@zuplo/graphql 5.1756.0 → 5.1757.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.minified.js CHANGED
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
71
71
  `+d}):new Mr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
72
72
  If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
73
73
  `+l+`
74
- `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(fR,"validateComputedSignature");function mR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(mR,"parseHeader");function yR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(yR,"secureCompare");async function $g(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=ap[o[c]];return a.join("")}s($g,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=$g;var ap=new Array(256);for(let e=0;e<ap.length;e++)ap[e]=e.toString(16).padStart(2,"0")});var qt=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Oi=N();function gR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(gR,"optionValidator");pa.optionValidator=gR});var cp=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var bR=ie(),_R=jg(),ER=qt(),wR=s(async(e,t,r,n)=>{(0,ER.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,_R.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),bR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=wR});var Gg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Vg=gt();function vR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Vg.isString)(e.id)&&"type"in e&&(0,Vg.isString)(e.type)}s(vR,"isStripeWebhookEvent");fa.isStripeWebhookEvent=vR});var Bg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var TR=yt(),up=class extends TR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Jg=g(lp=>{"use strict";Object.defineProperty(lp,"__esModule",{value:!0});var Kg=N(),SR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Kg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Kg.RuntimeError(o)}}};lp.default=SR});var Zg=g(Ni=>{"use strict";var IR=Ni&&Ni.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ni,"__esModule",{value:!0});var yr=N(),zg=ie(),Wg=Be(),Qg=W(),Yg=vi(),PR=IR(Jg()),AR=gt();async function RR(e,t,r,n){let i=r.data?.object?.subscription;if(!i)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data?.object?.client_reference_id,a=r.data?.object?.customer_email;if(!o)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!a)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");let c=await PR.default.getSubscription({logger:t.log,stripeSecretKey:n.stripeSecretKey,subscriptionId:i}),u=c.id,l=c.customer,d=c.items?.data.find(E=>E.object==="subscription_item");if(!d||!d.id)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let p=d.plan;if(!p||!p.product)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let m=p.product,h=await OR({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:m,stripeSubscriptionId:u,stripeCustomerId:l,managerEmail:a,managerSub:o,context:t});if(!h)return zg.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});let y="routes.oas.json";try{await NR({context:t,stripeProductId:m,stripeSubscriptionId:u,customerKey:h,productKey:y,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:l})}catch(E){return zg.HttpProblems.internalServerError(e,t,{detail:E.message})}}s(RR,"onCheckoutSessionCompleted");Ni.default=RR;async function OR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=Qg.Environment.instance,u="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l=new URL(`/v1/buckets/${e}/consumers`,u);l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${t}`,tags:{subscriptionExternalId:t,planExternalId:r},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},m=await(0,Yg.fetchRetry)({retryDelayMs:5,retries:2,logger:Wg.SystemLogMap.getLogger(a)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw a.log.error(y,h),new yr.RuntimeError(y)}return a.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:t,stripeProductId:r}),d}s(OR,"createConsumer");async function NR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalId:r,customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=Qg.Environment.instance;if(!(0,AR.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,Yg.fetchRetry)({retryDelayMs:5,retries:2,logger:Wg.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new yr.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(NR,"saveSubscription")});var Xg=g(xn=>{"use strict";var xR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),ga=N(),CR=Lt(),LR=cp(),dp=ie(),DR=Qt(),UR=zr(),MR=Hu(),kR=ot(),HR=W(),FR=Gg(),qR=Bg(),$R=xR(Zg()),pp=class extends qR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ga.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ga.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!HR.Environment.instance.build.ACCOUNT_NAME)throw new ga.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!jR(p))throw new ga.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,FR.isStripeWebhookEvent)(m))return dp.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"checkout.session.completed":await(0,$R.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});break;default:return dp.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})}return dp.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,UR.createInternalPolicyProcessor)({inboundPolicies:[{handler:LR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new CR.Pipeline({processors:[DR.metricsProcessor,i],handler:n,gateway:r}),a=new kR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:MR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=pp;function jR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(jR,"isMetricsRegion")});var ib=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var eb=N(),VR=ve(),tb=oi(),nb=new WeakMap,rb={},hp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){nb.set(t,r)}};Cn.AmberfloMeteringPolicy=hp;async function GR(e,t,r,n){if(!r.statusCodes)throw new eb.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,tb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new eb.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,tb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=rb[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new VR.BatchDispatch("amberflo-ingest-meter",10,async E=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(E),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),rb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(GR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=GR});var fp=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.sha256=void 0;async function BR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(BR,"sha256");ba.sha256=BR});var $t=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.getPolicyCacheName=void 0;var KR=fp(),ob=new Map;async function JR(e,t){let r,n=ob.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,KR.sha256)(JSON.stringify({policyName:e,options:t}))}`,ob.set(e,r)),r}s(JR,"getPolicyCacheName");_a.getPolicyCacheName=JR});var gp=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiKeyInboundPolicy=void 0;var zR=$t(),WR=Kt(),sb=yn(),mp=N(),QR=Dt(),ab=Be(),yp=W(),YR=vi(),cb="key-metadata-cache-type";function ZR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(ZR,"getKeyValue");async function XR(e,t,r,n){if(!r.bucketName)if(sb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=sb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new mp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new mp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:QR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=ZR(a,i);if(!c||c==="")return o("No key present");let u=await e0(c),l=await(0,zR.getPolicyCacheName)(n,i),d=new WR.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==cb&&ab.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,YR.fetchRetry)({retryDelayMs:5,retries:2,logger:ab.SystemLogMap.getLogger(t)},`${yp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":yp.Environment.instance.deploymentName??"unknown","User-Agent":yp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new mp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),E={isValid:!0,typeId:cb,user:{sub:y.name,data:y.metadata}};return e.user=E.user,d.put(u,E,i.cacheTtlSeconds),e}s(XR,"ApiKeyInboundPolicy");Ea.ApiKeyInboundPolicy=XR;async function e0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(e0,"hashValue")});var ub=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.ApiAuthKeyInboundPolicy=void 0;var t0=gp();wa.ApiAuthKeyInboundPolicy=t0.ApiKeyInboundPolicy});var jt=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.OpenIdJwtInboundPolicy=void 0;var _p=(Is(),no(Ss)),Ep=N(),r0=ie(),bp={},n0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ep.ConfigurationError("Invalid State - jwkUrl not set");bp[t.jwkUrl]||(bp[t.jwkUrl]=(0,_p.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,_p.jwtVerify)(e,bp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),i0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,_p.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),o0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>r0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?n0:i0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");va.OpenIdJwtInboundPolicy=o0});var lb=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.Auth0JwtInboundPolicy=void 0;var s0=jt(),a0=s(async(e,t,r,n)=>(0,s0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Ta.Auth0JwtInboundPolicy=a0});var db=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.BasicAuthInboundPolicy=void 0;var c0=ie(),u0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>c0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(E=>E.username===m&&E.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Sa.BasicAuthInboundPolicy=u0});var pb=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.CachingInboundPolicy=void 0;var l0=$t(),d0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function p0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(p0,"digestMessage");var h0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await p0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function f0(e,t,r,n){let i=await(0,l0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await h0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);d0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(f0,"CachingInboundPolicy");Ia.CachingInboundPolicy=f0});var hb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ChangeMethodInboundPolicy=void 0;var m0=N(),y0=ke(),g0=s(async(e,t,r,n)=>{if(!r.method)throw new m0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new y0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Pa.ChangeMethodInboundPolicy=g0});var fb=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersInboundPolicy=void 0;var b0=ke(),_0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new b0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Aa.ClearHeadersInboundPolicy=_0});var mb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClearHeadersOutboundPolicy=void 0;var E0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ra.ClearHeadersOutboundPolicy=E0});var yb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.ClerkJwtInboundPolicy=void 0;var w0=jt(),v0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,w0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Oa.ClerkJwtInboundPolicy=v0});var bb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CognitoJwtInboundPolicy=void 0;var gb=N(),T0=jt(),S0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,T0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Na.CognitoJwtInboundPolicy=S0});var Eb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CompositeInboundPolicy=void 0;var I0=N(),P0=mn(),_b=zr(),A0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new I0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=P0.Gateway.instance,o=(0,_b.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,_b.