@zuplo/graphql 5.1692.0 → 5.1695.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.minified.js CHANGED
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
71
71
  `+d}):new kr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
72
72
  If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
73
73
  `+l+`
74
- `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new kr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(YA,"validateComputedSignature");function ZA(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(ZA,"parseHeader");function XA(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(XA,"secureCompare");async function Fg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=np[o[c]];return a.join("")}s(Fg,"computeHMACSignatureAsync");On.computeHMACSignatureAsync=Fg;var np=new Array(256);for(let e=0;e<np.length;e++)np[e]=e.toString(16).padStart(2,"0")});var qt=g(la=>{"use strict";Object.defineProperty(la,"__esModule",{value:!0});la.optionValidator=void 0;var Pi=L();function eR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(eR,"optionValidator");la.optionValidator=eR});var ip=g(da=>{"use strict";Object.defineProperty(da,"__esModule",{value:!0});da.StripeWebhookVerificationInboundPolicy=void 0;var tR=se(),rR=qg(),nR=qt(),iR=s(async(e,t,r,n)=>{(0,nR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,rR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),tR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");da.StripeWebhookVerificationInboundPolicy=iR});var $g=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.MeteringPlugin=void 0;var oR=gt(),op=class extends oR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};pa.MeteringPlugin=op});var jg=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeMeteringPlugin=void 0;var lt=L(),sR=Ct(),aR=ip(),Nn=se(),cR=Yt(),uR=zr(),lR=Lu(),dR=ot(),sp=Y(),ap=Dt(),pR=$g(),hR="checkout.session.completed",cp=class extends pR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l}=this.options;if(!l)throw new lt.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");let d=this.options.meteringBucketRegion??"us-central1";bR(d);let p=await c.json();try{gR(p)}catch{return Nn.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."})}u.log.info(`Received Stripe webhook event of type '${p.type}' with ID '${p.id}'.`);let f;try{f=await fR({event:p,stripeSecretKey:this.options.stripeSecretKey,logger:u.log})}catch(h){return Nn.HttpProblems.internalServerError(c,u,{detail:h.message??"Unknown error getting subscription info"})}if(f){let h;if(this.options.apiKeyBucketName&&sp.Environment.instance.build.ACCOUNT_NAME&&this.options.zuploAccountApiKey?h=await mR({bucketName:this.options.apiKeyBucketName,accountName:sp.Environment.instance.build.ACCOUNT_NAME,stripeProductId:f.productId,stripeSubscriptionId:f.subscriptionId,stripeCustomerId:f.customerId,managerEmail:f.customerEmail,zuploAccountApiKey:this.options.zuploAccountApiKey,logger:u.log}):u.log.debug("Skipping consumer creation. No 'apiKeyBucketName', 'zuploAccountApiKey', or account variable set."),!h)return Nn.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let y="routes.oas.json";return yR({request:c,context:u,stripeProductId:f.productId,stripeSubscriptionId:f.subscriptionId,customerKey:h,productKey:y,meteringBucketId:l,meteringBucketRegion:d})}return Nn.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})},"stripeWebhookHandler"),i=(0,uR.createInternalPolicyProcessor)({inboundPolicies:[{handler:aR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new sR.Pipeline({processors:[cR.metricsProcessor,i],handler:n,gateway:r}),a=new dR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__zuplo/stripe-webhooks",systemRouteName:lR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};ha.StripeMeteringPlugin=cp;async function fR({event:e,stripeSecretKey:t,logger:r}){let n;if(e.type===hR){let l=e,d=l.data?.object?.subscription;if(!d)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");if(!l.data?.object?.client_reference_id)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");let f=await fetch(`https://api.stripe.com/v1/subscriptions/${d}`,{headers:{Authorization:`Bearer ${t}`}}),h=await f.json();if(f.status!==200)throw r.error(h),new lt.RuntimeError(h.message??"Error calling Stripe API");n=h}if(!n)return;let i=n.id;if(!i)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");let o=n.items?.data.find(l=>l.object==="subscription_item");if(!o||!o.id)throw new Error("Invalid Stripe Webhook event. Expected '.data.object.items.data[]' to contain a subscription_item.");let a=o.plan;if(!a||!a.product)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.items.data[].plan'.");let c=await fetch(`https://api.stripe.com/v1/customer/${n.customer}`,{headers:{Authorization:`Bearer ${t}`}}),u=await c.json();if(c.status!==200)throw r.error("Error creating stripe customer",u),new lt.RuntimeError("Error creating stripe customer");return{subscriptionId:i,productId:a.id,customerId:n.customer,customerEmail:u.email}}s(fR,"getStripeSubscription");async function mR({accountName:e,bucketName:t,zuploAccountApiKey:r,stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o,managerEmail:a,logger:c}){let u=new URL(`/v1/accounts/${e}/key-buckets/${t}/consumers`,"https://dev.zuplo.com");u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:`Consumer for Stripe subscription ${n}`,tags:{providerSubscriptionKey:n,planProviderKey:i},metadata:{stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o},managers:[a]},p=await fetch(u,{method:"POST",headers:{Authorization:`Bearer ${r}`},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Unknown error creating subscription";try{h=f.detail??f.title??h}catch{}throw c.error(h,f),new lt.RuntimeError(h)}return c.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:n,stripeProductId:i}),l}s(mR,"createConsumer");async function yR({request:e,context:t,stripeSubscriptionId:r,stripeProductId:n,customerKey:i,productKey:o,meteringBucketId:a,meteringBucketRegion:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:c,providerKey:r,planProviderKey:n,customerKey:i,productKey:o};try{let{authApiJWT:l,meteringServiceUrl:d}=sp.Environment.instance;if(!(0,ap.isNonEmptyString)(l))throw new lt.SystemError("No Zuplo JWT token set.");let p=await fetch(`${d}/internal/v1/metering/${a}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json"},method:"POST",body:JSON.stringify(u)});if(p.status!==200){let f="Unknown error creating subscription",h;try{h=await p.json(),f=h.detail??h.title??f}catch{}throw t.log.error(f,h),new lt.RuntimeError(f)}}catch(l){return Nn.HttpProblems.internalServerError(e,t,{detail:l.message})}return t.log.info("Successfully created/updated metering subscription.",u),Nn.HttpProblems.ok(e,t)}s(yR,"saveSubscription");function gR(e){if(!(e!==null&&typeof e=="object"&&"id"in e&&(0,ap.isString)(e.id)&&"type"in e&&(0,ap.isString)(e.type)))throw new Error("Object is not a stripe webhook event")}s(gR,"assertsStripeWebhookEvent");function bR(e){if(!(e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)))throw new lt.ConfigurationError("StripeMeteringPlugin - The value of 'meteringBucketRegion' is not a valid region.")}s(bR,"assertsMeteringRegion")});var Jg=g(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.AmberfloMeteringInboundPolicy=xn.AmberfloMeteringPolicy=void 0;var Vg=L(),_R=ve(),Gg=ni(),Kg=new WeakMap,Bg={},up=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Kg.set(t,r)}};xn.AmberfloMeteringPolicy=up;async function ER(e,t,r,n){if(!r.statusCodes)throw new Vg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Gg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Kg.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Vg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Gg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=Bg[r.apiKey];if(!f){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";f=new _R.BatchDispatch("amberflo-ingest-meter",10,async v=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(v),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Bg[h]=f}f.enqueue(p),t.waitUntil(f.waitUntilFlushed())}}),e}s(ER,"AmberfloMeteringInboundPolicy");xn.AmberfloMeteringInboundPolicy=ER});var lp=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.sha256=void 0;async function wR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(wR,"sha256");fa.sha256=wR});var $t=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.getPolicyCacheName=void 0;var vR=lp(),zg=new Map;async function TR(e,t){let r,n=zg.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,vR.sha256)(JSON.stringify({policyName:e,options:t}))}`,zg.set(e,r)),r}s(TR,"getPolicyCacheName");ma.getPolicyCacheName=TR});var fp=g(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.ApiKeyInboundPolicy=void 0;var SR=$t(),IR=Jt(),Wg=wd(),dp=L(),PR=Lt(),pp=Le(),hp=Y(),AR=Ss(),Qg="key-metadata-cache-type";function RR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(RR,"getKeyValue");async function OR(e,t,r,n){if(!r.bucketName)if(Wg.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Wg.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new dp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new dp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:PR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=RR(a,i);if(!c||c==="")return o("No key present");let u=await NR(c),l=await(0,SR.getPolicyCacheName)(n,i),d=new IR.MemoryZoneReadThroughCache(l,{logger:pp.SystemLogMap.getLogger(t)}),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Qg&&pp.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let f={key:c},h=await(0,AR.fetchRetry)({retryDelayMs:5,retries:2,logger:pp.SystemLogMap.getLogger(t)},`${hp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":hp.Environment.instance.deploymentName??"unknown","User-Agent":hp.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new dp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),v={isValid:!0,typeId:Qg,user:{sub:y.name,data:y.metadata}};return e.user=v.user,d.put(u,v,i.cacheTtlSeconds),e}s(OR,"ApiKeyInboundPolicy");ya.ApiKeyInboundPolicy=OR;async function NR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(NR,"hashValue")});var Yg=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.ApiAuthKeyInboundPolicy=void 0;var xR=fp();ga.ApiAuthKeyInboundPolicy=xR.ApiKeyInboundPolicy});var jt=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.OpenIdJwtInboundPolicy=void 0;var yp=(vs(),Xi(ws)),gp=L(),CR=se(),mp={},LR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new gp.ConfigurationError("Invalid State - jwkUrl not set");mp[t.jwkUrl]||(mp[t.jwkUrl]=(0,yp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,yp.jwtVerify)(e,mp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),DR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,yp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),UR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(f=>CR.HttpProblems.unauthorized(e,t,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new gp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new gp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?LR:DR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(o.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ba.OpenIdJwtInboundPolicy=UR});var Zg=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.Auth0JwtInboundPolicy=void 0;var kR=jt(),MR=s(async(e,t,r,n)=>(0,kR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");_a.Auth0JwtInboundPolicy=MR});var Xg=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.BasicAuthInboundPolicy=void 0;var HR=se(),FR=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>HR.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(v=>v.username===f&&v.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ea.BasicAuthInboundPolicy=FR});var eb=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.CachingInboundPolicy=void 0;var qR=$t(),$R=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function jR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(jR,"digestMessage");var VR=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await jR(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function GR(e,t,r,n){let i=await(0,qR.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await VR(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);$R.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${f}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(GR,"CachingInboundPolicy");wa.CachingInboundPolicy=GR});var tb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.ChangeMethodInboundPolicy=void 0;var BR=L(),KR=He(),JR=s(async(e,t,r,n)=>{if(!r.method)throw new BR.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new KR.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");va.ChangeMethodInboundPolicy=JR});var rb=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.ClearHeadersInboundPolicy=void 0;var zR=He(),WR=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new zR.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ta.ClearHeadersInboundPolicy=WR});var nb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.ClearHeadersOutboundPolicy=void 0;var QR=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Sa.ClearHeadersOutboundPolicy=QR});var ib=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ClerkJwtInboundPolicy=void 0;var YR=jt(),ZR=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,YR.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ia.ClerkJwtInboundPolicy=ZR});var sb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.CognitoJwtInboundPolicy=void 0;var ob=L(),XR=jt(),e0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new ob.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new ob.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,XR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Pa.CognitoJwtInboundPolicy=e0});var cb=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.CompositeInboundPolicy=void 0;var t0=L(),r0=mn(),ab=zr(),n0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new t0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=r0.Gateway.instance,o=(0,ab.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,ab.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Aa.CompositeInboundPolicy=n0});var lb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.CreditsMeteringInboundPolicy=void 0;var Ai=se(),ub=Y(),i0=s(async(e,t,r)=>{let n=e.user;if(!n)return Ai.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return Ai.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await o0(o,i,t);if(!a)return Ai.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return Ai.