.trustedDomains,\n });\n }\n\n get urls(): Readonly<ResolvedHandlerUrls> {\n return getUrls(this._urlOptions, { projectId: this.projectId });\n }\n\n protected _prefetchCrossDomainHandoffParamsIfNeeded() {\n const canWriteOauthVerifierCookie = this._tokenStoreInit === \"cookie\" \|\| this._tokenStoreInit === \"nextjs-cookie\";\n if (\n !isBrowserLike()\n \|\| !canWriteOauthVerifierCookie\n \|\| this._isPrefetchingCrossDomainHandoffParams\n \|\| this._getFreshPrefetchedCrossDomainHandoffParams() != null\n ) {\n return;\n }\n this._isPrefetchingCrossDomainHandoffParams = true;\n runAsynchronously(async () => {\n try {\n if (!isBrowserLike()) {\n return;\n }\n const { state, codeChallenge } = await saveVerifierAndState();\n this._prefetchedCrossDomainHandoffParams = { state, codeChallenge };\n this._prefetchedCrossDomainHandoffParamsFetchedAt = performance.now();\n } finally {\n this._isPrefetchingCrossDomainHandoffParams = false;\n }\n });\n }\n\n protected _getCrossDomainHandoffParamsForUrlsGetter(currentUrl: URL): CrossDomainHandoffParams \| null {\n const fromQuery = getCrossDomainHandoffParamsFromCurrentUrl(currentUrl);\n if (fromQuery != null) {\n return fromQuery;\n }\n\n const prefetched = this._getFreshPrefetchedCrossDomainHandoffParams();\n if (prefetched != null) {\n return prefetched;\n }\n\n this._prefetchCrossDomainHandoffParamsIfNeeded();\n return null;\n }\n\n protected async _getCrossDomainHandoffParamsForRedirect(currentUrl: URL): Promise<CrossDomainHandoffParams> {\n const fromQuery = getCrossDomainHandoffParamsFromCurrentUrl(currentUrl);\n if (fromQuery != null) {\n return fromQuery;\n }\n const prefetched = this._getFreshPrefetchedCrossDomainHandoffParams();\n if (prefetched != null) {\n return prefetched;\n }\n const { state, codeChallenge } = await saveVerifierAndState();\n this._prefetchedCrossDomainHandoffParams = { state, codeChallenge };\n this._prefetchedCrossDomainHandoffParamsFetchedAt = performance.now();\n return { state, codeChallenge };\n }\n\n protected _getLocalOAuthCallbackHandlerUrl(): string {\n if (this._isOAuthCallbackUrlHosted()) {\n return this._getOAuthCallbackRedirectUri();\n }\n\n return resolveHandlerUrls({\n urls: {\n ...this._urlOptions,\n default: { type: \"handler-component\" },\n oauthCallback: { type: \"handler-component\" },\n },\n projectId: this.projectId,\n }).oauthCallback;\n }\n\n protected async _createCrossDomainAuthRedirectUrl(options: {\n redirectUri: string,\n state: string,\n codeChallenge: string,\n afterCallbackRedirectUrl: string,\n awaitPendingAuthResolutions?: boolean,\n }): Promise<string> {\n const session = await this._getSession(undefined, { awaitPendingAuthResolutions: options.awaitPendingAuthResolutions });\n const response = await this._interface.sendClientRequest(\n \"/auth/oauth/cross-domain/authorize\",\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n redirect_uri: options.redirectUri,\n state: options.state,\n code_challenge: options.codeChallenge,\n code_challenge_method: \"S256\",\n after_callback_redirect_url: options.afterCallbackRedirectUrl,\n }),\n },\n session,\n );\n if (!response.ok) {\n throw new StackAssertionError(`Cross-domain authorization endpoint failed: ${response.status} ${await response.text()}`);\n }\n const result = await response.json();\n if (!(\"redirect_url\" in result) \|\| typeof result.redirect_url !== \"string\") {\n throw new StackAssertionError(\"Cross-domain authorization endpoint returned an invalid payload\", { result });\n }\n return result.redirect_url;\n }\n\n protected _getFreshPrefetchedCrossDomainHandoffParams(): CrossDomainHandoffParams \| null {\n if (this._prefetchedCrossDomainHandoffParams == null) {\n return null;\n }\n if (performance.now() - this._prefetchedCrossDomainHandoffParamsFetchedAt > prefetchedCrossDomainHandoffTtlMs) {\n this._prefetchedCrossDomainHandoffParams = null;\n this._prefetchedCrossDomainHandoffParamsFetchedAt = 0;\n return null;\n }\n return this._prefetchedCrossDomainHandoffParams;\n }\n\n protected async _getCurrentUrl() {\n if (this._redirectMethod === \"none\") {\n return null;\n }\n return new URL(window.location.href);\n }\n\n protected async _redirectTo(options: { url: URL \| string, replace?: boolean }) {\n if (this._redirectMethod === \"none\") {\n return;\n } else if (this._redirectMethod === \"tanstack-start\" && !isBrowserLike()) {\n throw TanStackRouter.redirect({ href: options.url.toString(), replace: options.replace });\n } else if (typeof this._redirectMethod === \"object\" && this._redirectMethod.navigate) {\n this._redirectMethod.navigate(options.url.toString());\n } else {\n if (options.replace) {\n window.location.replace(options.url);\n } else {\n window.location.assign(options.url);\n }\n }\n\n await wait(2000);\n }\n\n useNavigate(): (to: string) => void {\n if (typeof this._redirectMethod === \"object\") {\n return this._redirectMethod.useNavigate();\n } else if (this._redirectMethod === \"window\") {\n return (to: string) => window.location.assign(to);\n } else if (this._redirectMethod === \"tanstack-start\") {\n return (to: string) => window.location.assign(to);\n } else {\n return (to: string) => { };\n }\n }\n protected async _redirectIfTrusted(url: string, options?: RedirectToOptions) {\n if (!await this._isTrusted(url)) {\n throw new Error(`Redirect URL ${url} is not trusted; should be relative.`);\n }\n return await this._redirectTo({ url, ...options });\n }\n\n protected async _redirectToHandler(\n handlerName: keyof HandlerUrls,\n options?: RedirectToOptions,\n internalOptions?: { awaitPendingAuthResolutions?: boolean },\n ) {\n const rawUrls = getUrls(this._urlOptions, { projectId: this.projectId });\n const rawHandlerUrl = rawUrls[handlerName];\n if (!rawHandlerUrl) {\n throw new Error(`No URL for handler name ${handlerName}`);\n }\n\n const currentUrl = isReactServer \|\| typeof window === \"undefined\"\n ? null\n : new URL(window.location.href);\n const plan = await planRedirectToHandler({\n handlerName,\n rawHandlerUrl,\n noRedirectBack: options?.noRedirectBack === true,\n currentUrl,\n localOAuthCallbackUrl: this._getLocalOAuthCallbackHandlerUrl(),\n getCrossDomainHandoffParams: async (href) => await this._getCrossDomainHandoffParamsForRedirect(href),\n });\n\n if (plan.type === \"cross-domain-authorize\") {\n const crossDomainRedirectUrl = await this._createCrossDomainAuthRedirectUrl({\n redirectUri: plan.redirectUri,\n state: plan.state,\n codeChallenge: plan.codeChallenge,\n afterCallbackRedirectUrl: plan.afterCallbackRedirectUrl,\n awaitPendingAuthResolutions: internalOptions?.awaitPendingAuthResolutions,\n });\n await this._redirectTo({ url: crossDomainRedirectUrl, ...options });\n return;\n }\n\n const redirectUrl = currentUrl != null && handlerName !== \"signOut\" && handlerName !== \"afterSignOut\" && handlerName !== \"oauthCallback\"\n ? await this._addNestedCrossDomainAuthParamsToRedirectUrl({\n url: plan.url,\n currentUrl,\n awaitPendingAuthResolutions: internalOptions?.awaitPendingAuthResolutions,\n })\n : plan.url;\n await this._redirectIfTrusted(redirectUrl, options);\n }\n\n protected _redirectToHandlerDuringRender(handlerName: keyof HandlerUrls, options?: RedirectToOptions): boolean {\n if (this._redirectMethod === \"tanstack-start\" && !isBrowserLike()) {\n const rawUrls = getUrls(this._urlOptions, { projectId: this.projectId });\n const rawHandlerUrl = rawUrls[handlerName];\n if (!rawHandlerUrl) {\n throw new Error(`No URL for handler name ${handlerName}`);\n }\n throw TanStackRouter.redirect({ href: rawHandlerUrl, replace: options?.replace });\n }\n return false;\n }\n\n async redirectToSignIn(options?: RedirectToOptions) { return await this._redirectToHandler(\"signIn\", options); }\n async redirectToSignUp(options?: RedirectToOptions) { return await this._redirectToHandler(\"signUp\", options); }\n async redirectToSignOut(options?: RedirectToOptions) { return await this._redirectToHandler(\"signOut\", options); }\n async redirectToEmailVerification(options?: RedirectToOptions) { return await this._redirectToHandler(\"emailVerification\", options); }\n async redirectToPasswordReset(options?: RedirectToOptions) { return await this._redirectToHandler(\"passwordReset\", options); }\n async redirectToForgotPassword(options?: RedirectToOptions) { return await this._redirectToHandler(\"forgotPassword\", options); }\n async redirectToHome(options?: RedirectToOptions) { return await this._redirectToHandler(\"home\", options); }\n async redirectToOAuthCallback(options?: RedirectToOptions) { return await this._redirectToHandler(\"oauthCallback\", options); }\n async redirectToMagicLinkCallback(options?: RedirectToOptions) { return await this._redirectToHandler(\"magicLinkCallback\", options); }\n async redirectToAfterSignIn(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignIn\", options); }\n async redirectToAfterSignUp(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignUp\", options); }\n async redirectToOnboarding(options?: RedirectToOptions) { return await this._redirectToHandler(\"onboarding\", options); }\n async redirectToAfterSignOut(options?: RedirectToOptions) { return await this._redirectToHandler(\"afterSignOut\", options); }\n async redirectToAccountSettings(options?: RedirectToOptions) { return await this._redirectToHandler(\"accountSettings\", options); }\n async redirectToError(options?: RedirectToOptions) { return await this._redirectToHandler(\"error\", options); }\n async redirectToTeamInvitation(options?: RedirectToOptions) { return await this._redirectToHandler(\"teamInvitation\", options); }\n async redirectToCliAuthConfirm(options?: RedirectToOptions) { return await this._redirectToHandler(\"cliAuthConfirm\", options); }\n async redirectToMfa(options?: RedirectToOptions) { return await this._redirectToHandler(\"mfa\", options); }\n\n async sendForgotPasswordEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<undefined, KnownErrors[\"UserNotFound\"]>> {\n return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? constructRedirectUrl(this.urls.passwordReset, \"callbackUrl\"));\n }\n\n async sendMagicLinkEmail(email: string, options?: {\n callbackUrl?: string,\n }): Promise<Result<{ nonce: string }, KnownErrors[\"RedirectUrlNotWhitelisted\"] \| KnownErrors[\"BotChallengeFailed\"]>> {\n const callbackUrl = options?.callbackUrl ?? constructRedirectUrl(this.urls.magicLinkCallback, \"callbackUrl\");\n return await this._executeResultWithBotChallengeFlow({\n action: \"send_magic_link_email\",\n execute: async (challenge) => {\n return await this._interface.sendMagicLinkEmail(email, callbackUrl, this._toInterfaceBotChallengeInput(challenge));\n },\n });\n }\n\n async resetPassword(options: { password: string, code: string }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n return await this._interface.resetPassword(options);\n }\n\n async verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n return await this._interface.verifyPasswordResetCode(code);\n }\n\n async verifyTeamInvitationCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n return await this._interface.acceptTeamInvitation({\n type: 'check',\n code,\n session: await this._getSession(),\n });\n }\n\n async acceptTeamInvitation(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n const result = await this._interface.acceptTeamInvitation({\n type: 'use',\n code,\n session: await this._getSession(),\n });\n\n if (result.status === 'ok') {\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async getTeamInvitationDetails(code: string): Promise<Result<{ teamDisplayName: string }, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>> {\n const result = await this._interface.acceptTeamInvitation({\n type: 'details',\n code,\n session: await this._getSession(),\n });\n\n if (result.status === 'ok') {\n return Result.ok({ teamDisplayName: result.data.team_display_name });\n } else {\n return Result.error(result.error);\n }\n }\n\n async verifyEmail(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>> {\n const result = await this._interface.verifyEmail(code);\n await this._currentUserCache.refresh([await this._getSession()]);\n await this._clientContactChannelsCache.refresh([await this._getSession()]);\n return result;\n }\n\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): Promise<ProjectCurrentUser<ProjectId>>;\n async getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null>;\n async getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null> {\n // Validate that includeRestricted: false and or: 'anonymous' are mutually exclusive\n if (options?.or === 'anonymous' && options.includeRestricted === false) {\n throw new Error(\"Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.\");\n }\n\n this._ensurePersistentTokenStore(options?.tokenStore);\n const session = await this._getSession(options?.tokenStore);\n let crud = Result.orThrow(await this._currentUserCache.getOrWait([session], \"write-only\"));\n const includeAnonymous = options?.or === \"anonymous\" \|\| options?.or === \"anonymous-if-exists[deprecated]\";\n const includeRestricted = options?.includeRestricted === true \|\| includeAnonymous;\n\n if (crud === null \|\| (crud.is_anonymous && !includeAnonymous) \|\| (crud.is_restricted && !includeRestricted)) {\n switch (options?.or) {\n case 'redirect': {\n if (!crud?.is_anonymous && crud?.is_restricted) {\n await this.redirectToOnboarding({ replace: true });\n } else {\n await this.redirectToSignIn({ replace: true });\n }\n // TODO: We should probably `await neverResolve()` here instead of returning null. I (Konsti) wanna do it in a release with few changes though because I'm not sure if it'll break anything\n break;\n }\n case 'throw': {\n throw new Error(\"User is not signed in but getUser was called with { or: 'throw' }\");\n }\n case 'anonymous': {\n const tokens = await this._signUpAnonymously();\n return await this.getUser({ tokenStore: tokens, or: \"anonymous-if-exists[deprecated]\", includeRestricted: true }) ?? throwErr(\"Something went wrong while signing up anonymously\");\n }\n case undefined:\n case \"anonymous-if-exists[deprecated]\":\n case \"return-null\": {\n return null;\n }\n }\n }\n\n return crud && this._currentUserFromCrud(crud, session);\n }\n\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): ProjectCurrentUser<ProjectId>;\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): ProjectCurrentUser<ProjectId>;\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): ProjectCurrentUser<ProjectId>;\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null;\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null {\n // Validate that includeRestricted: false and or: 'anonymous' are mutually exclusive\n if (options?.or === 'anonymous' && options.includeRestricted === false) {\n throw new Error(\"Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.