@zuplo/graphql 5.1786.0 → 5.1787.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new $r.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(VR,"validateComputedSignature");function GR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(GR,"parseHeader");function BR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(BR,"secureCompare");async function hb(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=_p[o[c]];return a.join("")}s(hb,"computeHMACSignatureAsync");kn.computeHMACSignatureAsync=hb;var _p=new Array(256);for(let e=0;e<_p.length;e++)_p[e]=e.toString(16).padStart(2,"0")});var lt=y(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.optionValidator=void 0;var xi=O();function KR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(KR,"optionValidator");_a.optionValidator=KR});var Ep=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.StripeWebhookVerificationInboundPolicy=void 0;var JR=te(),zR=fb(),WR=lt(),QR=s(async(e,t,r,n)=>{(0,WR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,zR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),JR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");Ea.StripeWebhookVerificationInboundPolicy=QR});var yb=y(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.isStripeWebhookEvent=void 0;var mb=bt();function YR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,mb.isString)(e.id)&&"type"in e&&(0,mb.isString)(e.type)}s(YR,"isStripeWebhookEvent");wa.isStripeWebhookEvent=YR});var gb=y(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.MeteringPlugin=void 0;var ZR=gt(),wp=class extends ZR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};va.MeteringPlugin=wp});var _b=y(vp=>{"use strict";Object.defineProperty(vp,"__esModule",{value:!0});var bb=O(),XR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new bb.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new bb.RuntimeError(o)}return i}};vp.default=XR});var Eb=y(gr=>{"use strict";Object.defineProperty(gr,"__esModule",{value:!0});gr.deleteConsumer=gr.createConsumerInvite=gr.createConsumer=void 0;var Sp=O(),Tp=He(),Ip=W(),Pp=bn(),Ap="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function e0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=Ip.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,Ap);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},p=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new Sp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}s(e0,"createConsumer");gr.createConsumer=e0;async function t0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:o}){let{authApiJWT:a}=Ip.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,Ap);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(o)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw o.log.error(m,p),new Sp.RuntimeError(m)}return o.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}s(t0,"createConsumerInvite");gr.createConsumerInvite=t0;async function r0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Ip.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,Ap);i.searchParams.set("with-api-key","true");let o=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(o.status!==204){let a=await o.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new Sp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}s(r0,"deleteConsumer");gr.deleteConsumer=r0});var Sa=y(_r=>{"use strict";Object.defineProperty(_r,"__esModule",{value:!0});_r.getSubscription=_r.updateSubscription=_r.createSubscription=void 0;var br=O(),Rp=He(),Op=W(),Np=bn(),Cp=bt();async function n0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:o,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:o,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(l))throw new br.SystemError("No Zuplo JWT token set.");let p=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new br.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(n0,"createSubscription");_r.createSubscription=n0;async function i0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:o}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(i))throw new br.SystemError("No Zuplo JWT token set.");let a=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new br.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}s(i0,"updateSubscription");_r.updateSubscription=i0;async function o0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:o}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(i))throw new br.SystemError("No Zuplo JWT token set.");let a=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new br.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new br.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new br.RuntimeError(u)}return c.data[0]}s(o0,"getSubscription");_r.getSubscription=o0});var xp=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.stripeStatusToMeteringStatus=void 0;function s0(e){return e.replaceAll("_","-")}s(s0,"stripeStatusToMeteringStatus");Ta.stripeStatusToMeteringStatus=s0});var wb=y(Li=>{"use strict";var a0=Li&&Li.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Li,"__esModule",{value:!0});var jr=te(),c0=a0(_b()),Lp=Eb(),u0=Sa(),l0=xp();async function d0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.plan;if(!o||!o.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=o.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Lp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await c0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Lp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,l0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,u0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Lp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}s(d0,"onCustomerSubscriptionCreated");Li.default=d0});var Sb=y(Up=>{"use strict";Object.defineProperty(Up,"__esModule",{value:!0});var Dp=te(),vb=Sa();async function p0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Dp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.customer;if(!o)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Dp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,vb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,vb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Dp.HttpProblems.ok(e,t)}s(p0,"onCustomerSubscriptionDeleted");Up.default=p0});var Tb=y(kp=>{"use strict";Object.defineProperty(kp,"__esModule",{value:!0});var Di=te(),Ia=Sa(),h0=xp();async function f0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Di.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.customer;if(!o)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Di.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,Ia.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId}),u=(0,h0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Ia.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Di.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,Ia.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,Ia.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),Di.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Di.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}s(f0,"onCustomerSubscriptionUpdated");kp.default=f0});var Pb=y(Mn=>{"use strict";var Hp=Mn&&Mn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Mn,"__esModule",{value:!0});Mn.StripeMeteringPlugin=void 0;var Pa=vn(),Aa=O(),m0=Dt(),y0=Ep(),Ib=te(),g0=Qt(),b0=en(),_0=Wu(),E0=ot(),w0=W(),v0=yb(),S0=gb(),T0=Hp(wb()),I0=Hp(Sb()),P0=Hp(Tb()),Mp=class extends S0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Pa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Pa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Aa.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Pa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Pa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Aa.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!w0.Environment.instance.build.ACCOUNT_NAME)throw new Aa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!A0(p))throw new Aa.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,v0.isStripeWebhookEvent)(m))return Ib.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,T0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,P0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,I0.default)(c,u,m,{meteringBucketId:l});default:return Ib.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,b0.createInternalPolicyProcessor)({inboundPolicies:[{handler:y0.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new m0.Pipeline({processors:[g0.metricsProcessor,i],handler:n,gateway:r}),a=new E0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:_0.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Mn.StripeMeteringPlugin=Mp;function A0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(A0,"isMetricsRegion")});var Cb=y(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.AmberfloMeteringInboundPolicy=Hn.AmberfloMeteringPolicy=void 0;var Ab=O(),R0=ve(),Rb=Zt(),Nb=new WeakMap,Ob={},Fp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Nb.set(t,r)}};Hn.AmberfloMeteringPolicy=Fp;async function O0(e,t,r,n){if(!r.statusCodes)throw new Ab.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Rb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Ab.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Rb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Ob[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new R0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Ob[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(O0,"AmberfloMeteringInboundPolicy");Hn.AmberfloMeteringInboundPolicy=O0});var qp=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.sha256=void 0;async function N0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(N0,"sha256");Ra.sha256=N0});var $t=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.getPolicyCacheName=void 0;var C0=qp(),xb=new Map;async function x0(e,t){let r,n=xb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,C0.sha256)(JSON.stringify({policyName:e,options:t}))}`,xb.set(e,r)),r}s(x0,"getPolicyCacheName");Oa.getPolicyCacheName=x0});var Vp=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.ApiKeyInboundPolicy=void 0;var L0=$t(),D0=Kt(),Lb=vn(),$p=O(),U0=Ut(),Db=He(),jp=W(),k0=bn(),Ub="key-metadata-cache-type";function M0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(M0,"getKeyValue");async function H0(e,t,r,n){if(!r.bucketName)if(Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new $p.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new $p.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(S=>i.allowUnauthenticatedRequests?e:U0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=M0(a,i);if(!c||c==="")return o("No key present");let u=await F0(c),l=await(0,L0.getPolicyCacheName)(n,i),d=new D0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Ub&&Db.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,k0.fetchRetry)({retryDelayMs:5,retries:2,logger:Db.SystemLogMap.getLogger(t)},`${jp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":jp.Environment.instance.deploymentName??"unknown","User-Agent":jp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new $p.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Ub,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(H0,"ApiKeyInboundPolicy");Na.ApiKeyInboundPolicy=H0;async function F0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(F0,"hashValue")});var kb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.ApiAuthKeyInboundPolicy=void 0;var q0=Vp();Ca.ApiAuthKeyInboundPolicy=q0.ApiKeyInboundPolicy});var jt=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.OpenIdJwtInboundPolicy=void 0;var Bp=(xs(),uo(Cs)),Kp=O(),$0=te(),Gp={},j0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Kp.ConfigurationError("Invalid State - jwkUrl not set");Gp[t.jwkUrl]||(Gp[t.jwkUrl]=(0,Bp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Bp.jwtVerify)(e,Gp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),V0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Bp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),G0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>$0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Kp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Kp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?j0:V0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");xa.OpenIdJwtInboundPolicy=G0});var Mb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.Auth0JwtInboundPolicy=void 0;var B0=jt(),K0=s(async(e,t,r,n)=>(0,B0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");La.Auth0JwtInboundPolicy=K0});var Hb=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.BasicAuthInboundPolicy=void 0;var J0=te(),z0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>J0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Da.BasicAuthInboundPolicy=z0});var Fb=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.CachingInboundPolicy=void 0;var W0=$t(),Q0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Y0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(Y0,"digestMessage");var Z0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await Y0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function X0(e,t,r,n){let i=await(0,W0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await Z0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);Q0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(X0,"CachingInboundPolicy");Ua.CachingInboundPolicy=X0});var qb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ChangeMethodInboundPolicy=void 0;var eO=O(),tO=Me(),rO=s(async(e,t,r,n)=>{if(!r.method)throw new eO.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new tO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");ka.ChangeMethodInboundPolicy=rO});var $b=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.ClearHeadersInboundPolicy=void 0;var nO=Me(),iO=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new nO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ma.ClearHeadersInboundPolicy=iO});var jb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.ClearHeadersOutboundPolicy=void 0;var oO=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ha.ClearHeadersOutboundPolicy=oO});var Vb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.ClerkJwtInboundPolicy=void 0;var sO=jt(),aO=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,sO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Fa.ClerkJwtInboundPolicy=aO});var Bb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CognitoJwtInboundPolicy=void 0;var Gb=O(),cO=jt(),uO=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,cO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");qa.CognitoJwtInboundPolicy=uO});var Jb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.CompositeInboundPolicy=void 0;var lO=O(),dO=Or(),Kb=en(),pO=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new lO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=dO.Gateway.instance,o=(0,Kb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Kb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");$a.CompositeInboundPolicy=pO});var zb=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.CurityPhantomTokenInboundPolicy=void 0;var hO=$t(),fO=Kt(),ja=te(),mO=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return ja.