@zuplo/graphql 5.1776.0 → 5.1777.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.minified.js CHANGED
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
71
71
  `+d}):new Hr.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
72
72
  If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
73
73
  `+l+`
74
- `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Hr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(jR,"validateComputedSignature");function VR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(VR,"parseHeader");function GR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(GR,"secureCompare");async function ob(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=yp[o[c]];return a.join("")}s(ob,"computeHMACSignatureAsync");Ln.computeHMACSignatureAsync=ob;var yp=new Array(256);for(let e=0;e<yp.length;e++)yp[e]=e.toString(16).padStart(2,"0")});var qt=y(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.optionValidator=void 0;var xi=A();function BR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(BR,"optionValidator");ma.optionValidator=BR});var gp=y(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.StripeWebhookVerificationInboundPolicy=void 0;var KR=te(),JR=sb(),zR=qt(),WR=s(async(e,t,r,n)=>{(0,zR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,JR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),KR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ya.StripeWebhookVerificationInboundPolicy=WR});var cb=y(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.isStripeWebhookEvent=void 0;var ab=gt();function QR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,ab.isString)(e.id)&&"type"in e&&(0,ab.isString)(e.type)}s(QR,"isStripeWebhookEvent");ga.isStripeWebhookEvent=QR});var ub=y(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.MeteringPlugin=void 0;var YR=yt(),bp=class extends YR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ba.MeteringPlugin=bp});var db=y(_p=>{"use strict";Object.defineProperty(_p,"__esModule",{value:!0});var lb=A(),ZR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new lb.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new lb.RuntimeError(o)}return i}};_p.default=ZR});var gb=y(Dn=>{"use strict";Object.defineProperty(Dn,"__esModule",{value:!0});Dn.createConsumerInvite=Dn.createConsumer=void 0;var pb=A(),hb=He(),fb=W(),mb=mn(),yb="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function XR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=fb.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,yb);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},p=await(0,mb.fetchRetry)({retryDelayMs:5,retries:2,logger:hb.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new pb.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}s(XR,"createConsumer");Dn.createConsumer=XR;async function e0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:o}){let{authApiJWT:a}=fb.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,yb);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,mb.fetchRetry)({retryDelayMs:5,retries:2,logger:hb.SystemLogMap.getLogger(o)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw o.log.error(m,p),new pb.RuntimeError(m)}return o.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}s(e0,"createConsumerInvite");Dn.createConsumerInvite=e0});var _a=y(gr=>{"use strict";Object.defineProperty(gr,"__esModule",{value:!0});gr.getSubscription=gr.updateSubscription=gr.createSubscription=void 0;var yr=A(),Ep=He(),wp=W(),vp=mn(),Sp=gt();async function t0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:o,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:o,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new yr.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(t0,"createSubscription");gr.createSubscription=t0;async function r0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:o}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(i))throw new yr.SystemError("No Zuplo JWT token set.");let a=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new yr.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}s(r0,"updateSubscription");gr.updateSubscription=r0;async function n0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:o}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(i))throw new yr.SystemError("No Zuplo JWT token set.");let a=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new yr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new yr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new yr.RuntimeError(u)}return c.data[0]}s(n0,"getSubscription");gr.getSubscription=n0});var Tp=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.stripeStatusToMeteringStatus=void 0;function i0(e){return e.replaceAll("_","-")}s(i0,"stripeStatusToMeteringStatus");Ea.stripeStatusToMeteringStatus=i0});var _b=y(Ci=>{"use strict";var o0=Ci&&Ci.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ci,"__esModule",{value:!0});var wa=A(),Ip=te(),s0=o0(db()),bb=gb(),a0=_a(),c0=Tp();async function u0(e,t,r,n){let i=r.data.object.id;if(!i)throw new wa.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.plan;if(!o||!o.product)throw new wa.RuntimeError("Invalid Stripe API result. Expected event to have a plan data.");let a=r.data.object.customer;if(!a)throw new wa.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");let c=o.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,bb.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await s0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)throw new wa.RuntimeError("Invalid Stripe API result. Expected customer to contain email address.");u=await(0,bb.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return Ip.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,c0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,a0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return Ip.HttpProblems.internalServerError(e,t,{detail:l.message})}return Ip.HttpProblems.ok(e,t)}s(u0,"onCustomerSubscriptionCreated");Ci.default=u0});var vb=y(Pp=>{"use strict";Object.defineProperty(Pp,"__esModule",{value:!0});var Eb=A(),l0=te(),wb=_a();async function d0(e,t,r,n){let i=r.data.object.id;if(!i)throw new Eb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.customer;if(!o)throw new Eb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");let a=await(0,wb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,wb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled"}}),l0.HttpProblems.ok(e,t)}s(d0,"onCustomerSubscriptionDeleted");Pp.default=d0});var Tb=y(Rp=>{"use strict";Object.defineProperty(Rp,"__esModule",{value:!0});var Sb=A(),Ap=te(),va=_a(),p0=Tp();async function h0(e,t,r,n){let i=r.data.object.id;if(!i)throw new Sb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.customer;if(!o)throw new Sb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,va.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId}),u=(0,p0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,va.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u}}),Ap.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,va.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,va.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{planExternalIds:[r.data.object.plan.product]}}),Ap.HttpProblems.ok(e,t)}}return Ap.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}s(h0,"onCustomerSubscriptionUpdated");Rp.default=h0});var Pb=y(Un=>{"use strict";var Np=Un&&Un.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Un,"__esModule",{value:!0});Un.StripeMeteringPlugin=void 0;var Sa=_n(),Ta=A(),f0=Lt(),m0=gp(),Ib=te(),y0=Qt(),g0=Yr(),b0=Ku(),_0=ot(),E0=W(),w0=cb(),v0=ub(),S0=Np(_b()),T0=Np(vb()),I0=Np(Tb()),Op=class extends v0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Sa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Sa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ta.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Sa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Sa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ta.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!E0.Environment.instance.build.ACCOUNT_NAME)throw new Ta.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!P0(p))throw new Ta.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,w0.isStripeWebhookEvent)(m))return Ib.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,S0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,I0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,T0.default)(c,u,m,{meteringBucketId:l});default:return Ib.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,g0.createInternalPolicyProcessor)({inboundPolicies:[{handler:m0.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new f0.Pipeline({processors:[y0.metricsProcessor,i],handler:n,gateway:r}),a=new _0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:b0.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Un.StripeMeteringPlugin=Op;function P0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(P0,"isMetricsRegion")});var xb=y(kn=>{"use strict";Object.defineProperty(kn,"__esModule",{value:!0});kn.AmberfloMeteringInboundPolicy=kn.AmberfloMeteringPolicy=void 0;var Ab=A(),A0=ve(),Rb=Wr(),Nb=new WeakMap,Ob={},xp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Nb.set(t,r)}};kn.AmberfloMeteringPolicy=xp;async function R0(e,t,r,n){if(!r.statusCodes)throw new Ab.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Rb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Ab.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Rb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Ob[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new A0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Ob[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(R0,"AmberfloMeteringInboundPolicy");kn.AmberfloMeteringInboundPolicy=R0});var Cp=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.sha256=void 0;async function O0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(O0,"sha256");Ia.sha256=O0});var $t=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.getPolicyCacheName=void 0;var N0=Cp(),Cb=new Map;async function x0(e,t){let r,n=Cb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,N0.sha256)(JSON.stringify({policyName:e,options:t}))}`,Cb.set(e,r)),r}s(x0,"getPolicyCacheName");Pa.getPolicyCacheName=x0});var Up=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ApiKeyInboundPolicy=void 0;var C0=$t(),L0=Kt(),Lb=_n(),Lp=A(),D0=Dt(),Db=He(),Dp=W(),U0=mn(),Ub="key-metadata-cache-type";function k0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(k0,"getKeyValue");async function M0(e,t,r,n){if(!r.bucketName)if(Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Lp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Lp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(S=>i.allowUnauthenticatedRequests?e:D0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=k0(a,i);if(!c||c==="")return o("No key present");let u=await H0(c),l=await(0,C0.getPolicyCacheName)(n,i),d=new L0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Ub&&Db.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,U0.fetchRetry)({retryDelayMs:5,retries:2,logger:Db.SystemLogMap.getLogger(t)},`${Dp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":Dp.Environment.instance.deploymentName??"unknown","User-Agent":Dp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new Lp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Ub,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(M0,"ApiKeyInboundPolicy");Aa.ApiKeyInboundPolicy=M0;async function H0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(H0,"hashValue")});var kb=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ApiAuthKeyInboundPolicy=void 0;var F0=Up();Ra.ApiAuthKeyInboundPolicy=F0.ApiKeyInboundPolicy});var jt=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.OpenIdJwtInboundPolicy=void 0;var Mp=(Rs(),oo(As)),Hp=A(),q0=te(),kp={},$0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Hp.ConfigurationError("Invalid State - jwkUrl not set");kp[t.jwkUrl]||(kp[t.jwkUrl]=(0,Mp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Mp.jwtVerify)(e,kp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),j0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Mp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),V0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>q0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Hp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Hp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?