@zuplo/graphql 5.1722.0 → 5.1724.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.minified.js CHANGED
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
71
71
  `+d}):new Mr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
72
72
  If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
73
73
  `+l+`
74
- `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(aR,"validateComputedSignature");function cR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(cR,"parseHeader");function uR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(uR,"secureCompare");async function $g(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=sp[o[c]];return a.join("")}s($g,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=$g;var sp=new Array(256);for(let e=0;e<sp.length;e++)sp[e]=e.toString(16).padStart(2,"0")});var qt=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Ri=L();function lR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(lR,"optionValidator");pa.optionValidator=lR});var ap=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var dR=ae(),pR=jg(),hR=qt(),fR=s(async(e,t,r,n)=>{(0,hR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,pR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),dR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=fR});var Gg=g(cp=>{"use strict";Object.defineProperty(cp,"__esModule",{value:!0});var Vg=L(),mR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Vg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Vg.RuntimeError(o)}}};cp.default=mR});var Kg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Bg=bt();function yR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Bg.isString)(e.id)&&"type"in e&&(0,Bg.isString)(e.type)}s(yR,"isStripeWebhookEvent");fa.isStripeWebhookEvent=yR});var Jg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var gR=gt(),up=class extends gR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Qg=g(xn=>{"use strict";var bR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),Ve=L(),_R=Lt(),ER=ap(),Oi=ae(),wR=Yt(),vR=zr(),TR=ku(),SR=st(),zg=Oe(),lp=Y(),Wg=wi(),IR=bR(Gg()),PR=Kg(),AR=bt(),RR=Jg(),OR="checkout.session.completed",dp=class extends RR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!this.options.zuploAccountApiKey)throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'zuploAccountApiKey' property provided");if(!lp.Environment.instance.build.ACCOUNT_NAME)throw new Ve.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!CR(p))throw new Ve.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,PR.isStripeWebhookEvent)(m))return Oi.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`);let h,y,w;if(m.type===OR){let ne=m,ve=ne.data?.object?.subscription;if(!ve)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");if(y=ne.data?.object?.client_reference_id,w=ne.data?.object?.customer_email,!y)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!w)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");if(!ve)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");h=await IR.default.getSubscription({logger:u.log,stripeSecretKey:this.options.stripeSecretKey,subscriptionId:ve})}else return Oi.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."});let T=h.id,S=h.customer,U=h.items?.data.find(ne=>ne.object==="subscription_item");if(!U||!U.id)throw new Ve.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let $=U.plan;if(!$||!$.product)throw new Ve.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let O=$.product,te=await NR({apiKeyBucketName:d,accountName:lp.Environment.instance.build.ACCOUNT_NAME,stripeProductId:O,stripeSubscriptionId:T,stripeCustomerId:S,managerEmail:w,managerSub:y,zuploAccountApiKey:this.options.zuploAccountApiKey,context:u});if(!te)return Oi.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let re="routes.oas.json";try{await xR({context:u,stripeProductId:O,stripeSubscriptionId:T,customerKey:te,productKey:re,meteringBucketId:l,meteringBucketRegion:p})}catch(ne){return Oi.HttpProblems.internalServerError(c,u,{detail:ne.message})}return Oi.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,vR.createInternalPolicyProcessor)({inboundPolicies:[{handler:ER.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new _R.Pipeline({processors:[wR.metricsProcessor,i],handler:n,gateway:r}),a=new SR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:TR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=dp;async function NR({accountName:e,apiKeyBucketName:t,zuploAccountApiKey:r,stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o,managerEmail:a,managerSub:c,context:u}){let l=new URL(`/v1/accounts/${e}/key-buckets/${t}/consumers`,"https://dev.zuplo.com");l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${n}`,tags:{providerSubscriptionKey:n,planProviderKey:i},metadata:{stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o},managers:[{sub:c,email:a}]},m=await(0,Wg.fetchRetry)({retryDelayMs:5,retries:2,logger:zg.SystemLogMap.getLogger(u)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${r}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw u.log.error(y,h),new Ve.RuntimeError(y)}return u.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:n,stripeProductId:i}),d}s(NR,"createConsumer");async function xR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a}){let c={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,providerKey:t,planProviderKey:r,customerKey:n,productKey:i},{authApiJWT:u,meteringServiceUrl:l}=lp.Environment.instance;if(!(0,AR.isNonEmptyString)(u))throw new Ve.SystemError("No Zuplo JWT token set.");let d=await(0,Wg.fetchRetry)({retryDelayMs:5,retries:2,logger:zg.SystemLogMap.getLogger(e)},`${l}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${u}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(c)});if(!d.ok){let p="Error creating metering subscription.",m;try{m=await d.json()}catch{m={status:d.status,statusText:d.statusText}}throw e.log.error(p,m),new Ve.RuntimeError(p)}e.log.info("Successfully created/updated metering subscription.",c)}s(xR,"saveSubscription");function CR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(CR,"isMetricsRegion")});var tb=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var Yg=L(),LR=Te(),Zg=ii(),eb=new WeakMap,Xg={},pp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){eb.set(t,r)}};Cn.AmberfloMeteringPolicy=pp;async function DR(e,t,r,n){if(!r.statusCodes)throw new Yg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Zg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=eb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Yg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Zg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Xg[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new LR.BatchDispatch("amberflo-ingest-meter",10,async w=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(w),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Xg[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(DR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=DR});var hp=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.sha256=void 0;async function UR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(UR,"sha256");ga.sha256=UR});var $t=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.getPolicyCacheName=void 0;var MR=hp(),rb=new Map;async function kR(e,t){let r,n=rb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,MR.sha256)(JSON.stringify({policyName:e,options:t}))}`,rb.set(e,r)),r}s(kR,"getPolicyCacheName");ba.getPolicyCacheName=kR});var gp=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.ApiKeyInboundPolicy=void 0;var HR=$t(),FR=Jt(),nb=yn(),fp=L(),qR=Dt(),mp=Oe(),yp=Y(),$R=wi(),ib="key-metadata-cache-type";function jR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(jR,"getKeyValue");async function VR(e,t,r,n){if(!r.bucketName)if(nb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=nb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:qR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=jR(a,i);if(!c||c==="")return o("No key present");let u=await GR(c),l=await(0,HR.getPolicyCacheName)(n,i),d=new FR.MemoryZoneReadThroughCache(l,{logger:mp.SystemLogMap.getLogger(t)}),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==ib&&mp.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,$R.fetchRetry)({retryDelayMs:5,retries:2,logger:mp.SystemLogMap.getLogger(t)},`${yp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":yp.Environment.instance.deploymentName??"unknown","User-Agent":yp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new fp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),w={isValid:!0,typeId:ib,user:{sub:y.name,data:y.metadata}};return e.user=w.user,d.put(u,w,i.cacheTtlSeconds),e}s(VR,"ApiKeyInboundPolicy");_a.ApiKeyInboundPolicy=VR;async function GR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(GR,"hashValue")});var ob=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiAuthKeyInboundPolicy=void 0;var BR=gp();Ea.ApiAuthKeyInboundPolicy=BR.ApiKeyInboundPolicy});var jt=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.OpenIdJwtInboundPolicy=void 0;var _p=(Is(),ro(Ss)),Ep=L(),KR=ae(),bp={},JR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ep.ConfigurationError("Invalid State - jwkUrl not set");bp[t.jwkUrl]||(bp[t.jwkUrl]=(0,_p.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,_p.jwtVerify)(e,bp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),zR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,_p.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),WR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>KR.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?JR:zR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");wa.OpenIdJwtInboundPolicy=WR});var sb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.Auth0JwtInboundPolicy=void 0;var QR=jt(),YR=s(async(e,t,r,n)=>(0,QR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");va.Auth0JwtInboundPolicy=YR});var ab=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.BasicAuthInboundPolicy=void 0;var ZR=ae(),XR=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>ZR.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(w=>w.username===m&&w.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ta.BasicAuthInboundPolicy=XR});var cb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.CachingInboundPolicy=void 0;var e0=$t(),t0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function r0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(r0,"digestMessage");var n0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await r0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function i0(e,t,r,n){let i=await(0,e0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await n0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);t0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(i0,"CachingInboundPolicy");Sa.CachingInboundPolicy=i0});var ub=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ChangeMethodInboundPolicy=void 0;var o0=L(),s0=Fe(),a0=s(async(e,t,r,n)=>{if(!r.method)throw new o0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new s0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Ia.ChangeMethodInboundPolicy=a0});var lb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ClearHeadersInboundPolicy=void 0;var c0=Fe(),u0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new c0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Pa.ClearHeadersInboundPolicy=u0});var db=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersOutboundPolicy=void 0;var l0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Aa.ClearHeadersOutboundPolicy=l0});var pb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClerkJwtInboundPolicy=void 0;var d0=jt(),p0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,d0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ra.ClerkJwtInboundPolicy=p0});var fb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.CognitoJwtInboundPolicy=void 0;var hb=L(),h0=jt(),f0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new hb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new hb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,h0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Oa.CognitoJwtInboundPolicy=f0});var yb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CompositeInboundPolicy=void 0;var m0=L(),y0=mn(),mb=zr(),g0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new m0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=y0.Gateway.instance,o=(0,mb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,mb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Na.CompositeInboundPolicy=g0});var bb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CreditsMeteringInboundPolicy=void 0;var Ni=ae(),gb=Y(),b0=s(async(e,t,r)=>{let n=e.user;if(!n)return Ni.