@zuplo/graphql 5.1875.0 → 5.1876.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.minified.js +1 -1
- package/package.json +1 -1
package/index.minified.js
CHANGED
|
@@ -71,7 +71,7 @@ Signature verification is impossible without access to the original signed mater
|
|
|
71
71
|
`+d}):new en.StripeSignatureVerificationError(e,t,{message:`No signatures found matching the expected signature for payload. Are you passing the raw request body you received from Stripe?
|
|
72
72
|
If a webhook request is being forwarded by a third-party tool, ensure that the exact request body, including JSON formatting and new line style, is preserved.
|
|
73
73
|
`+l+`
|
|
74
|
-
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new en.StripeSignatureVerificationError(e,t,{message:"Timestamp outside the tolerance zone"});return!0}o(YR,"validateComputedSignature");function ZR(t,e){return typeof t!="string"?null:t.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===e&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(ZR,"parseHeader");function XR(t,e){if(t.length!==e.length)return!1;let r=t.length,n=0;for(let i=0;i<r;++i)n|=t.charCodeAt(i)^e.charCodeAt(i);return n===0}o(XR,"secureCompare");async function o_(t,e){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(t)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=rf[s[c]];return a.join("")}o(o_,"computeHMACSignatureAsync");ti.computeHMACSignatureAsync=o_;var rf=new Array(256);for(let t=0;t<rf.length;t++)rf[t]=t.toString(16).padStart(2,"0")});var lt=_(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.optionValidator=void 0;var ri=k(),eO=at();function tO(t,e,r="policy"){let n=`${r} '${e}'`;if(!(0,eO.isObject)(t))throw new ri.ConfigurationError(`Options on ${n} is expected to be an object. Received the type '${typeof t}'.`);let i=o((c,u,l)=>{let d=t[c];if(!(l&&d===void 0)){if(d===void 0)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(u==="array"&&Array.isArray(d))throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be an array. Received type ${typeof d}.`);if(typeof d!==u)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be of type ${u}. Received type ${typeof d}.`);if(typeof d=="string"&&d.length===0)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof d=="number"&&isNaN(d))throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),s=o((c,u)=>(i(c,u,!0),{optional:s,required:a}),"optional"),a=o((c,u)=>(i(c,u,!1),{optional:s,required:a}),"required");return{optional:s,required:a}}o(tO,"optionValidator");Ga.optionValidator=tO});var of=_(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.StripeWebhookVerificationInboundPolicy=void 0;var rO=_n(),nO=de(),iO=s_(),oO=lt(),nf=class extends rO.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(e,r){(0,oO.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=e.headers.get("stripe-signature");try{let i=await e.clone().text();await(0,iO.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){let s=i.message;if(i.type&&i.type==="StripeSignatureVerificationError"){let a=i.message,u=/Note:(.*)/g.exec(a);s=u?u[1].trim():a}return r.log.error("Error validating stripe webhook",s),nO.HttpProblems.badRequest(e,r,{title:"Webhook Error",detail:s})}return e}};Ka.StripeWebhookVerificationInboundPolicy=nf});var c_=_(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.isStripeWebhookEvent=void 0;var a_=at();function sO(t){return t!==null&&typeof t=="object"&&"id"in t&&(0,a_.isString)(t.id)&&"type"in t&&(0,a_.isString)(t.type)}o(sO,"isStripeWebhookEvent");Ja.isStripeWebhookEvent=sO});var u_=_(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.MeteringPlugin=void 0;var aO=Ot(),sf=class extends aO.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};za.MeteringPlugin=sf});var uf=_(cf=>{"use strict";Object.defineProperty(cf,"__esModule",{value:!0});var af=k(),cO={getSubscription:async({subscriptionId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i},getCustomer:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i},getUpcomingInvoice:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i}};cf.default=cO});var d_=_(Ar=>{"use strict";Object.defineProperty(Ar,"__esModule",{value:!0});Ar.deleteConsumer=Ar.createConsumerInvite=Ar.createConsumer=void 0;var lf=k(),df=Je(),pf=X(),ff=kn(),hf="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l_="My API Key";async function uO({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=pf.Environment.instance,u=new URL(`/v1/buckets/${t}/consumers`,hf);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:l_,tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,f),new lf.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:r}),l}o(uO,"createConsumer");Ar.createConsumer=uO;async function lO({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=pf.Environment.instance,c=new URL(`/v1/buckets/${t}/consumers`,hf);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:l_,tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let f="Error creating API Key Consumer";throw s.log.error(f,p),new lf.RuntimeError(f)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:e,stripeProductId:r}),u}o(lO,"createConsumerInvite");Ar.createConsumerInvite=lO;async function dO({apiKeyBucketName:t,consumerId:e,context:r}){let{authApiJWT:n}=pf.Environment.instance,i=new URL(`/v1/buckets/${t}/consumers/${e}`,hf);i.searchParams.set("with-api-key","true");let s=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error invalidating API Key Consumer";throw r.log.error(c,a),new lf.RuntimeError(c)}return r.log.info(`Successfully invalidated API Key Consumer '${e}`),e}o(dO,"deleteConsumer");Ar.deleteConsumer=dO});var Wa=_(Or=>{"use strict";Object.defineProperty(Or,"__esModule",{value:!0});Or.getSubscription=Or.updateSubscription=Or.createSubscription=void 0;var Rr=k(),mf=Je(),yf=X(),gf=kn(),bf=at();async function pO({context:t,stripeSubscriptionId:e,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c,metadata:u}){let l={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[r],customerKey:n,customerExternalId:a,metadata:u},{authApiJWT:d,meteringServiceUrl:p}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(d))throw new Rr.SystemError("No Zuplo JWT token set.");let f=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${p}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${d}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"POST",body:JSON.stringify(l)});if(!f.ok){let h="Error creating monetization subscription.",y;try{y=await f.json()}catch{y={status:f.status,statusText:f.statusText}}throw t.log.error(h,y),new Rr.RuntimeError(h)}t.log.info("Successfully created monetization subscription.",l)}o(pO,"createSubscription");Or.createSubscription=pO;async function fO({context:t,meteringSubscriptionId:e,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${r}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating monetization subscription with: '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw t.log.error(c,u),new Rr.RuntimeError(c)}t.log.info(`Successfully updated monetization subscription with: '${JSON.stringify(n)}'.`)}o(fO,"updateSubscription");Or.updateSubscription=fO;async function hO({context:t,stripeSubscriptionId:e,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!a.ok){let u="Error retrieving the monetization subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw t.log.error(u,l),new Rr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Zuplo.";throw t.log.error(u),new Rr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Zuplo.";throw t.log.error(u),new Rr.RuntimeError(u)}return c.data[0]}o(hO,"getSubscription");Or.getSubscription=hO});var _f=_(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.stripeStatusToMeteringStatus=void 0;function mO(t){return t.replaceAll("_","-")}o(mO,"stripeStatusToMeteringStatus");Qa.stripeStatusToMeteringStatus=mO});var p_=_(ro=>{"use strict";var yO=ro&&ro.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ro,"__esModule",{value:!0});var Nr=de(),gO=X(),bO=yO(uf()),Ef=d_(),_O=Wa(),EO=_f();async function wO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==gO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),Nr.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});let c=s.product,u,l,d;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)l=r.data.object.metadata.zuplo_created_by_email,d=r.data.object.metadata.zuplo_created_by_sub,u=await(0,Ef.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l,managerSub:d,context:e});else{let p=await bO.default.getCustomer({logger:e.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!p.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Ef.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:p.email,context:e})}if(!u)return Nr.HttpProblems.internalServerError(t,e,{detail:"No API Key Consumer was created, skipping creation of subscription"});try{let p=(0,EO.stripeStatusToMeteringStatus)(r.data.object.status),f;l&&d&&(f={subscriber:{sub:d,email:l}}),await(0,_O.createSubscription)({context:e,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:p,metadata:f})}catch(p){return await(0,Ef.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:e}),Nr.HttpProblems.internalServerError(t,e,{detail:p.message})}return Nr.HttpProblems.ok(t,e)}o(wO,"onCustomerSubscriptionCreated");ro.default=wO});var h_=_(wf=>{"use strict";Object.defineProperty(wf,"__esModule",{value:!0});var Ya=de(),vO=X(),f_=Wa();async function TO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Ya.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Ya.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==vO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),Ya.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});let a=await(0,f_.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,f_.updateSubscription)({context:e,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Ya.HttpProblems.ok(t,e)}o(TO,"onCustomerSubscriptionDeleted");wf.default=TO});var m_=_(no=>{"use strict";var SO=no&&no.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(no,"__esModule",{value:!0});var ni=de(),IO=X(),PO=SO(uf()),Za=Wa(),AO=_f();async function RO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),ni.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),ni.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==IO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),ni.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){e.log.debug(`Processing subscription status change from Stripe event '${r.id}'.`);let c=await(0,Za.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,AO.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Za.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),ni.HttpProblems.ok(t,e)}if(a.plan&&a.plan.product!==r.data.object.plan.product){e.log.debug(`Processing subscription plan change from Stripe event '${r.id}'.`);let c=await(0,Za.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=r.data.object.plan.product,d=(await PO.default.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:n.stripeSecretKey})).lines.data.filter(f=>f.proration&&f.price.product===u),p=0;return d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${r.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await(0,Za.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[u],prorate:p}}),ni.HttpProblems.ok(t,e)}}return e.log.warn(`This update event '${r.id}' is not supported by Stripe monetization plugin webhook.`),ni.HttpProblems.badRequest(t,e,{detail:"This update event is not supported by Stripe monetization plugin webhook."})}o(RO,"onCustomerSubscriptionUpdated");no.default=RO});var g_=_(ii=>{"use strict";var Tf=ii&&ii.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ii,"__esModule",{value:!0});ii.StripeMonetizationPlugin=void 0;var Xa=Zi(),ec=k(),OO=Gt(),NO=of(),y_=de(),CO=ar(),xO=En(),LO=Il(),DO=gt(),MO=X(),UO=c_(),kO=lt(),FO=u_(),HO=Tf(p_()),qO=Tf(h_()),$O=Tf(m_()),vf=class extends FO.MeteringPlugin{static{o(this,"StripeMonetizationPlugin")}options;constructor(e){super(),this.options=e}registerRoutes(e,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ec.ConfigurationError("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!d)if(Xa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Xa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ec.ConfigurationError("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!MO.Environment.instance.build.ACCOUNT_NAME)throw new ec.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.primaryDataRegion??"us-central1";if(!jO(p))throw new ec.ConfigurationError(`StripeMonetizationPlugin - The value '${p}' on the property 'primaryDataRegion' is invalid.`);let f=await c.json();if(!(0,UO.isStripeWebhookEvent)(f))return y_.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"customer.subscription.created":return await(0,HO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,$O.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,qO.default)(c,u,f,{meteringBucketId:l});default:return y_.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe monetization plugin webhook."})}},"stripeWebhookHandler"),i=(0,xO.createInternalPolicyProcessor)({inboundPolicies:[new NO.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]});(0,kO.optionValidator)(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number");let s=new OO.Pipeline({processors:[CO.metricsProcessor,i],handler:n,gateway:r}),a=new DO.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:LO.SystemRouteName.StripePlugin});e.addRoute(a,s.execute)}};ii.StripeMonetizationPlugin=vf;function jO(t){return t!==null&&typeof t=="string"&&["us-central1","us-east1","europe-west4"].includes(t)}o(jO,"isMetricsRegion")});var v_=_(oi=>{"use strict";Object.defineProperty(oi,"__esModule",{value:!0});oi.AmberfloMeteringInboundPolicy=oi.AmberfloMeteringPolicy=void 0;var b_=k(),VO=Re(),__=Jt(),w_=new WeakMap,E_={},Sf=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,r){w_.set(e,r)}};oi.AmberfloMeteringPolicy=Sf;async function BO(t,e,r,n){if(!r.statusCodes)throw new b_.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=(0,__.statusCodesStringToNumberArray)(r.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=w_.get(e),c=r.customerId;if(r.customerIdPropertyPath){if(!t.user)throw new b_.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,__.getValueFromRequestUser)(t.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=E_[r.apiKey];if(!f){let h=r.apiKey,y=t.headers.get("zm-test-id")??"";f=new VO.BatchDispatch("amberflo-ingest-meter",10,async b=>{try{let I=r.url??"https://app.amberflo.io/ingest",A=await fetch(I,{method:"POST",body:JSON.stringify(b),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});A.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${A.status}: ${await A.text()}`)}catch(I){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${I.message}`),I}}),E_[h]=f}f.enqueue(p),e.waitUntil(f.waitUntilFlushed())}}),t}o(BO,"AmberfloMeteringInboundPolicy");oi.AmberfloMeteringInboundPolicy=BO});var If=_(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.sha256=void 0;async function GO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(GO,"sha256");tc.sha256=GO});var Zt=_(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.getPolicyCacheName=void 0;var KO=If(),T_=new Map;async function JO(t,e){let r,n=T_.get(t);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,KO.sha256)(JSON.stringify({policyName:t,options:e}))}`,T_.set(t,r)),r}o(JO,"getPolicyCacheName");rc.getPolicyCacheName=JO});var Rf=_(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.ApiKeyInboundPolicy=void 0;var zO=Zt(),WO=Bt(),S_=Zi(),Pf=k(),QO=Kt(),I_=Je(),Af=X(),YO=kn(),P_="key-metadata-cache-type";function ZO(t,e){return e.authScheme===""?t:t.replace(`${e.authScheme} `,"")}o(ZO,"getKeyValue");async function XO(t,e,r,n){if(!r.bucketName)if(S_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=S_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Pf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Pf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(I=>i.allowUnauthenticatedRequests?t:QO.HttpProblems.unauthorized(t,e,{detail:I}),"unauthorizedResponse"),a=t.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=ZO(a,i);if(!c||c==="")return s("No key present");let u=await eN(c),l=await(0,zO.getPolicyCacheName)(n,i),d=new WO.MemoryZoneReadThroughCache(l,e),p=await d.get(u);if(p&&p.isValid===!0)return t.user=p.user,t;if(p&&!p.isValid)return p.typeId!==P_&&I_.SystemLogMap.getLogger(e).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let f={key:c},h=await(0,YO.fetchRetry)({retryDelayMs:5,retries:2,logger:I_.SystemLogMap.getLogger(e)},`${Af.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":e.requestId,"zp-dn":Af.Environment.instance.deploymentName??"unknown","User-Agent":Af.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return e.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let I=await h.text(),A=JSON.parse(I);e.log.error("Unexpected response from key service",A)}catch{e.log.error("Invalid response from key service")}throw new Pf.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),b={isValid:!0,typeId:P_,user:{sub:y.name,data:y.metadata}};return t.user=b.user,d.put(u,b,i.cacheTtlSeconds),t}o(XO,"ApiKeyInboundPolicy");nc.ApiKeyInboundPolicy=XO;async function eN(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(eN,"hashValue")});var A_=_(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ApiAuthKeyInboundPolicy=void 0;var tN=Rf();ic.ApiAuthKeyInboundPolicy=tN.ApiKeyInboundPolicy});var Xt=_(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.OpenIdJwtInboundPolicy=void 0;var Nf=(ra(),xo(ta)),Cf=k(),rN=de(),Of={},nN=o(async(t,e)=>{if(!e.jwkUrl||typeof e.jwkUrl!="string")throw new Cf.ConfigurationError("Invalid State - jwkUrl not set");Of[e.jwkUrl]||(Of[e.jwkUrl]=(0,Nf.createRemoteJWKSet)(new URL(e.jwkUrl),e.headers?{headers:e.headers}:void 0));let{payload:r}=await(0,Nf.jwtVerify)(t,Of[e.jwkUrl],{issuer:e.issuer,audience:e.audience});return r},"jwkVerifier"),iN=o(async(t,e)=>{let r;if(e.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);r=new Uint8Array(s)}else r=e.secret;let{payload:n}=await(0,Nf.jwtVerify)(t,r,{issuer:e.issuer,audience:e.audience});return n},"secretVerifier"),oN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization"),s="bearer ",a=o(f=>rN.HttpProblems.unauthorized(t,e,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Cf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Cf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?nN:iN,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(s.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let y=new URL(t.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${y.pathname} `,h):e.log.warn(`Invalid token on: ${t.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?t:l;let d=r.subPropertyName??"sub",p=l[d];return p?(t.user={sub:p,data:l},t):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");oc.OpenIdJwtInboundPolicy=oN});var R_=_(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.Auth0JwtInboundPolicy=void 0;var sN=Xt(),aN=o(async(t,e,r,n)=>(0,sN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");sc.Auth0JwtInboundPolicy=aN});var O_=_(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.BasicAuthInboundPolicy=void 0;var cN=de(),uN=o(async(t,e,r)=>{let n=t.headers.get("Authorization"),i="basic ",s=o(l=>cN.HttpProblems.unauthorized(t,e,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(b=>b.username===f&&b.password===h);return y||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?t:c;let u=c.username;return t.user={sub:u,data:c.data},t},"BasicAuthInboundPolicy");ac.BasicAuthInboundPolicy=uN});var N_=_(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.CachingInboundPolicy=void 0;var lN=Zt(),dN=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function pN(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(pN,"digestMessage");var fN=o(async(t,e)=>{let r=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],n=[];for(let[d,p]of t.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await pN(JSON.stringify(n)),s=new URL(t.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=e.cacheHttpMethods?.includes(t.method.toUpperCase())&&t.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",t.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":t.method})},"createCacheKeyRequest");async function hN(t,e,r,n){let i=await(0,lN.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await fN(t,r),u=await s.match(c);return u||(e.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(t.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);dN.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${f}`),e.waitUntil(s.put(c,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),t)}o(hN,"CachingInboundPolicy");cc.CachingInboundPolicy=hN});var C_=_(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.ChangeMethodInboundPolicy=void 0;var mN=k(),yN=Ke(),gN=o(async(t,e,r,n)=>{if(!r.method)throw new mN.