@zuplo/graphql 5.1828.0 → 5.1829.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new Yr.StripeSignatureVerificationError(e,t,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Yr.StripeSignatureVerificationError(e,t,{message:"Timestamp outside the tolerance zone"});return!0}o(HR,"validateComputedSignature");function qR(t,e){return typeof t!="string"?null:t.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===e&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(qR,"parseHeader");function $R(t,e){if(t.length!==e.length)return!1;let r=t.length,n=0;for(let i=0;i<r;++i)n|=t.charCodeAt(i)^e.charCodeAt(i);return n===0}o($R,"secureCompare");async function Zb(t,e){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(t)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=Qp[s[c]];return a.join("")}o(Zb,"computeHMACSignatureAsync");Zn.computeHMACSignatureAsync=Zb;var Qp=new Array(256);for(let t=0;t<Qp.length;t++)Qp[t]=t.toString(16).padStart(2,"0")});var ut=b($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.optionValidator=void 0;var Xn=k(),jR=st();function VR(t,e,r="policy"){let n=`${r} '${e}'`;if(!(0,jR.isObject)(t))throw new Xn.ConfigurationError(`Options on ${n} is expected to be an object. Received the type '${typeof t}'.`);let i=o((c,u,l)=>{let d=t[c];if(!(l&&d===void 0)){if(d===void 0)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(u==="array"&&Array.isArray(d))throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be an array. Received type ${typeof d}.`);if(typeof d!==u)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be of type ${u}. Received type ${typeof d}.`);if(typeof d=="string"&&d.length===0)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof d=="number"&&isNaN(d))throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),s=o((c,u)=>(i(c,u,!0),{optional:s,required:a}),"optional"),a=o((c,u)=>(i(c,u,!1),{optional:s,required:a}),"required");return{optional:s,required:a}}o(VR,"optionValidator");$a.optionValidator=VR});var Zp=b(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.StripeWebhookVerificationInboundPolicy=void 0;var BR=gn(),GR=pe(),KR=Xb(),JR=ut(),Yp=class extends BR.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(e,r){(0,JR.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=e.headers.get("stripe-signature");try{let i=await e.clone().text();await(0,KR.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){let s=i.message;if(i.type&&i.type==="StripeSignatureVerificationError"){let a=i.message,u=/Note:(.*)/g.exec(a);s=u?u[1].trim():a}return r.log.error("Error validating stripe webhook",s),GR.HttpProblems.badRequest(e,r,{title:"Webhook Error",detail:s})}return e}};ja.StripeWebhookVerificationInboundPolicy=Yp});var t_=b(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.isStripeWebhookEvent=void 0;var e_=st();function zR(t){return t!==null&&typeof t=="object"&&"id"in t&&(0,e_.isString)(t.id)&&"type"in t&&(0,e_.isString)(t.type)}o(zR,"isStripeWebhookEvent");Va.isStripeWebhookEvent=zR});var r_=b(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.MeteringPlugin=void 0;var WR=Rt(),Xp=class extends WR.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Ba.MeteringPlugin=Xp});var rf=b(tf=>{"use strict";Object.defineProperty(tf,"__esModule",{value:!0});var ef=k(),QR={getSubscription:async({subscriptionId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i},getCustomer:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i},getUpcomingInvoice:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i}};tf.default=QR});var n_=b(Ar=>{"use strict";Object.defineProperty(Ar,"__esModule",{value:!0});Ar.deleteConsumer=Ar.createConsumerInvite=Ar.createConsumer=void 0;var nf=k(),of=Ze(),sf=ie(),af=Dn(),cf="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function YR({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=sf.Environment.instance,u=new URL(`/v1/buckets/${t}/consumers`,cf);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,f),new nf.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:r}),l}o(YR,"createConsumer");Ar.createConsumer=YR;async function ZR({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=sf.Environment.instance,c=new URL(`/v1/buckets/${t}/consumers`,cf);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let f="Error creating API Key Consumer";throw s.log.error(f,p),new nf.RuntimeError(f)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:e,stripeProductId:r}),u}o(ZR,"createConsumerInvite");Ar.createConsumerInvite=ZR;async function XR({apiKeyBucketName:t,consumerId:e,context:r}){let{authApiJWT:n}=sf.Environment.instance,i=new URL(`/v1/buckets/${t}/consumers/${e}`,cf);i.searchParams.set("with-api-key","true");let s=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new nf.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${e}`),e}o(XR,"deleteConsumer");Ar.deleteConsumer=XR});var Ga=b(Or=>{"use strict";Object.defineProperty(Or,"__esModule",{value:!0});Or.getSubscription=Or.updateSubscription=Or.createSubscription=void 0;var Rr=k(),uf=Ze(),lf=ie(),df=Dn(),pf=st();async function eO({context:t,stripeSubscriptionId:e,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(l))throw new Rr.SystemError("No Zuplo JWT token set.");let p=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let f="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw t.log.error(f,h),new Rr.RuntimeError(f)}t.log.info("Successfully created/updated metering subscription.",u)}o(eO,"createSubscription");Or.createSubscription=eO;async function tO({context:t,meteringSubscriptionId:e,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${r}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw t.log.error(c,u),new Rr.RuntimeError(c)}t.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(tO,"updateSubscription");Or.updateSubscription=tO;async function rO({context:t,stripeSubscriptionId:e,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw t.log.error(u,l),new Rr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw t.log.error(u),new Rr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw t.log.error(u),new Rr.RuntimeError(u)}return c.data[0]}o(rO,"getSubscription");Or.getSubscription=rO});var ff=b(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.stripeStatusToMeteringStatus=void 0;function nO(t){return t.replaceAll("_","-")}o(nO,"stripeStatusToMeteringStatus");Ka.stripeStatusToMeteringStatus=nO});var i_=b(Yi=>{"use strict";var iO=Yi&&Yi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(Yi,"__esModule",{value:!0});var Zr=pe(),oO=iO(rf()),hf=n_(),sO=Ga(),aO=ff();async function cO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,hf.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:e});else{let l=await oO.default.getCustomer({logger:e.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,hf.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:e})}if(!u)return Zr.HttpProblems.internalServerError(t,e,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,aO.stripeStatusToMeteringStatus)(r.data.object.status);await(0,sO.createSubscription)({context:e,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,hf.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:e}),Zr.HttpProblems.internalServerError(t,e,{detail:l.message})}return Zr.HttpProblems.ok(t,e)}o(cO,"onCustomerSubscriptionCreated");Yi.default=cO});var s_=b(gf=>{"use strict";Object.defineProperty(gf,"__esModule",{value:!0});var mf=pe(),o_=Ga();async function uO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),mf.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),mf.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,o_.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,o_.updateSubscription)({context:e,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),mf.HttpProblems.ok(t,e)}o(uO,"onCustomerSubscriptionDeleted");gf.default=uO});var a_=b(Xi=>{"use strict";var lO=Xi&&Xi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(Xi,"__esModule",{value:!0});var Zi=pe(),dO=lO(rf()),Ja=Ga(),pO=ff();async function fO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Zi.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Zi.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){e.log.debug(`Processing subscription status change from Stripe event '${r.id}'.`);let c=await(0,Ja.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,pO.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Ja.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Zi.HttpProblems.ok(t,e)}if(a.plan&&a.plan.product!==r.data.object.plan.product){e.log.debug(`Processing subscription plan change from Stripe event '${r.id}'.`);let c=await(0,Ja.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=r.data.object.plan.product,d=(await dO.default.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:n.stripeSecretKey})).lines.data.filter(f=>f.proration&&f.price.product===u),p=0;return d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${r.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await(0,Ja.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[u],prorate:p}}),Zi.HttpProblems.ok(t,e)}}return e.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Zi.HttpProblems.badRequest(t,e,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(fO,"onCustomerSubscriptionUpdated");Xi.default=fO});var u_=b(ei=>{"use strict";var bf=ei&&ei.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ei,"__esModule",{value:!0});ei.StripeMonetizationPlugin=void 0;var za=Ji(),Wa=k(),hO=Bt(),mO=Zp(),c_=pe(),gO=ar(),yO=yn(),bO=bl(),_O=gt(),EO=ie(),wO=t_(),vO=ut(),TO=r_(),SO=bf(i_()),IO=bf(s_()),PO=bf(a_()),yf=class extends TO.MeteringPlugin{static{o(this,"StripeMonetizationPlugin")}options;constructor(e){super(),this.options=e}registerRoutes(e,r){let n=o(async(c,u)=>{if((0,vO.optionValidator)(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number"),this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(za.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=za.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Wa.ConfigurationError("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!d)if(za.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=za.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Wa.ConfigurationError("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!EO.Environment.instance.build.ACCOUNT_NAME)throw new Wa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!AO(p))throw new Wa.ConfigurationError(`StripeMonetizationPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let f=await c.json();if(!(0,wO.isStripeWebhookEvent)(f))return c_.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"customer.subscription.created":return await(0,SO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,PO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,IO.default)(c,u,f,{meteringBucketId:l});default:return c_.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe monetization plugin webhook."})}},"stripeWebhookHandler"),i=(0,yO.createInternalPolicyProcessor)({inboundPolicies:[new mO.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new hO.Pipeline({processors:[gO.metricsProcessor,i],handler:n,gateway:r}),a=new _O.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:bO.SystemRouteName.StripePlugin});e.addRoute(a,s.execute)}};ei.StripeMonetizationPlugin=yf;function AO(t){return t!==null&&typeof t=="string"&&["us-central1","europe-west4"].includes(t)}o(AO,"isMetricsRegion")});var h_=b(ti=>{"use strict";Object.defineProperty(ti,"__esModule",{value:!0});ti.AmberfloMeteringInboundPolicy=ti.AmberfloMeteringPolicy=void 0;var l_=k(),RO=Pe(),d_=Kt(),f_=new WeakMap,p_={},_f=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,r){f_.set(e,r)}};ti.AmberfloMeteringPolicy=_f;async function OO(t,e,r,n){if(!r.statusCodes)throw new l_.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=(0,d_.statusCodesStringToNumberArray)(r.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=f_.get(e),c=r.customerId;if(r.customerIdPropertyPath){if(!t.user)throw new l_.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,d_.getValueFromRequestUser)(t.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=p_[r.apiKey];if(!f){let h=r.apiKey,g=t.headers.get("zm-test-id")??"";f=new RO.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let T=r.url??"https://app.amberflo.io/ingest",A=await fetch(T,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});A.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${A.status}: ${await A.text()}`)}catch(T){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),p_[h]=f}f.enqueue(p),e.waitUntil(f.waitUntilFlushed())}}),t}o(OO,"AmberfloMeteringInboundPolicy");ti.AmberfloMeteringInboundPolicy=OO});var Ef=b(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.sha256=void 0;async function NO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(NO,"sha256");Qa.sha256=NO});var Zt=b(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.getPolicyCacheName=void 0;var CO=Ef(),m_=new Map;async function xO(t,e){let r,n=m_.get(t);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,CO.sha256)(JSON.stringify({policyName:t,options:e}))}`,m_.set(t,r)),r}o(xO,"getPolicyCacheName");Ya.getPolicyCacheName=xO});var Tf=b(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.ApiKeyInboundPolicy=void 0;var LO=Zt(),DO=nr(),g_=Ji(),wf=k(),MO=Gt(),y_=Ze(),vf=ie(),UO=Dn(),b_="key-metadata-cache-type";function kO(t,e){return e.authScheme===""?t:t.replace(`${e.authScheme} `,"")}o(kO,"getKeyValue");async function FO(t,e,r,n){if(!r.bucketName)if(g_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=g_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new wf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new wf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(T=>i.allowUnauthenticatedRequests?t:MO.HttpProblems.unauthorized(t,e,{detail:T}),"unauthorizedResponse"),a=t.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=kO(a,i);if(!c||c==="")return s("No key present");let u=await HO(c),l=await(0,LO.getPolicyCacheName)(n,i),d=new DO.MemoryZoneReadThroughCache(l,e),p=await d.get(u);if(p&&p.isValid===!0)return t.user=p.user,t;if(p&&!p.isValid)return p.typeId!==b_&&y_.SystemLogMap.getLogger(e).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let f={key:c},h=await(0,UO.fetchRetry)({retryDelayMs:5,retries:2,logger:y_.SystemLogMap.getLogger(e)},`${vf.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":e.requestId,"zp-dn":vf.Environment.instance.deploymentName??"unknown","User-Agent":vf.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return e.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let T=await h.text(),A=JSON.parse(T);e.log.error("Unexpected response from key service",A)}catch{e.log.error("Invalid response from key service")}throw new wf.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:b_,user:{sub:g.name,data:g.metadata}};return t.user=_.user,d.put(u,_,i.cacheTtlSeconds),t}o(FO,"ApiKeyInboundPolicy");Za.ApiKeyInboundPolicy=FO;async function HO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(HO,"hashValue")});var __=b(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.ApiAuthKeyInboundPolicy=void 0;var qO=Tf();Xa.ApiAuthKeyInboundPolicy=qO.ApiKeyInboundPolicy});var Xt=b(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.OpenIdJwtInboundPolicy=void 0;var If=(ea(),Oo(Xs)),Pf=k(),$O=pe(),Sf={},jO=o(async(t,e)=>{if(!e.jwkUrl||typeof e.jwkUrl!="string")throw new Pf.ConfigurationError("Invalid State - jwkUrl not set");Sf[e.jwkUrl]||(Sf[e.jwkUrl]=(0,If.createRemoteJWKSet)(new URL(e.jwkUrl),e.headers?{headers:e.headers}:void 0));let{payload:r}=await(0,If.jwtVerify)(t,Sf[e.jwkUrl],{issuer:e.issuer,audience:e.audience});return r},"jwkVerifier"),VO=o(async(t,e)=>{let r;if(e.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);r=new Uint8Array(s)}else r=e.secret;let{payload:n}=await(0,If.jwtVerify)(t,r,{issuer:e.issuer,audience:e.audience});return n},"secretVerifier"),BO=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization"),s="bearer ",a=o(f=>$O.HttpProblems.unauthorized(t,e,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Pf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Pf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?jO:VO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(s.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let g=new URL(t.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${g.pathname} `,h):e.log.warn(`Invalid token on: ${t.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?t:l;let d=r.subPropertyName??"sub",p=l[d];return p?(t.user={sub:p,data:l},t):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ec.OpenIdJwtInboundPolicy=BO});var E_=b(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.Auth0JwtInboundPolicy=void 0;var GO=Xt(),KO=o(async(t,e,r,n)=>(0,GO.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");tc.Auth0JwtInboundPolicy=KO});var w_=b(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.BasicAuthInboundPolicy=void 0;var JO=pe(),zO=o(async(t,e,r)=>{let n=t.headers.get("Authorization"),i="basic ",s=o(l=>JO.HttpProblems.unauthorized(t,e,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===f&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?t:c;let u=c.username;return t.user={sub:u,data:c.data},t},"BasicAuthInboundPolicy");rc.BasicAuthInboundPolicy=zO});var v_=b(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.CachingInboundPolicy=void 0;var WO=Zt(),QO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function YO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(YO,"digestMessage");var ZO=o(async(t,e)=>{let r=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],n=[];for(let[d,p]of t.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await YO(JSON.stringify(n)),s=new URL(t.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=e.cacheHttpMethods?.includes(t.method.toUpperCase())&&t.