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=yO(i);if(!o)return ja.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,hO.getPolicyCacheName)(n,r),c=new fO.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),ja.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):ja.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Va.CurityPhantomTokenInboundPolicy=mO;function yO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(yO,"getToken")});var Wb=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.FirebaseJwtInboundPolicy=void 0;var gO=lt(),bO=jt(),_O=s(async(e,t,r,n)=>((0,gO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,bO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ga.FirebaseJwtInboundPolicy=_O});var Qb=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.FormDataToJsonInboundPolicy=void 0;var EO=Me(),wO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new EO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ba.FormDataToJsonInboundPolicy=wO});var Yb=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.GeoFilterInboundPolicy=void 0;var vO=O(),SO=te(),Fn="__unknown__",TO=s(async(e,t,r,n)=>{let i={allow:{countries:$n(r.allow?.countries,"allow.countries",n),regionCodes:$n(r.allow?.regionCodes,"allow.regionCode",n),asns:$n(r.allow?.asns,"allow.asOrganization",n)},block:{countries:$n(r.block?.countries,"block.countries",n),regionCodes:$n(r.block?.regionCodes,"block.regionCode",n),asns:$n(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Fn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Fn,c=t.incomingRequestProperties.asn?.toString()??Fn,u=i.ignoreUnknown&&o===Fn,l=i.ignoreUnknown&&a===Fn,d=i.ignoreUnknown&&c===Fn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return qn(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?qn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ka.GeoFilterInboundPolicy=TO;function qn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),SO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(qn,"blockedResponse");function $n(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new vO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s($n,"toLowerStringArray")});var Zb=y(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.JWTScopeValidationInboundPolicy=void 0;var IO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ja.JWTScopeValidationInboundPolicy=IO});var t_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.LoadSubscriptionInboundPolicy=void 0;var PO=ai(),AO=Pr(),RO=Ys(),Xb=vn(),Ui=O(),za=te(),e_=He(),OO=W(),NO=Zt(),CO=lt(),xO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]),LO=s(async(e,t,r,n)=>{(0,CO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("bucketId","string");let i=e_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1;if(r.allowedSubscriptionStatuses)try{if(r.allowedSubscriptionStatuses.length===0)throw new Ui.ConfigurationError("Must set valid subscription statuses");let h=(0,NO.parseValueToStringArray)(r.allowedSubscriptionStatuses),g=[];for(let _ of h)xO.has(_)||g.push(_);if(g.length>0)throw new Ui.ConfigurationError(`Found the following invalid statuses: ${g.join(", ")}`)}catch(h){throw h instanceof Ui.ConfigurationError?new Ui.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - The property 'allowedSubscriptionStatuses' is invalid. ${h.message}`):h}else r.allowedSubscriptionStatuses=["active","incomplete","trialing"];let a=r.allowedSubscriptionStatuses,c=e.user;if(!c)return o?e:za.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ui.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:u,meteringServiceUrl:l}=OO.Environment.instance,{sub:d}=c,p;try{let h=`${r.bucketId}-${d}`,g=new PO.ZoneCache(h,{logger:e_.SystemLogMap.getLogger(t)}),_=await g.get(h);if(_)p=_,t.log.debug("Loading subscriptions from cache");else{let S=await fetch(`${l}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${d}`,{headers:{Authorization:`Bearer ${u}`,"zp-rid":t.requestId},method:"GET"});if(!S.ok)return t.log.error(await S.text()),za.HttpProblems.forbidden(e,t);p=await S.json(),g.put(h,p,15).catch(T=>{throw i.error(T),T})}}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}let m=p&&p.data&&p.data.length>0?p.data[0]:void 0;return m?!a.includes(m.status)&&!o?(t.log.warn(`Subscription '${m.id}' has status '${m.status}' which is not part of the allowed statuses.`),za.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"})):(a.includes(m.status)&&(t.log.debug(`Loading subscription '${m.id}' for user sub '${d}' to ContextData`),RO.ContextData.set(t,AO.METERING_SUBSCRIPTION_CONTEXT_DATA,m)),e):(t.log.warn("No valid subscription found"),o?e:za.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"}))},"LoadSubscriptionInboundPolicy");Wa.LoadSubscriptionInboundPolicy=LO});var o_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.MeteringInboundPolicy=void 0;var r_=Pr(),n_=Ys(),i_=vn(),ki=O(),Qa=te(),DO=He(),UO=W(),kO=Zt(),MO=lt(),HO=s(async(e,t,r,n)=>{(0,MO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string");let i=DO.SystemLogMap.getLogger(t);if(!r.meterOnStatusCodes)throw new ki.ConfigurationError(`Invalid MeteringInboundPolicy '${n}': options.meterOnStatusCodes must be an array of HTTP status code numbers`);let o=Array.isArray(r.meterOnStatusCodes)?r.meterOnStatusCodes:(0,kO.statusCodesStringToNumberArray)(r.meterOnStatusCodes);try{let p=[];for(let m in r.meters)typeof r.meters[m]!="number"&&p.push(m);if(p.length>0)throw new ki.ConfigurationError(`Non-numeric values found in properties: ${p.join(", ")}`)}catch(p){throw p instanceof ki.ConfigurationError?new ki.ConfigurationError(`MeteringInboundPolicy '${n}' - The property 'meters' is invalid. ${p.message}`):p}t.addResponseSendingFinalHook(async(p,m,h)=>{let g=n_.ContextData.get(h,r_.METERING_SUBSCRIPTION_CONTEXT_DATA);if((r.allowRequestsWithoutSubscription??!1)&&!g){h.log.debug(`MeteringInboundPolicy '${n}' - no subscription found and allowRequestsWithoutSubscription is true`);return}if(!r.bucketId)if(i_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=i_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ki.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:S,meteringServiceUrl:T}=UO.Environment.instance;if(o.includes(p.status)&&g&&r.meters){h.log.debug(`MeteringInboundPolicy '${n}' - Updating subscription '${g.id}' with meters '${JSON.stringify(r.meters)} on response status '${p.status}'`);try{let U=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${g.id}/quotas/consume`,{headers:{Authorization:`Bearer ${S}`,"zp-rid":h.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});U.ok||(h.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${U.status} - ${U.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${U.status} - ${U.statusText}`))}catch(U){h.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,U)}}});let a=n_.ContextData.get(t,r_.METERING_SUBSCRIPTION_CONTEXT_DATA),c=r.allowRequestsWithoutSubscription??!1,u=r.allowRequestsOverQuota??!1;if(!a)return c?e:(t.log.warn("Subscription is not available for user"),Qa.HttpProblems.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(a&&Object.keys(a.quotas).length===0)return t.log.error(`Quota is not set up for subscription '${a.id}'`),Qa.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let d=Object.keys(r.meters).filter(p=>!Object.keys(a.quotas).includes(p));if(d.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${d.join(", ")}`),Qa.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${d.join(", ")}`,title:"Quota Exceeded"});for(let p of Object.keys(a.quotas))if(a.quotas[p]<=0&&!u)return Qa.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${p}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ya.MeteringInboundPolicy=HO});var a_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.MockApiInboundPolicy=void 0;var FO=te(),qO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Jp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Jp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return s_(a[c])}else return a.length>0?s_(a[0]):Jp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Za.MockApiInboundPolicy=qO;function s_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(s_,"generateResponse");var Jp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return FO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var p_=y(jn=>{"use strict";Object.defineProperty(jn,"__esModule",{value:!0});jn.MoesifInboundPolicy=jn.setMoesifContext=void 0;var $O=O(),jO=ve(),VO="Incoming",GO={logRequestBody:!0,logResponseBody:!0};function c_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(c_,"headersToObject");function u_(){return new Date().toISOString()}s(u_,"timestamp");var zp=new WeakMap,BO={};function KO(e,t){let r=zp.get(e);r||(r=BO);let n=Object.assign({...r},t);zp.set(e,n)}s(KO,"setMoesifContext");jn.setMoesifContext=KO;async function l_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(l_,"readBody");var JO={},Wp;function d_(){if(!Wp)throw new $O.RuntimeError("Invalid State - no _lastLogger");return Wp}s(d_,"getLastLogger");function zO(e){let t=JO[e];return t||(t=new jO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);d_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||d_().error({status:i.status,body:await i.text()})})),t}s(zO,"getDispatcher");async function WO(e,t,r,n){Wp=t.log;let i=u_(),o=Object.assign(GO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await l_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=zO(o.applicationId),d=e.headers.get("true-client-ip"),p=zp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:c_(e.headers)},h=o.logResponseBody?await l_(c,t):void 0,g={time:u_(),status:c.status,headers:c_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:VO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(WO,"MoesifInboundPolicy");jn.MoesifInboundPolicy=WO});var h_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.OktaJwtInboundPolicy=void 0;var QO=jt(),YO=s(async(e,t,r,n)=>(0,QO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Xa.OktaJwtInboundPolicy=YO});var f_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.PropelAuthJwtInboundPolicy=void 0;var ZO=(xs(),uo(Cs)),XO=jt(),Qp,eN=s(async(e,t,r,n)=>{if(!Qp)try{Qp=await(0,ZO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,XO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Qp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");ec.PropelAuthJwtInboundPolicy=eN});var m_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=bt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Mi=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Mi;var Hi=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Hi;function tN(e,t){if((0,je.isUndefined)(e))throw new Mi(t)}s(tN,"throwIfUndefined");V.throwIfUndefined=tN;function Yp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Mi(t)}s(Yp,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Yp;function rN(e,t){if(Yp(e,t),!(0,je.isString)(e))throw new Hi(t,"string")}s(rN,"throwIfNotString");V.throwIfNotString=rN;function nN(e,t){if(Yp(e,t),!(0,je.isNumber)(e))throw new Hi(t,"number")}s(nN,"throwIfNotNumber");V.throwIfNotNumber=nN;var Fi=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Fi;var Vn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Vn;function iN(e,t,r,n){if((0,je.isUndefined)(n))throw new Fi(e,t,r)}s(iN,"throwIfOptionUndefined");V.throwIfOptionUndefined=iN;function tc(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Fi(e,t,r)}s(tc,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=tc;function oN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isString)(n))throw new Vn(e,t,r,"string")}s(oN,"throwIfOptionNotString");V.throwIfOptionNotString=oN;function sN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isNumber)(n))throw new Vn(e,t,r,"number")}s(sN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=sN;function aN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isObject)(n))throw new Vn(e,t,r,"object")}s(aN,"throwIfOptionNotObject");V.throwIfOptionNotObject=aN;function cN(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(cN,"throwIfStateUndefined");V.throwIfStateUndefined=cN;function rc(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(rc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=rc;function uN(e,t){if(rc(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(uN,"throwIfStateNotString");V.throwIfStateNotString=uN;function lN(e,t){if(rc(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(lN,"throwIfStateNotNumber");V.throwIfStateNotNumber=lN;function dN(e,t){if(rc(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(dN,"throwIfStateNotObject");V.throwIfStateNotObject=dN});var y_=y(Gn=>{"use strict";Object.defineProperty(Gn,"__esModule",{value:!0});Gn.InMemoryRedisClient=Gn.StandardRedisClient=void 0;var Zp=O(),nc=m_(),Xp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,nc.throwIfNotString)(t,"redisClientUrl"),(0,nc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,nc.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Zp.SystemError("Redis client failed with 401: Unauthorized"):new Zp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Gn.StandardRedisClient=Xp;var eh=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,nc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Zp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Gn.InMemoryRedisClient=eh});var w_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RateLimitInboundPolicy=void 0;var pN=Rr(),hN=$t(),fN=ai(),Rt=O(),mN=te(),g_=He(),qi=W(),b_=y_(),__=bt(),ic=(0,pN.debug)("zuplo:policies:RateLimitInboundPolicy"),yN="strict",gN=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),bN=s(async e=>({key:`ip-${gN(e)}`}),"getIP"),_N=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),EN=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),oc;function wN(e,t){let r;if(oc)return oc;if(qi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new b_.InMemoryRedisClient,oc=r,r;let{authApiJWT:n,redisURL:i}=qi.Environment.instance;if(!(0,__.isString)(i))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,__.isString)(n))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=b_.StandardRedisClient.initialize(i,n,qi.Environment.instance.deploymentName??"unknown",qi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return oc=r,r}s(wN,"getRedisClient");async function E_(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(E_,"getCountAndUpdateExpiry");function vN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Rt.RuntimeError(u)}return c},"outerFunction")}s(vN,"wrapUserFunction");var SN="Retry-After",TN=s(async(e,t,r,n)=>{let i=Date.now(),o=g_.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Rt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[SN]=l.toString()),mN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:vN(r,n),user:_N,ip:bN,all:EN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=wN(n,o),T=`bucket/${qi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??yN)==="async"){let L=await(0,hN.getPolicyCacheName)(n,r),ne=new fN.ZoneCache(L,{logger:g_.SystemLogMap.getLogger(t)}),ie=E_(T,h,_,o,t.requestId),me=await ne.get(T);if(me!