@zuplo/graphql 5.1805.0 → 5.1807.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new $r.StripeSignatureVerificationError(t,e,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}o(a0,"validateComputedSignature");function c0(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(c0,"parseHeader");function u0(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}o(u0,"secureCompare");async function Ob(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=xp[s[c]];return a.join("")}o(Ob,"computeHMACSignatureAsync");qn.computeHMACSignatureAsync=Ob;var xp=new Array(256);for(let e=0;e<xp.length;e++)xp[e]=e.toString(16).padStart(2,"0")});var Rt=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.optionValidator=void 0;var $n=O(),l0=Xe();function d0(e,t){if(!(0,l0.isObject)(e))throw new $n.ConfigurationError(`Options on policy '${t}' is expected to be an object. Received the type '${typeof e}'.`);let r=o((s,a,c)=>{let u=e[s];if(!(c&&u===void 0)){if(u===void 0)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=o((s,a)=>(r(s,a,!0),{optional:n,required:i}),"optional"),i=o((s,a)=>(r(s,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}o(d0,"optionValidator");Pa.optionValidator=d0});var Dp=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.StripeWebhookVerificationInboundPolicy=void 0;var p0=yi(),h0=ie(),f0=Nb(),m0=Rt(),Lp=class extends p0.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(t,r){(0,m0.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=t.headers.get("stripe-signature");try{let i=await t.clone().text();await(0,f0.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){return r.log.error("Error validating stripe webhook",i),h0.HttpProblems.badRequest(t,r,{title:"Webhook Error",detail:i.message})}return t}};Aa.StripeWebhookVerificationInboundPolicy=Lp});var xb=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.isStripeWebhookEvent=void 0;var Cb=Xe();function y0(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Cb.isString)(e.id)&&"type"in e&&(0,Cb.isString)(e.type)}o(y0,"isStripeWebhookEvent");Ra.isStripeWebhookEvent=y0});var Lb=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.MeteringPlugin=void 0;var g0=bt(),Up=class extends g0.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Oa.MeteringPlugin=Up});var Ub=y(Mp=>{"use strict";Object.defineProperty(Mp,"__esModule",{value:!0});var Db=O(),b0={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new Db.RuntimeError(s)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new Db.RuntimeError(s)}return i}};Mp.default=b0});var Mb=y(br=>{"use strict";Object.defineProperty(br,"__esModule",{value:!0});br.deleteConsumer=br.createConsumerInvite=br.createConsumer=void 0;var kp=O(),Hp=Ke(),Fp=W(),qp=Sn(),$p="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function _0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=Fp.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,$p);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new kp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}o(_0,"createConsumer");br.createConsumer=_0;async function E0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=Fp.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,$p);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new kp.RuntimeError(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}o(E0,"createConsumerInvite");br.createConsumerInvite=E0;async function w0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Fp.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,$p);i.searchParams.set("with-api-key","true");let s=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new kp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}o(w0,"deleteConsumer");br.deleteConsumer=w0});var Na=y(Er=>{"use strict";Object.defineProperty(Er,"__esModule",{value:!0});Er.getSubscription=Er.updateSubscription=Er.createSubscription=void 0;var _r=O(),jp=Ke(),Vp=W(),Gp=Sn(),Bp=Xe();async function v0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(l))throw new _r.SystemError("No Zuplo JWT token set.");let p=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new _r.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}o(v0,"createSubscription");Er.createSubscription=v0;async function S0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new _r.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(S0,"updateSubscription");Er.updateSubscription=S0;async function T0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new _r.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}return c.data[0]}o(T0,"getSubscription");Er.getSubscription=T0});var Kp=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.stripeStatusToMeteringStatus=void 0;function I0(e){return e.replaceAll("_","-")}o(I0,"stripeStatusToMeteringStatus");Ca.stripeStatusToMeteringStatus=I0});var kb=y(qi=>{"use strict";var P0=qi&&qi.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(qi,"__esModule",{value:!0});var jr=ie(),A0=P0(Ub()),Jp=Mb(),R0=Na(),O0=Kp();async function N0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Jp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await A0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Jp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,O0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,R0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Jp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}o(N0,"onCustomerSubscriptionCreated");qi.default=N0});var Fb=y(Wp=>{"use strict";Object.defineProperty(Wp,"__esModule",{value:!0});var zp=ie(),Hb=Na();async function C0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),zp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),zp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,Hb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Hb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),zp.HttpProblems.ok(e,t)}o(C0,"onCustomerSubscriptionDeleted");Wp.default=C0});var qb=y(Qp=>{"use strict";Object.defineProperty(Qp,"__esModule",{value:!0});var $i=ie(),xa=Na(),x0=Kp();async function L0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),$i.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),$i.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,xa.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,x0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,xa.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),$i.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,xa.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,xa.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),$i.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),$i.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(L0,"onCustomerSubscriptionUpdated");Qp.default=L0});var jb=y(jn=>{"use strict";var Zp=jn&&jn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(jn,"__esModule",{value:!0});jn.StripeMeteringPlugin=void 0;var La=Mi(),Da=O(),D0=Ut(),U0=Dp(),$b=ie(),M0=Yt(),k0=sn(),H0=tl(),F0=at(),q0=W(),$0=xb(),j0=Lb(),V0=Zp(kb()),G0=Zp(Fb()),B0=Zp(qb()),Yp=class extends j0.MeteringPlugin{static{o(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(La.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=La.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Da.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(La.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=La.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Da.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!q0.Environment.instance.build.ACCOUNT_NAME)throw new Da.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!K0(p))throw new Da.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,$0.isStripeWebhookEvent)(m))return $b.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,V0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,B0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,G0.default)(c,u,m,{meteringBucketId:l});default:return $b.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,k0.createInternalPolicyProcessor)({inboundPolicies:[new U0.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new D0.Pipeline({processors:[M0.metricsProcessor,i],handler:n,gateway:r}),a=new F0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:H0.SystemRouteName.StripePlugin});t.addRoute(a,s.execute)}};jn.StripeMeteringPlugin=Yp;function K0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}o(K0,"isMetricsRegion")});var Jb=y(Vn=>{"use strict";Object.defineProperty(Vn,"__esModule",{value:!0});Vn.AmberfloMeteringInboundPolicy=Vn.AmberfloMeteringPolicy=void 0;var Vb=O(),J0=ve(),Gb=Xt(),Kb=new WeakMap,Bb={},Xp=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Kb.set(t,r)}};Vn.AmberfloMeteringPolicy=Xp;async function z0(e,t,r,n){if(!r.statusCodes)throw new Vb.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Gb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=Kb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Vb.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Gb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Bb[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new J0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Bb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}o(z0,"AmberfloMeteringInboundPolicy");Vn.AmberfloMeteringInboundPolicy=z0});var eh=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.sha256=void 0;async function W0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(W0,"sha256");Ua.sha256=W0});var jt=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.getPolicyCacheName=void 0;var Q0=eh(),zb=new Map;async function Y0(e,t){let r,n=zb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,Q0.sha256)(JSON.stringify({policyName:e,options:t}))}`,zb.set(e,r)),r}o(Y0,"getPolicyCacheName");Ma.getPolicyCacheName=Y0});var nh=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ApiKeyInboundPolicy=void 0;var Z0=jt(),X0=Jt(),Wb=Mi(),th=O(),eO=Mt(),Qb=Ke(),rh=W(),tO=Sn(),Yb="key-metadata-cache-type";function rO(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}o(rO,"getKeyValue");async function nO(e,t,r,n){if(!r.bucketName)if(Wb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Wb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new th.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new th.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(S=>i.allowUnauthenticatedRequests?e:eO.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=rO(a,i);if(!c||c==="")return s("No key present");let u=await iO(c),l=await(0,Z0.getPolicyCacheName)(n,i),d=new X0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Yb&&Qb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:c},h=await(0,tO.fetchRetry)({retryDelayMs:5,retries:2,logger:Qb.SystemLogMap.getLogger(t)},`${rh.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":rh.Environment.instance.deploymentName??"unknown","User-Agent":rh.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new th.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Yb,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}o(nO,"ApiKeyInboundPolicy");ka.ApiKeyInboundPolicy=nO;async function iO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(iO,"hashValue")});var Zb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.ApiAuthKeyInboundPolicy=void 0;var oO=nh();Ha.ApiAuthKeyInboundPolicy=oO.ApiKeyInboundPolicy});var Vt=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OpenIdJwtInboundPolicy=void 0;var oh=(qs(),mo(Fs)),sh=O(),sO=ie(),ih={},aO=o(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new sh.ConfigurationError("Invalid State - jwkUrl not set");ih[t.jwkUrl]||(ih[t.jwkUrl]=(0,oh.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,oh.jwtVerify)(e,ih[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),cO=o(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let s=new TextEncoder().encode(t.secret);r=new Uint8Array(s)}else r=t.secret;let{payload:n}=await(0,oh.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),uO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),s="bearer ",a=o(m=>sO.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new sh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new sh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?aO:cO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(s.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Fa.OpenIdJwtInboundPolicy=uO});var Xb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.Auth0JwtInboundPolicy=void 0;var lO=Vt(),dO=o(async(e,t,r,n)=>(0,lO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");qa.Auth0JwtInboundPolicy=dO});var e_=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.BasicAuthInboundPolicy=void 0;var pO=ie(),hO=o(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",s=o(l=>pO.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");$a.BasicAuthInboundPolicy=hO});var t_=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.CachingInboundPolicy=void 0;var fO=jt(),mO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function yO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(yO,"digestMessage");var gO=o(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await yO(JSON.stringify(n)),s=new URL(e.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function bO(e,t,r,n){let i=await(0,fO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await gO(e,r),u=await s.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);mO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(s.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}o(bO,"CachingInboundPolicy");ja.CachingInboundPolicy=bO});var r_=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.ChangeMethodInboundPolicy=void 0;var _O=O(),EO=He(),wO=o(async(e,t,r,n)=>{if(!r.method)throw new _O.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new EO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Va.ChangeMethodInboundPolicy=wO});var n_=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ClearHeadersInboundPolicy=void 0;var vO=He(),SO=o(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new vO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ga.ClearHeadersInboundPolicy=SO});var i_=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.ClearHeadersOutboundPolicy=void 0;var TO=o(async(e,t,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&s.set(c,u)}),new Response(e.body,{headers:s,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ba.ClearHeadersOutboundPolicy=TO});var o_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.ClerkJwtInboundPolicy=void 0;var IO=Vt(),PO=o(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,IO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ka.ClerkJwtInboundPolicy=PO});var a_=y(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.CognitoJwtInboundPolicy=void 0;var s_=O(),AO=Vt(),RO=o(async(e,t,r,n)=>{if(!r.userPoolId)throw new s_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new s_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,AO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ja.CognitoJwtInboundPolicy=RO});var u_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.CompositeInboundPolicy=void 0;var OO=O(),NO=Or(),c_=sn(),CO=o(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new OO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=NO.Gateway.instance,s=(0,c_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,c_.toStackedInboundHandler)(s)(e,t)},"CompositeInboundPolicy");za.CompositeInboundPolicy=CO});var l_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.CurityPhantomTokenInboundPolicy=void 0;var xO=jt(),LO=Jt(),Wa=ie(),DO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Wa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let s=UO(i);if(!s)return Wa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,xO.getPolicyCacheName)(n,r),c=new LO.MemoryZoneReadThroughCache(a,t),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Wa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Wa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Qa.CurityPhantomTokenInboundPolicy=DO;function UO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}o(UO,"getToken")});var d_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.FirebaseJwtInboundPolicy=void 0;var MO=Rt(),kO=Vt(),HO=o(async(e,t,r,n)=>((0,MO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,kO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ya.FirebaseJwtInboundPolicy=HO});var p_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.FormDataToJsonInboundPolicy=void 0;var FO=He(),qO=o(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=e.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new FO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Za.FormDataToJsonInboundPolicy=qO});var h_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.GeoFilterInboundPolicy=void 0;var $O=O(),jO=ie(),Gn="__unknown__",VO=o(async(e,t,r,n)=>{let i={allow:{countries:Kn(r.allow?.countries,"allow.countries",n),regionCodes:Kn(r.allow?.regionCodes,"allow.regionCode",n),asns:Kn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Kn(r.block?.countries,"block.countries",n),regionCodes:Kn(r.block?.regionCodes,"block.regionCode",n),asns:Kn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=t.incomingRequestProperties.country?.toLowerCase()??Gn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Gn,c=t.incomingRequestProperties.asn?.toString()??Gn,u=i.ignoreUnknown&&s===Gn,l=i.ignoreUnknown&&a===Gn,d=i.ignoreUnknown&&c===Gn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Bn(e,t,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Bn(e,t,n,s,a,c):e},"GeoFilterInboundPolicy");Xa.GeoFilterInboundPolicy=VO;function Bn(e,t,r,n,i,s){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),jO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:s}})}o(Bn,"blockedResponse");function Kn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new $O.