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",t.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":t.method})},"createCacheKeyRequest");async function XO(t,e,r,n){let i=await(0,WO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await ZO(t,r),u=await s.match(c);return u||(e.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(t.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);QO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${f}`),e.waitUntil(s.put(c,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),t)}o(XO,"CachingInboundPolicy");nc.CachingInboundPolicy=XO});var T_=b(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ChangeMethodInboundPolicy=void 0;var eN=k(),tN=Ge(),rN=o(async(t,e,r,n)=>{if(!r.method)throw new eN.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new tN.ZuploRequest(t,{method:r.method})},"ChangeMethodInboundPolicy");ic.ChangeMethodInboundPolicy=rN});var S_=b(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.ClearHeadersInboundPolicy=void 0;var nN=Ge(),iN=o(async(t,e,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=t.headers.get(a);c&&i.set(a,c)}),new nN.ZuploRequest(t,{headers:i})},"ClearHeadersInboundPolicy");oc.ClearHeadersInboundPolicy=iN});var I_=b(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.ClearHeadersOutboundPolicy=void 0;var oN=o(async(t,e,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=t.headers.get(c);u&&s.set(c,u)}),new Response(t.body,{headers:s,status:t.status,statusText:t.statusText})},"ClearHeadersOutboundPolicy");sc.ClearHeadersOutboundPolicy=oN});var P_=b(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.ClerkJwtInboundPolicy=void 0;var sN=Xt(),aN=o(async(t,e,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,sN.OpenIdJwtInboundPolicy)(t,e,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");ac.ClerkJwtInboundPolicy=aN});var R_=b(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.CognitoJwtInboundPolicy=void 0;var A_=k(),cN=Xt(),uN=o(async(t,e,r,n)=>{if(!r.userPoolId)throw new A_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new A_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,cN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");cc.CognitoJwtInboundPolicy=uN});var N_=b(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.CompositeInboundPolicy=void 0;var lN=k(),dN=Hr(),O_=yn(),pN=o(async(t,e,r,n)=>{if(!r.policies||r.policies.length===0)throw new lN.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=dN.Gateway.instance,s=(0,O_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,O_.toStackedInboundHandler)(s)(t,e)},"CompositeInboundPolicy");uc.CompositeInboundPolicy=pN});var C_=b(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.CurityPhantomTokenInboundPolicy=void 0;var fN=Zt(),hN=nr(),lc=pe(),mN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization");if(!i)return lc.HttpProblems.unauthorized(t,e,{detail:"No authorization header"});let s=gN(i);if(!s)return lc.HttpProblems.unauthorized(t,e,{detail:"Failed to parse token from Authorization header"});let a=await(0,fN.getPolicyCacheName)(n,r),c=new hN.MemoryZoneReadThroughCache(a,e),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),lc.HttpProblems.internalServerError(t,e,{detail:"Problem encountered authorizing the HTTP request"})):lc.HttpProblems.unauthorized(t,e)}return t.headers.set("Authorization",`Bearer ${u}`),t},"CurityPhantomTokenInboundPolicy");dc.CurityPhantomTokenInboundPolicy=mN;function gN(t){return t.split(" ")[0]==="Bearer"?t.split(" ")[1]:null}o(gN,"getToken")});var x_=b(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.FirebaseJwtInboundPolicy=void 0;var yN=ut(),bN=Xt(),_N=o(async(t,e,r,n)=>((0,yN.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,bN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");pc.FirebaseJwtInboundPolicy=_N});var L_=b(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.FormDataToJsonInboundPolicy=void 0;var EN=Ge(),wN=o(async(t,e,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=t.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):t;let a=await t.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(t.headers);return u.set("content-type","application/json"),u.delete("content-length"),new EN.ZuploRequest(t,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");fc.FormDataToJsonInboundPolicy=wN});var D_=b(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.GeoFilterInboundPolicy=void 0;var vN=k(),TN=pe(),ri="__unknown__",SN=o(async(t,e,r,n)=>{let i={allow:{countries:ii(r.allow?.countries,"allow.countries",n),regionCodes:ii(r.allow?.regionCodes,"allow.regionCode",n),asns:ii(r.allow?.asns,"allow.asOrganization",n)},block:{countries:ii(r.block?.countries,"block.countries",n),regionCodes:ii(r.block?.regionCodes,"block.regionCode",n),asns:ii(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??ri,a=e.incomingRequestProperties.regionCode?.toLowerCase()??ri,c=e.incomingRequestProperties.asn?.toString()??ri,u=i.ignoreUnknown&&s===ri,l=i.ignoreUnknown&&a===ri,d=i.ignoreUnknown&&c===ri,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return ni(t,e,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,T=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?ni(t,e,n,s,a,c):t},"GeoFilterInboundPolicy");hc.GeoFilterInboundPolicy=SN;function ni(t,e,r,n,i,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),TN.HttpProblems.forbidden(t,e,{geographicContext:{country:n,regionCode:i,asn:s}})}o(ni,"blockedResponse");function ii(t,e,r){if(typeof t=="string")return t.split(",").map(n=>n.trim().toLowerCase());if(typeof t>"u")return[];if(Array.isArray(t))return t.map(n=>n.trim().toLowerCase());throw new vN.ConfigurationError(`Invalid '${e}' for GeoFilterInboundPolicy '${r}': '${t}', must be a string or string[]`)}o(ii,"toLowerStringArray")});var M_=b(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.JWTScopeValidationInboundPolicy=void 0;var IN=o(async(t,e,r)=>{let n=t.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return t},"JWTScopeValidationInboundPolicy");mc.JWTScopeValidationInboundPolicy=IN});var k_=b(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.MockApiInboundPolicy=void 0;var PN=pe(),AN=o(async(t,e,r,n)=>{let i=e.route.raw().responses;if(!i)return Af(n,t,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return Af(n,t,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return U_(a[c])}else return a.length>0?U_(a[0]):Af(n,t,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");gc.MockApiInboundPolicy=AN;function U_(t){let e=JSON.stringify(t.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",t.contentName),t.responseName){case"1XX":return new Response(e,{status:100,headers:r});case"2XX":return new Response(e,{status:200,headers:r});case"3XX":return new Response(e,{status:300,headers:r});case"4XX":return new Response(e,{status:400,headers:r});case"5XX":case"default":return new Response(e,{status:500,headers:r});default:return new Response(e,{status:Number(t.responseName),headers:r})}}o(U_,"generateResponse");var Af=o((t,e,r,n)=>{let i=`Error in policy: ${t} - On route ${e.method} ${r.route.path}. ${n}`;return PN.HttpProblems.internalServerError(e,r,{detail:i})},"getProblemDetailResponse")});var j_=b(oi=>{"use strict";Object.defineProperty(oi,"__esModule",{value:!0});oi.MoesifInboundPolicy=oi.setMoesifContext=void 0;var RN=k(),ON=Pe(),NN="Incoming",CN={logRequestBody:!0,logResponseBody:!0};function F_(t){let e={};return t.forEach((r,n)=>{e[n]=r}),e}o(F_,"headersToObject");function H_(){return new Date().toISOString()}o(H_,"timestamp");var Rf=new WeakMap,xN={};function LN(t,e){let r=Rf.get(t);r||(r=xN);let n=Object.assign({...r},e);Rf.set(t,n)}o(LN,"setMoesifContext");oi.setMoesifContext=LN;async function q_(t,e){let r=t.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await t.clone().json()}catch(i){e.log.error(i)}let n=await t.clone().text();return e.log.debug({textBody:n}),n}o(q_,"readBody");var DN={},Of;function $_(){if(!Of)throw new RN.RuntimeError("Invalid State - no _lastLogger");return Of}o($_,"getLastLogger");function MN(t){let e=DN[t];return e||(e=new ON.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);$_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":t},body:n});i.ok||$_().error({status:i.status,body:await i.text()})})),e}o(MN,"getDispatcher");async function UN(t,e,r,n){Of=e.log;let i=H_(),s=Object.assign(CN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await q_(t,e):void 0;return e.addResponseSendingFinalHook(async(c,u)=>{let l=MN(s.applicationId),d=t.headers.get("true-client-ip"),p=Rf.get(e)??{},f={time:i,uri:t.url,verb:t.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:F_(t.headers)},h=s.logResponseBody?await q_(c,e):void 0,g={time:H_(),status:c.status,headers:F_(c.headers),body:h},_={request:f,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:NN};l.enqueue(_),e.waitUntil(l.waitUntilFlushed())}),t}o(UN,"MoesifInboundPolicy");oi.MoesifInboundPolicy=UN});var G_=b(si=>{"use strict";Object.defineProperty(si,"__esModule",{value:!0});si.consumeSubcriptionQuotas=si.loadSubscription=void 0;var V_=Ze(),B_=ie();async function kN(t,e,r,n){let i=V_.SystemLogMap.getLogger(t),{authApiJWT:s,meteringServiceUrl:a}=B_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(kN,"loadSubscription");si.loadSubscription=kN;async function FN(t,e,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=B_.Environment.instance,c=V_.SystemLogMap.getLogger(t);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(FN,"consumeSubcriptionQuotas");si.consumeSubcriptionQuotas=FN});var K_=b(Nr=>{"use strict";Object.defineProperty(Nr,"__esModule",{value:!0});Nr.compareMeters=Nr.parseAllowedSubscriptionStatuses=Nr.validateMeters=void 0;var Xr=k(),HN=Kt(),qN=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function $N(t,e){try{let r=[];for(let n in t)typeof t[n]!="number"&&!(Number.isInteger(t[n])&&/^-?\d+$/.test(t[n].toString()))&&r.push(n);if(r.length>0)throw new Xr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Xr.ConfigurationError?new Xr.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${r.message}`):r}}o($N,"validateMeters");Nr.validateMeters=$N;function jN(t,e){if(t)try{if(t.length===0)throw new Xr.ConfigurationError("Must set valid subscription statuses");let r=(0,HN.parseValueToStringArray)(t),n=[];for(let i of r)qN.has(i)||n.push(i);if(n.length>0)throw new Xr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return t}catch(r){throw r instanceof Xr.ConfigurationError?new Xr.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(jN,"parseAllowedSubscriptionStatuses");Nr.parseAllowedSubscriptionStatuses=jN;function VN(t,e){let r={},n={};for(let i in e)t.hasOwnProperty(i)?r[i]=e[i]:n[i]=e[i];return{metersInSubscription:r,metersNotInSubscription:n}}o(VN,"compareMeters");Nr.compareMeters=VN});var W_=b(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.MonetizationInboundPolicy=void 0;var en=ln(),tn=hp(),yc=Ji(),J_=k(),BN=gn(),rn=pe(),GN=Kt(),KN=ut(),z_=G_(),eo=K_(),Nf=class extends BN.InboundPolicy{static{o(this,"MonetizationInboundPolicy")}static getSubscription(e){return tn.ContextData.get(e,en.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(e,r){(0,eo.validateMeters)(r,"setMeters"),tn.ContextData.set(e,en.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(e,r){(0,KN.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-299");let n=this.options.allowRequestsOverQuota??!1,i=(0,GN.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=tn.ContextData.get(r,en.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,eo.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,eo.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(_,T,A)=>{let y=tn.ContextData.get(A,en.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!y){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new J_.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let O=tn.ContextData.get(A,en.DYNAMIC_METERS_CONTEXT_DATA),V={...this.options.meters,...O};if((0,eo.validateMeters)(V,this.policyName),i.includes(_.status)&&y&&V){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${y.id}' with meters '${JSON.stringify(V)} on response status '${_.status}'`);let{metersInSubscription:w,metersNotInSubscription:v}=(0,eo.compareMeters)(y.meters,V);if(v&&Object.keys(v).length>0){let C=Object.keys(v);A.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${C}'`)}await(0,z_.consumeSubcriptionQuotas)(A,y.id,this.policyName,this.options.bucketId,w)}});let l=e.user;if(!l)return c?e:rn.HttpProblems.unauthorized(e,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new J_.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,z_.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?e:rn.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),rn.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),tn.ContextData.set(r,en.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let f=tn.ContextData.get(r,en.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!f)return c?e:(r.log.warn("Subscription is not available for user"),rn.HttpProblems.paymentRequired(e,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(f&&Object.keys(f.meters).length===0)return r.log.error(`Quota is not set up for subscription '${f.id}'`),rn.HttpProblems.tooManyRequests(e,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let g=Object.keys(a).filter(_=>!Object.keys(f.meters).includes(_));if(g.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${g.join(", ")}`),rn.HttpProblems.tooManyRequests(e,r,{detail:`The following policy meters are not present in the subscription: ${g.join(", ")}`,title:"Quota Exceeded"});for(let _ of Object.keys(a))if(f.meters[_].consumed<=0&&!n)return rn.HttpProblems.tooManyRequests(e,r,{detail:`Quota exceeded for meter '${_}'`,title:"Quota Exceeded"});return e}};bc.MonetizationInboundPolicy=Nf});var Q_=b(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.OktaJwtInboundPolicy=void 0;var JN=Xt(),zN=o(async(t,e,r,n)=>(0,JN.OpenIdJwtInboundPolicy)(t,e,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");_c.OktaJwtInboundPolicy=zN});var Y_=b(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.PropelAuthJwtInboundPolicy=void 0;var WN=(ea(),Oo(Xs)),QN=Xt(),Cf,YN=o(async(t,e,r,n)=>{if(!Cf)try{Cf=await(0,WN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw e.log.error("Could not import verifier key"),i}return(0,QN.OpenIdJwtInboundPolicy)(t,e,{issuer:r.authUrl,secret:Cf,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ec.PropelAuthJwtInboundPolicy=YN});var Z_=b(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.throwIfStateNotObject=Z.throwIfStateNotNumber=Z.throwIfStateNotString=Z.throwIfStateUndefinedOrNull=Z.throwIfStateUndefined=Z.throwIfOptionNotObject=Z.throwIfOptionNotNumber=Z.throwIfOptionNotString=Z.throwIfOptionUndefinedOrNull=Z.throwIfOptionUndefined=Z.OptionTypeError=Z.OptionUndefinedError=Z.throwIfNotNumber=Z.throwIfNotString=Z.throwIfUndefinedOrNull=Z.throwIfUndefined=Z.ArgumentTypeError=Z.ArgumentUndefinedError=Z.ValidationError=void 0;var We=st(),lt=class extends Error{static{o(this,"ValidationError")}constructor(e){super(e)}};Z.ValidationError=lt;var to=class extends lt{static{o(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}};Z.ArgumentUndefinedError=to;var ro=class extends lt{static{o(this,"ArgumentTypeError")}constructor(e,r){super(`The argument '${e}' must be of type '${r}'.`)}};Z.ArgumentTypeError=ro;function ZN(t,e){if((0,We.isUndefined)(t))throw new to(e)}o(ZN,"throwIfUndefined");Z.throwIfUndefined=ZN;function xf(t,e){if((0,We.isUndefinedOrNull)(t))throw new to(e)}o(xf,"throwIfUndefinedOrNull");Z.throwIfUndefinedOrNull=xf;function XN(t,e){if(xf(t,e),!(0,We.isString)(t))throw new ro(e,"string")}o(XN,"throwIfNotString");Z.throwIfNotString=XN;function eC(t,e){if(xf(t,e),!(0,We.isNumber)(t))throw new ro(e,"number")}o(eC,"throwIfNotNumber");Z.throwIfNotNumber=eC;var no=class extends lt{static{o(this,"OptionUndefinedError")}constructor(e,r,n){super(`The option '${n}' on the ${e} named '${r}' is undefined.`)}};Z.OptionUndefinedError=no;var ai=class extends lt{static{o(this,"OptionTypeError")}constructor(e,r,n,i){super(`The option '${n}' on the ${e} named '${r}' must be of type '${i}'.`)}};Z.OptionTypeError=ai;function tC(t,e,r,n){if((0,We.isUndefined)(n))throw new no(t,e,r)}o(tC,"throwIfOptionUndefined");Z.throwIfOptionUndefined=tC;function wc(t,e,r,n){if((0,We.isUndefinedOrNull)(n))throw new no(t,e,r)}o(wc,"throwIfOptionUndefinedOrNull");Z.throwIfOptionUndefinedOrNull=wc;function rC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isString)(n))throw new ai(t,e,r,"string")}o(rC,"throwIfOptionNotString");Z.throwIfOptionNotString=rC;function nC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isNumber)(n))throw new ai(t,e,r,"number")}o(nC,"throwIfOptionNotNumber");Z.throwIfOptionNotNumber=nC;function iC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isObject)(n))throw new ai(t,e,r,"object")}o(iC,"throwIfOptionNotObject");Z.throwIfOptionNotObject=iC;function oC(t,e){if((0,We.isUndefined)(t))throw new lt(e)}o(oC,"throwIfStateUndefined");Z.throwIfStateUndefined=oC;function vc(t,e){if((0,We.isUndefinedOrNull)(t))throw new lt(e)}o(vc,"throwIfStateUndefinedOrNull");Z.throwIfStateUndefinedOrNull=vc;function sC(t,e){if(vc(t,e),!(0,We.isString)(t))throw new lt(e);return!0}o(sC,"throwIfStateNotString");Z.throwIfStateNotString=sC;function aC(t,e){if(vc(t,e),!(0,We.isNumber)(t))throw new lt(e);return!0}o(aC,"throwIfStateNotNumber");Z.throwIfStateNotNumber=aC;function cC(t,e){if(vc(t,e),!