@zuplo/graphql 5.1801.0 → 5.1803.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new $r.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}o(s0,"validateComputedSignature");function a0(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(a0,"parseHeader");function c0(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}o(c0,"secureCompare");async function Ab(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=Op[s[c]];return a.join("")}o(Ab,"computeHMACSignatureAsync");Hn.computeHMACSignatureAsync=Ab;var Op=new Array(256);for(let e=0;e<Op.length;e++)Op[e]=e.toString(16).padStart(2,"0")});var Rt=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.optionValidator=void 0;var Fn=O(),u0=Xe();function l0(e,t){if(!(0,u0.isObject)(e))throw new Fn.ConfigurationError(`Options on policy '${t}' is expected to be an object. Received the type '${typeof e}'.`);let r=o((s,a,c)=>{let u=e[s];if(!(c&&u===void 0)){if(u===void 0)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=o((s,a)=>(r(s,a,!0),{optional:n,required:i}),"optional"),i=o((s,a)=>(r(s,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}o(l0,"optionValidator");Ta.optionValidator=l0});var Cp=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.StripeWebhookVerificationInboundPolicy=void 0;var d0=Yo(),p0=ie(),h0=Rb(),f0=Rt(),Np=class extends d0.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(t,r){(0,f0.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=t.headers.get("stripe-signature");try{let i=await t.clone().text();await(0,h0.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){return r.log.error("Error validating stripe webhook",i),p0.HttpProblems.badRequest(t,r,{title:"Webhook Error",detail:i.message})}return t}};Ia.StripeWebhookVerificationInboundPolicy=Np});var Nb=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.isStripeWebhookEvent=void 0;var Ob=Xe();function m0(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Ob.isString)(e.id)&&"type"in e&&(0,Ob.isString)(e.type)}o(m0,"isStripeWebhookEvent");Pa.isStripeWebhookEvent=m0});var Cb=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.MeteringPlugin=void 0;var y0=bt(),xp=class extends y0.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Aa.MeteringPlugin=xp});var Lb=y(Lp=>{"use strict";Object.defineProperty(Lp,"__esModule",{value:!0});var xb=O(),g0={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new xb.RuntimeError(s)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new xb.RuntimeError(s)}return i}};Lp.default=g0});var Db=y(br=>{"use strict";Object.defineProperty(br,"__esModule",{value:!0});br.deleteConsumer=br.createConsumerInvite=br.createConsumer=void 0;var Dp=O(),Up=Ke(),Mp=W(),kp=En(),Hp="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function b0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=Mp.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,Hp);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new Dp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}o(b0,"createConsumer");br.createConsumer=b0;async function _0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=Mp.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,Hp);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new Dp.RuntimeError(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}o(_0,"createConsumerInvite");br.createConsumerInvite=_0;async function w0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Mp.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,Hp);i.searchParams.set("with-api-key","true");let s=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new Dp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}o(w0,"deleteConsumer");br.deleteConsumer=w0});var Ra=y(wr=>{"use strict";Object.defineProperty(wr,"__esModule",{value:!0});wr.getSubscription=wr.updateSubscription=wr.createSubscription=void 0;var _r=O(),Fp=Ke(),qp=W(),$p=En(),jp=Xe();async function E0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(l))throw new _r.SystemError("No Zuplo JWT token set.");let p=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new _r.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}o(E0,"createSubscription");wr.createSubscription=E0;async function v0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new _r.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(v0,"updateSubscription");wr.updateSubscription=v0;async function S0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new _r.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}return c.data[0]}o(S0,"getSubscription");wr.getSubscription=S0});var Vp=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.stripeStatusToMeteringStatus=void 0;function T0(e){return e.replaceAll("_","-")}o(T0,"stripeStatusToMeteringStatus");Oa.stripeStatusToMeteringStatus=T0});var Ub=y(ki=>{"use strict";var I0=ki&&ki.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(ki,"__esModule",{value:!0});var jr=ie(),P0=I0(Lb()),Gp=Db(),A0=Ra(),R0=Vp();async function O0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Gp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await P0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Gp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,R0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,A0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Gp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}o(O0,"onCustomerSubscriptionCreated");ki.default=O0});var kb=y(Kp=>{"use strict";Object.defineProperty(Kp,"__esModule",{value:!0});var Bp=ie(),Mb=Ra();async function N0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Bp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Bp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,Mb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Mb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Bp.HttpProblems.ok(e,t)}o(N0,"onCustomerSubscriptionDeleted");Kp.default=N0});var Hb=y(Jp=>{"use strict";Object.defineProperty(Jp,"__esModule",{value:!0});var Hi=ie(),Na=Ra(),C0=Vp();async function x0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Hi.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Hi.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,Na.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,C0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Na.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Hi.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,Na.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Na.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),Hi.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Hi.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(x0,"onCustomerSubscriptionUpdated");Jp.default=x0});var qb=y(qn=>{"use strict";var Wp=qn&&qn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(qn,"__esModule",{value:!0});qn.StripeMeteringPlugin=void 0;var Ca=Li(),xa=O(),L0=Ut(),D0=Cp(),Fb=ie(),U0=Yt(),M0=nn(),k0=Zu(),H0=at(),F0=W(),q0=Nb(),$0=Cb(),j0=Wp(Ub()),V0=Wp(kb()),G0=Wp(Hb()),zp=class extends $0.MeteringPlugin{static{o(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Ca.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Ca.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new xa.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Ca.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Ca.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new xa.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!F0.Environment.instance.build.ACCOUNT_NAME)throw new xa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!B0(p))throw new xa.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,q0.isStripeWebhookEvent)(m))return Fb.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,j0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,G0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,V0.default)(c,u,m,{meteringBucketId:l});default:return Fb.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,M0.createInternalPolicyProcessor)({inboundPolicies:[new D0.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new L0.Pipeline({processors:[U0.metricsProcessor,i],handler:n,gateway:r}),a=new H0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:k0.SystemRouteName.StripePlugin});t.addRoute(a,s.execute)}};qn.StripeMeteringPlugin=zp;function B0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}o(B0,"isMetricsRegion")});var Bb=y($n=>{"use strict";Object.defineProperty($n,"__esModule",{value:!0});$n.AmberfloMeteringInboundPolicy=$n.AmberfloMeteringPolicy=void 0;var $b=O(),K0=ve(),jb=Xt(),Gb=new WeakMap,Vb={},Qp=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Gb.set(t,r)}};$n.AmberfloMeteringPolicy=Qp;async function J0(e,t,r,n){if(!r.statusCodes)throw new $b.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,jb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=Gb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new $b.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,jb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Vb[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new K0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Vb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}o(J0,"AmberfloMeteringInboundPolicy");$n.AmberfloMeteringInboundPolicy=J0});var Yp=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.sha256=void 0;async function z0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(z0,"sha256");La.sha256=z0});var jt=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.getPolicyCacheName=void 0;var W0=Yp(),Kb=new Map;async function Q0(e,t){let r,n=Kb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,W0.sha256)(JSON.stringify({policyName:e,options:t}))}`,Kb.set(e,r)),r}o(Q0,"getPolicyCacheName");Da.getPolicyCacheName=Q0});var eh=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.ApiKeyInboundPolicy=void 0;var Y0=jt(),Z0=Jt(),Jb=Li(),Zp=O(),X0=Mt(),zb=Ke(),Xp=W(),eO=En(),Wb="key-metadata-cache-type";function tO(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}o(tO,"getKeyValue");async function rO(e,t,r,n){if(!r.bucketName)if(Jb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Jb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Zp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Zp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(S=>i.allowUnauthenticatedRequests?e:X0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=tO(a,i);if(!c||c==="")return s("No key present");let u=await nO(c),l=await(0,Y0.getPolicyCacheName)(n,i),d=new Z0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Wb&&zb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:c},h=await(0,eO.fetchRetry)({retryDelayMs:5,retries:2,logger:zb.SystemLogMap.getLogger(t)},`${Xp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":Xp.Environment.instance.deploymentName??"unknown","User-Agent":Xp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new Zp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Wb,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}o(rO,"ApiKeyInboundPolicy");Ua.ApiKeyInboundPolicy=rO;async function nO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(nO,"hashValue")});var Qb=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.ApiAuthKeyInboundPolicy=void 0;var iO=eh();Ma.ApiAuthKeyInboundPolicy=iO.ApiKeyInboundPolicy});var Vt=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.OpenIdJwtInboundPolicy=void 0;var rh=(Hs(),po(ks)),nh=O(),oO=ie(),th={},sO=o(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new nh.ConfigurationError("Invalid State - jwkUrl not set");th[t.jwkUrl]||(th[t.jwkUrl]=(0,rh.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,rh.jwtVerify)(e,th[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),aO=o(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let s=new TextEncoder().encode(t.secret);r=new Uint8Array(s)}else r=t.secret;let{payload:n}=await(0,rh.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),cO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),s="bearer ",a=o(m=>oO.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new nh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new nh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?sO:aO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(s.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ka.OpenIdJwtInboundPolicy=cO});var Yb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.Auth0JwtInboundPolicy=void 0;var uO=Vt(),lO=o(async(e,t,r,n)=>(0,uO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Ha.Auth0JwtInboundPolicy=lO});var Zb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.BasicAuthInboundPolicy=void 0;var dO=ie(),pO=o(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",s=o(l=>dO.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Fa.BasicAuthInboundPolicy=pO});var Xb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CachingInboundPolicy=void 0;var hO=jt(),fO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function mO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(mO,"digestMessage");var yO=o(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await mO(JSON.stringify(n)),s=new URL(e.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function gO(e,t,r,n){let i=await(0,hO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await yO(e,r),u=await s.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);fO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(s.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}o(gO,"CachingInboundPolicy");qa.CachingInboundPolicy=gO});var e_=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.ChangeMethodInboundPolicy=void 0;var bO=O(),_O=He(),wO=o(async(e,t,r,n)=>{if(!r.method)throw new bO.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new _O.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");$a.ChangeMethodInboundPolicy=wO});var t_=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.ClearHeadersInboundPolicy=void 0;var EO=He(),vO=o(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new EO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");ja.ClearHeadersInboundPolicy=vO});var r_=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.ClearHeadersOutboundPolicy=void 0;var SO=o(async(e,t,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&s.set(c,u)}),new Response(e.body,{headers:s,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Va.ClearHeadersOutboundPolicy=SO});var n_=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ClerkJwtInboundPolicy=void 0;var TO=Vt(),IO=o(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,TO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ga.ClerkJwtInboundPolicy=IO});var o_=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.CognitoJwtInboundPolicy=void 0;var i_=O(),PO=Vt(),AO=o(async(e,t,r,n)=>{if(!r.userPoolId)throw new i_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new i_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,PO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ba.CognitoJwtInboundPolicy=AO});var a_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.CompositeInboundPolicy=void 0;var RO=O(),OO=Or(),s_=nn(),NO=o(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new RO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=OO.Gateway.instance,s=(0,s_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,s_.toStackedInboundHandler)(s)(e,t)},"CompositeInboundPolicy");Ka.CompositeInboundPolicy=NO});var c_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.CurityPhantomTokenInboundPolicy=void 0;var CO=jt(),xO=Jt(),Ja=ie(),LO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ja.