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");xa.CompositeInboundPolicy=A0});var vb=g(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CreditsMeteringInboundPolicy=void 0;var xi=ie(),wb=W(),R0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await O0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await N0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");Ca.CreditsMeteringInboundPolicy=R0;async function O0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=wb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(O0,"getSubscription");async function N0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=wb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(N0,"consumeSubscription")});var Tb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.CurityPhantomTokenInboundPolicy=void 0;var x0=$t(),C0=Kt(),La=ie(),L0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return La.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=D0(i);if(!o)return La.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,x0.getPolicyCacheName)(n,r),c=new C0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),La.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):La.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Da.CurityPhantomTokenInboundPolicy=L0;function D0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(D0,"getToken")});var Sb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FirebaseJwtInboundPolicy=void 0;var U0=qt(),M0=jt(),k0=s(async(e,t,r,n)=>((0,U0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,M0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ua.FirebaseJwtInboundPolicy=k0});var Ib=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.FormDataToJsonInboundPolicy=void 0;var H0=ke(),F0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new H0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ma.FormDataToJsonInboundPolicy=F0});var Pb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.GeoFilterInboundPolicy=void 0;var q0=N(),$0=ie(),Ln="__unknown__",j0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,E=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||E.length>0&&E.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");ka.GeoFilterInboundPolicy=j0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),$0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new q0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Ab=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.JWTScopeValidationInboundPolicy=void 0;var V0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ha.JWTScopeValidationInboundPolicy=V0});var Ob=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.MockApiInboundPolicy=void 0;var G0=ie(),B0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return wp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return wp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Rb(a[c])}else return a.length>0?Rb(a[0]):wp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Fa.MockApiInboundPolicy=B0;function Rb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Rb,"generateResponse");var wp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return G0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Db=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var K0=N(),J0=ve(),z0="Incoming",W0={logRequestBody:!0,logResponseBody:!0};function Nb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Nb,"headersToObject");function xb(){return new Date().toISOString()}s(xb,"timestamp");var vp=new WeakMap,Q0={};function Y0(e,t){let r=vp.get(e);r||(r=Q0);let n=Object.assign({...r},t);vp.set(e,n)}s(Y0,"setMoesifContext");Mn.setMoesifContext=Y0;async function Cb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Cb,"readBody");var Z0={},Tp;function Lb(){if(!Tp)throw new K0.RuntimeError("Invalid State - no _lastLogger");return Tp}s(Lb,"getLastLogger");function X0(e){let t=Z0[e];return t||(t=new J0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Lb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Lb().error({status:i.status,body:await i.text()})})),t}s(X0,"getDispatcher");async function eO(e,t,r,n){Tp=t.log;let i=xb(),o=Object.assign(W0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Cb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=X0(o.applicationId),d=e.headers.get("true-client-ip"),p=vp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Nb(e.headers)},h=o.logResponseBody?await Cb(c,t):void 0,y={time:xb(),status:c.status,headers:Nb(c.headers),body:h},E={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:z0};l.enqueue(E),t.waitUntil(l.waitUntilFlushed())}),e}s(eO,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=eO});var Ub=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.OktaJwtInboundPolicy=void 0;var tO=jt(),rO=s(async(e,t,r,n)=>(0,tO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");qa.OktaJwtInboundPolicy=rO});var Mb=g($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.PropelAuthJwtInboundPolicy=void 0;var nO=(Is(),no(Ss)),iO=jt(),Sp,oO=s(async(e,t,r,n)=>{if(!Sp)try{Sp=await(0,nO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,iO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Sp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");$a.PropelAuthJwtInboundPolicy=oO});var kb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var $e=gt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=et;var Ci=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ci;var Li=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Li;function sO(e,t){if((0,$e.isUndefined)(e))throw new Ci(t)}s(sO,"throwIfUndefined");G.throwIfUndefined=sO;function Ip(e,t){if((0,$e.isUndefinedOrNull)(e))throw new Ci(t)}s(Ip,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Ip;function aO(e,t){if(Ip(e,t),!(0,$e.isString)(e))throw new Li(t,"string")}s(aO,"throwIfNotString");G.throwIfNotString=aO;function cO(e,t){if(Ip(e,t),!(0,$e.isNumber)(e))throw new Li(t,"number")}s(cO,"throwIfNotNumber");G.throwIfNotNumber=cO;var Di=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Di;var kn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function uO(e,t,r,n){if((0,$e.isUndefined)(n))throw new Di(e,t,r)}s(uO,"throwIfOptionUndefined");G.throwIfOptionUndefined=uO;function ja(e,t,r,n){if((0,$e.isUndefinedOrNull)(n))throw new Di(e,t,r)}s(ja,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=ja;function lO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isString)(n))throw new kn(e,t,r,"string")}s(lO,"throwIfOptionNotString");G.throwIfOptionNotString=lO;function dO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isNumber)(n))throw new kn(e,t,r,"number")}s(dO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=dO;function pO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isObject)(n))throw new kn(e,t,r,"object")}s(pO,"throwIfOptionNotObject");G.throwIfOptionNotObject=pO;function hO(e,t){if((0,$e.isUndefined)(e))throw new et(t)}s(hO,"throwIfStateUndefined");G.throwIfStateUndefined=hO;function Va(e,t){if((0,$e.isUndefinedOrNull)(e))throw new et(t)}s(Va,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=Va;function fO(e,t){if(Va(e,t),!(0,$e.isString)(e))throw new et(t);return!0}s(fO,"throwIfStateNotString");G.throwIfStateNotString=fO;function mO(e,t){if(Va(e,t),!(0,$e.isNumber)(e))throw new et(t);return!0}s(mO,"throwIfStateNotNumber");G.throwIfStateNotNumber=mO;function yO(e,t){if(Va(e,t),!(0,$e.isObject)(e))throw new et(t);return!0}s(yO,"throwIfStateNotObject");G.throwIfStateNotObject=yO});var Hb=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Pp=N(),Ga=kb(),Ap=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Ga.throwIfNotString)(t,"redisClientUrl"),(0,Ga.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Ga.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Pp.SystemError("Redis client failed with 401: Unauthorized"):new Pp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Ap;var Rp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Ga.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Pp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Rp});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.RateLimitInboundPolicy=void 0;var gO=Sr(),bO=$t(),_O=ti(),At=N(),EO=ie(),Fb=Be(),Ui=W(),qb=Hb(),$b=gt(),Ba=(0,gO.debug)("zuplo:policies:RateLimitInboundPolicy"),wO="strict",vO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),TO=s(async e=>({key:`ip-${vO(e)}`}),"getIP"),SO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),IO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ka;function PO(e,t){let r;if(Ka)return Ka;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new qb.InMemoryRedisClient,Ka=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,$b.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,$b.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=qb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ka=r,r}s(PO,"getRedisClient");async function jb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(jb,"getCountAndUpdateExpiry");function AO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(AO,"wrapUserFunction");var RO="Retry-After",OO=s(async(e,t,r,n)=>{let i=Date.now(),o=Fb.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[RO]=l.toString()),EO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:AO(r,n),user:SO,ip:TO,all:IO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",E=PO(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??wO)==="async"){let L=await(0,bO.getPolicyCacheName)(n,r),re=new _O.ZoneCache(L,{logger:Fb.SystemLogMap.getLogger(t)}),ne=jb(S,h,E,o,t.requestId),me=await re.get(S);if(me!==void 0&&me<=Date.now()){Ba(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Ge=Math.round((me-Date.now())/1e3);return c(y,Ge)}return t.addEventListener("responseSending",Ge=>{try{let w=Ge,H=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ne;if(Ce.count>m){let cu=Date.now()+Ce.ttlSeconds*1e3,xE=re.put(S,cu,Ce.ttlSeconds).catch(yh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:yh})),yh});return t.waitUntil(xE),Ba(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Ce.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let j=await jb(S,h,E,o,t.requestId);return j.count>m?(Ba(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,j.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ba(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ja.RateLimitInboundPolicy=OO});var Jb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.ReadmeMetricsInboundPolicy=void 0;var NO=ve(),Op=W(),Gb=oi(),Np;function Bb(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(Bb,"headersToNameValuePairs");function xO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(xO,"queryToNameValueParis");function CO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(CO,"parseIntOrUndefined");var Kb={};async function LO(e,t,r,n){let i=new Date,o=Date.now();return Np||(Np={name:"zuplo",version:Op.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Op.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,Gb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,Gb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Op.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Np,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:Bb(e.headers),queryString:xO(e.query)},response:{status:a.status,statusText:a.statusText,headers:Bb(a.headers),content:{size:CO(e.headers.get("content-length"))}}}]}}},d=Kb[r.apiKey];if(!d){let p=r.apiKey;d=new NO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),Kb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(LO,"ReadmeMetricsInboundPolicy");za.ReadmeMetricsInboundPolicy=LO});var zb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersInboundPolicy=void 0;var DO=N(),UO=ke(),MO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new DO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new UO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Wa.RemoveHeadersInboundPolicy=MO});var Wb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveHeadersOutboundPolicy=void 0;var kO=N(),HO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new kO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Qa.RemoveHeadersOutboundPolicy=HO});var Qb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.RemoveQueryParamsInboundPolicy=void 0;var FO=N(),qO=ke(),$O=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new FO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new qO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Ya.RemoveQueryParamsInboundPolicy=$O});var Yb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.ReplaceStringOutboundPolicy=void 0;var jO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Za.ReplaceStringOutboundPolicy=jO});var Xb=g(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.RequestSizeLimitInboundPolicy=void 0;var Zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),VO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?Zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?Zb():e},"RequestSizeLimitInboundPolicy");Xa.RequestSizeLimitInboundPolicy=VO});var ec=g(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function GO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(GO,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=GO;function BO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(BO,"getIdForParameterSchema");tt.getIdForParameterSchema=BO;function KO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(KO,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=KO;function JO(e,t){return`_${kr(e)}__${kr(t)}`}s(JO,"getIdForRefSchema");tt.getIdForRefSchema=JO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=kr});var Mi=g(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var zO=mn(),WO=ec(),QO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=QO;var YO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,WO.getIdForParameterSchema)(r,n,i,u.name),p=zO.