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new yN.ZuploRequest(t,{method:r.method})},"ChangeMethodInboundPolicy");uc.ChangeMethodInboundPolicy=gN});var x_=_(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.ClearHeadersInboundPolicy=void 0;var bN=Ke(),_N=o(async(t,e,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=t.headers.get(a);c&&i.set(a,c)}),new bN.ZuploRequest(t,{headers:i})},"ClearHeadersInboundPolicy");lc.ClearHeadersInboundPolicy=_N});var L_=_(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.ClearHeadersOutboundPolicy=void 0;var EN=o(async(t,e,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=t.headers.get(c);u&&s.set(c,u)}),new Response(t.body,{headers:s,status:t.status,statusText:t.statusText})},"ClearHeadersOutboundPolicy");dc.ClearHeadersOutboundPolicy=EN});var D_=_(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.ClerkJwtInboundPolicy=void 0;var wN=Xt(),vN=o(async(t,e,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,wN.OpenIdJwtInboundPolicy)(t,e,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");pc.ClerkJwtInboundPolicy=vN});var U_=_(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.CognitoJwtInboundPolicy=void 0;var M_=k(),TN=Xt(),SN=o(async(t,e,r,n)=>{if(!r.userPoolId)throw new M_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new M_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,TN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");fc.CognitoJwtInboundPolicy=SN});var F_=_(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.CompositeInboundPolicy=void 0;var IN=k(),PN=$r(),k_=En(),AN=o(async(t,e,r,n)=>{if(!r.policies||r.policies.length===0)throw new IN.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=PN.Gateway.instance,s=(0,k_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,k_.toStackedInboundHandler)(s)(t,e)},"CompositeInboundPolicy");hc.CompositeInboundPolicy=AN});var H_=_(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.CurityPhantomTokenInboundPolicy=void 0;var RN=Zt(),ON=Bt(),mc=de(),NN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization");if(!i)return mc.HttpProblems.unauthorized(t,e,{detail:"No authorization header"});let s=CN(i);if(!s)return mc.HttpProblems.unauthorized(t,e,{detail:"Failed to parse token from Authorization header"});let a=await(0,RN.getPolicyCacheName)(n,r),c=new ON.MemoryZoneReadThroughCache(a,e),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),mc.HttpProblems.internalServerError(t,e,{detail:"Problem encountered authorizing the HTTP request"})):mc.HttpProblems.unauthorized(t,e)}return t.headers.set("Authorization",`Bearer ${u}`),t},"CurityPhantomTokenInboundPolicy");yc.CurityPhantomTokenInboundPolicy=NN;function CN(t){return t.split(" ")[0]==="Bearer"?t.split(" ")[1]:null}o(CN,"getToken")});var q_=_(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.FirebaseJwtInboundPolicy=void 0;var xN=lt(),LN=Xt(),DN=o(async(t,e,r,n)=>((0,xN.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,LN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");gc.FirebaseJwtInboundPolicy=DN});var $_=_(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.FormDataToJsonInboundPolicy=void 0;var MN=Ke(),UN=o(async(t,e,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=t.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):t;let a=await t.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(t.headers);return u.set("content-type","application/json"),u.delete("content-length"),new MN.ZuploRequest(t,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");bc.FormDataToJsonInboundPolicy=UN});var j_=_(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.GeoFilterInboundPolicy=void 0;var kN=k(),FN=de(),si="__unknown__",HN=o(async(t,e,r,n)=>{let i={allow:{countries:ci(r.allow?.countries,"allow.countries",n),regionCodes:ci(r.allow?.regionCodes,"allow.regionCode",n),asns:ci(r.allow?.asns,"allow.asOrganization",n)},block:{countries:ci(r.block?.countries,"block.countries",n),regionCodes:ci(r.block?.regionCodes,"block.regionCode",n),asns:ci(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??si,a=e.incomingRequestProperties.regionCode?.toLowerCase()??si,c=e.incomingRequestProperties.asn?.toString()??si,u=i.ignoreUnknown&&s===si,l=i.ignoreUnknown&&a===si,d=i.ignoreUnknown&&c===si,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return ai(t,e,n,s,a,c);let y=i.block.countries,b=i.block.regionCodes,I=i.block.asns;return y.length>0&&y.includes(s)&&!u||b.length>0&&b.includes(a)&&!l||I.length>0&&I.includes(c)&&!d?ai(t,e,n,s,a,c):t},"GeoFilterInboundPolicy");_c.GeoFilterInboundPolicy=HN;function ai(t,e,r,n,i,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),FN.HttpProblems.forbidden(t,e,{geographicContext:{country:n,regionCode:i,asn:s}})}o(ai,"blockedResponse");function ci(t,e,r){if(typeof t=="string")return t.split(",").map(n=>n.trim().toLowerCase());if(typeof t>"u")return[];if(Array.isArray(t))return t.map(n=>n.trim().toLowerCase());throw new kN.ConfigurationError(`Invalid '${e}' for GeoFilterInboundPolicy '${r}': '${t}', must be a string or string[]`)}o(ci,"toLowerStringArray")});var V_=_(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.JWTScopeValidationInboundPolicy=void 0;var qN=o(async(t,e,r)=>{let n=t.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return t},"JWTScopeValidationInboundPolicy");Ec.JWTScopeValidationInboundPolicy=qN});var G_=_(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.MockApiInboundPolicy=void 0;var $N=de(),jN=o(async(t,e,r,n)=>{let i=e.route.raw().responses;if(!i)return xf(n,t,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return xf(n,t,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return B_(a[c])}else return a.length>0?B_(a[0]):xf(n,t,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");wc.MockApiInboundPolicy=jN;function B_(t){let e=JSON.stringify(t.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",t.contentName),t.responseName){case"1XX":return new Response(e,{status:100,headers:r});case"2XX":return new Response(e,{status:200,headers:r});case"3XX":return new Response(e,{status:300,headers:r});case"4XX":return new Response(e,{status:400,headers:r});case"5XX":case"default":return new Response(e,{status:500,headers:r});default:return new Response(e,{status:Number(t.responseName),headers:r})}}o(B_,"generateResponse");var xf=o((t,e,r,n)=>{let i=`Error in policy: ${t} - On route ${e.method} ${r.route.path}. ${n}`;return $N.HttpProblems.internalServerError(e,r,{detail:i})},"getProblemDetailResponse")});var Q_=_(ui=>{"use strict";Object.defineProperty(ui,"__esModule",{value:!0});ui.MoesifInboundPolicy=ui.setMoesifContext=void 0;var VN=k(),BN=Re(),GN="Incoming",KN={logRequestBody:!0,logResponseBody:!0};function K_(t){let e={};return t.forEach((r,n)=>{e[n]=r}),e}o(K_,"headersToObject");function J_(){return new Date().toISOString()}o(J_,"timestamp");var Lf=new WeakMap,JN={};function zN(t,e){let r=Lf.get(t);r||(r=JN);let n=Object.assign({...r},e);Lf.set(t,n)}o(zN,"setMoesifContext");ui.setMoesifContext=zN;async function z_(t,e){let r=t.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await t.clone().json()}catch(i){e.log.error(i)}let n=await t.clone().text();return e.log.debug({textBody:n}),n}o(z_,"readBody");var WN={},Df;function W_(){if(!Df)throw new VN.RuntimeError("Invalid State - no _lastLogger");return Df}o(W_,"getLastLogger");function QN(t){let e=WN[t];return e||(e=new BN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);W_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":t},body:n});i.ok||W_().error({status:i.status,body:await i.text()})})),e}o(QN,"getDispatcher");async function YN(t,e,r,n){Df=e.log;let i=J_(),s=Object.assign(KN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await z_(t,e):void 0;return e.addResponseSendingFinalHook(async(c,u)=>{let l=QN(s.applicationId),d=t.headers.get("true-client-ip"),p=Lf.get(e)??{},f={time:i,uri:t.url,verb:t.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:K_(t.headers)},h=s.logResponseBody?await z_(c,e):void 0,y={time:J_(),status:c.status,headers:K_(c.headers),body:h},b={request:f,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:GN};l.enqueue(b),e.waitUntil(l.waitUntilFlushed())}),t}o(YN,"MoesifInboundPolicy");ui.MoesifInboundPolicy=YN});var X_=_(li=>{"use strict";Object.defineProperty(li,"__esModule",{value:!0});li.consumeSubcriptionQuotas=li.loadSubscription=void 0;var Y_=Je(),Z_=X();async function ZN(t,e,r,n){let i=Y_.SystemLogMap.getLogger(t),{authApiJWT:s,meteringServiceUrl:a}=Z_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(ZN,"loadSubscription");li.loadSubscription=ZN;async function XN(t,e,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=Z_.Environment.instance,c=Y_.SystemLogMap.getLogger(t);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(XN,"consumeSubcriptionQuotas");li.consumeSubcriptionQuotas=XN});var eE=_(Cr=>{"use strict";Object.defineProperty(Cr,"__esModule",{value:!0});Cr.compareMeters=Cr.parseAllowedSubscriptionStatuses=Cr.validateMeters=void 0;var tn=k(),eC=Jt(),tC=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function rC(t,e){try{let r=[];for(let n in t)typeof t[n]!="number"&&!(Number.isInteger(t[n])&&/^-?\d+$/.test(t[n].toString()))&&r.push(n);if(r.length>0)throw new tn.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof tn.ConfigurationError?new tn.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${r.message}`):r}}o(rC,"validateMeters");Cr.validateMeters=rC;function nC(t,e){if(t)try{if(t.length===0)throw new tn.ConfigurationError("Must set valid subscription statuses");let r=(0,eC.parseValueToStringArray)(t),n=[];for(let i of r)tC.has(i)||n.push(i);if(n.length>0)throw new tn.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return t}catch(r){throw r instanceof tn.ConfigurationError?new tn.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(nC,"parseAllowedSubscriptionStatuses");Cr.parseAllowedSubscriptionStatuses=nC;function iC(t,e){let r={},n={};for(let i in e)t.hasOwnProperty(i)?r[i]=e[i]:n[i]=e[i];return{metersInSubscription:r,metersNotInSubscription:n}}o(iC,"compareMeters");Cr.compareMeters=iC});var nE=_(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.MonetizationInboundPolicy=void 0;var rn=Hr(),nn=Ep(),vc=Zi(),tE=k(),oC=_n(),on=de(),sC=Jt(),aC=lt(),rE=X_(),io=eE(),Mf=class extends oC.InboundPolicy{static{o(this,"MonetizationInboundPolicy")}static getSubscription(e){return nn.ContextData.get(e,rn.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(e,r){(0,io.validateMeters)(r,"setMeters"),nn.ContextData.set(e,rn.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(e,r){(0,aC.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-399");let n=this.options.allowRequestsOverQuota??!1,i=(0,sC.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=nn.ContextData.get(r,rn.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,io.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,io.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(b,I,A)=>{let g=nn.ContextData.get(A,rn.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!g){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new tE.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let O=nn.ContextData.get(A,rn.DYNAMIC_METERS_CONTEXT_DATA),V={...this.options.meters,...O};if((0,io.validateMeters)(V,this.policyName),i.includes(b.status)&&g&&V){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${g.id}' with meters '${JSON.stringify(V)} on response status '${b.status}'`);let{metersInSubscription:E,metersNotInSubscription:T}=(0,io.compareMeters)(g.meters,V);if(T&&Object.keys(T).length>0){let C=Object.keys(T);A.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${C}'`)}await(0,rE.consumeSubcriptionQuotas)(A,g.id,this.policyName,this.options.bucketId,E)}});let l=e.user;if(!l)return c?e:on.HttpProblems.unauthorized(e,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new tE.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,rE.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?e:on.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),on.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),nn.ContextData.set(r,rn.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let f=nn.ContextData.get(r,rn.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!f)return c?e:(r.log.warn("Subscription is not available for user"),on.HttpProblems.paymentRequired(e,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(f&&Object.keys(f.meters).length===0)return r.log.error(`Quota is not set up for subscription '${f.id}'`),on.HttpProblems.tooManyRequests(e,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let y=Object.keys(a).filter(b=>!Object.keys(f.meters).includes(b));if(y.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${y.join(", ")}`),on.HttpProblems.tooManyRequests(e,r,{detail:`The following policy meters are not present in the subscription: ${y.join(", ")}`,title:"Quota Exceeded"});for(let b of Object.keys(a))if(f.meters[b].available<=0&&!n)return on.HttpProblems.tooManyRequests(e,r,{detail:`Quota exceeded for meter '${b}'`,title:"Quota Exceeded"});return e}};Tc.MonetizationInboundPolicy=Mf});var iE=_(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.OktaJwtInboundPolicy=void 0;var cC=Xt(),uC=o(async(t,e,r,n)=>(0,cC.OpenIdJwtInboundPolicy)(t,e,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Sc.OktaJwtInboundPolicy=uC});var oE=_(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.PropelAuthJwtInboundPolicy=void 0;var lC=(ra(),xo(ta)),dC=Xt(),Uf,pC=o(async(t,e,r,n)=>{if(!Uf)try{Uf=await(0,lC.importSPKI)(r.verifierKey,"RS256")}catch(i){throw e.log.error("Could not import verifier key"),i}return(0,dC.OpenIdJwtInboundPolicy)(t,e,{issuer:r.authUrl,secret:Uf,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ic.PropelAuthJwtInboundPolicy=pC});var sE=_(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.throwIfStateNotObject=Z.throwIfStateNotNumber=Z.throwIfStateNotString=Z.throwIfStateUndefinedOrNull=Z.throwIfStateUndefined=Z.throwIfOptionNotObject=Z.throwIfOptionNotNumber=Z.throwIfOptionNotString=Z.throwIfOptionUndefinedOrNull=Z.throwIfOptionUndefined=Z.OptionTypeError=Z.OptionUndefinedError=Z.throwIfNotNumber=Z.throwIfNotString=Z.throwIfUndefinedOrNull=Z.throwIfUndefined=Z.ArgumentTypeError=Z.ArgumentUndefinedError=Z.ValidationError=void 0;var Ye=at(),dt=class extends Error{static{o(this,"ValidationError")}constructor(e){super(e)}};Z.ValidationError=dt;var oo=class extends dt{static{o(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}};Z.ArgumentUndefinedError=oo;var so=class extends dt{static{o(this,"ArgumentTypeError")}constructor(e,r){super(`The argument '${e}' must be of type '${r}'.`)}};Z.ArgumentTypeError=so;function fC(t,e){if((0,Ye.isUndefined)(t))throw new oo(e)}o(fC,"throwIfUndefined");Z.throwIfUndefined=fC;function kf(t,e){if((0,Ye.isUndefinedOrNull)(t))throw new oo(e)}o(kf,"throwIfUndefinedOrNull");Z.throwIfUndefinedOrNull=kf;function hC(t,e){if(kf(t,e),!(0,Ye.isString)(t))throw new so(e,"string")}o(hC,"throwIfNotString");Z.throwIfNotString=hC;function mC(t,e){if(kf(t,e),!(0,Ye.isNumber)(t))throw new so(e,"number")}o(mC,"throwIfNotNumber");Z.throwIfNotNumber=mC;var ao=class extends dt{static{o(this,"OptionUndefinedError")}constructor(e,r,n){super(`The option '${n}' on the ${e} named '${r}' is undefined.`)}};Z.OptionUndefinedError=ao;var di=class extends dt{static{o(this,"OptionTypeError")}constructor(e,r,n,i){super(`The option '${n}' on the ${e} named '${r}' must be of type '${i}'.`)}};Z.OptionTypeError=di;function yC(t,e,r,n){if((0,Ye.isUndefined)(n))throw new ao(t,e,r)}o(yC,"throwIfOptionUndefined");Z.throwIfOptionUndefined=yC;function Pc(t,e,r,n){if((0,Ye.isUndefinedOrNull)(n))throw new ao(t,e,r)}o(Pc,"throwIfOptionUndefinedOrNull");Z.throwIfOptionUndefinedOrNull=Pc;function gC(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isString)(n))throw new di(t,e,r,"string")}o(gC,"throwIfOptionNotString");Z.throwIfOptionNotString=gC;function bC(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isNumber)(n))throw new di(t,e,r,"number")}o(bC,"throwIfOptionNotNumber");Z.throwIfOptionNotNumber=bC;function _C(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isObject)(n))throw new di(t,e,r,"object")}o(_C,"throwIfOptionNotObject");Z.throwIfOptionNotObject=_C;function EC(t,e){if((0,Ye.isUndefined)(t))throw new dt(e)}o(EC,"throwIfStateUndefined");Z.throwIfStateUndefined=EC;function Ac(t,e){if((0,Ye.isUndefinedOrNull)(t))throw new dt(e)}o(Ac,"throwIfStateUndefinedOrNull");Z.throwIfStateUndefinedOrNull=Ac;function wC(t,e){if(Ac(t,e),!(0,Ye.isString)(t))throw new dt(e);return!0}o(wC,"throwIfStateNotString");Z.throwIfStateNotString=wC;function vC(t,e){if(Ac(t,e),!(0,Ye.isNumber)(t))throw new dt(e);return!0}o(vC,"throwIfStateNotNumber");Z.throwIfStateNotNumber=vC;function TC(t,e){if(Ac(t,e),!(0,Ye.isObject)(t))throw new dt(e);return!0}o(TC,"throwIfStateNotObject");Z.throwIfStateNotObject=TC});var aE=_(pi=>{"use strict";Object.defineProperty(pi,"__esModule",{value:!0});pi.InMemoryRedisClient=pi.StandardRedisClient=void 0;var Ff=k(),Rc=sE(),Hf=class t{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(e,r,n,i){this.redisClientUrl=e,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(e,r,n,i){return(0,Rc.throwIfNotString)(e,"redisClientUrl"),(0,Rc.throwIfNotString)(r,"clientAuthToken"),t.instance||(t.instance=new t(e,r,n,i)),t.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:e,body:r,method:n,requestId:i}){(0,Rc.throwIfNotString)(e,"url");let s=await fetch(`${this.redisClientUrl}${e}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new Ff.SystemError("Redis client failed with 401: Unauthorized"):new Ff.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};pi.StandardRedisClient=Hf;var qf=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:e,body:r,method:n}){if((0,Rc.throwIfNotString)(e,"url"),n==="POST"&&e==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Ff.SystemError("The in-memory redis client only supports /rate-limit calls")}};pi.InMemoryRedisClient=qf});var $f=_(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae.RETRY_AFTER_HEADER=Ae.wrapUserFunction=Ae.getCountAndUpdateExpiry=Ae.getRedisClient=Ae.getAll=Ae.getUser=Ae.getIP=Ae.getRealIP=void 0;var xr=k(),Oc=X(),cE=aE(),uE=at(),SC=o(t=>{let e=t.headers.get("x-real-ip")??t.headers.get("true-client-ip")??t.headers.get("cf-connecting-ip");if(e)return e;let r=t.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP");Ae.getRealIP=SC;var IC=o(async t=>({key:`ip-${(0,Ae.getRealIP)(t)}`}),"getIP");Ae.getIP=IC;var PC=o(async t=>({key:`user-${t.user?.sub??"anonymous"}`}),"getUser");Ae.getUser=PC;var AC=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll");Ae.getAll=AC;var Nc;function RC(t,e){let r;if(Nc)return Nc;if(Oc.Environment.instance.isLocalDevelopment)return e.info("Using in-memory redis client for local development."),r=new cE.InMemoryRedisClient,Nc=r,r;let{authApiJWT:n,redisURL:i}=Oc.Environment.instance;if(!(0,uE.isString)(i))throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - rate limit service URL not configured`);if(!(0,uE.isString)(n))throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - service authentication not configured`);if(i&&(r=cE.StandardRedisClient.initialize(i,n,Oc.Environment.instance.deploymentName??"unknown",Oc.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Nc=r,r}o(RC,"getRedisClient");Ae.getRedisClient=RC;async function OC(t,e,r,n,i){let s=Math.floor(e*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:t}),requestId:i})}o(OC,"getCountAndUpdateExpiry");Ae.getCountAndUpdateExpiry=OC;function NC(t,e){let r;if(t.rateLimitBy==="function"){if(!t.identifier)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!t.identifier.module)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!t.identifier.export)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=t.identifier.module[t.identifier.export],!r||typeof r!="function")throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new xr.RuntimeError(u)}return c},"outerFunction")}o(NC,"wrapUserFunction");Ae.wrapUserFunction=NC;Ae.RETRY_AFTER_HEADER="Retry-After"});var dE=_(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.AsyncRateLimitInboundPolicy=void 0;var CC=or(),xC=Zt(),LC=de(),DC=Je(),MC=X(),UC=Bt(),sn=$f(),lE=(0,CC.debug)("zuplo:policies:RateLimitInboundPolicy"),kC=o(async(t,e,r,n)=>{let i=DC.SystemLogMap.getLogger(e),s=o((E,T)=>{let C={};return(!E||E==="retry-after")&&(C[sn.RETRY_AFTER_HEADER]=T.toString()),LC.HttpProblems.tooManyRequests(t,e,void 0,C)},"rateLimited"),c={function:(0,sn.wrapUserFunction)(r,n),user:sn.getUser,ip:sn.getIP,all:sn.getAll}[r.rateLimitBy],u=await c(t,e,n),l=u.key,d=u.requestsAllowed??r.requestsAllowed,p=u.timeWindowMinutes??r.timeWindowMinutes,f=r.headerMode??"retry-after",h=(0,sn.getRedisClient)(n,i),b=`bucket/${MC.Environment.instance.build.BUILD_ID}/${n}/${l}`,I=await(0,xC.getPolicyCacheName)(n,r),A=new UC.MemoryZoneReadThroughCache(I,e),g=(0,sn.getCountAndUpdateExpiry)(b,p,h,i,e.requestId),v;o(async()=>{let E=await g;if(E.count>d){let T=Date.now()+E.ttlSeconds*1e3;A.put(b,T,E.ttlSeconds),lE(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${b}' (async mode)`),v=s(f,E.ttlSeconds)}},"asyncCheck")();let V=await A.get(b);if(V!==void 0&&V>Date.now()){lE(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${b}' (async mode)`);let E=Math.round((V-Date.now())/1e3);return s(f,E)}return e.addResponseSendingHook(async E=>v??E),t},"AsyncRateLimitInboundPolicy");Cc.AsyncRateLimitInboundPolicy=kC});var fE=_(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.RateLimitInboundPolicy=void 0;var FC=or(),HC=k(),qC=de(),$C=Je(),jC=X(),VC=dE(),an=$f(),pE=(0,FC.debug)("zuplo:policies:RateLimitInboundPolicy"),BC="strict",GC=o(async(t,e,r,n)=>{if((r.mode??BC)==="async")return(0,VC.AsyncRateLimitInboundPolicy)(t,e,r,n);let s=Date.now(),a=$C.SystemLogMap.getLogger(e),c=o((l,d)=>{if(r.throwOnFailure)throw new HC.SystemError(l,{cause:d});a.error(l,d)},"throwOrLog"),u=o((l,d)=>{let p={};return(!l||l==="retry-after")&&(p[an.RETRY_AFTER_HEADER]=d.toString()),qC.HttpProblems.tooManyRequests(t,e,void 0,p)},"rateLimited");try{let d={function:(0,an.wrapUserFunction)(r,n),user:an.getUser,ip:an.getIP,all:an.getAll}[r.rateLimitBy],p=await d(t,e,n),f=p.key,h=p.requestsAllowed??r.requestsAllowed,y=p.timeWindowMinutes??r.timeWindowMinutes,b=r.headerMode??"retry-after",I=(0,an.getRedisClient)(n,a),g=`bucket/${jC.Environment.instance.build.BUILD_ID}/${n}/${f}`,v=await(0,an.getCountAndUpdateExpiry)(g,y,I,a,e.requestId);return v.count>h?