$0:j0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Oa.OpenIdJwtInboundPolicy=V0});var Mb=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.Auth0JwtInboundPolicy=void 0;var G0=jt(),B0=s(async(e,t,r,n)=>(0,G0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Na.Auth0JwtInboundPolicy=B0});var Hb=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.BasicAuthInboundPolicy=void 0;var K0=te(),J0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>K0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");xa.BasicAuthInboundPolicy=J0});var Fb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CachingInboundPolicy=void 0;var z0=$t(),W0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Q0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(Q0,"digestMessage");var Y0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await Q0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function Z0(e,t,r,n){let i=await(0,z0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await Y0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);W0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(Z0,"CachingInboundPolicy");Ca.CachingInboundPolicy=Z0});var qb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.ChangeMethodInboundPolicy=void 0;var X0=A(),eO=Me(),tO=s(async(e,t,r,n)=>{if(!r.method)throw new X0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new eO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");La.ChangeMethodInboundPolicy=tO});var $b=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.ClearHeadersInboundPolicy=void 0;var rO=Me(),nO=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new rO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Da.ClearHeadersInboundPolicy=nO});var jb=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.ClearHeadersOutboundPolicy=void 0;var iO=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ua.ClearHeadersOutboundPolicy=iO});var Vb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ClerkJwtInboundPolicy=void 0;var oO=jt(),sO=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,oO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");ka.ClerkJwtInboundPolicy=sO});var Bb=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.CognitoJwtInboundPolicy=void 0;var Gb=A(),aO=jt(),cO=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,aO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ma.CognitoJwtInboundPolicy=cO});var Jb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.CompositeInboundPolicy=void 0;var uO=A(),lO=Pr(),Kb=Yr(),dO=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new uO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=lO.Gateway.instance,o=(0,Kb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Kb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Ha.CompositeInboundPolicy=dO});var zb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CurityPhantomTokenInboundPolicy=void 0;var pO=$t(),hO=Kt(),Fa=te(),fO=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Fa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=mO(i);if(!o)return Fa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,pO.getPolicyCacheName)(n,r),c=new hO.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Fa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Fa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");qa.CurityPhantomTokenInboundPolicy=fO;function mO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(mO,"getToken")});var Wb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.FirebaseJwtInboundPolicy=void 0;var yO=qt(),gO=jt(),bO=s(async(e,t,r,n)=>((0,yO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,gO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");$a.FirebaseJwtInboundPolicy=bO});var Qb=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.FormDataToJsonInboundPolicy=void 0;var _O=Me(),EO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new _O.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");ja.FormDataToJsonInboundPolicy=EO});var Yb=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.GeoFilterInboundPolicy=void 0;var wO=A(),vO=te(),Mn="__unknown__",SO=s(async(e,t,r,n)=>{let i={allow:{countries:Fn(r.allow?.countries,"allow.countries",n),regionCodes:Fn(r.allow?.regionCodes,"allow.regionCode",n),asns:Fn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Fn(r.block?.countries,"block.countries",n),regionCodes:Fn(r.block?.regionCodes,"block.regionCode",n),asns:Fn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Mn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Mn,c=t.incomingRequestProperties.asn?.toString()??Mn,u=i.ignoreUnknown&&o===Mn,l=i.ignoreUnknown&&a===Mn,d=i.ignoreUnknown&&c===Mn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Hn(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Hn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Va.GeoFilterInboundPolicy=SO;function Hn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),vO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Hn,"blockedResponse");function Fn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new wO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Fn,"toLowerStringArray")});var Zb=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.JWTScopeValidationInboundPolicy=void 0;var TO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ga.JWTScopeValidationInboundPolicy=TO});var t_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.LoadSubscriptionInboundPolicy=void 0;var IO=oi(),PO=Js(),Xb=_n(),AO=A(),Ba=te(),e_=He(),RO=W(),OO=s(async(e,t,r,n)=>{let i=e_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=r.allowedSubscriptionStatuses&&r.allowedSubscriptionStatuses.length>0?r.allowedSubscriptionStatuses:["active","incomplete","trialing"],c=e.user;if(!c)return o?e:Ba.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new AO.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:u,meteringServiceUrl:l}=RO.Environment.instance,{sub:d}=c,p;try{let h=`${r.bucketId}-${d}`,g=new IO.ZoneCache(h,{logger:e_.SystemLogMap.getLogger(t)}),_=await g.get(h);if(_)p=_,t.log.debug("Loading subscriptions from cache");else{let S=await fetch(`${l}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${d}`,{headers:{Authorization:`Bearer ${u}`,"zp-rid":t.requestId},method:"GET"});if(!S.ok)return t.log.error(await S.text()),Ba.HttpProblems.forbidden(e,t);p=await S.json(),g.put(h,p,15).catch(T=>{throw i.error(T),T})}}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}let m=p&&p.data&&p.data.length>0?p.data[0]:void 0;return m?(t.log.debug(`Loaded subscription '${m.id}' for user sub '${d}`),!a.includes(m.status)&&!o?(t.log.warn(`Subscription '${m.id}' has status '${m.status}' which is not part of the allowed statuses.`),Ba.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"})):(a.includes(m.status)&&(t.log.debug(`Loading subscription '${m.id}' to ContextData`),PO.ContextData.set(t,"zuplo_meters",m)),e)):(t.log.warn("No valid subscription found"),o?e:Ba.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"}))},"LoadSubscriptionInboundPolicy");Ka.LoadSubscriptionInboundPolicy=OO});var i_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.MeteringInboundPolicy=void 0;var r_=Js(),n_=_n(),NO=A(),Ja=te(),xO=He(),CO=W(),LO=s(async(e,t,r,n)=>{let i=xO.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=r_.ContextData.get(m,"zuplo_meters");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(n_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=n_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new NO.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:_,meteringServiceUrl:S}=CO.Environment.instance;if(d.ok&&h&&r.meters){m.log.debug(`Subscription '${h.id}' quotas '${JSON.stringify(h.quotas)}`),m.log.debug(`Updating subscription '${h.id}' with meters '${JSON.stringify(r.meters)}`);try{let T=await fetch(`${S}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${_}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});T.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${T.status} - ${T.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${T.status} - ${T.statusText}`))}catch(T){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,T)}}});let o=r_.ContextData.get(t,"zuplo_meters"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o)return a?e:Ja.HttpProblems.tooManyRequests(e,t,{detail:"Subscription is not available for user",title:"Quota Exceeded"});if(o&&Object.keys(o.quotas).length===0)return Ja.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)return Ja.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${l.join(", ")}`,title:"Quota Exceeded"});for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return Ja.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");za.MeteringInboundPolicy=LO});var s_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.MockApiInboundPolicy=void 0;var DO=te(),UO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Fp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Fp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return o_(a[c])}else return a.length>0?o_(a[0]):Fp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Wa.MockApiInboundPolicy=UO;function o_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(o_,"generateResponse");var Fp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return DO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var d_=y(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.MoesifInboundPolicy=qn.setMoesifContext=void 0;var kO=A(),MO=ve(),HO="Incoming",FO={logRequestBody:!0,logResponseBody:!0};function a_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(a_,"headersToObject");function c_(){return new Date().toISOString()}s(c_,"timestamp");var qp=new WeakMap,qO={};function $O(e,t){let r=qp.get(e);r||(r=qO);let n=Object.assign({...r},t);qp.set(e,n)}s($O,"setMoesifContext");qn.setMoesifContext=$O;async function u_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(u_,"readBody");var jO={},$p;function l_(){if(!$p)throw new kO.RuntimeError("Invalid State - no _lastLogger");return $p}s(l_,"getLastLogger");function VO(e){let t=jO[e];return t||(t=new MO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);l_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||l_().error({status:i.status,body:await i.text()})})),t}s(VO,"getDispatcher");async function GO(e,t,r,n){$p=t.log;let i=c_(),o=Object.assign(FO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await u_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=VO(o.applicationId),d=e.headers.get("true-client-ip"),p=qp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:a_(e.headers)},h=o.logResponseBody?await u_(c,t):void 0,g={time:c_(),status:c.status,headers:a_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:HO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(GO,"MoesifInboundPolicy");qn.MoesifInboundPolicy=GO});var p_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.OktaJwtInboundPolicy=void 0;var BO=jt(),KO=s(async(e,t,r,n)=>(0,BO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Qa.OktaJwtInboundPolicy=KO});var h_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.PropelAuthJwtInboundPolicy=void 0;var JO=(Rs(),oo(As)),zO=jt(),jp,WO=s(async(e,t,r,n)=>{if(!jp)try{jp=await(0,JO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,zO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:jp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ya.PropelAuthJwtInboundPolicy=WO});var f_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=gt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Li=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Li;var Di=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Di;function QO(e,t){if((0,je.isUndefined)(e))throw new Li(t)}s(QO,"throwIfUndefined");V.throwIfUndefined=QO;function Vp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Li(t)}s(Vp,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Vp;function YO(e,t){if(Vp(e,t),!(0,je.isString)(e))throw new Di(t,"string")}s(YO,"throwIfNotString");V.throwIfNotString=YO;function ZO(e,t){if(Vp(e,t),!(0,je.isNumber)(e))throw new Di(t,"number")}s(ZO,"throwIfNotNumber");V.throwIfNotNumber=ZO;var Ui=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Ui;var $n=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=$n;function XO(e,t,r,n){if((0,je.isUndefined)(n))throw new Ui(e,t,r)}s(XO,"throwIfOptionUndefined");V.throwIfOptionUndefined=XO;function Za(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Ui(e,t,r)}s(Za,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=Za;function eN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isString)(n))throw new $n(e,t,r,"string")}s(eN,"throwIfOptionNotString");V.throwIfOptionNotString=eN;function tN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isNumber)(n))throw new $n(e,t,r,"number")}s(tN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=tN;function rN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isObject)(n))throw new $n(e,t,r,"object")}s(rN,"throwIfOptionNotObject");V.throwIfOptionNotObject=rN;function nN(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(nN,"throwIfStateUndefined");V.throwIfStateUndefined=nN;function Xa(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Xa,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=Xa;function iN(e,t){if(Xa(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(iN,"throwIfStateNotString");V.throwIfStateNotString=iN;function oN(e,t){if(Xa(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(oN,"throwIfStateNotNumber");V.throwIfStateNotNumber=oN;function sN(e,t){if(Xa(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(sN,"throwIfStateNotObject");V.throwIfStateNotObject=sN});var m_=y(jn=>{"use strict";Object.defineProperty(jn,"__esModule",{value:!0});jn.InMemoryRedisClient=jn.StandardRedisClient=void 0;var Gp=A(),ec=f_(),Bp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,ec.throwIfNotString)(t,"redisClientUrl"),(0,ec.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,ec.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Gp.SystemError("Redis client failed with 401: Unauthorized"):new Gp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};jn.StandardRedisClient=Bp;var Kp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,ec.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Gp.SystemError("The in-memory redis client only supports /rate-limit calls")}};jn.InMemoryRedisClient=Kp});var E_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.RateLimitInboundPolicy=void 0;var aN=Ir(),cN=$t(),uN=oi(),At=A(),lN=te(),y_=He(),ki=W(),g_=m_(),b_=gt(),tc=(0,aN.debug)("zuplo:policies:RateLimitInboundPolicy"),dN="strict",pN=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),hN=s(async e=>({key:`ip-${pN(e)}`}),"getIP"),fN=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),mN=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),rc;function yN(e,t){let r;if(rc)return rc;if(ki.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new g_.InMemoryRedisClient,rc=r,r;let{authApiJWT:n,redisURL:i}=ki.Environment.instance;if(!