@zuplo/graphql 5.1761.0 → 5.1762.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new kr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new kr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(AR,"validateComputedSignature");function RR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(RR,"parseHeader");function OR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(OR,"secureCompare");async function Jg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=lp[o[c]];return a.join("")}s(Jg,"computeHMACSignatureAsync");xn.computeHMACSignatureAsync=Jg;var lp=new Array(256);for(let e=0;e<lp.length;e++)lp[e]=e.toString(16).padStart(2,"0")});var qt=y(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.optionValidator=void 0;var Oi=O();function NR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(NR,"optionValidator");ha.optionValidator=NR});var dp=y(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.StripeWebhookVerificationInboundPolicy=void 0;var xR=te(),CR=zg(),LR=qt(),DR=s(async(e,t,r,n)=>{(0,LR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,CR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),xR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");fa.StripeWebhookVerificationInboundPolicy=DR});var Qg=y(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.isStripeWebhookEvent=void 0;var Wg=st();function UR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Wg.isString)(e.id)&&"type"in e&&(0,Wg.isString)(e.type)}s(UR,"isStripeWebhookEvent");ma.isStripeWebhookEvent=UR});var Yg=y(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.MeteringPlugin=void 0;var MR=gt(),pp=class extends MR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ya.MeteringPlugin=pp});var Xg=y(hp=>{"use strict";Object.defineProperty(hp,"__esModule",{value:!0});var Zg=O(),kR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Zg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Zg.RuntimeError(o)}}};hp.default=kR});var nb=y(Ni=>{"use strict";var HR=Ni&&Ni.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ni,"__esModule",{value:!0});var yr=O(),fp=te(),eb=He(),tb=W(),rb=hn(),FR=HR(Xg()),qR=st();async function $R(e,t,r,n){let i=r.data?.object?.subscription;if(!i)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data?.object?.client_reference_id,a=r.data?.object?.customer_email;if(!o)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!a)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");let c=await FR.default.getSubscription({logger:t.log,stripeSecretKey:n.stripeSecretKey,subscriptionId:i}),u=c.id,l=c.customer,d=c.items?.data.find(_=>_.object==="subscription_item");if(!d||!d.id)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let p=d.plan;if(!p||!p.product)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let f=p.product,h=await jR({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:f,stripeSubscriptionId:u,stripeCustomerId:l,managerEmail:a,managerSub:o,context:t});if(!h)return fp.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});let g="routes.oas.json";try{await VR({context:t,stripeProductId:f,stripeSubscriptionId:u,customerKey:h,productKey:g,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:l})}catch(_){return fp.HttpProblems.internalServerError(e,t,{detail:_.message})}return fp.HttpProblems.ok(e,t)}s($R,"onCheckoutSessionCompleted");Ni.default=$R;async function jR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=tb.Environment.instance,u="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l=new URL(`/v1/buckets/${e}/consumers`,u);l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},f=await(0,rb.fetchRetry)({retryDelayMs:5,retries:2,logger:eb.SystemLogMap.getLogger(a)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await f.json();if(f.status!==200){let g="Error creating API Key Consumer";throw a.log.error(g,h),new yr.RuntimeError(g)}return a.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:t,stripeProductId:r}),d}s(jR,"createConsumer");async function VR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=tb.Environment.instance;if(!(0,qR.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,rb.fetchRetry)({retryDelayMs:5,retries:2,logger:eb.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let f="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(f,h),new yr.RuntimeError(f)}e.log.info("Successfully created/updated metering subscription.",u)}s(VR,"saveSubscription")});var ab=y(yp=>{"use strict";Object.defineProperty(yp,"__esModule",{value:!0});var mp=O(),ib=te(),ob=He(),GR=W(),sb=hn(),BR=st();async function KR(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=GR.Environment.instance;if(!(0,BR.isNonEmptyString)(i))throw new mp.SystemError("No Zuplo JWT token set.");let a=r.data.object.id,c=await(0,sb.fetchRetry)({retryDelayMs:5,retries:2,logger:ob.SystemLogMap.getLogger(t)},`${o}/internal/v1/metering/${n.meteringBucketId}/subscriptions`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!c.ok){let p="Error querying for metering subscription.",f;try{f=await c.json()}catch{f={status:c.status,statusText:c.statusText}}throw t.log.error(p,f),new mp.RuntimeError(p)}let l=(await c.json()).data.filter(p=>p.subscriptionExternalId&&p.subscriptionExternalId===a);if(l.length===0)return ib.HttpProblems.ok(e,t,{detail:"Subscription was not found and the event was ignored by Stripe metering plugin webhook."});let d=await(0,sb.fetchRetry)({retryDelayMs:5,retries:2,logger:ob.SystemLogMap.getLogger(t)},`${o}/internal/v1/metering/${n.meteringBucketId}/subscriptions/${l[0].id}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify({status:"canceled"})});if(!d.ok){let p="Error canceling metering subscription.",f;try{f=await d.json()}catch{f={status:d.status,statusText:d.statusText}}throw t.log.error(p,f),new mp.RuntimeError(p)}return t.log.info("Successfully canceled metering subscription."),ib.HttpProblems.ok(e,t)}s(KR,"onCustomerSubscriptionDeleted");yp.default=KR});var lb=y(Cn=>{"use strict";var ub=Cn&&Cn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Cn,"__esModule",{value:!0});Cn.StripeMeteringPlugin=void 0;var ga=gn(),ba=O(),JR=Lt(),zR=dp(),cb=te(),WR=Qt(),QR=Wr(),YR=qu(),ZR=ot(),XR=W(),e0=Qg(),t0=Yg(),r0=ub(nb()),n0=ub(ab()),gp=class extends t0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ga.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ga.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ba.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ga.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ga.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ba.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!XR.Environment.instance.build.ACCOUNT_NAME)throw new ba.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!i0(p))throw new ba.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let f=await c.json();if(!(0,e0.isStripeWebhookEvent)(f))return cb.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"checkout.session.completed":return await(0,r0.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,n0.default)(c,u,f,{meteringBucketId:l});default:return cb.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,QR.createInternalPolicyProcessor)({inboundPolicies:[{handler:zR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new JR.Pipeline({processors:[WR.metricsProcessor,i],handler:n,gateway:r}),a=new ZR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:YR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Cn.StripeMeteringPlugin=gp;function i0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(i0,"isMetricsRegion")});var mb=y(Ln=>{"use strict";Object.defineProperty(Ln,"__esModule",{value:!0});Ln.AmberfloMeteringInboundPolicy=Ln.AmberfloMeteringPolicy=void 0;var db=O(),o0=ve(),pb=si(),fb=new WeakMap,hb={},bp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){fb.set(t,r)}};Ln.AmberfloMeteringPolicy=bp;async function s0(e,t,r,n){if(!r.statusCodes)throw new db.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,pb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=fb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new db.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,pb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=hb[r.apiKey];if(!f){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";f=new o0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),hb[h]=f}f.enqueue(p),t.waitUntil(f.waitUntilFlushed())}}),e}s(s0,"AmberfloMeteringInboundPolicy");Ln.AmberfloMeteringInboundPolicy=s0});var _p=y(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.sha256=void 0;async function a0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(a0,"sha256");_a.sha256=a0});var $t=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.getPolicyCacheName=void 0;var c0=_p(),yb=new Map;async function u0(e,t){let r,n=yb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,c0.sha256)(JSON.stringify({policyName:e,options:t}))}`,yb.set(e,r)),r}s(u0,"getPolicyCacheName");Ea.getPolicyCacheName=u0});var vp=y(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.ApiKeyInboundPolicy=void 0;var l0=$t(),d0=Kt(),gb=gn(),Ep=O(),p0=Dt(),bb=He(),wp=W(),h0=hn(),_b="key-metadata-cache-type";function f0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(f0,"getKeyValue");async function m0(e,t,r,n){if(!r.bucketName)if(gb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=gb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ep.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Ep.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:p0.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=f0(a,i);if(!c||c==="")return o("No key present");let u=await y0(c),l=await(0,l0.getPolicyCacheName)(n,i),d=new d0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==_b&&bb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let f={key:c},h=await(0,h0.fetchRetry)({retryDelayMs:5,retries:2,logger:bb.SystemLogMap.getLogger(t)},`${wp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":wp.Environment.instance.deploymentName??"unknown","User-Agent":wp.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new Ep.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:_b,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(m0,"ApiKeyInboundPolicy");wa.ApiKeyInboundPolicy=m0;async function y0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(y0,"hashValue")});var Eb=y(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.ApiAuthKeyInboundPolicy=void 0;var g0=vp();va.ApiAuthKeyInboundPolicy=g0.ApiKeyInboundPolicy});var jt=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.OpenIdJwtInboundPolicy=void 0;var Sp=(Ps(),no(Is)),Ip=O(),b0=te(),Tp={},_0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ip.ConfigurationError("Invalid State - jwkUrl not set");Tp[t.jwkUrl]||(Tp[t.jwkUrl]=(0,Sp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Sp.jwtVerify)(e,Tp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),E0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Sp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),w0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(f=>b0.HttpProblems.unauthorized(e,t,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ip.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ip.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?_0:E0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(o.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Ta.OpenIdJwtInboundPolicy=w0});var wb=y(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.Auth0JwtInboundPolicy=void 0;var v0=jt(),T0=s(async(e,t,r,n)=>(0,v0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Sa.Auth0JwtInboundPolicy=T0});var vb=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.BasicAuthInboundPolicy=void 0;var S0=te(),I0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>S0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===f&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ia.BasicAuthInboundPolicy=I0});var Tb=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.CachingInboundPolicy=void 0;var P0=$t(),A0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function R0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(R0,"digestMessage");var O0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await R0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function N0(e,t,r,n){let i=await(0,P0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await O0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);A0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${f}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(N0,"CachingInboundPolicy");Pa.CachingInboundPolicy=N0});var Sb=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ChangeMethodInboundPolicy=void 0;var x0=O(),C0=ke(),L0=s(async(e,t,r,n)=>{if(!r.method)throw new x0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new C0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Aa.ChangeMethodInboundPolicy=L0});var Ib=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClearHeadersInboundPolicy=void 0;var D0=ke(),U0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new D0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ra.ClearHeadersInboundPolicy=U0});var Pb=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.ClearHeadersOutboundPolicy=void 0;var M0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Oa.ClearHeadersOutboundPolicy=M0});var Ab=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.ClerkJwtInboundPolicy=void 0;var k0=jt(),H0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,k0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Na.ClerkJwtInboundPolicy=H0});var Ob=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CognitoJwtInboundPolicy=void 0;var Rb=O(),F0=jt(),q0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Rb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Rb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,F0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");xa.CognitoJwtInboundPolicy=q0});var xb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CompositeInboundPolicy=void 0;var $0=O(),j0=Ir(),Nb=Wr(),V0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new $0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=j0.Gateway.instance,o=(0,Nb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Nb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Ca.CompositeInboundPolicy=V0});var Lb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CreditsMeteringInboundPolicy=void 0;var xi=te(),Cb=W(),G0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await B0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await K0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");La.CreditsMeteringInboundPolicy=G0;async function B0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=Cb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(B0,"getSubscription");async function K0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=Cb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(K0,"consumeSubscription")});var Db=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.CurityPhantomTokenInboundPolicy=void 0;var J0=$t(),z0=Kt(),Da=te(),W0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Da.