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return Ai.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await s0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");Ra.CreditsMeteringInboundPolicy=i0;async function o0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=ub.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerRef:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(o0,"getSubscription");async function s0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=ub.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(s0,"consumeSubscription")});var db=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CurityPhantomTokenInboundPolicy=void 0;var a0=$t(),c0=Jt(),Oa=se(),u0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Oa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=l0(i);if(!o)return Oa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,a0.getPolicyCacheName)(n,r),c=new c0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Oa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Oa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Na.CurityPhantomTokenInboundPolicy=u0;function l0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(l0,"getToken")});var pb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.FirebaseJwtInboundPolicy=void 0;var d0=qt(),p0=jt(),h0=s(async(e,t,r,n)=>((0,d0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,p0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");xa.FirebaseJwtInboundPolicy=h0});var hb=g(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.FormDataToJsonInboundPolicy=void 0;var f0=He(),m0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new f0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ca.FormDataToJsonInboundPolicy=m0});var fb=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.GeoFilterInboundPolicy=void 0;var y0=L(),g0=se(),Cn="__unknown__",b0=s(async(e,t,r,n)=>{let i={allow:{countries:Dn(r.allow?.countries,"allow.countries",n),regionCodes:Dn(r.allow?.regionCodes,"allow.regionCode",n),asns:Dn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Dn(r.block?.countries,"block.countries",n),regionCodes:Dn(r.block?.regionCodes,"block.regionCode",n),asns:Dn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Cn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Cn,c=t.incomingRequestProperties.asn?.toString()??Cn,u=i.ignoreUnknown&&o===Cn,l=i.ignoreUnknown&&a===Cn,d=i.ignoreUnknown&&c===Cn,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Ln(e,t,n,o,a,c);let y=i.block.countries,v=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||v.length>0&&v.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Ln(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");La.GeoFilterInboundPolicy=b0;function Ln(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),g0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Ln,"blockedResponse");function Dn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new y0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Dn,"toLowerStringArray")});var mb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.JWTScopeValidationInboundPolicy=void 0;var _0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Da.JWTScopeValidationInboundPolicy=_0});var gb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.MockApiInboundPolicy=void 0;var E0=se(),w0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return bp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return bp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return yb(a[c])}else return a.length>0?yb(a[0]):bp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ua.MockApiInboundPolicy=w0;function yb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(yb,"generateResponse");var bp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return E0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var vb=g(Un=>{"use strict";Object.defineProperty(Un,"__esModule",{value:!0});Un.MoesifInboundPolicy=Un.setMoesifContext=void 0;var v0=L(),T0=ve(),S0="Incoming",I0={logRequestBody:!0,logResponseBody:!0};function bb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(bb,"headersToObject");function _b(){return new Date().toISOString()}s(_b,"timestamp");var _p=new WeakMap,P0={};function A0(e,t){let r=_p.get(e);r||(r=P0);let n=Object.assign({...r},t);_p.set(e,n)}s(A0,"setMoesifContext");Un.setMoesifContext=A0;async function Eb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Eb,"readBody");var R0={},Ep;function wb(){if(!Ep)throw new v0.RuntimeError("Invalid State - no _lastLogger");return Ep}s(wb,"getLastLogger");function O0(e){let t=R0[e];return t||(t=new T0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);wb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||wb().error({status:i.status,body:await i.text()})})),t}s(O0,"getDispatcher");async function N0(e,t,r,n){Ep=t.log;let i=_b(),o=Object.assign(I0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Eb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=O0(o.applicationId),d=e.headers.get("true-client-ip"),p=_p.get(t)??{},f={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:bb(e.headers)},h=o.logResponseBody?await Eb(c,t):void 0,y={time:_b(),status:c.status,headers:bb(c.headers),body:h},v={request:f,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:S0};l.enqueue(v),t.waitUntil(l.waitUntilFlushed())}),e}s(N0,"MoesifInboundPolicy");Un.MoesifInboundPolicy=N0});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.OktaJwtInboundPolicy=void 0;var x0=jt(),C0=s(async(e,t,r,n)=>(0,x0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");ka.OktaJwtInboundPolicy=C0});var Sb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.PropelAuthJwtInboundPolicy=void 0;var L0=(vs(),Xi(ws)),D0=jt(),wp,U0=s(async(e,t,r,n)=>{if(!wp)try{wp=await(0,L0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,D0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:wp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ma.PropelAuthJwtInboundPolicy=U0});var Ib=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var je=Dt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=et;var Ri=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ri;var Oi=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Oi;function k0(e,t){if((0,je.isUndefined)(e))throw new Ri(t)}s(k0,"throwIfUndefined");G.throwIfUndefined=k0;function vp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Ri(t)}s(vp,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=vp;function M0(e,t){if(vp(e,t),!(0,je.isString)(e))throw new Oi(t,"string")}s(M0,"throwIfNotString");G.throwIfNotString=M0;function H0(e,t){if(vp(e,t),!(0,je.isNumber)(e))throw new Oi(t,"number")}s(H0,"throwIfNotNumber");G.throwIfNotNumber=H0;var Ni=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Ni;var kn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function F0(e,t,r,n){if((0,je.isUndefined)(n))throw new Ni(e,t,r)}s(F0,"throwIfOptionUndefined");G.throwIfOptionUndefined=F0;function Ha(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Ni(e,t,r)}s(Ha,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=Ha;function q0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isString)(n))throw new kn(e,t,r,"string")}s(q0,"throwIfOptionNotString");G.throwIfOptionNotString=q0;function $0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isNumber)(n))throw new kn(e,t,r,"number")}s($0,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=$0;function j0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isObject)(n))throw new kn(e,t,r,"object")}s(j0,"throwIfOptionNotObject");G.throwIfOptionNotObject=j0;function V0(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(V0,"throwIfStateUndefined");G.throwIfStateUndefined=V0;function Fa(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Fa,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=Fa;function G0(e,t){if(Fa(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(G0,"throwIfStateNotString");G.throwIfStateNotString=G0;function B0(e,t){if(Fa(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(B0,"throwIfStateNotNumber");G.throwIfStateNotNumber=B0;function K0(e,t){if(Fa(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(K0,"throwIfStateNotObject");G.throwIfStateNotObject=K0});var Pb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.InMemoryRedisClient=Mn.StandardRedisClient=void 0;var Tp=L(),qa=Ib(),Sp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,qa.throwIfNotString)(t,"redisClientUrl"),(0,qa.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,qa.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Tp.SystemError("Redis client failed with 401: Unauthorized"):new Tp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Mn.StandardRedisClient=Sp;var Ip=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,qa.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Tp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Mn.InMemoryRedisClient=Ip});var xb=g(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.RateLimitInboundPolicy=void 0;var J0=Sr(),z0=$t(),W0=io(),Vt=L(),Q0=se(),Ab=Le(),xi=Y(),Rb=Pb(),Ob=Dt(),$a=(0,J0.debug)("zuplo:policies:RateLimitInboundPolicy"),Y0="strict",Z0=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),X0=s(async e=>({key:`ip-${Z0(e)}`}),"getIP"),eO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),tO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),ja;function rO(e,t){let r;if(ja)return ja;if(xi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Rb.InMemoryRedisClient,ja=r,r;let{authApiJWT:n,redisURL:i}=xi.Environment.instance;if(!(0,Ob.isString)(i))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,Ob.isString)(n))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Rb.StandardRedisClient.initialize(i,n,xi.Environment.instance.deploymentName??"unknown",xi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return ja=r,r}s(rO,"getRedisClient");async function Nb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Nb,"getCountAndUpdateExpiry");function nO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Vt.RuntimeError(u)}return c},"outerFunction")}s(nO,"wrapUserFunction");var iO="Retry-After",oO=s(async(e,t,r,n)=>{let i=Date.now(),o=Ab.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Vt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[iO]=l.toString()),Q0.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:nO(r,n),user:eO,ip:X0,all:tO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",v=rO(n,o),S=`bucket/${xi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??Y0)==="async"){let C=await(0,z0.getPolicyCacheName)(n,r),re=new W0.ZoneCache(C,{logger:Ab.SystemLogMap.getLogger(t)}),ne=Nb(S,h,v,o,t.requestId),me=await re.get(S);if(me!==void 0&&me<=Date.now()){$a(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(y,Be)}return t.addEventListener("responseSending",Be=>{try{let E=Be,H=E.mutableResponse;E.mutableResponse=(async()=>{let Ce=await ne;if(Ce.count>f){let nu=Date.now()+Ce.ttlSeconds*1e3;return re.put(S,nu,Ce.ttlSeconds).catch(fh=>{throw o.error(fh),fh}),$a(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Ce.ttlSeconds)}return H})()}catch(E){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let j=await Nb(S,h,v,o,t.requestId);return j.count>f?($a(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,j.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;$a(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Va.RateLimitInboundPolicy=oO});var Ub=g(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ReadmeMetricsInboundPolicy=void 0;var sO=ve(),Pp=Y(),Cb=ni(),Ap;function Lb(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(Lb,"headersToNameValuePairs");function aO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(aO,"queryToNameValueParis");function cO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(cO,"parseIntOrUndefined");var Db={};async function uO(e,t,r,n){let i=new Date,o=Date.now();return Ap||(Ap={name:"zuplo",version:Pp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Pp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,Cb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,Cb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Pp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Ap,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:Lb(e.headers),queryString:aO(e.query)},response:{status:a.status,statusText:a.statusText,headers:Lb(a.headers),content:{size:cO(e.headers.get("content-length"))}}}]}}},d=Db[r.apiKey];if(!d){let p=r.apiKey;d=new sO.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),Db[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(uO,"ReadmeMetricsInboundPolicy");Ga.ReadmeMetricsInboundPolicy=uO});var kb=g(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.RemoveHeadersInboundPolicy=void 0;var lO=L(),dO=He(),pO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new lO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new dO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Ba.RemoveHeadersInboundPolicy=pO});var Mb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RemoveHeadersOutboundPolicy=void 0;var hO=L(),fO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new hO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Ka.RemoveHeadersOutboundPolicy=fO});var Hb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.RemoveQueryParamsInboundPolicy=void 0;var mO=L(),yO=He(),gO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new mO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new yO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Ja.RemoveQueryParamsInboundPolicy=gO});var Fb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.ReplaceStringOutboundPolicy=void 0;var bO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");za.ReplaceStringOutboundPolicy=bO});var $b=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RequestSizeLimitInboundPolicy=void 0;var qb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),_O=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?qb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?qb():e},"RequestSizeLimitInboundPolicy");Wa.RequestSizeLimitInboundPolicy=_O});var Qa=g(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function EO(e,t,r){return`_${Mr(e+"_"+t+"_"+r)}`}s(EO,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=EO;function wO(e,t,r,n){return`_${Mr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(wO,"getIdForParameterSchema");tt.getIdForParameterSchema=wO;function vO(e,t,r){return`_${Mr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Mr(r.toLowerCase())}`}s(vO,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=vO;function TO(e,t){return`_${Mr(e)}__${Mr(t)}`}s(TO,"getIdForRefSchema");tt.getIdForRefSchema=TO;function Mr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Mr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Mr});var Ci=g(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var SO=mn(),IO=Qa(),PO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=PO;var AO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{if(u.required&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else{let l=(0,IO.getIdForParameterSchema)(r,n,i,u.name),d=SO.Gateway.instance.schemaValidator[l],p=d(t[u.name]),f=(0,De.getErrorsFromValidator)(d.errors);p||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${f.