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}o(Kn,"toLowerStringArray")});var f_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.JWTScopeValidationInboundPolicy=void 0;var GO=o(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ec.JWTScopeValidationInboundPolicy=GO});var g_=y(Jn=>{"use strict";Object.defineProperty(Jn,"__esModule",{value:!0});Jn.consumeSubcriptionQuotas=Jn.loadSubscription=void 0;var m_=Ke(),y_=W();async function BO(e,t,r,n){let i=m_.SystemLogMap.getLogger(e),{authApiJWT:s,meteringServiceUrl:a}=y_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${t}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(BO,"loadSubscription");Jn.loadSubscription=BO;async function KO(e,t,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=y_.Environment.instance,c=m_.SystemLogMap.getLogger(e);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${t}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(KO,"consumeSubcriptionQuotas");Jn.consumeSubcriptionQuotas=KO});var b_=y(zn=>{"use strict";Object.defineProperty(zn,"__esModule",{value:!0});zn.parseAllowedSubscriptionStatuses=zn.validateMeters=void 0;var Vr=O(),JO=Xt(),zO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function WO(e,t){try{let r=[];for(let n in e)typeof e[n]!="number"&&!(Number.isInteger(e[n])&&/^-?\d+$/.test(e[n].toString()))&&r.push(n);if(r.length>0)throw new Vr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'meters' is invalid. ${r.message}`):r}}o(WO,"validateMeters");zn.validateMeters=WO;function QO(e,t){if(e)try{if(e.length===0)throw new Vr.ConfigurationError("Must set valid subscription statuses");let r=(0,JO.parseValueToStringArray)(e),n=[];for(let i of r)zO.has(i)||n.push(i);if(n.length>0)throw new Vr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return e}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(QO,"parseAllowedSubscriptionStatuses");zn.parseAllowedSubscriptionStatuses=QO});var E_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.MonetizationPolicy=void 0;var Gr=Xr(),Br=Qd(),tc=Mi(),ah=O(),YO=yi(),Kr=ie(),ZO=Xt(),XO=Rt(),__=g_(),rc=b_(),ch=class extends YO.InboundPolicy{static{o(this,"MonetizationPolicy")}static getSubscription(t){return Br.ContextData.get(t,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(t,r){(0,rc.validateMeters)(r,"setMeters"),Br.ContextData.set(t,Gr.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(t,r){if((0,XO.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),!this.options.meterOnStatusCodes)throw new ah.ConfigurationError(`Invalid MonetizationInboundPolicy '${this.policyName}' - The property 'meterOnStatusCodes' must be an array of HTTP status code numbers`);let n=this.options.allowRequestsOverQuota??!1,i=Array.isArray(this.options.meterOnStatusCodes)?this.options.meterOnStatusCodes:(0,ZO.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=Br.ContextData.get(r,Gr.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,rc.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,rc.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(_,S,T)=>{let k=Br.ContextData.get(T,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!k){T.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ah.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let L=Br.ContextData.get(T,Gr.DYNAMIC_METERS_CONTEXT_DATA),Z={...this.options.meters,...L};(0,rc.validateMeters)(Z,this.policyName),i.includes(_.status)&&k&&Z&&(T.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${k.id}' with meters '${JSON.stringify(Z)} on response status '${_.status}'`),await(0,__.consumeSubcriptionQuotas)(T,k.id,this.policyName,this.options.bucketId,Z))});let l=t.user;if(!l)return c?t:Kr.HttpProblems.unauthorized(t,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ah.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,__.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?t:Kr.HttpProblems.unauthorized(t,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),Kr.HttpProblems.unauthorized(t,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),Br.ContextData.set(r,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let m=Br.ContextData.get(r,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!m)return c?t:(r.log.warn("Subscription is not available for user"),Kr.HttpProblems.paymentRequired(t,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(m&&Object.keys(m.meters).length===0)return r.log.error(`Quota is not set up for subscription '${m.id}'`),Kr.HttpProblems.tooManyRequests(t,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let g=Object.keys(a).filter(_=>!Object.keys(m.meters).includes(_));if(g.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${g.join(", ")}`),Kr.HttpProblems.tooManyRequests(t,r,{detail:`The following policy meters are not present in the subscription: ${g.join(", ")}`,title:"Quota Exceeded"});for(let _ of Object.keys(a))if(m.meters[_].consumed<=0&&!n)return Kr.HttpProblems.tooManyRequests(t,r,{detail:`Quota exceeded for meter '${_}'`,title:"Quota Exceeded"});return t}};nc.MonetizationPolicy=ch});var v_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.MockApiInboundPolicy=void 0;var eN=ie(),tN=o(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return uh(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return uh(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return w_(a[c])}else return a.length>0?w_(a[0]):uh(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");ic.MockApiInboundPolicy=tN;function w_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}o(w_,"generateResponse");var uh=o((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return eN.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var A_=y(Wn=>{"use strict";Object.defineProperty(Wn,"__esModule",{value:!0});Wn.MoesifInboundPolicy=Wn.setMoesifContext=void 0;var rN=O(),nN=ve(),iN="Incoming",oN={logRequestBody:!0,logResponseBody:!0};function S_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}o(S_,"headersToObject");function T_(){return new Date().toISOString()}o(T_,"timestamp");var lh=new WeakMap,sN={};function aN(e,t){let r=lh.get(e);r||(r=sN);let n=Object.assign({...r},t);lh.set(e,n)}o(aN,"setMoesifContext");Wn.setMoesifContext=aN;async function I_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}o(I_,"readBody");var cN={},dh;function P_(){if(!dh)throw new rN.RuntimeError("Invalid State - no _lastLogger");return dh}o(P_,"getLastLogger");function uN(e){let t=cN[e];return t||(t=new nN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);P_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||P_().error({status:i.status,body:await i.text()})})),t}o(uN,"getDispatcher");async function lN(e,t,r,n){dh=t.log;let i=T_(),s=Object.assign(oN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await I_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=uN(s.applicationId),d=e.headers.get("true-client-ip"),p=lh.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:S_(e.headers)},h=s.logResponseBody?await I_(c,t):void 0,g={time:T_(),status:c.status,headers:S_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:iN};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}o(lN,"MoesifInboundPolicy");Wn.MoesifInboundPolicy=lN});var R_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.OktaJwtInboundPolicy=void 0;var dN=Vt(),pN=o(async(e,t,r,n)=>(0,dN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");oc.OktaJwtInboundPolicy=pN});var O_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.PropelAuthJwtInboundPolicy=void 0;var hN=(qs(),mo(Fs)),fN=Vt(),ph,mN=o(async(e,t,r,n)=>{if(!ph)try{ph=await(0,hN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,fN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:ph,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");sc.PropelAuthJwtInboundPolicy=mN});var N_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=Xe(),rt=class extends Error{static{o(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=rt;var ji=class extends rt{static{o(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=ji;var Vi=class extends rt{static{o(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Vi;function yN(e,t){if((0,je.isUndefined)(e))throw new ji(t)}o(yN,"throwIfUndefined");V.throwIfUndefined=yN;function hh(e,t){if((0,je.isUndefinedOrNull)(e))throw new ji(t)}o(hh,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=hh;function gN(e,t){if(hh(e,t),!(0,je.isString)(e))throw new Vi(t,"string")}o(gN,"throwIfNotString");V.throwIfNotString=gN;function bN(e,t){if(hh(e,t),!(0,je.isNumber)(e))throw new Vi(t,"number")}o(bN,"throwIfNotNumber");V.throwIfNotNumber=bN;var Gi=class extends rt{static{o(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Gi;var Qn=class extends rt{static{o(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Qn;function _N(e,t,r,n){if((0,je.isUndefined)(n))throw new Gi(e,t,r)}o(_N,"throwIfOptionUndefined");V.throwIfOptionUndefined=_N;function ac(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Gi(e,t,r)}o(ac,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=ac;function EN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isString)(n))throw new Qn(e,t,r,"string")}o(EN,"throwIfOptionNotString");V.throwIfOptionNotString=EN;function wN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isNumber)(n))throw new Qn(e,t,r,"number")}o(wN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=wN;function vN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isObject)(n))throw new Qn(e,t,r,"object")}o(vN,"throwIfOptionNotObject");V.throwIfOptionNotObject=vN;function SN(e,t){if((0,je.isUndefined)(e))throw new rt(t)}o(SN,"throwIfStateUndefined");V.throwIfStateUndefined=SN;function cc(e,t){if((0,je.isUndefinedOrNull)(e))throw new rt(t)}o(cc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=cc;function TN(e,t){if(cc(e,t),!(0,je.isString)(e))throw new rt(t);return!0}o(TN,"throwIfStateNotString");V.throwIfStateNotString=TN;function IN(e,t){if(cc(e,t),!(0,je.isNumber)(e))throw new rt(t);return!0}o(IN,"throwIfStateNotNumber");V.throwIfStateNotNumber=IN;function PN(e,t){if(cc(e,t),!(0,je.isObject)(e))throw new rt(t);return!0}o(PN,"throwIfStateNotObject");V.throwIfStateNotObject=PN});var C_=y(Yn=>{"use strict";Object.defineProperty(Yn,"__esModule",{value:!0});Yn.InMemoryRedisClient=Yn.StandardRedisClient=void 0;var fh=O(),uc=N_(),mh=class e{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,uc.throwIfNotString)(t,"redisClientUrl"),(0,uc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,uc.throwIfNotString)(t,"url");let s=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new fh.SystemError("Redis client failed with 401: Unauthorized"):new fh.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Yn.StandardRedisClient=mh;var yh=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,uc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new fh.SystemError("The in-memory redis client only supports /rate-limit calls")}};Yn.InMemoryRedisClient=yh});var M_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RateLimitInboundPolicy=void 0;var AN=Rr(),RN=jt(),ON=Eo(),Ot=O(),NN=ie(),x_=Ke(),Bi=W(),L_=C_(),D_=Xe(),lc=(0,AN.debug)("zuplo:policies:RateLimitInboundPolicy"),CN="strict",xN=o(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),LN=o(async e=>({key:`ip-${xN(e)}`}),"getIP"),DN=o(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),UN=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),dc;function MN(e,t){let r;if(dc)return dc;if(Bi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new L_.InMemoryRedisClient,dc=r,r;let{authApiJWT:n,redisURL:i}=Bi.Environment.instance;if(!(0,D_.isString)(i))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,D_.isString)(n))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=L_.StandardRedisClient.initialize(i,n,Bi.Environment.instance.deploymentName??"unknown",Bi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return dc=r,r}o(MN,"getRedisClient");async function U_(e,t,r,n,i){let s=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:e}),requestId:i})}o(U_,"getCountAndUpdateExpiry");function kN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ot.RuntimeError(u)}return c},"outerFunction")}o(kN,"wrapUserFunction");var HN="Retry-After",FN=o(async(e,t,r,n)=>{let i=Date.now(),s=x_.SystemLogMap.getLogger(t),a=o((u,l)=>{if(r.throwOnFailure)throw new Ot.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[HN]=l.toString()),NN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:kN(r,n),user:DN,ip:LN,all:UN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=MN(n,s),T=`bucket/${Bi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??CN)==="async"){let L=await(0,RN.getPolicyCacheName)(n,r),Z=new ON.ZoneCache(L,{logger:x_.SystemLogMap.getLogger(t)}),ne=U_(T,h,_,s,t.requestId),me=await Z.get(T);if(me!==void 0&&me<=Date.now()){lc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,H=w.mutableResponse;w.mutableResponse=(async()=>{let xe=await ne;if(xe.count>m){let Tu=Date.now()+xe.ttlSeconds*1e3,Ew=Z.put(T,Tu,xe.ttlSeconds).catch(nf=>{throw s.error(new Ot.SystemError("Error caching rate limit result.",{cause:nf})),nf});return t.waitUntil(Ew),lc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(w){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let G=await U_(T,h,_,s,t.requestId);return G.count>m?(lc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,G.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;lc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");pc.RateLimitInboundPolicy=FN});var q_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.ReadmeMetricsInboundPolicy=void 0;var qN=ve(),gh=W(),k_=Xt(),bh;function H_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}o(H_,"headersToNameValuePairs");function $N(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}o($N,"queryToNameValueParis");function jN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}o(jN,"parseIntOrUndefined");var F_={};async function VN(e,t,r,n){let i=new Date,s=Date.now();return bh||(bh={name:"zuplo",version:gh.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${gh.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,k_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,k_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:gh.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:bh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:H_(e.headers),queryString:$N(e.query)},response:{status:a.status,statusText:a.statusText,headers:H_(a.headers),content:{size:jN(e.headers.get("content-length"))}}}]}}},d=F_[r.apiKey];if(!d){let p=r.apiKey;d=new qN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),F_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}o(VN,"ReadmeMetricsInboundPolicy");hc.ReadmeMetricsInboundPolicy=VN});var $_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.RemoveHeadersInboundPolicy=void 0;var GN=O(),BN=He(),KN=o(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new GN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(e.headers);return i.forEach(c=>{s.delete(c)}),new BN.ZuploRequest(e,{headers:s})},"RemoveHeadersInboundPolicy");fc.RemoveHeadersInboundPolicy=KN});var j_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.RemoveHeadersOutboundPolicy=void 0;var JN=O(),zN=o(async(e,t,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new JN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return s.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");mc.RemoveHeadersOutboundPolicy=zN});var V_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.RemoveQueryParamsInboundPolicy=void 0;var WN=O(),QN=He(),YN=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new WN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(e.url);return i.forEach(c=>{s.searchParams.delete(c)}),new QN.ZuploRequest(s.toString(),e)},"RemoveQueryParamsInboundPolicy");yc.RemoveQueryParamsInboundPolicy=YN});var G_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.ReplaceStringOutboundPolicy=void 0;var ZN=o(async(e,t,r,n)=>{let i=await e.