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=Q0(i);if(!o)return Da.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,J0.getPolicyCacheName)(n,r),c=new z0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Da.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Da.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Ua.CurityPhantomTokenInboundPolicy=W0;function Q0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(Q0,"getToken")});var Ub=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.FirebaseJwtInboundPolicy=void 0;var Y0=qt(),Z0=jt(),X0=s(async(e,t,r,n)=>((0,Y0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,Z0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ma.FirebaseJwtInboundPolicy=X0});var Mb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.FormDataToJsonInboundPolicy=void 0;var eO=ke(),tO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new eO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");ka.FormDataToJsonInboundPolicy=tO});var kb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.GeoFilterInboundPolicy=void 0;var rO=O(),nO=te(),Dn="__unknown__",iO=s(async(e,t,r,n)=>{let i={allow:{countries:Mn(r.allow?.countries,"allow.countries",n),regionCodes:Mn(r.allow?.regionCodes,"allow.regionCode",n),asns:Mn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Mn(r.block?.countries,"block.countries",n),regionCodes:Mn(r.block?.regionCodes,"block.regionCode",n),asns:Mn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Dn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Dn,c=t.incomingRequestProperties.asn?.toString()??Dn,u=i.ignoreUnknown&&o===Dn,l=i.ignoreUnknown&&a===Dn,d=i.ignoreUnknown&&c===Dn,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Un(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,T=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Un(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ha.GeoFilterInboundPolicy=iO;function Un(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),nO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Un,"blockedResponse");function Mn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new rO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Mn,"toLowerStringArray")});var Hb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.JWTScopeValidationInboundPolicy=void 0;var oO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Fa.JWTScopeValidationInboundPolicy=oO});var qb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.MockApiInboundPolicy=void 0;var sO=te(),aO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Pp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Pp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Fb(a[c])}else return a.length>0?Fb(a[0]):Pp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");qa.MockApiInboundPolicy=aO;function Fb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Fb,"generateResponse");var Pp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return sO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Bb=y(kn=>{"use strict";Object.defineProperty(kn,"__esModule",{value:!0});kn.MoesifInboundPolicy=kn.setMoesifContext=void 0;var cO=O(),uO=ve(),lO="Incoming",dO={logRequestBody:!0,logResponseBody:!0};function $b(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s($b,"headersToObject");function jb(){return new Date().toISOString()}s(jb,"timestamp");var Ap=new WeakMap,pO={};function hO(e,t){let r=Ap.get(e);r||(r=pO);let n=Object.assign({...r},t);Ap.set(e,n)}s(hO,"setMoesifContext");kn.setMoesifContext=hO;async function Vb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Vb,"readBody");var fO={},Rp;function Gb(){if(!Rp)throw new cO.RuntimeError("Invalid State - no _lastLogger");return Rp}s(Gb,"getLastLogger");function mO(e){let t=fO[e];return t||(t=new uO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Gb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Gb().error({status:i.status,body:await i.text()})})),t}s(mO,"getDispatcher");async function yO(e,t,r,n){Rp=t.log;let i=jb(),o=Object.assign(dO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Vb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=mO(o.applicationId),d=e.headers.get("true-client-ip"),p=Ap.get(t)??{},f={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:$b(e.headers)},h=o.logResponseBody?await Vb(c,t):void 0,g={time:jb(),status:c.status,headers:$b(c.headers),body:h},_={request:f,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:lO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(yO,"MoesifInboundPolicy");kn.MoesifInboundPolicy=yO});var Kb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.OktaJwtInboundPolicy=void 0;var gO=jt(),bO=s(async(e,t,r,n)=>(0,gO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");$a.OktaJwtInboundPolicy=bO});var Jb=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.PropelAuthJwtInboundPolicy=void 0;var _O=(Ps(),no(Is)),EO=jt(),Op,wO=s(async(e,t,r,n)=>{if(!Op)try{Op=await(0,_O.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,EO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Op,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");ja.PropelAuthJwtInboundPolicy=wO});var zb=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=st(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Ci=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Ci;var Li=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Li;function vO(e,t){if((0,je.isUndefined)(e))throw new Ci(t)}s(vO,"throwIfUndefined");V.throwIfUndefined=vO;function Np(e,t){if((0,je.isUndefinedOrNull)(e))throw new Ci(t)}s(Np,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Np;function TO(e,t){if(Np(e,t),!(0,je.isString)(e))throw new Li(t,"string")}s(TO,"throwIfNotString");V.throwIfNotString=TO;function SO(e,t){if(Np(e,t),!(0,je.isNumber)(e))throw new Li(t,"number")}s(SO,"throwIfNotNumber");V.throwIfNotNumber=SO;var Di=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Di;var Hn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Hn;function IO(e,t,r,n){if((0,je.isUndefined)(n))throw new Di(e,t,r)}s(IO,"throwIfOptionUndefined");V.throwIfOptionUndefined=IO;function Va(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Di(e,t,r)}s(Va,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=Va;function PO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isString)(n))throw new Hn(e,t,r,"string")}s(PO,"throwIfOptionNotString");V.throwIfOptionNotString=PO;function AO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isNumber)(n))throw new Hn(e,t,r,"number")}s(AO,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=AO;function RO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isObject)(n))throw new Hn(e,t,r,"object")}s(RO,"throwIfOptionNotObject");V.throwIfOptionNotObject=RO;function OO(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(OO,"throwIfStateUndefined");V.throwIfStateUndefined=OO;function Ga(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Ga,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=Ga;function NO(e,t){if(Ga(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(NO,"throwIfStateNotString");V.throwIfStateNotString=NO;function xO(e,t){if(Ga(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(xO,"throwIfStateNotNumber");V.throwIfStateNotNumber=xO;function CO(e,t){if(Ga(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(CO,"throwIfStateNotObject");V.throwIfStateNotObject=CO});var Wb=y(Fn=>{"use strict";Object.defineProperty(Fn,"__esModule",{value:!0});Fn.InMemoryRedisClient=Fn.StandardRedisClient=void 0;var xp=O(),Ba=zb(),Cp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Ba.throwIfNotString)(t,"redisClientUrl"),(0,Ba.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Ba.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new xp.SystemError("Redis client failed with 401: Unauthorized"):new xp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Fn.StandardRedisClient=Cp;var Lp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Ba.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new xp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Fn.InMemoryRedisClient=Lp});var e_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RateLimitInboundPolicy=void 0;var LO=Sr(),DO=$t(),UO=ri(),At=O(),MO=te(),Qb=He(),Ui=W(),Yb=Wb(),Zb=st(),Ka=(0,LO.debug)("zuplo:policies:RateLimitInboundPolicy"),kO="strict",HO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),FO=s(async e=>({key:`ip-${HO(e)}`}),"getIP"),qO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),$O=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ja;function jO(e,t){let r;if(Ja)return Ja;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Yb.InMemoryRedisClient,Ja=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,Zb.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,Zb.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Yb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ja=r,r}s(jO,"getRedisClient");async function Xb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Xb,"getCountAndUpdateExpiry");function VO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(VO,"wrapUserFunction");var GO="Retry-After",BO=s(async(e,t,r,n)=>{let i=Date.now(),o=Qb.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[GO]=l.toString()),MO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:VO(r,n),user:qO,ip:FO,all:$O}[r.rateLimitBy],d=await l(e,t,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=jO(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??kO)==="async"){let L=await(0,DO.getPolicyCacheName)(n,r),ne=new UO.ZoneCache(L,{logger:Qb.SystemLogMap.getLogger(t)}),ie=Xb(S,h,_,o,t.requestId),me=await ne.get(S);if(me!==void 0&&me<=Date.now()){Ka(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,k=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ie;if(Ce.count>f){let uu=Date.now()+Ce.ttlSeconds*1e3,jE=ne.put(S,uu,Ce.ttlSeconds).catch(wh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:wh})),wh});return t.waitUntil(jE),Ka(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(g,Ce.ttlSeconds)}return k})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await Xb(S,h,_,o,t.requestId);return K.count>f?(Ka(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ka(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");za.RateLimitInboundPolicy=BO});var i_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.ReadmeMetricsInboundPolicy=void 0;var KO=ve(),Dp=W(),t_=si(),Up;function r_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(r_,"headersToNameValuePairs");function JO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(JO,"queryToNameValueParis");function zO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(zO,"parseIntOrUndefined");var n_={};async function WO(e,t,r,n){let i=new Date,o=Date.now();return Up||(Up={name:"zuplo",version:Dp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Dp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,t_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,t_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Dp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Up,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:r_(e.headers),queryString:JO(e.query)},response:{status:a.status,statusText:a.statusText,headers:r_(a.headers),content:{size:zO(e.headers.get("content-length"))}}}]}}},d=n_[r.apiKey];if(!d){let p=r.apiKey;d=new KO.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),n_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(WO,"ReadmeMetricsInboundPolicy");Wa.ReadmeMetricsInboundPolicy=WO});var o_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveHeadersInboundPolicy=void 0;var QO=O(),YO=ke(),ZO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new QO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new YO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Qa.RemoveHeadersInboundPolicy=ZO});var s_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.RemoveHeadersOutboundPolicy=void 0;var XO=O(),eN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new XO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Ya.RemoveHeadersOutboundPolicy=eN});var a_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RemoveQueryParamsInboundPolicy=void 0;var tN=O(),rN=ke(),nN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new tN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new rN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Za.RemoveQueryParamsInboundPolicy=nN});var c_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.ReplaceStringOutboundPolicy=void 0;var iN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Xa.ReplaceStringOutboundPolicy=iN});var l_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.RequestSizeLimitInboundPolicy=void 0;var u_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),oN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?u_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?u_():e},"RequestSizeLimitInboundPolicy");ec.RequestSizeLimitInboundPolicy=oN});var tc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function sN(e,t,r){return`_${Hr(e+"_"+t+"_"+r)}`}s(sN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=sN;function aN(e,t,r,n){return`_${Hr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(aN,"getIdForParameterSchema");tt.getIdForParameterSchema=aN;function cN(e,t,r){return`_${Hr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Hr(r.toLowerCase())}`}s(cN,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=cN;function uN(e,t){return`_${Hr(e)}__${Hr(t)}`}s(uN,"getIdForRefSchema");tt.getIdForRefSchema=uN;function Hr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Hr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Hr});var Mi=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var lN=Ir(),dN=tc(),pN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=pN;var hN=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,dN.getIdForParameterSchema)(r,n,i,u.name),p=lN.Gateway.instance.schemaValidator[d],f=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=hN;var fN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=fN;var mN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=mN;var yN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=yN;var gN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=gN});var d_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handleBodyValidation=void 0;var bN=Ir(),rc=te(),_N=tc(),Je=Mi();async function EN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=rc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=rc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,_N.getIdForRequestBodySchema)(e.route.path,t.method,i),c=bN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=rc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),f=rc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return f}s(EN,"handleBodyValidation");nc.handleBodyValidation=EN});var p_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleHeadersValidation=void 0;var wN=te(),ki=Mi();function vN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=wN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(vN,"handleHeadersValidation");ic.handleHeadersValidation=vN});var h_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.handlePathParameterValidation=void 0;var TN=te(),Hi=Mi();function SN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=TN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(SN,"handlePathParameterValidation");oc.handlePathParameterValidation=SN});var f_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.handleQueryParameterValidation=void 0;var IN=te(),Fi=Mi();function PN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=IN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(PN,"handleQueryParameterValidation");sc.handleQueryParameterValidation=PN});var m_=y(Fr=>{"use strict";Object.defineProperty(Fr,"__esModule",{value:!0});Fr.SchemaBasedRequestValidation=Fr.RequestValidationInboundPolicy=void 0;var AN=d_(),RN=p_(),ON=h_(),NN=f_(),xN=s(async(e,t,r)=>{let n=(0,NN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,ON.