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");De.validateParameters=AO;var RO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=RO;var OO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=OO;var NO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=NO;var xO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=xO});var jb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.handleBodyValidation=void 0;var CO=mn(),Ya=se(),LO=Qa(),Je=Ci();async function DO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,v=Ya.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",y,[n],h),(0,Je.shouldReject)(r.validateBody))return v}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=Ya.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,LO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=CO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=Ya.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),f=Ya.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return f}s(DO,"handleBodyValidation");Za.handleBodyValidation=DO});var Vb=g(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.handleHeadersValidation=void 0;var UO=se(),Li=Ci();function kO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Li.getParametersForOperation)(e),o=(0,Li.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=UO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Li.shouldLog)(r.validateHeaders)&&(0,Li.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Li.shouldReject)(r.validateHeaders))return c}}s(kO,"handleHeadersValidation");Xa.handleHeadersValidation=kO});var Gb=g(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.handlePathParameterValidation=void 0;var MO=se(),Di=Ci();function HO(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Di.getParametersForOperation)(e),i=(0,Di.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=MO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Di.shouldLog)(r.validatePathParameters)&&(0,Di.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Di.shouldReject)(r.validatePathParameters))return a}}s(HO,"handlePathParameterValidation");ec.handlePathParameterValidation=HO});var Bb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleQueryParameterValidation=void 0;var FO=se(),Ui=Ci();function qO(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Ui.getParametersForOperation)(e),i=(0,Ui.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=FO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Ui.shouldLog)(r.validateQueryParameters)&&(0,Ui.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Ui.shouldReject)(r.validateQueryParameters))return a}}s(qO,"handleQueryParameterValidation");tc.handleQueryParameterValidation=qO});var Kb=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var $O=jb(),jO=Vb(),VO=Gb(),GO=Bb(),BO=s(async(e,t,r)=>{let n=(0,GO.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,VO.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,jO.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,$O.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=BO;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var Jb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.RequireOriginInboundPolicy=void 0;var KO=L(),JO=se(),zO=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new KO.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return JO.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");rc.RequireOriginInboundPolicy=zO});var zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.SetBodyInboundPolicy=void 0;var WO=He(),QO=s(async(e,t,r)=>new WO.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");nc.SetBodyInboundPolicy=QO});var Qb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.SetHeadersInboundPolicy=void 0;var Wb=L(),YO=He(),ZO=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new Wb.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new Wb.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new YO.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ic.SetHeadersInboundPolicy=ZO});var Zb=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.SetHeadersOutboundPolicy=void 0;var Yb=L(),XO=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new Yb.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new Yb.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");oc.SetHeadersOutboundPolicy=XO});var e_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetQueryParamsInboundPolicy=void 0;var Xb=L(),eN=He(),tN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new Xb.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new Xb.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new eN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");sc.SetQueryParamsInboundPolicy=tN});var t_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetStatusOutboundPolicy=void 0;var rN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");ac.SetStatusOutboundPolicy=rN});var r_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SleepInboundPolicy=void 0;var nN=L(),iN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),oN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new nN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await iN(r.sleepInMs),e},"SleepInboundPolicy");cc.SleepInboundPolicy=oN});var i_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SupabaseJwtInboundPolicy=void 0;var n_=L(),sN=se(),aN=He(),cN=qt(),uN=jt(),lN=s(async(e,t,r,n)=>{(0,cN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,uN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof aN.ZuploRequest))throw new n_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new n_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?sN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");uc.SupabaseJwtInboundPolicy=lN});var s_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var dN=$t(),pN=Jt(),o_=L(),hN=Le(),fN=Ss(),mN=qt(),yN=s(async(e,t,r,n)=>{(0,mN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,dN.getPolicyCacheName)(n,r),o=new pN.MemoryZoneReadThroughCache(i,{logger:hN.SystemLogMap.getLogger(t)}),a=await o.get(n);if(!a){let c=await gN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");lc.UpstreamAzureAdServiceAuthInboundPolicy=yN;async function gN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,fN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new o_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new o_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(gN,"getAccessToken")});var c_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var bN=$t(),_N=Jt(),EN=L(),wN=Le(),Rp=pn(),vN=qt(),a_="https://accounts.google.com/o/oauth2/token",Op,TN=s(async(e,t,r,n)=>{(0,vN.optionValidator)(r,n).required("serviceAccountJson","string"),Op||(Op=await Rp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,bN.getPolicyCacheName)(n,r),a=new _N.MemoryZoneReadThroughCache(o,{logger:wN.SystemLogMap.getLogger(t)}),c=await a.get(n);if(!c){let u=await(0,Rp.getTokenFromGcpServiceAccount)({serviceAccount:Op,audience:a_,payload:i}),l=await(0,Rp.exchangeGgpJwtForIdToken)(a_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new EN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");dc.UpstreamFirebaseAdminAuthInboundPolicy=TN});var u_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var SN=$t(),IN=Jt(),Hn=L(),PN=Le(),AN=lp(),Np=pn(),RN=ni(),ON=qt(),NN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",xN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],xp,CN=s(async(e,t,r,n)=>{if((0,ON.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Hn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(xN.indexOf(p)!==-1)throw new Hn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}xp||(xp=await Np.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Hn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Hn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,RN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Hn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,SN.getPolicyCacheName)(n,r),c=new IN.MemoryZoneReadThroughCache(a,{logger:PN.SystemLogMap.getLogger(t)}),u={uid:o,claims:i},l=await(0,AN.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Np.getTokenFromGcpServiceAccount)({serviceAccount:xp,audience:NN,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Np.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Hn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");pc.UpstreamFirebaseUserAuthInboundPolicy=CN});var d_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamGcpJwtInboundPolicy=void 0;var l_=pn(),LN=qt(),Cp,DN=s(async(e,t,r,n)=>{(0,LN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Cp||(Cp=await l_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,l_.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");hc.UpstreamGcpJwtInboundPolicy=DN});var h_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamGcpServiceAuthInboundPolicy=void 0;var UN=$t(),kN=lu(),MN=Jt(),HN=L(),Lp=pn(),FN=qt(),p_="https://www.googleapis.com/oauth2/v4/token",Dp,qN=s(async(e,t,r,n)=>{(0,FN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,UN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new kN.MemoryCache(i):o=new MN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:p_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Lp.exchangeGgpJwtForIdToken)(p_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new HN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");fc.UpstreamGcpServiceAuthInboundPolicy=qN});var m_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.ValidateJsonSchemaInbound=void 0;var $N=L(),f_=se(),jN=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return f_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new $N.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return f_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");mc.ValidateJsonSchemaInbound=jN});var g_=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.MeteringInboundPolicy=void 0;var y_=js(),Up=L(),VN=se(),GN=Le(),BN=Y(),KN=s(async(e,t,r,n)=>{let i=GN.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,f)=>{let h=y_.ContextData.get(f,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;let v=r.bucketId;if(!v){f.log.error(`MeteringInboundPolicy '${n}' - no bucketName property provided`);return}let{authApiJWT:T,meteringServiceUrl:S}=BN.Environment.instance;d.ok&&h&&r.meters&&fetch(`${S}/internal/v1/metering/${v}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${T}`},method:"POST",body:JSON.stringify({meters:r.meters})}).catch(M=>{f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,M)})});let o=y_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new Up.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new Up.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new Up.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return VN.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`});return e},"MeteringInboundPolicy");yc.MeteringInboundPolicy=KN});var b_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.LoadSubscriptionInboundPolicy=void 0;var JN=js(),zN=L(),kp=se(),WN=Le(),QN=Y(),YN=s(async(e,t,r,n)=>{let i=WN.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:kp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});let c=r.bucketId;if(!c)throw new zN.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketName property provided`);let{authApiJWT:u,meteringServiceUrl:l}=QN.Environment.instance,{sub:d}=a,p,f;try{if(p=await fetch(`${l}/internal/v1/metering/${c}/subscriptions?customerRef=${d}&status=active`,{headers:{Authorization:`Bearer ${u}`},method:"GET"}),!p.ok)return t.log.error(await p.text()),kp.HttpProblems.forbidden(e,t);f=await p.json()}catch(y){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,y)}if((!f||!f.data||f.data.length===0)&&!o)return kp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!f||!f.data||f.data.length===0)&&o)return e;let h=f&&f.data?f.data[0]:void 0;return JN.ContextData.set(t,"subscription",h),e},"LoadSubscriptionInboundPolicy");gc.LoadSubscriptionInboundPolicy=YN});var __=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ServiceProviderImpl=void 0;var ZN=L(),Mp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new ZN.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};bc.ServiceProviderImpl=Mp});var N_=g(m=>{"use strict";var XN=m&&m.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Hp=m&&m.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&XN(t,e,r)},ex=m&&m.