(0,b_.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,b_.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=g_.StandardRedisClient.initialize(i,n,ki.Environment.instance.deploymentName??"unknown",ki.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return rc=r,r}s(yN,"getRedisClient");async function __(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(__,"getCountAndUpdateExpiry");function gN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(gN,"wrapUserFunction");var bN="Retry-After",_N=s(async(e,t,r,n)=>{let i=Date.now(),o=y_.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[bN]=l.toString()),lN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:gN(r,n),user:fN,ip:hN,all:mN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=yN(n,o),T=`bucket/${ki.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??dN)==="async"){let L=await(0,cN.getPolicyCacheName)(n,r),ne=new uN.ZoneCache(L,{logger:y_.SystemLogMap.getLogger(t)}),ie=__(T,h,_,o,t.requestId),me=await ne.get(T);if(me!==void 0&&me<=Date.now()){tc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,M=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ie;if(Ce.count>m){let mu=Date.now()+Ce.ttlSeconds*1e3,nw=ne.put(T,mu,Ce.ttlSeconds).catch(Lh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:Lh})),Lh});return t.waitUntil(nw),tc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,Ce.ttlSeconds)}return M})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await __(T,h,_,o,t.requestId);return K.count>m?(tc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;tc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");nc.RateLimitInboundPolicy=_N});var T_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ReadmeMetricsInboundPolicy=void 0;var EN=ve(),Jp=W(),w_=Wr(),zp;function v_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(v_,"headersToNameValuePairs");function wN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(wN,"queryToNameValueParis");function vN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(vN,"parseIntOrUndefined");var S_={};async function SN(e,t,r,n){let i=new Date,o=Date.now();return zp||(zp={name:"zuplo",version:Jp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Jp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,w_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,w_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Jp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:zp,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:v_(e.headers),queryString:wN(e.query)},response:{status:a.status,statusText:a.statusText,headers:v_(a.headers),content:{size:vN(e.headers.get("content-length"))}}}]}}},d=S_[r.apiKey];if(!d){let p=r.apiKey;d=new EN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),S_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(SN,"ReadmeMetricsInboundPolicy");ic.ReadmeMetricsInboundPolicy=SN});var I_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RemoveHeadersInboundPolicy=void 0;var TN=A(),IN=Me(),PN=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new TN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new IN.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");oc.RemoveHeadersInboundPolicy=PN});var P_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RemoveHeadersOutboundPolicy=void 0;var AN=A(),RN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new AN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");sc.RemoveHeadersOutboundPolicy=RN});var A_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.RemoveQueryParamsInboundPolicy=void 0;var ON=A(),NN=Me(),xN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new ON.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new NN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");ac.RemoveQueryParamsInboundPolicy=xN});var R_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.ReplaceStringOutboundPolicy=void 0;var CN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");cc.ReplaceStringOutboundPolicy=CN});var N_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RequestSizeLimitInboundPolicy=void 0;var O_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),LN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?O_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?O_():e},"RequestSizeLimitInboundPolicy");uc.RequestSizeLimitInboundPolicy=LN});var lc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function DN(e,t,r){return`_${Fr(e+"_"+t+"_"+r)}`}s(DN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=DN;function UN(e,t,r,n){return`_${Fr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(UN,"getIdForParameterSchema");tt.getIdForParameterSchema=UN;function kN(e,t,r){return`_${Fr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Fr(r.toLowerCase())}`}s(kN,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=kN;function MN(e,t){return`_${Fr(e)}__${Fr(t)}`}s(MN,"getIdForRefSchema");tt.getIdForRefSchema=MN;function Fr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Fr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Fr});var Mi=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var HN=Pr(),FN=lc(),qN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=qN;var $N=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,FN.getIdForParameterSchema)(r,n,i,u.name),p=HN.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=$N;var jN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=jN;var VN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=VN;var GN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=GN;var BN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=BN});var x_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.handleBodyValidation=void 0;var KN=Pr(),dc=te(),JN=lc(),Je=Mi();async function zN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=dc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=dc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,JN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=KN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=dc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=dc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(zN,"handleBodyValidation");pc.handleBodyValidation=zN});var C_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.handleHeadersValidation=void 0;var WN=te(),Hi=Mi();function QN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Hi.getParametersForOperation)(e),o=(0,Hi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=WN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Hi.shouldLog)(r.validateHeaders)&&(0,Hi.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Hi.shouldReject)(r.validateHeaders))return c}}s(QN,"handleHeadersValidation");hc.handleHeadersValidation=QN});var L_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.handlePathParameterValidation=void 0;var YN=te(),Fi=Mi();function ZN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=YN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validatePathParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validatePathParameters))return a}}s(ZN,"handlePathParameterValidation");fc.handlePathParameterValidation=ZN});var D_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.handleQueryParameterValidation=void 0;var XN=te(),qi=Mi();function ex(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,qi.getParametersForOperation)(e),i=(0,qi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=XN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,qi.shouldLog)(r.validateQueryParameters)&&(0,qi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,qi.shouldReject)(r.validateQueryParameters))return a}}s(ex,"handleQueryParameterValidation");mc.handleQueryParameterValidation=ex});var U_=y(qr=>{"use strict";Object.defineProperty(qr,"__esModule",{value:!0});qr.SchemaBasedRequestValidation=qr.RequestValidationInboundPolicy=void 0;var tx=x_(),rx=C_(),nx=L_(),ix=D_(),ox=s(async(e,t,r)=>{let n=(0,ix.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,nx.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,rx.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,tx.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");qr.RequestValidationInboundPolicy=ox;qr.SchemaBasedRequestValidation=qr.RequestValidationInboundPolicy});var k_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.RequireOriginInboundPolicy=void 0;var sx=A(),ax=te(),cx=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new sx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return ax.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");yc.RequireOriginInboundPolicy=cx});var M_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.SetBodyInboundPolicy=void 0;var ux=Me(),lx=s(async(e,t,r)=>new ux.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");gc.SetBodyInboundPolicy=lx});var F_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.SetHeadersInboundPolicy=void 0;var H_=A(),dx=Me(),px=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new H_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new H_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new dx.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");bc.SetHeadersInboundPolicy=px});var $_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.SetHeadersOutboundPolicy=void 0;var q_=A(),hx=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new q_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new q_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");_c.SetHeadersOutboundPolicy=hx});var V_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.SetQueryParamsInboundPolicy=void 0;var j_=A(),fx=Me(),mx=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new j_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new j_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new fx.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");Ec.SetQueryParamsInboundPolicy=mx});var G_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.SetStatusOutboundPolicy=void 0;var yx=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");wc.SetStatusOutboundPolicy=yx});var B_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.SleepInboundPolicy=void 0;var gx=A(),bx=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),_x=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new gx.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await bx(r.sleepInMs),e},"SleepInboundPolicy");vc.SleepInboundPolicy=_x});var J_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SupabaseJwtInboundPolicy=void 0;var K_=A(),Ex=te(),wx=Me(),vx=qt(),Sx=jt(),Tx=s(async(e,t,r,n)=>{(0,vx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,Sx.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof wx.ZuploRequest))throw new K_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new K_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?Ex.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");Sc.SupabaseJwtInboundPolicy=Tx});var W_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Ix=$t(),Px=Kt(),z_=A(),Ax=mn(),Rx=qt(),Ox=s(async(e,t,r,n)=>{(0,Rx.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Ix.getPolicyCacheName)(n,r),o=new Px.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await Nx(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Tc.UpstreamAzureAdServiceAuthInboundPolicy=Ox;async function Nx(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Ax.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new z_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new z_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(Nx,"getAccessToken")});var Y_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var xx=$t(),Cx=Kt(),Lx=A(),Wp=yn(),Dx=qt(),Q_="https://accounts.google.com/o/oauth2/token",Qp,Ux=s(async(e,t,r,n)=>{(0,Dx.optionValidator)(r,n).required("serviceAccountJson","string"),Qp||(Qp=await Wp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,xx.getPolicyCacheName)(n,r),a=new Cx.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Wp.getTokenFromGcpServiceAccount)({serviceAccount:Qp,audience:Q_,payload:i}),l=await(0,Wp.exchangeGgpJwtForIdToken)(Q_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new Lx.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Ic.UpstreamFirebaseAdminAuthInboundPolicy=Ux});var Z_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var kx=$t(),Mx=Kt(),Vn=A(),Hx=Cp(),Yp=yn(),Fx=Wr(),qx=qt(),$x="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",jx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Zp,Vx=s(async(e,t,r,n)=>{if((0,qx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Vn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(jx.indexOf(p)!==-1)throw new Vn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Zp||(Zp=await Yp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Vn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Vn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,Fx.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Vn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,kx.getPolicyCacheName)(n,r),c=new Mx.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,Hx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Yp.getTokenFromGcpServiceAccount)({serviceAccount:Zp,audience:$x,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Yp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Vn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Pc.UpstreamFirebaseUserAuthInboundPolicy=Vx});var eE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.UpstreamGcpJwtInboundPolicy=void 0;var X_=yn(),Gx=qt(),Xp,Bx=s(async(e,t,r,n)=>{(0,Gx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Xp||(Xp=await X_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,X_.getTokenFromGcpServiceAccount)({serviceAccount:Xp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Ac.UpstreamGcpJwtInboundPolicy=Bx});var rE=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.UpstreamGcpServiceAuthInboundPolicy=void 0;var Kx=$t(),Jx=vu(),zx=Kt(),$i=A(),eh=yn(),Wx=Wr(),Qx=qt(),tE="https://www.googleapis.com/oauth2/v4/token",th,Yx=s(async(e,t,r,n)=>{(0,Qx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),th||(th=await eh.