\");\n }\n\n this._ensurePersistentTokenStore(options?.tokenStore);\n\n const session = this._useSession(options?.tokenStore);\n let crud = useAsyncCache(this._currentUserCache, [session] as const, \"clientApp.useUser()\");\n const includeAnonymous = options?.or === \"anonymous\" \|\| options?.or === \"anonymous-if-exists[deprecated]\";\n const includeRestricted = options?.includeRestricted === true \|\| includeAnonymous;\n\n if (crud === null \|\| (crud.is_anonymous && !includeAnonymous) \|\| (crud.is_restricted && !includeRestricted)) {\n switch (options?.or) {\n case 'redirect': {\n if (!crud?.is_anonymous && crud?.is_restricted) {\n if (!this._redirectToHandlerDuringRender(\"onboarding\", { replace: true })) {\n runAsynchronously(this.redirectToOnboarding({ replace: true }));\n }\n } else {\n if (!this._redirectToHandlerDuringRender(\"signIn\", { replace: true })) {\n runAsynchronously(this.redirectToSignIn({ replace: true }));\n }\n }\n suspend();\n throw new StackAssertionError(\"suspend should never return\");\n }\n case 'throw': {\n throw new Error(\"User is not signed in but useUser was called with { or: 'throw' }\");\n }\n case 'anonymous': {\n // TODO we should think about the behavior when calling useUser (or getUser) in anonymous with a custom token store. signUpAnonymously always sets the current token store on app level, instead of the one passed to this function\n // TODO we shouldn't reload & suspend here, instead we should use a promise that resolves to the new anonymous user\n runAsynchronously(async () => {\n await this._signUpAnonymously();\n if (typeof window !== \"undefined\") {\n window.location.reload();\n }\n });\n suspend();\n throw new StackAssertionError(\"suspend should never return\");\n }\n case undefined:\n case \"anonymous-if-exists[deprecated]\":\n case \"return-null\": {\n crud = null;\n break;\n }\n }\n }\n\n return useMemo(() => {\n return crud && this._currentUserFromCrud(crud, session);\n }, [crud, session, options?.or]);\n }\n\n _getTokenPartialUserFromSession(session: InternalSession, options: GetCurrentPartialUserOptions<HasTokenStore>): TokenPartialUser \| null {\n const accessToken = session.getAccessTokenIfNotExpiredYet(0, null);\n if (!accessToken) {\n return null;\n }\n const isAnonymous = accessToken.payload.is_anonymous;\n if (isAnonymous && options.or !== \"anonymous-if-exists\") {\n return null;\n }\n return {\n id: accessToken.payload.sub,\n primaryEmail: accessToken.payload.email,\n displayName: accessToken.payload.name,\n primaryEmailVerified: accessToken.payload.email_verified,\n isAnonymous,\n isMultiFactorRequired: accessToken.payload.requires_totp_mfa,\n isRestricted: accessToken.payload.is_restricted,\n restrictedReason: accessToken.payload.restricted_reason,\n } satisfies TokenPartialUser;\n }\n\n async _getPartialUserFromConvex(ctx: ConvexCtx): Promise<TokenPartialUser \| null> {\n const auth = await ctx.auth.getUserIdentity();\n if (!auth) {\n return null;\n }\n return {\n id: auth.subject,\n displayName: auth.name ?? null,\n primaryEmail: auth.email ?? null,\n primaryEmailVerified: auth.email_verified as boolean,\n isAnonymous: auth.is_anonymous as boolean,\n isMultiFactorRequired: auth.requires_totp_mfa as boolean,\n isRestricted: auth.is_restricted as boolean,\n restrictedReason: (auth.restricted_reason as RestrictedReason \| null) ?? null,\n };\n }\n\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): Promise<TokenPartialUser \| null>;\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): Promise<TokenPartialUser \| null>;\n async getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): Promise<SyncedPartialUser \| TokenPartialUser \| null> {\n switch (options.from) {\n case \"token\": {\n this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);\n const session = await this._getSession(options.tokenStore);\n return this._getTokenPartialUserFromSession(session, options);\n }\n case \"convex\": {\n return await this._getPartialUserFromConvex(options.ctx);\n }\n default: {\n // @ts-expect-error\n throw new Error(`Invalid 'from' option: ${options.from}`);\n }\n }\n }\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): TokenPartialUser \| null;\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): TokenPartialUser \| null;\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): TokenPartialUser \| SyncedPartialUser \| null {\n switch (options.from) {\n case \"token\": {\n this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);\n const session = this._useSession(options.tokenStore);\n return this._getTokenPartialUserFromSession(session, options);\n }\n case \"convex\": {\n const result = useAsyncCache(this._convexPartialUserCache, [options.ctx] as const, \"clientApp.usePartialUser()\");\n return result;\n }\n default: {\n // @ts-expect-error\n throw new Error(`Invalid 'from' option: ${options.from}`);\n }\n }\n }\n getConvexClientAuth(options: { tokenStore: TokenStoreInit }): (args: { forceRefreshToken: boolean }) => Promise<string \| null> {\n return async (args: { forceRefreshToken: boolean }) => {\n const session = await this._getSession(options.tokenStore ?? this._tokenStoreInit);\n if (!args.forceRefreshToken) {\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return tokens?.accessToken.token ?? null;\n }\n const tokens = await session.fetchNewTokens();\n return tokens?.accessToken.token ?? null;\n };\n }\n\n async getConvexHttpClientAuth(options: { tokenStore: TokenStoreInit }): Promise<string> {\n const session = await this._getSession(options.tokenStore);\n const tokens = await session.getOrFetchLikelyValidTokens(20_000, 75_000);\n return tokens?.accessToken.token ?? \"\";\n }\n\n protected async _updateClientUser(update: UserUpdateOptions, session: InternalSession) {\n const res = await this._interface.updateClientUser(userUpdateOptionsToCrud(update), session);\n await this._refreshUser(session);\n return res;\n }\n\n async signInWithOAuth(provider: ProviderType, options?: {\n returnTo?: string,\n }) {\n if (typeof window === \"undefined\") {\n throw new Error(\"signInWithOAuth can currently only be called in a browser environment\");\n }\n\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const currentUrl = new URL(window.location.href);\n const afterCallbackRedirectUrl = options?.returnTo != null\n ? constructRedirectUrl(options.returnTo, \"returnTo\")\n : (\n currentUrl.searchParams.has(\"after_auth_return_to\")\n ? currentUrl.toString()\n : undefined\n );\n const siteKeys = this._getBotChallengeSiteKeys();\n const { codeChallenge, state } = await saveVerifierAndState();\n\n const executeOAuth = async (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => {\n return await this._interface.authorizeOAuth({\n provider,\n redirectUrl: constructRedirectUrl(this._getOAuthCallbackRedirectUri(), \"redirectUrl\"),\n errorRedirectUrl: constructRedirectUrl(this.urls.error, \"errorRedirectUrl\"),\n afterCallbackRedirectUrl,\n type: \"authenticate\",\n providerScope: this._oauthScopesOnSignIn[provider]?.join(\" \"),\n codeChallenge,\n state,\n botChallenge: this._toInterfaceBotChallengeInput(challenge),\n session,\n });\n };\n\n let authorizeResult;\n try {\n if (siteKeys) {\n authorizeResult = await withBotChallengeFlow({\n ...siteKeys,\n action: \"oauth_authenticate\",\n execute: executeOAuth,\n isChallengeRequired: (result) => {\n return result.status === \"error\" && KnownErrors.BotChallengeRequired.isInstance(result.error);\n },\n });\n } else {\n // Server safe: just call execute with no bot challenge params\n authorizeResult = await executeOAuth({});\n }\n } catch (e) {\n const flowFailure = this._getBotChallengeFlowFailure(e);\n if (flowFailure?.type === \"cancelled\") {\n return;\n }\n if (flowFailure?.type === \"failed\") {\n throw flowFailure.knownError;\n }\n throw e;\n }\n\n const location = Result.orThrow(authorizeResult);\n await this._redirectTo({ url: location });\n await neverResolve();\n }\n\n /\n Handles MFA verification by redirecting to the OTP page\n /\n protected async _experimentalMfa(error: KnownErrors['MultiFactorAuthenticationRequired'], session: InternalSession): Promise<never> {\n // Store the attempt code in session storage so the OTP page can access it\n if (typeof window !== 'undefined') {\n window.sessionStorage.setItem('stack_mfa_attempt_code', (error.details as any)?.attempt_code ?? throwErr(\"attempt code missing\"));\n }\n\n // Redirect to the MFA page\n await this.redirectToMfa();\n\n throw new StackAssertionError(\"we should have redirected in redirectToMfa()\");\n }\n\n /\n @deprecated\n * TODO remove\n /\n protected async _catchMfaRequiredError<T, E>(callback: () => Promise<Result<T, E>>): Promise<Result<T \| { accessToken: string, refreshToken: string, newUser: boolean }, E>> {\n try {\n return await callback();\n } catch (e) {\n if (KnownErrors.MultiFactorAuthenticationRequired.isInstance(e)) {\n return Result.ok(await this._experimentalMfa(\n e,\n await this._getSession(undefined, { awaitPendingAuthResolutions: false }),\n ));\n }\n throw e;\n }\n }\n\n async signInWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n }): Promise<Result<undefined, KnownErrors[\"EmailPasswordMismatch\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithCredential(options.email, options.password, session);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!options.noRedirect) {\n await this.redirectToAfterSignIn({ replace: true });\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async signUpWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n noVerificationCallback?: boolean,\n verificationCallbackUrl?: string,\n }): Promise<Result<undefined, KnownErrors[\"UserWithEmailAlreadyExists\"] \| KnownErrors['PasswordRequirementsNotMet'] \| KnownErrors[\"BotChallengeFailed\"]>> {\n if (options.noVerificationCallback && options.verificationCallbackUrl) {\n throw new StackAssertionError(\"verificationCallbackUrl is not allowed when noVerificationCallback is true\");\n }\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const emailVerificationRedirectUrl = options.noVerificationCallback ? undefined : options.verificationCallbackUrl ?? constructRedirectUrl(this.urls.emailVerification, \"verificationCallbackUrl\");\n\n const executeSignUp = async (challenge: { token?: string, phase?: \"invisible\" \| \"visible\", unavailable?: true }) => {\n let result = await this._interface.signUpWithCredential(\n options.email,\n options.password,\n emailVerificationRedirectUrl,\n session,\n this._toInterfaceBotChallengeInput(challenge),\n );\n\n // If the auto-constructed redirect URL is not whitelisted, gracefully fall back\n // to signing up without email verification rather than failing.\n // If the user explicitly provided a verificationCallbackUrl, propagate the error.\n if (result.status === 'error' &&\n result.error instanceof KnownErrors.RedirectUrlNotWhitelisted &&\n emailVerificationRedirectUrl !== undefined) {\n if (!options.verificationCallbackUrl) {\n captureError(\"signup-verification-url-not-whitelisted\", new StackAssertionError(\"The auto-constructed verification callback URL is not whitelisted; proceeding without email verification\", { emailVerificationRedirectUrl }));\n\n result = await this._interface.signUpWithCredential(\n options.email,\n options.password,\n undefined, // No email verification\n session,\n this._toInterfaceBotChallengeInput(challenge),\n );\n }\n }\n\n return result;\n };\n\n let result;\n result = await this._executeResultWithBotChallengeFlow({\n action: \"sign_up_with_credential\",\n execute: executeSignUp,\n });\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!options.noRedirect) {\n await this.redirectToAfterSignUp({ replace: true });\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n async _signUpAnonymously() {\n this._ensurePersistentTokenStore();\n\n if (!this._anonymousSignUpInProgress) {\n this._anonymousSignUpInProgress = (async () => {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n const result = await this._interface.signUpAnonymously(session);\n if (result.status === \"ok\") {\n await this._signInToAccountWithTokens(result.data);\n } else {\n throw new StackAssertionError(\"signUpAnonymously() should never return an error\");\n }\n this._anonymousSignUpInProgress = null;\n return result.data;\n })();\n }\n\n return await this._anonymousSignUpInProgress;\n }\n\n async signInWithMagicLink(code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithMagicLink(code, session);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!(options?.noRedirect)) {\n if (result.data.newUser) {\n await this._redirectToHandler(\"afterSignUp\", { replace: true }, { awaitPendingAuthResolutions: false });\n } else {\n await this._redirectToHandler(\"afterSignIn\", { replace: true }, { awaitPendingAuthResolutions: false });\n }\n }\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n /\n Initiates a CLI authentication process that allows a command line application\n * to get a refresh token for a user's account.