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let s=DO(i);if(!s)return Ja.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,CO.getPolicyCacheName)(n,r),c=new xO.MemoryZoneReadThroughCache(a,t),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ja.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ja.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");za.CurityPhantomTokenInboundPolicy=LO;function DO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}o(DO,"getToken")});var u_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.FirebaseJwtInboundPolicy=void 0;var UO=Rt(),MO=Vt(),kO=o(async(e,t,r,n)=>((0,UO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,MO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Wa.FirebaseJwtInboundPolicy=kO});var l_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.FormDataToJsonInboundPolicy=void 0;var HO=He(),FO=o(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=e.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new HO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Qa.FormDataToJsonInboundPolicy=FO});var d_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.GeoFilterInboundPolicy=void 0;var qO=O(),$O=ie(),jn="__unknown__",jO=o(async(e,t,r,n)=>{let i={allow:{countries:Gn(r.allow?.countries,"allow.countries",n),regionCodes:Gn(r.allow?.regionCodes,"allow.regionCode",n),asns:Gn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Gn(r.block?.countries,"block.countries",n),regionCodes:Gn(r.block?.regionCodes,"block.regionCode",n),asns:Gn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=t.incomingRequestProperties.country?.toLowerCase()??jn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??jn,c=t.incomingRequestProperties.asn?.toString()??jn,u=i.ignoreUnknown&&s===jn,l=i.ignoreUnknown&&a===jn,d=i.ignoreUnknown&&c===jn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Vn(e,t,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Vn(e,t,n,s,a,c):e},"GeoFilterInboundPolicy");Ya.GeoFilterInboundPolicy=jO;function Vn(e,t,r,n,i,s){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),$O.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:s}})}o(Vn,"blockedResponse");function Gn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new qO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}o(Gn,"toLowerStringArray")});var p_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.JWTScopeValidationInboundPolicy=void 0;var VO=o(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Za.JWTScopeValidationInboundPolicy=VO});var m_=y(Bn=>{"use strict";Object.defineProperty(Bn,"__esModule",{value:!0});Bn.consumeSubcriptionQuotas=Bn.loadSubscription=void 0;var h_=Ke(),f_=W();async function GO(e,t,r,n){let i=h_.SystemLogMap.getLogger(e),{authApiJWT:s,meteringServiceUrl:a}=f_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${t}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(GO,"loadSubscription");Bn.loadSubscription=GO;async function BO(e,t,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=f_.Environment.instance,c=h_.SystemLogMap.getLogger(e);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${t}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(BO,"consumeSubcriptionQuotas");Bn.consumeSubcriptionQuotas=BO});var y_=y(Kn=>{"use strict";Object.defineProperty(Kn,"__esModule",{value:!0});Kn.parseAllowedSubscriptionStatuses=Kn.validateMeters=void 0;var Vr=O(),KO=Xt(),JO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function zO(e,t){try{let r=[];for(let n in e)typeof e[n]!="number"&&!(Number.isInteger(e[n])&&/^-?\d+$/.test(e[n].toString()))&&r.push(n);if(r.length>0)throw new Vr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'meters' is invalid. ${r.message}`):r}}o(zO,"validateMeters");Kn.validateMeters=zO;function WO(e,t){if(e)try{if(e.length===0)throw new Vr.ConfigurationError("Must set valid subscription statuses");let r=(0,KO.parseValueToStringArray)(e),n=[];for(let i of r)JO.has(i)||n.push(i);if(n.length>0)throw new Vr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return e}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(WO,"parseAllowedSubscriptionStatuses");Kn.parseAllowedSubscriptionStatuses=WO});var __=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.MonetizationInboundPolicy=void 0;var ih=Yr(),oh=Jd(),Xa=Li(),sh=O(),Gr=ie(),QO=Xt(),YO=Rt(),g_=m_(),b_=y_(),ZO=o(async(e,t,r,n)=>{if((0,YO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),!r.meterOnStatusCodes)throw new sh.ConfigurationError(`Invalid MonetizationInboundPolicy '${n}' - The property 'meterOnStatusCodes' must be an array of HTTP status code numbers`);let i=r.allowRequestsOverQuota??!1,s=Array.isArray(r.meterOnStatusCodes)?r.meterOnStatusCodes:(0,QO.statusCodesStringToNumberArray)(r.meterOnStatusCodes);(0,b_.validateMeters)(r.meters,n);let a=r.allowRequestsWithoutSubscription??!1,c=(0,b_.parseAllowedSubscriptionStatuses)(r.allowedSubscriptionStatuses,n);t.addResponseSendingFinalHook(async(g,_,S)=>{let T=oh.ContextData.get(S,ih.METERING_SUBSCRIPTION_CONTEXT_DATA);if((r.allowRequestsWithoutSubscription??!1)&&!T){S.log.debug(`MonetizationInboundPolicy '${n}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!r.bucketId)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new sh.ConfigurationError(`MonetizationInboundPolicy '${n}' - No bucketId property provided`);s.includes(g.status)&&T&&r.meters&&(S.log.debug(`MonetizationInboundPolicy '${n}' - Updating subscription '${T.id}' with meters '${JSON.stringify(r.meters)} on response status '${g.status}'`),await(0,g_.consumeSubcriptionQuotas)(S,T.id,n,r.bucketId,r.meters))});let u=e.user;if(!u)return a?e:Gr.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new sh.ConfigurationError(`MonetizationInboundPolicy '${n}' - No bucketId property provided`);let{sub:l}=u,d=await(0,g_.loadSubscription)(t,l,n,r.bucketId);if(!d)return t.log.warn("No valid subscription found"),a?e:Gr.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"});if(!c.includes(d.status)&&!a)return t.log.warn(`Subscription '${d.id}' has status '${d.status}' which is not part of the allowed statuses.`),Gr.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"});c.includes(d.status)&&(t.log.debug(`Loading subscription '${d.id}' for user sub '${l}' to ContextData`),oh.ContextData.set(t,ih.METERING_SUBSCRIPTION_CONTEXT_DATA,d));let p=oh.ContextData.get(t,ih.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!p)return a?e:(t.log.warn("Subscription is not available for user"),Gr.HttpProblems.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(p&&Object.keys(p.quotas).length===0)return t.log.error(`Quota is not set up for subscription '${p.id}'`),Gr.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let h=Object.keys(r.meters).filter(g=>!Object.keys(p.quotas).includes(g));if(h.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${h.join(", ")}`),Gr.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${h.join(", ")}`,title:"Quota Exceeded"});for(let g of Object.keys(r.meters))if(p.quotas[g]<=0&&!i)return Gr.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${g}'`,title:"Quota Exceeded"});return e},"MonetizationInboundPolicy");ec.MonetizationInboundPolicy=ZO});var E_=y(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.MockApiInboundPolicy=void 0;var XO=ie(),eN=o(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return ah(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return ah(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return w_(a[c])}else return a.length>0?w_(a[0]):ah(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");tc.MockApiInboundPolicy=eN;function w_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}o(w_,"generateResponse");var ah=o((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return XO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var P_=y(Jn=>{"use strict";Object.defineProperty(Jn,"__esModule",{value:!0});Jn.MoesifInboundPolicy=Jn.setMoesifContext=void 0;var tN=O(),rN=ve(),nN="Incoming",iN={logRequestBody:!0,logResponseBody:!0};function v_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}o(v_,"headersToObject");function S_(){return new Date().toISOString()}o(S_,"timestamp");var ch=new WeakMap,oN={};function sN(e,t){let r=ch.get(e);r||(r=oN);let n=Object.assign({...r},t);ch.set(e,n)}o(sN,"setMoesifContext");Jn.setMoesifContext=sN;async function T_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}o(T_,"readBody");var aN={},uh;function I_(){if(!uh)throw new tN.RuntimeError("Invalid State - no _lastLogger");return uh}o(I_,"getLastLogger");function cN(e){let t=aN[e];return t||(t=new rN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);I_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||I_().error({status:i.status,body:await i.text()})})),t}o(cN,"getDispatcher");async function uN(e,t,r,n){uh=t.log;let i=S_(),s=Object.assign(iN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await T_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=cN(s.applicationId),d=e.headers.get("true-client-ip"),p=ch.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:v_(e.headers)},h=s.logResponseBody?await T_(c,t):void 0,g={time:S_(),status:c.status,headers:v_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:nN};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}o(uN,"MoesifInboundPolicy");Jn.MoesifInboundPolicy=uN});var A_=y(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.OktaJwtInboundPolicy=void 0;var lN=Vt(),dN=o(async(e,t,r,n)=>(0,lN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");rc.OktaJwtInboundPolicy=dN});var R_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.PropelAuthJwtInboundPolicy=void 0;var pN=(Hs(),po(ks)),hN=Vt(),lh,fN=o(async(e,t,r,n)=>{if(!lh)try{lh=await(0,pN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,hN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:lh,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");nc.PropelAuthJwtInboundPolicy=fN});var O_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=Xe(),rt=class extends Error{static{o(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=rt;var Fi=class extends rt{static{o(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Fi;var qi=class extends rt{static{o(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=qi;function mN(e,t){if((0,je.isUndefined)(e))throw new Fi(t)}o(mN,"throwIfUndefined");V.throwIfUndefined=mN;function dh(e,t){if((0,je.isUndefinedOrNull)(e))throw new Fi(t)}o(dh,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=dh;function yN(e,t){if(dh(e,t),!(0,je.isString)(e))throw new qi(t,"string")}o(yN,"throwIfNotString");V.throwIfNotString=yN;function gN(e,t){if(dh(e,t),!(0,je.isNumber)(e))throw new qi(t,"number")}o(gN,"throwIfNotNumber");V.throwIfNotNumber=gN;var $i=class extends rt{static{o(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=$i;var zn=class extends rt{static{o(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=zn;function bN(e,t,r,n){if((0,je.isUndefined)(n))throw new $i(e,t,r)}o(bN,"throwIfOptionUndefined");V.throwIfOptionUndefined=bN;function ic(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new $i(e,t,r)}o(ic,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=ic;function _N(e,t,r,n){if(ic(e,t,r,n),!(0,je.isString)(n))throw new zn(e,t,r,"string")}o(_N,"throwIfOptionNotString");V.throwIfOptionNotString=_N;function wN(e,t,r,n){if(ic(e,t,r,n),!(0,je.isNumber)(n))throw new zn(e,t,r,"number")}o(wN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=wN;function EN(e,t,r,n){if(ic(e,t,r,n),!(0,je.isObject)(n))throw new zn(e,t,r,"object")}o(EN,"throwIfOptionNotObject");V.throwIfOptionNotObject=EN;function vN(e,t){if((0,je.isUndefined)(e))throw new rt(t)}o(vN,"throwIfStateUndefined");V.throwIfStateUndefined=vN;function oc(e,t){if((0,je.isUndefinedOrNull)(e))throw new rt(t)}o(oc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=oc;function SN(e,t){if(oc(e,t),!(0,je.isString)(e))throw new rt(t);return!0}o(SN,"throwIfStateNotString");V.throwIfStateNotString=SN;function TN(e,t){if(oc(e,t),!(0,je.isNumber)(e))throw new rt(t);return!0}o(TN,"throwIfStateNotNumber");V.throwIfStateNotNumber=TN;function IN(e,t){if(oc(e,t),!(0,je.isObject)(e))throw new rt(t);return!0}o(IN,"throwIfStateNotObject");V.throwIfStateNotObject=IN});var N_=y(Wn=>{"use strict";Object.defineProperty(Wn,"__esModule",{value:!0});Wn.InMemoryRedisClient=Wn.StandardRedisClient=void 0;var ph=O(),sc=O_(),hh=class e{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,sc.throwIfNotString)(t,"redisClientUrl"),(0,sc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,sc.throwIfNotString)(t,"url");let s=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new ph.SystemError("Redis client failed with 401: Unauthorized"):new ph.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Wn.StandardRedisClient=hh;var fh=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,sc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new ph.SystemError("The in-memory redis client only supports /rate-limit calls")}};Wn.InMemoryRedisClient=fh});var U_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RateLimitInboundPolicy=void 0;var PN=Rr(),AN=jt(),RN=go(),Ot=O(),ON=ie(),C_=Ke(),ji=W(),x_=N_(),L_=Xe(),ac=(0,PN.debug)("zuplo:policies:RateLimitInboundPolicy"),NN="strict",CN=o(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),xN=o(async e=>({key:`ip-${CN(e)}`}),"getIP"),LN=o(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),DN=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),cc;function UN(e,t){let r;if(cc)return cc;if(ji.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new x_.InMemoryRedisClient,cc=r,r;let{authApiJWT:n,redisURL:i}=ji.Environment.instance;if(!