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new $i.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,Wx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof $i.ConfigurationError?new $i.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let o=await(0,Kx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new Jx.MemoryCache(o):a=new zx.MemoryZoneReadThroughCache(o,t);let c=await a.get(n);if(!c){let u=await(0,eh.getTokenFromGcpServiceAccount)({serviceAccount:th,audience:tE,payload:i}),l=await(0,eh.exchangeGgpJwtForIdToken)(tE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new $i.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new $i.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Rc.UpstreamGcpServiceAuthInboundPolicy=Yx});var iE=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.ValidateJsonSchemaInbound=void 0;var Zx=A(),nE=te(),Xx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return nE.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new Zx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return nE.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Oc.ValidateJsonSchemaInbound=Xx});var oE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.ServiceProviderImpl=void 0;var eC=A(),rh=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new eC.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Nc.ServiceProviderImpl=rh});var gE=y(f=>{"use strict";var tC=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),nh=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&tC(t,e,r)},rC=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MeteringInboundPolicy=f.LoadSubscriptionInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=void 0;Fh();var nC=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return nC.MemoryZoneReadThroughCache}});var iC=oi();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return iC.ZoneCache}});var sE=Ar();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return sE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return sE.ResponseSentEvent}});var oC=Js();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return oC.ContextData}});var ih=_n();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return ih.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return ih.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return ih.isZuploReadableEnvVariableName}});var aE=A();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return aE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return aE.RuntimeError}});var sC=kd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return sC.originalFetch}});var cE=fg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return cE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return cE.purgeGatewayCache}});var uE=xg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return uE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return uE.awsLambdaHandler}});var aC=Lg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return aC.openApiSpecHandler}});var cC=Dg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return cC.redirectHandler}});var uC=kg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return uC.urlForwardHandler}});var lC=Hg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return lC.urlRewriteHandler}});var dC=qg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return dC.webSocketHandler}});var pC=Vg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return pC.webSocketPipelineHandler}});var hC=Ju();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return hC.HttpStatusCode}});nh(Yg(),f);nh(eb(),f);var fC=tb();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return fC.AuditLogDataStaxProvider}});var mC=nb();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return mC.AuditLogPlugin}});nh(Pb(),f);var lE=xb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return lE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return lE.AmberfloMeteringPolicy}});var yC=kb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return yC.ApiAuthKeyInboundPolicy}});var gC=Up();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return gC.ApiKeyInboundPolicy}});var bC=Mb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return bC.Auth0JwtInboundPolicy}});var _C=Hb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return _C.BasicAuthInboundPolicy}});var EC=Fb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return EC.CachingInboundPolicy}});var wC=qb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return wC.ChangeMethodInboundPolicy}});var vC=$b();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return vC.ClearHeadersInboundPolicy}});var SC=jb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return SC.ClearHeadersOutboundPolicy}});var TC=Vb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return TC.ClerkJwtInboundPolicy}});var IC=Bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return IC.CognitoJwtInboundPolicy}});var PC=Jb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return PC.CompositeInboundPolicy}});var AC=zb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return AC.CurityPhantomTokenInboundPolicy}});var RC=Wb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return RC.FirebaseJwtInboundPolicy}});var OC=Qb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return OC.FormDataToJsonInboundPolicy}});var NC=Yb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return NC.GeoFilterInboundPolicy}});var xC=Zb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return xC.JWTScopeValidationInboundPolicy}});var CC=t_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return CC.LoadSubscriptionInboundPolicy}});var LC=i_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return LC.MeteringInboundPolicy}});var DC=s_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return DC.MockApiInboundPolicy}});var dE=d_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return dE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return dE.setMoesifContext}});var UC=p_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return UC.OktaJwtInboundPolicy}});var kC=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return kC.OpenIdJwtInboundPolicy}});var MC=h_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return MC.PropelAuthJwtInboundPolicy}});var pE=E_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return pE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return pE.RateLimitInboundPolicy}});var HC=T_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return HC.ReadmeMetricsInboundPolicy}});var FC=I_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return FC.RemoveHeadersInboundPolicy}});var qC=P_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return qC.RemoveHeadersOutboundPolicy}});var $C=A_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return $C.RemoveQueryParamsInboundPolicy}});var jC=R_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return jC.ReplaceStringOutboundPolicy}});var VC=N_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return VC.RequestSizeLimitInboundPolicy}});var hE=U_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return hE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return hE.SchemaBasedRequestValidation}});var GC=k_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return GC.RequireOriginInboundPolicy}});var BC=M_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return BC.SetBodyInboundPolicy}});var KC=F_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return KC.SetHeadersInboundPolicy}});var JC=$_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return JC.SetHeadersOutboundPolicy}});var zC=V_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return zC.SetQueryParamsInboundPolicy}});var WC=G_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return WC.SetStatusOutboundPolicy}});var QC=B_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return QC.SleepInboundPolicy}});var YC=gp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return YC.StripeWebhookVerificationInboundPolicy}});var ZC=J_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return ZC.SupabaseJwtInboundPolicy}});var XC=W_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return XC.UpstreamAzureAdServiceAuthInboundPolicy}});var eL=Y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return eL.UpstreamFirebaseAdminAuthInboundPolicy}});var tL=Z_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return tL.UpstreamFirebaseUserAuthInboundPolicy}});var rL=eE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return rL.UpstreamGcpJwtInboundPolicy}});var nL=rE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return nL.UpstreamGcpServiceAuthInboundPolicy}});var iL=iE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return iL.ValidateJsonSchemaInbound}});var oL=te();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return oL.HttpProblems}});var sL=_o();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return sL.ProblemResponseFormatter}});var aL=Me();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return aL.ZuploRequest}});var cL=Or();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return cL.SystemRouteName}});var fE=Pd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return fE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return fE.Router}});var mE=Mu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return mE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return mE.serialize}});var uL=oE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return uL.ServiceProviderImpl}});var yE=sl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return yE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return yE.SYSTEM_LOGGER}});var lL=Wu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return rC(lL).default}});var dL=He();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return dL.SystemLogMap}});var ji=lc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return ji.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return ji.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return ji.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return ji.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return ji.sanitizedIdentifierName}})});var bE=y(Gn=>{"use strict";Object.defineProperty(Gn,"__esModule",{value:!0});Gn.BaseCryptoBeta=Gn.supportedDigests=void 0;Gn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var oh=class{static{s(this,"BaseCryptoBeta")}};Gn.BaseCryptoBeta=oh});var _E=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.WorkerCryptoBeta=void 0;var sh=bE(),pL=A(),ah=class extends sh.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!sh.supportedDigests.includes(t.toLowerCase()))throw new pL.RuntimeError(`Algorithm ${t} is not supported. Try using ${sh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};xc.WorkerCryptoBeta=ah});var EE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.BaseKeyValueStore=void 0;var ch=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Cc.BaseKeyValueStore=ch});var vE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.WorkerKeyValueStore=void 0;var wE=A(),hL=EE(),uh=class extends hL.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new wE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new wE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Lc.WorkerKeyValueStore=uh});var Dt=y(lt=>{"use strict";var fL=lt&&lt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),mL=lt&&lt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&fL(t,e,r)};Object.defineProperty(lt,"__esModule",{value:!0});lt.KeyValueStore=lt.CryptoBeta=void 0;mL(gE(),lt);var yL=_E();Object.defineProperty(lt,"CryptoBeta",{enumerable:!0,get:function(){return yL.WorkerCryptoBeta}});var gL=vE();Object.defineProperty(lt,"KeyValueStore",{enumerable:!0,get:function(){return gL.WorkerKeyValueStore}})});var TD={};io(TD,{GraphQLComplexityLimitInboundPolicy:()=>ew,GraphQLDisableIntrospectionInboundPolicy:()=>rw});module.exports=oo(TD);var ri=Uh(Dt());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var bL=/\r\n|[\n\r]/g;function Bn(e,t){let r=0,n=1;for(let i of e.body.matchAll(bL)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(Bn,"getLocation");function lh(e){return Dc(e.source,Bn(e.source,e.start))}s(lh,"printLocation");function Dc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
74