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return Ni.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await _0(o,i,t);if(!a)return Ni.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return Ni.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return Ni.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await E0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");xa.CreditsMeteringInboundPolicy=b0;async function _0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=gb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(_0,"getSubscription");async function E0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=gb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(E0,"consumeSubscription")});var _b=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CurityPhantomTokenInboundPolicy=void 0;var w0=$t(),v0=Jt(),Ca=ae(),T0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ca.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=S0(i);if(!o)return Ca.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,w0.getPolicyCacheName)(n,r),c=new v0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ca.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ca.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");La.CurityPhantomTokenInboundPolicy=T0;function S0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(S0,"getToken")});var Eb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.FirebaseJwtInboundPolicy=void 0;var I0=qt(),P0=jt(),A0=s(async(e,t,r,n)=>((0,I0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,P0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Da.FirebaseJwtInboundPolicy=A0});var wb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FormDataToJsonInboundPolicy=void 0;var R0=Fe(),O0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new R0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ua.FormDataToJsonInboundPolicy=O0});var vb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.GeoFilterInboundPolicy=void 0;var N0=L(),x0=ae(),Ln="__unknown__",C0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,w=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||w.length>0&&w.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ma.GeoFilterInboundPolicy=C0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),x0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new N0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.JWTScopeValidationInboundPolicy=void 0;var L0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ka.JWTScopeValidationInboundPolicy=L0});var Ib=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.MockApiInboundPolicy=void 0;var D0=ae(),U0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return wp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return wp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Sb(a[c])}else return a.length>0?Sb(a[0]):wp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ha.MockApiInboundPolicy=U0;function Sb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Sb,"generateResponse");var wp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return D0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Nb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var M0=L(),k0=Te(),H0="Incoming",F0={logRequestBody:!0,logResponseBody:!0};function Pb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Pb,"headersToObject");function Ab(){return new Date().toISOString()}s(Ab,"timestamp");var vp=new WeakMap,q0={};function $0(e,t){let r=vp.get(e);r||(r=q0);let n=Object.assign({...r},t);vp.set(e,n)}s($0,"setMoesifContext");Mn.setMoesifContext=$0;async function Rb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Rb,"readBody");var j0={},Tp;function Ob(){if(!Tp)throw new M0.RuntimeError("Invalid State - no _lastLogger");return Tp}s(Ob,"getLastLogger");function V0(e){let t=j0[e];return t||(t=new k0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Ob().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Ob().error({status:i.status,body:await i.text()})})),t}s(V0,"getDispatcher");async function G0(e,t,r,n){Tp=t.log;let i=Ab(),o=Object.assign(F0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Rb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=V0(o.applicationId),d=e.headers.get("true-client-ip"),p=vp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Pb(e.headers)},h=o.logResponseBody?await Rb(c,t):void 0,y={time:Ab(),status:c.status,headers:Pb(c.headers),body:h},w={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:H0};l.enqueue(w),t.waitUntil(l.waitUntilFlushed())}),e}s(G0,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=G0});var xb=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OktaJwtInboundPolicy=void 0;var B0=jt(),K0=s(async(e,t,r,n)=>(0,B0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Fa.OktaJwtInboundPolicy=K0});var Cb=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.PropelAuthJwtInboundPolicy=void 0;var J0=(Is(),ro(Ss)),z0=jt(),Sp,W0=s(async(e,t,r,n)=>{if(!Sp)try{Sp=await(0,J0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,z0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Sp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");qa.PropelAuthJwtInboundPolicy=W0});var Lb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var Ge=bt(),tt=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=tt;var xi=class extends tt{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=xi;var Ci=class extends tt{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Ci;function Q0(e,t){if((0,Ge.isUndefined)(e))throw new xi(t)}s(Q0,"throwIfUndefined");G.throwIfUndefined=Q0;function Ip(e,t){if((0,Ge.isUndefinedOrNull)(e))throw new xi(t)}s(Ip,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Ip;function Y0(e,t){if(Ip(e,t),!(0,Ge.isString)(e))throw new Ci(t,"string")}s(Y0,"throwIfNotString");G.throwIfNotString=Y0;function Z0(e,t){if(Ip(e,t),!(0,Ge.isNumber)(e))throw new Ci(t,"number")}s(Z0,"throwIfNotNumber");G.throwIfNotNumber=Z0;var Li=class extends tt{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Li;var kn=class extends tt{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function X0(e,t,r,n){if((0,Ge.isUndefined)(n))throw new Li(e,t,r)}s(X0,"throwIfOptionUndefined");G.throwIfOptionUndefined=X0;function $a(e,t,r,n){if((0,Ge.isUndefinedOrNull)(n))throw new Li(e,t,r)}s($a,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=$a;function eO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isString)(n))throw new kn(e,t,r,"string")}s(eO,"throwIfOptionNotString");G.throwIfOptionNotString=eO;function tO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isNumber)(n))throw new kn(e,t,r,"number")}s(tO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=tO;function rO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isObject)(n))throw new kn(e,t,r,"object")}s(rO,"throwIfOptionNotObject");G.throwIfOptionNotObject=rO;function nO(e,t){if((0,Ge.isUndefined)(e))throw new tt(t)}s(nO,"throwIfStateUndefined");G.throwIfStateUndefined=nO;function ja(e,t){if((0,Ge.isUndefinedOrNull)(e))throw new tt(t)}s(ja,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=ja;function iO(e,t){if(ja(e,t),!(0,Ge.isString)(e))throw new tt(t);return!0}s(iO,"throwIfStateNotString");G.throwIfStateNotString=iO;function oO(e,t){if(ja(e,t),!(0,Ge.isNumber)(e))throw new tt(t);return!0}s(oO,"throwIfStateNotNumber");G.throwIfStateNotNumber=oO;function sO(e,t){if(ja(e,t),!(0,Ge.isObject)(e))throw new tt(t);return!0}s(sO,"throwIfStateNotObject");G.throwIfStateNotObject=sO});var Db=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Pp=L(),Va=Lb(),Ap=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Va.throwIfNotString)(t,"redisClientUrl"),(0,Va.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Va.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Pp.SystemError("Redis client failed with 401: Unauthorized"):new Pp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Ap;var Rp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Va.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Pp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Rp});var Fb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RateLimitInboundPolicy=void 0;var aO=Sr(),cO=$t(),uO=ao(),Vt=L(),lO=ae(),Ub=Oe(),Di=Y(),Mb=Db(),kb=bt(),Ga=(0,aO.debug)("zuplo:policies:RateLimitInboundPolicy"),dO="strict",pO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),hO=s(async e=>({key:`ip-${pO(e)}`}),"getIP"),fO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),mO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ba;function yO(e,t){let r;if(Ba)return Ba;if(Di.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Mb.InMemoryRedisClient,Ba=r,r;let{authApiJWT:n,redisURL:i}=Di.Environment.instance;if(!(0,kb.isString)(i))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,kb.isString)(n))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Mb.StandardRedisClient.initialize(i,n,Di.Environment.instance.deploymentName??"unknown",Di.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ba=r,r}s(yO,"getRedisClient");async function Hb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Hb,"getCountAndUpdateExpiry");function gO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Vt.RuntimeError(u)}return c},"outerFunction")}s(gO,"wrapUserFunction");var bO="Retry-After",_O=s(async(e,t,r,n)=>{let i=Date.now(),o=Ub.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Vt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[bO]=l.toString()),lO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:gO(r,n),user:fO,ip:hO,all:mO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",w=yO(n,o),S=`bucket/${Di.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??dO)==="async"){let O=await(0,cO.getPolicyCacheName)(n,r),te=new uO.ZoneCache(O,{logger:Ub.SystemLogMap.getLogger(t)}),re=Hb(S,h,w,o,t.requestId),ne=await te.get(S);if(ne!==void 0&&ne<=Date.now()){Ga(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let ve=Math.round((ne-Date.now())/1e3);return c(y,ve)}return t.addEventListener("responseSending",ve=>{try{let E=ve,H=E.mutableResponse;E.mutableResponse=(async()=>{let De=await re;if(De.count>m){let au=Date.now()+De.ttlSeconds*1e3;return te.put(S,au,De.ttlSeconds).catch(yh=>{throw o.error(yh),yh}),Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,De.ttlSeconds)}return H})()}catch(E){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let $=await Hb(S,h,w,o,t.requestId);return $.count>m?(Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,$.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ga(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ka.RateLimitInboundPolicy=_O});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.ReadmeMetricsInboundPolicy=void 0;var EO=Te(),Op=Y(),qb=ii(),Np;function $b(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s($b,"headersToNameValuePairs");function wO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(wO,"queryToNameValueParis");function vO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(vO,"parseIntOrUndefined");var jb={};async function TO(e,t,r,n){let i=new Date,o=Date.now();return Np||(Np={name:"zuplo",version:Op.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Op.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Op.