\n \n This process works as follows:\n * 1. The CLI app calls this method, which initiates the auth process with the server\n * 2. The server returns a polling code and a login code\n * 3. The CLI app opens a browser window to the appUrl with the login code as a parameter\n * 4. The user logs in through the browser and confirms the authorization\n * 5. The CLI app polls for the refresh token using the polling code\n \n @param options Options for the CLI login\n * @param options.appUrl The URL of the app that will handle the CLI auth confirmation\n * @param options.expiresInMillis Optional duration in milliseconds before the auth attempt expires (default: 2 hours)\n * @param options.maxAttempts Optional maximum number of polling attempts (default: Infinity)\n * @param options.waitTimeMillis Optional time to wait between polling attempts (default: 2 seconds)\n * @param options.promptLink Optional function to call with the login URL and code to prompt the user to open the browser\n * @param options.anonRefreshToken Optional anonymous refresh token from the CLI's token store to associate with this login attempt\n * @returns Result containing either the refresh token or an error\n /\n async promptCliLogin(options: {\n appUrl: string,\n expiresInMillis?: number,\n maxAttempts?: number,\n waitTimeMillis?: number,\n promptLink?: (url: string, loginCode: string) => void,\n anonRefreshToken?: string,\n }): Promise<Result<string, KnownErrors[\"CliAuthError\"] \| KnownErrors[\"CliAuthExpiredError\"] \| KnownErrors[\"CliAuthUsedError\"]>> {\n // Step 1: Initiate the CLI auth process\n const response = await this._interface.sendClientRequest(\n \"/auth/cli\",\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n expires_in_millis: options.expiresInMillis,\n ...(options.anonRefreshToken != null ? { anon_refresh_token: options.anonRefreshToken } : {}),\n }),\n },\n null\n );\n\n if (!response.ok) {\n return Result.error(new KnownErrors.CliAuthError(`Failed to initiate CLI auth: ${response.status} ${await response.text()}`));\n }\n\n const initResult = await response.json();\n const pollingCode = initResult.polling_code;\n const loginCode = initResult.login_code;\n\n // Step 2: Open the browser for the user to authenticate and display the verification code\n const url = buildCliAuthConfirmUrl({\n cliAuthConfirmUrl: this.urls.cliAuthConfirm,\n appUrl: options.appUrl,\n loginCode,\n });\n if (options.promptLink) {\n options.promptLink(url, loginCode);\n } else {\n console.log(`Your verification code: ${loginCode}`);\n console.log(`Please visit the following URL to authenticate:\\n${url}`);\n }\n\n // Step 3: Poll for the token\n let attempts = 0;\n while (attempts < (options.maxAttempts ?? Infinity)) {\n attempts++;\n const pollResponse = await this._interface.sendClientRequest(\"/auth/cli/poll\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n polling_code: pollingCode,\n }),\n }, null);\n\n if (!pollResponse.ok) {\n return Result.error(new KnownErrors.CliAuthError(`Failed to initiate CLI auth: ${pollResponse.status} ${await pollResponse.text()}`));\n }\n const pollResult = await pollResponse.json();\n\n if (pollResponse.status === 201 && pollResult.status === \"success\") {\n return Result.ok(pollResult.refresh_token);\n }\n if (pollResult.status === \"waiting\") {\n await wait(options.waitTimeMillis ?? 2000);\n continue;\n }\n if (pollResult.status === \"expired\") {\n return Result.error(new KnownErrors.CliAuthExpiredError(\"CLI authentication request expired. Please try again.\"));\n }\n if (pollResult.status === \"used\") {\n return Result.error(new KnownErrors.CliAuthUsedError(\"This authentication token has already been used.\"));\n }\n return Result.error(new KnownErrors.CliAuthError(`Unexpected status from CLI auth polling: ${pollResult.status}`));\n }\n\n return Result.error(new KnownErrors.CliAuthError(\"Timed out waiting for CLI authentication.\"));\n }\n\n /\n * Completes the MFA sign-in process by verifying the provided OTP code\n * @param totp The TOTP (Time-based One-Time Password) provided by the user\n * @param code The Attempt code provided by the user\n * @param options Additional options for the sign-in process\n * @returns A Result indicating success or failure\n /\n async signInWithMfa(totp: string, code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await this._interface.signInWithMfa(totp, code, session);\n });\n } catch (e) {\n if (e instanceof KnownErrors.InvalidTotpCode) {\n return Result.error(e);\n }\n throw e;\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n if (!(options?.noRedirect)) {\n if (result.data.newUser) {\n await this.redirectToAfterSignUp({ replace: true });\n } else {\n await this.redirectToAfterSignIn({ replace: true });\n }\n }\n return Result.ok(undefined);\n }\n return Result.error(result.error);\n }\n\n async signInWithPasskey(): Promise<Result<undefined, KnownErrors[\"PasskeyAuthenticationFailed\"] \| KnownErrors[\"InvalidTotpCode\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>> {\n this._ensurePersistentTokenStore();\n const session = await this._getSession();\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n const initiationResult = await this._interface.initiatePasskeyAuthentication({}, session);\n if (initiationResult.status !== \"ok\") {\n return Result.error(new KnownErrors.PasskeyAuthenticationFailed(\"Failed to get initiation options for passkey authentication\"));\n }\n\n const { options_json, code } = initiationResult.data;\n\n // HACK: Override the rpID to be the actual domain\n if (options_json.rpId !== \"THIS_VALUE_WILL_BE_REPLACED.example.com\") {\n throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rpId}`);\n }\n options_json.rpId = window.location.hostname;\n\n const authentication_response = await startAuthentication({ optionsJSON: options_json });\n return await this._interface.signInWithPasskey({ authentication_response, code }, session);\n });\n } catch (error) {\n if (error instanceof WebAuthnError) {\n return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));\n } else {\n // This should never happen\n return Result.error(new KnownErrors.PasskeyAuthenticationFailed(\"Failed to sign in with passkey\"));\n }\n }\n\n if (result.status === 'ok') {\n await this._signInToAccountWithTokens(result.data);\n await this.redirectToAfterSignIn({ replace: true });\n return Result.ok(undefined);\n } else {\n return Result.error(result.error);\n }\n }\n\n\n async callOAuthCallback(\n options?: {\n dontWarnAboutMissingQueryParams?: boolean,\n },\n ) {\n if (typeof window === \"undefined\") {\n throw new Error(\"callOAuthCallback can currently only be called in a browser environment\");\n }\n if (this._currentUrlLooksLikeOAuthCallback()) {\n this._ensurePersistentTokenStore();\n }\n let oauthCallbackRedirectUri = this._getOAuthCallbackRedirectUri();\n const currentUrl = new URL(window.location.href);\n if (currentUrl.searchParams.get(crossDomainAuthQueryParams.marker) === \"1\") {\n currentUrl.searchParams.delete(\"code\");\n currentUrl.searchParams.delete(\"state\");\n oauthCallbackRedirectUri = currentUrl.toString();\n }\n let result;\n try {\n result = await this._catchMfaRequiredError(async () => {\n return await callOAuthCallback(this._interface, oauthCallbackRedirectUri, options);\n });\n } catch (e) {\n if (KnownErrors.InvalidTotpCode.isInstance(e)) {\n alert(\"Invalid TOTP code. Please try signing in again.\");\n return false;\n } else {\n throw e;\n }\n }\n if (result.status === 'ok' && result.data) {\n this._ensurePersistentTokenStore();\n await this._signInToAccountWithTokens(result.data);\n // TODO fix afterCallbackRedirectUrl for MFA (currently not passed because /mfa/sign-in doesn't return it)\n // or just get rid of afterCallbackRedirectUrl entirely tbh\n if (\"afterCallbackRedirectUrl\" in result.data && result.data.afterCallbackRedirectUrl) {\n await this._redirectTo({ url: result.data.afterCallbackRedirectUrl, replace: true });\n return true;\n } else if (result.data.newUser) {\n await this._redirectToHandler(\"afterSignUp\", { replace: true }, { awaitPendingAuthResolutions: false });\n return true;\n } else {\n await this._redirectToHandler(\"afterSignIn\", { replace: true }, { awaitPendingAuthResolutions: false });\n return true;\n }\n }\n return false;\n }\n\n protected async _signOut(session: InternalSession, options?: { redirectUrl?: URL \| string }): Promise<void> {\n // Clear analytics buffers before sign-out to prevent cross-user event leakage\n this._eventTracker?.clearBuffer();\n this._sessionRecorder?.clearBuffer();\n\n await storeLock.withWriteLock(async () => {\n await this._interface.signOut(session);\n if (options?.redirectUrl) {\n await this._redirectTo({ url: options.redirectUrl, replace: true });\n } else {\n await this.redirectToAfterSignOut();\n }\n });\n }\n\n async signOut(options?: { redirectUrl?: URL \| string, tokenStore?: TokenStoreInit }): Promise<void> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n await user.signOut({ redirectUrl: options?.redirectUrl });\n }\n }\n\n async getAccessToken(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getAccessToken();\n }\n return null;\n }\n\n useAccessToken(options?: { tokenStore?: TokenStoreInit }): string \| null {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useAccessToken();\n }\n return null;\n }\n\n async getRefreshToken(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getRefreshToken();\n }\n return null;\n }\n\n useRefreshToken(options?: { tokenStore?: TokenStoreInit }): string \| null {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useRefreshToken();\n }\n return null;\n }\n\n async getAuthorizationHeader(options?: { tokenStore?: TokenStoreInit }): Promise<string \| null> {\n return getAuthorizationHeaderValueFromAuthJson(await this.getAuthJson(options));\n }\n\n useAuthorizationHeader(options?: { tokenStore?: TokenStoreInit }): string \| null {\n return getAuthorizationHeaderValueFromAuthJson(this.useAuthJson(options));\n }\n\n async getAuthHeaders(options?: { tokenStore?: TokenStoreInit }): Promise<{ \"x-stack-auth\": string }> {\n return {\n \"x-stack-auth\": JSON.stringify(await this.getAuthJson(options)),\n };\n }\n\n useAuthHeaders(options?: { tokenStore?: TokenStoreInit }): { \"x-stack-auth\": string } {\n return {\n \"x-stack-auth\": JSON.stringify(this.useAuthJson(options)),\n };\n }\n\n async getAuthJson(options?: { tokenStore?: TokenStoreInit }): Promise<{ accessToken: string \| null, refreshToken: string \| null }> {\n const user = await this.getUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return await user.getAuthJson();\n }\n return { accessToken: null, refreshToken: null };\n }\n\n useAuthJson(options?: { tokenStore?: TokenStoreInit }): { accessToken: string \| null, refreshToken: string \| null } {\n const user = this.useUser({ tokenStore: options?.tokenStore ?? undefined as any });\n if (user) {\n return user.useAuthJson();\n }\n return { accessToken: null, refreshToken: null };\n }\n\n async getProject(): Promise<Project> {\n const crud = Result.orThrow(await this._currentProjectCache.getOrWait([], \"write-only\"));\n return this._clientProjectFromCrud(crud);\n }\n\n useProject(): Project {\n const crud = useAsyncCache(this._currentProjectCache, [], \"clientApp.useProject()\");\n return useMemo(() => this._clientProjectFromCrud(crud), [crud]);\n }\n\n protected async _listOwnedProjects(session: InternalSession): Promise<AdminOwnedProject[]> {\n this._ensureInternalProject();\n const crud = Result.orThrow(await this._ownedProjectsCache.getOrWait([session], \"write-only\"));\n return crud.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(\n j,\n () => this._refreshOwnedProjects(session),\n ));\n }\n\n protected _useOwnedProjects(session: InternalSession): AdminOwnedProject[] {\n this._ensureInternalProject();\n const projects = useAsyncCache(this._ownedProjectsCache, [session], \"clientApp.useOwnedProjects()\");\n return useMemo(() => projects.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(\n j,\n () => this._refreshOwnedProjects(session),\n )), [projects]);\n }\n protected async _createProject(session: InternalSession, newProject: AdminProjectUpdateOptions & { displayName: string, teamId: string }): Promise<AdminOwnedProject> {\n this._ensureInternalProject();\n const crud = await this._interface.createProject(adminProjectCreateOptionsToCrud(newProject), session);\n const res = this._getOwnedAdminApp(crud.id, session)._adminOwnedProjectFromCrud(\n crud,\n () => this._refreshOwnedProjects(session),\n );\n await this._refreshOwnedProjects(session);\n return res;\n }\n\n protected async _refreshUser(session: InternalSession) {\n // TODO this should take a user ID instead of a session, and automatically refresh all sessions with that user ID\n await this._refreshSession(session);\n }\n\n protected async _refreshSession(session: InternalSession) {\n await Promise.all([\n this._currentUserCache.refresh([session]),\n this._currentUserConnectedAccountsCache.refresh([session]),\n ]);\n // Suggest updating the access token so it contains the updated user/session data\n session.suggestAccessTokenExpired();\n }\n\n protected async _refreshUsers() {\n // nothing yet\n }\n\n protected async _refreshProject() {\n await this._currentProjectCache.refresh([]);\n }\n\n protected async _refreshOwnedProjects(session: InternalSession) {\n await this._ownedProjectsCache.refresh([session]);\n }\n\n static get [stackAppInternalsSymbol]() {\n return {\n fromClientJson: <HasTokenStore extends boolean, ProjectId extends string>(\n json: StackClientAppJson<HasTokenStore, ProjectId>\n ): StackClientApp<HasTokenStore, ProjectId> => {\n const providedCheckString = JSON.stringify(omit(json, [/ none currently */]));\n const existing = allClientApps.get(json.uniqueIdentifier);\n if (existing) {\n const [existingCheckString, clientApp] = existing;\n if (existingCheckString !== undefined && existingCheckString !