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,RN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,AN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Fr.RequestValidationInboundPolicy=xN;Fr.SchemaBasedRequestValidation=Fr.RequestValidationInboundPolicy});var y_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.RequireOriginInboundPolicy=void 0;var CN=O(),LN=te(),DN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new CN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return LN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");ac.RequireOriginInboundPolicy=DN});var g_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetBodyInboundPolicy=void 0;var UN=ke(),MN=s(async(e,t,r)=>new UN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");cc.SetBodyInboundPolicy=MN});var __=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetHeadersInboundPolicy=void 0;var b_=O(),kN=ke(),HN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new b_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new b_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new kN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");uc.SetHeadersInboundPolicy=HN});var w_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetHeadersOutboundPolicy=void 0;var E_=O(),FN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new E_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new E_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");lc.SetHeadersOutboundPolicy=FN});var T_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SetQueryParamsInboundPolicy=void 0;var v_=O(),qN=ke(),$N=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new v_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new v_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new qN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");dc.SetQueryParamsInboundPolicy=$N});var S_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SetStatusOutboundPolicy=void 0;var jN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");pc.SetStatusOutboundPolicy=jN});var I_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.SleepInboundPolicy=void 0;var VN=O(),GN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),BN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new VN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await GN(r.sleepInMs),e},"SleepInboundPolicy");hc.SleepInboundPolicy=BN});var A_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.SupabaseJwtInboundPolicy=void 0;var P_=O(),KN=te(),JN=ke(),zN=qt(),WN=jt(),QN=s(async(e,t,r,n)=>{(0,zN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,WN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof JN.ZuploRequest))throw new P_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new P_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?KN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");fc.SupabaseJwtInboundPolicy=QN});var O_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var YN=$t(),ZN=Kt(),R_=O(),XN=hn(),ex=qt(),tx=s(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,YN.getPolicyCacheName)(n,r),o=new ZN.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await rx(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");mc.UpstreamAzureAdServiceAuthInboundPolicy=tx;async function rx(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,XN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new R_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new R_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(rx,"getAccessToken")});var x_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var nx=$t(),ix=Kt(),ox=O(),Mp=fn(),sx=qt(),N_="https://accounts.google.com/o/oauth2/token",kp,ax=s(async(e,t,r,n)=>{(0,sx.optionValidator)(r,n).required("serviceAccountJson","string"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,nx.getPolicyCacheName)(n,r),a=new ix.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:N_,payload:i}),l=await(0,Mp.exchangeGgpJwtForIdToken)(N_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new ox.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");yc.UpstreamFirebaseAdminAuthInboundPolicy=ax});var C_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var cx=$t(),ux=Kt(),qn=O(),lx=_p(),Hp=fn(),dx=si(),px=qt(),hx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",fx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Fp,mx=s(async(e,t,r,n)=>{if((0,px.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new qn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(fx.indexOf(p)!==-1)throw new qn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Fp||(Fp=await Hp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new qn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new qn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,dx.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new qn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,cx.getPolicyCacheName)(n,r),c=new ux.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,lx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Hp.getTokenFromGcpServiceAccount)({serviceAccount:Fp,audience:hx,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Hp.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new qn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");gc.UpstreamFirebaseUserAuthInboundPolicy=mx});var D_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.UpstreamGcpJwtInboundPolicy=void 0;var L_=fn(),yx=qt(),qp,gx=s(async(e,t,r,n)=>{(0,yx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),qp||(qp=await L_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,L_.getTokenFromGcpServiceAccount)({serviceAccount:qp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");bc.UpstreamGcpJwtInboundPolicy=gx});var M_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.UpstreamGcpServiceAuthInboundPolicy=void 0;var bx=$t(),_x=yu(),Ex=Kt(),wx=O(),$p=fn(),vx=qt(),U_="https://www.googleapis.com/oauth2/v4/token",jp,Tx=s(async(e,t,r,n)=>{(0,vx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),jp||(jp=await $p.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,bx.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new _x.MemoryCache(i):o=new Ex.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,$p.getTokenFromGcpServiceAccount)({serviceAccount:jp,audience:U_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,$p.exchangeGgpJwtForIdToken)(U_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new wx.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");_c.UpstreamGcpServiceAuthInboundPolicy=Tx});var H_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.ValidateJsonSchemaInbound=void 0;var Sx=O(),k_=te(),Ix=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return k_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new Sx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return k_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Ec.ValidateJsonSchemaInbound=Ix});var $_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.MeteringInboundPolicy=void 0;var F_=Bs(),q_=gn(),wc=O(),Px=te(),Ax=He(),Rx=W(),Ox=s(async(e,t,r,n)=>{let i=Ax.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,f)=>{let h=F_.ContextData.get(f,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(q_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=q_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new wc.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:_,meteringServiceUrl:T}=Rx.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${_}`,"zp-rid":f.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=F_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new wc.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new wc.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new wc.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return Px.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");vc.MeteringInboundPolicy=Ox});var G_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.LoadSubscriptionInboundPolicy=void 0;var Nx=ri(),xx=Bs(),j_=gn(),Cx=O(),Vp=te(),V_=He(),Lx=W(),Dx=s(async(e,t,r,n)=>{let i=V_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Vp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(j_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=j_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Cx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=Lx.Environment.instance,{sub:l}=a,d;try{let f=`${r.bucketId}-${l}`,h=new Nx.ZoneCache(f,{logger:V_.SystemLogMap.getLogger(t)}),g=await h.get(f);if(g)d=g;else{let _=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!_.ok)return t.log.error(await _.text()),Vp.HttpProblems.forbidden(e,t);d=await _.json(),h.put(f,d,15).catch(T=>{throw i.error(T),T})}}catch(f){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,f)}if((!d||!d.data||d.data.length===0)&&!o)return Vp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return xx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");Tc.LoadSubscriptionInboundPolicy=Dx});var B_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.ServiceProviderImpl=void 0;var Ux=O(),Gp=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new Ux.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Sc.ServiceProviderImpl=Gp});var rE=y(m=>{"use strict";var Mx=m&&m.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Bp=m&&m.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&Mx(t,e,r)},kx=m&&m.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(m,"__esModule",{value:!0});m.RateLimitInboundPolicy=m.BasicRateLimitInboundPolicy=m.PropelAuthJwtInboundPolicy=m.OpenIdJwtInboundPolicy=m.OktaJwtInboundPolicy=m.setMoesifContext=m.MoesifInboundPolicy=m.MockApiInboundPolicy=m.JWTScopeValidationInboundPolicy=m.GeoFilterInboundPolicy=m.FormDataToJsonInboundPolicy=m.FirebaseJwtInboundPolicy=m.CurityPhantomTokenInboundPolicy=m.CreditsMeteringInboundPolicy=m.CompositeInboundPolicy=m.CognitoJwtInboundPolicy=m.ClerkJwtInboundPolicy=m.ClearHeadersOutboundPolicy=m.ClearHeadersInboundPolicy=m.ChangeMethodInboundPolicy=m.CachingInboundPolicy=m.BasicAuthInboundPolicy=m.Auth0JwtInboundPolicy=m.ApiKeyInboundPolicy=m.ApiAuthKeyInboundPolicy=m.AmberfloMeteringPolicy=m.AmberfloMeteringInboundPolicy=m.AuditLogPlugin=m.AuditLogDataStaxProvider=m.HttpStatusCode=m.webSocketPipelineHandler=m.webSocketHandler=m.urlRewriteHandler=m.urlForwardHandler=m.redirectHandler=m.openApiSpecHandler=m.awsLambdaHandler=m.AwsLambdaHandlerExtensions=m.purgeGatewayCache=m.Handler=m.originalFetch=m.ConfigurationError=m.isZuploReadableEnvVariableName=m.isRestrictedEnvVariableName=m.environment=m.ContextData=m.ResponseSentEvent=m.ResponseSendingEvent=m.ZoneCache=m.MemoryZoneReadThroughCache=void 0;m.sanitizedIdentifierName=m.getRawOperationDataIdentifierName=m.getIdForRequestBodySchema=m.getIdForRefSchema=m.getIdForParameterSchema=m.SystemLogMap=m.httpStatuses=m.SYSTEM_LOGGER=m.API_KEY=m.ServiceProviderImpl=m.serialize=m.ContentTypes=m.Router=m.LookupResult=m.SystemRouteName=m.ZuploRequest=m.ProblemResponseFormatter=m.HttpProblems=m.LoadSubscriptionInboundPolicy=m.MeteringInboundPolicy=m.ValidateJsonSchemaInbound=m.UpstreamGcpServiceAuthInboundPolicy=m.UpstreamGcpJwtInboundPolicy=m.UpstreamFirebaseUserAuthInboundPolicy=m.UpstreamFirebaseAdminAuthInboundPolicy=m.UpstreamAzureAdServiceAuthInboundPolicy=m.SupabaseJwtInboundPolicy=m.StripeWebhookVerificationInboundPolicy=m.SleepInboundPolicy=m.SetStatusOutboundPolicy=m.SetQueryParamsInboundPolicy=m.SetHeadersOutboundPolicy=m.SetHeadersInboundPolicy=m.SetBodyInboundPolicy=m.RequireOriginInboundPolicy=m.SchemaBasedRequestValidation=m.RequestValidationInboundPolicy=m.RequestSizeLimitInboundPolicy=m.ReplaceStringOutboundPolicy=m.RemoveQueryParamsInboundPolicy=m.RemoveHeadersOutboundPolicy=m.RemoveHeadersInboundPolicy=m.ReadmeMetricsInboundPolicy=void 0;Ah();var Hx=Kt();Object.defineProperty(m,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return Hx.MemoryZoneReadThroughCache}});var Fx=ri();Object.defineProperty(m,"ZoneCache",{enumerable:!0,get:function(){return Fx.ZoneCache}});var K_=Pr();Object.defineProperty(m,"ResponseSendingEvent",{enumerable:!0,get:function(){return K_.ResponseSendingEvent}});Object.defineProperty(m,"ResponseSentEvent",{enumerable:!0,get:function(){return K_.ResponseSentEvent}});var qx=Bs();Object.defineProperty(m,"ContextData",{enumerable:!0,get:function(){return qx.ContextData}});var Kp=gn();Object.defineProperty(m,"environment",{enumerable:!0,get:function(){return Kp.environment}});Object.defineProperty(m,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Kp.isRestrictedEnvVariableName}});Object.defineProperty(m,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Kp.isZuploReadableEnvVariableName}});var $x=O();Object.defineProperty(m,"ConfigurationError",{enumerable:!0,get:function(){return $x.ConfigurationError}});var jx=Nd();Object.defineProperty(m,"originalFetch",{enumerable:!0,get:function(){return jx.originalFetch}});var J_=rg();Object.defineProperty(m,"Handler",{enumerable:!0,get:function(){return