(0,L_.isString)(i))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,L_.isString)(n))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=x_.StandardRedisClient.initialize(i,n,ji.Environment.instance.deploymentName??"unknown",ji.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return cc=r,r}o(UN,"getRedisClient");async function D_(e,t,r,n,i){let s=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:e}),requestId:i})}o(D_,"getCountAndUpdateExpiry");function MN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ot.RuntimeError(u)}return c},"outerFunction")}o(MN,"wrapUserFunction");var kN="Retry-After",HN=o(async(e,t,r,n)=>{let i=Date.now(),s=C_.SystemLogMap.getLogger(t),a=o((u,l)=>{if(r.throwOnFailure)throw new Ot.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[kN]=l.toString()),ON.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:MN(r,n),user:LN,ip:xN,all:DN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=UN(n,s),T=`bucket/${ji.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??NN)==="async"){let L=await(0,AN.getPolicyCacheName)(n,r),re=new RN.ZoneCache(L,{logger:C_.SystemLogMap.getLogger(t)}),ne=D_(T,h,_,s,t.requestId),me=await re.get(T);if(me!==void 0&&me<=Date.now()){ac(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let E=Be,H=E.mutableResponse;E.mutableResponse=(async()=>{let xe=await ne;if(xe.count>m){let Eu=Date.now()+xe.ttlSeconds*1e3,_E=re.put(T,Eu,xe.ttlSeconds).catch(tf=>{throw s.error(new Ot.SystemError("Error caching rate limit result.",{cause:tf})),tf});return t.waitUntil(_E),ac(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(E){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let K=await D_(T,h,_,s,t.requestId);return K.count>m?(ac(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;ac(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");uc.RateLimitInboundPolicy=HN});var F_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.ReadmeMetricsInboundPolicy=void 0;var FN=ve(),mh=W(),M_=Xt(),yh;function k_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}o(k_,"headersToNameValuePairs");function qN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}o(qN,"queryToNameValueParis");function $N(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}o($N,"parseIntOrUndefined");var H_={};async function jN(e,t,r,n){let i=new Date,s=Date.now();return yh||(yh={name:"zuplo",version:mh.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${mh.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,M_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,M_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:mh.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:yh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:k_(e.headers),queryString:qN(e.query)},response:{status:a.status,statusText:a.statusText,headers:k_(a.headers),content:{size:$N(e.headers.get("content-length"))}}}]}}},d=H_[r.apiKey];if(!d){let p=r.apiKey;d=new FN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),H_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}o(jN,"ReadmeMetricsInboundPolicy");lc.ReadmeMetricsInboundPolicy=jN});var q_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.RemoveHeadersInboundPolicy=void 0;var VN=O(),GN=He(),BN=o(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new VN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(e.headers);return i.forEach(c=>{s.delete(c)}),new GN.ZuploRequest(e,{headers:s})},"RemoveHeadersInboundPolicy");dc.RemoveHeadersInboundPolicy=BN});var $_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RemoveHeadersOutboundPolicy=void 0;var KN=O(),JN=o(async(e,t,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new KN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return s.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");pc.RemoveHeadersOutboundPolicy=JN});var j_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.RemoveQueryParamsInboundPolicy=void 0;var zN=O(),WN=He(),QN=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new zN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(e.url);return i.forEach(c=>{s.searchParams.delete(c)}),new WN.ZuploRequest(s.toString(),e)},"RemoveQueryParamsInboundPolicy");hc.RemoveQueryParamsInboundPolicy=QN});var V_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.ReplaceStringOutboundPolicy=void 0;var YN=o(async(e,t,r,n)=>{let i=await e.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");fc.ReplaceStringOutboundPolicy=YN});var B_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.RequestSizeLimitInboundPolicy=void 0;var G_=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),ZN=o(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?G_():s&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?G_():e},"RequestSizeLimitInboundPolicy");mc.RequestSizeLimitInboundPolicy=ZN});var yc=y(nt=>{"use strict";Object.defineProperty(nt,"__esModule",{value:!0});nt.sanitizedIdentifierName=nt.getIdForRefSchema=nt.getIdForRequestBodySchema=nt.getIdForParameterSchema=nt.getRawOperationDataIdentifierName=void 0;function XN(e,t,r){return`_${Br(e+"_"+t+"_"+r)}`}o(XN,"getRawOperationDataIdentifierName");nt.getRawOperationDataIdentifierName=XN;function eC(e,t,r,n){return`_${Br(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(eC,"getIdForParameterSchema");nt.getIdForParameterSchema=eC;function tC(e,t,r){return`_${Br(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Br(r.toLowerCase())}`}o(tC,"getIdForRequestBodySchema");nt.getIdForRequestBodySchema=tC;function rC(e,t){return`_${Br(e)}__${Br(t)}`}o(rC,"getIdForRefSchema");nt.getIdForRefSchema=rC;function Br(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}o(Br,"sanitizedIdentifierName");nt.sanitizedIdentifierName=Br});var Vi=y(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var nC=Or(),iC=yc(),oC=o(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=oC;var sC=o((e,t,r,n,i)=>{let s=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,iC.getIdForParameterSchema)(r,n,i,u.name),p=nC.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");De.validateParameters=sC;var aC=o((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=aC;var cC=o(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=cC;var uC=o(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=uC;var lC=o(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=lC});var K_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.handleBodyValidation=void 0;var dC=Or(),gc=ie(),pC=yc(),ze=Vi();async function hC(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=gc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",g,[n],h),(0,ze.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=gc.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,pC.getIdForRequestBodySchema)(e.route.path,t.method,i),c=dC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=gc.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=gc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}o(hC,"handleBodyValidation");bc.handleBodyValidation=hC});var J_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.handleHeadersValidation=void 0;var fC=ie(),Gi=Vi();function mC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Gi.getParametersForOperation)(e),s=(0,Gi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=fC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,Gi.shouldLog)(r.validateHeaders)&&(0,Gi.logErrors)(e,r.logLevel??"info",a,s.invalidValues,s.errors),(0,Gi.shouldReject)(r.validateHeaders))return c}}o(mC,"handleHeadersValidation");_c.handleHeadersValidation=mC});var z_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.handlePathParameterValidation=void 0;var yC=ie(),Bi=Vi();function gC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Bi.getParametersForOperation)(e),i=(0,Bi.validateParameters)(n.filter(s=>s.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=yC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Bi.shouldLog)(r.validatePathParameters)&&(0,Bi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Bi.shouldReject)(r.validatePathParameters))return a}}o(gC,"handlePathParameterValidation");wc.handlePathParameterValidation=gC});var W_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.handleQueryParameterValidation=void 0;var bC=ie(),Ki=Vi();function _C(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Ki.getParametersForOperation)(e),i=(0,Ki.validateParameters)(n.filter(s=>s.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=bC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Ki.shouldLog)(r.validateQueryParameters)&&(0,Ki.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Ki.shouldReject)(r.validateQueryParameters))return a}}o(_C,"handleQueryParameterValidation");Ec.handleQueryParameterValidation=_C});var Q_=y(Kr=>{"use strict";Object.defineProperty(Kr,"__esModule",{value:!0});Kr.SchemaBasedRequestValidation=Kr.RequestValidationInboundPolicy=void 0;var wC=K_(),EC=J_(),vC=z_(),SC=W_(),TC=o(async(e,t,r)=>{let n=(0,SC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,vC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,EC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,wC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Kr.RequestValidationInboundPolicy=TC;Kr.SchemaBasedRequestValidation=Kr.RequestValidationInboundPolicy});var Y_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.RequireOriginInboundPolicy=void 0;var IC=O(),PC=ie(),AC=o(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new IC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=e.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return PC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");vc.RequireOriginInboundPolicy=AC});var Z_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SetBodyInboundPolicy=void 0;var RC=He(),OC=o(async(e,t,r)=>new RC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Sc.SetBodyInboundPolicy=OC});var ew=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.SetHeadersInboundPolicy=void 0;var X_=O(),NC=He(),CC=o(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new X_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new X_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new NC.ZuploRequest(e,{headers:s})},"SetHeadersInboundPolicy");Tc.SetHeadersInboundPolicy=CC});var rw=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.SetHeadersOutboundPolicy=void 0;var tw=O(),xC=o(async(e,t,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new tw.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new tw.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");Ic.SetHeadersOutboundPolicy=xC});var iw=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SetQueryParamsInboundPolicy=void 0;var nw=O(),LC=He(),DC=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new nw.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new nw.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new LC.ZuploRequest(s.toString(),e)},"SetQueryParamsInboundPolicy");Pc.SetQueryParamsInboundPolicy=DC});var ow=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.SetStatusOutboundPolicy=void 0;var UC=o(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Ac.SetStatusOutboundPolicy=UC});var sw=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.SleepInboundPolicy=void 0;var MC=O(),kC=o(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),HC=o(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new MC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await kC(r.sleepInMs),e},"SleepInboundPolicy");Rc.SleepInboundPolicy=HC});var cw=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.SupabaseJwtInboundPolicy=void 0;var aw=O(),FC=ie(),qC=He(),$C=Rt(),jC=Vt(),VC=o(async(e,t,r,n)=>{(0,$C.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,jC.OpenIdJwtInboundPolicy)(e,t,i,n);if(s instanceof Response)return s;if(!(s instanceof qC.ZuploRequest))throw new aw.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=e.user?.data.app_metadata;if(!c)throw new aw.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?FC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Oc.SupabaseJwtInboundPolicy=VC});var lw=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var GC=jt(),BC=Jt(),uw=O(),KC=En(),JC=Rt(),zC=o(async(e,t,r,n)=>{(0,JC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,GC.getPolicyCacheName)(n,r),s=new BC.MemoryZoneReadThroughCache(i,t),a=await s.get(n);if(!a){let c=await WC(r,t);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Nc.UpstreamAzureAdServiceAuthInboundPolicy=zC;async function WC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,KC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();t.log.error("Could not get token from Azure AD",s)}catch{}throw new uw.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new uw.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(WC,"getAccessToken")});var pw=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var QC=jt(),YC=Jt(),ZC=O(),gh=vn(),XC=Rt(),dw="https://accounts.google.com/o/oauth2/token",bh,ex=o(async(e,t,r,n)=>{(0,XC.optionValidator)(r,n).required("serviceAccountJson","string"),bh||(bh=await gh.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,QC.getPolicyCacheName)(n,r),a=new YC.MemoryZoneReadThroughCache(s,t),c=await a.get(n);if(!c){let u=await(0,gh.getTokenFromGcpServiceAccount)({serviceAccount:bh,audience:dw,payload:i}),l=await(0,gh.exchangeGgpJwtForIdToken)(dw,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new ZC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Cc.UpstreamFirebaseAdminAuthInboundPolicy=ex});var hw=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var tx=jt(),rx=Jt(),Qn=O(),nx=Yp(),_h=vn(),ix=Xt(),ox=Rt(),sx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",ax=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],wh,cx=o(async(e,t,r,n)=>{if((0,ox.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Qn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(ax.indexOf(p)!==-1)throw new Qn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}wh||(wh=await _h.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!e.user)throw new Qn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Qn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,ix.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new Qn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,tx.getPolicyCacheName)(n,r),c=new rx.MemoryZoneReadThroughCache(a,t),u={uid:s,claims:i},l=await(0,nx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,_h.getTokenFromGcpServiceAccount)({serviceAccount:wh,audience:sx,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,_h.