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Np,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:$b(e.headers),queryString:wO(e.query)},response:{status:a.status,statusText:a.statusText,headers:$b(a.headers),content:{size:vO(e.headers.get("content-length"))}}}]}}},d=jb[r.apiKey];if(!d){let p=r.apiKey;d=new EO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),jb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(TO,"ReadmeMetricsInboundPolicy");Ja.ReadmeMetricsInboundPolicy=TO});var Gb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RemoveHeadersInboundPolicy=void 0;var SO=L(),IO=Fe(),PO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new SO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new IO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");za.RemoveHeadersInboundPolicy=PO});var Bb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersOutboundPolicy=void 0;var AO=L(),RO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new AO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Wa.RemoveHeadersOutboundPolicy=RO});var Kb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveQueryParamsInboundPolicy=void 0;var OO=L(),NO=Fe(),xO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new OO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new NO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Qa.RemoveQueryParamsInboundPolicy=xO});var Jb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.ReplaceStringOutboundPolicy=void 0;var CO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Ya.ReplaceStringOutboundPolicy=CO});var Wb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RequestSizeLimitInboundPolicy=void 0;var zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),LO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?zb():e},"RequestSizeLimitInboundPolicy");Za.RequestSizeLimitInboundPolicy=LO});var Xa=g(rt=>{"use strict";Object.defineProperty(rt,"__esModule",{value:!0});rt.sanitizedIdentifierName=rt.getIdForRefSchema=rt.getIdForRequestBodySchema=rt.getIdForParameterSchema=rt.getRawOperationDataIdentifierName=void 0;function DO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(DO,"getRawOperationDataIdentifierName");rt.getRawOperationDataIdentifierName=DO;function UO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(UO,"getIdForParameterSchema");rt.getIdForParameterSchema=UO;function MO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(MO,"getIdForRequestBodySchema");rt.getIdForRequestBodySchema=MO;function kO(e,t){return`_${kr(e)}__${kr(t)}`}s(kO,"getIdForRefSchema");rt.getIdForRefSchema=kO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");rt.sanitizedIdentifierName=kr});var Ui=g(Ue=>{"use strict";Object.defineProperty(Ue,"__esModule",{value:!0});Ue.getErrorsFromValidator=Ue.shouldReject=Ue.shouldLog=Ue.logErrors=Ue.validateParameters=Ue.getParametersForOperation=void 0;var HO=mn(),FO=Xa(),qO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Ue.getParametersForOperation=qO;var $O=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{if(u.required&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else{let l=(0,FO.getIdForParameterSchema)(r,n,i,u.name),d=HO.Gateway.instance.schemaValidator[l],p=d(t[u.name]),m=(0,Ue.getErrorsFromValidator)(d.errors);p||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${m.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Ue.validateParameters=$O;var jO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Ue.logErrors=jO;var VO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Ue.shouldLog=VO;var GO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Ue.shouldReject=GO;var BO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Ue.getErrorsFromValidator=BO});var Qb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleBodyValidation=void 0;var KO=mn(),ec=ae(),JO=Xa(),ze=Ui();async function zO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,w=ec.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",y,[n],h),(0,ze.shouldReject)(r.validateBody))return w}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,JO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=KO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}s(zO,"handleBodyValidation");tc.handleBodyValidation=zO});var Yb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleHeadersValidation=void 0;var WO=ae(),Mi=Ui();function QO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Mi.getParametersForOperation)(e),o=(0,Mi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=WO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Mi.shouldLog)(r.validateHeaders)&&(0,Mi.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Mi.shouldReject)(r.validateHeaders))return c}}s(QO,"handleHeadersValidation");rc.handleHeadersValidation=QO});var Zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handlePathParameterValidation=void 0;var YO=ae(),ki=Ui();function ZO(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,ki.getParametersForOperation)(e),i=(0,ki.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=YO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,ki.shouldLog)(r.validatePathParameters)&&(0,ki.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,ki.shouldReject)(r.validatePathParameters))return a}}s(ZO,"handlePathParameterValidation");nc.handlePathParameterValidation=ZO});var Xb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleQueryParameterValidation=void 0;var XO=ae(),Hi=Ui();function eN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=XO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validateQueryParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validateQueryParameters))return a}}s(eN,"handleQueryParameterValidation");ic.handleQueryParameterValidation=eN});var e_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var tN=Qb(),rN=Yb(),nN=Zb(),iN=Xb(),oN=s(async(e,t,r)=>{let n=(0,iN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,nN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,rN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,tN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=oN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var t_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RequireOriginInboundPolicy=void 0;var sN=L(),aN=ae(),cN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new sN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return aN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");oc.RequireOriginInboundPolicy=cN});var r_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetBodyInboundPolicy=void 0;var uN=Fe(),lN=s(async(e,t,r)=>new uN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");sc.SetBodyInboundPolicy=lN});var i_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetHeadersInboundPolicy=void 0;var n_=L(),dN=Fe(),pN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new dN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ac.SetHeadersInboundPolicy=pN});var s_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersOutboundPolicy=void 0;var o_=L(),hN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");cc.SetHeadersOutboundPolicy=hN});var c_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetQueryParamsInboundPolicy=void 0;var a_=L(),fN=Fe(),mN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new fN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");uc.SetQueryParamsInboundPolicy=mN});var u_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetStatusOutboundPolicy=void 0;var yN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");lc.SetStatusOutboundPolicy=yN});var l_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SleepInboundPolicy=void 0;var gN=L(),bN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),_N=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new gN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await bN(r.sleepInMs),e},"SleepInboundPolicy");dc.SleepInboundPolicy=_N});var p_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SupabaseJwtInboundPolicy=void 0;var d_=L(),EN=ae(),wN=Fe(),vN=qt(),TN=jt(),SN=s(async(e,t,r,n)=>{(0,vN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,TN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof wN.ZuploRequest))throw new d_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new d_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?EN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");pc.SupabaseJwtInboundPolicy=SN});var f_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var IN=$t(),PN=Jt(),h_=L(),AN=Oe(),RN=wi(),ON=qt(),NN=s(async(e,t,r,n)=>{(0,ON.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,IN.getPolicyCacheName)(n,r),o=new PN.MemoryZoneReadThroughCache(i,{logger:AN.SystemLogMap.getLogger(t)}),a=await o.get(n);if(!a){let c=await xN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");hc.UpstreamAzureAdServiceAuthInboundPolicy=NN;async function xN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,RN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new h_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new h_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(xN,"getAccessToken")});var y_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var CN=$t(),LN=Jt(),DN=L(),UN=Oe(),xp=pn(),MN=qt(),m_="https://accounts.google.com/o/oauth2/token",Cp,kN=s(async(e,t,r,n)=>{(0,MN.optionValidator)(r,n).required("serviceAccountJson","string"),Cp||(Cp=await xp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,CN.getPolicyCacheName)(n,r),a=new LN.MemoryZoneReadThroughCache(o,{logger:UN.SystemLogMap.getLogger(t)}),c=await a.get(n);if(!c){let u=await(0,xp.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:m_,payload:i}),l=await(0,xp.exchangeGgpJwtForIdToken)(m_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new DN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");fc.UpstreamFirebaseAdminAuthInboundPolicy=kN});var g_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var HN=$t(),FN=Jt(),Fn=L(),qN=Oe(),$N=hp(),Lp=pn(),jN=ii(),VN=qt(),GN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",BN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Dp,KN=s(async(e,t,r,n)=>{if((0,VN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(BN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,jN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,HN.getPolicyCacheName)(n,r),c=new FN.MemoryZoneReadThroughCache(a,{logger:qN.SystemLogMap.getLogger(t)}),u={uid:o,claims:i},l=await(0,$N.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:GN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Lp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");mc.UpstreamFirebaseUserAuthInboundPolicy=KN});var __=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamGcpJwtInboundPolicy=void 0;var b_=pn(),JN=qt(),Up,zN=s(async(e,t,r,n)=>{(0,JN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Up||(Up=await b_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,b_.getTokenFromGcpServiceAccount)({serviceAccount:Up,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");yc.UpstreamGcpJwtInboundPolicy=zN});var w_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpServiceAuthInboundPolicy=void 0;var WN=$t(),QN=fu(),YN=Jt(),ZN=L(),Mp=pn(),XN=qt(),E_="https://www.googleapis.com/oauth2/v4/token",kp,ex=s(async(e,t,r,n)=>{(0,XN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,WN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new QN.MemoryCache(i):o=new YN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:E_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Mp.exchangeGgpJwtForIdToken)(E_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ZN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");gc.UpstreamGcpServiceAuthInboundPolicy=ex});var T_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ValidateJsonSchemaInbound=void 0;var tx=L(),v_=ae(),rx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return v_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new tx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return v_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");bc.ValidateJsonSchemaInbound=rx});var P_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.MeteringInboundPolicy=void 0;var S_=Gs(),I_=yn(),_c=L(),nx=ae(),ix=Oe(),ox=Y(),sx=s(async(e,t,r,n)=>{let i=ix.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=S_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new _c.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:w,meteringServiceUrl:T}=ox.Environment.instance;d.ok&&h&&r.meters&&fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${w}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})}).catch(S=>{m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)})});let o=S_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new _c.