@zuplo/graphql 5.1734.0 → 5.1743.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new Mr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(lR,"validateComputedSignature");function dR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(dR,"parseHeader");function pR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(pR,"secureCompare");async function qg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=sp[o[c]];return a.join("")}s(qg,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=qg;var sp=new Array(256);for(let e=0;e<sp.length;e++)sp[e]=e.toString(16).padStart(2,"0")});var $t=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Oi=C();function hR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(hR,"optionValidator");pa.optionValidator=hR});var ap=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var fR=ae(),mR=$g(),yR=$t(),gR=s(async(e,t,r,n)=>{(0,yR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,mR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),fR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=gR});var Vg=g(cp=>{"use strict";Object.defineProperty(cp,"__esModule",{value:!0});var jg=C(),bR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new jg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new jg.RuntimeError(o)}}};cp.default=bR});var Bg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Gg=bt();function _R(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Gg.isString)(e.id)&&"type"in e&&(0,Gg.isString)(e.type)}s(_R,"isStripeWebhookEvent");fa.isStripeWebhookEvent=_R});var Kg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var ER=gt(),up=class extends ER.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Wg=g(xn=>{"use strict";var wR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),je=C(),vR=Dt(),TR=ap(),Ni=ae(),SR=Yt(),IR=zr(),PR=ku(),AR=st(),Jg=Ke(),lp=Y(),zg=vi(),RR=wR(Vg()),OR=Bg(),NR=bt(),xR=Kg(),CR="checkout.session.completed",dp=class extends xR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new je.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new je.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!this.options.zuploAccountApiKey)throw new je.ConfigurationError("StripeMeteringPlugin - No 'zuploAccountApiKey' property provided");if(!lp.Environment.instance.build.ACCOUNT_NAME)throw new je.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!UR(p))throw new je.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,OR.isStripeWebhookEvent)(m))return Ni.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`);let h,y,E;if(m.type===CR){let ne=m,ve=ne.data?.object?.subscription;if(!ve)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");if(y=ne.data?.object?.client_reference_id,E=ne.data?.object?.customer_email,!y)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!E)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");if(!ve)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");h=await RR.default.getSubscription({logger:u.log,stripeSecretKey:this.options.stripeSecretKey,subscriptionId:ve})}else return Ni.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."});let T=h.id,S=h.customer,U=h.items?.data.find(ne=>ne.object==="subscription_item");if(!U||!U.id)throw new je.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let $=U.plan;if(!$||!$.product)throw new je.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let O=$.product,te=await LR({apiKeyBucketName:d,accountName:lp.Environment.instance.build.ACCOUNT_NAME,stripeProductId:O,stripeSubscriptionId:T,stripeCustomerId:S,managerEmail:E,managerSub:y,zuploAccountApiKey:this.options.zuploAccountApiKey,context:u});if(!te)return Ni.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let re="routes.oas.json";try{await DR({context:u,stripeProductId:O,stripeSubscriptionId:T,customerKey:te,productKey:re,meteringBucketId:l,meteringBucketRegion:p,customerExternalId:S})}catch(ne){return Ni.HttpProblems.internalServerError(c,u,{detail:ne.message})}return Ni.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,IR.createInternalPolicyProcessor)({inboundPolicies:[{handler:TR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new vR.Pipeline({processors:[SR.metricsProcessor,i],handler:n,gateway:r}),a=new AR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:PR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=dp;async function LR({accountName:e,apiKeyBucketName:t,zuploAccountApiKey:r,stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o,managerEmail:a,managerSub:c,context:u}){let l=new URL(`/v1/accounts/${e}/key-buckets/${t}/consumers`,"https://dev.zuplo.com");l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${n}`,tags:{subscriptionExternalId:n,planExternalId:i},metadata:{stripeSubscriptionId:n,stripeProductId:i,stripeCustomerId:o},managers:[{sub:c,email:a}]},m=await(0,zg.fetchRetry)({retryDelayMs:5,retries:2,logger:Jg.SystemLogMap.getLogger(u)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${r}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw u.log.error(y,h),new je.RuntimeError(y)}return u.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:n,stripeProductId:i}),d}s(LR,"createConsumer");async function DR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalId:r,customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=lp.Environment.instance;if(!(0,NR.isNonEmptyString)(l))throw new je.SystemError("No Zuplo JWT token set.");let p=await(0,zg.fetchRetry)({retryDelayMs:5,retries:2,logger:Jg.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new je.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(DR,"saveSubscription");function UR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(UR,"isMetricsRegion")});var eb=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var Qg=C(),MR=Te(),Yg=oi(),Xg=new WeakMap,Zg={},pp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Xg.set(t,r)}};Cn.AmberfloMeteringPolicy=pp;async function kR(e,t,r,n){if(!r.statusCodes)throw new Qg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Yg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Xg.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Qg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Yg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Zg[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new MR.BatchDispatch("amberflo-ingest-meter",10,async E=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(E),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Zg[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(kR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=kR});var hp=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.sha256=void 0;async function HR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(HR,"sha256");ga.sha256=HR});var jt=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.getPolicyCacheName=void 0;var FR=hp(),tb=new Map;async function qR(e,t){let r,n=tb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,FR.sha256)(JSON.stringify({policyName:e,options:t}))}`,tb.set(e,r)),r}s(qR,"getPolicyCacheName");ba.getPolicyCacheName=qR});var yp=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.ApiKeyInboundPolicy=void 0;var $R=jt(),jR=Jt(),rb=yn(),fp=C(),VR=Ut(),nb=Ke(),mp=Y(),GR=vi(),ib="key-metadata-cache-type";function BR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(BR,"getKeyValue");async function KR(e,t,r,n){if(!r.bucketName)if(rb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=rb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:VR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=BR(a,i);if(!c||c==="")return o("No key present");let u=await JR(c),l=await(0,$R.getPolicyCacheName)(n,i),d=new jR.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==ib&&nb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,GR.fetchRetry)({retryDelayMs:5,retries:2,logger:nb.SystemLogMap.getLogger(t)},`${mp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":mp.Environment.instance.deploymentName??"unknown","User-Agent":mp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new fp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),E={isValid:!0,typeId:ib,user:{sub:y.name,data:y.metadata}};return e.user=E.user,d.put(u,E,i.cacheTtlSeconds),e}s(KR,"ApiKeyInboundPolicy");_a.ApiKeyInboundPolicy=KR;async function JR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(JR,"hashValue")});var ob=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiAuthKeyInboundPolicy=void 0;var zR=yp();Ea.ApiAuthKeyInboundPolicy=zR.ApiKeyInboundPolicy});var Vt=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.OpenIdJwtInboundPolicy=void 0;var bp=(Is(),no(Ss)),_p=C(),WR=ae(),gp={},QR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new _p.ConfigurationError("Invalid State - jwkUrl not set");gp[t.jwkUrl]||(gp[t.jwkUrl]=(0,bp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,bp.jwtVerify)(e,gp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),YR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,bp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),ZR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>WR.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new _p.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new _p.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?QR:YR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");wa.OpenIdJwtInboundPolicy=ZR});var sb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.Auth0JwtInboundPolicy=void 0;var XR=Vt(),e0=s(async(e,t,r,n)=>(0,XR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");va.Auth0JwtInboundPolicy=e0});var ab=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.BasicAuthInboundPolicy=void 0;var t0=ae(),r0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>t0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(E=>E.username===m&&E.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ta.BasicAuthInboundPolicy=r0});var cb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.CachingInboundPolicy=void 0;var n0=jt(),i0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function o0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(o0,"digestMessage");var s0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await o0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function a0(e,t,r,n){let i=await(0,n0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await s0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);i0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(a0,"CachingInboundPolicy");Sa.CachingInboundPolicy=a0});var ub=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ChangeMethodInboundPolicy=void 0;var c0=C(),u0=He(),l0=s(async(e,t,r,n)=>{if(!r.method)throw new c0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new u0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Ia.ChangeMethodInboundPolicy=l0});var lb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ClearHeadersInboundPolicy=void 0;var d0=He(),p0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new d0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Pa.ClearHeadersInboundPolicy=p0});var db=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersOutboundPolicy=void 0;var h0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Aa.ClearHeadersOutboundPolicy=h0});var pb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClerkJwtInboundPolicy=void 0;var f0=Vt(),m0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,f0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ra.ClerkJwtInboundPolicy=m0});var fb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.CognitoJwtInboundPolicy=void 0;var hb=C(),y0=Vt(),g0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new hb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new hb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,y0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Oa.CognitoJwtInboundPolicy=g0});var yb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CompositeInboundPolicy=void 0;var b0=C(),_0=mn(),mb=zr(),E0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new b0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=_0.Gateway.instance,o=(0,mb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,mb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Na.CompositeInboundPolicy=E0});var bb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CreditsMeteringInboundPolicy=void 0;var xi=ae(),gb=Y(),w0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await v0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await T0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");xa.CreditsMeteringInboundPolicy=w0;async function v0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=gb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(v0,"getSubscription");async function T0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=gb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(T0,"consumeSubscription")});var _b=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CurityPhantomTokenInboundPolicy=void 0;var S0=jt(),I0=Jt(),Ca=ae(),P0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ca.