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Qn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");xc.UpstreamFirebaseUserAuthInboundPolicy=cx});var mw=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.UpstreamGcpJwtInboundPolicy=void 0;var fw=vn(),ux=Rt(),Eh,lx=o(async(e,t,r,n)=>{(0,ux.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Eh||(Eh=await fw.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,fw.getTokenFromGcpServiceAccount)({serviceAccount:Eh,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Lc.UpstreamGcpJwtInboundPolicy=lx});var gw=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.UpstreamGcpServiceAuthInboundPolicy=void 0;var dx=jt(),px=Ru(),hx=Jt(),Ji=O(),vh=vn(),fx=Xt(),mx=Rt(),yw="https://www.googleapis.com/oauth2/v4/token",Sh,yx=o(async(e,t,r,n)=>{(0,mx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Sh||(Sh=await vh.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Ji.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,fx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Ji.ConfigurationError?new Ji.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,dx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new px.MemoryCache(s):a=new hx.MemoryZoneReadThroughCache(s,t);let c=await a.get(n);if(!c){let u=await(0,vh.getTokenFromGcpServiceAccount)({serviceAccount:Sh,audience:yw,payload:i}),l=await(0,vh.exchangeGgpJwtForIdToken)(yw,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Ji.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Ji.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Dc.UpstreamGcpServiceAuthInboundPolicy=yx});var _w=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.ValidateJsonSchemaInbound=void 0;var gx=O(),bw=ie(),bx=o(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return bw.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new gx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return bw.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Uc.ValidateJsonSchemaInbound=bx});var ww=y(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.ServiceProviderImpl=void 0;var _x=O(),Th=class{static{o(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new _x.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Mc.ServiceProviderImpl=Th});var Lw=y(f=>{"use strict";var wx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Ih=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&wx(t,e,r)},Ex=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MonetizationInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.OutboundPolicy=f.InboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=void 0;cf();var vx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return vx.MemoryZoneReadThroughCache}});var Sx=go();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Sx.ZoneCache}});var Ew=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return Ew.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return Ew.ResponseSentEvent}});var Tx=Jd();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Tx.ContextData}});var Ph=Li();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return Ph.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Ph.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Ph.isZuploReadableEnvVariableName}});var vw=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return vw.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return vw.RuntimeError}});var Ix=Wd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Ix.originalFetch}});var Sw=Mg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return Sw.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return Sw.purgeGatewayCache}});var Tw=Xg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return Tw.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return Tw.awsLambdaHandler}});var Px=tb();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Px.openApiSpecHandler}});var Ax=rb();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Ax.redirectHandler}});var Rx=ib();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Rx.urlForwardHandler}});var Ox=sb();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Ox.urlRewriteHandler}});var Nx=cb();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Nx.webSocketHandler}});var Cx=db();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Cx.webSocketPipelineHandler}});var xx=Xu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return xx.HttpStatusCode}});Ih(_b(),f);Ih(vb(),f);var Lx=Sb();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Lx.AuditLogDataStaxProvider}});var Dx=Ib();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Dx.AuditLogPlugin}});Ih(qb(),f);var Iw=Yo();Object.defineProperty(f,"InboundPolicy",{enumerable:!0,get:function(){return Iw.InboundPolicy}});Object.defineProperty(f,"OutboundPolicy",{enumerable:!0,get:function(){return Iw.OutboundPolicy}});var Pw=Bb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return Pw.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return Pw.AmberfloMeteringPolicy}});var Ux=Qb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ux.ApiAuthKeyInboundPolicy}});var Mx=eh();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiKeyInboundPolicy}});var kx=Yb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return kx.Auth0JwtInboundPolicy}});var Hx=Zb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Hx.BasicAuthInboundPolicy}});var Fx=Xb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Fx.CachingInboundPolicy}});var qx=e_();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return qx.ChangeMethodInboundPolicy}});var $x=t_();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return $x.ClearHeadersInboundPolicy}});var jx=r_();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersOutboundPolicy}});var Vx=n_();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Vx.ClerkJwtInboundPolicy}});var Gx=o_();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.CognitoJwtInboundPolicy}});var Bx=a_();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Bx.CompositeInboundPolicy}});var Kx=c_();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Kx.CurityPhantomTokenInboundPolicy}});var Jx=u_();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.FirebaseJwtInboundPolicy}});var zx=l_();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return zx.FormDataToJsonInboundPolicy}});var Wx=d_();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Wx.GeoFilterInboundPolicy}});var Qx=p_();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Qx.JWTScopeValidationInboundPolicy}});var Yx=__();Object.defineProperty(f,"MonetizationInboundPolicy",{enumerable:!0,get:function(){return Yx.MonetizationInboundPolicy}});var Zx=E_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Zx.MockApiInboundPolicy}});var Aw=P_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return Aw.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return Aw.setMoesifContext}});var Xx=A_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Xx.OktaJwtInboundPolicy}});var eL=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return eL.OpenIdJwtInboundPolicy}});var tL=R_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return tL.PropelAuthJwtInboundPolicy}});var Rw=U_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return Rw.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return Rw.RateLimitInboundPolicy}});var rL=F_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return rL.ReadmeMetricsInboundPolicy}});var nL=q_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return nL.RemoveHeadersInboundPolicy}});var iL=$_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return iL.RemoveHeadersOutboundPolicy}});var oL=j_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return oL.RemoveQueryParamsInboundPolicy}});var sL=V_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return sL.ReplaceStringOutboundPolicy}});var aL=B_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return aL.RequestSizeLimitInboundPolicy}});var Ow=Q_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return Ow.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return Ow.SchemaBasedRequestValidation}});var cL=Y_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return cL.RequireOriginInboundPolicy}});var uL=Z_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return uL.SetBodyInboundPolicy}});var lL=ew();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return lL.SetHeadersInboundPolicy}});var dL=rw();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return dL.SetHeadersOutboundPolicy}});var pL=iw();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return pL.SetQueryParamsInboundPolicy}});var hL=ow();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return hL.SetStatusOutboundPolicy}});var fL=sw();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return fL.SleepInboundPolicy}});var mL=Cp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return mL.StripeWebhookVerificationInboundPolicy}});var yL=cw();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return yL.SupabaseJwtInboundPolicy}});var gL=lw();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return gL.UpstreamAzureAdServiceAuthInboundPolicy}});var bL=pw();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return bL.UpstreamFirebaseAdminAuthInboundPolicy}});var _L=hw();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return _L.UpstreamFirebaseUserAuthInboundPolicy}});var wL=mw();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wL.UpstreamGcpJwtInboundPolicy}});var EL=gw();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return EL.UpstreamGcpServiceAuthInboundPolicy}});var vL=_w();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return vL.ValidateJsonSchemaInbound}});var SL=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return SL.HttpProblems}});var TL=Po();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return TL.ProblemResponseFormatter}});var IL=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return IL.ZuploRequest}});var PL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return PL.SystemRouteName}});var Nw=Hd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return Nw.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return Nw.Router}});var Cw=Vu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return Cw.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return Cw.serialize}});var AL=ww();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return AL.ServiceProviderImpl}});var xw=bl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return xw.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return xw.SYSTEM_LOGGER}});var RL=tl();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return Ex(RL).default}});var OL=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return OL.SystemLogMap}});var zi=yc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return zi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return zi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return zi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return zi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return zi.sanitizedIdentifierName}})});var Dw=y(Yn=>{"use strict";Object.defineProperty(Yn,"__esModule",{value:!0});Yn.BaseCryptoBeta=Yn.supportedDigests=void 0;Yn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Ah=class{static{o(this,"BaseCryptoBeta")}};Yn.BaseCryptoBeta=Ah});var Uw=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.WorkerCryptoBeta=void 0;var Rh=Dw(),NL=O(),Oh=class extends Rh.BaseCryptoBeta{static{o(this,"WorkerCryptoBeta")}async digest(t,r){if(!Rh.supportedDigests.includes(t.toLowerCase()))throw new NL.RuntimeError(`Algorithm ${t} is not supported. Try using ${Rh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};kc.WorkerCryptoBeta=Oh});var Mw=y(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.BaseKeyValueStore=void 0;var Nh=class{static{o(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Hc.BaseKeyValueStore=Nh});var Hw=y(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.WorkerKeyValueStore=void 0;var kw=O(),CL=Mw(),Ch=class extends CL.BaseKeyValueStore{static{o(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new kw.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new kw.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Fc.WorkerKeyValueStore=Ch});var Mt=y(pt=>{"use strict";var xL=pt&&pt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),LL=pt&&pt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&xL(t,e,r)};Object.defineProperty(pt,"__esModule",{value:!0});pt.KeyValueStore=pt.CryptoBeta=void 0;LL(Lw(),pt);var DL=Uw();Object.defineProperty(pt,"CryptoBeta",{enumerable:!0,get:function(){return DL.WorkerCryptoBeta}});var UL=Hw();Object.defineProperty(pt,"KeyValueStore",{enumerable:!0,get:function(){return UL.WorkerKeyValueStore}})});var jD={};lo(jD,{GraphQLComplexityLimitInboundPolicy:()=>yE,GraphQLDisableIntrospectionInboundPolicy:()=>bE});module.exports=po(jD);var ui=nf(Mt());function G(e,t){if(!!!e)throw new Error(t)}o(G,"devAssert");function we(e){return typeof e=="object"&&e!==null}o(we,"isObjectLike");function Nt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}o(Nt,"invariant");var ML=/\r\n|[\n\r]/g;function Zn(e,t){let r=0,n=1;for(let i of e.body.matchAll(ML)){if(typeof i.index=="number"||Nt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}o(Zn,"getLocation");function xh(e){return qc(e.source,Zn(e.source,e.start))}o(xh,"printLocation");function qc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,s=e.locationOffset.line-1,a=t.line+s,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}o(s0,"validateComputedSignature");function a0(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(a0,"parseHeader");function c0(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}o(c0,"secureCompare");async function Ab(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=Op[s[c]];return a.join("")}o(Ab,"computeHMACSignatureAsync");Hn.computeHMACSignatureAsync=Ab;var Op=new Array(256);for(let e=0;e<Op.length;e++)Op[e]=e.toString(16).padStart(2,"0")});var Rt=y(Ta=>{"use strict";Object.defineProperty(Ta,"__esModule",{value:!0});Ta.optionValidator=void 0;var Fn=O(),u0=Xe();function l0(e,t){if(!(0,u0.isObject)(e))throw new Fn.ConfigurationError(`Options on policy '${t}' is expected to be an object. Received the type '${typeof e}'.`);let r=o((s,a,c)=>{let u=e[s];if(!(c&&u===void 0)){if(u===void 0)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new Fn.