(pE(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${g}' (strict mode)`),u(b,v.ttlSeconds)):t}catch(l){return c(l.message,l),t}finally{let l=Date.now()-s;pE(`RateLimitInboundPolicy '${n}' - latency ${l}ms`)}},"RateLimitInboundPolicy");xc.RateLimitInboundPolicy=GC});var gE=_(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.ReadmeMetricsInboundPolicy=void 0;var KC=Re(),jf=X(),hE=Jt(),Vf;function mE(t){let e=[];for(let[r,n]of t)e.push({name:r,value:n});return e}o(mE,"headersToNameValuePairs");function JC(t){let e=[];return Object.entries(t).forEach(([r,n])=>{e.push({name:r,value:n})}),e}o(JC,"queryToNameValueParis");function zC(t){if(t===null)return;let e=parseFloat(t);if(!isNaN(e))return e}o(zC,"parseIntOrUndefined");var yE={};async function WC(t,e,r,n){let i=new Date,s=Date.now();return Vf||(Vf={name:"zuplo",version:jf.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${jf.Environment.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&t.user?(0,hE.getValueFromRequestUser)(t.user,r.userLabelPropertyPath,"userLabelPropertyPath"):t.user?.sub,u=r.userEmailPropertyPath&&t.user?(0,hE.getValueFromRequestUser)(t.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:t.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:jf.Environment.instance.isDeno,group:{label:c,email:u,id:t.user?.sub??"anonymous"},request:{log:{creator:Vf,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:t.method,url:r.useFullRequestPath?new URL(t.url).pathname:e.route.path,httpVersion:"2",headers:mE(t.headers),queryString:JC(t.query)},response:{status:a.status,statusText:a.statusText,headers:mE(a.headers),content:{size:zC(t.headers.get("content-length"))}}}]}}},d=yE[r.apiKey];if(!d){let p=r.apiKey;d=new KC.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),yE[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(c){e.log.error(c)}}),t}o(WC,"ReadmeMetricsInboundPolicy");Lc.ReadmeMetricsInboundPolicy=WC});var bE=_(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.RemoveHeadersInboundPolicy=void 0;var QC=k(),YC=Ke(),ZC=o(async(t,e,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new QC.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(t.headers);return i.forEach(c=>{s.delete(c)}),new YC.ZuploRequest(t,{headers:s})},"RemoveHeadersInboundPolicy");Dc.RemoveHeadersInboundPolicy=ZC});var _E=_(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.RemoveHeadersOutboundPolicy=void 0;var XC=k(),ex=o(async(t,e,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new XC.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(t.headers);return s.forEach(u=>{a.delete(u)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"RemoveHeadersOutboundPolicy");Mc.RemoveHeadersOutboundPolicy=ex});var EE=_(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.RemoveQueryParamsInboundPolicy=void 0;var tx=k(),rx=Ke(),nx=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new tx.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(t.url);return i.forEach(c=>{s.searchParams.delete(c)}),new rx.ZuploRequest(s.toString(),t)},"RemoveQueryParamsInboundPolicy");Uc.RemoveQueryParamsInboundPolicy=nx});var wE=_(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.ReplaceStringOutboundPolicy=void 0;var ix=o(async(t,e,r,n)=>{let i=await t.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:t.headers,status:t.status,statusText:t.statusText})},"ReplaceStringOutboundPolicy");kc.ReplaceStringOutboundPolicy=ix});var TE=_(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.RequestSizeLimitInboundPolicy=void 0;var vE=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),ox=o(async(t,e,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(t.method))return t;let i=t.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?vE():s&&n?t:(await t.clone().text()).length>r.maxSizeInBytes?vE():t},"RequestSizeLimitInboundPolicy");Fc.RequestSizeLimitInboundPolicy=ox});var Hc=_(pt=>{"use strict";Object.defineProperty(pt,"__esModule",{value:!0});pt.sanitizedIdentifierName=pt.getIdForRefSchema=pt.getIdForRequestBodySchema=pt.getIdForParameterSchema=pt.getRawOperationDataIdentifierName=void 0;function sx(t,e,r){return`_${cn(t+"_"+e+"_"+r)}`}o(sx,"getRawOperationDataIdentifierName");pt.getRawOperationDataIdentifierName=sx;function ax(t,e,r,n){return`_${cn(t.toLowerCase())}_`+e.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(ax,"getIdForParameterSchema");pt.getIdForParameterSchema=ax;function cx(t,e,r){return`_${cn(t.toLowerCase())}_`+e.toLowerCase()+`_rb_${cn(r.toLowerCase())}`}o(cx,"getIdForRequestBodySchema");pt.getIdForRequestBodySchema=cx;function ux(t,e){return`_${cn(t)}__${cn(e)}`}o(ux,"getIdForRefSchema");pt.getIdForRefSchema=ux;function cn(t){let e=[];for(let r=0;r<t.length;r++){let n=t.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?e.push(t.charAt(r)):e.push("_")}return e.join("")}o(cn,"sanitizedIdentifierName");pt.sanitizedIdentifierName=cn});var co=_(je=>{"use strict";Object.defineProperty(je,"__esModule",{value:!0});je.getErrorsFromValidator=je.shouldReject=je.shouldLog=je.logErrors=je.validateParameters=je.getParametersForOperation=void 0;var lx=$r(),dx=Hc(),px=o(t=>{let e=t.route.raw();return e.parameters?e.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");je.getParametersForOperation=px;var fx=o((t,e,r,n,i)=>{let s=[],a=!0,c=[];return t.forEach(u=>{let l=u.required||i==="path";if(l&&!e[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!e[u.name])){let d=(0,dx.getIdForParameterSchema)(r,n,i,u.name),p=lx.Gateway.instance.schemaValidator[d],f=p(e[u.name]),h=(0,je.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${e[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");je.validateParameters=fx;var hx=o((t,e,r,n,i)=>{n?t.log[e](r,n,i):t.log[e](r,i)},"logErrors");je.logErrors=hx;var mx=o(t=>t==="log-only"||t==="reject-and-log","shouldLog");je.shouldLog=mx;var yx=o(t=>t==="reject-only"||t==="reject-and-log","shouldReject");je.shouldReject=yx;var gx=o(t=>t?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");je.getErrorsFromValidator=gx});var SE=_($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.handleBodyValidation=void 0;var bx=$r(),qc=de(),_x=Hc(),tt=co();async function Ex(t,e,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await e.clone().json()}catch(h){let y=`Error in request body for method : ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,b=qc.HttpProblems.badRequest(e,t,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",y,[n],h),(0,tt.shouldReject)(r.validateBody))return b}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${t.route.path}`,y=qc.HttpProblems.badRequest(e,t,{detail:h});return(0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,tt.shouldReject)(r.validateBody)?y:void 0}let i=e.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,_x.getIdForRequestBodySchema)(t.route.path,e.method,i),c=bx.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,y=qc.HttpProblems.badRequest(e,t,{detail:h});return(0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,tt.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,tt.getErrorsFromValidator)(l),f=qc.HttpProblems.badRequest(e,t,{detail:`${d}, see errors property for more details`,errors:p});if((0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",d,[n],p),(0,tt.shouldReject)(r.validateBody))return f}o(Ex,"handleBodyValidation");$c.handleBodyValidation=Ex});var IE=_(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.handleHeadersValidation=void 0;var wx=de(),uo=co();function vx(t,e,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};e.headers.forEach((a,c)=>{n[c]=a});let i=(0,uo.getParametersForOperation)(t),s=(0,uo.validateParameters)(i.filter(a=>a.location==="header"),n,t.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=wx.HttpProblems.badRequest(e,t,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,uo.shouldLog)(r.validateHeaders)&&(0,uo.logErrors)(t,r.logLevel??"info",a,s.invalidValues,s.errors),(0,uo.shouldReject)(r.validateHeaders))return c}}o(vx,"handleHeadersValidation");jc.handleHeadersValidation=vx});var PE=_(Vc=>{"use strict";Object.defineProperty(Vc,"__esModule",{value:!0});Vc.handlePathParameterValidation=void 0;var Tx=de(),lo=co();function Sx(t,e,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,lo.getParametersForOperation)(t),i=(0,lo.validateParameters)(n.filter(s=>s.location==="path"),e.params,t.route.path,e.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=Tx.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,lo.shouldLog)(r.validatePathParameters)&&(0,lo.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,lo.shouldReject)(r.validatePathParameters))return a}}o(Sx,"handlePathParameterValidation");Vc.handlePathParameterValidation=Sx});var AE=_(Bc=>{"use strict";Object.defineProperty(Bc,"__esModule",{value:!0});Bc.handleQueryParameterValidation=void 0;var Ix=de(),po=co();function Px(t,e,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,po.getParametersForOperation)(t),i=(0,po.validateParameters)(n.filter(s=>s.location==="query"),e.query,t.route.path,e.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=Ix.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,po.shouldLog)(r.validateQueryParameters)&&(0,po.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,po.shouldReject)(r.validateQueryParameters))return a}}o(Px,"handleQueryParameterValidation");Bc.handleQueryParameterValidation=Px});var RE=_(un=>{"use strict";Object.defineProperty(un,"__esModule",{value:!0});un.SchemaBasedRequestValidation=un.RequestValidationInboundPolicy=void 0;var Ax=SE(),Rx=IE(),Ox=PE(),Nx=AE(),Cx=o(async(t,e,r)=>{let n=(0,Nx.handleQueryParameterValidation)(e,t,r);if(n!==void 0||(n=(0,Ox.handlePathParameterValidation)(e,t,r),n!==void 0)||(n=(0,Rx.handleHeadersValidation)(e,t,r),n!==void 0))return n;let i=await(0,Ax.handleBodyValidation)(e,t,r);return i!==void 0?i:t},"RequestValidationInboundPolicy");un.RequestValidationInboundPolicy=Cx;un.SchemaBasedRequestValidation=un.RequestValidationInboundPolicy});var OE=_(Gc=>{"use strict";Object.defineProperty(Gc,"__esModule",{value:!0});Gc.RequireOriginInboundPolicy=void 0;var xx=k(),Lx=de(),Dx=o(async(t,e,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new xx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=t.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return Lx.HttpProblems.forbidden(t,e,{detail:a})}return t},"RequireOriginInboundPolicy");Gc.RequireOriginInboundPolicy=Dx});var NE=_(Kc=>{"use strict";Object.defineProperty(Kc,"__esModule",{value:!0});Kc.SetBodyInboundPolicy=void 0;var Mx=Ke(),Ux=o(async(t,e,r)=>new Mx.ZuploRequest(t,{body:r.body}),"SetBodyInboundPolicy");Kc.SetBodyInboundPolicy=Ux});var xE=_(Jc=>{"use strict";Object.defineProperty(Jc,"__esModule",{value:!0});Jc.SetHeadersInboundPolicy=void 0;var CE=k(),kx=Ke(),Fx=o(async(t,e,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new CE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(t.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new CE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new kx.ZuploRequest(t,{headers:s})},"SetHeadersInboundPolicy");Jc.SetHeadersInboundPolicy=Fx});var DE=_(zc=>{"use strict";Object.defineProperty(zc,"__esModule",{value:!0});zc.SetHeadersOutboundPolicy=void 0;var LE=k(),Hx=o(async(t,e,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new LE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(t.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new LE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"SetHeadersOutboundPolicy");zc.SetHeadersOutboundPolicy=Hx});var UE=_(Wc=>{"use strict";Object.defineProperty(Wc,"__esModule",{value:!0});Wc.SetQueryParamsInboundPolicy=void 0;var ME=k(),qx=Ke(),$x=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new ME.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(t.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new ME.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new qx.ZuploRequest(s.toString(),t)},"SetQueryParamsInboundPolicy");Wc.SetQueryParamsInboundPolicy=$x});var kE=_(Qc=>{"use strict";Object.defineProperty(Qc,"__esModule",{value:!0});Qc.SetStatusOutboundPolicy=void 0;var jx=o(async(t,e,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(t.body,{headers:t.headers,status:n.status,statusText:n.statusText??t.statusText})},"SetStatusOutboundPolicy");Qc.SetStatusOutboundPolicy=jx});var FE=_(Yc=>{"use strict";Object.defineProperty(Yc,"__esModule",{value:!0});Yc.SleepInboundPolicy=void 0;var Vx=k(),Bx=o(async t=>new Promise(r=>{setTimeout(r,t)}),"sleep"),Gx=o(async(t,e,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new Vx.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await Bx(r.sleepInMs),t},"SleepInboundPolicy");Yc.SleepInboundPolicy=Gx});var qE=_(Zc=>{"use strict";Object.defineProperty(Zc,"__esModule",{value:!0});Zc.SupabaseJwtInboundPolicy=void 0;var HE=k(),Kx=de(),Jx=Ke(),zx=lt(),Wx=Xt(),Qx=o(async(t,e,r,n)=>{(0,zx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,Wx.OpenIdJwtInboundPolicy)(t,e,i,n);if(s instanceof Response)return s;if(!(s instanceof Jx.ZuploRequest))throw new HE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=t.user?.data.app_metadata;if(!c)throw new HE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?Kx.HttpProblems.unauthorized(t,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Zc.SupabaseJwtInboundPolicy=Qx});var jE=_(Xc=>{"use strict";Object.defineProperty(Xc,"__esModule",{value:!0});Xc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Yx=Zt(),Zx=Bt(),$E=k(),Xx=kn(),eL=lt(),tL=o(async(t,e,r,n)=>{(0,eL.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Yx.getPolicyCacheName)(n,r),s=new Zx.MemoryZoneReadThroughCache(i,e),a=await s.get(n);if(!a){let c=await rL(r,e);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return t.headers.set("Authorization",`Bearer ${a}`),t},"UpstreamAzureAdServiceAuthInboundPolicy");Xc.UpstreamAzureAdServiceAuthInboundPolicy=tL;async function rL(t,e){let r=new URLSearchParams({client_id:t.activeDirectoryClientId,scope:`${t.activeDirectoryClientId}/.default`,client_secret:t.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Xx.fetchRetry)({retries:t.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${t.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new $E.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new $E.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(rL,"getAccessToken")});var BE=_(eu=>{"use strict";Object.defineProperty(eu,"__esModule",{value:!0});eu.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var nL=Zt(),iL=Bt(),oL=k(),Bf=Fn(),sL=lt(),VE="https://accounts.google.com/o/oauth2/token",Gf,aL=o(async(t,e,r,n)=>{(0,sL.optionValidator)(r,n).required("serviceAccountJson","string"),Gf||(Gf=await Bf.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,nL.getPolicyCacheName)(n,r),a=new iL.MemoryZoneReadThroughCache(s,e),c=await a.get(n);if(!c){let u=await(0,Bf.getTokenFromGcpServiceAccount)({serviceAccount:Gf,audience:VE,payload:i}),l=await(0,Bf.exchangeGgpJwtForIdToken)(VE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new oL.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamFirebaseAdminAuthInboundPolicy");eu.UpstreamFirebaseAdminAuthInboundPolicy=aL});var GE=_(tu=>{"use strict";Object.defineProperty(tu,"__esModule",{value:!0});tu.UpstreamFirebaseUserAuthInboundPolicy=void 0;var cL=Zt(),uL=Bt(),fi=k(),lL=If(),Kf=Fn(),dL=Jt(),pL=lt(),fL="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",hL=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Jf,mL=o(async(t,e,r,n)=>{if((0,pL.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new fi.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(hL.indexOf(p)!==-1)throw new fi.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Jf||(Jf=await Kf.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!t.user)throw new fi.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=t.user?.sub}else if(r.userIdPropertyPath){if(!t.user)throw new fi.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,dL.getValueFromRequestUser)(t.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new fi.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,cL.getPolicyCacheName)(n,r),c=new uL.MemoryZoneReadThroughCache(a,e),u={uid:s,claims:i},l=await(0,lL.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Kf.getTokenFromGcpServiceAccount)({serviceAccount:Jf,audience:fL,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Kf.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new fi.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${d}`),t},"UpstreamFirebaseUserAuthInboundPolicy");tu.UpstreamFirebaseUserAuthInboundPolicy=mL});var JE=_(ru=>{"use strict";Object.defineProperty(ru,"__esModule",{value:!0});ru.UpstreamGcpJwtInboundPolicy=void 0;var KE=Fn(),yL=lt(),zf,gL=o(async(t,e,r,n)=>{(0,yL.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),zf||(zf=await KE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,KE.getTokenFromGcpServiceAccount)({serviceAccount:zf,audience:r.audience});return t.headers.set("Authorization",`Bearer ${i}`),t},"UpstreamGcpJwtInboundPolicy");ru.UpstreamGcpJwtInboundPolicy=gL});var WE=_(nu=>{"use strict";Object.defineProperty(nu,"__esModule",{value:!0});nu.UpstreamGcpServiceAuthInboundPolicy=void 0;var bL=Zt(),_L=el(),EL=Bt(),fo=k(),Wf=Fn(),wL=Jt(),vL=lt(),zE="https://www.googleapis.com/oauth2/v4/token",Qf,TL=o(async(t,e,r,n)=>{(0,vL.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Qf||(Qf=await Wf.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new fo.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,wL.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof fo.ConfigurationError?new fo.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,bL.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new _L.MemoryCache(s):a=new EL.MemoryZoneReadThroughCache(s,e);let c=await a.get(n);if(!c){let u=await(0,Wf.getTokenFromGcpServiceAccount)({serviceAccount:Qf,audience:zE,payload:i}),l=await(0,Wf.exchangeGgpJwtForIdToken)(zE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new fo.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new fo.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamGcpServiceAuthInboundPolicy");nu.UpstreamGcpServiceAuthInboundPolicy=TL});var YE=_(iu=>{"use strict";Object.defineProperty(iu,"__esModule",{value:!0});iu.ValidateJsonSchemaInbound=void 0;var SL=k(),QE=de(),IL=o(async(t,e,r)=>{let n=t.clone(),i;try{i=await n.json()}catch{return QE.HttpProblems.badRequest(t,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return t;let{errors:a}=r.validator;if(!a)throw new SL.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return QE.HttpProblems.badRequest(t,e,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");iu.ValidateJsonSchemaInbound=IL});var ew=_((ZJ,XE)=>{"use strict";var PL=Object.defineProperty,AL=Object.getOwnPropertyNames,B=o((t,e)=>PL(t,"name",{value:e,configurable:!0}),"__name"),vt=o((t,e)=>o(function(){return e||(0,t[AL(t)[0]])((e={exports:{}}).exports,e),e.exports},"__require"),"__commonJS"),Yf=vt({"node_modules/fast-xml-parser/src/util.js"(t){"use strict";var e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",r=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",n="["+e+"]["+r+"]*",i=new RegExp("^"+n+"$"),s=B(function(c,u){let l=[],d=u.exec(c);for(;d;){let p=[];p.startIndex=u.lastIndex-d[0].length;let f=d.length;for(let h=0;h<f;h++)p.push(d[h]);l.push(p),d=u.exec(c)}return l},"getAllMatches"),a=B(function(c){let u=i.exec(c);return!(u===null||typeof u>"u")},"isName");t.isExist=function(c){return typeof c<"u"},t.isEmptyObject=function(c){return Object.keys(c).length===0},t.merge=function(c,u,l){if(u){let d=Object.keys(u),p=d.length;for(let f=0;f<p;f++)l==="strict"?c[d[f]]=[u[d[f]]]:c[d[f]]=u[d[f]]}},t.getValue=function(c){return t.isExist(c)?c:""},t.isName=a,t.getAllMatches=s,t.nameRegexp=n}}),ZE=vt({"node_modules/fast-xml-parser/src/validator.js"(t){"use strict";var e=Yf(),r={allowBooleanAttributes:!1,unpairedTags:[]};t.validate=function(g,v){v=Object.assign({},r,v);let O=[],V=!1,E=!1;g[0]==="\uFEFF"&&(g=g.substr(1));for(let T=0;T<g.length;T++)if(g[T]==="<"&&g[T+1]==="?"){if(T+=2,T=i(g,T),T.err)return T}else if(g[T]==="<"){let C=T;if(T++,g[T]==="!"){T=s(g,T);continue}else{let w=!1;g[T]==="/"&&(w=!0,T++);let P="";for(;T<g.length&&g[T]!==">"&&g[T]!==" "&&g[T]!==" "&&g[T]!==`
|
|
74
|
+