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new _c.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new _c.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return nx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ec.MeteringInboundPolicy=sx});var R_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.LoadSubscriptionInboundPolicy=void 0;var ax=Gs(),A_=yn(),cx=L(),Hp=ae(),ux=Oe(),lx=Y(),dx=s(async(e,t,r,n)=>{let i=ux.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Hp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new cx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=lx.Environment.instance,{sub:l}=a,d,p;try{if(d=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"}),!d.ok)return t.log.error(await d.text()),Hp.HttpProblems.forbidden(e,t);p=await d.json()}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}if((!p||!p.data||p.data.length===0)&&!o)return Hp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!p||!p.data||p.data.length===0)&&o)return e;let m=p&&p.data?p.data[0]:void 0;return ax.ContextData.set(t,"subscription",m),e},"LoadSubscriptionInboundPolicy");wc.LoadSubscriptionInboundPolicy=dx});var O_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.ServiceProviderImpl=void 0;var px=L(),Fp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new px.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};vc.ServiceProviderImpl=Fp});var q_=g(f=>{"use strict";var hx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),qp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&hx(t,e,r)},fx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;vh();var mx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return mx.MemoryZoneReadThroughCache}});var yx=ao();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return yx.ZoneCache}});var N_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return N_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return N_.ResponseSentEvent}});var gx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return gx.ContextData}});var $p=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return $p.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return $p.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return $p.isZuploReadableEnvVariableName}});var bx=L();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return bx.ConfigurationError}});var _x=Pd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return _x.originalFetch}});var x_=Qy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return x_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return x_.purgeGatewayCache}});var C_=hg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return C_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return C_.awsLambdaHandler}});var Ex=mg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ex.openApiSpecHandler}});var wx=yg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return wx.redirectHandler}});var vx=bg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return vx.urlForwardHandler}});var Tx=Eg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Tx.urlRewriteHandler}});var Sx=vg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Sx.webSocketHandler}});var Ix=Ig();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Ix.webSocketPipelineHandler}});var Px=Hu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Px.HttpStatusCode}});qp(Lg(),f);qp(Mg(),f);var Ax=kg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Ax.AuditLogDataStaxProvider}});var Rx=Fg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Rx.AuditLogPlugin}});qp(Qg(),f);var L_=tb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return L_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return L_.AmberfloMeteringPolicy}});var Ox=ob();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ox.ApiAuthKeyInboundPolicy}});var Nx=gp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Nx.ApiKeyInboundPolicy}});var xx=sb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return xx.Auth0JwtInboundPolicy}});var Cx=ab();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Cx.BasicAuthInboundPolicy}});var Lx=cb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Lx.CachingInboundPolicy}});var Dx=ub();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Dx.ChangeMethodInboundPolicy}});var Ux=lb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ux.ClearHeadersInboundPolicy}});var Mx=db();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Mx.ClearHeadersOutboundPolicy}});var kx=pb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return kx.ClerkJwtInboundPolicy}});var Hx=fb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Hx.CognitoJwtInboundPolicy}});var Fx=yb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Fx.CompositeInboundPolicy}});var qx=bb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return qx.CreditsMeteringInboundPolicy}});var $x=_b();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return $x.CurityPhantomTokenInboundPolicy}});var jx=Eb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return jx.FirebaseJwtInboundPolicy}});var Vx=wb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Vx.FormDataToJsonInboundPolicy}});var Gx=vb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Gx.GeoFilterInboundPolicy}});var Bx=Tb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Bx.JWTScopeValidationInboundPolicy}});var Kx=Ib();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Kx.MockApiInboundPolicy}});var D_=Nb();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return D_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return D_.setMoesifContext}});var Jx=xb();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.OktaJwtInboundPolicy}});var zx=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return zx.OpenIdJwtInboundPolicy}});var Wx=Cb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.PropelAuthJwtInboundPolicy}});var U_=Fb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return U_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return U_.RateLimitInboundPolicy}});var Qx=Vb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Qx.ReadmeMetricsInboundPolicy}});var Yx=Gb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.RemoveHeadersInboundPolicy}});var Zx=Bb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.RemoveHeadersOutboundPolicy}});var Xx=Kb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.RemoveQueryParamsInboundPolicy}});var eC=Jb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return eC.ReplaceStringOutboundPolicy}});var tC=Wb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return tC.RequestSizeLimitInboundPolicy}});var M_=e_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return M_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return M_.SchemaBasedRequestValidation}});var rC=t_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return rC.RequireOriginInboundPolicy}});var nC=r_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return nC.SetBodyInboundPolicy}});var iC=i_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.SetHeadersInboundPolicy}});var oC=s_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.SetHeadersOutboundPolicy}});var sC=c_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.SetQueryParamsInboundPolicy}});var aC=u_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return aC.SetStatusOutboundPolicy}});var cC=l_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return cC.SleepInboundPolicy}});var uC=ap();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return uC.StripeWebhookVerificationInboundPolicy}});var lC=p_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return lC.SupabaseJwtInboundPolicy}});var dC=f_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return dC.UpstreamAzureAdServiceAuthInboundPolicy}});var pC=y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return pC.UpstreamFirebaseAdminAuthInboundPolicy}});var hC=g_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return hC.UpstreamFirebaseUserAuthInboundPolicy}});var fC=__();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return fC.UpstreamGcpJwtInboundPolicy}});var mC=w_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return mC.UpstreamGcpServiceAuthInboundPolicy}});var yC=T_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return yC.ValidateJsonSchemaInbound}});var gC=P_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return gC.MeteringInboundPolicy}});var bC=R_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return bC.LoadSubscriptionInboundPolicy}});var _C=ae();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return _C.HttpProblems}});var EC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return EC.ProblemResponseFormatter}});var wC=Fe();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return wC.ZuploRequest}});var vC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return vC.SystemRouteName}});var k_=gd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return k_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return k_.Router}});var H_=Ou();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return H_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return H_.serialize}});var TC=O_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return TC.ServiceProviderImpl}});var F_=Yu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return F_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return F_.SYSTEM_LOGGER}});var SC=qu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return fx(SC).default}});var IC=Oe();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return IC.SystemLogMap}});var Fi=Xa();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Fi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Fi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Fi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Fi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Fi.sanitizedIdentifierName}})});var $_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var jp=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=jp});var j_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.WorkerCryptoBeta=void 0;var Vp=$_(),PC=L(),Gp=class extends Vp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!Vp.supportedDigests.includes(t.toLowerCase()))throw new PC.RuntimeError(`Algorithm ${t} is not supported. Try using ${Vp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Tc.WorkerCryptoBeta=Gp});var V_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.BaseKeyValueStore=void 0;var Bp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Sc.BaseKeyValueStore=Bp});var B_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerKeyValueStore=void 0;var G_=L(),AC=V_(),Kp=class extends AC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new G_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new G_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ic.WorkerKeyValueStore=Kp});var Dt=g(dt=>{"use strict";var RC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),OC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&RC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;OC(q_(),dt);var NC=j_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return NC.WorkerCryptoBeta}});var xC=B_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return xC.WorkerKeyValueStore}})});var HL={};to(HL,{GraphQLComplexityLimitInboundPolicy:()=>TE,GraphQLDisableIntrospectionInboundPolicy:()=>IE});module.exports=ro(HL);var Zn=bh(Dt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var CC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(CC)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Jp(e){return Pc(e.source,$n(e.source,e.start))}s(Jp,"printLocation");function Pc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
74