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=A0(i);if(!o)return Ca.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,S0.getPolicyCacheName)(n,r),c=new I0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ca.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ca.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");La.CurityPhantomTokenInboundPolicy=P0;function A0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(A0,"getToken")});var Eb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.FirebaseJwtInboundPolicy=void 0;var R0=$t(),O0=Vt(),N0=s(async(e,t,r,n)=>((0,R0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,O0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Da.FirebaseJwtInboundPolicy=N0});var wb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FormDataToJsonInboundPolicy=void 0;var x0=He(),C0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new x0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ua.FormDataToJsonInboundPolicy=C0});var vb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.GeoFilterInboundPolicy=void 0;var L0=C(),D0=ae(),Ln="__unknown__",U0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,E=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||E.length>0&&E.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ma.GeoFilterInboundPolicy=U0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),D0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new L0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.JWTScopeValidationInboundPolicy=void 0;var M0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ka.JWTScopeValidationInboundPolicy=M0});var Ib=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.MockApiInboundPolicy=void 0;var k0=ae(),H0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Ep(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Ep(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Sb(a[c])}else return a.length>0?Sb(a[0]):Ep(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ha.MockApiInboundPolicy=H0;function Sb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Sb,"generateResponse");var Ep=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return k0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Nb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var F0=C(),q0=Te(),$0="Incoming",j0={logRequestBody:!0,logResponseBody:!0};function Pb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Pb,"headersToObject");function Ab(){return new Date().toISOString()}s(Ab,"timestamp");var wp=new WeakMap,V0={};function G0(e,t){let r=wp.get(e);r||(r=V0);let n=Object.assign({...r},t);wp.set(e,n)}s(G0,"setMoesifContext");Mn.setMoesifContext=G0;async function Rb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Rb,"readBody");var B0={},vp;function Ob(){if(!vp)throw new F0.RuntimeError("Invalid State - no _lastLogger");return vp}s(Ob,"getLastLogger");function K0(e){let t=B0[e];return t||(t=new q0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Ob().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Ob().error({status:i.status,body:await i.text()})})),t}s(K0,"getDispatcher");async function J0(e,t,r,n){vp=t.log;let i=Ab(),o=Object.assign(j0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Rb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=K0(o.applicationId),d=e.headers.get("true-client-ip"),p=wp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Pb(e.headers)},h=o.logResponseBody?await Rb(c,t):void 0,y={time:Ab(),status:c.status,headers:Pb(c.headers),body:h},E={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:$0};l.enqueue(E),t.waitUntil(l.waitUntilFlushed())}),e}s(J0,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=J0});var xb=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OktaJwtInboundPolicy=void 0;var z0=Vt(),W0=s(async(e,t,r,n)=>(0,z0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Fa.OktaJwtInboundPolicy=W0});var Cb=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.PropelAuthJwtInboundPolicy=void 0;var Q0=(Is(),no(Ss)),Y0=Vt(),Tp,Z0=s(async(e,t,r,n)=>{if(!Tp)try{Tp=await(0,Q0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,Y0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Tp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");qa.PropelAuthJwtInboundPolicy=Z0});var Lb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var Ve=bt(),tt=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=tt;var Ci=class extends tt{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ci;var Li=class extends tt{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Li;function X0(e,t){if((0,Ve.isUndefined)(e))throw new Ci(t)}s(X0,"throwIfUndefined");G.throwIfUndefined=X0;function Sp(e,t){if((0,Ve.isUndefinedOrNull)(e))throw new Ci(t)}s(Sp,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Sp;function eO(e,t){if(Sp(e,t),!(0,Ve.isString)(e))throw new Li(t,"string")}s(eO,"throwIfNotString");G.throwIfNotString=eO;function tO(e,t){if(Sp(e,t),!(0,Ve.isNumber)(e))throw new Li(t,"number")}s(tO,"throwIfNotNumber");G.throwIfNotNumber=tO;var Di=class extends tt{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Di;var kn=class extends tt{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function rO(e,t,r,n){if((0,Ve.isUndefined)(n))throw new Di(e,t,r)}s(rO,"throwIfOptionUndefined");G.throwIfOptionUndefined=rO;function $a(e,t,r,n){if((0,Ve.isUndefinedOrNull)(n))throw new Di(e,t,r)}s($a,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=$a;function nO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isString)(n))throw new kn(e,t,r,"string")}s(nO,"throwIfOptionNotString");G.throwIfOptionNotString=nO;function iO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isNumber)(n))throw new kn(e,t,r,"number")}s(iO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=iO;function oO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isObject)(n))throw new kn(e,t,r,"object")}s(oO,"throwIfOptionNotObject");G.throwIfOptionNotObject=oO;function sO(e,t){if((0,Ve.isUndefined)(e))throw new tt(t)}s(sO,"throwIfStateUndefined");G.throwIfStateUndefined=sO;function ja(e,t){if((0,Ve.isUndefinedOrNull)(e))throw new tt(t)}s(ja,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=ja;function aO(e,t){if(ja(e,t),!(0,Ve.isString)(e))throw new tt(t);return!0}s(aO,"throwIfStateNotString");G.throwIfStateNotString=aO;function cO(e,t){if(ja(e,t),!(0,Ve.isNumber)(e))throw new tt(t);return!0}s(cO,"throwIfStateNotNumber");G.throwIfStateNotNumber=cO;function uO(e,t){if(ja(e,t),!(0,Ve.isObject)(e))throw new tt(t);return!0}s(uO,"throwIfStateNotObject");G.throwIfStateNotObject=uO});var Db=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Ip=C(),Va=Lb(),Pp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Va.throwIfNotString)(t,"redisClientUrl"),(0,Va.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Va.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Ip.SystemError("Redis client failed with 401: Unauthorized"):new Ip.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Pp;var Ap=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Va.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Ip.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Ap});var Fb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RateLimitInboundPolicy=void 0;var lO=Sr(),dO=jt(),pO=ti(),Rt=C(),hO=ae(),Ub=Ke(),Ui=Y(),Mb=Db(),kb=bt(),Ga=(0,lO.debug)("zuplo:policies:RateLimitInboundPolicy"),fO="strict",mO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),yO=s(async e=>({key:`ip-${mO(e)}`}),"getIP"),gO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),bO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ba;function _O(e,t){let r;if(Ba)return Ba;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Mb.InMemoryRedisClient,Ba=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,kb.isString)(i))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,kb.isString)(n))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Mb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ba=r,r}s(_O,"getRedisClient");async function Hb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Hb,"getCountAndUpdateExpiry");function EO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Rt.RuntimeError(u)}return c},"outerFunction")}s(EO,"wrapUserFunction");var wO="Retry-After",vO=s(async(e,t,r,n)=>{let i=Date.now(),o=Ub.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Rt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[wO]=l.toString()),hO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:EO(r,n),user:gO,ip:yO,all:bO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",E=_O(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??fO)==="async"){let O=await(0,dO.getPolicyCacheName)(n,r),te=new pO.ZoneCache(O,{logger:Ub.SystemLogMap.getLogger(t)}),re=Hb(S,h,E,o,t.requestId),ne=await te.get(S);if(ne!==void 0&&ne<=Date.now()){Ga(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let ve=Math.round((ne-Date.now())/1e3);return c(y,ve)}return t.addEventListener("responseSending",ve=>{try{let w=ve,H=w.mutableResponse;w.mutableResponse=(async()=>{let Le=await re;if(Le.count>m){let au=Date.now()+Le.ttlSeconds*1e3,AE=te.put(S,au,Le.ttlSeconds).catch(mh=>{throw o.error(new Rt.SystemError("Error caching rate limit result.",{cause:mh})),mh});return t.waitUntil(AE),Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Le.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let $=await Hb(S,h,E,o,t.requestId);return $.count>m?(Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,$.