(0,We.isObject)(t))throw new lt(e);return!0}o(cC,"throwIfStateNotObject");Z.throwIfStateNotObject=cC});var X_=b(ci=>{"use strict";Object.defineProperty(ci,"__esModule",{value:!0});ci.InMemoryRedisClient=ci.StandardRedisClient=void 0;var Lf=k(),Tc=Z_(),Df=class t{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(e,r,n,i){this.redisClientUrl=e,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(e,r,n,i){return(0,Tc.throwIfNotString)(e,"redisClientUrl"),(0,Tc.throwIfNotString)(r,"clientAuthToken"),t.instance||(t.instance=new t(e,r,n,i)),t.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:e,body:r,method:n,requestId:i}){(0,Tc.throwIfNotString)(e,"url");let s=await fetch(`${this.redisClientUrl}${e}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new Lf.SystemError("Redis client failed with 401: Unauthorized"):new Lf.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};ci.StandardRedisClient=Df;var Mf=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:e,body:r,method:n}){if((0,Tc.throwIfNotString)(e,"url"),n==="POST"&&e==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Lf.SystemError("The in-memory redis client only supports /rate-limit calls")}};ci.InMemoryRedisClient=Mf});var iE=b(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.RateLimitInboundPolicy=void 0;var uC=Fr(),lC=Zt(),dC=Do(),Ft=k(),pC=pe(),eE=Ze(),io=ie(),tE=X_(),rE=st(),Sc=(0,uC.debug)("zuplo:policies:RateLimitInboundPolicy"),fC="strict",hC=o(t=>{let e=t.headers.get("cf-connecting-ip")??t.headers.get("true-client-ip");if(e)return e;let r=t.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),mC=o(async t=>({key:`ip-${hC(t)}`}),"getIP"),gC=o(async t=>({key:`user-${t.user?.sub??"anonymous"}`}),"getUser"),yC=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ic;function bC(t,e){let r;if(Ic)return Ic;if(io.Environment.instance.isLocalDevelopment)return e.info("Using in-memory redis client for local development."),r=new tE.InMemoryRedisClient,Ic=r,r;let{authApiJWT:n,redisURL:i}=io.Environment.instance;if(!(0,rE.isString)(i))throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - rate limit service URL not configured`);if(!(0,rE.isString)(n))throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - service authentication not configured`);if(i&&(r=tE.StandardRedisClient.initialize(i,n,io.Environment.instance.deploymentName??"unknown",io.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ic=r,r}o(bC,"getRedisClient");async function nE(t,e,r,n,i){let s=Math.floor(e*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:t}),requestId:i})}o(nE,"getCountAndUpdateExpiry");function _C(t,e){let r;if(t.rateLimitBy==="function"){if(!t.identifier)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!t.identifier.module)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!t.identifier.export)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=t.identifier.module[t.identifier.export],!r||typeof r!="function")throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ft.RuntimeError(u)}return c},"outerFunction")}o(_C,"wrapUserFunction");var EC="Retry-After",wC=o(async(t,e,r,n)=>{let i=Date.now(),s=eE.SystemLogMap.getLogger(e),a=o((u,l)=>{if(r.throwOnFailure)throw new Ft.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[EC]=l.toString()),pC.HttpProblems.tooManyRequests(t,e,void 0,d)},"rateLimited");try{let l={function:_C(r,n),user:gC,ip:mC,all:yC}[r.rateLimitBy],d=await l(t,e,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=bC(n,s),A=`bucket/${io.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??fC)==="async"){let O=await(0,lC.getPolicyCacheName)(n,r),V=new dC.ZoneCache(O,{logger:eE.SystemLogMap.getLogger(e)}),w=nE(A,h,_,s,e.requestId),v=await V.get(A);if(v!==void 0&&v<=Date.now()){Sc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${A}' (async mode)`);let C=Math.round((v-Date.now())/1e3);return c(g,C)}return e.addEventListener("responseSending",C=>{try{let E=C,P=E.mutableResponse;E.mutableResponse=(async()=>{let x=await w;if(x.count>f){let X=Date.now()+x.ttlSeconds*1e3,q=V.put(A,X,x.ttlSeconds).catch(D=>{throw s.error(new Ft.SystemError("Error caching rate limit result.",{cause:D})),D});return e.waitUntil(q),Sc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${A}' (async mode)`),c(g,x.ttlSeconds)}return P})()}catch(E){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),t}let S=await nE(A,h,_,s,e.requestId);return S.count>f?(Sc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${A}' (strict mode)`),c(g,S.ttlSeconds)):t}catch(u){return a(u.message,u),t}finally{let u=Date.now()-i;Sc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Pc.RateLimitInboundPolicy=wC});var cE=b(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.ReadmeMetricsInboundPolicy=void 0;var vC=Pe(),Uf=ie(),oE=Kt(),kf;function sE(t){let e=[];for(let[r,n]of t)e.push({name:r,value:n});return e}o(sE,"headersToNameValuePairs");function TC(t){let e=[];return Object.entries(t).forEach(([r,n])=>{e.push({name:r,value:n})}),e}o(TC,"queryToNameValueParis");function SC(t){if(t===null)return;let e=parseFloat(t);if(!isNaN(e))return e}o(SC,"parseIntOrUndefined");var aE={};async function IC(t,e,r,n){let i=new Date,s=Date.now();return kf||(kf={name:"zuplo",version:Uf.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Uf.Environment.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&t.user?(0,oE.getValueFromRequestUser)(t.user,r.userLabelPropertyPath,"userLabelPropertyPath"):t.user?.sub,u=r.userEmailPropertyPath&&t.user?(0,oE.getValueFromRequestUser)(t.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:t.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Uf.Environment.instance.isDeno,group:{label:c,email:u,id:t.user?.sub??"anonymous"},request:{log:{creator:kf,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:t.method,url:r.useFullRequestPath?new URL(t.url).pathname:e.route.path,httpVersion:"2",headers:sE(t.headers),queryString:TC(t.query)},response:{status:a.status,statusText:a.statusText,headers:sE(a.headers),content:{size:SC(t.headers.get("content-length"))}}}]}}},d=aE[r.apiKey];if(!d){let p=r.apiKey;d=new vC.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),aE[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(c){e.log.error(c)}}),t}o(IC,"ReadmeMetricsInboundPolicy");Ac.ReadmeMetricsInboundPolicy=IC});var uE=b(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.RemoveHeadersInboundPolicy=void 0;var PC=k(),AC=Ge(),RC=o(async(t,e,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new PC.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(t.headers);return i.forEach(c=>{s.delete(c)}),new AC.ZuploRequest(t,{headers:s})},"RemoveHeadersInboundPolicy");Rc.RemoveHeadersInboundPolicy=RC});var lE=b(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.RemoveHeadersOutboundPolicy=void 0;var OC=k(),NC=o(async(t,e,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new OC.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(t.headers);return s.forEach(u=>{a.delete(u)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"RemoveHeadersOutboundPolicy");Oc.RemoveHeadersOutboundPolicy=NC});var dE=b(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.RemoveQueryParamsInboundPolicy=void 0;var CC=k(),xC=Ge(),LC=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new CC.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(t.url);return i.forEach(c=>{s.searchParams.delete(c)}),new xC.ZuploRequest(s.toString(),t)},"RemoveQueryParamsInboundPolicy");Nc.RemoveQueryParamsInboundPolicy=LC});var pE=b(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.ReplaceStringOutboundPolicy=void 0;var DC=o(async(t,e,r,n)=>{let i=await t.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:t.headers,status:t.status,statusText:t.statusText})},"ReplaceStringOutboundPolicy");Cc.ReplaceStringOutboundPolicy=DC});var hE=b(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.RequestSizeLimitInboundPolicy=void 0;var fE=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),MC=o(async(t,e,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(t.method))return t;let i=t.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?fE():s&&n?t:(await t.clone().text()).length>r.maxSizeInBytes?fE():t},"RequestSizeLimitInboundPolicy");xc.RequestSizeLimitInboundPolicy=MC});var Lc=b(dt=>{"use strict";Object.defineProperty(dt,"__esModule",{value:!0});dt.sanitizedIdentifierName=dt.getIdForRefSchema=dt.getIdForRequestBodySchema=dt.getIdForParameterSchema=dt.getRawOperationDataIdentifierName=void 0;function UC(t,e,r){return`_${nn(t+"_"+e+"_"+r)}`}o(UC,"getRawOperationDataIdentifierName");dt.getRawOperationDataIdentifierName=UC;function kC(t,e,r,n){return`_${nn(t.toLowerCase())}_`+e.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(kC,"getIdForParameterSchema");dt.getIdForParameterSchema=kC;function FC(t,e,r){return`_${nn(t.toLowerCase())}_`+e.toLowerCase()+`_rb_${nn(r.toLowerCase())}`}o(FC,"getIdForRequestBodySchema");dt.getIdForRequestBodySchema=FC;function HC(t,e){return`_${nn(t)}__${nn(e)}`}o(HC,"getIdForRefSchema");dt.getIdForRefSchema=HC;function nn(t){let e=[];for(let r=0;r<t.length;r++){let n=t.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?e.push(t.charAt(r)):e.push("_")}return e.join("")}o(nn,"sanitizedIdentifierName");dt.sanitizedIdentifierName=nn});var oo=b($e=>{"use strict";Object.defineProperty($e,"__esModule",{value:!0});$e.getErrorsFromValidator=$e.shouldReject=$e.shouldLog=$e.logErrors=$e.validateParameters=$e.getParametersForOperation=void 0;var qC=Hr(),$C=Lc(),jC=o(t=>{let e=t.route.raw();return e.parameters?e.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");$e.getParametersForOperation=jC;var VC=o((t,e,r,n,i)=>{let s=[],a=!0,c=[];return t.forEach(u=>{let l=u.required||i==="path";if(l&&!e[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!e[u.name])){let d=(0,$C.getIdForParameterSchema)(r,n,i,u.name),p=qC.Gateway.instance.schemaValidator[d],f=p(e[u.name]),h=(0,$e.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${e[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");$e.validateParameters=VC;var BC=o((t,e,r,n,i)=>{n?t.log[e](r,n,i):t.log[e](r,i)},"logErrors");$e.logErrors=BC;var GC=o(t=>t==="log-only"||t==="reject-and-log","shouldLog");$e.shouldLog=GC;var KC=o(t=>t==="reject-only"||t==="reject-and-log","shouldReject");$e.shouldReject=KC;var JC=o(t=>t?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");$e.getErrorsFromValidator=JC});var mE=b(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.handleBodyValidation=void 0;var zC=Hr(),Dc=pe(),WC=Lc(),et=oo();async function QC(t,e,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await e.clone().json()}catch(h){let g=`Error in request body for method : ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,_=Dc.HttpProblems.badRequest(e,t,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",g,[n],h),(0,et.shouldReject)(r.validateBody))return _}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${t.route.path}`,g=Dc.HttpProblems.badRequest(e,t,{detail:h});return(0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,et.shouldReject)(r.validateBody)?g:void 0}let i=e.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,WC.getIdForRequestBodySchema)(t.route.path,e.method,i),c=zC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,g=Dc.HttpProblems.badRequest(e,t,{detail:h});return(0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,et.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,et.getErrorsFromValidator)(l),f=Dc.HttpProblems.badRequest(e,t,{detail:`${d}, see errors property for more details`,errors:p});if((0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",d,[n],p),(0,et.shouldReject)(r.validateBody))return f}o(QC,"handleBodyValidation");Mc.handleBodyValidation=QC});var gE=b(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.handleHeadersValidation=void 0;var YC=pe(),so=oo();function ZC(t,e,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};e.headers.forEach((a,c)=>{n[c]=a});let i=(0,so.getParametersForOperation)(t),s=(0,so.validateParameters)(i.filter(a=>a.location==="header"),n,t.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=YC.HttpProblems.badRequest(e,t,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,so.shouldLog)(r.validateHeaders)&&(0,so.logErrors)(t,r.logLevel??"info",a,s.invalidValues,s.errors),(0,so.shouldReject)(r.validateHeaders))return c}}o(ZC,"handleHeadersValidation");Uc.handleHeadersValidation=ZC});var yE=b(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.handlePathParameterValidation=void 0;var XC=pe(),ao=oo();function ex(t,e,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,ao.getParametersForOperation)(t),i=(0,ao.validateParameters)(n.filter(s=>s.location==="path"),e.params,t.route.path,e.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=XC.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,ao.shouldLog)(r.validatePathParameters)&&(0,ao.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,ao.shouldReject)(r.validatePathParameters))return a}}o(ex,"handlePathParameterValidation");kc.handlePathParameterValidation=ex});var bE=b(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.handleQueryParameterValidation=void 0;var tx=pe(),co=oo();function rx(t,e,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,co.getParametersForOperation)(t),i=(0,co.validateParameters)(n.filter(s=>s.location==="query"),e.query,t.route.path,e.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=tx.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,co.shouldLog)(r.validateQueryParameters)&&(0,co.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,co.shouldReject)(r.validateQueryParameters))return a}}o(rx,"handleQueryParameterValidation");Fc.handleQueryParameterValidation=rx});var _E=b(on=>{"use strict";Object.defineProperty(on,"__esModule",{value:!0});on.SchemaBasedRequestValidation=on.RequestValidationInboundPolicy=void 0;var nx=mE(),ix=gE(),ox=yE(),sx=bE(),ax=o(async(t,e,r)=>{let n=(0,sx.handleQueryParameterValidation)(e,t,r);if(n!==void 0||(n=(0,ox.handlePathParameterValidation)(e,t,r),n!==void 0)||(n=(0,ix.handleHeadersValidation)(e,t,r),n!==void 0))return n;let i=await(0,nx.handleBodyValidation)(e,t,r);return i!==void 0?i:t},"RequestValidationInboundPolicy");on.RequestValidationInboundPolicy=ax;on.SchemaBasedRequestValidation=on.RequestValidationInboundPolicy});var EE=b(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.RequireOriginInboundPolicy=void 0;var cx=k(),ux=pe(),lx=o(async(t,e,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new cx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=t.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return ux.HttpProblems.forbidden(t,e,{detail:a})}return t},"RequireOriginInboundPolicy");Hc.RequireOriginInboundPolicy=lx});var wE=b(qc=>{"use strict";Object.defineProperty(qc,"__esModule",{value:!0});qc.SetBodyInboundPolicy=void 0;var dx=Ge(),px=o(async(t,e,r)=>new dx.ZuploRequest(t,{body:r.body}),"SetBodyInboundPolicy");qc.SetBodyInboundPolicy=px});var TE=b($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.SetHeadersInboundPolicy=void 0;var vE=k(),fx=Ge(),hx=o(async(t,e,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new vE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(t.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new vE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new fx.ZuploRequest(t,{headers:s})},"SetHeadersInboundPolicy");$c.SetHeadersInboundPolicy=hx});var IE=b(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.SetHeadersOutboundPolicy=void 0;var SE=k(),mx=o(async(t,e,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new SE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(t.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new SE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"SetHeadersOutboundPolicy");jc.SetHeadersOutboundPolicy=mx});var AE=b(Vc=>{"use strict";Object.defineProperty(Vc,"__esModule",{value:!0});Vc.SetQueryParamsInboundPolicy=void 0;var PE=k(),gx=Ge(),yx=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new PE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(t.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new PE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new gx.ZuploRequest(s.toString(),t)},"SetQueryParamsInboundPolicy");Vc.SetQueryParamsInboundPolicy=yx});var RE=b(Bc=>{"use strict";Object.defineProperty(Bc,"__esModule",{value:!0});Bc.SetStatusOutboundPolicy=void 0;var bx=o(async(t,e,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(t.body,{headers:t.headers,status:n.status,statusText:n.statusText??t.statusText})},"SetStatusOutboundPolicy");Bc.SetStatusOutboundPolicy=bx});var OE=b(Gc=>{"use strict";Object.defineProperty(Gc,"__esModule",{value:!0});Gc.SleepInboundPolicy=void 0;var _x=k(),Ex=o(async t=>new Promise(r=>{setTimeout(r,t)}),"sleep"),wx=o(async(t,e,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new _x.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await Ex(r.sleepInMs),t},"SleepInboundPolicy");Gc.SleepInboundPolicy=wx});var CE=b(Kc=>{"use strict";Object.defineProperty(Kc,"__esModule",{value:!0});Kc.SupabaseJwtInboundPolicy=void 0;var NE=k(),vx=pe(),Tx=Ge(),Sx=ut(),Ix=Xt(),Px=o(async(t,e,r,n)=>{(0,Sx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,Ix.OpenIdJwtInboundPolicy)(t,e,i,n);if(s instanceof Response)return s;if(!(s instanceof Tx.ZuploRequest))throw new NE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=t.user?.data.app_metadata;if(!c)throw new NE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?vx.HttpProblems.unauthorized(t,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Kc.SupabaseJwtInboundPolicy=Px});var LE=b(Jc=>{"use strict";Object.defineProperty(Jc,"__esModule",{value:!0});Jc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Ax=Zt(),Rx=nr(),xE=k(),Ox=Dn(),Nx=ut(),Cx=o(async(t,e,r,n)=>{(0,Nx.