`+d});let p=Math.floor((typeof c=="number"?c:Date.now())/1e3)-r.timestamp;if(i>0&&p>i)throw new en.StripeSignatureVerificationError(e,t,{message:"Timestamp outside the tolerance zone"});return!0}o(YR,"validateComputedSignature");function ZR(t,e){return typeof t!="string"?null:t.split(",").reduce((r,n)=>{let i=n.split("=");return i[0]==="t"&&(r.timestamp=parseInt(i[1],10)),i[0]===e&&r.signatures.push(i[1]),r},{timestamp:-1,signatures:[]})}o(ZR,"parseHeader");function XR(t,e){if(t.length!==e.length)return!1;let r=t.length,n=0;for(let i=0;i<r;++i)n|=t.charCodeAt(i)^e.charCodeAt(i);return n===0}o(XR,"secureCompare");async function o_(t,e){let r=new TextEncoder,n=await crypto.subtle.importKey("raw",r.encode(e),{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=await crypto.subtle.sign("hmac",n,r.encode(t)),s=new Uint8Array(i),a=new Array(s.length);for(let c=0;c<s.length;c++)a[c]=rf[s[c]];return a.join("")}o(o_,"computeHMACSignatureAsync");ti.computeHMACSignatureAsync=o_;var rf=new Array(256);for(let t=0;t<rf.length;t++)rf[t]=t.toString(16).padStart(2,"0")});var lt=_(Ga=>{"use strict";Object.defineProperty(Ga,"__esModule",{value:!0});Ga.optionValidator=void 0;var ri=k(),eO=at();function tO(t,e,r="policy"){let n=`${r} '${e}'`;if(!(0,eO.isObject)(t))throw new ri.ConfigurationError(`Options on ${n} is expected to be an object. Received the type '${typeof t}'.`);let i=o((c,u,l)=>{let d=t[c];if(!(l&&d===void 0)){if(d===void 0)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} is required, but no value was set. If using an environment variable, check that it is set correctly.`);if(u==="array"&&Array.isArray(d))throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be an array. Received type ${typeof d}.`);if(typeof d!==u)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be of type ${u}. Received type ${typeof d}.`);if(typeof d=="string"&&d.length===0)throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be a non-empty string. The value received is empty. If using an environment variable, check that it is set correctly.`);if(typeof d=="number"&&isNaN(d))throw new ri.ConfigurationError(`Value of '${String(c)}' on ${n} must be valid number. If using an environment variable, check that it is set correctly.`)}},"validate"),s=o((c,u)=>(i(c,u,!0),{optional:s,required:a}),"optional"),a=o((c,u)=>(i(c,u,!1),{optional:s,required:a}),"required");return{optional:s,required:a}}o(tO,"optionValidator");Ga.optionValidator=tO});var of=_(Ka=>{"use strict";Object.defineProperty(Ka,"__esModule",{value:!0});Ka.StripeWebhookVerificationInboundPolicy=void 0;var rO=_n(),nO=de(),iO=s_(),oO=lt(),nf=class extends rO.InboundPolicy{static{o(this,"StripeWebhookVerificationInboundPolicy")}async handler(e,r){(0,oO.optionValidator)(this.options,this.policyName).required("signingSecret","string").optional("tolerance","number");let n=e.headers.get("stripe-signature");try{let i=await e.clone().text();await(0,iO.constructEventAsync)(i,n,this.options.signingSecret)}catch(i){let s=i.message;if(i.type&&i.type==="StripeSignatureVerificationError"){let a=i.message,u=/Note:(.*)/g.exec(a);s=u?u[1].trim():a,s.startsWith("No signatures found matching the expected signature for payload")&&(s="The Stripe Webhook Signature Secret provided is incorrect and does not match to the signature on the event received. Make sure your Zuplo configuration is correct.")}return r.log.error("Error validating stripe webhook",s),nO.HttpProblems.badRequest(e,r,{title:"Webhook Error",detail:s})}return e}};Ka.StripeWebhookVerificationInboundPolicy=nf});var c_=_(Ja=>{"use strict";Object.defineProperty(Ja,"__esModule",{value:!0});Ja.isStripeWebhookEvent=void 0;var a_=at();function sO(t){return t!==null&&typeof t=="object"&&"id"in t&&(0,a_.isString)(t.id)&&"type"in t&&(0,a_.isString)(t.type)}o(sO,"isStripeWebhookEvent");Ja.isStripeWebhookEvent=sO});var u_=_(za=>{"use strict";Object.defineProperty(za,"__esModule",{value:!0});za.MeteringPlugin=void 0;var aO=Ot(),sf=class extends aO.SystemRuntimePlugin{static{o(this,"MeteringPlugin")}};za.MeteringPlugin=sf});var uf=_(cf=>{"use strict";Object.defineProperty(cf,"__esModule",{value:!0});var af=k(),cO={getSubscription:async({subscriptionId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/subscriptions/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving subscription from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i},getCustomer:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/customers/${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i},getUpcomingInvoice:async({customerId:t,stripeSecretKey:e,logger:r})=>{let n=await fetch(`https://api.stripe.com/v1/invoices/upcoming?customer=${t}`,{headers:{Authorization:`Bearer ${e}`}}),i=await n.json();if(n.status!==200){let s="Error retrieving customer upcoming invoice from Stripe API.";throw r.error(s,i),new af.RuntimeError(s)}return i}};cf.default=cO});var d_=_(Ar=>{"use strict";Object.defineProperty(Ar,"__esModule",{value:!0});Ar.deleteConsumer=Ar.createConsumerInvite=Ar.createConsumer=void 0;var lf=k(),df=Je(),pf=X(),ff=kn(),hf="https://api-key-management-service-eq7z4lly2a-ue.a.run.app",l_="My API Key";async function uO({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,managerSub:s,context:a}){let{authApiJWT:c}=pf.Environment.instance,u=new URL(`/v1/buckets/${t}/consumers`,hf);u.searchParams.set("with-api-key","true");let l=crypto.randomUUID(),d={name:l,description:l_,tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[{sub:s,email:i}]},p=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(a)},u.toString(),{method:"POST",headers:{Authorization:`Bearer ${c}`,"content-type":"application/json"},body:JSON.stringify(d)}),f=await p.json();if(p.status!==200){let h="Error creating API Key Consumer";throw a.log.error(h,f),new lf.RuntimeError(h)}return a.log.info("Successfully created API Key Consumer",{consumerId:l,stripeSubscriptionId:e,stripeProductId:r}),l}o(uO,"createConsumer");Ar.createConsumer=uO;async function lO({apiKeyBucketName:t,stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n,managerEmail:i,context:s}){let{authApiJWT:a}=pf.Environment.instance,c=new URL(`/v1/buckets/${t}/consumers`,hf);c.searchParams.set("with-api-key","true");let u=crypto.randomUUID(),l={name:u,description:l_,tags:{subscriptionExternalId:e,planExternalIds:[r]},metadata:{stripeSubscriptionId:e,stripeProductId:r,stripeCustomerId:n},managers:[i]},d=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(s)},c.toString(),{method:"POST",headers:{Authorization:`Bearer ${a}`,"content-type":"application/json"},body:JSON.stringify(l)}),p=await d.json();if(d.status!==200){let f="Error creating API Key Consumer";throw s.log.error(f,p),new lf.RuntimeError(f)}return s.log.info("Successfully created API Key Consumer with Manager Invite",{consumerId:u,stripeSubscriptionId:e,stripeProductId:r}),u}o(lO,"createConsumerInvite");Ar.createConsumerInvite=lO;async function dO({apiKeyBucketName:t,consumerId:e,context:r}){let{authApiJWT:n}=pf.Environment.instance,i=new URL(`/v1/buckets/${t}/consumers/${e}`,hf);i.searchParams.set("with-api-key","true");let s=await(0,ff.fetchRetry)({retryDelayMs:5,retries:2,logger:df.SystemLogMap.getLogger(r)},i.toString(),{method:"DELETE",headers:{Authorization:`Bearer ${n}`,"content-type":"application/json"},body:JSON.stringify({})});if(s.status!==204){let a=await s.json(),c="Error invalidating API Key Consumer";throw r.log.error(c,a),new lf.RuntimeError(c)}return r.log.info(`Successfully invalidated API Key Consumer '${e}`),e}o(dO,"deleteConsumer");Ar.deleteConsumer=dO});var Wa=_(Or=>{"use strict";Object.defineProperty(Or,"__esModule",{value:!0});Or.getSubscription=Or.updateSubscription=Or.createSubscription=void 0;var Rr=k(),mf=Je(),yf=X(),gf=kn(),bf=at();async function pO({context:t,stripeSubscriptionId:e,stripeProductId:r,customerKey:n,meteringBucketId:i,meteringBucketRegion:s,customerExternalId:a,subscriptionStatus:c,metadata:u}){let l={status:c,type:"periodic",renewalStrategy:"monthly",region:s,subscriptionExternalId:e,planExternalIds:[r],customerKey:n,customerExternalId:a,metadata:u},{authApiJWT:d,meteringServiceUrl:p}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(d))throw new Rr.SystemError("No Zuplo JWT token set.");let f=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${p}/internal/v1/metering/${i}/subscriptions`,{headers:{Authorization:`Bearer ${d}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"POST",body:JSON.stringify(l)});if(!f.ok){let h="Error creating monetization subscription.",y;try{y=await f.json()}catch{y={status:f.status,statusText:f.statusText}}throw t.log.error(h,y),new Rr.RuntimeError(h)}t.log.info("Successfully created monetization subscription.",l)}o(pO,"createSubscription");Or.createSubscription=pO;async function fO({context:t,meteringSubscriptionId:e,meteringBucketId:r,requestBody:n}){let{authApiJWT:i,meteringServiceUrl:s}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${r}/subscriptions/${e}`,{headers:{Authorization:`Bearer ${i}`,"Content-Type":"application/json","zp-rid":t.requestId},method:"PATCH",body:JSON.stringify(n)});if(!a.ok){let c=`Error updating monetization subscription with: '${JSON.stringify(n)}'.`,u;try{u=await a.json()}catch{u={status:a.status,statusText:a.statusText}}throw t.log.error(c,u),new Rr.RuntimeError(c)}t.log.info(`Successfully updated monetization subscription with: '${JSON.stringify(n)}'.`)}o(fO,"updateSubscription");Or.updateSubscription=fO;async function hO({context:t,stripeSubscriptionId:e,stripeCustomerId:r,meteringBucketId:n}){let{authApiJWT:i,meteringServiceUrl:s}=yf.Environment.instance;if(!(0,bf.isNonEmptyString)(i))throw new Rr.SystemError("No Zuplo JWT token set.");let a=await(0,gf.fetchRetry)({retryDelayMs:5,retries:2,logger:mf.SystemLogMap.getLogger(t)},`${s}/internal/v1/metering/${n}/subscriptions?subscriptionExternalId=${e}`,{headers:{Authorization:`Bearer ${i}`,"zp-rid":t.requestId},method:"GET"});if(!a.ok){let u="Error retrieving the monetization subscription.",l;try{l=await a.json()}catch{l={status:a.status,statusText:a.statusText}}throw t.log.error(u,l),new Rr.RuntimeError(u,l)}let c=await a.json();if(c.data.length===0){let u="Subscription was not found and the event was ignored by Zuplo.";throw t.log.error(u),new Rr.RuntimeError(u)}if(c.data[0].customerExternalId!==r){let u="A subscription was not found for the customer provided and the event was ignored by Zuplo.";throw t.log.error(u),new Rr.RuntimeError(u)}return c.data[0]}o(hO,"getSubscription");Or.getSubscription=hO});var _f=_(Qa=>{"use strict";Object.defineProperty(Qa,"__esModule",{value:!0});Qa.stripeStatusToMeteringStatus=void 0;function mO(t){return t.replaceAll("_","-")}o(mO,"stripeStatusToMeteringStatus");Qa.stripeStatusToMeteringStatus=mO});var p_=_(ro=>{"use strict";var yO=ro&&ro.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ro,"__esModule",{value:!0});var Nr=de(),gO=X(),bO=yO(uf()),Ef=d_(),_O=Wa(),EO=_f();async function wO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.plan;if(!s||!s.product)return e.log.warn(`Invalid Stripe API result. Expected event '${r.id}' to have a plan data.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected event to have a plan data."});let a=r.data.object.customer;if(!a)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==gO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),Nr.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});let c=s.product,u,l,d;if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_email&&r.data.object.metadata.zuplo_created_by_sub)l=r.data.object.metadata.zuplo_created_by_email,d=r.data.object.metadata.zuplo_created_by_sub,u=await(0,Ef.createConsumer)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:l,managerSub:d,context:e});else{let p=await bO.default.getCustomer({logger:e.log,stripeSecretKey:n.stripeSecretKey,customerId:a});if(!p.email)return e.log.warn(`Invalid Stripe API result. Expected customer '${a}' to contain email address.`),Nr.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe API result. Expected customer to contain email address."});u=await(0,Ef.createConsumerInvite)({apiKeyBucketName:n.apiKeyBucketName,stripeProductId:c,stripeSubscriptionId:i,stripeCustomerId:a,managerEmail:p.email,context:e})}if(!u)return Nr.HttpProblems.internalServerError(t,e,{detail:"No API Key Consumer was created, skipping creation of subscription"});try{let p=(0,EO.stripeStatusToMeteringStatus)(r.data.object.status),f;l&&d&&(f={subscriber:{sub:d,email:l}}),await(0,_O.createSubscription)({context:e,stripeProductId:c,stripeSubscriptionId:i,customerKey:u,meteringBucketId:n.meteringBucketId,meteringBucketRegion:n.meteringBucketRegion,customerExternalId:a,subscriptionStatus:p,metadata:f})}catch(p){return await(0,Ef.deleteConsumer)({apiKeyBucketName:n.apiKeyBucketName,consumerId:u,context:e}),Nr.HttpProblems.internalServerError(t,e,{detail:p.message})}return Nr.HttpProblems.ok(t,e)}o(wO,"onCustomerSubscriptionCreated");ro.default=wO});var h_=_(wf=>{"use strict";Object.defineProperty(wf,"__esModule",{value:!0});var Ya=de(),vO=X(),f_=Wa();async function TO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to have '.data.object.id' be the subscription ID.`),Ya.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),Ya.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==vO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),Ya.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});let a=await(0,f_.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId});return await(0,f_.updateSubscription)({context:e,meteringSubscriptionId:a.id,meteringBucketId:n.meteringBucketId,requestBody:{status:"canceled",planExternalIds:a.planExternalIds}}),Ya.HttpProblems.ok(t,e)}o(TO,"onCustomerSubscriptionDeleted");wf.default=TO});var m_=_(no=>{"use strict";var SO=no&&no.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(no,"__esModule",{value:!0});var ni=de(),IO=X(),PO=SO(uf()),Za=Wa(),AO=_f();async function RO(t,e,r,n){let i=r.data.object.id;if(!i)return e.log.warn(`Invalid Stripe webhook event. Expected event '${r.id}' to include '.data.object.id' as the subscription ID.`),ni.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.id' to be the subscription ID."});let s=r.data.object.customer;if(!s)return e.log.warn(`Invalid Stripe webhook event. Expected '.data.object.customer' to be provided by event '${r.id}'`),ni.HttpProblems.badRequest(t,e,{detail:"Invalid Stripe webhook event. Expected '.data.object.customer' to be provided"});if(r.data.object.metadata&&r.data.object.metadata.zuplo_created_by_deploymentName&&r.data.object.metadata.zuplo_created_by_deploymentName!==IO.Environment.instance.deploymentName)return e.log.warn(`Subscription event '${r.id}' will not be handled since it was not issued for this Zuplo environment. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`),ni.HttpProblems.badRequest(t,e,{detail:`This subscription event is not meant to be handled by this environment's Stripe monetization plugin. It was intended for '${r.data.object.metadata.zuplo_created_by_deploymentName}'.`});if(r.data.previous_attributes){let a=r.data.previous_attributes;if(a.status&&a.status!==r.data.object.status){e.log.debug(`Processing subscription status change from Stripe event '${r.id}'.`);let c=await(0,Za.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=(0,AO.stripeStatusToMeteringStatus)(r.data.object.status);return await(0,Za.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:u,planExternalIds:c.planExternalIds}}),ni.HttpProblems.ok(t,e)}if(a.plan&&a.plan.product!==r.data.object.plan.product){e.log.debug(`Processing subscription plan change from Stripe event '${r.id}'.`);let c=await(0,Za.getSubscription)({context:e,stripeSubscriptionId:i,stripeCustomerId:s,meteringBucketId:n.meteringBucketId}),u=r.data.object.plan.product,d=(await PO.default.getUpcomingInvoice({customerId:s,logger:e.log,stripeSecretKey:n.stripeSecretKey})).lines.data.filter(f=>f.proration&&f.price.product===u),p=0;return d.length===0?e.log.warn(`The plan change does not include proration details. Subscription event '${r.id}'`):p=parseFloat(d[0].unit_amount_excluding_tax)/d[0].price.unit_amount,await(0,Za.updateSubscription)({context:e,meteringSubscriptionId:c.id,meteringBucketId:n.meteringBucketId,requestBody:{status:c.status,planExternalIds:[u],prorate:p}}),ni.HttpProblems.ok(t,e)}}return e.log.warn(`This update event '${r.id}' is not supported by Stripe monetization plugin webhook.`),ni.HttpProblems.badRequest(t,e,{detail:"This update event is not supported by Stripe monetization plugin webhook."})}o(RO,"onCustomerSubscriptionUpdated");no.default=RO});var g_=_(ii=>{"use strict";var Tf=ii&&ii.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ii,"__esModule",{value:!0});ii.StripeMonetizationPlugin=void 0;var Xa=Zi(),ec=k(),OO=Gt(),NO=of(),y_=de(),CO=ar(),xO=En(),LO=Il(),DO=gt(),MO=X(),UO=c_(),kO=lt(),FO=u_(),HO=Tf(p_()),qO=Tf(h_()),$O=Tf(m_()),vf=class extends FO.MeteringPlugin{static{o(this,"StripeMonetizationPlugin")}options;constructor(e){super(),this.options=e}registerRoutes(e,r){let n=o(async(c,u)=>{if(this.options.__testMode===!0)return u.log.warn("Received Stripe webhook event of in test mode."),"success";let{meteringBucketId:l,apiKeyBucketName:d}=this.options;if(!l)if(Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)l=Xa.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new ec.ConfigurationError("StripeMonetizationPlugin - No 'meteringBucketId' property provided");if(!d)if(Xa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)d=Xa.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new ec.ConfigurationError("StripeMonetizationPlugin - No 'apiKeyBucketName' property provided");if(!MO.Environment.instance.build.ACCOUNT_NAME)throw new ec.SystemError("Build environment is not configured correctly. Expected 'ACCOUNT_NAME' to be set.");let p=this.options.primaryDataRegion??"us-central1";if(!jO(p))throw new ec.ConfigurationError(`StripeMonetizationPlugin - The value '${p}' on the property 'primaryDataRegion' is invalid.`);let f=await c.json();if(!(0,UO.isStripeWebhookEvent)(f))return y_.HttpProblems.badRequest(c,u,{detail:"The received body was not in the expected format."});switch(u.log.info(`Received Stripe webhook event of type '${f.type}' with ID '${f.id}'.`),f.type){case"customer.subscription.created":return await(0,HO.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.updated":return await(0,$O.default)(c,u,f,{meteringBucketId:l,apiKeyBucketName:d,meteringBucketRegion:p,stripeSecretKey:this.options.stripeSecretKey});case"customer.subscription.deleted":return await(0,qO.default)(c,u,f,{meteringBucketId:l});default:return y_.HttpProblems.badRequest(c,u,{detail:"Event is not supported by Stripe monetization plugin webhook."})}},"stripeWebhookHandler"),i=(0,xO.createInternalPolicyProcessor)({inboundPolicies:[new NO.StripeWebhookVerificationInboundPolicy({signingSecret:this.options.webhooks.signingSecret,tolerance:this.options.webhooks.tolerance},"stripe-webhook-verification")]});(0,kO.optionValidator)(this.options.webhooks,"StripeMonetizationPlugin","plugin").required("signingSecret","string").optional("tolerance","number");let s=new OO.Pipeline({processors:[CO.metricsProcessor,i],handler:n,gateway:r}),a=new DO.SystemRouteConfiguration({label:"PLUGIN_STRIPE_WEBHOOK_ROUTE",methods:["POST"],path:this.options.webhooks.routePath??"/__plugins/stripe/webhooks",systemRouteName:LO.SystemRouteName.StripePlugin});e.addRoute(a,s.execute)}};ii.StripeMonetizationPlugin=vf;function jO(t){return t!==null&&typeof t=="string"&&["us-central1","us-east1","europe-west4"].includes(t)}o(jO,"isMetricsRegion")});var v_=_(oi=>{"use strict";Object.defineProperty(oi,"__esModule",{value:!0});oi.AmberfloMeteringInboundPolicy=oi.AmberfloMeteringPolicy=void 0;var b_=k(),VO=Re(),__=Jt(),w_=new WeakMap,E_={},Sf=class{static{o(this,"AmberfloMeteringPolicy")}static setRequestProperties(e,r){w_.set(e,r)}};oi.AmberfloMeteringPolicy=Sf;async function BO(t,e,r,n){if(!r.statusCodes)throw new b_.ConfigurationError(`Invalid AmberfloMeterInboundPolicy '${n}': options.statusCodes must be an array of HTTP status code numbers`);let i=(0,__.statusCodesStringToNumberArray)(r.statusCodes);return e.addResponseSendingFinalHook(async s=>{if(i.includes(s.status)){let a=w_.get(e),c=r.customerId;if(r.customerIdPropertyPath){if(!t.user)throw new b_.RuntimeError(`Unable to apply customerIdPropertyPath '${r.customerIdPropertyPath}' as request.user is 'undefined'.`);c=(0,__.getValueFromRequestUser)(t.user,r.customerIdPropertyPath,"customerIdPropertyPath")}let u=a?.customerId??c;if(!u){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': customerId cannot be undefined`);return}let l=a?.meterApiName??r.meterApiName;if(!l){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterApiName cannot be undefined`);return}let d=a?.meterValue??r.meterValue;if(!d){e.log.error(`Error in AmberfloMeterInboundPolicy '${n}': meterValue cannot be undefined`);return}let p={customerId:u,meterApiName:l,meterValue:d,meterTimeInMillis:Date.now(),dimensions:Object.apply(r.dimensions??{},a?.dimensions)},f=E_[r.apiKey];if(!f){let h=r.apiKey,y=t.headers.get("zm-test-id")??"";f=new VO.BatchDispatch("amberflo-ingest-meter",10,async b=>{try{let I=r.url??"https://app.amberflo.io/ingest",A=await fetch(I,{method:"POST",body:JSON.stringify(b),headers:{"content-type":"application/json","x-api-key":h,"zm-test-id":y}});A.ok||e.log.error(`Unexpected response in AmberfloMeteringInboundPolicy '${n}'. ${A.status}: ${await A.text()}`)}catch(I){throw e.log.error(`Error in AmberfloMeteringInboundPolicy '${n}': ${I.message}`),I}}),E_[h]=f}f.enqueue(p),e.waitUntil(f.waitUntilFlushed())}}),t}o(BO,"AmberfloMeteringInboundPolicy");oi.AmberfloMeteringInboundPolicy=BO});var If=_(tc=>{"use strict";Object.defineProperty(tc,"__esModule",{value:!0});tc.sha256=void 0;async function GO(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest({name:"SHA-256"},e);return[...new Uint8Array(r)].map(i=>i.toString(16).padStart(2,"0")).join("")}o(GO,"sha256");tc.sha256=GO});var Zt=_(rc=>{"use strict";Object.defineProperty(rc,"__esModule",{value:!0});rc.getPolicyCacheName=void 0;var KO=If(),T_=new Map;async function JO(t,e){let r,n=T_.get(t);return n!