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(m,"__esModule",{value:!0});m.RateLimitInboundPolicy=m.BasicRateLimitInboundPolicy=m.PropelAuthJwtInboundPolicy=m.OpenIdJwtInboundPolicy=m.OktaJwtInboundPolicy=m.setMoesifContext=m.MoesifInboundPolicy=m.MockApiInboundPolicy=m.JWTScopeValidationInboundPolicy=m.GeoFilterInboundPolicy=m.FormDataToJsonInboundPolicy=m.FirebaseJwtInboundPolicy=m.CurityPhantomTokenInboundPolicy=m.CreditsMeteringInboundPolicy=m.CompositeInboundPolicy=m.CognitoJwtInboundPolicy=m.ClerkJwtInboundPolicy=m.ClearHeadersOutboundPolicy=m.ClearHeadersInboundPolicy=m.ChangeMethodInboundPolicy=m.CachingInboundPolicy=m.BasicAuthInboundPolicy=m.Auth0JwtInboundPolicy=m.ApiKeyInboundPolicy=m.ApiAuthKeyInboundPolicy=m.AmberfloMeteringPolicy=m.AmberfloMeteringInboundPolicy=m.AuditLogPlugin=m.AuditLogDataStaxProvider=m.HttpStatusCode=m.webSocketPipelineHandler=m.webSocketHandler=m.urlRewriteHandler=m.urlForwardHandler=m.redirectHandler=m.openApiSpecHandler=m.awsLambdaHandler=m.AwsLambdaHandlerExtensions=m.purgeGatewayCache=m.Handler=m.originalFetch=m.ConfigurationError=m.isZuploReadableEnvVariableName=m.isRestrictedEnvVariableName=m.environment=m.ContextData=m.ResponseSentEvent=m.ResponseSendingEvent=m.ZoneCache=m.MemoryZoneReadThroughCache=void 0;m.sanitizedIdentifierName=m.getRawOperationDataIdentifierName=m.getIdForRequestBodySchema=m.getIdForRefSchema=m.getIdForParameterSchema=m.SystemLogMap=m.httpStatuses=m.SYSTEM_LOGGER=m.API_KEY=m.ServiceProviderImpl=m.serialize=m.ContentTypes=m.Router=m.LookupResult=m.SystemRouteName=m.ZuploRequest=m.ProblemResponseFormatter=m.HttpProblems=m.LoadSubscriptionInboundPolicy=m.MeteringInboundPolicy=m.ValidateJsonSchemaInbound=m.UpstreamGcpServiceAuthInboundPolicy=m.UpstreamGcpJwtInboundPolicy=m.UpstreamFirebaseUserAuthInboundPolicy=m.UpstreamFirebaseAdminAuthInboundPolicy=m.UpstreamAzureAdServiceAuthInboundPolicy=m.SupabaseJwtInboundPolicy=m.StripeWebhookVerificationInboundPolicy=m.SleepInboundPolicy=m.SetStatusOutboundPolicy=m.SetQueryParamsInboundPolicy=m.SetHeadersOutboundPolicy=m.SetHeadersInboundPolicy=m.SetBodyInboundPolicy=m.RequireOriginInboundPolicy=m.SchemaBasedRequestValidation=m.RequestValidationInboundPolicy=m.RequestSizeLimitInboundPolicy=m.ReplaceStringOutboundPolicy=m.RemoveQueryParamsInboundPolicy=m.RemoveHeadersOutboundPolicy=m.RemoveHeadersInboundPolicy=m.ReadmeMetricsInboundPolicy=void 0;Eh();var tx=Jt();Object.defineProperty(m,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return tx.MemoryZoneReadThroughCache}});var rx=io();Object.defineProperty(m,"ZoneCache",{enumerable:!0,get:function(){return rx.ZoneCache}});var E_=Ir();Object.defineProperty(m,"ResponseSendingEvent",{enumerable:!0,get:function(){return E_.ResponseSendingEvent}});Object.defineProperty(m,"ResponseSentEvent",{enumerable:!0,get:function(){return E_.ResponseSentEvent}});var nx=js();Object.defineProperty(m,"ContextData",{enumerable:!0,get:function(){return nx.ContextData}});var Fp=wd();Object.defineProperty(m,"environment",{enumerable:!0,get:function(){return Fp.environment}});Object.defineProperty(m,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Fp.isRestrictedEnvVariableName}});Object.defineProperty(m,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Fp.isZuploReadableEnvVariableName}});var ix=L();Object.defineProperty(m,"ConfigurationError",{enumerable:!0,get:function(){return ix.ConfigurationError}});var ox=Td();Object.defineProperty(m,"originalFetch",{enumerable:!0,get:function(){return ox.originalFetch}});var w_=zy();Object.defineProperty(m,"Handler",{enumerable:!0,get:function(){return w_.Handler}});Object.defineProperty(m,"purgeGatewayCache",{enumerable:!0,get:function(){return w_.purgeGatewayCache}});var v_=dg();Object.defineProperty(m,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return v_.AwsLambdaHandlerExtensions}});Object.defineProperty(m,"awsLambdaHandler",{enumerable:!0,get:function(){return v_.awsLambdaHandler}});var sx=hg();Object.defineProperty(m,"openApiSpecHandler",{enumerable:!0,get:function(){return sx.openApiSpecHandler}});var ax=fg();Object.defineProperty(m,"redirectHandler",{enumerable:!0,get:function(){return ax.redirectHandler}});var cx=yg();Object.defineProperty(m,"urlForwardHandler",{enumerable:!0,get:function(){return cx.urlForwardHandler}});var ux=bg();Object.defineProperty(m,"urlRewriteHandler",{enumerable:!0,get:function(){return ux.urlRewriteHandler}});var lx=Eg();Object.defineProperty(m,"webSocketHandler",{enumerable:!0,get:function(){return lx.webSocketHandler}});var dx=Tg();Object.defineProperty(m,"webSocketPipelineHandler",{enumerable:!0,get:function(){return dx.webSocketPipelineHandler}});var px=Du();Object.defineProperty(m,"HttpStatusCode",{enumerable:!0,get:function(){return px.HttpStatusCode}});Hp(xg(),m);Hp(Dg(),m);var hx=Ug();Object.defineProperty(m,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return hx.AuditLogDataStaxProvider}});var fx=Mg();Object.defineProperty(m,"AuditLogPlugin",{enumerable:!0,get:function(){return fx.AuditLogPlugin}});Hp(jg(),m);var T_=Jg();Object.defineProperty(m,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return T_.AmberfloMeteringInboundPolicy}});Object.defineProperty(m,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return T_.AmberfloMeteringPolicy}});var mx=Yg();Object.defineProperty(m,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return mx.ApiAuthKeyInboundPolicy}});var yx=fp();Object.defineProperty(m,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return yx.ApiKeyInboundPolicy}});var gx=Zg();Object.defineProperty(m,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return gx.Auth0JwtInboundPolicy}});var bx=Xg();Object.defineProperty(m,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return bx.BasicAuthInboundPolicy}});var _x=eb();Object.defineProperty(m,"CachingInboundPolicy",{enumerable:!0,get:function(){return _x.CachingInboundPolicy}});var Ex=tb();Object.defineProperty(m,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Ex.ChangeMethodInboundPolicy}});var wx=rb();Object.defineProperty(m,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return wx.ClearHeadersInboundPolicy}});var vx=nb();Object.defineProperty(m,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return vx.ClearHeadersOutboundPolicy}});var Tx=ib();Object.defineProperty(m,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Tx.ClerkJwtInboundPolicy}});var Sx=sb();Object.defineProperty(m,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Sx.CognitoJwtInboundPolicy}});var Ix=cb();Object.defineProperty(m,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Ix.CompositeInboundPolicy}});var Px=lb();Object.defineProperty(m,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return Px.CreditsMeteringInboundPolicy}});var Ax=db();Object.defineProperty(m,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Ax.CurityPhantomTokenInboundPolicy}});var Rx=pb();Object.defineProperty(m,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Rx.FirebaseJwtInboundPolicy}});var Ox=hb();Object.defineProperty(m,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Ox.FormDataToJsonInboundPolicy}});var Nx=fb();Object.defineProperty(m,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Nx.GeoFilterInboundPolicy}});var xx=mb();Object.defineProperty(m,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return xx.JWTScopeValidationInboundPolicy}});var Cx=gb();Object.defineProperty(m,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Cx.MockApiInboundPolicy}});var S_=vb();Object.defineProperty(m,"MoesifInboundPolicy",{enumerable:!0,get:function(){return S_.MoesifInboundPolicy}});Object.defineProperty(m,"setMoesifContext",{enumerable:!0,get:function(){return S_.setMoesifContext}});var Lx=Tb();Object.defineProperty(m,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Lx.OktaJwtInboundPolicy}});var Dx=jt();Object.defineProperty(m,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return Dx.OpenIdJwtInboundPolicy}});var Ux=Sb();Object.defineProperty(m,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Ux.PropelAuthJwtInboundPolicy}});var I_=xb();Object.defineProperty(m,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return I_.RateLimitInboundPolicy}});Object.defineProperty(m,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return I_.RateLimitInboundPolicy}});var kx=Ub();Object.defineProperty(m,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return kx.ReadmeMetricsInboundPolicy}});var Mx=kb();Object.defineProperty(m,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Mx.RemoveHeadersInboundPolicy}});var Hx=Mb();Object.defineProperty(m,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Hx.RemoveHeadersOutboundPolicy}});var Fx=Hb();Object.defineProperty(m,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Fx.RemoveQueryParamsInboundPolicy}});var qx=Fb();Object.defineProperty(m,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return qx.ReplaceStringOutboundPolicy}});var $x=$b();Object.defineProperty(m,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return $x.RequestSizeLimitInboundPolicy}});var P_=Kb();Object.defineProperty(m,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return P_.RequestValidationInboundPolicy}});Object.defineProperty(m,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return P_.SchemaBasedRequestValidation}});var jx=Jb();Object.defineProperty(m,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return jx.RequireOriginInboundPolicy}});var Vx=zb();Object.defineProperty(m,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return Vx.SetBodyInboundPolicy}});var Gx=Qb();Object.defineProperty(m,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return Gx.SetHeadersInboundPolicy}});var Bx=Zb();Object.defineProperty(m,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return Bx.SetHeadersOutboundPolicy}});var Kx=e_();Object.defineProperty(m,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Kx.SetQueryParamsInboundPolicy}});var Jx=t_();Object.defineProperty(m,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return Jx.SetStatusOutboundPolicy}});var zx=r_();Object.defineProperty(m,"SleepInboundPolicy",{enumerable:!0,get:function(){return zx.SleepInboundPolicy}});var Wx=ip();Object.defineProperty(m,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return Wx.StripeWebhookVerificationInboundPolicy}});var Qx=i_();Object.defineProperty(m,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return Qx.SupabaseJwtInboundPolicy}});var Yx=s_();Object.defineProperty(m,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return Yx.UpstreamAzureAdServiceAuthInboundPolicy}});var Zx=c_();Object.defineProperty(m,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return Zx.UpstreamFirebaseAdminAuthInboundPolicy}});var Xx=u_();Object.defineProperty(m,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return Xx.UpstreamFirebaseUserAuthInboundPolicy}});var eC=d_();Object.defineProperty(m,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return eC.UpstreamGcpJwtInboundPolicy}});var tC=h_();Object.defineProperty(m,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return tC.UpstreamGcpServiceAuthInboundPolicy}});var rC=m_();Object.defineProperty(m,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return rC.ValidateJsonSchemaInbound}});var nC=g_();Object.defineProperty(m,"MeteringInboundPolicy",{enumerable:!0,get:function(){return nC.MeteringInboundPolicy}});var iC=b_();Object.defineProperty(m,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return iC.LoadSubscriptionInboundPolicy}});var oC=se();Object.defineProperty(m,"HttpProblems",{enumerable:!0,get:function(){return oC.HttpProblems}});var sC=fo();Object.defineProperty(m,"ProblemResponseFormatter",{enumerable:!0,get:function(){return sC.ProblemResponseFormatter}});var aC=He();Object.defineProperty(m,"ZuploRequest",{enumerable:!0,get:function(){return aC.ZuploRequest}});var cC=Ar();Object.defineProperty(m,"SystemRouteName",{enumerable:!0,get:function(){return cC.SystemRouteName}});var A_=hd();Object.defineProperty(m,"LookupResult",{enumerable:!0,get:function(){return A_.LookupResult}});Object.defineProperty(m,"Router",{enumerable:!0,get:function(){return A_.Router}});var R_=Iu();Object.defineProperty(m,"ContentTypes",{enumerable:!0,get:function(){return R_.ContentTypes}});Object.defineProperty(m,"serialize",{enumerable:!0,get:function(){return R_.serialize}});var uC=__();Object.defineProperty(m,"ServiceProviderImpl",{enumerable:!0,get:function(){return uC.ServiceProviderImpl}});var O_=Ju();Object.defineProperty(m,"API_KEY",{enumerable:!0,get:function(){return O_.API_KEY}});Object.defineProperty(m,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return O_.SYSTEM_LOGGER}});var lC=ku();Object.defineProperty(m,"httpStatuses",{enumerable:!0,get:function(){return ex(lC).default}});var dC=Le();Object.defineProperty(m,"SystemLogMap",{enumerable:!0,get:function(){return dC.SystemLogMap}});var ki=Qa();Object.defineProperty(m,"getIdForParameterSchema",{enumerable:!0,get:function(){return ki.getIdForParameterSchema}});Object.defineProperty(m,"getIdForRefSchema",{enumerable:!0,get:function(){return ki.getIdForRefSchema}});Object.defineProperty(m,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return ki.getIdForRequestBodySchema}});Object.defineProperty(m,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return ki.getRawOperationDataIdentifierName}});Object.defineProperty(m,"sanitizedIdentifierName",{enumerable:!0,get:function(){return ki.sanitizedIdentifierName}})});var x_=g(Fn=>{"use strict";Object.defineProperty(Fn,"__esModule",{value:!0});Fn.BaseCryptoBeta=Fn.supportedDigests=void 0;Fn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var qp=class{static{s(this,"BaseCryptoBeta")}};Fn.BaseCryptoBeta=qp});var C_=g(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.WorkerCryptoBeta=void 0;var $p=x_(),pC=L(),jp=class extends $p.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!$p.supportedDigests.includes(t.toLowerCase()))throw new pC.RuntimeError(`Algorithm ${t} is not supported. Try using ${$p.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};_c.WorkerCryptoBeta=jp});var L_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.BaseKeyValueStore=void 0;var Vp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Ec.BaseKeyValueStore=Vp});var U_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.WorkerKeyValueStore=void 0;var D_=L(),hC=L_(),Gp=class extends hC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new D_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new D_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};wc.WorkerKeyValueStore=Gp});var Lt=g(dt=>{"use strict";var fC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),mC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&fC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;mC(N_(),dt);var yC=C_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return yC.WorkerCryptoBeta}});var gC=U_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return gC.WorkerKeyValueStore}})});var SL={};Zi(SL,{GraphQLComplexityLimitInboundPolicy:()=>hE,GraphQLDisableIntrospectionInboundPolicy:()=>mE});module.exports=Xi(SL);var Yn=yh(Lt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function At(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(At,"invariant");var bC=/\r\n|[\n\r]/g;function qn(e,t){let r=0,n=1;for(let i of e.body.matchAll(bC)){if(typeof i.index=="number"||At(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(qn,"getLocation");function Bp(e){return vc(e.source,qn(e.source,e.start))}s(Bp,"printLocation");function vc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
74