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=YO;var ZO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=ZO;var XO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=XO;var eN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=eN;var tN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=tN});var e_=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleBodyValidation=void 0;var rN=mn(),tc=ie(),nN=ec(),Je=Mi();async function iN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,E=tc.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",y,[n],h),(0,Je.shouldReject)(r.validateBody))return E}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=tc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,nN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=rN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=tc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=tc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(iN,"handleBodyValidation");rc.handleBodyValidation=iN});var t_=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handleHeadersValidation=void 0;var oN=ie(),ki=Mi();function sN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=oN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(sN,"handleHeadersValidation");nc.handleHeadersValidation=sN});var r_=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handlePathParameterValidation=void 0;var aN=ie(),Hi=Mi();function cN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=aN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(cN,"handlePathParameterValidation");ic.handlePathParameterValidation=cN});var n_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.handleQueryParameterValidation=void 0;var uN=ie(),Fi=Mi();function lN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=uN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(lN,"handleQueryParameterValidation");oc.handleQueryParameterValidation=lN});var i_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var dN=e_(),pN=t_(),hN=r_(),fN=n_(),mN=s(async(e,t,r)=>{let n=(0,fN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,hN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,pN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,dN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=mN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var o_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RequireOriginInboundPolicy=void 0;var yN=N(),gN=ie(),bN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new yN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return gN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");sc.RequireOriginInboundPolicy=bN});var s_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetBodyInboundPolicy=void 0;var _N=ke(),EN=s(async(e,t,r)=>new _N.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");ac.SetBodyInboundPolicy=EN});var c_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersInboundPolicy=void 0;var a_=N(),wN=ke(),vN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new wN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");cc.SetHeadersInboundPolicy=vN});var l_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetHeadersOutboundPolicy=void 0;var u_=N(),TN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new u_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new u_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");uc.SetHeadersOutboundPolicy=TN});var p_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetQueryParamsInboundPolicy=void 0;var d_=N(),SN=ke(),IN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new d_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new d_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new SN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");lc.SetQueryParamsInboundPolicy=IN});var h_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SetStatusOutboundPolicy=void 0;var PN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");dc.SetStatusOutboundPolicy=PN});var f_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SleepInboundPolicy=void 0;var AN=N(),RN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),ON=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new AN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await RN(r.sleepInMs),e},"SleepInboundPolicy");pc.SleepInboundPolicy=ON});var y_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.SupabaseJwtInboundPolicy=void 0;var m_=N(),NN=ie(),xN=ke(),CN=qt(),LN=jt(),DN=s(async(e,t,r,n)=>{(0,CN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,LN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof xN.ZuploRequest))throw new m_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new m_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?NN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");hc.SupabaseJwtInboundPolicy=DN});var b_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var UN=$t(),MN=Kt(),g_=N(),kN=vi(),HN=qt(),FN=s(async(e,t,r,n)=>{(0,HN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,UN.getPolicyCacheName)(n,r),o=new MN.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await qN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");fc.UpstreamAzureAdServiceAuthInboundPolicy=FN;async function qN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,kN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new g_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new g_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(qN,"getAccessToken")});var E_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var $N=$t(),jN=Kt(),VN=N(),xp=pn(),GN=qt(),__="https://accounts.google.com/o/oauth2/token",Cp,BN=s(async(e,t,r,n)=>{(0,GN.optionValidator)(r,n).required("serviceAccountJson","string"),Cp||(Cp=await xp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,$N.getPolicyCacheName)(n,r),a=new jN.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,xp.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:__,payload:i}),l=await(0,xp.exchangeGgpJwtForIdToken)(__,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new VN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");mc.UpstreamFirebaseAdminAuthInboundPolicy=BN});var w_=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var KN=$t(),JN=Kt(),Fn=N(),zN=fp(),Lp=pn(),WN=oi(),QN=qt(),YN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",ZN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Dp,XN=s(async(e,t,r,n)=>{if((0,QN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(ZN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,WN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,KN.getPolicyCacheName)(n,r),c=new JN.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,zN.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:YN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Lp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");yc.UpstreamFirebaseUserAuthInboundPolicy=XN});var T_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpJwtInboundPolicy=void 0;var v_=pn(),ex=qt(),Up,tx=s(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Up||(Up=await v_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,v_.getTokenFromGcpServiceAccount)({serviceAccount:Up,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");gc.UpstreamGcpJwtInboundPolicy=tx});var I_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.UpstreamGcpServiceAuthInboundPolicy=void 0;var rx=$t(),nx=mu(),ix=Kt(),ox=N(),Mp=pn(),sx=qt(),S_="https://www.googleapis.com/oauth2/v4/token",kp,ax=s(async(e,t,r,n)=>{(0,sx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,rx.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new nx.MemoryCache(i):o=new ix.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:S_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Mp.exchangeGgpJwtForIdToken)(S_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ox.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");bc.UpstreamGcpServiceAuthInboundPolicy=ax});var A_=g(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.ValidateJsonSchemaInbound=void 0;var cx=N(),P_=ie(),ux=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return P_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new cx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return P_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");_c.ValidateJsonSchemaInbound=ux});var N_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.MeteringInboundPolicy=void 0;var R_=Gs(),O_=yn(),Ec=N(),lx=ie(),dx=Be(),px=W(),hx=s(async(e,t,r,n)=>{let i=dx.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=R_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(O_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=O_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ec.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:E,meteringServiceUrl:T}=px.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${E}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=R_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new Ec.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new Ec.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new Ec.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return lx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");wc.MeteringInboundPolicy=hx});var L_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.LoadSubscriptionInboundPolicy=void 0;var fx=ti(),mx=Gs(),x_=yn(),yx=N(),Hp=ie(),C_=Be(),gx=W(),bx=s(async(e,t,r,n)=>{let i=C_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Hp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(x_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=x_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new yx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=gx.Environment.instance,{sub:l}=a,d;try{let m=`${r.bucketId}-${l}`,h=new fx.ZoneCache(m,{logger:C_.SystemLogMap.getLogger(t)}),y=await h.get(m);if(y)d=y;else{let E=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!E.ok)return t.log.error(await E.text()),Hp.HttpProblems.forbidden(e,t);d=await E.json(),h.put(m,d,15).catch(T=>{throw i.error(T),T})}}catch(m){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,m)}if((!d||!d.data||d.data.length===0)&&!o)return Hp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return mx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");vc.LoadSubscriptionInboundPolicy=bx});var D_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.ServiceProviderImpl=void 0;var _x=N(),Fp=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new _x.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Tc.ServiceProviderImpl=Fp});var B_=g(f=>{"use strict";var Ex=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),qp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&Ex(t,e,r)},wx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;vh();var vx=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return vx.MemoryZoneReadThroughCache}});var Tx=ti();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Tx.ZoneCache}});var U_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return U_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return U_.ResponseSentEvent}});var Sx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Sx.ContextData}});var $p=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return $p.