== providedCheckString) {\n throw new StackAssertionError(\"The provided app JSON does not match the configuration of the existing client app with the same unique identifier\", { providedObj: json, existingString: existingCheckString });\n }\n return clientApp as any;\n }\n\n const { analytics, ...restJson } = omit(json, [\"uniqueIdentifier\"]);\n return new _StackClientAppImplIncomplete<HasTokenStore, ProjectId>({\n ...restJson as any,\n analytics: analyticsOptionsFromJson(analytics),\n }, {\n uniqueIdentifier: json.uniqueIdentifier,\n checkString: providedCheckString,\n });\n }\n };\n }\n\n get [stackAppInternalsSymbol]() {\n return {\n toClientJson: (): StackClientAppJson<HasTokenStore, ProjectId> => {\n if (typeof this._redirectMethod !== \"string\") {\n throw new StackAssertionError(\"Cannot serialize to JSON from an application with a non-string redirect method\");\n }\n\n const publishableClientKey = \"publishableClientKey\" in this._interface.options\n ? this._interface.options.publishableClientKey\n : undefined;\n\n return {\n baseUrl: this._options.baseUrl,\n projectId: this.projectId,\n ...(publishableClientKey != null ? { publishableClientKey } : {}),\n tokenStore: this._tokenStoreInit,\n urls: this._urlOptions,\n oauthScopesOnSignIn: this._oauthScopesOnSignIn,\n uniqueIdentifier: this._getUniqueIdentifier(),\n redirectMethod: this._redirectMethod,\n extraRequestHeaders: this._options.extraRequestHeaders,\n devTool: this._options.devTool,\n analytics: analyticsOptionsToJson(this._analyticsOptions),\n };\n },\n setCurrentUser: (userJsonPromise: Promise<CurrentUserCrud['Client']['Read'] \| null>) => {\n runAsynchronously(async () => {\n await this._currentUserCache.forceSetCachedValueAsync([await this._getSession()], Result.fromPromise(userJsonPromise));\n });\n },\n getConstructorOptions: () => this._options,\n sendSessionReplayBatch: async (body: string, options: { keepalive: boolean }) => {\n return await this._interface.sendSessionReplayBatch(body, await this._getSession(), options);\n },\n sendAnalyticsEventBatch: async (body: string, options: { keepalive: boolean }) => {\n return await this._interface.sendAnalyticsEventBatch(body, await this._getSession(), options);\n },\n addRequestListener: (listener: RequestListener) => {\n return this._interface.addRequestListener(listener);\n },\n sendRequest: async (\n path: string,\n requestOptions: RequestInit,\n requestType: \"client\" \| \"server\" \| \"admin\" = \"client\",\n ) => {\n return await this._interface.sendClientRequest(path, requestOptions, await this._getSession(), requestType);\n },\n getRedirectMethod: () => this._redirectMethod ?? throwErr(\"Redirect method should have been initialized in the Stack client app constructor\"),\n redirectToUrl: async (url: string \| URL, options?: { replace?: boolean }) => {\n await this._redirectTo({ url, ...options });\n },\n refreshOwnedProjects: async () => {\n await this._refreshOwnedProjects(await this._getSession());\n },\n signInWithTokens: async (tokens: { accessToken: string, refreshToken: string }) => {\n await this._signInToAccountWithTokens(tokens);\n },\n };\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6EA,MAAM,oCAAoC,OAAU;AAEpD,MAAM,mCAAmC;CACvC,gBAAgB;CAChB,aAAa;CACb,aAAa;CACb,OAAO;CACP,eAAe;CACf,qBAAqB;CACrB,0BAA0B;CAC3B;AAED,MAAM,mCAAmC;CAAC;CAAQ;CAAS;CAAS;CAAqB;CAAa;CAAW;CAAU;AAE3H,MAAM,gCAAgB,IAAI,KAA+E;AACzG,MAAM,mCAAmC;AAEzC,SAAS,wCAAwC,UAAsF;AACrI,KAAI,SAAS,eAAe,QAAQ,SAAS,gBAAgB,KAC3D,QAAO;AAIT,QAAO,UAAU,mCADO,aAAa,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,SAAS,CAAC,CAAC;;AAI1F,SAAS,wCAAwC,0BAAsG;CACrJ,MAAM,QAAQ,yBAAyB,MAAM,mBAAmB;AAChE,KAAI,SAAS,KACX,QAAO;CAGT,MAAM,aAAa,MAAM,GAAG,MAAM;AAClC,KAAI,CAAC,WAAW,WAAW,iCAAiC,CAC1D,QAAO;CAGT,MAAM,kBAAkB,WAAW,MAAM,GAAwC;AACjF,KAAI,gBAAgB,WAAW,EAC7B,OAAM,IAAI,MAAM,4FAA4F;CAG9G,IAAI;AACJ,KAAI;EACF,MAAM,kBAAkB,IAAI,aAAa,CAAC,OAAO,aAAa,gBAAgB,CAAC;AAC/E,WAAS,KAAK,MAAM,gBAAgB;UAC7B,GAAG;AACV,QAAM,IAAI,MAAM,2CAA2C,EAAE,OAAO,GAAG,CAAC;;AAG1E,KAAI,UAAU,QAAQ,OAAO,WAAW,YAAY,MAAM,QAAQ,OAAO,CACvE,OAAM,IAAI,MAAM,+DAA+D;CAGjF,MAAM,cAAc,QAAQ,IAAI,QAAQ,cAAc;CACtD,MAAM,eAAe,QAAQ,IAAI,QAAQ,eAAe;AACxD,KAAI,eAAe,QAAQ,OAAO,gBAAgB,SAChD,OAAM,IAAI,MAAM,mFAAmF;AAErG,KAAI,gBAAgB,QAAQ,OAAO,iBAAiB,SAClD,OAAM,IAAI,MAAM,oFAAoF;AAGtG,QAAO;EACL,aAAa,eAAe;EAC5B,cAAc,gBAAgB;EAC/B;;AAGH,SAAS,qCAAqC,SAAiC,MAA6B;AAC1G,KAAI,SAAS,WAAW,OAAO,QAAQ,QAAQ,WAC7C,QAAO,QAAQ,IAAI,KAAK;CAG1B,MAAM,gBAAgB,KAAK,aAAa;AACxC,MAAK,MAAM,CAAC,YAAY,gBAAgB,OAAO,QAAQ,QAAQ,CAC7D,KAAI,WAAW,aAAa,KAAK,cAC/B,QAAO;AAGX,QAAO;;AAGT,SAAS,8BAA8B,MAA6B;CAClE,MAAM,EAAE,qBAAqB;AAC7B,KAAI,oBAAoB,KACtB,OAAM,IAAI,oBAAoB,4EAA4E;AAE5G,QAAO,iBAAiB,KAAK,IAAI;;AAGnC,eAAe,uBAA+C;AAC5D,QAAO,8BAA8B,OAAO;;AAK9C,IAAa,gCAAb,MAAa,8BAAoJ;;+BAQhC,EAAE,OAAO,QAAW;;CAmSnJ,MAAgB,oBAAoB,wBAAgE;EAClG,MAAM,iBAAiB,2BAA2B,SAAY,KAAK,kBAAkB;AACrF,MAAI,mBAAmB,mBAAmB,mBAAmB,SAC3D,QAAO,MAAM,oBAAoB;MAEjC,QAAO,MAAM,+BAA+B;;;CAKhD,MAAgB,+BAA+B,SAM8E;EAC3H,MAAM,OAAO,MAAM,QAAQ,SAAS;EACpC,IAAI,gBAAgB;AACpB,MAAI,CAAC,QAAQ,CAAC,KAAK,gBAAgB,MAAM,MAAM,EAAE,OAAO,QAAQ,WAAW,CACzE,iBAAgB;AAIlB,MAAI,CADU,MAAM,QAAQ,qBAAqB,CAE/C,iBAAgB;AAGlB,MAAI,CAAC,iBAAiB,QAAQ,UAAU;AACtC,OAAI,CAAC,QAAQ,QACX,OAAM,IAAI,MAAM,QAAQ;;;;UAItB;GAEJ,MAAM,WAAW,MAAM,8BACrB,KAAK,YACL;IACE,UAAU,QAAQ;IAClB,aAAa,KAAK,8BAA8B;IAChD,kBAAkB,KAAK,KAAK;IAC5B,eAAe,kBAAkB,QAAQ,SAAS,KAAK,KAAK,qBAAqB,QAAQ,eAAe,EAAE,EAAE,KAAK,IAAI,CAAC;IACvH,EACD,QAAQ,QACT;AACD,SAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,UAAO,MAAM,cAAc;aAClB,CAAC,cACV,QAAO;EAMT,MAAM,oBADmB,KAAM,gBAAgB,MAAM,MAAM,EAAE,OAAO,QAAQ,WAAW,EAC3C,cAAc;AAE1D,SAAO;GACL,IAAI,QAAQ;GACZ,UAAU,QAAQ;GAClB;GACA,MAAM,iBAAiB;IACrB,MAAM,SAAS,MAAM,QAAQ,qBAAqB;AAClD,QAAI,CAAC,OACH,OAAM,IAAI,oBAAoB,4EAA4E,QAAQ,WAAW,uLAAuL;AAEtT,WAAO;;GAET,iBAAiB;IACf,MAAM,SAAS,QAAQ,eAAe;AACtC,QAAI,CAAC,OACH,OAAM,IAAI,oBAAoB,4EAA4E,QAAQ,WAAW,uLAAuL;AAEtT,WAAO;;GAEV;;CAGH,AAAU,mCACR,MACA,SACiB;EACjB,MAAM,MAAM;EACZ,MAAM,aAAa,KAAK;EACxB,MAAM,oBAAoB,KAAK;AAC/B,SAAO;GACL,IAAI;GACJ,UAAU;GACV;GACA,MAAM,eAAe,SAAiC;IACpD,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,SAAS,OAAO,QAAQ,MAAM,IAAI,sDAAsD,UAAU;KAAC;KAAS;KAAY;KAAmB;KAAY,EAAE,aAAa,CAAC;AAC7K,QAAI,CAAC,QAAQ;KACX,MAAM,cAAc,cAAc,yBAAyB,YAAY,8CAA8C;AACrH,YAAO,OAAO,MAAM,IAAI,YAAY,6BAA6B,YAAY,GAAG,YAAY,6GAA6G,CAAC;;AAE5M,WAAO,OAAO,GAAG,OAAO;;GAE1B,eAAe,SAAiC;IAC9C,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,SAAS,cAAc,IAAI,uDAAuD;KAAC;KAAS;KAAY;KAAmB;KAAY,EAAW,8BAA8B;AACtL,QAAI,CAAC,QAAQ;KACX,MAAM,cAAc,cAAc,yBAAyB,YAAY,8CAA8C;AACrH,YAAO,OAAO,MAAM,IAAI,YAAY,6BAA6B,YAAY,GAAG,YAAY,6GAA6G,CAAC;;AAE5M,WAAO,OAAO,GAAG,OAAO;;GAE3B;;CAGH,YAAY,SAAqE,cAAsG;2BA7YrI;0BAQC;uBACN;0CAEF;yBACR,IAAI,iBAAyF;2BAE3F,qBAAqB,OAAO,YAAY;AAC3E,OAAI,KAAK,iCACP,OAAM,KAAK,IAAK;AAElB,OAAI,QAAQ,oBAAoB,CAiB9B,QAAO;AAET,UAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ;IAC1D;8BACsC,YAAY,YAAY;AAC9D,UAAO,OAAO,QAAQ,MAAM,KAAK,WAAW,kBAAkB,CAAC;IAC/D;6BACqC,qBAAqB,OAAO,YAAY;AAC7E,UAAO,MAAM,KAAK,WAAW,aAAa,QAAQ;IAClD;sCAC8C,qBAG9C,OAAO,SAAS,CAAC,QAAQ,eAAe;AACxC,UAAO,MAAM,KAAK,WAAW,+BAA+B;IAAE;IAAQ;IAAW,EAAE,QAAQ;IAC3F;6CACqD,qBAGrD,OAAO,SAAS,CAAC,eAAe;AAChC,UAAO,MAAM,KAAK,WAAW,kCAAkC,EAAE,WAAW,EAAE,QAAQ;IACtF;gCACwC,qBAAqB,OAAO,YAAY;AAChF,UAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ;IAC1D;sDAE8D,qBAC9D,OAAO,SAAS,CAAC,YAAY,WAAW;AACtC,OAAI;AAEF,WAAO,EAAE,cADM,MAAM,KAAK,WAAW,0BAA0B,YAAY,SAAS,IAAI,QAAQ,EACnE,cAAc;YACpC,KAAK;AACZ,QAAI,EAAE,YAAY,wCAAwC,WAAW,IAAI,IAAI,YAAY,kCAAkC,WAAW,IAAI,EACxI,OAAM;;AAGV,UAAO;IAEV;0CAEmD,qBAClD,OAAO,SAAS,CAAC,YAAY,OAAO,cAAc;AAChD,UAAO,MAAM,KAAK,+BAA+B;IAC/C,SAAS,YAAY,OAAO,QAAQ,MAAM,KAAK,kBAAkB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;IACpG,qBAAqB,YAAY,OAAO,QAAQ,MAAM,KAAK,6CAA6C,UAAU;KAAC;KAAS;KAAY,SAAS;KAAG,EAAW,aAAa,CAAC;IAC7K,qBAAqB,cAAc,KAAK,8CAA8C;KAAC;KAAS;KAAY,SAAS;KAAG,EAAW,8BAA8B;IACjK;IACA;IACA;IACA;IACD,CAAC;IAEL;4CACqD,qBACpD,OAAO,YAAY;AAEjB,WADe,MAAM,KAAK,WAAW,sBAAsB,QAAQ,EACrD,MAAM,KAAK,SAAS,KAAK,mCAAmC,MAAM,QAAQ,CAAC;IAE5F;+DACwE,qBACvE,OAAO,SAAS,CAAC,YAAY,mBAAmB,WAAW;AACzD,OAAI;AAEF,WAAO,EAAE,cADM,MAAM,KAAK,WAAW,mCAAmC,YAAY,mBAAmB,OAAO,QAAQ,EACzF,cAAc;YACpC,KAAK;AACZ,QAAI,YAAY,wCAAwC,WAAW,IAAI,IAAI,YAAY,kCAAkC,WAAW,IAAI,CACtI,QAAO;AAET,UAAM;;IAGX;2DACoE,qBACnE,OAAO,SAAS,CAAC,UAAU,iBAAiB;GAE1C,MAAM,mBADoB,OAAO,QAAQ,MAAM,KAAK,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC/E,QAAO,MAAK,EAAE,aAAa,SAAS;GAC/E,MAAM,SAAS,cAAc,YAAY,MAAM,IAAI,GAAG;AAEtD,QAAK,MAAM,WAAW,iBAEpB,MADoB,MAAM,QAAQ,eAAe,EAAE,QAAQ,CAAC,EAC5C,WAAW,KACzB,QAAO;GAIX,MAAM,WAAW,MAAM,8BACrB,KAAK,YACL;IACE;IACA,aAAa,KAAK,8BAA8B;IAChD,kBAAkB,KAAK,KAAK;IAC5B,eAAe,kBAAkB,cAAc,KAAK,qBAAqB,aAA6B,EAAE,EAAE,KAAK,IAAI,CAAC;IACrH,EACD,QACD;AACD,SAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,UAAO,MAAM,cAAc;IAE9B;kCAC2C,qBAC1C,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,uBAAuB,EAAE,QAAQ,EAAE,QAAQ;IAE3E;+BACwC,qBACvC,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,oBAAoB,EAAE,QAAQ,EAAE,QAAQ;IAExE;sCAC+C,qBAC9C,OAAO,SAAS,CAAC,YAAY;AAC3B,UAAO,MAAM,KAAK,WAAW,qBAAqB;IAAE;IAAQ,QAAQ;IAAM,EAAE,QAAQ;IAEvF;0CACmD,qBAAqB,OAAO,YAAY;AAC1F,UAAO,MAAM,KAAK,WAAW,+BAA+B,QAAQ;IACpE;qCAC6C,qBAC7C,OAAO,YAAY;AACjB,UAAO,MAAM,KAAK,WAAW,0BAA0B,QAAQ;IAElE;2BAEoC,qBACnC,OAAO,YAAY;AAEjB,UADgB,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,SAAS,SAAS;IAGjG;2BAEoC,qBACnC,OAAO,SAAS,CAAC,YAAY;AAE3B,UADgB,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,QAAQ,EAAE,SAAS,SAAS;IAGnG;sCAE+C,qBAC9C,OAAO,YAAY;AAEjB,UADgB,MAAM,KAAK,WAAW,2BAA2B,QAAQ;IAG5E;yCAEkD,qBACjD,OAAO,YAAY;AACjB,UAAO,MAAM,KAAK,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,QAAQ;IAE9E;wBAEiC,qBAChC,OAAO,SAAS,CAAC,QAAQ,YAAY;AACnC,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAQ;IAAQ,EAAE,QAAQ;IAEpE;wBAEiC,qBAChC,OAAO,SAAS,CAAC,QAAQ,YAAY;AACnC,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAQ;IAAQ,EAAE,QAAQ;IAEpE;0BAEmC,qBAClC,OAAO,SAAS,CAAC,kBAAkB,YAAY;AAC7C,UAAO,MAAM,KAAK,WAAW,QAAQ;IAAE;IAAkB;IAAQ,EAAE,QAAQ;IAE9E;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;8BAEuC,qBACtC,OAAO,SAAS,CAAC,kBAAkB,QAAQ,WAAW;AACpD,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;4BAEqC,qBACpC,OAAO,SAAS,CAAC,QAAQ,QAAQ,WAAW;AAC1C,UAAO,MAAM,KAAK,WAAW,aAAa;IACxC,eAAe;IACf,aAAa;IACb,QAAQ,UAAU;IAClB,OAAO,SAAS;IACjB,EAAE,QAAQ;IAEd;+BAEwC,qBAUvC,OAAO,SAAS,CAAC,cAAc,gBAAgB;AAC7C,UAAO,MAAM,KAAK,WAAW,mBAAmB,cAAc,YAAY,QAAQ;IAErF;iCAE0C,YACzC,OAAO,CAAC,SAAS,MAAM,KAAK,0BAA0B,IAAW,CAClE;mCAE4C,YAC3C,OAAO,CAAC,YAAY,MAAM,KAAK,wBAAwB,OAAO,CAC/D;oCAEmG;6CACrB;sDACxB;gDACN;wCACY,EAAE;2BA4cjC,uBAAuB;uDACX,IAAI,SAAqC;6CACnD,IAAI,SAA0C;wCACR;6CAChB;4DA0aT,IAAI,SAA2D;qCAolCtE;EA71DpC,MAAM,kBAAkB,0BAA0B,QAAQ;AAE1D,MAAI,CAAC,8BAA8B,sBAAsB,MACvD,OAAM,IAAI,oBAAoB,4SAA4S;AAG5U,OAAK,WAAW;AAChB,OAAK,gBAAgB;EAErB,MAAM,YAAY,gBAAgB,aAAa,qBAAqB;AACpE,MAAI,cAAc,cAAc,CAAE,UAAU,MAAM,8EAA8E,CAC9H,OAAM,IAAI,MAAM,uBAAuB,UAAU,4FAA4F;EAG/I,MAAM,uBAAuB,gBAAgB,wBAAwB,gCAAgC;AAErG,MAAI,gBAAgB,aAAa,UAC/B,MAAK,aAAa,aAAa;OAC1B;GACL,MAAM,UAAU,eAAe,gBAAgB,QAAQ;AACvD,QAAK,aAAa,IAAI,qBAAqB;IACzC,kBAAkB,SAAS,CAAC;IAC5B,2BAA2B,oBAAoB,SAAS,CAAC,GAAG;IAC5D,YAAY;IACZ,qBAAqB,gBAAgB,uBAAuB,+BAA+B;IAC3F;IACA;IACA,GAAI,wBAAwB,OAAO,EAAE,sBAAsB,GAAG,EAAE;IAChE,gBAAgB,YAAY;IAE7B,CAAC;;AAGJ,OAAK,kBAAkB,gBAAgB;AACvC,OAAK,kBAAkB,gBAAgB,mBAAmB,eAAe,GAAG,WAAW;AACvF,OAAK,kBAAkB,gBAAgB,kBAAkB;AACzD,OAAK,cAAc,gBAAgB,QAAQ,EAAE;AAC7C,OAAK,uBAAuB,gBAAgB,uBAAuB,EAAE;AACrE,MAAI,eAAe,KAAK,gBAAgB,eAAe,YAAY,gBAAgB,eAAe,kBAAkB;AAClH,qBAAkB,KAAK,0BAA0B,UAAU,CAAC,OAAO,SAAS,SAAS,EAAE,aAAa,CAAC;AACrG,QAAK,mCAAmC;;AAG1C,MAAI,gBAAgB,aAAa,kBAAkB;AACjD,QAAK,oBAAoB,aAAa;AACtC,QAAK,uBAAuB;;AAG9B,OAAK,oBAAoB,gBAAgB;EAEzC,MAAM,sBAAsB,YAAsC;AAChE,QAAK,6BAA6B;AAElC,OADoB,MAAM,KAAK,eAAe;IAAE,MAAM;IAAS,IAAI;IAAuB,CAAC,CAEzF,QAAO,MAAM,KAAK,aAAa;AAGjC,WADiB,MAAM,KAAK,QAAQ,EAAE,IAAI,aAAa,CAAC,EACxC;;EAGlB,MAAM,mBAAmB,KAAK,mBAAmB,YAAY;AAE7D,MAAI,oBAAoB,eAAe,IAAI,KAAK,0BAA0B,IAAI,KAAK,mBAAmB,SAAS,YAAY,MAAM;AAC/H,QAAK,mBAAmB,IAAI,gBAAgB;IAC1C,WAAW,KAAK;IAChB,WAAW,OAAO,MAAM,SAAS;AAC/B,YAAO,MAAM,KAAK,WAAW,uBAAuB,MAAM,MAAM,qBAAqB,EAAE,KAAK;;IAE/F,EAAE,KAAK,kBAAkB,QAAQ;AAClC,QAAK,iBAAiB,OAAO;;AAG/B,MAAI,oBAAoB,eAAe,IAAI,KAAK,0BAA0B,EAAE;AAC1E,QAAK,gBAAgB,IAAI,aAAa;IACpC,WAAW,KAAK;IAChB,WAAW,OAAO,MAAM,SAAS;AAC/B,YAAO,MAAM,KAAK,WAAW,wBAAwB,MAAM,MAAM,qBAAqB,EAAE,KAAK;;IAEhG,CAAC;AACF,QAAK,cAAc,OAAO;;AAG5B,MAAI,eAAe,IAAI,KAAK,2BAA2B,IAAI,KAAK,wCAAwC,CACtG,MAAK,4BAA4B,YAAY;AAC3C,OAAI,eAAe,CACjB,OAAM,KAAK,kBAAkB,EAAE,iCAAiC,MAAM,CAAC;IAEzE;AAGJ,MAAI,eAAe,CACjB,MAAK,4BAA4B,YAAY;AAC3C,SAAM,KAAK,mCAAmC;IAC9C;AAGJ,MAAI,eAAe,IAAI,gBAAgB,YAAY,MACjD,cAAa,KAAY;;CAI7B,AAAU,wBAAwB;AAChC,MAAI,CAAC,KAAK,kBACR,OAAM,IAAI,oBAAoB,oCAAoC;AAEpE,MAAI,cAAc,IAAI,KAAK,kBAAkB,CAC3C,OAAM,IAAI,oBAAoB,oEAAoE;AAEpG,gBAAc,IAAI,KAAK,mBAAmB,CAAC,KAAK,eAAe,eAAe,QAAW,KAAK,CAAC;;CAGjG,AAAU,4BAA4B,UAAkC;EACtE,MAAM,WAAW,YAAY;AAC3B,SAAM,QAAQ,SAAS;AACvB,OAAI;AACF,UAAM,UAAU;YACT,OAAO;AAGd,iBAAa,kCAAkC,MAAM;;MAErD;AACJ,OAAK,+BAA+B,KAAK,QAAQ;AACjD,oBAAkB,YAAY;AAC5B,OAAI;AACF,UAAM;aACE;AACR,SAAK,iCAAiC,KAAK,+BAA+B,QAAO,MAAK,MAAM,QAAQ;;IAEtG;;CAGJ,MAAgB,6BACd,wBACA,SACA;AACA,MACE,SAAS,gCAAgC,SACtC,2BAA2B,UAC3B,CAAC,KAAK,0BAA0B,IAChC,KAAK,+BAA+B,WAAW,EAElD;AAKF,QAAM,QAAQ,IAAI,KAAK,+BAA+B;;CAGxD,AAAU,2BAA2B,wBAAyC;AAC5E,MACE,2BAA2B,UACxB,CAAC,KAAK,0BAA0B,IAChC,KAAK,+BAA+B,WAAW,EAElD;AAEF,MAAI,QAAQ,IAAI,KAAK,+BAA+B,CAAC;;CAGvD,AAAU,4BAAqC;EAC7C,MAAM,sBAAsB,KAAK,YAAY,iBAAiB,KAAK,YAAY;AAC/E,SAAO,OAAO,wBAAwB,YAAY,qBAAqB,SAAS;;CAGlF,AAAU,oCAA6C;AACrD,MAAI,OAAO,WAAW,YACpB,QAAO;EAET,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;AAChD,SACE,WAAW,aAAa,IAAI,OAAO,IAAI,WAAW,aAAa,IAAI,QAAQ,IAE3E,WAAW,aAAa,IAAI,YAAY,IAAI,WAAW,aAAa,IAAI,UAAU;;CAItF,AAAU,yCAAkD;AAC1D,MAAI,OAAO,WAAW,YACpB,QAAO;EAET,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;EAChD,MAAM,QAAQ,WAAW,aAAa,IAAI,QAAQ;AAClD,MAAI,CAAC,WAAW,aAAa,IAAI,OAAO,IAAI,SAAS,KACnD,QAAO;AAET,SAAO,gBAAgB,qBAAqB,QAAQ,IAAI;;CAG1D,AAAU,+BAAuC;AAC/C,MAAI,CAAC,KAAK,2BAA2B,CACnC,QAAO,KAAK,KAAK;AAEnB,MAAI,OAAO,WAAW,YACpB,OAAM,IAAI,oBAAoB,sGAAsG;EAGtI,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;AAChD,OAAK,MAAM,SAAS,iCAClB,YAAW,aAAa,OAAO,MAAM;AAEvC,SAAO,WAAW,UAAU;;CAG9B,MAAgB,oCAAoC,SAA6E;EAE/H,MAAM,SAAS,OADC,MAAM,KAAK,YAAY,QAAW,QAAQ,EAC7B,4BAA4B,GAAG,KAAK;AACjE,MAAI,QAAQ,gBAAgB,KAC1B,QAAO;AAET,SAAO,OAAO,YAAY,QAAQ;;CAGpC,MAAgB,6CAA6C,SAIzC;EAClB,MAAM,YAAY,IAAI,IAAI,QAAQ,KAAK,QAAQ,WAAW;AAC1D,MAAI,UAAU,WAAW,QAAQ,WAAW,OAC1C,QAAO,QAAQ;EAGjB,MAAM,iBAAiB,MAAM,KAAK,oCAAoC,EACpE,6BAA6B,QAAQ,6BACtC,CAAC;AACF,MAAI,kBAAkB,KACpB,QAAO,QAAQ;AAGjB,YAAU,aAAa,IAAI,iCAAiC,gBAAgB,eAAe;AAC3F,YAAU,aAAa,IACrB,iCAAiC,aACjC,IAAI,IAAI,KAAK,8BAA8B,EAAE,QAAQ,WAAW,CAAC,UAAU,CAC5E;AACD,SAAO,UAAU,UAAU;;CAG7B,MAAgB,oCAAsD;AACpE,MAAI,OAAO,WAAW,YAAa,QAAO;EAC1C,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;AAEhD,MAAI,WAAW,aAAa,IAAI,OAAO,IAAI,WAAW,aAAa,IAAI,QAAQ,CAAE,QAAO;EACxF,MAAM,iBAAiB,WAAW,aAAa,IAAI,iCAAiC,eAAe;AACnG,MAAI,kBAAkB,KAAM,QAAO;EAEnC,MAAM,cAAc,WAAW,aAAa,IAAI,iCAAiC,YAAY;EAC7F,MAAM,QAAQ,WAAW,aAAa,IAAI,iCAAiC,MAAM;EACjF,MAAM,gBAAgB,WAAW,aAAa,IAAI,iCAAiC,cAAc;AACjG,MAAI,eAAe,QAAQ,SAAS,QAAQ,iBAAiB,MAAM;AACjE,OAAI,eAAe,QAAQ,SAAS,QAAQ,iBAAiB,KAC3D,OAAM,IAAI,oBAAoB,6EAA6E;IACzG;IACA;IACA;IACD,CAAC;AAKJ,QAAK,WAAW,aAAa,IAAI,iCAAiC,oBAAoB,IAAI,YAAY,OACpG,OAAM,IAAI,oBAAoB,mDAAmD;AAEnF,OAAI,WAAW,YAAY,CACzB,OAAM,IAAI,MAAM,0DAA0D;GAE5E,MAAM,iBAAiB,IAAI,IAAI,YAAY;AAC3C,OAAI,CAAC,MAAM,KAAK,WAAW,eAAe,UAAU,CAAC,CACnD,OAAM,IAAI,MAAM,yCAAyC,YAAY,kBAAkB;GAEzF,MAAM,iCAAiC,WAAW,aAAa,IAAI,iCAAiC,yBAAyB;GAC7H,MAAM,2BAA2B,kCAAkC,OAC/D,iBACA,IAAI,IAAI,gCAAgC,eAAe;AAC3D,OAAI,CAAC,MAAM,KAAK,WAAW,yBAAyB,UAAU,CAAC,CAC7D,OAAM,IAAI,MAAM,wDAAwD,+BAA+B,kBAAkB;AAG3H,OAD8B,MAAM,KAAK,oCAAoC,EAAE,6BAA6B,OAAO,CAAC,KACtF,eAC5B,OAAM,IAAI,MAAM,yFAAyF;AAE3G,SAAM,KAAK,YAAY;IACrB,KAAK,MAAM,KAAK,kCAAkC;KAChD,aAAa,eAAe,UAAU;KACtC;KACA;KACA,0BAA0B,yBAAyB,UAAU;KAC7D,6BAA6B;KAC9B,CAAC;IACF,SAAS;IACV,CAAC;AACF,UAAO;;AAMT,MAD8B,MAAM,KAAK,oCAAoC,EAAE,6BAA6B,OAAO,CAAC,KACtF,eAAgB,QAAO;EACrD,MAAM,oBAAoB,WAAW,aAAa,IAAI,iCAAiC,YAAY;AACnG,MAAI,qBAAqB,KAAM,OAAM,IAAI,oBAAoB,uDAAuD;AACpH,MAAI,WAAW,kBAAkB,CAC/B,OAAM,IAAI,MAAM,0DAA0D;EAE5E,MAAM,cAAc,IAAI,IAAI,kBAAkB;AAE9C,MAAI,CADc,MAAM,KAAK,WAAW,YAAY,UAAU,CAAC,CAE7D,OAAM,IAAI,MAAM,yCAAyC,kBAAkB,kBAAkB;EAG/F,MAAM,2BAA2B,IAAI,IAAI,WAAW;AACpD,2BAAyB,aAAa,OAAO,iCAAiC,eAAe;AAC7F,2BAAyB,aAAa,OAAO,iCAAiC,YAAY;EAC1F,MAAM,EAAE,OAAO,UAAU,eAAe,qBAAqB,MAAM,KAAK,wCAAwC,WAAW;AAE3H,cAAY,aAAa,IAAI,iCAAiC,gBAAgB,eAAe;AAC7F,cAAY,aAAa,IAAI,iCAAiC,aAAa,IAAI,IAAI,KAAK,8BAA8B,EAAE,WAAW,CAAC,UAAU,CAAC;AAC/I,cAAY,aAAa,IAAI,iCAAiC,OAAO,SAAS;AAC9E,cAAY,aAAa,IAAI,iCAAiC,eAAe,iBAAiB;AAC9F,cAAY,aAAa,IAAI,iCAAiC,qBAAqB,OAAO;AAC1F,cAAY,aAAa,IAAI,iCAAiC,0BAA0B,yBAAyB,UAAU,CAAC;AAC5H,QAAM,KAAK,YAAY;GAAE,KAAK;GAAa,SAAS;GAAM,CAAC;AAC3D,SAAO;;;;;;;CAQT,AAAU,uBAAuB;AAC/B,MAAI,CAAC,KAAK,mBAAmB;AAC3B,QAAK,oBAAoB,cAAc;AACvC,QAAK,uBAAuB;;AAE9B,SAAO,KAAK;;CAGd,MAAgB,qBAAqB,MAAc,SAAc;AAC/D,SAAO,MAAM,KAAK,WAAW,oBAAoB;GAAE,GAAG;GAAS;GAAM,CAAC;;CAGxE,AAAU,wBAAwB,MAAc,SAAqB;AACnE,oBAAkB,KAAK,qBAAqB,MAAM,QAAQ,CAAC;AAC3D,QAAM,IAAI,oBAAoB,GAAG,KAAK,sFAAsF;;CAQ9H,IAAc,gCAAgC;AAC5C,SAAO,iBAAiB,KAAK;;CAE/B,IAAc,0BAA0B;AACtC,SAAO,iBAAiB,KAAK;;CAE/B,AAAQ,2CAA2C,QAAyB;AAC1E,SAAO,GAAG,SAAS,YAAY,KAAK,KAAK,wBAAwB;;CAEnE,AAAQ,4BAA4B,QAAwB;EAC1D,MAAM,UAAU,aAAa,IAAI,aAAa,CAAC,OAAO,OAAO,aAAa,CAAC,CAAC;AAC5E,SAAO,GAAG,KAAK,wBAAwB,WAAW;;CAEpD,AAAQ,sCAAsC,MAA6B;EACzE,MAAM,SAAS,GAAG,KAAK,wBAAwB;AAC/C,MAAI,CAAC,KAAK,WAAW,OAAO,CAAE,QAAO;AACrC,MAAI;AACF,UAAO,IAAI,aAAa,CAAC,OAAO,aAAa,KAAK,MAAM,OAAO,OAAO,CAAC,CAAC;UAClE;AACN,UAAO;;;CAGX,AAAQ,0BAA0B,cAAsB,WAA2B;AACjF,SAAO,KAAK,UAAU;GACpB,eAAe;GACf,mBAAmB;GACpB,CAAC;;CAEJ,AAAQ,yBAAyB,cAA6B,aAA2C;AACvG,SAAO,gBAAgB,cAAc,KAAK,UAAU,CAAC,cAAc,YAAY,CAAC,GAAG;;CAErF,AAAQ,8BAA8B,OAAsF;AAC1H,MAAI,CAAC,MACH,QAAO;EAET,MAAM,SAAS,UAAU,MAAM;AAC/B,MAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,SAAS,YAAY,OAAO,SAAS,MAAM;AACrF,WAAQ,KAAK,4CAA4C;AACzD,UAAO;;EAET,MAAM,OAAO,OAAO;EACpB,MAAM,eAAe,mBAAmB,QAAQ,OAAO,KAAK,kBAAkB,WAAW,KAAK,gBAAgB;EAC9G,MAAM,YAAY,uBAAuB,QAAQ,OAAO,KAAK,sBAAsB,WAAW,KAAK,oBAAoB;AACvH,MAAI,CAAC,cAAc;AACjB,WAAQ,KAAK,uDAAuD;AACpE,UAAO;;AAET,SAAO;GACL;GACA;GACD;;CAGH,AAAQ,kCAAkC,SAAoF;EAC5H,MAAM,EAAE,aAAa,uBAAuB,KAAK,oCAAoC;AACrF,OAAK,MAAM,QAAQ,aAAa;GAC9B,MAAM,QAAQ,QAAQ;AACtB,OAAI,MACF,QAAO;IAAE,cAAc;IAAO,WAAW;IAAM;;EAInD,IAAI,WAAsE;AAC1E,OAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,EAAE;AACnD,OAAI,CAAC,mBAAmB,MAAK,WAAU,KAAK,WAAW,OAAO,CAAC,CAAE;GACjE,MAAM,SAAS,KAAK,8BAA8B,MAAM;AACxD,OAAI,CAAC,OAAQ;GACb,MAAM,qBAAqB,OAAO,aAAa,OAAO;GACtD,MAAM,oBAAoB,UAAU,aAAa,OAAO;AACxD,OAAI,CAAC,YAAY,qBAAqB,kBACpC,YAAW;;AAIf,MAAI,CAAC,SACH,QAAO;GAAE,cAAc;GAAM,WAAW;GAAM;AAGhD,SAAO;GACL,cAAc,SAAS;GACvB,WAAW,SAAS,aAAa;GAClC;;CAEH,AAAU,sBAAsB,SAAsC;EACpE,MAAM,EAAE,iBAAiB,KAAK,kCAAkC,QAAQ;EACxE,MAAM,oBAAoB,QAAQ,KAAK,2BAA2B;EAClE,IAAI,cAA6B;AACjC,MAAI,qBAAqB,kBAAkB,WAAW,MAAM,EAAE;GAC5D,MAAM,SAAS,UAAU,kBAAkB;AAC3C,OACE,OAAO,WAAW,QAClB,OAAO,OAAO,SAAS,YACvB,OAAO,SAAS,QAChB,MAAM,QAAQ,OAAO,KAAK,IAC1B,OAAO,KAAK,WAAW,KACvB,OAAO,OAAO,KAAK,OAAO,YAC1B,OAAO,OAAO,KAAK,OAAO,UAE1B;QAAI,OAAO,KAAK,OAAO,aACrB,eAAc,OAAO,KAAK;SAG5B,SAAQ,KAAK,yCAAyC;;AAG1D,SAAO;GACL;GACA;GACD;;CAEH,IAAc,yBAAyB;AAKrC,SAAO;;CAET,AAAQ,wBAAwC;AAC9C,MAAI,CAAC,eAAe,CAClB,OAAM,IAAI,oBAAoB,4CAA4C;AAE5E,SAAO,OAAO,YAAY,SAAS,UAAU,GAAG;;CAElD,AAAQ,qCAA8F;AACpG,SAAO;GACL,aAAa,CAAC,KAAK,+BAA+B,gBAAgB;GAClE,oBAAoB,CAClB,GAAG,KAAK,wBAAwB,KAChC,UAAU,KAAK,wBAAwB,IACxC;GACF;;CAEH,AAAQ,gCAAgC,SAAsC;EAC5E,MAAM,EAAE,aAAa,uBAAuB,KAAK,oCAAoC;EACrF,MAAM,wBAAQ,IAAI,KAAa;AAC/B,OAAK,MAAM,QAAQ,YACjB,KAAI,QAAQ,MACV,OAAM,IAAI,KAAK;AAGnB,OAAK,MAAM,QAAQ,OAAO,KAAK,QAAQ,CACrC,KAAI,mBAAmB,MAAK,WAAU,KAAK,WAAW,OAAO,CAAC,CAC5D,OAAM,IAAI,KAAK;AAGnB,SAAO;;CAET,AAAQ,4BACN,iBACA,cACA,aACA,mBACA;EACA,MAAM,cAAc,KAAK,gCAAgC,gBAAgB;AACzE,cAAY,OAAO,kBAAkB;EACrC,MAAM,YAAY,eAAe,KAAK,KAAK,GAAG;AAG9C,SAAO;GACL;GACA,oBAJyB,gBAAgB,cAAc,OAAO,KAAK,0BAA0B,cAAc,UAAU,GAAG;GAKxH,oBAJyB,KAAK,yBAAyB,cAAc,YAAY;GAKjF,qBAAqB,CAAC,GAAG,YAAY;GACtC;;CAGH,AAAQ,oCAAoC;AAC1C,oBAAkB,YAAY;GAC5B,MAAM,WAAW,OAAO,SAAS;GACjC,MAAM,SAAS,MAAM,KAAK,0BAA0B,UAAU,CAAC,SAAS,EAAE,aAAa;AACvF,OAAI,OAAO,WAAW,WAAW,CAAC,OAAO,KACvC;GAEF,MAAM,UAAU,KAAK,uBAAuB;GAC5C,MAAM,mBAAmB,KAAK,4BAA4B,OAAO,KAAK;AACtE,OAAI,QAAQ,kBACV;GAEF,MAAM,EAAE,cAAc,cAAc,KAAK,kCAAkC,QAAQ;AACnF,OAAI,gBAAgB,UAElB,yBAAwB,kBADV,KAAK,0BAA0B,cAAc,UAAU,EACpB;IAAE,QAAQ,OAAU,KAAK;IAAK,QAAQ,OAAO;IAAM,CAAC;IAEvG;;CAEJ,AAAQ,gCAAgC,cAA6B,WAA0B,SAA+B;AAC5H,oBAAkB,YAAY;AAC5B,QAAK;GACL,MAAM,cAAc,KAAK;GACzB,IAAI;AACJ,OAAI,eAAe,CACjB,YAAW,OAAO,SAAS;OAE3B,YAAW,MAAM,sBAAsB;AAEzC,OAAI,CAAC,UAAU;AACb,YAAQ,KAAK,+DAA+D;AAC5E;;GAEF,MAAM,SAAS,MAAM,KAAK,0BAA0B,UAAU,CAAC,SAAS,EAAE,aAAa;GAEvF,MAAM,gBAAgB;IAAE,QAAQ,OAAU,KAAK;IAAK,uBAAuB;IAAM;GACjF,MAAM,YAAY,OAAO,cAAsB,UAAyB;IACtE,MAAM,OAAO,KAAK,4BAA4B,aAAa;IAC3D,MAAM,UAAU;KAAE,GAAG;KAAe,QAAQ;KAAc;AAC1D,QAAI,YAAY,UACd,yBAAwB,MAAM,OAAO,QAAQ;QAE7C,OAAM,kBAAkB,MAAM,OAAO,QAAQ;;AAIjD,OAAI,OAAO,WAAW,WAAW,CAAC,OAAO,QAAQ,gBAAgB,KAAK,oCACpE;GAEF,MAAM,QAAQ,gBAAgB,YAAY,KAAK,0BAA0B,cAAc,UAAU,GAAG;AACpG,SAAM,UAAU,OAAO,MAAM,MAAM;GACnC,MAAMA,aAAW,MAAMC,UAAuB;AAC9C,SAAM,kBAAkB,KAAK,2CAA2CD,WAAS,EAAE,MAAM,cAAc;IACvG;;CAEJ,MAAc,4BAA4F;EACxG,MAAM,UAAU,OAAO,QAAQ,MAAM,KAAK,qBAAqB,UAAU,EAAE,EAAE,aAAa,CAAC;AAC3F,SAAO;GACL,gBAAgB,QAAQ,OAAO;GAC/B,gBAAgB,CACd,GAAG,QAAQ,OAAO,QAAQ,KAAI,MAAK,EAAE,OAAO,EAC5C,IAAI,IAAI,oBAAoB;IAAE,WAAW,KAAK;IAAW,UAAU;IAAI,CAAC,CAAC,CAAC,OAC3E;GACF;;CAGH,MAAc,wBAAwB,eAA+C;AACnF,SAAO,uBAAuB,gBAAgB,MAAM,KAAK,2BAA2B,EAAE,eAAe;;CAGvG,AAAU,8BAAkD;AAC1D,MAAI,CAAC,eAAe,CAClB,OAAM,IAAI,MAAM,+CAA+C;AAGjE,MAAI,KAAK,mCAAmC,MAAM;GAChD,MAAM,mBAAmB,QAA4B;IACnD,MAAM,SAAS,KAAK,sBAAsB,KAAK,uBAAuB,CAAC;AACvE,WAAO;KACL,cAAc,OAAO;KACrB,aAAa,OAAO,gBAAgB,KAAK,iBAAiB,OAAO,eAAe,IAAI,cAAc;KACnG;;AAEH,QAAK,iCAAiC,IAAI,MAAmB,gBAAgB,KAAK,CAAC;GACnF,IAAI,wBAAwB;AAE5B,qBAAkB;AAChB,QAAI,uBAAuB;KACzB,MAAM,WAAW,KAAK,+BAAgC,KAAK;KAC3D,MAAM,eAAe,gBAAgB,SAAS;AAC9C,SAAI,CAAC,gBAAgB,cAAc,SAAS,CAC1C,MAAK,+BAAgC,IAAI,aAAa;;MAGzD,IAAI;AACP,QAAK,+BAA+B,UAAU,UAAU;AACtD,QAAI;KACF,MAAM,eAAe,MAAM;KAC3B,MAAM,SAAS,OAAO,SAAS,aAAa;KAC5C,MAAM,cAAc,KAAK,2CAA2C,OAAO;KAC3E,MAAM,EAAE,WAAW,oBAAoB,oBAAoB,wBAAwB,KAAK,4BACtF,KAAK,uBAAuB,EAC5B,cACA,MAAM,eAAe,MACrB,YACD;AACD,6BAAwB,aAAa,oBAAoB;MAAE,QAAQ,OAAU,KAAK;MAAK;MAAQ,CAAC;AAChG,6BAAwB,KAAK,wBAAwB,oBAAoB,EAAE,QAAQ,OAAU,IAAI,CAAC;AAClG,yBAAoB,SAAS,SAAS;MACpC,MAAM,SAAS,KAAK,sCAAsC,KAAK;AAC/D,yBAAmB,MAAM,SAAS,EAAE,QAAQ,GAAG,EAAE,CAAC;OAClD;AACF,UAAK,gCAAgC,cAAc,WAAW,UAAU;AACxE,6BAAwB;aACjB,GAAG;AACV,SAAI,CAAC,eAAe,CAElB,yBAAwB;SAExB,OAAM;;KAGV;;AAGJ,SAAO,KAAK;;CAEd,AAAU,uBAAuB,cAA4B,wBAA6D;EACxH,MAAM,iBAAiB,2BAA2B,SAAY,KAAK,kBAAkB;AAErF,UAAQ,gBAAR;GACE,KAAK;AACH,QAAI,CAAC,eAAe,CAClB,QAAO,KAAK,uBAAuB,cAAc,gBAAgB;AAEnE,WAAO,KAAK,6BAA6B;GAE3C,KAAK,gBACH,KAAI,eAAe,CACjB,QAAO,KAAK,6BAA6B;QACpC;IAEL,MAAM,QAAQ,IAAI,MADH,KAAK,sBAAsB,aAAa,QAAQ,CAAC,CACpB;AAC5C,UAAM,UAAU,UAAU;AACxB,uBAAkB,YAAY;MAY5B,MAAM,eAAe,MAAM;MAC3B,MAAM,SAAS,MAAMC,UAAuB;MAC5C,MAAM,cAAc,KAAK,2CAA2C,OAAO;MAC3E,MAAM,EAAE,WAAW,oBAAoB,oBAAoB,wBAAwB,KAAK,4BACtF,aAAa,QAAQ,EACrB,cACA,MAAM,eAAe,MACrB,YACD;AACD,YAAM,QAAQ,IAAI,CAChB,kBAAkB,aAAa,oBAAoB;OAAE,QAAQ,OAAU,KAAK;OAAK,uBAAuB;OAAM,CAAC,EAC/G,kBAAkB,KAAK,wBAAwB,oBAAoB;OAAE,QAAQ,OAAU;OAAI,uBAAuB;OAAM,CAAC,CAC1H,CAAC;AACF,UAAI,oBAAoB,SAAS,EAC/B,OAAM,QAAQ,IACZ,oBAAoB,KAAK,SAAS;OAChC,MAAM,SAAS,KAAK,sCAAsC,KAAK;AAC/D,cAAO,aAAa,MAAM;QAAE,uBAAuB;QAAM,GAAI,SAAS,EAAE,QAAQ,GAAG,EAAE;QAAG,CAAC;QACzF,CACH;AAEH,WAAK,gCAAgC,cAAc,WAAW,SAAS;OACvE;MACF;AACF,WAAO;;GAGX,KAAK,SACH,QAAO,KAAK;GAEd;AACE,QAAI,mBAAmB,KACrB,QAAO,uBAAuB;aACrB,OAAO,mBAAmB,YAAY,aAAa,gBAAgB;AAC5E,SAAI,KAAK,oBAAoB,IAAI,eAAe,CAAE,QAAO,KAAK,oBAAoB,IAAI,eAAe;KAGrG,MAAM,sBAAsB,qCAAqC,eAAe,SAAS,gBAAgB;AACzG,SAAI,qBAAqB;MACvB,MAAM,WAAW,wCAAwC,oBAAoB;AAC7E,UAAI,YAAY,MAAM;OACpB,MAAM,aAAa,IAAI,MAAmB;QACxC,aAAa,SAAS;QACtB,cAAc,SAAS;QACxB,CAAC;AACF,YAAK,oBAAoB,IAAI,gBAAgB,WAAW;AACxD,cAAO;;;KAKX,MAAM,kBAAkB,qCAAqC,eAAe,SAAS,eAAe;AACpG,SAAI,iBAAiB;MACnB,IAAI;AACJ,UAAI;AACF,gBAAS,KAAK,MAAM,gBAAgB;AACpC,WAAI,OAAO,WAAW,SAAU,OAAM,IAAI,MAAM,4CAA4C;AAC5F,WAAI,WAAW,KAAM,OAAM,IAAI,MAAM,uCAAuC;eACrE,GAAG;AACV,aAAM,IAAI,MAAM,gCAAgC,EAAE,OAAO,GAAG,CAAC;;AAE/D,aAAO,KAAK,uBAAuB,cAAc;OAC/C,aAAa,OAAO,eAAe;OACnC,cAAc,OAAO,gBAAgB;OACtC,CAAC;;KAIJ,MAAM,eAAe,qCAAqC,eAAe,SAAS,SAAS;KAC3F,MAAM,SAAS,OAAO,YAAY,gBAAgB,GAAG;KACrD,MAAM,MAAM,IAAI,MAAmB,KAAK,sBAAsB,OAAO,CAAC;AACtE,UAAK,oBAAoB,IAAI,gBAAgB,IAAI;AACjD,YAAO;eACE,iBAAiB,kBAAkB,kBAAkB,eAC9D,QAAO,IAAI,MAAmB;KAC5B,cAAc,eAAe;KAC7B,aAAa,eAAe;KAC7B,CAAC;AAGJ,UAAM,IAAI,MAAM,uBAAuB,iBAAiB;;;CAK9D,AAAU,eAAe,wBAA6D;AACpF,MAAI,CAAC,eAAe,CAClB,QAAO,KAAK,uBAAuB,IAAI,oBAAoB,CAAC,EAAE,uBAAuB;AAEvF,gBAAc;EACd,MAAM,eAAe,2BAA2B;AAEhD,SADmB,KAAK,uBAAuB,cAAc,uBAAuB;;CAatF,AAAU,0BAA0B,YAAiD;EACnF,MAAM,WAAW,WAAW,KAAK;EACjC,MAAM,aAAa,gBAAgB,oBAAoB,SAAS;EAChE,MAAM,WAAW,aAAa,KAAK,mCAAmC,IAAI,WAAW,EAAE,IAAI,WAAW,GAAG;AACzG,MAAI,SAAU,QAAO;EAErB,MAAM,UAAU,KAAK,WAAW,cAAc;GAC5C,cAAc,SAAS;GACvB,aAAa,SAAS;GACvB,CAAC;AACF,UAAQ,qBAAqB,mBAAmB;AAC9C,cAAW,QAAQ,SAAS;IAC1B,GAAG;IACH,aAAa,gBAAgB,SAAS;IACvC,EAAE;IACH;AACF,UAAQ,mBAAmB;AACzB,cAAW,QAAQ,SAAS;IAC1B,GAAG;IACH,aAAa;IACb,cAAc;IACf,EAAE;IACH;EAEF,IAAI,uBAAuB,KAAK,mCAAmC,IAAI,WAAW,oBAAI,IAAI,KAAK;AAC/F,OAAK,mCAAmC,IAAI,YAAY,qBAAqB;AAC7E,uBAAqB,IAAI,YAAY,QAAQ;AAC7C,SAAO;;CAGT,MAAgB,YACd,wBACA,SAC0B;AAC1B,QAAM,KAAK,6BAA6B,wBAAwB,QAAQ;EACxE,MAAM,aAAa,KAAK,uBAAuB,MAAM,KAAK,oBAAoB,uBAAuB,EAAE,uBAAuB;AAE9H,SADgB,KAAK,0BAA0B,WAAW;;CAI5D,AAAU,YAAY,wBAA0D;AAC9E,OAAK,2BAA2B,uBAAuB;EACvD,MAAM,aAAa,KAAK,eAAe,uBAAuB;EAC9D,MAAM,YAAY,aAAa,OAAmB;AAChD,UAAO,wBAAwB;IAC7B;IACA,kBAAkB,KAAK,0BAA0B,WAAW;IAC5D,oBAAoB;IACrB,CAAC;KACD,CAAC,WAAW,CAAC;EAChB,MAAM,cAAc,kBAAkB,KAAK,0BAA0B,WAAW,EAAE,CAAC,WAAW,CAAC;AAC/F,SAAO,MAAM,qBAAqB,WAAW,aAAa,YAAY;;CAGxE,MAAgB,2BAA2B,QAA8D;AACvG,MAAI,EAAE,iBAAiB,WAAW,EAAE,kBAAkB,QACpD,OAAM,IAAI,oBAAoB,kDAAkD,EAAE,QAAQ,CAAC;EAE7F,MAAM,aAAa,KAAK,uBAAuB,MAAM,KAAK,qBAAqB,CAAC;AAChF,aAAW,IAAI,OAAO;EAItB,MAAM,aAAa,KAAK,0BAA0B,WAAW;AAC7D,OAAK,kBAAkB,UAAU,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,GAAG;;CAG9E,AAAU,yBAAyB,wBAAkF;AACnH,UAAQ,2BAA2B,SAAY,yBAAyB,KAAK,qBAAqB;;CAGpG,AAAU,4BAA4B,wBAA0F;AAC9H,MAAI,CAAC,KAAK,yBAAyB,uBAAuB,CACxD,OAAM,IAAI,MAAM,wVAAwV;;CAI5W,AAAU,qBAAwD;AAChE,SAAO,KAAK,cAAc;;CAG5B,AAAU,yBAAoE;AAC5E,MAAI,CAAC,KAAK,oBAAoB,CAC5B,OAAM,IAAI,MAAM,oFAAoF;;CAIxG,AAAU,uBAAuB,MAAqD;AACpF,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,QAAQ;IACN,eAAe,KAAK,OAAO;IAC3B,mBAAmB,KAAK,OAAO;IAC/B,kBAAkB,KAAK,OAAO;IAC9B,gBAAgB,KAAK,OAAO;IAC5B,2BAA2B,KAAK,OAAO;IACvC,2BAA2B,KAAK,OAAO;IACvC,kBAAkB,KAAK,OAAO;IAC9B,kBAAkB,KAAK,OAAO;IAC9B,gBAAgB,KAAK,OAAO,wBAAwB,KAAK,OAAO,EAC9D,IAAI,EAAE,IACP,EAAE;IACJ;GACF;;CAGH,AAAU,0BAA0B,MAAwG;AAC1I,SAAO,EACL,IAAI,KAAK,IACV;;CAGH,AAAU,wBAAwB,MAA0D;AAC1F,SAAO;GACL,IAAI,KAAK;GACT,aAAa;IACX,aAAa,KAAK;IAClB,iBAAiB,KAAK;IACvB;GACF;;CAGH,AAAU,kCAAkC,SAA0B,MAAgE;AACpI,SAAO;GACL,IAAI,KAAK;GACT,gBAAgB,KAAK;GACrB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,QAAQ,YAAY;AAClB,UAAM,KAAK,WAAW,qBAAqB,KAAK,IAAI,KAAK,SAAS,QAAQ;AAC1E,UAAM,KAAK,sBAAsB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;;GAEpE;;CAGH,AAAU,sCAAsC,SAA0B,MAAoE;EAC5I,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,gBAAgB,KAAK;GACrB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,QAAQ,YAAY;AAClB,UAAM,IAAI,WAAW,yBAAyB,KAAK,IAAI,QAAQ;AAC/D,UAAM,QAAQ,IAAI;KAChB,IAAI,iCAAiC,QAAQ,CAAC,QAAQ,CAAC;KACvD,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;KAC7C,IAAI,sBAAsB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;KAC3D,CAAC;;GAEL;;CAGH,AAAU,oBACR,MACyG;AACzG,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,WAAW,KAAK,oBAAoB,IAAI,KAAK,KAAK,kBAAkB,GAAG;GACvE,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,2BAA2B,GAAG;GACjG,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC3C,GAAI,KAAK,SAAS,SAAS;IAAE,MAAM;IAAQ,QAAQ,KAAK;IAAS,GAAG;IAAE,MAAM;IAAQ,QAAQ,KAAK;IAAS;GAC1G,OAAO,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ,EACnD,UAAU,KAAK,MAAM,WACtB;GACD,SAAS,WAAY;AACnB,WAAO,KAAK,YAAY,KAAK;;GAE/B,YAAY,WAAY;AACtB,QAAI,KAAK,kBACP,QAAO;AAET,QAAI,KAAK,aAAa,KAAK,4BAAY,IAAI,MAAM,CAC/C,QAAO;AAET,WAAO;;GAEV;;CAQH,AAAU,sBAAsB,SAA0B,MAA2N;AACnR,SAAO;GACL,GAAG,KAAK,oBAAoB,KAAK;GACjC,MAAM,SAAS;AACb,UAAM,KAAK,OAAO,EAAE,SAAS,MAAM,CAAC;;GAEtC,QAAQ,OAAO,YAAiC;AAC9C,UAAM,KAAK,WAAW,oBAAoB,KAAK,SAAS,SAAS,EAAE,SAAS,KAAK,SAAS,GAAG,EAAE,SAAS,KAAK,SAAS,EAAE,KAAK,IAAI,SAAS,SAAS,SAAS;AAC5J,QAAI,KAAK,SAAS,OAChB,OAAM,KAAK,kBAAkB,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;QAE7D,OAAM,KAAK,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;;GAGpD;;CAGH,AAAU,oBAAoB,MAAmC,SAAgC;EAC/F,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,iBAAiB,KAAK;GACtB,gBAAgB,KAAK;GACrB,wBAAwB,KAAK;GAC7B,GAAG,KAAK,gBAAgB,KAAK,IAAI,QAAQ,QAAQ;GACjD,MAAM,WAAW,SAAkD;AACjE,UAAM,IAAI,WAAW,mBAAmB;KACtC,QAAQ,KAAK;KACb,OAAO,QAAQ;KACf;KACA,aAAa,QAAQ,eAAe,qBAAqB,IAAI,KAAK,gBAAgB,cAAc;KACjG,CAAC;AACF,UAAM,IAAI,sBAAsB,QAAQ,CAAC,SAAS,KAAK,GAAG,CAAC;;GAE7D,MAAM,YAAY;AAEhB,WADe,OAAO,QAAQ,MAAM,IAAI,yBAAyB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CAC/F,KAAK,SAAS,IAAI,wBAAwB,KAAK,CAAC;;GAEhE,WAAW;AAET,WADe,cAAc,IAAI,0BAA0B,CAAC,SAAS,KAAK,GAAG,EAAW,kBAAkB,CAC5F,KAAK,SAAS,IAAI,wBAAwB,KAAK,CAAC;;GAEhE,MAAM,kBAAkB;AAEtB,WADe,OAAO,QAAQ,MAAM,IAAI,sBAAsB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CAC5F,KAAK,SAAS,IAAI,kCAAkC,SAAS,KAAK,CAAC;;GAEnF,iBAAiB;AAEf,WADe,cAAc,IAAI,uBAAuB,CAAC,SAAS,KAAK,GAAG,EAAW,wBAAwB,CAC/F,KAAK,SAAS,IAAI,kCAAkC,SAAS,KAAK,CAAC;;GAEnF,MAAM,OAAO,MAAyB;AACpC,UAAM,IAAI,WAAW,WAAW;KAAE,MAAM,wBAAwB,KAAK;KAAE,QAAQ,KAAK;KAAI,EAAE,QAAQ;AAClG,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;;GAErD,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,WAAW,KAAK,IAAI,QAAQ;AACjD,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;;GAGrD,aAAa;AAEX,WADe,cAAc,IAAI,mBAAmB,CAAC,SAAS,KAAK,GAAG,EAAW,oBAAoB,CACvF,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGvE,MAAM,cAAc;AAElB,WADgB,OAAO,QAAQ,MAAM,IAAI,kBAAkB,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC,CACxF,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGxE,MAAM,aAAa,SAAwC;IACzD,MAAM,SAAS,MAAM,IAAI,WAAW,oBAClC,MAAM,4BAA4B,QAAQ,KAAK,IAAI,QAAQ,EAC3D,SACA,SACD;AACD,UAAM,IAAI,kBAAkB,QAAQ,CAAC,SAAS,KAAK,GAAG,CAAC;AACvD,WAAO,IAAI,sBAAsB,SAAS,OAAO;;GAEpD;;CAGH,AAAU,8BAA8B,MAA6C,SAA0C;EAC7H,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,OAAO,KAAK;GACZ,MAAM,KAAK;GACX,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,aAAa,KAAK;GAElB,MAAM,sBAAsB,SAAoC;AAC9D,UAAM,IAAI,WAAW,+CACnB,KAAK,IACL,SAAS,eAAe,qBAAqB,IAAI,KAAK,mBAAmB,cAAc,EACvF,QACD;;GAEH,MAAM,OAAO,MAAmC;AAC9C,UAAM,IAAI,WAAW,2BAA2B,KAAK,IAAI,kCAAkC,KAAK,EAAE,QAAQ;AAC1G,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;;GAE1D,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,2BAA2B,KAAK,IAAI,QAAQ;AACjE,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;;GAE3D;;CAEH,AAAU,oCAAoC,MAAoD,SAAgD;EAChJ,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,MAAM,KAAK;GACX,SAAS,KAAK;GACd,YAAY,KAAK;GAEjB,MAAM,WAAW,SAAkB;AACjC,UAAM,IAAI,WAAW,wBAAwB,KAAK,0BAA0B,SAAS,QAAQ;AAC7F,UAAM,IAAI,6BAA6B,QAAQ,CAAC,QAAQ,CAAC;;GAE5D;;CAEH,AAAU,6BAA6B,MAA2C,SAAyC;EACzH,MAAM,MAAM;AACZ,SAAO;GACL,IAAI,KAAK;GACT,MAAM,KAAK;GACX,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,wBAAwB,KAAK;GAE7B,MAAM,OAAO,MAEV;AACD,QAAI;AACF,WAAM,IAAI,WAAW,oBACnB,KAAK,SACL,KAAK,IACL;MACE,eAAe,KAAK;MACpB,0BAA0B,KAAK;MAChC,EACD,QACD;AACD,WAAM,QAAQ,IAAI,CAChB,IAAI,gCAAgC,QAAQ,CAAC,QAAQ,CAAC,EACtD,IAAI,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC1D,CAAC;AACF,YAAO,OAAO,GAAG,OAAU;aACpB,OAAO;AACd,SAAI,YAAY,2CAA2C,WAAW,MAAM,CAC1E,QAAO,OAAO,MAAM,MAAM;AAE5B,WAAM;;;GAIV,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,oBAAoB,KAAK,SAAS,KAAK,IAAI,QAAQ;AACxE,UAAM,QAAQ,IAAI,CAChB,IAAI,gCAAgC,QAAQ,CAAC,QAAQ,CAAC,EACtD,IAAI,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC1D,CAAC;;GAEL;;CAGH,AAAU,oBAAoB,MAAwC;AAEpE,SAAO;GACL,aAAa,KAAK;GAClB,UAAU,KAAK;GACf,qBAAqB,KAAK,IAAI,GAAG,KAAK,SAAS;GAChD;;CAGH,AAAU,8BAA8B,UAA8D;EACpG,MAAM,WAAW,SAAS,MAAM,KAAK,UAAU;GAC7C,IAAI,KAAK;GACT,UAAU,KAAK;GACf,aAAa,KAAK,QAAQ;GAC1B,cAAc,KAAK,QAAQ;GAC3B,cAAc,KAAK,QAAQ;GAC3B,WAAW,KAAK,QAAQ;GACxB,MAAM,KAAK;GACX,cAAc,KAAK,eAAe;IAChC,gBAAgB,KAAK,aAAa;IAClC,kBAAkB,KAAK,aAAa,qBAAqB,IAAI,KAAK,KAAK,aAAa,mBAAmB,GAAG;IAC1G,mBAAmB,KAAK,aAAa;IACrC,cAAc,KAAK,aAAa;IACjC,GAAG;GACJ,eAAe,KAAK,gBAAgB,KAAK,YAAY;IACnD,WAAW,OAAO;IAClB,aAAa,OAAO,QAAQ;IAC5B,QAAQ,OAAO,QAAQ;IACxB,EAAE;GACJ,EAAE;AACH,SAAO,OAAO,OAAO,UAAU,EAAE,YAAY,SAAS,WAAW,eAAe,MAAM,CAAC;;CAGzF,AAAU,8BAA8B,UAA8D;EACpG,MAAM,WAAW,SAAS,MAAM,KAAK,UAAU;GAC7C,QAAQ,KAAK;GACb,aAAa,KAAK;GAClB,kBAAkB,KAAK;GACvB,WAAW,IAAI,KAAK,KAAK,kBAAkB;GAC5C,EAAE;AACH,SAAO,OAAO,OAAO,UAAU,EAAE,YAAY,SAAS,WAAW,eAAe,MAAM,CAAC;;CAGzF,AAAU,6BAA6B,UASnB;AAClB,SAAO;GACL,aAAa,SAAS;GACtB,sBAAsB,SAAS;GAChC;;CAGH,AAAU,YAAY,SAAgC;EACpD,MAAM,MAAM;AACZ,SAAO;GACL,kBAAkB;GAClB,gBAAgB;IACd,MAAM,YAAY;KAChB,MAAM,SAAS,MAAM,QAAQ,4BAA4B,KAAQ,KAAO;AACxE,YAAO;MACL,aAAa,QAAQ,YAAY,SAAS;MAC1C,cAAc,QAAQ,cAAc,SAAS;MAC9C;;IAEH,YAAY;KACV,MAAM,YAAY,aAAa,OAAmB;MAChD,MAAM,EAAE,aAAa,0BAA0B,QAAQ,aAAa,GAAG;MACvE,MAAM,EAAE,aAAa,iCAAiC,QAAQ,oBAAoB,GAAG;AACrF,mBAAa;AACX,8BAAuB;AACvB,qCAA8B;;QAE/B,CAAC,QAAQ,CAAC;KACb,MAAM,cAAc,kBAAkB;AACpC,aAAO,QAAQ,oBAAoB,GAC/B,OACA,QAAQ,8BAA8B,KAAQ,KAAO,EAAE,SAAS;QACnE,CAAC,QAAQ,CAAC;KAEb,IAAI,cAAc,MAAM,qBAAqB,WAAW,aAAa,YAAY;AACjF,SAAI,gBAAgB,QAAQ,CAAC,QAAQ,oBAAoB,CAEvD,eAAc,IAAI,QAAQ,4BAA4B,KAAQ,KAAO,CAAC,EAAE,YAAY,SAAS;AAE/F,YAAO;MACL;MACA,cAAc,QAAQ,iBAAiB,EAAE,SAAS;MACnD;;IAEJ;GACD,MAAM,iBAAyC;AAE7C,YADe,MAAM,KAAK,eAAe,WAAW,EACtC;;GAEhB,iBAAgC;AAC9B,WAAO,KAAK,eAAe,WAAW,CAAC;;GAEzC,MAAM,kBAA0C;AAE9C,YADe,MAAM,KAAK,eAAe,WAAW,EACtC;;GAEhB,kBAAiC;AAC/B,WAAO,KAAK,eAAe,WAAW,CAAC;;GAEzC,MAAM,yBAAiD;AACrD,WAAO,wCAAwC,MAAM,KAAK,aAAa,CAAC;;GAE1E,yBAAwC;AACtC,WAAO,wCAAwC,KAAK,aAAa,CAAC;;GAEpE,MAAM,iBAAsD;AAC1D,WAAO,EACL,gBAAgB,KAAK,UAAU,MAAM,KAAK,aAAa,CAAC,EACzD;;GAEH,iBAA6C;AAC3C,WAAO,EACL,gBAAgB,KAAK,UAAU,KAAK,aAAa,CAAC,EACnD;;GAEH,MAAM,cAAoF;AAExF,WADe,MAAM,KAAK,eAAe,WAAW;;GAGtD,cAA2E;AACzE,WAAO,KAAK,eAAe,WAAW;;GAExC,QAAQ,SAA0C;AAChD,WAAO,IAAI,SAAS,SAAS,QAAQ;;GAExC;;CAGH,AAAU,6BAA6B,MAAgD,SAAqD;EAC1I,MAAM,MAAM;AACZ,SAAO;GACL,aAAa,KAAK;GAClB,iBAAiB,KAAK;GACtB,MAAM,OAAO,QAA4D;AACvE,UAAM,IAAI,WAAW,wBAAwB;KAC3C,QAAQ,KAAK;KACb,QAAQ,KAAK;KACb,SAAS;MACP,cAAc,OAAO;MACrB,mBAAmB,OAAO;MAC3B;KACF,EAAE,QAAQ;AACX,UAAM,IAAI,6BAA6B,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC;;GAE1E;;CAGH,AAAU,gBAAgB,MAA8F;AACtH,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK;GAClB,cAAc,KAAK;GACnB,sBAAsB,KAAK;GAC3B,iBAAiB,KAAK;GACtB,YAAY,IAAI,KAAK,KAAK,oBAAoB;GAC9C,gBAAgB,KAAK;GACrB,wBAAwB,KAAK;GAC7B,aAAa,KAAK;GAClB,kBAAkB,KAAK;GACvB,gBAAgB,KAAK;GACrB,gBAAgB,KAAK;GACrB,oBAAoB,KAAK;GACzB,uBAAuB,KAAK;GAC5B,aAAa,KAAK;GAClB,cAAc,KAAK;GACnB,kBAAkB,KAAK;GACvB,eAAkD;AAChD,WAAO;;GAEV;;CAGH,AAAU,4BAA4B,MAAsD,SAAqC;EAC/H,MAAM,MAAM;EAQZ,eAAe,oBACb,aACA,SAC6D;GAC7D,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAGlD,OAAI,OAAO,gBAAgB,YAAY,cAAc,eAAe,uBAAuB,aAAa;IACtG,MAAM,EAAE,UAAU,sBAAsB;IAGxC,MAAM,QADoB,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACzF,MAC9B,MAAK,EAAE,aAAa,YAAY,EAAE,sBAAsB,kBACzD;AACD,QAAI,CAAC,MACH,QAAO;AAET,WAAO;;AAIT,UAAO,OAAO,QAAQ,MAAM,IAAI,iCAAiC,UAAU;IAAC;IAAS;IAAa;IAAa,SAAS,OAAO;IAAW,EAAE,aAAa,CAAC;;EAU5J,SAAS,oBACP,aACA,SACoD;GACpD,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAGlD,OAAI,OAAO,gBAAgB,YAAY,cAAc,eAAe,uBAAuB,aAAa;IACtG,MAAM,EAAE,UAAU,sBAAsB;AAUxC,WAR0B,cACxB,IAAI,oCACJ,CAAC,QAAQ,EACT,6BACD,CAC+B,MAC9B,MAAK,EAAE,aAAa,YAAY,EAAE,sBAAsB,kBACzD,IACe;;AAIlB,UAAO,cAAc,IAAI,kCAAkC;IAAC;IAAS;IAAa;IAAa,SAAS,OAAO;IAAW,EAAW,6BAA6B;;AAEpK,SAAO;GACL,MAAM,oBAAoB;AAExB,YADiB,MAAM,IAAI,WAAW,aAAa,QAAQ,EAC3C,MAAM,KAAK,SAAS,IAAI,uBAAuB,KAAK,CAAC;;GAEvE,MAAM,cAAc,WAAmB;AACrC,UAAM,IAAI,WAAW,cAAc,WAAW,QAAQ;;GAExD,eAAe,aAA4B;AACzC,WAAO,KAAK,OAAO,EAAE,aAAa,CAAC;;GAErC,kBAAkB,UAA+B;AAC/C,WAAO,KAAK,OAAO,EAAE,gBAAgB,UAAU,CAAC;;GAElD,MAAM,gBAAgB,MAA4B;AAChD,UAAM,KAAK,OAAO,EAAE,gBAAgB,OAAO,SAAS,WAAW,OAAO,MAAM,MAAM,MAAM,CAAC;;GAE3F;GACA;GACA,MAAM,wBAAwB;AAC5B,WAAO,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;;GAExG,uBAAuB;AACrB,WAAO,cAAc,IAAI,oCAAoC,CAAC,QAAQ,EAAW,8BAA8B;;GAEjH,MAAM,qBAAqB,UAAkB,SAAiC;IAC5E,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;IAClD,MAAM,WAAW,MAAM,8BACrB,IAAI,YACJ;KACE;KACA,aAAa,IAAI,8BAA8B;KAC/C,kBAAkB,IAAI,KAAK;KAC3B,eAAe,kBAAkB,cAAc,IAAI,qBAAqB,aAA6B,EAAE,EAAE,KAAK,IAAI,CAAC;KACpH,EACD,QACD;AACD,UAAM,IAAI,YAAY,EAAE,KAAK,UAAU,CAAC;AACxC,WAAO,MAAM,cAAc;;GAE7B,MAAM,0BAA0B,UAAkB,SAAiC;IAEjF,MAAM,mBADoB,OAAO,QAAQ,MAAM,IAAI,mCAAmC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC9E,QAAO,MAAK,EAAE,aAAa,SAAS;AAE/E,SAAK,MAAM,WAAW,iBAEpB,MADoB,MAAM,QAAQ,eAAe,EAAE,QAAQ,SAAS,QAAQ,CAAC,EAC7D,WAAW,KACzB,QAAO;AAKX,UAAM,KAAK,qBAAqB,UAAU,QAAQ;AAClD,WAAO,MAAM,cAAc;;GAE7B,0BAA0B,UAAkB,SAAkD;IAC5F,MAAM,cAAc,SAAS,QAAQ,KAAK,IAAI,IAAI;AAClD,WAAO,cAAc,IAAI,mDAAmD;KAAC;KAAS;KAAU;KAAY,EAAW,mCAAmC;;GAE5J,MAAM,QAAQ,QAAgB;AAE5B,YADc,MAAM,KAAK,WAAW,EACvB,MAAM,MAAM,EAAE,OAAO,OAAO,IAAI;;GAE/C,QAAQ,QAAgB;IACtB,MAAM,QAAQ,KAAK,UAAU;AAC7B,WAAO,cAAc;AACnB,YAAO,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO,IAAI;OAC5C,CAAC,OAAO,OAAO,CAAC;;GAErB,MAAM,YAAY;AAEhB,WADc,OAAO,QAAQ,MAAM,IAAI,uBAAuB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACpF,KAAK,SAAS,IAAI,oBAAoB,MAAM,QAAQ,CAAC;;GAEpE,WAAW;IACT,MAAM,QAAQ,cAAc,IAAI,wBAAwB,CAAC,QAAQ,EAAE,kBAAkB;AACrF,WAAO,cAAc,MAAM,KAAK,SAAS,IAAI,oBAAoB,MAAM,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC;;GAE5F,MAAM,WAAW,MAAyB;IACxC,MAAM,OAAO,MAAM,IAAI,WAAW,iBAAiB,wBAAwB,MAAM,KAAK,EAAE,QAAQ;AAChG,UAAM,IAAI,uBAAuB,QAAQ,CAAC,QAAQ,CAAC;AACnD,UAAM,KAAK,OAAO,EAAE,gBAAgB,KAAK,IAAI,CAAC;AAC9C,WAAO,IAAI,oBAAoB,MAAM,QAAQ;;GAE/C,MAAM,UAAU,MAAY;AAC1B,UAAM,IAAI,WAAW,UAAU,KAAK,IAAI,QAAQ;;GAGlD,MAAM,sBAAsB;AAE1B,WADoB,OAAO,QAAQ,MAAM,IAAI,iCAAiC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC9F,KAAK,SAAS,IAAI,sCAAsC,SAAS,KAAK,CAAC;;GAE5F,qBAAqB;IACnB,MAAM,cAAc,cAAc,IAAI,kCAAkC,CAAC,QAAQ,EAAE,4BAA4B;AAC/G,WAAO,cAAc,YAAY,KAAK,SAAS,IAAI,sCAAsC,SAAS,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;;GAE1H,MAAM,gBAAgB,gBAAiD,SAA8D;AACnI,QAAI,kBAAkB,QAAQ,gBAAgB;KAC5C,MAAM,QAAQ;KACd,MAAM,YAAY,SAAS,aAAa;AAExC,YADoB,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU;MAAC;MAAS,MAAM;MAAI;MAAU,EAAE,aAAa,CAAC,CAC/G,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC;WAChE;KAEL,MAAM,YADO,gBACW,aAAa;AAErC,YADoB,OAAO,QAAQ,MAAM,IAAI,oCAAoC,UAAU,CAAC,SAAS,UAAU,EAAE,aAAa,CAAC,CAC5G,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC;;;GAGzE,eAAe,gBAAiD,SAAqD;AACnH,QAAI,kBAAkB,QAAQ,gBAAgB;KAC5C,MAAM,QAAQ;KACd,MAAM,YAAY,SAAS,aAAa;KACxC,MAAM,cAAc,cAAc,IAAI,8BAA8B;MAAC;MAAS,MAAM;MAAI;MAAU,EAAW,wBAAwB;AACrI,YAAO,cAAc,YAAY,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;WAC9F;KAEL,MAAM,YADO,gBACW,aAAa;KACrC,MAAM,cAAc,cAAc,IAAI,qCAAqC,CAAC,SAAS,UAAU,EAAW,wBAAwB;AAClI,YAAO,cAAc,YAAY,KAAK,SAAS,IAAI,0BAA0B,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC;;;GAGvG,cAAc,qBAAoC,cAA8C;AAC9F,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;KACd,MAAM,cAAc,KAAK,eAAe,MAAM;AAC9C,YAAO,cAAc,YAAY,MAAM,MAAM,EAAE,OAAO,aAAa,IAAI,MAAM,CAAC,aAAa,aAAa,CAAC;WACpG;KACL,MAAM,MAAM;KACZ,MAAM,cAAc,KAAK,gBAAgB;AACzC,YAAO,cAAc,YAAY,MAAM,MAAM,EAAE,OAAO,IAAI,IAAI,MAAM,CAAC,aAAa,IAAI,CAAC;;;GAG3F,MAAM,cAAc,qBAAoC,cAAuD;AAC7G,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;AAEd,aADoB,MAAM,KAAK,gBAAgB,MAAM,EAClC,MAAM,MAAM,EAAE,OAAO,aAAa,IAAI;WACpD;KACL,MAAM,MAAM;AAEZ,aADoB,MAAM,KAAK,iBAAiB,EAC7B,MAAM,MAAM,EAAE,OAAO,IAAI,IAAI;;;GAGpD,MAAM,cAAc,qBAAoC,cAAyC;AAC/F,QAAI,uBAAuB,OAAO,wBAAwB,UAAU;KAClE,MAAM,QAAQ;AACd,YAAQ,MAAM,KAAK,cAAc,OAAO,aAAuB,KAAM;WAChE;KACL,MAAM,MAAM;AACZ,YAAQ,MAAM,KAAK,cAAc,IAAI,KAAM;;;GAG/C,MAAM,OAAO,QAAQ;AACnB,WAAO,MAAM,IAAI,kBAAkB,QAAQ,QAAQ;;GAErD,MAAM,sBAAsB,SAAoC;AAC9D,QAAI,CAAC,KAAK,cACR,OAAM,IAAI,oBAAoB,qCAAqC;AAErE,WAAO,MAAM,IAAI,WAAW,sBAC1B,KAAK,eACL,SAAS,eAAe,qBAAqB,IAAI,KAAK,mBAAmB,cAAc,EACvF,QACD;;GAEH,MAAM,eAAe,SAAuD;IAC1E,MAAM,SAAS,MAAM,IAAI,WAAW,eAAe,SAAS,QAAQ;AACpE,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO;;GAET,MAAM,YAAY,SAA+B;IAC/C,MAAM,SAAS,MAAM,IAAI,WAAW,YAAY,SAAS,QAAQ;AACjE,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO;;GAET,cAAc,KAAK,iBAAiB,KAAK,oBAAoB,KAAK,eAAe,QAAQ;GACzF,MAAM,eAAe,MAAY;IAC/B,MAAM,SAAS,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU,CAAC,SAAS,KAAK,GAAG,EAAE,aAAa,CAAC;AACjH,WAAO,IAAI,6BAA6B,QAAQ,QAAQ;;GAE1D,eAAe,MAAY;IACzB,MAAM,SAAS,cAAc,IAAI,8BAA8B,CAAC,SAAS,KAAK,GAAG,EAAW,wBAAwB;AACpH,WAAO,IAAI,6BAA6B,QAAQ,QAAQ;;GAE1D,MAAM,SAAS;AACb,UAAM,IAAI,WAAW,kBAAkB,QAAQ;AAC/C,YAAQ,aAAa;;GAEvB,MAAM,sBAAsB;AAE1B,WADe,OAAO,QAAQ,MAAM,IAAI,4BAA4B,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CACzF,KAAK,SAAS,IAAI,8BAA8B,MAAM,QAAQ,CAAC;;GAE/E,qBAAqB;AAEnB,WADe,cAAc,IAAI,6BAA6B,CAAC,QAAQ,EAAW,4BAA4B,CAChG,KAAK,SAAS,IAAI,8BAA8B,MAAM,QAAQ,CAAC;;GAE/E,MAAM,qBAAqB,MAAmC;IAC5D,MAAM,OAAO,MAAM,IAAI,WAAW,2BAA2B,kCAAkC,MAAM,KAAK,EAAE,QAAQ;AACpH,UAAM,IAAI,4BAA4B,QAAQ,CAAC,QAAQ,CAAC;AACxD,WAAO,IAAI,8BAA8B,MAAM,QAAQ;;GAEzD,4BAA4B;AAE1B,WADgB,cAAc,IAAI,8BAA8B,CAAC,QAAQ,EAAW,mCAAmC,CACxG,KAAK,SAAS,IAAI,oCAAoC,MAAM,QAAQ,CAAC;;GAEtF,MAAM,6BAA6B;AAEjC,WADgB,OAAO,QAAQ,MAAM,IAAI,6BAA6B,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC1F,KAAK,SAAS,IAAI,oCAAoC,MAAM,QAAQ,CAAC;;GAEtF,aAAa;AAEX,WADe,cAAc,IAAI,mBAAmB,CAAC,QAAQ,EAAW,oBAAoB,CAC9E,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGvE,MAAM,cAAc;AAElB,YADgB,MAAM,IAAI,WAAW,mBAAmB,EAAE,SAAS,MAAM,EAAE,SAAS,SAAS,EAC9E,KAAK,SAAS,IAAI,sBAAsB,SAAS,KAAK,CAAC;;GAGxE,MAAM,aAAa,SAAwC;IACzD,MAAM,SAAS,MAAM,IAAI,WAAW,oBAClC,MAAM,4BAA4B,QAAQ,MAAM,QAAQ,EACxD,SACA,SACD;AACD,UAAM,IAAI,kBAAkB,QAAQ,CAAC,QAAQ,CAAC;AAC9C,WAAO,IAAI,sBAAsB,SAAS,OAAO;;GAGnD,oBAAoB;AAElB,WADgB,cAAc,IAAI,iCAAiC,CAAC,QAAQ,EAAW,2BAA2B,CACnG,KAAK,SAAS,IAAI,6BAA6B,MAAM,QAAQ,CAAC;;GAG/E,MAAM,qBAAqB;AAEzB,WADgB,OAAO,QAAQ,MAAM,IAAI,gCAAgC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAC7F,KAAK,SAAS,IAAI,6BAA6B,MAAM,QAAQ,CAAC;;GAG/E,iBAAiB,IAAY;IAC3B,MAAM,YAAY,KAAK,mBAAmB;AAC1C,WAAO,cAAc,UAAU,MAAM,MAAM,EAAE,OAAO,GAAG,IAAI,MAAM,CAAC,WAAW,GAAG,CAAC;;GAGnF,MAAM,iBAAiB,IAAY;AAEjC,YADkB,MAAM,KAAK,oBAAoB,EAChC,MAAM,MAAM,EAAE,OAAO,GAAG,IAAI;;GAG/C,MAAM,gBAAgB,SAA6I;IACjK,MAAM,YAAY,MAAM,IAAI,gBAAgB,GAAG;AAC/C,QAAI,CAAC,SACH,OAAM,IAAI,oBAAoB,6EAA6E;IAG7G,MAAM,mBAAmB,MAAM,IAAI,WAAW,4BAA4B,EAAE,EAAE,QAAQ;AAEtF,QAAI,iBAAiB,WAAW,KAC9B,QAAO,OAAO,MAAM,IAAI,YAAY,