J_.Handler}});Object.defineProperty(m,"purgeGatewayCache",{enumerable:!0,get:function(){return J_.purgeGatewayCache}});var z_=_g();Object.defineProperty(m,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return z_.AwsLambdaHandlerExtensions}});Object.defineProperty(m,"awsLambdaHandler",{enumerable:!0,get:function(){return z_.awsLambdaHandler}});var Vx=wg();Object.defineProperty(m,"openApiSpecHandler",{enumerable:!0,get:function(){return Vx.openApiSpecHandler}});var Gx=vg();Object.defineProperty(m,"redirectHandler",{enumerable:!0,get:function(){return Gx.redirectHandler}});var Bx=Sg();Object.defineProperty(m,"urlForwardHandler",{enumerable:!0,get:function(){return Bx.urlForwardHandler}});var Kx=Pg();Object.defineProperty(m,"urlRewriteHandler",{enumerable:!0,get:function(){return Kx.urlRewriteHandler}});var Jx=Rg();Object.defineProperty(m,"webSocketHandler",{enumerable:!0,get:function(){return Jx.webSocketHandler}});var zx=xg();Object.defineProperty(m,"webSocketPipelineHandler",{enumerable:!0,get:function(){return zx.webSocketPipelineHandler}});var Wx=$u();Object.defineProperty(m,"HttpStatusCode",{enumerable:!0,get:function(){return Wx.HttpStatusCode}});Bp(Fg(),m);Bp(jg(),m);var Qx=Vg();Object.defineProperty(m,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Qx.AuditLogDataStaxProvider}});var Yx=Bg();Object.defineProperty(m,"AuditLogPlugin",{enumerable:!0,get:function(){return Yx.AuditLogPlugin}});Bp(lb(),m);var W_=mb();Object.defineProperty(m,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return W_.AmberfloMeteringInboundPolicy}});Object.defineProperty(m,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return W_.AmberfloMeteringPolicy}});var Zx=Eb();Object.defineProperty(m,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Zx.ApiAuthKeyInboundPolicy}});var Xx=vp();Object.defineProperty(m,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Xx.ApiKeyInboundPolicy}});var eC=wb();Object.defineProperty(m,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return eC.Auth0JwtInboundPolicy}});var tC=vb();Object.defineProperty(m,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return tC.BasicAuthInboundPolicy}});var rC=Tb();Object.defineProperty(m,"CachingInboundPolicy",{enumerable:!0,get:function(){return rC.CachingInboundPolicy}});var nC=Sb();Object.defineProperty(m,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return nC.ChangeMethodInboundPolicy}});var iC=Ib();Object.defineProperty(m,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.ClearHeadersInboundPolicy}});var oC=Pb();Object.defineProperty(m,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.ClearHeadersOutboundPolicy}});var sC=Ab();Object.defineProperty(m,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return sC.ClerkJwtInboundPolicy}});var aC=Ob();Object.defineProperty(m,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return aC.CognitoJwtInboundPolicy}});var cC=xb();Object.defineProperty(m,"CompositeInboundPolicy",{enumerable:!0,get:function(){return cC.CompositeInboundPolicy}});var uC=Lb();Object.defineProperty(m,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return uC.CreditsMeteringInboundPolicy}});var lC=Db();Object.defineProperty(m,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return lC.CurityPhantomTokenInboundPolicy}});var dC=Ub();Object.defineProperty(m,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return dC.FirebaseJwtInboundPolicy}});var pC=Mb();Object.defineProperty(m,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return pC.FormDataToJsonInboundPolicy}});var hC=kb();Object.defineProperty(m,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return hC.GeoFilterInboundPolicy}});var fC=Hb();Object.defineProperty(m,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return fC.JWTScopeValidationInboundPolicy}});var mC=qb();Object.defineProperty(m,"MockApiInboundPolicy",{enumerable:!0,get:function(){return mC.MockApiInboundPolicy}});var Q_=Bb();Object.defineProperty(m,"MoesifInboundPolicy",{enumerable:!0,get:function(){return Q_.MoesifInboundPolicy}});Object.defineProperty(m,"setMoesifContext",{enumerable:!0,get:function(){return Q_.setMoesifContext}});var yC=Kb();Object.defineProperty(m,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return yC.OktaJwtInboundPolicy}});var gC=jt();Object.defineProperty(m,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return gC.OpenIdJwtInboundPolicy}});var bC=Jb();Object.defineProperty(m,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return bC.PropelAuthJwtInboundPolicy}});var Y_=e_();Object.defineProperty(m,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return Y_.RateLimitInboundPolicy}});Object.defineProperty(m,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return Y_.RateLimitInboundPolicy}});var _C=i_();Object.defineProperty(m,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return _C.ReadmeMetricsInboundPolicy}});var EC=o_();Object.defineProperty(m,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return EC.RemoveHeadersInboundPolicy}});var wC=s_();Object.defineProperty(m,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return wC.RemoveHeadersOutboundPolicy}});var vC=a_();Object.defineProperty(m,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return vC.RemoveQueryParamsInboundPolicy}});var TC=c_();Object.defineProperty(m,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return TC.ReplaceStringOutboundPolicy}});var SC=l_();Object.defineProperty(m,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return SC.RequestSizeLimitInboundPolicy}});var Z_=m_();Object.defineProperty(m,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return Z_.RequestValidationInboundPolicy}});Object.defineProperty(m,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return Z_.SchemaBasedRequestValidation}});var IC=y_();Object.defineProperty(m,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return IC.RequireOriginInboundPolicy}});var PC=g_();Object.defineProperty(m,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return PC.SetBodyInboundPolicy}});var AC=__();Object.defineProperty(m,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return AC.SetHeadersInboundPolicy}});var RC=w_();Object.defineProperty(m,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return RC.SetHeadersOutboundPolicy}});var OC=T_();Object.defineProperty(m,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return OC.SetQueryParamsInboundPolicy}});var NC=S_();Object.defineProperty(m,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return NC.SetStatusOutboundPolicy}});var xC=I_();Object.defineProperty(m,"SleepInboundPolicy",{enumerable:!0,get:function(){return xC.SleepInboundPolicy}});var CC=dp();Object.defineProperty(m,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return CC.StripeWebhookVerificationInboundPolicy}});var LC=A_();Object.defineProperty(m,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return LC.SupabaseJwtInboundPolicy}});var DC=O_();Object.defineProperty(m,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return DC.UpstreamAzureAdServiceAuthInboundPolicy}});var UC=x_();Object.defineProperty(m,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return UC.UpstreamFirebaseAdminAuthInboundPolicy}});var MC=C_();Object.defineProperty(m,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return MC.UpstreamFirebaseUserAuthInboundPolicy}});var kC=D_();Object.defineProperty(m,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return kC.UpstreamGcpJwtInboundPolicy}});var HC=M_();Object.defineProperty(m,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return HC.UpstreamGcpServiceAuthInboundPolicy}});var FC=H_();Object.defineProperty(m,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return FC.ValidateJsonSchemaInbound}});var qC=$_();Object.defineProperty(m,"MeteringInboundPolicy",{enumerable:!0,get:function(){return qC.MeteringInboundPolicy}});var $C=G_();Object.defineProperty(m,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return $C.LoadSubscriptionInboundPolicy}});var jC=te();Object.defineProperty(m,"HttpProblems",{enumerable:!0,get:function(){return jC.HttpProblems}});var VC=go();Object.defineProperty(m,"ProblemResponseFormatter",{enumerable:!0,get:function(){return VC.ProblemResponseFormatter}});var GC=ke();Object.defineProperty(m,"ZuploRequest",{enumerable:!0,get:function(){return GC.ZuploRequest}});var BC=Rr();Object.defineProperty(m,"SystemRouteName",{enumerable:!0,get:function(){return BC.SystemRouteName}});var X_=Ed();Object.defineProperty(m,"LookupResult",{enumerable:!0,get:function(){return X_.LookupResult}});Object.defineProperty(m,"Router",{enumerable:!0,get:function(){return X_.Router}});var eE=xu();Object.defineProperty(m,"ContentTypes",{enumerable:!0,get:function(){return eE.ContentTypes}});Object.defineProperty(m,"serialize",{enumerable:!0,get:function(){return eE.serialize}});var KC=B_();Object.defineProperty(m,"ServiceProviderImpl",{enumerable:!0,get:function(){return KC.ServiceProviderImpl}});var tE=el();Object.defineProperty(m,"API_KEY",{enumerable:!0,get:function(){return tE.API_KEY}});Object.defineProperty(m,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return tE.SYSTEM_LOGGER}});var JC=Vu();Object.defineProperty(m,"httpStatuses",{enumerable:!0,get:function(){return kx(JC).default}});var zC=He();Object.defineProperty(m,"SystemLogMap",{enumerable:!0,get:function(){return zC.SystemLogMap}});var qi=tc();Object.defineProperty(m,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(m,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(m,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(m,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(m,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var nE=y($n=>{"use strict";Object.defineProperty($n,"__esModule",{value:!0});$n.BaseCryptoBeta=$n.supportedDigests=void 0;$n.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Jp=class{static{s(this,"BaseCryptoBeta")}};$n.BaseCryptoBeta=Jp});var iE=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerCryptoBeta=void 0;var zp=nE(),WC=O(),Wp=class extends zp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!zp.supportedDigests.includes(t.toLowerCase()))throw new WC.RuntimeError(`Algorithm ${t} is not supported. Try using ${zp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Ic.WorkerCryptoBeta=Wp});var oE=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.BaseKeyValueStore=void 0;var Qp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Pc.BaseKeyValueStore=Qp});var aE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.WorkerKeyValueStore=void 0;var sE=O(),QC=oE(),Yp=class extends QC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new sE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new sE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ac.WorkerKeyValueStore=Yp});var Dt=y(dt=>{"use strict";var YC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),ZC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&YC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;ZC(rE(),dt);var XC=iE();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return XC.WorkerCryptoBeta}});var eL=aE();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return eL.WorkerKeyValueStore}})});var aD={};ro(aD,{GraphQLComplexityLimitInboundPolicy:()=>FE,GraphQLDisableIntrospectionInboundPolicy:()=>$E});module.exports=no(aD);var Xn=Th(Dt());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var tL=/\r\n|[\n\r]/g;function jn(e,t){let r=0,n=1;for(let i of e.body.matchAll(tL)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(jn,"getLocation");function Zp(e){return Rc(e.source,jn(e.source,e.start))}s(Zp,"printLocation");function Rc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new kr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(AR,"validateComputedSignature");function RR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(RR,"parseHeader");function OR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(OR,"secureCompare");async function Jg(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=lp[o[c]];return a.join("")}s(Jg,"computeHMACSignatureAsync");xn.computeHMACSignatureAsync=Jg;var lp=new Array(256);for(let e=0;e<lp.length;e++)lp[e]=e.toString(16).padStart(2,"0")});var qt=y(ha=>{"use strict";Object.defineProperty(ha,"__esModule",{value:!0});ha.optionValidator=void 0;var Oi=O();function NR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Oi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(NR,"optionValidator");ha.optionValidator=NR});var dp=y(fa=>{"use strict";Object.defineProperty(fa,"__esModule",{value:!0});fa.StripeWebhookVerificationInboundPolicy=void 0;var xR=te(),CR=zg(),LR=qt(),DR=s(async(e,t,r,n)=>{(0,LR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,CR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),xR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");fa.StripeWebhookVerificationInboundPolicy=DR});var Qg=y(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.isStripeWebhookEvent=void 0;var Wg=st();function UR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Wg.isString)(e.id)&&"type"in e&&(0,Wg.isString)(e.type)}s(UR,"isStripeWebhookEvent");ma.isStripeWebhookEvent=UR});var Yg=y(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.MeteringPlugin=void 0;var MR=gt(),pp=class extends MR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ya.MeteringPlugin=pp});var Xg=y(hp=>{"use strict";Object.defineProperty(hp,"__esModule",{value:!0});var Zg=O(),kR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new Zg.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new Zg.RuntimeError(o)}}};hp.default=kR});var nb=y(Ni=>{"use strict";var HR=Ni&&Ni.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ni,"__esModule",{value:!0});var yr=O(),fp=te(),eb=He(),tb=W(),rb=hn(),FR=HR(Xg()),qR=st();async function $R(e,t,r,n){let i=r.data?.object?.subscription;if(!i)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data?.object?.client_reference_id,a=r.data?.object?.customer_email;if(!o)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.client_reference_id' to be the customer sub.");if(!a)throw new yr.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer_email' to be the customer email.");let c=await FR.default.getSubscription({logger:t.log,stripeSecretKey:n.stripeSecretKey,subscriptionId:i}),u=c.id,l=c.customer,d=c.items?.data.find(_=>_.object==="subscription_item");if(!d||!d.id)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription to contain at least one subscription_item.");let p=d.plan;if(!p||!p.product)throw new yr.RuntimeError("Invalid Stripe API result. Expected subscription_item to have a plan.");let f=p.product,h=await jR({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:f,stripeSubscriptionId:u,stripeCustomerId:l,managerEmail:a,managerSub:o,context:t});if(!h)return fp.