==void 0&&me<=Date.now()){ic(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,H=w.mutableResponse;w.mutableResponse=(async()=>{let xe=await ie;if(xe.count>m){let bu=Date.now()+xe.ttlSeconds*1e3,iw=ne.put(T,bu,xe.ttlSeconds).catch($h=>{throw o.error(new Rt.SystemError("Error caching rate limit result.",{cause:$h})),$h});return t.waitUntil(iw),ic(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await E_(T,h,_,o,t.requestId);return K.count>m?(ic(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;ic(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");sc.RateLimitInboundPolicy=TN});var I_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.ReadmeMetricsInboundPolicy=void 0;var IN=ve(),th=W(),v_=Zt(),rh;function S_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(S_,"headersToNameValuePairs");function PN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(PN,"queryToNameValueParis");function AN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(AN,"parseIntOrUndefined");var T_={};async function RN(e,t,r,n){let i=new Date,o=Date.now();return rh||(rh={name:"zuplo",version:th.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${th.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,v_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,v_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:th.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:rh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:S_(e.headers),queryString:PN(e.query)},response:{status:a.status,statusText:a.statusText,headers:S_(a.headers),content:{size:AN(e.headers.get("content-length"))}}}]}}},d=T_[r.apiKey];if(!d){let p=r.apiKey;d=new IN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),T_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(RN,"ReadmeMetricsInboundPolicy");ac.ReadmeMetricsInboundPolicy=RN});var P_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.RemoveHeadersInboundPolicy=void 0;var ON=O(),NN=Me(),CN=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new ON.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new NN.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");cc.RemoveHeadersInboundPolicy=CN});var A_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RemoveHeadersOutboundPolicy=void 0;var xN=O(),LN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new xN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");uc.RemoveHeadersOutboundPolicy=LN});var R_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.RemoveQueryParamsInboundPolicy=void 0;var DN=O(),UN=Me(),kN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new DN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new UN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");lc.RemoveQueryParamsInboundPolicy=kN});var O_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.ReplaceStringOutboundPolicy=void 0;var MN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");dc.ReplaceStringOutboundPolicy=MN});var C_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RequestSizeLimitInboundPolicy=void 0;var N_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),HN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?N_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?N_():e},"RequestSizeLimitInboundPolicy");pc.RequestSizeLimitInboundPolicy=HN});var hc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function FN(e,t,r){return`_${Vr(e+"_"+t+"_"+r)}`}s(FN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=FN;function qN(e,t,r,n){return`_${Vr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(qN,"getIdForParameterSchema");tt.getIdForParameterSchema=qN;function $N(e,t,r){return`_${Vr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Vr(r.toLowerCase())}`}s($N,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=$N;function jN(e,t){return`_${Vr(e)}__${Vr(t)}`}s(jN,"getIdForRefSchema");tt.getIdForRefSchema=jN;function Vr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Vr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Vr});var $i=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var VN=Or(),GN=hc(),BN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=BN;var KN=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,GN.getIdForParameterSchema)(r,n,i,u.name),p=VN.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=KN;var JN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=JN;var zN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=zN;var WN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=WN;var QN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=QN});var x_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.handleBodyValidation=void 0;var YN=Or(),fc=te(),ZN=hc(),Je=$i();async function XN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=fc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=fc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,ZN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=YN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=fc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=fc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(XN,"handleBodyValidation");mc.handleBodyValidation=XN});var L_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.handleHeadersValidation=void 0;var eC=te(),ji=$i();function tC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ji.getParametersForOperation)(e),o=(0,ji.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=eC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ji.shouldLog)(r.validateHeaders)&&(0,ji.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ji.shouldReject)(r.validateHeaders))return c}}s(tC,"handleHeadersValidation");yc.handleHeadersValidation=tC});var D_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.handlePathParameterValidation=void 0;var rC=te(),Vi=$i();function nC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Vi.getParametersForOperation)(e),i=(0,Vi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=rC.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Vi.shouldLog)(r.validatePathParameters)&&(0,Vi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Vi.shouldReject)(r.validatePathParameters))return a}}s(nC,"handlePathParameterValidation");gc.handlePathParameterValidation=nC});var U_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.handleQueryParameterValidation=void 0;var iC=te(),Gi=$i();function oC(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Gi.getParametersForOperation)(e),i=(0,Gi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=iC.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Gi.shouldLog)(r.validateQueryParameters)&&(0,Gi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Gi.shouldReject)(r.validateQueryParameters))return a}}s(oC,"handleQueryParameterValidation");bc.handleQueryParameterValidation=oC});var k_=y(Gr=>{"use strict";Object.defineProperty(Gr,"__esModule",{value:!0});Gr.SchemaBasedRequestValidation=Gr.RequestValidationInboundPolicy=void 0;var sC=x_(),aC=L_(),cC=D_(),uC=U_(),lC=s(async(e,t,r)=>{let n=(0,uC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,cC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,aC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,sC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Gr.RequestValidationInboundPolicy=lC;Gr.SchemaBasedRequestValidation=Gr.RequestValidationInboundPolicy});var M_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.RequireOriginInboundPolicy=void 0;var dC=O(),pC=te(),hC=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new dC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return pC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");_c.RequireOriginInboundPolicy=hC});var H_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.SetBodyInboundPolicy=void 0;var fC=Me(),mC=s(async(e,t,r)=>new fC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Ec.SetBodyInboundPolicy=mC});var q_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.SetHeadersInboundPolicy=void 0;var F_=O(),yC=Me(),gC=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new F_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new F_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new yC.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");wc.SetHeadersInboundPolicy=gC});var j_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.SetHeadersOutboundPolicy=void 0;var $_=O(),bC=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new $_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new $_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");vc.SetHeadersOutboundPolicy=bC});var G_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SetQueryParamsInboundPolicy=void 0;var V_=O(),_C=Me(),EC=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new V_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new V_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new _C.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");Sc.SetQueryParamsInboundPolicy=EC});var B_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.SetStatusOutboundPolicy=void 0;var wC=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Tc.SetStatusOutboundPolicy=wC});var K_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.SleepInboundPolicy=void 0;var vC=O(),SC=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),TC=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new vC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await SC(r.sleepInMs),e},"SleepInboundPolicy");Ic.SleepInboundPolicy=TC});var z_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SupabaseJwtInboundPolicy=void 0;var J_=O(),IC=te(),PC=Me(),AC=lt(),RC=jt(),OC=s(async(e,t,r,n)=>{(0,AC.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,RC.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof PC.ZuploRequest))throw new J_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new J_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?IC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");Pc.SupabaseJwtInboundPolicy=OC});var Q_=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var NC=$t(),CC=Kt(),W_=O(),xC=bn(),LC=lt(),DC=s(async(e,t,r,n)=>{(0,LC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,NC.getPolicyCacheName)(n,r),o=new CC.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await UC(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Ac.UpstreamAzureAdServiceAuthInboundPolicy=DC;async function UC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,xC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new W_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new W_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(UC,"getAccessToken")});var Z_=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var kC=$t(),MC=Kt(),HC=O(),nh=_n(),FC=lt(),Y_="https://accounts.google.com/o/oauth2/token",ih,qC=s(async(e,t,r,n)=>{(0,FC.optionValidator)(r,n).required("serviceAccountJson","string"),ih||(ih=await nh.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,kC.getPolicyCacheName)(n,r),a=new MC.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,nh.getTokenFromGcpServiceAccount)({serviceAccount:ih,audience:Y_,payload:i}),l=await(0,nh.exchangeGgpJwtForIdToken)(Y_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new HC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Rc.UpstreamFirebaseAdminAuthInboundPolicy=qC});var X_=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var $C=$t(),jC=Kt(),Bn=O(),VC=qp(),oh=_n(),GC=Zt(),BC=lt(),KC="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",JC=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],sh,zC=s(async(e,t,r,n)=>{if((0,BC.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Bn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(JC.indexOf(p)!==-1)throw new Bn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}sh||(sh=await oh.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Bn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Bn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,GC.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Bn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,$C.getPolicyCacheName)(n,r),c=new jC.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,VC.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,oh.getTokenFromGcpServiceAccount)({serviceAccount:sh,audience:KC,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,oh.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Bn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Oc.UpstreamFirebaseUserAuthInboundPolicy=zC});var tE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.UpstreamGcpJwtInboundPolicy=void 0;var eE=_n(),WC=lt(),ah,QC=s(async(e,t,r,n)=>{(0,WC.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),ah||(ah=await eE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,eE.getTokenFromGcpServiceAccount)({serviceAccount:ah,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Nc.UpstreamGcpJwtInboundPolicy=QC});var nE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.UpstreamGcpServiceAuthInboundPolicy=void 0;var YC=$t(),ZC=Iu(),XC=Kt(),Bi=O(),ch=_n(),ex=Zt(),tx=lt(),rE="https://www.googleapis.com/oauth2/v4/token",uh,rx=s(async(e,t,r,n)=>{(0,tx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),uh||(uh=await ch.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Bi.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,ex.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Bi.ConfigurationError?new Bi.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let o=await(0,YC.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new ZC.MemoryCache(o):a=new XC.MemoryZoneReadThroughCache(o,t);let c=await a.get(n);if(!c){let u=await(0,ch.getTokenFromGcpServiceAccount)({serviceAccount:uh,audience:rE,payload:i}),l=await(0,ch.exchangeGgpJwtForIdToken)(rE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Bi.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Bi.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Cc.UpstreamGcpServiceAuthInboundPolicy=rx});var oE=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.ValidateJsonSchemaInbound=void 0;var nx=O(),iE=te(),ix=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return iE.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new nx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return iE.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");xc.ValidateJsonSchemaInbound=ix});var sE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.ServiceProviderImpl=void 0;var ox=O(),lh=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new ox.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Lc.ServiceProviderImpl=lh});var bE=y(f=>{"use strict";var sx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),dh=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&sx(t,e,r)},ax=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MeteringInboundPolicy=f.LoadSubscriptionInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=void 0;Jh();var cx=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return cx.MemoryZoneReadThroughCache}});var ux=ai();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return ux.ZoneCache}});var aE=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return aE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return aE.ResponseSentEvent}});var lx=Ys();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return lx.ContextData}});var ph=vn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return ph.