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ga(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ka.RateLimitInboundPolicy=vO});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.ReadmeMetricsInboundPolicy=void 0;var TO=Te(),Rp=Y(),qb=oi(),Op;function $b(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s($b,"headersToNameValuePairs");function SO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(SO,"queryToNameValueParis");function IO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(IO,"parseIntOrUndefined");var jb={};async function PO(e,t,r,n){let i=new Date,o=Date.now();return Op||(Op={name:"zuplo",version:Rp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Rp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Rp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Op,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:$b(e.headers),queryString:SO(e.query)},response:{status:a.status,statusText:a.statusText,headers:$b(a.headers),content:{size:IO(e.headers.get("content-length"))}}}]}}},d=jb[r.apiKey];if(!d){let p=r.apiKey;d=new TO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),jb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(PO,"ReadmeMetricsInboundPolicy");Ja.ReadmeMetricsInboundPolicy=PO});var Gb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RemoveHeadersInboundPolicy=void 0;var AO=C(),RO=He(),OO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new AO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new RO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");za.RemoveHeadersInboundPolicy=OO});var Bb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersOutboundPolicy=void 0;var NO=C(),xO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new NO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Wa.RemoveHeadersOutboundPolicy=xO});var Kb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveQueryParamsInboundPolicy=void 0;var CO=C(),LO=He(),DO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new CO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new LO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Qa.RemoveQueryParamsInboundPolicy=DO});var Jb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.ReplaceStringOutboundPolicy=void 0;var UO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Ya.ReplaceStringOutboundPolicy=UO});var Wb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RequestSizeLimitInboundPolicy=void 0;var zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),MO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?zb():e},"RequestSizeLimitInboundPolicy");Za.RequestSizeLimitInboundPolicy=MO});var Xa=g(rt=>{"use strict";Object.defineProperty(rt,"__esModule",{value:!0});rt.sanitizedIdentifierName=rt.getIdForRefSchema=rt.getIdForRequestBodySchema=rt.getIdForParameterSchema=rt.getRawOperationDataIdentifierName=void 0;function kO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(kO,"getRawOperationDataIdentifierName");rt.getRawOperationDataIdentifierName=kO;function HO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(HO,"getIdForParameterSchema");rt.getIdForParameterSchema=HO;function FO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(FO,"getIdForRequestBodySchema");rt.getIdForRequestBodySchema=FO;function qO(e,t){return`_${kr(e)}__${kr(t)}`}s(qO,"getIdForRefSchema");rt.getIdForRefSchema=qO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");rt.sanitizedIdentifierName=kr});var Mi=g(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var $O=mn(),jO=Xa(),VO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=VO;var GO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,jO.getIdForParameterSchema)(r,n,i,u.name),p=$O.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");De.validateParameters=GO;var BO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=BO;var KO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=KO;var JO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=JO;var zO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=zO});var Qb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleBodyValidation=void 0;var WO=mn(),ec=ae(),QO=Xa(),ze=Mi();async function YO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,E=ec.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",y,[n],h),(0,ze.shouldReject)(r.validateBody))return E}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,QO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=WO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}s(YO,"handleBodyValidation");tc.handleBodyValidation=YO});var Yb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleHeadersValidation=void 0;var ZO=ae(),ki=Mi();function XO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=ZO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(XO,"handleHeadersValidation");rc.handleHeadersValidation=XO});var Zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handlePathParameterValidation=void 0;var eN=ae(),Hi=Mi();function tN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=eN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(tN,"handlePathParameterValidation");nc.handlePathParameterValidation=tN});var Xb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleQueryParameterValidation=void 0;var rN=ae(),Fi=Mi();function nN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=rN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(nN,"handleQueryParameterValidation");ic.handleQueryParameterValidation=nN});var e_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var iN=Qb(),oN=Yb(),sN=Zb(),aN=Xb(),cN=s(async(e,t,r)=>{let n=(0,aN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,sN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,oN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,iN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=cN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var t_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RequireOriginInboundPolicy=void 0;var uN=C(),lN=ae(),dN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new uN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return lN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");oc.RequireOriginInboundPolicy=dN});var r_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetBodyInboundPolicy=void 0;var pN=He(),hN=s(async(e,t,r)=>new pN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");sc.SetBodyInboundPolicy=hN});var i_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetHeadersInboundPolicy=void 0;var n_=C(),fN=He(),mN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new fN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ac.SetHeadersInboundPolicy=mN});var s_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersOutboundPolicy=void 0;var o_=C(),yN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");cc.SetHeadersOutboundPolicy=yN});var c_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetQueryParamsInboundPolicy=void 0;var a_=C(),gN=He(),bN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new gN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");uc.SetQueryParamsInboundPolicy=bN});var u_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetStatusOutboundPolicy=void 0;var _N=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");lc.SetStatusOutboundPolicy=_N});var l_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SleepInboundPolicy=void 0;var EN=C(),wN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),vN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new EN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await wN(r.sleepInMs),e},"SleepInboundPolicy");dc.SleepInboundPolicy=vN});var p_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SupabaseJwtInboundPolicy=void 0;var d_=C(),TN=ae(),SN=He(),IN=$t(),PN=Vt(),AN=s(async(e,t,r,n)=>{(0,IN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,PN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof SN.ZuploRequest))throw new d_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new d_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?TN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");pc.SupabaseJwtInboundPolicy=AN});var f_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var RN=jt(),ON=Jt(),h_=C(),NN=vi(),xN=$t(),CN=s(async(e,t,r,n)=>{(0,xN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,RN.getPolicyCacheName)(n,r),o=new ON.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await LN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");hc.UpstreamAzureAdServiceAuthInboundPolicy=CN;async function LN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,NN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new h_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new h_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(LN,"getAccessToken")});var y_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var DN=jt(),UN=Jt(),MN=C(),Np=pn(),kN=$t(),m_="https://accounts.google.com/o/oauth2/token",xp,HN=s(async(e,t,r,n)=>{(0,kN.optionValidator)(r,n).required("serviceAccountJson","string"),xp||(xp=await Np.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,DN.getPolicyCacheName)(n,r),a=new UN.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Np.getTokenFromGcpServiceAccount)({serviceAccount:xp,audience:m_,payload:i}),l=await(0,Np.exchangeGgpJwtForIdToken)(m_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new MN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");fc.UpstreamFirebaseAdminAuthInboundPolicy=HN});var g_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var FN=jt(),qN=Jt(),Fn=C(),$N=hp(),Cp=pn(),jN=oi(),VN=$t(),GN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",BN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Lp,KN=s(async(e,t,r,n)=>{if((0,VN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(BN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Lp||(Lp=await Cp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,jN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,FN.getPolicyCacheName)(n,r),c=new qN.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,$N.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Cp.getTokenFromGcpServiceAccount)({serviceAccount:Lp,audience:GN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Cp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");mc.UpstreamFirebaseUserAuthInboundPolicy=KN});var __=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamGcpJwtInboundPolicy=void 0;var b_=pn(),JN=$t(),Dp,zN=s(async(e,t,r,n)=>{(0,JN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Dp||(Dp=await b_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,b_.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");yc.UpstreamGcpJwtInboundPolicy=zN});var w_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpServiceAuthInboundPolicy=void 0;var WN=jt(),QN=fu(),YN=Jt(),ZN=C(),Up=pn(),XN=$t(),E_="https://www.googleapis.com/oauth2/v4/token",Mp,ex=s(async(e,t,r,n)=>{(0,XN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Mp||(Mp=await Up.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,WN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new QN.MemoryCache(i):o=new YN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Up.getTokenFromGcpServiceAccount)({serviceAccount:Mp,audience:E_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Up.exchangeGgpJwtForIdToken)(E_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ZN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");gc.UpstreamGcpServiceAuthInboundPolicy=ex});var T_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ValidateJsonSchemaInbound=void 0;var tx=C(),v_=ae(),rx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return v_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new tx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return v_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");bc.ValidateJsonSchemaInbound=rx});var P_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.MeteringInboundPolicy=void 0;var S_=Gs(),I_=yn(),_c=C(),nx=ae(),ix=Ke(),ox=Y(),sx=s(async(e,t,r,n)=>{let i=ix.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=S_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new _c.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:E,meteringServiceUrl:T}=ox.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${E}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=S_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new _c.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new _c.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new _c.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return nx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ec.MeteringInboundPolicy=sx});var O_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.LoadSubscriptionInboundPolicy=void 0;var ax=ti(),cx=Gs(),A_=yn(),ux=C(),kp=ae(),R_=Ke(),lx=Y(),dx=s(async(e,t,r,n)=>{let i=R_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:kp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ux.