+ `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new kr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(YA,"validateComputedSignature");function ZA(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(ZA,"parseHeader");function XA(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(XA,"secureCompare");async function Fg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=np[o[c]];return a.join("")}s(Fg,"computeHMACSignatureAsync");On.computeHMACSignatureAsync=Fg;var np=new Array(256);for(let e=0;e<np.length;e++)np[e]=e.toString(16).padStart(2,"0")});var qt=g(la=>{"use strict";Object.defineProperty(la,"__esModule",{value:!0});la.optionValidator=void 0;var Pi=L();function eR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Pi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(eR,"optionValidator");la.optionValidator=eR});var ip=g(da=>{"use strict";Object.defineProperty(da,"__esModule",{value:!0});da.StripeWebhookVerificationInboundPolicy=void 0;var tR=se(),rR=qg(),nR=qt(),iR=s(async(e,t,r,n)=>{(0,nR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,rR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),tR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");da.StripeWebhookVerificationInboundPolicy=iR});var $g=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.MeteringPlugin=void 0;var oR=gt(),op=class extends oR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};pa.MeteringPlugin=op});var jg=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeMeteringPlugin=void 0;var lt=L(),sR=Ct(),aR=ip(),Nn=se(),cR=Yt(),uR=zr(),lR=Lu(),dR=ot(),sp=Y(),ap=Dt(),pR=$g(),hR="checkout.session.completed",cp=class extends pR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l}=this.options;if(!l)throw new lt.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");let d=this.options.meteringBucketRegion??"us-central1";bR(d);let p=await c.json();try{gR(p)}catch{return Nn.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."})}u.log.info(`Received Stripe webhook event of type '${p.type}' with ID '${p.id}'.`);let f;try{f=await fR({event:p,stripeSecretKey:this.options.stripeSecretKey,logger:u.log})}catch(h){return Nn.HttpProblems.internalServerError(c,u,{detail:h.message??"Unknown error getting subscription info"})}if(f){let h;if(this.options.apiKeyBucketName&&sp.Environment.instance.build.ACCOUNT_NAME&&this.options.zuploAccountApiKey?h=await mR({bucketName:this.options.apiKeyBucketName,accountName:sp.Environment.instance.build.ACCOUNT_NAME,stripeProductId:f.productId,stripeSubscriptionId:f.subscriptionId,stripeCustomerId:f.customerId,managerEmail:f.customerEmail,zuploAccountApiKey:this.options.zuploAccountApiKey,logger:u.log}):u.log.debug("Skipping consumer creation. No 'apiKeyBucketName', 'zuploAccountApiKey', or account variable set."),!h)return Nn.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let y="routes.oas.json";return yR({request:c,context:u,stripeProductId:f.productId,stripeSubscriptionId:f.subscriptionId,customerKey:h,productKey:y,meteringBucketId:l,meteringBucketRegion:d})}return Nn.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})},"stripeWebhookHandler"),i=(0,uR.createInternalPolicyProcessor)({inboundPolicies:[{handler:aR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new sR.Pipeline({processors:[cR.metricsProcessor,i],handler:n,gateway:r}),a=new dR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:lR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};ha.StripeMeteringPlugin=cp;async function fR({event:e,stripeSecretKey:t,logger:r}){let n;if(e.type===hR){let l=e,d=l.data?.object?.subscription;if(!d)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");if(!l.data?.object?.client_reference_id)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");let f=await fetch(`https://api.stripe.com/v1/subscriptions/${d}`,{headers:{Authorization:`Bearer ${t}`}}),h=await f.json();if(f.status!==200)throw r.error(h),new lt.RuntimeError(h.message??"Error calling Stripe API");n=h}if(!n)return;let i=n.id;if(!i)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.id' to be the subscription ID.");let o=n.items?.data.find(l=>l.object==="subscription_item");if(!o||!o.id)throw new Error("Invalid Stripe Webhook event. Expected '.data.object.items.data[]' to contain a subscription_item.");let a=o.plan;if(!a||!a.product)throw new lt.RuntimeError("Invalid Stripe Webhook event. Expected '.data.object.items.data[].plan'.");let c=await fetch(`https://api.stripe.com/v1/customers/${n.customer}`,{headers:{Authorization:`Bearer ${t}`}}),u=await c.json();if(c.status!==200)throw r.error("Error getting stripe customer",u),new lt.RuntimeError("Error getting stripe customer");return{subscriptionId:i,productId:a.id,customerId:n.customer,customerEmail:u.email}}s(fR,"getStripeSubscription");async function mR({accountName:e,bucketName:t,zuploAccountApiKey:r,stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o,managerEmail:a,logger:c}){let u=new URL(`/v1/accounts/${e}/key-buckets/${t}/consumers`,"https://dev.zuplo.com");u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:`Consumer for Stripe subscription ${n}`,tags:{providerSubscriptionKey:n,planProviderKey:i},metadata:{stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o},managers:[a]},p=await fetch(u,{method:"POST",headers:{Authorization:`Bearer ${r}`},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Unknown error creating subscription";try{h=f.detail??f.title??h}catch{}throw c.error(h,f),new lt.RuntimeError(h)}return c.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:n,stripeProductId:i}),l}s(mR,"createConsumer");async function yR({request:e,context:t,stripeSubscriptionId:r,stripeProductId:n,customerKey:i,productKey:o,meteringBucketId:a,meteringBucketRegion:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:c,providerKey:r,planProviderKey:n,customerKey:i,productKey:o};try{let{authApiJWT:l,meteringServiceUrl:d}=sp.Environment.instance;if(!(0,ap.isNonEmptyString)(l))throw new lt.SystemError("No Zuplo JWT token set.");let p=await fetch(`${d}/internal/v1/metering/${a}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json"},method:"POST",body:JSON.stringify(u)});if(p.status!==200){let f="Unknown error creating subscription",h;try{h=await p.json(),f=h.detail??h.title??f}catch{}throw t.log.error(f,h),new lt.RuntimeError(f)}}catch(l){return Nn.HttpProblems.internalServerError(e,t,{detail:l.message})}return t.log.info("Successfully created/updated metering subscription.",u),Nn.HttpProblems.ok(e,t)}s(yR,"saveSubscription");function gR(e){if(!(e!==null&&typeof e=="object"&&"id"in e&&(0,ap.isString)(e.id)&&"type"in e&&(0,ap.isString)(e.type)))throw new Error("Object is not a stripe webhook event")}s(gR,"assertsStripeWebhookEvent");function bR(e){if(!(e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)))throw new lt.ConfigurationError("StripeMeteringPlugin - The value of 'meteringBucketRegion' is not a valid region.")}s(bR,"assertsMeteringRegion")});var Jg=g(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.AmberfloMeteringInboundPolicy=xn.AmberfloMeteringPolicy=void 0;var Vg=L(),_R=ve(),Gg=ni(),Kg=new WeakMap,Bg={},up=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Kg.set(t,r)}};xn.AmberfloMeteringPolicy=up;async function ER(e,t,r,n){if(!r.statusCodes)throw new Vg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Gg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Kg.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Vg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Gg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=Bg[r.apiKey];if(!f){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";f=new _R.BatchDispatch("amberflo-ingest-meter",10,async v=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(v),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Bg[h]=f}f.enqueue(p),t.waitUntil(f.waitUntilFlushed())}}),e}s(ER,"AmberfloMeteringInboundPolicy");xn.AmberfloMeteringInboundPolicy=ER});var lp=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.sha256=void 0;async function wR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(wR,"sha256");fa.sha256=wR});var $t=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.getPolicyCacheName=void 0;var vR=lp(),zg=new Map;async function TR(e,t){let r,n=zg.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,vR.sha256)(JSON.stringify({policyName:e,options:t}))}`,zg.set(e,r)),r}s(TR,"getPolicyCacheName");ma.getPolicyCacheName=TR});var fp=g(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.ApiKeyInboundPolicy=void 0;var SR=$t(),IR=Jt(),Wg=wd(),dp=L(),PR=Lt(),pp=Le(),hp=Y(),AR=Ss(),Qg="key-metadata-cache-type";function RR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(RR,"getKeyValue");async function OR(e,t,r,n){if(!r.bucketName)if(Wg.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Wg.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new dp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new dp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:PR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=RR(a,i);if(!c||c==="")return o("No key present");let u=await NR(c),l=await(0,SR.getPolicyCacheName)(n,i),d=new IR.MemoryZoneReadThroughCache(l,{logger:pp.SystemLogMap.getLogger(t)}),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Qg&&pp.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let f={key:c},h=await(0,AR.fetchRetry)({retryDelayMs:5,retries:2,logger:pp.SystemLogMap.getLogger(t)},`${hp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":hp.Environment.instance.deploymentName??"unknown","User-Agent":hp.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new dp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),v={isValid:!0,typeId:Qg,user:{sub:y.name,data:y.metadata}};return e.user=v.user,d.put(u,v,i.cacheTtlSeconds),e}s(OR,"ApiKeyInboundPolicy");ya.ApiKeyInboundPolicy=OR;async function NR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(NR,"hashValue")});var Yg=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.ApiAuthKeyInboundPolicy=void 0;var xR=fp();ga.ApiAuthKeyInboundPolicy=xR.ApiKeyInboundPolicy});var jt=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.OpenIdJwtInboundPolicy=void 0;var yp=(vs(),Xi(ws)),gp=L(),CR=se(),mp={},LR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new gp.ConfigurationError("Invalid State - jwkUrl not set");mp[t.jwkUrl]||(mp[t.jwkUrl]=(0,yp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,yp.jwtVerify)(e,mp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),DR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,yp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),UR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(f=>CR.HttpProblems.unauthorized(e,t,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new gp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new gp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?LR:DR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(o.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ba.OpenIdJwtInboundPolicy=UR});var Zg=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.Auth0JwtInboundPolicy=void 0;var kR=jt(),MR=s(async(e,t,r,n)=>(0,kR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");_a.Auth0JwtInboundPolicy=MR});var Xg=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.BasicAuthInboundPolicy=void 0;var HR=se(),FR=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>HR.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(v=>v.username===f&&v.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ea.BasicAuthInboundPolicy=FR});var eb=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.CachingInboundPolicy=void 0;var qR=$t(),$R=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function jR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(jR,"digestMessage");var VR=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await jR(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function GR(e,t,r,n){let i=await(0,qR.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await VR(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);$R.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${f}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(GR,"CachingInboundPolicy");wa.CachingInboundPolicy=GR});var tb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.ChangeMethodInboundPolicy=void 0;var BR=L(),KR=He(),JR=s(async(e,t,r,n)=>{if(!r.method)throw new BR.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new KR.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");va.ChangeMethodInboundPolicy=JR});var rb=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.ClearHeadersInboundPolicy=void 0;var zR=He(),WR=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new zR.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ta.ClearHeadersInboundPolicy=WR});var nb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.ClearHeadersOutboundPolicy=void 0;var QR=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Sa.ClearHeadersOutboundPolicy=QR});var ib=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ClerkJwtInboundPolicy=void 0;var YR=jt(),ZR=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,YR.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ia.ClerkJwtInboundPolicy=ZR});var sb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.CognitoJwtInboundPolicy=void 0;var ob=L(),XR=jt(),e0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new ob.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new ob.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,XR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Pa.CognitoJwtInboundPolicy=e0});var cb=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.CompositeInboundPolicy=void 0;var t0=L(),r0=mn(),ab=zr(),n0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new t0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=r0.Gateway.instance,o=(0,ab.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,ab.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Aa.CompositeInboundPolicy=n0});var lb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.CreditsMeteringInboundPolicy=void 0;var Ai=se(),ub=Y(),i0=s(async(e,t,r)=>{let n=e.user;if(!n)return Ai.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return Ai.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await o0(o,i,t);if(!a)return Ai.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return Ai.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return Ai.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await s0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");Ra.CreditsMeteringInboundPolicy=i0;async function o0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=ub.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerRef:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(o0,"getSubscription");async function s0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=ub.