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Ax.getPolicyCacheName)(n,r),s=new Rx.MemoryZoneReadThroughCache(i,e),a=await s.get(n);if(!a){let c=await xx(r,e);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return t.headers.set("Authorization",`Bearer ${a}`),t},"UpstreamAzureAdServiceAuthInboundPolicy");Jc.UpstreamAzureAdServiceAuthInboundPolicy=Cx;async function xx(t,e){let r=new URLSearchParams({client_id:t.activeDirectoryClientId,scope:`${t.activeDirectoryClientId}/.default`,client_secret:t.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Ox.fetchRetry)({retries:t.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${t.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new xE.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new xE.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(xx,"getAccessToken")});var ME=b(zc=>{"use strict";Object.defineProperty(zc,"__esModule",{value:!0});zc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var Lx=Zt(),Dx=nr(),Mx=k(),Ff=Mn(),Ux=ut(),DE="https://accounts.google.com/o/oauth2/token",Hf,kx=o(async(t,e,r,n)=>{(0,Ux.optionValidator)(r,n).required("serviceAccountJson","string"),Hf||(Hf=await Ff.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,Lx.getPolicyCacheName)(n,r),a=new Dx.MemoryZoneReadThroughCache(s,e),c=await a.get(n);if(!c){let u=await(0,Ff.getTokenFromGcpServiceAccount)({serviceAccount:Hf,audience:DE,payload:i}),l=await(0,Ff.exchangeGgpJwtForIdToken)(DE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new Mx.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamFirebaseAdminAuthInboundPolicy");zc.UpstreamFirebaseAdminAuthInboundPolicy=kx});var UE=b(Wc=>{"use strict";Object.defineProperty(Wc,"__esModule",{value:!0});Wc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var Fx=Zt(),Hx=nr(),ui=k(),qx=Ef(),qf=Mn(),$x=Kt(),jx=ut(),Vx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",Bx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],$f,Gx=o(async(t,e,r,n)=>{if((0,jx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new ui.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(Bx.indexOf(p)!==-1)throw new ui.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}$f||($f=await qf.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!t.user)throw new ui.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=t.user?.sub}else if(r.userIdPropertyPath){if(!t.user)throw new ui.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,$x.getValueFromRequestUser)(t.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new ui.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,Fx.getPolicyCacheName)(n,r),c=new Hx.MemoryZoneReadThroughCache(a,e),u={uid:s,claims:i},l=await(0,qx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,qf.getTokenFromGcpServiceAccount)({serviceAccount:$f,audience:Vx,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,qf.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new ui.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${d}`),t},"UpstreamFirebaseUserAuthInboundPolicy");Wc.UpstreamFirebaseUserAuthInboundPolicy=Gx});var FE=b(Qc=>{"use strict";Object.defineProperty(Qc,"__esModule",{value:!0});Qc.UpstreamGcpJwtInboundPolicy=void 0;var kE=Mn(),Kx=ut(),jf,Jx=o(async(t,e,r,n)=>{(0,Kx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),jf||(jf=await kE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,kE.getTokenFromGcpServiceAccount)({serviceAccount:jf,audience:r.audience});return t.headers.set("Authorization",`Bearer ${i}`),t},"UpstreamGcpJwtInboundPolicy");Qc.UpstreamGcpJwtInboundPolicy=Jx});var qE=b(Yc=>{"use strict";Object.defineProperty(Yc,"__esModule",{value:!0});Yc.UpstreamGcpServiceAuthInboundPolicy=void 0;var zx=Zt(),Wx=zu(),Qx=nr(),uo=k(),Vf=Mn(),Yx=Kt(),Zx=ut(),HE="https://www.googleapis.com/oauth2/v4/token",Bf,Xx=o(async(t,e,r,n)=>{(0,Zx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Bf||(Bf=await Vf.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new uo.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,Yx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof uo.ConfigurationError?new uo.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,zx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new Wx.MemoryCache(s):a=new Qx.MemoryZoneReadThroughCache(s,e);let c=await a.get(n);if(!c){let u=await(0,Vf.getTokenFromGcpServiceAccount)({serviceAccount:Bf,audience:HE,payload:i}),l=await(0,Vf.exchangeGgpJwtForIdToken)(HE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new uo.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new uo.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamGcpServiceAuthInboundPolicy");Yc.UpstreamGcpServiceAuthInboundPolicy=Xx});var jE=b(Zc=>{"use strict";Object.defineProperty(Zc,"__esModule",{value:!0});Zc.ValidateJsonSchemaInbound=void 0;var eL=k(),$E=pe(),tL=o(async(t,e,r)=>{let n=t.clone(),i;try{i=await n.json()}catch{return $E.HttpProblems.badRequest(t,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return t;let{errors:a}=r.validator;if(!a)throw new eL.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return $E.HttpProblems.badRequest(t,e,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Zc.ValidateJsonSchemaInbound=tL});var GE=b((wJ,BE)=>{"use strict";var rL=Object.defineProperty,nL=Object.getOwnPropertyNames,B=o((t,e)=>rL(t,"name",{value:e,configurable:!0}),"__name"),wt=o((t,e)=>o(function(){return e||(0,t[nL(t)[0]])((e={exports:{}}).exports,e),e.exports},"__require"),"__commonJS"),Gf=wt({"node_modules/fast-xml-parser/src/util.js"(t){"use strict";var e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",r=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",n="["+e+"]["+r+"]*",i=new RegExp("^"+n+"$"),s=B(function(c,u){let l=[],d=u.exec(c);for(;d;){let p=[];p.startIndex=u.lastIndex-d[0].length;let f=d.length;for(let h=0;h<f;h++)p.push(d[h]);l.push(p),d=u.exec(c)}return l},"getAllMatches"),a=B(function(c){let u=i.exec(c);return!(u===null||typeof u>"u")},"isName");t.isExist=function(c){return typeof c<"u"},t.isEmptyObject=function(c){return Object.keys(c).length===0},t.merge=function(c,u,l){if(u){let d=Object.keys(u),p=d.length;for(let f=0;f<p;f++)l==="strict"?c[d[f]]=[u[d[f]]]:c[d[f]]=u[d[f]]}},t.getValue=function(c){return t.isExist(c)?c:""},t.isName=a,t.getAllMatches=s,t.nameRegexp=n}}),VE=wt({"node_modules/fast-xml-parser/src/validator.js"(t){"use strict";var e=Gf(),r={allowBooleanAttributes:!1,unpairedTags:[]};t.validate=function(y,S){S=Object.assign({},r,S);let O=[],V=!1,w=!1;y[0]==="\uFEFF"&&(y=y.substr(1));for(let v=0;v<y.length;v++)if(y[v]==="<"&&y[v+1]==="?"){if(v+=2,v=i(y,v),v.err)return v}else if(y[v]==="<"){let C=v;if(v++,y[v]==="!"){v=s(y,v);continue}else{let E=!1;y[v]==="/"&&(E=!0,v++);let P="";for(;v<y.length&&y[v]!==">"&&y[v]!==" "&&y[v]!==" "&&y[v]!==`
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new Yr.StripeSignatureVerificationError(e,t,{message:"Timestamp outside the tolerance zone"});return!0}o(HR,"validateComputedSignature");function qR(t,e){return typeof t!="string"?null:t.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===e&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(qR,"parseHeader");function $R(t,e){if(t.length!==e.length)return!1;let r=t.length,n=0;for(let i=0;i<r;++i)n|=t.charCodeAt(i)^e.charCodeAt(i);return n===0}o($R,"secureCompare");async function Zb(t,e){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(t)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=Qp[s[c]];return a.join("")}o(Zb,"computeHMACSignatureAsync");Zn.computeHMACSignatureAsync=Zb;var Qp=new Array(256);for(let t=0;t<Qp.length;t++)Qp[t]=t.toString(16).padStart(2,"0")});var ut=b($a=>{"use strict";Object.defineProperty($a,"__esModule",{value:!0});$a.optionValidator=void 0;var Xn=k(),jR=st();function VR(t,e,r="policy"){let n=`${r} '${e}'`;if(!(0,jR.isObject)(t))throw new Xn.ConfigurationError(`Options on ${n} is expected to be an object. Received the type '${typeof t}'.`);let i=o((c,u,l)=>{let d=t[c];if(!(l&&d===void 0)){if(d===void 0)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(u==="array"&&Array.isArray(d))throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be an array. Received type ${typeof d}.`);if(typeof d!==u)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be of type ${u}. Received type ${typeof d}.`);if(typeof d=="string"&&d.length===0)throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof d=="number"&&isNaN(d))throw new Xn.ConfigurationError(`Value of '${String(c)}' on ${n} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),s=o((c,u)=>(i(c,u,!0),{optional:s,required:a}),"optional"),a=o((c,u)=>(i(c,u,!1),{optional:s,required:a}),"required");return{optional:s,required:a}}o(VR,"optionValidator");$a.optionValidator=VR});var Zp=b(ja=>{"use strict";Object.defineProperty(ja,"__esModule",{value:!0});ja.StripeWebhookVerificationInboundPolicy=void 0;var BR=gn(),GR=pe(),KR=Xb(),JR=ut(),Yp=class extends BR.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(e,r){(0,JR.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=e.headers.get("stripe-signature");try{let i=await e.clone().text();await(0,KR.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){let s=i.message;if(i.type&&i.type==="StripeSignatureVerificationError"){let a=i.message,u=/Note:(.*)/g.exec(a);s=u?u[1].trim():a}return r.log.error("Error validating stripe webhook",s),GR.HttpProblems.badRequest(e,r,{title:"Webhook Error",detail:s})}return e}};ja.StripeWebhookVerificationInboundPolicy=Yp});var t_=b(Va=>{"use strict";Object.defineProperty(Va,"__esModule",{value:!0});Va.isStripeWebhookEvent=void 0;var e_=st();function zR(t){return t!==null&&typeof t=="object"&&"id"in t&&(0,e_.isString)(t.id)&&"type"in t&&(0,e_.isString)(t.type)}o(zR,"isStripeWebhookEvent");Va.isStripeWebhookEvent=zR});var r_=b(Ba=>{"use strict";Object.defineProperty(Ba,"__esModule",{value:!0});Ba.MeteringPlugin=void 0;var WR=Rt(),Xp=class extends WR.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};Ba.MeteringPlugin=Xp});var rf=b(tf=>{"use strict";Object.defineProperty(tf,"__esModule",{value:!0});var ef=k(),QR={getSubscription:async({subscriptionId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i},getCustomer:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i},getUpcomingInvoice:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw r.error(s,i),new ef.RuntimeError(s)}return i}};tf.default=QR});var n_=b(Ar=>{"use strict";Object.defineProperty(Ar,"__esModule",{value:!0});Ar.deleteConsumer=Ar.createConsumerInvite=Ar.createConsumer=void 0;var nf=k(),of=Ze(),sf=ie(),af=Dn(),cf="https://api-key-management-service-eq7z4lly2a-ue.a.run.app";async function YR({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=sf.Environment.instance,u=new URL(`/v1/buckets/${t}/consumers`,cf);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:"API Subscription",tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,f),new nf.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:r}),l}o(YR,"createConsumer");Ar.createConsumer=YR;async function ZR({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=sf.Environment.instance,c=new URL(`/v1/buckets/${t}/consumers`,cf);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:"API Subscription",tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let f="Error creating API Key Consumer";throw s.log.error(f,p),new nf.RuntimeError(f)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:e,stripeProductId:r}),u}o(ZR,"createConsumerInvite");Ar.createConsumerInvite=ZR;async function XR({apiKeyBucketName:t,consumerId:e,context:r}){let{authApiJWT:n}=sf.Environment.instance,i=new URL(`/v1/buckets/${t}/consumers/${e}`,cf);i.searchParams.set("with-api-key","true");let s=await(0,af.fetchRetry)({retryDelayMs:5,retries:2,logger:of.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error deleting API Key Consumer";throw r.log.error(c,a),new nf.RuntimeError(c)}return r.log.info(`Successfully deleted API Key Consumer '${e}`),e}o(XR,"deleteConsumer");Ar.deleteConsumer=XR});var Ga=b(Or=>{"use strict";Object.defineProperty(Or,"__esModule",{value:!0});Or.getSubscription=Or.updateSubscription=Or.createSubscription=void 0;var Rr=k(),uf=Ze(),lf=ie(),df=Dn(),pf=st();async function eO({context:t,stripeSubscriptionId:e,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c}){let u={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[r],customerKey:n,customerExternalId:a},{authApiJWT:l,meteringServiceUrl:d}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(l))throw new Rr.SystemError("No Zuplo JWT token set.");let p=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${d}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"POST",body:JSON.stringify(u)});if(!p.ok){let f="Error creating metering subscription.",h;try{h=await p.json()}catch{h={status:p.status,statusText:p.statusText}}throw t.log.error(f,h),new Rr.RuntimeError(f)}t.log.info("Successfully created/updated metering subscription.",u)}o(eO,"createSubscription");Or.createSubscription=eO;async function tO({context:t,meteringSubscriptionId:e,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${r}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating metering subscription to '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw t.log.error(c,u),new Rr.RuntimeError(c)}t.log.info(`Successfully update metering subscription to '${JSON.stringify(n)}'.`)}o(tO,"updateSubscription");Or.updateSubscription=tO;async function rO({context:t,stripeSubscriptionId:e,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=lf.Environment.instance;if(!(0,pf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,df.fetchRetry)({retryDelayMs:5,retries:2,logger:uf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!a.ok){let u="Error querying for metering subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw t.log.error(u,l),new Rr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Stripe metering plugin webhook.";throw t.log.error(u),new Rr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Stripe metering plugin webhook.";throw t.log.error(u),new Rr.RuntimeError(u)}return c.data[0]}o(rO,"getSubscription");Or.getSubscription=rO});var ff=b(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.stripeStatusToMeteringStatus=void 0;function nO(t){return t.replaceAll("_","-")}o(nO,"stripeStatusToMeteringStatus");Ka.stripeStatusToMeteringStatus=nO});var i_=b(Yi=>{"use strict";var iO=Yi&&Yi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(Yi,"__esModule",{value:!0});var Zr=pe(),oO=iO(rf()),hf=n_(),sO=Ga(),aO=ff();async function cO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let c=s.product,u;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)u=await(0,hf.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:r.data.object.metadata.zuplo_created_by_email,managerSub:r.data.object.metadata.zuplo_created_by_sub,context:e});else{let l=await oO.default.getCustomer({logger:e.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!l.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),Zr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,hf.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l.email,context:e})}if(!u)return Zr.HttpProblems.internalServerError(t,e,{detail:"No consumer was created, skipping creation of subscription"});try{let l=(0,aO.stripeStatusToMeteringStatus)(r.data.object.status);await(0,sO.createSubscription)({context:e,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:l})}catch(l){return await(0,hf.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:e}),Zr.HttpProblems.internalServerError(t,e,{detail:l.message})}return Zr.HttpProblems.ok(t,e)}o(cO,"onCustomerSubscriptionCreated");Yi.default=cO});var s_=b(gf=>{"use strict";Object.defineProperty(gf,"__esModule",{value:!0});var mf=pe(),o_=Ga();async function uO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),mf.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),mf.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});let a=await(0,o_.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,o_.updateSubscription)({context:e,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),mf.HttpProblems.ok(t,e)}o(uO,"onCustomerSubscriptionDeleted");gf.default=uO});var a_=b(Xi=>{"use strict";var lO=Xi&&Xi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(Xi,"__esModule",{value:!0});var Zi=pe(),dO=lO(rf()),Ja=Ga(),pO=ff();async function fO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),Zi.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Zi.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){e.log.debug(`Processing subscription status change from Stripe event '${r.id}'.`);let c=await(0,Ja.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,pO.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Ja.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),Zi.HttpProblems.ok(t,e)}if(a.plan&&a.plan.product!==r.data.object.plan.product){e.log.debug(`Processing subscription plan change from Stripe event '${r.id}'.`);let c=await(0,Ja.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=r.data.object.plan.product,d=(await dO.default.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:n.stripeSecretKey})).lines.data.filter(f=>f.proration&&f.price.product===u),p=0;return d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${r.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await(0,Ja.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[u],prorate:p}}),Zi.HttpProblems.ok(t,e)}}return e.log.warn(`This update event '${r.id}' is not supported by Stripe metering plugin webhook.`),Zi.HttpProblems.badRequest(t,e,{detail:"This update event is not supported by Stripe metering plugin webhook."})}o(fO,"onCustomerSubscriptionUpdated");Xi.default=fO});var u_=b(ei=>{"use strict";var bf=ei&&ei.