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");gc.ReplaceStringOutboundPolicy=ZN});var K_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.RequestSizeLimitInboundPolicy=void 0;var B_=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),XN=o(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?B_():s&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?B_():e},"RequestSizeLimitInboundPolicy");bc.RequestSizeLimitInboundPolicy=XN});var _c=y(nt=>{"use strict";Object.defineProperty(nt,"__esModule",{value:!0});nt.sanitizedIdentifierName=nt.getIdForRefSchema=nt.getIdForRequestBodySchema=nt.getIdForParameterSchema=nt.getRawOperationDataIdentifierName=void 0;function eC(e,t,r){return`_${Jr(e+"_"+t+"_"+r)}`}o(eC,"getRawOperationDataIdentifierName");nt.getRawOperationDataIdentifierName=eC;function tC(e,t,r,n){return`_${Jr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(tC,"getIdForParameterSchema");nt.getIdForParameterSchema=tC;function rC(e,t,r){return`_${Jr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Jr(r.toLowerCase())}`}o(rC,"getIdForRequestBodySchema");nt.getIdForRequestBodySchema=rC;function nC(e,t){return`_${Jr(e)}__${Jr(t)}`}o(nC,"getIdForRefSchema");nt.getIdForRefSchema=nC;function Jr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}o(Jr,"sanitizedIdentifierName");nt.sanitizedIdentifierName=Jr});var Ki=y(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var iC=Or(),oC=_c(),sC=o(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=sC;var aC=o((e,t,r,n,i)=>{let s=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,oC.getIdForParameterSchema)(r,n,i,u.name),p=iC.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");De.validateParameters=aC;var cC=o((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=cC;var uC=o(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=uC;var lC=o(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=lC;var dC=o(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=dC});var J_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.handleBodyValidation=void 0;var pC=Or(),Ec=ie(),hC=_c(),ze=Ki();async function fC(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=Ec.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",g,[n],h),(0,ze.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=Ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,hC.getIdForRequestBodySchema)(e.route.path,t.method,i),c=pC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=Ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=Ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}o(fC,"handleBodyValidation");wc.handleBodyValidation=fC});var z_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.handleHeadersValidation=void 0;var mC=ie(),Ji=Ki();function yC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Ji.getParametersForOperation)(e),s=(0,Ji.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=mC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,Ji.shouldLog)(r.validateHeaders)&&(0,Ji.logErrors)(e,r.logLevel??"info",a,s.invalidValues,s.errors),(0,Ji.shouldReject)(r.validateHeaders))return c}}o(yC,"handleHeadersValidation");vc.handleHeadersValidation=yC});var W_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.handlePathParameterValidation=void 0;var gC=ie(),zi=Ki();function bC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,zi.getParametersForOperation)(e),i=(0,zi.validateParameters)(n.filter(s=>s.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=gC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,zi.shouldLog)(r.validatePathParameters)&&(0,zi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,zi.shouldReject)(r.validatePathParameters))return a}}o(bC,"handlePathParameterValidation");Sc.handlePathParameterValidation=bC});var Q_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.handleQueryParameterValidation=void 0;var _C=ie(),Wi=Ki();function EC(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Wi.getParametersForOperation)(e),i=(0,Wi.validateParameters)(n.filter(s=>s.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=_C.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Wi.shouldLog)(r.validateQueryParameters)&&(0,Wi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Wi.shouldReject)(r.validateQueryParameters))return a}}o(EC,"handleQueryParameterValidation");Tc.handleQueryParameterValidation=EC});var Y_=y(zr=>{"use strict";Object.defineProperty(zr,"__esModule",{value:!0});zr.SchemaBasedRequestValidation=zr.RequestValidationInboundPolicy=void 0;var wC=J_(),vC=z_(),SC=W_(),TC=Q_(),IC=o(async(e,t,r)=>{let n=(0,TC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,SC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,vC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,wC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");zr.RequestValidationInboundPolicy=IC;zr.SchemaBasedRequestValidation=zr.RequestValidationInboundPolicy});var Z_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.RequireOriginInboundPolicy=void 0;var PC=O(),AC=ie(),RC=o(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new PC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=e.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return AC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");Ic.RequireOriginInboundPolicy=RC});var X_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SetBodyInboundPolicy=void 0;var OC=He(),NC=o(async(e,t,r)=>new OC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Pc.SetBodyInboundPolicy=NC});var tE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.SetHeadersInboundPolicy=void 0;var eE=O(),CC=He(),xC=o(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new eE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new eE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new CC.ZuploRequest(e,{headers:s})},"SetHeadersInboundPolicy");Ac.SetHeadersInboundPolicy=xC});var nE=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.SetHeadersOutboundPolicy=void 0;var rE=O(),LC=o(async(e,t,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new rE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new rE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");Rc.SetHeadersOutboundPolicy=LC});var oE=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.SetQueryParamsInboundPolicy=void 0;var iE=O(),DC=He(),UC=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new iE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new iE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new DC.ZuploRequest(s.toString(),e)},"SetQueryParamsInboundPolicy");Oc.SetQueryParamsInboundPolicy=UC});var sE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.SetStatusOutboundPolicy=void 0;var MC=o(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Nc.SetStatusOutboundPolicy=MC});var aE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.SleepInboundPolicy=void 0;var kC=O(),HC=o(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),FC=o(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new kC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await HC(r.sleepInMs),e},"SleepInboundPolicy");Cc.SleepInboundPolicy=FC});var uE=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.SupabaseJwtInboundPolicy=void 0;var cE=O(),qC=ie(),$C=He(),jC=Rt(),VC=Vt(),GC=o(async(e,t,r,n)=>{(0,jC.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,VC.OpenIdJwtInboundPolicy)(e,t,i,n);if(s instanceof Response)return s;if(!(s instanceof $C.ZuploRequest))throw new cE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=e.user?.data.app_metadata;if(!c)throw new cE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?qC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");xc.SupabaseJwtInboundPolicy=GC});var dE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var BC=jt(),KC=Jt(),lE=O(),JC=Sn(),zC=Rt(),WC=o(async(e,t,r,n)=>{(0,zC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,BC.getPolicyCacheName)(n,r),s=new KC.MemoryZoneReadThroughCache(i,t),a=await s.get(n);if(!a){let c=await QC(r,t);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Lc.UpstreamAzureAdServiceAuthInboundPolicy=WC;async function QC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,JC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();t.log.error("Could not get token from Azure AD",s)}catch{}throw new lE.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new lE.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(QC,"getAccessToken")});var hE=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var YC=jt(),ZC=Jt(),XC=O(),_h=Tn(),ex=Rt(),pE="https://accounts.google.com/o/oauth2/token",Eh,tx=o(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("serviceAccountJson","string"),Eh||(Eh=await _h.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,YC.getPolicyCacheName)(n,r),a=new ZC.MemoryZoneReadThroughCache(s,t),c=await a.get(n);if(!c){let u=await(0,_h.getTokenFromGcpServiceAccount)({serviceAccount:Eh,audience:pE,payload:i}),l=await(0,_h.exchangeGgpJwtForIdToken)(pE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new XC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Dc.UpstreamFirebaseAdminAuthInboundPolicy=tx});var fE=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var rx=jt(),nx=Jt(),Zn=O(),ix=eh(),wh=Tn(),ox=Xt(),sx=Rt(),ax="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",cx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],vh,ux=o(async(e,t,r,n)=>{if((0,sx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Zn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(cx.indexOf(p)!==-1)throw new Zn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}vh||(vh=await wh.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!e.user)throw new Zn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Zn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,ox.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new Zn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,rx.getPolicyCacheName)(n,r),c=new nx.MemoryZoneReadThroughCache(a,t),u={uid:s,claims:i},l=await(0,ix.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,wh.getTokenFromGcpServiceAccount)({serviceAccount:vh,audience:ax,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,wh.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Zn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Uc.UpstreamFirebaseUserAuthInboundPolicy=ux});var yE=y(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.UpstreamGcpJwtInboundPolicy=void 0;var mE=Tn(),lx=Rt(),Sh,dx=o(async(e,t,r,n)=>{(0,lx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Sh||(Sh=await mE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,mE.getTokenFromGcpServiceAccount)({serviceAccount:Sh,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Mc.UpstreamGcpJwtInboundPolicy=dx});var bE=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.UpstreamGcpServiceAuthInboundPolicy=void 0;var px=jt(),hx=Cu(),fx=Jt(),Qi=O(),Th=Tn(),mx=Xt(),yx=Rt(),gE="https://www.googleapis.com/oauth2/v4/token",Ih,gx=o(async(e,t,r,n)=>{(0,yx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Ih||(Ih=await Th.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Qi.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,mx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Qi.ConfigurationError?new Qi.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,px.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new hx.MemoryCache(s):a=new fx.MemoryZoneReadThroughCache(s,t);let c=await a.get(n);if(!c){let u=await(0,Th.getTokenFromGcpServiceAccount)({serviceAccount:Ih,audience:gE,payload:i}),l=await(0,Th.exchangeGgpJwtForIdToken)(gE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Qi.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Qi.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");kc.UpstreamGcpServiceAuthInboundPolicy=gx});var EE=y(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.ValidateJsonSchemaInbound=void 0;var bx=O(),_E=ie(),_x=o(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return _E.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new bx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return _E.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Hc.ValidateJsonSchemaInbound=_x});var wE=y(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.ServiceProviderImpl=void 0;var Ex=O(),Ph=class{static{o(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new Ex.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Fc.ServiceProviderImpl=Ph});var DE=y(f=>{"use strict";var wx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Ah=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&wx(t,e,r)},vx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MonetizationPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.OutboundPolicy=f.InboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=void 0;lf();var Sx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return Sx.MemoryZoneReadThroughCache}});var Tx=Eo();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Tx.ZoneCache}});var vE=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return vE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return vE.ResponseSentEvent}});var Ix=Qd();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Ix.ContextData}});var Rh=Mi();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return Rh.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Rh.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Rh.isZuploReadableEnvVariableName}});var SE=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return SE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return SE.RuntimeError}});var Px=Zd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Px.originalFetch}});var TE=Hg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return TE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return TE.purgeGatewayCache}});var IE=tb();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return IE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return IE.awsLambdaHandler}});var Ax=nb();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ax.openApiSpecHandler}});var Rx=ib();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Rx.redirectHandler}});var Ox=sb();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Ox.urlForwardHandler}});var Nx=cb();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Nx.urlRewriteHandler}});var Cx=lb();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Cx.webSocketHandler}});var xx=hb();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return xx.webSocketPipelineHandler}});var Lx=rl();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Lx.HttpStatusCode}});Ah(wb(),f);Ah(Tb(),f);var Dx=Ib();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Dx.AuditLogDataStaxProvider}});var Ux=Ab();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ux.AuditLogPlugin}});Ah(jb(),f);var PE=yi();Object.defineProperty(f,"InboundPolicy",{enumerable:!0,get:function(){return PE.InboundPolicy}});Object.defineProperty(f,"OutboundPolicy",{enumerable:!0,get:function(){return PE.OutboundPolicy}});var AE=Jb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return AE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return AE.AmberfloMeteringPolicy}});var Mx=Zb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiAuthKeyInboundPolicy}});var kx=nh();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return kx.ApiKeyInboundPolicy}});var Hx=Xb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Hx.Auth0JwtInboundPolicy}});var Fx=e_();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Fx.BasicAuthInboundPolicy}});var qx=t_();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return qx.CachingInboundPolicy}});var $x=r_();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return $x.ChangeMethodInboundPolicy}});var jx=n_();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersInboundPolicy}});var Vx=i_();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Vx.ClearHeadersOutboundPolicy}});var Gx=o_();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.ClerkJwtInboundPolicy}});var Bx=a_();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Bx.CognitoJwtInboundPolicy}});var Kx=u_();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Kx.CompositeInboundPolicy}});var Jx=l_();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Jx.CurityPhantomTokenInboundPolicy}});var zx=d_();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return zx.FirebaseJwtInboundPolicy}});var Wx=p_();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Wx.FormDataToJsonInboundPolicy}});var Qx=h_();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Qx.GeoFilterInboundPolicy}});var Yx=f_();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Yx.JWTScopeValidationInboundPolicy}});var Zx=E_();Object.defineProperty(f,"MonetizationPolicy",{enumerable:!0,get:function(){return Zx.MonetizationPolicy}});var Xx=v_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Xx.MockApiInboundPolicy}});var RE=A_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return RE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return RE.setMoesifContext}});var eL=R_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return eL.OktaJwtInboundPolicy}});var tL=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return tL.OpenIdJwtInboundPolicy}});var rL=O_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return rL.PropelAuthJwtInboundPolicy}});var OE=M_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return OE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return OE.RateLimitInboundPolicy}});var nL=q_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return nL.ReadmeMetricsInboundPolicy}});var iL=$_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return iL.RemoveHeadersInboundPolicy}});var oL=j_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return oL.RemoveHeadersOutboundPolicy}});var sL=V_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sL.RemoveQueryParamsInboundPolicy}});var aL=G_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return