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=lx.Environment.instance,{sub:l}=a,d;try{let m=`${r.bucketId}-${l}`,h=new ax.ZoneCache(m,{logger:R_.SystemLogMap.getLogger(t)}),y=await h.get(m);if(y)d=y;else{let E=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!E.ok)return t.log.error(await E.text()),kp.HttpProblems.forbidden(e,t);d=await E.json(),h.put(m,d,15).catch(T=>{throw i.error(T),T})}}catch(m){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,m)}if((!d||!d.data||d.data.length===0)&&!o)return kp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return cx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");wc.LoadSubscriptionInboundPolicy=dx});var N_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.ServiceProviderImpl=void 0;var px=C(),Hp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new px.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};vc.ServiceProviderImpl=Hp});var $_=g(f=>{"use strict";var hx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Fp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&hx(t,e,r)},fx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;wh();var mx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return mx.MemoryZoneReadThroughCache}});var yx=ti();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return yx.ZoneCache}});var x_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return x_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return x_.ResponseSentEvent}});var gx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return gx.ContextData}});var qp=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return qp.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return qp.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return qp.isZuploReadableEnvVariableName}});var bx=C();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return bx.ConfigurationError}});var _x=Pd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return _x.originalFetch}});var C_=Wy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return C_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return C_.purgeGatewayCache}});var L_=pg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return L_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return L_.awsLambdaHandler}});var Ex=fg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ex.openApiSpecHandler}});var wx=mg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return wx.redirectHandler}});var vx=gg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return vx.urlForwardHandler}});var Tx=_g();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Tx.urlRewriteHandler}});var Sx=wg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Sx.webSocketHandler}});var Ix=Sg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Ix.webSocketPipelineHandler}});var Px=Hu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Px.HttpStatusCode}});Fp(Cg(),f);Fp(Ug(),f);var Ax=Mg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Ax.AuditLogDataStaxProvider}});var Rx=Hg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Rx.AuditLogPlugin}});Fp(Wg(),f);var D_=eb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return D_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return D_.AmberfloMeteringPolicy}});var Ox=ob();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ox.ApiAuthKeyInboundPolicy}});var Nx=yp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Nx.ApiKeyInboundPolicy}});var xx=sb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return xx.Auth0JwtInboundPolicy}});var Cx=ab();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Cx.BasicAuthInboundPolicy}});var Lx=cb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Lx.CachingInboundPolicy}});var Dx=ub();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Dx.ChangeMethodInboundPolicy}});var Ux=lb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ux.ClearHeadersInboundPolicy}});var Mx=db();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Mx.ClearHeadersOutboundPolicy}});var kx=pb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return kx.ClerkJwtInboundPolicy}});var Hx=fb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Hx.CognitoJwtInboundPolicy}});var Fx=yb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Fx.CompositeInboundPolicy}});var qx=bb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return qx.CreditsMeteringInboundPolicy}});var $x=_b();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return $x.CurityPhantomTokenInboundPolicy}});var jx=Eb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return jx.FirebaseJwtInboundPolicy}});var Vx=wb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Vx.FormDataToJsonInboundPolicy}});var Gx=vb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Gx.GeoFilterInboundPolicy}});var Bx=Tb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Bx.JWTScopeValidationInboundPolicy}});var Kx=Ib();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Kx.MockApiInboundPolicy}});var U_=Nb();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return U_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return U_.setMoesifContext}});var Jx=xb();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.OktaJwtInboundPolicy}});var zx=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return zx.OpenIdJwtInboundPolicy}});var Wx=Cb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.PropelAuthJwtInboundPolicy}});var M_=Fb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return M_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return M_.RateLimitInboundPolicy}});var Qx=Vb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Qx.ReadmeMetricsInboundPolicy}});var Yx=Gb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.RemoveHeadersInboundPolicy}});var Zx=Bb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.RemoveHeadersOutboundPolicy}});var Xx=Kb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.RemoveQueryParamsInboundPolicy}});var eC=Jb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return eC.ReplaceStringOutboundPolicy}});var tC=Wb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return tC.RequestSizeLimitInboundPolicy}});var k_=e_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return k_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return k_.SchemaBasedRequestValidation}});var rC=t_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return rC.RequireOriginInboundPolicy}});var nC=r_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return nC.SetBodyInboundPolicy}});var iC=i_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.SetHeadersInboundPolicy}});var oC=s_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.SetHeadersOutboundPolicy}});var sC=c_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.SetQueryParamsInboundPolicy}});var aC=u_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return aC.SetStatusOutboundPolicy}});var cC=l_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return cC.SleepInboundPolicy}});var uC=ap();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return uC.StripeWebhookVerificationInboundPolicy}});var lC=p_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return lC.SupabaseJwtInboundPolicy}});var dC=f_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return dC.UpstreamAzureAdServiceAuthInboundPolicy}});var pC=y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return pC.UpstreamFirebaseAdminAuthInboundPolicy}});var hC=g_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return hC.UpstreamFirebaseUserAuthInboundPolicy}});var fC=__();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return fC.UpstreamGcpJwtInboundPolicy}});var mC=w_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return mC.UpstreamGcpServiceAuthInboundPolicy}});var yC=T_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return yC.ValidateJsonSchemaInbound}});var gC=P_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return gC.MeteringInboundPolicy}});var bC=O_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return bC.LoadSubscriptionInboundPolicy}});var _C=ae();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return _C.HttpProblems}});var EC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return EC.ProblemResponseFormatter}});var wC=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return wC.ZuploRequest}});var vC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return vC.SystemRouteName}});var H_=gd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return H_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return H_.Router}});var F_=Ou();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return F_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return F_.serialize}});var TC=N_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return TC.ServiceProviderImpl}});var q_=Yu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return q_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return q_.SYSTEM_LOGGER}});var SC=qu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return fx(SC).default}});var IC=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return IC.SystemLogMap}});var qi=Xa();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var j_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var $p=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=$p});var V_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.WorkerCryptoBeta=void 0;var jp=j_(),PC=C(),Vp=class extends jp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!jp.supportedDigests.includes(t.toLowerCase()))throw new PC.RuntimeError(`Algorithm ${t} is not supported. Try using ${jp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Tc.WorkerCryptoBeta=Vp});var G_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.BaseKeyValueStore=void 0;var Gp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Sc.BaseKeyValueStore=Gp});var K_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerKeyValueStore=void 0;var B_=C(),AC=G_(),Bp=class extends AC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new B_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new B_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ic.WorkerKeyValueStore=Bp});var Ut=g(dt=>{"use strict";var RC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),OC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&RC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;OC($_(),dt);var NC=V_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return NC.WorkerCryptoBeta}});var xC=K_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return xC.WorkerKeyValueStore}})});var HL={};ro(HL,{GraphQLComplexityLimitInboundPolicy:()=>SE,GraphQLDisableIntrospectionInboundPolicy:()=>PE});module.exports=no(HL);var Zn=gh(Ut());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Ot(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Ot,"invariant");var CC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(CC)){if(typeof i.index=="number"||Ot(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Kp(e){return Pc(e.source,$n(e.source,e.start))}s(Kp,"printLocation");function Pc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(lR,"validateComputedSignature");function dR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(dR,"parseHeader");function pR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(pR,"secureCompare");async function qg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=sp[o[c]];return a.join("")}s(qg,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=qg;var sp=new Array(256);for(let e=0;e<sp.length;e++)sp[e]=e.toString(16).padStart(2,"0")});var $t=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Oi=C();function hR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(hR,"optionValidator");pa.optionValidator=hR});var ap=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var fR=ae(),mR=$g(),yR=$t(),gR=s(async(e,t,r,n)=>{(0,yR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,mR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),fR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=gR});var Vg=g(cp=>{"use strict";Object.defineProperty(cp,"__esModule",{value:!0});var jg=C(),bR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new jg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new jg.RuntimeError(o)}}};cp.default=bR});var Bg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Gg=bt();function _R(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Gg.isString)(e.id)&&"type"in e&&(0,Gg.isString)(e.type)}s(_R,"isStripeWebhookEvent");fa.isStripeWebhookEvent=_R});var Kg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var ER=gt(),up=class extends ER.