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return ph.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return ph.isZuploReadableEnvVariableName}});var cE=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return cE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return cE.RuntimeError}});var dx=Fd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return dx.originalFetch}});var uE=vg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return uE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return uE.purgeGatewayCache}});var lE=Fg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return lE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return lE.awsLambdaHandler}});var px=$g();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return px.openApiSpecHandler}});var hx=jg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return hx.redirectHandler}});var fx=Gg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return fx.urlForwardHandler}});var mx=Kg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return mx.urlRewriteHandler}});var yx=zg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return yx.webSocketHandler}});var gx=Yg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return gx.webSocketPipelineHandler}});var bx=Qu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return bx.HttpStatusCode}});dh(ob(),f);dh(cb(),f);var _x=ub();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return _x.AuditLogDataStaxProvider}});var Ex=db();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ex.AuditLogPlugin}});dh(Pb(),f);var dE=Cb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return dE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return dE.AmberfloMeteringPolicy}});var wx=kb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return wx.ApiAuthKeyInboundPolicy}});var vx=Vp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return vx.ApiKeyInboundPolicy}});var Sx=Mb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Sx.Auth0JwtInboundPolicy}});var Tx=Hb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Tx.BasicAuthInboundPolicy}});var Ix=Fb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Ix.CachingInboundPolicy}});var Px=qb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Px.ChangeMethodInboundPolicy}});var Ax=$b();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ax.ClearHeadersInboundPolicy}});var Rx=jb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Rx.ClearHeadersOutboundPolicy}});var Ox=Vb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Ox.ClerkJwtInboundPolicy}});var Nx=Bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Nx.CognitoJwtInboundPolicy}});var Cx=Jb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Cx.CompositeInboundPolicy}});var xx=zb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return xx.CurityPhantomTokenInboundPolicy}});var Lx=Wb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Lx.FirebaseJwtInboundPolicy}});var Dx=Qb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Dx.FormDataToJsonInboundPolicy}});var Ux=Yb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Ux.GeoFilterInboundPolicy}});var kx=Zb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return kx.JWTScopeValidationInboundPolicy}});var Mx=t_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return Mx.LoadSubscriptionInboundPolicy}});var Hx=o_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return Hx.MeteringInboundPolicy}});var Fx=a_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Fx.MockApiInboundPolicy}});var pE=p_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return pE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return pE.setMoesifContext}});var qx=h_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return qx.OktaJwtInboundPolicy}});var $x=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return $x.OpenIdJwtInboundPolicy}});var jx=f_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return jx.PropelAuthJwtInboundPolicy}});var hE=w_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return hE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return hE.RateLimitInboundPolicy}});var Vx=I_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Vx.ReadmeMetricsInboundPolicy}});var Gx=P_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Gx.RemoveHeadersInboundPolicy}});var Bx=A_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Bx.RemoveHeadersOutboundPolicy}});var Kx=R_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Kx.RemoveQueryParamsInboundPolicy}});var Jx=O_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return Jx.ReplaceStringOutboundPolicy}});var zx=C_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return zx.RequestSizeLimitInboundPolicy}});var fE=k_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return fE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return fE.SchemaBasedRequestValidation}});var Wx=M_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return Wx.RequireOriginInboundPolicy}});var Qx=H_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return Qx.SetBodyInboundPolicy}});var Yx=q_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.SetHeadersInboundPolicy}});var Zx=j_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.SetHeadersOutboundPolicy}});var Xx=G_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.SetQueryParamsInboundPolicy}});var eL=B_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return eL.SetStatusOutboundPolicy}});var tL=K_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return tL.SleepInboundPolicy}});var rL=Ep();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return rL.StripeWebhookVerificationInboundPolicy}});var nL=z_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return nL.SupabaseJwtInboundPolicy}});var iL=Q_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return iL.UpstreamAzureAdServiceAuthInboundPolicy}});var oL=Z_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return oL.UpstreamFirebaseAdminAuthInboundPolicy}});var sL=X_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return sL.UpstreamFirebaseUserAuthInboundPolicy}});var aL=tE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return aL.UpstreamGcpJwtInboundPolicy}});var cL=nE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return cL.UpstreamGcpServiceAuthInboundPolicy}});var uL=oE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return uL.ValidateJsonSchemaInbound}});var lL=te();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return lL.HttpProblems}});var dL=So();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return dL.ProblemResponseFormatter}});var pL=Me();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return pL.ZuploRequest}});var hL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return hL.SystemRouteName}});var mE=Od();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return mE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return mE.Router}});var yE=qu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return yE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return yE.serialize}});var fL=sE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return fL.ServiceProviderImpl}});var gE=ul();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return gE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return gE.SYSTEM_LOGGER}});var mL=Zu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return ax(mL).default}});var yL=He();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return yL.SystemLogMap}});var Ki=hc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Ki.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Ki.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Ki.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Ki.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Ki.sanitizedIdentifierName}})});var _E=y(Kn=>{"use strict";Object.defineProperty(Kn,"__esModule",{value:!0});Kn.BaseCryptoBeta=Kn.supportedDigests=void 0;Kn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var hh=class{static{s(this,"BaseCryptoBeta")}};Kn.BaseCryptoBeta=hh});var EE=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.WorkerCryptoBeta=void 0;var fh=_E(),gL=O(),mh=class extends fh.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!fh.supportedDigests.includes(t.toLowerCase()))throw new gL.RuntimeError(`Algorithm ${t} is not supported. Try using ${fh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Dc.WorkerCryptoBeta=mh});var wE=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.BaseKeyValueStore=void 0;var yh=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Uc.BaseKeyValueStore=yh});var SE=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.WorkerKeyValueStore=void 0;var vE=O(),bL=wE(),gh=class extends bL.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new vE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new vE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};kc.WorkerKeyValueStore=gh});var Ut=y(dt=>{"use strict";var _L=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),EL=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&_L(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;EL(bE(),dt);var wL=EE();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return wL.WorkerCryptoBeta}});var vL=SE();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return vL.WorkerKeyValueStore}})});var OD={};co(OD,{GraphQLComplexityLimitInboundPolicy:()=>tw,GraphQLDisableIntrospectionInboundPolicy:()=>nw});module.exports=uo(OD);var ii=Vh(Ut());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Ot(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Ot,"invariant");var SL=/\r\n|[\n\r]/g;function Jn(e,t){let r=0,n=1;for(let i of e.body.matchAll(SL)){if(typeof i.index=="number"||Ot(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(Jn,"getLocation");function bh(e){return Mc(e.source,Jn(e.source,e.start))}s(bh,"printLocation");function Mc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}s(VR,"validateComputedSignature");function GR(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}s(GR,"parseHeader");function BR(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}s(BR,"secureCompare");async function hb(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),o=new Uint8Array(i),a=new Array(o.length);for(let c=0;c<o.length;c++)a[c]=_p[o[c]];return a.join("")}s(hb,"computeHMACSignatureAsync");kn.computeHMACSignatureAsync=hb;var _p=new Array(256);for(let e=0;e<_p.length;e++)_p[e]=e.toString(16).padStart(2,"0")});var lt=y(_a=>{"use strict";Object.defineProperty(_a,"__esModule",{value:!0});_a.optionValidator=void 0;var xi=O();function KR(e,t){let r=s((o,a,c)=>{let u=e[o];if(!(c&&u===void 0)){if(u===void 0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new xi.ConfigurationError(`Value of '${String(o)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=s((o,a)=>(r(o,a,!0),{optional:n,required:i}),"optional"),i=s((o,a)=>(r(o,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}s(KR,"optionValidator");_a.optionValidator=KR});var Ep=y(Ea=>{"use strict";Object.defineProperty(Ea,"__esModule",{value:!0});Ea.StripeWebhookVerificationInboundPolicy=void 0;var JR=te(),zR=fb(),WR=lt(),QR=s(async(e,t,r,n)=>{(0,WR.optionValidator)(r,n).required("signingSecret","string").optional("tolerance","number");let i=e.headers.get("stripe-signature");try{let o=await e.clone().text();await(0,zR.constructEventAsync)(o,i,r.signingSecret)}catch(o){return t.log.error("Error validating stripe webhook",o),JR.HttpProblems.badRequest(e,t,{title:"Webhook Error",detail:o.message})}return e},"StripeWebhookVerificationInboundPolicy");Ea.StripeWebhookVerificationInboundPolicy=QR});var yb=y(wa=>{"use strict";Object.defineProperty(wa,"__esModule",{value:!0});wa.isStripeWebhookEvent=void 0;var mb=bt();function YR(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,mb.isString)(e.id)&&"type"in e&&(0,mb.isString)(e.type)}s(YR,"isStripeWebhookEvent");wa.isStripeWebhookEvent=YR});var gb=y(va=>{"use strict";Object.defineProperty(va,"__esModule",{value:!0});va.MeteringPlugin=void 0;var ZR=gt(),wp=class extends ZR.SystemRuntimePlugin{static{s(this,"MeteringPlugin")}};va.MeteringPlugin=wp});var _b=y(vp=>{"use strict";Object.defineProperty(vp,"__esModule",{value:!0});var bb=O(),XR={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving subscription from Stripe API.";throw r.error(o,i),new bb.RuntimeError(o)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let o="Error retrieving customer from Stripe API.";throw r.error(o,i),new bb.RuntimeError(o)}return i}};vp.default=XR});var Eb=y(gr=>{"use strict";Object.defineProperty(gr,"__esModule",{value:!0});gr.deleteConsumer=gr.createConsumerInvite=gr.createConsumer=void 0;var Sp=O(),Tp=He(),Ip=W(),Pp=bn(),Ap="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function e0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:o,context:a}){let{authApiJWT:c}=Ip.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,Ap);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:o,email:i}]},p=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new Sp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}s(e0,"createConsumer");gr.createConsumer=e0;async function t0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:o}){let{authApiJWT:a}=Ip.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,Ap);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(o)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw o.log.error(m,p),new Sp.RuntimeError(m)}return o.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}s(t0,"createConsumerInvite");gr.createConsumerInvite=t0;async function r0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Ip.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,Ap);i.searchParams.set("with-api-key","true");let o=await(0,Pp.fetchRetry)({retryDelayMs:5,retries:2,logger:Tp.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(o.status!==204){let a=await o.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new Sp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}s(r0,"deleteConsumer");gr.deleteConsumer=r0});var Sa=y(_r=>{"use strict";Object.defineProperty(_r,"__esModule",{value:!0});_r.getSubscription=_r.updateSubscription=_r.createSubscription=void 0;var br=O(),Rp=He(),Op=W(),Np=bn(),Cp=bt();async function n0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:o,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:o,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(l))throw new br.SystemError("No Zuplo JWT token set.");let p=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new br.