aL.ReplaceStringOutboundPolicy}});var cL=K_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return cL.RequestSizeLimitInboundPolicy}});var NE=Y_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return NE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return NE.SchemaBasedRequestValidation}});var uL=Z_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return uL.RequireOriginInboundPolicy}});var lL=X_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return lL.SetBodyInboundPolicy}});var dL=tE();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return dL.SetHeadersInboundPolicy}});var pL=nE();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return pL.SetHeadersOutboundPolicy}});var hL=oE();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return hL.SetQueryParamsInboundPolicy}});var fL=sE();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return fL.SetStatusOutboundPolicy}});var mL=aE();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return mL.SleepInboundPolicy}});var yL=Dp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return yL.StripeWebhookVerificationInboundPolicy}});var gL=uE();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return gL.SupabaseJwtInboundPolicy}});var bL=dE();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return bL.UpstreamAzureAdServiceAuthInboundPolicy}});var _L=hE();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return _L.UpstreamFirebaseAdminAuthInboundPolicy}});var EL=fE();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return EL.UpstreamFirebaseUserAuthInboundPolicy}});var wL=yE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wL.UpstreamGcpJwtInboundPolicy}});var vL=bE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return vL.UpstreamGcpServiceAuthInboundPolicy}});var SL=EE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return SL.ValidateJsonSchemaInbound}});var TL=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return TL.HttpProblems}});var IL=Oo();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return IL.ProblemResponseFormatter}});var PL=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return PL.ZuploRequest}});var AL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return AL.SystemRouteName}});var CE=$d();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return CE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return CE.Router}});var xE=Ku();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return xE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return xE.serialize}});var RL=wE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return RL.ServiceProviderImpl}});var LE=wl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return LE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return LE.SYSTEM_LOGGER}});var OL=il();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return vx(OL).default}});var NL=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return NL.SystemLogMap}});var Yi=_c();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Yi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Yi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Yi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Yi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Yi.sanitizedIdentifierName}})});var UE=y(Xn=>{"use strict";Object.defineProperty(Xn,"__esModule",{value:!0});Xn.BaseCryptoBeta=Xn.supportedDigests=void 0;Xn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Oh=class{static{o(this,"BaseCryptoBeta")}};Xn.BaseCryptoBeta=Oh});var ME=y(qc=>{"use strict";Object.defineProperty(qc,"__esModule",{value:!0});qc.WorkerCryptoBeta=void 0;var Nh=UE(),CL=O(),Ch=class extends Nh.BaseCryptoBeta{static{o(this,"WorkerCryptoBeta")}async digest(t,r){if(!Nh.supportedDigests.includes(t.toLowerCase()))throw new CL.RuntimeError(`Algorithm ${t} is not supported. Try using ${Nh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};qc.WorkerCryptoBeta=Ch});var kE=y($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.BaseKeyValueStore=void 0;var xh=class{static{o(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};$c.BaseKeyValueStore=xh});var FE=y(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.WorkerKeyValueStore=void 0;var HE=O(),xL=kE(),Lh=class extends xL.BaseKeyValueStore{static{o(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new HE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new HE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};jc.WorkerKeyValueStore=Lh});var Mt=y(pt=>{"use strict";var LL=pt&&pt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),DL=pt&&pt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&LL(t,e,r)};Object.defineProperty(pt,"__esModule",{value:!0});pt.KeyValueStore=pt.CryptoBeta=void 0;DL(DE(),pt);var UL=ME();Object.defineProperty(pt,"CryptoBeta",{enumerable:!0,get:function(){return UL.WorkerCryptoBeta}});var ML=FE();Object.defineProperty(pt,"KeyValueStore",{enumerable:!0,get:function(){return ML.WorkerKeyValueStore}})});var VD={};fo(VD,{GraphQLComplexityLimitInboundPolicy:()=>gw,GraphQLDisableIntrospectionInboundPolicy:()=>_w});module.exports=mo(VD);var di=sf(Mt());function B(e,t){if(!!!e)throw new Error(t)}o(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}o(Ee,"isObjectLike");function Nt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}o(Nt,"invariant");var kL=/\r\n|[\n\r]/g;function ei(e,t){let r=0,n=1;for(let i of e.body.matchAll(kL)){if(typeof i.index=="number"||Nt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}o(ei,"getLocation");function Dh(e){return Vc(e.source,ei(e.source,e.start))}o(Dh,"printLocation");function Vc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,s=e.locationOffset.line-1,a=t.line+s,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new $r.StripeSignatureVerificationError(t,e,{message:"Timestamp outside the tolerance zone"});return!0}o(a0,"validateComputedSignature");function c0(e,t){return typeof e!="string"?null:e.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===t&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(c0,"parseHeader");function u0(e,t){if(e.length!==t.length)return!1;let r=e.length,n=0;for(let i=0;i<r;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}o(u0,"secureCompare");async function Ob(e,t){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(t),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(e)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=xp[s[c]];return a.join("")}o(Ob,"computeHMACSignatureAsync");qn.computeHMACSignatureAsync=Ob;var xp=new Array(256);for(let e=0;e<xp.length;e++)xp[e]=e.toString(16).padStart(2,"0")});var Rt=y(Pa=>{"use strict";Object.defineProperty(Pa,"__esModule",{value:!0});Pa.optionValidator=void 0;var $n=O(),l0=Xe();function d0(e,t){if(!(0,l0.isObject)(e))throw new $n.ConfigurationError(`Options on policy '${t}' is expected to be an object. Received the type '${typeof e}'.`);let r=o((s,a,c)=>{let u=e[s];if(!(c&&u===void 0)){if(u===void 0)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(a==="array"&&Array.isArray(u))throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be an array. Received type ${typeof u}.`);if(typeof u!==a)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be of type ${a}. Received type ${typeof u}.`);if(typeof u=="string"&&u.length===0)throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof u=="number"&&isNaN(u))throw new $n.ConfigurationError(`Value of '${String(s)}' on policy '${t}' must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),n=o((s,a)=>(r(s,a,!0),{optional:n,required:i}),"optional"),i=o((s,a)=>(r(s,a,!1),{optional:n,required:i}),"required");return{optional:n,required:i}}o(d0,"optionValidator");Pa.optionValidator=d0});var Dp=y(Aa=>{"use strict";Object.defineProperty(Aa,"__esModule",{value:!0});Aa.StripeWebhookVerificationInboundPolicy=void 0;var p0=yi(),h0=ie(),f0=Nb(),m0=Rt(),Lp=class extends p0.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(t,r){(0,m0.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=t.headers.get("stripe-signature");try{let i=await t.clone().text();await(0,f0.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){return r.log.error("Error validating stripe webhook",i),h0.HttpProblems.badRequest(t,r,{title:"Webhook Error",detail:i.message})}return t}};Aa.StripeWebhookVerificationInboundPolicy=Lp});var xb=y(Ra=>{"use strict";Object.defineProperty(Ra,"__esModule",{value:!0});Ra.isStripeWebhookEvent=void 0;var Cb=Xe();function y0(e){return e!==null&&typeof e=="object"&&"id"in e&&(0,Cb.isString)(e.id)&&"type"in e&&(0,Cb.isString)(e.type)}o(y0,"isStripeWebhookEvent");Ra.isStripeWebhookEvent=y0});var Lb=y(Oa=>{"use strict";Object.defineProperty(Oa,"__esModule",{value:!0});Oa.MeteringPlugin=void 0;var g0=bt(),Up=class extends g0.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Oa.MeteringPlugin=Up});var Ub=y(Mp=>{"use strict";Object.defineProperty(Mp,"__esModule",{value:!0});var Db=O(),b0={getSubscription:async({subscriptionId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new Db.RuntimeError(s)}return i},getCustomer:async({customerId:e,stripeSecretKey:t,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${e}`,{headers:{Authorization:`Bearer ${t}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new Db.RuntimeError(s)}return i}};Mp.default=b0});var Mb=y(br=>{"use strict";Object.defineProperty(br,"__esModule",{value:!0});br.deleteConsumer=br.createConsumerInvite=br.createConsumer=void 0;var kp=O(),Hp=Ke(),Fp=W(),qp=Sn(),$p="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function _0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=Fp.Environment.instance,u=new URL(`/v1/buckets/${e}/consumers`,$p);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),m=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,m),new kp.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:t,stripeProductId:r}),l}o(_0,"createConsumer");br.createConsumer=_0;async function E0({apiKeyBucketName:e,stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=Fp.Environment.instance,c=new URL(`/v1/buckets/${e}/consumers`,$p);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:t,planExternalIds:[r]},metadata:{stripeSubscriptionId:t,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let m="Error creating API Key Consumer";throw s.log.error(m,p),new kp.RuntimeError(m)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:t,stripeProductId:r}),u}o(E0,"createConsumerInvite");br.createConsumerInvite=E0;async function w0({apiKeyBucketName:e,consumerId:t,context:r}){let{authApiJWT:n}=Fp.Environment.instance,i=new URL(`/v1/buckets/${e}/consumers/${t}`,$p);i.searchParams.set("with-api-key","true");let s=await(0,qp.fetchRetry)({retryDelayMs:5,retries:2,logger:Hp.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new kp.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${t}`),t}o(w0,"deleteConsumer");br.deleteConsumer=w0});var Na=y(Er=>{"use strict";Object.defineProperty(Er,"__esModule",{value:!0});Er.getSubscription=Er.updateSubscription=Er.createSubscription=void 0;var _r=O(),jp=Ke(),Vp=W(),Gp=Sn(),Bp=Xe();async function v0({context:e,stripeSubscriptionId:t,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:t,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(l))throw new _r.SystemError("No Zuplo JWT token set.");let p=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let m="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw e.log.error(m,h),new _r.RuntimeError(m)}e.log.info("Successfully created/updated metering subscription.",u)}o(v0,"createSubscription");Er.createSubscription=v0;async function S0({context:e,meteringSubscriptionId:t,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${r}/subscriptions/${t}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":e.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw e.log.error(c,u),new _r.RuntimeError(c)}e.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(S0,"updateSubscription");Er.updateSubscription=S0;async function T0({context:e,stripeSubscriptionId:t,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=Vp.Environment.instance;if(!(0,Bp.isNonEmptyString)(i))throw new _r.SystemError("No Zuplo JWT token set.");let a=await(0,Gp.fetchRetry)({retryDelayMs:5,retries:2,logger:jp.SystemLogMap.getLogger(e)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${t}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":e.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw e.log.error(u,l),new _r.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw e.log.error(u),new _r.RuntimeError(u)}return c.data[0]}o(T0,"getSubscription");Er.getSubscription=T0});var Kp=y(Ca=>{"use strict";Object.defineProperty(Ca,"__esModule",{value:!0});Ca.stripeStatusToMeteringStatus=void 0;function I0(e){return e.replaceAll("_","-")}o(I0,"stripeStatusToMeteringStatus");Ca.stripeStatusToMeteringStatus=I0});var kb=y(qi=>{"use strict";var P0=qi&&qi.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(qi,"__esModule",{value:!0});var jr=ie(),A0=P0(Ub()),Jp=Mb(),R0=Na(),O0=Kp();async function N0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return t.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,Jp.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:t});else{let l=await A0.default.getCustomer({logger:t.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return t.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),jr.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Jp.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:t})}if(!u)return jr.HttpProblems.internalServerError(e,t,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,O0.stripeStatusToMeteringStatus)(r.data.object.status);await(0,R0.createSubscription)({context:t,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,Jp.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:t}),jr.HttpProblems.internalServerError(e,t,{detail:l.message})}return jr.HttpProblems.ok(e,t)}o(N0,"onCustomerSubscriptionCreated");qi.default=N0});var Fb=y(Wp=>{"use strict";Object.defineProperty(Wp,"__esModule",{value:!0});var zp=ie(),Hb=Na();async function C0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),zp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),zp.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,Hb.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,Hb.updateSubscription)({context:t,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),zp.HttpProblems.ok(e,t)}o(C0,"onCustomerSubscriptionDeleted");Wp.default=C0});var qb=y(Qp=>{"use strict";Object.defineProperty(Qp,"__esModule",{value:!0});var $i=ie(),xa=Na(),x0=Kp();async function L0(e,t,r,n){let i=r.data.object.id;if(!i)return t.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),$i.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return t.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),$i.HttpProblems.badRequest(e,t,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){let c=await(0,xa.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,x0.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,xa.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),$i.HttpProblems.ok(e,t)}if(a.plan&&a.plan.product!==r.data.object.plan.product){let c=await(0,xa.getSubscription)({context:t,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,xa.updateSubscription)({context:t,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[r.data.object.plan.product]}}),$i.HttpProblems.ok(e,t)}}return t.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),$i.HttpProblems.badRequest(e,t,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(L0,"onCustomerSubscriptionUpdated");Qp.default=L0});var jb=y(jn=>{"use strict";var Zp=jn&&jn.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(jn,"__esModule",{value:!0});jn.StripeMeteringPlugin=void 0;var La=Mi(),Da=O(),D0=Ut(),U0=Dp(),$b=ie(),M0=Yt(),k0=sn(),H0=tl(),F0=at(),q0=W(),$0=xb(),j0=Lb(),V0=Zp(kb()),G0=Zp(Fb()),B0=Zp(qb()),Yp=class extends j0.MeteringPlugin{static{o(this,"StripeMeteringPlugin")}options;constructor(t){super(),this.options=t}registerRoutes(t,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(La.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=La.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Da.ConfigurationError("StripeMeteringPlugin - No 'meteringBucketId' property provided");if(!d)if(La.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=La.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Da.ConfigurationError("StripeMeteringPlugin - No 'apiKeyBucketName' property provided");if(!q0.Environment.instance.build.ACCOUNT_NAME)throw new Da.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!K0(p))throw new Da.ConfigurationError(`StripeMeteringPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let m=await c.json();if(!(0,$0.isStripeWebhookEvent)(m))return $b.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${m.type}' with ID '${m.id}'.`),m.type){case"customer.subscription.created":return await(0,V0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,B0.default)(c,u,m,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,G0.default)(c,u,m,{meteringBucketId:l});default:return $b.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe metering plugin webhook."})}},"stripeWebhookHandler"),i=(0,k0.createInternalPolicyProcessor)({inboundPolicies:[new U0.