+ `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(aR,"validateComputedSignature");function cR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(cR,"parseHeader");function uR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(uR,"secureCompare");async function $g(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=sp[o[c]];return a.join("")}s($g,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=$g;var sp=new Array(256);for(let e=0;e<sp.length;e++)sp[e]=e.toString(16).padStart(2,"0")});var qt=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Ri=L();function lR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Ri.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(lR,"optionValidator");pa.optionValidator=lR});var ap=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var dR=ae(),pR=jg(),hR=qt(),fR=s(async(e,t,r,n)=>{(0,hR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,pR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),dR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=fR});var Gg=g(cp=>{"use strict";Object.defineProperty(cp,"__esModule",{value:!0});var Vg=L(),mR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Vg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Vg.RuntimeError(o)}}};cp.default=mR});var Kg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Bg=bt();function yR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Bg.isString)(e.id)&&"type"in e&&(0,Bg.isString)(e.type)}s(yR,"isStripeWebhookEvent");fa.isStripeWebhookEvent=yR});var Jg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var gR=gt(),up=class extends gR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Qg=g(xn=>{"use strict";var bR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),Ve=L(),_R=Lt(),ER=ap(),Oi=ae(),wR=Yt(),vR=zr(),TR=ku(),SR=st(),zg=Oe(),lp=Y(),Wg=wi(),IR=bR(Gg()),PR=Kg(),AR=bt(),RR=Jg(),OR="checkout.session.completed",dp=class extends RR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!this.options.zuploAccountApiKey)throw new Ve.ConfigurationError("StripeMeteringPlugin - No 'zuploAccountApiKey' property provided");if(!lp.Environment.instance.build.ACCOUNT_NAME)throw new Ve.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!CR(p))throw new Ve.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,PR.isStripeWebhookEvent)(m))return Oi.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`);let h,y,w;if(m.type===OR){let ne=m,ve=ne.data?.object?.subscription;if(!ve)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");if(y=ne.data?.object?.client_reference_id,w=ne.data?.object?.customer_email,!y)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!w)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");if(!ve)throw new Ve.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");h=await IR.default.getSubscription({logger:u.log,stripeSecretKey:this.options.stripeSecretKey,subscriptionId:ve})}else return Oi.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."});let T=h.id,S=h.customer,U=h.items?.data.find(ne=>ne.object==="subscription_item");if(!U||!U.id)throw new Ve.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let $=U.plan;if(!$||!$.product)throw new Ve.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let O=$.product,te=await NR({apiKeyBucketName:d,accountName:lp.Environment.instance.build.ACCOUNT_NAME,stripeProductId:O,stripeSubscriptionId:T,stripeCustomerId:S,managerEmail:w,managerSub:y,zuploAccountApiKey:this.options.zuploAccountApiKey,context:u});if(!te)return Oi.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let re="routes.oas.json";try{await xR({context:u,stripeProductId:O,stripeSubscriptionId:T,customerKey:te,productKey:re,meteringBucketId:l,meteringBucketRegion:p})}catch(ne){return Oi.HttpProblems.internalServerError(c,u,{detail:ne.message})}return Oi.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,vR.createInternalPolicyProcessor)({inboundPolicies:[{handler:ER.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new _R.Pipeline({processors:[wR.metricsProcessor,i],handler:n,gateway:r}),a=new SR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:TR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=dp;async function NR({accountName:e,apiKeyBucketName:t,zuploAccountApiKey:r,stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o,managerEmail:a,managerSub:c,context:u}){let l=new URL(`/v1/accounts/${e}/key-buckets/${t}/consumers`,"https://dev.zuplo.com");l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${n}`,tags:{providerSubscriptionKey:n,planProviderKey:i},metadata:{stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o},managers:[{sub:c,email:a}]},m=await(0,Wg.fetchRetry)({retryDelayMs:5,retries:2,logger:zg.SystemLogMap.getLogger(u)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${r}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw u.log.error(y,h),new Ve.RuntimeError(y)}return u.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:n,stripeProductId:i}),d}s(NR,"createConsumer");async function xR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a}){let c={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,providerKey:t,planProviderKey:r,customerKey:n,productKey:i},{authApiJWT:u,meteringServiceUrl:l}=lp.Environment.instance;if(!(0,AR.isNonEmptyString)(u))throw new Ve.SystemError("No Zuplo JWT token set.");let d=await(0,Wg.fetchRetry)({retryDelayMs:5,retries:2,logger:zg.SystemLogMap.getLogger(e)},`${l}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${u}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(c)});if(!d.ok){let p="Error creating metering subscription.",m;try{m=await d.json()}catch{m={status:d.status,statusText:d.statusText}}throw e.log.error(p,m),new Ve.RuntimeError(p)}e.log.info("Successfully created/updated metering subscription.",c)}s(xR,"saveSubscription");function CR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(CR,"isMetricsRegion")});var tb=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var Yg=L(),LR=Te(),Zg=ii(),eb=new WeakMap,Xg={},pp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){eb.set(t,r)}};Cn.AmberfloMeteringPolicy=pp;async function DR(e,t,r,n){if(!r.statusCodes)throw new Yg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Zg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=eb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Yg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Zg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Xg[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new LR.BatchDispatch("amberflo-ingest-meter",10,async w=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(w),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Xg[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(DR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=DR});var hp=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.sha256=void 0;async function UR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(UR,"sha256");ga.sha256=UR});var $t=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.getPolicyCacheName=void 0;var MR=hp(),rb=new Map;async function kR(e,t){let r,n=rb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,MR.sha256)(JSON.stringify({policyName:e,options:t}))}`,rb.set(e,r)),r}s(kR,"getPolicyCacheName");ba.getPolicyCacheName=kR});var gp=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.ApiKeyInboundPolicy=void 0;var HR=$t(),FR=Jt(),nb=yn(),fp=L(),qR=Dt(),mp=Oe(),yp=Y(),$R=wi(),ib="key-metadata-cache-type";function jR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(jR,"getKeyValue");async function VR(e,t,r,n){if(!r.bucketName)if(nb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=nb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:qR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=jR(a,i);if(!c||c==="")return o("No key present");let u=await GR(c),l=await(0,HR.getPolicyCacheName)(n,i),d=new FR.MemoryZoneReadThroughCache(l,{logger:mp.SystemLogMap.getLogger(t)}),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==ib&&mp.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,$R.fetchRetry)({retryDelayMs:5,retries:2,logger:mp.SystemLogMap.getLogger(t)},`${yp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":yp.Environment.instance.deploymentName??"unknown","User-Agent":yp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new fp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),w={isValid:!0,typeId:ib,user:{sub:y.name,data:y.metadata}};return e.user=w.user,d.put(u,w,i.cacheTtlSeconds),e}s(VR,"ApiKeyInboundPolicy");_a.ApiKeyInboundPolicy=VR;async function GR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(GR,"hashValue")});var ob=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiAuthKeyInboundPolicy=void 0;var BR=gp();Ea.ApiAuthKeyInboundPolicy=BR.ApiKeyInboundPolicy});var jt=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.OpenIdJwtInboundPolicy=void 0;var _p=(Is(),ro(Ss)),Ep=L(),KR=ae(),bp={},JR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ep.ConfigurationError("Invalid State - jwkUrl not set");bp[t.jwkUrl]||(bp[t.jwkUrl]=(0,_p.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,_p.jwtVerify)(e,bp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),zR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,_p.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),WR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>KR.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?JR:zR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");wa.OpenIdJwtInboundPolicy=WR});var sb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.Auth0JwtInboundPolicy=void 0;var QR=jt(),YR=s(async(e,t,r,n)=>(0,QR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");va.Auth0JwtInboundPolicy=YR});var ab=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.BasicAuthInboundPolicy=void 0;var ZR=ae(),XR=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>ZR.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(w=>w.username===m&&w.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ta.BasicAuthInboundPolicy=XR});var cb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.CachingInboundPolicy=void 0;var e0=$t(),t0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function r0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(r0,"digestMessage");var n0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await r0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function i0(e,t,r,n){let i=await(0,e0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await n0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);t0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(i0,"CachingInboundPolicy");Sa.CachingInboundPolicy=i0});var ub=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ChangeMethodInboundPolicy=void 0;var o0=L(),s0=Fe(),a0=s(async(e,t,r,n)=>{if(!r.method)throw new o0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new s0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Ia.ChangeMethodInboundPolicy=a0});var lb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ClearHeadersInboundPolicy=void 0;var c0=Fe(),u0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new c0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Pa.ClearHeadersInboundPolicy=u0});var db=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersOutboundPolicy=void 0;var l0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Aa.ClearHeadersOutboundPolicy=l0});var pb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClerkJwtInboundPolicy=void 0;var d0=jt(),p0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,d0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ra.ClerkJwtInboundPolicy=p0});var fb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.CognitoJwtInboundPolicy=void 0;var hb=L(),h0=jt(),f0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new hb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new hb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,h0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Oa.CognitoJwtInboundPolicy=f0});var yb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CompositeInboundPolicy=void 0;var m0=L(),y0=mn(),mb=zr(),g0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new m0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=y0.Gateway.instance,o=(0,mb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,mb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Na.CompositeInboundPolicy=g0});var bb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CreditsMeteringInboundPolicy=void 0;var Ni=ae(),gb=Y(),b0=s(async(e,t,r)=>{let n=e.user;if(!n)return Ni.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return Ni.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await _0(o,i,t);if(!a)return Ni.