0BAA0B,4DAA4D,CAAC;IAG7H,MAAM,EAAE,cAAc,SAAS,iBAAiB;AAGhD,QAAI,aAAa,GAAG,OAAO,0CACzB,OAAM,IAAI,oBAAoB,oEAAoE,aAAa,GAAG,KAAK;AAGzH,iBAAa,GAAG,KAAK;IAErB,IAAI;AACJ,QAAI;AACF,eAAU,MAAM,kBAAkB,EAAE,aAAa,cAAc,CAAC;aACzD,OAAY;AACnB,SAAI,iBAAiB,cACnB,QAAO,OAAO,MAAM,IAAI,YAAY,qBAAqB,MAAM,SAAS,MAAM,KAAK,CAAC;UAC/E;AAEL,mBAAa,+BAA+B,MAAM;AAClD,aAAO,OAAO,MAAM,IAAI,YAAY,0BAA0B,4DAA4D,CAAC;;;IAK/H,MAAM,qBAAqB,MAAM,IAAI,WAAW,gBAAgB;KAAE,YAAY;KAAS;KAAM,EAAE,QAAQ;AAEvG,UAAM,IAAI,aAAa,QAAQ;AAC/B,WAAO;;GAEV;;CAGH,AAAU,yBAAyB,SAA6C;EAC9E,MAAM,MAAM;AACZ,OAAK,wBAAwB;AAC7B,SAAO;GACL,cAAc,YAAiF;AAC7F,WAAO,IAAI,eAAe,SAAS,WAAW;;GAEhD,MAAM,gBAAgB,qBAA6B,WAAkC;AACnF,UAAM,IAAI,WAAW,gBAAgB,SAAS,qBAAqB,UAAU;AAC7E,UAAM,IAAI,iBAAiB;;GAE7B,oBAAoB;AAClB,WAAO,IAAI,mBAAmB,QAAQ;;GAExC,mBAAmB;AACjB,WAAO,IAAI,kBAAkB,QAAQ;;GAExC;;CAGH,AAAU,gBAAgB,gBAAwB,MAAuB,SAAuD;EAC9H,MAAM,MAAM;EACZ,MAAM,mBAAmB,WAAW,IAAI,WAAW,cAAc,EAAE,cAAc,MAAM,CAAC;EACxF,MAAM,kBAAkB,SAAS,SAAS,EAAE,QAAQ,gBAAgB,GAAG,EAAE,QAAQ,gBAAgB;AACjG,SAAO;GACL,MAAM,aAAa;IACjB,MAAM,WAAW,OAAO,QAAQ,MAAM,IAAI,sBAAsB,UAAU;KAAC;KAAkB;KAAM;KAAe,EAAE,aAAa,CAAC;AAClI,WAAO,IAAI,6BAA6B,SAAS;;GAEnD,aAAa;IACX,MAAM,WAAW,cAAc,IAAI,uBAAuB;KAAC;KAAkB;KAAM;KAAe,EAAW,wBAAwB;AACrI,WAAO,IAAI,6BAA6B,SAAS;;GAEnD,MAAM,iCAA4E;IAChF,MAAM,OAAO,MAAM,IAAI,WAAW,uCAAuC,MAAM,gBAAgB,iBAAiB;AAChH,WAAO;KACL,cAAc,KAAK;KACnB,iBAAiB,KAAK;KACvB;;GAEH,MAAM,uCAAuC,eAA8D;IACzG,MAAM,OAAO,MAAM,IAAI,WAAW,+CAA+C,MAAM,gBAAgB,eAAe,iBAAiB;AACvI,UAAM,IAAI,sBAAsB,QAAQ;KAAC;KAAkB;KAAM;KAAe,CAAC;AACjF,WAAO,KAAK;;GAEd,MAAM,QAAQ,QAAgB;AAC5B,WAAO,MAAM,IAAI,QAAQ;KAAE;KAAQ,GAAG;KAAiB,CAAC;;GAE1D,QAAQ,QAAgB;AACtB,WAAO,IAAI,QAAQ;KAAE;KAAQ,GAAG;KAAiB,CAAC;;GAEpD,MAAM,aAAa,SAAuC;AACxD,WAAO,MAAM,IAAI,aAAa;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAEnE,YAAY,SAAuC;AACjD,WAAO,IAAI,YAAY;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAE5D,MAAM,aAAa,SAAuC;AACxD,WAAO,MAAM,IAAI,aAAa;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAEnE,YAAY,SAAuC;AACjD,WAAO,IAAI,YAAY;KAAE,GAAG;KAAS,GAAG;KAAiB,CAAC;;GAE5D,MAAM,kBAAkB,SAAoD;AAC1E,WAAO,MAAM,IAAI,WAAW,kBAAkB,MAAM,gBAAgB,QAAQ,WAAW,kBAAkB,QAAQ,WAAW,SAAS;;GAEvI,MAAM,mBAAmB,SAA8F;AACrH,UAAM,IAAI,WAAW,mBAAmB;KACtC,eAAe;KACf,aAAa;KACb,iBAAiB,QAAQ;KACzB,eAAe,QAAQ;KACvB,UAAU,QAAQ;KAClB,UAAU,QAAQ;KACnB,EAAE,iBAAiB;AACpB,UAAM,IAAI,sBAAsB,QAAQ;KAAC;KAAkB;KAAM;KAAe,CAAC;AACjF,QAAI,SAAS,OACX,OAAM,IAAI,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,oBAAoB,WAAW,eAAe;QAE1I,OAAM,IAAI,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,oBAAoB,WAAW,eAAe;;GAG/I;;CAGH,MAAM,QAAQ,SAAgJ;EAC5J,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI,YAAY,QACd,QAAO,OAAO,QAAQ,MAAM,KAAK,eAAe,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ;GAAO,EAAE,aAAa,CAAC;WAC1G,YAAY,QACrB,QAAO,OAAO,QAAQ,MAAM,KAAK,eAAe,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ;GAAO,EAAE,aAAa,CAAC;MAEnH,QAAO,OAAO,QAAQ,MAAM,KAAK,iBAAiB,UAAU;GAAC;GAAS,QAAQ;GAAkB,QAAQ;GAAO,EAAE,aAAa,CAAC;AAEjI,SAAO,KAAK,oBAAoB,KAAK;;CAGvC,QAAQ,SAAuI;EAC7I,MAAM,UAAU,KAAK,aAAa;EAClC,MAAM,CAAC,OAAO,WACZ,YAAY,UAAU,CAAC,KAAK,gBAAgB,QAAQ,OAAO,GACzD,YAAY,UAAU,CAAC,KAAK,gBAAgB,QAAQ,OAAO,GAAG,CAAC,KAAK,kBAAkB,QAAQ,iBAAiB;EACnH,MAAM,OAAO,cAAc,OAAO;GAAC;GAAS;GAAS,QAAQ;GAAO,EAAW,gBAAgB;AAC/F,SAAO,KAAK,oBAAoB,KAAK;;CAGvC,MAAM,aAAa,SAAwE;EAEzF,MAAM,WADc,MAAM,KAAK,SAAS,GACX,oBAAoB,MAAM,KAAK,aAAa;AACzE,MAAI,YAAY,SAAS;GACvB,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;aAC1C,YAAY,SAAS;GAC9B,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;;EAErD,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,qBAAqB,UAAU;GAAC;GAAS,QAAQ;GAAkB,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAAE,aAAa,CAAC;AAC5K,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,MAAM,aAAa,SAAwE;EACzF,MAAM,UAAU,MAAM,KAAK,aAAa;AACxC,MAAI,YAAY,SAAS;GACvB,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;IAAC;IAAS,QAAQ;IAAQ,QAAQ,UAAU;IAAM,QAAQ,SAAS;IAAK,EAAE,aAAa,CAAC;AAChK,UAAO,KAAK,8BAA8B,SAAS;;EAErD,MAAM,WAAW,OAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU;GAAC;GAAS,QAAQ;GAAQ,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAAE,aAAa,CAAC;AAChK,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,MAAM,mBAAmB,SAAyI;EAChK,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,OAAO,MAAM,KAAK,SAAS;AACjC,MAAI,CAAC,KACH,OAAM,IAAI,YAAY,4BAA4B;EAEpD,MAAM,eAAe,YAAY,UAAU,SAAS;EACpD,MAAM,aAAa,YAAY,UAAU,QAAQ,SAAS,KAAK;AAC/D,QAAM,KAAK,WAAW,mBAAmB;GACvC,eAAe;GACf,aAAa;GACb,YAAY,QAAQ;GACpB,iBAAiB,QAAQ;GAC1B,EAAE,QAAQ;AACX,MAAI,iBAAiB,OACnB,OAAM,KAAK,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,WAAW,WAAW,WAAW;MAE9H,OAAM,KAAK,mBAAmB,iBAAiB,CAAC,eAAe,YAAY,kBAAkB,WAAW,WAAW,WAAW;;CAGlI,YAAY,SAA+D;EACzE,MAAM,UAAU,KAAK,aAAa;EAIlC,MAAM,WAAW,cAHH,YAAY,UAAU,KAAK,qBAAqB,YAAY,UAAU,KAAK,qBAAqB,KAAK,sBAG7E;GAAC;GADpB,YAAY,UAAU,QAAQ,SAAS,YAAY,UAAU,QAAQ,SAAS,QAAQ;GAC7C,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAFvF,0BAE6G;AAChI,SAAO,KAAK,8BAA8B,SAAS;;CAErD,YAAY,SAA+D;EACzE,MAAM,UAAU,KAAK,aAAa;EAIlC,MAAM,WAAW,cAHH,YAAY,UAAU,KAAK,qBAAqB,KAAK,oBAG7B;GAAC;GADpB,YAAY,UAAU,QAAQ,SAAS,QAAQ;GACN,QAAQ,UAAU;GAAM,QAAQ,SAAS;GAAK,EAFvF,0BAE6G;AAChI,SAAO,KAAK,8BAA8B,SAAS;;CAGrD,AAAU,qBAAqB,MAAsD,SAAyD;AAQ5I,SAPoB,yBAAyB;GAC3C,GAAG,KAAK,gBAAgB,KAAK;GAC7B,GAAG,KAAK,YAAY,QAAQ;GAC5B,GAAG,KAAK,4BAA4B,MAAM,QAAQ;GAClD,GAAG,KAAK,oBAAoB,GAAG,KAAK,yBAAyB,QAAQ,GAAG,EAAE;GAC1E,GAAG,KAAK,gBAAgB,KAAK,IAAI,QAAQ,QAAQ;GAClD,CAAuB;;CAG1B,AAAU,uBAAuB,MAAqD;AACpF,SAAO;GACL,IAAI,KAAK;GACT,QAAQ,KAAK;GACb,WAAW,IAAI,KAAK,KAAK,WAAW;GACpC,iBAAiB,KAAK;GACtB,YAAY,KAAK,eAAe,IAAI,KAAK,KAAK,aAAa,GAAG;GAC9D,kBAAkB,KAAK,sBAAsB;GAC7C,SAAS,KAAK;GACf;;CAGH,AAAU,kBAAkB,cAAsB,SAAuE;AACvH,MAAI,CAAC,KAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,CAAC,CACpD,MAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,EAAE,IAAK,8BAA8B,sBAAsB,MAAQ;GACjH,SAAS,KAAK,WAAW,QAAQ,YAAY;GAC7C,WAAW;GACX,YAAY;GACZ,qBAAqB;GACrB,qBAAqB;GACtB,CAAC,CAAC;AAEL,SAAO,KAAK,gBAAgB,IAAI,CAAC,SAAS,aAAa,CAAC;;CAG1D,IAAI,YAAuB;AACzB,SAAO,KAAK,WAAW;;CAGzB,IAAI,UAAkB;AACpB,SAAO;;CAIT,AAAQ,2BAAwF;AAC9F,MAAI,CAAC,eAAe,CAAE,QAAO;EAE7B,MAAM,iBAAiB,QAAQ;AAC/B,MAAI,CAAC,gBAAgB;AACnB,OAAI,CAAC,KAAK,6BAA6B;AACrC,SAAK,8BAA8B;AACnC,YAAQ,KAAK,oJAAoJ;;AAEnK,UAAO;;AAKT,SAAO;GAAE;GAAgB,kBAFA,QAAQ,sDAAsD;GAE5C;;CAG7C,AAAQ,4BAA4B,OAAwG;AAC1I,MAAI,iBAAiB,+BACnB,QAAO;GACL,MAAM;GACN,YAAY,IAAI,YAAY,mBAAmB,kCAAkC;GAClF;AAEH,MAAI,iBAAiB,iCACnB,QAAO;GACL,MAAM;GACN,YAAY,IAAI,YAAY,mBAAmB,MAAM,QAAQ;GAC9D;AAEH,SAAO;;CAGT,AAAQ,6BAAmC,QAAkJ;AAC3L,MAAI,OAAO,WAAW,KACpB,QAAO;AAGT,MAAI,YAAY,qBAAqB,WAAW,OAAO,MAAM,EAAE;AAC7D,gBAAa,uCAAuC,OAAO,MAAM;AACjE,UAAO,OAAO,MAAM,IAAI,YAAY,mBAAmB,iDAAiD,CAAC;;AAG3G,SAAO,OAAO,MAAM,OAAO,MAAM;;CAGnC,AAAQ,8BAA8B,WAAoF;AACxH,MAAI,UAAU,YACZ,QAAO,EACL,OAAO,WACR;AAGH,SAAO;GACL,OAAO,UAAU;GACjB,OAAO,UAAU;GAClB;;CAGH,MAAc,mCAAyC,SAGO;EAC5D,MAAM,WAAW,KAAK,0BAA0B;EAChD,IAAI;AAEJ,MAAI;AACF,OAAI,SACF,UAAS,MAAM,qBAAqB;IAClC,GAAG;IACH,QAAQ,QAAQ;IAChB,SAAS,QAAQ;IACjB,sBAAsB,eAAe;AACnC,YAAO,WAAW,WAAW,WAAW,YAAY,qBAAqB,WAAW,WAAW,MAAM;;IAExG,CAAC;OAEF,UAAS,MAAM,QAAQ,QAAQ,EAAE,CAAC;WAE7B,GAAG;GACV,MAAM,cAAc,KAAK,4BAA4B,EAAE;AACvD,OAAI,YACF,QAAO,OAAO,MAAM,YAAY,WAAW;AAE7C,SAAM;;AAGR,SAAO,KAAK,6BAA6B,OAAO;;CAGlD,MAAgB,WAAW,KAA+B;AACxD,MAAI,WAAW,IAAI,CACjB,QAAO;EAET,MAAM,YAAY,iBAAiB,IAAI;AACvC,MAAI,aAAa,KACf,QAAO;AAET,MAAI,OAAO,WAAW,eAAe,OAAO,SAAS,WAAW,UAAU,OACxE,QAAO;AAET,MAAI,6BAA6B;GAAE;GAAK,WAAW,KAAK;GAAW,CAAC,CAClE,QAAO;EAET,MAAM,wBAAwB,MAAM,KAAK,2BAA2B;AACpE,SAAO,oBAAoB,WAAW;GACpC,gBAAgB,sBAAsB;GACtC,gBAAgB,sBAAsB;GACvC,CAAC;;CAGJ,IAAI,OAAsC;AACxC,SAAO,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC;;CAGjE,AAAU,4CAA4C;EACpD,MAAM,8BAA8B,KAAK,oBAAoB,YAAY,KAAK,oBAAoB;AAClG,MACE,CAAC,eAAe,IACb,CAAC,+BACD,KAAK,0CACL,KAAK,6CAA6C,IAAI,KAEzD;AAEF,OAAK,yCAAyC;AAC9C,oBAAkB,YAAY;AAC5B,OAAI;AACF,QAAI,CAAC,eAAe,CAClB;IAEF,MAAM,EAAE,OAAO,kBAAkB,MAAM,sBAAsB;AAC7D,SAAK,sCAAsC;KAAE;KAAO;KAAe;AACnE,SAAK,+CAA+C,YAAY,KAAK;aAC7D;AACR,SAAK,yCAAyC;;IAEhD;;CAGJ,AAAU,0CAA0C,YAAkD;EACpG,MAAM,YAAY,0CAA0C,WAAW;AACvE,MAAI,aAAa,KACf,QAAO;EAGT,MAAM,aAAa,KAAK,6CAA6C;AACrE,MAAI,cAAc,KAChB,QAAO;AAGT,OAAK,2CAA2C;AAChD,SAAO;;CAGT,MAAgB,wCAAwC,YAAoD;EAC1G,MAAM,YAAY,0CAA0C,WAAW;AACvE,MAAI,aAAa,KACf,QAAO;EAET,MAAM,aAAa,KAAK,6CAA6C;AACrE,MAAI,cAAc,KAChB,QAAO;EAET,MAAM,EAAE,OAAO,kBAAkB,MAAM,sBAAsB;AAC7D,OAAK,sCAAsC;GAAE;GAAO;GAAe;AACnE,OAAK,+CAA+C,YAAY,KAAK;AACrE,SAAO;GAAE;GAAO;GAAe;;CAGjC,AAAU,mCAA2C;AACnD,MAAI,KAAK,2BAA2B,CAClC,QAAO,KAAK,8BAA8B;AAG5C,SAAO,mBAAmB;GACxB,MAAM;IACJ,GAAG,KAAK;IACR,SAAS,EAAE,MAAM,qBAAqB;IACtC,eAAe,EAAE,MAAM,qBAAqB;IAC7C;GACD,WAAW,KAAK;GACjB,CAAC,CAAC;;CAGL,MAAgB,kCAAkC,SAM9B;EAClB,MAAM,UAAU,MAAM,KAAK,YAAY,QAAW,EAAE,6BAA6B,QAAQ,6BAA6B,CAAC;EACvH,MAAM,WAAW,MAAM,KAAK,WAAW,kBACrC,sCACA;GACE,QAAQ;GACR,SAAS,EACP,gBAAgB,oBACjB;GACD,MAAM,KAAK,UAAU;IACnB,cAAc,QAAQ;IACtB,OAAO,QAAQ;IACf,gBAAgB,QAAQ;IACxB,uBAAuB;IACvB,6BAA6B,QAAQ;IACtC,CAAC;GACH,EACD,QACD;AACD,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,oBAAoB,+CAA+C,SAAS,OAAO,GAAG,MAAM,SAAS,MAAM,GAAG;EAE1H,MAAM,SAAS,MAAM,SAAS,MAAM;AACpC,MAAI,EAAE,kBAAkB,WAAW,OAAO,OAAO,iBAAiB,SAChE,OAAM,IAAI,oBAAoB,mEAAmE,EAAE,QAAQ,CAAC;AAE9G,SAAO,OAAO;;CAGhB,AAAU,8CAA+E;AACvF,MAAI,KAAK,uCAAuC,KAC9C,QAAO;AAET,MAAI,YAAY,KAAK,GAAG,KAAK,+CAA+C,mCAAmC;AAC7G,QAAK,sCAAsC;AAC3C,QAAK,+CAA+C;AACpD,UAAO;;AAET,SAAO,KAAK;;CAGd,MAAgB,iBAAiB;AAC/B,MAAI,KAAK,oBAAoB,OAC3B,QAAO;AAET,SAAO,IAAI,IAAI,OAAO,SAAS,KAAK;;CAGtC,MAAgB,YAAY,SAAmD;AAC7E,MAAI,KAAK,oBAAoB,OAC3B;WACS,KAAK,oBAAoB,oBAAoB,CAAC,eAAe,CACtE,OAAM,eAAe,SAAS;GAAE,MAAM,QAAQ,IAAI,UAAU;GAAE,SAAS,QAAQ;GAAS,CAAC;WAChF,OAAO,KAAK,oBAAoB,YAAY,KAAK,gBAAgB,SAC1E,MAAK,gBAAgB,SAAS,QAAQ,IAAI,UAAU,CAAC;WAEjD,QAAQ,QACV,QAAO,SAAS,QAAQ,QAAQ,IAAI;MAEpC,QAAO,SAAS,OAAO,QAAQ,IAAI;AAIvC,QAAM,KAAK,IAAK;;CAGlB,cAAoC;AAClC,MAAI,OAAO,KAAK,oBAAoB,SAClC,QAAO,KAAK,gBAAgB,aAAa;WAChC,KAAK,oBAAoB,SAClC,SAAQ,OAAe,OAAO,SAAS,OAAO,GAAG;WACxC,KAAK,oBAAoB,iBAClC,SAAQ,OAAe,OAAO,SAAS,OAAO,GAAG;MAEjD,SAAQ,OAAe;;CAG3B,MAAgB,mBAAmB,KAAa,SAA6B;AAC3E,MAAI,CAAC,MAAM,KAAK,WAAW,IAAI,CAC7B,OAAM,IAAI,MAAM,gBAAgB,IAAI,sCAAsC;AAE5E,SAAO,MAAM,KAAK,YAAY;GAAE;GAAK,GAAG;GAAS,CAAC;;CAGpD,MAAgB,mBACd,aACA,SACA,iBACA;EAEA,MAAM,gBADU,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC,CAC1C;AAC9B,MAAI,CAAC,cACH,OAAM,IAAI,MAAM,2BAA2B,cAAc;EAG3D,MAAM,aAA8B,OAAO,WAAW,cAClD,OACA,IAAI,IAAI,OAAO,SAAS,KAAK;EACjC,MAAM,OAAO,MAAM,sBAAsB;GACvC;GACA;GACA,gBAAgB,SAAS,mBAAmB;GAC5C;GACA,uBAAuB,KAAK,kCAAkC;GAC9D,6BAA6B,OAAO,SAAS,MAAM,KAAK,wCAAwC,KAAK;GACtG,CAAC;AAEF,MAAI,KAAK,SAAS,0BAA0B;GAC1C,MAAM,yBAAyB,MAAM,KAAK,kCAAkC;IAC1E,aAAa,KAAK;IAClB,OAAO,KAAK;IACZ,eAAe,KAAK;IACpB,0BAA0B,KAAK;IAC/B,6BAA6B,iBAAiB;IAC/C,CAAC;AACF,SAAM,KAAK,YAAY;IAAE,KAAK;IAAwB,GAAG;IAAS,CAAC;AACnE;;EAGF,MAAM,cAAc,cAAc,QAAQ,gBAAgB,aAAa,gBAAgB,kBAAkB,gBAAgB,kBACrH,MAAM,KAAK,6CAA6C;GACxD,KAAK,KAAK;GACV;GACA,6BAA6B,iBAAiB;GAC/C,CAAC,GACA,KAAK;AACT,QAAM,KAAK,mBAAmB,aAAa,QAAQ;;CAGrD,AAAU,+BAA+B,aAAgC,SAAsC;AAC7G,MAAI,KAAK,oBAAoB,oBAAoB,CAAC,eAAe,EAAE;GAEjE,MAAM,gBADU,QAAQ,KAAK,aAAa,EAAE,WAAW,KAAK,WAAW,CAAC,CAC1C;AAC9B,OAAI,CAAC,cACH,OAAM,IAAI,MAAM,2BAA2B,cAAc;AAE3D,SAAM,eAAe,SAAS;IAAE,MAAM;IAAe,SAAS,SAAS;IAAS,CAAC;;AAEnF,SAAO;;CAGT,MAAM,iBAAiB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,UAAU,QAAQ;;CAC7G,MAAM,iBAAiB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,UAAU,QAAQ;;CAC7G,MAAM,kBAAkB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,WAAW,QAAQ;;CAC/G,MAAM,4BAA4B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,qBAAqB,QAAQ;;CACnI,MAAM,wBAAwB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,iBAAiB,QAAQ;;CAC3H,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,eAAe,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,QAAQ,QAAQ;;CACzG,MAAM,wBAAwB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,iBAAiB,QAAQ;;CAC3H,MAAM,4BAA4B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,qBAAqB,QAAQ;;CACnI,MAAM,sBAAsB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,eAAe,QAAQ;;CACvH,MAAM,sBAAsB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,eAAe,QAAQ;;CACvH,MAAM,qBAAqB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,cAAc,QAAQ;;CACrH,MAAM,uBAAuB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,gBAAgB,QAAQ;;CACzH,MAAM,0BAA0B,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,mBAAmB,QAAQ;;CAC/H,MAAM,gBAAgB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,SAAS,QAAQ;;CAC3G,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,yBAAyB,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,kBAAkB,QAAQ;;CAC7H,MAAM,cAAc,SAA6B;AAAE,SAAO,MAAM,KAAK,mBAAmB,OAAO,QAAQ;;CAEvG,MAAM,wBAAwB,OAAe,SAA6F;AACxI,SAAO,MAAM,KAAK,WAAW,wBAAwB,OAAO,SAAS,eAAe,qBAAqB,KAAK,KAAK,eAAe,cAAc,CAAC;;CAGnJ,MAAM,mBAAmB,OAAe,SAE6E;EACnH,MAAM,cAAc,SAAS,eAAe,qBAAqB,KAAK,KAAK,mBAAmB,cAAc;AAC5G,SAAO,MAAM,KAAK,mCAAmC;GACnD,QAAQ;GACR,SAAS,OAAO,cAAc;AAC5B,WAAO,MAAM,KAAK,WAAW,mBAAmB,OAAO,aAAa,KAAK,8BAA8B,UAAU,CAAC;;GAErH,CAAC;;CAGJ,MAAM,cAAc,SAA+G;AACjI,SAAO,MAAM,KAAK,WAAW,cAAc,QAAQ;;CAGrD,MAAM,wBAAwB,MAAgF;AAC5G,SAAO,MAAM,KAAK,WAAW,wBAAwB,KAAK;;CAG5D,MAAM,yBAAyB,MAA6H;AAC1J,SAAO,MAAM,KAAK,WAAW,qBAAqB;GAChD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;;CAGJ,MAAM,qBAAqB,MAA6H;EACtJ,MAAM,SAAS,MAAM,KAAK,WAAW,qBAAqB;GACxD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;AAEF,MAAI,OAAO,WAAW,KACpB,QAAO,OAAO,GAAG,OAAU;MAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,yBAAyB,MAA+I;EAC5K,MAAM,SAAS,MAAM,KAAK,WAAW,qBAAqB;GACxD,MAAM;GACN;GACA,SAAS,MAAM,KAAK,aAAa;GAClC,CAAC;AAEF,MAAI,OAAO,WAAW,KACpB,QAAO,OAAO,GAAG,EAAE,iBAAiB,OAAO,KAAK,mBAAmB,CAAC;MAEpE,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,YAAY,MAAgF;EAChG,MAAM,SAAS,MAAM,KAAK,WAAW,YAAY,KAAK;AACtD,QAAM,KAAK,kBAAkB,QAAQ,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;AAChE,QAAM,KAAK,4BAA4B,QAAQ,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;AAC1E,SAAO;;CAOT,MAAM,QAAQ,SAA+F;AAE3G,MAAI,SAAS,OAAO,eAAe,QAAQ,sBAAsB,MAC/D,OAAM,IAAI,MAAM,yHAAyH;AAG3I,OAAK,4BAA4B,SAAS,WAAW;EACrD,MAAM,UAAU,MAAM,KAAK,YAAY,SAAS,WAAW;EAC3D,IAAI,OAAO,OAAO,QAAQ,MAAM,KAAK,kBAAkB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC;EAC1F,MAAM,mBAAmB,SAAS,OAAO,eAAe,SAAS,OAAO;EACxE,MAAM,oBAAoB,SAAS,sBAAsB,QAAQ;AAEjE,MAAI,SAAS,QAAS,KAAK,gBAAgB