+ `+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Hr.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(jR,"validateComputedSignature");function VR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(VR,"parseHeader");function GR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(GR,"secureCompare");async function ob(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=yp[o[c]];return a.join("")}s(ob,"computeHMACSignatureAsync");Ln.computeHMACSignatureAsync=ob;var yp=new Array(256);for(let e=0;e<yp.length;e++)yp[e]=e.toString(16).padStart(2,"0")});var qt=y(ma=>{"use strict";Object.defineProperty(ma,"__esModule",{value:!0});ma.optionValidator=void 0;var xi=A();function BR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(BR,"optionValidator");ma.optionValidator=BR});var gp=y(ya=>{"use strict";Object.defineProperty(ya,"__esModule",{value:!0});ya.StripeWebhookVerificationInboundPolicy=void 0;var KR=te(),JR=sb(),zR=qt(),WR=s(async(e,t,r,n)=>{(0,zR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,JR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),KR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");ya.StripeWebhookVerificationInboundPolicy=WR});var cb=y(ga=>{"use strict";Object.defineProperty(ga,"__esModule",{value:!0});ga.isStripeWebhookEvent=void 0;var ab=gt();function QR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,ab.isString)(e.id)&&"type"in e&&(0,ab.isString)(e.type)}s(QR,"isStripeWebhookEvent");ga.isStripeWebhookEvent=QR});var ub=y(ba=>{"use strict";Object.defineProperty(ba,"__esModule",{value:!0});ba.MeteringPlugin=void 0;var YR=yt(),bp=class extends YR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};ba.MeteringPlugin=bp});var db=y(_p=>{"use strict";Object.defineProperty(_p,"__esModule",{value:!0});var lb=A(),ZR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new lb.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new lb.RuntimeError(o)}return i}};_p.default=ZR});var gb=y(Dn=>{"use strict";Object.defineProperty(Dn,"__esModule",{value:!0});Dn.createConsumerInvite=Dn.createConsumer=void 0;var pb=A(),hb=He(),fb=W(),mb=mn(),yb="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function XR({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=fb.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,yb);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},p=await(0,mb.fetchRetry)({retryDelayMs:5,retries:2,logger:hb.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new pb.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}s(XR,"createConsumer");Dn.createConsumer=XR;async function e0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:o}){let{authApiJWT:a}=fb.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,yb);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,mb.fetchRetry)({retryDelayMs:5,retries:2,logger:hb.SystemLogMap.getLogger(o)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw o.log.error(m,p),new pb.RuntimeError(m)}return o.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}s(e0,"createConsumerInvite");Dn.createConsumerInvite=e0});var _a=y(gr=>{"use strict";Object.defineProperty(gr,"__esModule",{value:!0});gr.getSubscription=gr.updateSubscription=gr.createSubscription=void 0;var yr=A(),Ep=He(),wp=W(),vp=mn(),Sp=gt();async function t0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:o,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:o,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(l))throw new yr.SystemError("No Zuplo JWT token set.");let p=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new yr.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(t0,"createSubscription");gr.createSubscription=t0;async function r0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:o}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(i))throw new yr.SystemError("No Zuplo JWT token set.");let a=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new yr.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}s(r0,"updateSubscription");gr.updateSubscription=r0;async function n0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:o}=wp.Environment.instance;if(!(0,Sp.isNonEmptyString)(i))throw new yr.SystemError("No Zuplo JWT token set.");let a=await(0,vp.fetchRetry)({retryDelayMs:5,retries:2,logger:Ep.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new yr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new yr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new yr.RuntimeError(u)}return c.data[0]}s(n0,"getSubscription");gr.getSubscription=n0});var Tp=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.stripeStatusToMeteringStatus=void 0;function i0(e){return e.replaceAll("_","-")}s(i0,"stripeStatusToMeteringStatus");Ea.stripeStatusToMeteringStatus=i0});var _b=y(Ci=>{"use strict";var o0=Ci&&Ci.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Ci,"__esModule",{value:!0});var wa=A(),Ip=te(),s0=o0(db()),bb=gb(),a0=_a(),c0=Tp();async function u0(e,t,r,n){let i=r.data.object.id;if(!i)throw new wa.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.plan;if(!o||!o.product)throw new wa.RuntimeError("Invalid Stripe API result. Expected event to have a plan data.");let a=r.data.object.customer;if(!a)throw new wa.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");let c=o.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,bb.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await s0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)throw new wa.RuntimeError("Invalid Stripe API result. Expected customer to contain email address.");u=await(0,bb.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return Ip.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,c0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,a0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return Ip.HttpProblems.internalServerError(e,t,{detail:l.message})}return Ip.HttpProblems.ok(e,t)}s(u0,"onCustomerSubscriptionCreated");Ci.default=u0});var vb=y(Pp=>{"use strict";Object.defineProperty(Pp,"__esModule",{value:!0});var Eb=A(),l0=te(),wb=_a();async function d0(e,t,r,n){let i=r.data.object.id;if(!i)throw new Eb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.customer;if(!o)throw new Eb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");let a=await(0,wb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,wb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),l0.HttpProblems.ok(e,t)}s(d0,"onCustomerSubscriptionDeleted");Pp.default=d0});var Tb=y(Rp=>{"use strict";Object.defineProperty(Rp,"__esModule",{value:!0});var Sb=A(),Ap=te(),va=_a(),p0=Tp();async function h0(e,t,r,n){let i=r.data.object.id;if(!i)throw new Sb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID.");let o=r.data.object.customer;if(!o)throw new Sb.RuntimeError("Invalid Stripe webhook event. Expected '.data.object.customer' to be provided");if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,va.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId}),u=(0,p0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,va.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Ap.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,va.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,va.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),Ap.HttpProblems.ok(e,t)}}return Ap.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}s(h0,"onCustomerSubscriptionUpdated");Rp.default=h0});var Pb=y(Un=>{"use strict";var Np=Un&&Un.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Un,"__esModule",{value:!0});Un.StripeMeteringPlugin=void 0;var Sa=_n(),Ta=A(),f0=Lt(),m0=gp(),Ib=te(),y0=Qt(),g0=Yr(),b0=Ku(),_0=ot(),E0=W(),w0=cb(),v0=ub(),S0=Np(_b()),T0=Np(vb()),I0=Np(Tb()),Op=class extends v0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Sa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Sa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ta.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Sa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Sa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Ta.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!E0.Environment.instance.build.ACCOUNT_NAME)throw new Ta.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!P0(p))throw new Ta.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,w0.isStripeWebhookEvent)(m))return Ib.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,S0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,I0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,T0.default)(c,u,m,{meteringBucketId:l});default:return Ib.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,g0.createInternalPolicyProcessor)({inboundPolicies:[{handler:m0.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new f0.Pipeline({processors:[y0.metricsProcessor,i],handler:n,gateway:r}),a=new _0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:b0.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Un.StripeMeteringPlugin=Op;function P0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(P0,"isMetricsRegion")});var xb=y(kn=>{"use strict";Object.defineProperty(kn,"__esModule",{value:!0});kn.AmberfloMeteringInboundPolicy=kn.AmberfloMeteringPolicy=void 0;var Ab=A(),A0=ve(),Rb=Wr(),Nb=new WeakMap,Ob={},xp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Nb.set(t,r)}};kn.AmberfloMeteringPolicy=xp;async function R0(e,t,r,n){if(!r.statusCodes)throw new Ab.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Rb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Ab.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Rb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Ob[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new A0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Ob[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(R0,"AmberfloMeteringInboundPolicy");kn.AmberfloMeteringInboundPolicy=R0});var Cp=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.sha256=void 0;async function O0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(O0,"sha256");Ia.sha256=O0});var $t=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.getPolicyCacheName=void 0;var N0=Cp(),Cb=new Map;async function x0(e,t){let r,n=Cb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,N0.sha256)(JSON.stringify({policyName:e,options:t}))}`,Cb.set(e,r)),r}s(x0,"getPolicyCacheName");Pa.getPolicyCacheName=x0});var Up=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.ApiKeyInboundPolicy=void 0;var C0=$t(),L0=Kt(),Lb=_n(),Lp=A(),D0=Dt(),Db=He(),Dp=W(),U0=mn(),Ub="key-metadata-cache-type";function k0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(k0,"getKeyValue");async function M0(e,t,r,n){if(!r.bucketName)if(Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Lp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Lp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(S=>i.allowUnauthenticatedRequests?e:D0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=k0(a,i);if(!c||c==="")return o("No key present");let u=await H0(c),l=await(0,C0.getPolicyCacheName)(n,i),d=new L0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Ub&&Db.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,U0.fetchRetry)({retryDelayMs:5,retries:2,logger:Db.SystemLogMap.getLogger(t)},`${Dp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":Dp.Environment.instance.deploymentName??"unknown","User-Agent":Dp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new Lp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Ub,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(M0,"ApiKeyInboundPolicy");Aa.ApiKeyInboundPolicy=M0;async function H0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(H0,"hashValue")});var kb=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.ApiAuthKeyInboundPolicy=void 0;var F0=Up();Ra.ApiAuthKeyInboundPolicy=F0.ApiKeyInboundPolicy});var jt=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.OpenIdJwtInboundPolicy=void 0;var Mp=(Rs(),oo(As)),Hp=A(),q0=te(),kp={},$0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Hp.ConfigurationError("Invalid State - jwkUrl not set");kp[t.jwkUrl]||(kp[t.jwkUrl]=(0,Mp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Mp.jwtVerify)(e,kp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),j0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Mp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),V0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>q0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Hp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Hp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?$0:j0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Oa.OpenIdJwtInboundPolicy=V0});var Mb=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.Auth0JwtInboundPolicy=void 0;var G0=jt(),B0=s(async(e,t,r,n)=>(0,G0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Na.Auth0JwtInboundPolicy=B0});var Hb=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.BasicAuthInboundPolicy=void 0;var K0=te(),J0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>K0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");xa.BasicAuthInboundPolicy=J0});var Fb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.CachingInboundPolicy=void 0;var z0=$t(),W0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Q0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(Q0,"digestMessage");var Y0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await Q0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function Z0(e,t,r,n){let i=await(0,z0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await Y0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);W0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(Z0,"CachingInboundPolicy");Ca.CachingInboundPolicy=Z0});var qb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.ChangeMethodInboundPolicy=void 0;var X0=A(),eO=Me(),tO=s(async(e,t,r,n)=>{if(!r.method)throw new X0.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new eO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");La.ChangeMethodInboundPolicy=tO});var $b=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.ClearHeadersInboundPolicy=void 0;var rO=Me(),nO=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new rO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Da.ClearHeadersInboundPolicy=nO});var jb=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.ClearHeadersOutboundPolicy=void 0;var iO=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ua.ClearHeadersOutboundPolicy=iO});var Vb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ClerkJwtInboundPolicy=void 0;var oO=jt(),sO=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,oO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");ka.ClerkJwtInboundPolicy=sO});var Bb=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.CognitoJwtInboundPolicy=void 0;var Gb=A(),aO=jt(),cO=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,aO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ma.CognitoJwtInboundPolicy=cO});var Jb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.CompositeInboundPolicy=void 0;var uO=A(),lO=Pr(),Kb=Yr(),dO=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new uO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=lO.Gateway.instance,o=(0,Kb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Kb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");Ha.CompositeInboundPolicy=dO});var zb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CurityPhantomTokenInboundPolicy=void 0;var pO=$t(),hO=Kt(),Fa=te(),fO=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Fa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=mO(i);if(!o)return Fa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,pO.getPolicyCacheName)(n,r),c=new hO.