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return Ni.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return Ni.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await E0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");xa.CreditsMeteringInboundPolicy=b0;async function _0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=gb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(_0,"getSubscription");async function E0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=gb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(E0,"consumeSubscription")});var _b=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CurityPhantomTokenInboundPolicy=void 0;var w0=$t(),v0=Jt(),Ca=ae(),T0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ca.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=S0(i);if(!o)return Ca.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,w0.getPolicyCacheName)(n,r),c=new v0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ca.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ca.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");La.CurityPhantomTokenInboundPolicy=T0;function S0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(S0,"getToken")});var Eb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.FirebaseJwtInboundPolicy=void 0;var I0=qt(),P0=jt(),A0=s(async(e,t,r,n)=>((0,I0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,P0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Da.FirebaseJwtInboundPolicy=A0});var wb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FormDataToJsonInboundPolicy=void 0;var R0=Fe(),O0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new R0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ua.FormDataToJsonInboundPolicy=O0});var vb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.GeoFilterInboundPolicy=void 0;var N0=L(),x0=ae(),Ln="__unknown__",C0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,w=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||w.length>0&&w.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ma.GeoFilterInboundPolicy=C0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),x0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new N0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.JWTScopeValidationInboundPolicy=void 0;var L0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ka.JWTScopeValidationInboundPolicy=L0});var Ib=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.MockApiInboundPolicy=void 0;var D0=ae(),U0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return wp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return wp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Sb(a[c])}else return a.length>0?Sb(a[0]):wp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ha.MockApiInboundPolicy=U0;function Sb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Sb,"generateResponse");var wp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return D0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Nb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var M0=L(),k0=Te(),H0="Incoming",F0={logRequestBody:!0,logResponseBody:!0};function Pb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Pb,"headersToObject");function Ab(){return new Date().toISOString()}s(Ab,"timestamp");var vp=new WeakMap,q0={};function $0(e,t){let r=vp.get(e);r||(r=q0);let n=Object.assign({...r},t);vp.set(e,n)}s($0,"setMoesifContext");Mn.setMoesifContext=$0;async function Rb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Rb,"readBody");var j0={},Tp;function Ob(){if(!Tp)throw new M0.RuntimeError("Invalid State - no _lastLogger");return Tp}s(Ob,"getLastLogger");function V0(e){let t=j0[e];return t||(t=new k0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Ob().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Ob().error({status:i.status,body:await i.text()})})),t}s(V0,"getDispatcher");async function G0(e,t,r,n){Tp=t.log;let i=Ab(),o=Object.assign(F0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Rb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=V0(o.applicationId),d=e.headers.get("true-client-ip"),p=vp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Pb(e.headers)},h=o.logResponseBody?await Rb(c,t):void 0,y={time:Ab(),status:c.status,headers:Pb(c.headers),body:h},w={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:H0};l.enqueue(w),t.waitUntil(l.waitUntilFlushed())}),e}s(G0,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=G0});var xb=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OktaJwtInboundPolicy=void 0;var B0=jt(),K0=s(async(e,t,r,n)=>(0,B0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Fa.OktaJwtInboundPolicy=K0});var Cb=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.PropelAuthJwtInboundPolicy=void 0;var J0=(Is(),ro(Ss)),z0=jt(),Sp,W0=s(async(e,t,r,n)=>{if(!Sp)try{Sp=await(0,J0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,z0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Sp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");qa.PropelAuthJwtInboundPolicy=W0});var Lb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var Ge=bt(),tt=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=tt;var xi=class extends tt{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=xi;var Ci=class extends tt{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Ci;function Q0(e,t){if((0,Ge.isUndefined)(e))throw new xi(t)}s(Q0,"throwIfUndefined");G.throwIfUndefined=Q0;function Ip(e,t){if((0,Ge.isUndefinedOrNull)(e))throw new xi(t)}s(Ip,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Ip;function Y0(e,t){if(Ip(e,t),!(0,Ge.isString)(e))throw new Ci(t,"string")}s(Y0,"throwIfNotString");G.throwIfNotString=Y0;function Z0(e,t){if(Ip(e,t),!(0,Ge.isNumber)(e))throw new Ci(t,"number")}s(Z0,"throwIfNotNumber");G.throwIfNotNumber=Z0;var Li=class extends tt{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Li;var kn=class extends tt{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function X0(e,t,r,n){if((0,Ge.isUndefined)(n))throw new Li(e,t,r)}s(X0,"throwIfOptionUndefined");G.throwIfOptionUndefined=X0;function $a(e,t,r,n){if((0,Ge.isUndefinedOrNull)(n))throw new Li(e,t,r)}s($a,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=$a;function eO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isString)(n))throw new kn(e,t,r,"string")}s(eO,"throwIfOptionNotString");G.throwIfOptionNotString=eO;function tO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isNumber)(n))throw new kn(e,t,r,"number")}s(tO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=tO;function rO(e,t,r,n){if($a(e,t,r,n),!(0,Ge.isObject)(n))throw new kn(e,t,r,"object")}s(rO,"throwIfOptionNotObject");G.throwIfOptionNotObject=rO;function nO(e,t){if((0,Ge.isUndefined)(e))throw new tt(t)}s(nO,"throwIfStateUndefined");G.throwIfStateUndefined=nO;function ja(e,t){if((0,Ge.isUndefinedOrNull)(e))throw new tt(t)}s(ja,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=ja;function iO(e,t){if(ja(e,t),!(0,Ge.isString)(e))throw new tt(t);return!0}s(iO,"throwIfStateNotString");G.throwIfStateNotString=iO;function oO(e,t){if(ja(e,t),!(0,Ge.isNumber)(e))throw new tt(t);return!0}s(oO,"throwIfStateNotNumber");G.throwIfStateNotNumber=oO;function sO(e,t){if(ja(e,t),!(0,Ge.isObject)(e))throw new tt(t);return!0}s(sO,"throwIfStateNotObject");G.throwIfStateNotObject=sO});var Db=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Pp=L(),Va=Lb(),Ap=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Va.throwIfNotString)(t,"redisClientUrl"),(0,Va.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Va.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Pp.SystemError("Redis client failed with 401: Unauthorized"):new Pp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Ap;var Rp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Va.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Pp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Rp});var Fb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RateLimitInboundPolicy=void 0;var aO=Sr(),cO=$t(),uO=ao(),Vt=L(),lO=ae(),Ub=Oe(),Di=Y(),Mb=Db(),kb=bt(),Ga=(0,aO.debug)("zuplo:policies:RateLimitInboundPolicy"),dO="strict",pO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),hO=s(async e=>({key:`ip-${pO(e)}`}),"getIP"),fO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),mO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ba;function yO(e,t){let r;if(Ba)return Ba;if(Di.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Mb.InMemoryRedisClient,Ba=r,r;let{authApiJWT:n,redisURL:i}=Di.Environment.instance;if(!(0,kb.isString)(i))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,kb.isString)(n))throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Mb.StandardRedisClient.initialize(i,n,Di.Environment.instance.deploymentName??"unknown",Di.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Vt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ba=r,r}s(yO,"getRedisClient");async function Hb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Hb,"getCountAndUpdateExpiry");function gO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Vt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Vt.RuntimeError(u)}return c},"outerFunction")}s(gO,"wrapUserFunction");var bO="Retry-After",_O=s(async(e,t,r,n)=>{let i=Date.now(),o=Ub.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Vt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[bO]=l.toString()),lO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:gO(r,n),user:fO,ip:hO,all:mO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",w=yO(n,o),S=`bucket/${Di.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??dO)==="async"){let O=await(0,cO.getPolicyCacheName)(n,r),te=new uO.ZoneCache(O,{logger:Ub.SystemLogMap.getLogger(t)}),re=Hb(S,h,w,o,t.requestId),ne=await te.get(S);if(ne!==void 0&&ne<=Date.now()){Ga(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let ve=Math.round((ne-Date.now())/1e3);return c(y,ve)}return t.addEventListener("responseSending",ve=>{try{let E=ve,H=E.mutableResponse;E.mutableResponse=(async()=>{let De=await re;if(De.count>m){let au=Date.now()+De.ttlSeconds*1e3;return te.put(S,au,De.ttlSeconds).catch(yh=>{throw o.error(yh),yh}),Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,De.ttlSeconds)}return H})()}catch(E){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let $=await Hb(S,h,w,o,t.requestId);return $.count>m?(Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,$.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ga(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ka.RateLimitInboundPolicy=_O});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.ReadmeMetricsInboundPolicy=void 0;var EO=Te(),Op=Y(),qb=ii(),Np;function $b(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s($b,"headersToNameValuePairs");function wO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(wO,"queryToNameValueParis");function vO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(vO,"parseIntOrUndefined");var jb={};async function TO(e,t,r,n){let i=new Date,o=Date.now();return Np||(Np={name:"zuplo",version:Op.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Op.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Op.