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return $p.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return $p.isZuploReadableEnvVariableName}});var Ix=N();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return Ix.ConfigurationError}});var Px=Ad();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Px.originalFetch}});var M_=Qy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return M_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return M_.purgeGatewayCache}});var k_=hg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return k_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return k_.awsLambdaHandler}});var Ax=mg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ax.openApiSpecHandler}});var Rx=yg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Rx.redirectHandler}});var Ox=bg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Ox.urlForwardHandler}});var Nx=Eg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Nx.urlRewriteHandler}});var xx=vg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return xx.webSocketHandler}});var Cx=Ig();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Cx.webSocketPipelineHandler}});var Lx=Fu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Lx.HttpStatusCode}});qp(Lg(),f);qp(Mg(),f);var Dx=kg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Dx.AuditLogDataStaxProvider}});var Ux=Fg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ux.AuditLogPlugin}});qp(Xg(),f);var H_=ib();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return H_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return H_.AmberfloMeteringPolicy}});var Mx=ub();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiAuthKeyInboundPolicy}});var kx=gp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return kx.ApiKeyInboundPolicy}});var Hx=lb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Hx.Auth0JwtInboundPolicy}});var Fx=db();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Fx.BasicAuthInboundPolicy}});var qx=pb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return qx.CachingInboundPolicy}});var $x=hb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return $x.ChangeMethodInboundPolicy}});var jx=fb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersInboundPolicy}});var Vx=mb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Vx.ClearHeadersOutboundPolicy}});var Gx=yb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.ClerkJwtInboundPolicy}});var Bx=bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Bx.CognitoJwtInboundPolicy}});var Kx=Eb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Kx.CompositeInboundPolicy}});var Jx=vb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return Jx.CreditsMeteringInboundPolicy}});var zx=Tb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return zx.CurityPhantomTokenInboundPolicy}});var Wx=Sb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.FirebaseJwtInboundPolicy}});var Qx=Ib();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Qx.FormDataToJsonInboundPolicy}});var Yx=Pb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Yx.GeoFilterInboundPolicy}});var Zx=Ab();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Zx.JWTScopeValidationInboundPolicy}});var Xx=Ob();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Xx.MockApiInboundPolicy}});var F_=Db();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return F_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return F_.setMoesifContext}});var eC=Ub();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return eC.OktaJwtInboundPolicy}});var tC=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return tC.OpenIdJwtInboundPolicy}});var rC=Mb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return rC.PropelAuthJwtInboundPolicy}});var q_=Vb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return q_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return q_.RateLimitInboundPolicy}});var nC=Jb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return nC.ReadmeMetricsInboundPolicy}});var iC=zb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.RemoveHeadersInboundPolicy}});var oC=Wb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.RemoveHeadersOutboundPolicy}});var sC=Qb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.RemoveQueryParamsInboundPolicy}});var aC=Yb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return aC.ReplaceStringOutboundPolicy}});var cC=Xb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return cC.RequestSizeLimitInboundPolicy}});var $_=i_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return $_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return $_.SchemaBasedRequestValidation}});var uC=o_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return uC.RequireOriginInboundPolicy}});var lC=s_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return lC.SetBodyInboundPolicy}});var dC=c_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return dC.SetHeadersInboundPolicy}});var pC=l_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return pC.SetHeadersOutboundPolicy}});var hC=p_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return hC.SetQueryParamsInboundPolicy}});var fC=h_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return fC.SetStatusOutboundPolicy}});var mC=f_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return mC.SleepInboundPolicy}});var yC=cp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return yC.StripeWebhookVerificationInboundPolicy}});var gC=y_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return gC.SupabaseJwtInboundPolicy}});var bC=b_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return bC.UpstreamAzureAdServiceAuthInboundPolicy}});var _C=E_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return _C.UpstreamFirebaseAdminAuthInboundPolicy}});var EC=w_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return EC.UpstreamFirebaseUserAuthInboundPolicy}});var wC=T_();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wC.UpstreamGcpJwtInboundPolicy}});var vC=I_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return vC.UpstreamGcpServiceAuthInboundPolicy}});var TC=A_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return TC.ValidateJsonSchemaInbound}});var SC=N_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return SC.MeteringInboundPolicy}});var IC=L_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return IC.LoadSubscriptionInboundPolicy}});var PC=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return PC.HttpProblems}});var AC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return AC.ProblemResponseFormatter}});var RC=ke();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return RC.ZuploRequest}});var OC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return OC.SystemRouteName}});var j_=bd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return j_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return j_.Router}});var V_=Nu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return V_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return V_.serialize}});var NC=D_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return NC.ServiceProviderImpl}});var G_=Zu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return G_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return G_.SYSTEM_LOGGER}});var xC=$u();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return wx(xC).default}});var CC=Be();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return CC.SystemLogMap}});var qi=ec();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var K_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var jp=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=jp});var J_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.WorkerCryptoBeta=void 0;var Vp=K_(),LC=N(),Gp=class extends Vp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!Vp.supportedDigests.includes(t.toLowerCase()))throw new LC.RuntimeError(`Algorithm ${t} is not supported. Try using ${Vp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Sc.WorkerCryptoBeta=Gp});var z_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.BaseKeyValueStore=void 0;var Bp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Ic.BaseKeyValueStore=Bp});var Q_=g(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.WorkerKeyValueStore=void 0;var W_=N(),DC=z_(),Kp=class extends DC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new W_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new W_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Pc.WorkerKeyValueStore=Kp});var Dt=g(lt=>{"use strict";var UC=lt&&lt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),MC=lt&&lt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&UC(t,e,r)};Object.defineProperty(lt,"__esModule",{value:!0});lt.KeyValueStore=lt.CryptoBeta=void 0;MC(B_(),lt);var kC=J_();Object.defineProperty(lt,"CryptoBeta",{enumerable:!0,get:function(){return kC.WorkerCryptoBeta}});var HC=Q_();Object.defineProperty(lt,"KeyValueStore",{enumerable:!0,get:function(){return HC.WorkerKeyValueStore}})});var BL={};ro(BL,{GraphQLComplexityLimitInboundPolicy:()=>RE,GraphQLDisableIntrospectionInboundPolicy:()=>NE});module.exports=no(BL);var Zn=bh(Dt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var FC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(FC)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Jp(e){return Ac(e.source,$n(e.source,e.start))}s(Jp,"printLocation");function Ac(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
74
+ `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Mr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(fR,"validateComputedSignature");function mR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(mR,"parseHeader");function yR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(yR,"secureCompare");async function $g(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=ap[o[c]];return a.join("")}s($g,"computeHMACSignatureAsync");Nn.computeHMACSignatureAsync=$g;var ap=new Array(256);for(let e=0;e<ap.length;e++)ap[e]=e.toString(16).padStart(2,"0")});var qt=g(pa=>{"use strict";Object.defineProperty(pa,"__esModule",{value:!0});pa.optionValidator=void 0;var Oi=N();function gR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(gR,"optionValidator");pa.optionValidator=gR});var cp=g(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.StripeWebhookVerificationInboundPolicy=void 0;var bR=ie(),_R=jg(),ER=qt(),wR=s(async(e,t,r,n)=>{(0,ER.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,_R.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),bR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ha.StripeWebhookVerificationInboundPolicy=wR});var Gg=g(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.isStripeWebhookEvent=void 0;var Vg=gt();function vR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Vg.isString)(e.id)&&"type"in e&&(0,Vg.isString)(e.type)}s(vR,"isStripeWebhookEvent");fa.isStripeWebhookEvent=vR});var Bg=g(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.MeteringPlugin=void 0;var TR=yt(),up=class extends TR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ma.MeteringPlugin=up});var Jg=g(lp=>{"use strict";Object.defineProperty(lp,"__esModule",{value:!0});var Kg=N(),SR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Kg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Kg.RuntimeError(o)}}};lp.default=SR});var Zg=g(Ni=>{"use strict";var IR=Ni&&Ni.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ni,"__esModule",{value:!0});var yr=N(),zg=ie(),Wg=Be(),Qg=W(),Yg=vi(),PR=IR(Jg()),AR=gt();async function RR(e,t,r,n){let i=r.data?.object?.subscription;if(!i)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data?.object?.client_reference_id,a=r.data?.object?.customer_email;if(!o)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!a)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");let c=await PR.default.getSubscription({logger:t.log,stripeSecretKey:n.stripeSecretKey,subscriptionId:i}),u=c.id,l=c.customer,d=c.items?.data.find(E=>E.object==="subscription_item");if(!d||!d.id)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let p=d.plan;if(!p||!p.product)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let m=p.product,h=await OR({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:m,stripeSubscriptionId:u,stripeCustomerId:l,managerEmail:a,managerSub:o,context:t});if(!h)return zg.