==void 0?r=n:(r=`zuplo-policy-${await(0,KO.sha256)(JSON.stringify({policyName:t,options:e}))}`,T_.set(t,r)),r}o(JO,"getPolicyCacheName");rc.getPolicyCacheName=JO});var Rf=_(nc=>{"use strict";Object.defineProperty(nc,"__esModule",{value:!0});nc.ApiKeyInboundPolicy=void 0;var zO=Zt(),WO=Bt(),S_=Zi(),Pf=k(),QO=Kt(),I_=Je(),Af=X(),YO=kn(),P_="key-metadata-cache-type";function ZO(t,e){return e.authScheme===""?t:t.replace(`${e.authScheme} `,"")}o(ZO,"getKeyValue");async function XO(t,e,r,n){if(!r.bucketName)if(S_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME)r.bucketName=S_.environment.ZUPLO_API_KEY_SERVICE_BUCKET_NAME;else throw new Pf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - no bucketName property provided`);let i={authHeader:r.authHeader??"authorization",authScheme:r.authScheme??"Bearer",bucketName:r.bucketName,cacheTtlSeconds:r.cacheTtlSeconds??60,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1,disableAutomaticallyAddingKeyHeaderToOpenApi:r.disableAutomaticallyAddingKeyHeaderToOpenApi??!1};if(i.cacheTtlSeconds<60)throw new Pf.ConfigurationError(`ApiKeyInboundPolicy '${n}' - minimum cacheTtlSeconds value is 60s, '${i.cacheTtlSeconds}' is invalid`);let s=o(I=>i.allowUnauthenticatedRequests?t:QO.HttpProblems.unauthorized(t,e,{detail:I}),"unauthorizedResponse"),a=t.headers.get(i.authHeader);if(!a)return s("No Authorization Header");if(!a.toLowerCase().startsWith(i.authScheme.toLowerCase()))return s("Invalid Authorization Scheme");let c=ZO(a,i);if(!c||c==="")return s("No key present");let u=await eN(c),l=await(0,zO.getPolicyCacheName)(n,i),d=new WO.MemoryZoneReadThroughCache(l,e),p=await d.get(u);if(p&&p.isValid===!0)return t.user=p.user,t;if(p&&!p.isValid)return p.typeId!==P_&&I_.SystemLogMap.getLogger(e).error(`ApiKeyInboundPolicy '${n}' - cached metadata has invalid typeId '${p.typeId}'`,p),s("Authorization Failed");let f={key:c},h=await(0,YO.fetchRetry)({retryDelayMs:5,retries:2,logger:I_.SystemLogMap.getLogger(e)},`${Af.Environment.instance.apiKeyServiceUrl}/v1/$validate/${i.bucketName}`,{method:"POST",headers:{"content-type":"application/json","zp-rid":e.requestId,"zp-dn":Af.Environment.instance.deploymentName??"unknown","User-Agent":Af.Environment.instance.systemUserAgent},body:JSON.stringify(f)});if(h.status===401)return e.log.info(`ApiKeyInboundPolicy '${n}' - 401 response from Key Service`),s("Authorization Failed");if(h.status!==200){try{let I=await h.text(),A=JSON.parse(I);e.log.error("Unexpected response from key service",A)}catch{e.log.error("Invalid response from key service")}throw new Pf.RuntimeError(`ApiKeyInboundPolicy '${n}' - unexpected response from Key Service. Status: ${h.status}`)}let y=await h.json(),b={isValid:!0,typeId:P_,user:{sub:y.name,data:y.metadata}};return t.user=b.user,d.put(u,b,i.cacheTtlSeconds),t}o(XO,"ApiKeyInboundPolicy");nc.ApiKeyInboundPolicy=XO;async function eN(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(eN,"hashValue")});var A_=_(ic=>{"use strict";Object.defineProperty(ic,"__esModule",{value:!0});ic.ApiAuthKeyInboundPolicy=void 0;var tN=Rf();ic.ApiAuthKeyInboundPolicy=tN.ApiKeyInboundPolicy});var Xt=_(oc=>{"use strict";Object.defineProperty(oc,"__esModule",{value:!0});oc.OpenIdJwtInboundPolicy=void 0;var Nf=(ra(),xo(ta)),Cf=k(),rN=de(),Of={},nN=o(async(t,e)=>{if(!e.jwkUrl||typeof e.jwkUrl!="string")throw new Cf.ConfigurationError("Invalid State - jwkUrl not set");Of[e.jwkUrl]||(Of[e.jwkUrl]=(0,Nf.createRemoteJWKSet)(new URL(e.jwkUrl),e.headers?{headers:e.headers}:void 0));let{payload:r}=await(0,Nf.jwtVerify)(t,Of[e.jwkUrl],{issuer:e.issuer,audience:e.audience});return r},"jwkVerifier"),iN=o(async(t,e)=>{let r;if(e.secret===void 0)throw new Error("secretVerifier requires secret to be defined");if(typeof e.secret=="string"){let s=new TextEncoder().encode(e.secret);r=new Uint8Array(s)}else r=e.secret;let{payload:n}=await(0,Nf.jwtVerify)(t,r,{issuer:e.issuer,audience:e.audience});return n},"secretVerifier"),oN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization"),s="bearer ",a=o(f=>rN.HttpProblems.unauthorized(t,e,{detail:f}),"unauthorizedResponse");if(!r.jwkUrl&&!r.secret)throw new Cf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': One of 'jwkUrl' or 'secret' options are required.`);if(r.jwkUrl&&r.secret)throw new Cf.ConfigurationError(`OpenIdJwtInboundPolicy policy '${n}': Only one of 'jwkUrl' and 'secret' options should be provided.`);let c=r.jwkUrl?nN:iN,l=await o(async()=>{if(!i)return a("No authorization header");if(i.toLowerCase().indexOf(s)!==0)return a("Invalid bearer token format for authorization header");let f=i.substring(s.length);if(!f||f.length===0)return a("No bearer token on authorization header");try{return await c(f,r)}catch(h){let y=new URL(t.url);return"code"in h&&h.code==="ERR_JWT_EXPIRED"?e.log.warn(`Expired token used on url: ${y.pathname} `,h):e.log.warn(`Invalid token on: ${t.method} ${y.pathname}`,h),a("Invalid token")}},"getJwtOrRejectedResponse")();if(l instanceof Response)return r.allowUnauthenticatedRequests===!0?t:l;let d=r.subPropertyName??"sub",p=l[d];return p?(t.user={sub:p,data:l},t):a(`Token is not valid, no '${d}' property found.`)},"OpenIdJwtInboundPolicy");oc.OpenIdJwtInboundPolicy=oN});var R_=_(sc=>{"use strict";Object.defineProperty(sc,"__esModule",{value:!0});sc.Auth0JwtInboundPolicy=void 0;var sN=Xt(),aN=o(async(t,e,r,n)=>(0,sN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://${r.auth0Domain}/`,audience:r.audience,jwkUrl:`https://${r.auth0Domain}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"Auth0JwtInboundPolicy");sc.Auth0JwtInboundPolicy=aN});var O_=_(ac=>{"use strict";Object.defineProperty(ac,"__esModule",{value:!0});ac.BasicAuthInboundPolicy=void 0;var cN=de(),uN=o(async(t,e,r)=>{let n=t.headers.get("Authorization"),i="basic ",s=o(l=>cN.HttpProblems.unauthorized(t,e,{detail:l}),"unauthorizedResponse"),c=await o(async()=>{if(!n)return await s("No Authorization header");if(n.toLowerCase().indexOf(i)!==0)return await s("Invalid Basic token format for Authorization header");let l=n.substring(i.length);if(!l||l.length===0)return await s("No username:password provided");let d=atob(l).normalize(),p=d.indexOf(":");if(p===-1||/[\0-\x1F\x7F]/.test(d))return await s("Invalid basic token value - see https://tools.ietf.org/html/rfc5234#appendix-B.1");let f=d.substring(0,p),h=d.substring(p+1),y=r.accounts.find(b=>b.username===f&&b.password===h);return y||await s("Invalid username or password")},"getAccountOrRejectedResponse")();if(c instanceof Response)return r.allowUnauthenticatedRequests?t:c;let u=c.username;return t.user={sub:u,data:c.data},t},"BasicAuthInboundPolicy");ac.BasicAuthInboundPolicy=uN});var N_=_(cc=>{"use strict";Object.defineProperty(cc,"__esModule",{value:!0});cc.CachingInboundPolicy=void 0;var lN=Zt(),dN=["cdn-cache-control","cloudflare-cdn-cache-control","surrogate-control","cache-tag","expires"];async function pN(t){let e=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",e);return Array.from(new Uint8Array(r)).map(s=>s.toString(16).padStart(2,"0")).join("")}o(pN,"digestMessage");var fN=o(async(t,e)=>{let r=[...e.dangerouslyIgnoreAuthorizationHeader===!0?[]:["authorization"],...e.headers??[]],n=[];for(let[d,p]of t.headers.entries())r.includes(d)&&n.push({key:d.toLowerCase(),value:p});n.sort((d,p)=>d.key.localeCompare(p.key));let i=await pN(JSON.stringify(n)),s=new URL(t.url),a=new URLSearchParams(s.searchParams);a.set("_z-hdr-dgst",i);let c=e.cacheHttpMethods?.includes(t.method.toUpperCase())&&t.method.toUpperCase()!=="GET";c&&a.set("_z-original-method",t.method);let u=`${s.origin}${s.pathname}?${a}`;return new Request(u,{method:c?"GET":t.method})},"createCacheKeyRequest");async function hN(t,e,r,n){let i=await(0,lN.getPolicyCacheName)(n,r),s=await caches.open(i),a=r?.cacheHttpMethods?.map(l=>l.toUpperCase())??["GET"],c=await fN(t,r),u=await s.match(c);return u||(e.addEventListener("responseSent",l=>{try{let d=r.statusCodes??[200,206,301,302,303,404,410],p=l.response.clone();if(!d.includes(p.status)||!a.includes(t.method.toUpperCase()))return;let f=r?.expirationSecondsTtl??60,h=new Response(p.body,p);dN.forEach(y=>h.headers.delete(y)),h.headers.set("cache-control",`s-maxage=${f}`),e.waitUntil(s.put(c,h))}catch(d){e.log.error(`Error in caching-inbound-policy '${n}': "${d.message}"`,d)}}),t)}o(hN,"CachingInboundPolicy");cc.CachingInboundPolicy=hN});var C_=_(uc=>{"use strict";Object.defineProperty(uc,"__esModule",{value:!0});uc.ChangeMethodInboundPolicy=void 0;var mN=k(),yN=Ke(),gN=o(async(t,e,r,n)=>{if(!r.method)throw new mN.ConfigurationError(`ChangeMethodInboundPolicy '${n}' options.method must be valid HttpMethod`);return new yN.ZuploRequest(t,{method:r.method})},"ChangeMethodInboundPolicy");uc.ChangeMethodInboundPolicy=gN});var x_=_(lc=>{"use strict";Object.defineProperty(lc,"__esModule",{value:!0});lc.ClearHeadersInboundPolicy=void 0;var bN=Ke(),_N=o(async(t,e,r)=>{let n=[...r.exclude??[]],i=new Headers;return n.forEach(a=>{let c=t.headers.get(a);c&&i.set(a,c)}),new bN.ZuploRequest(t,{headers:i})},"ClearHeadersInboundPolicy");lc.ClearHeadersInboundPolicy=_N});var L_=_(dc=>{"use strict";Object.defineProperty(dc,"__esModule",{value:!0});dc.ClearHeadersOutboundPolicy=void 0;var EN=o(async(t,e,r,n)=>{let i=[...n.exclude??[]],s=new Headers;return i.forEach(c=>{let u=t.headers.get(c);u&&s.set(c,u)}),new Response(t.body,{headers:s,status:t.status,statusText:t.statusText})},"ClearHeadersOutboundPolicy");dc.ClearHeadersOutboundPolicy=EN});var D_=_(pc=>{"use strict";Object.defineProperty(pc,"__esModule",{value:!0});pc.ClerkJwtInboundPolicy=void 0;var wN=Xt(),vN=o(async(t,e,r,n)=>{let i=new URL(r.frontendApiUrl.startsWith("https://")||r.frontendApiUrl.startsWith("http://")?r.frontendApiUrl:`https://${r.frontendApiUrl}`),s=new URL(i);return s.pathname="/.well-known/jwks.json",(0,wN.OpenIdJwtInboundPolicy)(t,e,{issuer:i.href.slice(0,-1),jwkUrl:s.toString(),allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"ClerkJwtInboundPolicy");pc.ClerkJwtInboundPolicy=vN});var U_=_(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.CognitoJwtInboundPolicy=void 0;var M_=k(),TN=Xt(),SN=o(async(t,e,r,n)=>{if(!r.userPoolId)throw new M_.ConfigurationError("userPoolId must be set in the options for CognitoJwtInboundPolicy");if(!r.region)throw new M_.ConfigurationError("region must be set in the options for CognitoJwtInboundPolicy");return(0,TN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}`,jwkUrl:`https://cognito-idp.${r.region}.amazonaws.com/${r.userPoolId}/.well-known/jwks.json`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)},"CognitoJwtInboundPolicy");fc.CognitoJwtInboundPolicy=SN});var F_=_(hc=>{"use strict";Object.defineProperty(hc,"__esModule",{value:!0});hc.CompositeInboundPolicy=void 0;var IN=k(),PN=$r(),k_=En(),AN=o(async(t,e,r,n)=>{if(!r.policies||r.policies.length===0)throw new IN.ConfigurationError(`CompositeInboundPolicy '${n}' must have valid policies defined`);let i=PN.Gateway.instance,s=(0,k_.getInboundPolicyInstances)(r.policies,i?.routeData.policies);return(0,k_.toStackedInboundHandler)(s)(t,e)},"CompositeInboundPolicy");hc.CompositeInboundPolicy=AN});var H_=_(yc=>{"use strict";Object.defineProperty(yc,"__esModule",{value:!0});yc.CurityPhantomTokenInboundPolicy=void 0;var RN=Zt(),ON=Bt(),mc=de(),NN=o(async(t,e,r,n)=>{let i=t.headers.get("Authorization");if(!i)return mc.HttpProblems.unauthorized(t,e,{detail:"No authorization header"});let s=CN(i);if(!s)return mc.HttpProblems.unauthorized(t,e,{detail:"Failed to parse token from Authorization header"});let a=await(0,RN.getPolicyCacheName)(n,r),c=new ON.MemoryZoneReadThroughCache(a,e),u=await c.get(s);if(!u){let l=await fetch(r.introspectionUrl,{headers:{Authorization:"Basic "+btoa(`${r.clientId}:${r.clientSecret}`),Accept:"application/jwt","Content-Type":"application/x-www-form-urlencoded"},method:"POST",body:"token="+s+"&token_type_hint=access_token"}),d=await l.text();if(l.status===200)u=d,c.put(s,u,r.cacheDurationSeconds??600);else return l.status>=500?(e.log.error(`Error introspecting token - ${l.status}: '${d}'`),mc.HttpProblems.internalServerError(t,e,{detail:"Problem encountered authorizing the HTTP request"})):mc.HttpProblems.unauthorized(t,e)}return t.headers.set("Authorization",`Bearer ${u}`),t},"CurityPhantomTokenInboundPolicy");yc.CurityPhantomTokenInboundPolicy=NN;function CN(t){return t.split(" ")[0]==="Bearer"?t.split(" ")[1]:null}o(CN,"getToken")});var q_=_(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.FirebaseJwtInboundPolicy=void 0;var xN=lt(),LN=Xt(),DN=o(async(t,e,r,n)=>((0,xN.optionValidator)(r,n).required("projectId","string").optional("allowUnauthenticatedRequests","boolean"),(0,LN.OpenIdJwtInboundPolicy)(t,e,{issuer:`https://securetoken.google.com/${r.projectId}`,audience:r.projectId,jwkUrl:"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n)),"FirebaseJwtInboundPolicy");gc.FirebaseJwtInboundPolicy=DN});var $_=_(bc=>{"use strict";Object.defineProperty(bc,"__esModule",{value:!0});bc.FormDataToJsonInboundPolicy=void 0;var MN=Ke(),UN=o(async(t,e,r)=>{let n="application/x-www-form-urlencoded",i="multipart/form-data",s=t.headers.get("content-type")?.toLowerCase();if(!s||![i,n].includes(s))return r&&r.badRequestIfNotFormData?new Response(`Bad Request - expected content-type '${n}' or ${i}`,{status:400,statusText:"Bad Request"}):t;let a=await t.formData();if(r&&r.optionalHoneypotName&&a.get(r.optionalHoneypotName)!=="")return new Response("Bad Request",{status:400,statusText:"Bad Request"});let c={};for(let[d,p]of a)c[d]=p.toString();let u=new Headers(t.headers);return u.set("content-type","application/json"),u.delete("content-length"),new MN.ZuploRequest(t,{body:JSON.stringify(c),headers:u})},"FormDataToJsonInboundPolicy");bc.FormDataToJsonInboundPolicy=UN});var j_=_(_c=>{"use strict";Object.defineProperty(_c,"__esModule",{value:!0});_c.GeoFilterInboundPolicy=void 0;var kN=k(),FN=de(),si="__unknown__",HN=o(async(t,e,r,n)=>{let i={allow:{countries:ci(r.allow?.countries,"allow.countries",n),regionCodes:ci(r.allow?.regionCodes,"allow.regionCode",n),asns:ci(r.allow?.asns,"allow.asOrganization",n)},block:{countries:ci(r.block?.countries,"block.countries",n),regionCodes:ci(r.block?.regionCodes,"block.regionCode",n),asns:ci(r.block?.asns,"block.asOrganization",n)},ignoreUnknown:r.ignoreUnknown!==!1},s=e.incomingRequestProperties.country?.toLowerCase()??si,a=e.incomingRequestProperties.regionCode?.toLowerCase()??si,c=e.incomingRequestProperties.asn?.toString()??si,u=i.ignoreUnknown&&s===si,l=i.ignoreUnknown&&a===si,d=i.ignoreUnknown&&c===si,p=i.allow.countries,f=i.allow.regionCodes,h=i.allow.asns;if(p.length>0&&!p.includes(s)&&!u||f.length>0&&!f.includes(a)&&!l||h.length>0&&!h.includes(c)&&!d)return ai(t,e,n,s,a,c);let y=i.block.countries,b=i.block.regionCodes,I=i.block.asns;return y.length>0&&y.includes(s)&&!u||b.length>0&&b.includes(a)&&!l||I.length>0&&I.includes(c)&&!d?ai(t,e,n,s,a,c):t},"GeoFilterInboundPolicy");_c.GeoFilterInboundPolicy=HN;function ai(t,e,r,n,i,s){return e.log.debug(`Request blocked by GeoFilterInboundPolicy '${r}' (country: '${n}', regionCode: '${i}', asn: '${s}')`),FN.HttpProblems.forbidden(t,e,{geographicContext:{country:n,regionCode:i,asn:s}})}o(ai,"blockedResponse");function ci(t,e,r){if(typeof t=="string")return t.split(",").map(n=>n.trim().toLowerCase());if(typeof t>"u")return[];if(Array.isArray(t))return t.map(n=>n.trim().toLowerCase());throw new kN.ConfigurationError(`Invalid '${e}' for GeoFilterInboundPolicy '${r}': '${t}', must be a string or string[]`)}o(ci,"toLowerStringArray")});var V_=_(Ec=>{"use strict";Object.defineProperty(Ec,"__esModule",{value:!0});Ec.JWTScopeValidationInboundPolicy=void 0;var qN=o(async(t,e,r)=>{let n=t.user?.data.scope.split(" ")||[];if(!o((s,a)=>a.every(c=>s.includes(c)),"scopeChecker")(n,r.scopes)){let s={code:"UNAUTHORIZED",help_url:"https://zup.fail/UNAUTHORIZED",message:`JWT must have all the following scopes: ${r.scopes}`};return new Response(JSON.stringify(s),{status:401,statusText:"Unauthorized",headers:{"content-type":"application/json"}})}return t},"JWTScopeValidationInboundPolicy");Ec.JWTScopeValidationInboundPolicy=qN});var G_=_(wc=>{"use strict";Object.defineProperty(wc,"__esModule",{value:!0});wc.MockApiInboundPolicy=void 0;var $N=de(),jN=o(async(t,e,r,n)=>{let i=e.route.raw().responses;if(!i)return xf(n,t,e,"No responses defined in the OpenAPI document. Add some responses with examples to use this policy.");let s=Object.keys(i),a=[];if(s.length===0)return xf(n,t,e,"No response object defined under responses in the OpenAPI document. Add some response objects with examples to use this policy.");if(s.forEach(c=>{i[c].content&&Object.keys(i[c].content).forEach(l=>{let d=i[c].content[l].examples;d&&Object.keys(d).forEach(f=>{a.push({responseName:c,contentName:l,exampleName:f,exampleValue:d[f]})})})}),a=a.filter(c=>!(r.responsePrefixFilter&&!c.responseName.startsWith(r.responsePrefixFilter)||r.contentType&&c.contentName!==r.contentType||r.exampleName&&c.exampleName!==r.exampleName)),r.random&&a.length>1){let c=Math.floor(Math.random()*a.length);return B_(a[c])}else return a.length>0?B_(a[0]):xf(n,t,e,"No examples matching the mocking options found in the OpenAPI document. Add examples to the OpenAPI document matching the options for this policy or change the mocking options to match the examples in the OpenAPI document.")},"MockApiInboundPolicy");wc.MockApiInboundPolicy=jN;function B_(t){let e=JSON.stringify(t.exampleValue,null,2),r=new Headers;switch(r.set("Content-Type",t.contentName),t.responseName){case"1XX":return new Response(e,{status:100,headers:r});case"2XX":return new Response(e,{status:200,headers:r});case"3XX":return new Response(e,{status:300,headers:r});case"4XX":return new Response(e,{status:400,headers:r});case"5XX":case"default":return new Response(e,{status:500,headers:r});default:return new Response(e,{status:Number(t.responseName),headers:r})}}o(B_,"generateResponse");var xf=o((t,e,r,n)=>{let i=`Error in policy: ${t} - On route ${e.method} ${r.route.path}. ${n}`;return $N.HttpProblems.internalServerError(e,r,{detail:i})},"getProblemDetailResponse")});var Q_=_(ui=>{"use strict";Object.defineProperty(ui,"__esModule",{value:!0});ui.MoesifInboundPolicy=ui.setMoesifContext=void 0;var VN=k(),BN=Re(),GN="Incoming",KN={logRequestBody:!0,logResponseBody:!0};function K_(t){let e={};return t.forEach((r,n)=>{e[n]=r}),e}o(K_,"headersToObject");function J_(){return new Date().toISOString()}o(J_,"timestamp");var Lf=new WeakMap,JN={};function zN(t,e){let r=Lf.get(t);r||(r=JN);let n=Object.assign({...r},e);Lf.set(t,n)}o(zN,"setMoesifContext");ui.setMoesifContext=zN;async function z_(t,e){let r=t.headers.get("content-type");if(r&&r.indexOf("json")!==0)try{return await t.clone().json()}catch(i){e.log.error(i)}let n=await t.clone().text();return e.log.debug({textBody:n}),n}o(z_,"readBody");var WN={},Df;function W_(){if(!Df)throw new VN.RuntimeError("Invalid State - no _lastLogger");return Df}o(W_,"getLastLogger");function QN(t){let e=WN[t];return e||(e=new BN.BatchDispatch("moesif-inbound",100,async r=>{let n=JSON.stringify(r);W_().debug("posting",n);let i=await fetch("https://api.moesif.net/v1/events/batch",{method:"POST",headers:{"content-type":"application/json","X-Moesif-Application-Id":t},body:n});i.ok||W_().error({status:i.status,body:await i.text()})})),e}o(QN,"getDispatcher");async function YN(t,e,r,n){Df=e.log;let i=J_(),s=Object.assign(KN,r);if(!s.applicationId)throw new Error(`Invalid configuration for MoesifInboundPolicy '${n}' - applicationId is required`);let a=s.logRequestBody?await z_(t,e):void 0;return e.addResponseSendingFinalHook(async(c,u)=>{let l=QN(s.applicationId),d=t.headers.get("true-client-ip"),p=Lf.get(e)??{},f={time:i,uri:t.url,verb:t.method,body:a,ip_address:d??void 0,api_version:p.apiVersion,headers:K_(t.headers)},h=s.logResponseBody?await z_(c,e):void 0,y={time:J_(),status:c.status,headers:K_(c.headers),body:h},b={request:f,response:y,user_id:p.userId??u.user?.sub,session_token:p.sessionToken,company_id:p.companyId,metadata:p.metadata,direction:GN};l.enqueue(b),e.waitUntil(l.waitUntilFlushed())}),t}o(YN,"MoesifInboundPolicy");ui.MoesifInboundPolicy=YN});var X_=_(li=>{"use strict";Object.defineProperty(li,"__esModule",{value:!0});li.consumeSubcriptionQuotas=li.loadSubscription=void 0;var Y_=Je(),Z_=X();async function ZN(t,e,r,n){let i=Y_.SystemLogMap.getLogger(t),{authApiJWT:s,meteringServiceUrl:a}=Z_.Environment.instance,c;try{let l=await fetch(`${a}/internal/v1/metering/${n}/subscriptions?customerKey=${e}`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"GET"});if(l.ok)c=await l.json();else{let d=await l.json(),p=d.detail??d.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error loading subscription. ${l.status} - ${p}`),i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription.${l.status} - ${p}`)}}catch(l){i.error(`MonetizationInboundPolicy '${r}' - Error loading subscription`,l)}return c&&c.data&&c.data.length>0?c.data[0]:void 0}o(ZN,"loadSubscription");li.loadSubscription=ZN;async function XN(t,e,r,n,i){let{authApiJWT:s,meteringServiceUrl:a}=Z_.Environment.instance,c=Y_.SystemLogMap.getLogger(t);try{let u=await fetch(`${a}/internal/v1/metering/${n}/subscriptions/${e}/quotas/consume`,{headers:{Authorization:`Bearer ${s}`,"zp-rid":t.requestId},method:"POST",body:JSON.stringify({meters:i})});if(!u.ok){let l=await u.json(),d=l.detail??l.title??"Unknown error on quota consumption.";t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota. ${u.status} - ${d}`)}}catch(u){t.log.