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}s(n0,"createSubscription");_r.createSubscription=n0;async function i0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:o}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(i))throw new br.SystemError("No Zuplo JWT token set.");let a=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new br.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}s(i0,"updateSubscription");_r.updateSubscription=i0;async function o0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:o}=Op.Environment.instance;if(!(0,Cp.isNonEmptyString)(i))throw new br.SystemError("No Zuplo JWT token set.");let a=await(0,Np.fetchRetry)({retryDelayMs:5,retries:2,logger:Rp.SystemLogMap.getLogger(e)},`${o}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new br.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new br.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new br.RuntimeError(u)}return c.data[0]}s(o0,"getSubscription");_r.getSubscription=o0});var xp=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.stripeStatusToMeteringStatus=void 0;function s0(e){return e.replaceAll("_","-")}s(s0,"stripeStatusToMeteringStatus");Ta.stripeStatusToMeteringStatus=s0});var wb=y(Li=>{"use strict";var a0=Li&&Li.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Li,"__esModule",{value:!0});var jr=te(),c0=a0(_b()),Lp=Eb(),u0=Sa(),l0=xp();async function d0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.plan;if(!o||!o.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=o.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Lp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await c0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Lp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,l0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,u0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Lp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}s(d0,"onCustomerSubscriptionCreated");Li.default=d0});var Sb=y(Up=>{"use strict";Object.defineProperty(Up,"__esModule",{value:!0});var Dp=te(),vb=Sa();async function p0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Dp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.customer;if(!o)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Dp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,vb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,vb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Dp.HttpProblems.ok(e,t)}s(p0,"onCustomerSubscriptionDeleted");Up.default=p0});var Tb=y(kp=>{"use strict";Object.defineProperty(kp,"__esModule",{value:!0});var Di=te(),Ia=Sa(),h0=xp();async function f0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Di.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let o=r.data.object.customer;if(!o)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Di.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,Ia.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId}),u=(0,h0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Ia.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Di.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,Ia.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:o,meteringBucketId:n.meteringBucketId});return await(0,Ia.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),Di.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Di.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}s(f0,"onCustomerSubscriptionUpdated");kp.default=f0});var Pb=y(Mn=>{"use strict";var Hp=Mn&&Mn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(Mn,"__esModule",{value:!0});Mn.StripeMeteringPlugin=void 0;var Pa=vn(),Aa=O(),m0=Dt(),y0=Ep(),Ib=te(),g0=Qt(),b0=en(),_0=Wu(),E0=ot(),w0=W(),v0=yb(),S0=gb(),T0=Hp(wb()),I0=Hp(Sb()),P0=Hp(Tb()),Mp=class extends S0.MeteringPlugin{static{s(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=s(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Pa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Pa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Aa.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Pa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Pa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Aa.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!w0.Environment.instance.build.ACCOUNT_NAME)throw new Aa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!A0(p))throw new Aa.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,v0.isStripeWebhookEvent)(m))return Ib.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,T0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,P0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,I0.default)(c,u,m,{meteringBucketId:l});default:return Ib.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,b0.createInternalPolicyProcessor)({inboundPolicies:[{handler:y0.StripeWebhookVerificationInboundPolicy,options:{signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance}}]}),o=new m0.Pipeline({processors:[g0.metricsProcessor,i],handler:n,gateway:r}),a=new E0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:_0.SystemRouteName.StripePlugin});t.addRoute(a,o.execute)}};Mn.StripeMeteringPlugin=Mp;function A0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}s(A0,"isMetricsRegion")});var Cb=y(Hn=>{"use strict";Object.defineProperty(Hn,"__esModule",{value:!0});Hn.AmberfloMeteringInboundPolicy=Hn.AmberfloMeteringPolicy=void 0;var Ab=O(),R0=ve(),Rb=Zt(),Nb=new WeakMap,Ob={},Fp=class{static{s(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Nb.set(t,r)}};Hn.AmberfloMeteringPolicy=Fp;async function O0(e,t,r,n){if(!r.statusCodes)throw new Ab.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Rb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async o=>{if(i.includes(o.status)){let a=Nb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Ab.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Rb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Ob[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new R0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Ob[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}s(O0,"AmberfloMeteringInboundPolicy");Hn.AmberfloMeteringInboundPolicy=O0});var qp=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.sha256=void 0;async function N0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}s(N0,"sha256");Ra.sha256=N0});var $t=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.getPolicyCacheName=void 0;var C0=qp(),xb=new Map;async function x0(e,t){let r,n=xb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,C0.sha256)(JSON.stringify({policyName:e,options:t}))}`,xb.set(e,r)),r}s(x0,"getPolicyCacheName");Oa.getPolicyCacheName=x0});var Vp=y(Na=>{"use strict";Object.defineProperty(Na,"__esModule",{value:!0});Na.ApiKeyInboundPolicy=void 0;var L0=$t(),D0=Kt(),Lb=vn(),$p=O(),U0=Ut(),Db=He(),jp=W(),k0=bn(),Ub="key-metadata-cache-type";function M0(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}s(M0,"getKeyValue");async function H0(e,t,r,n){if(!r.bucketName)if(Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Lb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new $p.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new $p.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let o=s(S=>i.allowUnauthenticatedRequests?e:U0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return o("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return o("Invalid Authorization Scheme");let c=M0(a,i);if(!c||c==="")return o("No key present");let u=await F0(c),l=await(0,L0.getPolicyCacheName)(n,i),d=new D0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Ub&&Db.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),o("Authorization Failed");let m={key:c},h=await(0,k0.fetchRetry)({retryDelayMs:5,retries:2,logger:Db.SystemLogMap.getLogger(t)},`${jp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":jp.Environment.instance.deploymentName??"unknown","User-Agent":jp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),o("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new $p.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Ub,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}s(H0,"ApiKeyInboundPolicy");Na.ApiKeyInboundPolicy=H0;async function F0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(F0,"hashValue")});var kb=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.ApiAuthKeyInboundPolicy=void 0;var q0=Vp();Ca.ApiAuthKeyInboundPolicy=q0.ApiKeyInboundPolicy});var jt=y(xa=>{"use strict";Object.defineProperty(xa,"__esModule",{value:!0});xa.OpenIdJwtInboundPolicy=void 0;var Bp=(xs(),uo(Cs)),Kp=O(),$0=te(),Gp={},j0=s(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new Kp.ConfigurationError("Invalid State - jwkUrl not set");Gp[t.jwkUrl]||(Gp[t.jwkUrl]=(0,Bp.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,Bp.jwtVerify)(e,Gp[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),V0=s(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let o=new TextEncoder().encode(t.secret);r=new Uint8Array(o)}else r=t.secret;let{payload:n}=await(0,Bp.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),G0=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),o="bearer ",a=s(m=>$0.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Kp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Kp.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?j0:V0,l=await s(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(o)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(o.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");xa.OpenIdJwtInboundPolicy=G0});var Mb=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.Auth0JwtInboundPolicy=void 0;var B0=jt(),K0=s(async(e,t,r,n)=>(0,B0.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");La.Auth0JwtInboundPolicy=K0});var Hb=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.BasicAuthInboundPolicy=void 0;var J0=te(),z0=s(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",o=s(l=>J0.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await s(async()=>{if(!n)return await o("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await o("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await o("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await o("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await o("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Da.BasicAuthInboundPolicy=z0});var Fb=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.CachingInboundPolicy=void 0;var W0=$t(),Q0=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function Y0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(o=>o.toString(16).padStart(2,"0")).join("")}s(Y0,"digestMessage");var Z0=s(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await Y0(JSON.stringify(n)),o=new URL(e.url),a=new URLSearchParams(o.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${o.origin}${o.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function X0(e,t,r,n){let i=await(0,W0.getPolicyCacheName)(n,r),o=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await Z0(e,r),u=await o.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);Q0.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(o.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}s(X0,"CachingInboundPolicy");Ua.CachingInboundPolicy=X0});var qb=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ChangeMethodInboundPolicy=void 0;var eO=O(),tO=Me(),rO=s(async(e,t,r,n)=>{if(!r.method)throw new eO.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new tO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");ka.ChangeMethodInboundPolicy=rO});var $b=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.ClearHeadersInboundPolicy=void 0;var nO=Me(),iO=s(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new nO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ma.ClearHeadersInboundPolicy=iO});var jb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.ClearHeadersOutboundPolicy=void 0;var oO=s(async(e,t,r,n)=>{let i=[...n.exclude??[]],o=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&o.set(c,u)}),new Response(e.body,{headers:o,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ha.ClearHeadersOutboundPolicy=oO});var Vb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.ClerkJwtInboundPolicy=void 0;var sO=jt(),aO=s(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),o=new URL(i);return o.pathname="/.well-known/jwks.json",(0,sO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:o.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Fa.ClerkJwtInboundPolicy=aO});var Bb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CognitoJwtInboundPolicy=void 0;var Gb=O(),cO=jt(),uO=s(async(e,t,r,n)=>{if(!r.userPoolId)throw new Gb.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new Gb.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,cO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");qa.CognitoJwtInboundPolicy=uO});var Jb=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.CompositeInboundPolicy=void 0;var lO=O(),dO=Or(),Kb=en(),pO=s(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new lO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=dO.Gateway.instance,o=(0,Kb.getInboundPolicyHandlerAndOptions)(r.policies,i?.routeData.policies);return(0,Kb.toStackedInboundHandler)(o)(e,t)},"CompositeInboundPolicy");$a.CompositeInboundPolicy=pO});var zb=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.CurityPhantomTokenInboundPolicy=void 0;var hO=$t(),fO=Kt(),ja=te(),mO=s(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return ja.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let o=yO(i);if(!o)return ja.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,hO.getPolicyCacheName)(n,r),c=new fO.MemoryZoneReadThroughCache(a,t),u=await c.get(o);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+o+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(o,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),ja.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):ja.