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Np,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:$b(e.headers),queryString:wO(e.query)},response:{status:a.status,statusText:a.statusText,headers:$b(a.headers),content:{size:vO(e.headers.get("content-length"))}}}]}}},d=jb[r.apiKey];if(!d){let p=r.apiKey;d=new EO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),jb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(TO,"ReadmeMetricsInboundPolicy");Ja.ReadmeMetricsInboundPolicy=TO});var Gb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RemoveHeadersInboundPolicy=void 0;var SO=L(),IO=Fe(),PO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new SO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new IO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");za.RemoveHeadersInboundPolicy=PO});var Bb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersOutboundPolicy=void 0;var AO=L(),RO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new AO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Wa.RemoveHeadersOutboundPolicy=RO});var Kb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveQueryParamsInboundPolicy=void 0;var OO=L(),NO=Fe(),xO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new OO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new NO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Qa.RemoveQueryParamsInboundPolicy=xO});var Jb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.ReplaceStringOutboundPolicy=void 0;var CO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Ya.ReplaceStringOutboundPolicy=CO});var Wb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RequestSizeLimitInboundPolicy=void 0;var zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),LO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?zb():e},"RequestSizeLimitInboundPolicy");Za.RequestSizeLimitInboundPolicy=LO});var Xa=g(rt=>{"use strict";Object.defineProperty(rt,"__esModule",{value:!0});rt.sanitizedIdentifierName=rt.getIdForRefSchema=rt.getIdForRequestBodySchema=rt.getIdForParameterSchema=rt.getRawOperationDataIdentifierName=void 0;function DO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(DO,"getRawOperationDataIdentifierName");rt.getRawOperationDataIdentifierName=DO;function UO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(UO,"getIdForParameterSchema");rt.getIdForParameterSchema=UO;function MO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(MO,"getIdForRequestBodySchema");rt.getIdForRequestBodySchema=MO;function kO(e,t){return`_${kr(e)}__${kr(t)}`}s(kO,"getIdForRefSchema");rt.getIdForRefSchema=kO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");rt.sanitizedIdentifierName=kr});var Ui=g(Ue=>{"use strict";Object.defineProperty(Ue,"__esModule",{value:!0});Ue.getErrorsFromValidator=Ue.shouldReject=Ue.shouldLog=Ue.logErrors=Ue.validateParameters=Ue.getParametersForOperation=void 0;var HO=mn(),FO=Xa(),qO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Ue.getParametersForOperation=qO;var $O=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,FO.getIdForParameterSchema)(r,n,i,u.name),p=HO.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Ue.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Ue.validateParameters=$O;var jO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Ue.logErrors=jO;var VO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Ue.shouldLog=VO;var GO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Ue.shouldReject=GO;var BO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Ue.getErrorsFromValidator=BO});var Qb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleBodyValidation=void 0;var KO=mn(),ec=ae(),JO=Xa(),ze=Ui();async function zO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,w=ec.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",y,[n],h),(0,ze.shouldReject)(r.validateBody))return w}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,JO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=KO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}s(zO,"handleBodyValidation");tc.handleBodyValidation=zO});var Yb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleHeadersValidation=void 0;var WO=ae(),Mi=Ui();function QO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Mi.getParametersForOperation)(e),o=(0,Mi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=WO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Mi.shouldLog)(r.validateHeaders)&&(0,Mi.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Mi.shouldReject)(r.validateHeaders))return c}}s(QO,"handleHeadersValidation");rc.handleHeadersValidation=QO});var Zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handlePathParameterValidation=void 0;var YO=ae(),ki=Ui();function ZO(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,ki.getParametersForOperation)(e),i=(0,ki.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=YO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,ki.shouldLog)(r.validatePathParameters)&&(0,ki.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,ki.shouldReject)(r.validatePathParameters))return a}}s(ZO,"handlePathParameterValidation");nc.handlePathParameterValidation=ZO});var Xb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleQueryParameterValidation=void 0;var XO=ae(),Hi=Ui();function eN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=XO.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validateQueryParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validateQueryParameters))return a}}s(eN,"handleQueryParameterValidation");ic.handleQueryParameterValidation=eN});var e_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var tN=Qb(),rN=Yb(),nN=Zb(),iN=Xb(),oN=s(async(e,t,r)=>{let n=(0,iN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,nN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,rN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,tN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=oN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var t_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RequireOriginInboundPolicy=void 0;var sN=L(),aN=ae(),cN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new sN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return aN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");oc.RequireOriginInboundPolicy=cN});var r_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetBodyInboundPolicy=void 0;var uN=Fe(),lN=s(async(e,t,r)=>new uN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");sc.SetBodyInboundPolicy=lN});var i_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetHeadersInboundPolicy=void 0;var n_=L(),dN=Fe(),pN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new dN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ac.SetHeadersInboundPolicy=pN});var s_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersOutboundPolicy=void 0;var o_=L(),hN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");cc.SetHeadersOutboundPolicy=hN});var c_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetQueryParamsInboundPolicy=void 0;var a_=L(),fN=Fe(),mN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new fN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");uc.SetQueryParamsInboundPolicy=mN});var u_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetStatusOutboundPolicy=void 0;var yN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");lc.SetStatusOutboundPolicy=yN});var l_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SleepInboundPolicy=void 0;var gN=L(),bN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),_N=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new gN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await bN(r.sleepInMs),e},"SleepInboundPolicy");dc.SleepInboundPolicy=_N});var p_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SupabaseJwtInboundPolicy=void 0;var d_=L(),EN=ae(),wN=Fe(),vN=qt(),TN=jt(),SN=s(async(e,t,r,n)=>{(0,vN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,TN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof wN.ZuploRequest))throw new d_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new d_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?EN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");pc.SupabaseJwtInboundPolicy=SN});var f_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var IN=$t(),PN=Jt(),h_=L(),AN=Oe(),RN=wi(),ON=qt(),NN=s(async(e,t,r,n)=>{(0,ON.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,IN.getPolicyCacheName)(n,r),o=new PN.MemoryZoneReadThroughCache(i,{logger:AN.SystemLogMap.getLogger(t)}),a=await o.get(n);if(!a){let c=await xN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");hc.UpstreamAzureAdServiceAuthInboundPolicy=NN;async function xN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,RN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new h_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new h_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(xN,"getAccessToken")});var y_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var CN=$t(),LN=Jt(),DN=L(),UN=Oe(),xp=pn(),MN=qt(),m_="https://accounts.google.com/o/oauth2/token",Cp,kN=s(async(e,t,r,n)=>{(0,MN.optionValidator)(r,n).required("serviceAccountJson","string"),Cp||(Cp=await xp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,CN.getPolicyCacheName)(n,r),a=new LN.MemoryZoneReadThroughCache(o,{logger:UN.SystemLogMap.getLogger(t)}),c=await a.get(n);if(!c){let u=await(0,xp.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:m_,payload:i}),l=await(0,xp.exchangeGgpJwtForIdToken)(m_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new DN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");fc.UpstreamFirebaseAdminAuthInboundPolicy=kN});var g_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var HN=$t(),FN=Jt(),Fn=L(),qN=Oe(),$N=hp(),Lp=pn(),jN=ii(),VN=qt(),GN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",BN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Dp,KN=s(async(e,t,r,n)=>{if((0,VN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(BN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,jN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,HN.getPolicyCacheName)(n,r),c=new FN.MemoryZoneReadThroughCache(a,{logger:qN.SystemLogMap.getLogger(t)}),u={uid:o,claims:i},l=await(0,$N.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:GN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Lp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");mc.UpstreamFirebaseUserAuthInboundPolicy=KN});var __=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamGcpJwtInboundPolicy=void 0;var b_=pn(),JN=qt(),Up,zN=s(async(e,t,r,n)=>{(0,JN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Up||(Up=await b_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,b_.getTokenFromGcpServiceAccount)({serviceAccount:Up,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");yc.UpstreamGcpJwtInboundPolicy=zN});var w_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpServiceAuthInboundPolicy=void 0;var WN=$t(),QN=fu(),YN=Jt(),ZN=L(),Mp=pn(),XN=qt(),E_="https://www.googleapis.com/oauth2/v4/token",kp,ex=s(async(e,t,r,n)=>{(0,XN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,WN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new QN.MemoryCache(i):o=new YN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:E_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Mp.exchangeGgpJwtForIdToken)(E_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ZN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");gc.UpstreamGcpServiceAuthInboundPolicy=ex});var T_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ValidateJsonSchemaInbound=void 0;var tx=L(),v_=ae(),rx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return v_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new tx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return v_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");bc.ValidateJsonSchemaInbound=rx});var P_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.MeteringInboundPolicy=void 0;var S_=Gs(),I_=yn(),_c=L(),nx=ae(),ix=Oe(),ox=Y(),sx=s(async(e,t,r,n)=>{let i=ix.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=S_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new _c.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:w,meteringServiceUrl:T}=ox.Environment.instance;d.ok&&h&&r.meters&&fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${w}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})}).catch(S=>{m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)})});let o=S_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new _c.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new _c.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new _c.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return nx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ec.MeteringInboundPolicy=sx});var R_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.LoadSubscriptionInboundPolicy=void 0;var ax=Gs(),A_=yn(),cx=L(),Hp=ae(),ux=Oe(),lx=Y(),dx=s(async(e,t,r,n)=>{let i=ux.