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});let g="routes.oas.json";try{await VR({context:t,stripeProductId:f,stripeSubscriptionId:u,customerKey:h,productKey:g,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:l})}catch(_){return fp.HttpProblems.internalServerError(e,t,{detail:_.message})}return fp.HttpProblems.ok(e,t)}s($R,"onCheckoutSessionCompleted");Ni.default=$R;async function jR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=tb.Environment.instance,u="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l=new URL(`/v1/buckets/${e}/consumers`,u);l.searchParams.set("with-api-key","true");let d=crypto.randomUUID(),p={name:d,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},f=await(0,rb.fetchRetry)({retryDelayMs:5,retries:2,logger:eb.SystemLogMap.getLogger(a)},l.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(p)}),h=await f.json();if(f.status!==200){let g="Error creating API Key Consumer";throw a.log.error(g,h),new yr.RuntimeError(g)}return a.log.info("Successfully created API Key Consumer",{consumerId:d,stripeSubscriptionId:t,stripeProductId:r}),d}s(jR,"createConsumer");async function VR({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,productKey:i,meteringBucketId:o,meteringBucketRegion:a,customerExternalId:c}){let u={status:"active",type:"periodic",renewalStrategy:"monthly",region:a,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,productKey:i,customerExternalId:c},{authApiJWT:l,meteringServiceUrl:d}=tb.Environment.instance;if(!(0,qR.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,rb.fetchRetry)({retryDelayMs:5,retries:2,logger:eb.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${o}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let f="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(f,h),new yr.RuntimeError(f)}e.log.info("Successfully created/updated metering subscription.",u)}s(VR,"saveSubscription")});var ab=y(yp=>{"use strict";Object.defineProperty(yp,"__esModule",{value:!0});var mp=O(),ib=te(),ob=He(),GR=W(),sb=hn(),BR=st();async function KR(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=GR.Environment.instance;if(!(0,BR.isNonEmptyString)(i))throw new mp.SystemError("No Zuplo JWT token set.");let a=r.data.object.id,c=await(0,sb.fetchRetry)({retryDelayMs:5,retries:2,logger:ob.SystemLogMap.getLogger(t)},`${o}/internal/v1/metering/${n.meteringBucketId}/subscriptions?subscriptionExternalId=${a}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!c.ok){let p="Error querying for metering subscription.",f;try{f=await c.json()}catch{f={status:c.status,statusText:c.statusText}}throw t.log.error(p,f),new mp.RuntimeError(p)}let l=(await c.json()).data.filter(p=>p.subscriptionExternalId&&p.subscriptionExternalId===a);if(l.length===0)return ib.HttpProblems.ok(e,t,{detail:"Subscription was not found and the event was ignored by Stripe metering plugin webhook."});let d=await(0,sb.fetchRetry)({retryDelayMs:5,retries:2,logger:ob.SystemLogMap.getLogger(t)},`${o}/internal/v1/metering/${n.meteringBucketId}/subscriptions/${l[0].id}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify({status:"canceled"})});if(!d.ok){let p="Error canceling metering subscription.",f;try{f=await d.json()}catch{f={status:d.status,statusText:d.statusText}}throw t.log.error(p,f),new mp.RuntimeError(p)}return t.log.info("Successfully canceled metering subscription."),ib.HttpProblems.ok(e,t)}s(KR,"onCustomerSubscriptionDeleted");yp.default=KR});var lb=y(Cn=>{"use strict";var ub=Cn&&Cn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Cn,"__esModule",{value:!0});Cn.StripeMeteringPlugin=void 0;var ga=gn(),ba=O(),JR=Lt(),zR=dp(),cb=te(),WR=Qt(),QR=Wr(),YR=qu(),ZR=ot(),XR=W(),e0=Qg(),t0=Yg(),r0=ub(nb()),n0=ub(ab()),gp=class extends t0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(ga.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=ga.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ba.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(ga.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=ga.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ba.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!XR.Environment.instance.build.ACCOUNT_NAME)throw new ba.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!i0(p))throw new ba.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let f=await c.json();if(!(0,e0.isStripeWebhookEvent)(f))return cb.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"checkout.session.completed":return await(0,r0.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,n0.default)(c,u,f,{meteringBucketId:l});default:return cb.HttpProblems.ok(c,u,{detail:"Event was ignored by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,QR.createInternalPolicyProcessor)({inboundPolicies:[{handler:zR.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new JR.Pipeline({processors:[WR.metricsProcessor,i],handler:n,gateway:r}),a=new ZR.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:YR.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Cn.StripeMeteringPlugin=gp;function i0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(i0,"isMetricsRegion")});var mb=y(Ln=>{"use strict";Object.defineProperty(Ln,"__esModule",{value:!0});Ln.AmberfloMeteringInboundPolicy=Ln.AmberfloMeteringPolicy=void 0;var db=O(),o0=ve(),pb=si(),fb=new WeakMap,hb={},bp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){fb.set(t,r)}};Ln.AmberfloMeteringPolicy=bp;async function s0(e,t,r,n){if(!r.statusCodes)throw new db.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,pb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=fb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new db.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,pb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=hb[r.apiKey];if(!f){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";f=new o0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let T=r.url??"https://app.amberflo.io/ingest",S=await fetch(T,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});S.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${S.status}: ${await S.text()}`)}catch(T){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),hb[h]=f}f.enqueue(p),t.waitUntil(f.waitUntilFlushed())}}),e}s(s0,"AmberfloMeteringInboundPolicy");Ln.AmberfloMeteringInboundPolicy=s0});var _p=y(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.sha256=void 0;async function a0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(a0,"sha256");_a.sha256=a0});var $t=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.getPolicyCacheName=void 0;var c0=_p(),yb=new Map;async function u0(e,t){let r,n=yb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,c0.sha256)(JSON.stringify({policyName:e,options:t}))}`,yb.set(e,r)),r}s(u0,"getPolicyCacheName");Ea.getPolicyCacheName=u0});var vp=y(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.ApiKeyInboundPolicy=void 0;var l0=$t(),d0=Kt(),gb=gn(),Ep=O(),p0=Dt(),bb=He(),wp=W(),h0=hn(),_b="key-metadata-cache-type";function f0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(f0,"getKeyValue");async function m0(e,t,r,n){if(!r.bucketName)if(gb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=gb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ep.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Ep.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(T=>i.allowUnauthenticatedRequests?e:p0.HttpProblems.unauthorized(e,t,{detail:T}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=f0(a,i);if(!c||c==="")return o("No key present");let u=await y0(c),l=await(0,l0.getPolicyCacheName)(n,i),d=new d0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==_b&&bb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let f={key:c},h=await(0,h0.fetchRetry)({retryDelayMs:5,retries:2,logger:bb.SystemLogMap.getLogger(t)},`${wp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":wp.Environment.instance.deploymentName??"unknown","User-Agent":wp.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let T=await h.text(),S=JSON.parse(T);t.log.error("Unexpected response from key service",S)}catch{t.log.error("Invalid response from key service")}throw new Ep.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:_b,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(m0,"ApiKeyInboundPolicy");wa.ApiKeyInboundPolicy=m0;async function y0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(y0,"hashValue")});var Eb=y(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.ApiAuthKeyInboundPolicy=void 0;var g0=vp();va.ApiAuthKeyInboundPolicy=g0.ApiKeyInboundPolicy});var jt=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.OpenIdJwtInboundPolicy=void 0;var Sp=(Ps(),no(Is)),Ip=O(),b0=te(),Tp={},_0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Ip.ConfigurationError("Invalid State - jwkUrl not set");Tp[t.jwkUrl]||(Tp[t.jwkUrl]=(0,Sp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Sp.jwtVerify)(e,Tp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),E0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Sp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),w0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(f=>b0.HttpProblems.unauthorized(e,t,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Ip.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Ip.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?_0:E0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(o.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Ta.OpenIdJwtInboundPolicy=w0});var wb=y(Sa=>{"use strict";Object.defineProperty(Sa,"__esModule",{value:!0});Sa.Auth0JwtInboundPolicy=void 0;var v0=jt(),T0=s(async(e,t,r,n)=>(0,v0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Sa.Auth0JwtInboundPolicy=T0});var vb=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.BasicAuthInboundPolicy=void 0;var S0=te(),I0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>S0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===f&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Ia.BasicAuthInboundPolicy=I0});var Tb=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.CachingInboundPolicy=void 0;var P0=$t(),A0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function R0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(R0,"digestMessage");var O0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await R0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function N0(e,t,r,n){let i=await(0,P0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await O0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);A0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${f}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(N0,"CachingInboundPolicy");Pa.CachingInboundPolicy=N0});var Sb=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ChangeMethodInboundPolicy=void 0;var x0=O(),C0=ke(),L0=s(async(e,t,r,n)=>{if(!r.method)throw new x0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new C0.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Aa.ChangeMethodInboundPolicy=L0});var Ib=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ClearHeadersInboundPolicy=void 0;var D0=ke(),U0=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new D0.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ra.ClearHeadersInboundPolicy=U0});var Pb=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.ClearHeadersOutboundPolicy=void 0;var M0=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Oa.ClearHeadersOutboundPolicy=M0});var Ab=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.ClerkJwtInboundPolicy=void 0;var k0=jt(),H0=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,k0.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Na.ClerkJwtInboundPolicy=H0});var Ob=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.CognitoJwtInboundPolicy=void 0;var Rb=O(),F0=jt(),q0=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Rb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Rb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,F0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");xa.CognitoJwtInboundPolicy=q0});var xb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CompositeInboundPolicy=void 0;var $0=O(),j0=Ir(),Nb=Wr(),V0=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new $0.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=j0.Gateway.instance,o=(0,Nb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Nb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Ca.CompositeInboundPolicy=V0});var Lb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.CreditsMeteringInboundPolicy=void 0;var xi=te(),Cb=W(),G0=s(async(e,t,r)=>{let n=e.user;if(!n)return xi.HttpProblems.unauthorized(e,t,{title:"Unable to check subscription for anonymous user",detail:"No user data on request"});let{sub:i}=n;if(!r.bucketId)return xi.HttpProblems.unauthorized(e,t,{title:"Metering bucket not configured",detail:"Specify one using the bucketId option on the policy"});let o=r.bucketId,a=await B0(o,i,t);if(!a)return xi.HttpProblems.unauthorized(e,t,{title:"No valid, active subscription found"});if(!a.quotas)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});for(let c of Object.keys(a.quotas))if(a.quotas[c]<=0)return xi.HttpProblems.forbidden(e,t,{title:"Insufficient credits"});return t.custom.subscription=a,t.addResponseSendingFinalHook(async()=>{let c=t.custom.meters,u={};for(let l of Object.keys(c))u[l]=c[l];await K0(o,a.id,u,t)}),e},"CreditsMeteringInboundPolicy");La.CreditsMeteringInboundPolicy=G0;async function B0(e,t,r){let{authApiJWT:n,meteringServiceUrl:i}=Cb.Environment.instance,o=new URL(`${i}/internal/v1/metering/${e}/subscriptions`);o.search=new URLSearchParams({customerKey:t,status:"active"}).toString();let a=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${n}`,"zp-rid":r.requestId}});if(!a.ok)throw new Error(`Error retrieving subscriptions for credits metering ': ${a.status} - ${await a.text()}`);let c=await a.json();if(c.data.length!==0)return c.data.length>1&&r.log.warn(`Found more than one active subscription for customer ${t} -- using the first one.`),c.data[0]}s(B0,"getSubscription");async function K0(e,t,r,n){let{authApiJWT:i,meteringServiceUrl:o}=Cb.Environment.instance,a=new URL(`${o}/internal/v1/metering/${e}/subscriptions/${t}/quotas/consume`),c=await fetch(a,{method:"POST",body:JSON.stringify({meters:r}),headers:{Authorization:`Bearer ${i}`,"zp-rid":n.requestId}});c.ok||n.log.error(`Error consuming subscription quotas for credits metering ': ${c.status} - ${await c.text()}`)}s(K0,"consumeSubscription")});var Db=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.CurityPhantomTokenInboundPolicy=void 0;var J0=$t(),z0=Kt(),Da=te(),W0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Da.