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Wg=g(xn=>{"use strict";var wR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),je=C(),vR=Dt(),TR=ap(),Ni=ae(),SR=Yt(),IR=zr(),PR=ku(),AR=st(),Jg=Ke(),dp=Y(),zg=vi(),RR=wR(Vg()),OR=Bg(),NR=bt(),xR=Kg(),CR="checkout.session.completed",lp=class extends xR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new je.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new je.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!this.options.zuploAccountApiKey)throw new je.ConfigurationError("StripeMeteringPlugin - No 'zuploAccountApiKey' property provided");if(!dp.Environment.instance.build.ACCOUNT_NAME)throw new je.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!UR(p))throw new je.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,OR.isStripeWebhookEvent)(m))return Ni.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`);let h,y,E;if(m.type===CR){let ne=m,ve=ne.data?.object?.subscription;if(!ve)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");if(y=ne.data?.object?.client_reference_id,E=ne.data?.object?.customer_email,!y)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!E)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");if(!ve)throw new je.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");h=await RR.default.getSubscription({logger:u.log,stripeSecretKey:this.options.stripeSecretKey,subscriptionId:ve})}else return Ni.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."});let T=h.id,S=h.customer,U=h.items?.data.find(ne=>ne.object==="subscription_item");if(!U||!U.id)throw new je.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let $=U.plan;if(!$||!$.product)throw new je.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let O=$.product,te=await LR({apiKeyBucketName:d,stripeProductId:O,stripeSubscriptionId:T,stripeCustomerId:S,managerEmail:E,managerSub:y,context:u});if(!te)return Ni.HttpProblems.internalServerError(c,u,{detail:"No consumer was created, skipping creation of subscription"});let re="routes.oas.json";try{await DR({context:u,stripeProductId:O,stripeSubscriptionId:T,customerKey:te,productKey:re,meteringBucketId:l,meteringBucketRegion:p,customerExternalId:S})}catch(ne){return Ni.HttpProblems.internalServerError(c,u,{detail:ne.message})}return Ni.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,IR.createInternalPolicyProcessor)({inboundPolicies:[{handler:TR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new vR.Pipeline({processors:[SR.metricsProcessor,i],handler:n,gateway:r}),a=new AR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:PR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=lp;async function LR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=dp.Environment.instance,u="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l=new URL(`/v1/buckets/${e}/consumers`,u);l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${t}`,tags:{subscriptionExternalId:t,planExternalId:r},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},m=await(0,zg.fetchRetry)({retryDelayMs:5,retries:2,logger:Jg.SystemLogMap.getLogger(a)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw a.log.error(y,h),new je.RuntimeError(y)}return a.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:t,stripeProductId:r}),d}s(LR,"createConsumer");async function DR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalId:r,customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=dp.Environment.instance;if(!(0,NR.isNonEmptyString)(l))throw new je.SystemError("No Zuplo JWT token set.");let p=await(0,zg.fetchRetry)({retryDelayMs:5,retries:2,logger:Jg.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new je.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(DR,"saveSubscription");function UR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(UR,"isMetricsRegion")});var eb=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var Qg=C(),MR=Te(),Yg=oi(),Xg=new WeakMap,Zg={},pp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Xg.set(t,r)}};Cn.AmberfloMeteringPolicy=pp;async function kR(e,t,r,n){if(!r.statusCodes)throw new Qg.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Yg.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Xg.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Qg.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Yg.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Zg[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new MR.BatchDispatch("amberflo-ingest-meter",10,async E=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(E),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),Zg[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(kR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=kR});var hp=g(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.sha256=void 0;async function HR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(HR,"sha256");ga.sha256=HR});var jt=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.getPolicyCacheName=void 0;var FR=hp(),tb=new Map;async function qR(e,t){let r,n=tb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,FR.sha256)(JSON.stringify({policyName:e,options:t}))}`,tb.set(e,r)),r}s(qR,"getPolicyCacheName");ba.getPolicyCacheName=qR});var yp=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.ApiKeyInboundPolicy=void 0;var $R=jt(),jR=Jt(),rb=yn(),fp=C(),VR=Ut(),nb=Ke(),mp=Y(),GR=vi(),ib="key-metadata-cache-type";function BR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(BR,"getKeyValue");async function KR(e,t,r,n){if(!r.bucketName)if(rb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=rb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new fp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:VR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=BR(a,i);if(!c||c==="")return o("No key present");let u=await JR(c),l=await(0,$R.getPolicyCacheName)(n,i),d=new jR.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==ib&&nb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,GR.fetchRetry)({retryDelayMs:5,retries:2,logger:nb.SystemLogMap.getLogger(t)},`${mp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":mp.Environment.instance.deploymentName??"unknown","User-Agent":mp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new fp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),E={isValid:!0,typeId:ib,user:{sub:y.name,data:y.metadata}};return e.user=E.user,d.put(u,E,i.cacheTtlSeconds),e}s(KR,"ApiKeyInboundPolicy");_a.ApiKeyInboundPolicy=KR;async function JR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(JR,"hashValue")});var ob=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiAuthKeyInboundPolicy=void 0;var zR=yp();Ea.ApiAuthKeyInboundPolicy=zR.ApiKeyInboundPolicy});var Vt=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.OpenIdJwtInboundPolicy=void 0;var bp=(Is(),no(Ss)),_p=C(),WR=ae(),gp={},QR=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new _p.ConfigurationError("Invalid State - jwkUrl not set");gp[t.jwkUrl]||(gp[t.jwkUrl]=(0,bp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,bp.jwtVerify)(e,gp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),YR=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,bp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),ZR=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>WR.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new _p.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new _p.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?QR:YR,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");wa.OpenIdJwtInboundPolicy=ZR});var sb=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.Auth0JwtInboundPolicy=void 0;var XR=Vt(),e0=s(async(e,t,r,n)=>(0,XR.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");va.Auth0JwtInboundPolicy=e0});var ab=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.BasicAuthInboundPolicy=void 0;var t0=ae(),r0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>t0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(E=>E.username===m&&E.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ta.BasicAuthInboundPolicy=r0});var cb=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.CachingInboundPolicy=void 0;var n0=jt(),i0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function o0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(o0,"digestMessage");var s0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await o0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function a0(e,t,r,n){let i=await(0,n0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await s0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);i0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(a0,"CachingInboundPolicy");Sa.CachingInboundPolicy=a0});var ub=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.ChangeMethodInboundPolicy=void 0;var c0=C(),u0=He(),l0=s(async(e,t,r,n)=>{if(!r.method)throw new c0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new u0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Ia.ChangeMethodInboundPolicy=l0});var lb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ClearHeadersInboundPolicy=void 0;var d0=He(),p0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new d0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Pa.ClearHeadersInboundPolicy=p0});var db=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersOutboundPolicy=void 0;var h0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Aa.ClearHeadersOutboundPolicy=h0});var pb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClerkJwtInboundPolicy=void 0;var f0=Vt(),m0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,f0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ra.ClerkJwtInboundPolicy=m0});var fb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.CognitoJwtInboundPolicy=void 0;var hb=C(),y0=Vt(),g0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new hb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new hb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,y0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Oa.CognitoJwtInboundPolicy=g0});var yb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CompositeInboundPolicy=void 0;var b0=C(),_0=mn(),mb=zr(),E0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new b0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=_0.Gateway.instance,o=(0,mb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,mb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Na.CompositeInboundPolicy=E0});var bb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CreditsMeteringInboundPolicy=void 0;var xi=ae(),gb=Y(),w0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await v0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await T0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");xa.CreditsMeteringInboundPolicy=w0;async function v0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=gb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(v0,"getSubscription");async function T0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=gb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(T0,"consumeSubscription")});var _b=g(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CurityPhantomTokenInboundPolicy=void 0;var S0=jt(),I0=Jt(),Ca=ae(),P0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ca.