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Va.CurityPhantomTokenInboundPolicy=mO;function yO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}s(yO,"getToken")});var Wb=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.FirebaseJwtInboundPolicy=void 0;var gO=lt(),bO=jt(),_O=s(async(e,t,r,n)=>((0,gO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,bO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ga.FirebaseJwtInboundPolicy=_O});var Qb=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.FormDataToJsonInboundPolicy=void 0;var EO=Me(),wO=s(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",o=e.headers.get("content-type")?.toLowerCase();if(!o||![i,n].includes(o))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new EO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Ba.FormDataToJsonInboundPolicy=wO});var Yb=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.GeoFilterInboundPolicy=void 0;var vO=O(),SO=te(),Fn="__unknown__",TO=s(async(e,t,r,n)=>{let i={allow:{countries:$n(r.allow?.countries,"allow.countries",n),regionCodes:$n(r.allow?.regionCodes,"allow.regionCode",n),asns:$n(r.allow?.asns,"allow.asOrganization",n)},block:{countries:$n(r.block?.countries,"block.countries",n),regionCodes:$n(r.block?.regionCodes,"block.regionCode",n),asns:$n(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},o=t.incomingRequestProperties.country?.toLowerCase()??Fn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Fn,c=t.incomingRequestProperties.asn?.toString()??Fn,u=i.ignoreUnknown&&o===Fn,l=i.ignoreUnknown&&a===Fn,d=i.ignoreUnknown&&c===Fn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(o)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return qn(e,t,n,o,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(o)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?qn(e,t,n,o,a,c):e},"GeoFilterInboundPolicy");Ka.GeoFilterInboundPolicy=TO;function qn(e,t,r,n,i,o){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${o}')`),SO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:o}})}s(qn,"blockedResponse");function $n(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new vO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}s($n,"toLowerStringArray")});var Zb=y(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.JWTScopeValidationInboundPolicy=void 0;var IO=s(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!s((o,a)=>a.every(c=>o.includes(c)),"scopeChecker")(n,r.scopes)){let o={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(o),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Ja.JWTScopeValidationInboundPolicy=IO});var t_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.LoadSubscriptionInboundPolicy=void 0;var PO=ai(),AO=Pr(),RO=Ys(),Xb=vn(),Ui=O(),za=te(),e_=He(),OO=W(),NO=Zt(),CO=lt(),xO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]),LO=s(async(e,t,r,n)=>{(0,CO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("bucketId","string");let i=e_.SystemLogMap.getLogger(t),o=r.allowRequestsWithoutSubscription??!1;if(r.allowedSubscriptionStatuses)try{if(r.allowedSubscriptionStatuses.length===0)throw new Ui.ConfigurationError("Must set valid subscription statuses");let h=(0,NO.parseValueToStringArray)(r.allowedSubscriptionStatuses),g=[];for(let _ of h)xO.has(_)||g.push(_);if(g.length>0)throw new Ui.ConfigurationError(`Found the following invalid statuses: ${g.join(", ")}`)}catch(h){throw h instanceof Ui.ConfigurationError?new Ui.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - The property 'allowedSubscriptionStatuses' is invalid. ${h.message}`):h}else r.allowedSubscriptionStatuses=["active","incomplete","trialing"];let a=r.allowedSubscriptionStatuses,c=e.user;if(!c)return o?e:za.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xb.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Ui.ConfigurationError(`LoadSubscriptionInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:u,meteringServiceUrl:l}=OO.Environment.instance,{sub:d}=c,p;try{let h=`${r.bucketId}-${d}`,g=new PO.ZoneCache(h,{logger:e_.SystemLogMap.getLogger(t)}),_=await g.get(h);if(_)p=_,t.log.debug("Loading subscriptions from cache");else{let S=await fetch(`${l}/internal/v1/metering/${r.bucketId}/subscriptions?customerKey=${d}`,{headers:{Authorization:`Bearer ${u}`,"zp-rid":t.requestId},method:"GET"});if(!S.ok)return t.log.error(await S.text()),za.HttpProblems.forbidden(e,t);p=await S.json(),g.put(h,p,15).catch(T=>{throw i.error(T),T})}}catch(h){i.error(`LoadSubscriptionInboundPolicy '${n}' -error in serviceResponse`,h)}let m=p&&p.data&&p.data.length>0?p.data[0]:void 0;return m?!a.includes(m.status)&&!o?(t.log.warn(`Subscription '${m.id}' has status '${m.status}' which is not part of the allowed statuses.`),za.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"})):(a.includes(m.status)&&(t.log.debug(`Loading subscription '${m.id}' for user sub '${d}' to ContextData`),RO.ContextData.set(t,AO.METERING_SUBSCRIPTION_CONTEXT_DATA,m)),e):(t.log.warn("No valid subscription found"),o?e:za.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"}))},"LoadSubscriptionInboundPolicy");Wa.LoadSubscriptionInboundPolicy=LO});var o_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.MeteringInboundPolicy=void 0;var r_=Pr(),n_=Ys(),i_=vn(),ki=O(),Qa=te(),DO=He(),UO=W(),kO=Zt(),MO=lt(),HO=s(async(e,t,r,n)=>{(0,MO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string");let i=DO.SystemLogMap.getLogger(t);if(!r.meterOnStatusCodes)throw new ki.ConfigurationError(`Invalid MeteringInboundPolicy '${n}': options.meterOnStatusCodes must be an array of HTTP status code numbers`);let o=Array.isArray(r.meterOnStatusCodes)?r.meterOnStatusCodes:(0,kO.statusCodesStringToNumberArray)(r.meterOnStatusCodes);try{let p=[];for(let m in r.meters)typeof r.meters[m]!="number"&&p.push(m);if(p.length>0)throw new ki.ConfigurationError(`Non-numeric values found in properties: ${p.join(", ")}`)}catch(p){throw p instanceof ki.ConfigurationError?new ki.ConfigurationError(`MeteringInboundPolicy '${n}' - The property 'meters' is invalid. ${p.message}`):p}t.addResponseSendingFinalHook(async(p,m,h)=>{let g=n_.ContextData.get(h,r_.METERING_SUBSCRIPTION_CONTEXT_DATA);if((r.allowRequestsWithoutSubscription??!1)&&!g){h.log.debug(`MeteringInboundPolicy '${n}' - no subscription found and allowRequestsWithoutSubscription is true`);return}if(!r.bucketId)if(i_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=i_.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ki.ConfigurationError(`MeteringInboundPolicy '${n}' - no bucketId property provided`);let{authApiJWT:S,meteringServiceUrl:T}=UO.Environment.instance;if(o.includes(p.status)&&g&&r.meters){h.log.debug(`MeteringInboundPolicy '${n}' - Updating subscription '${g.id}' with meters '${JSON.stringify(r.meters)} on response status '${p.status}'`);try{let U=await fetch(`${T}/internal/v1/metering/${r.bucketId}/subscriptions/${g.id}/quotas/consume`,{headers:{Authorization:`Bearer ${S}`,"zp-rid":h.requestId},method:"POST",body:JSON.stringify({meters:r.meters})});U.ok||(h.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${U.status} - ${U.statusText}`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse: ${U.status} - ${U.statusText}`))}catch(U){h.log.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`),i.error(`MeteringInboundPolicy '${n}' -error in serviceResponse`,U)}}});let a=n_.ContextData.get(t,r_.METERING_SUBSCRIPTION_CONTEXT_DATA),c=r.allowRequestsWithoutSubscription??!1,u=r.allowRequestsOverQuota??!1;if(!a)return c?e:(t.log.warn("Subscription is not available for user"),Qa.HttpProblems.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(a&&Object.keys(a.quotas).length===0)return t.log.error(`Quota is not set up for subscription '${a.id}'`),Qa.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let d=Object.keys(r.meters).filter(p=>!Object.keys(a.quotas).includes(p));if(d.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${d.join(", ")}`),Qa.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${d.join(", ")}`,title:"Quota Exceeded"});for(let p of Object.keys(r.meters))if(a.quotas[p]<=0&&!u)return Qa.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${p}'`,title:"Quota Exceeded"});return e},"MeteringInboundPolicy");Ya.MeteringInboundPolicy=HO});var a_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.MockApiInboundPolicy=void 0;var FO=te(),qO=s(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return Jp(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let o=Object.keys(i),a=[];if(o.length===0)return Jp(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(o.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return s_(a[c])}else return a.length>0?s_(a[0]):Jp(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");Za.MockApiInboundPolicy=qO;function s_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}s(s_,"generateResponse");var Jp=s((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return FO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var p_=y(jn=>{"use strict";Object.defineProperty(jn,"__esModule",{value:!0});jn.MoesifInboundPolicy=jn.setMoesifContext=void 0;var $O=O(),jO=ve(),VO="Incoming",GO={logRequestBody:!0,logResponseBody:!0};function c_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}s(c_,"headersToObject");function u_(){return new Date().toISOString()}s(u_,"timestamp");var zp=new WeakMap,BO={};function KO(e,t){let r=zp.get(e);r||(r=BO);let n=Object.assign({...r},t);zp.set(e,n)}s(KO,"setMoesifContext");jn.setMoesifContext=KO;async function l_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}s(l_,"readBody");var JO={},Wp;function d_(){if(!Wp)throw new $O.RuntimeError("Invalid State - no _lastLogger");return Wp}s(d_,"getLastLogger");function zO(e){let t=JO[e];return t||(t=new jO.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);d_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||d_().error({status:i.status,body:await i.text()})})),t}s(zO,"getDispatcher");async function WO(e,t,r,n){Wp=t.log;let i=u_(),o=Object.assign(GO,r);if(!o.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=o.logRequestBody?await l_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=zO(o.applicationId),d=e.headers.get("true-client-ip"),p=zp.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:c_(e.headers)},h=o.logResponseBody?await l_(c,t):void 0,g={time:u_(),status:c.status,headers:c_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:VO};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}s(WO,"MoesifInboundPolicy");jn.MoesifInboundPolicy=WO});var h_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.OktaJwtInboundPolicy=void 0;var QO=jt(),YO=s(async(e,t,r,n)=>(0,QO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Xa.OktaJwtInboundPolicy=YO});var f_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.PropelAuthJwtInboundPolicy=void 0;var ZO=(xs(),uo(Cs)),XO=jt(),Qp,eN=s(async(e,t,r,n)=>{if(!Qp)try{Qp=await(0,ZO.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,XO.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:Qp,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");ec.PropelAuthJwtInboundPolicy=eN});var m_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=bt(),et=class extends Error{static{s(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=et;var Mi=class extends et{static{s(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Mi;var Hi=class extends et{static{s(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Hi;function tN(e,t){if((0,je.isUndefined)(e))throw new Mi(t)}s(tN,"throwIfUndefined");V.throwIfUndefined=tN;function Yp(e,t){if((0,je.isUndefinedOrNull)(e))throw new Mi(t)}s(Yp,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=Yp;function rN(e,t){if(Yp(e,t),!(0,je.isString)(e))throw new Hi(t,"string")}s(rN,"throwIfNotString");V.throwIfNotString=rN;function nN(e,t){if(Yp(e,t),!(0,je.isNumber)(e))throw new Hi(t,"number")}s(nN,"throwIfNotNumber");V.throwIfNotNumber=nN;var Fi=class extends et{static{s(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Fi;var Vn=class extends et{static{s(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Vn;function iN(e,t,r,n){if((0,je.isUndefined)(n))throw new Fi(e,t,r)}s(iN,"throwIfOptionUndefined");V.throwIfOptionUndefined=iN;function tc(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Fi(e,t,r)}s(tc,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=tc;function oN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isString)(n))throw new Vn(e,t,r,"string")}s(oN,"throwIfOptionNotString");V.throwIfOptionNotString=oN;function sN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isNumber)(n))throw new Vn(e,t,r,"number")}s(sN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=sN;function aN(e,t,r,n){if(tc(e,t,r,n),!(0,je.isObject)(n))throw new Vn(e,t,r,"object")}s(aN,"throwIfOptionNotObject");V.throwIfOptionNotObject=aN;function cN(e,t){if((0,je.isUndefined)(e))throw new et(t)}s(cN,"throwIfStateUndefined");V.throwIfStateUndefined=cN;function rc(e,t){if((0,je.isUndefinedOrNull)(e))throw new et(t)}s(rc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=rc;function uN(e,t){if(rc(e,t),!(0,je.isString)(e))throw new et(t);return!0}s(uN,"throwIfStateNotString");V.throwIfStateNotString=uN;function lN(e,t){if(rc(e,t),!(0,je.isNumber)(e))throw new et(t);return!0}s(lN,"throwIfStateNotNumber");V.throwIfStateNotNumber=lN;function dN(e,t){if(rc(e,t),!(0,je.isObject)(e))throw new et(t);return!0}s(dN,"throwIfStateNotObject");V.throwIfStateNotObject=dN});var y_=y(Gn=>{"use strict";Object.defineProperty(Gn,"__esModule",{value:!0});Gn.InMemoryRedisClient=Gn.StandardRedisClient=void 0;var Zp=O(),nc=m_(),Xp=class e{static{s(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,nc.throwIfNotString)(t,"redisClientUrl"),(0,nc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,nc.throwIfNotString)(t,"url");let o=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=o.headers.get("Content-Type")?.includes("application/json")?await o.json():await o.text();if(o.ok)return a;throw o.status===401?new Zp.SystemError("Redis client failed with 401: Unauthorized"):new Zp.SystemError(`Redis client failed with (${o.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Gn.StandardRedisClient=Xp;var eh=class{static{s(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,nc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:o,key:a}=JSON.parse(r),c=Date.now()+o*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Zp.SystemError("The in-memory redis client only supports /rate-limit calls")}};Gn.InMemoryRedisClient=eh});var w_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.RateLimitInboundPolicy=void 0;var pN=Rr(),hN=$t(),fN=ai(),Rt=O(),mN=te(),g_=He(),qi=W(),b_=y_(),__=bt(),ic=(0,pN.debug)("zuplo:policies:RateLimitInboundPolicy"),yN="strict",gN=s(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),bN=s(async e=>({key:`ip-${gN(e)}`}),"getIP"),_N=s(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),EN=s(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),oc;function wN(e,t){let r;if(oc)return oc;if(qi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new b_.InMemoryRedisClient,oc=r,r;let{authApiJWT:n,redisURL:i}=qi.Environment.instance;if(!(0,__.isString)(i))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,__.isString)(n))throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=b_.StandardRedisClient.initialize(i,n,qi.Environment.instance.deploymentName??"unknown",qi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Rt.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return oc=r,r}s(wN,"getRedisClient");async function E_(e,t,r,n,i){let o=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:o,key:e}),requestId:i})}s(E_,"getCountAndUpdateExpiry");function vN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Rt.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return s(async(i,o,a)=>{let c=await r(i,o,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw o.log.error(u),new Rt.RuntimeError(u)}return c},"outerFunction")}s(vN,"wrapUserFunction");var SN="Retry-After",TN=s(async(e,t,r,n)=>{let i=Date.now(),o=g_.SystemLogMap.getLogger(t),a=s((u,l)=>{if(r.throwOnFailure)throw new Rt.SystemError(u,{cause:l});o.error(u,l)},"throwOrLog"),c=s((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[SN]=l.toString()),mN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:vN(r,n),user:_N,ip:bN,all:EN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=wN(n,o),T=`bucket/${qi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??yN)==="async"){let L=await(0,hN.getPolicyCacheName)(n,r),ne=new fN.ZoneCache(L,{logger:g_.SystemLogMap.getLogger(t)}),ie=E_(T,h,_,o,t.requestId),me=await ne.get(T);if(me!