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=Q0(i);if(!o)return Da.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,J0.getPolicyCacheName)(n,r),c=new z0.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Da.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Da.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Ua.CurityPhantomTokenInboundPolicy=W0;function Q0(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(Q0,"getToken")});var Ub=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.FirebaseJwtInboundPolicy=void 0;var Y0=qt(),Z0=jt(),X0=s(async(e,t,r,n)=>((0,Y0.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,Z0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ma.FirebaseJwtInboundPolicy=X0});var Mb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.FormDataToJsonInboundPolicy=void 0;var eO=ke(),tO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new eO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");ka.FormDataToJsonInboundPolicy=tO});var kb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.GeoFilterInboundPolicy=void 0;var rO=O(),nO=te(),Dn="__unknown__",iO=s(async(e,t,r,n)=>{let i={allow:{countries:Mn(r.allow?.countries,"allow.countries",n),regionCodes:Mn(r.allow?.regionCodes,"allow.regionCode",n),asns:Mn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Mn(r.block?.countries,"block.countries",n),regionCodes:Mn(r.block?.regionCodes,"block.regionCode",n),asns:Mn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Dn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Dn,c=t.incomingRequestProperties.asn?.toString()??Dn,u=i.ignoreUnknown&&o===Dn,l=i.ignoreUnknown&&a===Dn,d=i.ignoreUnknown&&c===Dn,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Un(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,T=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?Un(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ha.GeoFilterInboundPolicy=iO;function Un(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),nO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Un,"blockedResponse");function Mn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new rO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Mn,"toLowerStringArray")});var Hb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.JWTScopeValidationInboundPolicy=void 0;var oO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Fa.JWTScopeValidationInboundPolicy=oO});var qb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.MockApiInboundPolicy=void 0;var sO=te(),aO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Pp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Pp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return Fb(a[c])}else return a.length>0?Fb(a[0]):Pp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");qa.MockApiInboundPolicy=aO;function Fb(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(Fb,"generateResponse");var Pp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return sO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var Bb=y(kn=>{"use strict";Object.defineProperty(kn,"__esModule",{value:!0});kn.MoesifInboundPolicy=kn.setMoesifContext=void 0;var cO=O(),uO=ve(),lO="Incoming",dO={logRequestBody:!0,logResponseBody:!0};function $b(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s($b,"headersToObject");function jb(){return new Date().toISOString()}s(jb,"timestamp");var Ap=new WeakMap,pO={};function hO(e,t){let r=Ap.get(e);r||(r=pO);let n=Object.assign({...r},t);Ap.set(e,n)}s(hO,"setMoesifContext");kn.setMoesifContext=hO;async function Vb(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(Vb,"readBody");var fO={},Rp;function Gb(){if(!Rp)throw new cO.RuntimeError("Invalid State - no _lastLogger");return Rp}s(Gb,"getLastLogger");function mO(e){let t=fO[e];return t||(t=new uO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);Gb().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||Gb().error({status:i.status,body:await i.text()})})),t}s(mO,"getDispatcher");async function yO(e,t,r,n){Rp=t.log;let i=jb(),o=Object.assign(dO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await Vb(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=mO(o.applicationId),d=e.headers.get("true-client-ip"),p=Ap.get(t)??{},f={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:$b(e.headers)},h=o.logResponseBody?await Vb(c,t):void 0,g={time:jb(),status:c.status,headers:$b(c.headers),body:h},_={request:f,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:lO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(yO,"MoesifInboundPolicy");kn.MoesifInboundPolicy=yO});var Kb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.OktaJwtInboundPolicy=void 0;var gO=jt(),bO=s(async(e,t,r,n)=>(0,gO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");$a.OktaJwtInboundPolicy=bO});var Jb=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.PropelAuthJwtInboundPolicy=void 0;var _O=(Ps(),no(Is)),EO=jt(),Op,wO=s(async(e,t,r,n)=>{if(!Op)try{Op=await(0,_O.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,EO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Op,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");ja.PropelAuthJwtInboundPolicy=wO});var zb=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=st(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Ci=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Ci;var Li=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Li;function vO(e,t){if((0,je.isUndefined)(e))throw new Ci(t)}s(vO,"throwIfUndefined");V.throwIfUndefined=vO;function Np(e,t){if((0,je.isUndefinedOrNull)(e))throw new Ci(t)}s(Np,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Np;function TO(e,t){if(Np(e,t),!(0,je.isString)(e))throw new Li(t,"string")}s(TO,"throwIfNotString");V.throwIfNotString=TO;function SO(e,t){if(Np(e,t),!(0,je.isNumber)(e))throw new Li(t,"number")}s(SO,"throwIfNotNumber");V.throwIfNotNumber=SO;var Di=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Di;var Hn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Hn;function IO(e,t,r,n){if((0,je.isUndefined)(n))throw new Di(e,t,r)}s(IO,"throwIfOptionUndefined");V.throwIfOptionUndefined=IO;function Va(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Di(e,t,r)}s(Va,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=Va;function PO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isString)(n))throw new Hn(e,t,r,"string")}s(PO,"throwIfOptionNotString");V.throwIfOptionNotString=PO;function AO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isNumber)(n))throw new Hn(e,t,r,"number")}s(AO,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=AO;function RO(e,t,r,n){if(Va(e,t,r,n),!(0,je.isObject)(n))throw new Hn(e,t,r,"object")}s(RO,"throwIfOptionNotObject");V.throwIfOptionNotObject=RO;function OO(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(OO,"throwIfStateUndefined");V.throwIfStateUndefined=OO;function Ga(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Ga,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=Ga;function NO(e,t){if(Ga(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(NO,"throwIfStateNotString");V.throwIfStateNotString=NO;function xO(e,t){if(Ga(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(xO,"throwIfStateNotNumber");V.throwIfStateNotNumber=xO;function CO(e,t){if(Ga(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(CO,"throwIfStateNotObject");V.throwIfStateNotObject=CO});var Wb=y(Fn=>{"use strict";Object.defineProperty(Fn,"__esModule",{value:!0});Fn.InMemoryRedisClient=Fn.StandardRedisClient=void 0;var xp=O(),Ba=zb(),Cp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,Ba.throwIfNotString)(t,"redisClientUrl"),(0,Ba.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,Ba.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new xp.SystemError("Redis client failed with 401: Unauthorized"):new xp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Fn.StandardRedisClient=Cp;var Lp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,Ba.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new xp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Fn.InMemoryRedisClient=Lp});var e_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.RateLimitInboundPolicy=void 0;var LO=Sr(),DO=$t(),UO=ri(),At=O(),MO=te(),Qb=He(),Ui=W(),Yb=Wb(),Zb=st(),Ka=(0,LO.debug)("zuplo:policies:RateLimitInboundPolicy"),kO="strict",HO=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),FO=s(async e=>({key:`ip-${HO(e)}`}),"getIP"),qO=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),$O=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ja;function jO(e,t){let r;if(Ja)return Ja;if(Ui.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new Yb.InMemoryRedisClient,Ja=r,r;let{authApiJWT:n,redisURL:i}=Ui.Environment.instance;if(!(0,Zb.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,Zb.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=Yb.StandardRedisClient.initialize(i,n,Ui.Environment.instance.deploymentName??"unknown",Ui.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ja=r,r}s(jO,"getRedisClient");async function Xb(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(Xb,"getCountAndUpdateExpiry");function VO(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(VO,"wrapUserFunction");var GO="Retry-After",BO=s(async(e,t,r,n)=>{let i=Date.now(),o=Qb.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[GO]=l.toString()),MO.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:VO(r,n),user:qO,ip:FO,all:$O}[r.rateLimitBy],d=await l(e,t,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=jO(n,o),S=`bucket/${Ui.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??kO)==="async"){let L=await(0,DO.getPolicyCacheName)(n,r),ne=new UO.ZoneCache(L,{logger:Qb.SystemLogMap.getLogger(t)}),ie=Xb(S,h,_,o,t.requestId),me=await ne.get(S);if(me!==void 0&&me<=Date.now()){Ka(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${S}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,k=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ie;if(Ce.count>f){let uu=Date.now()+Ce.ttlSeconds*1e3,jE=ne.put(S,uu,Ce.ttlSeconds).catch(wh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:wh})),wh});return t.waitUntil(jE),Ka(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (async mode)`),c(g,Ce.ttlSeconds)}return k})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await Xb(S,h,_,o,t.requestId);return K.count>f?(Ka(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${S}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;Ka(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");za.RateLimitInboundPolicy=BO});var i_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.ReadmeMetricsInboundPolicy=void 0;var KO=ve(),Dp=W(),t_=si(),Up;function r_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(r_,"headersToNameValuePairs");function JO(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(JO,"queryToNameValueParis");function zO(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(zO,"parseIntOrUndefined");var n_={};async function WO(e,t,r,n){let i=new Date,o=Date.now();return Up||(Up={name:"zuplo",version:Dp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Dp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,t_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,t_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Dp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:Up,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:r_(e.headers),queryString:JO(e.query)},response:{status:a.status,statusText:a.statusText,headers:r_(a.headers),content:{size:zO(e.headers.get("content-length"))}}}]}}},d=n_[r.apiKey];if(!d){let p=r.apiKey;d=new KO.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),n_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(WO,"ReadmeMetricsInboundPolicy");Wa.ReadmeMetricsInboundPolicy=WO});var o_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.RemoveHeadersInboundPolicy=void 0;var QO=O(),YO=ke(),ZO=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new QO.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new YO.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");Qa.RemoveHeadersInboundPolicy=ZO});var s_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.RemoveHeadersOutboundPolicy=void 0;var XO=O(),eN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new XO.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");Ya.RemoveHeadersOutboundPolicy=eN});var a_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.RemoveQueryParamsInboundPolicy=void 0;var tN=O(),rN=ke(),nN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new tN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new rN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");Za.RemoveQueryParamsInboundPolicy=nN});var c_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.ReplaceStringOutboundPolicy=void 0;var iN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");Xa.ReplaceStringOutboundPolicy=iN});var l_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.RequestSizeLimitInboundPolicy=void 0;var u_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),oN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?u_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?u_():e},"RequestSizeLimitInboundPolicy");ec.RequestSizeLimitInboundPolicy=oN});var tc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function sN(e,t,r){return`_${Hr(e+"_"+t+"_"+r)}`}s(sN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=sN;function aN(e,t,r,n){return`_${Hr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(aN,"getIdForParameterSchema");tt.getIdForParameterSchema=aN;function cN(e,t,r){return`_${Hr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Hr(r.toLowerCase())}`}s(cN,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=cN;function uN(e,t){return`_${Hr(e)}__${Hr(t)}`}s(uN,"getIdForRefSchema");tt.getIdForRefSchema=uN;function Hr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Hr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Hr});var Mi=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var lN=Ir(),dN=tc(),pN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=pN;var hN=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,dN.getIdForParameterSchema)(r,n,i,u.name),p=lN.Gateway.instance.schemaValidator[d],f=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=hN;var fN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=fN;var mN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=mN;var yN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=yN;var gN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=gN});var d_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.handleBodyValidation=void 0;var bN=Ir(),rc=te(),_N=tc(),Je=Mi();async function EN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=rc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=rc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,_N.getIdForRequestBodySchema)(e.route.path,t.method,i),c=bN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=rc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),f=rc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return f}s(EN,"handleBodyValidation");nc.handleBodyValidation=EN});var p_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.handleHeadersValidation=void 0;var wN=te(),ki=Mi();function vN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ki.getParametersForOperation)(e),o=(0,ki.