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=o((s,a)=>(r(s,a,!0),{optional:n,required:i}),"optional"),i=o((s,a)=>(r(s,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}o(l0,"optionValidator");Ta.optionValidator=l0});var Cp=y(Ia=>{"use strict";Object.defineProperty(Ia,"__esModule",{value:!0});Ia.StripeWebhookVerificationInboundPolicy=void 0;var d0=Yo(),p0=ie(),h0=Rb(),f0=Rt(),Np=class extends d0.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(t,r){(0,f0.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=t.headers.get("stripe-signature");try{let i=await t.clone().text();await(0,h0.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){return r.log.error("Error validating stripe webhook",i),p0.HttpProblems.badRequest(t,r,{title:"Webhook Error",detail:i.message})}return t}};Ia.StripeWebhookVerificationInboundPolicy=Np});var Nb=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.isStripeWebhookEvent=void 0;var Ob=Xe();function m0(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Ob.isString)(e.id)&&"type"in e&&(0,Ob.isString)(e.type)}o(m0,"isStripeWebhookEvent");Pa.isStripeWebhookEvent=m0});var Cb=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.MeteringPlugin=void 0;var y0=bt(),xp=class extends y0.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Aa.MeteringPlugin=xp});var Lb=y(Lp=>{"use strict";Object.defineProperty(Lp,"__esModule",{value:!0});var xb=O(),g0={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new xb.RuntimeError(s)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new xb.RuntimeError(s)}return i}};Lp.default=g0});var Db=y(br=>{"use strict";Object.defineProperty(br,"__esModule",{value:!0});br.deleteConsumer=br.createConsumerInvite=br.createConsumer=void 0;var Dp=O(),Up=Ke(),Mp=W(),kp=En(),Hp="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function b0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=Mp.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,Hp);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new Dp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}o(b0,"createConsumer");br.createConsumer=b0;async function _0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=Mp.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,Hp);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new Dp.RuntimeError(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}o(_0,"createConsumerInvite");br.createConsumerInvite=_0;async function w0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Mp.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,Hp);i.searchParams.set("with-api-key","true");let s=await(0,kp.fetchRetry)({retryDelayMs:5,retries:2,logger:Up.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new Dp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}o(w0,"deleteConsumer");br.deleteConsumer=w0});var Ra=y(wr=>{"use strict";Object.defineProperty(wr,"__esModule",{value:!0});wr.getSubscription=wr.updateSubscription=wr.createSubscription=void 0;var _r=O(),Fp=Ke(),qp=W(),$p=En(),jp=Xe();async function E0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(l))throw new _r.SystemError("No Zuplo JWT token set.");let p=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new _r.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}o(E0,"createSubscription");wr.createSubscription=E0;async function v0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new _r.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(v0,"updateSubscription");wr.updateSubscription=v0;async function S0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=qp.Environment.instance;if(!(0,jp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,$p.fetchRetry)({retryDelayMs:5,retries:2,logger:Fp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new _r.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}return c.data[0]}o(S0,"getSubscription");wr.getSubscription=S0});var Vp=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.stripeStatusToMeteringStatus=void 0;function T0(e){return e.replaceAll("_","-")}o(T0,"stripeStatusToMeteringStatus");Oa.stripeStatusToMeteringStatus=T0});var Ub=y(ki=>{"use strict";var I0=ki&&ki.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(ki,"__esModule",{value:!0});var jr=ie(),P0=I0(Lb()),Gp=Db(),A0=Ra(),R0=Vp();async function O0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Gp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await P0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Gp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,R0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,A0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Gp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}o(O0,"onCustomerSubscriptionCreated");ki.default=O0});var kb=y(Kp=>{"use strict";Object.defineProperty(Kp,"__esModule",{value:!0});var Bp=ie(),Mb=Ra();async function N0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Bp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Bp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,Mb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Mb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Bp.HttpProblems.ok(e,t)}o(N0,"onCustomerSubscriptionDeleted");Kp.default=N0});var Hb=y(Jp=>{"use strict";Object.defineProperty(Jp,"__esModule",{value:!0});var Hi=ie(),Na=Ra(),C0=Vp();async function x0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Hi.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Hi.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,Na.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,C0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Na.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Hi.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,Na.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Na.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),Hi.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Hi.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(x0,"onCustomerSubscriptionUpdated");Jp.default=x0});var qb=y(qn=>{"use strict";var Wp=qn&&qn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(qn,"__esModule",{value:!0});qn.StripeMeteringPlugin=void 0;var Ca=Li(),xa=O(),L0=Ut(),D0=Cp(),Fb=ie(),U0=Yt(),M0=nn(),k0=Zu(),H0=at(),F0=W(),q0=Nb(),$0=Cb(),j0=Wp(Ub()),V0=Wp(kb()),G0=Wp(Hb()),zp=class extends $0.MeteringPlugin{static{o(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Ca.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Ca.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new xa.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(Ca.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Ca.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new xa.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!F0.Environment.instance.build.ACCOUNT_NAME)throw new xa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!B0(p))throw new xa.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,q0.isStripeWebhookEvent)(m))return Fb.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,j0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,G0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,V0.default)(c,u,m,{meteringBucketId:l});default:return Fb.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,M0.createInternalPolicyProcessor)({inboundPolicies:[new D0.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new L0.Pipeline({processors:[U0.metricsProcessor,i],handler:n,gateway:r}),a=new H0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:k0.SystemRouteName.StripePlugin});t.addRoute(a,s.execute)}};qn.StripeMeteringPlugin=zp;function B0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}o(B0,"isMetricsRegion")});var Bb=y($n=>{"use strict";Object.defineProperty($n,"__esModule",{value:!0});$n.AmberfloMeteringInboundPolicy=$n.AmberfloMeteringPolicy=void 0;var $b=O(),K0=ve(),jb=Xt(),Gb=new WeakMap,Vb={},Qp=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Gb.set(t,r)}};$n.AmberfloMeteringPolicy=Qp;async function J0(e,t,r,n){if(!r.statusCodes)throw new $b.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,jb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=Gb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new $b.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,jb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Vb[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new K0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Vb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}o(J0,"AmberfloMeteringInboundPolicy");$n.AmberfloMeteringInboundPolicy=J0});var Yp=y(La=>{"use strict";Object.defineProperty(La,"__esModule",{value:!0});La.sha256=void 0;async function z0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(z0,"sha256");La.sha256=z0});var jt=y(Da=>{"use strict";Object.defineProperty(Da,"__esModule",{value:!0});Da.getPolicyCacheName=void 0;var W0=Yp(),Kb=new Map;async function Q0(e,t){let r,n=Kb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,W0.sha256)(JSON.stringify({policyName:e,options:t}))}`,Kb.set(e,r)),r}o(Q0,"getPolicyCacheName");Da.getPolicyCacheName=Q0});var eh=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.ApiKeyInboundPolicy=void 0;var Y0=jt(),Z0=Jt(),Jb=Li(),Zp=O(),X0=Mt(),zb=Ke(),Xp=W(),eO=En(),Wb="key-metadata-cache-type";function tO(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}o(tO,"getKeyValue");async function rO(e,t,r,n){if(!r.bucketName)if(Jb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Jb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Zp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Zp.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(S=>i.allowUnauthenticatedRequests?e:X0.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=tO(a,i);if(!c||c==="")return s("No key present");let u=await nO(c),l=await(0,Y0.getPolicyCacheName)(n,i),d=new Z0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Wb&&zb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:c},h=await(0,eO.fetchRetry)({retryDelayMs:5,retries:2,logger:zb.SystemLogMap.getLogger(t)},`${Xp.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":Xp.Environment.instance.deploymentName??"unknown","User-Agent":Xp.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new Zp.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Wb,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}o(rO,"ApiKeyInboundPolicy");Ua.ApiKeyInboundPolicy=rO;async function nO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(nO,"hashValue")});var Qb=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.ApiAuthKeyInboundPolicy=void 0;var iO=eh();Ma.ApiAuthKeyInboundPolicy=iO.ApiKeyInboundPolicy});var Vt=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.OpenIdJwtInboundPolicy=void 0;var rh=(Hs(),po(ks)),nh=O(),oO=ie(),th={},sO=o(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new nh.ConfigurationError("Invalid State - jwkUrl not set");th[t.jwkUrl]||(th[t.jwkUrl]=(0,rh.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,rh.jwtVerify)(e,th[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),aO=o(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let s=new TextEncoder().encode(t.secret);r=new Uint8Array(s)}else r=t.secret;let{payload:n}=await(0,rh.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),cO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),s="bearer ",a=o(m=>oO.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new nh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new nh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?sO:aO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(s.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ka.OpenIdJwtInboundPolicy=cO});var Yb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.Auth0JwtInboundPolicy=void 0;var uO=Vt(),lO=o(async(e,t,r,n)=>(0,uO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");Ha.Auth0JwtInboundPolicy=lO});var Zb=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.BasicAuthInboundPolicy=void 0;var dO=ie(),pO=o(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",s=o(l=>dO.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");Fa.BasicAuthInboundPolicy=pO});var Xb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.CachingInboundPolicy=void 0;var hO=jt(),fO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function mO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(mO,"digestMessage");var yO=o(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await mO(JSON.stringify(n)),s=new URL(e.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function gO(e,t,r,n){let i=await(0,hO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await yO(e,r),u=await s.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);fO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(s.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}o(gO,"CachingInboundPolicy");qa.CachingInboundPolicy=gO});var e_=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.ChangeMethodInboundPolicy=void 0;var bO=O(),_O=He(),wO=o(async(e,t,r,n)=>{if(!r.method)throw new bO.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new _O.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");$a.ChangeMethodInboundPolicy=wO});var t_=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.ClearHeadersInboundPolicy=void 0;var EO=He(),vO=o(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new EO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");ja.ClearHeadersInboundPolicy=vO});var r_=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.ClearHeadersOutboundPolicy=void 0;var SO=o(async(e,t,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&s.set(c,u)}),new Response(e.body,{headers:s,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Va.ClearHeadersOutboundPolicy=SO});var n_=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ClerkJwtInboundPolicy=void 0;var TO=Vt(),IO=o(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,TO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ga.ClerkJwtInboundPolicy=IO});var o_=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.CognitoJwtInboundPolicy=void 0;var i_=O(),PO=Vt(),AO=o(async(e,t,r,n)=>{if(!r.userPoolId)throw new i_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new i_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,PO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ba.CognitoJwtInboundPolicy=AO});var a_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.CompositeInboundPolicy=void 0;var RO=O(),OO=Or(),s_=nn(),NO=o(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new RO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=OO.Gateway.instance,s=(0,s_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,s_.toStackedInboundHandler)(s)(e,t)},"CompositeInboundPolicy");Ka.CompositeInboundPolicy=NO});var c_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.CurityPhantomTokenInboundPolicy=void 0;var CO=jt(),xO=Jt(),Ja=ie(),LO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Ja.