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(s0,"consumeSubscription")});var db=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CurityPhantomTokenInboundPolicy=void 0;var a0=$t(),c0=Jt(),Oa=se(),u0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Oa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=l0(i);if(!o)return Oa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,a0.getPolicyCacheName)(n,r),c=new c0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Oa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Oa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Na.CurityPhantomTokenInboundPolicy=u0;function l0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(l0,"getToken")});var pb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.FirebaseJwtInboundPolicy=void 0;var d0=qt(),p0=jt(),h0=s(async(e,t,r,n)=>((0,d0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,p0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");xa.FirebaseJwtInboundPolicy=h0});var hb=g(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.FormDataToJsonInboundPolicy=void 0;var f0=He(),m0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new f0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ca.FormDataToJsonInboundPolicy=m0});var fb=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.GeoFilterInboundPolicy=void 0;var y0=L(),g0=se(),Cn="__unknown__",b0=s(async(e,t,r,n)=>{let i={allow:{countries:Dn(r.allow?.countries,"allow.countries",n),regionCodes:Dn(r.allow?.regionCodes,"allow.regionCode",n),asns:Dn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Dn(r.block?.countries,"block.countries",n),regionCodes:Dn(r.block?.regionCodes,"block.regionCode",n),asns:Dn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Cn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Cn,c=t.incomingRequestProperties.asn?.toString()??Cn,u=i.ignoreUnknown&&o===Cn,l=i.ignoreUnknown&&a===Cn,d=i.ignoreUnknown&&c===Cn,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Ln(e,t,n,o,a,c);let y=i.block.countries,v=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||v.length>0&&v.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Ln(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");La.GeoFilterInboundPolicy=b0;function Ln(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),g0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Ln,"blockedResponse");function Dn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new y0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Dn,"toLowerStringArray")});var mb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.JWTScopeValidationInboundPolicy=void 0;var _0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Da.JWTScopeValidationInboundPolicy=_0});var gb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.MockApiInboundPolicy=void 0;var E0=se(),w0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return bp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return bp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return yb(a[c])}else return a.length>0?yb(a[0]):bp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ua.MockApiInboundPolicy=w0;function yb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(yb,"generateResponse");var bp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return E0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var vb=g(Un=>{"use strict";Object.defineProperty(Un,"__esModule",{value:!0});Un.MoesifInboundPolicy=Un.setMoesifContext=void 0;var v0=L(),T0=ve(),S0="Incoming",I0={logRequestBody:!0,logResponseBody:!0};function bb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(bb,"headersToObject");function _b(){return new Date().toISOString()}s(_b,"timestamp");var _p=new WeakMap,P0={};function A0(e,t){let r=_p.get(e);r||(r=P0);let n=Object.assign({...r},t);_p.set(e,n)}s(A0,"setMoesifContext");Un.setMoesifContext=A0;async function Eb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Eb,"readBody");var R0={},Ep;function wb(){if(!Ep)throw new v0.RuntimeError("Invalid State - no _lastLogger");return Ep}s(wb,"getLastLogger");function O0(e){let t=R0[e];return t||(t=new T0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);wb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||wb().error({status:i.status,body:await i.text()})})),t}s(O0,"getDispatcher");async function N0(e,t,r,n){Ep=t.log;let i=_b(),o=Object.assign(I0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Eb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=O0(o.applicationId),d=e.headers.get("true-client-ip"),p=_p.get(t)??{},f={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:bb(e.headers)},h=o.logResponseBody?await Eb(c,t):void 0,y={time:_b(),status:c.status,headers:bb(c.headers),body:h},v={request:f,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:S0};l.enqueue(v),t.waitUntil(l.waitUntilFlushed())}),e}s(N0,"MoesifInboundPolicy");Un.MoesifInboundPolicy=N0});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.OktaJwtInboundPolicy=void 0;var x0=jt(),C0=s(async(e,t,r,n)=>(0,x0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");ka.OktaJwtInboundPolicy=C0});var Sb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.PropelAuthJwtInboundPolicy=void 0;var L0=(vs(),Xi(ws)),D0=jt(),wp,U0=s(async(e,t,r,n)=>{if(!wp)try{wp=await(0,L0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,D0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:wp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ma.PropelAuthJwtInboundPolicy=U0});var Ib=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var je=Dt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=et;var Ri=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ri;var Oi=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Oi;function k0(e,t){if((0,je.isUndefined)(e))throw new Ri(t)}s(k0,"throwIfUndefined");G.throwIfUndefined=k0;function vp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Ri(t)}s(vp,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=vp;function M0(e,t){if(vp(e,t),!(0,je.isString)(e))throw new Oi(t,"string")}s(M0,"throwIfNotString");G.throwIfNotString=M0;function H0(e,t){if(vp(e,t),!(0,je.isNumber)(e))throw new Oi(t,"number")}s(H0,"throwIfNotNumber");G.throwIfNotNumber=H0;var Ni=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Ni;var kn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function F0(e,t,r,n){if((0,je.isUndefined)(n))throw new Ni(e,t,r)}s(F0,"throwIfOptionUndefined");G.throwIfOptionUndefined=F0;function Ha(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Ni(e,t,r)}s(Ha,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=Ha;function q0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isString)(n))throw new kn(e,t,r,"string")}s(q0,"throwIfOptionNotString");G.throwIfOptionNotString=q0;function $0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isNumber)(n))throw new kn(e,t,r,"number")}s($0,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=$0;function j0(e,t,r,n){if(Ha(e,t,r,n),!(0,je.isObject)(n))throw new kn(e,t,r,"object")}s(j0,"throwIfOptionNotObject");G.throwIfOptionNotObject=j0;function V0(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(V0,"throwIfStateUndefined");G.throwIfStateUndefined=V0;function Fa(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Fa,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=Fa;function G0(e,t){if(Fa(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(G0,"throwIfStateNotString");G.throwIfStateNotString=G0;function B0(e,t){if(Fa(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(B0,"throwIfStateNotNumber");G.throwIfStateNotNumber=B0;function K0(e,t){if(Fa(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(K0,"throwIfStateNotObject");G.throwIfStateNotObject=K0});var Pb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.InMemoryRedisClient=Mn.StandardRedisClient=void 0;var Tp=L(),qa=Ib(),Sp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,qa.throwIfNotString)(t,"redisClientUrl"),(0,qa.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,qa.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Tp.SystemError("Redis client failed with 401: Unauthorized"):new Tp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Mn.StandardRedisClient=Sp;var Ip=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,qa.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Tp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Mn.InMemoryRedisClient=Ip});var xb=g(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.RateLimitInboundPolicy=void 0;var J0=Sr(),z0=$t(),W0=io(),Vt=L(),Q0=se(),Ab=Le(),xi=Y(),Rb=Pb(),Ob=Dt(),$a=(0,J0.debug)("zuplo:policies:RateLimitInboundPolicy"),Y0="strict",Z0=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),X0=s(async e=>({key:`ip-${Z0(e)}`}),"getIP"),eO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),tO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),ja;function rO(e,t){let r;if(ja)return ja;if(xi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Rb.InMemoryRedisClient,ja=r,r;let{authApiJWT:n,redisURL:i}=xi.Environment.instance;if(!(0,Ob.isString)(i))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,Ob.isString)(n))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Rb.StandardRedisClient.initialize(i,n,xi.Environment.instance.deploymentName??"unknown",xi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return ja=r,r}s(rO,"getRedisClient");async function Nb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Nb,"getCountAndUpdateExpiry");function nO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Vt.RuntimeError(u)}return c},"outerFunction")}s(nO,"wrapUserFunction");var iO="Retry-After",oO=s(async(e,t,r,n)=>{let i=Date.now(),o=Ab.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Vt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[iO]=l.toString()),Q0.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:nO(r,n),user:eO,ip:X0,all:tO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",v=rO(n,o),S=`bucket/${xi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??Y0)==="async"){let C=await(0,z0.getPolicyCacheName)(n,r),re=new W0.ZoneCache(C,{logger:Ab.SystemLogMap.getLogger(t)}),ne=Nb(S,h,v,o,t.requestId),me=await re.get(S);if(me!==void 0&&me<=Date.now()){$a(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(y,Be)}return t.addEventListener("responseSending",Be=>{try{let E=Be,H=E.mutableResponse;E.mutableResponse=(async()=>{let Ce=await ne;if(Ce.count>f){let nu=Date.now()+Ce.ttlSeconds*1e3;return re.put(S,nu,Ce.ttlSeconds).catch(fh=>{throw o.error(fh),fh}),$a(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Ce.ttlSeconds)}return H})()}catch(E){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let j=await Nb(S,h,v,o,t.requestId);return j.count>f?($a(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,j.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;$a(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Va.RateLimitInboundPolicy=oO});var Ub=g(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ReadmeMetricsInboundPolicy=void 0;var sO=ve(),Pp=Y(),Cb=ni(),Ap;function Lb(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(Lb,"headersToNameValuePairs");function aO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(aO,"queryToNameValueParis");function cO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(cO,"parseIntOrUndefined");var Db={};async function uO(e,t,r,n){let i=new Date,o=Date.now();return Ap||(Ap={name:"zuplo",version:Pp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Pp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,Cb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,Cb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Pp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Ap,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:Lb(e.headers),queryString:aO(e.query)},response:{status:a.status,statusText:a.statusText,headers:Lb(a.headers),content:{size:cO(e.headers.get("content-length"))}}}]}}},d=Db[r.apiKey];if(!d){let p=r.apiKey;d=new sO.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),Db[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(uO,"ReadmeMetricsInboundPolicy");Ga.ReadmeMetricsInboundPolicy=uO});var kb=g(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.RemoveHeadersInboundPolicy=void 0;var lO=L(),dO=He(),pO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new lO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new dO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Ba.RemoveHeadersInboundPolicy=pO});var Mb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RemoveHeadersOutboundPolicy=void 0;var hO=L(),fO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new hO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Ka.RemoveHeadersOutboundPolicy=fO});var Hb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.RemoveQueryParamsInboundPolicy=void 0;var mO=L(),yO=He(),gO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new mO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new yO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Ja.RemoveQueryParamsInboundPolicy=gO});var Fb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.ReplaceStringOutboundPolicy=void 0;var bO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");za.ReplaceStringOutboundPolicy=bO});var $b=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RequestSizeLimitInboundPolicy=void 0;var qb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),_O=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?qb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?qb():e},"RequestSizeLimitInboundPolicy");Wa.RequestSizeLimitInboundPolicy=_O});var Qa=g(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function EO(e,t,r){return`_${Mr(e+"_"+t+"_"+r)}`}s(EO,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=EO;function wO(e,t,r,n){return`_${Mr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(wO,"getIdForParameterSchema");tt.getIdForParameterSchema=wO;function vO(e,t,r){return`_${Mr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Mr(r.toLowerCase())}`}s(vO,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=vO;function TO(e,t){return`_${Mr(e)}__${Mr(t)}`}s(TO,"getIdForRefSchema");tt.getIdForRefSchema=TO;function Mr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Mr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Mr});var Ci=g(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var SO=mn(),IO=Qa(),PO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=PO;var AO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{if(u.required&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else{let l=(0,IO.getIdForParameterSchema)(r,n,i,u.name),d=SO.Gateway.instance.schemaValidator[l],p=d(t[u.name]),f=(0,De.getErrorsFromValidator)(d.errors);p||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${f.