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new D0.Pipeline({processors:[M0.metricsProcessor,i],handler:n,gateway:r}),a=new F0.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:H0.SystemRouteName.StripePlugin});t.addRoute(a,s.execute)}};jn.StripeMeteringPlugin=Yp;function K0(e){return e!==null&&typeof e=="string"&&["us-central1","europe-west4"].includes(e)}o(K0,"isMetricsRegion")});var Jb=y(Vn=>{"use strict";Object.defineProperty(Vn,"__esModule",{value:!0});Vn.AmberfloMeteringInboundPolicy=Vn.AmberfloMeteringPolicy=void 0;var Vb=O(),J0=ve(),Gb=Xt(),Kb=new WeakMap,Bb={},Xp=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(t,r){Kb.set(t,r)}};Vn.AmberfloMeteringPolicy=Xp;async function z0(e,t,r,n){if(!r.statusCodes)throw new Vb.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=Array.isArray(r.statusCodes)?r.statusCodes:(0,Gb.statusCodesStringToNumberArray)(r.statusCodes);return t.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=Kb.get(t),c=r.customerId;if(r.customerIdPropertyPath){if(!e.user)throw new Vb.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,Gb.getValueFromRequestUser)(e.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){t.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},m=Bb[r.apiKey];if(!m){let h=r.apiKey,g=e.headers.get("zm-test-id")??"";m=new J0.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let S=r.url??"https://app.amberflo.io/ingest",T=await fetch(S,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});T.ok||t.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${T.status}: ${await T.text()}`)}catch(S){throw t.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${S.message}`),S}}),Bb[h]=m}m.enqueue(p),t.waitUntil(m.waitUntilFlushed())}}),e}o(z0,"AmberfloMeteringInboundPolicy");Vn.AmberfloMeteringInboundPolicy=z0});var eh=y(Ua=>{"use strict";Object.defineProperty(Ua,"__esModule",{value:!0});Ua.sha256=void 0;async function W0(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest({name:"SHA-256"},t);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(W0,"sha256");Ua.sha256=W0});var jt=y(Ma=>{"use strict";Object.defineProperty(Ma,"__esModule",{value:!0});Ma.getPolicyCacheName=void 0;var Q0=eh(),zb=new Map;async function Y0(e,t){let r,n=zb.get(e);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,Q0.sha256)(JSON.stringify({policyName:e,options:t}))}`,zb.set(e,r)),r}o(Y0,"getPolicyCacheName");Ma.getPolicyCacheName=Y0});var nh=y(ka=>{"use strict";Object.defineProperty(ka,"__esModule",{value:!0});ka.ApiKeyInboundPolicy=void 0;var Z0=jt(),X0=Jt(),Wb=Mi(),th=O(),eO=Mt(),Qb=Ke(),rh=W(),tO=Sn(),Yb="key-metadata-cache-type";function rO(e,t){return t.authScheme===""?e:e.replace(`${t.authScheme} `,"")}o(rO,"getKeyValue");async function nO(e,t,r,n){if(!r.bucketName)if(Wb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=Wb.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new th.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new th.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(S=>i.allowUnauthenticatedRequests?e:eO.HttpProblems.unauthorized(e,t,{detail:S}),"unauthorizedResponse"),a=e.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=rO(a,i);if(!c||c==="")return s("No key present");let u=await iO(c),l=await(0,Z0.getPolicyCacheName)(n,i),d=new X0.MemoryZoneReadThroughCache(l,t),p=await d.get(u);if(p&&p.isValid===!0)return e.user=p.user,e;if(p&&!p.isValid)return p.typeId!==Yb&&Qb.SystemLogMap.getLogger(t).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let m={key:c},h=await(0,tO.fetchRetry)({retryDelayMs:5,retries:2,logger:Qb.SystemLogMap.getLogger(t)},`${rh.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":t.requestId,"zp-dn":rh.Environment.instance.deploymentName??"unknown","User-Agent":rh.Environment.instance.systemUserAgent},body:JSON.stringify(m)});if(h.status===401)return t.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let S=await h.text(),T=JSON.parse(S);t.log.error("Unexpected response from key service",T)}catch{t.log.error("Invalid response from key service")}throw new th.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:Yb,user:{sub:g.name,data:g.metadata}};return e.user=_.user,d.put(u,_,i.cacheTtlSeconds),e}o(nO,"ApiKeyInboundPolicy");ka.ApiKeyInboundPolicy=nO;async function iO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(iO,"hashValue")});var Zb=y(Ha=>{"use strict";Object.defineProperty(Ha,"__esModule",{value:!0});Ha.ApiAuthKeyInboundPolicy=void 0;var oO=nh();Ha.ApiAuthKeyInboundPolicy=oO.ApiKeyInboundPolicy});var Vt=y(Fa=>{"use strict";Object.defineProperty(Fa,"__esModule",{value:!0});Fa.OpenIdJwtInboundPolicy=void 0;var oh=(qs(),mo(Fs)),sh=O(),sO=ie(),ih={},aO=o(async(e,t)=>{if(!t.jwkUrl||typeof t.jwkUrl!="string")throw new sh.ConfigurationError("Invalid State - jwkUrl not set");ih[t.jwkUrl]||(ih[t.jwkUrl]=(0,oh.createRemoteJWKSet)(new URL(t.jwkUrl),t.headers?{headers:t.headers}:void 0));let{payload:r}=await(0,oh.jwtVerify)(e,ih[t.jwkUrl],{issuer:t.issuer,audience:t.audience});return r},"jwkVerifier"),cO=o(async(e,t)=>{let r;if(t.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof t.secret=="string"){let s=new TextEncoder().encode(t.secret);r=new Uint8Array(s)}else r=t.secret;let{payload:n}=await(0,oh.jwtVerify)(e,r,{issuer:t.issuer,audience:t.audience});return n},"secretVerifier"),uO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization"),s="bearer ",a=o(m=>sO.HttpProblems.unauthorized(e,t,{detail:m}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new sh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new sh.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?aO:cO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let m=i.substring(s.length);if(!m||m.length===0)return a("No bearer token on authorization header");try{return await c(m,r)}catch(h){let g=new URL(e.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?t.log.warn(`Expired token used on url: ${g.pathname} `,h):t.log.warn(`Invalid token on: ${e.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?e:l;let d=r.subPropertyName??"sub",p=l[d];return p?(e.user={sub:p,data:l},e):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");Fa.OpenIdJwtInboundPolicy=uO});var Xb=y(qa=>{"use strict";Object.defineProperty(qa,"__esModule",{value:!0});qa.Auth0JwtInboundPolicy=void 0;var lO=Vt(),dO=o(async(e,t,r,n)=>(0,lO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");qa.Auth0JwtInboundPolicy=dO});var e_=y($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.BasicAuthInboundPolicy=void 0;var pO=ie(),hO=o(async(e,t,r)=>{let n=e.headers.get("Authorization"),i="basic ",s=o(l=>pO.HttpProblems.unauthorized(e,t,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let m=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===m&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?e:c;let u=c.username;return e.user={sub:u,data:c.data},e},"BasicAuthInboundPolicy");$a.BasicAuthInboundPolicy=hO});var t_=y(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.CachingInboundPolicy=void 0;var fO=jt(),mO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function yO(e){let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(yO,"digestMessage");var gO=o(async(e,t)=>{let r=[...t.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...t.headers??[]],n=[];for(let[d,p]of e.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await yO(JSON.stringify(n)),s=new URL(e.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=t.cacheHttpMethods?.includes(e.method.toUpperCase())&&e.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",e.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":e.method})},"createCacheKeyRequest");async function bO(e,t,r,n){let i=await(0,fO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await gO(e,r),u=await s.match(c);return u||(t.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(e.method.toUpperCase()))return;let m=r?.expirationSecondsTtl??60,h=new Response(p.body,p);mO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${m}`),t.waitUntil(s.put(c,h))}catch(d){t.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),e)}o(bO,"CachingInboundPolicy");ja.CachingInboundPolicy=bO});var r_=y(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.ChangeMethodInboundPolicy=void 0;var _O=O(),EO=He(),wO=o(async(e,t,r,n)=>{if(!r.method)throw new _O.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new EO.ZuploRequest(e,{method:r.method})},"ChangeMethodInboundPolicy");Va.ChangeMethodInboundPolicy=wO});var n_=y(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.ClearHeadersInboundPolicy=void 0;var vO=He(),SO=o(async(e,t,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=e.headers.get(a);c&&i.set(a,c)}),new vO.ZuploRequest(e,{headers:i})},"ClearHeadersInboundPolicy");Ga.ClearHeadersInboundPolicy=SO});var i_=y(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.ClearHeadersOutboundPolicy=void 0;var TO=o(async(e,t,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=e.headers.get(c);u&&s.set(c,u)}),new Response(e.body,{headers:s,status:e.status,statusText:e.statusText})},"ClearHeadersOutboundPolicy");Ba.ClearHeadersOutboundPolicy=TO});var o_=y(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.ClerkJwtInboundPolicy=void 0;var IO=Vt(),PO=o(async(e,t,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,IO.OpenIdJwtInboundPolicy)(e,t,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");Ka.ClerkJwtInboundPolicy=PO});var a_=y(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.CognitoJwtInboundPolicy=void 0;var s_=O(),AO=Vt(),RO=o(async(e,t,r,n)=>{if(!r.userPoolId)throw new s_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new s_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,AO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");Ja.CognitoJwtInboundPolicy=RO});var u_=y(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.CompositeInboundPolicy=void 0;var OO=O(),NO=Or(),c_=sn(),CO=o(async(e,t,r,n)=>{if(!r.policies||r.policies.length===0)throw new OO.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=NO.Gateway.instance,s=(0,c_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,c_.toStackedInboundHandler)(s)(e,t)},"CompositeInboundPolicy");za.CompositeInboundPolicy=CO});var l_=y(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.CurityPhantomTokenInboundPolicy=void 0;var xO=jt(),LO=Jt(),Wa=ie(),DO=o(async(e,t,r,n)=>{let i=e.headers.get("Authorization");if(!i)return Wa.HttpProblems.unauthorized(e,t,{detail:"No authorization header"});let s=UO(i);if(!s)return Wa.HttpProblems.unauthorized(e,t,{detail:"Failed to parse token from Authorization header"});let a=await(0,xO.getPolicyCacheName)(n,r),c=new LO.MemoryZoneReadThroughCache(a,t),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(t.log.error(`Error introspecting token - ${l.status}: '${d}'`),Wa.HttpProblems.internalServerError(e,t,{detail:"Problem encountered authorizing the HTTP request"})):Wa.HttpProblems.unauthorized(e,t)}return e.headers.set("Authorization",`Bearer ${u}`),e},"CurityPhantomTokenInboundPolicy");Qa.CurityPhantomTokenInboundPolicy=DO;function UO(e){return e.split(" ")[0]==="Bearer"?e.split(" ")[1]:null}o(UO,"getToken")});var d_=y(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.FirebaseJwtInboundPolicy=void 0;var MO=Rt(),kO=Vt(),HO=o(async(e,t,r,n)=>((0,MO.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,kO.OpenIdJwtInboundPolicy)(e,t,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");Ya.FirebaseJwtInboundPolicy=HO});var p_=y(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.FormDataToJsonInboundPolicy=void 0;var FO=He(),qO=o(async(e,t,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=e.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):e;let a=await e.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(e.headers);return u.set("content-type","application/json"),u.delete("content-length"),new FO.ZuploRequest(e,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");Za.FormDataToJsonInboundPolicy=qO});var h_=y(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.GeoFilterInboundPolicy=void 0;var $O=O(),jO=ie(),Gn="__unknown__",VO=o(async(e,t,r,n)=>{let i={allow:{countries:Kn(r.allow?.countries,"allow.countries",n),regionCodes:Kn(r.allow?.regionCodes,"allow.regionCode",n),asns:Kn(r.allow?.asns,"allow.asOrganization",n)},block:{countries:Kn(r.block?.countries,"block.countries",n),regionCodes:Kn(r.block?.regionCodes,"block.regionCode",n),asns:Kn(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=t.incomingRequestProperties.country?.toLowerCase()??Gn,a=t.incomingRequestProperties.regionCode?.toLowerCase()??Gn,c=t.incomingRequestProperties.asn?.toString()??Gn,u=i.ignoreUnknown&&s===Gn,l=i.ignoreUnknown&&a===Gn,d=i.ignoreUnknown&&c===Gn,p=i.allow.countries,m=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||m.length>0&&!m.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return Bn(e,t,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,S=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||S.length>0&&S.includes(c)&&!d?Bn(e,t,n,s,a,c):e},"GeoFilterInboundPolicy");Xa.GeoFilterInboundPolicy=VO;function Bn(e,t,r,n,i,s){return t.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),jO.HttpProblems.forbidden(e,t,{geographicContext:{country:n,regionCode:i,asn:s}})}o(Bn,"blockedResponse");function Kn(e,t,r){if(typeof e=="string")return e.split(",").map(n=>n.trim().toLowerCase());if(typeof e>"u")return[];if(Array.isArray(e))return e.map(n=>n.trim().toLowerCase());throw new $O.ConfigurationError(`Invalid '${t}' for GeoFilterInboundPolicy '${r}': '${e}', must be a string or string[]`)}o(Kn,"toLowerStringArray")});var f_=y(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.JWTScopeValidationInboundPolicy=void 0;var GO=o(async(e,t,r)=>{let n=e.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return e},"JWTScopeValidationInboundPolicy");ec.JWTScopeValidationInboundPolicy=GO});var g_=y(Jn=>{"use strict";Object.defineProperty(Jn,"__esModule",{value:!0});Jn.consumeSubcriptionQuotas=Jn.loadSubscription=void 0;var m_=Ke(),y_=W();async function BO(e,t,r,n){let i=m_.SystemLogMap.getLogger(e),{authApiJWT:s,meteringServiceUrl:a}=y_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${t}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(BO,"loadSubscription");Jn.loadSubscription=BO;async function KO(e,t,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=y_.Environment.instance,c=m_.SystemLogMap.getLogger(e);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${t}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":e.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){e.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(KO,"consumeSubcriptionQuotas");Jn.consumeSubcriptionQuotas=KO});var b_=y(zn=>{"use strict";Object.defineProperty(zn,"__esModule",{value:!0});zn.parseAllowedSubscriptionStatuses=zn.validateMeters=void 0;var Vr=O(),JO=Xt(),zO=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function WO(e,t){try{let r=[];for(let n in e)typeof e[n]!="number"&&!(Number.isInteger(e[n])&&/^-?\d+$/.test(e[n].toString()))&&r.push(n);if(r.length>0)throw new Vr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'meters' is invalid. ${r.message}`):r}}o(WO,"validateMeters");zn.validateMeters=WO;function QO(e,t){if(e)try{if(e.length===0)throw new Vr.ConfigurationError("Must set valid subscription statuses");let r=(0,JO.parseValueToStringArray)(e),n=[];for(let i of r)zO.has(i)||n.push(i);if(n.length>0)throw new Vr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return e}catch(r){throw r instanceof Vr.ConfigurationError?new Vr.ConfigurationError(`MonetizationInboundPolicy '${t}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(QO,"parseAllowedSubscriptionStatuses");zn.parseAllowedSubscriptionStatuses=QO});var E_=y(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.MonetizationInboundPolicy=void 0;var Gr=Xr(),Br=Qd(),tc=Mi(),ah=O(),YO=yi(),Kr=ie(),ZO=Xt(),XO=Rt(),__=g_(),rc=b_(),ch=class extends YO.InboundPolicy{static{o(this,"MonetizationInboundPolicy")}static getSubscription(t){return Br.ContextData.get(t,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(t,r){(0,rc.validateMeters)(r,"setMeters"),Br.ContextData.set(t,Gr.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(t,r){if((0,XO.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),!this.options.meterOnStatusCodes)throw new ah.ConfigurationError(`Invalid MonetizationInboundPolicy '${this.policyName}' - The property 'meterOnStatusCodes' must be an array of HTTP status code numbers`);let n=this.options.allowRequestsOverQuota??!1,i=Array.isArray(this.options.meterOnStatusCodes)?this.options.meterOnStatusCodes:(0,ZO.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=Br.ContextData.get(r,Gr.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,rc.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,rc.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(_,S,T)=>{let k=Br.ContextData.get(T,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!k){T.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ah.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let L=Br.ContextData.get(T,Gr.DYNAMIC_METERS_CONTEXT_DATA),Z={...this.options.meters,...L};(0,rc.validateMeters)(Z,this.policyName),i.includes(_.status)&&k&&Z&&(T.