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`),c.error(`MonetizationInboundPolicy '${r}' - Error updating subscription quota.`,u)}}o(XN,"consumeSubcriptionQuotas");li.consumeSubcriptionQuotas=XN});var eE=_(Cr=>{"use strict";Object.defineProperty(Cr,"__esModule",{value:!0});Cr.compareMeters=Cr.parseAllowedSubscriptionStatuses=Cr.validateMeters=void 0;var tn=k(),eC=Jt(),tC=new Set(["active","inactive","incomplete","incomplete-expired","trialing","past-due","canceled","unpaid"]);function rC(t,e){try{let r=[];for(let n in t)typeof t[n]!="number"&&!(Number.isInteger(t[n])&&/^-?\d+$/.test(t[n].toString()))&&r.push(n);if(r.length>0)throw new tn.ConfigurationError(r.length>1?`The values found in these properties are not integers : ${r.join(", ")}`:`The value in property '${r[0]}' is not an integer`)}catch(r){throw r instanceof tn.ConfigurationError?new tn.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'meters' is invalid. ${r.message}`):r}}o(rC,"validateMeters");Cr.validateMeters=rC;function nC(t,e){if(t)try{if(t.length===0)throw new tn.ConfigurationError("Must set valid subscription statuses");let r=(0,eC.parseValueToStringArray)(t),n=[];for(let i of r)tC.has(i)||n.push(i);if(n.length>0)throw new tn.ConfigurationError(`Found the following invalid statuses: ${n.join(", ")}`);return t}catch(r){throw r instanceof tn.ConfigurationError?new tn.ConfigurationError(`MonetizationInboundPolicy '${e}' - The property 'allowedSubscriptionStatuses' is invalid. ${r.message}`):r}else return["active","incomplete","trialing"]}o(nC,"parseAllowedSubscriptionStatuses");Cr.parseAllowedSubscriptionStatuses=nC;function iC(t,e){let r={},n={};for(let i in e)t.hasOwnProperty(i)?r[i]=e[i]:n[i]=e[i];return{metersInSubscription:r,metersNotInSubscription:n}}o(iC,"compareMeters");Cr.compareMeters=iC});var nE=_(Tc=>{"use strict";Object.defineProperty(Tc,"__esModule",{value:!0});Tc.MonetizationInboundPolicy=void 0;var rn=Hr(),nn=Ep(),vc=Zi(),tE=k(),oC=_n(),on=de(),sC=Jt(),aC=lt(),rE=X_(),io=eE(),Mf=class extends oC.InboundPolicy{static{o(this,"MonetizationInboundPolicy")}static getSubscription(e){return nn.ContextData.get(e,rn.METERING_SUBSCRIPTION_CONTEXT_DATA)}static setMeters(e,r){(0,io.validateMeters)(r,"setMeters"),nn.ContextData.set(e,rn.DYNAMIC_METERS_CONTEXT_DATA,r)}async handler(e,r){(0,aC.optionValidator)(this.options,this.policyName).optional("allowRequestsWithoutSubscription","boolean").optional("allowRequestsOverQuota","boolean").optional("bucketId","string"),this.options.meterOnStatusCodes||(this.options.meterOnStatusCodes="200-399");let n=this.options.allowRequestsOverQuota??!1,i=(0,sC.statusCodesStringToNumberArray)(this.options.meterOnStatusCodes),s=nn.ContextData.get(r,rn.DYNAMIC_METERS_CONTEXT_DATA),a={...this.options.meters,...s};(0,io.validateMeters)(a,this.policyName);let c=this.options.allowRequestsWithoutSubscription??!1,u=(0,io.parseAllowedSubscriptionStatuses)(this.options.allowedSubscriptionStatuses,this.policyName);r.addResponseSendingFinalHook(async(b,I,A)=>{let g=nn.ContextData.get(A,rn.METERING_SUBSCRIPTION_CONTEXT_DATA);if((this.options.allowRequestsWithoutSubscription??!1)&&!g){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - No subscription found and property 'allowRequestsWithoutSubscription' is true`);return}if(!this.options.bucketId)if(vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new tE.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let O=nn.ContextData.get(A,rn.DYNAMIC_METERS_CONTEXT_DATA),V={...this.options.meters,...O};if((0,io.validateMeters)(V,this.policyName),i.includes(b.status)&&g&&V){A.log.debug(`MonetizationInboundPolicy '${this.policyName}' - Updating subscription '${g.id}' with meters '${JSON.stringify(V)} on response status '${b.status}'`);let{metersInSubscription:E,metersNotInSubscription:T}=(0,io.compareMeters)(g.meters,V);if(T&&Object.keys(T).length>0){let C=Object.keys(T);A.log.warn(`The following meters cannot be applied since they are not present in the subscription: '${C}'`)}await(0,rE.consumeSubcriptionQuotas)(A,g.id,this.policyName,this.options.bucketId,E)}});let l=e.user;if(!l)return c?e:on.HttpProblems.unauthorized(e,r,{detail:"Unable to check subscription for anonymous user"});if(!this.options.bucketId)if(vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID)this.options.bucketId=vc.environment.ZUPLO_METERING_SERVICE_BUCKET_ID;else throw new tE.ConfigurationError(`MonetizationInboundPolicy '${this.policyName}' - No bucketId property provided`);let{sub:d}=l,p=await(0,rE.loadSubscription)(r,d,this.policyName,this.options.bucketId);if(!p)return r.log.warn("No valid subscription found"),c?e:on.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});if(!u.includes(p.status)&&!c)return r.log.warn(`Subscription '${p.id}' has status '${p.status}' which is not part of the allowed statuses.`),on.HttpProblems.unauthorized(e,r,{detail:"No valid subscription found"});u.includes(p.status)&&(r.log.debug(`Loading subscription '${p.id}' for user sub '${d}' to ContextData`),nn.ContextData.set(r,rn.METERING_SUBSCRIPTION_CONTEXT_DATA,p));let f=nn.ContextData.get(r,rn.METERING_SUBSCRIPTION_CONTEXT_DATA);if(!f)return c?e:(r.log.warn("Subscription is not available for user"),on.HttpProblems.paymentRequired(e,r,{detail:"Subscription is not available for user",title:"No Subscription"}));if(f&&Object.keys(f.meters).length===0)return r.log.error(`Quota is not set up for subscription '${f.id}'`),on.HttpProblems.tooManyRequests(e,r,{detail:"Quota is not set up for the user's subscription",title:"Quota Exceeded"});let y=Object.keys(a).filter(b=>!Object.keys(f.meters).includes(b));if(y.length>0)return r.log.warn(`The following policy meters are not present in the subscription: ${y.join(", ")}`),on.HttpProblems.tooManyRequests(e,r,{detail:`The following policy meters are not present in the subscription: ${y.join(", ")}`,title:"Quota Exceeded"});for(let b of Object.keys(a))if(f.meters[b].available<=0&&!n)return on.HttpProblems.tooManyRequests(e,r,{detail:`Quota exceeded for meter '${b}'`,title:"Quota Exceeded"});return e}};Tc.MonetizationInboundPolicy=Mf});var iE=_(Sc=>{"use strict";Object.defineProperty(Sc,"__esModule",{value:!0});Sc.OktaJwtInboundPolicy=void 0;var cC=Xt(),uC=o(async(t,e,r,n)=>(0,cC.OpenIdJwtInboundPolicy)(t,e,{issuer:r.issuerUrl,audience:r.audience,jwkUrl:`${r.issuerUrl}/v1/keys`,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests},n),"OktaJwtInboundPolicy");Sc.OktaJwtInboundPolicy=uC});var oE=_(Ic=>{"use strict";Object.defineProperty(Ic,"__esModule",{value:!0});Ic.PropelAuthJwtInboundPolicy=void 0;var lC=(ra(),xo(ta)),dC=Xt(),Uf,pC=o(async(t,e,r,n)=>{if(!Uf)try{Uf=await(0,lC.importSPKI)(r.verifierKey,"RS256")}catch(i){throw e.log.error("Could not import verifier key"),i}return(0,dC.OpenIdJwtInboundPolicy)(t,e,{issuer:r.authUrl,secret:Uf,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests,subPropertyName:"user_id"},n)},"PropelAuthJwtInboundPolicy");Ic.PropelAuthJwtInboundPolicy=pC});var sE=_(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.throwIfStateNotObject=Z.throwIfStateNotNumber=Z.throwIfStateNotString=Z.throwIfStateUndefinedOrNull=Z.throwIfStateUndefined=Z.throwIfOptionNotObject=Z.throwIfOptionNotNumber=Z.throwIfOptionNotString=Z.throwIfOptionUndefinedOrNull=Z.throwIfOptionUndefined=Z.OptionTypeError=Z.OptionUndefinedError=Z.throwIfNotNumber=Z.throwIfNotString=Z.throwIfUndefinedOrNull=Z.throwIfUndefined=Z.ArgumentTypeError=Z.ArgumentUndefinedError=Z.ValidationError=void 0;var Ye=at(),dt=class extends Error{static{o(this,"ValidationError")}constructor(e){super(e)}};Z.ValidationError=dt;var oo=class extends dt{static{o(this,"ArgumentUndefinedError")}constructor(e){super(`The argument '${e}' is undefined.`)}};Z.ArgumentUndefinedError=oo;var so=class extends dt{static{o(this,"ArgumentTypeError")}constructor(e,r){super(`The argument '${e}' must be of type '${r}'.`)}};Z.ArgumentTypeError=so;function fC(t,e){if((0,Ye.isUndefined)(t))throw new oo(e)}o(fC,"throwIfUndefined");Z.throwIfUndefined=fC;function kf(t,e){if((0,Ye.isUndefinedOrNull)(t))throw new oo(e)}o(kf,"throwIfUndefinedOrNull");Z.throwIfUndefinedOrNull=kf;function hC(t,e){if(kf(t,e),!(0,Ye.isString)(t))throw new so(e,"string")}o(hC,"throwIfNotString");Z.throwIfNotString=hC;function mC(t,e){if(kf(t,e),!(0,Ye.isNumber)(t))throw new so(e,"number")}o(mC,"throwIfNotNumber");Z.throwIfNotNumber=mC;var ao=class extends dt{static{o(this,"OptionUndefinedError")}constructor(e,r,n){super(`The option '${n}' on the ${e} named '${r}' is undefined.`)}};Z.OptionUndefinedError=ao;var di=class extends dt{static{o(this,"OptionTypeError")}constructor(e,r,n,i){super(`The option '${n}' on the ${e} named '${r}' must be of type '${i}'.`)}};Z.OptionTypeError=di;function yC(t,e,r,n){if((0,Ye.isUndefined)(n))throw new ao(t,e,r)}o(yC,"throwIfOptionUndefined");Z.throwIfOptionUndefined=yC;function Pc(t,e,r,n){if((0,Ye.isUndefinedOrNull)(n))throw new ao(t,e,r)}o(Pc,"throwIfOptionUndefinedOrNull");Z.throwIfOptionUndefinedOrNull=Pc;function gC(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isString)(n))throw new di(t,e,r,"string")}o(gC,"throwIfOptionNotString");Z.throwIfOptionNotString=gC;function bC(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isNumber)(n))throw new di(t,e,r,"number")}o(bC,"throwIfOptionNotNumber");Z.throwIfOptionNotNumber=bC;function _C(t,e,r,n){if(Pc(t,e,r,n),!(0,Ye.isObject)(n))throw new di(t,e,r,"object")}o(_C,"throwIfOptionNotObject");Z.throwIfOptionNotObject=_C;function EC(t,e){if((0,Ye.isUndefined)(t))throw new dt(e)}o(EC,"throwIfStateUndefined");Z.throwIfStateUndefined=EC;function Ac(t,e){if((0,Ye.isUndefinedOrNull)(t))throw new dt(e)}o(Ac,"throwIfStateUndefinedOrNull");Z.throwIfStateUndefinedOrNull=Ac;function wC(t,e){if(Ac(t,e),!(0,Ye.isString)(t))throw new dt(e);return!0}o(wC,"throwIfStateNotString");Z.throwIfStateNotString=wC;function vC(t,e){if(Ac(t,e),!(0,Ye.isNumber)(t))throw new dt(e);return!0}o(vC,"throwIfStateNotNumber");Z.throwIfStateNotNumber=vC;function TC(t,e){if(Ac(t,e),!(0,Ye.isObject)(t))throw new dt(e);return!0}o(TC,"throwIfStateNotObject");Z.throwIfStateNotObject=TC});var aE=_(pi=>{"use strict";Object.defineProperty(pi,"__esModule",{value:!0});pi.InMemoryRedisClient=pi.StandardRedisClient=void 0;var Ff=k(),Rc=sE(),Hf=class t{static{o(this,"StandardRedisClient")}static instance;redisClientUrl;clientAuthToken;userAgent;deploymentName;constructor(e,r,n,i){this.redisClientUrl=e,this.clientAuthToken=r,this.deploymentName=n,this.userAgent=i}static initialize(e,r,n,i){return(0,Rc.throwIfNotString)(e,"redisClientUrl"),(0,Rc.throwIfNotString)(r,"clientAuthToken"),t.instance||(t.instance=new t(e,r,n,i)),t.instance}isEnabled(){return this.redisClientUrl!==void 0&&this.clientAuthToken!==void 0}async fetch({url:e,body:r,method:n,requestId:i}){(0,Rc.throwIfNotString)(e,"url");let s=await fetch(`${this.redisClientUrl}${e}`,{method:n,body:r,headers:{"content-type":"application/json",authorization:`Bearer ${this.clientAuthToken}`,"zp-rid":i,"zp-dn":this.deploymentName,"User-Agent":this.userAgent}}),a=s.headers.get("Content-Type")?.includes("application/json")?await s.json():await s.text();if(s.ok)return a;throw s.status===401?new Ff.SystemError("Redis client failed with 401: Unauthorized"):new Ff.SystemError(`Redis client failed with (${s.status}): ${typeof a=="string"?a:JSON.stringify(a,null,2)}`)}};pi.StandardRedisClient=Hf;var qf=class{static{o(this,"InMemoryRedisClient")}keyValueStore;constructor(){this.keyValueStore=new Map}isEnabled(){return!0}fetch({url:e,body:r,method:n}){if((0,Rc.throwIfNotString)(e,"url"),n==="POST"&&e==="/rate-limit"){let{incrBy:i,expire:s,key:a}=JSON.parse(r),c=Date.now()+s*1e3,u=this.keyValueStore.get(a);u?Date.now()>u.expiresAt?this.keyValueStore.set(a,{value:i,expiresAt:c}):this.keyValueStore.set(a,{value:u.value+i,expiresAt:u.expiresAt}):this.keyValueStore.set(a,{value:i,expiresAt:c});let l=this.keyValueStore.get(a);return Promise.resolve({count:l.value,ttlSeconds:Math.round((l.expiresAt-Date.now())/1e3)})}throw new Ff.SystemError("The in-memory redis client only supports /rate-limit calls")}};pi.InMemoryRedisClient=qf});var $f=_(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae.RETRY_AFTER_HEADER=Ae.wrapUserFunction=Ae.getCountAndUpdateExpiry=Ae.getRedisClient=Ae.getAll=Ae.getUser=Ae.getIP=Ae.getRealIP=void 0;var xr=k(),Oc=X(),cE=aE(),uE=at(),SC=o(t=>{let e=t.headers.get("x-real-ip")??t.headers.get("true-client-ip")??t.headers.get("cf-connecting-ip");if(e)return e;let r=t.headers.get("x-forwarded-for");return r?r.split(",")[0]:"127.0.0.1"},"getRealIP");Ae.getRealIP=SC;var IC=o(async t=>({key:`ip-${(0,Ae.getRealIP)(t)}`}),"getIP");Ae.getIP=IC;var PC=o(async t=>({key:`user-${t.user?.sub??"anonymous"}`}),"getUser");Ae.getUser=PC;var AC=o(async()=>({key:"all-2d77ce9d-9a3c-4206-9ab2-668cfd271095"}),"getAll");Ae.getAll=AC;var Nc;function RC(t,e){let r;if(Nc)return Nc;if(Oc.Environment.instance.isLocalDevelopment)return e.info("Using in-memory redis client for local development."),r=new cE.InMemoryRedisClient,Nc=r,r;let{authApiJWT:n,redisURL:i}=Oc.Environment.instance;if(!(0,uE.isString)(i))throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - rate limit service URL not configured`);if(!(0,uE.isString)(n))throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - service authentication not configured`);if(i&&(r=cE.StandardRedisClient.initialize(i,n,Oc.Environment.instance.deploymentName??"unknown",Oc.Environment.instance.systemUserAgent)),!r||!r.isEnabled())throw new xr.SystemError(`RateLimitInboundPolicy '${t}' - no redis ('${r}') or redis.isEnabled ('${r?.isEnabled}) is false`);return Nc=r,r}o(RC,"getRedisClient");Ae.getRedisClient=RC;async function OC(t,e,r,n,i){let s=Math.floor(e*60);return await r.fetch({url:"/rate-limit",method:"POST",body:JSON.stringify({incrBy:1,expire:s,key:t}),requestId:i})}o(OC,"getCountAndUpdateExpiry");Ae.getCountAndUpdateExpiry=OC;function NC(t,e){let r;if(t.rateLimitBy==="function"){if(!t.identifier)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier must be specified`);if(!t.identifier.module)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.module must be specified`);if(!t.identifier.export)throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - If rateLimitBy set to 'function' options.identifier.export must be specified`);if(r=t.identifier.module[t.identifier.export],!r||typeof r!="function")throw new xr.ConfigurationError(`RateLimitInboundPolicy '${e}' - Custom rate limit function must be a valid function`)}return o(async(i,s,a)=>{let c=await r(i,s,a);if(!c.key){let u=`RateLimitInboundPolicy '${a}' - Custom rate limit function must return a valid key property '${JSON.stringify(c,null,2)}'`;throw s.log.error(u),new xr.RuntimeError(u)}return c},"outerFunction")}o(NC,"wrapUserFunction");Ae.wrapUserFunction=NC;Ae.RETRY_AFTER_HEADER="Retry-After"});var dE=_(Cc=>{"use strict";Object.defineProperty(Cc,"__esModule",{value:!0});Cc.AsyncRateLimitInboundPolicy=void 0;var CC=or(),xC=Zt(),LC=de(),DC=Je(),MC=X(),UC=Bt(),sn=$f(),lE=(0,CC.debug)("zuplo:policies:RateLimitInboundPolicy"),kC=o(async(t,e,r,n)=>{let i=DC.SystemLogMap.getLogger(e),s=o((E,T)=>{let C={};return(!E||E==="retry-after")&&(C[sn.RETRY_AFTER_HEADER]=T.toString()),LC.HttpProblems.tooManyRequests(t,e,void 0,C)},"rateLimited"),c={function:(0,sn.wrapUserFunction)(r,n),user:sn.getUser,ip:sn.getIP,all:sn.getAll}[r.rateLimitBy],u=await c(t,e,n),l=u.key,d=u.requestsAllowed??r.requestsAllowed,p=u.timeWindowMinutes??r.timeWindowMinutes,f=r.headerMode??"retry-after",h=(0,sn.getRedisClient)(n,i),b=`bucket/${MC.Environment.instance.build.BUILD_ID}/${n}/${l}`,I=await(0,xC.getPolicyCacheName)(n,r),A=new UC.MemoryZoneReadThroughCache(I,e),g=(0,sn.getCountAndUpdateExpiry)(b,p,h,i,e.requestId),v;o(async()=>{let E=await g;if(E.count>d){let T=Date.now()+E.ttlSeconds*1e3;A.put(b,T,E.ttlSeconds),lE(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${b}' (async mode)`),v=s(f,E.ttlSeconds)}},"asyncCheck")();let V=await A.get(b);if(V!==void 0&&V>Date.now()){lE(`RateLimitInboundPolicy '${n}' - returning 429 from cache for '${b}' (async mode)`);let E=Math.round((V-Date.now())/1e3);return s(f,E)}return e.addResponseSendingHook(async E=>v??E),t},"AsyncRateLimitInboundPolicy");Cc.AsyncRateLimitInboundPolicy=kC});var fE=_(xc=>{"use strict";Object.defineProperty(xc,"__esModule",{value:!0});xc.RateLimitInboundPolicy=void 0;var FC=or(),HC=k(),qC=de(),$C=Je(),jC=X(),VC=dE(),an=$f(),pE=(0,FC.debug)("zuplo:policies:RateLimitInboundPolicy"),BC="strict",GC=o(async(t,e,r,n)=>{if((r.mode??BC)==="async")return(0,VC.AsyncRateLimitInboundPolicy)(t,e,r,n);let s=Date.now(),a=$C.SystemLogMap.getLogger(e),c=o((l,d)=>{if(r.throwOnFailure)throw new HC.SystemError(l,{cause:d});a.error(l,d)},"throwOrLog"),u=o((l,d)=>{let p={};return(!l||l==="retry-after")&&(p[an.RETRY_AFTER_HEADER]=d.toString()),qC.HttpProblems.tooManyRequests(t,e,void 0,p)},"rateLimited");try{let d={function:(0,an.wrapUserFunction)(r,n),user:an.getUser,ip:an.getIP,all:an.getAll}[r.rateLimitBy],p=await d(t,e,n),f=p.key,h=p.requestsAllowed??r.requestsAllowed,y=p.timeWindowMinutes??r.timeWindowMinutes,b=r.headerMode??"retry-after",I=(0,an.getRedisClient)(n,a),g=`bucket/${jC.Environment.instance.build.BUILD_ID}/${n}/${f}`,v=await(0,an.getCountAndUpdateExpiry)(g,y,I,a,e.requestId);return v.count>h?(pE(`RateLimitInboundPolicy '${n}' - returning 429 from redis for '${g}' (strict mode)`),u(b,v.ttlSeconds)):t}catch(l){return c(l.message,l),t}finally{let l=Date.now()-s;pE(`RateLimitInboundPolicy '${n}' - latency ${l}ms`)}},"RateLimitInboundPolicy");xc.RateLimitInboundPolicy=GC});var gE=_(Lc=>{"use strict";Object.defineProperty(Lc,"__esModule",{value:!0});Lc.ReadmeMetricsInboundPolicy=void 0;var KC=Re(),jf=X(),hE=Jt(),Vf;function mE(t){let e=[];for(let[r,n]of t)e.push({name:r,value:n});return e}o(mE,"headersToNameValuePairs");function JC(t){let e=[];return Object.entries(t).forEach(([r,n])=>{e.push({name:r,value:n})}),e}o(JC,"queryToNameValueParis");function zC(t){if(t===null)return;let e=parseFloat(t);if(!isNaN(e))return e}o(zC,"parseIntOrUndefined");var yE={};async function WC(t,e,r,n){let i=new Date,s=Date.now();return Vf||(Vf={name:"zuplo",version:jf.Environment.instance.build.ZUPLO_VERSION,comment:`zuplo/${jf.Environment.instance.build.ZUPLO_VERSION}`}),e.addResponseSendingFinalHook(async a=>{try{let c=r.userLabelPropertyPath&&t.user?(0,hE.getValueFromRequestUser)(t.user,r.userLabelPropertyPath,"userLabelPropertyPath"):t.user?.sub,u=r.userEmailPropertyPath&&t.user?(0,hE.getValueFromRequestUser)(t.user,r.userEmailPropertyPath,"userEmailPropertyPath"):void 0,l={clientIPAddress:t.headers.get("true-client-ip")??"",development:r.development!==void 0?r.development:jf.Environment.instance.isDeno,group:{label:c,email:u,id:t.user?.sub??"anonymous"},request:{log:{creator:Vf,entries:[{startedDateTime:i.toISOString(),time:Date.now()-s,request:{method:t.method,url:r.useFullRequestPath?new URL(t.url).pathname:e.route.path,httpVersion:"2",headers:mE(t.headers),queryString:JC(t.query)},response:{status:a.status,statusText:a.statusText,headers:mE(a.headers),content:{size:zC(t.headers.get("content-length"))}}}]}}},d=yE[r.apiKey];if(!d){let p=r.apiKey;d=new KC.BatchDispatch("readme-metering-inbound-policy",10,async f=>{try{let h=r.url??"https://metrics.readme.io/request",y=await fetch(h,{method:"POST",body:JSON.stringify(f),headers:{"content-type":"application/json",authorization:`Basic ${btoa(p+":")}`}});y.status!==202&&e.log.error(`Unexpected response in ReadmeMeteringInboundPolicy '${n}'. ${y.status}: '${await y.text()}'`)}catch(h){throw e.log.error(`Error in ReadmeMeteringInboundPolicy '${n}': '${h.message}'`),h}}),yE[p]=d}d.enqueue(l),e.waitUntil(d.waitUntilFlushed())}catch(c){e.log.error(c)}}),t}o(WC,"ReadmeMetricsInboundPolicy");Lc.ReadmeMetricsInboundPolicy=WC});var bE=_(Dc=>{"use strict";Object.defineProperty(Dc,"__esModule",{value:!0});Dc.RemoveHeadersInboundPolicy=void 0;var QC=k(),YC=Ke(),ZC=o(async(t,e,r,n)=>{let i=r?.headers;if(!i||!Array.isArray(i)||i.length===0)throw new QC.ConfigurationError(`RemoveHeadersInboundPolicy '${n}' options.headers must be a non-empty string array of header names`);let s=new Headers(t.headers);return i.forEach(c=>{s.delete(c)}),new YC.ZuploRequest(t,{headers:s})},"RemoveHeadersInboundPolicy");Dc.RemoveHeadersInboundPolicy=ZC});var _E=_(Mc=>{"use strict";Object.defineProperty(Mc,"__esModule",{value:!0});Mc.RemoveHeadersOutboundPolicy=void 0;var XC=k(),ex=o(async(t,e,r,n,i)=>{let s=n?.headers;if(!s||!Array.isArray(s)||s.length===0)throw new XC.ConfigurationError(`RemoveHeadersOutboundPolicy '${i}' options.headers must be a non-empty string array of header names`);let a=new Headers(t.headers);return s.forEach(u=>{a.delete(u)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"RemoveHeadersOutboundPolicy");Mc.RemoveHeadersOutboundPolicy=ex});var EE=_(Uc=>{"use strict";Object.defineProperty(Uc,"__esModule",{value:!0});Uc.RemoveQueryParamsInboundPolicy=void 0;var tx=k(),rx=Ke(),nx=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length===0)throw new tx.ConfigurationError(`RemoveQueryParamsInboundPolicy '${n}' options.params must be a non-empty string array of header names`);let s=new URL(t.url);return i.forEach(c=>{s.searchParams.delete(c)}),new rx.ZuploRequest(s.toString(),t)},"RemoveQueryParamsInboundPolicy");Uc.RemoveQueryParamsInboundPolicy=nx});var wE=_(kc=>{"use strict";Object.defineProperty(kc,"__esModule",{value:!0});kc.ReplaceStringOutboundPolicy=void 0;var ix=o(async(t,e,r,n)=>{let i=await t.text(),s=n.mode==="regexp"?new RegExp(n.match,"gm"):n.match,a=i.replaceAll(s,n.replaceWith);return new Response(a,{headers:t.headers,status:t.status,statusText:t.statusText})},"ReplaceStringOutboundPolicy");kc.ReplaceStringOutboundPolicy=ix});var TE=_(Fc=>{"use strict";Object.defineProperty(Fc,"__esModule",{value:!0});Fc.RequestSizeLimitInboundPolicy=void 0;var vE=o(()=>new Response("Maximum request size exceeded",{status:413,statusText:"Payload Too Large"}),"payloadTooLarge"),ox=o(async(t,e,r)=>{let n=r.trustContentLengthHeader??!1;if(["GET","HEAD"].includes(t.method))return t;let i=t.headers.get("content-length"),s=i!