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");De.validateParameters=AO;var RO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=RO;var OO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=OO;var NO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=NO;var xO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=xO});var jb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.handleBodyValidation=void 0;var CO=mn(),Ya=se(),LO=Qa(),Je=Ci();async function DO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,v=Ya.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",y,[n],h),(0,Je.shouldReject)(r.validateBody))return v}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=Ya.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,LO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=CO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=Ya.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),f=Ya.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return f}s(DO,"handleBodyValidation");Za.handleBodyValidation=DO});var Vb=g(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.handleHeadersValidation=void 0;var UO=se(),Li=Ci();function kO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Li.getParametersForOperation)(e),o=(0,Li.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=UO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Li.shouldLog)(r.validateHeaders)&&(0,Li.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Li.shouldReject)(r.validateHeaders))return c}}s(kO,"handleHeadersValidation");Xa.handleHeadersValidation=kO});var Gb=g(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.handlePathParameterValidation=void 0;var MO=se(),Di=Ci();function HO(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Di.getParametersForOperation)(e),i=(0,Di.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=MO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Di.shouldLog)(r.validatePathParameters)&&(0,Di.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Di.shouldReject)(r.validatePathParameters))return a}}s(HO,"handlePathParameterValidation");ec.handlePathParameterValidation=HO});var Bb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleQueryParameterValidation=void 0;var FO=se(),Ui=Ci();function qO(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Ui.getParametersForOperation)(e),i=(0,Ui.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=FO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Ui.shouldLog)(r.validateQueryParameters)&&(0,Ui.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Ui.shouldReject)(r.validateQueryParameters))return a}}s(qO,"handleQueryParameterValidation");tc.handleQueryParameterValidation=qO});var Kb=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var $O=jb(),jO=Vb(),VO=Gb(),GO=Bb(),BO=s(async(e,t,r)=>{let n=(0,GO.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,VO.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,jO.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,$O.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=BO;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var Jb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.RequireOriginInboundPolicy=void 0;var KO=L(),JO=se(),zO=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new KO.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return JO.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");rc.RequireOriginInboundPolicy=zO});var zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.SetBodyInboundPolicy=void 0;var WO=He(),QO=s(async(e,t,r)=>new WO.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");nc.SetBodyInboundPolicy=QO});var Qb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.SetHeadersInboundPolicy=void 0;var Wb=L(),YO=He(),ZO=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new Wb.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new Wb.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new YO.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ic.SetHeadersInboundPolicy=ZO});var Zb=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.SetHeadersOutboundPolicy=void 0;var Yb=L(),XO=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new Yb.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new Yb.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");oc.SetHeadersOutboundPolicy=XO});var e_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetQueryParamsInboundPolicy=void 0;var Xb=L(),eN=He(),tN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new Xb.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new Xb.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new eN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");sc.SetQueryParamsInboundPolicy=tN});var t_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetStatusOutboundPolicy=void 0;var rN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");ac.SetStatusOutboundPolicy=rN});var r_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SleepInboundPolicy=void 0;var nN=L(),iN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),oN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new nN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await iN(r.sleepInMs),e},"SleepInboundPolicy");cc.SleepInboundPolicy=oN});var i_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SupabaseJwtInboundPolicy=void 0;var n_=L(),sN=se(),aN=He(),cN=qt(),uN=jt(),lN=s(async(e,t,r,n)=>{(0,cN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,uN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof aN.ZuploRequest))throw new n_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new n_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?sN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");uc.SupabaseJwtInboundPolicy=lN});var s_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var dN=$t(),pN=Jt(),o_=L(),hN=Le(),fN=Ss(),mN=qt(),yN=s(async(e,t,r,n)=>{(0,mN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,dN.getPolicyCacheName)(n,r),o=new pN.MemoryZoneReadThroughCache(i,{logger:hN.SystemLogMap.getLogger(t)}),a=await o.get(n);if(!a){let c=await gN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");lc.UpstreamAzureAdServiceAuthInboundPolicy=yN;async function gN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,fN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new o_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new o_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(gN,"getAccessToken")});var c_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var bN=$t(),_N=Jt(),EN=L(),wN=Le(),Rp=pn(),vN=qt(),a_="https://accounts.google.com/o/oauth2/token",Op,TN=s(async(e,t,r,n)=>{(0,vN.optionValidator)(r,n).required("serviceAccountJson","string"),Op||(Op=await Rp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,bN.getPolicyCacheName)(n,r),a=new _N.MemoryZoneReadThroughCache(o,{logger:wN.SystemLogMap.getLogger(t)}),c=await a.get(n);if(!c){let u=await(0,Rp.getTokenFromGcpServiceAccount)({serviceAccount:Op,audience:a_,payload:i}),l=await(0,Rp.exchangeGgpJwtForIdToken)(a_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new EN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");dc.UpstreamFirebaseAdminAuthInboundPolicy=TN});var u_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var SN=$t(),IN=Jt(),Hn=L(),PN=Le(),AN=lp(),Np=pn(),RN=ni(),ON=qt(),NN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",xN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],xp,CN=s(async(e,t,r,n)=>{if((0,ON.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Hn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(xN.indexOf(p)!==-1)throw new Hn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}xp||(xp=await Np.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Hn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Hn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,RN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Hn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,SN.getPolicyCacheName)(n,r),c=new IN.MemoryZoneReadThroughCache(a,{logger:PN.SystemLogMap.getLogger(t)}),u={uid:o,claims:i},l=await(0,AN.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Np.getTokenFromGcpServiceAccount)({serviceAccount:xp,audience:NN,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Np.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Hn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");pc.UpstreamFirebaseUserAuthInboundPolicy=CN});var d_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamGcpJwtInboundPolicy=void 0;var l_=pn(),LN=qt(),Cp,DN=s(async(e,t,r,n)=>{(0,LN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Cp||(Cp=await l_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,l_.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");hc.UpstreamGcpJwtInboundPolicy=DN});var h_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamGcpServiceAuthInboundPolicy=void 0;var UN=$t(),kN=lu(),MN=Jt(),HN=L(),Lp=pn(),FN=qt(),p_="https://www.googleapis.com/oauth2/v4/token",Dp,qN=s(async(e,t,r,n)=>{(0,FN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,UN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new kN.MemoryCache(i):o=new MN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:p_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Lp.exchangeGgpJwtForIdToken)(p_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new HN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");fc.UpstreamGcpServiceAuthInboundPolicy=qN});var m_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.ValidateJsonSchemaInbound=void 0;var $N=L(),f_=se(),jN=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return f_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new $N.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return f_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");mc.ValidateJsonSchemaInbound=jN});var g_=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.MeteringInboundPolicy=void 0;var y_=js(),Up=L(),VN=se(),GN=Le(),BN=Y(),KN=s(async(e,t,r,n)=>{let i=GN.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,f)=>{let h=y_.ContextData.get(f,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;let v=r.bucketId;if(!v){f.log.error(`MeteringInboundPolicy '${n}' - no bucketName property provided`);return}let{authApiJWT:T,meteringServiceUrl:S}=BN.Environment.instance;d.ok&&h&&r.meters&&fetch(`${S}/internal/v1/metering/${v}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${T}`},method:"POST",body:JSON.stringify({meters:r.meters})}).catch(M=>{f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,M)})});let o=y_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new Up.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new Up.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new Up.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return VN.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`});return e},"MeteringInboundPolicy");yc.MeteringInboundPolicy=KN});var b_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.LoadSubscriptionInboundPolicy=void 0;var JN=js(),zN=L(),kp=se(),WN=Le(),QN=Y(),YN=s(async(e,t,r,n)=>{let i=WN.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:kp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});let c=r.bucketId;if(!c)throw new zN.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketName property provided`);let{authApiJWT:u,meteringServiceUrl:l}=QN.Environment.instance,{sub:d}=a,p,f;try{if(p=await fetch(`${l}/internal/v1/metering/${c}/subscriptions?customerRef=${d}&status=active`,{headers:{Authorization:`Bearer ${u}`},method:"GET"}),!p.ok)return t.log.error(await p.text()),kp.HttpProblems.forbidden(e,t);f=await p.json()}catch(y){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,y)}if((!f||!f.data||f.data.length===0)&&!o)return kp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!f||!f.data||f.data.length===0)&&o)return e;let h=f&&f.data?f.data[0]:void 0;return JN.ContextData.set(t,"subscription",h),e},"LoadSubscriptionInboundPolicy");gc.LoadSubscriptionInboundPolicy=YN});var __=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ServiceProviderImpl=void 0;var ZN=L(),Mp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new ZN.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};bc.ServiceProviderImpl=Mp});var N_=g(m=>{"use strict";var XN=m&&m.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Hp=m&&m.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&XN(t,e,r)},ex=m&&m.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(m,"__esModule",{value:!0});m.RateLimitInboundPolicy=m.BasicRateLimitInboundPolicy=m.PropelAuthJwtInboundPolicy=m.OpenIdJwtInboundPolicy=m.OktaJwtInboundPolicy=m.setMoesifContext=m.MoesifInboundPolicy=m.MockApiInboundPolicy=m.JWTScopeValidationInboundPolicy=m.GeoFilterInboundPolicy=m.FormDataToJsonInboundPolicy=m.FirebaseJwtInboundPolicy=m.CurityPhantomTokenInboundPolicy=m.CreditsMeteringInboundPolicy=m.CompositeInboundPolicy=m.CognitoJwtInboundPolicy=m.ClerkJwtInboundPolicy=m.ClearHeadersOutboundPolicy=m.ClearHeadersInboundPolicy=m.ChangeMethodInboundPolicy=m.CachingInboundPolicy=m.BasicAuthInboundPolicy=m.Auth0JwtInboundPolicy=m.ApiKeyInboundPolicy=m.ApiAuthKeyInboundPolicy=m.AmberfloMeteringPolicy=m.AmberfloMeteringInboundPolicy=m.AuditLogPlugin=m.AuditLogDataStaxProvider=m.HttpStatusCode=m.webSocketPipelineHandler=m.webSocketHandler=m.urlRewriteHandler=m.urlForwardHandler=m.redirectHandler=m.openApiSpecHandler=m.awsLambdaHandler=m.AwsLambdaHandlerExtensions=m.purgeGatewayCache=m.Handler=m.originalFetch=m.ConfigurationError=m.isZuploReadableEnvVariableName=m.isRestrictedEnvVariableName=m.environment=m.ContextData=m.ResponseSentEvent=m.ResponseSendingEvent=m.ZoneCache=m.MemoryZoneReadThroughCache=void 0;m.sanitizedIdentifierName=m.getRawOperationDataIdentifierName=m.getIdForRequestBodySchema=m.getIdForRefSchema=m.getIdForParameterSchema=m.SystemLogMap=m.httpStatuses=m.SYSTEM_LOGGER=m.API_KEY=m.ServiceProviderImpl=m.serialize=m.ContentTypes=m.Router=m.LookupResult=m.SystemRouteName=m.ZuploRequest=m.ProblemResponseFormatter=m.HttpProblems=m.LoadSubscriptionInboundPolicy=m.MeteringInboundPolicy=m.ValidateJsonSchemaInbound=m.UpstreamGcpServiceAuthInboundPolicy=m.UpstreamGcpJwtInboundPolicy=m.UpstreamFirebaseUserAuthInboundPolicy=m.UpstreamFirebaseAdminAuthInboundPolicy=m.UpstreamAzureAdServiceAuthInboundPolicy=m.SupabaseJwtInboundPolicy=m.StripeWebhookVerificationInboundPolicy=m.SleepInboundPolicy=m.SetStatusOutboundPolicy=m.SetQueryParamsInboundPolicy=m.SetHeadersOutboundPolicy=m.SetHeadersInboundPolicy=m.SetBodyInboundPolicy=m.RequireOriginInboundPolicy=m.SchemaBasedRequestValidation=m.RequestValidationInboundPolicy=m.RequestSizeLimitInboundPolicy=m.ReplaceStringOutboundPolicy=m.RemoveQueryParamsInboundPolicy=m.RemoveHeadersOutboundPolicy=m.RemoveHeadersInboundPolicy=m.ReadmeMetricsInboundPolicy=void 