==void 0&&me<=Date.now()){ic(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,H=w.mutableResponse;w.mutableResponse=(async()=>{let xe=await ie;if(xe.count>m){let bu=Date.now()+xe.ttlSeconds*1e3,iw=ne.put(T,bu,xe.ttlSeconds).catch($h=>{throw o.error(new Rt.SystemError("Error caching rate limit result.",{cause:$h})),$h});return t.waitUntil(iw),ic(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(w){o.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let K=await E_(T,h,_,o,t.requestId);return K.count>m?(ic(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;ic(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");sc.RateLimitInboundPolicy=TN});var I_=y(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.ReadmeMetricsInboundPolicy=void 0;var IN=ve(),th=W(),v_=Zt(),rh;function S_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}s(S_,"headersToNameValuePairs");function PN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}s(PN,"queryToNameValueParis");function AN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}s(AN,"parseIntOrUndefined");var T_={};async function RN(e,t,r,n){let i=new Date,o=Date.now();return rh||(rh={name:"zuplo",version:th.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${th.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,v_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,v_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:th.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:rh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-o,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:S_(e.headers),queryString:PN(e.query)},response:{status:a.status,statusText:a.statusText,headers:S_(a.headers),content:{size:AN(e.headers.get("content-length"))}}}]}}},d=T_[r.apiKey];if(!d){let p=r.apiKey;d=new IN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),T_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}s(RN,"ReadmeMetricsInboundPolicy");ac.ReadmeMetricsInboundPolicy=RN});var P_=y(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.RemoveHeadersInboundPolicy=void 0;var ON=O(),NN=Me(),CN=s(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new ON.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let o=new Headers(e.headers);return i.forEach(c=>{o.delete(c)}),new NN.ZuploRequest(e,{headers:o})},"RemoveHeadersInboundPolicy");cc.RemoveHeadersInboundPolicy=CN});var A_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RemoveHeadersOutboundPolicy=void 0;var xN=O(),LN=s(async(e,t,r,n,i)=>{let o=n?.headers;if(!o||!Array.isArray(o)||o.length===0)throw new xN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return o.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");uc.RemoveHeadersOutboundPolicy=LN});var R_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.RemoveQueryParamsInboundPolicy=void 0;var DN=O(),UN=Me(),kN=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new DN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let o=new URL(e.url);return i.forEach(c=>{o.searchParams.delete(c)}),new UN.ZuploRequest(o.toString(),e)},"RemoveQueryParamsInboundPolicy");lc.RemoveQueryParamsInboundPolicy=kN});var O_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.ReplaceStringOutboundPolicy=void 0;var MN=s(async(e,t,r,n)=>{let i=await e.text(),o=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(o,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");dc.ReplaceStringOutboundPolicy=MN});var C_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RequestSizeLimitInboundPolicy=void 0;var N_=s(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),HN=s(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),o=i!==null?parseInt(i):void 0;return o&&!isNaN(o)&&o>r.maxSizeInBytes?N_():o&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?N_():e},"RequestSizeLimitInboundPolicy");pc.RequestSizeLimitInboundPolicy=HN});var hc=y(tt=>{"use strict";Object.defineProperty(tt,"__esModule",{value:!0});tt.sanitizedIdentifierName=tt.getIdForRefSchema=tt.getIdForRequestBodySchema=tt.getIdForParameterSchema=tt.getRawOperationDataIdentifierName=void 0;function FN(e,t,r){return`_${Vr(e+"_"+t+"_"+r)}`}s(FN,"getRawOperationDataIdentifierName");tt.getRawOperationDataIdentifierName=FN;function qN(e,t,r,n){return`_${Vr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}s(qN,"getIdForParameterSchema");tt.getIdForParameterSchema=qN;function $N(e,t,r){return`_${Vr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Vr(r.toLowerCase())}`}s($N,"getIdForRequestBodySchema");tt.getIdForRequestBodySchema=$N;function jN(e,t){return`_${Vr(e)}__${Vr(t)}`}s(jN,"getIdForRefSchema");tt.getIdForRefSchema=jN;function Vr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}s(Vr,"sanitizedIdentifierName");tt.sanitizedIdentifierName=Vr});var $i=y(Le=>{"use strict";Object.defineProperty(Le,"__esModule",{value:!0});Le.getErrorsFromValidator=Le.shouldReject=Le.shouldLog=Le.logErrors=Le.validateParameters=Le.getParametersForOperation=void 0;var VN=Or(),GN=hc(),BN=s(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");Le.getParametersForOperation=BN;var KN=s((e,t,r,n,i)=>{let o=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,o.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,GN.getIdForParameterSchema)(r,n,i,u.name),p=VN.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,Le.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),o.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:o}},"validateParameters");Le.validateParameters=KN;var JN=s((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");Le.logErrors=JN;var zN=s(e=>e==="log-only"||e==="reject-and-log","shouldLog");Le.shouldLog=zN;var WN=s(e=>e==="reject-only"||e==="reject-and-log","shouldReject");Le.shouldReject=WN;var QN=s(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");Le.getErrorsFromValidator=QN});var x_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.handleBodyValidation=void 0;var YN=Or(),fc=te(),ZN=hc(),Je=$i();async function XN(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=fc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",g,[n],h),(0,Je.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=fc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),o=i.indexOf(";");o>-1&&(i=i.substring(0,o));let a=(0,ZN.getIdForRequestBodySchema)(e.route.path,t.method,i),c=YN.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=fc.HttpProblems.badRequest(t,e,{detail:h});return(0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,Je.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,Je.getErrorsFromValidator)(l),m=fc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,Je.shouldLog)(r.validateBody)&&(0,Je.logErrors)(e,r.logLevel??"info",d,[n],p),(0,Je.shouldReject)(r.validateBody))return m}s(XN,"handleBodyValidation");mc.handleBodyValidation=XN});var L_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.handleHeadersValidation=void 0;var eC=te(),ji=$i();function tC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,ji.getParametersForOperation)(e),o=(0,ji.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!o.isValid){let a="Header validation failed",c=eC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:o.errors});if((0,ji.shouldLog)(r.validateHeaders)&&(0,ji.logErrors)(e,r.logLevel??"info",a,o.invalidValues,o.errors),(0,ji.shouldReject)(r.validateHeaders))return c}}s(tC,"handleHeadersValidation");yc.handleHeadersValidation=tC});var D_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.handlePathParameterValidation=void 0;var rC=te(),Vi=$i();function nC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Vi.getParametersForOperation)(e),i=(0,Vi.validateParameters)(n.filter(o=>o.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let o="Path parameters validation failed",a=rC.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Vi.shouldLog)(r.validatePathParameters)&&(0,Vi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Vi.shouldReject)(r.validatePathParameters))return a}}s(nC,"handlePathParameterValidation");gc.handlePathParameterValidation=nC});var U_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.handleQueryParameterValidation=void 0;var iC=te(),Gi=$i();function oC(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Gi.getParametersForOperation)(e),i=(0,Gi.validateParameters)(n.filter(o=>o.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let o="Query parameters validation failed",a=iC.HttpProblems.badRequest(t,e,{detail:`${o}, see errors property for more details`,errors:i.errors});if((0,Gi.shouldLog)(r.validateQueryParameters)&&(0,Gi.logErrors)(e,r.logLevel??"info",o,i.invalidValues,i.errors),(0,Gi.shouldReject)(r.validateQueryParameters))return a}}s(oC,"handleQueryParameterValidation");bc.handleQueryParameterValidation=oC});var k_=y(Gr=>{"use strict";Object.defineProperty(Gr,"__esModule",{value:!0});Gr.SchemaBasedRequestValidation=Gr.RequestValidationInboundPolicy=void 0;var sC=x_(),aC=L_(),cC=D_(),uC=U_(),lC=s(async(e,t,r)=>{let n=(0,uC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,cC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,aC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,sC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Gr.RequestValidationInboundPolicy=lC;Gr.SchemaBasedRequestValidation=Gr.RequestValidationInboundPolicy});var M_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.RequireOriginInboundPolicy=void 0;var dC=O(),pC=te(),hC=s(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new dC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let o=e.headers.get("origin");if(!o||!i.includes(o)){let a=r.failureDetail??"Forbidden";return pC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");_c.RequireOriginInboundPolicy=hC});var H_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.SetBodyInboundPolicy=void 0;var fC=Me(),mC=s(async(e,t,r)=>new fC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Ec.SetBodyInboundPolicy=mC});var q_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.SetHeadersInboundPolicy=void 0;var F_=O(),yC=Me(),gC=s(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new F_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let o=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new F_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.has(c.name)||u)&&o.set(c.name,c.value)}),new yC.ZuploRequest(e,{headers:o})},"SetHeadersInboundPolicy");wc.SetHeadersInboundPolicy=gC});var j_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.SetHeadersOutboundPolicy=void 0;var $_=O(),bC=s(async(e,t,r,n,i)=>{let o=n.headers;if(!o||!Array.isArray(o)||o.length==0)throw new $_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return o.forEach(u=>{if(!u.name||u.name.length===0)throw new $_.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");vc.SetHeadersOutboundPolicy=bC});var G_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SetQueryParamsInboundPolicy=void 0;var V_=O(),_C=Me(),EC=s(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new V_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let o=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new V_.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!o.searchParams.has(c.name)||u)&&o.searchParams.set(c.name,c.value)}),new _C.ZuploRequest(o.toString(),e)},"SetQueryParamsInboundPolicy");Sc.SetQueryParamsInboundPolicy=EC});var B_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.SetStatusOutboundPolicy=void 0;var wC=s(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Tc.SetStatusOutboundPolicy=wC});var K_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.SleepInboundPolicy=void 0;var vC=O(),SC=s(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),TC=s(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new vC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await SC(r.sleepInMs),e},"SleepInboundPolicy");Ic.SleepInboundPolicy=TC});var z_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SupabaseJwtInboundPolicy=void 0;var J_=O(),IC=te(),PC=Me(),AC=lt(),RC=jt(),OC=s(async(e,t,r,n)=>{(0,AC.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},o=await(0,RC.OpenIdJwtInboundPolicy)(e,t,i,n);if(o instanceof Response)return o;if(!(o instanceof PC.ZuploRequest))throw new J_.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return o;let c=e.user?.data.app_metadata;if(!c)throw new J_.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?IC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):o},"SupabaseJwtInboundPolicy");Pc.SupabaseJwtInboundPolicy=OC});var Q_=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var NC=$t(),CC=Kt(),W_=O(),xC=bn(),LC=lt(),DC=s(async(e,t,r,n)=>{(0,LC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,NC.getPolicyCacheName)(n,r),o=new CC.MemoryZoneReadThroughCache(i,t),a=await o.get(n);if(!a){let c=await UC(r,t);o.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Ac.UpstreamAzureAdServiceAuthInboundPolicy=DC;async function UC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,xC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let o=await n.text();t.log.error("Could not get token from Azure AD",o)}catch{}throw new W_.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new W_.RuntimeError("Response returned from Azure AD is not in the expected format.")}s(UC,"getAccessToken")});var Z_=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var kC=$t(),MC=Kt(),HC=O(),nh=_n(),FC=lt(),Y_="https://accounts.google.com/o/oauth2/token",ih,qC=s(async(e,t,r,n)=>{(0,FC.optionValidator)(r,n).required("serviceAccountJson","string"),ih||(ih=await nh.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},o=await(0,kC.getPolicyCacheName)(n,r),a=new MC.MemoryZoneReadThroughCache(o,t),c=await a.get(n);if(!c){let u=await(0,nh.getTokenFromGcpServiceAccount)({serviceAccount:ih,audience:Y_,payload:i}),l=await(0,nh.exchangeGgpJwtForIdToken)(Y_,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new HC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Rc.UpstreamFirebaseAdminAuthInboundPolicy=qC});var X_=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var $C=$t(),jC=Kt(),Bn=O(),VC=qp(),oh=_n(),GC=Zt(),BC=lt(),KC="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",JC=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],sh,zC=s(async(e,t,r,n)=>{if((0,BC.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Bn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(JC.indexOf(p)!==-1)throw new Bn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}sh||(sh=await oh.GcpServiceAccount.init(r.serviceAccountJson));let o=r.userId;if(!o&&!r.userIdPropertyPath){if(!e.user)throw new Bn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");o=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Bn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);o=(0,GC.