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});let y="routes.oas.json";try{await NR({context:t,stripeProductId:m,stripeSubscriptionId:u,customerKey:h,productKey:y,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:l})}catch(E){return zg.HttpProblems.internalServerError(e,t,{detail:E.message})}}s(RR,"onCheckoutSessionCompleted");Ni.default=RR;async function OR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=Qg.Environment.instance,u="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l=new URL(`/v1/buckets/${e}/consumers`,u);l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:`Consumer for Stripe subscription ${t}`,tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},m=await(0,Yg.fetchRetry)({retryDelayMs:5,retries:2,logger:Wg.SystemLogMap.getLogger(a)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await m.json();if(m.status!==200){let y="Error creating API Key Consumer";throw a.log.error(y,h),new yr.RuntimeError(y)}return a.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:t,stripeProductId:r}),d}s(OR,"createConsumer");async function NR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=Qg.Environment.instance;if(!(0,AR.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,Yg.fetchRetry)({retryDelayMs:5,retries:2,logger:Wg.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new yr.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(NR,"saveSubscription")});var Xg=g(xn=>{"use strict";var xR=xn&&xn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(xn,"__esModule",{value:!0});xn.StripeMeteringPlugin=void 0;var ya=yn(),ga=N(),CR=Lt(),LR=cp(),dp=ie(),DR=Qt(),UR=zr(),MR=Hu(),kR=ot(),HR=W(),FR=Gg(),qR=Bg(),$R=xR(Zg()),pp=class extends qR.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ya.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ga.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ya.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ga.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!HR.Environment.instance.build.ACCOUNT_NAME)throw new ga.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!jR(p))throw new ga.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,FR.isStripeWebhookEvent)(m))return dp.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"checkout.session.completed":await(0,$R.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});break;default:return dp.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})}return dp.HttpProblems.ok(c,u)},"stripeWebhookHandler"),i=(0,UR.createInternalPolicyProcessor)({inboundPolicies:[{handler:LR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new CR.Pipeline({processors:[DR.metricsProcessor,i],handler:n,gateway:r}),a=new kR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:MR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};xn.StripeMeteringPlugin=pp;function jR(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(jR,"isMetricsRegion")});var ib=g(Cn=>{"use strict";Object.defineProperty(Cn,"__esModule",{value:!0});Cn.AmberfloMeteringInboundPolicy=Cn.AmberfloMeteringPolicy=void 0;var eb=N(),VR=ve(),tb=oi(),nb=new WeakMap,rb={},hp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){nb.set(t,r)}};Cn.AmberfloMeteringPolicy=hp;async function GR(e,t,r,n){if(!r.statusCodes)throw new eb.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,tb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new eb.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,tb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=rb[r.apiKey];if(!m){let h=r.apiKey,y=e.headers.get("zm-test-id")??"";m=new VR.BatchDispatch("amberflo-ingest-meter",10,async E=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(E),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),rb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(GR,"AmberfloMeteringInboundPolicy");Cn.AmberfloMeteringInboundPolicy=GR});var fp=g(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.sha256=void 0;async function BR(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(BR,"sha256");ba.sha256=BR});var $t=g(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.getPolicyCacheName=void 0;var KR=fp(),ob=new Map;async function JR(e,t){let r,n=ob.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,KR.sha256)(JSON.stringify({policyName:e,options:t}))}`,ob.set(e,r)),r}s(JR,"getPolicyCacheName");_a.getPolicyCacheName=JR});var gp=g(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.ApiKeyInboundPolicy=void 0;var zR=$t(),WR=Kt(),sb=yn(),mp=N(),QR=Dt(),ab=Be(),yp=W(),YR=vi(),cb="key-metadata-cache-type";function ZR(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(ZR,"getKeyValue");async function XR(e,t,r,n){if(!r.bucketName)if(sb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=sb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new mp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new mp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:QR.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=ZR(a,i);if(!c||c==="")return o("No key present");let u=await e0(c),l=await(0,zR.getPolicyCacheName)(n,i),d=new WR.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==cb&&ab.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,YR.fetchRetry)({retryDelayMs:5,retries:2,logger:ab.SystemLogMap.getLogger(t)},`${yp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":yp.Environment.instance.deploymentName??"unknown","User-Agent":yp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new mp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),E={isValid:!0,typeId:cb,user:{sub:y.name,data:y.metadata}};return e.user=E.user,d.put(u,E,i.cacheTtlSeconds),e}s(XR,"ApiKeyInboundPolicy");Ea.ApiKeyInboundPolicy=XR;async function e0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(e0,"hashValue")});var ub=g(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.ApiAuthKeyInboundPolicy=void 0;var t0=gp();wa.ApiAuthKeyInboundPolicy=t0.ApiKeyInboundPolicy});var jt=g(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.OpenIdJwtInboundPolicy=void 0;var _p=(Is(),no(Ss)),Ep=N(),r0=ie(),bp={},n0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ep.ConfigurationError("Invalid State - jwkUrl not set");bp[t.jwkUrl]||(bp[t.jwkUrl]=(0,_p.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,_p.jwtVerify)(e,bp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),i0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,_p.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),o0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>r0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ep.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?n0:i0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let y=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${y.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");va.OpenIdJwtInboundPolicy=o0});var lb=g(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.Auth0JwtInboundPolicy=void 0;var s0=jt(),a0=s(async(e,t,r,n)=>(0,s0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Ta.Auth0JwtInboundPolicy=a0});var db=g(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.BasicAuthInboundPolicy=void 0;var c0=ie(),u0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>c0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(E=>E.username===m&&E.password===h);return y||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Sa.BasicAuthInboundPolicy=u0});var pb=g(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.CachingInboundPolicy=void 0;var l0=$t(),d0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function p0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(p0,"digestMessage");var h0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await p0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function f0(e,t,r,n){let i=await(0,l0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await h0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);d0.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(f0,"CachingInboundPolicy");Ia.CachingInboundPolicy=f0});var hb=g(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.ChangeMethodInboundPolicy=void 0;var m0=N(),y0=ke(),g0=s(async(e,t,r,n)=>{if(!r.method)throw new m0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new y0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Pa.ChangeMethodInboundPolicy=g0});var fb=g(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ClearHeadersInboundPolicy=void 0;var b0=ke(),_0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new b0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Aa.ClearHeadersInboundPolicy=_0});var mb=g(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClearHeadersOutboundPolicy=void 0;var E0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ra.ClearHeadersOutboundPolicy=E0});var yb=g(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.ClerkJwtInboundPolicy=void 0;var w0=jt(),v0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,w0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Oa.ClerkJwtInboundPolicy=v0});var bb=g(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.CognitoJwtInboundPolicy=void 0;var gb=N(),T0=jt(),S0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,T0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Na.CognitoJwtInboundPolicy=S0});var Eb=g(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CompositeInboundPolicy=void 0;var I0=N(),P0=mn(),_b=zr(),A0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new I0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=P0.Gateway.instance,o=(0,_b.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,_b.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");xa.CompositeInboundPolicy=A0});var vb=g(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CreditsMeteringInboundPolicy=void 0;var xi=ie(),wb=W(),R0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await O0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await N0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");Ca.CreditsMeteringInboundPolicy=R0;async function O0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=wb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(O0,"getSubscription");async function N0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=wb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(N0,"consumeSubscription")});var Tb=g(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.CurityPhantomTokenInboundPolicy=void 0;var x0=$t(),C0=Kt(),La=ie(),L0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return La.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=D0(i);if(!o)return La.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,x0.getPolicyCacheName)(n,r),c=new C0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),La.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):La.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Da.CurityPhantomTokenInboundPolicy=L0;function D0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(D0,"getToken")});var Sb=g(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.FirebaseJwtInboundPolicy=void 0;var U0=qt(),M0=jt(),k0=s(async(e,t,r,n)=>((0,U0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,M0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ua.FirebaseJwtInboundPolicy=k0});var Ib=g(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.FormDataToJsonInboundPolicy=void 0;var H0=ke(),F0=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new H0.