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let s=DO(i);if(!s)return Ja.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,CO.getPolicyCacheName)(n,r),c=new xO.MemoryZoneReadThroughCache(a,t),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Ja.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Ja.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");za.CurityPhantomTokenInboundPolicy=LO;function DO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}o(DO,"getToken")});var u_=y(Wa=>{"use strict";Object.defineProperty(Wa,"__esModule",{value:!0});Wa.FirebaseJwtInboundPolicy=void 0;var UO=Rt(),MO=Vt(),kO=o(async(e,t,r,n)=>((0,UO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,MO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Wa.FirebaseJwtInboundPolicy=kO});var l_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.FormDataToJsonInboundPolicy=void 0;var HO=He(),FO=o(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=e.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new HO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Qa.FormDataToJsonInboundPolicy=FO});var d_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.GeoFilterInboundPolicy=void 0;var qO=O(),$O=ie(),jn="__unknown__",jO=o(async(e,t,r,n)=>{let i={allow:{countries:Gn(r.allow?.countries,"allow.countries",n),regionCodes:Gn(r.allow?.regionCodes,"allow.regionCode",n),asns:Gn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Gn(r.block?.countries,"block.countries",n),regionCodes:Gn(r.block?.regionCodes,"block.regionCode",n),asns:Gn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=t.incomingRequestProperties.country?.toLowerCase()??jn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??jn,c=t.incomingRequestProperties.asn?.toString()??jn,u=i.ignoreUnknown&&s===jn,l=i.ignoreUnknown&&a===jn,d=i.ignoreUnknown&&c===jn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Vn(e,t,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Vn(e,t,n,s,a,c):e},"GeoFilterInboundPolicy");Ya.GeoFilterInboundPolicy=jO;function Vn(e,t,r,n,i,s){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),$O.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:s}})}o(Vn,"blockedResponse");function Gn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new qO.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}o(Gn,"toLowerStringArray")});var p_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.JWTScopeValidationInboundPolicy=void 0;var VO=o(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");Za.JWTScopeValidationInboundPolicy=VO});var m_=y(Bn=>{"use strict";Object.defineProperty(Bn,"__esModule",{value:!0});Bn.consumeSubcriptionQuotas=Bn.loadSubscription=void 0;var h_=Ke(),f_=W();async function GO(e,t,r,n){let i=h_.SystemLogMap.getLogger(e),{authApiJWT:s,meteringServiceUrl:a}=f_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${t}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(GO,"loadSubscription");Bn.loadSubscription=GO;async function BO(e,t,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=f_.Environment.instance,c=h_.SystemLogMap.getLogger(e);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${t}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(BO,"consumeSubcriptionQuotas");Bn.consumeSubcriptionQuotas=BO});var y_=y(Kn=>{"use strict";Object.defineProperty(Kn,"__esModule",{value:!0});Kn.parseAllowedSubscriptionStatuses=Kn.validateMeters=void 0;var Vr=O(),KO=Xt(),JO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function zO(e,t){try{let r=[];for(let n in e)typeof e[n]!="number"&&!(Number.isInteger(e[n])&&/^-?\d+$/.test(e[n].toString()))&&r.push(n);if(r.length>0)throw new Vr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'meters' is invalid. ${r.message}`):r}}o(zO,"validateMeters");Kn.validateMeters=zO;function WO(e,t){if(e)try{if(e.length===0)throw new Vr.ConfigurationError("Must set valid subscription statuses");let r=(0,KO.parseValueToStringArray)(e),n=[];for(let i of r)JO.has(i)||n.push(i);if(n.length>0)throw new Vr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return e}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(WO,"parseAllowedSubscriptionStatuses");Kn.parseAllowedSubscriptionStatuses=WO});var __=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.MonetizationInboundPolicy=void 0;var ih=Yr(),oh=Jd(),Xa=Li(),sh=O(),Gr=ie(),QO=Xt(),YO=Rt(),g_=m_(),b_=y_(),ZO=o(async(e,t,r,n)=>{if((0,YO.optionValidator)(r,n).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),!r.meterOnStatusCodes)throw new sh.ConfigurationError(`Invalid MonetizationInboundPolicy '${n}' - The property 'meterOnStatusCodes' must be an array of HTTP status code numbers`);let i=r.allowRequestsOverQuota??!1,s=Array.isArray(r.meterOnStatusCodes)?r.meterOnStatusCodes:(0,QO.statusCodesStringToNumberArray)(r.meterOnStatusCodes);(0,b_.validateMeters)(r.meters,n);let a=r.allowRequestsWithoutSubscription??!1,c=(0,b_.parseAllowedSubscriptionStatuses)(r.allowedSubscriptionStatuses,n);t.addResponseSendingFinalHook(async(g,_,S)=>{let T=oh.ContextData.get(S,ih.METERING_SUBSCRIPTION_CONTEXT_DATA);if((r.allowRequestsWithoutSubscription??!1)&&!T){S.log.debug(`MonetizationInboundPolicy '${n}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!r.bucketId)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new sh.ConfigurationError(`MonetizationInboundPolicy '${n}' - No bucketId property provided`);s.includes(g.status)&&T&&r.meters&&(S.log.debug(`MonetizationInboundPolicy '${n}' - Updating subscription '${T.id}' with meters '${JSON.stringify(r.meters)} on response status '${g.status}'`),await(0,g_.consumeSubcriptionQuotas)(S,T.id,n,r.bucketId,r.meters))});let u=e.user;if(!u)return a?e:Gr.HttpProblems.unauthorized(e,t,{detail:"Unable to check subscription for anonymous user"});if(!r.bucketId)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)r.bucketId=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new sh.ConfigurationError(`MonetizationInboundPolicy '${n}' - No bucketId property provided`);let{sub:l}=u,d=await(0,g_.loadSubscription)(t,l,n,r.bucketId);if(!d)return t.log.warn("No valid subscription found"),a?e:Gr.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"});if(!c.includes(d.status)&&!a)return t.log.warn(`Subscription '${d.id}' has status '${d.status}' which is not part of the allowed statuses.`),Gr.HttpProblems.unauthorized(e,t,{detail:"No valid subscription found"});c.includes(d.status)&&(t.log.debug(`Loading subscription '${d.id}' for user sub '${l}' to ContextData`),oh.ContextData.set(t,ih.METERING_SUBSCRIPTION_CONTEXT_DATA,d));let p=oh.ContextData.get(t,ih.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!p)return a?e:(t.log.warn("Subscription is not available for user"),Gr.HttpProblems.paymentRequired(e,t,{detail:"Subscription is not available for user",title:"No Subscription"}));if(p&&Object.keys(p.meters).length===0)return t.log.error(`Quota is not set up for subscription '${p.id}'`),Gr.HttpProblems.tooManyRequests(e,t,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let h=Object.keys(r.meters).filter(g=>!Object.keys(p.meters).includes(g));if(h.length>0)return t.log.warn(`The following policy meters are not present in the subscription: ${h.join(", ")}`),Gr.HttpProblems.tooManyRequests(e,t,{detail:`The following policy meters are not present in the subscription: ${h.join(", ")}`,title:"Quota Exceeded"});for(let g of Object.keys(r.meters))if(p.meters[g].consumed<=0&&!i)return Gr.HttpProblems.tooManyRequests(e,t,{detail:`Quota exceeded for meter '${g}'`,title:"Quota Exceeded"});return e},"MonetizationInboundPolicy");ec.MonetizationInboundPolicy=ZO});var E_=y(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.MockApiInboundPolicy=void 0;var XO=ie(),eN=o(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return ah(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return ah(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return w_(a[c])}else return a.length>0?w_(a[0]):ah(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");tc.MockApiInboundPolicy=eN;function w_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}o(w_,"generateResponse");var ah=o((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return XO.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var P_=y(Jn=>{"use strict";Object.defineProperty(Jn,"__esModule",{value:!0});Jn.MoesifInboundPolicy=Jn.setMoesifContext=void 0;var tN=O(),rN=ve(),nN="Incoming",iN={logRequestBody:!0,logResponseBody:!0};function v_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}o(v_,"headersToObject");function S_(){return new Date().toISOString()}o(S_,"timestamp");var ch=new WeakMap,oN={};function sN(e,t){let r=ch.get(e);r||(r=oN);let n=Object.assign({...r},t);ch.set(e,n)}o(sN,"setMoesifContext");Jn.setMoesifContext=sN;async function T_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}o(T_,"readBody");var aN={},uh;function I_(){if(!uh)throw new tN.RuntimeError("Invalid State - no _lastLogger");return uh}o(I_,"getLastLogger");function cN(e){let t=aN[e];return t||(t=new rN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);I_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||I_().error({status:i.status,body:await i.text()})})),t}o(cN,"getDispatcher");async function uN(e,t,r,n){uh=t.log;let i=S_(),s=Object.assign(iN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await T_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=cN(s.applicationId),d=e.headers.get("true-client-ip"),p=ch.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:v_(e.headers)},h=s.logResponseBody?await T_(c,t):void 0,g={time:S_(),status:c.status,headers:v_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:nN};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}o(uN,"MoesifInboundPolicy");Jn.MoesifInboundPolicy=uN});var A_=y(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.OktaJwtInboundPolicy=void 0;var lN=Vt(),dN=o(async(e,t,r,n)=>(0,lN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");rc.OktaJwtInboundPolicy=dN});var R_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.PropelAuthJwtInboundPolicy=void 0;var pN=(Hs(),po(ks)),hN=Vt(),lh,fN=o(async(e,t,r,n)=>{if(!lh)try{lh=await(0,pN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,hN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:lh,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");nc.PropelAuthJwtInboundPolicy=fN});var O_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=Xe(),rt=class extends Error{static{o(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=rt;var Fi=class extends rt{static{o(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=Fi;var qi=class extends rt{static{o(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=qi;function mN(e,t){if((0,je.isUndefined)(e))throw new Fi(t)}o(mN,"throwIfUndefined");V.throwIfUndefined=mN;function dh(e,t){if((0,je.isUndefinedOrNull)(e))throw new Fi(t)}o(dh,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=dh;function yN(e,t){if(dh(e,t),!(0,je.isString)(e))throw new qi(t,"string")}o(yN,"throwIfNotString");V.throwIfNotString=yN;function gN(e,t){if(dh(e,t),!(0,je.isNumber)(e))throw new qi(t,"number")}o(gN,"throwIfNotNumber");V.throwIfNotNumber=gN;var $i=class extends rt{static{o(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=$i;var zn=class extends rt{static{o(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=zn;function bN(e,t,r,n){if((0,je.isUndefined)(n))throw new $i(e,t,r)}o(bN,"throwIfOptionUndefined");V.throwIfOptionUndefined=bN;function ic(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new $i(e,t,r)}o(ic,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=ic;function _N(e,t,r,n){if(ic(e,t,r,n),!(0,je.isString)(n))throw new zn(e,t,r,"string")}o(_N,"throwIfOptionNotString");V.throwIfOptionNotString=_N;function wN(e,t,r,n){if(ic(e,t,r,n),!(0,je.isNumber)(n))throw new zn(e,t,r,"number")}o(wN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=wN;function EN(e,t,r,n){if(ic(e,t,r,n),!(0,je.isObject)(n))throw new zn(e,t,r,"object")}o(EN,"throwIfOptionNotObject");V.throwIfOptionNotObject=EN;function vN(e,t){if((0,je.isUndefined)(e))throw new rt(t)}o(vN,"throwIfStateUndefined");V.throwIfStateUndefined=vN;function oc(e,t){if((0,je.isUndefinedOrNull)(e))throw new rt(t)}o(oc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=oc;function SN(e,t){if(oc(e,t),!(0,je.isString)(e))throw new rt(t);return!0}o(SN,"throwIfStateNotString");V.throwIfStateNotString=SN;function TN(e,t){if(oc(e,t),!(0,je.isNumber)(e))throw new rt(t);return!0}o(TN,"throwIfStateNotNumber");V.throwIfStateNotNumber=TN;function IN(e,t){if(oc(e,t),!(0,je.isObject)(e))throw new rt(t);return!0}o(IN,"throwIfStateNotObject");V.throwIfStateNotObject=IN});var N_=y(Wn=>{"use strict";Object.defineProperty(Wn,"__esModule",{value:!0});Wn.InMemoryRedisClient=Wn.StandardRedisClient=void 0;var ph=O(),sc=O_(),hh=class e{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,sc.throwIfNotString)(t,"redisClientUrl"),(0,sc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,sc.throwIfNotString)(t,"url");let s=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new ph.SystemError("Redis client failed with 401: Unauthorized"):new ph.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Wn.StandardRedisClient=hh;var fh=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,sc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new ph.SystemError("The in-memory redis client only supports /rate-limit calls")}};Wn.InMemoryRedisClient=fh});var U_=y(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.RateLimitInboundPolicy=void 0;var PN=Rr(),AN=jt(),RN=go(),Ot=O(),ON=ie(),C_=Ke(),ji=W(),x_=N_(),L_=Xe(),ac=(0,PN.debug)("zuplo:policies:RateLimitInboundPolicy"),NN="strict",CN=o(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),xN=o(async e=>({key:`ip-${CN(e)}`}),"getIP"),LN=o(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),DN=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),cc;function UN(e,t){let r;if(cc)return cc;if(ji.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new x_.InMemoryRedisClient,cc=r,r;let{authApiJWT:n,redisURL:i}=ji.Environment.instance;if(!(0,L_.isString)(i))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,L_.isString)(n))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=x_.StandardRedisClient.initialize(i,n,ji.Environment.instance.deploymentName??"unknown",ji.