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=wN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ki.shouldLog)(r.validateHeaders)&&(0,ki.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ki.shouldReject)(r.validateHeaders))return c}}s(vN,"handleHeadersValidation");ic.handleHeadersValidation=vN});var h_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.handlePathParameterValidation=void 0;var TN=te(),Hi=Mi();function SN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Hi.getParametersForOperation)(e),i=(0,Hi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=TN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Hi.shouldLog)(r.validatePathParameters)&&(0,Hi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Hi.shouldReject)(r.validatePathParameters))return a}}s(SN,"handlePathParameterValidation");oc.handlePathParameterValidation=SN});var f_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.handleQueryParameterValidation=void 0;var IN=te(),Fi=Mi();function PN(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=IN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validateQueryParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validateQueryParameters))return a}}s(PN,"handleQueryParameterValidation");sc.handleQueryParameterValidation=PN});var m_=y(Fr=>{"use strict";Object.defineProperty(Fr,"__esModule",{value:!0});Fr.SchemaBasedRequestValidation=Fr.RequestValidationInboundPolicy=void 0;var AN=d_(),RN=p_(),ON=h_(),NN=f_(),xN=s(async(e,t,r)=>{let n=(0,NN.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,ON.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,RN.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,AN.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Fr.RequestValidationInboundPolicy=xN;Fr.SchemaBasedRequestValidation=Fr.RequestValidationInboundPolicy});var y_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.RequireOriginInboundPolicy=void 0;var CN=O(),LN=te(),DN=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new CN.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return LN.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");ac.RequireOriginInboundPolicy=DN});var g_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.SetBodyInboundPolicy=void 0;var UN=ke(),MN=s(async(e,t,r)=>new UN.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");cc.SetBodyInboundPolicy=MN});var __=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.SetHeadersInboundPolicy=void 0;var b_=O(),kN=ke(),HN=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new b_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new b_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new kN.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");uc.SetHeadersInboundPolicy=HN});var w_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.SetHeadersOutboundPolicy=void 0;var E_=O(),FN=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new E_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new E_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");lc.SetHeadersOutboundPolicy=FN});var T_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.SetQueryParamsInboundPolicy=void 0;var v_=O(),qN=ke(),$N=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new v_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new v_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new qN.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");dc.SetQueryParamsInboundPolicy=$N});var S_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.SetStatusOutboundPolicy=void 0;var jN=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");pc.SetStatusOutboundPolicy=jN});var I_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.SleepInboundPolicy=void 0;var VN=O(),GN=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),BN=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new VN.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await GN(r.sleepInMs),e},"SleepInboundPolicy");hc.SleepInboundPolicy=BN});var A_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.SupabaseJwtInboundPolicy=void 0;var P_=O(),KN=te(),JN=ke(),zN=qt(),WN=jt(),QN=s(async(e,t,r,n)=>{(0,zN.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,WN.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof JN.ZuploRequest))throw new P_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new P_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?KN.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");fc.SupabaseJwtInboundPolicy=QN});var O_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var YN=$t(),ZN=Kt(),R_=O(),XN=hn(),ex=qt(),tx=s(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,YN.getPolicyCacheName)(n,r),o=new ZN.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await rx(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");mc.UpstreamAzureAdServiceAuthInboundPolicy=tx;async function rx(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,XN.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new R_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new R_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(rx,"getAccessToken")});var x_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var nx=$t(),ix=Kt(),ox=O(),Mp=fn(),sx=qt(),N_="https://accounts.google.com/o/oauth2/token",kp,ax=s(async(e,t,r,n)=>{(0,sx.optionValidator)(r,n).required("serviceAccountJson","string"),kp||(kp=await Mp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,nx.getPolicyCacheName)(n,r),a=new ix.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Mp.getTokenFromGcpServiceAccount)({serviceAccount:kp,audience:N_,payload:i}),l=await(0,Mp.exchangeGgpJwtForIdToken)(N_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new ox.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");yc.UpstreamFirebaseAdminAuthInboundPolicy=ax});var C_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var cx=$t(),ux=Kt(),qn=O(),lx=_p(),Hp=fn(),dx=si(),px=qt(),hx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",fx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Fp,mx=s(async(e,t,r,n)=>{if((0,px.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new qn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(fx.indexOf(p)!==-1)throw new qn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Fp||(Fp=await Hp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new qn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new qn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,dx.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new qn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,cx.getPolicyCacheName)(n,r),c=new ux.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,lx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Hp.getTokenFromGcpServiceAccount)({serviceAccount:Fp,audience:hx,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Hp.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new qn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");gc.UpstreamFirebaseUserAuthInboundPolicy=mx});var D_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.UpstreamGcpJwtInboundPolicy=void 0;var L_=fn(),yx=qt(),qp,gx=s(async(e,t,r,n)=>{(0,yx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),qp||(qp=await L_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,L_.getTokenFromGcpServiceAccount)({serviceAccount:qp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");bc.UpstreamGcpJwtInboundPolicy=gx});var M_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.UpstreamGcpServiceAuthInboundPolicy=void 0;var bx=$t(),_x=yu(),Ex=Kt(),wx=O(),$p=fn(),vx=qt(),U_="https://www.googleapis.com/oauth2/v4/token",jp,Tx=s(async(e,t,r,n)=>{(0,vx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),jp||(jp=await $p.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,bx.getPolicyCacheName)(n,r),o;r.useMemoryCacheOnly?o=new _x.MemoryCache(i):o=new Ex.MemoryZoneReadThroughCache(i,t);let a=await o.get(n);if(!a){let c=await(0,$p.getTokenFromGcpServiceAccount)({serviceAccount:jp,audience:U_,payload:{target_audience:`${r.audience}`}}),{id_token:u}=await(0,$p.exchangeGgpJwtForIdToken)(U_,c,{retries:r.tokenRetries??3,retryDelayMs:10});if(!u)throw new wx.RuntimeError("Invalid token response from GCP");a=u,o.put(n,a,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamGcpServiceAuthInboundPolicy");_c.UpstreamGcpServiceAuthInboundPolicy=Tx});var H_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.ValidateJsonSchemaInbound=void 0;var Sx=O(),k_=te(),Ix=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return k_.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new Sx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return k_.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Ec.ValidateJsonSchemaInbound=Ix});var $_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.MeteringInboundPolicy=void 0;var F_=Bs(),q_=gn(),wc=O(),Px=te(),Ax=He(),Rx=W(),Ox=s(async(e,t,r,n)=>{let i=Ax.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,f)=>{let h=F_.ContextData.get(f,"subscription");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(q_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=q_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new wc.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:_,meteringServiceUrl:T}=Rx.Environment.instance;if(d.ok&&h&&r.meters)try{let S=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${_}`,"zp-rid":f.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});S.ok||(f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${S.status} - ${S.statusText}`))}catch(S){f.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,S)}});let o=F_.ContextData.get(t,"subscription"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o){if(a)return e;throw new wc.ConfigurationError("Subscription is not available for user")}if(o&&Object.keys(o.quotas).length===0)throw new wc.ConfigurationError("Quota is not set up for the user's subscription");let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)throw new wc.ConfigurationError(`The following policy meters are not present in the subscription: ${l.join(", ")}`);for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return Px.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");vc.MeteringInboundPolicy=Ox});var G_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.LoadSubscriptionInboundPolicy=void 0;var Nx=ri(),xx=Bs(),j_=gn(),Cx=O(),Vp=te(),V_=He(),Lx=W(),Dx=s(async(e,t,r,n)=>{let i=V_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=e.user;if(!a)return o?e:Vp.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(j_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=j_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Cx.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:c,meteringServiceUrl:u}=Lx.Environment.instance,{sub:l}=a,d;try{let f=`${r.bucketId}-${l}`,h=new Nx.ZoneCache(f,{logger:V_.SystemLogMap.getLogger(t)}),g=await h.get(f);if(g)d=g;else{let _=await fetch(`${u}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${l}&status=active`,{headers:{Authorization:`Bearer ${c}`,"zp-rid":t.requestId},method:"GET"});if(!_.ok)return t.log.error(await _.text()),Vp.HttpProblems.forbidden(e,t);d=await _.json(),h.put(f,d,15).catch(T=>{throw i.error(T),T})}}catch(f){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,f)}if((!d||!d.data||d.data.length===0)&&!o)return Vp.HttpProblems.unauthorized(e,t,{detail:"No valid, active subscription found"});if((!d||!d.data||d.data.length===0)&&o)return e;let p=d&&d.data?d.data[0]:void 0;return xx.ContextData.set(t,"subscription",p),e},"LoadSubscriptionInboundPolicy");Tc.LoadSubscriptionInboundPolicy=Dx});var B_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.ServiceProviderImpl=void 0;var Ux=O(),Gp=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new Ux.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Sc.ServiceProviderImpl=Gp});var rE=y(m=>{"use strict";var Mx=m&&m.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Bp=m&&m.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&Mx(t,e,r)},kx=m&&m.