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ma.FormDataToJsonInboundPolicy=F0});var Pb=g(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.GeoFilterInboundPolicy=void 0;var q0=N(),$0=ie(),Ln="__unknown__",j0=s(async(e,t,r,n)=>{let i={allow:{countries:Un(r.allow?.countries,"allow.countries",n),regionCodes:Un(r.allow?.regionCodes,"allow.regionCode",n),asns:Un(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Un(r.block?.countries,"block.countries",n),regionCodes:Un(r.block?.regionCodes,"block.regionCode",n),asns:Un(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Ln,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Ln,c=t.incomingRequestProperties.asn?.toString()??Ln,u=i.ignoreUnknown&&o===Ln,l=i.ignoreUnknown&&a===Ln,d=i.ignoreUnknown&&c===Ln,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Dn(e,t,n,o,a,c);let y=i.block.countries,E=i.block.regionCodes,T=i.block.asns;return y.length>0&&y.includes(o)&&!u||E.length>0&&E.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Dn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");ka.GeoFilterInboundPolicy=j0;function Dn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),$0.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Dn,"blockedResponse");function Un(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new q0.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Un,"toLowerStringArray")});var Ab=g(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.JWTScopeValidationInboundPolicy=void 0;var V0=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ha.JWTScopeValidationInboundPolicy=V0});var Ob=g(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.MockApiInboundPolicy=void 0;var G0=ie(),B0=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return wp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return wp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Rb(a[c])}else return a.length>0?Rb(a[0]):wp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Fa.MockApiInboundPolicy=B0;function Rb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Rb,"generateResponse");var wp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return G0.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Db=g(Mn=>{"use strict";Object.defineProperty(Mn,"__esModule",{value:!0});Mn.MoesifInboundPolicy=Mn.setMoesifContext=void 0;var K0=N(),J0=ve(),z0="Incoming",W0={logRequestBody:!0,logResponseBody:!0};function Nb(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(Nb,"headersToObject");function xb(){return new Date().toISOString()}s(xb,"timestamp");var vp=new WeakMap,Q0={};function Y0(e,t){let r=vp.get(e);r||(r=Q0);let n=Object.assign({...r},t);vp.set(e,n)}s(Y0,"setMoesifContext");Mn.setMoesifContext=Y0;async function Cb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Cb,"readBody");var Z0={},Tp;function Lb(){if(!Tp)throw new K0.RuntimeError("Invalid State - no _lastLogger");return Tp}s(Lb,"getLastLogger");function X0(e){let t=Z0[e];return t||(t=new J0.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Lb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Lb().error({status:i.status,body:await i.text()})})),t}s(X0,"getDispatcher");async function eO(e,t,r,n){Tp=t.log;let i=xb(),o=Object.assign(W0,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Cb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=X0(o.applicationId),d=e.headers.get("true-client-ip"),p=vp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:Nb(e.headers)},h=o.logResponseBody?await Cb(c,t):void 0,y={time:xb(),status:c.status,headers:Nb(c.headers),body:h},E={request:m,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:z0};l.enqueue(E),t.waitUntil(l.waitUntilFlushed())}),e}s(eO,"MoesifInboundPolicy");Mn.MoesifInboundPolicy=eO});var Ub=g(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.OktaJwtInboundPolicy=void 0;var tO=jt(),rO=s(async(e,t,r,n)=>(0,tO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");qa.OktaJwtInboundPolicy=rO});var Mb=g($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.PropelAuthJwtInboundPolicy=void 0;var nO=(Is(),no(Ss)),iO=jt(),Sp,oO=s(async(e,t,r,n)=>{if(!Sp)try{Sp=await(0,nO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,iO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Sp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");$a.PropelAuthJwtInboundPolicy=oO});var kb=g(G=>{"use strict";Object.defineProperty(G,"__esModule",{value:!0});G.throwIfStateNotObject=G.throwIfStateNotNumber=G.throwIfStateNotString=G.throwIfStateUndefinedOrNull=G.throwIfStateUndefined=G.throwIfOptionNotObject=G.throwIfOptionNotNumber=G.throwIfOptionNotString=G.throwIfOptionUndefinedOrNull=G.throwIfOptionUndefined=G.OptionTypeError=G.OptionUndefinedError=G.throwIfNotNumber=G.throwIfNotString=G.throwIfUndefinedOrNull=G.throwIfUndefined=G.ArgumentTypeError=G.ArgumentUndefinedError=G.ValidationError=void 0;var $e=gt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};G.ValidationError=et;var Ci=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};G.ArgumentUndefinedError=Ci;var Li=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};G.ArgumentTypeError=Li;function sO(e,t){if((0,$e.isUndefined)(e))throw new Ci(t)}s(sO,"throwIfUndefined");G.throwIfUndefined=sO;function Ip(e,t){if((0,$e.isUndefinedOrNull)(e))throw new Ci(t)}s(Ip,"throwIfUndefinedOrNull");G.throwIfUndefinedOrNull=Ip;function aO(e,t){if(Ip(e,t),!(0,$e.isString)(e))throw new Li(t,"string")}s(aO,"throwIfNotString");G.throwIfNotString=aO;function cO(e,t){if(Ip(e,t),!(0,$e.isNumber)(e))throw new Li(t,"number")}s(cO,"throwIfNotNumber");G.throwIfNotNumber=cO;var Di=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};G.OptionUndefinedError=Di;var kn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};G.OptionTypeError=kn;function uO(e,t,r,n){if((0,$e.isUndefined)(n))throw new Di(e,t,r)}s(uO,"throwIfOptionUndefined");G.throwIfOptionUndefined=uO;function ja(e,t,r,n){if((0,$e.isUndefinedOrNull)(n))throw new Di(e,t,r)}s(ja,"throwIfOptionUndefinedOrNull");G.throwIfOptionUndefinedOrNull=ja;function lO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isString)(n))throw new kn(e,t,r,"string")}s(lO,"throwIfOptionNotString");G.throwIfOptionNotString=lO;function dO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isNumber)(n))throw new kn(e,t,r,"number")}s(dO,"throwIfOptionNotNumber");G.throwIfOptionNotNumber=dO;function pO(e,t,r,n){if(ja(e,t,r,n),!(0,$e.isObject)(n))throw new kn(e,t,r,"object")}s(pO,"throwIfOptionNotObject");G.throwIfOptionNotObject=pO;function hO(e,t){if((0,$e.isUndefined)(e))throw new et(t)}s(hO,"throwIfStateUndefined");G.throwIfStateUndefined=hO;function Va(e,t){if((0,$e.isUndefinedOrNull)(e))throw new et(t)}s(Va,"throwIfStateUndefinedOrNull");G.throwIfStateUndefinedOrNull=Va;function fO(e,t){if(Va(e,t),!(0,$e.isString)(e))throw new et(t);return!0}s(fO,"throwIfStateNotString");G.throwIfStateNotString=fO;function mO(e,t){if(Va(e,t),!(0,$e.isNumber)(e))throw new et(t);return!0}s(mO,"throwIfStateNotNumber");G.throwIfStateNotNumber=mO;function yO(e,t){if(Va(e,t),!(0,$e.isObject)(e))throw new et(t);return!0}s(yO,"throwIfStateNotObject");G.throwIfStateNotObject=yO});var Hb=g(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.InMemoryRedisClient=Hn.StandardRedisClient=void 0;var Pp=N(),Ga=kb(),Ap=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Ga.throwIfNotString)(t,"redisClientUrl"),(0,Ga.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Ga.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Pp.SystemError("Redis client failed with 401: Unauthorized"):new Pp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Hn.StandardRedisClient=Ap;var Rp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Ga.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Pp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Hn.InMemoryRedisClient=Rp});var Vb=g(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.RateLimitInboundPolicy=void 0;var gO=Sr(),bO=$t(),_O=ti(),At=N(),EO=ie(),Fb=Be(),Ui=W(),qb=Hb(),$b=gt(),Ba=(0,gO.debug)("zuplo:policies:RateLimitInboundPolicy"),wO="strict",vO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),TO=s(async e=>({key:`ip-${vO(e)}`}),"getIP"),SO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),IO=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ka;function PO(e,t){let r;if(Ka)return Ka;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new qb.InMemoryRedisClient,Ka=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,$b.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,$b.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=qb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ka=r,r}s(PO,"getRedisClient");async function jb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(jb,"getCountAndUpdateExpiry");function AO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(AO,"wrapUserFunction");var RO="Retry-After",OO=s(async(e,t,r,n)=>{let i=Date.now(),o=Fb.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[RO]=l.toString()),EO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:AO(r,n),user:SO,ip:TO,all:IO}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,y=r.headerMode??"retry-after",E=PO(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??wO)==="async"){let L=await(0,bO.getPolicyCacheName)(n,r),re=new _O.ZoneCache(L,{logger:Fb.SystemLogMap.getLogger(t)}),ne=jb(S,h,E,o,t.requestId),me=await re.get(S);if(me!==void 0&&me<=Date.now()){Ba(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Ge=Math.round((me-Date.now())/1e3);return c(y,Ge)}return t.addEventListener("responseSending",Ge=>{try{let w=Ge,H=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ne;if(Ce.count>m){let cu=Date.now()+Ce.ttlSeconds*1e3,xE=re.put(S,cu,Ce.ttlSeconds).catch(yh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:yh})),yh});return t.waitUntil(xE),Ba(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(y,Ce.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let j=await jb(S,h,E,o,t.requestId);return j.count>m?(Ba(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(y,j.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ba(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Ja.RateLimitInboundPolicy=OO});var Jb=g(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.ReadmeMetricsInboundPolicy=void 0;var NO=ve(),Op=W(),Gb=oi(),Np;function Bb(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(Bb,"headersToNameValuePairs");function xO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(xO,"queryToNameValueParis");function CO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(CO,"parseIntOrUndefined");var Kb={};async function LO(e,t,r,n){let i=new Date,o=Date.now();return Np||(Np={name:"zuplo",version:Op.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Op.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,Gb.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,Gb.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Op.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Np,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:Bb(e.headers),queryString:xO(e.query)},response:{status:a.status,statusText:a.statusText,headers:Bb(a.headers),content:{size:CO(e.headers.get("content-length"))}}}]}}},d=Kb[r.apiKey];if(!d){let p=r.apiKey;d=new NO.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),Kb[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(LO,"ReadmeMetricsInboundPolicy");za.ReadmeMetricsInboundPolicy=LO});var zb=g(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.RemoveHeadersInboundPolicy=void 0;var DO=N(),UO=ke(),MO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new DO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new UO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Wa.RemoveHeadersInboundPolicy=MO});var Wb=g(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveHeadersOutboundPolicy=void 0;var kO=N(),HO=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new kO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Qa.RemoveHeadersOutboundPolicy=HO});var Qb=g(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.RemoveQueryParamsInboundPolicy=void 0;var FO=N(),qO=ke(),$O=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new FO.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new qO.