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=A0(i);if(!o)return Ca.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,S0.getPolicyCacheName)(n,r),c=new I0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ca.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ca.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");La.CurityPhantomTokenInboundPolicy=P0;function A0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(A0,"getToken")});var Eb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.FirebaseJwtInboundPolicy=void 0;var R0=$t(),O0=Vt(),N0=s(async(e,t,r,n)=>((0,R0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,O0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Da.FirebaseJwtInboundPolicy=N0});var wb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FormDataToJsonInboundPolicy=void 0;var x0=He(),C0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new x0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ua.FormDataToJsonInboundPolicy=C0});var vb=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.GeoFilterInboundPolicy=void 0;var L0=C(),D0=ae(),Ln="__unknown__",U0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,E=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||E.length>0&&E.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ma.GeoFilterInboundPolicy=U0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),D0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new L0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Tb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.JWTScopeValidationInboundPolicy=void 0;var M0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ka.JWTScopeValidationInboundPolicy=M0});var Ib=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.MockApiInboundPolicy=void 0;var k0=ae(),H0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Ep(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Ep(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Sb(a[c])}else return a.length>0?Sb(a[0]):Ep(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Ha.MockApiInboundPolicy=H0;function Sb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Sb,"generateResponse");var Ep=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return k0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Nb=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var F0=C(),q0=Te(),$0="Incoming",j0={logRequestBody:!0,logResponseBody:!0};function Pb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Pb,"headersToObject");function Ab(){return new Date().toISOString()}s(Ab,"timestamp");var wp=new WeakMap,V0={};function G0(e,t){let r=wp.get(e);r||(r=V0);let n=Object.assign({...r},t);wp.set(e,n)}s(G0,"setMoesifContext");Mn.setMoesifContext=G0;async function Rb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Rb,"readBody");var B0={},vp;function Ob(){if(!vp)throw new F0.RuntimeError("Invalid State - no _lastLogger");return vp}s(Ob,"getLastLogger");function K0(e){let t=B0[e];return t||(t=new q0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Ob().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Ob().error({status:i.status,body:await i.text()})})),t}s(K0,"getDispatcher");async function J0(e,t,r,n){vp=t.log;let i=Ab(),o=Object.assign(j0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Rb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=K0(o.applicationId),d=e.headers.get("true-client-ip"),p=wp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Pb(e.headers)},h=o.logResponseBody?await Rb(c,t):void 0,y={time:Ab(),status:c.status,headers:Pb(c.headers),body:h},E={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:$0};l.enqueue(E),t.waitUntil(l.waitUntilFlushed())}),e}s(J0,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=J0});var xb=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OktaJwtInboundPolicy=void 0;var z0=Vt(),W0=s(async(e,t,r,n)=>(0,z0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Fa.OktaJwtInboundPolicy=W0});var Cb=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.PropelAuthJwtInboundPolicy=void 0;var Q0=(Is(),no(Ss)),Y0=Vt(),Tp,Z0=s(async(e,t,r,n)=>{if(!Tp)try{Tp=await(0,Q0.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,Y0.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Tp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");qa.PropelAuthJwtInboundPolicy=Z0});var Lb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var Ve=bt(),tt=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=tt;var Ci=class extends tt{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ci;var Li=class extends tt{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Li;function X0(e,t){if((0,Ve.isUndefined)(e))throw new Ci(t)}s(X0,"throwIfUndefined");G.throwIfUndefined=X0;function Sp(e,t){if((0,Ve.isUndefinedOrNull)(e))throw new Ci(t)}s(Sp,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Sp;function eO(e,t){if(Sp(e,t),!(0,Ve.isString)(e))throw new Li(t,"string")}s(eO,"throwIfNotString");G.throwIfNotString=eO;function tO(e,t){if(Sp(e,t),!(0,Ve.isNumber)(e))throw new Li(t,"number")}s(tO,"throwIfNotNumber");G.throwIfNotNumber=tO;var Di=class extends tt{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Di;var kn=class extends tt{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function rO(e,t,r,n){if((0,Ve.isUndefined)(n))throw new Di(e,t,r)}s(rO,"throwIfOptionUndefined");G.throwIfOptionUndefined=rO;function $a(e,t,r,n){if((0,Ve.isUndefinedOrNull)(n))throw new Di(e,t,r)}s($a,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=$a;function nO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isString)(n))throw new kn(e,t,r,"string")}s(nO,"throwIfOptionNotString");G.throwIfOptionNotString=nO;function iO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isNumber)(n))throw new kn(e,t,r,"number")}s(iO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=iO;function oO(e,t,r,n){if($a(e,t,r,n),!(0,Ve.isObject)(n))throw new kn(e,t,r,"object")}s(oO,"throwIfOptionNotObject");G.throwIfOptionNotObject=oO;function sO(e,t){if((0,Ve.isUndefined)(e))throw new tt(t)}s(sO,"throwIfStateUndefined");G.throwIfStateUndefined=sO;function ja(e,t){if((0,Ve.isUndefinedOrNull)(e))throw new tt(t)}s(ja,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=ja;function aO(e,t){if(ja(e,t),!(0,Ve.isString)(e))throw new tt(t);return!0}s(aO,"throwIfStateNotString");G.throwIfStateNotString=aO;function cO(e,t){if(ja(e,t),!(0,Ve.isNumber)(e))throw new tt(t);return!0}s(cO,"throwIfStateNotNumber");G.throwIfStateNotNumber=cO;function uO(e,t){if(ja(e,t),!(0,Ve.isObject)(e))throw new tt(t);return!0}s(uO,"throwIfStateNotObject");G.throwIfStateNotObject=uO});var Db=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Ip=C(),Va=Lb(),Pp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Va.throwIfNotString)(t,"redisClientUrl"),(0,Va.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Va.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Ip.SystemError("Redis client failed with 401: Unauthorized"):new Ip.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Pp;var Ap=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Va.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Ip.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Ap});var Fb=g(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.RateLimitInboundPolicy=void 0;var lO=Sr(),dO=jt(),pO=ti(),Rt=C(),hO=ae(),Ub=Ke(),Ui=Y(),Mb=Db(),kb=bt(),Ga=(0,lO.debug)("zuplo:policies:RateLimitInboundPolicy"),fO="strict",mO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),yO=s(async e=>({key:`ip-${mO(e)}`}),"getIP"),gO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),bO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ba;function _O(e,t){let r;if(Ba)return Ba;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Mb.InMemoryRedisClient,Ba=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,kb.isString)(i))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,kb.isString)(n))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Mb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ba=r,r}s(_O,"getRedisClient");async function Hb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Hb,"getCountAndUpdateExpiry");function EO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Rt.RuntimeError(u)}return c},"outerFunction")}s(EO,"wrapUserFunction");var wO="Retry-After",vO=s(async(e,t,r,n)=>{let i=Date.now(),o=Ub.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Rt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[wO]=l.toString()),hO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:EO(r,n),user:gO,ip:yO,all:bO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",E=_O(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??fO)==="async"){let O=await(0,dO.getPolicyCacheName)(n,r),te=new pO.ZoneCache(O,{logger:Ub.SystemLogMap.getLogger(t)}),re=Hb(S,h,E,o,t.requestId),ne=await te.get(S);if(ne!==void 0&&ne<=Date.now()){Ga(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let ve=Math.round((ne-Date.now())/1e3);return c(y,ve)}return t.addEventListener("responseSending",ve=>{try{let w=ve,H=w.mutableResponse;w.mutableResponse=(async()=>{let Le=await re;if(Le.count>m){let au=Date.now()+Le.ttlSeconds*1e3,AE=te.put(S,au,Le.ttlSeconds).catch(mh=>{throw o.error(new Rt.SystemError("Error caching rate limit result.",{cause:mh})),mh});return t.waitUntil(AE),Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Le.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let $=await Hb(S,h,E,o,t.requestId);return $.count>m?(Ga(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,$.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ga(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ka.RateLimitInboundPolicy=vO});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.ReadmeMetricsInboundPolicy=void 0;var TO=Te(),Rp=Y(),qb=oi(),Op;function $b(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s($b,"headersToNameValuePairs");function SO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(SO,"queryToNameValueParis");function IO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(IO,"parseIntOrUndefined");var jb={};async function PO(e,t,r,n){let i=new Date,o=Date.now();return Op||(Op={name:"zuplo",version:Rp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Rp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,qb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Rp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Op,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:$b(e.headers),queryString:SO(e.query)},response:{status:a.status,statusText:a.statusText,headers:$b(a.headers),content:{size:IO(e.headers.get("content-length"))}}}]}}},d=jb[r.apiKey];if(!d){let p=r.apiKey;d=new TO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),jb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(PO,"ReadmeMetricsInboundPolicy");Ja.ReadmeMetricsInboundPolicy=PO});var Gb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RemoveHeadersInboundPolicy=void 0;var AO=C(),RO=He(),OO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new AO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new RO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");za.RemoveHeadersInboundPolicy=OO});var Bb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersOutboundPolicy=void 0;var NO=C(),xO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new NO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Wa.RemoveHeadersOutboundPolicy=xO});var