==null?parseInt(i):void 0;return s&&!isNaN(s)&&s>r.maxSizeInBytes?vE():s&&n?t:(await t.clone().text()).length>r.maxSizeInBytes?vE():t},"RequestSizeLimitInboundPolicy");Fc.RequestSizeLimitInboundPolicy=ox});var Hc=_(pt=>{"use strict";Object.defineProperty(pt,"__esModule",{value:!0});pt.sanitizedIdentifierName=pt.getIdForRefSchema=pt.getIdForRequestBodySchema=pt.getIdForParameterSchema=pt.getRawOperationDataIdentifierName=void 0;function sx(t,e,r){return`_${cn(t+"_"+e+"_"+r)}`}o(sx,"getRawOperationDataIdentifierName");pt.getRawOperationDataIdentifierName=sx;function ax(t,e,r,n){return`_${cn(t.toLowerCase())}_`+e.toLowerCase()+"_"+r.toLowerCase()+`_${n.toLowerCase()}`}o(ax,"getIdForParameterSchema");pt.getIdForParameterSchema=ax;function cx(t,e,r){return`_${cn(t.toLowerCase())}_`+e.toLowerCase()+`_rb_${cn(r.toLowerCase())}`}o(cx,"getIdForRequestBodySchema");pt.getIdForRequestBodySchema=cx;function ux(t,e){return`_${cn(t)}__${cn(e)}`}o(ux,"getIdForRefSchema");pt.getIdForRefSchema=ux;function cn(t){let e=[];for(let r=0;r<t.length;r++){let n=t.charCodeAt(r);n>="0".charCodeAt(0)&&n<="9".charCodeAt(0)||n>="A".charCodeAt(0)&&n<="Z".charCodeAt(0)||n>="a".charCodeAt(0)&&n<="z".charCodeAt(0)?e.push(t.charAt(r)):e.push("_")}return e.join("")}o(cn,"sanitizedIdentifierName");pt.sanitizedIdentifierName=cn});var co=_(je=>{"use strict";Object.defineProperty(je,"__esModule",{value:!0});je.getErrorsFromValidator=je.shouldReject=je.shouldLog=je.logErrors=je.validateParameters=je.getParametersForOperation=void 0;var lx=$r(),dx=Hc(),px=o(t=>{let e=t.route.raw();return e.parameters?e.parameters.map(n=>({name:n.name,location:n.in,required:n.required,deprecated:n.deprecated,allowEmptyValue:n.allowEmptyValue})):[]},"getParametersForOperation");je.getParametersForOperation=px;var fx=o((t,e,r,n,i)=>{let s=[],a=!0,c=[];return t.forEach(u=>{let l=u.required||i==="path";if(l&&!e[u.name])a=!1,s.push(`Required ${i} parameter '${u.name}' not found`);else if(!(!l&&!e[u.name])){let d=(0,dx.getIdForParameterSchema)(r,n,i,u.name),p=lx.Gateway.instance.schemaValidator[d],f=p(e[u.name]),h=(0,je.getErrorsFromValidator)(p.errors);f||(a=!1,c.push(`${i} parameter: ${u.name} : ${e[u.name]}`),s.push(`Invalid value for ${i} parameter: '${u.name}' ${h.join(", ")}`))}}),{isValid:a,invalidValues:c,errors:s}},"validateParameters");je.validateParameters=fx;var hx=o((t,e,r,n,i)=>{n?t.log[e](r,n,i):t.log[e](r,i)},"logErrors");je.logErrors=hx;var mx=o(t=>t==="log-only"||t==="reject-and-log","shouldLog");je.shouldLog=mx;var yx=o(t=>t==="reject-only"||t==="reject-and-log","shouldReject");je.shouldReject=yx;var gx=o(t=>t?.map(e=>e.instancePath===void 0||e.instancePath===""?e.message??"Unknown validation error":e.instancePath.replace("/","")+" "+e.message)??["Unknown validation error"],"getErrorsFromValidator");je.getErrorsFromValidator=gx});var SE=_($c=>{"use strict";Object.defineProperty($c,"__esModule",{value:!0});$c.handleBodyValidation=void 0;var bx=$r(),qc=de(),_x=Hc(),tt=co();async function Ex(t,e,r){if(!r.validateBody||r.validateBody==="none")return;let n;try{n=await e.clone().json()}catch(h){let y=`Error in request body for method : ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,b=qc.HttpProblems.badRequest(e,t,{detail:`${y}, see errors property for more details`,errors:`${h}`});if((0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",y,[n],h),(0,tt.shouldReject)(r.validateBody))return b}if(!e.headers.get("Content-Type")){let h=`No content-type header defined in incoming request to ${e.method} in route: ${t.route.path}`,y=qc.HttpProblems.badRequest(e,t,{detail:h});return(0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,tt.shouldReject)(r.validateBody)?y:void 0}let i=e.headers.get("Content-Type"),s=i.indexOf(";");s>-1&&(i=i.substring(0,s));let a=(0,_x.getIdForRequestBodySchema)(t.route.path,e.method,i),c=bx.Gateway.instance.schemaValidator[a];if(!c){let h=`No schema defined for method: ${e.method} in route: ${t.route.path} with content-type: ${e.headers.get("Content-Type")}`,y=qc.HttpProblems.badRequest(e,t,{detail:h});return(0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",h,[n],[h]),(0,tt.shouldReject)(r.validateBody)?y:void 0}if(c(n))return;let l=c.errors,d="Request body did not pass validation",p=(0,tt.getErrorsFromValidator)(l),f=qc.HttpProblems.badRequest(e,t,{detail:`${d}, see errors property for more details`,errors:p});if((0,tt.shouldLog)(r.validateBody)&&(0,tt.logErrors)(t,r.logLevel??"info",d,[n],p),(0,tt.shouldReject)(r.validateBody))return f}o(Ex,"handleBodyValidation");$c.handleBodyValidation=Ex});var IE=_(jc=>{"use strict";Object.defineProperty(jc,"__esModule",{value:!0});jc.handleHeadersValidation=void 0;var wx=de(),uo=co();function vx(t,e,r){if(!r.validateHeaders||r.validateHeaders==="none")return;let n={};e.headers.forEach((a,c)=>{n[c]=a});let i=(0,uo.getParametersForOperation)(t),s=(0,uo.validateParameters)(i.filter(a=>a.location==="header"),n,t.route.path,e.method.toLowerCase(),"header");if(!s.isValid){let a="Header validation failed",c=wx.HttpProblems.badRequest(e,t,{detail:`${a}, see errors property for more details`,errors:s.errors});if((0,uo.shouldLog)(r.validateHeaders)&&(0,uo.logErrors)(t,r.logLevel??"info",a,s.invalidValues,s.errors),(0,uo.shouldReject)(r.validateHeaders))return c}}o(vx,"handleHeadersValidation");jc.handleHeadersValidation=vx});var PE=_(Vc=>{"use strict";Object.defineProperty(Vc,"__esModule",{value:!0});Vc.handlePathParameterValidation=void 0;var Tx=de(),lo=co();function Sx(t,e,r){if(!r.validatePathParameters||r.validatePathParameters==="none")return;let n=(0,lo.getParametersForOperation)(t),i=(0,lo.validateParameters)(n.filter(s=>s.location==="path"),e.params,t.route.path,e.method.toLowerCase(),"path");if(!i.isValid){let s="Path parameters validation failed",a=Tx.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,lo.shouldLog)(r.validatePathParameters)&&(0,lo.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,lo.shouldReject)(r.validatePathParameters))return a}}o(Sx,"handlePathParameterValidation");Vc.handlePathParameterValidation=Sx});var AE=_(Bc=>{"use strict";Object.defineProperty(Bc,"__esModule",{value:!0});Bc.handleQueryParameterValidation=void 0;var Ix=de(),po=co();function Px(t,e,r){if(!r.validateQueryParameters||r.validateQueryParameters==="none")return;let n=(0,po.getParametersForOperation)(t),i=(0,po.validateParameters)(n.filter(s=>s.location==="query"),e.query,t.route.path,e.method.toLowerCase(),"query");if(!i.isValid){let s="Query parameters validation failed",a=Ix.HttpProblems.badRequest(e,t,{detail:`${s}, see errors property for more details`,errors:i.errors});if((0,po.shouldLog)(r.validateQueryParameters)&&(0,po.logErrors)(t,r.logLevel??"info",s,i.invalidValues,i.errors),(0,po.shouldReject)(r.validateQueryParameters))return a}}o(Px,"handleQueryParameterValidation");Bc.handleQueryParameterValidation=Px});var RE=_(un=>{"use strict";Object.defineProperty(un,"__esModule",{value:!0});un.SchemaBasedRequestValidation=un.RequestValidationInboundPolicy=void 0;var Ax=SE(),Rx=IE(),Ox=PE(),Nx=AE(),Cx=o(async(t,e,r)=>{let n=(0,Nx.handleQueryParameterValidation)(e,t,r);if(n!==void 0||(n=(0,Ox.handlePathParameterValidation)(e,t,r),n!==void 0)||(n=(0,Rx.handleHeadersValidation)(e,t,r),n!==void 0))return n;let i=await(0,Ax.handleBodyValidation)(e,t,r);return i!==void 0?i:t},"RequestValidationInboundPolicy");un.RequestValidationInboundPolicy=Cx;un.SchemaBasedRequestValidation=un.RequestValidationInboundPolicy});var OE=_(Gc=>{"use strict";Object.defineProperty(Gc,"__esModule",{value:!0});Gc.RequireOriginInboundPolicy=void 0;var xx=k(),Lx=de(),Dx=o(async(t,e,r,n)=>{if(r.origins===void 0||r.origins.length===0)throw new xx.ConfigurationError(`RequireOriginInboundPolicy '${n}' configuration error - no allowed origins specified`);let i=typeof r.origins=="string"?r.origins.split(","):r.origins;i=i.map(a=>a.trim());let s=t.headers.get("origin");if(!s||!i.includes(s)){let a=r.failureDetail??"Forbidden";return Lx.HttpProblems.forbidden(t,e,{detail:a})}return t},"RequireOriginInboundPolicy");Gc.RequireOriginInboundPolicy=Dx});var NE=_(Kc=>{"use strict";Object.defineProperty(Kc,"__esModule",{value:!0});Kc.SetBodyInboundPolicy=void 0;var Mx=Ke(),Ux=o(async(t,e,r)=>new Mx.ZuploRequest(t,{body:r.body}),"SetBodyInboundPolicy");Kc.SetBodyInboundPolicy=Ux});var xE=_(Jc=>{"use strict";Object.defineProperty(Jc,"__esModule",{value:!0});Jc.SetHeadersInboundPolicy=void 0;var CE=k(),kx=Ke(),Fx=o(async(t,e,r,n)=>{let i=r.headers;if(!i||!Array.isArray(i)||i.length==0)throw new CE.ConfigurationError(`SetHeadersInboundPolicy '${n}' options.headers must be a valid array of { name, value }`);let s=new Headers(t.headers);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new CE.ConfigurationError(`SetHeadersInboundPolicy '${n}' each option.headers[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.has(c.name)||u)&&s.set(c.name,c.value)}),new kx.ZuploRequest(t,{headers:s})},"SetHeadersInboundPolicy");Jc.SetHeadersInboundPolicy=Fx});var DE=_(zc=>{"use strict";Object.defineProperty(zc,"__esModule",{value:!0});zc.SetHeadersOutboundPolicy=void 0;var LE=k(),Hx=o(async(t,e,r,n,i)=>{let s=n.headers;if(!s||!Array.isArray(s)||s.length==0)throw new LE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' options.headers must be a valid array of { name, value }`);let a=new Headers(t.headers);return s.forEach(u=>{if(!u.name||u.name.length===0)throw new LE.ConfigurationError(`SetHeadersOutboundPolicy '${i}' each option.headers[] entry must have a name property`);let l=u.overwrite===void 0?!0:u.overwrite;(!a.has(u.name)||l)&&a.set(u.name,u.value)}),new Response(t.body,{headers:a,status:t.status,statusText:t.statusText})},"SetHeadersOutboundPolicy");zc.SetHeadersOutboundPolicy=Hx});var UE=_(Wc=>{"use strict";Object.defineProperty(Wc,"__esModule",{value:!0});Wc.SetQueryParamsInboundPolicy=void 0;var ME=k(),qx=Ke(),$x=o(async(t,e,r,n)=>{let i=r.params;if(!i||!Array.isArray(i)||i.length==0)throw new ME.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' options.params must be a valid array of { name, value }`);let s=new URL(t.url);return i.forEach(c=>{if(!c.name||c.name.length===0)throw new ME.ConfigurationError(`SetQueryParamsInboundPolicy '${n}' each option.params[] entry must have a name property`);let u=c.overwrite===void 0?!0:c.overwrite;(!s.searchParams.has(c.name)||u)&&s.searchParams.set(c.name,c.value)}),new qx.ZuploRequest(s.toString(),t)},"SetQueryParamsInboundPolicy");Wc.SetQueryParamsInboundPolicy=$x});var kE=_(Qc=>{"use strict";Object.defineProperty(Qc,"__esModule",{value:!0});Qc.SetStatusOutboundPolicy=void 0;var jx=o(async(t,e,r,n,i)=>{if(!n.status||isNaN(n.status)||n.status<100||n.status>599)throw new Error(`Invalid SetStatusOutboundPolicy '${i}' - status must be a valid number between 100 and 599, not '${n.status}'`);return new Response(t.body,{headers:t.headers,status:n.status,statusText:n.statusText??t.statusText})},"SetStatusOutboundPolicy");Qc.SetStatusOutboundPolicy=jx});var FE=_(Yc=>{"use strict";Object.defineProperty(Yc,"__esModule",{value:!0});Yc.SleepInboundPolicy=void 0;var Vx=k(),Bx=o(async t=>new Promise(r=>{setTimeout(r,t)}),"sleep"),Gx=o(async(t,e,r,n)=>{if(!r||r.sleepInMs===void 0||isNaN(r.sleepInMs))throw new Vx.ConfigurationError(`SleepInboundPolicy '${n} must have a valid options.sleepInMs value`);return await Bx(r.sleepInMs),t},"SleepInboundPolicy");Yc.SleepInboundPolicy=Gx});var qE=_(Zc=>{"use strict";Object.defineProperty(Zc,"__esModule",{value:!0});Zc.SupabaseJwtInboundPolicy=void 0;var HE=k(),Kx=de(),Jx=Ke(),zx=lt(),Wx=Xt(),Qx=o(async(t,e,r,n)=>{(0,zx.optionValidator)(r,n).required("secret","string").optional("allowUnauthenticatedRequests","boolean").optional("requiredClaims","object");let i={secret:r.secret,allowUnauthenticatedRequests:r.allowUnauthenticatedRequests??!1},s=await(0,Wx.OpenIdJwtInboundPolicy)(t,e,i,n);if(s instanceof Response)return s;if(!(s instanceof Jx.ZuploRequest))throw new HE.SystemError("Invalid State - SupabaseJwtInboundPolicy encountered a non-response that wasn't a ZuploRequest type')");let a=r.requiredClaims;if(!a)return s;let c=t.user?.data.app_metadata;if(!c)throw new HE.RuntimeError(`SupabaseJwtInboundPolicy policy '${n}' - has requiredClaims but the JWT token had no app_metadata property`);let u=Object.keys(a),l=[];return u.forEach(d=>{let p=a[d];Array.isArray(p)?p.includes(c[d])||l.push(d):p!==c[d]&&l.push(d)}),l.length>0?Kx.HttpProblems.unauthorized(t,e,{detail:`Invalid JWT token - missing valid claims ${l.join(", ")}`}):s},"SupabaseJwtInboundPolicy");Zc.SupabaseJwtInboundPolicy=Qx});var jE=_(Xc=>{"use strict";Object.defineProperty(Xc,"__esModule",{value:!0});Xc.UpstreamAzureAdServiceAuthInboundPolicy=void 0;var Yx=Zt(),Zx=Bt(),$E=k(),Xx=kn(),eL=lt(),tL=o(async(t,e,r,n)=>{(0,eL.optionValidator)(r,n).required("activeDirectoryTenantId","string").required("activeDirectoryClientId","string").required("activeDirectoryClientSecret","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number");let i=await(0,Yx.getPolicyCacheName)(n,r),s=new Zx.MemoryZoneReadThroughCache(i,e),a=await s.get(n);if(!a){let c=await rL(r,e);s.put(n,c.access_token,c.expires_in-(r.expirationOffsetSeconds??300)),a=c.access_token}return t.headers.set("Authorization",`Bearer ${a}`),t},"UpstreamAzureAdServiceAuthInboundPolicy");Xc.UpstreamAzureAdServiceAuthInboundPolicy=tL;async function rL(t,e){let r=new URLSearchParams({client_id:t.activeDirectoryClientId,scope:`${t.activeDirectoryClientId}/.default`,client_secret:t.activeDirectoryClientSecret,grant_type:"client_credentials"}),n=await(0,Xx.fetchRetry)({retries:t.tokenRetries??3,retryDelayMs:10},`https://login.microsoftonline.com/${t.activeDirectoryTenantId}/oauth2/v2.0/token`,{headers:{"content-type":"application/x-www-form-urlencoded"},method:"POST",body:r});if(n.status!==200){try{let s=await n.text();e.log.error("Could not get token from Azure AD",s)}catch{}throw new $E.RuntimeError("Could not get token from Azure AD")}let i=await n.json();if(i&&typeof i=="object"&&"access_token"in i&&typeof i.access_token=="string"&&"expires_in"in i&&typeof i.expires_in=="number")return{access_token:i.access_token,expires_in:i.expires_in};throw new $E.RuntimeError("Response returned from Azure AD is not in the expected format.")}o(rL,"getAccessToken")});var BE=_(eu=>{"use strict";Object.defineProperty(eu,"__esModule",{value:!0});eu.UpstreamFirebaseAdminAuthInboundPolicy=void 0;var nL=Zt(),iL=Bt(),oL=k(),Bf=Fn(),sL=lt(),VE="https://accounts.google.com/o/oauth2/token",Gf,aL=o(async(t,e,r,n)=>{(0,sL.optionValidator)(r,n).required("serviceAccountJson","string"),Gf||(Gf=await Bf.GcpServiceAccount.init(r.serviceAccountJson));let i={scope:["https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/firebase.database","https://www.googleapis.com/auth/firebase.messaging","https://www.googleapis.com/auth/identitytoolkit","https://www.googleapis.com/auth/userinfo.email"].join(" ")},s=await(0,nL.getPolicyCacheName)(n,r),a=new iL.MemoryZoneReadThroughCache(s,e),c=await a.get(n);if(!c){let u=await(0,Bf.getTokenFromGcpServiceAccount)({serviceAccount:Gf,audience:VE,payload:i}),l=await(0,Bf.exchangeGgpJwtForIdToken)(VE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(!l.access_token)throw new oL.RuntimeError("Invalid OAuth response from Firebase");c=l.access_token,a.put(n,c,(l.expires_in??3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamFirebaseAdminAuthInboundPolicy");eu.UpstreamFirebaseAdminAuthInboundPolicy=aL});var GE=_(tu=>{"use strict";Object.defineProperty(tu,"__esModule",{value:!0});tu.UpstreamFirebaseUserAuthInboundPolicy=void 0;var cL=Zt(),uL=Bt(),fi=k(),lL=If(),Kf=Fn(),dL=Jt(),pL=lt(),fL="https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",hL=["acr","amr","at_hash","aud","auth_time","azp","cnf","c_hash","exp","iat","iss","jti","nbf","nonce"],Jf,mL=o(async(t,e,r,n)=>{if((0,pL.optionValidator)(r,n).required("serviceAccountJson","string").required("webApiKey","string").optional("developerClaims","object").optional("userId","string").optional("userIdPropertyPath","string"),!r.userId&&!r.userIdPropertyPath)throw new fi.ConfigurationError(`Either 'userId' or 'userIdPropertyPath' options must be set on policy '${n}'.`);let i={};if(typeof r.developerClaims<"u"){for(let p in r.developerClaims)if(Object.prototype.hasOwnProperty.call(r.developerClaims,p)){if(hL.indexOf(p)!==-1)throw new fi.ConfigurationError(`Developer claim "${p}" is reserved and cannot be specified.`);i[p]=r.developerClaims[p]}}Jf||(Jf=await Kf.GcpServiceAccount.init(r.serviceAccountJson));let s=r.userId;if(!s&&!r.userIdPropertyPath){if(!t.user)throw new fi.RuntimeError("Unable to set userId for upstream auth policy as request.user is 'undefined'. Do you have an authentication policy before this policy?.");s=t.user?.sub}else if(r.userIdPropertyPath){if(!t.user)throw new fi.RuntimeError(`Unable to apply userIdPropertyPath '${r.userIdPropertyPath}' as request.user is 'undefined'. Do you have an authentication policy before this policy?`);s=(0,dL.getValueFromRequestUser)(t.user,r.userIdPropertyPath,"userIdPropertyPath")}if(!s)throw new fi.RuntimeError(`Unable to determine user from for the policy ${n}`);let a=await(0,cL.getPolicyCacheName)(n,r),c=new uL.MemoryZoneReadThroughCache(a,e),u={uid:s,claims:i},l=await(0,lL.sha256)(JSON.stringify(u)),d=await c.get(l);if(!d){let p=await(0,Kf.getTokenFromGcpServiceAccount)({serviceAccount:Jf,audience:fL,payload:u}),f=`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${r.webApiKey}`,h=await(0,Kf.exchangeFirebaseJwtForIdToken)(f,p,{retries:r.tokenRetries??3,retryDelayMs:10});if(!h.idToken)throw new fi.RuntimeError("Invalid token response from Firebase");d=h.idToken,c.put(l,d,(h.expiresIn?parseInt(h.expiresIn):3600)-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${d}`),t},"UpstreamFirebaseUserAuthInboundPolicy");tu.UpstreamFirebaseUserAuthInboundPolicy=mL});var JE=_(ru=>{"use strict";Object.defineProperty(ru,"__esModule",{value:!0});ru.UpstreamGcpJwtInboundPolicy=void 0;var KE=Fn(),yL=lt(),zf,gL=o(async(t,e,r,n)=>{(0,yL.optionValidator)(r,n).required("audience","string").required("serviceAccountJson","string"),zf||(zf=await KE.GcpServiceAccount.init(r.serviceAccountJson));let i=await(0,KE.getTokenFromGcpServiceAccount)({serviceAccount:zf,audience:r.audience});return t.headers.set("Authorization",`Bearer ${i}`),t},"UpstreamGcpJwtInboundPolicy");ru.UpstreamGcpJwtInboundPolicy=gL});var WE=_(nu=>{"use strict";Object.defineProperty(nu,"__esModule",{value:!0});nu.UpstreamGcpServiceAuthInboundPolicy=void 0;var bL=Zt(),_L=el(),EL=Bt(),fo=k(),Wf=Fn(),wL=Jt(),vL=lt(),zE="https://www.googleapis.com/oauth2/v4/token",Qf,TL=o(async(t,e,r,n)=>{(0,vL.optionValidator)(r,n).required("serviceAccountJson","string").optional("audience","string").optional("tokenRetries","number").optional("expirationOffsetSeconds","number"),Qf||(Qf=await Wf.GcpServiceAccount.init(r.serviceAccountJson));let i={};if(r.scopes&&r.audience)throw new fo.ConfigurationError("UpstreamGcpServiceAuthInboundPolicy - Either the 'scopes' or the 'audience' property can be set, not both.");if(r.scopes)try{let u=(0,wL.parseValueToStringArray)(r.scopes);i.scope=u.join(" ")}catch(u){throw u instanceof fo.ConfigurationError?new fo.ConfigurationError(`UpstreamGcpServiceAuthInboundPolicy - The property 'scopes' is invalid. ${u.message}`):u}r.audience&&(i.target_audience=`${r.audience}`);let s=await(0,bL.getPolicyCacheName)(n,r),a;r.useMemoryCacheOnly?a=new _L.MemoryCache(s):a=new EL.MemoryZoneReadThroughCache(s,e);let c=await a.get(n);if(!c){let u=await(0,Wf.getTokenFromGcpServiceAccount)({serviceAccount:Qf,audience:zE,payload:i}),l=await(0,Wf.exchangeGgpJwtForIdToken)(zE,u,{retries:r.tokenRetries??3,retryDelayMs:10});if(r.audience){if(!l.id_token)throw new fo.RuntimeError("Invalid token response from GCP");c=l.id_token}else{if(!l.access_token)throw new fo.RuntimeError("Invalid token response from GCP");c=l.access_token}a.put(n,c,3600-(r.expirationOffsetSeconds??300))}return t.headers.set("Authorization",`Bearer ${c}`),t},"UpstreamGcpServiceAuthInboundPolicy");nu.UpstreamGcpServiceAuthInboundPolicy=TL});var YE=_(iu=>{"use strict";Object.defineProperty(iu,"__esModule",{value:!0});iu.ValidateJsonSchemaInbound=void 0;var SL=k(),QE=de(),IL=o(async(t,e,r)=>{let n=t.clone(),i;try{i=await n.json()}catch{return QE.HttpProblems.badRequest(t,e,{detail:"Invalid JSON body - expected well-formed JSON document"})}if(r.validator(i))return t;let{errors:a}=r.validator;if(!a)throw new SL.SystemError("Invalid state - validator error object is undefined even though validation failed.");let c=a.map(u=>u.instancePath===void 0||u.instancePath===""?"Body "+u.message:u.instancePath.replace("/","")+" "+u.message);return QE.HttpProblems.badRequest(t,e,{detail:"Incoming body did not pass schema validation",errors:c})},"ValidateJsonSchemaInbound");iu.ValidateJsonSchemaInbound=IL});var ew=_((ZJ,XE)=>{"use strict";var PL=Object.defineProperty,AL=Object.getOwnPropertyNames,B=o((t,e)=>PL(t,"name",{value:e,configurable:!0}),"__name"),vt=o((t,e)=>o(function(){return e||(0,t[AL(t)[0]])((e={exports:{}}).exports,e),e.exports},"__require"),"__commonJS"),Yf=vt({"node_modules/fast-xml-parser/src/util.js"(t){"use strict";var e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",r=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",n="["+e+"]["+r+"]*",i=new RegExp("^"+n+"$"),s=B(function(c,u){let l=[],d=u.exec(c);for(;d;){let p=[];p.startIndex=u.lastIndex-d[0].length;let f=d.length;for(let h=0;h<f;h++)p.push(d[h]);l.push(p),d=u.exec(c)}return l},"getAllMatches"),a=B(function(c){let u=i.exec(c);return!(u===null||typeof u>"u")},"isName");t.isExist=function(c){return typeof c<"u"},t.isEmptyObject=function(c){return Object.keys(c).length===0},t.merge=function(c,u,l){if(u){let d=Object.keys(u),p=d.length;for(let f=0;f<p;f++)l==="strict"?c[d[f]]=[u[d[f]]]:c[d[f]]=u[d[f]]}},t.getValue=function(c){return t.isExist(c)?c:""},t.isName=a,t.getAllMatches=s,t.nameRegexp=n}}),ZE=vt({"node_modules/fast-xml-parser/src/validator.js"(t){"use strict";var e=Yf(),r={allowBooleanAttributes:!1,unpairedTags:[]};t.validate=function(g,v){v=Object.assign({},r,v);let O=[],V=!1,E=!1;g[0]==="\uFEFF"&&(g=g.substr(1));for(let T=0;T<g.length;T++)if(g[T]==="<"&&g[T+1]==="?"){if(T+=2,T=i(g,T),T.err)return T}else if(g[T]==="<"){let C=T;if(T++,g[T]==="!"){T=s(g,T);continue}else{let w=!1;g[T]==="/"&&(w=!0,T++);let P="";for(;T<g.length&&g[T]!==">"&&g[T]!==" "&&g[T]!==" "&&g[T]!==`