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ei,"__esModule",{value:!0});ei.StripeMonetizationPlugin=void 0;var za=Ji(),Wa=k(),hO=Bt(),mO=Zp(),c_=pe(),gO=ar(),yO=yn(),bO=bl(),_O=gt(),EO=ie(),wO=t_(),vO=ut(),TO=r_(),SO=bf(i_()),IO=bf(s_()),PO=bf(a_()),yf=class extends TO.MeteringPlugin{static{o(this,"StripeMonetizationPlugin")}options;constructor(e){super(),this.options=e}registerRoutes(e,r){let n=o(async(c,u)=>{if((0,vO.optionValidator)(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number"),this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(za.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=za.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new Wa.ConfigurationError("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!d)if(za.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=za.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Wa.ConfigurationError("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!EO.Environment.instance.build.ACCOUNT_NAME)throw new Wa.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.meteringBucketRegion??"us-central1";if(!AO(p))throw new Wa.ConfigurationError(`StripeMonetizationPlugin - The value '${p}' on the property 'meteringBucketRegion' is invalid.`);let f=await c.json();if(!(0,wO.isStripeWebhookEvent)(f))return c_.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"customer.subscription.created":return await(0,SO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,PO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,IO.default)(c,u,f,{meteringBucketId:l});default:return c_.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe monetization plugin webhook."})}},"stripeWebhookHandler"),i=(0,yO.createInternalPolicyProcessor)({inboundPolicies:[new mO.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]}),s=new hO.Pipeline({processors:[gO.metricsProcessor,i],handler:n,gateway:r}),a=new _O.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:bO.SystemRouteName.StripePlugin});e.addRoute(a,s.execute)}};ei.StripeMonetizationPlugin=yf;function AO(t){return t!==null&&typeof t=="string"&&["us-central1","europe-west4"].includes(t)}o(AO,"isMetricsRegion")});var h_=b(ti=>{"use strict";Object.defineProperty(ti,"__esModule",{value:!0});ti.AmberfloMeteringInboundPolicy=ti.AmberfloMeteringPolicy=void 0;var l_=k(),RO=Pe(),d_=Kt(),f_=new WeakMap,p_={},_f=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,r){f_.set(e,r)}};ti.AmberfloMeteringPolicy=_f;async function OO(t,e,r,n){if(!r.statusCodes)throw new l_.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=(0,d_.statusCodesStringToNumberArray)(r.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=f_.get(e),c=r.customerId;if(r.customerIdPropertyPath){if(!t.user)throw new l_.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,d_.getValueFromRequestUser)(t.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=p_[r.apiKey];if(!f){let h=r.apiKey,g=t.headers.get("zm-test-id")??"";f=new RO.BatchDispatch("amberflo-ingest-meter",10,async _=>{try{let T=r.url??"https://app.amberflo.io/ingest",A=await fetch(T,{method:"POST",body:JSON.stringify(_),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":g}});A.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${A.status}: ${await A.text()}`)}catch(T){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${T.message}`),T}}),p_[h]=f}f.enqueue(p),e.waitUntil(f.waitUntilFlushed())}}),t}o(OO,"AmberfloMeteringInboundPolicy");ti.AmberfloMeteringInboundPolicy=OO});var Ef=b(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.sha256=void 0;async function NO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(NO,"sha256");Qa.sha256=NO});var Zt=b(Ya=>{"use strict";Object.defineProperty(Ya,"__esModule",{value:!0});Ya.getPolicyCacheName=void 0;var CO=Ef(),m_=new Map;async function xO(t,e){let r,n=m_.get(t);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,CO.sha256)(JSON.stringify({policyName:t,options:e}))}`,m_.set(t,r)),r}o(xO,"getPolicyCacheName");Ya.getPolicyCacheName=xO});var Tf=b(Za=>{"use strict";Object.defineProperty(Za,"__esModule",{value:!0});Za.ApiKeyInboundPolicy=void 0;var LO=Zt(),DO=nr(),g_=Ji(),wf=k(),MO=Gt(),y_=Ze(),vf=ie(),UO=Dn(),b_="key-metadata-cache-type";function kO(t,e){return e.authScheme===""?t:t.replace(`${e.authScheme} `,"")}o(kO,"getKeyValue");async function FO(t,e,r,n){if(!r.bucketName)if(g_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=g_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new wf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new wf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(T=>i.allowUnauthenticatedRequests?t:MO.HttpProblems.unauthorized(t,e,{detail:T}),"unauthorizedResponse"),a=t.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=kO(a,i);if(!c||c==="")return s("No key present");let u=await HO(c),l=await(0,LO.getPolicyCacheName)(n,i),d=new DO.MemoryZoneReadThroughCache(l,e),p=await d.get(u);if(p&&p.isValid===!0)return t.user=p.user,t;if(p&&!p.isValid)return p.typeId!==b_&&y_.SystemLogMap.getLogger(e).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let f={key:c},h=await(0,UO.fetchRetry)({retryDelayMs:5,retries:2,logger:y_.SystemLogMap.getLogger(e)},`${vf.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":e.requestId,"zp-dn":vf.Environment.instance.deploymentName??"unknown","User-Agent":vf.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return e.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let T=await h.text(),A=JSON.parse(T);e.log.error("Unexpected response from key service",A)}catch{e.log.error("Invalid response from key service")}throw new wf.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let g=await h.json(),_={isValid:!0,typeId:b_,user:{sub:g.name,data:g.metadata}};return t.user=_.user,d.put(u,_,i.cacheTtlSeconds),t}o(FO,"ApiKeyInboundPolicy");Za.ApiKeyInboundPolicy=FO;async function HO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(HO,"hashValue")});var __=b(Xa=>{"use strict";Object.defineProperty(Xa,"__esModule",{value:!0});Xa.ApiAuthKeyInboundPolicy=void 0;var qO=Tf();Xa.ApiAuthKeyInboundPolicy=qO.ApiKeyInboundPolicy});var Xt=b(ec=>{"use strict";Object.defineProperty(ec,"__esModule",{value:!0});ec.OpenIdJwtInboundPolicy=void 0;var If=(ea(),Oo(Xs)),Pf=k(),$O=pe(),Sf={},jO=o(async(t,e)=>{if(!e.jwkUrl||typeof e.jwkUrl!="string")throw new Pf.ConfigurationError("Invalid State - jwkUrl not set");Sf[e.jwkUrl]||(Sf[e.jwkUrl]=(0,If.createRemoteJWKSet)(new URL(e.jwkUrl),e.headers?{headers:e.headers}:void 0));let{payload:r}=await(0,If.jwtVerify)(t,Sf[e.jwkUrl],{issuer:e.issuer,audience:e.audience});return r},"jwkVerifier"),VO=o(async(t,e)=>{let r;if(e.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);r=new Uint8Array(s)}else r=e.secret;let{payload:n}=await(0,If.jwtVerify)(t,r,{issuer:e.issuer,audience:e.audience});return n},"secretVerifier"),BO=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization"),s="bearer ",a=o(f=>$O.HttpProblems.unauthorized(t,e,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Pf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Pf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?jO:VO,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(s.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let g=new URL(t.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${g.pathname} `,h):e.log.warn(`Invalid token on: ${t.method} ${g.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?t:l;let d=r.subPropertyName??"sub",p=l[d];return p?(t.user={sub:p,data:l},t):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");ec.OpenIdJwtInboundPolicy=BO});var E_=b(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.Auth0JwtInboundPolicy=void 0;var GO=Xt(),KO=o(async(t,e,r,n)=>(0,GO.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");tc.Auth0JwtInboundPolicy=KO});var w_=b(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.BasicAuthInboundPolicy=void 0;var JO=pe(),zO=o(async(t,e,r)=>{let n=t.headers.get("Authorization"),i="basic ",s=o(l=>JO.HttpProblems.unauthorized(t,e,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),g=r.accounts.find(_=>_.username===f&&_.password===h);return g||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?t:c;let u=c.username;return t.user={sub:u,data:c.data},t},"BasicAuthInboundPolicy");rc.BasicAuthInboundPolicy=zO});var v_=b(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.CachingInboundPolicy=void 0;var WO=Zt(),QO=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function YO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(YO,"digestMessage");var ZO=o(async(t,e)=>{let r=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],n=[];for(let[d,p]of t.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await YO(JSON.stringify(n)),s=new URL(t.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=e.cacheHttpMethods?.includes(t.method.toUpperCase())&&t.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",t.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":t.method})},"createCacheKeyRequest");async function XO(t,e,r,n){let i=await(0,WO.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await ZO(t,r),u=await s.match(c);return u||(e.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(t.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);QO.forEach(g=>h.headers.delete(g)),h.headers.set("cache-control",`s-maxage=${f}`),e.waitUntil(s.put(c,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),t)}o(XO,"CachingInboundPolicy");nc.CachingInboundPolicy=XO});var T_=b(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ChangeMethodInboundPolicy=void 0;var eN=k(),tN=Ge(),rN=o(async(t,e,r,n)=>{if(!r.method)throw new eN.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new tN.ZuploRequest(t,{method:r.method})},"ChangeMethodInboundPolicy");ic.ChangeMethodInboundPolicy=rN});var S_=b(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.ClearHeadersInboundPolicy=void 0;var nN=Ge(),iN=o(async(t,e,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=t.headers.get(a);c&&i.set(a,c)}),new nN.ZuploRequest(t,{headers:i})},"ClearHeadersInboundPolicy");oc.ClearHeadersInboundPolicy=iN});var I_=b(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.ClearHeadersOutboundPolicy=void 0;var oN=o(async(t,e,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=t.headers.get(c);u&&s.set(c,u)}),new Response(t.body,{headers:s,status:t.status,statusText:t.statusText})},"ClearHeadersOutboundPolicy");sc.ClearHeadersOutboundPolicy=oN});var P_=b(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.ClerkJwtInboundPolicy=void 0;var sN=Xt(),aN=o(async(t,e,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,sN.OpenIdJwtInboundPolicy)(t,e,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");ac.ClerkJwtInboundPolicy=aN});var R_=b(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.CognitoJwtInboundPolicy=void 0;var A_=k(),cN=Xt(),uN=o(async(t,e,r,n)=>{if(!r.userPoolId)throw new A_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new A_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,cN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");cc.CognitoJwtInboundPolicy=uN});var N_=b(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.CompositeInboundPolicy=void 0;var lN=k(),dN=Hr(),O_=yn(),pN=o(async(t,e,r,n)=>{if(!r.policies||r.policies.length===0)throw new lN.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=dN.Gateway.instance,s=(0,O_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,O_.toStackedInboundHandler)(s)(t,e)},"CompositeInboundPolicy");uc.CompositeInboundPolicy=pN});var C_=b(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.CurityPhantomTokenInboundPolicy=void 0;var fN=Zt(),hN=nr(),lc=pe(),mN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization");if(!i)return lc.HttpProblems.unauthorized(t,e,{detail:"No authorization header"});let s=gN(i);if(!s)return lc.HttpProblems.unauthorized(t,e,{detail:"Failed to parse token from Authorization header"});let a=await(0,fN.getPolicyCacheName)(n,r),c=new hN.MemoryZoneReadThroughCache(a,e),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),lc.HttpProblems.internalServerError(t,e,{detail:"Problem encountered authorizing the HTTP request"})):lc.HttpProblems.unauthorized(t,e)}return t.headers.set("Authorization",`Bearer ${u}`),t},"CurityPhantomTokenInboundPolicy");dc.CurityPhantomTokenInboundPolicy=mN;function gN(t){return t.split(" ")[0]==="Bearer"?t.split(" ")[1]:null}o(gN,"getToken")});var x_=b(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.FirebaseJwtInboundPolicy=void 0;var yN=ut(),bN=Xt(),_N=o(async(t,e,r,n)=>((0,yN.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,bN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");pc.FirebaseJwtInboundPolicy=_N});var L_=b(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.FormDataToJsonInboundPolicy=void 0;var EN=Ge(),wN=o(async(t,e,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=t.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):t;let a=await t.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(t.headers);return u.set("content-type","application/json"),u.delete("content-length"),new EN.ZuploRequest(t,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");fc.FormDataToJsonInboundPolicy=wN});var D_=b(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.GeoFilterInboundPolicy=void 0;var vN=k(),TN=pe(),ri="__unknown__",SN=o(async(t,e,r,n)=>{let i={allow:{countries:ii(r.allow?.countries,"allow.countries",n),regionCodes:ii(r.allow?.regionCodes,"allow.regionCode",n),asns:ii(r.allow?.asns,"allow.asOrganization",n)},block:{countries:ii(r.block?.countries,"block.countries",n),regionCodes:ii(r.block?.regionCodes,"block.regionCode",n),asns:ii(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??ri,a=e.incomingRequestProperties.regionCode?.toLowerCase()??ri,c=e.incomingRequestProperties.asn?.toString()??ri,u=i.ignoreUnknown&&s===ri,l=i.ignoreUnknown&&a===ri,d=i.ignoreUnknown&&c===ri,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return ni(t,e,n,s,a,c);let g=i.block.countries,_=i.block.regionCodes,T=i.block.asns;return g.length>0&&g.includes(s)&&!u||_.length>0&&_.includes(a)&&!l||T.length>0&&T.includes(c)&&!d?ni(t,e,n,s,a,c):t},"GeoFilterInboundPolicy");hc.GeoFilterInboundPolicy=SN;function ni(t,e,r,n,i,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),TN.HttpProblems.forbidden(t,e,{geographicContext:{country:n,regionCode:i,asn:s}})}o(ni,"blockedResponse");function ii(t,e,r){if(typeof t=="string")return t.split(",").map(n=>n.trim().toLowerCase());if(typeof t>"u")return[];if(Array.isArray(t))return t.map(n=>n.trim().toLowerCase());throw new vN.ConfigurationError(`Invalid '${e}' for GeoFilterInboundPolicy '${r}': '${t}', must be a string or string[]`)}o(ii,"toLowerStringArray")});var M_=b(mc=>{"use strict";Object.defineProperty(mc,"__esModule",{value:!0});mc.JWTScopeValidationInboundPolicy=void 0;var IN=o(async(t,e,r)=>{let n=t.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return t},"JWTScopeValidationInboundPolicy");mc.JWTScopeValidationInboundPolicy=IN});var k_=b(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.MockApiInboundPolicy=void 0;var PN=pe(),AN=o(async(t,e,r,n)=>{let i=e.route.raw().responses;if(!i)return Af(n,t,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return Af(n,t,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return U_(a[c])}else return a.length>0?U_(a[0]):Af(n,t,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");gc.MockApiInboundPolicy=AN;function U_(t){let e=JSON.stringify(t.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",t.contentName),t.responseName){case"1XX":return new Response(e,{status:100,headers:r});case"2XX":return new Response(e,{status:200,headers:r});case"3XX":return new Response(e,{status:300,headers:r});case"4XX":return new Response(e,{status:400,headers:r});case"5XX":case"default":return new Response(e,{status:500,headers:r});default:return new Response(e,{status:Number(t.responseName),headers:r})}}o(U_,"generateResponse");var Af=o((t,e,r,n)=>{let i=`Error in policy: ${t} - On route ${e.method} ${r.route.path}. ${n}`;return PN.HttpProblems.internalServerError(e,r,{detail:i})},"getProblemDetailResponse")});var j_=b(oi=>{"use strict";Object.defineProperty(oi,"__esModule",{value:!0});oi.MoesifInboundPolicy=oi.setMoesifContext=void 0;var RN=k(),ON=Pe(),NN="Incoming",CN={logRequestBody:!0,logResponseBody:!0};function F_(t){let e={};return t.forEach((r,n)=>{e[n]=r}),e}o(F_,"headersToObject");function H_(){return new Date().toISOString()}o(H_,"timestamp");var Rf=new WeakMap,xN={};function LN(t,e){let r=Rf.get(t);r||(r=xN);let n=Object.assign({...r},e);Rf.set(t,n)}o(LN,"setMoesifContext");oi.setMoesifContext=LN;async function q_(t,e){let r=t.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await t.clone().json()}catch(i){e.log.error(i)}let n=await t.clone().text();return e.log.debug({textBody:n}),n}o(q_,"readBody");var DN={},Of;function $_(){if(!Of)throw new RN.RuntimeError("Invalid State - no _lastLogger");return Of}o($_,"getLastLogger");function MN(t){let e=DN[t];return e||(e=new ON.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);$_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":t},body:n});i.ok||$_().error({status:i.status,body:await i.text()})})),e}o(MN,"getDispatcher");async function UN(t,e,r,n){Of=e.log;let i=H_(),s=Object.assign(CN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await q_(t,e):void 0;return e.addResponseSendingFinalHook(async(c,u)=>{let l=MN(s.applicationId),d=t.headers.get("true-client-ip"),p=Rf.get(e)??{},f={time:i,uri:t.url,verb:t.