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!o)throw new Bn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,$C.getPolicyCacheName)(n,r),c=new jC.MemoryZoneReadThroughCache(a,t),u={uid:o,claims:i},l=await(0,VC.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,oh.getTokenFromGcpServiceAccount)({serviceAccount:sh,audience:KC,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,oh.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Bn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Oc.UpstreamFirebaseUserAuthInboundPolicy=zC});var tE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.UpstreamGcpJwtInboundPolicy=void 0;var eE=_n(),WC=lt(),ah,QC=s(async(e,t,r,n)=>{(0,WC.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),ah||(ah=await eE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,eE.getTokenFromGcpServiceAccount)({serviceAccount:ah,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Nc.UpstreamGcpJwtInboundPolicy=QC});var nE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.UpstreamGcpServiceAuthInboundPolicy=void 0;var YC=$t(),ZC=Iu(),XC=Kt(),Bi=O(),ch=_n(),ex=Zt(),tx=lt(),rE="https://www.googleapis.com/oauth2/v4/token",uh,rx=s(async(e,t,r,n)=>{(0,tx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),uh||(uh=await ch.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Bi.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,ex.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Bi.ConfigurationError?new Bi.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let o=await(0,YC.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new ZC.MemoryCache(o):a=new XC.MemoryZoneReadThroughCache(o,t);let c=await a.get(n);if(!c){let u=await(0,ch.getTokenFromGcpServiceAccount)({serviceAccount:uh,audience:rE,payload:i}),l=await(0,ch.exchangeGgpJwtForIdToken)(rE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Bi.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Bi.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Cc.UpstreamGcpServiceAuthInboundPolicy=rx});var oE=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.ValidateJsonSchemaInbound=void 0;var nx=O(),iE=te(),ix=s(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return iE.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new nx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return iE.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");xc.ValidateJsonSchemaInbound=ix});var sE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.ServiceProviderImpl=void 0;var ox=O(),lh=class{static{s(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new ox.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Lc.ServiceProviderImpl=lh});var bE=y(f=>{"use strict";var sx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),dh=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&sx(t,e,r)},ax=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.PropelAuthJwtInboundPolicy=f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MeteringInboundPolicy=f.LoadSubscriptionInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=void 0;Jh();var cx=Kt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return cx.MemoryZoneReadThroughCache}});var ux=ai();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return ux.ZoneCache}});var aE=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return aE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return aE.ResponseSentEvent}});var lx=Ys();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return lx.ContextData}});var ph=vn();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return ph.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return ph.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return ph.isZuploReadableEnvVariableName}});var cE=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return cE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return cE.RuntimeError}});var dx=Fd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return dx.originalFetch}});var uE=vg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return uE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return uE.purgeGatewayCache}});var lE=Fg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return lE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return lE.awsLambdaHandler}});var px=$g();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return px.openApiSpecHandler}});var hx=jg();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return hx.redirectHandler}});var fx=Gg();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return fx.urlForwardHandler}});var mx=Kg();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return mx.urlRewriteHandler}});var yx=zg();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return yx.webSocketHandler}});var gx=Yg();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return gx.webSocketPipelineHandler}});var bx=Qu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return bx.HttpStatusCode}});dh(ob(),f);dh(cb(),f);var _x=ub();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return _x.AuditLogDataStaxProvider}});var Ex=db();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ex.AuditLogPlugin}});dh(Pb(),f);var dE=Cb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return dE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return dE.AmberfloMeteringPolicy}});var wx=kb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return wx.ApiAuthKeyInboundPolicy}});var vx=Vp();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return vx.ApiKeyInboundPolicy}});var Sx=Mb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Sx.Auth0JwtInboundPolicy}});var Tx=Hb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Tx.BasicAuthInboundPolicy}});var Ix=Fb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Ix.CachingInboundPolicy}});var Px=qb();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return Px.ChangeMethodInboundPolicy}});var Ax=$b();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return Ax.ClearHeadersInboundPolicy}});var Rx=jb();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Rx.ClearHeadersOutboundPolicy}});var Ox=Vb();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Ox.ClerkJwtInboundPolicy}});var Nx=Bb();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Nx.CognitoJwtInboundPolicy}});var Cx=Jb();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Cx.CompositeInboundPolicy}});var xx=zb();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return xx.CurityPhantomTokenInboundPolicy}});var Lx=Wb();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Lx.FirebaseJwtInboundPolicy}});var Dx=Qb();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Dx.FormDataToJsonInboundPolicy}});var Ux=Yb();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Ux.GeoFilterInboundPolicy}});var kx=Zb();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return kx.JWTScopeValidationInboundPolicy}});var Mx=t_();Object.defineProperty(f,"LoadSubscriptionInboundPolicy",{enumerable:!0,get:function(){return Mx.LoadSubscriptionInboundPolicy}});var Hx=o_();Object.defineProperty(f,"MeteringInboundPolicy",{enumerable:!0,get:function(){return Hx.MeteringInboundPolicy}});var Fx=a_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Fx.MockApiInboundPolicy}});var pE=p_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return pE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return pE.setMoesifContext}});var qx=h_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return qx.OktaJwtInboundPolicy}});var $x=jt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return $x.OpenIdJwtInboundPolicy}});var jx=f_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return jx.PropelAuthJwtInboundPolicy}});var hE=w_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return hE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return hE.RateLimitInboundPolicy}});var Vx=I_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return Vx.ReadmeMetricsInboundPolicy}});var Gx=P_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return Gx.RemoveHeadersInboundPolicy}});var Bx=A_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return Bx.RemoveHeadersOutboundPolicy}});var Kx=R_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Kx.RemoveQueryParamsInboundPolicy}});var Jx=O_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return Jx.ReplaceStringOutboundPolicy}});var zx=C_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return zx.RequestSizeLimitInboundPolicy}});var fE=k_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return fE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return fE.SchemaBasedRequestValidation}});var Wx=M_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return Wx.RequireOriginInboundPolicy}});var Qx=H_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return Qx.SetBodyInboundPolicy}});var Yx=q_();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return Yx.SetHeadersInboundPolicy}});var Zx=j_();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return Zx.SetHeadersOutboundPolicy}});var Xx=G_();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return Xx.SetQueryParamsInboundPolicy}});var eL=B_();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return eL.SetStatusOutboundPolicy}});var tL=K_();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return tL.SleepInboundPolicy}});var rL=Ep();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return rL.StripeWebhookVerificationInboundPolicy}});var nL=z_();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return nL.SupabaseJwtInboundPolicy}});var iL=Q_();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return iL.UpstreamAzureAdServiceAuthInboundPolicy}});var oL=Z_();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return oL.UpstreamFirebaseAdminAuthInboundPolicy}});var sL=X_();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return sL.UpstreamFirebaseUserAuthInboundPolicy}});var aL=tE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return aL.UpstreamGcpJwtInboundPolicy}});var cL=nE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return cL.UpstreamGcpServiceAuthInboundPolicy}});var uL=oE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return uL.ValidateJsonSchemaInbound}});var lL=te();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return lL.HttpProblems}});var dL=So();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return dL.ProblemResponseFormatter}});var pL=Me();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return pL.ZuploRequest}});var hL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return hL.SystemRouteName}});var mE=Od();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return mE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return mE.Router}});var yE=qu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return yE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return yE.serialize}});var fL=sE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return fL.ServiceProviderImpl}});var gE=ul();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return gE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return gE.SYSTEM_LOGGER}});var mL=Zu();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return ax(mL).default}});var yL=He();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return yL.SystemLogMap}});var Ki=hc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Ki.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Ki.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Ki.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Ki.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Ki.sanitizedIdentifierName}})});var _E=y(Kn=>{"use strict";Object.defineProperty(Kn,"__esModule",{value:!0});Kn.BaseCryptoBeta=Kn.supportedDigests=void 0;Kn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var hh=class{static{s(this,"BaseCryptoBeta")}};Kn.BaseCryptoBeta=hh});var EE=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.WorkerCryptoBeta=void 0;var fh=_E(),gL=O(),mh=class extends fh.BaseCryptoBeta{static{s(this,"WorkerCryptoBeta")}async digest(t,r){if(!fh.supportedDigests.includes(t.toLowerCase()))throw new gL.RuntimeError(`Algorithm ${t} is not supported. Try using ${fh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};Dc.WorkerCryptoBeta=mh});var wE=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.BaseKeyValueStore=void 0;var yh=class{static{s(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Uc.BaseKeyValueStore=yh});var SE=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.WorkerKeyValueStore=void 0;var vE=O(),bL=wE(),gh=class extends bL.BaseKeyValueStore{static{s(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new vE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new vE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};kc.WorkerKeyValueStore=gh});var Ut=y(dt=>{"use strict";var _L=dt&&dt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),EL=dt&&dt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&_L(t,e,r)};Object.defineProperty(dt,"__esModule",{value:!0});dt.KeyValueStore=dt.CryptoBeta=void 0;EL(bE(),dt);var wL=EE();Object.defineProperty(dt,"CryptoBeta",{enumerable:!0,get:function(){return wL.WorkerCryptoBeta}});var vL=SE();Object.defineProperty(dt,"KeyValueStore",{enumerable:!0,get:function(){return vL.WorkerKeyValueStore}})});var OD={};co(OD,{GraphQLComplexityLimitInboundPolicy:()=>tw,GraphQLDisableIntrospectionInboundPolicy:()=>nw});module.exports=uo(OD);var ii=Vh(Ut());function G(e,t){if(!!!e)throw new Error(t)}s(G,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}s(Ee,"isObjectLike");function Ot(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}s(Ot,"invariant");var SL=/\r\n|[\n\r]/g;function Jn(e,t){let r=0,n=1;for(let i of e.body.matchAll(SL)){if(typeof i.index=="number"||Ot(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}s(Jn,"getLocation");function bh(e){return Mc(e.source,Jn(e.source,e.start))}s(bh,"printLocation");function Mc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,o=e.locationOffset.line-1,a=t.line+o,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
75
75
|
`,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,g=[];for(let _=0;_<p.length;_+=80)g.push(p.slice(_,_+80));return l+TE([[`${a} |`,g[0]],...g.slice(1,m+1).map(_=>["|",_]),["|","^".padStart(h)],["|",g[m+1]]])}return l+TE([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}s(Mc,"printSourceLocation");function TE(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
|
|
76
76
|
`)}s(TE,"printPrefixedLines");function TL(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}s(TL,"toNormalizedOptions");var x=class e extends Error{static{s(this,"GraphQLError")}constructor(t,...r){var n,i,o;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=TL(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=IE(Array.isArray(a)?a:a?[a]:void 0);let m=IE((n=this.nodes)===null||n===void 0?void 0:n.map(g=>g.loc).filter(g=>g!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(g=>g.start),this.locations=u&&c?u.map(g=>Jn(c,g)):m?.map(g=>Jn(g.source,g.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(o=p??h)!==null&&o!==void 0?o:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
|
|
77
77
|
|