|
|
75
75
|
`&&g[T]!=="\r";T++)P+=g[T];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),T--),!b(P)){let j;return P.trim().length===0?j="Invalid space after '<'.":j="Tag '"+P+"' is an invalid name.",h("InvalidTag",j,I(g,T))}let L=u(g,T);if(L===!1)return h("InvalidAttr","Attributes for '"+P+"' have open quote.",I(g,T));let re=L.value;if(T=L.index,re[re.length-1]==="/"){let j=T-re.length;re=re.substring(0,re.length-1);let M=d(re,v);if(M===!0)V=!0;else return h(M.err.code,M.err.msg,I(g,j+M.err.line))}else if(w)if(L.tagClosed){if(re.trim().length>0)return h("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",I(g,C));{let j=O.pop();if(P!==j.tagName){let M=I(g,j.tagStartPos);return h("InvalidTag","Expected closing tag '"+j.tagName+"' (opened in line "+M.line+", col "+M.col+") instead of closing tag '"+P+"'.",I(g,C))}O.length==0&&(E=!0)}}else return h("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",I(g,T));else{let j=d(re,v);if(j!==!0)return h(j.err.code,j.err.msg,I(g,T-re.length+j.err.line));if(E===!0)return h("InvalidXml","Multiple possible root nodes found.",I(g,T));v.unpairedTags.indexOf(P)!==-1||O.push({tagName:P,tagStartPos:C}),V=!0}for(T++;T<g.length;T++)if(g[T]==="<")if(g[T+1]==="!"){T++,T=s(g,T);continue}else if(g[T+1]==="?"){if(T=i(g,++T),T.err)return T}else break;else if(g[T]==="&"){let j=f(g,T);if(j==-1)return h("InvalidChar","char '&' is not expected.",I(g,T));T=j}else if(E===!0&&!n(g[T]))return h("InvalidXml","Extra text at the end",I(g,T));g[T]==="<"&&T--}}else{if(n(g[T]))continue;return h("InvalidChar","char '"+g[T]+"' is not expected.",I(g,T))}if(V){if(O.length==1)return h("InvalidTag","Unclosed tag '"+O[0].tagName+"'.",I(g,O[0].tagStartPos));if(O.length>0)return h("InvalidXml","Invalid '"+JSON.stringify(O.map(T=>T.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1})}else return h("InvalidXml","Start tag expected.",1);return!0};function n(g){return g===" "||g===" "||g===`
|
|
76
76
|
`||g==="\r"}o(n,"isWhiteSpace"),B(n,"isWhiteSpace");function i(g,v){let O=v;for(;v<g.length;v++)if(g[v]=="?"||g[v]==" "){let V=g.substr(O,v-O);if(v>5&&V==="xml")return h("InvalidXml","XML declaration allowed only at the start of the document.",I(g,v));if(g[v]=="?"&&g[v+1]==">"){v++;break}else continue}return v}o(i,"readPI"),B(i,"readPI");function s(g,v){if(g.length>v+5&&g[v+1]==="-"&&g[v+2]==="-"){for(v+=3;v<g.length;v++)if(g[v]==="-"&&g[v+1]==="-"&&g[v+2]===">"){v+=2;break}}else if(g.length>v+8&&g[v+1]==="D"&&g[v+2]==="O"&&g[v+3]==="C"&&g[v+4]==="T"&&g[v+5]==="Y"&&g[v+6]==="P"&&g[v+7]==="E"){let O=1;for(v+=8;v<g.length;v++)if(g[v]==="<")O++;else if(g[v]===">"&&(O--,O===0))break}else if(g.length>v+9&&g[v+1]==="["&&g[v+2]==="C"&&g[v+3]==="D"&&g[v+4]==="A"&&g[v+5]==="T"&&g[v+6]==="A"&&g[v+7]==="["){for(v+=8;v<g.length;v++)if(g[v]==="]"&&g[v+1]==="]"&&g[v+2]===">"){v+=2;break}}return v}o(s,"readCommentAndCDATA"),B(s,"readCommentAndCDATA");var a='"',c="'";function u(g,v){let O="",V="",E=!1;for(;v<g.length;v++){if(g[v]===a||g[v]===c)V===""?V=g[v]:V!==g[v]||(V="");else if(g[v]===">"&&V===""){E=!0;break}O+=g[v]}return V!==""?!1:{value:O,index:v,tagClosed:E}}o(u,"readAttributeStr"),B(u,"readAttributeStr");var l=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function d(g,v){let O=e.getAllMatches(g,l),V={};for(let E=0;E<O.length;E++){if(O[E][1].length===0)return h("InvalidAttr","Attribute '"+O[E][2]+"' has no space in starting.",A(O[E]));if(O[E][3]!==void 0&&O[E][4]===void 0)return h("InvalidAttr","Attribute '"+O[E][2]+"' is without value.",A(O[E]));if(O[E][3]===void 0&&!v.allowBooleanAttributes)return h("InvalidAttr","boolean attribute '"+O[E][2]+"' is not allowed.",A(O[E]));let T=O[E][2];if(!y(T))return h("InvalidAttr","Attribute '"+T+"' is an invalid name.",A(O[E]));if(!V.hasOwnProperty(T))V[T]=1;else return h("InvalidAttr","Attribute '"+T+"' is repeated.",A(O[E]))}return!0}o(d,"validateAttributeString"),B(d,"validateAttributeString");function p(g,v){let O=/\d/;for(g[v]==="x"&&(v++,O=/[\da-fA-F]/);v<g.length;v++){if(g[v]===";")return v;if(!g[v].match(O))break}return-1}o(p,"validateNumberAmpersand"),B(p,"validateNumberAmpersand");function f(g,v){if(v++,g[v]===";")return-1;if(g[v]==="#")return v++,p(g,v);let O=0;for(;v<g.length;v++,O++)if(!(g[v].match(/\w/)&&O<20)){if(g[v]===";")break;return-1}return v}o(f,"validateAmpersand"),B(f,"validateAmpersand");function h(g,v,O){return{err:{code:g,msg:v,line:O.line||O,col:O.col}}}o(h,"getErrorObject"),B(h,"getErrorObject");function y(g){return e.isName(g)}o(y,"validateAttrName"),B(y,"validateAttrName");function b(g){return e.isName(g)}o(b,"validateTagName"),B(b,"validateTagName");function I(g,v){let O=g.substring(0,v).split(/\r?\n/);return{line:O.length,col:O[O.length-1].length+1}}o(I,"getLineNumberForPosition"),B(I,"getLineNumberForPosition");function A(g){return g.startIndex+g[1].length}o(A,"getPositionFromMatch"),B(A,"getPositionFromMatch")}}),RL=vt({"node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js"(t){var e={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(n,i){return i},attributeValueProcessor:function(n,i){return i},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(n,i,s){return n}},r=B(function(n){return Object.assign({},e,n)},"buildOptions");t.buildOptions=r,t.defaultOptions=e}}),OL=vt({"node_modules/fast-xml-parser/src/xmlparser/xmlNode.js"(t,e){"use strict";var r=class{static{o(this,"XmlNode")}static{B(this,"XmlNode")}constructor(n){this.tagname=n,this.child=[],this[":@"]={}}add(n,i){n==="__proto__"&&(n="#__proto__"),this.child.push({[n]:i})}addChild(n){n.tagname==="__proto__"&&(n.tagname="#__proto__"),n[":@"]&&Object.keys(n[":@"]).length>0?this.child.push({[n.tagname]:n.child,":@":n[":@"]}):this.child.push({[n.tagname]:n.child})}};e.exports=r}}),NL=vt({"node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js"(t,e){var r=Yf();function n(p,f){let h={};if(p[f+3]==="O"&&p[f+4]==="C"&&p[f+5]==="T"&&p[f+6]==="Y"&&p[f+7]==="P"&&p[f+8]==="E"){f=f+9;let y=1,b=!1,I=!1,A="";for(;f<p.length;f++)if(p[f]==="<"&&!I){if(b&&a(p,f))f+=7,[entityName,val,f]=i(p,f+1),val.indexOf("&")===-1&&(h[d(entityName)]={regx:RegExp(`&${entityName};`,"g"),val});else if(b&&c(p,f))f+=8;else if(b&&u(p,f))f+=8;else if(b&&l(p,f))f+=9;else if(s)I=!0;else throw new Error("Invalid DOCTYPE");y++,A=""}else if(p[f]===">"){if(I?p[f-1]==="-"&&p[f-2]==="-"&&(I=!1,y--):y--,y===0)break}else p[f]==="["?b=!0:A+=p[f];if(y!==0)throw new Error("Unclosed DOCTYPE")}else throw new Error("Invalid Tag instead of DOCTYPE");return{entities:h,i:f}}o(n,"readDocType"),B(n,"readDocType");function i(p,f){let h="";for(;f<p.length&&p[f]!=="'"&&p[f]!=='"';f++)h+=p[f];if(h=h.trim(),h.indexOf(" ")!==-1)throw new Error("External entites are not supported");let y=p[f++],b="";for(;f<p.length&&p[f]!==y;f++)b+=p[f];return[h,b,f]}o(i,"readEntityExp"),B(i,"readEntityExp");function s(p,f){return p[f+1]==="!"&&p[f+2]==="-"&&p[f+3]==="-"}o(s,"isComment"),B(s,"isComment");function a(p,f){return p[f+1]==="!"&&p[f+2]==="E"&&p[f+3]==="N"&&p[f+4]==="T"&&p[f+5]==="I"&&p[f+6]==="T"&&p[f+7]==="Y"}o(a,"isEntity"),B(a,"isEntity");function c(p,f){return p[f+1]==="!"&&p[f+2]==="E"&&p[f+3]==="L"&&p[f+4]==="E"&&p[f+5]==="M"&&p[f+6]==="E"&&p[f+7]==="N"&&p[f+8]==="T"}o(c,"isElement"),B(c,"isElement");function u(p,f){return p[f+1]==="!"&&p[f+2]==="A"&&p[f+3]==="T"&&p[f+4]==="T"&&p[f+5]==="L"&&p[f+6]==="I"&&p[f+7]==="S"&&p[f+8]==="T"}o(u,"isAttlist"),B(u,"isAttlist");function l(p,f){return p[f+1]==="!"&&p[f+2]==="N"&&p[f+3]==="O"&&p[f+4]==="T"&&p[f+5]==="A"&&p[f+6]==="T"&&p[f+7]==="I"&&p[f+8]==="O"&&p[f+9]==="N"}o(l,"isNotation"),B(l,"isNotation");function d(p){if(r.isName(p))return p;throw new Error(`Invalid entity name ${p}`)}o(d,"validateEntityName"),B(d,"validateEntityName"),e.exports=n}}),CL=vt({"../../node_modules/strnum/strnum.js"(t,e){var r=/^[-+]?0x[a-fA-F0-9]+$/,n=/^([\-\+])?(0*)(\.[0-9]+([eE]\-?[0-9]+)?|[0-9]+(\.[0-9]+([eE]\-?[0-9]+)?)?)$/;!Number.parseInt&&window.parseInt&&(Number.parseInt=window.parseInt),!Number.parseFloat&&window.parseFloat&&(Number.parseFloat=window.parseFloat);var i={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0};function s(c,u={}){if(u=Object.assign({},i,u),!c||typeof c!="string")return c;let l=c.trim();if(u.skipLike!==void 0&&u.skipLike.test(l))return c;if(u.hex&&r.test(l))return Number.parseInt(l,16);{let d=n.exec(l);if(d){let p=d[1],f=d[2],h=a(d[3]),y=d[4]||d[6];if(!u.leadingZeros&&f.length>0&&p&&l[2]!==".")return c;if(!u.leadingZeros&&f.length>0&&!p&&l[1]!==".")return c;{let b=Number(l),I=""+b;return I.search(/[eE]/)!==-1||y?u.eNotation?b:c:l.indexOf(".")!==-1?I==="0"&&h===""||I===h||p&&I==="-"+h?b:c:f?h===I||p+h===I?b:c:l===I||l===p+I?b:c}}else return c}}o(s,"toNumber"),B(s,"toNumber");function a(c){return c&&c.indexOf(".")!==-1&&(c=c.replace(/0+$/,""),c==="."?c="0":c[0]==="."?c="0"+c:c[c.length-1]==="."&&(c=c.substr(0,c.length-1))),c}o(a,"trimZeros"),B(a,"trimZeros"),e.exports=s}}),xL=vt({"node_modules/fast-xml-parser/src/xmlparser/OrderedObjParser.js"(t,e){"use strict";var r=Yf(),n=OL(),i=NL(),s=CL(),a=class{static{o(this,"OrderedObjParser")}static{B(this,"OrderedObjParser")}constructor(E){this.options=E,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"\xA2"},pound:{regex:/&(pound|#163);/g,val:"\xA3"},yen:{regex:/&(yen|#165);/g,val:"\xA5"},euro:{regex:/&(euro|#8364);/g,val:"\u20AC"},copyright:{regex:/&(copy|#169);/g,val:"\xA9"},reg:{regex:/&(reg|#174);/g,val:"\xAE"},inr:{regex:/&(inr|#8377);/g,val:"\u20B9"}},this.addExternalEntities=c,this.parseXml=f,this.parseTextData=u,this.resolveNameSpace=l,this.buildAttributesMap=p,this.isItStopNode=I,this.replaceEntitiesValue=y,this.readStopNodeData=O,this.saveTextToParentTag=b,this.addChild=h}};function c(E){let T=Object.keys(E);for(let C=0;C<T.length;C++){let w=T[C];this.lastEntities[w]={regex:new RegExp("&"+w+";","g"),val:E[w]}}}o(c,"addExternalEntities"),B(c,"addExternalEntities");function u(E,T,C,w,P,L,re){if(E!==void 0&&(this.options.trimValues&&!w&&(E=E.trim()),E.length>0)){re||(E=this.replaceEntitiesValue(E));let j=this.options.tagValueProcessor(T,E,C,P,L);return j==null?E:typeof j!=typeof E||j!==E?j:this.options.trimValues?V(E,this.options.parseTagValue,this.options.numberParseOptions):E.trim()===E?V(E,this.options.parseTagValue,this.options.numberParseOptions):E}}o(u,"parseTextData"),B(u,"parseTextData");function l(E){if(this.options.removeNSPrefix){let T=E.split(":"),C=E.charAt(0)==="/"?"/":"";if(T[0]==="xmlns")return"";T.length===2&&(E=C+T[1])}return E}o(l,"resolveNameSpace"),B(l,"resolveNameSpace");var d=new RegExp(`([^\\s=]+)\\s*(=\\s*(['"])([\\s\\S]*?)\\3)?`,"gm");function p(E,T,C){if(!this.options.ignoreAttributes&&typeof E=="string"){let w=r.getAllMatches(E,d),P=w.length,L={};for(let re=0;re<P;re++){let j=this.resolveNameSpace(w[re][1]),M=w[re][4],_e=this.options.attributeNamePrefix+j;if(j.length)if(this.options.transformAttributeName&&(_e=this.options.transformAttributeName(_e)),_e==="__proto__"&&(_e="#__proto__"),M!==void 0){this.options.trimValues&&(M=M.trim()),M=this.replaceEntitiesValue(M);let le=this.options.attributeValueProcessor(j,M,T);le==null?L[_e]=M:typeof le!=typeof M||le!==M?L[_e]=le:L[_e]=V(M,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(L[_e]=!0)}if(!Object.keys(L).length)return;if(this.options.attributesGroupName){let re={};return re[this.options.attributesGroupName]=L,re}return L}}o(p,"buildAttributesMap"),B(p,"buildAttributesMap");var f=B(function(E){E=E.replace(/\r\n?/g,`
|
|
77
77
|
`);let T=new n("!xml"),C=T,w="",P="";for(let L=0;L<E.length;L++)if(E[L]==="<")if(E[L+1]==="/"){let j=g(E,">",L,"Closing Tag is not closed."),M=E.substring(L+2,j).trim();if(this.options.removeNSPrefix){let yt=M.indexOf(":");yt!==-1&&(M=M.substr(yt+1))}this.options.transformTagName&&(M=this.options.transformTagName(M)),C&&(w=this.saveTextToParentTag(w,C,P));let _e=P.substring(P.lastIndexOf(".")+1);if(M&&this.options.unpairedTags.indexOf(M)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${M}>`);let le=0;_e&&this.options.unpairedTags.indexOf(_e)!==-1?(le=P.lastIndexOf(".",P.lastIndexOf(".")-1),this.tagsNodeStack.pop()):le=P.lastIndexOf("."),P=P.substring(0,le),C=this.tagsNodeStack.pop(),w="",L=j}else if(E[L+1]==="?"){let j=v(E,L,!1,"?>");if(!j)throw new Error("Pi Tag is not closed.");if(w=this.saveTextToParentTag(w,C,P),!(this.options.ignoreDeclaration&&j.tagName==="?xml"||this.options.ignorePiTags)){let M=new n(j.tagName);M.add(this.options.textNodeName,""),j.tagName!==j.tagExp&&j.attrExpPresent&&(M[":@"]=this.buildAttributesMap(j.tagExp,P,j.tagName)),this.addChild(C,M,P)}L=j.closeIndex+1}else if(E.substr(L+1,3)==="!--"){let j=g(E,"-->",L+4,"Comment is not closed.");if(this.options.commentPropName){let M=E.substring(L+4,j-2);w=this.saveTextToParentTag(w,C,P),C.add(this.options.commentPropName,[{[this.options.textNodeName]:M}])}L=j}else if(E.substr(L+1,2)==="!D"){let j=i(E,L);this.docTypeEntities=j.entities,L=j.i}else if(E.substr(L+1,2)==="!["){let j=g(E,"]]>",L,"CDATA is not closed.")-2,M=E.substring(L+9,j);w=this.saveTextToParentTag(w,C,P);let _e=this.parseTextData(M,C.tagname,P,!0,!1,!0,!0);_e==null&&(_e=""),this.options.cdataPropName?C.add(this.options.cdataPropName,[{[this.options.textNodeName]:M}]):C.add(this.options.textNodeName,_e),L=j+2}else{let j=v(E,L,this.options.removeNSPrefix),M=j.tagName,_e=j.rawTagName,le=j.tagExp,yt=j.attrExpPresent,xh=j.closeIndex;this.options.transformTagName&&(M=this.options.transformTagName(M)),C&&w&&C.tagname!=="!xml"&&(w=this.saveTextToParentTag(w,C,P,!1));let Lh=C;if(Lh&&this.options.unpairedTags.indexOf(Lh.tagname)!==-1&&(C=this.tagsNodeStack.pop(),P=P.substring(0,P.lastIndexOf("."))),M!==T.tagname&&(P+=P?"."+M:M),this.isItStopNode(this.options.stopNodes,P,M)){let st="";if(le.length>0&&le.lastIndexOf("/")===le.length-1)L=j.closeIndex;else if(this.options.unpairedTags.indexOf(M)!==-1)L=j.closeIndex;else{let Ju=this.readStopNodeData(E,_e,xh+1);if(!Ju)throw new Error(`Unexpected end of ${_e}`);L=Ju.i,st=Ju.tagContent}let Ku=new n(M);M!==le&&yt&&(Ku[":@"]=this.buildAttributesMap(le,P,M)),st&&(st=this.parseTextData(st,M,P,!0,yt,!0,!0)),P=P.substr(0,P.lastIndexOf(".")),Ku.add(this.options.textNodeName,st),this.addChild(C,Ku,P)}else{if(le.length>0&&le.lastIndexOf("/")===le.length-1){M[M.length-1]==="/"?(M=M.substr(0,M.length-1),P=P.substr(0,P.length-1),le=M):le=le.substr(0,le.length-1),this.options.transformTagName&&(M=this.options.transformTagName(M));let st=new n(M);M!==le&&yt&&(st[":@"]=this.buildAttributesMap(le,P,M)),this.addChild(C,st,P),P=P.substr(0,P.lastIndexOf("."))}else{let st=new n(M);this.tagsNodeStack.push(C),M!==le&&yt&&(st[":@"]=this.buildAttributesMap(le,P,M)),this.addChild(C,st,P),C=st}w="",L=xh}}else w+=E[L];return T.child},"parseXml");function h(E,T,C){let w=this.options.updateTag(T.tagname,C,T[":@"]);w===!1||(typeof w=="string"&&(T.tagname=w),E.addChild(T))}o(h,"addChild"),B(h,"addChild");var y=B(function(E){if(this.options.processEntities){for(let T in this.docTypeEntities){let C=this.docTypeEntities[T];E=E.replace(C.regx,C.val)}for(let T in this.lastEntities){let C=this.lastEntities[T];E=E.replace(C.regex,C.val)}if(this.options.htmlEntities)for(let T in this.htmlEntities){let C=this.htmlEntities[T];E=E.replace(C.regex,C.val)}E=E.replace(this.ampEntity.regex,this.ampEntity.val)}return E},"replaceEntitiesValue");function b(E,T,C,w){return E&&(w===void 0&&(w=Object.keys(T.child).length===0),E=this.parseTextData(E,T.tagname,C,!1,T[":@"]?Object.keys(T[":@"]).length!==0:!1,w),E!==void 0&&E!==""&&T.add(this.options.textNodeName,E),E=""),E}o(b,"saveTextToParentTag"),B(b,"saveTextToParentTag");function I(E,T,C){let w="*."+C;for(let P in E){let L=E[P];if(w===L||T===L)return!0}return!1}o(I,"isItStopNode"),B(I,"isItStopNode");function A(E,T,C=">"){let w,P="";for(let L=T;L<E.length;L++){let re=E[L];if(w)re===w&&(w="");else if(re==='"'||re==="'")w=re;else if(re===C[0])if(C[1]){if(E[L+1]===C[1])return{data:P,index:L}}else return{data:P,index:L};else re===" "&&(re=" ");P+=re}}o(A,"tagExpWithClosingIndex"),B(A,"tagExpWithClosingIndex");function g(E,T,C,w){let P=E.indexOf(T,C);if(P===-1)throw new Error(w);return P+T.length-1}o(g,"findClosingIndex"),B(g,"findClosingIndex");function v(E,T,C,w=">"){let P=A(E,T+1,w);if(!P)return;let L=P.data,re=P.index,j=L.search(/\s/),M=L,_e=!0;j!==-1&&(M=L.substring(0,j),L=L.substring(j+1).trimStart());let le=M;if(C){let yt=M.indexOf(":");yt!==-1&&(M=M.substr(yt+1),_e=M!==P.data.substr(yt+1))}return{tagName:M,tagExp:L,closeIndex:re,attrExpPresent:_e,rawTagName:le}}o(v,"readTagExp"),B(v,"readTagExp");function O(E,T,C){let w=C,P=1;for(;C<E.length;C++)if(E[C]==="<")if(E[C+1]==="/"){let L=g(E,">",C,`${T} is not closed`);if(E.substring(C+2,L).trim()===T&&(P--,P===0))return{tagContent:E.substring(w,C),i:L};C=L}else if(E[C+1]==="?")C=g(E,"?>",C+1,"StopNode is not closed.");else if(E.substr(C+1,3)==="!--")C=g(E,"-->",C+3,"StopNode is not closed.");else if(E.substr(C+1,2)==="![")C=g(E,"]]>",C,"StopNode is not closed.")-2;else{let L=v(E,C,">");L&&((L&&L.tagName)===T&&L.tagExp[L.tagExp.length-1]!=="/"&&P++,C=L.closeIndex)}}o(O,"readStopNodeData"),B(O,"readStopNodeData");function V(E,T,C){if(T&&typeof E=="string"){let w=E.trim();return w==="true"?!0:w==="false"?!1:s(E,C)}else return r.isExist(E)?E:""}o(V,"parseValue"),B(V,"parseValue"),e.exports=a}}),LL=vt({"node_modules/fast-xml-parser/src/xmlparser/node2json.js"(t){"use strict";function e(a,c){return r(a,c)}o(e,"prettify"),B(e,"prettify");function r(a,c,u){let l,d={};for(let p=0;p<a.length;p++){let f=a[p],h=n(f),y="";if(u===void 0?y=h:y=u+"."+h,h===c.textNodeName)l===void 0?l=f[h]:l+=""+f[h];else{if(h===void 0)continue;if(f[h]){let b=r(f[h],c,y),I=s(b,c);f[":@"]?i(b,f[":@"],y,c):Object.keys(b).length===1&&b[c.textNodeName]!==void 0&&!c.alwaysCreateTextNode?b=b[c.textNodeName]:Object.keys(b).length===0&&(c.alwaysCreateTextNode?b[c.textNodeName]="":b=""),d[h]!==void 0&&d.hasOwnProperty(h)?(Array.isArray(d[h])||(d[h]=[d[h]]),d[h].push(b)):c.isArray(h,y,I)?d[h]=[b]:d[h]=b}}}return typeof l=="string"?l.length>0&&(d[c.textNodeName]=l):l!==void 0&&(d[c.textNodeName]=l),d}o(r,"compress"),B(r,"compress");function n(a){let c=Object.keys(a);for(let u=0;u<c.length;u++){let l=c[u];if(l!==":@")return l}}o(n,"propName"),B(n,"propName");function i(a,c,u,l){if(c){let d=Object.keys(c),p=d.length;for(let f=0;f<p;f++){let h=d[f];l.isArray(h,u+"."+h,!0,!0)?a[h]=[c[h]]:a[h]=c[h]}}}o(i,"assignAttributes"),B(i,"assignAttributes");function s(a,c){let{textNodeName:u}=c,l=Object.keys(a).length;return!!(l===0||l===1&&(a[u]||typeof a[u]=="boolean"||a[u]===0))}o(s,"isLeafTag"),B(s,"isLeafTag"),t.prettify=e}}),DL=vt({"node_modules/fast-xml-parser/src/xmlparser/XMLParser.js"(t,e){var{buildOptions:r}=RL(),n=xL(),{prettify:i}=LL(),s=ZE(),a=class{static{o(this,"XMLParser2")}static{B(this,"XMLParser")}constructor(c){this.externalEntities={},this.options=r(c)}parse(c,u){if(typeof c!="string")if(c.toString)c=c.toString();else throw new Error("XML data is accepted in String or Bytes[] form.");if(u){u===!0&&(u={});let p=s.validate(c,u);if(p!==!0)throw Error(`${p.err.msg}:${p.err.line}:${p.err.col}`)}let l=new n(this.options);l.addExternalEntities(this.externalEntities);let d=l.parseXml(c);return this.options.preserveOrder||d===void 0?d:i(d,this.options)}addEntity(c,u){if(u.indexOf("&")!==-1)throw new Error("Entity value can't have '&'");if(c.indexOf("&")!==-1||c.indexOf(";")!==-1)throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '
'");if(u==="&")throw new Error("An entity with value '&' is not permitted");this.externalEntities[c]=u}};e.exports=a}}),ML=vt({"node_modules/fast-xml-parser/src/xmlbuilder/orderedJs2Xml.js"(t,e){var r=`
|