,CAAC,oBAAsB,KAAK,iBAAiB,CAAC,kBACvF,SAAQ,SAAS,IAAjB;GACE,KAAK;AACH,QAAI,CAAC,MAAM,gBAAgB,MAAM,cAC/B,OAAM,KAAK,qBAAqB,EAAE,SAAS,MAAM,CAAC;QAElD,OAAM,KAAK,iBAAiB,EAAE,SAAS,MAAM,CAAC;AAGhD;GAEF,KAAK,QACH,OAAM,IAAI,MAAM,oEAAoE;GAEtF,KAAK,aAAa;IAChB,MAAM,SAAS,MAAM,KAAK,oBAAoB;AAC9C,WAAO,MAAM,KAAK,QAAQ;KAAE,YAAY;KAAQ,IAAI;KAAmC,mBAAmB;KAAM,CAAC,IAAI,SAAS,oDAAoD;;GAEpL,KAAK;GACL,KAAK;GACL,KAAK,cACH,QAAO;;AAKb,SAAO,QAAQ,KAAK,qBAAqB,MAAM,QAAQ;;CAOzD,QAAQ,SAAsF;AAE5F,MAAI,SAAS,OAAO,eAAe,QAAQ,sBAAsB,MAC/D,OAAM,IAAI,MAAM,yHAAyH;AAG3I,OAAK,4BAA4B,SAAS,WAAW;EAErD,MAAM,UAAU,KAAK,YAAY,SAAS,WAAW;EACrD,IAAI,OAAO,cAAc,KAAK,mBAAmB,CAAC,QAAQ,EAAW,sBAAsB;EAC3F,MAAM,mBAAmB,SAAS,OAAO,eAAe,SAAS,OAAO;EACxE,MAAM,oBAAoB,SAAS,sBAAsB,QAAQ;AAEjE,MAAI,SAAS,QAAS,KAAK,gBAAgB,CAAC,oBAAsB,KAAK,iBAAiB,CAAC,kBACvF,SAAQ,SAAS,IAAjB;GACE,KAAK;AACH,QAAI,CAAC,MAAM,gBAAgB,MAAM,eAC/B;SAAI,CAAC,KAAK,+BAA+B,cAAc,EAAE,SAAS,MAAM,CAAC,CACvE,mBAAkB,KAAK,qBAAqB,EAAE,SAAS,MAAM,CAAC,CAAC;eAG7D,CAAC,KAAK,+BAA+B,UAAU,EAAE,SAAS,MAAM,CAAC,CACnE,mBAAkB,KAAK,iBAAiB,EAAE,SAAS,MAAM,CAAC,CAAC;AAG/D,aAAS;AACT,UAAM,IAAI,oBAAoB,8BAA8B;GAE9D,KAAK,QACH,OAAM,IAAI,MAAM,oEAAoE;GAEtF,KAAK;AAGH,sBAAkB,YAAY;AAC5B,WAAM,KAAK,oBAAoB;AAC/B,SAAI,OAAO,WAAW,YACpB,QAAO,SAAS,QAAQ;MAE1B;AACF,aAAS;AACT,UAAM,IAAI,oBAAoB,8BAA8B;GAE9D,KAAK;GACL,KAAK;GACL,KAAK;AACH,WAAO;AACP;;AAKN,SAAO,cAAc;AACnB,UAAO,QAAQ,KAAK,qBAAqB,MAAM,QAAQ;KACtD;GAAC;GAAM;GAAS,SAAS;GAAG,CAAC;;CAGlC,gCAAgC,SAA0B,SAA+E;EACvI,MAAM,cAAc,QAAQ,8BAA8B,GAAG,KAAK;AAClE,MAAI,CAAC,YACH,QAAO;EAET,MAAM,cAAc,YAAY,QAAQ;AACxC,MAAI,eAAe,QAAQ,OAAO,sBAChC,QAAO;AAET,SAAO;GACL,IAAI,YAAY,QAAQ;GACxB,cAAc,YAAY,QAAQ;GAClC,aAAa,YAAY,QAAQ;GACjC,sBAAsB,YAAY,QAAQ;GAC1C;GACA,uBAAuB,YAAY,QAAQ;GAC3C,cAAc,YAAY,QAAQ;GAClC,kBAAkB,YAAY,QAAQ;GACvC;;CAGH,MAAM,0BAA0B,KAAkD;EAChF,MAAM,OAAO,MAAM,IAAI,KAAK,iBAAiB;AAC7C,MAAI,CAAC,KACH,QAAO;AAET,SAAO;GACL,IAAI,KAAK;GACT,aAAa,KAAK,QAAQ;GAC1B,cAAc,KAAK,SAAS;GAC5B,sBAAsB,KAAK;GAC3B,aAAa,KAAK;GAClB,uBAAuB,KAAK;GAC5B,cAAc,KAAK;GACnB,kBAAmB,KAAK,qBAAiD;GAC1E;;CAKH,MAAM,eAAe,SAA4G;AAC/H,UAAQ,QAAQ,MAAhB;GACE,KAAK,SAAS;AACZ,SAAK,4BAA4B,QAAQ,cAAc,KAAK,gBAAgB;IAC5E,MAAM,UAAU,MAAM,KAAK,YAAY,QAAQ,WAAW;AAC1D,WAAO,KAAK,gCAAgC,SAAS,QAAQ;;GAE/D,KAAK,SACH,QAAO,MAAM,KAAK,0BAA0B,QAAQ,IAAI;GAE1D,QAEE,OAAM,IAAI,MAAM,0BAA0B,QAAQ,OAAO;;;CAM/D,eAAe,SAAmG;AAChH,UAAQ,QAAQ,MAAhB;GACE,KAAK,SAAS;AACZ,SAAK,4BAA4B,QAAQ,cAAc,KAAK,gBAAgB;IAC5E,MAAM,UAAU,KAAK,YAAY,QAAQ,WAAW;AACpD,WAAO,KAAK,gCAAgC,SAAS,QAAQ;;GAE/D,KAAK,SAEH,QADe,cAAc,KAAK,yBAAyB,CAAC,QAAQ,IAAI,EAAW,6BAA6B;GAGlH,QAEE,OAAM,IAAI,MAAM,0BAA0B,QAAQ,OAAO;;;CAI/D,oBAAoB,SAA2G;AAC7H,SAAO,OAAO,SAAyC;GACrD,MAAM,UAAU,MAAM,KAAK,YAAY,QAAQ,cAAc,KAAK,gBAAgB;AAClF,OAAI,CAAC,KAAK,kBAER,SADe,MAAM,QAAQ,4BAA4B,KAAQ,KAAO,GACzD,YAAY,SAAS;AAGtC,WADe,MAAM,QAAQ,gBAAgB,GAC9B,YAAY,SAAS;;;CAIxC,MAAM,wBAAwB,SAA0D;AAGtF,UADe,OADC,MAAM,KAAK,YAAY,QAAQ,WAAW,EAC7B,4BAA4B,KAAQ,KAAO,GACzD,YAAY,SAAS;;CAGtC,MAAgB,kBAAkB,QAA2B,SAA0B;EACrF,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,wBAAwB,OAAO,EAAE,QAAQ;AAC5F,QAAM,KAAK,aAAa,QAAQ;AAChC,SAAO;;CAGT,MAAM,gBAAgB,UAAwB,SAE3C;AACD,MAAI,OAAO,WAAW,YACpB,OAAM,IAAI,MAAM,wEAAwE;AAG1F,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;EAChD,MAAM,2BAA2B,SAAS,YAAY,OAClD,qBAAqB,QAAQ,UAAU,WAAW,GAElD,WAAW,aAAa,IAAI,uBAAuB,GAC/C,WAAW,UAAU,GACrB;EAER,MAAM,WAAW,KAAK,0BAA0B;EAChD,MAAM,EAAE,eAAe,UAAU,MAAM,sBAAsB;EAE7D,MAAM,eAAe,OAAO,cAAuF;AACjH,UAAO,MAAM,KAAK,WAAW,eAAe;IAC1C;IACA,aAAa,qBAAqB,KAAK,8BAA8B,EAAE,cAAc;IACrF,kBAAkB,qBAAqB,KAAK,KAAK,OAAO,mBAAmB;IAC3E;IACA,MAAM;IACN,eAAe,KAAK,qBAAqB,WAAW,KAAK,IAAI;IAC7D;IACA;IACA,cAAc,KAAK,8BAA8B,UAAU;IAC3D;IACD,CAAC;;EAGJ,IAAI;AACJ,MAAI;AACF,OAAI,SACF,mBAAkB,MAAM,qBAAqB;IAC3C,GAAG;IACH,QAAQ;IACR,SAAS;IACT,sBAAsB,WAAW;AAC/B,YAAO,OAAO,WAAW,WAAW,YAAY,qBAAqB,WAAW,OAAO,MAAM;;IAEhG,CAAC;OAGF,mBAAkB,MAAM,aAAa,EAAE,CAAC;WAEnC,GAAG;GACV,MAAM,cAAc,KAAK,4BAA4B,EAAE;AACvD,OAAI,aAAa,SAAS,YACxB;AAEF,OAAI,aAAa,SAAS,SACxB,OAAM,YAAY;AAEpB,SAAM;;EAGR,MAAM,WAAW,OAAO,QAAQ,gBAAgB;AAChD,QAAM,KAAK,YAAY,EAAE,KAAK,UAAU,CAAC;AACzC,QAAM,cAAc;;;;;CAMtB,MAAgB,iBAAiB,OAAyD,SAA0C;AAElI,MAAI,OAAO,WAAW,YACpB,QAAO,eAAe,QAAQ,0BAA2B,MAAM,SAAiB,gBAAgB,SAAS,uBAAuB,CAAC;AAInI,QAAM,KAAK,eAAe;AAE1B,QAAM,IAAI,oBAAoB,+CAA+C;;;;;;CAO/E,MAAgB,uBAA6B,UAAgI;AAC3K,MAAI;AACF,UAAO,MAAM,UAAU;WAChB,GAAG;AACV,OAAI,YAAY,kCAAkC,WAAW,EAAE,CAC7D,QAAO,OAAO,GAAG,MAAM,KAAK,iBAC1B,GACA,MAAM,KAAK,YAAY,QAAW,EAAE,6BAA6B,OAAO,CAAC,CAC1E,CAAC;AAEJ,SAAM;;;CAIV,MAAM,qBAAqB,SAI2E;AACpG,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,qBAAqB,QAAQ,OAAO,QAAQ,UAAU,QAAQ;KAC3F;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,CAC3C,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAC,QAAQ,WACX,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAErD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,qBAAqB,SAM+H;AACxJ,MAAI,QAAQ,0BAA0B,QAAQ,wBAC5C,OAAM,IAAI,oBAAoB,6EAA6E;AAE7G,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,MAAM,+BAA+B,QAAQ,yBAAyB,SAAY,QAAQ,2BAA2B,qBAAqB,KAAK,KAAK,mBAAmB,0BAA0B;EAEjM,MAAM,gBAAgB,OAAO,cAAuF;GAClH,IAAI,SAAS,MAAM,KAAK,WAAW,qBACjC,QAAQ,OACR,QAAQ,UACR,8BACA,SACA,KAAK,8BAA8B,UAAU,CAC9C;AAKD,OAAI,OAAO,WAAW,WACpB,OAAO,iBAAiB,YAAY,6BACpC,iCAAiC,QACjC;QAAI,CAAC,QAAQ,yBAAyB;AACpC,kBAAa,2CAA2C,IAAI,oBAAoB,4GAA4G,EAAE,8BAA8B,CAAC,CAAC;AAE9N,cAAS,MAAM,KAAK,WAAW,qBAC7B,QAAQ,OACR,QAAQ,UACR,QACA,SACA,KAAK,8BAA8B,UAAU,CAC9C;;;AAIL,UAAO;;EAGT,IAAI;AACJ,WAAS,MAAM,KAAK,mCAAmC;GACrD,QAAQ;GACR,SAAS;GACV,CAAC;AAEF,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAC,QAAQ,WACX,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAErD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAIrC,MAAM,qBAAqB;AACzB,OAAK,6BAA6B;AAElC,MAAI,CAAC,KAAK,2BACR,MAAK,8BAA8B,YAAY;AAC7C,QAAK,6BAA6B;GAClC,MAAM,UAAU,MAAM,KAAK,aAAa;GACxC,MAAM,SAAS,MAAM,KAAK,WAAW,kBAAkB,QAAQ;AAC/D,OAAI,OAAO,WAAW,KACpB,OAAM,KAAK,2BAA2B,OAAO,KAAK;OAElD,OAAM,IAAI,oBAAoB,mDAAmD;AAEnF,QAAK,6BAA6B;AAClC,UAAO,OAAO;MACZ;AAGN,SAAO,MAAM,KAAK;;CAGpB,MAAM,oBAAoB,MAAc,SAAuI;AAC7K,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,oBAAoB,MAAM,QAAQ;KAC/D;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,CAC3C,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAE,SAAS,WACb,KAAI,OAAO,KAAK,QACd,OAAM,KAAK,mBAAmB,eAAe,EAAE,SAAS,MAAM,EAAE,EAAE,6BAA6B,OAAO,CAAC;OAEvG,OAAM,KAAK,mBAAmB,eAAe,EAAE,SAAS,MAAM,EAAE,EAAE,6BAA6B,OAAO,CAAC;AAG3G,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;;;;;;;;;;;;;;;;;;;;;CAwBrC,MAAM,eAAe,SAO2G;EAE9H,MAAM,WAAW,MAAM,KAAK,WAAW,kBACrC,aACA;GACE,QAAQ;GACR,SAAS,EACP,gBAAgB,oBACjB;GACD,MAAM,KAAK,UAAU;IACnB,mBAAmB,QAAQ;IAC3B,GAAI,QAAQ,oBAAoB,OAAO,EAAE,oBAAoB,QAAQ,kBAAkB,GAAG,EAAE;IAC7F,CAAC;GACH,EACD,KACD;AAED,MAAI,CAAC,SAAS,GACZ,QAAO,OAAO,MAAM,IAAI,YAAY,aAAa,gCAAgC,SAAS,OAAO,GAAG,MAAM,SAAS,MAAM,GAAG,CAAC;EAG/H,MAAM,aAAa,MAAM,SAAS,MAAM;EACxC,MAAM,cAAc,WAAW;EAC/B,MAAM,YAAY,WAAW;EAG7B,MAAM,MAAM,uBAAuB;GACjC,mBAAmB,KAAK,KAAK;GAC7B,QAAQ,QAAQ;GAChB;GACD,CAAC;AACF,MAAI,QAAQ,WACV,SAAQ,WAAW,KAAK,UAAU;OAC7B;AACL,WAAQ,IAAI,2BAA2B,YAAY;AACnD,WAAQ,IAAI,oDAAoD,MAAM;;EAIxE,IAAI,WAAW;AACf,SAAO,YAAY,QAAQ,eAAe,WAAW;AACnD;GACA,MAAM,eAAe,MAAM,KAAK,WAAW,kBAAkB,kBAAkB;IAC7E,QAAQ;IACR,SAAS,EACP,gBAAgB,oBACjB;IACD,MAAM,KAAK,UAAU,EACnB,cAAc,aACf,CAAC;IACH,EAAE,KAAK;AAER,OAAI,CAAC,aAAa,GAChB,QAAO,OAAO,MAAM,IAAI,YAAY,aAAa,gCAAgC,aAAa,OAAO,GAAG,MAAM,aAAa,MAAM,GAAG,CAAC;GAEvI,MAAM,aAAa,MAAM,aAAa,MAAM;AAE5C,OAAI,aAAa,WAAW,OAAO,WAAW,WAAW,UACvD,QAAO,OAAO,GAAG,WAAW,cAAc;AAE5C,OAAI,WAAW,WAAW,WAAW;AACnC,UAAM,KAAK,QAAQ,kBAAkB,IAAK;AAC1C;;AAEF,OAAI,WAAW,WAAW,UACxB,QAAO,OAAO,MAAM,IAAI,YAAY,oBAAoB,wDAAwD,CAAC;AAEnH,OAAI,WAAW,WAAW,OACxB,QAAO,OAAO,MAAM,IAAI,YAAY,iBAAiB,mDAAmD,CAAC;AAE3G,UAAO,OAAO,MAAM,IAAI,YAAY,aAAa,4CAA4C,WAAW,SAAS,CAAC;;AAGpH,SAAO,OAAO,MAAM,IAAI,YAAY,aAAa,4CAA4C,CAAC;;CAUhG,MAAM,cAAc,MAAc,MAAc,SAAuI;AACrL,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,KAAK,WAAW,cAAc,MAAM,MAAM,QAAQ;KAC/D;WACK,GAAG;AACV,OAAI,aAAa,YAAY,gBAC3B,QAAO,OAAO,MAAM,EAAE;AAExB,SAAM;;AAGR,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,OAAI,CAAE,SAAS,WACb,KAAI,OAAO,KAAK,QACd,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;OAEnD,OAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AAGvD,UAAO,OAAO,GAAG,OAAU;;AAE7B,SAAO,OAAO,MAAM,OAAO,MAAM;;CAGnC,MAAM,oBAAmK;AACvK,OAAK,6BAA6B;EAClC,MAAM,UAAU,MAAM,KAAK,aAAa;EACxC,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;IACrD,MAAM,mBAAmB,MAAM,KAAK,WAAW,8BAA8B,EAAE,EAAE,QAAQ;AACzF,QAAI,iBAAiB,WAAW,KAC9B,QAAO,OAAO,MAAM,IAAI,YAAY,4BAA4B,8DAA8D,CAAC;IAGjI,MAAM,EAAE,cAAc,SAAS,iBAAiB;AAGhD,QAAI,aAAa,SAAS,0CACxB,OAAM,IAAI,oBAAoB,oEAAoE,aAAa,OAAO;AAExH,iBAAa,OAAO,OAAO,SAAS;IAEpC,MAAM,0BAA0B,MAAM,oBAAoB,EAAE,aAAa,cAAc,CAAC;AACxF,WAAO,MAAM,KAAK,WAAW,kBAAkB;KAAE;KAAyB;KAAM,EAAE,QAAQ;KAC1F;WACK,OAAO;AACd,OAAI,iBAAiB,cACnB,QAAO,OAAO,MAAM,IAAI,YAAY,qBAAqB,MAAM,SAAS,MAAM,KAAK,CAAC;OAGpF,QAAO,OAAO,MAAM,IAAI,YAAY,4BAA4B,iCAAiC,CAAC;;AAItG,MAAI,OAAO,WAAW,MAAM;AAC1B,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAClD,SAAM,KAAK,sBAAsB,EAAE,SAAS,MAAM,CAAC;AACnD,UAAO,OAAO,GAAG,OAAU;QAE3B,QAAO,OAAO,MAAM,OAAO,MAAM;;CAKrC,MAAM,kBACJ,SAGA;AACA,MAAI,OAAO,WAAW,YACpB,OAAM,IAAI,MAAM,0EAA0E;AAE5F,MAAI,KAAK,mCAAmC,CAC1C,MAAK,6BAA6B;EAEpC,IAAI,2BAA2B,KAAK,8BAA8B;EAClE,MAAM,aAAa,IAAI,IAAI,OAAO,SAAS,KAAK;AAChD,MAAI,WAAW,aAAa,IAAI,2BAA2B,OAAO,KAAK,KAAK;AAC1E,cAAW,aAAa,OAAO,OAAO;AACtC,cAAW,aAAa,OAAO,QAAQ;AACvC,8BAA2B,WAAW,UAAU;;EAElD,IAAI;AACJ,MAAI;AACF,YAAS,MAAM,KAAK,uBAAuB,YAAY;AACrD,WAAO,MAAM,kBAAkB,KAAK,YAAY,0BAA0B,QAAQ;KAClF;WACK,GAAG;AACV,OAAI,YAAY,gBAAgB,WAAW,EAAE,EAAE;AAC7C,UAAM,kDAAkD;AACxD,WAAO;SAEP,OAAM;;AAGV,MAAI,OAAO,WAAW,QAAQ,OAAO,MAAM;AACzC,QAAK,6BAA6B;AAClC,SAAM,KAAK,2BAA2B,OAAO,KAAK;AAGlD,OAAI,8BAA8B,OAAO,QAAQ,OAAO,KAAK,0BAA0B;AACrF,UAAM,KAAK,YAAY;KAAE,KAAK,OAAO,KAAK;KAA0B,SAAS;KAAM,CAAC;AACpF,WAAO;cACE,OAAO,KAAK,SAAS;AAC9B,UAAM,KAAK,mBAAmB,eAAe,EAAE,SAAS,MAAM,EAAE,EAAE,6BAA6B,OAAO,CAAC;AACvG,WAAO;UACF;AACL,UAAM,KAAK,mBAAmB,eAAe,EAAE,SAAS,MAAM,EAAE,EAAE,6BAA6B,OAAO,CAAC;AACvG,WAAO;;;AAGX,SAAO;;CAGT,MAAgB,SAAS,SAA0B,SAAyD;AAE1G,OAAK,eAAe,aAAa;AACjC,OAAK,kBAAkB,aAAa;AAEpC,QAAM,UAAU,cAAc,YAAY;AACxC,SAAM,KAAK,WAAW,QAAQ,QAAQ;AACtC,OAAI,SAAS,YACX,OAAM,KAAK,YAAY;IAAE,KAAK,QAAQ;IAAa,SAAS;IAAM,CAAC;OAEnE,OAAM,KAAK,wBAAwB;IAErC;;CAGJ,MAAM,QAAQ,SAAsF;EAClG,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,OAAM,KAAK,QAAQ,EAAE,aAAa,SAAS,aAAa,CAAC;;CAI7D,MAAM,eAAe,SAAmE;EACtF,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,gBAAgB;AAEpC,SAAO;;CAGT,eAAe,SAA0D;EACvE,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,gBAAgB;AAE9B,SAAO;;CAGT,MAAM,gBAAgB,SAAmE;EACvF,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,iBAAiB;AAErC,SAAO;;CAGT,gBAAgB,SAA0D;EACxE,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,iBAAiB;AAE/B,SAAO;;CAGT,MAAM,uBAAuB,SAAmE;AAC9F,SAAO,wCAAwC,MAAM,KAAK,YAAY,QAAQ,CAAC;;CAGjF,uBAAuB,SAA0D;AAC/E,SAAO,wCAAwC,KAAK,YAAY,QAAQ,CAAC;;CAG3E,MAAM,eAAe,SAAgF;AACnG,SAAO,EACL,gBAAgB,KAAK,UAAU,MAAM,KAAK,YAAY,QAAQ,CAAC,EAChE;;CAGH,eAAe,SAAuE;AACpF,SAAO,EACL,gBAAgB,KAAK,UAAU,KAAK,YAAY,QAAQ,CAAC,EAC1D;;CAGH,MAAM,YAAY,SAAiH;EACjI,MAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AACxF,MAAI,KACF,QAAO,MAAM,KAAK,aAAa;AAEjC,SAAO;GAAE,aAAa;GAAM,cAAc;GAAM;;CAGlD,YAAY,SAAwG;EAClH,MAAM,OAAO,KAAK,QAAQ,EAAE,YAAY,SAAS,cAAc,QAAkB,CAAC;AAClF,MAAI,KACF,QAAO,KAAK,aAAa;AAE3B,SAAO;GAAE,aAAa;GAAM,cAAc;GAAM;;CAGlD,MAAM,aAA+B;EACnC,MAAM,OAAO,OAAO,QAAQ,MAAM,KAAK,qBAAqB,UAAU,EAAE,EAAE,aAAa,CAAC;AACxF,SAAO,KAAK,uBAAuB,KAAK;;CAG1C,aAAsB;EACpB,MAAM,OAAO,cAAc,KAAK,sBAAsB,EAAE,EAAE,yBAAyB;AACnF,SAAO,cAAc,KAAK,uBAAuB,KAAK,EAAE,CAAC,KAAK,CAAC;;CAGjE,MAAgB,mBAAmB,SAAwD;AACzF,OAAK,wBAAwB;AAE7B,SADa,OAAO,QAAQ,MAAM,KAAK,oBAAoB,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAClF,KAAK,MAAM,KAAK,kBAAkB,EAAE,IAAI,QAAQ,CAAC,2BAC3D,SACM,KAAK,sBAAsB,QAAQ,CAC1C,CAAC;;CAGJ,AAAU,kBAAkB,SAA+C;AACzE,OAAK,wBAAwB;EAC7B,MAAM,WAAW,cAAc,KAAK,qBAAqB,CAAC,QAAQ,EAAE,+BAA+B;AACnG,SAAO,cAAc,SAAS,KAAK,MAAM,KAAK,kBAAkB,EAAE,IAAI,QAAQ,CAAC,2BAC7E,SACM,KAAK,sBAAsB,QAAQ,CAC1C,CAAC,EAAE,CAAC,SAAS,CAAC;;CAEjB,MAAgB,eAAe,SAA0B,YAA6G;AACpK,OAAK,wBAAwB;EAC7B,MAAM,OAAO,MAAM,KAAK,WAAW,cAAc,gCAAgC,WAAW,EAAE,QAAQ;EACtG,MAAM,MAAM,KAAK,kBAAkB,KAAK,IAAI,QAAQ,CAAC,2BACnD,YACM,KAAK,sBAAsB,QAAQ,CAC1C;AACD,QAAM,KAAK,sBAAsB,QAAQ;AACzC,SAAO;;CAGT,MAAgB,aAAa,SAA0B;AAErD,QAAM,KAAK,gBAAgB,QAAQ;;CAGrC,MAAgB,gBAAgB,SAA0B;AACxD,QAAM,QAAQ,IAAI,CAChB,KAAK,kBAAkB,QAAQ,CAAC,QAAQ,CAAC,EACzC,KAAK,mCAAmC,QAAQ,CAAC,QAAQ,CAAC,CAC3D,CAAC;AAEF,UAAQ,2BAA2B;;CAGrC,MAAgB,gBAAgB;CAIhC,MAAgB,kBAAkB;AAChC,QAAM,KAAK,qBAAqB,QAAQ,EAAE,CAAC;;CAG7C,MAAgB,sBAAsB,SAA0B;AAC9D,QAAM,KAAK,oBAAoB,QAAQ,CAAC,QAAQ,CAAC;;CAGnD,YAAY,2BAA2B;AACrC,SAAO,EACL,iBACE,SAC6C;GAC7C,MAAM,sBAAsB,KAAK,UAAU,KAAK,MAAM,EAAsB,CAAC,CAAC;GAC9E,MAAM,WAAW,cAAc,IAAI,KAAK,iBAAiB;AACzD,OAAI,UAAU;IACZ,MAAM,CAAC,qBAAqB,aAAa;AACzC,QAAI,wBAAwB,UAAa,wBAAwB,oBAC/D,OAAM,IAAI,oBAAoB,qHAAqH;KAAE,aAAa;KAAM,gBAAgB;KAAqB,CAAC;AAEhN,WAAO;;GAGT,MAAM,EAAE,WAAW,GAAG,aAAa,KAAK,MAAM,CAAC,mBAAmB,CAAC;AACnE,UAAO,IAAI,8BAAwD;IACjE,GAAG;IACH,WAAW,yBAAyB,UAAU;IAC/C,EAAE;IACD,kBAAkB,KAAK;IACvB,aAAa;IACd,CAAC;KAEL;;CAGH,KAAK,2BAA2B;AAC9B,SAAO;GACL,oBAAkE;AAChE,QAAI,OAAO,KAAK,oBAAoB,SAClC,OAAM,IAAI,oBAAoB,iFAAiF;IAGjH,MAAM,uBAAuB,0BAA0B,KAAK,WAAW,UACnE,KAAK,WAAW,QAAQ,uBACxB;AAEJ,WAAO;KACL,SAAS,KAAK,SAAS;KACvB,WAAW,KAAK;KAChB,GAAI,wBAAwB,OAAO,EAAE,sBAAsB,GAAG,EAAE;KAChE,YAAY,KAAK;KACjB,MAAM,KAAK;KACX,qBAAqB,KAAK;KAC1B,kBAAkB,KAAK,sBAAsB;KAC7C,gBAAgB,KAAK;KACrB,qBAAqB,KAAK,SAAS;KACnC,SAAS,KAAK,SAAS;KACvB,WAAW,uBAAuB,KAAK,kBAAkB;KAC1D;;GAEH,iBAAiB,oBAAuE;AACtF,sBAAkB,YAAY;AAC5B,WAAM,KAAK,kBAAkB,yBAAyB,CAAC,MAAM,KAAK,aAAa,CAAC,EAAE,OAAO,YAAY,gBAAgB,CAAC;MACtH;;GAEJ,6BAA6B,KAAK;GAClC,wBAAwB,OAAO,MAAc,YAAoC;AAC/E,WAAO,MAAM,KAAK,WAAW,uBAAuB,MAAM,MAAM,KAAK,aAAa,EAAE,QAAQ;;GAE9F,yBAAyB,OAAO,MAAc,YAAoC;AAChF,WAAO,MAAM,KAAK,WAAW,wBAAwB,MAAM,MAAM,KAAK,aAAa,EAAE,QAAQ;;GAE/F,qBAAqB,aAA8B;AACjD,WAAO,KAAK,WAAW,mBAAmB,SAAS;;GAErD,aAAa,OACX,MACA,gBACA,cAA6C,aAC1C;AACH,WAAO,MAAM,KAAK,WAAW,kBAAkB,MAAM,gBAAgB,MAAM,KAAK,aAAa,EAAE,YAAY;;GAE7G,yBAAyB,KAAK,mBAAmB,SAAS,mFAAmF;GAC7I,eAAe,OAAO,KAAmB,YAAoC;AAC3E,UAAM,KAAK,YAAY;KAAE;KAAK,GAAG;KAAS,CAAC;;GAE7C,sBAAsB,YAAY;AAChC,UAAM,KAAK,sBAAsB,MAAM,KAAK,aAAa,CAAC;;GAE5D,kBAAkB,OAAO,WAA0D;AACjF,UAAM,KAAK,2BAA2B,OAAO;;GAEhD"}