Kb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveQueryParamsInboundPolicy=void 0;var CO=C(),LO=He(),DO=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new CO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new LO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Qa.RemoveQueryParamsInboundPolicy=DO});var Jb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.ReplaceStringOutboundPolicy=void 0;var UO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Ya.ReplaceStringOutboundPolicy=UO});var Wb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RequestSizeLimitInboundPolicy=void 0;var zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),MO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?zb():e},"RequestSizeLimitInboundPolicy");Za.RequestSizeLimitInboundPolicy=MO});var Xa=g(rt=>{"use strict";Object.defineProperty(rt,"__esModule",{value:!0});rt.sanitizedIdentifierName=rt.getIdForRefSchema=rt.getIdForRequestBodySchema=rt.getIdForParameterSchema=rt.getRawOperationDataIdentifierName=void 0;function kO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(kO,"getRawOperationDataIdentifierName");rt.getRawOperationDataIdentifierName=kO;function HO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(HO,"getIdForParameterSchema");rt.getIdForParameterSchema=HO;function FO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(FO,"getIdForRequestBodySchema");rt.getIdForRequestBodySchema=FO;function qO(e,t){return`_${kr(e)}__${kr(t)}`}s(qO,"getIdForRefSchema");rt.getIdForRefSchema=qO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");rt.sanitizedIdentifierName=kr});var Mi=g(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var $O=mn(),jO=Xa(),VO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=VO;var GO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,jO.getIdForParameterSchema)(r,n,i,u.name),p=$O.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");De.validateParameters=GO;var BO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=BO;var KO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=KO;var JO=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=JO;var zO=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=zO});var Qb=g(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.handleBodyValidation=void 0;var WO=mn(),ec=ae(),QO=Xa(),ze=Mi();async function YO(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,E=ec.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",y,[n],h),(0,ze.shouldReject)(r.validateBody))return E}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,QO.getIdForRequestBodySchema)(e.route.path,t.method,i),c=WO.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}s(YO,"handleBodyValidation");tc.handleBodyValidation=YO});var Yb=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleHeadersValidation=void 0;var ZO=ae(),ki=Mi();function XO(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=ZO.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(XO,"handleHeadersValidation");rc.handleHeadersValidation=XO});var Zb=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handlePathParameterValidation=void 0;var eN=ae(),Hi=Mi();function tN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=eN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(tN,"handlePathParameterValidation");nc.handlePathParameterValidation=tN});var Xb=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleQueryParameterValidation=void 0;var rN=ae(),Fi=Mi();function nN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=rN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(nN,"handleQueryParameterValidation");ic.handleQueryParameterValidation=nN});var e_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var iN=Qb(),oN=Yb(),sN=Zb(),aN=Xb(),cN=s(async(e,t,r)=>{let n=(0,aN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,sN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,oN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,iN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=cN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var t_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RequireOriginInboundPolicy=void 0;var uN=C(),lN=ae(),dN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new uN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return lN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");oc.RequireOriginInboundPolicy=dN});var r_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.SetBodyInboundPolicy=void 0;var pN=He(),hN=s(async(e,t,r)=>new pN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");sc.SetBodyInboundPolicy=hN});var i_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetHeadersInboundPolicy=void 0;var n_=C(),fN=He(),mN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new n_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new fN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");ac.SetHeadersInboundPolicy=mN});var s_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersOutboundPolicy=void 0;var o_=C(),yN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new o_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");cc.SetHeadersOutboundPolicy=yN});var c_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetQueryParamsInboundPolicy=void 0;var a_=C(),gN=He(),bN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new gN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");uc.SetQueryParamsInboundPolicy=bN});var u_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetStatusOutboundPolicy=void 0;var _N=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");lc.SetStatusOutboundPolicy=_N});var l_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SleepInboundPolicy=void 0;var EN=C(),wN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),vN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new EN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await wN(r.sleepInMs),e},"SleepInboundPolicy");dc.SleepInboundPolicy=vN});var p_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SupabaseJwtInboundPolicy=void 0;var d_=C(),TN=ae(),SN=He(),IN=$t(),PN=Vt(),AN=s(async(e,t,r,n)=>{(0,IN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,PN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof SN.ZuploRequest))throw new d_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new d_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?TN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");pc.SupabaseJwtInboundPolicy=AN});var f_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var RN=jt(),ON=Jt(),h_=C(),NN=vi(),xN=$t(),CN=s(async(e,t,r,n)=>{(0,xN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,RN.getPolicyCacheName)(n,r),o=new ON.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await LN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");hc.UpstreamAzureAdServiceAuthInboundPolicy=CN;async function LN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,NN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new h_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new h_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(LN,"getAccessToken")});var y_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var DN=jt(),UN=Jt(),MN=C(),Np=pn(),kN=$t(),m_="https://accounts.google.com/o/oauth2/token",xp,HN=s(async(e,t,r,n)=>{(0,kN.optionValidator)(r,n).required("serviceAccountJson","string"),xp||(xp=await Np.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,DN.getPolicyCacheName)(n,r),a=new UN.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Np.getTokenFromGcpServiceAccount)({serviceAccount:xp,audience:m_,payload:i}),l=await(0,Np.exchangeGgpJwtForIdToken)(m_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new MN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");fc.UpstreamFirebaseAdminAuthInboundPolicy=HN});var g_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var FN=jt(),qN=Jt(),Fn=C(),$N=hp(),Cp=pn(),jN=oi(),VN=$t(),GN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",BN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Lp,KN=s(async(e,t,r,n)=>{if((0,VN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(BN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Lp||(Lp=await Cp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,jN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,FN.getPolicyCacheName)(n,r),c=new qN.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,$N.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Cp.getTokenFromGcpServiceAccount)({serviceAccount:Lp,audience:GN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Cp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");mc.UpstreamFirebaseUserAuthInboundPolicy=KN});var __=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamGcpJwtInboundPolicy=void 0;var b_=pn(),JN=$t(),Dp,zN=s(async(e,t,r,n)=>{(0,JN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Dp||(Dp=await b_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,b_.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");yc.UpstreamGcpJwtInboundPolicy=zN});var w_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpServiceAuthInboundPolicy=void 0;var WN=jt(),QN=fu(),YN=Jt(),ZN=C(),Up=pn(),XN=$t(),E_="https://www.googleapis.com/oauth2/v4/token",Mp,ex=s(async(e,t,r,n)=>{(0,XN.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Mp||(Mp=await Up.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,WN.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new QN.MemoryCache(i):o=new YN.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Up.getTokenFromGcpServiceAccount)({serviceAccount:Mp,audience:E_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Up.exchangeGgpJwtForIdToken)(E_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ZN.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");gc.UpstreamGcpServiceAuthInboundPolicy=ex});var T_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.ValidateJsonSchemaInbound=void 0;var tx=C(),v_=ae(),rx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return v_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new tx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return v_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");bc.ValidateJsonSchemaInbound=rx});var P_=g(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.MeteringInboundPolicy=void 0;var S_=Gs(),I_=yn(),_c=C(),nx=ae(),ix=Ke(),ox=Y(),sx=s(async(e,t,r,n)=>{let i=ix.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=S_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=I_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new _c.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:E,meteringServiceUrl:T}=ox.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${E}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=S_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new _c.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new _c.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new _c.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return nx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ec.MeteringInboundPolicy=sx});var O_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.LoadSubscriptionInboundPolicy=void 0;var ax=ti(),cx=Gs(),A_=yn(),ux=C(),kp=ae(),R_=Ke(),lx=Y(),dx=s(async(e,t,r,n)=>{let i=R_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:kp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=A_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ux.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=lx.Environment.instance,{sub:l}=a,d;try{let m=`${r.bucketId}-${l}`,h=new ax.ZoneCache(m,{logger:R_.SystemLogMap.getLogger(t)}),y=await h.get(m);if(y)d=y;else{let E=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!E.ok)return t.log.error(await E.text()),kp.HttpProblems.forbidden(e,t);d=await E.json(),h.put(m,d,15).catch(T=>{throw i.error(T),T})}}catch(m){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,m)}if((!d||!d.data||d.data.length===0)&&!o)return kp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return cx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");wc.LoadSubscriptionInboundPolicy=dx});var N_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.ServiceProviderImpl=void 0;var px=C(),Hp=class e{static{s(this,"ServiceProviderImpl")}static#e;services=new Map;constructor(){}static getInstance(){return e.