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Fa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Fa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");qa.CurityPhantomTokenInboundPolicy=fO;function mO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(mO,"getToken")});var Wb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.FirebaseJwtInboundPolicy=void 0;var yO=qt(),gO=jt(),bO=s(async(e,t,r,n)=>((0,yO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,gO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");$a.FirebaseJwtInboundPolicy=bO});var Qb=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.FormDataToJsonInboundPolicy=void 0;var _O=Me(),EO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new _O.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");ja.FormDataToJsonInboundPolicy=EO});var Yb=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.GeoFilterInboundPolicy=void 0;var wO=A(),vO=te(),Mn="__unknown__",SO=s(async(e,t,r,n)=>{let i={allow:{countries:Fn(r.allow?.countries,"allow.countries",n),regionCodes:Fn(r.allow?.regionCodes,"allow.regionCode",n),asns:Fn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Fn(r.block?.countries,"block.countries",n),regionCodes:Fn(r.block?.regionCodes,"block.regionCode",n),asns:Fn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Mn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Mn,c=t.incomingRequestProperties.asn?.toString()??Mn,u=i.ignoreUnknown&&o===Mn,l=i.ignoreUnknown&&a===Mn,d=i.ignoreUnknown&&c===Mn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Hn(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Hn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Va.GeoFilterInboundPolicy=SO;function Hn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),vO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(Hn,"blockedResponse");function Fn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new wO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s(Fn,"toLowerStringArray")});var Zb=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.JWTScopeValidationInboundPolicy=void 0;var TO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ga.JWTScopeValidationInboundPolicy=TO});var t_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.LoadSubscriptionInboundPolicy=void 0;var IO=oi(),PO=Js(),Xb=_n(),AO=A(),Ba=te(),e_=He(),RO=W(),OO=s(async(e,t,r,n)=>{let i=e_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1,a=r.allowedSubscriptionStatuses&&r.allowedSubscriptionStatuses.length>0?r.allowedSubscriptionStatuses:["active","incomplete","trialing"],c=e.user;if(!c)return o?e:Ba.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new AO.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:u,meteringServiceUrl:l}=RO.Environment.instance,{sub:d}=c,p;try{let h=`${r.bucketId}-${d}`,g=new IO.ZoneCache(h,{logger:e_.SystemLogMap.getLogger(t)}),_=await g.get(h);if(_)p=_,t.log.debug("Loading subscriptions from cache");else{let S=await fetch(`${l}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${d}`,{headers:{Authorization:`Bearer ${u}`,"zp-rid":t.requestId},method:"GET"});if(!S.ok)return t.log.error(await S.text()),Ba.HttpProblems.forbidden(e,t);p=await S.json(),g.put(h,p,15).catch(T=>{throw i.error(T),T})}}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}let m=p&&p.data&&p.data.length>0?p.data[0]:void 0;return m?(t.log.debug(`Loaded subscription '${m.id}' for user sub '${d}`),!a.includes(m.status)&&!o?(t.log.warn(`Subscription '${m.id}' has status '${m.status}' which is not part of the allowed statuses.`),Ba.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"})):(a.includes(m.status)&&(t.log.debug(`Loading subscription '${m.id}' to ContextData`),PO.ContextData.set(t,"zuplo_meters",m)),e)):(t.log.warn("No valid subscription found"),o?e:Ba.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"}))},"LoadSubscriptionInboundPolicy");Ka.LoadSubscriptionInboundPolicy=OO});var i_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.MeteringInboundPolicy=void 0;var r_=Js(),n_=_n(),NO=A(),Ja=te(),xO=He(),CO=W(),LO=s(async(e,t,r,n)=>{let i=xO.SystemLogMap.getLogger(t);t.addResponseSendingFinalHook(async(d,p,m)=>{let h=r_.ContextData.get(m,"zuplo_meters");if((r.allowRequestsWithoutSubscription??!1)&&!h)return;if(!r.bucketId)if(n_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=n_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new NO.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:_,meteringServiceUrl:S}=CO.Environment.instance;if(d.ok&&h&&r.meters){m.log.debug(`Subscription '${h.id}' quotas '${JSON.stringify(h.quotas)}`),m.log.debug(`Updating subscription '${h.id}' with meters '${JSON.stringify(r.meters)}`);try{let T=await fetch(`${S}/internal/v1/metering/${r.bucketId}/subscriptions/${h.id}/quotas/consume`,{headers:{Authorization:`Bearer ${_}`,"zp-rid":m.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});T.ok||(m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${T.status} - ${T.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${T.status} - ${T.statusText}`))}catch(T){m.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,T)}}});let o=r_.ContextData.get(t,"zuplo_meters"),a=r.allowRequestsWithoutSubscription??!1,c=r.allowRequestsOverQuota??!1;if(!o)return a?e:Ja.HttpProblems.tooManyRequests(e,t,{detail:"Subscription is not available for user",title:"Quota Exceeded"});if(o&&Object.keys(o.quotas).length===0)return Ja.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let l=Object.keys(r.meters).filter(d=>!Object.keys(o.quotas).includes(d));if(l.length>0)return Ja.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${l.join(", ")}`,title:"Quota Exceeded"});for(let d of Object.keys(o.quotas))if(o.quotas[d]<=0&&!c)return Ja.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${d}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");za.MeteringInboundPolicy=LO});var s_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.MockApiInboundPolicy=void 0;var DO=te(),UO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Fp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Fp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return o_(a[c])}else return a.length>0?o_(a[0]):Fp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Wa.MockApiInboundPolicy=UO;function o_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(o_,"generateResponse");var Fp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return DO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var d_=y(qn=>{"use strict";Object.defineProperty(qn,"__esModule",{value:!0});qn.MoesifInboundPolicy=qn.setMoesifContext=void 0;var kO=A(),MO=ve(),HO="Incoming",FO={logRequestBody:!0,logResponseBody:!0};function a_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(a_,"headersToObject");function c_(){return new Date().toISOString()}s(c_,"timestamp");var qp=new WeakMap,qO={};function $O(e,t){let r=qp.get(e);r||(r=qO);let n=Object.assign({...r},t);qp.set(e,n)}s($O,"setMoesifContext");qn.setMoesifContext=$O;async function u_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(u_,"readBody");var jO={},$p;function l_(){if(!$p)throw new kO.RuntimeError("Invalid State - no _lastLogger");return $p}s(l_,"getLastLogger");function VO(e){let t=jO[e];return t||(t=new MO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);l_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||l_().error({status:i.status,body:await i.text()})})),t}s(VO,"getDispatcher");async function GO(e,t,r,n){$p=t.log;let i=c_(),o=Object.assign(FO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await u_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=VO(o.applicationId),d=e.headers.get("true-client-ip"),p=qp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:a_(e.headers)},h=o.logResponseBody?await u_(c,t):void 0,g={time:c_(),status:c.status,headers:a_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:HO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(GO,"MoesifInboundPolicy");qn.MoesifInboundPolicy=GO});var p_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.OktaJwtInboundPolicy=void 0;var BO=jt(),KO=s(async(e,t,r,n)=>(0,BO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Qa.OktaJwtInboundPolicy=KO});var h_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.PropelAuthJwtInboundPolicy=void 0;var JO=(Rs(),oo(As)),zO=jt(),jp,WO=s(async(e,t,r,n)=>{if(!jp)try{jp=await(0,JO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,zO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:jp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ya.PropelAuthJwtInboundPolicy=WO});var f_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=gt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Li=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Li;var Di=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Di;function QO(e,t){if((0,je.isUndefined)(e))throw new Li(t)}s(QO,"throwIfUndefined");V.throwIfUndefined=QO;function Vp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Li(t)}s(Vp,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Vp;function YO(e,t){if(Vp(e,t),!(0,je.isString)(e))throw new Di(t,"string")}s(YO,"throwIfNotString");V.throwIfNotString=YO;function ZO(e,t){if(Vp(e,t),!(0,je.isNumber)(e))throw new Di(t,"number")}s(ZO,"throwIfNotNumber");V.throwIfNotNumber=ZO;var Ui=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Ui;var $n=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=$n;function XO(e,t,r,n){if((0,je.isUndefined)(n))throw new Ui(e,t,r)}s(XO,"throwIfOptionUndefined");V.throwIfOptionUndefined=XO;function Za(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Ui(e,t,r)}s(Za,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=Za;function eN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isString)(n))throw new $n(e,t,r,"string")}s(eN,"throwIfOptionNotString");V.throwIfOptionNotString=eN;function tN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isNumber)(n))throw new $n(e,t,r,"number")}s(tN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=tN;function rN(e,t,r,n){if(Za(e,t,r,n),!(0,je.isObject)(n))throw new $n(e,t,r,"object")}s(rN,"throwIfOptionNotObject");V.throwIfOptionNotObject=rN;function nN(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(nN,"throwIfStateUndefined");V.throwIfStateUndefined=nN;function Xa(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(Xa,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=Xa;function iN(e,t){if(Xa(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(iN,"throwIfStateNotString");V.throwIfStateNotString=iN;function oN(e,t){if(Xa(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(oN,"throwIfStateNotNumber");V.throwIfStateNotNumber=oN;function sN(e,t){if(Xa(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(sN,"throwIfStateNotObject");V.throwIfStateNotObject=sN});var m_=y(jn=>{"use strict";Object.defineProperty(jn,"__esModule",{value:!0});jn.InMemoryRedisClient=jn.StandardRedisClient=void 0;var Gp=A(),ec=f_(),Bp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,ec.throwIfNotString)(t,"redisClientUrl"),(0,ec.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,ec.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Gp.SystemError("Redis client failed with 401: Unauthorized"):new Gp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};jn.StandardRedisClient=Bp;var Kp=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,ec.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Gp.SystemError("The in-memory redis client only supports /rate-limit calls")}};jn.InMemoryRedisClient=Kp});var E_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.RateLimitInboundPolicy=void 0;var aN=Ir(),cN=$t(),uN=oi(),At=A(),lN=te(),y_=He(),ki=W(),g_=m_(),b_=gt(),tc=(0,aN.debug)("zuplo:policies:RateLimitInboundPolicy"),dN="strict",pN=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),hN=s(async e=>({key:`ip-${pN(e)}`}),"getIP"),fN=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),mN=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),rc;function yN(e,t){let r;if(rc)return rc;if(ki.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new g_.InMemoryRedisClient,rc=r,r;let{authApiJWT:n,redisURL:i}=ki.Environment.instance;if(!(0,b_.isString)(i))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,b_.isString)(n))throw new At.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=g_.StandardRedisClient.initialize(i,n,ki.Environment.instance.deploymentName??"unknown",ki.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new At.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return rc=r,r}s(yN,"getRedisClient");async function __(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(__,"getCountAndUpdateExpiry");function gN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new At.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new At.RuntimeError(u)}return c},"outerFunction")}s(gN,"wrapUserFunction");var bN="Retry-After",_N=s(async(e,t,r,n)=>{let i=Date.now(),o=y_.