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${k.id}' with meters '${JSON.stringify(Z)} on response status '${_.status}'`),await(0,__.consumeSubcriptionQuotas)(T,k.id,this.policyName,this.options.bucketId,Z))});let l=t.user;if(!l)return c?t:Kr.HttpProblems.unauthorized(t,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=tc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ah.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,__.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?t:Kr.HttpProblems.unauthorized(t,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),Kr.HttpProblems.unauthorized(t,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),Br.ContextData.set(r,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let m=Br.ContextData.get(r,Gr.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!m)return c?t:(r.log.warn("Subscription is not available for user"),Kr.HttpProblems.paymentRequired(t,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(m&&Object.keys(m.meters).length===0)return r.log.error(`Quota is not set up for subscription '${m.id}'`),Kr.HttpProblems.tooManyRequests(t,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let g=Object.keys(a).filter(_=>!Object.keys(m.meters).includes(_));if(g.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${g.join(", ")}`),Kr.HttpProblems.tooManyRequests(t,r,{detail:`The following policy meters are not present in the subscription: ${g.join(", ")}`,title:"Quota Exceeded"});for(let _ of Object.keys(a))if(m.meters[_].consumed<=0&&!n)return Kr.HttpProblems.tooManyRequests(t,r,{detail:`Quota exceeded for meter '${_}'`,title:"Quota Exceeded"});return t}};nc.MonetizationInboundPolicy=ch});var v_=y(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.MockApiInboundPolicy=void 0;var eN=ie(),tN=o(async(e,t,r,n)=>{let i=t.route.raw().responses;if(!i)return uh(n,e,t,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return uh(n,e,t,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(m=>{a.push({responseName:c,contentName:l,exampleName:m,exampleValue:d[m]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return w_(a[c])}else return a.length>0?w_(a[0]):uh(n,e,t,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");ic.MockApiInboundPolicy=tN;function w_(e){let t=JSON.stringify(e.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",e.contentName),e.responseName){case"1XX":return new Response(t,{status:100,headers:r});case"2XX":return new Response(t,{status:200,headers:r});case"3XX":return new Response(t,{status:300,headers:r});case"4XX":return new Response(t,{status:400,headers:r});case"5XX":case"default":return new Response(t,{status:500,headers:r});default:return new Response(t,{status:Number(e.responseName),headers:r})}}o(w_,"generateResponse");var uh=o((e,t,r,n)=>{let i=`Error in policy: ${e} - On route ${t.method} ${r.route.path}. ${n}`;return eN.HttpProblems.internalServerError(t,r,{detail:i})},"getProblemDetailResponse")});var A_=y(Wn=>{"use strict";Object.defineProperty(Wn,"__esModule",{value:!0});Wn.MoesifInboundPolicy=Wn.setMoesifContext=void 0;var rN=O(),nN=ve(),iN="Incoming",oN={logRequestBody:!0,logResponseBody:!0};function S_(e){let t={};return e.forEach((r,n)=>{t[n]=r}),t}o(S_,"headersToObject");function T_(){return new Date().toISOString()}o(T_,"timestamp");var lh=new WeakMap,sN={};function aN(e,t){let r=lh.get(e);r||(r=sN);let n=Object.assign({...r},t);lh.set(e,n)}o(aN,"setMoesifContext");Wn.setMoesifContext=aN;async function I_(e,t){let r=e.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await e.clone().json()}catch(i){t.log.error(i)}let n=await e.clone().text();return t.log.debug({textBody:n}),n}o(I_,"readBody");var cN={},dh;function P_(){if(!dh)throw new rN.RuntimeError("Invalid State - no _lastLogger");return dh}o(P_,"getLastLogger");function uN(e){let t=cN[e];return t||(t=new nN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);P_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":e},body:n});i.ok||P_().error({status:i.status,body:await i.text()})})),t}o(uN,"getDispatcher");async function lN(e,t,r,n){dh=t.log;let i=T_(),s=Object.assign(oN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await I_(e,t):void 0;return t.addResponseSendingFinalHook(async(c,u)=>{let l=uN(s.applicationId),d=e.headers.get("true-client-ip"),p=lh.get(t)??{},m={time:i,uri:e.url,verb:e.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:S_(e.headers)},h=s.logResponseBody?await I_(c,t):void 0,g={time:T_(),status:c.status,headers:S_(c.headers),body:h},_={request:m,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:iN};l.enqueue(_),t.waitUntil(l.waitUntilFlushed())}),e}o(lN,"MoesifInboundPolicy");Wn.MoesifInboundPolicy=lN});var R_=y(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.OktaJwtInboundPolicy=void 0;var dN=Vt(),pN=o(async(e,t,r,n)=>(0,dN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");oc.OktaJwtInboundPolicy=pN});var O_=y(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.PropelAuthJwtInboundPolicy=void 0;var hN=(qs(),mo(Fs)),fN=Vt(),ph,mN=o(async(e,t,r,n)=>{if(!ph)try{ph=await(0,hN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw t.log.error("Could not import verifier key"),i}return(0,fN.OpenIdJwtInboundPolicy)(e,t,{issuer:r.authUrl,secret:ph,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");sc.PropelAuthJwtInboundPolicy=mN});var N_=y(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.throwIfStateNotObject=V.throwIfStateNotNumber=V.throwIfStateNotString=V.throwIfStateUndefinedOrNull=V.throwIfStateUndefined=V.throwIfOptionNotObject=V.throwIfOptionNotNumber=V.throwIfOptionNotString=V.throwIfOptionUndefinedOrNull=V.throwIfOptionUndefined=V.OptionTypeError=V.OptionUndefinedError=V.throwIfNotNumber=V.throwIfNotString=V.throwIfUndefinedOrNull=V.throwIfUndefined=V.ArgumentTypeError=V.ArgumentUndefinedError=V.ValidationError=void 0;var je=Xe(),rt=class extends Error{static{o(this,"ValidationError")}constructor(t){super(t)}};V.ValidationError=rt;var ji=class extends rt{static{o(this,"ArgumentUndefinedError")}constructor(t){super(`The argument '${t}' is undefined.`)}};V.ArgumentUndefinedError=ji;var Vi=class extends rt{static{o(this,"ArgumentTypeError")}constructor(t,r){super(`The argument '${t}' must be of type '${r}'.`)}};V.ArgumentTypeError=Vi;function yN(e,t){if((0,je.isUndefined)(e))throw new ji(t)}o(yN,"throwIfUndefined");V.throwIfUndefined=yN;function hh(e,t){if((0,je.isUndefinedOrNull)(e))throw new ji(t)}o(hh,"throwIfUndefinedOrNull");V.throwIfUndefinedOrNull=hh;function gN(e,t){if(hh(e,t),!(0,je.isString)(e))throw new Vi(t,"string")}o(gN,"throwIfNotString");V.throwIfNotString=gN;function bN(e,t){if(hh(e,t),!(0,je.isNumber)(e))throw new Vi(t,"number")}o(bN,"throwIfNotNumber");V.throwIfNotNumber=bN;var Gi=class extends rt{static{o(this,"OptionUndefinedError")}constructor(t,r,n){super(`The option '${n}' on the ${t} named '${r}' is undefined.`)}};V.OptionUndefinedError=Gi;var Qn=class extends rt{static{o(this,"OptionTypeError")}constructor(t,r,n,i){super(`The option '${n}' on the ${t} named '${r}' must be of type '${i}'.`)}};V.OptionTypeError=Qn;function _N(e,t,r,n){if((0,je.isUndefined)(n))throw new Gi(e,t,r)}o(_N,"throwIfOptionUndefined");V.throwIfOptionUndefined=_N;function ac(e,t,r,n){if((0,je.isUndefinedOrNull)(n))throw new Gi(e,t,r)}o(ac,"throwIfOptionUndefinedOrNull");V.throwIfOptionUndefinedOrNull=ac;function EN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isString)(n))throw new Qn(e,t,r,"string")}o(EN,"throwIfOptionNotString");V.throwIfOptionNotString=EN;function wN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isNumber)(n))throw new Qn(e,t,r,"number")}o(wN,"throwIfOptionNotNumber");V.throwIfOptionNotNumber=wN;function vN(e,t,r,n){if(ac(e,t,r,n),!(0,je.isObject)(n))throw new Qn(e,t,r,"object")}o(vN,"throwIfOptionNotObject");V.throwIfOptionNotObject=vN;function SN(e,t){if((0,je.isUndefined)(e))throw new rt(t)}o(SN,"throwIfStateUndefined");V.throwIfStateUndefined=SN;function cc(e,t){if((0,je.isUndefinedOrNull)(e))throw new rt(t)}o(cc,"throwIfStateUndefinedOrNull");V.throwIfStateUndefinedOrNull=cc;function TN(e,t){if(cc(e,t),!(0,je.isString)(e))throw new rt(t);return!0}o(TN,"throwIfStateNotString");V.throwIfStateNotString=TN;function IN(e,t){if(cc(e,t),!(0,je.isNumber)(e))throw new rt(t);return!0}o(IN,"throwIfStateNotNumber");V.throwIfStateNotNumber=IN;function PN(e,t){if(cc(e,t),!(0,je.isObject)(e))throw new rt(t);return!0}o(PN,"throwIfStateNotObject");V.throwIfStateNotObject=PN});var C_=y(Yn=>{"use strict";Object.defineProperty(Yn,"__esModule",{value:!0});Yn.InMemoryRedisClient=Yn.StandardRedisClient=void 0;var fh=O(),uc=N_(),mh=class e{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(t,r,n,i){this.redisClientUrl=t,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(t,r,n,i){return(0,uc.throwIfNotString)(t,"redisClientUrl"),(0,uc.throwIfNotString)(r,"clientAuthToken"),e.instance||(e.instance=new e(t,r,n,i)),e.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:t,body:r,method:n,requestId:i}){(0,uc.throwIfNotString)(t,"url");let s=await fetch(`${this.redisClientUrl}${t}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new fh.SystemError("Redis client failed with 401: Unauthorized"):new fh.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};Yn.StandardRedisClient=mh;var yh=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:t,body:r,method:n}){if((0,uc.throwIfNotString)(t,"url"),n==="POST"&&t==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new fh.SystemError("The in-memory redis client only supports /rate-limit calls")}};Yn.InMemoryRedisClient=yh});var M_=y(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.RateLimitInboundPolicy=void 0;var AN=Rr(),RN=jt(),ON=Eo(),Ot=O(),NN=ie(),x_=Ke(),Bi=W(),L_=C_(),D_=Xe(),lc=(0,AN.debug)("zuplo:policies:RateLimitInboundPolicy"),CN="strict",xN=o(e=>{let t=e.headers.get("cf-connecting-ip")??e.headers.get("true-client-ip");if(t)return t;let r=e.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),LN=o(async e=>({key:`ip-${xN(e)}`}),"getIP"),DN=o(async e=>({key:`user-${e.user?.sub??"anonymous"}`}),"getUser"),UN=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),dc;function MN(e,t){let r;if(dc)return dc;if(Bi.Environment.instance.isLocalDevelopment)return t.info("Using in-memory redis client for local development."),r=new L_.InMemoryRedisClient,dc=r,r;let{authApiJWT:n,redisURL:i}=Bi.Environment.instance;if(!(0,D_.isString)(i))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - rate limit service URL not configured`);if(!(0,D_.isString)(n))throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - service authentication not configured`);if(i&&(r=L_.StandardRedisClient.initialize(i,n,Bi.Environment.instance.deploymentName??"unknown",Bi.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ot.SystemError(`RateLimitInboundPolicy '${e}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return dc=r,r}o(MN,"getRedisClient");async function U_(e,t,r,n,i){let s=Math.floor(t*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:e}),requestId:i})}o(U_,"getCountAndUpdateExpiry");function kN(e,t){let r;if(e.rateLimitBy==="function"){if(!e.identifier)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!e.identifier.module)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!e.identifier.export)throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=e.identifier.module[e.identifier.export],!r||typeof r!="function")throw new Ot.ConfigurationError(`RateLimitInboundPolicy '${t}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ot.RuntimeError(u)}return c},"outerFunction")}o(kN,"wrapUserFunction");var HN="Retry-After",FN=o(async(e,t,r,n)=>{let i=Date.now(),s=x_.SystemLogMap.getLogger(t),a=o((u,l)=>{if(r.throwOnFailure)throw new Ot.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[HN]=l.toString()),NN.HttpProblems.tooManyRequests(e,t,void 0,d)},"rateLimited");try{let l={function:kN(r,n),user:DN,ip:LN,all:UN}[r.rateLimitBy],d=await l(e,t,n),p=d.key,m=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=MN(n,s),T=`bucket/${Bi.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??CN)==="async"){let L=await(0,RN.getPolicyCacheName)(n,r),Z=new ON.ZoneCache(L,{logger:x_.SystemLogMap.getLogger(t)}),ne=U_(T,h,_,s,t.requestId),me=await Z.get(T);if(me!==void 0&&me<=Date.now()){lc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${T}' (async mode)`);let Be=Math.round((me-Date.now())/1e3);return c(g,Be)}return t.addEventListener("responseSending",Be=>{try{let w=Be,H=w.mutableResponse;w.mutableResponse=(async()=>{let xe=await ne;if(xe.count>m){let Tu=Date.now()+xe.ttlSeconds*1e3,Ew=Z.put(T,Tu,xe.ttlSeconds).catch(nf=>{throw s.error(new Ot.SystemError("Error caching rate limit result.",{cause:nf})),nf});return t.waitUntil(Ew),lc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (async mode)`),c(g,xe.ttlSeconds)}return H})()}catch(w){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,w)}}),e}let G=await U_(T,h,_,s,t.requestId);return G.count>m?(lc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${T}' (strict mode)`),c(g,G.ttlSeconds)):e}catch(u){return a(u.message,u),e}finally{let u=Date.now()-i;lc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");pc.RateLimitInboundPolicy=FN});var q_=y(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.ReadmeMetricsInboundPolicy=void 0;var qN=ve(),gh=W(),k_=Xt(),bh;function H_(e){let t=[];for(let[r,n]of e)t.push({name:r,value:n});return t}o(H_,"headersToNameValuePairs");function $N(e){let t=[];return Object.entries(e).forEach(([r,n])=>{t.push({name:r,value:n})}),t}o($N,"queryToNameValueParis");function jN(e){if(e===null)return;let t=parseFloat(e);if(!isNaN(t))return t}o(jN,"parseIntOrUndefined");var F_={};async function VN(e,t,r,n){let i=new Date,s=Date.now();return bh||(bh={name:"zuplo",version:gh.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${gh.Environment.instance.build.ZUPLO_VERSION}`}),t.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&e.user?(0,k_.getValueFromRequestUser)(e.user,r.userLabelPropertyPath,"userLabelPropertyPath"):e.user?.sub,u=r.userEmailPropertyPath&&e.user?(0,k_.getValueFromRequestUser)(e.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:e.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:gh.Environment.instance.isDeno,group:{label:c,email:u,id:e.user?.sub??"anonymous"},request:{log:{creator:bh,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:e.method,url:r.useFullRequestPath?new URL(e.url).pathname:t.route.path,httpVersion:"2",headers:H_(e.headers),queryString:$N(e.query)},response:{status:a.status,statusText:a.statusText,headers:H_(a.headers),content:{size:jN(e.headers.get("content-length"))}}}]}}},d=F_[r.apiKey];if(!d){let p=r.apiKey;d=new qN.BatchDispatch("readme-metering-inbound-policy",10,async m=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(m),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&t.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw t.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),F_[p]=d}d.enqueue(l),t.waitUntil(d.waitUntilFlushed())}catch(c){t.log.error(c)}}),e}o(VN,"ReadmeMetricsInboundPolicy");hc.ReadmeMetricsInboundPolicy=VN});var $_=y(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.RemoveHeadersInboundPolicy=void 0;var GN=O(),BN=He(),KN=o(async(e,t,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new GN.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(e.headers);return i.forEach(c=>{s.delete(c)}),new BN.ZuploRequest(e,{headers:s})},"RemoveHeadersInboundPolicy");fc.RemoveHeadersInboundPolicy=KN});var j_=y(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.RemoveHeadersOutboundPolicy=void 0;var JN=O(),zN=o(async(e,t,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new JN.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(e.headers);return s.forEach(u=>{a.delete(u)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"RemoveHeadersOutboundPolicy");mc.RemoveHeadersOutboundPolicy=zN});var V_=y(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.RemoveQueryParamsInboundPolicy=void 0;var WN=O(),QN=He(),YN=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new WN.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(e.url);return i.forEach(c=>{s.searchParams.delete(c)}),new QN.ZuploRequest(s.toString(),e)},"RemoveQueryParamsInboundPolicy");yc.RemoveQueryParamsInboundPolicy=YN});var G_=y(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.ReplaceStringOutboundPolicy=void 0;var ZN=o(async(e,t,r,n)=>{let i=await e.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:e.headers,status:e.status,statusText:e.statusText})},"ReplaceStringOutboundPolicy");gc.ReplaceStringOutboundPolicy=ZN});var K_=y(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.RequestSizeLimitInboundPolicy=void 0;var B_=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),XN=o(async(e,t,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(e.method))return e;let i=e.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?B_():s&&n?e:(await e.clone().text()).length>r.maxSizeInBytes?B_():e},"RequestSizeLimitInboundPolicy");bc.RequestSizeLimitInboundPolicy=XN});var _c=y(nt=>{"use strict";Object.defineProperty(nt,"__esModule",{value:!0});nt.sanitizedIdentifierName=nt.getIdForRefSchema=nt.getIdForRequestBodySchema=nt.getIdForParameterSchema=nt.getRawOperationDataIdentifierName=void 0;function eC(e,t,r){return`_${Jr(e+"_"+t+"_"+r)}`}o(eC,"getRawOperationDataIdentifierName");nt.getRawOperationDataIdentifierName=eC;function tC(e,t,r,n){return`_${Jr(e.toLowerCase())}_`+t.