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Ya.RemoveQueryParamsInboundPolicy=$O});var Yb=g(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.ReplaceStringOutboundPolicy=void 0;var jO=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Za.ReplaceStringOutboundPolicy=jO});var Xb=g(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.RequestSizeLimitInboundPolicy=void 0;var Zb=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),VO=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?Zb():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?Zb():e},"RequestSizeLimitInboundPolicy");Xa.RequestSizeLimitInboundPolicy=VO});var ec=g(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function GO(e,t,r){return`_${kr(e+"_"+t+"_"+r)}`}s(GO,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=GO;function BO(e,t,r,n){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(BO,"getIdForParameterSchema");tt.getIdForParameterSchema=BO;function KO(e,t,r){return`_${kr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${kr(r.toLowerCase())}`}s(KO,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=KO;function JO(e,t){return`_${kr(e)}__${kr(t)}`}s(JO,"getIdForRefSchema");tt.getIdForRefSchema=JO;function kr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(kr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=kr});var Mi=g(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var zO=mn(),WO=ec(),QO=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=QO;var YO=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,WO.getIdForParameterSchema)(r,n,i,u.name),p=zO.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=YO;var ZO=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=ZO;var XO=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=XO;var eN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=eN;var tN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=tN});var e_=g(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.handleBodyValidation=void 0;var rN=mn(),tc=ie(),nN=ec(),Je=Mi();async function iN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let y=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,E=tc.HttpProblems.badRequest(t,e,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",y,[n],h),(0,Je.shouldReject)(r.validateBody))return E}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,y=tc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,nN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=rN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,y=tc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=tc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(iN,"handleBodyValidation");rc.handleBodyValidation=iN});var t_=g(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handleHeadersValidation=void 0;var oN=ie(),ki=Mi();function sN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=oN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(sN,"handleHeadersValidation");nc.handleHeadersValidation=sN});var r_=g(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handlePathParameterValidation=void 0;var aN=ie(),Hi=Mi();function cN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=aN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(cN,"handlePathParameterValidation");ic.handlePathParameterValidation=cN});var n_=g(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.handleQueryParameterValidation=void 0;var uN=ie(),Fi=Mi();function lN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=uN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(lN,"handleQueryParameterValidation");oc.handleQueryParameterValidation=lN});var i_=g(Hr=>{"use strict";Object.defineProperty(Hr,"__esModule",{value:!0});Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy=void 0;var dN=e_(),pN=t_(),hN=r_(),fN=n_(),mN=s(async(e,t,r)=>{let n=(0,fN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,hN.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,pN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,dN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Hr.RequestValidationInboundPolicy=mN;Hr.SchemaBasedRequestValidation=Hr.RequestValidationInboundPolicy});var o_=g(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RequireOriginInboundPolicy=void 0;var yN=N(),gN=ie(),bN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new yN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return gN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");sc.RequireOriginInboundPolicy=bN});var s_=g(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.SetBodyInboundPolicy=void 0;var _N=ke(),EN=s(async(e,t,r)=>new _N.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");ac.SetBodyInboundPolicy=EN});var c_=g(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetHeadersInboundPolicy=void 0;var a_=N(),wN=ke(),vN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new a_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new a_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new wN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");cc.SetHeadersInboundPolicy=vN});var l_=g(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetHeadersOutboundPolicy=void 0;var u_=N(),TN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new u_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new u_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");uc.SetHeadersOutboundPolicy=TN});var p_=g(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetQueryParamsInboundPolicy=void 0;var d_=N(),SN=ke(),IN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new d_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new d_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new SN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");lc.SetQueryParamsInboundPolicy=IN});var h_=g(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SetStatusOutboundPolicy=void 0;var PN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");dc.SetStatusOutboundPolicy=PN});var f_=g(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SleepInboundPolicy=void 0;var AN=N(),RN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),ON=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new AN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await RN(r.sleepInMs),e},"SleepInboundPolicy");pc.SleepInboundPolicy=ON});var y_=g(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.SupabaseJwtInboundPolicy=void 0;var m_=N(),NN=ie(),xN=ke(),CN=qt(),LN=jt(),DN=s(async(e,t,r,n)=>{(0,CN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,LN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof xN.ZuploRequest))throw new m_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new m_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?NN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");hc.SupabaseJwtInboundPolicy=DN});var b_=g(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var UN=$t(),MN=Kt(),g_=N(),kN=vi(),HN=qt(),FN=s(async(e,t,r,n)=>{(0,HN.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,UN.getPolicyCacheName)(n,r),o=new MN.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await qN(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");fc.UpstreamAzureAdServiceAuthInboundPolicy=FN;async function qN(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,kN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new g_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new g_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(qN,"getAccessToken")});var E_=g(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var $N=$t(),jN=Kt(),VN=N(),xp=pn(),GN=qt(),__="https://accounts.google.com/o/oauth2/token",Cp,BN=s(async(e,t,r,n)=>{(0,GN.optionValidator)(r,n).required("serviceAccountJson","string"),Cp||(Cp=await xp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,$N.getPolicyCacheName)(n,r),a=new jN.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,xp.getTokenFromGcpServiceAccount)({serviceAccount:Cp,audience:__,payload:i}),l=await(0,xp.exchangeGgpJwtForIdToken)(__,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new VN.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");mc.UpstreamFirebaseAdminAuthInboundPolicy=BN});var w_=g(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var KN=$t(),JN=Kt(),Fn=N(),zN=fp(),Lp=pn(),WN=oi(),QN=qt(),YN="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",ZN=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Dp,XN=s(async(e,t,r,n)=>{if((0,QN.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Fn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(ZN.indexOf(p)!==-1)throw new Fn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Dp||(Dp=await Lp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Fn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,WN.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Fn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,KN.getPolicyCacheName)(n,r),c=new JN.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,zN.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Lp.getTokenFromGcpServiceAccount)({serviceAccount:Dp,audience:YN,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Lp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Fn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");yc.UpstreamFirebaseUserAuthInboundPolicy=XN});var T_=g(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamGcpJwtInboundPolicy=void 0;var v_=pn(),ex=qt(),Up,tx=s(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Up||(Up=await v_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,v_.getTokenFromGcpServiceAccount)({serviceAccount:Up,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");gc.UpstreamGcpJwtInboundPolicy=tx});var I_=g(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.UpstreamGcpServiceAuthInboundPolicy=void 0;var rx=$t(),nx=mu(),ix=Kt(),ox=N(),Mp=pn(),sx=qt(),S_="https://www.googleapis.com/oauth2/v4/token",kp,ax=s(async(e,t,r,n)=>{(0,sx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,rx.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new nx.MemoryCache(i):o=new ix.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:S_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,Mp.exchangeGgpJwtForIdToken)(S_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new ox.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");bc.UpstreamGcpServiceAuthInboundPolicy=ax});var A_=g(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.ValidateJsonSchemaInbound=void 0;var cx=N(),P_=ie(),ux=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return P_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new cx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return P_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");_c.ValidateJsonSchemaInbound=ux});var N_=g(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.MeteringInboundPolicy=void 0;var R_=Gs(),O_=yn(),Ec=N(),lx=ie(),dx=Be(),px=W(),hx=s(async(e,t,r,n)=>{let i=dx.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=R_.ContextData.get(m,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(O_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=O_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ec.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:E,meteringServiceUrl:T}=px.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${E}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=R_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new Ec.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new Ec.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new Ec.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return lx.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");wc.MeteringInboundPolicy=hx});var L_=g(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.LoadSubscriptionInboundPolicy=void 0;var fx=ti(),mx=Gs(),x_=yn(),yx=N(),Hp=ie(),C_=Be(),gx=W(),bx=s(async(e,t,r,n)=>{let i=C_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Hp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(x_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=x_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new yx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=gx.Environment.instance,{sub:l}=a,d;try{let m=`${r.bucketId}-${l}`,h=new fx.ZoneCache(m,{logger:C_.SystemLogMap.getLogger(t)}),y=await h.get(m);if(y)d=y;else{let E=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!E.ok)return t.log.error(await E.text()),Hp.HttpProblems.forbidden(e,t);d=await E.json(),h.put(m,d,15).catch(T=>{throw i.error(T),T})}}catch(m){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,m)}if((!d||!d.data||d.data.length===0)&&!o)return Hp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return mx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");vc.LoadSubscriptionInboundPolicy=bx});var D_=g(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.ServiceProviderImpl=void 0;var _x=N(),Fp=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new _x.