0;Eh();var tx=Jt();Object.defineProperty(m,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return tx.MemoryZoneReadThroughCache}});var rx=io();Object.defineProperty(m,"ZoneCache",{enumerable:!0,get:function(){return rx.ZoneCache}});var E_=Ir();Object.defineProperty(m,"ResponseSendingEvent",{enumerable:!0,get:function(){return E_.ResponseSendingEvent}});Object.defineProperty(m,"ResponseSentEvent",{enumerable:!0,get:function(){return E_.ResponseSentEvent}});var nx=js();Object.defineProperty(m,"ContextData",{enumerable:!0,get:function(){return nx.ContextData}});var Fp=wd();Object.defineProperty(m,"environment",{enumerable:!0,get:function(){return Fp.environment}});Object.defineProperty(m,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Fp.isRestrictedEnvVariableName}});Object.defineProperty(m,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Fp.isZuploReadableEnvVariableName}});var ix=L();Object.defineProperty(m,"ConfigurationError",{enumerable:!0,get:function(){return ix.ConfigurationError}});var ox=Td();Object.defineProperty(m,"originalFetch",{enumerable:!0,get:function(){return ox.originalFetch}});var w_=zy();Object.defineProperty(m,"Handler",{enumerable:!0,get:function(){return w_.Handler}});Object.defineProperty(m,"purgeGatewayCache",{enumerable:!0,get:function(){return w_.purgeGatewayCache}});var v_=dg();Object.defineProperty(m,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return v_.AwsLambdaHandlerExtensions}});Object.defineProperty(m,"awsLambdaHandler",{enumerable:!0,get:function(){return v_.awsLambdaHandler}});var sx=hg();Object.defineProperty(m,"openApiSpecHandler",{enumerable:!0,get:function(){return sx.openApiSpecHandler}});var ax=fg();Object.defineProperty(m,"redirectHandler",{enumerable:!0,get:function(){return ax.redirectHandler}});var cx=yg();Object.defineProperty(m,"urlForwardHandler",{enumerable:!0,get:function(){return cx.urlForwardHandler}});var ux=bg();Object.defineProperty(m,"urlRewriteHandler",{enumerable:!0,get:function(){return ux.urlRewriteHandler}});var lx=Eg();Object.defineProperty(m,"webSocketHandler",{enumerable:!0,get:function(){return lx.webSocketHandler}});var dx=Tg();Object.defineProperty(m,"webSocketPipelineHandler",{enumerable:!0,get:function(){return dx.webSocketPipelineHandler}});var px=Du();Object.defineProperty(m,"HttpStatusCode",{enumerable:!0,get:function(){return px.HttpStatusCode}});Hp(xg(),m);Hp(Dg(),m);var hx=Ug();Object.defineProperty(m,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return hx.AuditLogDataStaxProvider}});var fx=Mg();Object.defineProperty(m,"AuditLogPlugin",{enumerable:!0,get:function(){return fx.AuditLogPlugin}});Hp(jg(),m);var T_=Jg();Object.defineProperty(m,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return T_.AmberfloMeteringInboundPolicy}});Object.defineProperty(m,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return T_.AmberfloMeteringPolicy}});var mx=Yg();Object.defineProperty(m,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return mx.ApiAuthKeyInboundPolicy}});var yx=fp();Object.defineProperty(m,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return yx.ApiKeyInboundPolicy}});var gx=Zg();Object.defineProperty(m,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return gx.Auth0JwtInboundPolicy}});var bx=Xg();Object.defineProperty(m,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return bx.BasicAuthInboundPolicy}});var _x=eb();Object.defineProperty(m,"CachingInboundPolicy",{enumerable:!0,get:function(){return _x.CachingInboundPolicy}});var Ex=tb();Object.defineProperty(m,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Ex.ChangeMethodInboundPolicy}});var wx=rb();Object.defineProperty(m,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return wx.ClearHeadersInboundPolicy}});var vx=nb();Object.defineProperty(m,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return vx.ClearHeadersOutboundPolicy}});var Tx=ib();Object.defineProperty(m,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Tx.ClerkJwtInboundPolicy}});var Sx=sb();Object.defineProperty(m,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Sx.CognitoJwtInboundPolicy}});var Ix=cb();Object.defineProperty(m,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Ix.CompositeInboundPolicy}});var Px=lb();Object.defineProperty(m,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return Px.CreditsMeteringInboundPolicy}});var Ax=db();Object.defineProperty(m,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Ax.CurityPhantomTokenInboundPolicy}});var Rx=pb();Object.defineProperty(m,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Rx.FirebaseJwtInboundPolicy}});var Ox=hb();Object.defineProperty(m,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Ox.FormDataToJsonInboundPolicy}});var Nx=fb();Object.defineProperty(m,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Nx.GeoFilterInboundPolicy}});var xx=mb();Object.defineProperty(m,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return xx.JWTScopeValidationInboundPolicy}});var Cx=gb();Object.defineProperty(m,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Cx.MockApiInboundPolicy}});var S_=vb();Object.defineProperty(m,"MoesifInboundPolicy",{enumerable:!0,get:function(){return S_.MoesifInboundPolicy}});Object.defineProperty(m,"setMoesifContext",{enumerable:!0,get:function(){return S_.setMoesifContext}});var Lx=Tb();Object.defineProperty(m,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Lx.OktaJwtInboundPolicy}});var Dx=jt();Object.defineProperty(m,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return Dx.OpenIdJwtInboundPolicy}});var Ux=Sb();Object.defineProperty(m,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Ux.PropelAuthJwtInboundPolicy}});var I_=xb();Object.defineProperty(m,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return I_.RateLimitInboundPolicy}});Object.defineProperty(m,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return I_.RateLimitInboundPolicy}});var kx=Ub();Object.defineProperty(m,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return kx.ReadmeMetricsInboundPolicy}});var Mx=kb();Object.defineProperty(m,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Mx.RemoveHeadersInboundPolicy}});var Hx=Mb();Object.defineProperty(m,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Hx.RemoveHeadersOutboundPolicy}});var Fx=Hb();Object.defineProperty(m,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Fx.RemoveQueryParamsInboundPolicy}});var qx=Fb();Object.defineProperty(m,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return qx.ReplaceStringOutboundPolicy}});var $x=$b();Object.defineProperty(m,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return $x.RequestSizeLimitInboundPolicy}});var P_=Kb();Object.defineProperty(m,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return P_.RequestValidationInboundPolicy}});Object.defineProperty(m,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return P_.SchemaBasedRequestValidation}});var jx=Jb();Object.defineProperty(m,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return jx.RequireOriginInboundPolicy}});var Vx=zb();Object.defineProperty(m,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return Vx.SetBodyInboundPolicy}});var Gx=Qb();Object.defineProperty(m,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return Gx.SetHeadersInboundPolicy}});var Bx=Zb();Object.defineProperty(m,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return Bx.SetHeadersOutboundPolicy}});var Kx=e_();Object.defineProperty(m,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Kx.SetQueryParamsInboundPolicy}});var Jx=t_();Object.defineProperty(m,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return Jx.SetStatusOutboundPolicy}});var zx=r_();Object.defineProperty(m,"SleepInboundPolicy",{enumerable:!0,get:function(){return zx.SleepInboundPolicy}});var Wx=ip();Object.defineProperty(m,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return Wx.StripeWebhookVerificationInboundPolicy}});var Qx=i_();Object.defineProperty(m,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return Qx.SupabaseJwtInboundPolicy}});var Yx=s_();Object.defineProperty(m,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return Yx.UpstreamAzureAdServiceAuthInboundPolicy}});var Zx=c_();Object.defineProperty(m,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return Zx.UpstreamFirebaseAdminAuthInboundPolicy}});var Xx=u_();Object.defineProperty(m,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return Xx.UpstreamFirebaseUserAuthInboundPolicy}});var eC=d_();Object.defineProperty(m,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return eC.UpstreamGcpJwtInboundPolicy}});var tC=h_();Object.defineProperty(m,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return tC.UpstreamGcpServiceAuthInboundPolicy}});var rC=m_();Object.defineProperty(m,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return rC.ValidateJsonSchemaInbound}});var nC=g_();Object.defineProperty(m,"MeteringInboundPolicy",{enumerable:!0,get:function(){return nC.MeteringInboundPolicy}});var iC=b_();Object.defineProperty(m,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return iC.LoadSubscriptionInboundPolicy}});var oC=se();Object.defineProperty(m,"HttpProblems",{enumerable:!0,get:function(){return oC.HttpProblems}});var sC=fo();Object.defineProperty(m,"ProblemResponseFormatter",{enumerable:!0,get:function(){return sC.ProblemResponseFormatter}});var aC=He();Object.defineProperty(m,"ZuploRequest",{enumerable:!0,get:function(){return aC.ZuploRequest}});var cC=Ar();Object.defineProperty(m,"SystemRouteName",{enumerable:!0,get:function(){return cC.SystemRouteName}});var A_=hd();Object.defineProperty(m,"LookupResult",{enumerable:!0,get:function(){return A_.LookupResult}});Object.defineProperty(m,"Router",{enumerable:!0,get:function(){return A_.Router}});var R_=Iu();Object.defineProperty(m,"ContentTypes",{enumerable:!0,get:function(){return R_.ContentTypes}});Object.defineProperty(m,"serialize",{enumerable:!0,get:function(){return R_.serialize}});var uC=__();Object.defineProperty(m,"ServiceProviderImpl",{enumerable:!0,get:function(){return uC.ServiceProviderImpl}});var O_=Ju();Object.defineProperty(m,"API_KEY",{enumerable:!0,get:function(){return O_.API_KEY}});Object.defineProperty(m,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return O_.SYSTEM_LOGGER}});var lC=ku();Object.defineProperty(m,"httpStatuses",{enumerable:!0,get:function(){return ex(lC).default}});var dC=Le();Object.defineProperty(m,"SystemLogMap",{enumerable:!0,get:function(){return dC.SystemLogMap}});var ki=Qa();Object.defineProperty(m,"getIdForParameterSchema",{enumerable:!0,get:function(){return ki.getIdForParameterSchema}});Object.defineProperty(m,"getIdForRefSchema",{enumerable:!0,get:function(){return ki.getIdForRefSchema}});Object.defineProperty(m,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return ki.getIdForRequestBodySchema}});Object.defineProperty(m,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return ki.getRawOperationDataIdentifierName}});Object.defineProperty(m,"sanitizedIdentifierName",{enumerable:!0,get:function(){return ki.sanitizedIdentifierName}})});var x_=g(Fn=>{"use strict";Object.defineProperty(Fn,"__esModule",{value:!0});Fn.BaseCryptoBeta=Fn.supportedDigests=void 0;Fn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var qp=class{static{s(this,"BaseCryptoBeta")}};Fn.BaseCryptoBeta=qp});var C_=g(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.WorkerCryptoBeta=void 0;var $p=x_(),pC=L(),jp=class extends $p.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!$p.supportedDigests.includes(t.toLowerCase()))throw new pC.RuntimeError(`Algorithm ${t} is not supported. Try using ${$p.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};_c.WorkerCryptoBeta=jp});var L_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.BaseKeyValueStore=void 0;var Vp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Ec.BaseKeyValueStore=Vp});var U_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.WorkerKeyValueStore=void 0;var D_=L(),hC=L_(),Gp=class extends hC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new D_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new D_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};wc.WorkerKeyValueStore=Gp});var Lt=g(dt=>{"use strict";var fC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),mC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&fC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;mC(N_(),dt);var yC=C_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return yC.WorkerCryptoBeta}});var gC=U_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return gC.WorkerKeyValueStore}})});var SL={};Zi(SL,{GraphQLComplexityLimitInboundPolicy:()=>hE,GraphQLDisableIntrospectionInboundPolicy:()=>mE});module.exports=Xi(SL);var Yn=yh(Lt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function At(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(At,"invariant");var bC=/\r\n|[\n\r]/g;function qn(e,t){let r=0,n=1;for(let i of e.body.matchAll(bC)){if(typeof i.index=="number"||At(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(qn,"getLocation");function Bp(e){return vc(e.source,qn(e.source,e.start))}s(Bp,"printLocation");function vc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
75
75
  `,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let f=Math.floor(u/80),h=u%80,y=[];for(let v=0;v<p.length;v+=80)y.push(p.slice(v,v+80));return l+k_([[`${a} |`,y[0]],...y.slice(1,f+1).map(v=>["|",v]),["|","^".padStart(h)],["|",y[f+1]]])}return l+k_([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(vc,"printSourceLocation");function k_(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
76
76
  `)}s(k_,"printPrefixedLines");function _C(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(_C,"toNormalizedOptions");var x=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=_C(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=M_(Array.isArray(a)?a:a?[a]:void 0);let f=M_((n=this.nodes)===null||n===void 0?void 0:n.map(y=>y.loc).filter(y=>y!=null));this.source=c??(f==null||(i=f[0])===null||i===void 0?void 0:i.source),this.positions=u??f?.map(y=>y.start),this.locations=u&&c?u.map(y=>qn(c,y)):f?.map(y=>qn(y.source,y.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
77
77
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zuplo/graphql",
3
- "version": "5.1692.0",
3
+ "version": "5.1695.0",
4
4
  "repository": "https://github.com/zuplo/zuplo",
5
5
  "author": "Zuplo, Inc.",
6
6
  "exports": {