#e||(e.#e=new e),e.#e}setInstance(t){e.#e=t}addService(t,r){if(this.services.get(t))throw new px.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};vc.ServiceProviderImpl=Hp});var $_=g(f=>{"use strict";var hx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Fp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&hx(t,e,r)},fx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;wh();var mx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return mx.MemoryZoneReadThroughCache}});var yx=ti();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return yx.ZoneCache}});var x_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return x_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return x_.ResponseSentEvent}});var gx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return gx.ContextData}});var qp=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return qp.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return qp.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return qp.isZuploReadableEnvVariableName}});var bx=C();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return bx.ConfigurationError}});var _x=Pd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return _x.originalFetch}});var C_=Wy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return C_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return C_.purgeGatewayCache}});var L_=pg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return L_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return L_.awsLambdaHandler}});var Ex=fg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ex.openApiSpecHandler}});var wx=mg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return wx.redirectHandler}});var vx=gg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return vx.urlForwardHandler}});var Tx=_g();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Tx.urlRewriteHandler}});var Sx=wg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Sx.webSocketHandler}});var Ix=Sg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Ix.webSocketPipelineHandler}});var Px=Hu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Px.HttpStatusCode}});Fp(Cg(),f);Fp(Ug(),f);var Ax=Mg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Ax.AuditLogDataStaxProvider}});var Rx=Hg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Rx.AuditLogPlugin}});Fp(Wg(),f);var D_=eb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return D_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return D_.AmberfloMeteringPolicy}});var Ox=ob();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ox.ApiAuthKeyInboundPolicy}});var Nx=yp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Nx.ApiKeyInboundPolicy}});var xx=sb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return xx.Auth0JwtInboundPolicy}});var Cx=ab();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Cx.BasicAuthInboundPolicy}});var Lx=cb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Lx.CachingInboundPolicy}});var Dx=ub();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Dx.ChangeMethodInboundPolicy}});var Ux=lb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ux.ClearHeadersInboundPolicy}});var Mx=db();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Mx.ClearHeadersOutboundPolicy}});var kx=pb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return kx.ClerkJwtInboundPolicy}});var Hx=fb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Hx.CognitoJwtInboundPolicy}});var Fx=yb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Fx.CompositeInboundPolicy}});var qx=bb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return qx.CreditsMeteringInboundPolicy}});var $x=_b();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return $x.CurityPhantomTokenInboundPolicy}});var jx=Eb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return jx.FirebaseJwtInboundPolicy}});var Vx=wb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Vx.FormDataToJsonInboundPolicy}});var Gx=vb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Gx.GeoFilterInboundPolicy}});var Bx=Tb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Bx.JWTScopeValidationInboundPolicy}});var Kx=Ib();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Kx.MockApiInboundPolicy}});var U_=Nb();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return U_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return U_.setMoesifContext}});var Jx=xb();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.OktaJwtInboundPolicy}});var zx=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return zx.OpenIdJwtInboundPolicy}});var Wx=Cb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.PropelAuthJwtInboundPolicy}});var M_=Fb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return M_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return M_.RateLimitInboundPolicy}});var Qx=Vb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Qx.ReadmeMetricsInboundPolicy}});var Yx=Gb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.RemoveHeadersInboundPolicy}});var Zx=Bb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.RemoveHeadersOutboundPolicy}});var Xx=Kb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.RemoveQueryParamsInboundPolicy}});var eC=Jb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return eC.ReplaceStringOutboundPolicy}});var tC=Wb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return tC.RequestSizeLimitInboundPolicy}});var k_=e_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return k_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return k_.SchemaBasedRequestValidation}});var rC=t_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return rC.RequireOriginInboundPolicy}});var nC=r_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return nC.SetBodyInboundPolicy}});var iC=i_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.SetHeadersInboundPolicy}});var oC=s_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.SetHeadersOutboundPolicy}});var sC=c_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.SetQueryParamsInboundPolicy}});var aC=u_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return aC.SetStatusOutboundPolicy}});var cC=l_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return cC.SleepInboundPolicy}});var uC=ap();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return uC.StripeWebhookVerificationInboundPolicy}});var lC=p_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return lC.SupabaseJwtInboundPolicy}});var dC=f_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return dC.UpstreamAzureAdServiceAuthInboundPolicy}});var pC=y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return pC.UpstreamFirebaseAdminAuthInboundPolicy}});var hC=g_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return hC.UpstreamFirebaseUserAuthInboundPolicy}});var fC=__();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return fC.UpstreamGcpJwtInboundPolicy}});var mC=w_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return mC.UpstreamGcpServiceAuthInboundPolicy}});var yC=T_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return yC.ValidateJsonSchemaInbound}});var gC=P_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return gC.MeteringInboundPolicy}});var bC=O_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return bC.LoadSubscriptionInboundPolicy}});var _C=ae();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return _C.HttpProblems}});var EC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return EC.ProblemResponseFormatter}});var wC=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return wC.ZuploRequest}});var vC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return vC.SystemRouteName}});var H_=gd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return H_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return H_.Router}});var F_=Ou();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return F_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return F_.serialize}});var TC=N_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return TC.ServiceProviderImpl}});var q_=Yu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return q_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return q_.SYSTEM_LOGGER}});var SC=qu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return fx(SC).default}});var IC=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return IC.SystemLogMap}});var qi=Xa();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var j_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var $p=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=$p});var V_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.WorkerCryptoBeta=void 0;var jp=j_(),PC=C(),Vp=class extends jp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!jp.supportedDigests.includes(t.toLowerCase()))throw new PC.RuntimeError(`Algorithm ${t} is not supported. Try using ${jp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Tc.WorkerCryptoBeta=Vp});var G_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.BaseKeyValueStore=void 0;var Gp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Sc.BaseKeyValueStore=Gp});var K_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerKeyValueStore=void 0;var B_=C(),AC=G_(),Bp=class extends AC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new B_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new B_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ic.WorkerKeyValueStore=Bp});var Ut=g(dt=>{"use strict";var RC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),OC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&RC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;OC($_(),dt);var NC=V_();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return NC.WorkerCryptoBeta}});var xC=K_();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return xC.WorkerKeyValueStore}})});var HL={};ro(HL,{GraphQLComplexityLimitInboundPolicy:()=>SE,GraphQLDisableIntrospectionInboundPolicy:()=>PE});module.exports=no(HL);var Zn=gh(Ut());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Ot(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Ot,"invariant");var CC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(CC)){if(typeof i.index=="number"||Ot(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Kp(e){return Pc(e.source,$n(e.source,e.start))}s(Kp,"printLocation");function Pc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
75
75
|
`,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,y=[];for(let E=0;E<p.length;E+=80)y.push(p.slice(E,E+80));return l+J_([[`${a} |`,y[0]],...y.slice(1,m+1).map(E=>["|",E]),["|","^".padStart(h)],["|",y[m+1]]])}return l+J_([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Pc,"printSourceLocation");function J_(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
|
|
76
76
|
`)}s(J_,"printPrefixedLines");function LC(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(LC,"toNormalizedOptions");var L=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=LC(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=z_(Array.isArray(a)?a:a?[a]:void 0);let m=z_((n=this.nodes)===null||n===void 0?void 0:n.map(y=>y.loc).filter(y=>y!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(y=>y.start),this.locations=u&&c?u.map(y=>$n(c,y)):m?.map(y=>$n(y.source,y.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
|
|
77
77
|
|