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(tC,"getIdForParameterSchema");nt.getIdForParameterSchema=tC;function rC(e,t,r){return`_${Jr(e.toLowerCase())}_`+t.toLowerCase()+`_rb_${Jr(r.toLowerCase())}`}o(rC,"getIdForRequestBodySchema");nt.getIdForRequestBodySchema=rC;function nC(e,t){return`_${Jr(e)}__${Jr(t)}`}o(nC,"getIdForRefSchema");nt.getIdForRefSchema=nC;function Jr(e){let t=[];for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?t.push(e.charAt(r)):t.push("_")}return t.join("")}o(Jr,"sanitizedIdentifierName");nt.sanitizedIdentifierName=Jr});var Ki=y(De=>{"use strict";Object.defineProperty(De,"__esModule",{value:!0});De.getErrorsFromValidator=De.shouldReject=De.shouldLog=De.logErrors=De.validateParameters=De.getParametersForOperation=void 0;var iC=Or(),oC=_c(),sC=o(e=>{let t=e.route.raw();return t.parameters?t.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");De.getParametersForOperation=sC;var aC=o((e,t,r,n,i)=>{let s=[],a=!0,c=[];return e.forEach(u=>{let l=u.required||i==="path";if(l&&!t[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!t[u.name])){let d=(0,oC.getIdForParameterSchema)(r,n,i,u.name),p=iC.Gateway.instance.schemaValidator[d],m=p(t[u.name]),h=(0,De.getErrorsFromValidator)(p.errors);m||(a=!1,c.push(`${i} parameter: ${u.name} : ${t[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");De.validateParameters=aC;var cC=o((e,t,r,n,i)=>{n?e.log[t](r,n,i):e.log[t](r,i)},"logErrors");De.logErrors=cC;var uC=o(e=>e==="log-only"||e==="reject-and-log","shouldLog");De.shouldLog=uC;var lC=o(e=>e==="reject-only"||e==="reject-and-log","shouldReject");De.shouldReject=lC;var dC=o(e=>e?.map(t=>t.instancePath===void 0||t.instancePath===""?t.message??"Unknown validation error":t.instancePath.replace("/","")+" "+t.message)??["Unknown validation error"],"getErrorsFromValidator");De.getErrorsFromValidator=dC});var J_=y(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.handleBodyValidation=void 0;var pC=Or(),Ec=ie(),hC=_c(),ze=Ki();async function fC(e,t,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await t.clone().json()}catch(h){let g=`Error in request body for method : ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,_=Ec.HttpProblems.badRequest(t,e,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",g,[n],h),(0,ze.shouldReject)(r.validateBody))return _}if(!t.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${t.method} in route: ${e.route.path}`,g=Ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}let i=t.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,hC.getIdForRequestBodySchema)(e.route.path,t.method,i),c=pC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${t.method} in route: ${e.route.path} with content-type: ${t.headers.get("Content-Type")}`,g=Ec.HttpProblems.badRequest(t,e,{detail:h});return(0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",h,[n],[h]),(0,ze.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,ze.getErrorsFromValidator)(l),m=Ec.HttpProblems.badRequest(t,e,{detail:`${d}, see errors property for more details`,errors:p});if((0,ze.shouldLog)(r.validateBody)&&(0,ze.logErrors)(e,r.logLevel??"info",d,[n],p),(0,ze.shouldReject)(r.validateBody))return m}o(fC,"handleBodyValidation");wc.handleBodyValidation=fC});var z_=y(vc=>{"use strict";Object.defineProperty(vc,"__esModule",{value:!0});vc.handleHeadersValidation=void 0;var mC=ie(),Ji=Ki();function yC(e,t,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};t.headers.forEach((a,c)=>{n[c]=a});let i=(0,Ji.getParametersForOperation)(e),s=(0,Ji.validateParameters)(i.filter(a=>a.location==="header"),n,e.route.path,t.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=mC.HttpProblems.badRequest(t,e,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,Ji.shouldLog)(r.validateHeaders)&&(0,Ji.logErrors)(e,r.logLevel??"info",a,s.invalidValues,s.errors),(0,Ji.shouldReject)(r.validateHeaders))return c}}o(yC,"handleHeadersValidation");vc.handleHeadersValidation=yC});var W_=y(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.handlePathParameterValidation=void 0;var gC=ie(),zi=Ki();function bC(e,t,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,zi.getParametersForOperation)(e),i=(0,zi.validateParameters)(n.filter(s=>s.location==="path"),t.params,e.route.path,t.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=gC.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,zi.shouldLog)(r.validatePathParameters)&&(0,zi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,zi.shouldReject)(r.validatePathParameters))return a}}o(bC,"handlePathParameterValidation");Sc.handlePathParameterValidation=bC});var Q_=y(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.handleQueryParameterValidation=void 0;var _C=ie(),Wi=Ki();function EC(e,t,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,Wi.getParametersForOperation)(e),i=(0,Wi.validateParameters)(n.filter(s=>s.location==="query"),t.query,e.route.path,t.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=_C.HttpProblems.badRequest(t,e,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,Wi.shouldLog)(r.validateQueryParameters)&&(0,Wi.logErrors)(e,r.logLevel??"info",s,i.invalidValues,i.errors),(0,Wi.shouldReject)(r.validateQueryParameters))return a}}o(EC,"handleQueryParameterValidation");Tc.handleQueryParameterValidation=EC});var Y_=y(zr=>{"use strict";Object.defineProperty(zr,"__esModule",{value:!0});zr.SchemaBasedRequestValidation=zr.RequestValidationInboundPolicy=void 0;var wC=J_(),vC=z_(),SC=W_(),TC=Q_(),IC=o(async(e,t,r)=>{let n=(0,TC.handleQueryParameterValidation)(t,e,r);if(n!==void 0||(n=(0,SC.handlePathParameterValidation)(t,e,r),n!==void 0)||(n=(0,vC.handleHeadersValidation)(t,e,r),n!==void 0))return n;let i=await(0,wC.handleBodyValidation)(t,e,r);return i!==void 0?i:e},"RequestValidationInboundPolicy");zr.RequestValidationInboundPolicy=IC;zr.SchemaBasedRequestValidation=zr.RequestValidationInboundPolicy});var Z_=y(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.RequireOriginInboundPolicy=void 0;var PC=O(),AC=ie(),RC=o(async(e,t,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new PC.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=e.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return AC.HttpProblems.forbidden(e,t,{detail:a})}return e},"RequireOriginInboundPolicy");Ic.RequireOriginInboundPolicy=RC});var X_=y(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.SetBodyInboundPolicy=void 0;var OC=He(),NC=o(async(e,t,r)=>new OC.ZuploRequest(e,{body:r.body}),"SetBodyInboundPolicy");Pc.SetBodyInboundPolicy=NC});var tE=y(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.SetHeadersInboundPolicy=void 0;var eE=O(),CC=He(),xC=o(async(e,t,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new eE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(e.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new eE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new CC.ZuploRequest(e,{headers:s})},"SetHeadersInboundPolicy");Ac.SetHeadersInboundPolicy=xC});var nE=y(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.SetHeadersOutboundPolicy=void 0;var rE=O(),LC=o(async(e,t,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new rE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(e.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new rE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(e.body,{headers:a,status:e.status,statusText:e.statusText})},"SetHeadersOutboundPolicy");Rc.SetHeadersOutboundPolicy=LC});var oE=y(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.SetQueryParamsInboundPolicy=void 0;var iE=O(),DC=He(),UC=o(async(e,t,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new iE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(e.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new iE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new DC.ZuploRequest(s.toString(),e)},"SetQueryParamsInboundPolicy");Oc.SetQueryParamsInboundPolicy=UC});var sE=y(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.SetStatusOutboundPolicy=void 0;var MC=o(async(e,t,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(e.body,{headers:e.headers,status:n.status,statusText:n.statusText??e.statusText})},"SetStatusOutboundPolicy");Nc.SetStatusOutboundPolicy=MC});var aE=y(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.SleepInboundPolicy=void 0;var kC=O(),HC=o(async e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),FC=o(async(e,t,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new kC.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await HC(r.sleepInMs),e},"SleepInboundPolicy");Cc.SleepInboundPolicy=FC});var uE=y(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.SupabaseJwtInboundPolicy=void 0;var cE=O(),qC=ie(),$C=He(),jC=Rt(),VC=Vt(),GC=o(async(e,t,r,n)=>{(0,jC.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,VC.OpenIdJwtInboundPolicy)(e,t,i,n);if(s instanceof Response)return s;if(!(s instanceof $C.ZuploRequest))throw new cE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=e.user?.data.app_metadata;if(!c)throw new cE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?qC.HttpProblems.unauthorized(e,t,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");xc.SupabaseJwtInboundPolicy=GC});var dE=y(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var BC=jt(),KC=Jt(),lE=O(),JC=Sn(),zC=Rt(),WC=o(async(e,t,r,n)=>{(0,zC.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,BC.getPolicyCacheName)(n,r),s=new KC.MemoryZoneReadThroughCache(i,t),a=await s.get(n);if(!a){let c=await QC(r,t);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return e.headers.set("Authorization",`Bearer ${a}`),e},"UpstreamAzureAdServiceAuthInboundPolicy");Lc.UpstreamAzureAdServiceAuthInboundPolicy=WC;async function QC(e,t){let r=new URLSearchParams({client_id:e.activeDirectoryClientId,scope:`${e.activeDirectoryClientId}/.default`,client_secret:e.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,JC.fetchRetry)({retries:e.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${e.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();t.log.error("Could not get token from Azure AD",s)}catch{}throw new lE.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new lE.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(QC,"getAccessToken")});var hE=y(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var YC=jt(),ZC=Jt(),XC=O(),_h=Tn(),ex=Rt(),pE="https://accounts.google.com/o/oauth2/token",Eh,tx=o(async(e,t,r,n)=>{(0,ex.optionValidator)(r,n).required("serviceAccountJson","string"),Eh||(Eh=await _h.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,YC.getPolicyCacheName)(n,r),a=new ZC.MemoryZoneReadThroughCache(s,t),c=await a.get(n);if(!c){let u=await(0,_h.getTokenFromGcpServiceAccount)({serviceAccount:Eh,audience:pE,payload:i}),l=await(0,_h.exchangeGgpJwtForIdToken)(pE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new XC.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamFirebaseAdminAuthInboundPolicy");Dc.UpstreamFirebaseAdminAuthInboundPolicy=tx});var fE=y(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var rx=jt(),nx=Jt(),Zn=O(),ix=eh(),wh=Tn(),ox=Xt(),sx=Rt(),ax="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",cx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],vh,ux=o(async(e,t,r,n)=>{if((0,sx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new Zn.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(cx.indexOf(p)!==-1)throw new Zn.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}vh||(vh=await wh.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!e.user)throw new Zn.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=e.user?.sub}else if(r.userIdPropertyPath){if(!e.user)throw new Zn.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,ox.getValueFromRequestUser)(e.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new Zn.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,rx.getPolicyCacheName)(n,r),c=new nx.MemoryZoneReadThroughCache(a,t),u={uid:s,claims:i},l=await(0,ix.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,wh.getTokenFromGcpServiceAccount)({serviceAccount:vh,audience:ax,payload:u}),m=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,wh.exchangeFirebaseJwtForIdToken)(m,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new Zn.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${d}`),e},"UpstreamFirebaseUserAuthInboundPolicy");Uc.UpstreamFirebaseUserAuthInboundPolicy=ux});var yE=y(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.UpstreamGcpJwtInboundPolicy=void 0;var mE=Tn(),lx=Rt(),Sh,dx=o(async(e,t,r,n)=>{(0,lx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),Sh||(Sh=await mE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,mE.getTokenFromGcpServiceAccount)({serviceAccount:Sh,audience:r.audience});return e.headers.set("Authorization",`Bearer ${i}`),e},"UpstreamGcpJwtInboundPolicy");Mc.UpstreamGcpJwtInboundPolicy=dx});var bE=y(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.UpstreamGcpServiceAuthInboundPolicy=void 0;var px=jt(),hx=Cu(),fx=Jt(),Qi=O(),Th=Tn(),mx=Xt(),yx=Rt(),gE="https://www.googleapis.com/oauth2/v4/token",Ih,gx=o(async(e,t,r,n)=>{(0,yx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Ih||(Ih=await Th.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new Qi.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,mx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof Qi.ConfigurationError?new Qi.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,px.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new hx.MemoryCache(s):a=new fx.MemoryZoneReadThroughCache(s,t);let c=await a.get(n);if(!c){let u=await(0,Th.getTokenFromGcpServiceAccount)({serviceAccount:Ih,audience:gE,payload:i}),l=await(0,Th.exchangeGgpJwtForIdToken)(gE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new Qi.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new Qi.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return e.headers.set("Authorization",`Bearer ${c}`),e},"UpstreamGcpServiceAuthInboundPolicy");kc.UpstreamGcpServiceAuthInboundPolicy=gx});var EE=y(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.ValidateJsonSchemaInbound=void 0;var bx=O(),_E=ie(),_x=o(async(e,t,r)=>{let n=e.clone(),i;try{i=await n.json()}catch{return _E.HttpProblems.badRequest(e,t,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return e;let{errors:a}=r.validator;if(!a)throw new bx.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return _E.HttpProblems.badRequest(e,t,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Hc.ValidateJsonSchemaInbound=_x});var wE=y(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.ServiceProviderImpl=void 0;var Ex=O(),Ph=class{static{o(this,"ServiceProviderImpl")}services=new Map;addService(t,r){if(this.services.get(t))throw new Ex.SystemError(`A service with the name ${t} already exists -- you cannot have duplicate services`);this.services.set(t,r)}getService(t){return this.services.get(t)}};Fc.ServiceProviderImpl=Ph});var DE=y(f=>{"use strict";var wx=f&&f.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),Ah=f&&f.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&wx(t,e,r)},vx=f&&f.