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return cc=r,r}o(UN,"getRedisClient");async function D_(e,t,r,n,i){let s=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:e}),requestId:i})}o(D_,"getCountAndUpdateExpiry");function MN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ot.RuntimeError(u)}return c},"outerFunction")}o(MN,"wrapUserFunction");var kN="Retry-After",HN=o(async(e,t,r,n)=>{let i=Date.now(),s=C_.SystemLogMap.getLogger(t),a=o((u,l)=>{if(r.throwOnFailure)throw new Ot.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[kN]=l.toString()),ON.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:MN(r,n),user:LN,ip:xN,all:DN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=UN(n,s),T=`bucket/${ji.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??NN)==="async"){let L=await(0,AN.getPolicyCacheName)(n,r),re=new RN.ZoneCache(L,{logger:C_.SystemLogMap.getLogger(t)}),ne=D_(T,h,_,s,t.requestId),me=await re.get(T);if(me!==void 0&&me<=Date.now()){ac(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let E=Be,H=E.mutableResponse;E.mutableResponse=(async()=>{let xe=await ne;if(xe.count>m){let Eu=Date.now()+xe.ttlSeconds*1e3,_E=re.put(T,Eu,xe.ttlSeconds).catch(tf=>{throw s.error(new Ot.SystemError("Error caching rate limit result.",{cause:tf})),tf});return t.waitUntil(_E),ac(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(E){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),e}let K=await D_(T,h,_,s,t.requestId);return K.count>m?(ac(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,K.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;ac(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");uc.RateLimitInboundPolicy=HN});var F_=y(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.ReadmeMetricsInboundPolicy=void 0;var FN=ve(),mh=W(),M_=Xt(),yh;function k_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}o(k_,"headersToNameValuePairs");function qN(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}o(qN,"queryToNameValueParis");function $N(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}o($N,"parseIntOrUndefined");var H_={};async function jN(e,t,r,n){let i=new Date,s=Date.now();return yh||(yh={name:"zuplo",version:mh.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${mh.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,M_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,M_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:mh.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:yh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:k_(e.headers),queryString:qN(e.query)},response:{status:a.status,statusText:a.statusText,headers:k_(a.headers),content:{size:$N(e.headers.get("content-length"))}}}]}}},d=H_[r.apiKey];if(!d){let p=r.apiKey;d=new FN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),H_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}o(jN,"ReadmeMetricsInboundPolicy");lc.ReadmeMetricsInboundPolicy=jN});var q_=y(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.RemoveHeadersInboundPolicy=void 0;var VN=O(),GN=He(),BN=o(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new VN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(e.headers);return i.forEach(c=>{s.delete(c)}),new GN.ZuploRequest(e,{headers:s})},"RemoveHeadersInboundPolicy");dc.RemoveHeadersInboundPolicy=BN});var $_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RemoveHeadersOutboundPolicy=void 0;var KN=O(),JN=o(async(e,t,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new KN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return s.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");pc.RemoveHeadersOutboundPolicy=JN});var j_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.RemoveQueryParamsInboundPolicy=void 0;var zN=O(),WN=He(),QN=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new zN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(e.url);return i.forEach(c=>{s.searchParams.delete(c)}),new WN.ZuploRequest(s.toString(),e)},"RemoveQueryParamsInboundPolicy");hc.RemoveQueryParamsInboundPolicy=QN});var V_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.ReplaceStringOutboundPolicy=void 0;var YN=o(async(e,t,r,n)=>{let i=await e.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");fc.ReplaceStringOutboundPolicy=YN});var B_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.RequestSizeLimitInboundPolicy=void 0;var G_=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),ZN=o(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?G_():s&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?G_():e},"RequestSizeLimitInboundPolicy");mc.RequestSizeLimitInboundPolicy=ZN});var yc=y(nt=>{"use strict";Object.defineProperty(nt,"__esModule",{value:!0});nt.sanitizedIdentifierName=nt.getIdForRefSchema=nt.getIdForRequestBodySchema=nt.getIdForParameterSchema=nt.getRawOperationDataIdentifierName=void 0;function XN(e,t,r){return`_${Br(e+"_"+t+"_"+r)}`}o(XN,"getRawOperationDataIdentifierName");nt.getRawOperationDataIdentifierName=XN;function eC(e,t,r,n){return`_${Br(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(eC,"getIdForParameterSchema");nt.getIdForParameterSchema=eC;function tC(e,t,r){return`_${Br(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Br(r.toLowerCase())}`}o(tC,"getIdForRequestBodySchema");nt.getIdForRequestBodySchema=tC;function rC(e,t){return`_${Br(e)}__${Br(t)}`}o(rC,"getIdForRefSchema");nt.getIdForRefSchema=rC;function Br(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}o(Br,"sanitizedIdentifierName");nt.sanitizedIdentifierName=Br});var Vi=y(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var nC=Or(),iC=yc(),oC=o(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=oC;var sC=o((e,t,r,n,i)=>{let s=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,iC.getIdForParameterSchema)(r,n,i,u.name),p=nC.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");De.validateParameters=sC;var aC=o((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=aC;var cC=o(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=cC;var uC=o(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=uC;var lC=o(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=lC});var K_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.handleBodyValidation=void 0;var dC=Or(),gc=ie(),pC=yc(),ze=Vi();async function hC(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=gc.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",g,[n],h),(0,ze.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=gc.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,pC.getIdForRequestBodySchema)(e.route.path,t.method,i),c=dC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=gc.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=gc.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}o(hC,"handleBodyValidation");bc.handleBodyValidation=hC});var J_=y(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.handleHeadersValidation=void 0;var fC=ie(),Gi=Vi();function mC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Gi.getParametersForOperation)(e),s=(0,Gi.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=fC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,Gi.shouldLog)(r.validateHeaders)&&(0,Gi.logErrors)(e,r.logLevel??"info",a,s.invalidValues,s.errors),(0,Gi.shouldReject)(r.validateHeaders))return c}}o(mC,"handleHeadersValidation");_c.handleHeadersValidation=mC});var z_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.handlePathParameterValidation=void 0;var yC=ie(),Bi=Vi();function gC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,Bi.getParametersForOperation)(e),i=(0,Bi.validateParameters)(n.filter(s=>s.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=yC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Bi.shouldLog)(r.validatePathParameters)&&(0,Bi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Bi.shouldReject)(r.validatePathParameters))return a}}o(gC,"handlePathParameterValidation");wc.handlePathParameterValidation=gC});var W_=y(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.handleQueryParameterValidation=void 0;var bC=ie(),Ki=Vi();function _C(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Ki.getParametersForOperation)(e),i=(0,Ki.validateParameters)(n.filter(s=>s.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=bC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Ki.shouldLog)(r.validateQueryParameters)&&(0,Ki.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Ki.shouldReject)(r.validateQueryParameters))return a}}o(_C,"handleQueryParameterValidation");Ec.handleQueryParameterValidation=_C});var Q_=y(Kr=>{"use strict";Object.defineProperty(Kr,"__esModule",{value:!0});Kr.SchemaBasedRequestValidation=Kr.RequestValidationInboundPolicy=void 0;var wC=K_(),EC=J_(),vC=z_(),SC=W_(),TC=o(async(e,t,r)=>{let n=(0,SC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,vC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,EC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,wC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");Kr.RequestValidationInboundPolicy=TC;Kr.SchemaBasedRequestValidation=Kr.RequestValidationInboundPolicy});var Y_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.RequireOriginInboundPolicy=void 0;var IC=O(),PC=ie(),AC=o(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new IC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=e.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return PC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");vc.RequireOriginInboundPolicy=AC});var Z_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.SetBodyInboundPolicy=void 0;var RC=He(),OC=o(async(e,t,r)=>new RC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Sc.SetBodyInboundPolicy=OC});var ew=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.SetHeadersInboundPolicy=void 0;var X_=O(),NC=He(),CC=o(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new X_.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new X_.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new NC.ZuploRequest(e,{headers:s})},"SetHeadersInboundPolicy");Tc.SetHeadersInboundPolicy=CC});var rw=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.SetHeadersOutboundPolicy=void 0;var tw=O(),xC=o(async(e,t,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new tw.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new tw.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");Ic.SetHeadersOutboundPolicy=xC});var iw=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SetQueryParamsInboundPolicy=void 0;var nw=O(),LC=He(),DC=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new nw.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new nw.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new LC.ZuploRequest(s.toString(),e)},"SetQueryParamsInboundPolicy");Pc.SetQueryParamsInboundPolicy=DC});var ow=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.SetStatusOutboundPolicy=void 0;var UC=o(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Ac.SetStatusOutboundPolicy=UC});var sw=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.SleepInboundPolicy=void 0;var MC=O(),kC=o(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),HC=o(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new MC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await kC(r.sleepInMs),e},"SleepInboundPolicy");Rc.SleepInboundPolicy=HC});var cw=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.SupabaseJwtInboundPolicy=void 0;var aw=O(),FC=ie(),qC=He(),$C=Rt(),jC=Vt(),VC=o(async(e,t,r,n)=>{(0,$C.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,jC.OpenIdJwtInboundPolicy)(e,t,i,n);if(s instanceof Response)return s;if(!(s instanceof qC.ZuploRequest))throw new aw.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=e.user?.data.app_metadata;if(!c)throw new aw.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?FC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Oc.SupabaseJwtInboundPolicy=VC});var lw=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var GC=jt(),BC=Jt(),uw=O(),KC=En(),JC=Rt(),zC=o(async(e,t,r,n)=>{(0,JC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,GC.getPolicyCacheName)(n,r),s=new BC.MemoryZoneReadThroughCache(i,t),a=await s.get(n);if(!a){let c=await WC(r,t);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Nc.UpstreamAzureAdServiceAuthInboundPolicy=zC;async function WC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,KC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();t.log.error("Could not get token from Azure AD",s)}catch{}throw new uw.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new uw.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(WC,"getAccessToken")});var pw=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var QC=jt(),YC=Jt(),ZC=O(),gh=vn(),XC=Rt(),dw="https://accounts.google.com/o/oauth2/token",bh,ex=o(async(e,t,r,n)=>{(0,XC.optionValidator)(r,n).required("serviceAccountJson","string"),bh||(bh=await gh.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,QC.getPolicyCacheName)(n,r),a=new YC.MemoryZoneReadThroughCache(s,t),c=await a.get(n);if(!c){let u=await(0,gh.getTokenFromGcpServiceAccount)({serviceAccount:bh,audience:dw,payload:i}),l=await(0,gh.exchangeGgpJwtForIdToken)(dw,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new ZC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Cc.UpstreamFirebaseAdminAuthInboundPolicy=ex});var hw=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var tx=jt(),rx=Jt(),Qn=O(),nx=Yp(),_h=vn(),ix=Xt(),ox=Rt(),sx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",ax=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],wh,cx=o(async(e,t,r,n)=>{if((0,ox.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Qn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(ax.indexOf(p)!==-1)throw new Qn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}wh||(wh=await _h.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!e.user)throw new Qn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Qn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,ix.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new Qn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,tx.getPolicyCacheName)(n,r),c=new rx.MemoryZoneReadThroughCache(a,t),u={uid:s,claims:i},l=await(0,nx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,_h.getTokenFromGcpServiceAccount)({serviceAccount:wh,audience:sx,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,_h.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Qn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");xc.UpstreamFirebaseUserAuthInboundPolicy=cx});var mw=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.UpstreamGcpJwtInboundPolicy=void 0;var fw=vn(),ux=Rt(),Eh,lx=o(async(e,t,r,n)=>{(0,ux.