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Tc.ServiceProviderImpl=Fp});var B_=g(f=>{"use strict";var Ex=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),qp=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&Ex(t,e,r)},wx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CreditsMeteringInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.LoadSubscriptionInboundPolicy=f.MeteringInboundPolicy=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=void 0;vh();var vx=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return vx.MemoryZoneReadThroughCache}});var Tx=ti();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Tx.ZoneCache}});var U_=Ir();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return U_.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return U_.ResponseSentEvent}});var Sx=Gs();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Sx.ContextData}});var $p=yn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return $p.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return $p.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return $p.isZuploReadableEnvVariableName}});var Ix=N();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return Ix.ConfigurationError}});var Px=Ad();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Px.originalFetch}});var M_=Qy();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return M_.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return M_.purgeGatewayCache}});var k_=hg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return k_.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return k_.awsLambdaHandler}});var Ax=mg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ax.openApiSpecHandler}});var Rx=yg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Rx.redirectHandler}});var Ox=bg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Ox.urlForwardHandler}});var Nx=Eg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Nx.urlRewriteHandler}});var xx=vg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return xx.webSocketHandler}});var Cx=Ig();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Cx.webSocketPipelineHandler}});var Lx=Fu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Lx.HttpStatusCode}});qp(Lg(),f);qp(Mg(),f);var Dx=kg();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Dx.AuditLogDataStaxProvider}});var Ux=Fg();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ux.AuditLogPlugin}});qp(Xg(),f);var H_=ib();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return H_.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return H_.AmberfloMeteringPolicy}});var Mx=ub();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiAuthKeyInboundPolicy}});var kx=gp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return kx.ApiKeyInboundPolicy}});var Hx=lb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Hx.Auth0JwtInboundPolicy}});var Fx=db();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Fx.BasicAuthInboundPolicy}});var qx=pb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return qx.CachingInboundPolicy}});var $x=hb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return $x.ChangeMethodInboundPolicy}});var jx=fb();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersInboundPolicy}});var Vx=mb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Vx.ClearHeadersOutboundPolicy}});var Gx=yb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.ClerkJwtInboundPolicy}});var Bx=bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Bx.CognitoJwtInboundPolicy}});var Kx=Eb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Kx.CompositeInboundPolicy}});var Jx=vb();Object.defineProperty(f,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return Jx.CreditsMeteringInboundPolicy}});var zx=Tb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return zx.CurityPhantomTokenInboundPolicy}});var Wx=Sb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Wx.FirebaseJwtInboundPolicy}});var Qx=Ib();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Qx.FormDataToJsonInboundPolicy}});var Yx=Pb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Yx.GeoFilterInboundPolicy}});var Zx=Ab();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Zx.JWTScopeValidationInboundPolicy}});var Xx=Ob();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Xx.MockApiInboundPolicy}});var F_=Db();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return F_.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return F_.setMoesifContext}});var eC=Ub();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return eC.OktaJwtInboundPolicy}});var tC=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return tC.OpenIdJwtInboundPolicy}});var rC=Mb();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return rC.PropelAuthJwtInboundPolicy}});var q_=Vb();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return q_.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return q_.RateLimitInboundPolicy}});var nC=Jb();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return nC.ReadmeMetricsInboundPolicy}});var iC=zb();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.RemoveHeadersInboundPolicy}});var oC=Wb();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.RemoveHeadersOutboundPolicy}});var sC=Qb();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sC.RemoveQueryParamsInboundPolicy}});var aC=Yb();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return aC.ReplaceStringOutboundPolicy}});var cC=Xb();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return cC.RequestSizeLimitInboundPolicy}});var $_=i_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return $_.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return $_.SchemaBasedRequestValidation}});var uC=o_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return uC.RequireOriginInboundPolicy}});var lC=s_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return lC.SetBodyInboundPolicy}});var dC=c_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return dC.SetHeadersInboundPolicy}});var pC=l_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return pC.SetHeadersOutboundPolicy}});var hC=p_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return hC.SetQueryParamsInboundPolicy}});var fC=h_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return fC.SetStatusOutboundPolicy}});var mC=f_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return mC.SleepInboundPolicy}});var yC=cp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return yC.StripeWebhookVerificationInboundPolicy}});var gC=y_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return gC.SupabaseJwtInboundPolicy}});var bC=b_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return bC.UpstreamAzureAdServiceAuthInboundPolicy}});var _C=E_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return _C.UpstreamFirebaseAdminAuthInboundPolicy}});var EC=w_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return EC.UpstreamFirebaseUserAuthInboundPolicy}});var wC=T_();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wC.UpstreamGcpJwtInboundPolicy}});var vC=I_();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return vC.UpstreamGcpServiceAuthInboundPolicy}});var TC=A_();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return TC.ValidateJsonSchemaInbound}});var SC=N_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return SC.MeteringInboundPolicy}});var IC=L_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return IC.LoadSubscriptionInboundPolicy}});var PC=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return PC.HttpProblems}});var AC=go();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return AC.ProblemResponseFormatter}});var RC=ke();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return RC.ZuploRequest}});var OC=Ar();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return OC.SystemRouteName}});var j_=bd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return j_.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return j_.Router}});var V_=Nu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return V_.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return V_.serialize}});var NC=D_();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return NC.ServiceProviderImpl}});var G_=Zu();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return G_.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return G_.SYSTEM_LOGGER}});var xC=$u();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return wx(xC).default}});var CC=Be();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return CC.SystemLogMap}});var qi=ec();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var K_=g(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.BaseCryptoBeta=qn.supportedDigests=void 0;qn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var jp=class{static{s(this,"BaseCryptoBeta")}};qn.BaseCryptoBeta=jp});var J_=g(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.WorkerCryptoBeta=void 0;var Vp=K_(),LC=N(),Gp=class extends Vp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!Vp.supportedDigests.includes(t.toLowerCase()))throw new LC.RuntimeError(`Algorithm ${t} is not supported. Try using ${Vp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Sc.WorkerCryptoBeta=Gp});var z_=g(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.BaseKeyValueStore=void 0;var Bp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Ic.BaseKeyValueStore=Bp});var Q_=g(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.WorkerKeyValueStore=void 0;var W_=N(),DC=z_(),Kp=class extends DC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new W_.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new W_.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Pc.WorkerKeyValueStore=Kp});var Dt=g(lt=>{"use strict";var UC=lt&&lt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),MC=lt&&lt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&UC(t,e,r)};Object.defineProperty(lt,"__esModule",{value:!0});lt.KeyValueStore=lt.CryptoBeta=void 0;MC(B_(),lt);var kC=J_();Object.defineProperty(lt,"CryptoBeta",{enumerable:!0,get:function(){return kC.WorkerCryptoBeta}});var HC=Q_();Object.defineProperty(lt,"KeyValueStore",{enumerable:!0,get:function(){return HC.WorkerKeyValueStore}})});var BL={};ro(BL,{GraphQLComplexityLimitInboundPolicy:()=>RE,GraphQLDisableIntrospectionInboundPolicy:()=>NE});module.exports=no(BL);var Zn=bh(Dt());function B(e,t){if(!!!e)throw new Error(t)}s(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var FC=/\r\n|[\n\r]/g;function $n(e,t){let r=0,n=1;for(let i of e.body.matchAll(FC)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s($n,"getLocation");function Jp(e){return Ac(e.source,$n(e.source,e.start))}s(Jp,"printLocation");function Ac(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
75
75
  `,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,y=[];for(let E=0;E<p.length;E+=80)y.push(p.slice(E,E+80));return l+Y_([[`${a} |`,y[0]],...y.slice(1,m+1).map(E=>["|",E]),["|","^".padStart(h)],["|",y[m+1]]])}return l+Y_([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Ac,"printSourceLocation");function Y_(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
76
76
  `)}s(Y_,"printPrefixedLines");function qC(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(qC,"toNormalizedOptions");var C=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=qC(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=Z_(Array.isArray(a)?a:a?[a]:void 0);let m=Z_((n=this.nodes)===null||n===void 0?void 0:n.map(y=>y.loc).filter(y=>y!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(y=>y.start),this.locations=u&&c?u.map(y=>$n(c,y)):m?.map(y=>$n(y.source,y.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
77
77
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zuplo/graphql",
3
- "version": "5.1756.0",
3
+ "version": "5.1757.0",
4
4
  "repository": "https://github.com/zuplo/zuplo",
5
5
  "author": "Zuplo, Inc.",
6
6
  "exports": {