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new At.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[bN]=l.toString()),lN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:gN(r,n),user:fN,ip:hN,all:mN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=yN(n,o),T=`bucket/${ki.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??dN)==="async"){let L=await(0,cN.getPolicyCacheName)(n,r),ne=new uN.ZoneCache(L,{logger:y_.SystemLogMap.getLogger(t)}),ie=__(T,h,_,o,t.requestId),me=await ne.get(T);if(me!==void 0&&me<=Date.now()){tc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,M=w.mutableResponse;w.mutableResponse=(async()=>{let Ce=await ie;if(Ce.count>m){let mu=Date.now()+Ce.ttlSeconds*1e3,nw=ne.put(T,mu,Ce.ttlSeconds).catch(Lh=>{throw o.error(new At.SystemError("Error caching rate limit result.",{cause:Lh})),Lh});return t.waitUntil(nw),tc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,Ce.ttlSeconds)}return M})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await __(T,h,_,o,t.requestId);return K.count>m?(tc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;tc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");nc.RateLimitInboundPolicy=_N});var T_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ReadmeMetricsInboundPolicy=void 0;var EN=ve(),Jp=W(),w_=Wr(),zp;function v_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(v_,"headersToNameValuePairs");function wN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(wN,"queryToNameValueParis");function vN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(vN,"parseIntOrUndefined");var S_={};async function SN(e,t,r,n){let i=new Date,o=Date.now();return zp||(zp={name:"zuplo",version:Jp.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Jp.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,w_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,w_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Jp.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:zp,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:v_(e.headers),queryString:wN(e.query)},response:{status:a.status,statusText:a.statusText,headers:v_(a.headers),content:{size:vN(e.headers.get("content-length"))}}}]}}},d=S_[r.apiKey];if(!d){let p=r.apiKey;d=new EN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),S_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(SN,"ReadmeMetricsInboundPolicy");ic.ReadmeMetricsInboundPolicy=SN});var I_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.RemoveHeadersInboundPolicy=void 0;var TN=A(),IN=Me(),PN=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new TN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new IN.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");oc.RemoveHeadersInboundPolicy=PN});var P_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RemoveHeadersOutboundPolicy=void 0;var AN=A(),RN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new AN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");sc.RemoveHeadersOutboundPolicy=RN});var A_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.RemoveQueryParamsInboundPolicy=void 0;var ON=A(),NN=Me(),xN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new ON.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new NN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");ac.RemoveQueryParamsInboundPolicy=xN});var R_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.ReplaceStringOutboundPolicy=void 0;var CN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");cc.ReplaceStringOutboundPolicy=CN});var N_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RequestSizeLimitInboundPolicy=void 0;var O_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),LN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?O_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?O_():e},"RequestSizeLimitInboundPolicy");uc.RequestSizeLimitInboundPolicy=LN});var lc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function DN(e,t,r){return`_${Fr(e+"_"+t+"_"+r)}`}s(DN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=DN;function UN(e,t,r,n){return`_${Fr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(UN,"getIdForParameterSchema");tt.getIdForParameterSchema=UN;function kN(e,t,r){return`_${Fr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Fr(r.toLowerCase())}`}s(kN,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=kN;function MN(e,t){return`_${Fr(e)}__${Fr(t)}`}s(MN,"getIdForRefSchema");tt.getIdForRefSchema=MN;function Fr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Fr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Fr});var Mi=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var HN=Pr(),FN=lc(),qN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=qN;var $N=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,FN.getIdForParameterSchema)(r,n,i,u.name),p=HN.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=$N;var jN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=jN;var VN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=VN;var GN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=GN;var BN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=BN});var x_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.handleBodyValidation=void 0;var KN=Pr(),dc=te(),JN=lc(),Je=Mi();async function zN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=dc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=dc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,JN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=KN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=dc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=dc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(zN,"handleBodyValidation");pc.handleBodyValidation=zN});var C_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.handleHeadersValidation=void 0;var WN=te(),Hi=Mi();function QN(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Hi.getParametersForOperation)(e),o=(0,Hi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=WN.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,Hi.shouldLog)(r.validateHeaders)&&(0,Hi.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,Hi.shouldReject)(r.validateHeaders))return c}}s(QN,"handleHeadersValidation");hc.handleHeadersValidation=QN});var L_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.handlePathParameterValidation=void 0;var YN=te(),Fi=Mi();function ZN(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Fi.getParametersForOperation)(e),i=(0,Fi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=YN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Fi.shouldLog)(r.validatePathParameters)&&(0,Fi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Fi.shouldReject)(r.validatePathParameters))return a}}s(ZN,"handlePathParameterValidation");fc.handlePathParameterValidation=ZN});var D_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.handleQueryParameterValidation=void 0;var XN=te(),qi=Mi();function ex(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,qi.getParametersForOperation)(e),i=(0,qi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=XN.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,qi.shouldLog)(r.validateQueryParameters)&&(0,qi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,qi.shouldReject)(r.validateQueryParameters))return a}}s(ex,"handleQueryParameterValidation");mc.handleQueryParameterValidation=ex});var U_=y(qr=>{"use strict";Object.defineProperty(qr,"__esModule",{value:!0});qr.SchemaBasedRequestValidation=qr.RequestValidationInboundPolicy=void 0;var tx=x_(),rx=C_(),nx=L_(),ix=D_(),ox=s(async(e,t,r)=>{let n=(0,ix.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,nx.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,rx.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,tx.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");qr.RequestValidationInboundPolicy=ox;qr.SchemaBasedRequestValidation=qr.RequestValidationInboundPolicy});var k_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.RequireOriginInboundPolicy=void 0;var sx=A(),ax=te(),cx=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new sx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return ax.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");yc.RequireOriginInboundPolicy=cx});var M_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.SetBodyInboundPolicy=void 0;var ux=Me(),lx=s(async(e,t,r)=>new ux.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");gc.SetBodyInboundPolicy=lx});var F_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.SetHeadersInboundPolicy=void 0;var H_=A(),dx=Me(),px=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new H_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new H_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new dx.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");bc.SetHeadersInboundPolicy=px});var $_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.SetHeadersOutboundPolicy=void 0;var q_=A(),hx=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new q_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new q_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");_c.SetHeadersOutboundPolicy=hx});var V_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.SetQueryParamsInboundPolicy=void 0;var j_=A(),fx=Me(),mx=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new j_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new j_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new fx.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");Ec.SetQueryParamsInboundPolicy=mx});var G_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.SetStatusOutboundPolicy=void 0;var yx=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");wc.SetStatusOutboundPolicy=yx});var B_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.SleepInboundPolicy=void 0;var gx=A(),bx=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),_x=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new gx.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await bx(r.sleepInMs),e},"SleepInboundPolicy");vc.SleepInboundPolicy=_x});var J_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SupabaseJwtInboundPolicy=void 0;var K_=A(),Ex=te(),wx=Me(),vx=qt(),Sx=jt(),Tx=s(async(e,t,r,n)=>{(0,vx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,Sx.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof wx.ZuploRequest))throw new K_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new K_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?Ex.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");Sc.SupabaseJwtInboundPolicy=Tx});var W_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Ix=$t(),Px=Kt(),z_=A(),Ax=mn(),Rx=qt(),Ox=s(async(e,t,r,n)=>{(0,Rx.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Ix.getPolicyCacheName)(n,r),o=new Px.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await Nx(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Tc.UpstreamAzureAdServiceAuthInboundPolicy=Ox;async function Nx(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Ax.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new z_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new z_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(Nx,"getAccessToken")});var Y_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var xx=$t(),Cx=Kt(),Lx=A(),Wp=yn(),Dx=qt(),Q_="https://accounts.google.com/o/oauth2/token",Qp,Ux=s(async(e,t,r,n)=>{(0,Dx.optionValidator)(r,n).required("serviceAccountJson","string"),Qp||(Qp=await Wp.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,xx.getPolicyCacheName)(n,r),a=new Cx.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,Wp.getTokenFromGcpServiceAccount)({serviceAccount:Qp,audience:Q_,payload:i}),l=await(0,Wp.exchangeGgpJwtForIdToken)(Q_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new Lx.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Ic.UpstreamFirebaseAdminAuthInboundPolicy=Ux});var Z_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var kx=$t(),Mx=Kt(),Vn=A(),Hx=Cp(),Yp=yn(),Fx=Wr(),qx=qt(),$x="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",jx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Zp,Vx=s(async(e,t,r,n)=>{if((0,qx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Vn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(jx.indexOf(p)!==-1)throw new Vn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Zp||(Zp=await Yp.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Vn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Vn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,Fx.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Vn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,kx.getPolicyCacheName)(n,r),c=new Mx.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,Hx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Yp.getTokenFromGcpServiceAccount)({serviceAccount:Zp,audience:$x,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Yp.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Vn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Pc.UpstreamFirebaseUserAuthInboundPolicy=Vx});var eE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.UpstreamGcpJwtInboundPolicy=void 0;var X_=yn(),Gx=qt(),Xp,Bx=s(async(e,t,r,n)=>{(0,Gx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Xp||(Xp=await X_.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,X_.getTokenFromGcpServiceAccount)({serviceAccount:Xp,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Ac.UpstreamGcpJwtInboundPolicy=Bx});var rE=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.UpstreamGcpServiceAuthInboundPolicy=void 0;var Kx=$t(),Jx=vu(),zx=Kt(),$i=A(),eh=yn(),Wx=Wr(),Qx=qt(),tE="https://www.googleapis.com/oauth2/v4/token",th,Yx=s(async(e,t,r,n)=>{(0,Qx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),th||(th=await eh.