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Eh||(Eh=await fw.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,fw.getTokenFromGcpServiceAccount)({serviceAccount:Eh,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Lc.UpstreamGcpJwtInboundPolicy=lx});var gw=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.UpstreamGcpServiceAuthInboundPolicy=void 0;var dx=jt(),px=Ru(),hx=Jt(),Ji=O(),vh=vn(),fx=Xt(),mx=Rt(),yw="https://www.googleapis.com/oauth2/v4/token",Sh,yx=o(async(e,t,r,n)=>{(0,mx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Sh||(Sh=await vh.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Ji.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,fx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Ji.ConfigurationError?new Ji.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,dx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new px.MemoryCache(s):a=new hx.MemoryZoneReadThroughCache(s,t);let c=await a.get(n);if(!c){let u=await(0,vh.getTokenFromGcpServiceAccount)({serviceAccount:Sh,audience:yw,payload:i}),l=await(0,vh.exchangeGgpJwtForIdToken)(yw,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Ji.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Ji.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");Dc.UpstreamGcpServiceAuthInboundPolicy=yx});var _w=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.ValidateJsonSchemaInbound=void 0;var gx=O(),bw=ie(),bx=o(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return bw.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new gx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return bw.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Uc.ValidateJsonSchemaInbound=bx});var ww=y(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.ServiceProviderImpl=void 0;var _x=O(),Th=class{static{o(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new _x.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Mc.ServiceProviderImpl=Th});var Lw=y(f=>{"use strict";var wx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Ih=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&wx(t,e,r)},Ex=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MonetizationInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.OutboundPolicy=f.InboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=void 0;cf();var vx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return vx.MemoryZoneReadThroughCache}});var Sx=go();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Sx.ZoneCache}});var Ew=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return Ew.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return Ew.ResponseSentEvent}});var Tx=Jd();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Tx.ContextData}});var Ph=Li();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return Ph.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Ph.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Ph.isZuploReadableEnvVariableName}});var vw=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return vw.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return vw.RuntimeError}});var Ix=Wd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Ix.originalFetch}});var Sw=Mg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return Sw.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return Sw.purgeGatewayCache}});var Tw=Xg();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return Tw.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return Tw.awsLambdaHandler}});var Px=tb();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Px.openApiSpecHandler}});var Ax=rb();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Ax.redirectHandler}});var Rx=ib();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Rx.urlForwardHandler}});var Ox=sb();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Ox.urlRewriteHandler}});var Nx=cb();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Nx.webSocketHandler}});var Cx=db();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return Cx.webSocketPipelineHandler}});var xx=Xu();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return xx.HttpStatusCode}});Ih(_b(),f);Ih(vb(),f);var Lx=Sb();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Lx.AuditLogDataStaxProvider}});var Dx=Ib();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Dx.AuditLogPlugin}});Ih(qb(),f);var Iw=Yo();Object.defineProperty(f,"InboundPolicy",{enumerable:!0,get:function(){return Iw.InboundPolicy}});Object.defineProperty(f,"OutboundPolicy",{enumerable:!0,get:function(){return Iw.OutboundPolicy}});var Pw=Bb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return Pw.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return Pw.AmberfloMeteringPolicy}});var Ux=Qb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Ux.ApiAuthKeyInboundPolicy}});var Mx=eh();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiKeyInboundPolicy}});var kx=Yb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return kx.Auth0JwtInboundPolicy}});var Hx=Zb();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Hx.BasicAuthInboundPolicy}});var Fx=Xb();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return Fx.CachingInboundPolicy}});var qx=e_();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return qx.ChangeMethodInboundPolicy}});var $x=t_();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return $x.ClearHeadersInboundPolicy}});var jx=r_();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersOutboundPolicy}});var Vx=n_();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Vx.ClerkJwtInboundPolicy}});var Gx=o_();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.CognitoJwtInboundPolicy}});var Bx=a_();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Bx.CompositeInboundPolicy}});var Kx=c_();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Kx.CurityPhantomTokenInboundPolicy}});var Jx=u_();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return Jx.FirebaseJwtInboundPolicy}});var zx=l_();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return zx.FormDataToJsonInboundPolicy}});var Wx=d_();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Wx.GeoFilterInboundPolicy}});var Qx=p_();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Qx.JWTScopeValidationInboundPolicy}});var Yx=__();Object.defineProperty(f,"MonetizationInboundPolicy",{enumerable:!0,get:function(){return Yx.MonetizationInboundPolicy}});var Zx=E_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Zx.MockApiInboundPolicy}});var Aw=P_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return Aw.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return Aw.setMoesifContext}});var Xx=A_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return Xx.OktaJwtInboundPolicy}});var eL=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return eL.OpenIdJwtInboundPolicy}});var tL=R_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return tL.PropelAuthJwtInboundPolicy}});var Rw=U_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return Rw.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return Rw.RateLimitInboundPolicy}});var rL=F_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return rL.ReadmeMetricsInboundPolicy}});var nL=q_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return nL.RemoveHeadersInboundPolicy}});var iL=$_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return iL.RemoveHeadersOutboundPolicy}});var oL=j_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return oL.RemoveQueryParamsInboundPolicy}});var sL=V_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return sL.ReplaceStringOutboundPolicy}});var aL=B_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return aL.RequestSizeLimitInboundPolicy}});var Ow=Q_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return Ow.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return Ow.SchemaBasedRequestValidation}});var cL=Y_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return cL.RequireOriginInboundPolicy}});var uL=Z_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return uL.SetBodyInboundPolicy}});var lL=ew();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return lL.SetHeadersInboundPolicy}});var dL=rw();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return dL.SetHeadersOutboundPolicy}});var pL=iw();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return pL.SetQueryParamsInboundPolicy}});var hL=ow();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return hL.SetStatusOutboundPolicy}});var fL=sw();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return fL.SleepInboundPolicy}});var mL=Cp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return mL.StripeWebhookVerificationInboundPolicy}});var yL=cw();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return yL.SupabaseJwtInboundPolicy}});var gL=lw();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return gL.UpstreamAzureAdServiceAuthInboundPolicy}});var bL=pw();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return bL.UpstreamFirebaseAdminAuthInboundPolicy}});var _L=hw();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return _L.UpstreamFirebaseUserAuthInboundPolicy}});var wL=mw();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wL.UpstreamGcpJwtInboundPolicy}});var EL=gw();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return EL.UpstreamGcpServiceAuthInboundPolicy}});var vL=_w();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return vL.ValidateJsonSchemaInbound}});var SL=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return SL.HttpProblems}});var TL=Po();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return TL.ProblemResponseFormatter}});var IL=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return IL.ZuploRequest}});var PL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return PL.SystemRouteName}});var Nw=Hd();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return Nw.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return Nw.Router}});var Cw=Vu();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return Cw.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return Cw.serialize}});var AL=ww();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return AL.ServiceProviderImpl}});var xw=bl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return xw.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return xw.SYSTEM_LOGGER}});var RL=tl();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return Ex(RL).default}});var OL=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return OL.SystemLogMap}});var zi=yc();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return zi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return zi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return zi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return zi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return zi.sanitizedIdentifierName}})});var Dw=y(Yn=>{"use strict";Object.defineProperty(Yn,"__esModule",{value:!0});Yn.BaseCryptoBeta=Yn.supportedDigests=void 0;Yn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Ah=class{static{o(this,"BaseCryptoBeta")}};Yn.BaseCryptoBeta=Ah});var Uw=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.WorkerCryptoBeta=void 0;var Rh=Dw(),NL=O(),Oh=class extends Rh.BaseCryptoBeta{static{o(this,"WorkerCryptoBeta")}async digest(t,r){if(!Rh.supportedDigests.includes(t.toLowerCase()))throw new NL.RuntimeError(`Algorithm ${t} is not supported. Try using ${Rh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};kc.WorkerCryptoBeta=Oh});var Mw=y(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.BaseKeyValueStore=void 0;var Nh=class{static{o(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};Hc.BaseKeyValueStore=Nh});var Hw=y(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.WorkerKeyValueStore=void 0;var kw=O(),CL=Mw(),Ch=class extends CL.BaseKeyValueStore{static{o(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new kw.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new kw.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};Fc.WorkerKeyValueStore=Ch});var Mt=y(pt=>{"use strict";var xL=pt&&pt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),LL=pt&&pt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&xL(t,e,r)};Object.defineProperty(pt,"__esModule",{value:!0});pt.KeyValueStore=pt.CryptoBeta=void 0;LL(Lw(),pt);var DL=Uw();Object.defineProperty(pt,"CryptoBeta",{enumerable:!0,get:function(){return DL.WorkerCryptoBeta}});var UL=Hw();Object.defineProperty(pt,"KeyValueStore",{enumerable:!0,get:function(){return UL.WorkerKeyValueStore}})});var jD={};lo(jD,{GraphQLComplexityLimitInboundPolicy:()=>yE,GraphQLDisableIntrospectionInboundPolicy:()=>bE});module.exports=po(jD);var ui=nf(Mt());function G(e,t){if(!!!e)throw new Error(t)}o(G,"devAssert");function we(e){return typeof e=="object"&&e!==null}o(we,"isObjectLike");function Nt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}o(Nt,"invariant");var ML=/\r\n|[\n\r]/g;function Zn(e,t){let r=0,n=1;for(let i of e.body.matchAll(ML)){if(typeof i.index=="number"||Nt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}o(Zn,"getLocation");function xh(e){return qc(e.source,Zn(e.source,e.start))}o(xh,"printLocation");function qc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,s=e.locationOffset.line-1,a=t.line+s,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
75
75
|
`,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,g=[];for(let _=0;_<p.length;_+=80)g.push(p.slice(_,_+80));return l+Fw([[`${a} |`,g[0]],...g.slice(1,m+1).map(_=>["|",_]),["|","^".padStart(h)],["|",g[m+1]]])}return l+Fw([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}o(qc,"printSourceLocation");function Fw(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
|
|
76
76
|
`)}o(Fw,"printPrefixedLines");function kL(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}o(kL,"toNormalizedOptions");var x=class e extends Error{static{o(this,"GraphQLError")}constructor(t,...r){var n,i,s;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=kL(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=qw(Array.isArray(a)?a:a?[a]:void 0);let m=qw((n=this.nodes)===null||n===void 0?void 0:n.map(g=>g.loc).filter(g=>g!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(g=>g.start),this.locations=u&&c?u.map(g=>Zn(c,g)):m?.map(g=>Zn(g.source,g.start));let h=we(d?.extensions)?d?.extensions:void 0;this.extensions=(s=p??h)!==null&&s!==void 0?s:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
|
|
77
77
|
|