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Hp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new cx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=lx.Environment.instance,{sub:l}=a,d,p;try{if(d=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"}),!d.ok)return t.log.error(await d.text()),Hp.HttpProblems.forbidden(e,t);p=await d.json()}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}if((!p||!p.data||p.data.length===0)&&!o)return Hp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!p||!p.data||p.data.length===0)&&o)return e;let m=p&&p.data?p.data[0]:void 0;return ax.ContextData.set(t,"subscription",m),e},"LoadSubscriptionInboundPolicy");wc.LoadSubscriptionInboundPolicy=dx});var O_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.ServiceProviderImpl=void 0;var px=L(),Fp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new px.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};vc.ServiceProviderImpl=Fp});var q_=g(f=>{"use strict";var hx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),qp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&hx(t,e,r)},fx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;vh();var mx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return mx.MemoryZoneReadThroughCache}});var yx=ao();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return yx.ZoneCache}});var N_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return N_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return N_.ResponseSentEvent}});var gx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return gx.ContextData}});var $p=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return $p.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return $p.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return $p.isZuploReadableEnvVariableName}});var bx=L();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return bx.ConfigurationError}});var _x=Pd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return _x.originalFetch}});var x_=Qy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return x_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return x_.purgeGatewayCache}});var C_=hg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return C_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return C_.awsLambdaHandler}});var Ex=mg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ex.openApiSpecHandler}});var wx=yg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return wx.redirectHandler}});var vx=bg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return vx.urlForwardHandler}});var Tx=Eg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Tx.urlRewriteHandler}});var Sx=vg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Sx.webSocketHandler}});var Ix=Ig();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Ix.webSocketPipelineHandler}});var Px=Hu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Px.HttpStatusCode}});qp(Lg(),f);qp(Mg(),f);var Ax=kg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Ax.AuditLogDataStaxProvider}});var Rx=Fg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Rx.AuditLogPlugin}});qp(Qg(),f);var L_=tb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return L_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return L_.AmberfloMeteringPolicy}});var Ox=ob();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ox.ApiAuthKeyInboundPolicy}});var Nx=gp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Nx.ApiKeyInboundPolicy}});var xx=sb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return xx.Auth0JwtInboundPolicy}});var Cx=ab();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Cx.BasicAuthInboundPolicy}});var Lx=cb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Lx.CachingInboundPolicy}});var Dx=ub();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Dx.ChangeMethodInboundPolicy}});var Ux=lb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ux.ClearHeadersInboundPolicy}});var Mx=db();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Mx.ClearHeadersOutboundPolicy}});var kx=pb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return kx.ClerkJwtInboundPolicy}});var Hx=fb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Hx.CognitoJwtInboundPolicy}});var Fx=yb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Fx.CompositeInboundPolicy}});var qx=bb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return qx.CreditsMeteringInboundPolicy}});var $x=_b();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return $x.CurityPhantomTokenInboundPolicy}});var jx=Eb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return jx.FirebaseJwtInboundPolicy}});var Vx=wb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Vx.FormDataToJsonInboundPolicy}});var Gx=vb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Gx.GeoFilterInboundPolicy}});var Bx=Tb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Bx.JWTScopeValidationInboundPolicy}});var Kx=Ib();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Kx.MockApiInboundPolicy}});var D_=Nb();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return D_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return D_.setMoesifContext}});var Jx=xb();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.OktaJwtInboundPolicy}});var zx=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return zx.OpenIdJwtInboundPolicy}});var Wx=Cb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.PropelAuthJwtInboundPolicy}});var U_=Fb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return U_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return U_.RateLimitInboundPolicy}});var Qx=Vb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Qx.ReadmeMetricsInboundPolicy}});var Yx=Gb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.RemoveHeadersInboundPolicy}});var Zx=Bb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.RemoveHeadersOutboundPolicy}});var Xx=Kb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.RemoveQueryParamsInboundPolicy}});var eC=Jb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return eC.ReplaceStringOutboundPolicy}});var tC=Wb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return tC.RequestSizeLimitInboundPolicy}});var M_=e_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return M_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return M_.SchemaBasedRequestValidation}});var rC=t_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return rC.RequireOriginInboundPolicy}});var nC=r_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return nC.SetBodyInboundPolicy}});var iC=i_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.SetHeadersInboundPolicy}});var oC=s_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.SetHeadersOutboundPolicy}});var sC=c_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.SetQueryParamsInboundPolicy}});var aC=u_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return aC.SetStatusOutboundPolicy}});var cC=l_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return cC.SleepInboundPolicy}});var uC=ap();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return uC.StripeWebhookVerificationInboundPolicy}});var lC=p_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return lC.SupabaseJwtInboundPolicy}});var dC=f_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return dC.UpstreamAzureAdServiceAuthInboundPolicy}});var pC=y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return pC.UpstreamFirebaseAdminAuthInboundPolicy}});var hC=g_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return hC.UpstreamFirebaseUserAuthInboundPolicy}});var fC=__();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return fC.UpstreamGcpJwtInboundPolicy}});var mC=w_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return mC.UpstreamGcpServiceAuthInboundPolicy}});var yC=T_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return yC.ValidateJsonSchemaInbound}});var gC=P_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return gC.MeteringInboundPolicy}});var bC=R_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return bC.LoadSubscriptionInboundPolicy}});var _C=ae();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return _C.HttpProblems}});var EC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return EC.ProblemResponseFormatter}});var wC=Fe();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return wC.ZuploRequest}});var vC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return vC.SystemRouteName}});var k_=gd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return k_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return k_.Router}});var H_=Ou();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return H_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return H_.serialize}});var TC=O_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return TC.ServiceProviderImpl}});var F_=Yu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return F_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return F_.SYSTEM_LOGGER}});var SC=qu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return fx(SC).default}});var IC=Oe();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return IC.SystemLogMap}});var Fi=Xa();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Fi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Fi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Fi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Fi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Fi.sanitizedIdentifierName}})});var $_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var jp=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=jp});var j_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.WorkerCryptoBeta=void 0;var Vp=$_(),PC=L(),Gp=class extends Vp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!Vp.supportedDigests.includes(t.toLowerCase()))throw new PC.RuntimeError(`Algorithm ${t} is not supported. Try using ${Vp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Tc.WorkerCryptoBeta=Gp});var V_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.BaseKeyValueStore=void 0;var Bp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Sc.BaseKeyValueStore=Bp});var B_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerKeyValueStore=void 0;var G_=L(),AC=V_(),Kp=class extends AC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new G_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new G_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ic.WorkerKeyValueStore=Kp});var Dt=g(dt=>{"use strict";var RC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),OC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&RC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;OC(q_(),dt);var NC=j_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return NC.WorkerCryptoBeta}});var xC=B_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return xC.WorkerKeyValueStore}})});var HL={};to(HL,{GraphQLComplexityLimitInboundPolicy:()=>TE,GraphQLDisableIntrospectionInboundPolicy:()=>IE});module.exports=ro(HL);var Zn=bh(Dt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var CC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(CC)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Jp(e){return Pc(e.source,$n(e.source,e.start))}s(Jp,"printLocation");function Pc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
75
75
  `,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,y=[];for(let w=0;w<p.length;w+=80)y.push(p.slice(w,w+80));return l+K_([[`${a} |`,y[0]],...y.slice(1,m+1).map(w=>["|",w]),["|","^".padStart(h)],["|",y[m+1]]])}return l+K_([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Pc,"printSourceLocation");function K_(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
76
76
  `)}s(K_,"printPrefixedLines");function LC(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(LC,"toNormalizedOptions");var C=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=LC(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=J_(Array.isArray(a)?a:a?[a]:void 0);let m=J_((n=this.nodes)===null||n===void 0?void 0:n.map(y=>y.loc).filter(y=>y!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(y=>y.start),this.locations=u&&c?u.map(y=>$n(c,y)):m?.map(y=>$n(y.source,y.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
77
77
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zuplo/graphql",
3
- "version": "5.1722.0",
3
+ "version": "5.1724.0",
4
4
  "repository": "https://github.com/zuplo/zuplo",
5
5
  "author": "Zuplo, Inc.",
6
6
  "exports": {