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:F_(t.headers)},h=s.logResponseBody?await q_(c,e):void 0,g={time:H_(),status:c.status,headers:F_(c.headers),body:h},_={request:f,response:g,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:NN};l.enqueue(_),e.waitUntil(l.waitUntilFlushed())}),t}o(UN,"MoesifInboundPolicy");oi.MoesifInboundPolicy=UN});var G_=b(si=>{"use strict";Object.defineProperty(si,"__esModule",{value:!0});si.consumeSubcriptionQuotas=si.loadSubscription=void 0;var V_=Ze(),B_=ie();async function kN(t,e,r,n){let i=V_.SystemLogMap.getLogger(t),{authApiJWT:s,meteringServiceUrl:a}=B_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(kN,"loadSubscription");si.loadSubscription=kN;async function FN(t,e,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=B_.Environment.instance,c=V_.SystemLogMap.getLogger(t);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(FN,"consumeSubcriptionQuotas");si.consumeSubcriptionQuotas=FN});var K_=b(Nr=>{"use strict";Object.defineProperty(Nr,"__esModule",{value:!0});Nr.compareMeters=Nr.parseAllowedSubscriptionStatuses=Nr.validateMeters=void 0;var Xr=k(),HN=Kt(),qN=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function $N(t,e){try{let r=[];for(let n in t)typeof t[n]!="number"&&!(Number.isInteger(t[n])&&/^-?\d+$/.test(t[n].toString()))&&r.push(n);if(r.length>0)throw new Xr.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof Xr.ConfigurationError?new Xr.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${r.message}`):r}}o($N,"validateMeters");Nr.validateMeters=$N;function jN(t,e){if(t)try{if(t.length===0)throw new Xr.ConfigurationError("Must set valid subscription statuses");let r=(0,HN.parseValueToStringArray)(t),n=[];for(let i of r)qN.has(i)||n.push(i);if(n.length>0)throw new Xr.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return t}catch(r){throw r instanceof Xr.ConfigurationError?new Xr.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(jN,"parseAllowedSubscriptionStatuses");Nr.parseAllowedSubscriptionStatuses=jN;function VN(t,e){let r={},n={};for(let i in e)t.hasOwnProperty(i)?r[i]=e[i]:n[i]=e[i];return{metersInSubscription:r,metersNotInSubscription:n}}o(VN,"compareMeters");Nr.compareMeters=VN});var W_=b(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.MonetizationInboundPolicy=void 0;var en=ln(),tn=hp(),yc=Ji(),J_=k(),BN=gn(),rn=pe(),GN=Kt(),KN=ut(),z_=G_(),eo=K_(),Nf=class extends BN.InboundPolicy{static{o(this,"MonetizationInboundPolicy")}static getSubscription(e){return tn.ContextData.get(e,en.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(e,r){(0,eo.validateMeters)(r,"setMeters"),tn.ContextData.set(e,en.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(e,r){(0,KN.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-399");let n=this.options.allowRequestsOverQuota??!1,i=(0,GN.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=tn.ContextData.get(r,en.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,eo.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,eo.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(_,T,A)=>{let y=tn.ContextData.get(A,en.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!y){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new J_.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let O=tn.ContextData.get(A,en.DYNAMIC_METERS_CONTEXT_DATA),V={...this.options.meters,...O};if((0,eo.validateMeters)(V,this.policyName),i.includes(_.status)&&y&&V){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${y.id}' with meters '${JSON.stringify(V)} on response status '${_.status}'`);let{metersInSubscription:w,metersNotInSubscription:v}=(0,eo.compareMeters)(y.meters,V);if(v&&Object.keys(v).length>0){let C=Object.keys(v);A.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${C}'`)}await(0,z_.consumeSubcriptionQuotas)(A,y.id,this.policyName,this.options.bucketId,w)}});let l=e.user;if(!l)return c?e:rn.HttpProblems.unauthorized(e,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=yc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new J_.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,z_.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?e:rn.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),rn.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),tn.ContextData.set(r,en.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let f=tn.ContextData.get(r,en.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!f)return c?e:(r.log.warn("Subscription is not available for user"),rn.HttpProblems.paymentRequired(e,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(f&&Object.keys(f.meters).length===0)return r.log.error(`Quota is not set up for subscription '${f.id}'`),rn.HttpProblems.tooManyRequests(e,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let g=Object.keys(a).filter(_=>!Object.keys(f.meters).includes(_));if(g.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${g.join(", ")}`),rn.HttpProblems.tooManyRequests(e,r,{detail:`The following policy meters are not present in the subscription: ${g.join(", ")}`,title:"Quota Exceeded"});for(let _ of Object.keys(a))if(f.meters[_].consumed<=0&&!n)return rn.HttpProblems.tooManyRequests(e,r,{detail:`Quota exceeded for meter '${_}'`,title:"Quota Exceeded"});return e}};bc.MonetizationInboundPolicy=Nf});var Q_=b(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.OktaJwtInboundPolicy=void 0;var JN=Xt(),zN=o(async(t,e,r,n)=>(0,JN.OpenIdJwtInboundPolicy)(t,e,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");_c.OktaJwtInboundPolicy=zN});var Y_=b(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.PropelAuthJwtInboundPolicy=void 0;var WN=(ea(),Oo(Xs)),QN=Xt(),Cf,YN=o(async(t,e,r,n)=>{if(!Cf)try{Cf=await(0,WN.importSPKI)(r.verifierKey,"RS256")}catch(i){throw e.log.error("Could not import verifier key"),i}return(0,QN.OpenIdJwtInboundPolicy)(t,e,{issuer:r.authUrl,secret:Cf,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ec.PropelAuthJwtInboundPolicy=YN});var Z_=b(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.throwIfStateNotObject=Z.throwIfStateNotNumber=Z.throwIfStateNotString=Z.throwIfStateUndefinedOrNull=Z.throwIfStateUndefined=Z.throwIfOptionNotObject=Z.throwIfOptionNotNumber=Z.throwIfOptionNotString=Z.throwIfOptionUndefinedOrNull=Z.throwIfOptionUndefined=Z.OptionTypeError=Z.OptionUndefinedError=Z.throwIfNotNumber=Z.throwIfNotString=Z.throwIfUndefinedOrNull=Z.throwIfUndefined=Z.ArgumentTypeError=Z.ArgumentUndefinedError=Z.ValidationError=void 0;var We=st(),lt=class extends Error{static{o(this,"ValidationError")}constructor(e){super(e)}};Z.ValidationError=lt;var to=class extends lt{static{o(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}};Z.ArgumentUndefinedError=to;var ro=class extends lt{static{o(this,"ArgumentTypeError")}constructor(e,r){super(`The argument '${e}' must be of type '${r}'.`)}};Z.ArgumentTypeError=ro;function ZN(t,e){if((0,We.isUndefined)(t))throw new to(e)}o(ZN,"throwIfUndefined");Z.throwIfUndefined=ZN;function xf(t,e){if((0,We.isUndefinedOrNull)(t))throw new to(e)}o(xf,"throwIfUndefinedOrNull");Z.throwIfUndefinedOrNull=xf;function XN(t,e){if(xf(t,e),!(0,We.isString)(t))throw new ro(e,"string")}o(XN,"throwIfNotString");Z.throwIfNotString=XN;function eC(t,e){if(xf(t,e),!(0,We.isNumber)(t))throw new ro(e,"number")}o(eC,"throwIfNotNumber");Z.throwIfNotNumber=eC;var no=class extends lt{static{o(this,"OptionUndefinedError")}constructor(e,r,n){super(`The option '${n}' on the ${e} named '${r}' is undefined.`)}};Z.OptionUndefinedError=no;var ai=class extends lt{static{o(this,"OptionTypeError")}constructor(e,r,n,i){super(`The option '${n}' on the ${e} named '${r}' must be of type '${i}'.`)}};Z.OptionTypeError=ai;function tC(t,e,r,n){if((0,We.isUndefined)(n))throw new no(t,e,r)}o(tC,"throwIfOptionUndefined");Z.throwIfOptionUndefined=tC;function wc(t,e,r,n){if((0,We.isUndefinedOrNull)(n))throw new no(t,e,r)}o(wc,"throwIfOptionUndefinedOrNull");Z.throwIfOptionUndefinedOrNull=wc;function rC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isString)(n))throw new ai(t,e,r,"string")}o(rC,"throwIfOptionNotString");Z.throwIfOptionNotString=rC;function nC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isNumber)(n))throw new ai(t,e,r,"number")}o(nC,"throwIfOptionNotNumber");Z.throwIfOptionNotNumber=nC;function iC(t,e,r,n){if(wc(t,e,r,n),!(0,We.isObject)(n))throw new ai(t,e,r,"object")}o(iC,"throwIfOptionNotObject");Z.throwIfOptionNotObject=iC;function oC(t,e){if((0,We.isUndefined)(t))throw new lt(e)}o(oC,"throwIfStateUndefined");Z.throwIfStateUndefined=oC;function vc(t,e){if((0,We.isUndefinedOrNull)(t))throw new lt(e)}o(vc,"throwIfStateUndefinedOrNull");Z.throwIfStateUndefinedOrNull=vc;function sC(t,e){if(vc(t,e),!(0,We.isString)(t))throw new lt(e);return!0}o(sC,"throwIfStateNotString");Z.throwIfStateNotString=sC;function aC(t,e){if(vc(t,e),!(0,We.isNumber)(t))throw new lt(e);return!0}o(aC,"throwIfStateNotNumber");Z.throwIfStateNotNumber=aC;function cC(t,e){if(vc(t,e),!(0,We.isObject)(t))throw new lt(e);return!0}o(cC,"throwIfStateNotObject");Z.throwIfStateNotObject=cC});var X_=b(ci=>{"use strict";Object.defineProperty(ci,"__esModule",{value:!0});ci.InMemoryRedisClient=ci.StandardRedisClient=void 0;var Lf=k(),Tc=Z_(),Df=class t{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(e,r,n,i){this.redisClientUrl=e,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(e,r,n,i){return(0,Tc.throwIfNotString)(e,"redisClientUrl"),(0,Tc.throwIfNotString)(r,"clientAuthToken"),t.instance||(t.instance=new t(e,r,n,i)),t.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:e,body:r,method:n,requestId:i}){(0,Tc.throwIfNotString)(e,"url");let s=await fetch(`${this.redisClientUrl}${e}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new Lf.SystemError("Redis client failed with 401: Unauthorized"):new Lf.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};ci.StandardRedisClient=Df;var Mf=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:e,body:r,method:n}){if((0,Tc.throwIfNotString)(e,"url"),n==="POST"&&e==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Lf.SystemError("The in-memory redis client only supports /rate-limit calls")}};ci.InMemoryRedisClient=Mf});var iE=b(Pc=>{"use strict";Object.defineProperty(Pc,"__esModule",{value:!0});Pc.RateLimitInboundPolicy=void 0;var uC=Fr(),lC=Zt(),dC=Do(),Ft=k(),pC=pe(),eE=Ze(),io=ie(),tE=X_(),rE=st(),Sc=(0,uC.debug)("zuplo:policies:RateLimitInboundPolicy"),fC="strict",hC=o(t=>{let e=t.headers.get("cf-connecting-ip")??t.headers.get("true-client-ip");if(e)return e;let r=t.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP"),mC=o(async t=>({key:`ip-${hC(t)}`}),"getIP"),gC=o(async t=>({key:`user-${t.user?.sub??"anonymous"}`}),"getUser"),yC=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll"),Ic;function bC(t,e){let r;if(Ic)return Ic;if(io.Environment.instance.isLocalDevelopment)return e.info("Using in-memory redis client for local development."),r=new tE.InMemoryRedisClient,Ic=r,r;let{authApiJWT:n,redisURL:i}=io.Environment.instance;if(!(0,rE.isString)(i))throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - rate limit service URL not configured`);if(!(0,rE.isString)(n))throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - service authentication not configured`);if(i&&(r=tE.StandardRedisClient.initialize(i,n,io.Environment.instance.deploymentName??"unknown",io.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new Ft.SystemError(`RateLimitInboundPolicy '${t}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Ic=r,r}o(bC,"getRedisClient");async function nE(t,e,r,n,i){let s=Math.floor(e*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:t}),requestId:i})}o(nE,"getCountAndUpdateExpiry");function _C(t,e){let r;if(t.rateLimitBy==="function"){if(!t.identifier)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!t.identifier.module)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!t.identifier.export)throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=t.identifier.module[t.identifier.export],!r||typeof r!="function")throw new Ft.ConfigurationError(`RateLimitInboundPolicy '${e}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new Ft.RuntimeError(u)}return c},"outerFunction")}o(_C,"wrapUserFunction");var EC="Retry-After",wC=o(async(t,e,r,n)=>{let i=Date.now(),s=eE.SystemLogMap.getLogger(e),a=o((u,l)=>{if(r.throwOnFailure)throw new Ft.SystemError(u,{cause:l});s.error(u,l)},"throwOrLog"),c=o((u,l)=>{let d={};return(!u||u==="retry-after")&&(d[EC]=l.toString()),pC.HttpProblems.tooManyRequests(t,e,void 0,d)},"rateLimited");try{let l={function:_C(r,n),user:gC,ip:mC,all:yC}[r.rateLimitBy],d=await l(t,e,n),p=d.key,f=d.requestsAllowed??r.requestsAllowed,h=d.timeWindowMinutes??r.timeWindowMinutes,g=r.headerMode??"retry-after",_=bC(n,s),A=`bucket/${io.Environment.instance.build.BUILD_ID}/${n}/${p}`;if((r.mode??fC)==="async"){let O=await(0,lC.getPolicyCacheName)(n,r),V=new dC.ZoneCache(O,{logger:eE.SystemLogMap.getLogger(e)}),w=nE(A,h,_,s,e.requestId),v=await V.get(A);if(v!==void 0&&v<=Date.now()){Sc(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${A}' (async mode)`);let C=Math.round((v-Date.now())/1e3);return c(g,C)}return e.addEventListener("responseSending",C=>{try{let E=C,P=E.mutableResponse;E.mutableResponse=(async()=>{let x=await w;if(x.count>f){let X=Date.now()+x.ttlSeconds*1e3,q=V.put(A,X,x.ttlSeconds).catch(D=>{throw s.error(new Ft.SystemError("Error caching rate limit result.",{cause:D})),D});return e.waitUntil(q),Sc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${A}' (async mode)`),c(g,x.ttlSeconds)}return P})()}catch(E){s.error(`RateLimitInboundPolicy '${n}' -error in responseSending`,E)}}),t}let S=await nE(A,h,_,s,e.requestId);return S.count>f?(Sc(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${A}' (strict mode)`),c(g,S.ttlSeconds)):t}catch(u){return a(u.message,u),t}finally{let u=Date.now()-i;Sc(`RateLimitInboundPolicy '${n}' - latency ${u}ms`)}},"RateLimitInboundPolicy");Pc.RateLimitInboundPolicy=wC});var cE=b(Ac=>{"use strict";Object.defineProperty(Ac,"__esModule",{value:!0});Ac.ReadmeMetricsInboundPolicy=void 0;var vC=Pe(),Uf=ie(),oE=Kt(),kf;function sE(t){let e=[];for(let[r,n]of t)e.push({name:r,value:n});return e}o(sE,"headersToNameValuePairs");function TC(t){let e=[];return Object.entries(t).forEach(([r,n])=>{e.push({name:r,value:n})}),e}o(TC,"queryToNameValueParis");function SC(t){if(t===null)return;let e=parseFloat(t);if(!isNaN(e))return e}o(SC,"parseIntOrUndefined");var aE={};async function IC(t,e,r,n){let i=new Date,s=Date.now();return kf||(kf={name:"zuplo",version:Uf.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${Uf.Environment.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&t.user?(0,oE.getValueFromRequestUser)(t.user,r.userLabelPropertyPath,"userLabelPropertyPath"):t.user?.sub,u=r.userEmailPropertyPath&&t.user?(0,oE.getValueFromRequestUser)(t.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:t.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:Uf.Environment.instance.isDeno,group:{label:c,email:u,id:t.user?.sub??"anonymous"},request:{log:{creator:kf,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:t.method,url:r.useFullRequestPath?new URL(t.url).pathname:e.route.path,httpVersion:"2",headers:sE(t.headers),queryString:TC(t.query)},response:{status:a.status,statusText:a.statusText,headers:sE(a.headers),content:{size:SC(t.headers.get("content-length"))}}}]}}},d=aE[r.apiKey];if(!d){let p=r.apiKey;d=new vC.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",g=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});g.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${g.status}: '${await g.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),aE[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(c){e.log.error(c)}}),t}o(IC,"ReadmeMetricsInboundPolicy");Ac.ReadmeMetricsInboundPolicy=IC});var uE=b(Rc=>{"use strict";Object.defineProperty(Rc,"__esModule",{value:!0});Rc.RemoveHeadersInboundPolicy=void 0;var PC=k(),AC=Ge(),RC=o(async(t,e,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new PC.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(t.headers);return i.forEach(c=>{s.delete(c)}),new AC.ZuploRequest(t,{headers:s})},"RemoveHeadersInboundPolicy");Rc.RemoveHeadersInboundPolicy=RC});var lE=b(Oc=>{"use strict";Object.defineProperty(Oc,"__esModule",{value:!0});Oc.RemoveHeadersOutboundPolicy=void 0;var OC=k(),NC=o(async(t,e,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new OC.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(t.headers);return s.forEach(u=>{a.delete(u)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"RemoveHeadersOutboundPolicy");Oc.RemoveHeadersOutboundPolicy=NC});var dE=b(Nc=>{"use strict";Object.defineProperty(Nc,"__esModule",{value:!0});Nc.RemoveQueryParamsInboundPolicy=void 0;var CC=k(),xC=Ge(),LC=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new CC.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(t.url);return i.forEach(c=>{s.searchParams.delete(c)}),new xC.ZuploRequest(s.toString(),t)},"RemoveQueryParamsInboundPolicy");Nc.RemoveQueryParamsInboundPolicy=LC});var pE=b(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.ReplaceStringOutboundPolicy=void 0;var DC=o(async(t,e,r,n)=>{let i=await t.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:t.headers,status:t.status,statusText:t.statusText})},"ReplaceStringOutboundPolicy");Cc.ReplaceStringOutboundPolicy=DC});var hE=b(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.RequestSizeLimitInboundPolicy=void 0;var fE=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),MC=o(async(t,e,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(t.method))return t;let i=t.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?fE():s&&n?t:(await t.clone().text()).length>r.maxSizeInBytes?fE():t},"RequestSizeLimitInboundPolicy");xc.RequestSizeLimitInboundPolicy=MC});var Lc=b(dt=>{"use strict";Object.defineProperty(dt,"__esModule",{value:!0});dt.sanitizedIdentifierName=dt.getIdForRefSchema=dt.getIdForRequestBodySchema=dt.getIdForParameterSchema=dt.getRawOperationDataIdentifierName=void 0;function UC(t,e,r){return`_${nn(t+"_"+e+"_"+r)}`}o(UC,"getRawOperationDataIdentifierName");dt.getRawOperationDataIdentifierName=UC;function kC(t,e,r,n){return`_${nn(t.toLowerCase())}_`+e.