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(f,"__esModule",{value:!0});f.OpenIdJwtInboundPolicy=f.OktaJwtInboundPolicy=f.setMoesifContext=f.MoesifInboundPolicy=f.MockApiInboundPolicy=f.MonetizationInboundPolicy=f.JWTScopeValidationInboundPolicy=f.GeoFilterInboundPolicy=f.FormDataToJsonInboundPolicy=f.FirebaseJwtInboundPolicy=f.CurityPhantomTokenInboundPolicy=f.CompositeInboundPolicy=f.CognitoJwtInboundPolicy=f.ClerkJwtInboundPolicy=f.ClearHeadersOutboundPolicy=f.ClearHeadersInboundPolicy=f.ChangeMethodInboundPolicy=f.CachingInboundPolicy=f.BasicAuthInboundPolicy=f.Auth0JwtInboundPolicy=f.ApiKeyInboundPolicy=f.ApiAuthKeyInboundPolicy=f.AmberfloMeteringPolicy=f.AmberfloMeteringInboundPolicy=f.OutboundPolicy=f.InboundPolicy=f.AuditLogPlugin=f.AuditLogDataStaxProvider=f.HttpStatusCode=f.webSocketPipelineHandler=f.webSocketHandler=f.urlRewriteHandler=f.urlForwardHandler=f.redirectHandler=f.openApiSpecHandler=f.awsLambdaHandler=f.AwsLambdaHandlerExtensions=f.purgeGatewayCache=f.Handler=f.originalFetch=f.RuntimeError=f.ConfigurationError=f.isZuploReadableEnvVariableName=f.isRestrictedEnvVariableName=f.environment=f.ContextData=f.ResponseSentEvent=f.ResponseSendingEvent=f.ZoneCache=f.MemoryZoneReadThroughCache=void 0;f.sanitizedIdentifierName=f.getRawOperationDataIdentifierName=f.getIdForRequestBodySchema=f.getIdForRefSchema=f.getIdForParameterSchema=f.SystemLogMap=f.httpStatuses=f.SYSTEM_LOGGER=f.API_KEY=f.ServiceProviderImpl=f.serialize=f.ContentTypes=f.Router=f.LookupResult=f.SystemRouteName=f.ZuploRequest=f.ProblemResponseFormatter=f.HttpProblems=f.ValidateJsonSchemaInbound=f.UpstreamGcpServiceAuthInboundPolicy=f.UpstreamGcpJwtInboundPolicy=f.UpstreamFirebaseUserAuthInboundPolicy=f.UpstreamFirebaseAdminAuthInboundPolicy=f.UpstreamAzureAdServiceAuthInboundPolicy=f.SupabaseJwtInboundPolicy=f.StripeWebhookVerificationInboundPolicy=f.SleepInboundPolicy=f.SetStatusOutboundPolicy=f.SetQueryParamsInboundPolicy=f.SetHeadersOutboundPolicy=f.SetHeadersInboundPolicy=f.SetBodyInboundPolicy=f.RequireOriginInboundPolicy=f.SchemaBasedRequestValidation=f.RequestValidationInboundPolicy=f.RequestSizeLimitInboundPolicy=f.ReplaceStringOutboundPolicy=f.RemoveQueryParamsInboundPolicy=f.RemoveHeadersOutboundPolicy=f.RemoveHeadersInboundPolicy=f.ReadmeMetricsInboundPolicy=f.RateLimitInboundPolicy=f.BasicRateLimitInboundPolicy=f.PropelAuthJwtInboundPolicy=void 0;lf();var Sx=Jt();Object.defineProperty(f,"MemoryZoneReadThroughCache",{enumerable:!0,get:function(){return Sx.MemoryZoneReadThroughCache}});var Tx=Eo();Object.defineProperty(f,"ZoneCache",{enumerable:!0,get:function(){return Tx.ZoneCache}});var vE=Nr();Object.defineProperty(f,"ResponseSendingEvent",{enumerable:!0,get:function(){return vE.ResponseSendingEvent}});Object.defineProperty(f,"ResponseSentEvent",{enumerable:!0,get:function(){return vE.ResponseSentEvent}});var Ix=Qd();Object.defineProperty(f,"ContextData",{enumerable:!0,get:function(){return Ix.ContextData}});var Rh=Mi();Object.defineProperty(f,"environment",{enumerable:!0,get:function(){return Rh.environment}});Object.defineProperty(f,"isRestrictedEnvVariableName",{enumerable:!0,get:function(){return Rh.isRestrictedEnvVariableName}});Object.defineProperty(f,"isZuploReadableEnvVariableName",{enumerable:!0,get:function(){return Rh.isZuploReadableEnvVariableName}});var SE=O();Object.defineProperty(f,"ConfigurationError",{enumerable:!0,get:function(){return SE.ConfigurationError}});Object.defineProperty(f,"RuntimeError",{enumerable:!0,get:function(){return SE.RuntimeError}});var Px=Zd();Object.defineProperty(f,"originalFetch",{enumerable:!0,get:function(){return Px.originalFetch}});var TE=Hg();Object.defineProperty(f,"Handler",{enumerable:!0,get:function(){return TE.Handler}});Object.defineProperty(f,"purgeGatewayCache",{enumerable:!0,get:function(){return TE.purgeGatewayCache}});var IE=tb();Object.defineProperty(f,"AwsLambdaHandlerExtensions",{enumerable:!0,get:function(){return IE.AwsLambdaHandlerExtensions}});Object.defineProperty(f,"awsLambdaHandler",{enumerable:!0,get:function(){return IE.awsLambdaHandler}});var Ax=nb();Object.defineProperty(f,"openApiSpecHandler",{enumerable:!0,get:function(){return Ax.openApiSpecHandler}});var Rx=ib();Object.defineProperty(f,"redirectHandler",{enumerable:!0,get:function(){return Rx.redirectHandler}});var Ox=sb();Object.defineProperty(f,"urlForwardHandler",{enumerable:!0,get:function(){return Ox.urlForwardHandler}});var Nx=cb();Object.defineProperty(f,"urlRewriteHandler",{enumerable:!0,get:function(){return Nx.urlRewriteHandler}});var Cx=lb();Object.defineProperty(f,"webSocketHandler",{enumerable:!0,get:function(){return Cx.webSocketHandler}});var xx=hb();Object.defineProperty(f,"webSocketPipelineHandler",{enumerable:!0,get:function(){return xx.webSocketPipelineHandler}});var Lx=rl();Object.defineProperty(f,"HttpStatusCode",{enumerable:!0,get:function(){return Lx.HttpStatusCode}});Ah(wb(),f);Ah(Tb(),f);var Dx=Ib();Object.defineProperty(f,"AuditLogDataStaxProvider",{enumerable:!0,get:function(){return Dx.AuditLogDataStaxProvider}});var Ux=Ab();Object.defineProperty(f,"AuditLogPlugin",{enumerable:!0,get:function(){return Ux.AuditLogPlugin}});Ah(jb(),f);var PE=yi();Object.defineProperty(f,"InboundPolicy",{enumerable:!0,get:function(){return PE.InboundPolicy}});Object.defineProperty(f,"OutboundPolicy",{enumerable:!0,get:function(){return PE.OutboundPolicy}});var AE=Jb();Object.defineProperty(f,"AmberfloMeteringInboundPolicy",{enumerable:!0,get:function(){return AE.AmberfloMeteringInboundPolicy}});Object.defineProperty(f,"AmberfloMeteringPolicy",{enumerable:!0,get:function(){return AE.AmberfloMeteringPolicy}});var Mx=Zb();Object.defineProperty(f,"ApiAuthKeyInboundPolicy",{enumerable:!0,get:function(){return Mx.ApiAuthKeyInboundPolicy}});var kx=nh();Object.defineProperty(f,"ApiKeyInboundPolicy",{enumerable:!0,get:function(){return kx.ApiKeyInboundPolicy}});var Hx=Xb();Object.defineProperty(f,"Auth0JwtInboundPolicy",{enumerable:!0,get:function(){return Hx.Auth0JwtInboundPolicy}});var Fx=e_();Object.defineProperty(f,"BasicAuthInboundPolicy",{enumerable:!0,get:function(){return Fx.BasicAuthInboundPolicy}});var qx=t_();Object.defineProperty(f,"CachingInboundPolicy",{enumerable:!0,get:function(){return qx.CachingInboundPolicy}});var $x=r_();Object.defineProperty(f,"ChangeMethodInboundPolicy",{enumerable:!0,get:function(){return $x.ChangeMethodInboundPolicy}});var jx=n_();Object.defineProperty(f,"ClearHeadersInboundPolicy",{enumerable:!0,get:function(){return jx.ClearHeadersInboundPolicy}});var Vx=i_();Object.defineProperty(f,"ClearHeadersOutboundPolicy",{enumerable:!0,get:function(){return Vx.ClearHeadersOutboundPolicy}});var Gx=o_();Object.defineProperty(f,"ClerkJwtInboundPolicy",{enumerable:!0,get:function(){return Gx.ClerkJwtInboundPolicy}});var Bx=a_();Object.defineProperty(f,"CognitoJwtInboundPolicy",{enumerable:!0,get:function(){return Bx.CognitoJwtInboundPolicy}});var Kx=u_();Object.defineProperty(f,"CompositeInboundPolicy",{enumerable:!0,get:function(){return Kx.CompositeInboundPolicy}});var Jx=l_();Object.defineProperty(f,"CurityPhantomTokenInboundPolicy",{enumerable:!0,get:function(){return Jx.CurityPhantomTokenInboundPolicy}});var zx=d_();Object.defineProperty(f,"FirebaseJwtInboundPolicy",{enumerable:!0,get:function(){return zx.FirebaseJwtInboundPolicy}});var Wx=p_();Object.defineProperty(f,"FormDataToJsonInboundPolicy",{enumerable:!0,get:function(){return Wx.FormDataToJsonInboundPolicy}});var Qx=h_();Object.defineProperty(f,"GeoFilterInboundPolicy",{enumerable:!0,get:function(){return Qx.GeoFilterInboundPolicy}});var Yx=f_();Object.defineProperty(f,"JWTScopeValidationInboundPolicy",{enumerable:!0,get:function(){return Yx.JWTScopeValidationInboundPolicy}});var Zx=E_();Object.defineProperty(f,"MonetizationInboundPolicy",{enumerable:!0,get:function(){return Zx.MonetizationInboundPolicy}});var Xx=v_();Object.defineProperty(f,"MockApiInboundPolicy",{enumerable:!0,get:function(){return Xx.MockApiInboundPolicy}});var RE=A_();Object.defineProperty(f,"MoesifInboundPolicy",{enumerable:!0,get:function(){return RE.MoesifInboundPolicy}});Object.defineProperty(f,"setMoesifContext",{enumerable:!0,get:function(){return RE.setMoesifContext}});var eL=R_();Object.defineProperty(f,"OktaJwtInboundPolicy",{enumerable:!0,get:function(){return eL.OktaJwtInboundPolicy}});var tL=Vt();Object.defineProperty(f,"OpenIdJwtInboundPolicy",{enumerable:!0,get:function(){return tL.OpenIdJwtInboundPolicy}});var rL=O_();Object.defineProperty(f,"PropelAuthJwtInboundPolicy",{enumerable:!0,get:function(){return rL.PropelAuthJwtInboundPolicy}});var OE=M_();Object.defineProperty(f,"BasicRateLimitInboundPolicy",{enumerable:!0,get:function(){return OE.RateLimitInboundPolicy}});Object.defineProperty(f,"RateLimitInboundPolicy",{enumerable:!0,get:function(){return OE.RateLimitInboundPolicy}});var nL=q_();Object.defineProperty(f,"ReadmeMetricsInboundPolicy",{enumerable:!0,get:function(){return nL.ReadmeMetricsInboundPolicy}});var iL=$_();Object.defineProperty(f,"RemoveHeadersInboundPolicy",{enumerable:!0,get:function(){return iL.RemoveHeadersInboundPolicy}});var oL=j_();Object.defineProperty(f,"RemoveHeadersOutboundPolicy",{enumerable:!0,get:function(){return oL.RemoveHeadersOutboundPolicy}});var sL=V_();Object.defineProperty(f,"RemoveQueryParamsInboundPolicy",{enumerable:!0,get:function(){return sL.RemoveQueryParamsInboundPolicy}});var aL=G_();Object.defineProperty(f,"ReplaceStringOutboundPolicy",{enumerable:!0,get:function(){return aL.ReplaceStringOutboundPolicy}});var cL=K_();Object.defineProperty(f,"RequestSizeLimitInboundPolicy",{enumerable:!0,get:function(){return cL.RequestSizeLimitInboundPolicy}});var NE=Y_();Object.defineProperty(f,"RequestValidationInboundPolicy",{enumerable:!0,get:function(){return NE.RequestValidationInboundPolicy}});Object.defineProperty(f,"SchemaBasedRequestValidation",{enumerable:!0,get:function(){return NE.SchemaBasedRequestValidation}});var uL=Z_();Object.defineProperty(f,"RequireOriginInboundPolicy",{enumerable:!0,get:function(){return uL.RequireOriginInboundPolicy}});var lL=X_();Object.defineProperty(f,"SetBodyInboundPolicy",{enumerable:!0,get:function(){return lL.SetBodyInboundPolicy}});var dL=tE();Object.defineProperty(f,"SetHeadersInboundPolicy",{enumerable:!0,get:function(){return dL.SetHeadersInboundPolicy}});var pL=nE();Object.defineProperty(f,"SetHeadersOutboundPolicy",{enumerable:!0,get:function(){return pL.SetHeadersOutboundPolicy}});var hL=oE();Object.defineProperty(f,"SetQueryParamsInboundPolicy",{enumerable:!0,get:function(){return hL.SetQueryParamsInboundPolicy}});var fL=sE();Object.defineProperty(f,"SetStatusOutboundPolicy",{enumerable:!0,get:function(){return fL.SetStatusOutboundPolicy}});var mL=aE();Object.defineProperty(f,"SleepInboundPolicy",{enumerable:!0,get:function(){return mL.SleepInboundPolicy}});var yL=Dp();Object.defineProperty(f,"StripeWebhookVerificationInboundPolicy",{enumerable:!0,get:function(){return yL.StripeWebhookVerificationInboundPolicy}});var gL=uE();Object.defineProperty(f,"SupabaseJwtInboundPolicy",{enumerable:!0,get:function(){return gL.SupabaseJwtInboundPolicy}});var bL=dE();Object.defineProperty(f,"UpstreamAzureAdServiceAuthInboundPolicy",{enumerable:!0,get:function(){return bL.UpstreamAzureAdServiceAuthInboundPolicy}});var _L=hE();Object.defineProperty(f,"UpstreamFirebaseAdminAuthInboundPolicy",{enumerable:!0,get:function(){return _L.UpstreamFirebaseAdminAuthInboundPolicy}});var EL=fE();Object.defineProperty(f,"UpstreamFirebaseUserAuthInboundPolicy",{enumerable:!0,get:function(){return EL.UpstreamFirebaseUserAuthInboundPolicy}});var wL=yE();Object.defineProperty(f,"UpstreamGcpJwtInboundPolicy",{enumerable:!0,get:function(){return wL.UpstreamGcpJwtInboundPolicy}});var vL=bE();Object.defineProperty(f,"UpstreamGcpServiceAuthInboundPolicy",{enumerable:!0,get:function(){return vL.UpstreamGcpServiceAuthInboundPolicy}});var SL=EE();Object.defineProperty(f,"ValidateJsonSchemaInbound",{enumerable:!0,get:function(){return SL.ValidateJsonSchemaInbound}});var TL=ie();Object.defineProperty(f,"HttpProblems",{enumerable:!0,get:function(){return TL.HttpProblems}});var IL=Oo();Object.defineProperty(f,"ProblemResponseFormatter",{enumerable:!0,get:function(){return IL.ProblemResponseFormatter}});var PL=He();Object.defineProperty(f,"ZuploRequest",{enumerable:!0,get:function(){return PL.ZuploRequest}});var AL=xr();Object.defineProperty(f,"SystemRouteName",{enumerable:!0,get:function(){return AL.SystemRouteName}});var CE=$d();Object.defineProperty(f,"LookupResult",{enumerable:!0,get:function(){return CE.LookupResult}});Object.defineProperty(f,"Router",{enumerable:!0,get:function(){return CE.Router}});var xE=Ku();Object.defineProperty(f,"ContentTypes",{enumerable:!0,get:function(){return xE.ContentTypes}});Object.defineProperty(f,"serialize",{enumerable:!0,get:function(){return xE.serialize}});var RL=wE();Object.defineProperty(f,"ServiceProviderImpl",{enumerable:!0,get:function(){return RL.ServiceProviderImpl}});var LE=wl();Object.defineProperty(f,"API_KEY",{enumerable:!0,get:function(){return LE.API_KEY}});Object.defineProperty(f,"SYSTEM_LOGGER",{enumerable:!0,get:function(){return LE.SYSTEM_LOGGER}});var OL=il();Object.defineProperty(f,"httpStatuses",{enumerable:!0,get:function(){return vx(OL).default}});var NL=Ke();Object.defineProperty(f,"SystemLogMap",{enumerable:!0,get:function(){return NL.SystemLogMap}});var Yi=_c();Object.defineProperty(f,"getIdForParameterSchema",{enumerable:!0,get:function(){return Yi.getIdForParameterSchema}});Object.defineProperty(f,"getIdForRefSchema",{enumerable:!0,get:function(){return Yi.getIdForRefSchema}});Object.defineProperty(f,"getIdForRequestBodySchema",{enumerable:!0,get:function(){return Yi.getIdForRequestBodySchema}});Object.defineProperty(f,"getRawOperationDataIdentifierName",{enumerable:!0,get:function(){return Yi.getRawOperationDataIdentifierName}});Object.defineProperty(f,"sanitizedIdentifierName",{enumerable:!0,get:function(){return Yi.sanitizedIdentifierName}})});var UE=y(Xn=>{"use strict";Object.defineProperty(Xn,"__esModule",{value:!0});Xn.BaseCryptoBeta=Xn.supportedDigests=void 0;Xn.supportedDigests=["sha-1","sha-256","sha-384","sha-512"];var Oh=class{static{o(this,"BaseCryptoBeta")}};Xn.BaseCryptoBeta=Oh});var ME=y(qc=>{"use strict";Object.defineProperty(qc,"__esModule",{value:!0});qc.WorkerCryptoBeta=void 0;var Nh=UE(),CL=O(),Ch=class extends Nh.BaseCryptoBeta{static{o(this,"WorkerCryptoBeta")}async digest(t,r){if(!Nh.supportedDigests.includes(t.toLowerCase()))throw new CL.RuntimeError(`Algorithm ${t} is not supported. Try using ${Nh.supportedDigests.join(", ")}`);let n=new TextEncoder().encode(r),i=await crypto.subtle.digest(t,n);return Array.from(new Uint8Array(i)).map(c=>c.toString(16).padStart(2,"0")).join("")}};qc.WorkerCryptoBeta=Ch});var kE=y($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.BaseKeyValueStore=void 0;var xh=class{static{o(this,"BaseKeyValueStore")}context;constructor(t){this.context=t}};$c.BaseKeyValueStore=xh});var FE=y(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.WorkerKeyValueStore=void 0;var HE=O(),xL=kE(),Lh=class extends xL.BaseKeyValueStore{static{o(this,"WorkerKeyValueStore")}#e;constructor(t){super(t);let n=globalThis.ZUPLO_KV;if(!n)throw new HE.FeatureNotEnabledError("The Key Value Store feature is not enabled for this project.");this.#e=n}put(t,r,n){if(typeof t!="string")throw new HE.ConfigurationError("value must be of type string");return this.#e.put(t,r,n?{expirationTtl:n.expirationSecondsTtl}:void 0)}get(t,r){return this.#e.get(t,{type:"text",cacheTtl:r?.cacheSecondsTtl})}delete(t){return this.#e.delete(t)}};jc.WorkerKeyValueStore=Lh});var Mt=y(pt=>{"use strict";var LL=pt&&pt.__createBinding||(Object.create?function(e,t,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(t,r);(!i||("get"in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[r]}}),Object.defineProperty(e,n,i)}:function(e,t,r,n){n===void 0&&(n=r),e[n]=t[r]}),DL=pt&&pt.__exportStar||function(e,t){for(var r in e)r!=="default"&&!Object.prototype.hasOwnProperty.call(t,r)&&LL(t,e,r)};Object.defineProperty(pt,"__esModule",{value:!0});pt.KeyValueStore=pt.CryptoBeta=void 0;DL(DE(),pt);var UL=ME();Object.defineProperty(pt,"CryptoBeta",{enumerable:!0,get:function(){return UL.WorkerCryptoBeta}});var ML=FE();Object.defineProperty(pt,"KeyValueStore",{enumerable:!0,get:function(){return ML.WorkerKeyValueStore}})});var VD={};fo(VD,{GraphQLComplexityLimitInboundPolicy:()=>gw,GraphQLDisableIntrospectionInboundPolicy:()=>_w});module.exports=mo(VD);var di=sf(Mt());function B(e,t){if(!!!e)throw new Error(t)}o(B,"devAssert");function Ee(e){return typeof e=="object"&&e!==null}o(Ee,"isObjectLike");function Nt(e,t){if(!!!e)throw new Error(t??"Unexpected invariant triggered.")}o(Nt,"invariant");var kL=/\r\n|[\n\r]/g;function ei(e,t){let r=0,n=1;for(let i of e.body.matchAll(kL)){if(typeof i.index=="number"||Nt(!1),i.index>=t)break;r=i.index+i[0].length,n+=1}return{line:n,column:t+1-r}}o(ei,"getLocation");function Dh(e){return Vc(e.source,ei(e.source,e.start))}o(Dh,"printLocation");function Vc(e,t){let r=e.locationOffset.column-1,n="".padStart(r)+e.body,i=t.line-1,s=e.locationOffset.line-1,a=t.line+s,c=t.line===1?r:0,u=t.column+c,l=`${e.name}:${a}:${u}
|
|
75
75
|
`,d=n.split(/\r\n|[\n\r]/g),p=d[i];if(p.length>120){let m=Math.floor(u/80),h=u%80,g=[];for(let _=0;_<p.length;_+=80)g.push(p.slice(_,_+80));return l+qE([[`${a} |`,g[0]],...g.slice(1,m+1).map(_=>["|",_]),["|","^".padStart(h)],["|",g[m+1]]])}return l+qE([[`${a-1} |`,d[i-1]],[`${a} |`,p],["|","^".padStart(u)],[`${a+1} |`,d[i+1]]])}o(Vc,"printSourceLocation");function qE(e){let t=e.filter(([n,i])=>i!==void 0),r=Math.max(...t.map(([n])=>n.length));return t.map(([n,i])=>n.padStart(r)+(i?" "+i:"")).join(`
|
|
76
76
|
`)}o(qE,"printPrefixedLines");function HL(e){let t=e[0];return t==null||"kind"in t||"length"in t?{nodes:t,source:e[1],positions:e[2],path:e[3],originalError:e[4],extensions:e[5]}:t}o(HL,"toNormalizedOptions");var x=class e extends Error{static{o(this,"GraphQLError")}constructor(t,...r){var n,i,s;let{nodes:a,source:c,positions:u,path:l,originalError:d,extensions:p}=HL(r);super(t),this.name="GraphQLError",this.path=l??void 0,this.originalError=d??void 0,this.nodes=$E(Array.isArray(a)?a:a?[a]:void 0);let m=$E((n=this.nodes)===null||n===void 0?void 0:n.map(g=>g.loc).filter(g=>g!=null));this.source=c??(m==null||(i=m[0])===null||i===void 0?void 0:i.source),this.positions=u??m?.map(g=>g.start),this.locations=u&&c?u.map(g=>ei(c,g)):m?.map(g=>ei(g.source,g.start));let h=Ee(d?.extensions)?d?.extensions:void 0;this.extensions=(s=p??h)!==null&&s!==void 0?s:Object.create(null),Object.defineProperties(this,{message:{writable:!0,enumerable:!0},name:{enumerable:!1},nodes:{enumerable:!1},source:{enumerable:!1},positions:{enumerable:!1},originalError:{enumerable:!1}}),d!=null&&d.stack?Object.defineProperty(this,"stack",{value:d.stack,writable:!0,configurable:!0}):Error.captureStackTrace?Error.captureStackTrace(this,e):Object.defineProperty(this,"stack",{value:Error().stack,writable:!0,configurable:!0})}get[Symbol.toStringTag](){return"GraphQLError"}toString(){let t=this.message;if(this.nodes)for(let r of this.nodes)r.loc&&(t+=`
|
|
77
77
|
|