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new $i.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,Wx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof $i.ConfigurationError?new $i.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let o=await(0,Kx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new Jx.MemoryCache(o):a=new zx.MemoryZoneReadThroughCache(o,t);let c=await a.get(n);if(!c){let u=await(0,eh.getTokenFromGcpServiceAccount)({serviceAccount:th,audience:tE,payload:i}),l=await(0,eh.exchangeGgpJwtForIdToken)(tE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new $i.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new $i.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Rc.UpstreamGcpServiceAuthInboundPolicy=Yx});var iE=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.ValidateJsonSchemaInbound=void 0;var Zx=A(),nE=te(),Xx=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return nE.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new Zx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return nE.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Oc.ValidateJsonSchemaInbound=Xx});var oE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.ServiceProviderImpl=void 0;var eC=A(),rh=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new eC.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Nc.ServiceProviderImpl=rh});var gE=y(f=>{"use strict";var tC=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),nh=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&tC(t,e,r)},rC=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MeteringInboundPolicy=f.LoadSubscriptionInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=void 0;Fh();var nC=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return nC.MemoryZoneReadThroughCache}});var iC=oi();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return iC.ZoneCache}});var sE=Ar();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return sE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return sE.ResponseSentEvent}});var oC=Js();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return oC.ContextData}});var ih=_n();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return ih.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return ih.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return ih.isZuploReadableEnvVariableName}});var aE=A();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return aE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return aE.RuntimeError}});var sC=kd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return sC.originalFetch}});var cE=fg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return cE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return cE.purgeGatewayCache}});var uE=xg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return uE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return uE.awsLambdaHandler}});var aC=Lg();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return aC.openApiSpecHandler}});var cC=Dg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return cC.redirectHandler}});var uC=kg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return uC.urlForwardHandler}});var lC=Hg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return lC.urlRewriteHandler}});var dC=qg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return dC.webSocketHandler}});var pC=Vg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return pC.webSocketPipelineHandler}});var hC=Ju();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return hC.HttpStatusCode}});nh(Yg(),f);nh(eb(),f);var fC=tb();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return fC.AuditLogDataStaxProvider}});var mC=nb();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return mC.AuditLogPlugin}});nh(Pb(),f);var lE=xb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return lE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return lE.AmberfloMeteringPolicy}});var yC=kb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return yC.ApiAuthKeyInboundPolicy}});var gC=Up();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return gC.ApiKeyInboundPolicy}});var bC=Mb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return bC.Auth0JwtInboundPolicy}});var _C=Hb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return _C.BasicAuthInboundPolicy}});var EC=Fb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return EC.CachingInboundPolicy}});var wC=qb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return wC.ChangeMethodInboundPolicy}});var vC=$b();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return vC.ClearHeadersInboundPolicy}});var SC=jb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return SC.ClearHeadersOutboundPolicy}});var TC=Vb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return TC.ClerkJwtInboundPolicy}});var IC=Bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return IC.CognitoJwtInboundPolicy}});var PC=Jb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return PC.CompositeInboundPolicy}});var AC=zb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return AC.CurityPhantomTokenInboundPolicy}});var RC=Wb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return RC.FirebaseJwtInboundPolicy}});var OC=Qb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return OC.FormDataToJsonInboundPolicy}});var NC=Yb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return NC.GeoFilterInboundPolicy}});var xC=Zb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return xC.JWTScopeValidationInboundPolicy}});var CC=t_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return CC.LoadSubscriptionInboundPolicy}});var LC=i_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return LC.MeteringInboundPolicy}});var DC=s_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return DC.MockApiInboundPolicy}});var dE=d_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return dE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return dE.setMoesifContext}});var UC=p_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return UC.OktaJwtInboundPolicy}});var kC=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return kC.OpenIdJwtInboundPolicy}});var MC=h_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return MC.PropelAuthJwtInboundPolicy}});var pE=E_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return pE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return pE.RateLimitInboundPolicy}});var HC=T_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return HC.ReadmeMetricsInboundPolicy}});var FC=I_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return FC.RemoveHeadersInboundPolicy}});var qC=P_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return qC.RemoveHeadersOutboundPolicy}});var $C=A_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return $C.RemoveQueryParamsInboundPolicy}});var jC=R_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return jC.ReplaceStringOutboundPolicy}});var VC=N_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return VC.RequestSizeLimitInboundPolicy}});var hE=U_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return hE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return hE.SchemaBasedRequestValidation}});var GC=k_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return GC.RequireOriginInboundPolicy}});var BC=M_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return BC.SetBodyInboundPolicy}});var KC=F_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return KC.SetHeadersInboundPolicy}});var JC=$_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return JC.SetHeadersOutboundPolicy}});var zC=V_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return zC.SetQueryParamsInboundPolicy}});var WC=G_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return WC.SetStatusOutboundPolicy}});var QC=B_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return QC.SleepInboundPolicy}});var YC=gp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return YC.StripeWebhookVerificationInboundPolicy}});var ZC=J_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return ZC.SupabaseJwtInboundPolicy}});var XC=W_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return XC.UpstreamAzureAdServiceAuthInboundPolicy}});var eL=Y_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return eL.UpstreamFirebaseAdminAuthInboundPolicy}});var tL=Z_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return tL.UpstreamFirebaseUserAuthInboundPolicy}});var rL=eE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return rL.UpstreamGcpJwtInboundPolicy}});var nL=rE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return nL.UpstreamGcpServiceAuthInboundPolicy}});var iL=iE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return iL.ValidateJsonSchemaInbound}});var oL=te();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return oL.HttpProblems}});var sL=_o();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return sL.ProblemResponseFormatter}});var aL=Me();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return aL.ZuploRequest}});var cL=Or();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return cL.SystemRouteName}});var fE=Pd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return fE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return fE.Router}});var mE=Mu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return mE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return mE.serialize}});var uL=oE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return uL.ServiceProviderImpl}});var yE=sl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return yE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return yE.SYSTEM_LOGGER}});var lL=Wu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return rC(lL).default}});var dL=He();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return dL.SystemLogMap}});var ji=lc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return ji.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return ji.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return ji.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return ji.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return ji.sanitizedIdentifierName}})});var bE=y(Gn=>{"use strict";Object.defineProperty(Gn,"__esModule",{value:!0});Gn.BaseCryptoBeta=Gn.supportedDigests=void 0;Gn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var oh=class{static{s(this,"BaseCryptoBeta")}};Gn.BaseCryptoBeta=oh});var _E=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.WorkerCryptoBeta=void 0;var sh=bE(),pL=A(),ah=class extends sh.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!sh.supportedDigests.includes(t.toLowerCase()))throw new pL.RuntimeError(`Algorithm ${t} is not supported. Try using ${sh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};xc.WorkerCryptoBeta=ah});var EE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.BaseKeyValueStore=void 0;var ch=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Cc.BaseKeyValueStore=ch});var vE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.WorkerKeyValueStore=void 0;var wE=A(),hL=EE(),uh=class extends hL.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new wE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new wE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Lc.WorkerKeyValueStore=uh});var Dt=y(lt=>{"use strict";var fL=lt&&lt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),mL=lt&&lt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&fL(t,e,r)};Object.defineProperty(lt,"__esModule",{value:!0});lt.KeyValueStore=lt.CryptoBeta=void 0;mL(gE(),lt);var yL=_E();Object.defineProperty(lt,"CryptoBeta",{enumerable:!0,get:function(){return yL.WorkerCryptoBeta}});var gL=vE();Object.defineProperty(lt,"KeyValueStore",{enumerable:!0,get:function(){return gL.WorkerKeyValueStore}})});var TD={};io(TD,{GraphQLComplexityLimitInboundPolicy:()=>ew,GraphQLDisableIntrospectionInboundPolicy:()=>rw});module.exports=oo(TD);var ri=Uh(Dt());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Rt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Rt,"invariant");var bL=/\r\n|[\n\r]/g;function Bn(e,t){let r=0,n=1;for(let i of e.body.matchAll(bL)){if(typeof i.index=="number"||Rt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(Bn,"getLocation");function lh(e){return Dc(e.source,Bn(e.source,e.start))}s(lh,"printLocation");function Dc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
75
75
  `,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,g=[];for(let _=0;_<p.length;_+=80)g.push(p.slice(_,_+80));return l+SE([[`${a} |`,g[0]],...g.slice(1,m+1).map(_=>["|",_]),["|","^".padStart(h)],["|",g[m+1]]])}return l+SE([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Dc,"printSourceLocation");function SE(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
76
76
  `)}s(SE,"printPrefixedLines");function _L(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(_L,"toNormalizedOptions");var C=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=_L(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=TE(Array.isArray(a)?a:a?[a]:void 0);let m=TE((n=this.nodes)===null||n===void 0?void 0:n.map(g=>g.loc).filter(g=>g!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(g=>g.start),this.locations=u&&c?u.map(g=>Bn(c,g)):m?.map(g=>Bn(g.source,g.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
77
77
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zuplo/graphql",
3
- "version": "5.1776.0",
3
+ "version": "5.1777.0",
4
4
  "repository": "https://github.com/zuplo/zuplo",
5
5
  "author": "Zuplo, Inc.",
6
6
  "exports": {