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(kC,"getIdForParameterSchema");dt.getIdForParameterSchema=kC;function FC(t,e,r){return`_${nn(t.toLowerCase())}_`+e.toLowerCase()+`_rb_${nn(r.toLowerCase())}`}o(FC,"getIdForRequestBodySchema");dt.getIdForRequestBodySchema=FC;function HC(t,e){return`_${nn(t)}__${nn(e)}`}o(HC,"getIdForRefSchema");dt.getIdForRefSchema=HC;function nn(t){let e=[];for(let r=0;r<t.length;r++){let n=t.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?e.push(t.charAt(r)):e.push("_")}return e.join("")}o(nn,"sanitizedIdentifierName");dt.sanitizedIdentifierName=nn});var oo=b($e=>{"use strict";Object.defineProperty($e,"__esModule",{value:!0});$e.getErrorsFromValidator=$e.shouldReject=$e.shouldLog=$e.logErrors=$e.validateParameters=$e.getParametersForOperation=void 0;var qC=Hr(),$C=Lc(),jC=o(t=>{let e=t.route.raw();return e.parameters?e.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");$e.getParametersForOperation=jC;var VC=o((t,e,r,n,i)=>{let s=[],a=!0,c=[];return t.forEach(u=>{let l=u.required||i==="path";if(l&&!e[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!e[u.name])){let d=(0,$C.getIdForParameterSchema)(r,n,i,u.name),p=qC.Gateway.instance.schemaValidator[d],f=p(e[u.name]),h=(0,$e.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${e[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");$e.validateParameters=VC;var BC=o((t,e,r,n,i)=>{n?t.log[e](r,n,i):t.log[e](r,i)},"logErrors");$e.logErrors=BC;var GC=o(t=>t==="log-only"||t==="reject-and-log","shouldLog");$e.shouldLog=GC;var KC=o(t=>t==="reject-only"||t==="reject-and-log","shouldReject");$e.shouldReject=KC;var JC=o(t=>t?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");$e.getErrorsFromValidator=JC});var mE=b(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.handleBodyValidation=void 0;var zC=Hr(),Dc=pe(),WC=Lc(),et=oo();async function QC(t,e,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await e.clone().json()}catch(h){let g=`Error in request body for method : ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,_=Dc.HttpProblems.badRequest(e,t,{detail:`${g}, see errors property for more details`,errors:`${h}`});if((0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",g,[n],h),(0,et.shouldReject)(r.validateBody))return _}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${t.route.path}`,g=Dc.HttpProblems.badRequest(e,t,{detail:h});return(0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,et.shouldReject)(r.validateBody)?g:void 0}let i=e.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,WC.getIdForRequestBodySchema)(t.route.path,e.method,i),c=zC.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,g=Dc.HttpProblems.badRequest(e,t,{detail:h});return(0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,et.shouldReject)(r.validateBody)?g:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,et.getErrorsFromValidator)(l),f=Dc.HttpProblems.badRequest(e,t,{detail:`${d}, see errors property for more details`,errors:p});if((0,et.shouldLog)(r.validateBody)&&(0,et.logErrors)(t,r.logLevel??"info",d,[n],p),(0,et.shouldReject)(r.validateBody))return f}o(QC,"handleBodyValidation");Mc.handleBodyValidation=QC});var gE=b(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.handleHeadersValidation=void 0;var YC=pe(),so=oo();function ZC(t,e,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};e.headers.forEach((a,c)=>{n[c]=a});let i=(0,so.getParametersForOperation)(t),s=(0,so.validateParameters)(i.filter(a=>a.location==="header"),n,t.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=YC.HttpProblems.badRequest(e,t,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,so.shouldLog)(r.validateHeaders)&&(0,so.logErrors)(t,r.logLevel??"info",a,s.invalidValues,s.errors),(0,so.shouldReject)(r.validateHeaders))return c}}o(ZC,"handleHeadersValidation");Uc.handleHeadersValidation=ZC});var yE=b(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.handlePathParameterValidation=void 0;var XC=pe(),ao=oo();function ex(t,e,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,ao.getParametersForOperation)(t),i=(0,ao.validateParameters)(n.filter(s=>s.location==="path"),e.params,t.route.path,e.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=XC.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,ao.shouldLog)(r.validatePathParameters)&&(0,ao.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,ao.shouldReject)(r.validatePathParameters))return a}}o(ex,"handlePathParameterValidation");kc.handlePathParameterValidation=ex});var bE=b(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.handleQueryParameterValidation=void 0;var tx=pe(),co=oo();function rx(t,e,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,co.getParametersForOperation)(t),i=(0,co.validateParameters)(n.filter(s=>s.location==="query"),e.query,t.route.path,e.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=tx.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,co.shouldLog)(r.validateQueryParameters)&&(0,co.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,co.shouldReject)(r.validateQueryParameters))return a}}o(rx,"handleQueryParameterValidation");Fc.handleQueryParameterValidation=rx});var _E=b(on=>{"use strict";Object.defineProperty(on,"__esModule",{value:!0});on.SchemaBasedRequestValidation=on.RequestValidationInboundPolicy=void 0;var nx=mE(),ix=gE(),ox=yE(),sx=bE(),ax=o(async(t,e,r)=>{let n=(0,sx.handleQueryParameterValidation)(e,t,r);if(n!==void 0||(n=(0,ox.handlePathParameterValidation)(e,t,r),n!==void 0)||(n=(0,ix.handleHeadersValidation)(e,t,r),n!==void 0))return n;let i=await(0,nx.handleBodyValidation)(e,t,r);return i!==void 0?i:t},"RequestValidationInboundPolicy");on.RequestValidationInboundPolicy=ax;on.SchemaBasedRequestValidation=on.RequestValidationInboundPolicy});var EE=b(Hc=>{"use strict";Object.defineProperty(Hc,"__esModule",{value:!0});Hc.RequireOriginInboundPolicy=void 0;var cx=k(),ux=pe(),lx=o(async(t,e,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new cx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=t.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return ux.HttpProblems.forbidden(t,e,{detail:a})}return t},"RequireOriginInboundPolicy");Hc.RequireOriginInboundPolicy=lx});var wE=b(qc=>{"use strict";Object.defineProperty(qc,"__esModule",{value:!0});qc.SetBodyInboundPolicy=void 0;var dx=Ge(),px=o(async(t,e,r)=>new dx.ZuploRequest(t,{body:r.body}),"SetBodyInboundPolicy");qc.SetBodyInboundPolicy=px});var TE=b($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.SetHeadersInboundPolicy=void 0;var vE=k(),fx=Ge(),hx=o(async(t,e,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new vE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(t.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new vE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new fx.ZuploRequest(t,{headers:s})},"SetHeadersInboundPolicy");$c.SetHeadersInboundPolicy=hx});var IE=b(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.SetHeadersOutboundPolicy=void 0;var SE=k(),mx=o(async(t,e,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new SE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(t.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new SE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"SetHeadersOutboundPolicy");jc.SetHeadersOutboundPolicy=mx});var AE=b(Vc=>{"use strict";Object.defineProperty(Vc,"__esModule",{value:!0});Vc.SetQueryParamsInboundPolicy=void 0;var PE=k(),gx=Ge(),yx=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new PE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(t.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new PE.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new gx.ZuploRequest(s.toString(),t)},"SetQueryParamsInboundPolicy");Vc.SetQueryParamsInboundPolicy=yx});var RE=b(Bc=>{"use strict";Object.defineProperty(Bc,"__esModule",{value:!0});Bc.SetStatusOutboundPolicy=void 0;var bx=o(async(t,e,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(t.body,{headers:t.headers,status:n.status,statusText:n.statusText??t.statusText})},"SetStatusOutboundPolicy");Bc.SetStatusOutboundPolicy=bx});var OE=b(Gc=>{"use strict";Object.defineProperty(Gc,"__esModule",{value:!0});Gc.SleepInboundPolicy=void 0;var _x=k(),Ex=o(async t=>new Promise(r=>{setTimeout(r,t)}),"sleep"),wx=o(async(t,e,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new _x.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await Ex(r.sleepInMs),t},"SleepInboundPolicy");Gc.SleepInboundPolicy=wx});var CE=b(Kc=>{"use strict";Object.defineProperty(Kc,"__esModule",{value:!0});Kc.SupabaseJwtInboundPolicy=void 0;var NE=k(),vx=pe(),Tx=Ge(),Sx=ut(),Ix=Xt(),Px=o(async(t,e,r,n)=>{(0,Sx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,Ix.OpenIdJwtInboundPolicy)(t,e,i,n);if(s instanceof Response)return s;if(!(s instanceof Tx.ZuploRequest))throw new NE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=t.user?.data.app_metadata;if(!c)throw new NE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?vx.HttpProblems.unauthorized(t,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Kc.SupabaseJwtInboundPolicy=Px});var LE=b(Jc=>{"use strict";Object.defineProperty(Jc,"__esModule",{value:!0});Jc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Ax=Zt(),Rx=nr(),xE=k(),Ox=Dn(),Nx=ut(),Cx=o(async(t,e,r,n)=>{(0,Nx.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Ax.getPolicyCacheName)(n,r),s=new Rx.MemoryZoneReadThroughCache(i,e),a=await s.get(n);if(!a){let c=await xx(r,e);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return t.headers.set("Authorization",`Bearer ${a}`),t},"UpstreamAzureAdServiceAuthInboundPolicy");Jc.UpstreamAzureAdServiceAuthInboundPolicy=Cx;async function xx(t,e){let r=new URLSearchParams({client_id:t.activeDirectoryClientId,scope:`${t.activeDirectoryClientId}/.default`,client_secret:t.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Ox.fetchRetry)({retries:t.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${t.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new xE.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new xE.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(xx,"getAccessToken")});var ME=b(zc=>{"use strict";Object.defineProperty(zc,"__esModule",{value:!0});zc.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var Lx=Zt(),Dx=nr(),Mx=k(),Ff=Mn(),Ux=ut(),DE="https://accounts.google.com/o/oauth2/token",Hf,kx=o(async(t,e,r,n)=>{(0,Ux.optionValidator)(r,n).required("serviceAccountJson","string"),Hf||(Hf=await Ff.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,Lx.getPolicyCacheName)(n,r),a=new Dx.MemoryZoneReadThroughCache(s,e),c=await a.get(n);if(!c){let u=await(0,Ff.getTokenFromGcpServiceAccount)({serviceAccount:Hf,audience:DE,payload:i}),l=await(0,Ff.exchangeGgpJwtForIdToken)(DE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new Mx.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamFirebaseAdminAuthInboundPolicy");zc.UpstreamFirebaseAdminAuthInboundPolicy=kx});var UE=b(Wc=>{"use strict";Object.defineProperty(Wc,"__esModule",{value:!0});Wc.UpstreamFirebaseUserAuthInboundPolicy=void 0;var Fx=Zt(),Hx=nr(),ui=k(),qx=Ef(),qf=Mn(),$x=Kt(),jx=ut(),Vx="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",Bx=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],$f,Gx=o(async(t,e,r,n)=>{if((0,jx.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new ui.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(Bx.indexOf(p)!==-1)throw new ui.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}$f||($f=await qf.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!t.user)throw new ui.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=t.user?.sub}else if(r.userIdPropertyPath){if(!t.user)throw new ui.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,$x.getValueFromRequestUser)(t.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new ui.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,Fx.getPolicyCacheName)(n,r),c=new Hx.MemoryZoneReadThroughCache(a,e),u={uid:s,claims:i},l=await(0,qx.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,qf.getTokenFromGcpServiceAccount)({serviceAccount:$f,audience:Vx,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,qf.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new ui.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${d}`),t},"UpstreamFirebaseUserAuthInboundPolicy");Wc.UpstreamFirebaseUserAuthInboundPolicy=Gx});var FE=b(Qc=>{"use strict";Object.defineProperty(Qc,"__esModule",{value:!0});Qc.UpstreamGcpJwtInboundPolicy=void 0;var kE=Mn(),Kx=ut(),jf,Jx=o(async(t,e,r,n)=>{(0,Kx.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),jf||(jf=await kE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,kE.getTokenFromGcpServiceAccount)({serviceAccount:jf,audience:r.audience});return t.headers.set("Authorization",`Bearer ${i}`),t},"UpstreamGcpJwtInboundPolicy");Qc.UpstreamGcpJwtInboundPolicy=Jx});var qE=b(Yc=>{"use strict";Object.defineProperty(Yc,"__esModule",{value:!0});Yc.UpstreamGcpServiceAuthInboundPolicy=void 0;var zx=Zt(),Wx=zu(),Qx=nr(),uo=k(),Vf=Mn(),Yx=Kt(),Zx=ut(),HE="https://www.googleapis.com/oauth2/v4/token",Bf,Xx=o(async(t,e,r,n)=>{(0,Zx.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Bf||(Bf=await Vf.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new uo.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,Yx.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof uo.ConfigurationError?new uo.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,zx.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new Wx.MemoryCache(s):a=new Qx.MemoryZoneReadThroughCache(s,e);let c=await a.get(n);if(!c){let u=await(0,Vf.getTokenFromGcpServiceAccount)({serviceAccount:Bf,audience:HE,payload:i}),l=await(0,Vf.exchangeGgpJwtForIdToken)(HE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new uo.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new uo.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamGcpServiceAuthInboundPolicy");Yc.UpstreamGcpServiceAuthInboundPolicy=Xx});var jE=b(Zc=>{"use strict";Object.defineProperty(Zc,"__esModule",{value:!0});Zc.ValidateJsonSchemaInbound=void 0;var eL=k(),$E=pe(),tL=o(async(t,e,r)=>{let n=t.clone(),i;try{i=await n.json()}catch{return $E.HttpProblems.badRequest(t,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return t;let{errors:a}=r.validator;if(!a)throw new eL.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return $E.HttpProblems.badRequest(t,e,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");Zc.ValidateJsonSchemaInbound=tL});var GE=b((wJ,BE)=>{"use strict";var rL=Object.defineProperty,nL=Object.getOwnPropertyNames,B=o((t,e)=>rL(t,"name",{value:e,configurable:!0}),"__name"),wt=o((t,e)=>o(function(){return e||(0,t[nL(t)[0]])((e={exports:{}}).exports,e),e.exports},"__require"),"__commonJS"),Gf=wt({"node_modules/fast-xml-parser/src/util.js"(t){"use strict";var e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",r=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",n="["+e+"]["+r+"]*",i=new RegExp("^"+n+"$"),s=B(function(c,u){let l=[],d=u.exec(c);for(;d;){let p=[];p.startIndex=u.lastIndex-d[0].length;let f=d.length;for(let h=0;h<f;h++)p.push(d[h]);l.push(p),d=u.exec(c)}return l},"getAllMatches"),a=B(function(c){let u=i.exec(c);return!(u===null||typeof u>"u")},"isName");t.isExist=function(c){return typeof c<"u"},t.isEmptyObject=function(c){return Object.keys(c).length===0},t.merge=function(c,u,l){if(u){let d=Object.keys(u),p=d.length;for(let f=0;f<p;f++)l==="strict"?c[d[f]]=[u[d[f]]]:c[d[f]]=u[d[f]]}},t.getValue=function(c){return t.isExist(c)?c:""},t.isName=a,t.getAllMatches=s,t.nameRegexp=n}}),VE=wt({"node_modules/fast-xml-parser/src/validator.js"(t){"use strict";var e=Gf(),r={allowBooleanAttributes:!1,unpairedTags:[]};t.validate=function(y,S){S=Object.assign({},r,S);let O=[],V=!1,w=!1;y[0]==="\uFEFF"&&(y=y.substr(1));for(let v=0;v<y.length;v++)if(y[v]==="<"&&y[v+1]==="?"){if(v+=2,v=i(y,v),v.err)return v}else if(y[v]==="<"){let C=v;if(v++,y[v]==="!"){v=s(y,v);continue}else{let E=!1;y[v]==="/"&&(E=!0,v++);let P="";for(;v<y.length&&y[v]!==">"&&y[v]!==" "&&y[v]!==" "&&y[v]!==`
|
|
75
75
|
`&&y[v]!=="\r";v++)P+=y[v];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),v--),!_(P)){let q;return P.trim().length===0?q="Invalid space after '<'.":q="Tag '"+P+"' is an invalid name.",h("InvalidTag",q,T(y,v))}let x=u(y,v);if(x===!1)return h("InvalidAttr","Attributes for '"+P+"' have open quote.",T(y,v));let X=x.value;if(v=x.index,X[X.length-1]==="/"){let q=v-X.length;X=X.substring(0,X.length-1);let D=d(X,S);if(D===!0)V=!0;else return h(D.err.code,D.err.msg,T(y,q+D.err.line))}else if(E)if(x.tagClosed){if(X.trim().length>0)return h("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",T(y,C));{let q=O.pop();if(P!==q.tagName){let D=T(y,q.tagStartPos);return h("InvalidTag","Expected closing tag '"+q.tagName+"' (opened in line "+D.line+", col "+D.col+") instead of closing tag '"+P+"'.",T(y,C))}O.length==0&&(w=!0)}}else return h("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",T(y,v));else{let q=d(X,S);if(q!==!0)return h(q.err.code,q.err.msg,T(y,v-X.length+q.err.line));if(w===!0)return h("InvalidXml","Multiple possible root nodes found.",T(y,v));S.unpairedTags.indexOf(P)!==-1||O.push({tagName:P,tagStartPos:C}),V=!0}for(v++;v<y.length;v++)if(y[v]==="<")if(y[v+1]==="!"){v++,v=s(y,v);continue}else if(y[v+1]==="?"){if(v=i(y,++v),v.err)return v}else break;else if(y[v]==="&"){let q=f(y,v);if(q==-1)return h("InvalidChar","char '&' is not expected.",T(y,v));v=q}else if(w===!0&&!n(y[v]))return h("InvalidXml","Extra text at the end",T(y,v));y[v]==="<"&&v--}}else{if(n(y[v]))continue;return h("InvalidChar","char '"+y[v]+"' is not expected.",T(y,v))}if(V){if(O.length==1)return h("InvalidTag","Unclosed tag '"+O[0].tagName+"'.",T(y,O[0].tagStartPos));if(O.length>0)return h("InvalidXml","Invalid '"+JSON.stringify(O.map(v=>v.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1})}else return h("InvalidXml","Start tag expected.",1);return!0};function n(y){return y===" "||y===" "||y===`