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(m,"__esModule",{value:!0});m.RateLimitInboundPolicy=m.BasicRateLimitInboundPolicy=m.PropelAuthJwtInboundPolicy=m.OpenIdJwtInboundPolicy=m.OktaJwtInboundPolicy=m.setMoesifContext=m.MoesifInboundPolicy=m.MockApiInboundPolicy=m.JWTScopeValidationInboundPolicy=m.GeoFilterInboundPolicy=m.FormDataToJsonInboundPolicy=m.FirebaseJwtInboundPolicy=m.CurityPhantomTokenInboundPolicy=m.CreditsMeteringInboundPolicy=m.CompositeInboundPolicy=m.CognitoJwtInboundPolicy=m.ClerkJwtInboundPolicy=m.ClearHeadersOutboundPolicy=m.ClearHeadersInboundPolicy=m.ChangeMethodInboundPolicy=m.CachingInboundPolicy=m.BasicAuthInboundPolicy=m.Auth0JwtInboundPolicy=m.ApiKeyInboundPolicy=m.ApiAuthKeyInboundPolicy=m.AmberfloMeteringPolicy=m.AmberfloMeteringInboundPolicy=m.AuditLogPlugin=m.AuditLogDataStaxProvider=m.HttpStatusCode=m.webSocketPipelineHandler=m.webSocketHandler=m.urlRewriteHandler=m.urlForwardHandler=m.redirectHandler=m.openApiSpecHandler=m.awsLambdaHandler=m.AwsLambdaHandlerExtensions=m.purgeGatewayCache=m.Handler=m.originalFetch=m.ConfigurationError=m.isZuploReadableEnvVariableName=m.isRestrictedEnvVariableName=m.environment=m.ContextData=m.ResponseSentEvent=m.ResponseSendingEvent=m.ZoneCache=m.MemoryZoneReadThroughCache=void 0;m.sanitizedIdentifierName=m.getRawOperationDataIdentifierName=m.getIdForRequestBodySchema=m.getIdForRefSchema=m.getIdForParameterSchema=m.SystemLogMap=m.httpStatuses=m.SYSTEM_LOGGER=m.API_KEY=m.ServiceProviderImpl=m.serialize=m.ContentTypes=m.Router=m.LookupResult=m.SystemRouteName=m.ZuploRequest=m.ProblemResponseFormatter=m.HttpProblems=m.LoadSubscriptionInboundPolicy=m.MeteringInboundPolicy=m.ValidateJsonSchemaInbound=m.UpstreamGcpServiceAuthInboundPolicy=m.UpstreamGcpJwtInboundPolicy=m.UpstreamFirebaseUserAuthInboundPolicy=m.UpstreamFirebaseAdminAuthInboundPolicy=m.UpstreamAzureAdServiceAuthInboundPolicy=m.SupabaseJwtInboundPolicy=m.StripeWebhookVerificationInboundPolicy=m.SleepInboundPolicy=m.SetStatusOutboundPolicy=m.SetQueryParamsInboundPolicy=m.SetHeadersOutboundPolicy=m.SetHeadersInboundPolicy=m.SetBodyInboundPolicy=m.RequireOriginInboundPolicy=m.SchemaBasedRequestValidation=m.RequestValidationInboundPolicy=m.RequestSizeLimitInboundPolicy=m.ReplaceStringOutboundPolicy=m.RemoveQueryParamsInboundPolicy=m.RemoveHeadersOutboundPolicy=m.RemoveHeadersInboundPolicy=m.ReadmeMetricsInboundPolicy=void 0;Ah();var Hx=Kt();Object.defineProperty(m,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return Hx.MemoryZoneReadThroughCache}});var Fx=ri();Object.defineProperty(m,"ZoneCache",{enumerable:!0,get:function(){return Fx.ZoneCache}});var K_=Pr();Object.defineProperty(m,"ResponseSendingEvent",{enumerable:!0,get:function(){return K_.ResponseSendingEvent}});Object.defineProperty(m,"ResponseSentEvent",{enumerable:!0,get:function(){return K_.ResponseSentEvent}});var qx=Bs();Object.defineProperty(m,"ContextData",{enumerable:!0,get:function(){return qx.ContextData}});var Kp=gn();Object.defineProperty(m,"environment",{enumerable:!0,get:function(){return Kp.environment}});Object.defineProperty(m,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Kp.isRestrictedEnvVariableName}});Object.defineProperty(m,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Kp.isZuploReadableEnvVariableName}});var $x=O();Object.defineProperty(m,"ConfigurationError",{enumerable:!0,get:function(){return $x.ConfigurationError}});var jx=Nd();Object.defineProperty(m,"originalFetch",{enumerable:!0,get:function(){return jx.originalFetch}});var J_=rg();Object.defineProperty(m,"Handler",{enumerable:!0,get:function(){return J_.Handler}});Object.defineProperty(m,"purgeGatewayCache",{enumerable:!0,get:function(){return J_.purgeGatewayCache}});var z_=_g();Object.defineProperty(m,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return z_.AwsLambdaHandlerExtensions}});Object.defineProperty(m,"awsLambdaHandler",{enumerable:!0,get:function(){return z_.awsLambdaHandler}});var Vx=wg();Object.defineProperty(m,"openApiSpecHandler",{enumerable:!0,get:function(){return Vx.openApiSpecHandler}});var Gx=vg();Object.defineProperty(m,"redirectHandler",{enumerable:!0,get:function(){return Gx.redirectHandler}});var Bx=Sg();Object.defineProperty(m,"urlForwardHandler",{enumerable:!0,get:function(){return Bx.urlForwardHandler}});var Kx=Pg();Object.defineProperty(m,"urlRewriteHandler",{enumerable:!0,get:function(){return Kx.urlRewriteHandler}});var Jx=Rg();Object.defineProperty(m,"webSocketHandler",{enumerable:!0,get:function(){return Jx.webSocketHandler}});var zx=xg();Object.defineProperty(m,"webSocketPipelineHandler",{enumerable:!0,get:function(){return zx.webSocketPipelineHandler}});var Wx=$u();Object.defineProperty(m,"HttpStatusCode",{enumerable:!0,get:function(){return Wx.HttpStatusCode}});Bp(Fg(),m);Bp(jg(),m);var Qx=Vg();Object.defineProperty(m,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Qx.AuditLogDataStaxProvider}});var Yx=Bg();Object.defineProperty(m,"AuditLogPlugin",{enumerable:!0,get:function(){return Yx.AuditLogPlugin}});Bp(lb(),m);var W_=mb();Object.defineProperty(m,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return W_.AmberfloMeteringInboundPolicy}});Object.defineProperty(m,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return W_.AmberfloMeteringPolicy}});var Zx=Eb();Object.defineProperty(m,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Zx.ApiAuthKeyInboundPolicy}});var Xx=vp();Object.defineProperty(m,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Xx.ApiKeyInboundPolicy}});var eC=wb();Object.defineProperty(m,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return eC.Auth0JwtInboundPolicy}});var tC=vb();Object.defineProperty(m,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return tC.BasicAuthInboundPolicy}});var rC=Tb();Object.defineProperty(m,"CachingInboundPolicy",{enumerable:!0,get:function(){return rC.CachingInboundPolicy}});var nC=Sb();Object.defineProperty(m,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return nC.ChangeMethodInboundPolicy}});var iC=Ib();Object.defineProperty(m,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return iC.ClearHeadersInboundPolicy}});var oC=Pb();Object.defineProperty(m,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return oC.ClearHeadersOutboundPolicy}});var sC=Ab();Object.defineProperty(m,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return sC.ClerkJwtInboundPolicy}});var aC=Ob();Object.defineProperty(m,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return aC.CognitoJwtInboundPolicy}});var cC=xb();Object.defineProperty(m,"CompositeInboundPolicy",{enumerable:!0,get:function(){return cC.CompositeInboundPolicy}});var uC=Lb();Object.defineProperty(m,"CreditsMeteringInboundPolicy",{enumerable:!0,get:function(){return uC.CreditsMeteringInboundPolicy}});var lC=Db();Object.defineProperty(m,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return lC.CurityPhantomTokenInboundPolicy}});var dC=Ub();Object.defineProperty(m,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return dC.FirebaseJwtInboundPolicy}});var pC=Mb();Object.defineProperty(m,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return pC.FormDataToJsonInboundPolicy}});var hC=kb();Object.defineProperty(m,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return hC.GeoFilterInboundPolicy}});var fC=Hb();Object.defineProperty(m,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return fC.JWTScopeValidationInboundPolicy}});var mC=qb();Object.defineProperty(m,"MockApiInboundPolicy",{enumerable:!0,get:function(){return mC.MockApiInboundPolicy}});var Q_=Bb();Object.defineProperty(m,"MoesifInboundPolicy",{enumerable:!0,get:function(){return Q_.MoesifInboundPolicy}});Object.defineProperty(m,"setMoesifContext",{enumerable:!0,get:function(){return Q_.setMoesifContext}});var yC=Kb();Object.defineProperty(m,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return yC.OktaJwtInboundPolicy}});var gC=jt();Object.defineProperty(m,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return gC.OpenIdJwtInboundPolicy}});var bC=Jb();Object.defineProperty(m,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return bC.PropelAuthJwtInboundPolicy}});var Y_=e_();Object.defineProperty(m,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return Y_.RateLimitInboundPolicy}});Object.defineProperty(m,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return Y_.RateLimitInboundPolicy}});var _C=i_();Object.defineProperty(m,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return _C.ReadmeMetricsInboundPolicy}});var EC=o_();Object.defineProperty(m,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return EC.RemoveHeadersInboundPolicy}});var wC=s_();Object.defineProperty(m,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return wC.RemoveHeadersOutboundPolicy}});var vC=a_();Object.defineProperty(m,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return vC.RemoveQueryParamsInboundPolicy}});var TC=c_();Object.defineProperty(m,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return TC.ReplaceStringOutboundPolicy}});var SC=l_();Object.defineProperty(m,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return SC.RequestSizeLimitInboundPolicy}});var Z_=m_();Object.defineProperty(m,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return Z_.RequestValidationInboundPolicy}});Object.defineProperty(m,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return Z_.SchemaBasedRequestValidation}});var IC=y_();Object.defineProperty(m,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return IC.RequireOriginInboundPolicy}});var PC=g_();Object.defineProperty(m,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return PC.SetBodyInboundPolicy}});var AC=__();Object.defineProperty(m,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return AC.SetHeadersInboundPolicy}});var RC=w_();Object.defineProperty(m,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return RC.SetHeadersOutboundPolicy}});var OC=T_();Object.defineProperty(m,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return OC.SetQueryParamsInboundPolicy}});var NC=S_();Object.defineProperty(m,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return NC.SetStatusOutboundPolicy}});var xC=I_();Object.defineProperty(m,"SleepInboundPolicy",{enumerable:!0,get:function(){return xC.SleepInboundPolicy}});var CC=dp();Object.defineProperty(m,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return CC.StripeWebhookVerificationInboundPolicy}});var LC=A_();Object.defineProperty(m,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return LC.SupabaseJwtInboundPolicy}});var DC=O_();Object.defineProperty(m,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return DC.UpstreamAzureAdServiceAuthInboundPolicy}});var UC=x_();Object.defineProperty(m,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return UC.UpstreamFirebaseAdminAuthInboundPolicy}});var MC=C_();Object.defineProperty(m,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return MC.UpstreamFirebaseUserAuthInboundPolicy}});var kC=D_();Object.defineProperty(m,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return kC.UpstreamGcpJwtInboundPolicy}});var HC=M_();Object.defineProperty(m,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return HC.UpstreamGcpServiceAuthInboundPolicy}});var FC=H_();Object.defineProperty(m,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return FC.ValidateJsonSchemaInbound}});var qC=$_();Object.defineProperty(m,"MeteringInboundPolicy",{enumerable:!0,get:function(){return qC.MeteringInboundPolicy}});var $C=G_();Object.defineProperty(m,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return $C.LoadSubscriptionInboundPolicy}});var jC=te();Object.defineProperty(m,"HttpProblems",{enumerable:!0,get:function(){return jC.HttpProblems}});var VC=go();Object.defineProperty(m,"ProblemResponseFormatter",{enumerable:!0,get:function(){return VC.ProblemResponseFormatter}});var GC=ke();Object.defineProperty(m,"ZuploRequest",{enumerable:!0,get:function(){return GC.ZuploRequest}});var BC=Rr();Object.defineProperty(m,"SystemRouteName",{enumerable:!0,get:function(){return BC.SystemRouteName}});var X_=Ed();Object.defineProperty(m,"LookupResult",{enumerable:!0,get:function(){return X_.LookupResult}});Object.defineProperty(m,"Router",{enumerable:!0,get:function(){return X_.Router}});var eE=xu();Object.defineProperty(m,"ContentTypes",{enumerable:!0,get:function(){return eE.ContentTypes}});Object.defineProperty(m,"serialize",{enumerable:!0,get:function(){return eE.serialize}});var KC=B_();Object.defineProperty(m,"ServiceProviderImpl",{enumerable:!0,get:function(){return KC.ServiceProviderImpl}});var tE=el();Object.defineProperty(m,"API_KEY",{enumerable:!0,get:function(){return tE.API_KEY}});Object.defineProperty(m,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return tE.SYSTEM_LOGGER}});var JC=Vu();Object.defineProperty(m,"httpStatuses",{enumerable:!0,get:function(){return kx(JC).default}});var zC=He();Object.defineProperty(m,"SystemLogMap",{enumerable:!0,get:function(){return zC.SystemLogMap}});var qi=tc();Object.defineProperty(m,"getIdForParameterSchema",{enumerable:!0,get:function(){return qi.getIdForParameterSchema}});Object.defineProperty(m,"getIdForRefSchema",{enumerable:!0,get:function(){return qi.getIdForRefSchema}});Object.defineProperty(m,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return qi.getIdForRequestBodySchema}});Object.defineProperty(m,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return qi.getRawOperationDataIdentifierName}});Object.defineProperty(m,"sanitizedIdentifierName",{enumerable:!0,get:function(){return qi.sanitizedIdentifierName}})});var nE=y($n=>{"use strict";Object.defineProperty($n,"__esModule",{value:!0});$n.BaseCryptoBeta=$n.supportedDigests=void 0;$n.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Jp=class{static{s(this,"BaseCryptoBeta")}};$n.BaseCryptoBeta=Jp});var iE=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.WorkerCryptoBeta=void 0;var zp=nE(),WC=O(),Wp=class extends zp.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!zp.supportedDigests.includes(t.toLowerCase()))throw new WC.RuntimeError(`Algorithm ${t} is not supported. Try using ${zp.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Ic.WorkerCryptoBeta=Wp});var oE=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.BaseKeyValueStore=void 0;var Qp=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Pc.BaseKeyValueStore=Qp});var aE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.WorkerKeyValueStore=void 0;var sE=O(),QC=oE(),Yp=class extends QC.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new sE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new sE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Ac.WorkerKeyValueStore=Yp});var Dt=y(dt=>{"use strict";var YC=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),ZC=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&YC(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;ZC(rE(),dt);var XC=iE();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return XC.WorkerCryptoBeta}});var eL=aE();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return eL.WorkerKeyValueStore}})});var aD={};ro(aD,{GraphQLComplexityLimitInboundPolicy:()=>FE,GraphQLDisableIntrospectionInboundPolicy:()=>$E});module.exports=no(aD);var Xn=Th(Dt());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var tL=/\r\n|[\n\r]/g;function jn(e,t){let r=0,n=1;for(let i of e.body.matchAll(tL)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(jn,"getLocation");function Zp(e){return Rc(e.source,jn(e.source,e.start))}s(Zp,"printLocation");function Rc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
75
75
|
`,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let f=Math.floor(u/80),h=u%80,g=[];for(let _=0;_<p.length;_+=80)g.push(p.slice(_,_+80));return l+cE([[`${a} |`,g[0]],...g.slice(1,f+1).map(_=>["|",_]),["|","^".padStart(h)],["|",g[f+1]]])}return l+cE([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Rc,"printSourceLocation");function cE(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
|
|
76
76
|
`)}s(cE,"printPrefixedLines");function rL(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(rL,"toNormalizedOptions");var C=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=rL(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=uE(Array.isArray(a)?a:a?[a]:void 0);let f=uE((n=this.nodes)===null||n===void 0?void 0:n.map(g=>g.loc).filter(g=>g!=null));this.source=c??(f==null||(i=f[0])===null||i===void 0?void 0:i.source),this.positions=u??f?.map(g=>g.start),this.locations=u&&c?u.map(g=>jn(c,g)):f?.map(g=>jn(g.source,g.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
|
|
77
77
|
|