|
|
76
76
|
`||y==="\r"}o(n,"isWhiteSpace"),B(n,"isWhiteSpace");function i(y,S){let O=S;for(;S<y.length;S++)if(y[S]=="?"||y[S]==" "){let V=y.substr(O,S-O);if(S>5&&V==="xml")return h("InvalidXml","XML declaration allowed only at the start of the document.",T(y,S));if(y[S]=="?"&&y[S+1]==">"){S++;break}else continue}return S}o(i,"readPI"),B(i,"readPI");function s(y,S){if(y.length>S+5&&y[S+1]==="-"&&y[S+2]==="-"){for(S+=3;S<y.length;S++)if(y[S]==="-"&&y[S+1]==="-"&&y[S+2]===">"){S+=2;break}}else if(y.length>S+8&&y[S+1]==="D"&&y[S+2]==="O"&&y[S+3]==="C"&&y[S+4]==="T"&&y[S+5]==="Y"&&y[S+6]==="P"&&y[S+7]==="E"){let O=1;for(S+=8;S<y.length;S++)if(y[S]==="<")O++;else if(y[S]===">"&&(O--,O===0))break}else if(y.length>S+9&&y[S+1]==="["&&y[S+2]==="C"&&y[S+3]==="D"&&y[S+4]==="A"&&y[S+5]==="T"&&y[S+6]==="A"&&y[S+7]==="["){for(S+=8;S<y.length;S++)if(y[S]==="]"&&y[S+1]==="]"&&y[S+2]===">"){S+=2;break}}return S}o(s,"readCommentAndCDATA"),B(s,"readCommentAndCDATA");var a='"',c="'";function u(y,S){let O="",V="",w=!1;for(;S<y.length;S++){if(y[S]===a||y[S]===c)V===""?V=y[S]:V!==y[S]||(V="");else if(y[S]===">"&&V===""){w=!0;break}O+=y[S]}return V!==""?!1:{value:O,index:S,tagClosed:w}}o(u,"readAttributeStr"),B(u,"readAttributeStr");var l=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function d(y,S){let O=e.getAllMatches(y,l),V={};for(let w=0;w<O.length;w++){if(O[w][1].length===0)return h("InvalidAttr","Attribute '"+O[w][2]+"' has no space in starting.",A(O[w]));if(O[w][3]!==void 0&&O[w][4]===void 0)return h("InvalidAttr","Attribute '"+O[w][2]+"' is without value.",A(O[w]));if(O[w][3]===void 0&&!S.allowBooleanAttributes)return h("InvalidAttr","boolean attribute '"+O[w][2]+"' is not allowed.",A(O[w]));let v=O[w][2];if(!g(v))return h("InvalidAttr","Attribute '"+v+"' is an invalid name.",A(O[w]));if(!V.hasOwnProperty(v))V[v]=1;else return h("InvalidAttr","Attribute '"+v+"' is repeated.",A(O[w]))}return!0}o(d,"validateAttributeString"),B(d,"validateAttributeString");function p(y,S){let O=/\d/;for(y[S]==="x"&&(S++,O=/[\da-fA-F]/);S<y.length;S++){if(y[S]===";")return S;if(!y[S].match(O))break}return-1}o(p,"validateNumberAmpersand"),B(p,"validateNumberAmpersand");function f(y,S){if(S++,y[S]===";")return-1;if(y[S]==="#")return S++,p(y,S);let O=0;for(;S<y.length;S++,O++)if(!(y[S].match(/\w/)&&O<20)){if(y[S]===";")break;return-1}return S}o(f,"validateAmpersand"),B(f,"validateAmpersand");function h(y,S,O){return{err:{code:y,msg:S,line:O.line||O,col:O.col}}}o(h,"getErrorObject"),B(h,"getErrorObject");function g(y){return e.isName(y)}o(g,"validateAttrName"),B(g,"validateAttrName");function _(y){return e.isName(y)}o(_,"validateTagName"),B(_,"validateTagName");function T(y,S){let O=y.substring(0,S).split(/\r?\n/);return{line:O.length,col:O[O.length-1].length+1}}o(T,"getLineNumberForPosition"),B(T,"getLineNumberForPosition");function A(y){return y.startIndex+y[1].length}o(A,"getPositionFromMatch"),B(A,"getPositionFromMatch")}}),iL=wt({"node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js"(t){var e={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(n,i){return i},attributeValueProcessor:function(n,i){return i},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(n,i,s){return n}},r=B(function(n){return Object.assign({},e,n)},"buildOptions");t.buildOptions=r,t.defaultOptions=e}}),oL=wt({"node_modules/fast-xml-parser/src/xmlparser/xmlNode.js"(t,e){"use strict";var r=class{static{o(this,"XmlNode")}static{B(this,"XmlNode")}constructor(n){this.tagname=n,this.child=[],this[":@"]={}}add(n,i){n==="__proto__"&&(n="#__proto__"),this.child.push({[n]:i})}addChild(n){n.tagname==="__proto__"&&(n.tagname="#__proto__"),n[":@"]&&Object.keys(n[":@"]).length>0?this.child.push({[n.tagname]:n.child,":@":n[":@"]}):this.child.push({[n.tagname]:n.child})}};e.exports=r}}),sL=wt({"node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js"(t,e){var r=Gf();function n(p,f){let h={};if(p[f+3]==="O"&&p[f+4]==="C"&&p[f+5]==="T"&&p[f+6]==="Y"&&p[f+7]==="P"&&p[f+8]==="E"){f=f+9;let g=1,_=!1,T=!1,A="";for(;f<p.length;f++)if(p[f]==="<"&&!T){if(_&&a(p,f))f+=7,[entityName,val,f]=i(p,f+1),val.indexOf("&")===-1&&(h[d(entityName)]={regx:RegExp(`&${entityName};`,"g"),val});else if(_&&c(p,f))f+=8;else if(_&&u(p,f))f+=8;else if(_&&l(p,f))f+=9;else if(s)T=!0;else throw new Error("Invalid DOCTYPE");g++,A=""}else if(p[f]===">"){if(T?p[f-1]==="-"&&p[f-2]==="-"&&(T=!1,g--):g--,g===0)break}else p[f]==="["?_=!0:A+=p[f];if(g!==0)throw new Error("Unclosed DOCTYPE")}else throw new Error("Invalid Tag instead of DOCTYPE");return{entities:h,i:f}}o(n,"readDocType"),B(n,"readDocType");function i(p,f){let h="";for(;f<p.length&&p[f]!=="'"&&p[f]!=='"';f++)h+=p[f];if(h=h.trim(),h.indexOf(" ")!==-1)throw new Error("External entites are not supported");let g=p[f++],_="";for(;f<p.length&&p[f]!==g;f++)_+=p[f];return[h,_,f]}o(i,"readEntityExp"),B(i,"readEntityExp");function s(p,f){return p[f+1]==="!"&&p[f+2]==="-"&&p[f+3]==="-"}o(s,"isComment"),B(s,"isComment");function a(p,f){return p[f+1]==="!"&&p[f+2]==="E"&&p[f+3]==="N"&&p[f+4]==="T"&&p[f+5]==="I"&&p[f+6]==="T"&&p[f+7]==="Y"}o(a,"isEntity"),B(a,"isEntity");function c(p,f){return p[f+1]==="!"&&p[f+2]==="E"&&p[f+3]==="L"&&p[f+4]==="E"&&p[f+5]==="M"&&p[f+6]==="E"&&p[f+7]==="N"&&p[f+8]==="T"}o(c,"isElement"),B(c,"isElement");function u(p,f){return p[f+1]==="!"&&p[f+2]==="A"&&p[f+3]==="T"&&p[f+4]==="T"&&p[f+5]==="L"&&p[f+6]==="I"&&p[f+7]==="S"&&p[f+8]==="T"}o(u,"isAttlist"),B(u,"isAttlist");function l(p,f){return p[f+1]==="!"&&p[f+2]==="N"&&p[f+3]==="O"&&p[f+4]==="T"&&p[f+5]==="A"&&p[f+6]==="T"&&p[f+7]==="I"&&p[f+8]==="O"&&p[f+9]==="N"}o(l,"isNotation"),B(l,"isNotation");function d(p){if(r.isName(p))return p;throw new Error(`Invalid entity name ${p}`)}o(d,"validateEntityName"),B(d,"validateEntityName"),e.exports=n}}),aL=wt({"../../node_modules/strnum/strnum.js"(t,e){var r=/^[-+]?0x[a-fA-F0-9]+$/,n=/^([\-\+])?(0*)(\.[0-9]+([eE]\-?[0-9]+)?|[0-9]+(\.[0-9]+([eE]\-?[0-9]+)?)?)$/;!Number.parseInt&&window.parseInt&&(Number.parseInt=window.parseInt),!Number.parseFloat&&window.parseFloat&&(Number.parseFloat=window.parseFloat);var i={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0};function s(c,u={}){if(u=Object.assign({},i,u),!c||typeof c!="string")return c;let l=c.trim();if(u.skipLike!==void 0&&u.skipLike.test(l))return c;if(u.hex&&r.test(l))return Number.parseInt(l,16);{let d=n.exec(l);if(d){let p=d[1],f=d[2],h=a(d[3]),g=d[4]||d[6];if(!u.leadingZeros&&f.length>0&&p&&l[2]!==".")return c;if(!u.leadingZeros&&f.length>0&&!p&&l[1]!==".")return c;{let _=Number(l),T=""+_;return T.search(/[eE]/)!==-1||g?u.eNotation?_:c:l.indexOf(".")!==-1?T==="0"&&h===""||T===h||p&&T==="-"+h?_:c:f?h===T||p+h===T?_:c:l===T||l===p+T?_:c}}else return c}}o(s,"toNumber"),B(s,"toNumber");function a(c){return c&&c.indexOf(".")!==-1&&(c=c.replace(/0+$/,""),c==="."?c="0":c[0]==="."?c="0"+c:c[c.length-1]==="."&&(c=c.substr(0,c.length-1))),c}o(a,"trimZeros"),B(a,"trimZeros"),e.exports=s}}),cL=wt({"node_modules/fast-xml-parser/src/xmlparser/OrderedObjParser.js"(t,e){"use strict";var r=Gf(),n=oL(),i=sL(),s=aL(),a=class{static{o(this,"OrderedObjParser")}static{B(this,"OrderedObjParser")}constructor(w){this.options=w,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"\xA2"},pound:{regex:/&(pound|#163);/g,val:"\xA3"},yen:{regex:/&(yen|#165);/g,val:"\xA5"},euro:{regex:/&(euro|#8364);/g,val:"\u20AC"},copyright:{regex:/&(copy|#169);/g,val:"\xA9"},reg:{regex:/&(reg|#174);/g,val:"\xAE"},inr:{regex:/&(inr|#8377);/g,val:"\u20B9"}},this.addExternalEntities=c,this.parseXml=f,this.parseTextData=u,this.resolveNameSpace=l,this.buildAttributesMap=p,this.isItStopNode=T,this.replaceEntitiesValue=g,this.readStopNodeData=O,this.saveTextToParentTag=_,this.addChild=h}};function c(w){let v=Object.keys(w);for(let C=0;C<v.length;C++){let E=v[C];this.lastEntities[E]={regex:new RegExp("&"+E+";","g"),val:w[E]}}}o(c,"addExternalEntities"),B(c,"addExternalEntities");function u(w,v,C,E,P,x,X){if(w!==void 0&&(this.options.trimValues&&!E&&(w=w.trim()),w.length>0)){X||(w=this.replaceEntitiesValue(w));let q=this.options.tagValueProcessor(v,w,C,P,x);return q==null?w:typeof q!=typeof w||q!==w?q:this.options.trimValues?V(w,this.options.parseTagValue,this.options.numberParseOptions):w.trim()===w?V(w,this.options.parseTagValue,this.options.numberParseOptions):w}}o(u,"parseTextData"),B(u,"parseTextData");function l(w){if(this.options.removeNSPrefix){let v=w.split(":"),C=w.charAt(0)==="/"?"/":"";if(v[0]==="xmlns")return"";v.length===2&&(w=C+v[1])}return w}o(l,"resolveNameSpace"),B(l,"resolveNameSpace");var d=new RegExp(`([^\\s=]+)\\s*(=\\s*(['"])([\\s\\S]*?)\\3)?`,"gm");function p(w,v,C){if(!this.options.ignoreAttributes&&typeof w=="string"){let E=r.getAllMatches(w,d),P=E.length,x={};for(let X=0;X<P;X++){let q=this.resolveNameSpace(E[X][1]),D=E[X][4],be=this.options.attributeNamePrefix+q;if(q.length)if(this.options.transformAttributeName&&(be=this.options.transformAttributeName(be)),be==="__proto__"&&(be="#__proto__"),D!==void 0){this.options.trimValues&&(D=D.trim()),D=this.replaceEntitiesValue(D);let le=this.options.attributeValueProcessor(q,D,v);le==null?x[be]=D:typeof le!=typeof D||le!==D?x[be]=le:x[be]=V(D,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(x[be]=!0)}if(!Object.keys(x).length)return;if(this.options.attributesGroupName){let X={};return X[this.options.attributesGroupName]=x,X}return x}}o(p,"buildAttributesMap"),B(p,"buildAttributesMap");var f=B(function(w){w=w.replace(/\r\n?/g,`
|
|
77
77
|
`);let v=new n("!xml"),C=v,E="",P="";for(let x=0;x<w.length;x++)if(w[x]==="<")if(w[x+1]==="/"){let q=y(w,">",x,"Closing Tag is not closed."),D=w.substring(x+2,q).trim();if(this.options.removeNSPrefix){let mt=D.indexOf(":");mt!==-1&&(D=D.substr(mt+1))}this.options.transformTagName&&(D=this.options.transformTagName(D)),C&&(E=this.saveTextToParentTag(E,C,P));let be=P.substring(P.lastIndexOf(".")+1);if(D&&this.options.unpairedTags.indexOf(D)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${D}>`);let le=0;be&&this.options.unpairedTags.indexOf(be)!==-1?(le=P.lastIndexOf(".",P.lastIndexOf(".")-1),this.tagsNodeStack.pop()):le=P.lastIndexOf("."),P=P.substring(0,le),C=this.tagsNodeStack.pop(),E="",x=q}else if(w[x+1]==="?"){let q=S(w,x,!1,"?>");if(!q)throw new Error("Pi Tag is not closed.");if(E=this.saveTextToParentTag(E,C,P),!(this.options.ignoreDeclaration&&q.tagName==="?xml"||this.options.ignorePiTags)){let D=new n(q.tagName);D.add(this.options.textNodeName,""),q.tagName!==q.tagExp&&q.attrExpPresent&&(D[":@"]=this.buildAttributesMap(q.tagExp,P,q.tagName)),this.addChild(C,D,P)}x=q.closeIndex+1}else if(w.substr(x+1,3)==="!--"){let q=y(w,"-->",x+4,"Comment is not closed.");if(this.options.commentPropName){let D=w.substring(x+4,q-2);E=this.saveTextToParentTag(E,C,P),C.add(this.options.commentPropName,[{[this.options.textNodeName]:D}])}x=q}else if(w.substr(x+1,2)==="!D"){let q=i(w,x);this.docTypeEntities=q.entities,x=q.i}else if(w.substr(x+1,2)==="!["){let q=y(w,"]]>",x,"CDATA is not closed.")-2,D=w.substring(x+9,q);E=this.saveTextToParentTag(E,C,P);let be=this.parseTextData(D,C.tagname,P,!0,!1,!0,!0);be==null&&(be=""),this.options.cdataPropName?C.add(this.options.cdataPropName,[{[this.options.textNodeName]:D}]):C.add(this.options.textNodeName,be),x=q+2}else{let q=S(w,x,this.options.removeNSPrefix),D=q.tagName,be=q.rawTagName,le=q.tagExp,mt=q.attrExpPresent,Ph=q.closeIndex;this.options.transformTagName&&(D=this.options.transformTagName(D)),C&&E&&C.tagname!=="!xml"&&(E=this.saveTextToParentTag(E,C,P,!1));let Ah=C;if(Ah&&this.options.unpairedTags.indexOf(Ah.tagname)!==-1&&(C=this.tagsNodeStack.pop(),P=P.substring(0,P.lastIndexOf("."))),D!==v.tagname&&(P+=P?"."+D:D),this.isItStopNode(this.options.stopNodes,P,D)){let ot="";if(le.length>0&&le.lastIndexOf("/")===le.length-1)x=q.closeIndex;else if(this.options.unpairedTags.indexOf(D)!==-1)x=q.closeIndex;else{let $u=this.readStopNodeData(w,be,Ph+1);if(!$u)throw new Error(`Unexpected end of ${be}`);x=$u.i,ot=$u.tagContent}let qu=new n(D);D!==le&&mt&&(qu[":@"]=this.buildAttributesMap(le,P,D)),ot&&(ot=this.parseTextData(ot,D,P,!0,mt,!0,!0)),P=P.substr(0,P.lastIndexOf(".")),qu.add(this.options.textNodeName,ot),this.addChild(C,qu,P)}else{if(le.length>0&&le.lastIndexOf("/")===le.length-1){D[D.length-1]==="/"?(D=D.substr(0,D.length-1),P=P.substr(0,P.length-1),le=D):le=le.substr(0,le.length-1),this.options.transformTagName&&(D=this.options.transformTagName(D));let ot=new n(D);D!==le&&mt&&(ot[":@"]=this.buildAttributesMap(le,P,D)),this.addChild(C,ot,P),P=P.substr(0,P.lastIndexOf("."))}else{let ot=new n(D);this.tagsNodeStack.push(C),D!==le&&mt&&(ot[":@"]=this.buildAttributesMap(le,P,D)),this.addChild(C,ot,P),C=ot}E="",x=Ph}}else E+=w[x];return v.child},"parseXml");function h(w,v,C){let E=this.options.updateTag(v.tagname,C,v[":@"]);E===!1||(typeof E=="string"&&(v.tagname=E),w.addChild(v))}o(h,"addChild"),B(h,"addChild");var g=B(function(w){if(this.options.processEntities){for(let v in this.docTypeEntities){let C=this.docTypeEntities[v];w=w.replace(C.regx,C.val)}for(let v in this.lastEntities){let C=this.lastEntities[v];w=w.replace(C.regex,C.val)}if(this.options.htmlEntities)for(let v in this.htmlEntities){let C=this.htmlEntities[v];w=w.replace(C.regex,C.val)}w=w.replace(this.ampEntity.regex,this.ampEntity.val)}return w},"replaceEntitiesValue");function _(w,v,C,E){return w&&(E===void 0&&(E=Object.keys(v.child).length===0),w=this.parseTextData(w,v.tagname,C,!1,v[":@"]?Object.keys(v[":@"]).length!==0:!1,E),w!==void 0&&w!==""&&v.add(this.options.textNodeName,w),w=""),w}o(_,"saveTextToParentTag"),B(_,"saveTextToParentTag");function T(w,v,C){let E="*."+C;for(let P in w){let x=w[P];if(E===x||v===x)return!0}return!1}o(T,"isItStopNode"),B(T,"isItStopNode");function A(w,v,C=">"){let E,P="";for(let x=v;x<w.length;x++){let X=w[x];if(E)X===E&&(E="");else if(X==='"'||X==="'")E=X;else if(X===C[0])if(C[1]){if(w[x+1]===C[1])return{data:P,index:x}}else return{data:P,index:x};else X===" "&&(X=" ");P+=X}}o(A,"tagExpWithClosingIndex"),B(A,"tagExpWithClosingIndex");function y(w,v,C,E){let P=w.indexOf(v,C);if(P===-1)throw new Error(E);return P+v.length-1}o(y,"findClosingIndex"),B(y,"findClosingIndex");function S(w,v,C,E=">"){let P=A(w,v+1,E);if(!P)return;let x=P.data,X=P.index,q=x.search(/\s/),D=x,be=!0;q!==-1&&(D=x.substring(0,q),x=x.substring(q+1).trimStart());let le=D;if(C){let mt=D.indexOf(":");mt!==-1&&(D=D.substr(mt+1),be=D!==P.data.substr(mt+1))}return{tagName:D,tagExp:x,closeIndex:X,attrExpPresent:be,rawTagName:le}}o(S,"readTagExp"),B(S,"readTagExp");function O(w,v,C){let E=C,P=1;for(;C<w.length;C++)if(w[C]==="<")if(w[C+1]==="/"){let x=y(w,">",C,`${v} is not closed`);if(w.substring(C+2,x).trim()===v&&(P--,P===0))return{tagContent:w.substring(E,C),i:x};C=x}else if(w[C+1]==="?")C=y(w,"?>",C+1,"StopNode is not closed.");else if(w.substr(C+1,3)==="!--")C=y(w,"-->",C+3,"StopNode is not closed.");else if(w.substr(C+1,2)==="![")C=y(w,"]]>",C,"StopNode is not closed.")-2;else{let x=S(w,C,">");x&&((x&&x.tagName)===v&&x.tagExp[x.tagExp.length-1]!=="/"&&P++,C=x.closeIndex)}}o(O,"readStopNodeData"),B(O,"readStopNodeData");function V(w,v,C){if(v&&typeof w=="string"){let E=w.trim();return E==="true"?!0:E==="false"?!1:s(w,C)}else return r.isExist(w)?w:""}o(V,"parseValue"),B(V,"parseValue"),e.exports=a}}),uL=wt({"node_modules/fast-xml-parser/src/xmlparser/node2json.js"(t){"use strict";function e(a,c){return r(a,c)}o(e,"prettify"),B(e,"prettify");function r(a,c,u){let l,d={};for(let p=0;p<a.length;p++){let f=a[p],h=n(f),g="";if(u===void 0?g=h:g=u+"."+h,h===c.textNodeName)l===void 0?l=f[h]:l+=""+f[h];else{if(h===void 0)continue;if(f[h]){let _=r(f[h],c,g),T=s(_,c);f[":@"]?i(_,f[":@"],g,c):Object.keys(_).length===1&&_[c.textNodeName]!==void 0&&!c.alwaysCreateTextNode?_=_[c.textNodeName]:Object.keys(_).length===0&&(c.alwaysCreateTextNode?_[c.textNodeName]="":_=""),d[h]!==void 0&&d.hasOwnProperty(h)?(Array.isArray(d[h])||(d[h]=[d[h]]),d[h].push(_)):c.isArray(h,g,T)?d[h]=[_]:d[h]=_}}}return typeof l=="string"?l.length>0&&(d[c.textNodeName]=l):l!==void 0&&(d[c.textNodeName]=l),d}o(r,"compress"),B(r,"compress");function n(a){let c=Object.keys(a);for(let u=0;u<c.length;u++){let l=c[u];if(l!==":@")return l}}o(n,"propName"),B(n,"propName");function i(a,c,u,l){if(c){let d=Object.keys(c),p=d.length;for(let f=0;f<p;f++){let h=d[f];l.isArray(h,u+"."+h,!0,!0)?a[h]=[c[h]]:a[h]=c[h]}}}o(i,"assignAttributes"),B(i,"assignAttributes");function s(a,c){let{textNodeName:u}=c,l=Object.keys(a).length;return!!(l===0||l===1&&(a[u]||typeof a[u]=="boolean"||a[u]===0))}o(s,"isLeafTag"),B(s,"isLeafTag"),t.prettify=e}}),lL=wt({"node_modules/fast-xml-parser/src/xmlparser/XMLParser.js"(t,e){var{buildOptions:r}=iL(),n=cL(),{prettify:i}=uL(),s=VE(),a=class{static{o(this,"XMLParser2")}static{B(this,"XMLParser")}constructor(c){this.externalEntities={},this.options=r(c)}parse(c,u){if(typeof c!="string")if(c.toString)c=c.toString();else throw new Error("XML data is accepted in String or Bytes[] form.");if(u){u===!0&&(u={});let p=s.validate(c,u);if(p!==!0)throw Error(`${p.err.msg}:${p.err.line}:${p.err.col}`)}let l=new n(this.options);l.addExternalEntities(this.externalEntities);let d=l.parseXml(c);return this.options.preserveOrder||d===void 0?d:i(d,this.options)}addEntity(c,u){if(u.indexOf("&")!==-1)throw new Error("Entity value can't have '&'");if(c.indexOf("&")!==-1||c.indexOf(";")!==-1)throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '
'");if(u==="&")throw new Error("An entity with value '&' is not permitted");this.externalEntities[c]=u}};e.exports=a}}),dL=wt({"node_modules/fast-xml-parser/src/xmlbuilder/orderedJs2Xml.js"(t,e){var r=`
|